1
0
mirror of https://github.com/samba-team/samba.git synced 2025-01-12 09:18:10 +03:00
Commit Graph

368 Commits

Author SHA1 Message Date
Andrew Bartlett
34aa19cafe r13317: Create a new function messaging_client_init() which can be used when
we don't have a server messaging context.  We should replace the
datagram messages with stream sockets in this case, so we don't have
to create a unique socket.

Andrew Bartlett
(This used to be commit fd974fb647)
2007-10-10 13:51:43 -05:00
Andrew Bartlett
fc29c3250a r13104: Migrate and set secrets keytab values in the 'net join' code. This
avoids falling back to in-memory keytabs.

Andrew Bartlett
(This used to be commit 59fbce01c6)
2007-10-10 13:51:25 -05:00
Andrew Bartlett
8641271e65 r12979: Grr, I forgot to commit this file (from Brad Henry's libnet_site
patch) before the power went out :-)

Andrew Bartlett
(This used to be commit 352d6493bb)
2007-10-10 13:51:13 -05:00
Andrew Bartlett
1f72942873 r12976: Patch from Brad Henry <j0j0@riod.ca>:
This patch pulls the AD site name generation and site join code from
libnet/libnet_join.c and puts it into a new file, libnet/libnet_site.c.
This way, a common means for site name, configuration dn and server dn
generation exists so it doesn't need to be rewritten in new code (such
as the future libnet_leave for example).

I've made a couple of changes, but nothing dramatic.  Nice work Brad!

Andrew Bartlett
(This used to be commit 45f67b3f6d)
2007-10-10 13:51:13 -05:00
Andrew Bartlett
243e07cfa2 r12930: Fix ADS join: I wasn't filling in the flag 'realm' variable any more.
Andrew Bartlett
(This used to be commit 5c5a2974c9)
2007-10-10 13:51:08 -05:00
Andrew Bartlett
f3db23ac75 r12928: This patch improves the interaction between the vampire and provsion code.
Previously, we had to know (or guess) the host and domain guid at the
provision stage.  Now we query the database post-provision, to extract
the values and fill in the zone file.

This allows us to generate a correct zone file in the Windows migration case.

In an effort to make SWAT easier to use, I have removed and renamed
some of the provision options.

I have also fixed a nasty issue in my js code.  I had implictly
declared a global variable of the name 'join', with disasterious
results for any subsequent user of the string utility function:

esp exception - ASSERT at lib/appweb/ejs/ejsParser.c:2064, 0

Backtrace:
        [ 0]       substitute_var:20   ->               list[i] = join("", list2)
        [ 1]           setup_file:9    ->       data = substitute_var(data, subobj)

Andrew Bartlett
(This used to be commit a38ceefd11)
2007-10-10 13:51:07 -05:00
Andrew Bartlett
dcd63b9770 r12926: Syncronsise GUIDs on users and domains from the server. These also
appear in DNS, so need to match.

Andrew Bartlett
(This used to be commit d092b0493d)
2007-10-10 13:51:07 -05:00
Andrew Bartlett
b15582ed81 r12903: Factor out a new routine libnet_RpcConnectDCInfo, to both connect to
the remote sever, and to query it for domain information.

Provide and use this information in the SamSync/Vampire callbacks, to allow a
parallel connection to LDAP, if we are talking to AD.  This allows us
to get at some important attributes not exposed in the old protocol.

With this, we are able to do a all-GUI vampire of a AD domain from
SWAT, including getting all the SIDs, servicePrincipalNames and the
like correct.

Andrew Bartlett
(This used to be commit 918358cee0)
2007-10-10 13:51:00 -05:00
Andrew Bartlett
17402db4df r12894: Add more detail to error messages.
Andrew Bartlett
(This used to be commit 31fd39f356)
2007-10-10 13:50:59 -05:00
Andrew Bartlett
1460719b6a r12893: Filling in *error_string is critical for SWAT, as the errors otherwise
do not propogate back to the user, they just end up in the logfile.

Andrew Bartlett
(This used to be commit 7c9f8e524b)
2007-10-10 13:50:59 -05:00
Andrew Bartlett
58f78fa182 r12892: Add a 'Migrate from Windows' page to our installation section in SWAT.
Doing this required reworking ejsnet, particularly so it could take a
set of credentials, not just a username and password argument.

This required fixing the ejsnet.js test script, which now adds and
deletes a user, and is run from 'make test'.  This should prevent it
being broken again.

Deleting a user from ejsnet required that the matching backend be
added to libnet, hooking fortunetly onto already existing code for the
actual deletion.

The js credentials interface now handles the 'set machine account' flag.

New functions have been added to provision.js to wrap the basic
operations (so we can write a command line version, as well as the web
based version).

Andrew Bartlett
(This used to be commit a5e7c17c34)
2007-10-10 13:50:59 -05:00
Andrew Bartlett
d790d8d6ed r12886: Rename 'secure_channel_type' parameter to domain join as 'join_type'.
Andrew Bartlett
(This used to be commit a3b3e09a9a)
2007-10-10 13:50:58 -05:00
Andrew Bartlett
f2df13958c r12883: Fix the build...
Andrew Bartlett
(This used to be commit 8f7d14048f)
2007-10-10 13:50:57 -05:00
Andrew Bartlett
e15136af9e r12882: Allow the netbios name to be specified at all times.
Andrew Bartlett
(This used to be commit f4f4dcf217)
2007-10-10 13:50:57 -05:00
Andrew Bartlett
7d90b3f802 r12881: Hard-coded defaults are silly. We have smb.conf for a reason.
Andrew Bartlett
(This used to be commit c9402f9227)
2007-10-10 13:50:57 -05:00
Andrew Bartlett
99125b6510 r12873: Fix valgrind-found uninitialised value.
Andrew Bartlett
(This used to be commit 38e8a6477a)
2007-10-10 13:50:56 -05:00
Andrew Bartlett
e0f69bf1d3 r12872: Add some more detail to debug message.
Andrew Bartlett
(This used to be commit cefba10bd5)
2007-10-10 13:50:56 -05:00
Andrew Bartlett
a5a79e8b8c r12865: Upgrade the librpc and libnet code.
In librpc, always try SMB level authentication, even if trying
schannel, but allow fallback to anonymous.  This should better
function with servers that set restrict anonymous.

There are too many parts of Samba that get, parse and modify the
binding parameters.  Avoid the extra work, and add a binding element
to the struct dcerpc_pipe

The libnet vampire code has been refactored, to reduce extra layers
and to better conform with the standard argument pattern.  Also, take
advantage of the new libnet_Lookup code, so we don't require the silly
'password server' smb.conf parameter.

To better support forcing traffic to be sealed for the vampire
operation, the dcerpc_bind_auth() function now takes an auth level
parameter.

Andrew Bartlett
(This used to be commit d65b354959)
2007-10-10 13:50:55 -05:00
Andrew Bartlett
4b2ed199ca r12861: Cope when we are not supplied the messaging context. This is just
another case where we have to fallback to the node status request.

Andrew Bartlett
(This used to be commit 181064dbcf)
2007-10-10 13:50:54 -05:00
Andrew Bartlett
b135f4467f r12858: This moves the libnet_LookupPdc code to use a GetDC request to find
the remote server's name, or in the absence of a local nbt_server to
communicate with (or without root access), a node status request.

The result is that we are in a better position to use kerberos, as well
as to remove the 'password server' mandatory parameter for the samsync
and samdump commands.  (I need this to put these into SWAT).

The only problem I have is that I must create a messaging context, which
requires a server ID.  As a client process, I don't expect to get
messages, but it is currently required for replies, so I generate a
random() number.  We probably need the servers to accept connections on
streamed sockets too, for client-only tasks that want IRPC.

Because I wanted to test this code, I have put the NET-API-* tests into
our test scripts, to ensure they pass and keep passing.  They are good
frontends onto the libnet system, and I see no reason not to test them.

