summaryrefslogtreecommitdiff
path: root/source4/utils
AgeCommit message (Collapse)AuthorFilesLines
2007-10-10r10486: This is a merge of Brad Henry's 'net join' rework, to better performAndrew Bartlett1-9/+15
an ADS join, particularly as a DC. This represents the bulk of his Google SOC work, and I'm very pleased to intergrate it into the tree. (Metze will intergrate the DRSUAPI work later). Both metze and myself have also put a lot of time into this patch, and in mentoring Brad in general. In return, Brad has been a very good student, and has taken the comments well. Since it's last appearance on samba-technical@, I have made correctness and valgrind fixups, as well as adding a new 'BINDING' mode to the libnet_rpc routines. This allows the exact binding string to be passed down from the torture code, including options and exact target host. Andrew Bartlett (This used to be commit d6fa105fdabbeb83a9b0e50dad49d1649afdb2a4)
2007-10-10r10402: Make the RPC-SAMLOGON test pass against Win2k3 SP0 again.Andrew Bartlett1-2/+2
I still have issues with Win2k3 SP1, and Samba4 doesn't pass it's own test for the moment, but I'm working on these issues :-) This required a change to the credentials API, so that the special case for NTLM logins using a principal was indeed handled as a special, not general case. Also don't set the realm from a ccache, as then it overrides --option=realm=. Andrew Bartlett (This used to be commit 194e8f07c0cb4685797c5a7a074577c62dfdebe3)
2007-10-10r10348: Add scons scripts for remaining subsystems. Most subsystems build now,Jelmer Vernooij1-0/+8
but final linking still fails (as does generating files asn1, et, idl and proto files) (This used to be commit 4f0d7f75b99c7f4388d8acb0838577d86baf68b5)
2007-10-10r10316: More dynconfig fixesJelmer Vernooij1-1/+0
(This used to be commit 0963ab9c148772b961f17ec779213b0eb861e1dd)
2007-10-10r10315: Remove use of fstring and pstring in dynconfig.cJelmer Vernooij2-2/+0
Remove unused includes of dynconfig.h (This used to be commit 59083b7ba60d518ddb59646c4fd69938afd079b3)
2007-10-10r10144: dump the whole data blobStefan Metzmacher1-1/+1
metze (This used to be commit 4f933165c22113adecf5f1b57927aa89f1715945)
2007-10-10r10143: don't exit when the not all bytes are consumed,Stefan Metzmacher1-4/+2
(this happens with relative pointers) metze (This used to be commit 3ba227aafd75b88c26c6a3fde8d55aeb360e344f)
2007-10-10r9991: Some more 64-bit size_t warnings. There are a few more but they areTim Potter1-2/+2
too hard to fix right now. (-: (This used to be commit a64b813ff70ccf203e65ddb9d5ee3f5dc3495a15)
2007-10-10r9954: getntacl depends on EXT_LIB_XATTRStefan Metzmacher1-1/+2
(maybe we need to disable this binary when EXT_LIB_XATTR isn't enabled) metze (This used to be commit 0e5cac10cbcf0d3576cc042f6c0298b10b537464)
2007-10-10r9792: Rename StrCaseCmp -> strcasecmp_m. All these years I was thinkingJelmer Vernooij1-2/+2
StrCaseCmp was sys_strcasecmp, while it is in fact strcasecmp_m! (This used to be commit 200a8f6652cb2de7a8037a7a4c2a204b50aee2b1)
2007-10-10r9772: Make credentials callbacks more consistant with the abstractionAndrew Bartlett1-46/+67
function interface used in the credentials code. Fix bug in ntlm_auth, where we would overwrite the PW specified as a first input. (Reported and chased by Kai Blin <blin@gmx.net>, bug #3040) Andrew Bartlett (This used to be commit 04af95bd31de39ad6aff349a4838dd77cb300034)
2007-10-10r9728: A *major* update to the credentials system, to incorporate theAndrew Bartlett2-4/+2
Kerberos CCACHE into the system. This again allows the use of the system ccache when no username is specified, and brings more code in common between gensec_krb5 and gensec_gssapi. It also has a side-effect that may (or may not) be expected: If there is a ccache, even if it is not used (perhaps the remote server didn't want kerberos), it will change the default username. Andrew Bartlett (This used to be commit 6202267f6ec1446d6bd11d1d37d05a977bc8d315)
