summaryrefslogtreecommitdiff
path: root/source4/utils
AgeCommit message (Collapse)AuthorFilesLines
2007-10-10r6028: A MAJOR update to intergrate the new credentails system fully withAndrew Bartlett1-54/+54
GENSEC, and to pull SCHANNEL into GENSEC, by making it less 'special'. GENSEC now no longer has it's own handling of 'set username' etc, instead it uses cli_credentials calls. In order to link the credentails code right though Samba, a lot of interfaces have changed to remove 'username, domain, password' arguments, and these have been replaced with a single 'struct cli_credentials'. In the session setup code, a new parameter 'workgroup' contains the client/server current workgroup, which seems unrelated to the authentication exchange (it was being filled in from the auth info). This allows in particular kerberos to only call back for passwords when it actually needs to perform the kinit. The kerberos code has been modified not to use the SPNEGO provided 'principal name' (in the mechListMIC), but to instead use the name the host was connected to as. This better matches Microsoft behaviour, is more secure and allows better use of standard kerberos functions. To achieve this, I made changes to our socket code so that the hostname (before name resolution) is now recorded on the socket. In schannel, most of the code from librpc/rpc/dcerpc_schannel.c is now in libcli/auth/schannel.c, and it looks much more like a standard GENSEC module. The actual sign/seal code moved to libcli/auth/schannel_sign.c in a previous commit. The schannel credentails structure is now merged with the rest of the credentails, as many of the values (username, workstation, domain) where already present there. This makes handling this in a generic manner much easier, as there is no longer a custom entry-point. The auth_domain module continues to be developed, but is now just as functional as auth_winbind. The changes here are consequential to the schannel changes. The only removed function at this point is the RPC-LOGIN test (simulating the load of a WinXP login), which needs much more work to clean it up (it contains copies of too much code from all over the torture suite, and I havn't been able to penetrate its 'structure'). Andrew Bartlett (This used to be commit 2301a4b38a21aa60917973451687063d83d18d66)
2007-10-10r5924: Use cli_credentials in libnet/.Jelmer Vernooij4-16/+6
(This used to be commit e5bc6f4f1716568ae7022d61b5b35ee047b58414)
2007-10-10r5917: First step in using the new cli_credentials structure. This patchJelmer Vernooij6-28/+23
puts support for it into popt_common, adds a few utility functions (in lib/credentials.c) and the callback functions for the command-line (lib/cmdline/credentials.c). Comments are welcome :-) (This used to be commit 1d49b57c50fe8c2683ea23e9df41ce8ad774db98)
2007-10-10r5902: A rather large change...Andrew Bartlett1-1/+1
I wanted to add a simple 'workstation' argument to the DCERPC authenticated binding calls, but this patch kind of grew from there. With SCHANNEL, the 'workstation' name (the netbios name of the client) matters, as this is what ties the session between the NETLOGON ops and the SCHANNEL bind. This changes a lot of files, and these will again be changed when jelmer does the credentials work. I also correct some schannel IDL to distinguish between workstation names and account names. The distinction matters for domain trust accounts. Issues in handling this (issues with lifetime of talloc pointers) caused me to change the 'creds_CredentialsState' and 'struct dcerpc_binding' pointers to always be talloc()ed pointers. In the schannel DB, we now store both the domain and computername, and query on both. This should ensure we fault correctly when the domain is specified incorrectly in the SCHANNEL bind. In the RPC-SCHANNEL test, I finally fixed a bug that vl pointed out, where the comment claimed we re-used a connection, but in fact we made a new connection. This was achived by breaking apart some of the dcerpc_secondary_connection() logic. The addition of workstation handling was also propogated to NTLMSSP and GENSEC, for completeness. The RPC-SAMSYNC test has been cleaned up a little, using a loop over usernames/passwords rather than manually expanded tests. This will be expanded further (the code in #if 0 in this patch) to use a newly created user account for testing. In making this test pass test_rpc.sh, I found a bug in the RPC-ECHO server, caused by the removal of [ref] and the assoicated pointer from the IDL. This has been re-added, until the underlying pidl issues are solved. (This used to be commit 824289dcc20908ddec957a4a892a103eec2da9b9)