In doing so the NET-API-RPCCONNECT test was simplified to take a
binding string on the command line, removing duplicate code, and
testing the combinations in the scripts instead.

(I have done a bit of work on the list shares code in libnet_share.c
to make it pass 'make test')

In the future, I would like to extend the libcli/findds.c code (based
off volker's winbind/wb_async_helpers.c, which is why it shows up a bit
odd in the patch) to handle getting multiple name replies, sending a
getdc request to each in turn.

(posted to samba-technical for review, and I'll happily update with
any comments)

Andrew Bartlett
(This used to be commit 7ccddfd351)
2007-10-10 13:50:54 -05:00
Stefan Metzmacher
af5032acfd r12724: fix warnings
metze
(This used to be commit 4ca1a9a606)
2007-10-10 13:49:45 -05:00
Andrew Bartlett
4bfe2907e7 r12719: Rename unicodePwd -> sambaPassword.
Because we don't know the syntax of unicodePwd, we want to avoid using
that attribute name.  It may cause problems later when we get
replication form windows.

I'm doing this before the tech preview, so we don't get too many
supprises as folks upgrade databases into later versions.

Andrew Bartlett
(This used to be commit 097d9d0b7f)
2007-10-10 13:49:45 -05:00
Jelmer Vernooij
63d718e243 r12696: Reduce the size of include/structs.h
(This used to be commit 6391761601)
2007-10-10 13:49:40 -05:00
Jelmer Vernooij
78c50015bb r12694: Move some headers to the directory of the subsystem they belong to.
(This used to be commit c722f665c9)
2007-10-10 13:49:39 -05:00
Jelmer Vernooij
bc4aebfaec r12670: Make a couple of dependencies stricter
Re-introduce and use the OUTPUT_TYPE property for MODULEs to force
specific modules to always be included
(This used to be commit f9eede3d40)
2007-10-10 13:49:35 -05:00
Stefan Metzmacher
ba76f23df9 r12611: fix compiler warnings
metze
(This used to be commit 50940879f6)
2007-10-10 13:49:04 -05:00
Jelmer Vernooij
d4de4c2d21 r12608: Remove some unused #include lines.
(This used to be commit 70e7449318)
2007-10-10 13:49:03 -05:00
Jelmer Vernooij
2cd5ca7d25 r12542: Move some more prototypes out to seperate headers
(This used to be commit 0aca5fd513)
2007-10-10 13:47:55 -05:00
Andrew Bartlett
773d5e0af0 r12538: Clarify why we are doing the delete here.
Andrew Bartlett
(This used to be commit 6d8405038f)
2007-10-10 13:47:53 -05:00
Jelmer Vernooij
acd6a086b3 r12510: Change the DCE/RPC interfaces to take a pointer to a
dcerpc_interface_table struct rather then a tuple of interface
name, UUID and version.

This removes the requirement for having a global list of DCE/RPC interfaces,
except for these parts of the code that use that list explicitly
(ndrdump and the scanner torture test).

This should also allow us to remove the hack that put the authservice parameter
in the dcerpc_binding struct as it can now be read directly from
dcerpc_interface_table.

I will now modify some of these functions to take a dcerpc_syntax_id
structure rather then a full dcerpc_interface_table.
(This used to be commit 8aae0f168e)
2007-10-10 13:47:48 -05:00
Jelmer Vernooij
d8e35f8828 r12498: Eliminate INIT_OBJ_FILES and ADD_OBJ_FILES. We were not using
the difference between these at all, and in the future the
fact that INIT_OBJ_FILES include smb_build.h will be sufficient to
have recompiles at the right time.
(This used to be commit b24f2583ed)
2007-10-10 13:47:45 -05:00
Andrew Bartlett
7448b93a2e r12430: Clarify libnet_join code. Add/fix comments.
Andrew Bartlett
(This used to be commit a3372935ee)
2007-10-10 13:47:37 -05:00
Andrew Bartlett
758873b9fb r12423: Remove DEBUG(0) printouts in favor of more information to the caller.
I assume this works better with SWAT and the like anyway.

Andrew Bartlett
(This used to be commit b11975703d)
2007-10-10 13:47:36 -05:00
Andrew Bartlett
8e0948bbad r12421: Handle the case where we are a joining as different account types far better.
Andrew Bartlett
(This used to be commit 0ce82e8a41)
2007-10-10 13:47:35 -05:00
Andrew Bartlett
221c1512a8 r12411: Add 'net samdump keytab <keytab>'.
This extracts a remote windows domain into a keytab, suitable for use
in ethereal for kerberos decryption.

For the moment, like net samdump and net samsync, the 'password
server' smb.conf option must be set to the binding string for the
server. eg:

password server = ncacn_np:mypdc

Andrew Bartlett
(This used to be commit 272013438f)
2007-10-10 13:47:35 -05:00
Jelmer Vernooij
ab31a44216 r12254: Add some (hopefully correct) descriptions for libraries that are installed.
Install pkg-config files.
(This used to be commit a86abe84e2)
2007-10-10 13:47:24 -05:00
Andrew Bartlett
a1827a1deb r12227: I realised that I wasn't yet seeing authenticated LDAP for the ldb
backend.

The idea is that every time we open an LDB, we can provide a
session_info and/or credentials.  This would allow any ldb to be remote
to LDAP.  We should also support provisioning to a authenticated ldap
server.

(They are separate so we can say authenticate as foo for remote, but
here we just want a token of SYSTEM).

Andrew Bartlett
(This used to be commit ae2f3a64ee)
2007-10-10 13:47:22 -05:00
Rafal Szczesniak
25f82c19f6 r12105: Formatting.
rafal
(This used to be commit 13d7b8fa43)
2007-10-10 13:47:10 -05:00
Andrew Bartlett
9c6b7f2d62 r11995: A big kerberos-related update.
This merges Samba4 up to current lorikeet-heimdal, which includes a
replacement for some Samba-specific hacks.

In particular, the credentials system now supplies GSS client and
server credentials.  These are imported into GSS with
gss_krb5_import_creds().  Unfortunetly this can't take an MEMORY
keytab, so we now create a FILE based keytab as provision and join
time.

Because the keytab is now created in advance, we don't spend .4s at
negprot doing sha1 s2k calls.  Also, because the keytab is read in
real time, any change in the server key will be correctly picked up by
the the krb5 code.

To mark entries in the secrets which should be exported to a keytab,
there is a new kerberosSecret objectClass.  The new routine
cli_credentials_update_all_keytabs() searches for these, and updates
the keytabs.

This is called in the provision.js via the ejs wrapper
credentials_update_all_keytabs().

We can now (in theory) use a system-provided /etc/krb5.keytab, if

krb5Keytab: FILE:/etc/krb5.keytab

is added to the secrets.ldb record.  By default the attribute

privateKeytab: secrets.keytab

is set, pointing to allow the whole private directory to be moved
without breaking the internal links.
(This used to be commit 6b75573df4)
2007-10-10 13:46:56 -05:00
Rafal Szczesniak
1b415f7b8e r11815: A bit more comments and spaces for better readability.
rafal
(This used to be commit 1e831aead1)
2007-10-10 13:46:32 -05:00
Rafal Szczesniak
78a328bef8 r11813: Const-ify name resolution method list and use string list
utilities to set the context field.

rafal
(This used to be commit 5da8b457c3)
2007-10-10 13:46:32 -05:00
Andrew Tridgell
f8391489bf r11794: - fixed a valgrind error in libnet, caused by using a stack variable
after the function has returned (the *address variable was assigned
  into the state).