2007-10-10r9569: fixed an uninitialised variableAndrew Tridgell1-1/+1
(This used to be commit 5c71547703eeb328cdfbefbbfce6da38f7e6c5d5)
2007-10-10r9482: add --validate and --dump-data options to ndrdump,Stefan Metzmacher1-20/+89
this allows us to check the differences in our pull and push code metze (This used to be commit f12ab6a9d3bd9d5043e9e602c383085869ddf4db)
2007-10-10r9396: ntlm_auth updates, including again support for the NTLMSSP clientAndrew Bartlett1-2/+8
mode, and specification of the workstation. Andrew Bartlett (This used to be commit 8f53d995c63b718b40fb52ec102fa74f94719b65)
2007-10-10r9357: Remove DBGC_CLASS cruft copied over from Samba 3. I would like toTim Potter1-3/+0
replace this with something funkier. (This used to be commit 8d376d56c78894b9bbd27ed7fa70da415c0cd038)
2007-10-10r9240: - move struct security_token to the idl file, with this we canStefan Metzmacher2-2/+1
the ndr_pull/push/print functions for it in the ntacl-lsm module - fix compiler warnings in the ldap_encode_ndr_* code metze (This used to be commit 83d65d0d7ed9c240ad44aa2c881c1f07212bfda4)
2007-10-10r9152: fix a crash bugStefan Metzmacher1-2/+1
metze (This used to be commit d1868bd5912c5bb90509ace5c7ac8589c29e423c)
2007-10-10r8966: Simplify the makefile generation system a bit.Jelmer Vernooij2-0/+7
Autogenerate list of binaries (rather then having them hardcoded in build/smb_build/makefile.pm) Add INSTALLDIR keyword to .mk files (This used to be commit ce0935112b846486cf705ec69f12350be9c4c89d)
2007-10-10r8901: Fix ntlm_auth segfault (invalid free()). We have moved to tallocAndrew Bartlett1-6/+11
here. Andrew Bartlett (This used to be commit b341bd4487f81a48de2e479e85d90f64c7f071e0)
2007-10-10r8847: Rework the Samba4 'net join' code. I'm trying to get this closer toAndrew Bartlett1-6/+5
what WinXP does when joining an AD domain, but in the meantime this removes the excess unions, and uses the LSA pipe in same way XP does. Andrew Bartlett (This used to be commit d2789c426090c325f6535cdce380ac0f4e22c3c7)
2007-10-10r8752: With all the infrustructure done, details like a SamSync migrationAndrew Bartlett2-0/+41
into LDB are actually quite easy. This brings us the users, and sets basic domain information. You are expected to have provisioned with the settings for the target domain, and have joined the domain as a BDC. Then simply 'net samsync'. Now we just need to flesh out the delta types. Andrew Bartlett (This used to be commit 1e0f7792bb29b17c23197a5e42ee8cabb0cf17d0)
2007-10-10r8748: fixed build. Andrew, please check.Andrew Tridgell1-6/+4
(This used to be commit 9411bd4e5e7ac9fd0aacd1432de967eda45e64f4)
2007-10-10r8702: fixed ntlm_auth build. Andrew, can you check I got this right?Andrew Tridgell1-7/+6
(This used to be commit 3c12b46e320412e4746fced7e2898f892e815118)
2007-10-10r8520: fixed a pile of warnings from the build farm gcc -Wall output onAndrew Tridgell1-1/+1
S390. This is an attempt to avoid the panic we're seeing in the automatic builds. The main fixes are: - assumptions that sizeof(size_t) == sizeof(int), mostly in printf formats - use of NULL format statements to perform dn searches. - assumption that sizeof() returns an int (This used to be commit a58ea6b3854973b694d2b1e22323ed7eb00e3a3f)
2007-10-10r8394: Make sure the argument to ctype is*(3) macros are unsigned char asLove Hörnquist Åstrand1-1/+1
required by ISO C99. (This used to be commit 56fd21c806e816cf4c3d23881f26474f858b45e2)
2007-10-10r8273: fixed some memory leaks in smbscript. This required convertingAndrew Tridgell1-2/+2
file_load() to use talloc, which impacted quite a few bits of code, including our smb.conf processing. took the opportunity to remove the gloabls in params.c while doing this (This used to be commit b220756cb4f1d201ba3e771ca67e4bfae5eae748)
