summaryrefslogtreecommitdiff
path: root/source4/ntvfs/cifs
AgeCommit message (Collapse)AuthorFilesLines
2007-10-10r11596: switched the libcli/raw/ code over to using the lib/stream/ genericAndrew Tridgell1-27/+0
packet parsing code. This simplifies the logic in the raw client library a fair bit (This used to be commit f8d43f1f67876360e1295d85a3c3702d1d60ed7b)
2007-10-10r11513: Add the ability to use the local machine account instead of a staticAndrew Bartlett1-4/+25
password or delegation. Add the ability to delegate for RPC pipes on the RPC proxy backend (the backend itself seems be having problems however). Andrew Bartlett (This used to be commit a7e946bc37e4acfbe2c483b4f1ead0341f9b3d19)
2007-10-10r11471: Describe how kerberos forwarding works with the ntvfs.Andrew Bartlett1-1/+25
Andrew Bartlett (This used to be commit 66d7a51394b26bf9e8737477af965d08d9efde6d)
2007-10-10r11452: Update Heimdal to current lorikeet, including removing the ccache sideAndrew Bartlett1-10/+18
of the gsskrb5_acquire_cred hack. Add support for delegated credentials into the auth and credentials subsystem, and specifically into gensec_gssapi. Add the CIFS NTVFS handler as a consumer of delegated credentials, when no user/domain/password is specified. Andrew Bartlett (This used to be commit 55b89899adb692d90e63873ccdf80b9f94a6b448)
2007-10-10r10878: Reply to some comments by tridge and metze:Volker Lendecke1-0/+1
* rename the composite helper functions from comp_* to composite_* * Move the lsa initialization to wb_connect_lsa.c * Equip smb_composite_connect with a fallback_to_anonymous The latter two simplify wb_init_domain.c quite a bit. Volker (This used to be commit deb127e04ea01ae93394da5ebffb39d81caeb6d9)
2007-10-10r10677: Add smb_composite_connectmulti: Send out multiple SYN packets at ↵Volker Lendecke1-1/+1
once, use the first one that replies correctly. Add a talloc context to smb_composite_connect() Volker (This used to be commit 6b88de182e40cb00a833c085f801fd47c92bbe94)
2007-10-10r10528: Add credentials.h back into includes.h as some compilers don'tJelmer Vernooij1-1/+0
seem to be able to handle incomplete enum types. (This used to be commit 540155fad3c8e3d79fb631bb3f14273f82130a73)
2007-10-10r10510: Decrease the amount of data included by includes.h a bitJelmer Vernooij1-0/+1
(This used to be commit 03647e1321cf6c9bd6ced3945265f635e9468973)
2007-10-10r10504: - seperate implementation specific stuff, from the generic compositeStefan Metzmacher1-0/+1
stuff. - don't use SMBCLI_REQUEST_* state's in the genreic composite stuff - move monitor_fn to libnet. NOTE: I have maybe found some bugs, in code that is dirrectly in DONE or ERROR state in the _send() function. I haven't fixed this bugs in this commit! We may need some composite_trigger_*() functions or so. And maybe some other generic helper functions... metze (This used to be commit 4527815a0a9b96e460f301cb1f0c0b3964c166fc)
2007-10-10r7931: fixed a bug in the cifs backend found with the new test codeAndrew Tridgell1-1/+12
(This used to be commit 447d5fcc1bdbdeaf2d96dbcace36b480b5a18c73)
2007-10-10r6028: A MAJOR update to intergrate the new credentails system fully withAndrew Bartlett1-4/+10
GENSEC, and to pull SCHANNEL into GENSEC, by making it less 'special'. GENSEC now no longer has it's own handling of 'set username' etc, instead it uses cli_credentials calls. In order to link the credentails code right though Samba, a lot of interfaces have changed to remove 'username, domain, password' arguments, and these have been replaced with a single 'struct cli_credentials'. In the session setup code, a new parameter 'workgroup' contains the client/server current workgroup, which seems unrelated to the authentication exchange (it was being filled in from the auth info). This allows in particular kerberos to only call back for passwords when it actually needs to perform the kinit. The kerberos code has been modified not to use the SPNEGO provided 'principal name' (in the mechListMIC), but to instead use the name the host was connected to as. This better matches Microsoft behaviour, is more secure and allows better use of standard kerberos functions. To achieve this, I made changes to our socket code so that the hostname (before name resolution) is now recorded on the socket. In schannel, most of the code from librpc/rpc/dcerpc_schannel.c is now in libcli/auth/schannel.c, and it looks much more like a standard GENSEC module. The actual sign/seal code moved to libcli/auth/schannel_sign.c in