- changed libnet to use event_context_find() instead of
  event_context_init(), so it works as a child of existing code that
  uses a event context
(This used to be commit 47ceb2d355)
2007-10-10 13:46:28 -05:00
Rafal Szczesniak
7bfe1d29dd r11750: More comments.
(This used to be commit d277b13ced)
2007-10-10 13:46:22 -05:00
Rafal Szczesniak
d6017d3969 r11749: 1) Buffer allocation's been moved and isn't needed here.
2) Connect to a server instead of pdc after locating it.

rafal
(This used to be commit a7bf9ada34)
2007-10-10 13:46:21 -05:00
Rafal Szczesniak
e1bea4eaf5 r11747: Move buffer allocation to libnet_Lookup function so that the
caller is not required to ensure it.

rafal
(This used to be commit 85456e6c0b)
2007-10-10 13:46:21 -05:00
Rafal Szczesniak
5da7edac6d r11708: Fix allocation of too small buffer to hold ip address.
Thanks metze for catching that.

rafal
(This used to be commit 5114ef8d1c)
2007-10-10 13:46:16 -05:00
Rafal Szczesniak
dfd5b1b020 r11705: Fix segfaulting create user function.
rafal
(This used to be commit 6b0c083c9b)
2007-10-10 13:46:15 -05:00
Simo Sorce
5c95905871 r11567: Ldb API change patch.
This patch changes the way lsb_search is called and the meaning of the returned integer.
The last argument of ldb_search is changed from struct ldb_message to struct ldb_result
which contains a pointer to a struct ldb_message list and a count of the number of messages.
The return is not the count of messages anymore but instead it is an ldb error value.

I tryed to keep the patch as tiny as possible bu as you can guess I had to change a good
amount of places. I also tried to double check all my changes being sure that the calling
functions would still behave as before. But this patch is big enough that I fear some bug
may have been introduced anyway even if it passes the test suite. So if you are currently
working on any file being touched please give it a deep look and blame me for any error.

Simo.
(This used to be commit 22c8c97e6f)
2007-10-10 13:45:53 -05:00
Andrew Bartlett
56d3064db6 r11410: Fix rejoin as a BDC by modifying, rather than trying to recreate, the
server reference.

Andrew Bartlett
(This used to be commit 302219928f)
2007-10-10 13:45:33 -05:00
Andrew Bartlett
4e65f39ca9 r11409: The use of 'password server = ' here is still bogus, but for now at
least don't allow binding to become uninitialised.

Andrew Bartlett
(This used to be commit e754234a17)
2007-10-10 13:45:33 -05:00
Andrew Bartlett
9bdc1a77f5 r11407: Push 'recreate account' logic into libnet/libnet_join.c. We don't
return the pesky USER_EXISTS 'error' code any more, and it is much
easier to handle this inline.

Andrew Bartlett
(This used to be commit a7eb796cf5)
2007-10-10 13:45:32 -05:00
Jelmer Vernooij
a4e7bf3a89 r11382: Require number of required M4 macros
Make MODULE handling a bit more like BINARY, LIBRARY and SUBSYSTEM
Add some more PUBLIC_HEADERS
(This used to be commit 875eb8f4cc)
2007-10-10 13:45:29 -05:00
Jelmer Vernooij
93fd08168f r11377: Add support for building LIBRARY elements as shared libraries:
- Adds -rpath bin/ so you don't have to install Samba in order to use compiled binaries.
 - Writes out pkg-config files when building shared libs
 - Supports automatic fallback to MERGEDOBJ (which is the default) or
   OBJ_LIST (if ld -r is not supported)

Building with shared libs reduces the size of the Samba binaries from
197 Mb to 60 Mb (including libraries) on my system (GCC4, with debugging).

To build with shared libraries support enabled, run:

LIBRARY_OUTPUT_TYPE=SHARED_LIBRARY ./config.status

init functions don't get called correctly yet when using shared libs, so
you won't be able to actually run anything with success :-)

Once init functions are done, I'll look at support for loading shared
modules once again.

Based on a patch by Peter Novodvorsky (nidd on IRC).
(This used to be commit 0b54405685)
2007-10-10 13:45:28 -05:00
Andrew Bartlett
900d6fab32 r11349: Actually add all the new spns...
Andrew Bartlett
(This used to be commit 63eede2ad3)
2007-10-10 13:45:22 -05:00
Andrew Bartlett
26fde8dee1 r11348: Fixes for 'net join':
- Add more servicePrincipalNames
 - Always add them, not just for BDC accounts, and not just the first
   time the account is created (it might be an upgrade from an NT4
   account).

This should fix us for being a domain member in ADS again.
(This used to be commit 3821821d4c)
2007-10-10 13:45:21 -05:00
Andrew Bartlett
2a2a350057 r11287: Understand the new behaviour of the LSA pipe on ncacn_ip_tcp in Win2k3 SP1.
Only a few operations are supported (LookupSids3 and LookupNames4),
and these are only supported under schannel.  This appears to be the
operations Win2k3 SP1 uses to verify part of the PAC back to the
server.

The test is setup to pass, but not enforce (so far) this new
behaviour.

Andrew Bartlett
(This used to be commit e15e39866e)
2007-10-10 13:45:13 -05:00
Jelmer Vernooij
4c5a4a7e02 r11244: Relative path names in .mk files
(This used to be commit 24e1030090)
2007-10-10 13:45:06 -05:00
Jelmer Vernooij
f4d590662e r11214: Remove scons files (see http://lists.samba.org/archive/samba-technical/2005-October/043443.html)
(This used to be commit 7fffc5c917)
2007-10-10 13:45:03 -05:00
Andrew Bartlett
22a9779328 r11197: indent
(This used to be commit a432ba105c)
2007-10-10 13:45:00 -05:00
Volker Lendecke
17355fbbd4 r11094: Connect to SAM, implement getdcname
(This used to be commit a14398715e)
2007-10-10 13:44:48 -05:00
Andrew Tridgell
a599edf04c r10913: This patch isn't as big as it looks ...
most of the changes are fixes to make all the ldb code compile without
warnings on gcc4. Unfortunately That required a lot of casts :-(

I have also added the start of an 'operational' module, which will
replace the timestamp module, plus add support for some other
operational attributes

In ldb_msg_*() I added some new utility functions to make the
operational module sane, and remove the 'ldb' argument from the
ldb_msg_add_*() functions. That argument was only needed back in the
early days of ldb when we didn't use the hierarchical talloc and thus
needed a place to get the allocation function from. Now its just a
pain to pass around everywhere.

Also added a ldb_debug_set() function that calls ldb_debug() plus sets
the result using ldb_set_errstring(). That saves on some awkward
coding in a few places.
(This used to be commit f6818daecc)
2007-10-10 13:39:41 -05:00
Andrew Tridgell
36d73b0e71 r10894: make the handling of dn/distinguishedName much closer to real
ldap. Also ensure we put a objectclass on our private ldb's, so they
have some chance of being stored in ldap if you want to
(This used to be commit 1af2cc067f)
2007-10-10 13:39:40 -05:00
Andrew Bartlett
1377cca5f4 r10810: This adds the hooks required to communicate the current user from the
authenticated session down into LDB.  This associates a session info
structure with the open LDB, allowing a future ldb_ntacl module to
allow/deny operations on that basis.

Along the way, I cleaned up a few things, and added new helper functions
to assist.  In particular the LSA pipe uses simpler queries for some of
the setup.

In ldap_server, I have removed the 'ldasrv:hacked' module, which hasn't
been worked on (other than making it continue to compile) since January,
and I think the features of this module are being put into ldb anyway.

I have also changed the partitions in ldap_server to be initialised
after the connection, with the private pointer used to associate the ldb
with the incoming session.

Andrew Bartlett
(This used to be commit fd7203789a)
2007-10-10 13:39:32 -05:00
Andrew Bartlett
2e3c917957 r10701: Ensure we return the right user handle.
Andrew Bartlett
(This used to be commit 732b247a49)
2007-10-10 13:39:21 -05:00
Andrew Bartlett
b7a47635ca r10696: Return the realm to the caller, not NULL...
Also return an indication of if the join was of a new account, or
reworking an existing account.