2007-10-10r7943: Add 'make manpages', fix 'make installman' and 'make uninstallman'.Jelmer Vernooij1-0/+2
Not part of the "all" make target yet, as it requires xsltproc (This used to be commit fd3f4636438cf1d9c0dd802064033271b9e4d935)
2007-10-10r7740: get rid of our duplicate base64 routinesAndrew Tridgell1-3/+3
(This used to be commit cf17f90a83cf04815544c5408eb56d00546b3e88)
2007-10-10r7674: Fix the printf() attribute suggestion by correctly prototyping, thenAndrew Bartlett1-1/+3
declaring the static function. The attribute only works on the prototype, not the function. Andrew Bartlett (This used to be commit 4c254754d25e5aa8b203d2d67a39895ffef3f393)
2007-10-10r7633: this patch started as an attempt to make the dcerpc code use a givenAndrew Tridgell6-15/+16
event_context for the socket_connect() call, so that when things that use dcerpc are running alongside anything else it doesn't block the whole process during a connect. Then of course I needed to change any code that created a dcerpc connection (such as the auth code) to also take an event context, and anything that called that and so on .... thus the size of the patch. There were 3 places where I punted: - abartlet wanted me to add a gensec_set_event_context() call instead of adding it to the gensec init calls. Andrew, my apologies for not doing this. I didn't do it as adding a new parameter allowed me to catch all the callers with the compiler. Now that its done, we could go back and use gensec_set_event_context() - the ejs code calls auth initialisation, which means it should pass in the event context from the web server. I punted on that. Needs fixing. - I used a NULL event context in dcom_get_pipe(). This is equivalent to what we did already, but should be fixed to use a callers event context. Jelmer, can you think of a clean way to do that? I also cleaned up a couple of things: - libnet_context_destroy() makes no sense. I removed it. - removed some unused vars in various places (This used to be commit 3a3025485bdb8f600ab528c0b4b4eef0c65e3fc9)
2007-10-10r7525: Unify lp_load(), load_interfaces and logging setup into popt().Andrew Bartlett4-20/+2
There is now a new --debug-stderr option to enable debug to STDERR. popt isn't perfect, but the callbacks are used in all the main Samba binaries, and should be used in the rest. This avoids duplicated code, and ensures every binary is setup correctly. This also ensures the setup happens early enough to have -s function, and have a correct impact on the credentials code. (Fixing a bug that frustrated tridge earlier today). The only 'subtle' aspect of all this is that I'm pretty sure that the SAMBA_COMMON popt code must be above the CREDENTIALS code, in the popt tables. Andrew Bartlett (This used to be commit 50f3c2b3a22971f40e0d3a88127b5120bfc47591)
2007-10-10r7382: Convert net_user code so that is can be compiled againstRafal Szczesniak1-5/+5
changed CreateUser call. Doesn't work yet, but the test passes. rafal (This used to be commit a50ebd4a16ac141214cc24b3390da78a209b4284)
2007-10-10r7249: Cope with struct member renameJelmer Vernooij5-7/+7
(This used to be commit e7549f33f5fb06d8b2a8f31745545cc7b9c8d4f9)
2007-10-10r7117: Move more manpages to the source repositoryJelmer Vernooij2-0/+352
(This used to be commit b00355bf0ce241a1223dbdbb2f3b5059a2bb4204)
2007-10-10r6973: Merge new version of pidl into the main SAMBA_4_0 branch.Jelmer Vernooij1-4/+2