2007-10-10r5827: Make ndrdump accept a uuid as well as a pipe name to specifyTim Potter1-3/+9
which rpc interface to use. (This used to be commit d59bc9dc9bb3a11dd07b7862ea10d1b32e670598)
2007-10-10r5782: Use standard input for reading packet data if filename not specified.Tim Potter1-4/+38
(This used to be commit c3c6dafc3120ed5018a27a882cbc09e9d05fac33)
2007-10-10r5425: Convert function tables to new structure (with description)Rafal Szczesniak3-46/+14
and remove unnecessary help functions as help is generated automatically. Usage functions with precise information about usage of each leaf node remain. rafal (This used to be commit eb66180d14a14cafbfc0df2b39eeaf4ad7bb43a9)
2007-10-10r5424: Automatically generate basic help display on basis of nameRafal Szczesniak1-50/+31
and description from function table. rafal (This used to be commit 24f7a3860e82bf632ebd6b3416e5e874e832be5f)
2007-10-10r5423: Change function table structure to allow short descriptionRafal Szczesniak1-1/+1
of command groups. Also give up help function pointer in the structure since it's needed only in leaf nodes of command tree, and leaf nodes decide about help on their own. Usage function is still available on all levels. rafal (This used to be commit 48568959a86ee60c188b84078eb3872b8e185b6c)
2007-10-10r5413: enable standard samba command line options in ndrdump (so -d works)Andrew Tridgell1-0/+1
(This used to be commit 6f9eb74ef8536004d08ffd01ad41622b83526af6)
2007-10-10r5412: don't force initial debug level up in ndrdumpAndrew Tridgell1-2/+0
(This used to be commit 9536936992795629d19d4004fcad78cec3a3caff)
2007-10-10r5400: Slightly better handling of help messages in net tool.Rafal Szczesniak4-20/+18
rafal (This used to be commit 5cebb4feedf7d6542c497fe55763d66f51b1c989)
2007-10-10r5381: Added net_user.c with net tool interface for managing user accounts.Rafal Szczesniak3-1/+98
rafal (This used to be commit 3005f0408c647fcab65c11de9bf680f7f5831492)
2007-10-10r5380: Removed extra newline.Rafal Szczesniak1-1/+0
rafal (This used to be commit d8fa9baf24852d87fcffee8bf353604b4507683d)
2007-10-10r5328: - allow case sensitive nbt name lookupsAndrew Tridgell1-0/+8
- added --case-sensitive option to nmblookup - added case sensitivity tests to the NBT-WINS test (This used to be commit 80a95d5688e055b36727e5c043cb36322d719763)
2007-10-10r5308: trimmed back a lot of the old macros from smb_macros.hAndrew Tridgell1-1/+1
(This used to be commit bf43c9bdcf9e654d123f6a2b29feb9189ca9e561)
2007-10-10r5304: removed lib/socket/socket.h from includes.hAndrew Tridgell1-0/+1
(This used to be commit b902ea546d2d1327b23f40ddaeeaa8e7e3662454)
2007-10-10r5300: more uint32 and system/filesys.h build fixes when developer mode is ↵Andrew Tridgell1-1/+1
enabled (This used to be commit 93931b1a741a3722c311ada80c4c9d3d670f91b2)
2007-10-10r5298: - got rid of pstring.h from includes.h. This at least makes it a bitAndrew Tridgell2-2/+4
less likely that anyone will use pstring for new code - got rid of winbind_client.h from includes.h. This one triggered a huge change, as winbind_client.h was including system/filesys.h and defining the old uint32 and uint16 types, as well as its own pstring and fstring. (This used to be commit 9db6c79e902ec538108d6b7d3324039aabe1704f)
2007-10-10r5294: - added a separate NBT-WINS test for WINS operations (register, ↵Andrew Tridgell1-5/+1
refresh, release and query) - change the iface_n_*() functions to return a "const char *" instead of a "struct ipv4_addr" I think that in general we should move towards "const char *" for all IP addresses, as this makes IPv6 much easier, and is also easier to debug. Andrew, when you get a chance, could you fix some of the auth code to use strings for IPs ? - return a NTSTATUS error on bad name queries and node status instead of using rcode. This makes the calling code simpler. - added low level name release code in libcli/nbt/ - use a real IP in the register and wins nbt torture tests, as w2k3 WINS server silently rejects some operations that don't come from the IP being used (eg. it says "yes" to a release, but does not in fact release the name) (This used to be commit bb1ab11d8e0ea0bd9ae34aebeb565d36fe4b495f)