Andrew Bartlett
(This used to be commit b6e4b36c4f)
2007-10-10 13:39:20 -05:00
Rafal Szczesniak
bc651bd7a4 r10679: Monitor messages should be issued from usermod functions.
Also a bit of formatting.

rafal
(This used to be commit 1fefca2c17)
2007-10-10 13:39:17 -05:00
Rafal Szczesniak
2255f0b483 r10633: Formatting.
rafal
(This used to be commit 0e45dc3bac)
2007-10-10 13:39:13 -05:00
Rafal Szczesniak
9c52b2a78e r10631: Formatting.
rafal
(This used to be commit 426797f7b0)
2007-10-10 13:39:13 -05:00
Jelmer Vernooij
5058f4b9e8 r10586: Add MergedObject() builder. Default to Library() rather
then StaticLibrary()
(This used to be commit b53313dc51)
2007-10-10 13:39:08 -05:00
Andrew Bartlett
2ca10397af r10566: Clean up error messages to provide more accurate info.
Andrew Bartlett
(This used to be commit 640815008b)
2007-10-10 13:39:06 -05:00
Stefan Metzmacher
ab4d635b92 r10504: - seperate implementation specific stuff, from the generic composite
stuff.
- don't use SMBCLI_REQUEST_* state's in the genreic composite stuff
- move monitor_fn to libnet.

NOTE: I have maybe found some bugs, in code that is dirrectly in DONE or ERROR
      state in the _send() function. I haven't fixed this bugs in this
      commit! We may need some composite_trigger_*() functions or so.
      And maybe some other generic helper functions...

metze
(This used to be commit 4527815a0a)
2007-10-10 13:38:57 -05:00
Andrew Bartlett
5a522b3100 r10486: This is a merge of Brad Henry's 'net join' rework, to better perform
an ADS join, particularly as a DC.  This represents the bulk of his
Google SOC work, and I'm very pleased to intergrate it into the tree.
(Metze will intergrate the DRSUAPI work later).

Both metze and myself have also put a lot of time into this patch, and
in mentoring Brad in general.  In return, Brad has been a very good
student, and has taken the comments well.

Since it's last appearance on samba-technical@, I have made
correctness and valgrind fixups, as well as adding a new 'BINDING'
mode to the libnet_rpc routines.  This allows the exact binding string
to be passed down from the torture code, including options and exact
target host.

Andrew Bartlett
(This used to be commit d6fa105fda)
2007-10-10 13:38:53 -05:00
Jelmer Vernooij
6812c73534 r10348: Add scons scripts for remaining subsystems. Most subsystems build now,
but final linking still fails (as does generating files asn1, et, idl and proto
files)
(This used to be commit 4f0d7f75b9)
2007-10-10 13:38:30 -05:00
Jelmer Vernooij
5b02ee9b9d r10336: Add sconscript for a couple more subsystems.
(This used to be commit 59d4450453)
2007-10-10 13:38:29 -05:00
Tim Potter
58a74c723d r9994: Unused variable.
(This used to be commit ce4902f8de)
2007-10-10 13:36:27 -05:00
Jelmer Vernooij
b674411eb4 r9792: Rename StrCaseCmp -> strcasecmp_m. All these years I was thinking
StrCaseCmp was sys_strcasecmp, while it is in fact strcasecmp_m!
(This used to be commit 200a8f6652)
2007-10-10 13:35:01 -05:00
Simo Sorce
61aaf82b62 r9654: introduce the samdb_search_dn call
(This used to be commit 333ebb40d5)
2007-10-10 13:34:38 -05:00
Andrew Tridgell
b4d171d4df r9643: fixed samsync code for the new dn explode semantics
(This used to be commit 96298af202)
2007-10-10 13:34:36 -05:00
Simo Sorce
ac90ddfdb2 r9392: Fix ldb_dn_compose to make build farm happy
Add ldb_dn_string_compose so that you can build a dn starting from a
struct ldb_dn base and a set of parameters to be composed in a format
string with the same syntax of printf
(This used to be commit 31c69d0655)
2007-10-10 13:33:33 -05:00
Simo Sorce
3e4c4cff21 r9391: Convert all the code to use struct ldb_dn to ohandle ldap like distinguished names
Provide more functions to handle DNs in this form
(This used to be commit 692e35b779)
2007-10-10 13:33:32 -05:00
Steve French
4ed7904b7e r9309: Incorrect null pointer check in return from talloc.
Found by coverity.
(This used to be commit bafd3afbef)
2007-10-10 13:33:23 -05:00
Rafal Szczesniak
6f6e42c856 r9090: Another field in usermod function - account flags.
rafal
(This used to be commit f0d51b78c0)
2007-10-10 13:31:15 -05:00
Rafal Szczesniak
9d7d5ea229 r9037: New fields in usermod function - allow_password_change and
force_password_change datetime.

rafal
(This used to be commit dfa2cc6c4e)
2007-10-10 13:31:10 -05:00
Andrew Bartlett
64cdbaf8f1 r8981: Add comments, fix typos (in attribute names) and check for errors in
SamSync and 'net join'.

Andrew Bartlett
(This used to be commit 257240b0e2)
2007-10-10 13:31:03 -05:00
Jelmer Vernooij
916505f661 r8974: Support makefile fragments in .mk files
(This used to be commit 8d9c18a1b4)
2007-10-10 13:31:01 -05:00
Andrew Bartlett
1af6537520 r8970: Add 'ADS' join support to Samba4.
We now fill in the servicePrincipalName over LDAP, just like XP does,
and store the kvno in our local db.

Andrew Bartlett
(This used to be commit 5547c4e6f6)
2007-10-10 13:31:01 -05:00
Andrew Bartlett
50468b3dfe r8952: Partial work commit to find the DN of the new machine account - we
will use ldb to add servicePrincipalNames to this.

Andrew Bartlett
(This used to be commit c1f8cab3e3)
2007-10-10 13:30:59 -05:00
Rafal Szczesniak
088166461d r8904: Split off the query stage as a separate function.
rafal
(This used to be commit bbe7e726af)
2007-10-10 13:30:17 -05:00
Rafal Szczesniak
aff62e9ee2 r8896: Handle more complex case where field being changed doesn't appear
alone in any of userinfo levels. What's needed is extra query step
to fill the userinfo structure and then modify a single field.
The other way to do it is userinfo level 21 with bitmap flags set,
but first all field flags need to be found.

rafal
(This used to be commit 59769977e8)
2007-10-10 13:30:16 -05:00
Andrew Bartlett
6cec8025b0 r8847: Rework the Samba4 'net join' code. I'm trying to get this closer to
what WinXP does when joining an AD domain, but in the meantime this
removes the excess unions, and uses the LSA pipe in same way XP does.

Andrew Bartlett
(This used to be commit d2789c4260)
2007-10-10 13:30:11 -05:00
Rafal Szczesniak
5dd9940da8 r8845: Removing unnecessary string length calculations. Thanks abartlet
for noticing that.

rafal
(This used to be commit 109fc94c13)
2007-10-10 13:30:11 -05:00
Rafal Szczesniak
f95a494e97 r8808: More comments.
rafal
(This used to be commit da7a31d707)
2007-10-10 13:30:07 -05:00
Rafal Szczesniak
5cc8a42a05 r8807: Modifying datetime field using struct timeval argument rather than
text-based, after recent discussion with both Andrews :)

Basic test seems to work (at least it doesn't fail now).

rafal
(This used to be commit 1bc3162e94)
2007-10-10 13:30:06 -05:00
Andrew Bartlett
66b2a04346 r8790: Finish the migration of aliases and privilages with SamSync, by adding
templating support for foreignSecurityPrincipals to the samdb module.
This is an extension beyond what microsoft does, and has been very
useful :-)

The setup scripts have been modified to use the new template, as has
the SAMR and LSA code.

Other cleanups in LSA remove the assumption that the short domain name
is the first component of the realm.

Also add a lot of useful debug messages, to make it clear how/why the
SamSync may have gone wrong.  Many of these should perhaps be hooked
into an error string.