The main difference in this new version is the extra data structure generated between the IDL data structure and the NDR parser: IDL -> NDR -> { ndr_parser, ndr_header, eparser, etc } This makes the ndr_parser.pm internals much more sane. Other changes include: - Remove unnecessary calls with NDR_BUFFERS (for example, GUID doesn't have any buffers, just scalars) as well as some (unnecessary) nested setting of flags. - Parse array loops in the C code rather then calling ndr_pull_array(). This allows us to have, for example, arrays of pointers or arrays of pointers to arrays, etc.. - Use if() {} rather then if () goto foo; everywhere - NDR_IN no longer implies LIBNDR_FLAG_REF_ALLOC - By default, top level pointers are now "ref" (as is the default in most other IDL compilers). This can be overridden using the default_pointer_top() property. - initial work on new ethereal parser generators by Alan DeKok and me - pidl now writes errors in the standard format used by compilers, which is parsable by most editors - ability to warn about the fact that pidl extension(s) have been used, useful for making sure IDL files work with other IDL compilers. oh, and there's probably some other things I can't think of right now.. (This used to be commit 13cf227615f6b9e0e5fa62e59197024410254f01)
2007-10-10r6951: Fix all calls to setup_logging() that use 'True' as a second argument.Tim Potter1-1/+1
In Samba4 this is now an enum. Possibly by accident, True just happens to map to the right value in this case. (-: (This used to be commit affacc539864435cbc749a4c1a6b848c61b7182b)
2007-10-10r6930: Use NBT_NAME_CLIENT instead of the number 0.Tim Potter1-1/+1
(This used to be commit e6b53ce177d7fea7440656a7bba3dd96fb82e9f3)
2007-10-10r6839: Add support for building subsystems as shared libraries. This can beJelmer Vernooij1-6/+6
done by setting: OUTPUT_TYPE = SHARED_LIBRARY in the [SUBSYSTEM::...] section belonging to a subsystem. The idea is to allow multiple values to OUTPUT_TYPE simultaneously (e.g. OUTPUT_TYPE = SHARED_LIBRARY, STATIC_LIBRARY, OBJLIST ) (This used to be commit b9d0ae93ba86fec0115f58e7940b2a6c908bc809)
2007-10-10r6795: Make some functions static and remove some unused ones.Jelmer Vernooij1-5/+5
(This used to be commit 46509eb89980bfe6dabd71264d570ea356ee5a22)
2007-10-10r6612: fix the buildStefan Metzmacher2-9/+2
metze (This used to be commit a1c7fe2578810d7c2b3c44e8271765468d0fcaee)
2007-10-10r6609: remove double entry for [BINARY::getntacl]Stefan Metzmacher1-15/+0
metze (This used to be commit 55c9746da847d053d0c5a1b599da24af0a9e4b71)
2007-10-10r6573: Start on my project to implement an NT4 compatible BDC in Samba4.Andrew Bartlett3-0/+70
This brings in a compatability layer for Samba3 in Samba4 - where we will start to define file formats and similar details. The 'net samdump' command uses 'password server = ' for now, and performs a similar task to Samba3's 'net rpc samsync'. Andrew Bartlett (This used to be commit 550f17f9924fe783917318753de7d1a388423908)
2007-10-10r6527: Resurrect getntacl utility program. At the moment we only display theTim Potter2-3/+117
output of ndr_print_xattr_NTACL() to stdout. (This used to be commit b32c159c384c988385f13bbb16e610d825820e18)
2007-10-10r6287: sorted out a small but surprisingly tricky dependency problem with theAndrew Tridgell1-1/+2
ndr code for handling sids and security descriptors now that we have a sid in the nbt IDL (This used to be commit f8e77fcdeac704aed5e501aa9108f3ed0ab26ca4)
2007-10-10r6028: A MAJOR update to intergrate the new credentails system fully withAndrew Bartlett1-54/+54
GENSEC, and to pull SCHANNEL into GENSEC, by making it less 'special'. GENSEC now no longer has it's own handling of 'set username' etc, instead it uses cli_credentials calls. In order to link the credentails code right though Samba, a lot of interfaces have changed to remove 'username, domain, password' arguments, and these have been replaced with a single 'struct cli_credentials'. In the session setup code, a new parameter 'workgroup' contains the client/server current workgroup, which seems unrelated to the authentication exchange (it was being filled in from the auth info). This allows in particular kerberos to only call back for passwords when it actually needs to perform the kinit. The kerberos code has been modified not to use the SPNEGO