a previous commit. The schannel credentails structure is now merged with the rest of the credentails, as many of the values (username, workstation, domain) where already present there. This makes handling this in a generic manner much easier, as there is no longer a custom entry-point. The auth_domain module continues to be developed, but is now just as functional as auth_winbind. The changes here are consequential to the schannel changes. The only removed function at this point is the RPC-LOGIN test (simulating the load of a WinXP login), which needs much more work to clean it up (it contains copies of too much code from all over the torture suite, and I havn't been able to penetrate its 'structure'). Andrew Bartlett (This used to be commit 2301a4b38a21aa60917973451687063d83d18d66)
2007-10-10r5197: moved events code to lib/events/ (suggestion from metze)Andrew Tridgell1-1/+1
(This used to be commit 7f54c8a339f36aa43c9340be70ab7f0067593ef2)
2007-10-10r5195: most events don't need the time of the event, so save a ↵Andrew Tridgell1-1/+1
gettimeofday() call and just use timeval_current() when its actually needed (This used to be commit 236403cc4dc2924ed6a898acae0bb44cc1688dcc)
2007-10-10r5185: make all the events data structures private to events.c. This willAndrew Tridgell1-8/+15
make it possible to add optimisations to the events code such as keeping the next timed event in a sorted list, and using epoll for file descriptor events. I also removed the loop events code, as it wasn't being used anywhere, and changed timed events to always be one-shot (as adding a new timed event in the event handler is so easy to do if needed) (This used to be commit d7b4b6de51342a65bf46fce772d313f92f8d73d3)
2007-10-10r5126: the composite code is no longer client specific or smb specific, soAndrew Tridgell1-1/+1
rename the core structure to composite_context and the wait routine to composite_wait() (suggestion from metze) (This used to be commit cf11d05e35179c2c3e51c5ab370cd0a3fb15f24a)
2007-10-10r5102: This is a major simplification of the logic for controlling top levelAndrew Tridgell1-17/+1
servers in smbd. The old code still contained a fairly bit of legacy from the time when smbd was only handling SMB connection. The new code gets rid of all of the smb_server specific code in smbd/, and creates a much simpler infrastructures for new server code. Major changes include: - simplified the process model code a lot. - got rid of the top level server and service structures completely. The top level context is now the event_context. This got rid of service.h and server.h completely (they were the most confusing parts of the old code) - added service_stream.[ch] for the helper functions that are specific to stream type services (services that handle streams, and use a logically separate process per connection) - got rid of the builtin idle_handler code in the service logic, as none of the servers were using it, and it can easily be handled by a server in future by adding its own timed_event to the event context. - fixed some major memory leaks in the rpc server code. - added registration of servers, rather than hard coding our list of possible servers. This allows for servers as modules in the future. - temporarily disabled the winbind code until I add the helper functions for that type of server - added error checking on service startup. If a configured server fails to startup then smbd doesn't startup. - cleaned up the command line handling in smbd, removing unused options (This used to be commit cf6a46c3cbde7b1eb1b86bd3882b953a2de3a42e)
2007-10-10r5037: got rid of all of the TALLOC_DEPRECATED stuff. My apologies for theAndrew Tridgell1-1/+1
large commit. I thought this was worthwhile to get done for consistency. (This used to be commit ec32b22ed5ec224f6324f5e069d15e92e38e15c0)
2007-10-10r4942: converted the cifs backend to not use event_context_merge(). Instead,Andrew Tridgell1-16/+21
is supplies the server event context during the connect. (This used to be commit 133e67bb1fa661b0e0d340091be4160f9af04fe3)
2007-10-10r4757: added the ability of the clisocket level of libcli to handle asyncAndrew Tridgell1-5/+5