Andrew Bartlett
(This used to be commit 1f071b0609)
2007-10-10 13:30:05 -05:00
Rafal Szczesniak
40119dcb1d r8789: Send new monitor messages from userdel routine.
rafal
(This used to be commit eaaefa374c)
2007-10-10 13:30:05 -05:00
Rafal Szczesniak
0102f2752f r8788: New monitor messages.
rafal
(This used to be commit 40061d7bd6)
2007-10-10 13:30:05 -05:00
Andrew Bartlett
41b6e94665 r8775: More SamSync work. This is really just mechanical...
I need to take a grip over the ForiegnSecurityPrincipals, as the
SamSync currently fails on adding some aliases and privilages because
it can't find their entry.

Andrew Bartlett
(This used to be commit 533e445353)
2007-10-10 13:30:04 -05:00
Andrew Bartlett
af48ca4810 r8771: Extend the SamSync code out to groups and aliases, as well as deleting.
Andrew Bartlett
(This used to be commit bf594c1022)
2007-10-10 13:30:03 -05:00
Rafal Szczesniak
b2ed6343cb r8761: Propagate changes in monitor messaging code.
rafal
(This used to be commit 5be8479d5c)
2007-10-10 13:30:03 -05:00
Rafal Szczesniak
a04e899bc0 r8760: Rework monitor messaging code a bit, as Metze once suggested.
enum type has now been replaced with unsigned 32-bit field and
message data is passed as void pointer.

This allows various extension implementers to plug their monitor
messages in more easily.

rafal
(This used to be commit 4a6ab58133)
2007-10-10 13:30:03 -05:00
Rafal Szczesniak
2440a008a8 r8759: Another couple of fields in usermod routine.
rafal
(This used to be commit 266aaacf0b)
2007-10-10 13:30:03 -05:00
Andrew Bartlett
6d26a7114f r8752: With all the infrustructure done, details like a SamSync migration
into LDB are actually quite easy.

This brings us the users, and sets basic domain information.

You are expected to have provisioned with the settings for the target
domain, and have joined the domain as a BDC.  Then simply 'net
samsync'.

Now we just need to flesh out the delta types.

Andrew Bartlett
(This used to be commit 1e0f7792bb)
2007-10-10 13:30:02 -05:00
Andrew Bartlett
82f96542fa r8744: Split 'net samdump' out into a separate file
Work on the talloc memory tree, as I think talloc_reference and other
things were biting me.

Crush unions in the name of code reform. ;-)

Andrew Bartlett
(This used to be commit 2eadcf4669)
2007-10-10 13:30:01 -05:00
Andrew Bartlett
44ff3305f8 r8741: Kill warnings about enums not fully enumerated, as we will never use
all the branches.

Andrew Bartlett
(This used to be commit 258e5e302e)
2007-10-10 13:30:00 -05:00
Rafal Szczesniak
64f31e424b r8721: Further work on libnet_rpc_usermod function. Now it can change
both account name and full name.

rafal
(This used to be commit 1a779f8643)
2007-10-10 13:29:58 -05:00
Rafal Szczesniak
e5f6083092 r8717: Add monitor message emiting in userdel and usermod calls.
rafal
(This used to be commit 4b3aa69e70)
2007-10-10 13:29:58 -05:00
Rafal Szczesniak
6868795a39 r8692: Starting parts of code to provide user modify functionality.
It's more like a placeholder now, than a working code. Just don't
want to hang it around my laptop only.

rafal
(This used to be commit bee1c9ec2d)
2007-10-10 13:29:54 -05:00
Andrew Bartlett
96ead1a02b r8248: Make these comments more accurate.
Andrew Bartlett
(This used to be commit 00e1cf7941)
2007-10-10 13:19:25 -05:00
Andrew Bartlett
5c87688051 r8246: Don't try and set the element after the end off the array to NULL.
Andrew Bartlett
(This used to be commit 44338b2852)
2007-10-10 13:19:25 -05:00
Stefan Metzmacher
e81eb91e00 r8235: fix the build
metze
(This used to be commit 5933b00461)
2007-10-10 13:19:23 -05:00
Stefan Metzmacher
0b92507760 r8232: remove samr_String and netr_String as they are the same as lsa_String
metze
(This used to be commit e601042c07)
2007-10-10 13:19:22 -05:00
Stefan Metzmacher
637ba7f7e6 r8136: remove unused var
metze
(This used to be commit d75c97b847)
2007-10-10 13:19:12 -05:00
Rafal Szczesniak
ce7a0d47ea r8098: Add my copyright and remove unecessary header dependency.
rafal
(This used to be commit 88e7b9c237)
2007-10-10 13:19:07 -05:00
Rafal Szczesniak
45500d4176 r8096: Remove function that has became libnet_Lookup fuction.
rafal
(This used to be commit 9885749e36)
2007-10-10 13:19:07 -05:00
Rafal Szczesniak
8cedebd993 r8095: Fix compiler warning.
rafal
(This used to be commit 6736ab102f)
2007-10-10 13:19:07 -05:00
Rafal Szczesniak
4fa6a156bc r8077: Propagate changes in rpc connect routine to functions using it
(it's quite common).

rafal
(This used to be commit 798b00c24a)
2007-10-10 13:19:06 -05:00
Rafal Szczesniak
e6b54f7acf r8076: Put name resolution methods into libnet_context. This allows libnet based
application use methods of their own choice and makes it less dependent on
smb.conf parameters.
Use libnet_context in libnet_Lookup functions which is the way to pass
default name resolution methods if caller doesn't want to bother with
specifying them.

rafal
(This used to be commit d0ea136356)
2007-10-10 13:19:05 -05:00
Rafal Szczesniak
d5f76aad22 r8075: Make rpc connect function part of libnet api, as I suppose many
implementers of more complex function might need to use it.
Also simplify io structure which essentially does the same thing
when connecting arbitrary rpc server or a domain pdc.

rafal
(This used to be commit b28d2e9639)
2007-10-10 13:19:05 -05:00
Rafal Szczesniak
cc98a92bb0 r7816: Implementation of "shortcut" function for those (probably many) who
don't like to bother with netbios type names when looking for common
types: hosts (servers) and domain controllers. Also, apropriate tests

rafal
(This used to be commit 50cd94be0f)
2007-10-10 13:18:40 -05:00
Rafal Szczesniak
7b23cd4588 r7748: Use state structure in connection with io to get returned address.
rafal
(This used to be commit 345a71a08e)
2007-10-10 13:18:30 -05:00
Rafal Szczesniak
f7e3089c37 r7734: A few missing pieces...
rafal
(This used to be commit 15e2a67fe0)
2007-10-10 13:18:28 -05:00
Rafal Szczesniak
204722b868 r7732: Implementation of very basic lookup function (to be used in more
specific routines like resolving a pdc).
Also, couple of formatting fixes.

rafal
(This used to be commit b9deaa995d)
2007-10-10 13:18:27 -05:00
Andrew Tridgell
af237084ec r7633: this patch started as an attempt to make the dcerpc code use a given
event_context for the socket_connect() call, so that when things that
use dcerpc are running alongside anything else it doesn't block the
whole process during a connect.

Then of course I needed to change any code that created a dcerpc
connection (such as the auth code) to also take an event context, and
anything that called that and so on .... thus the size of the patch.

There were 3 places where I punted:

  - abartlet wanted me to add a gensec_set_event_context() call
    instead of adding it to the gensec init calls. Andrew, my
    apologies for not doing this. I didn't do it as adding a new
    parameter allowed me to catch all the callers with the
    compiler. Now that its done, we could go back and use
    gensec_set_event_context()

  - the ejs code calls auth initialisation, which means it should pass
    in the event context from the web server. I punted on that. Needs fixing.

  - I used a NULL event context in dcom_get_pipe(). This is equivalent
    to what we did already, but should be fixed to use a callers event
    context. Jelmer, can you think of a clean way to do that?

I also cleaned up a couple of things:

 - libnet_context_destroy() makes no sense. I removed it.

