Age | Commit message (Collapse) | Author | Files | Lines |
|
NETLOGON.
Andrew Bartlett
(This used to be commit e9837d49bc8d784b365c0a7470ebfbd6f396464d)
|
|
Andrew Bartlett
(This used to be commit 2beb694226429319ff3799adbd7be50af99df02c)
|
|
cross-reference instead.
Andrew Bartlett
(This used to be commit 0f7b1136f6e0779f28f2132a8606dd64be20c42e)
|
|
as a netbios name.
Andrew Bartlett
(This used to be commit 242db48b98a04eed46bb35946dcd68b579bffe00)
|
|
assumptions about the behaviour of "name" as a NETBIOS domain name.
Andrew Bartlett
(This used to be commit ba5fe07b97a99c34256f849dfbdd9a307a7d238d)
|
|
every password set.
Andrew Bartlett
(This used to be commit 71958cb19f8a2289e97f29018bb252a7d4540258)
|
|
netbios domain name of the host, as well as the sid from the cache we
fetched earlier.
Andrew Bartlett
(This used to be commit c847ca2cc8244a7ce4180d17397723a486bbecc8)
|
|
(This used to be commit 8d9c18a1b4cf31ebae1d0c84b00b4d781f55de66)
|
|
(This used to be commit fac77f5fa267da57a55e88cad8993897e80741a0)
|
|
templating support for foreignSecurityPrincipals to the samdb module.
This is an extension beyond what microsoft does, and has been very
useful :-)
The setup scripts have been modified to use the new template, as has
the SAMR and LSA code.
Other cleanups in LSA remove the assumption that the short domain name
is the first component of the realm.
Also add a lot of useful debug messages, to make it clear how/why the
SamSync may have gone wrong. Many of these should perhaps be hooked
into an error string.
Andrew Bartlett
(This used to be commit 1f071b0609c5c83024db1d4a7d04334a932b8253)
|
|
user_info strcture in auth/
This moves it to a pattern much like that found in ntvfs, with
functions to migrate between PAIN, HASH and RESPONSE passwords.
Instead of make_user_info*() functions, we simply fill in the control
block in the callers, per recent dicussions on the lists. This
removed a lot of data copies as well as error paths, as we can grab
much of it with talloc.
Andrew Bartlett
(This used to be commit ecbd2235a3e2be937440fa1dc0aecc5a047eda88)
|
|
this code also does string SIDs, but I'm not quite sure where that
fits in.
Andrew Bartlett
(This used to be commit 968bcc4fe8142319ca0a2ac9e3a895b5436b4552)
|
|
(This used to be commit bc9d9531f54d9dac3bb48e0704c6bff524dae465)
|
|
S390. This is an attempt to avoid the panic we're seeing in the
automatic builds.
The main fixes are:
- assumptions that sizeof(size_t) == sizeof(int), mostly in printf formats
- use of NULL format statements to perform dn searches.
- assumption that sizeof() returns an int
(This used to be commit a58ea6b3854973b694d2b1e22323ed7eb00e3a3f)
|
|
metze
(This used to be commit b9ee5818808f2e0cd38c0c5d2ef15cba22d4edbe)
|
|
metze
(This used to be commit b920b306b3813ba4a220249dbd7e443605074c9b)
|
|
metze
(This used to be commit 206f33778e8ff88b5eea493ead31342cc4405a22)
|
|
metze
(This used to be commit e601042c07d7b6eed0dc34e5b136d9266b8a0f81)
|
|
domain
and NULL for the trusted domains forest dns name
metze
(This used to be commit 225fc1b8658f01217b55e2d1c6d5814ee5022559)
|
|
gensec failure to start.
Andrew Bartlett
(This used to be commit bc8f8d2dcfbcf06bb9c49981bc3811b252a4b9b0)
|
|
metze
(This used to be commit dad0371a9fea0de080650cb081beafdaa773ceda)
|
|
metze
(This used to be commit 81abbdaeb180a1618e34ab56275f6eeacfcc99ce)
|
|
- test AddForm on the PrintServer object
- GetForm() isn't allowed on the PrintServer object so remove NTPTR
function for it
- accept the dns name as servername in the spoolss server
metze
(This used to be commit d8c308a4653d59514915021607fe55c5f2b38749)
|
|
metze
(This used to be commit 66d6b1d5783cba98f2f8e1c8eed1bdc26a5bad4f)
|
|
that will allow the write_fn callback of dcesrv_output()
to reference the memory with a valid TALLOC pointer
metze
(This used to be commit d0574d407f426f5c001e943dee5c03d24f4fb21c)
|
|
and not for the ipc_read() replies as here the client explicit says how much data it wants
the write_fn() in dcesrv_output() now returns NTSTATUS
and the ipc specific implementations are moved to the ntvfs_ipc module
metze
(This used to be commit fe483dcd874b7243d61e9623840c672b4ea06b2c)
|
|
requests. This is a simple change to accept that, as long as the first
one is NDR.