socket connections. This was complicated by a few factors: - it meant moving the event context from clitransport to clisocket, so lots of structures changed - we need to asynchronously handle connection to lists of port numbers, not just one port number. The code internally tries each port in the list in turn, without ever blocking - the man page on how connect() is supposed to work asynchronously doesn't work in practice (now why doesn't this surprise me?). The getsockopt() for SOL_ERROR is supposed to retrieve the error, but in fact the next (unrelated) connect() call on the same socket also gets an error, though not the right error. To work around this I need to tear down the whole socket between each attempted port. I hate posix. Note that clisocket.c still does a blocking name resolution call in smbcli_sock_connect_byname(). That will be fixed when we add the async NBT resolution code. Also note that I arranged things so that every SMB connection is now async internally, so using plain smbclient or smbtorture tests all the async features of this new code. (This used to be commit 468f8ebbfdbdf37c757fdc4863626aa9946a8870)
2007-10-10r4726: - use the name tcon and tid instead of conn and cnumStefan Metzmacher1-1/+1
- make use of talloc destructors metze (This used to be commit 8308da6ce4a95f8c10e22949ef00e9e64f2dbb85)
2007-10-10r4055: fixed more places to use type safe allocation macrosAndrew Tridgell1-1/+1
(This used to be commit eec698254f67365f27b4b7569fa982e22472aca1)
2007-10-10r3737: - Get rid of the register_subsystem() and register_backend() functions.Jelmer Vernooij1-1/+1
- Re-disable tdbtool (it was building fine on my Debian box but other machines were having problems) (This used to be commit 0d7bb2c40b7a9ed59df3f8944133ea562697e814)
2007-10-10r3528: added support for the SMBntcancel() operation, which cancels anyAndrew Tridgell1-0/+10
outstanding async operation (triggering an immediate timeout). pvfs now passes the RAW-MUX test (This used to be commit 3423e2f41461d054067ef168b9b986f62cc8f77c)
2007-10-10r3507: - added deferred replies on sharing violation in pvfs open. TheAndrew Tridgell1-2/+3
deferred reply is short-circuited immediately when the file is closed by another user, allowing it to be opened by the waiting user. - added a sane set of timeval manipulation routines - converted all the events code and code that uses it to use struct timeval instead of time_t, which allows for microsecond resolution instead of 1 second resolution. This was needed for doing the pvfs deferred open code, and is why the patch is so big. (This used to be commit 0d51511d408d91eb5f68a35e980e0875299b1831)
2007-10-10r3481: split out client.h and events.hAndrew Tridgell1-0/+1
(This used to be commit c6f486574470a311e0d336c026103f131451e21e)
2007-10-10r3466: split out request.h, signing.h, and smb_server.hAndrew Tridgell1-0/+1
(This used to be commit 7c4e6ebf05790dd6e29896dd316db0fff613aa4e)
2007-10-10r3461: another place where "open" was used as a structure elementAndrew Tridgell1-1/+1
(This used to be commit 1087ea830e7aead86d54a1836512e88554afc919)
2007-10-10r3419: moved the libcli/raw structures into libcli/raw/libcliraw.hAndrew Tridgell1-0/+1
and made them private (This used to be commit 386ac565c452ede1d74e06acb401ca9db99d3ff3)
2007-10-10r3336: use a struct ntvfs_async_state to be able to do async chaning of ↵Stefan Metzmacher1-39/+39
ntvfs modules the idea is that a passthru module can use ntvfs_async_state_push() before calling ntvfs_next_*() and in the _send function it calls ntvfs_async_state_pop() and then call the upper layer send_fn itself - ntvfs_nbench is now fully async - the ntvfs_map_*() functions and the trans(2) mapping functions are not converted yet metze (This used to be commit fde64c0dc142b53d128c8ba09af048dc58d8ef3a)
2007-10-10r3106: don't call a tree disconnect in the cifs backend, as during a smbdAndrew Tridgell1-2/+1
server shutdown we don't want a synchronous operation which may block to be called, thus delaying the shutdown. (This used to be commit 5882f7305fa850c39088e85eefd311c8ede15597)
2007-10-10r3086: fixed smbpid handling in the cifs backendAndrew Tridgell1-2/+50
(This used to be commit fbc6949e95df6ea70ca9892099efb537ded97287)
2007-10-10r3082: added a "cifs:mapgeneric" option, which tells the cifs backend to useAndrew Tridgell1-5/+50
the ntvfs_generic mapping functions rather than sending the exact function asked for. This allows the generic mapping functions to be tested by comparing the behaviour of smbtorture against two cifs backend shares, one using "cifs:mapgeneric = true" and the other "cifs:mapgeneric = False" (This used to be commit c240c6bca5e10f1acbff45b0ed41c4c1ebcaae96)
2007-10-10r3081: several updates to ntvfs and server side async request handling inAndrew Tridgell1-18/+18