 - removed some unused vars in various places
(This used to be commit 3a3025485b)
2007-10-10 13:18:15 -05:00
Tim Potter
51041427f2 r7630: Unused variable.
(This used to be commit 0c1f54461c)
2007-10-10 13:18:15 -05:00
Tim Potter
757278118a r7629: Unused labels.
(This used to be commit c01c176da6)
2007-10-10 13:18:15 -05:00
Rafal Szczesniak
21fd11ff71 r7588: Fix lacking space in the comment.
rafal
(This used to be commit cd89cf9919)
2007-10-10 13:18:12 -05:00
Rafal Szczesniak
5f7f9eb11b r7587: More comments.
rafal
(This used to be commit 265b1ab0cc)
2007-10-10 13:18:11 -05:00
Rafal Szczesniak
c29896d0ae r7490: Rename functions and prefices s/rpc_composite/libnet_rpc/
This makes more clear where the functions belong to. Also
the rule will be that lowercased function names are not
part of "official" libnet API (though it doesn't mean one
absolutely cannot use them).

rafal
(This used to be commit f6ef7b882a)
2007-10-10 13:17:59 -05:00
Rafal Szczesniak
4ce638313a r7381: Put more rpc specifics in libnet context.
rafal
(This used to be commit 53ad20d46b)
2007-10-10 13:17:48 -05:00
Rafal Szczesniak
7b47fad5d6 r7380: Mistakenly put one file twice in command line. Here's source of
CreateUser call. It serves one level of call by now. Once any
more is needed it can be placed, of course.

rafal
(This used to be commit 80e2f04ce1)
2007-10-10 13:17:48 -05:00
Rafal Szczesniak
ae6907c5c8 r7379: Simplify CreateUser function and io structure. Also, implementing
it based on composite functions. Moving to fully async CreateUser
on the way...

rafal
(This used to be commit 240409bc3c)
2007-10-10 13:17:48 -05:00
Rafal Szczesniak
5bb7a33106 r7323: Complete composite domain open call.
rafal
(This used to be commit 03a228477e)
2007-10-10 13:17:42 -05:00
Rafal Szczesniak
e85be270cc r7252: Formatting.
rafal
(This used to be commit aea6d8c694)
2007-10-10 13:17:32 -05:00
Rafal Szczesniak
af61fb8771 r7251: Initial work on composite domain open call.
rafal
(This used to be commit be3b283b20)
2007-10-10 13:17:31 -05:00
Rafal Szczesniak
d0686bf094 r7250: Starting work on composite domain open call.
rafal
(This used to be commit aa4cd8f987)
2007-10-10 13:17:31 -05:00
Rafal Szczesniak
ad43b5cba9 r7247: User shorter and more convenient name for credentials in
libnet context.

rafal
(This used to be commit 702a4dd2dc)
2007-10-10 13:17:31 -05:00
Andrew Bartlett
7cc9ce3cd0 r7204: Also fall back to different password set methods on WRITE_FAULT, as
NT4 apparently returns this.

Andrew Bartlett
(This used to be commit 06b1416c31)
2007-10-10 13:17:26 -05:00
Andrew Bartlett
4c36a59f43 r7203: Fill in the error message and fail if we can't open the secrets database.
Andrew Bartlett
(This used to be commit 27257170f4)
2007-10-10 13:17:25 -05:00
Rafal Szczesniak
d516fa53aa r6963: Further definitions for share manipulation code. Untested.
Original patch provided by Gregory Leocadie <gleocadie@idealx.com>

rafal
(This used to be commit eb83a8210a)
2007-10-10 13:17:00 -05:00
Rafal Szczesniak
65ff3d265c r6962: Severely simplified share functions. Removed call levels as we don't
seem to need them at the moment. Functions completely untested so assumed
broken.

Original patch submitted by Gregory Leocadie <gleocadie@idealx.com>
My apologies if I have written your name incorrectly.

rafal
(This used to be commit 83460e01ee)
2007-10-10 13:17:00 -05:00
Tim Potter
2b7fe67f4d r6933: Add a couple of helper functions for creating nbt names.
(This used to be commit b896daf11c)
2007-10-10 13:16:58 -05:00
Andrew Bartlett
c214a612df r6928: Add support for printing trusted domain names, sids and passwords in
the Samba4 'net samdump'.

Andrew Bartlett
(This used to be commit b7eeea53b2)
2007-10-10 13:16:57 -05:00
Andrew Bartlett
ed8144154a r6927: Make it easier to program with the SamSync callback interface, perform
the decryption seperate to the callback functions.

Andrew Bartlett
(This used to be commit 4209f813ad)
2007-10-10 13:16:57 -05:00
Tim Potter
ff02224526 r6848: Remove some dead/unused code.
(This used to be commit 14510a0ce9)
2007-10-10 13:16:50 -05:00
Rafal Szczesniak
a71af5f83f r6718: Formatting fixes.
rafal
(This used to be commit a784c46dd4)
2007-10-10 13:16:37 -05:00
Rafal Szczesniak
e8eccd22ee r6709: Add monitor messages to useradd composite useradd function.
rafal
(This used to be commit b3fce5b94b)
2007-10-10 13:16:36 -05:00
Tim Potter
00f4b34d95 r6677: Unused variables.
(This used to be commit 7417f6fa8b)
2007-10-10 13:16:34 -05:00
Rafal Szczesniak
c19d6aeca7 r6624: I have put monitor function pointer into userinfo call, but I haven't put
any possibility to pass such pointer from calling function... :)

rafal
(This used to be commit 08a8878436)
2007-10-10 13:16:32 -05:00
Rafal Szczesniak
7285111162 r6616: First (and totally untested) approach to monitoring userinfo
composite call.

rafal
(This used to be commit 227c9fb45b)
2007-10-10 13:16:31 -05:00
Andrew Bartlett
35a05d1dc0 r6603: More work on the samdump puzzle. This implements a function pointer
callback interface, so we can start dumping into more than just stdout
soon.

Also use the enums instead of uint32 where possible and valid.

Andrew Bartlett
(This used to be commit f0c67a4a24)
2007-10-10 13:16:29 -05:00
Andrew Bartlett
8bf57cf8f5 r6573: Start on my project to implement an NT4 compatible BDC in Samba4.
This brings in a compatability layer for Samba3 in Samba4 - where we
will start to define file formats and similar details.

The 'net samdump' command uses 'password server = ' for now, and
performs a similar task to Samba3's 'net rpc samsync'.

Andrew Bartlett
(This used to be commit 550f17f992)
2007-10-10 13:16:27 -05:00
Andrew Bartlett
cf687fce84 r6525: Remove incorrect comment.
Andrew Bartlett
(This used to be commit 7c8a0d86d4)
2007-10-10 13:16:22 -05:00
Rafal Szczesniak
2775398b97 r6440: Adding libcli composite functions dependency, as we need to locate
a host and connect to its services prior to doing administrative tasks
via rpc calls.

rafal
(This used to be commit 84f5836d90)
2007-10-10 13:11:37 -05:00
Rafal Szczesniak
f502171a8c r6439: Clarify the comment.
rafal
(This used to be commit 96c3838d51)
2007-10-10 13:11:37 -05:00
Rafal Szczesniak
0fc124d714 r6425: Yet another comment.
rafal
(This used to be commit de3409d6e5)
2007-10-10 13:11:36 -05:00
Rafal Szczesniak
622554452b r6424: More comments and fixes to existing ones.
rafal
(This used to be commit 25dd10cedb)
2007-10-10 13:11:36 -05:00
Rafal Szczesniak
5c521587c9 r6419: Fix strange behaviour of NET-USERDEL where account doesn't actually
gets deleted.

rafal
(This used to be commit f78d1e4b35)
2007-10-10 13:11:36 -05:00
Rafal Szczesniak
dea0c8729f r6414: Added composite user del function. Slightly broken still, but I don't
want it to hang around not commited.

