1
0
mirror of https://github.com/samba-team/samba.git synced 2024-12-23 17:34:34 +03:00
Commit Graph

389 Commits

Author SHA1 Message Date
Simo Sorce
a23b63a8e5 r17516: Change helper function names to make more clear what they are meant to do
(This used to be commit ad75cf8695)
2007-10-10 14:15:31 -05:00
Rafal Szczesniak
5104e4e83f r17472: Remove unused variable.
rafal
(This used to be commit 04c94e4a52)
2007-10-10 14:15:27 -05:00
Rafal Szczesniak
8b659a2439 r17450: A bit more protection against memory allocation errors.
rafal
(This used to be commit a3ef0d051a)
2007-10-10 14:15:26 -05:00
Rafal Szczesniak
84f8d208ef r17448: Define macros to set fields in api function modifying user account.
rafal
(This used to be commit 8d9330c490)
2007-10-10 14:15:26 -05:00
Rafal Szczesniak
9ea3b567e4 r17447: Add more fields to user modify routines.
rafal
(This used to be commit 8fa1cd62ec)
2007-10-10 14:15:26 -05:00
Rafal Szczesniak
45b64e394d r17079: Remove an attempt to connect on ncacn_ip_tcp transport after failure
on ncacn_np, as abartlet suggested. Also, named pipe remains the default
transport for all kinds of servers to be contacted.

rafal
(This used to be commit 76888c74a6)
2007-10-10 14:10:11 -05:00
Rafal Szczesniak
6078bfda5e r17028: Remove extra newline.
rafal
(This used to be commit 7da9ebffbd)
2007-10-10 14:10:09 -05:00
Rafal Szczesniak
752fda46a5 r17027: My copyright notice.
rafal
(This used to be commit a2229f8c80)
2007-10-10 14:10:09 -05:00
Rafal Szczesniak
434087bb4b r17026: Make rpc connect routine a bit smarter. Try to connect again
using different transport and possibly address type, when
the first attempt fails (only if it makes any sense, of course).
This may be especially useful when connecting DCs and PDCs in
mixed environments.

Also, add monitor messages issuing.

rafal
(This used to be commit d69b31230d)
2007-10-10 14:10:09 -05:00
Rafal Szczesniak
ad521ee793 r17001: Prepare a new monitor messages.
rafal
(This used to be commit aaa2a5a27a)
2007-10-10 14:10:07 -05:00
Rafal Szczesniak
861ec81048 r16895: Add continue function and prevent from segfaulting (or unpredictable
behaviour) if composite context returned from _send function was NULL.

rafal
(This used to be commit d9fce228d0)
2007-10-10 14:09:57 -05:00
Andrew Bartlett
12dc0ae78c r16830: Fix IBM checker and GCC warnings.
Andrew Bartlett
(This used to be commit 5ef924bc73)
2007-10-10 14:09:48 -05:00
Rafal Szczesniak
5b19070ac7 r16694: Store lsa rpc pipe pointer in a right place.
rafal
(This used to be commit fa6b52dbf7)
2007-10-10 14:09:39 -05:00
Rafal Szczesniak
833ef6b678 r16693: Name type should be passed further down the lookup engine instead
of assuming only PDC name type. Also, fix the comment.

rafal
(This used to be commit 436c8a7211)
2007-10-10 14:09:38 -05:00
Rafal Szczesniak
828e95e81f r16692: More comments and further code in set_user_changes routine.
rafal
(This used to be commit c58fa8676c)
2007-10-10 14:09:38 -05:00
Rafal Szczesniak
6e92c83d52 r16573: Fixes in comments.
rafal
(This used to be commit 1258e6cad8)
2007-10-10 14:09:36 -05:00
Rafal Szczesniak
61705d9c55 r16572: More comments and simple refactoring of one condition.
rafal
(This used to be commit 24006a3601)
2007-10-10 14:09:36 -05:00
Rafal Szczesniak
7414c0206f r16532: Tell username from account name (source from target, when
changing).

rafal
(This used to be commit e5a50ca14a)
2007-10-10 14:09:33 -05:00
Rafal Szczesniak
7d1533f616 r16531: Add a function preparing argument for modify user routine.
rafal
(This used to be commit d91cbec264)
2007-10-10 14:09:33 -05:00
Rafal Szczesniak
3ef6f35dde r16530: Send monitor messages only after successful receiving result of a stage.
rafal
(This used to be commit e5dc631163)
2007-10-10 14:09:33 -05:00
Rafal Szczesniak
240ec86942 r16476: Error in composite functions implemented the 'old way' (single event handler,
no continue functions) need to report an error by means of state only.
composite_error calls event handler function which frees the context and
state structure. This fixes a segfault in some cases (caught it on modifyuser
test).

rafal
(This used to be commit 9e800fd0cf)
2007-10-10 14:09:30 -05:00
Andrew Bartlett
345c9f043f r16226: Fixes for various segfault bugs found against a buggy Samba4. With
the current API we need to check both that the RPC didn't fault, and
that the query succeeded.

Also print the right things in debug messages.