preparation for the full share modes and ntcreatex code that I am working on. highlights include: - changed the way a backend determines if it is allowed to process a request asynchronously. The previous method of looking at the send_fn caused problems when an intermediate ntvfs module disabled it, and the caller then wanted to finished processing using this function. The new method is a REQ_CONTROL_MAY_ASYNC flag in req->control_flags, which is also a bit easier to read - fixed 2 bugs in the readbraw server code. One related to trying to answer a readbraw with smb signing (which can't work, and crashed our signing code), the second related to error handling, which attempted to send a normal SMB error packet, when readbraw must send a 0 read reply (as it has no header) - added several more ntvfs_generic.c generic mapping functions. This means that backends no longer need to implement such esoteric functions as SMBwriteunlock() if they don't want to. The backend can just request the mapping layer turn it into a write followed by an unlock. This makes the backends considerably simpler as they only need to implement one style of each function for lock, read, write, open etc, rather than the full host of functions that SMB provides. A backend can still choose to implement them individually, of course, and the CIFS backend does that. - simplified the generic structures to make them identical to the principal call for several common SMB calls (such as RAW_WRITE_GENERIC now being an alias for RAW_WRITE_WRITEX). - started rewriting the pvfs_open() code in preparation for the full ntcreatex semantics. - in pvfs_open and ipc_open, initially allocate the open file structure as a child of the request, so on error we don't need to clean up. Then when we are going to succeed the open steal the pointer into the long term backend context. This makes for much simpler error handling (and fixes some bugs) - use a destructor in the ipc backend to make sure that everthing is cleaned up on receive error conditions. - switched the ipc backend to using idtree for fnum allocation - in the ntvfs_generic mapping routines, use a allocated secondary structure not a stack structure to ensure the request pointer remains valid even if the backend replies async. (This used to be commit 3457c1836c09c82956697eb21627dfa2ed37682e)
2007-10-10r3039: This solves the problem of async handlers in ntvfs backends not beingAndrew Tridgell1-0/+11
in the right state when called. For example, when we use the unixuid handler in the chain of handlers, and a backend decides to continue a call asynchronously then we need to ensure that the continuation happens with the right security context. The solution is to add a new ntvfs operation ntvfs_async_setup(), which calls all the way down through the layers, setting up anything that is required, and takes a private pointer. The backend wanting to make a async calls can use ntvfs_async_setup() to ensure that the modules above it are called when doing async processing. (This used to be commit a256e71029727fa1659ade6257085df537308c7d)
2007-10-10r3017: nicer memory handling for event_context_merge()Andrew Tridgell1-2/+2
(This used to be commit 1cef44505e5de9b8ae5206522b624082ad2343b2)
2007-10-10r2751: this is a new ntvfs design which tries to solve:Stefan Metzmacher1-55/+84
- the stacking of modules - finding the modules private data - hide the ntvfs details from the calling layer - I set NTVFS_INTERFACE_VERSION 0 till we are closer to release (because we need to solve some async problems with the module stacking) metze (This used to be commit 3ff03b5cb21bb79afdd3b1609be9635f6688a539)
2007-10-10r2710: continue with the new style of providing a parent context wheneverAndrew Tridgell1-7/+8
possible to a structure creation routine. This makes for much easier global cleanup. (This used to be commit e14ee428ec357fab76a960387a9820a673786e27)
2007-10-10r2660: - converted the libcli/raw/ library to use talloc_increase_ref_count()Andrew Tridgell1-3/+22
rather than manual reference counts - properly support SMBexit in the cifs and posix backends - added a logoff method to all backends With these changes the RAW-CONTEXT test now passes against the posix backend (This used to be commit c315d6ac1cc40546fde1474702a6d66d07ee13c8)
2007-10-10r2561: completely redid the ntvfs module chaining code, You can now do ↵Andrew Tridgell1-50/+29