rafal
(This used to be commit 98d98b9bc7)
2007-10-10 13:11:35 -05:00
Rafal Szczesniak
2a7cdf80c9 r6390: A couple of changes in useradd function regarding pointers.
rafal
(This used to be commit d40a6703f5)
2007-10-10 13:11:35 -05:00
Rafal Szczesniak
d2f0a9fab9 r6384: Formatting fixes.
rafal
(This used to be commit ebf151ca6e)
2007-10-10 13:11:35 -05:00
Rafal Szczesniak
7e85d8b6f2 r6383: Add user management file to build.
rafal
(This used to be commit c40e754700)
2007-10-10 13:11:35 -05:00
Rafal Szczesniak
d4168ac5dd r6381: Started working on user account management functions.
rafal
(This used to be commit 7f3aafca07)
2007-10-10 13:11:34 -05:00
Andrew Tridgell
772f31797d r6165: fixed up the userinfo composite code. Fixes include:
- talloc should always be done in the right context. For example, when creating
  the userinfo_state structure, place it inside the composite
  structure, not directly on the pipe. If this isn't done then
  correct cleanup can't happen on errors (as cleanup destroys the top
  level composite context only)

- define private structures like userinfo_state in the userinfo.c
  code, not in the public header

- only keep the parameters we need in the state structure. For
  example, the domain_handle is only needed in the first call, so we
  don't need to keep it around in the state structure, but the level is
  needed in later calls, so we need to keep it

- always initialise [out,ref] parameters in RPC calls. The [ref] part
  means that the call assumes the pointer it has been given is
  valid. If you don't initialise it then you will get a segv on
  recv. This is why the code was dying.

- don't use internal strucrure elements like the pipe
  pipe->conn->pending outside of the internal rpc implementation. That
  is an internal list, trying to use it from external code will cause crashes.

- rpc calls assume that rpc call strucrures remain valid for the
  duration of the call. This means you need to keep the structures
  (such as "struct samr_Close") in the userinfo_state strucrure,
  otherwise it will go out of scope during the async processing

- need to remember to change c->state to SMBCLI_REQUEST_DONE when the
  request has finished in the close handler, otherwise it will loop
  forever trying to close

Mimir, please look at the diff carefully for more detailed info on the fixes
(This used to be commit 01ea1e7762)
2007-10-10 13:11:23 -05:00
Rafal Szczesniak
7288298b65 r6164: More comments in the code.
rafal
(This used to be commit 01cbed98b3)
2007-10-10 13:11:22 -05:00
Andrew Bartlett
79f6bcd5ae r5988: Fix the -P option (use machine account credentials) to use the Samba4
secrets system, and not the old system from Samba3.

This allowed the code from auth_domain to be shared - we now only
lookup the secrets.ldb in lib/credentials.c.

In order to link the resultant binary, samdb_search() has been moved
from deep inside rpc_server into lib/gendb.c, along with the existing
gendb_search_v().  The vast majority of this patch is the simple
rename that followed,

(Depending on the whole SAMDB for just this function seemed pointless,
and brought in futher dependencies, such as smbencrypt.c).

Andrew Bartlett
(This used to be commit e13c671619)
2007-10-10 13:11:12 -05:00
Andrew Bartlett
d735487aad r5983: Start support for being a domain member in Samba4.
This adds the auth_domain module to the auth subsystem, and cleans up
some small details around the join process (ensuring all the right
info is in the DB).

Andrew Bartlett
(This used to be commit 858cbfb821)
2007-10-10 13:11:12 -05:00
Andrew Bartlett
645711c602 r5941: Commit this patch much earlier than I would normally prefer, but metze needs a working tree...
The main volume of this patch was what I started working on today:
 - Cleans up memory handling around DCE/RPC pipes, to have a parent talloc context.
 - Uses sepereate inner loops for some of the DCE/RPC tests

The other and more important part of this patch fixes issues
surrounding the new credentials framwork:

This makes the struct cli_credentials always a talloc() structure,
rather than on the stack.  Parts of the cli_credentials code already
assumed this.

There were other issues, particularly in the DCERPC over SMB handling,
as well as little things that had to be tidied up before test_w2k3.sh
would start to pass.

Andrew Bartlett
(This used to be commit 0453f9d05d)
2007-10-10 13:11:11 -05:00
Jelmer Vernooij
05bc2d7b2c r5928: Use cli_credentials in:
- gtk+ (returned by GtkHostBindingDialog as well now)
 - torture/
 - librpc/
 - lib/com/dcom/
(This used to be commit ccefd78233)
2007-10-10 13:11:08 -05:00
Jelmer Vernooij
34cde06513 r5924: Use cli_credentials in libnet/.
(This used to be commit e5bc6f4f17)
2007-10-10 13:11:08 -05:00
Andrew Bartlett
df64302213 r5902: A rather large change...
I wanted to add a simple 'workstation' argument to the DCERPC
authenticated binding calls, but this patch kind of grew from there.

With SCHANNEL, the 'workstation' name (the netbios name of the client)
matters, as this is what ties the session between the NETLOGON ops and
the SCHANNEL bind.  This changes a lot of files, and these will again
be changed when jelmer does the credentials work.

I also correct some schannel IDL to distinguish between workstation
names and account names.  The distinction matters for domain trust
accounts.

Issues in handling this (issues with lifetime of talloc pointers)
caused me to change the 'creds_CredentialsState' and 'struct
dcerpc_binding' pointers to always be talloc()ed pointers.

In the schannel DB, we now store both the domain and computername, and
query on both.  This should ensure we fault correctly when the domain
is specified incorrectly in the SCHANNEL bind.

In the RPC-SCHANNEL test, I finally fixed a bug that vl pointed out,
where the comment claimed we re-used a connection, but in fact we made
a new connection.

This was achived by breaking apart some of the
dcerpc_secondary_connection() logic.

The addition of workstation handling was also propogated to NTLMSSP
and GENSEC, for completeness.

The RPC-SAMSYNC test has been cleaned up a little, using a loop over
usernames/passwords rather than manually expanded tests.  This will be
expanded further (the code in #if 0 in this patch) to use a newly
created user account for testing.

In making this test pass test_rpc.sh, I found a bug in the RPC-ECHO
server, caused by the removal of [ref] and the assoicated pointer from
the IDL.  This has been re-added, until the underlying pidl issues are
solved.
(This used to be commit 824289dcc2)
2007-10-10 13:11:07 -05:00
Andrew Bartlett
a25443dbeb r5900: Use flatname to specify the netbios domain name (matches what win2k3
uses for trusted domain records) in the secrets join records.

Andrew Bartlett
(This used to be commit a6c502832c)
2007-10-10 13:11:07 -05:00
Jelmer Vernooij
e9ca6e48ff r5775: Remove some unused functions (unions are no longer as special as they used to be)
Add oxid mapping table support in DCOM
(This used to be commit e193555f0e)
2007-10-10 13:11:02 -05:00
Stefan Metzmacher
c857c03170 r5681: fix the build and compiler wanings
metze
(This used to be commit bb2622a0c9)
2007-10-10 13:11:00 -05:00
Rafal Szczesniak
c148831783 r5677: Split structure definitions from implementation.
rafal
(This used to be commit ec177c9226)
2007-10-10 13:10:59 -05:00
Simo Sorce
b1b14817ea r5585: LDB interfaces change:
changes:
- ldb_wrap disappears from code and become a private structure of db_wrap.c
  thanks to our move to talloc in ldb code, we do not need to expose it anymore

- removal of ldb_close() function form the code
  thanks to our move to talloc in ldb code, we do not need it anymore
  use talloc_free() to close and free an ldb database

- some minor updates to ldb modules code to cope with the change and fix some
  bugs I found out during the process
(This used to be commit d58be9e74b)
2007-10-10 13:10:55 -05:00
Rafal Szczesniak
181da32361 r5576: Bunch of fixes pointed by tridge. A few more to come...
rafal
(This used to be commit e5daf6911b)
2007-10-10 13:10:54 -05:00
Rafal Szczesniak
595228c4c3 r5474: Remove random notes put in code.
rafal
(This used to be commit bfb4dfaa8c)
2007-10-10 13:10:48 -05:00
Rafal Szczesniak
dd411b005e r5472: First approach to composite rpc call fetchin user info.
It does only compile. Completely untested yet, so almost certainly
broken, but I don't want it to lay on my laptop only.