Andrew Bartlett
(This used to be commit d18e515391)
2007-10-10 14:09:06 -05:00
Rafal Szczesniak
9fb340758b r16211: Refactor domain_opened function a bit and add a few comments.
rafal
(This used to be commit d8113fa5e1)
2007-10-10 14:09:06 -05:00
Rafal Szczesniak
04bc987b29 r15996: Implement a missing monitor message.
rafal
(This used to be commit 37ec35672e)
2007-10-10 14:08:47 -05:00
Rafal Szczesniak
f40a2e9786 r15940: Add new field to pass username to libnet_rpc_userinfo function.
rafal
(This used to be commit 16b4b4dbb7)
2007-10-10 14:08:42 -05:00
Rafal Szczesniak
95399b1e66 r15938: Extend userinfo call with one optional stage - lookup for
username to resolve it to a rid, when a sid argument is not
explicitly provided.

rafal
(This used to be commit 9bc4ef267c)
2007-10-10 14:08:42 -05:00
Rafal Szczesniak
ab7d25c4d1 r15937: Currently, we don't use nor support distinguished call levels, so remove
them until we do such thing. There's no need to complicate things more
at the moment.

rafal
(This used to be commit 94fb191e6b)
2007-10-10 14:08:42 -05:00
Rafal Szczesniak
8a6ac85a96 r15920: Move userman.c and userinfo.c definition into respective
header files instead of composite.h

rafal
(This used to be commit 8cafbe7afe)
2007-10-10 14:08:40 -05:00
Rafal Szczesniak
78fea25786 r15919: - Create function checking prerequisites like valid domain
opened and rpc pipe connected. Each user management routine
  calls the function before doing their job
- Initial work on user modify functionality (does nothing yet)

rafal
(This used to be commit 51501cdeef)
2007-10-10 14:08:40 -05:00
Stefan Metzmacher
9ff4fcab36 r15858: - initialize s->r.out
- don't check for mem_ctx, ctx and r, we should crash when they're wrong
  as it's a programmer error!
- pass the error string to the caller

metze
(This used to be commit 5f65447f5d)
2007-10-10 14:08:33 -05:00
Stefan Metzmacher
d8376686cd r15857: don't clear the error string after setting it
metze
(This used to be commit d273d8ae52)
2007-10-10 14:08:33 -05:00
Andrew Tridgell
3372344ade r15850: another spot where r->out.error_string can be uninitialied
(This used to be commit 4898b29c32)
2007-10-10 14:08:32 -05:00
Andrew Tridgell
6e0511f3ee r15849: ensure we don't try to talloc_steal() an invalid error_string in
r->out on error
(This used to be commit 1d1d2aaeae)
2007-10-10 14:08:31 -05:00
Rafal Szczesniak
dda3dceac7 r15726: Comments and a couple of minor formattings in the code.
rafal
(This used to be commit 2ab8343e99)
2007-10-10 14:08:09 -05:00
Rafal Szczesniak
3b07abf2d7 r15667: Make sure the rpc pipe pointers are zeroed during
initialisation of libnet_context.
This fixes a valgrind warning.

rafal
(This used to be commit b751eb1102)
2007-10-10 14:08:05 -05:00
Rafal Szczesniak
e1e4474fb0 r15666: Fix a silly typo.
rafal
(This used to be commit dc93aef09a)
2007-10-10 14:08:05 -05:00
Rafal Szczesniak
251ea035b5 r15663: Turn libnet_DeleteUser into async function and fix subtle bug probably
causing ejsnet test to segfault. Also, cleanup a bit and add monitor
fn pointer to internal user delete libnet function.
Time for some comments now.

rafal
(This used to be commit 89e9a88719)
2007-10-10 14:08:04 -05:00
Rafal Szczesniak
16b5eac38d r15625: Partial commit of my current work. It makes libnet api functions
a bit more smart and more aware of what libnet_context can offer.
The context is a help when some of the arguments are not passed
(programmer counts on using sensible defaults) and stores some of
results so that similar subsequent calls don't need to reopen some
of policy handles, pipes, etc. again. It also helps to hide some
of details the library user don't really want to know much about.

Also, change domain open function to be part of public api, as
it is going to be used in ejsnet interface.

Note, this is work in progress. Comments are welcome.

rafal
(This used to be commit 1ed80c594c)
2007-10-10 14:07:24 -05:00
Andrew Bartlett
7f0a396e3b r15504: Revert -r 15500 and -r 15503 until I'm awake, and can get my head
around the mess that is composite functions...

Async might be all the rage, but it's bloody painful to debug.

Andrew Bartlett
(This used to be commit 756e1dad7c)
2007-10-10 14:05:43 -05:00
Andrew Bartlett
5f36534629 r15500: Add support for interactive prompting on bad passwords to the RPC libraries.
This support requires that the bind_ack and alter_ack recv functions
also be send the DCE/RPC fault.  This would be best done by having the
ack run as a normal RPC reply callback, but this isn't easily possible
for now.