provided 'principal name' (in the mechListMIC), but to instead use the name the host was connected to as. This better matches Microsoft behaviour, is more secure and allows better use of standard kerberos functions. To achieve this, I made changes to our socket code so that the hostname (before name resolution) is now recorded on the socket. In schannel, most of the code from librpc/rpc/dcerpc_schannel.c is now in libcli/auth/schannel.c, and it looks much more like a standard GENSEC module. The actual sign/seal code moved to libcli/auth/schannel_sign.c in a previous commit. The schannel credentails structure is now merged with the rest of the credentails, as many of the values (username, workstation, domain) where already present there. This makes handling this in a generic manner much easier, as there is no longer a custom entry-point. The auth_domain module continues to be developed, but is now just as functional as auth_winbind. The changes here are consequential to the schannel changes. The only removed function at this point is the RPC-LOGIN test (simulating the load of a WinXP login), which needs much more work to clean it up (it contains copies of too much code from all over the torture suite, and I havn't been able to penetrate its 'structure'). Andrew Bartlett (This used to be commit 2301a4b38a21aa60917973451687063d83d18d66)
2007-10-10r5924: Use cli_credentials in libnet/.Jelmer Vernooij4-16/+6
(This used to be commit e5bc6f4f1716568ae7022d61b5b35ee047b58414)
2007-10-10r5917: First step in using the new cli_credentials structure. This patchJelmer Vernooij6-28/+23
puts support for it into popt_common, adds a few utility functions (in lib/credentials.c) and the callback functions for the command-line (lib/cmdline/credentials.c). Comments are welcome :-) (This used to be commit 1d49b57c50fe8c2683ea23e9df41ce8ad774db98)
2007-10-10r5902: A rather large change...Andrew Bartlett1-1/+1
I wanted to add a simple 'workstation' argument to the DCERPC authenticated binding calls, but this patch kind of grew from there. With SCHANNEL, the 'workstation' name (the netbios name of the client) matters, as this is what ties the session between the NETLOGON ops and the SCHANNEL bind. This changes a lot of files, and these will again be changed when jelmer does the credentials work. I also correct some schannel IDL to distinguish between workstation names and account names. The distinction matters for domain trust accounts. Issues in handling this (issues with lifetime of talloc pointers) caused me to change the 'creds_CredentialsState' and 'struct dcerpc_binding' pointers to always be talloc()ed pointers. In the schannel DB, we now store both the domain and computername, and query on both. This should ensure we fault correctly when the domain is specified incorrectly in the SCHANNEL bind. In the RPC-SCHANNEL test, I finally fixed a bug that vl pointed out, where the comment claimed we re-used a connection, but in fact we made a new connection. This was achived by breaking apart some of the dcerpc_secondary_connection() logic. The addition of workstation handling was also propogated to NTLMSSP and GENSEC, for completeness. The RPC-SAMSYNC test has been cleaned up a little, using a loop over usernames/passwords rather than manually expanded tests. This will be expanded further (the code in #if 0 in this patch) to use a newly created user account for testing. In making this test pass test_rpc.sh, I found a bug in the RPC-ECHO server, caused by the removal of [ref] and the assoicated pointer from the IDL. This has been re-added, until the underlying pidl issues are solved. (This used to be commit 824289dcc20908ddec957a4a892a103eec2da9b9)
2007-10-10r5827: Make ndrdump accept a uuid as well as a pipe name to specifyTim Potter1-3/+9
which rpc interface to use. (This used to be commit d59bc9dc9bb3a11dd07b7862ea10d1b32e670598)