rafal
(This used to be commit dcab843da3)
2007-10-10 13:10:48 -05:00
Rafal Szczesniak
2e61d60cdc r5366: added initial code for adding user accounts to libnet makefile.
It doesn't do anything useful yet, but at least doesn't break
the build.

rafal
(This used to be commit b9dbf17366)
2007-10-10 13:09:47 -05:00
Rafal Szczesniak
953ba3fb7d r5365: Initial code for adding user accounts via libnet call.
rafal
(This used to be commit c5fdc38b17)
2007-10-10 13:09:46 -05:00
Tim Potter
abc28d66e9 r5364: Rename string fields called 'domain' and 'name' to be 'domain_name'.
(This used to be commit 6749b9404d)
2007-10-10 13:09:46 -05:00
Andrew Tridgell
e82aad1ce3 r5298: - got rid of pstring.h from includes.h. This at least makes it a bit
less likely that anyone will use pstring for new code

 - got rid of winbind_client.h from includes.h. This one triggered a
   huge change, as winbind_client.h was including system/filesys.h and
   defining the old uint32 and uint16 types, as well as its own
   pstring and fstring.
(This used to be commit 9db6c79e90)
2007-10-10 13:09:38 -05:00
Rafal Szczesniak
f0b403f27a r5256: More verbose description of functions (as I learn the code).
rafal
(This used to be commit 38ac6b8d57)
2007-10-10 13:09:35 -05:00
Andrew Tridgell
759da3b915 r5037: got rid of all of the TALLOC_DEPRECATED stuff. My apologies for the
large commit. I thought this was worthwhile to get done for
consistency.
(This used to be commit ec32b22ed5)
2007-10-10 13:09:15 -05:00
Rafal Szczesniak
d25c1bd001 r4948: Typo fixes in comments.
rafal
(This used to be commit 97d40f1603)
2007-10-10 13:09:08 -05:00
Andrew Tridgell
2383787f19 r4891: - added a generic resolve_name() async interface in libcli/resolve/,
which will eventually try all resolution methods setup in smb.conf

 - only resolution backend at the moment is bcast, which does a
   parallel broadcast to all configured network interfaces, and takes
   the first reply that comes in (this nicely demonstrates how to do
   parallel requests using the async APIs)

 - converted all the existing code to use the new resolve_name() api

 - removed all the old nmb code (yay!)
(This used to be commit 239c310f25)
2007-10-10 13:09:03 -05:00
Andrew Bartlett
8799d6b44c r4762: Store the results of a 'net join' in the LDB.
Like Samba3, the storage of the primary domain password is keyed off
the domain name, so we can join multiple domains, and just swap
'workgroup =' around.

Andrew Bartlett
(This used to be commit 54a231780e)
2007-10-10 13:08:51 -05:00
Andrew Bartlett
335a277662 r4722: Start to add 'net join' to Samba4.
Andrew Bartlett
(This used to be commit a9b9606091)
2007-10-10 13:08:48 -05:00
Andrew Bartlett
025bf43aa0 r4721: Changes to libnet_passwd to take advantage of the new easier to call
RPC client libs, and to make the fallback between the various SAMR
levels easier to manage.

I'm starting to enjoy the structure that libnet has actually, and I'm
about to build 'net join' on that basis (and I didn't want to have to
duplicate the password set code).

Andrew Bartlett
(This used to be commit f1dd179a50)
2007-10-10 13:08:48 -05:00
Stefan Metzmacher
c62615f268 r4075: implement RemoteTOD server function
metze
(This used to be commit 0c6d4246a4)
2007-10-10 13:06:23 -05:00
Andrew Tridgell
cc8f4358cc r4035: more effort on consistent naming of the access mask bits.
This removes the duplicate named SEC_RIGHTS_MAXIMUM_ALLOWED and
SEC_RIGHTS_FULL_CONTROL, which are just other names for
SEC_FLAG_MAXIMUM_ALLOWED and SEC_RIGHTS_FILE_ALL. The latter names
match the new naming conventions in security.idl

Also added names for the generic->specific mappings for files are
directories
(This used to be commit 17a4e0b3ac)
2007-10-10 13:06:16 -05:00
Jelmer Vernooij
d95a256d1b r3881: Split up the LIBNDR_GEN subsystem into NDR_* and RPC_NDR_* subsystems.
This reduces the total size of the samba binaries from 119 Mb to 73 Mb.
Next step will be to have the build system obtain some of this information
by itself, so that we don't have to write ~10 lines per interface manually.
(This used to be commit 16d905f6b0)
2007-10-10 13:06:01 -05:00
Jelmer Vernooij
34ddb33b4b r3744: Support building subsystems as a shared library. Modules don't work yet,
so while this does compile, it does not work yet.
(This used to be commit 3d885562c9)
2007-10-10 13:05:50 -05:00
Jelmer Vernooij
8e16d8a76f r3733: More build system fixes/features:
- Use .mk files directly (no need for a SMB_*_MK() macro when adding a new SUBSYSTEM, MODULE or BINARY). This allows addition of new modules and subsystems without running configure
 - Add support for generating .dot files with the Samba4 dependency tree (as used by the graphviz and springgraph utilities)
(This used to be commit 64826da834)
2007-10-10 13:05:47 -05:00
Andrew Bartlett
50916c8f2f r3724: Rename a number of structures, for better consistance between SAMR and
NETLOGON.

In particular, rename samr_Name to samr_String - given that many
strings in this pipe are not 'names', the previous was just confusing.
(I look forward to PIDL turning these into simple char * some day...).

Also export out a few changes from testjoin.c to allow for how I have
written the new RPC-SAMSYNC test.

Andrew Bartlett
(This used to be commit 9cd666bcfb)
2007-10-10 13:05:47 -05:00
Andrew Tridgell
6bd02aa504 r3478: split out some more pieces of includes.h
(This used to be commit 8e9212ecfc)
2007-10-10 13:05:20 -05:00
Andrew Tridgell
a1d0b97ed4 r3462: separate out the crypto includes
(This used to be commit 3f75117db9)
2007-10-10 13:05:16 -05:00
Andrew Tridgell
ead3508ac8 r3447: more include/system/XXX.h include files
(This used to be commit 264ce91810)
2007-10-10 13:05:12 -05:00
Andrew Tridgell
284349482f r3443: the next stage in the include files re-organisation.
I have created the include/system/ directory, which will contain the
wrappers for the system includes for logical subsystems. So far I have
created include/system/kerberos.h and include/system/network.h, which
contain all the system includes for kerberos code and networking code.
These are the included in subsystems that need kerberos or networking
respectively.

Note that this method avoids the mess of #ifdef HAVE_XXX_H in every C
file, instead each C module includes the include/system/XXX.h file for
the logical system support it needs, and the details are kept isolated
in include/system/

This patch also creates a "struct ipv4_addr" which replaces "struct
in_addr" in our code. That avoids every C file needing to import all
the system networking headers.
(This used to be commit 2e25c71853)
2007-10-10 13:05:11 -05:00
Andrew Tridgell
90067934cd r3428: switched to using minimal includes for the auto-generated RPC code.
The thing that finally convinced me that minimal includes was worth
pursuing for rpc was a compiler (tcc) that failed to build Samba due
to reaching internal limits of the size of include files. Also the
fact that includes.h.gch was 16MB, which really seems excessive. This
patch brings it back to 12M, which is still too large, but
better. Note that this patch speeds up compile times for both the pch
and non-pch case.

This change also includes the addition iof a "depends()" option in our
IDL files, allowing you to specify that one IDL file depends on
another. This capability was needed for the auto-includes generation.
(This used to be commit b8f5fa8ac8)
2007-10-10 13:05:09 -05:00