(This used to be commit 330293ddff39266abb688c6292e59472ff47aebe)
|
|
We now generate the PAC, and can verifiy both our own PAC and the PAC
from Win2k3.
This commit adds the PAC generation code, spits out the code to get
the information we need from the NETLOGON server back into a auth/
helper function, and adds a number of glue functions.
In the process of building the PAC generation code, some hints in the
Microsoft PAC specification shed light on other parts of the code, and
the updates to samr.idl and netlogon.idl come from those hints.
Also in this commit:
The Heimdal build package has been split up, so as to only link the
KDC with smbd, not the client utils.
To enable the PAC to be veified with gensec_krb5 (which isn't quite
dead yet), the keyblock has been passed back to the calling layer.
Andrew Bartlett
(This used to be commit e2015671c2f7501f832ff402873ffe6e53b89466)
|
|
(This used to be commit 3c7b5de67294ef161289af7da6716b44ffc5d526)
|
|
structure in ndr_push_*() and ndr_print_*(). The push and print
functions really should not modify the structure.
metze, to make this work I had to change your spoolss hand
marshaller. Can you please check it is OK? I think that the IN and OUT
sides of that function are not ever called on the same structure, so I
think that attempt at remembering the value by assigning to
r->in._offered was not doing anything anyway, but please correct me if
I have misunderstood it.
If you really do need to remember something on those structures I'd
suggest the ndr_token_store() and ndr_token_retrieve() functions,
which are used by pidl for just this sort of thing.
(This used to be commit eee528be97fa43ca53bdc5652b4d29a0a2caf563)
|
|
quite a large change as we had lots of code that assumed that
objectSid was a string in S- format.
metze and simo tried to convince me to use NDR format months ago, but
I didn't listen, so its fair that I have the pain of fixing all the
code now :-)
This builds on the ldb_register_samba_handlers() and ldif handlers
code I did earlier this week. There are still three parts of this
conversion I have not finished:
- the ltdb index records need to use the string form of the objectSid
(to keep the DNs sane). Until that it done I have disabled indexing on
objectSid, which is a big performance hit, but allows us to pass
all our tests while I rejig the indexing system to use a externally
supplied conversion function
- I haven't yet put in place the code that allows client to use the
"S-xxx-yyy" form for objectSid in ldap search expressions. w2k3
supports this, presumably by looking for the "S-" prefix to
determine what type of objectSid form is being used by the client. I
have been working on ways to handle this, but am not happy with
them yet so they aren't part of this patch
- I need to change pidl to generate push functions that take a
"const void *" instead of a "void*" for the data pointer. That will
fix the couple of new warnings this code generates.
Luckily it many places the conversion to NDR formatted records
actually simplified the code, as it means we no longer need as many
calls to dom_sid_parse_talloc(). In some places it got more complex,
but not many.
(This used to be commit d40bc2fa8ddd43560315688eebdbe98bdd02756c)
|
|
Steven Edwards <steven_ed4153@yahoo.com>.
I've moved the Win32-specific tests to win32.m4 so it does not
make any of the POSIX configure stuff more complicated.
(This used to be commit bf85fdd01552f75b745fdf3159a7a87cd6521ed2)
|
|
(This used to be commit a2d60dd878671d7ec4dbe631e8138d2279a2c6a4)
|
|
servers as I added to the smb server yesterday. This means rpc server
code can assume it runs serially unless it explicitly sets the async
flag on the request and returns
(This used to be commit 8546adb56aa4dda608a176409c243b074aeca77d)
|
|
password was entered. We would not use the results of the search in
any case.
Andrew Bartlett
(This used to be commit edeb908acaaaaab13bef4d2e3fae18d87c07af81)
|
|
(This used to be commit 1462da3b6d190eecfb82268e6f2f04a42d8d5298)
|
|
struct
- fix some typos in EnumPrintServerForms()/GetPrintServerForms()
- add AddPrintServerForms()/SetPrintServerForms() and DeletePrintServerForms
metze
(This used to be commit 73906388421beebb34f2a00c9e0d1fc8b400a42a)
|
|
- this is an abstraction layer for print services,
like out NTVFS subsystem for file services
- all protocol specific details are still in rpc_server/spoolss/
- like the stupid in and out Buffer handling
- checking of the r->in.server_name
- ...