Andrew Bartlett
(This used to be commit be6dde22fe)
2007-10-10 14:05:42 -05:00
Rafal Szczesniak
4010a61fd8 r15489: Typo fixes.
rafal
(This used to be commit 221907fc0d)
2007-10-10 14:05:41 -05:00
Rafal Szczesniak
f8f231da25 r15488: This structure is not needed any longer.
rafal
(This used to be commit 45cd7bc4ec)
2007-10-10 14:05:40 -05:00
Rafal Szczesniak
4d8aaf5f1c r15487: More comments and a few minor changes (not even fixes).
rafal
(This used to be commit 12d0faf9bc)
2007-10-10 14:05:40 -05:00
Rafal Szczesniak
eff21e317e r15459: Add forgotten guid retrieval among other data and thus prevent
from returning uninitialised structure member. Thank heavens for build
farm and valgrind :)

rafal
(This used to be commit daca283990)
2007-10-10 14:05:38 -05:00
Rafal Szczesniak
ccf5696b97 r15439: Reorder the code a bit to be like in other calls. More comments
and comment-fixes.

rafal
(This used to be commit d35f1e07be)
2007-10-10 14:05:37 -05:00
Rafal Szczesniak
538adbf677 r15435: Turn libnet_RpcConnectDCInfo into another level of libnet_RpcConnect
and make it async. Also, update any other usages of old function.
Build goes fine and so do tests, comments to follow.

rafal
(This used to be commit aef0a2de9d)
2007-10-10 14:05:36 -05:00
Andrew Bartlett
5f4d86f955 r15426: Implement SPNEGO as the default RPC authentication mechanism. Where
this isn't supported, fallback to NTLM.

Also, where we get a failure as 'logon failure', try and do a '3
tries' for the password, like we already do for CIFS.  (Incomplete:
needs a mapping between RPC errors and the logon failure NTSTATUS).

Because we don't yet support Kerberos sign/seal to win2k3 SP1 for
DCE/RPC, disable this (causing SPNEGO to negotiate NTLM) when kerberos
isn't demanded.

Andrew Bartlett
(This used to be commit b3212d1fb9)
2007-10-10 14:05:36 -05:00
Jelmer Vernooij
e002300f23 r15328: Move some functions around, remove dependencies.
Remove some autogenerated headers (which had prototypes now autogenerated by pidl)
Remove ndr_security.h from a few places - it's no longer necessary
(This used to be commit c19c2b51d3)
2007-10-10 14:05:17 -05:00
Jelmer Vernooij
69b51f702a r15207: Introduce PRIVATE_DEPENDENCIES and PUBLIC_DEPENDENCIES as replacement
for REQUIRED_SUBSYSTEMS.
(This used to be commit adc8a019b6)
2007-10-10 14:04:18 -05:00
Andrew Tridgell
48bf8e2b6d r14983: fix an uninitialised var
(This used to be commit 58ac1e4eb1)
2007-10-10 14:00:51 -05:00
Stefan Metzmacher
1af925f394 r14860: create libcli/security/security.h
metze
(This used to be commit 9ec706238c)
2007-10-10 13:59:44 -05:00
Andrew Bartlett
d52f31848d r14716: Remove username from debug message, it just causes valgrind assertions.
Andrew Bartlett
(This used to be commit c978fea2a1)
2007-10-10 13:59:12 -05:00
Rafal Szczesniak
d0c7651a7d r14591: More comments.
rafal
(This used to be commit 44b89cd47a)
2007-10-10 13:58:57 -05:00
Jelmer Vernooij
184955ffd7 r14572: Give libraries saner names, remove some .pc files, make some things
subsystems in case a library doesn't make sense.
(This used to be commit ed382873fd)
2007-10-10 13:58:49 -05:00
Rafal Szczesniak
1d23d26dd2 r14568: Remove unused function.
rafal
(This used to be commit 473d6c8e68)
2007-10-10 13:58:48 -05:00
Rafal Szczesniak
79f844e6a6 r14566: Remove unnecessary headers.
rafal
(This used to be commit 1ba4245fcb)
2007-10-10 13:58:48 -05:00
Rafal Szczesniak
986532fbbd r14560: Finally! Start working on async libnet_RpcConnect and other
rpc-related calls.

rafal
(This used to be commit 860f9bcb1e)
2007-10-10 13:58:46 -05:00
Jelmer Vernooij
35349a58df r14542: Remove librpc, libndr and libnbt from includes.h
(This used to be commit 51b4270513)
2007-10-10 13:58:42 -05:00
Jelmer Vernooij
b785a7c40c r14492: Fix shared libs - set SO_VERSION to 0 everywhere for now.
(This used to be commit 4682bc5ce0)
2007-10-10 13:57:32 -05:00
Jelmer Vernooij
4f1c8daa36 r14470: Remove some unnecessary headers.
(This used to be commit f7312dab3b)
2007-10-10 13:57:29 -05:00
Jelmer Vernooij
8528016978 r14464: Don't include ndr_BASENAME.h files unless strictly required, instead
try to include just the BASENAME.h files (containing only structs)
(This used to be commit 3dd477ca51)
2007-10-10 13:57:27 -05:00
Jelmer Vernooij
1060f6b3f6 r14402: Generate seperate headers for RPC client functions.
(This used to be commit 7054ebf024)
2007-10-10 13:57:19 -05:00
Jelmer Vernooij
7651d097b4 r14383: Fix non-developer build.
(This used to be commit f4de155c94)
2007-10-10 13:57:17 -05:00
Jelmer Vernooij
e3f2414cf9 r14380: Reduce the size of structs.h
(This used to be commit 1a16a6f1df)
2007-10-10 13:57:16 -05:00
Jelmer Vernooij
3f16241a1d r14363: Remove credentials.h from the global includes.
(This used to be commit 98c4c30513)
2007-10-10 13:57:14 -05:00
Jelmer Vernooij
e153a8099e r14327: Replace MAJOR_VERSION/MINOR_VERSION/RELEASE_VERSION with two parameters:
- VERSION: should contain the current version. Will be made part of the filename.
 - SO_VERSION: should contain the latest version that this on is compatible to. Will be used for setting the soname of the shared library.