2007-10-10r5261: translate nbt rcode errors to NTSTATUS codesAndrew Tridgell1-0/+4
(This used to be commit 554d1b70e73faeb1f5ecf88f31c5810d86d76200)
2007-10-10r5260: - show an error message on nmblookup failureAndrew Tridgell1-4/+8
- always try to enable broadcast on nbt name sockets (this matches samba3 behaviour better) (This used to be commit 919bc14e7bbc04479cf11f7a7fd4c5e46616ef46)
2007-10-10r5252: - fixed nmblookup for the nbt api changesAndrew Tridgell1-2/+4
- added a simple WINS server name registration and query test (This used to be commit d56e68ebf584e50aa409d22b1ca7c9276abea962)
2007-10-10r5114: the nbtd task can now act as a basic B-node server. It registers itsAndrew Tridgell1-5/+8
names on the network and answers name queries. Lots of details are still missing, but at least this now means you don't need a Samba3 nmbd to use Samba4. missing pieces include: - name registrations should be "shout 3 times, then demand" - no WINS server yet - no master browser code (This used to be commit d7d31fdc6670f026f96b50e51a4de19f0b920e5b)
2007-10-10r5054: added a nmblookup tool, based on the new nbt libraryAndrew Tridgell2-240/+239
(This used to be commit 9587cbcb9ea5303b345c31a662e9cd75d7cd705d)
2007-10-10r5037: got rid of all of the TALLOC_DEPRECATED stuff. My apologies for theAndrew Tridgell2-5/+5
large commit. I thought this was worthwhile to get done for consistency. (This used to be commit ec32b22ed5ec224f6324f5e069d15e92e38e15c0)
2007-10-10r5004: add current samba3 nmblookup.c ready for updating to new nbt libAndrew Tridgell1-0/+299
(This used to be commit 854f7f376d7e15524a76bdb43a56be2a1a1d8123)
2007-10-10r5003: delete old nmblookup.c codeAndrew Tridgell1-338/+0
(This used to be commit b781a542447f9b9468ab20dd26c222a4ebfcda85)
2007-10-10r4889: make sure ndr print flags are initialised in ndrdumpAndrew Tridgell1-1/+2
(This used to be commit c5c65ad8fb21e515535286c52847f3eb990f8036)
2007-10-10r4794: - disabled the ntacl command line utilities until they are rewritten ↵Andrew Tridgell3-243/+3
to use the same acl format as we use in pvfs (and hopefully use common code too) - removed a lot of old cruft from our autoconf tests. This may well break some builds, but then we can fix them properly instead of the "if solaris version 5.1.2" crap This was prompted by someone sending me solaris 10 patches that patched the configure script with if statements for several more versions of solaris to check for and do special stuff. That is just silly. (This used to be commit 1ea59d1146f041e9befbb435e901c6d7d497c52c)
2007-10-10r4762: Store the results of a 'net join' in the LDB.Andrew Bartlett1-34/+27
Like Samba3, the storage of the primary domain password is keyed off the domain name, so we can join multiple domains, and just swap 'workgroup =' around. Andrew Bartlett (This used to be commit 54a231780e028c6433cac296f2fbc64e39632dfd)
2007-10-10r4722: Start to add 'net join' to Samba4.Andrew Bartlett3-2/+111
Andrew Bartlett (This used to be commit a9b960609142e15ba5950eb1b22944eb6df18d9c)
2007-10-10r4620: - add interface functions to the auth subsystem so that callers ↵Stefan Metzmacher1-3/+3
doesn't need to use function pointers anymore - make the module init much easier - a lot of cleanups don't try to read the diff in auth/ better read the new files it passes test_echo.sh and test_rpc.sh abartlet: please fix spelling fixes metze (This used to be commit 3c0d16b8236451f2cfd38fc3db8ae2906106d847)
2007-10-10r4616: the first phase in the addition of proper support forAndrew Tridgell1-5/+5
dcerpc_alter_context and multiple context_ids in the dcerpc client library. This stage does the following: - split "struct dcerpc_pipe" into two parts, the main part being "struct dcerpc_connection", which contains all the parts not dependent on the context, and "struct dcerpc_pipe" which has the context dependent part. This is similar to the layering in libcli_*() for SMB - disable the current dcerpc_alter code. I've used a #warning until i get the 2nd phase finished. I don't know how portable #warning is, but it won't be long before I add full alter context support anyway, so it won't last long - cleanup the allocation of dcerpc_pipe structures. The previous code was quite awkward. (This used to be commit 4004c69937be7e5dae56f9567ca607f982d395d3)