- this subsystem can have multiple implementation
selected by the "ntptr providor" global-section parameter
- I currently added a "simple_ldb" backend,
that stores Printers, Forms, Ports, Monitors, ...
in the spoolss.db, and does no real printing
this backend is basicly for testing, how the spoolss protocol
works
- the interface is just a prototype and will be changed a bit
the next days or weeks, till the simple_ldb backend can
handle all calls that are used by normal w2k3/xp clients
- I'll also make the api async, as the ntvfs api
this will make things like the RemoteFindFirstPrinterChangeNotifyEx(),
that opens a connection back to the client, easier to implement,
as we should not block the whole smbd for that
- the idea is to later implement a "unix" backend
that works like the current samba3 code
- and maybe some embedded print server vendors can write there own
backend that can directly talk to a printer without having cups or something like this
- the default settings are (it currently makes no sense to change them :-):
ntptr providor = simple_ldb
spoolss database = $private_dir/spoolss.db
metze
(This used to be commit 455b5536d41bc31ebef8290812f45d4a38afa8e9)
|
|
metze
(This used to be commit 520d5c67329e957121e3b71c1ffc0be3893c2033)
|
|
event_context for the socket_connect() call, so that when things that
use dcerpc are running alongside anything else it doesn't block the
whole process during a connect.
Then of course I needed to change any code that created a dcerpc
connection (such as the auth code) to also take an event context, and
anything that called that and so on .... thus the size of the patch.
There were 3 places where I punted:
- abartlet wanted me to add a gensec_set_event_context() call
instead of adding it to the gensec init calls. Andrew, my
apologies for not doing this. I didn't do it as adding a new
parameter allowed me to catch all the callers with the
compiler. Now that its done, we could go back and use
gensec_set_event_context()
- the ejs code calls auth initialisation, which means it should pass
in the event context from the web server. I punted on that. Needs fixing.
- I used a NULL event context in dcom_get_pipe(). This is equivalent
to what we did already, but should be fixed to use a callers event
context. Jelmer, can you think of a clean way to do that?
I also cleaned up a couple of things:
- libnet_context_destroy() makes no sense. I removed it.
- removed some unused vars in various places
(This used to be commit 3a3025485bdb8f600ab528c0b4b4eef0c65e3fc9)
|
|
Old way was ugly and had a bug, you couldn't add an attribute named
dn or distinguishedName and search for it, tdb would change that search in a dn search.
This makes it also possible to search by dn against an ldap server as the old method was
not supported by ldap syntaxes.
sss
(This used to be commit a614466dec2484a0d39bdfae53da822cfcf80926)
|
|
- add EnumMonitors() server code and return "Standard TCP/IP Port"
- add parsing for opening Ports and Monitors with OpenPrinterEx()
metze
(This used to be commit 08e6de37bc293e2f000d03b51642964d92d6e95e)
|
|
- use the same names as etherel (offered,needed) for the buffer sizes
(and they are really independently used)
metze
(This used to be commit f5532a5b74e972f44ed8aa19ee9c5851a4b40f65)
|
|
metze
(This used to be commit 9f4ed54c58a1d029b171ad199dd4a7ccf1f96f64)
|
|
editors, and added a test for it.
(This used to be commit 9e428881f6fc0a422ac9011d847e8f692284397a)
|
|
- return WERR_NOT_SUPPORTED on AddPort()
(we pass the RPC-SPOOLSS test now :-)
metze
(This used to be commit d62db5b7d3b6418e870b87c8fd33a1587ecc1728)
|
|
metze
(This used to be commit 665e4f0bd47117ce597f7eb6be0b89420582c471)
|
|
and I can view the print server properties...
But it didn't like our EnumPorts() reply and also didn't show the test Form...
(jerry: can you have a look at this?)
metze
(This used to be commit 42c9a66da9b4adf1c44dcca13ea184ed2e7a4681)
|
|
ncacn_ specific
(This used to be commit 875cce126878172eedb43b4ecab3970ea9d82e4a)
|
|
(This used to be commit 2009a430b03c685dd65bd573e70d3618f2e0dd0f)
|