Fix sonames and use them on platforms that support them
Remove symlinking code. ldconfig will take care of creating the symlinks now
that we set the soname.
(This used to be commit 7871b07e21)
2007-10-10 13:57:12 -05:00
Stefan Metzmacher
da7c2d3a66 r14063: libnet depends on dcerpc
metze
(This used to be commit 7fc2d08269)
2007-10-10 13:52:39 -05:00
Andrew Bartlett
91b1815fa9 r14058: Try to make the continuation on the list of password set mechs clearer.
Andrew Bartlett
(This used to be commit 0aa7160a66)
2007-10-10 13:52:38 -05:00
Jelmer Vernooij
17ae598141 r13938: Around round of splitups
(This used to be commit 2d655f0528)
2007-10-10 13:52:29 -05:00
Jelmer Vernooij
4ac2be9958 r13924: Split more prototypes out of include/proto.h + initial work on header
file dependencies
(This used to be commit 1228358767)
2007-10-10 13:52:24 -05:00
Jelmer Vernooij
ba564a901e r13903: Don't generate prototypes for modules and binaries in include/proto.h by
default.
(This used to be commit c80a8f1102)
2007-10-10 13:52:21 -05:00
Andrew Bartlett
34aa19cafe r13317: Create a new function messaging_client_init() which can be used when
we don't have a server messaging context.  We should replace the
datagram messages with stream sockets in this case, so we don't have
to create a unique socket.

Andrew Bartlett
(This used to be commit fd974fb647)
2007-10-10 13:51:43 -05:00
Andrew Bartlett
fc29c3250a r13104: Migrate and set secrets keytab values in the 'net join' code. This
avoids falling back to in-memory keytabs.

Andrew Bartlett
(This used to be commit 59fbce01c6)
2007-10-10 13:51:25 -05:00
Andrew Bartlett
8641271e65 r12979: Grr, I forgot to commit this file (from Brad Henry's libnet_site
patch) before the power went out :-)

Andrew Bartlett
(This used to be commit 352d6493bb)
2007-10-10 13:51:13 -05:00
Andrew Bartlett
1f72942873 r12976: Patch from Brad Henry <j0j0@riod.ca>:
This patch pulls the AD site name generation and site join code from
libnet/libnet_join.c and puts it into a new file, libnet/libnet_site.c.
This way, a common means for site name, configuration dn and server dn
generation exists so it doesn't need to be rewritten in new code (such
as the future libnet_leave for example).

I've made a couple of changes, but nothing dramatic.  Nice work Brad!

Andrew Bartlett
(This used to be commit 45f67b3f6d)
2007-10-10 13:51:13 -05:00
Andrew Bartlett
243e07cfa2 r12930: Fix ADS join: I wasn't filling in the flag 'realm' variable any more.
Andrew Bartlett
(This used to be commit 5c5a2974c9)
2007-10-10 13:51:08 -05:00
Andrew Bartlett
f3db23ac75 r12928: This patch improves the interaction between the vampire and provsion code.
Previously, we had to know (or guess) the host and domain guid at the
provision stage.  Now we query the database post-provision, to extract
the values and fill in the zone file.

This allows us to generate a correct zone file in the Windows migration case.

In an effort to make SWAT easier to use, I have removed and renamed
some of the provision options.

I have also fixed a nasty issue in my js code.  I had implictly
declared a global variable of the name 'join', with disasterious
results for any subsequent user of the string utility function:

esp exception - ASSERT at lib/appweb/ejs/ejsParser.c:2064, 0

Backtrace:
        [ 0]       substitute_var:20   ->               list[i] = join("", list2)
        [ 1]           setup_file:9    ->       data = substitute_var(data, subobj)

Andrew Bartlett
(This used to be commit a38ceefd11)
2007-10-10 13:51:07 -05:00
Andrew Bartlett
dcd63b9770 r12926: Syncronsise GUIDs on users and domains from the server. These also
appear in DNS, so need to match.

Andrew Bartlett
(This used to be commit d092b0493d)
2007-10-10 13:51:07 -05:00
Andrew Bartlett
b15582ed81 r12903: Factor out a new routine libnet_RpcConnectDCInfo, to both connect to
the remote sever, and to query it for domain information.

Provide and use this information in the SamSync/Vampire callbacks, to allow a
parallel connection to LDAP, if we are talking to AD.  This allows us
to get at some important attributes not exposed in the old protocol.

With this, we are able to do a all-GUI vampire of a AD domain from
SWAT, including getting all the SIDs, servicePrincipalNames and the
like correct.