2007-10-10r4591: - converted the other _p talloc functions to not need _pAndrew Tridgell1-1/+1
- added #if TALLOC_DEPRECATED around the _p functions - fixes the code that broke from the above while doing this I fixed quite a number of places that were incorrectly using the non type-safe talloc functions to use the type safe ones. Some were even doing multiplies for array allocation, which is potentially unsafe. (This used to be commit 6e7754abd0c225527fb38363996a6e241b87b37e)
2007-10-10r4549: got rid of a lot more uses of plain talloc(), instead usingAndrew Tridgell1-1/+1
talloc_size() or talloc_array_p() where appropriate. also fixed a memory leak in pvfs_copy_file() (failed to free a memory context) (This used to be commit 89b74b53546e1570b11b3702f40bee58aed8c503)
2007-10-10r4419: move security_token stuff to the libcli/security/Stefan Metzmacher1-0/+1
and debug privileges metze (This used to be commit c981808ed4cfa63c7ba7c4f9190b6b14f74bab40)
2007-10-10r4358: At metze's request, the Christmas elves have removed gensec_end inAndrew Bartlett1-1/+1
favor of talloc_free(). Andrew Bartlett (This used to be commit 1933cd12fbaed56e13f2386b19de6ade99bf9478)
2007-10-10r4341: Fix const warning.Tim Potter1-1/+1
(This used to be commit d8b1ba93a8ed0d5d01cb05b1c14353a0eca4de3e)
2007-10-10r4201: Remove duplicate const.Tim Potter1-1/+1
(This used to be commit 1d96717843a9b60a757548a24967bbb553775fa3)
2007-10-10r4147: converted from NT_USER_TOKEN to struct security_tokenAndrew Tridgell1-4/+5
this is mostly just a tidyup, but also adds the privilege_mask, which I will be using shortly in ACL checking. note that I had to move the definition of struct security_token out of security.idl as pidl doesn't yet handle arrays of pointers, and the usual workaround (to use a intermediate structure) would make things too cumbersome for this structure, especially given we never encode it to NDR. (This used to be commit 7b446af09b8050746bfc2c50e9d56aa94397cc1a)
2007-10-10r4070: move some defines from asn_1.h to the places they belong toStefan Metzmacher1-3/+2
metze (This used to be commit ab2c2f27e1c61516e885f02bf26350f97209057a)
2007-10-10r4055: fixed more places to use type safe allocation macrosAndrew Tridgell1-1/+1
(This used to be commit eec698254f67365f27b4b7569fa982e22472aca1)
2007-10-10r4037: fixed a bunch of "might be uninitialised" warnings after enabling -O1 ↵Andrew Tridgell1-1/+1
in my compile (This used to be commit 0928b1f5b68c858922c3ea6c27ed03b5091c6221)
2007-10-10r3963: fix conpiler warningsStefan Metzmacher1-3/+3
metze (This used to be commit 1239076ef77a2970e806f00e262e910777b40692)
2007-10-10r3891: Add rot (Running Object Table) interfaceJelmer Vernooij1-0/+5
(This used to be commit 4840eaeed3cfd72026babb382f26929c29702713)
2007-10-10r3881: Split up the LIBNDR_GEN subsystem into NDR_* and RPC_NDR_* subsystems.Jelmer Vernooij1-5/+5
This reduces the total size of the samba binaries from 119 Mb to 73 Mb. Next step will be to have the build system obtain some of this information by itself, so that we don't have to write ~10 lines per interface manually. (This used to be commit 16d905f6b0cbec591eebc44ee2ac9516a5730378)
2007-10-10r3790: use a registration function that is called from dcerpc_*_init functionsJelmer Vernooij1-24/+8
rather then a large table in librpc/gen_ndr/tables.c. This will allow us to only link in only the required gen_ndr files (speeds up linking quite a bit, makes binaries smaller). Each gen_ndr_* file now has a init function that calls the init functions of the interfaces it contains. I did it this way to keep pidl's code simple, though it might hurt startup time a bit. I'd be happy to change it if people like one function better. (This used to be commit 3c436590ae95b58ad6d00e72d6fdd08a4d80f208)
2007-10-10r3744: Support building subsystems as a shared library. Modules don't work yet,Jelmer Vernooij1-1/+2
so while this does compile, it does not work yet. (This used to be commit 3d885562c9f83d60c5d4957b067e35387dfa50dd)
2007-10-10r3733: More build system fixes/features:Jelmer Vernooij3-28/+0
- Use .mk files directly (no need for a SMB_*_MK() macro when adding a new SUBSYSTEM, MODULE or BINARY). This allows addition of new modules and subsystems without running configure - Add support for generating .dot files with the Samba4 dependency tree (as used by the graphviz and springgraph utilities) (This used to be commit 64826da834e26ee0488674e27a0eae36491ee179)