something like: ntvfs handler = nbench posix and the nbench pass-thru module will be called before the posix module. The chaining logic is now much saner, and less racy, with each level in the chain getting its own private pointer rather than relying on save/restore logic in the pass-thru module. The only pass-thru module we have at the moment is the nbench one (which records all traffic in a nbench compatibe format), but I plan on soon writing a "unixuid" pass-thru module that will implement the setegid()/setgroups()/seteuid() logic for standard posix uid handling. This separation of the posix backend from the uid handling should simplify the code, and make development easier. I also modified the nbench module so it can do multiple chaining, so if you want to you can do: ntvfs module = nbench nbench posix and it will save 2 copies of the log file in /tmp. This is really only useful for testing at the moment until we have more than one pass-thru module. (This used to be commit f84c0af35cb54c8fdc4933afefc18fa4c062aae4)
2007-10-10r2447: let the server code use the new lib/socket/ stuffStefan Metzmacher1-1/+3
metze (This used to be commit 2fd577d2417e117a7e8c1a56feb147eae805df34)
2007-10-10r2326: remove definition and usage of struct socket_contextStefan Metzmacher1-1/+1
metze (This used to be commit 1854907da8d577db41de9aa14573d5c8c0092f47)
2007-10-10r2319: let event_merge_contexts() return a pointer to the final contextStefan Metzmacher1-4/+2
metze (This used to be commit 71aa5eeea73ea42e04ae224914b6815d72c1690a)
2007-10-10r2249: got rid of some more mem_ctx elements in structuresAndrew Tridgell1-21/+21
(This used to be commit 21ef338cbbe96acc8594ffc550ef60c6a40fb951)
2007-10-10r1654: rename cli_ -> smbcli_Stefan Metzmacher1-36/+36
rename CLI_ -> SMBCLI_ metze (This used to be commit 8441750fd9427dd6fe477f27e603821b4026f038)
2007-10-10r1578: the first stage of the async client rewrite.Andrew Tridgell1-16/+13
Up to now the client code has had an async API, and operated asynchronously at the packet level, but was not truly async in that it assumed that it could always write to the socket and when a partial packet came in that it could block waiting for the rest of the packet. This change makes the SMB client library full async, by adding a separate outgoing packet queue, using non-blocking socket IO and having a input buffer that can fill asynchonously until the full packet has arrived. The main complexity was in dealing with the events structure when using the CIFS proxy backend. In that case the same events structure needs to be used in both the client library and the main smbd server, so that when the client library is waiting for a reply that the main server keeps processing packets. This required some changes in the events library code. Next step is to make the generated rpc client code use these new capabilities. (This used to be commit 96bf4da3edc4d64b0f58ef520269f3b385b8da02)
2007-10-10r1486: commit the start of the generic server infastructureStefan Metzmacher1-3/+3
the idea is to have services as modules (smb, dcerpc, swat, ...) the process_model don't know about the service it self anymore. TODO: - the smbsrv should use the smbsrv_send function - the service subsystem init should be done like for other modules - we need to have a generic socket subsystem, which handle stream, datagram, and virtuell other sockets( e.g. for the ntvfs_ipc module to connect to the dcerpc server , or for smb or dcerpc or whatever to connect to a server wide auth service) - and other fixes... NOTE: process model pthread seems to be broken( but also before this patch!) metze (This used to be commit bbe5e00715ca4013ff0dbc345aa97adc6b5c2458)
2007-10-10r1291: rename struct smbsrv_context to smbsrv_connectionStefan Metzmacher1-4/+4
because this is the connection state per transport layer (tcp) connection I also moved the substructs directly into smbsrv_connection, because they don't need a struct name and we should allway pass the complete smbsrv_connection struct into functions metze (This used to be commit 60f823f201fcedf5473008e8453a6351e73a92c7)
2007-10-10r1280: rename struct request_context to smbsrv_requestStefan Metzmacher1-38/+38
metze (This used to be commit a85d2db5826a84b812ea5162a11f54edd25f74e3)
2007-10-10r1279: rename struct tcon_context to smbsrv_tconStefan Metzmacher1-45/+45
metze (This used to be commit 99473fab4b1ff87a795f3c08f4c521d9beb504c0)
2007-10-10r1277: rename struct server_context to smbsrv_ontextStefan Metzmacher1-4/+4
because I need server_context fot the generic server infastructure metze (This used to be commit 0712f9f30797e65362c99423c0cf158a2f539000)