Andrew Bartlett
(This used to be commit 918358cee0)
2007-10-10 13:51:00 -05:00
Andrew Bartlett
17402db4df r12894: Add more detail to error messages.
Andrew Bartlett
(This used to be commit 31fd39f356)
2007-10-10 13:50:59 -05:00
Andrew Bartlett
1460719b6a r12893: Filling in *error_string is critical for SWAT, as the errors otherwise
do not propogate back to the user, they just end up in the logfile.

Andrew Bartlett
(This used to be commit 7c9f8e524b)
2007-10-10 13:50:59 -05:00
Andrew Bartlett
58f78fa182 r12892: Add a 'Migrate from Windows' page to our installation section in SWAT.
Doing this required reworking ejsnet, particularly so it could take a
set of credentials, not just a username and password argument.

This required fixing the ejsnet.js test script, which now adds and
deletes a user, and is run from 'make test'.  This should prevent it
being broken again.

Deleting a user from ejsnet required that the matching backend be
added to libnet, hooking fortunetly onto already existing code for the
actual deletion.

The js credentials interface now handles the 'set machine account' flag.

New functions have been added to provision.js to wrap the basic
operations (so we can write a command line version, as well as the web
based version).

Andrew Bartlett
(This used to be commit a5e7c17c34)
2007-10-10 13:50:59 -05:00
Andrew Bartlett
d790d8d6ed r12886: Rename 'secure_channel_type' parameter to domain join as 'join_type'.
Andrew Bartlett
(This used to be commit a3b3e09a9a)
2007-10-10 13:50:58 -05:00
Andrew Bartlett
f2df13958c r12883: Fix the build...
Andrew Bartlett
(This used to be commit 8f7d14048f)
2007-10-10 13:50:57 -05:00
Andrew Bartlett
e15136af9e r12882: Allow the netbios name to be specified at all times.
Andrew Bartlett
(This used to be commit f4f4dcf217)
2007-10-10 13:50:57 -05:00
Andrew Bartlett
7d90b3f802 r12881: Hard-coded defaults are silly. We have smb.conf for a reason.
Andrew Bartlett
(This used to be commit c9402f9227)
2007-10-10 13:50:57 -05:00
Andrew Bartlett
99125b6510 r12873: Fix valgrind-found uninitialised value.
Andrew Bartlett
(This used to be commit 38e8a6477a)
2007-10-10 13:50:56 -05:00
Andrew Bartlett
e0f69bf1d3 r12872: Add some more detail to debug message.
Andrew Bartlett
(This used to be commit cefba10bd5)
2007-10-10 13:50:56 -05:00
Andrew Bartlett
a5a79e8b8c r12865: Upgrade the librpc and libnet code.
In librpc, always try SMB level authentication, even if trying
schannel, but allow fallback to anonymous.  This should better
function with servers that set restrict anonymous.

There are too many parts of Samba that get, parse and modify the
binding parameters.  Avoid the extra work, and add a binding element
to the struct dcerpc_pipe

The libnet vampire code has been refactored, to reduce extra layers
and to better conform with the standard argument pattern.  Also, take
advantage of the new libnet_Lookup code, so we don't require the silly
'password server' smb.conf parameter.

To better support forcing traffic to be sealed for the vampire
operation, the dcerpc_bind_auth() function now takes an auth level
parameter.

Andrew Bartlett
(This used to be commit d65b354959)
2007-10-10 13:50:55 -05:00
Andrew Bartlett
4b2ed199ca r12861: Cope when we are not supplied the messaging context. This is just
another case where we have to fallback to the node status request.

Andrew Bartlett
(This used to be commit 181064dbcf)
2007-10-10 13:50:54 -05:00
Andrew Bartlett
b135f4467f r12858: This moves the libnet_LookupPdc code to use a GetDC request to find
the remote server's name, or in the absence of a local nbt_server to
communicate with (or without root access), a node status request.

The result is that we are in a better position to use kerberos, as well
as to remove the 'password server' mandatory parameter for the samsync
and samdump commands.  (I need this to put these into SWAT).

The only problem I have is that I must create a messaging context, which
requires a server ID.  As a client process, I don't expect to get
messages, but it is currently required for replies, so I generate a
random() number.  We probably need the servers to accept connections on
streamed sockets too, for client-only tasks that want IRPC.

Because I wanted to test this code, I have put the NET-API-* tests into
our test scripts, to ensure they pass and keep passing.  They are good
frontends onto the libnet system, and I see no reason not to test them.

In doing so the NET-API-RPCCONNECT test was simplified to take a
binding string on the command line, removing duplicate code, and
testing the combinations in the scripts instead.

(I have done a bit of work on the list shares code in libnet_share.c
to make it pass 'make test')

In the future, I would like to extend the libcli/findds.c code (based
off volker's winbind/wb_async_helpers.c, which is why it shows up a bit
odd in the patch) to handle getting multiple name replies, sending a
getdc request to each in turn.

(posted to samba-technical for review, and I'll happily update with
any comments)

Andrew Bartlett
(This used to be commit 7ccddfd351)
2007-10-10 13:50:54 -05:00
Stefan Metzmacher
af5032acfd r12724: fix warnings
metze
(This used to be commit 4ca1a9a606)
2007-10-10 13:49:45 -05:00
Andrew Bartlett
4bfe2907e7 r12719: Rename unicodePwd -> sambaPassword.
Because we don't know the syntax of unicodePwd, we want to avoid using
that attribute name.  It may cause problems later when we get
replication form windows.

I'm doing this before the tech preview, so we don't get too many
supprises as folks upgrade databases into later versions.

Andrew Bartlett
(This used to be commit 097d9d0b7f)
2007-10-10 13:49:45 -05:00
Jelmer Vernooij
63d718e243 r12696: Reduce the size of include/structs.h
(This used to be commit 6391761601)
2007-10-10 13:49:40 -05:00
Jelmer Vernooij
78c50015bb r12694: Move some headers to the directory of the subsystem they belong to.
(This used to be commit c722f665c9)
2007-10-10 13:49:39 -05:00
Jelmer Vernooij
bc4aebfaec r12670: Make a couple of dependencies stricter
Re-introduce and use the OUTPUT_TYPE property for MODULEs to force
specific modules to always be included
(This used to be commit f9eede3d40)
2007-10-10 13:49:35 -05:00
Stefan Metzmacher
ba76f23df9 r12611: fix compiler warnings
metze
(This used to be commit 50940879f6)
2007-10-10 13:49:04 -05:00
Jelmer Vernooij
d4de4c2d21 r12608: Remove some unused #include lines.
(This used to be commit 70e7449318)
2007-10-10 13:49:03 -05:00
Jelmer Vernooij
2cd5ca7d25 r12542: Move some more prototypes out to seperate headers
(This used to be commit 0aca5fd513)
2007-10-10 13:47:55 -05:00
Andrew Bartlett
773d5e0af0 r12538: Clarify why we are doing the delete here.
Andrew Bartlett
(This used to be commit 6d8405038f)
2007-10-10 13:47:53 -05:00
Jelmer Vernooij
acd6a086b3 r12510: Change the DCE/RPC interfaces to take a pointer to a
dcerpc_interface_table struct rather then a tuple of interface
name, UUID and version.

This removes the requirement for having a global list of DCE/RPC interfaces,
except for these parts of the code that use that list explicitly
(ndrdump and the scanner torture test).

This should also allow us to remove the hack that put the authservice parameter
in the dcerpc_binding struct as it can now be read directly from
dcerpc_interface_table.

I will now modify some of these functions to take a dcerpc_syntax_id
structure rather then a full dcerpc_interface_table.
(This used to be commit 8aae0f168e)
2007-10-10 13:47:48 -05:00
Jelmer Vernooij
d8e35f8828 r12498: Eliminate INIT_OBJ_FILES and ADD_OBJ_FILES. We were not using
the difference between these at all, and in the future the
fact that INIT_OBJ_FILES include smb_build.h will be sufficient to
have recompiles at the right time.
(This used to be commit b24f2583ed)
2007-10-10 13:47:45 -05:00
Andrew Bartlett
7448b93a2e r12430: Clarify libnet_join code. Add/fix comments.
Andrew Bartlett
(This used to be commit a3372935ee)
2007-10-10 13:47:37 -05:00
Andrew Bartlett
758873b9fb r12423: Remove DEBUG(0) printouts in favor of more information to the caller.
I assume this works better with SWAT and the like anyway.

Andrew Bartlett
(This used to be commit b11975703d)
2007-10-10 13:47:36 -05:00
Andrew Bartlett
8e0948bbad r12421: Handle the case where we are a joining as different account types far better.
Andrew Bartlett
(This used to be commit 0ce82e8a41)
2007-10-10 13:47:35 -05:00
Andrew Bartlett
221c1512a8 r12411: Add 'net samdump keytab <keytab>'.
This extracts a remote windows domain into a keytab, suitable for use
in ethereal for kerberos decryption.

For the moment, like net samdump and net samsync, the 'password
server' smb.conf option must be set to the binding string for the
server. eg:

password server = ncacn_np:mypdc

Andrew Bartlett
(This used to be commit 272013438f)
2007-10-10 13:47:35 -05:00
Jelmer Vernooij
ab31a44216 r12254: Add some (hopefully correct) descriptions for libraries that are installed.
Install pkg-config files.
(This used to be commit a86abe84e2)
2007-10-10 13:47:24 -05:00
Andrew Bartlett
a1827a1deb r12227: I realised that I wasn't yet seeing authenticated LDAP for the ldb
backend.

The idea is that every time we open an LDB, we can provide a
session_info and/or credentials.  This would allow any ldb to be remote
to LDAP.  We should also support provisioning to a authenticated ldap
server.

(They are separate so we can say authenticate as foo for remote, but
here we just want a token of SYSTEM).

Andrew Bartlett
(This used to be commit ae2f3a64ee)
2007-10-10 13:47:22 -05:00
Rafal Szczesniak
25f82c19f6 r12105: Formatting.
rafal
(This used to be commit 13d7b8fa43)
2007-10-10 13:47:10 -05:00
Andrew Bartlett
9c6b7f2d62 r11995: A big kerberos-related update.
This merges Samba4 up to current lorikeet-heimdal, which includes a
replacement for some Samba-specific hacks.

In particular, the credentials system now supplies GSS client and
server credentials.  These are imported into GSS with
gss_krb5_import_creds().  Unfortunetly this can't take an MEMORY
keytab, so we now create a FILE based keytab as provision and join
time.

Because the keytab is now created in advance, we don't spend .4s at
negprot doing sha1 s2k calls.  Also, because the keytab is read in
real time, any change in the server key will be correctly picked up by
the the krb5 code.

To mark entries in the secrets which should be exported to a keytab,
there is a new kerberosSecret objectClass.  The new routine
cli_credentials_update_all_keytabs() searches for these, and updates
the keytabs.

This is called in the provision.js via the ejs wrapper
credentials_update_all_keytabs().

We can now (in theory) use a system-provided /etc/krb5.keytab, if

krb5Keytab: FILE:/etc/krb5.keytab

is added to the secrets.ldb record.  By default the attribute

privateKeytab: secrets.keytab

is set, pointing to allow the whole private directory to be moved
without breaking the internal links.
(This used to be commit 6b75573df4)
2007-10-10 13:46:56 -05:00
Rafal Szczesniak
1b415f7b8e r11815: A bit more comments and spaces for better readability.
rafal
(This used to be commit 1e831aead1)
2007-10-10 13:46:32 -05:00
Rafal Szczesniak
78a328bef8 r11813: Const-ify name resolution method list and use string list
utilities to set the context field.

rafal
(This used to be commit 5da8b457c3)
2007-10-10 13:46:32 -05:00
Andrew Tridgell
f8391489bf r11794: - fixed a valgrind error in libnet, caused by using a stack variable
after the function has returned (the *address variable was assigned
  into the state).

- changed libnet to use event_context_find() instead of
  event_context_init(), so it works as a child of existing code that
  uses a event context
(This used to be commit 47ceb2d355)
2007-10-10 13:46:28 -05:00
Rafal Szczesniak
7bfe1d29dd r11750: More comments.
(This used to be commit d277b13ced)
2007-10-10 13:46:22 -05:00
Rafal Szczesniak
d6017d3969 r11749: 1) Buffer allocation's been moved and isn't needed here.
2) Connect to a server instead of pdc after locating it.

rafal
(This used to be commit a7bf9ada34)
2007-10-10 13:46:21 -05:00
Rafal Szczesniak
e1bea4eaf5 r11747: Move buffer allocation to libnet_Lookup function so that the
caller is not required to ensure it.

rafal
(This used to be commit 85456e6c0b)
2007-10-10 13:46:21 -05:00
Rafal Szczesniak
5da7edac6d r11708: Fix allocation of too small buffer to hold ip address.
Thanks metze for catching that.

rafal
(This used to be commit 5114ef8d1c)
2007-10-10 13:46:16 -05:00
Rafal Szczesniak
dfd5b1b020 r11705: Fix segfaulting create user function.
rafal
(This used to be commit 6b0c083c9b)
2007-10-10 13:46:15 -05:00
Simo Sorce
5c95905871 r11567: Ldb API change patch.
This patch changes the way lsb_search is called and the meaning of the returned integer.
The last argument of ldb_search is changed from struct ldb_message to struct ldb_result
which contains a pointer to a struct ldb_message list and a count of the number of messages.
The return is not the count of messages anymore but instead it is an ldb error value.

I tryed to keep the patch as tiny as possible bu as you can guess I had to change a good
amount of places. I also tried to double check all my changes being sure that the calling
functions would still behave as before. But this patch is big enough that I fear some bug
may have been introduced anyway even if it passes the test suite. So if you are currently
working on any file being touched please give it a deep look and blame me for any error.

Simo.
(This used to be commit 22c8c97e6f)
2007-10-10 13:45:53 -05:00
Andrew Bartlett
56d3064db6 r11410: Fix rejoin as a BDC by modifying, rather than trying to recreate, the
server reference.

Andrew Bartlett
(This used to be commit 302219928f)
2007-10-10 13:45:33 -05:00
Andrew Bartlett
4e65f39ca9 r11409: The use of 'password server = ' here is still bogus, but for now at
least don't allow binding to become uninitialised.

Andrew Bartlett
(This used to be commit e754234a17)
2007-10-10 13:45:33 -05:00
Andrew Bartlett
9bdc1a77f5 r11407: Push 'recreate account' logic into libnet/libnet_join.c. We don't
return the pesky USER_EXISTS 'error' code any more, and it is much
easier to handle this inline.

Andrew Bartlett
(This used to be commit a7eb796cf5)
2007-10-10 13:45:32 -05:00
Jelmer Vernooij
a4e7bf3a89 r11382: Require number of required M4 macros
Make MODULE handling a bit more like BINARY, LIBRARY and SUBSYSTEM
Add some more PUBLIC_HEADERS
(This used to be commit 875eb8f4cc)
2007-10-10 13:45:29 -05:00
Jelmer Vernooij
93fd08168f r11377: Add support for building LIBRARY elements as shared libraries:
- Adds -rpath bin/ so you don't have to install Samba in order to use compiled binaries.
 - Writes out pkg-config files when building shared libs
 - Supports automatic fallback to MERGEDOBJ (which is the default) or
   OBJ_LIST (if ld -r is not supported)

Building with shared libs reduces the size of the Samba binaries from
197 Mb to 60 Mb (including libraries) on my system (GCC4, with debugging).

To build with shared libraries support enabled, run:

LIBRARY_OUTPUT_TYPE=SHARED_LIBRARY ./config.status

init functions don't get called correctly yet when using shared libs, so
you won't be able to actually run anything with success :-)

Once init functions are done, I'll look at support for loading shared
modules once again.

Based on a patch by Peter Novodvorsky (nidd on IRC).
(This used to be commit 0b54405685)
2007-10-10 13:45:28 -05:00
Andrew Bartlett
900d6fab32 r11349: Actually add all the new spns...
Andrew Bartlett
(This used to be commit 63eede2ad3)
2007-10-10 13:45:22 -05:00
Andrew Bartlett
26fde8dee1 r11348: Fixes for 'net join':
- Add more servicePrincipalNames
 - Always add them, not just for BDC accounts, and not just the first
   time the account is created (it might be an upgrade from an NT4
   account).

This should fix us for being a domain member in ADS again.
(This used to be commit 3821821d4c)
2007-10-10 13:45:21 -05:00
Andrew Bartlett
2a2a350057 r11287: Understand the new behaviour of the LSA pipe on ncacn_ip_tcp in Win2k3 SP1.
Only a few operations are supported (LookupSids3 and LookupNames4),
and these are only supported under schannel.  This appears to be the
operations Win2k3 SP1 uses to verify part of the PAC back to the
server.

The test is setup to pass, but not enforce (so far) this new
behaviour.

Andrew Bartlett
(This used to be commit e15e39866e)
2007-10-10 13:45:13 -05:00
Jelmer Vernooij
4c5a4a7e02 r11244: Relative path names in .mk files
(This used to be commit 24e1030090)
2007-10-10 13:45:06 -05:00
Jelmer Vernooij
f4d590662e r11214: Remove scons files (see http://lists.samba.org/archive/samba-technical/2005-October/043443.html)
(This used to be commit 7fffc5c917)
2007-10-10 13:45:03 -05:00
Andrew Bartlett
22a9779328 r11197: indent
(This used to be commit a432ba105c)
2007-10-10 13:45:00 -05:00
Volker Lendecke
17355fbbd4 r11094: Connect to SAM, implement getdcname
(This used to be commit a14398715e)
2007-10-10 13:44:48 -05:00
Andrew Tridgell
a599edf04c r10913: This patch isn't as big as it looks ...
most of the changes are fixes to make all the ldb code compile without
warnings on gcc4. Unfortunately That required a lot of casts :-(

I have also added the start of an 'operational' module, which will
replace the timestamp module, plus add support for some other
operational attributes

In ldb_msg_*() I added some new utility functions to make the
operational module sane, and remove the 'ldb' argument from the
ldb_msg_add_*() functions. That argument was only needed back in the
early days of ldb when we didn't use the hierarchical talloc and thus
needed a place to get the allocation function from. Now its just a
pain to pass around everywhere.

Also added a ldb_debug_set() function that calls ldb_debug() plus sets
the result using ldb_set_errstring(). That saves on some awkward
coding in a few places.
(This used to be commit f6818daecc)
2007-10-10 13:39:41 -05:00
Andrew Tridgell
36d73b0e71 r10894: make the handling of dn/distinguishedName much closer to real
ldap. Also ensure we put a objectclass on our private ldb's, so they
have some chance of being stored in ldap if you want to
(This used to be commit 1af2cc067f)
2007-10-10 13:39:40 -05:00
Andrew Bartlett
1377cca5f4 r10810: This adds the hooks required to communicate the current user from the
authenticated session down into LDB.  This associates a session info
structure with the open LDB, allowing a future ldb_ntacl module to
allow/deny operations on that basis.

Along the way, I cleaned up a few things, and added new helper functions
to assist.  In particular the LSA pipe uses simpler queries for some of
the setup.

In ldap_server, I have removed the 'ldasrv:hacked' module, which hasn't
been worked on (other than making it continue to compile) since January,
and I think the features of this module are being put into ldb anyway.

I have also changed the partitions in ldap_server to be initialised
after the connection, with the private pointer used to associate the ldb
with the incoming session.

Andrew Bartlett
(This used to be commit fd7203789a)
2007-10-10 13:39:32 -05:00
Andrew Bartlett
2e3c917957 r10701: Ensure we return the right user handle.
Andrew Bartlett
(This used to be commit 732b247a49)
2007-10-10 13:39:21 -05:00
Andrew Bartlett
b7a47635ca r10696: Return the realm to the caller, not NULL...
Also return an indication of if the join was of a new account, or
reworking an existing account.

Andrew Bartlett
(This used to be commit b6e4b36c4f)
2007-10-10 13:39:20 -05:00
Rafal Szczesniak
bc651bd7a4 r10679: Monitor messages should be issued from usermod functions.
Also a bit of formatting.

rafal
(This used to be commit 1fefca2c17)
2007-10-10 13:39:17 -05:00
Rafal Szczesniak
2255f0b483 r10633: Formatting.
rafal
(This used to be commit 0e45dc3bac)
2007-10-10 13:39:13 -05:00
Rafal Szczesniak
9c52b2a78e r10631: Formatting.
rafal
(This used to be commit 426797f7b0)
2007-10-10 13:39:13 -05:00
Jelmer Vernooij
5058f4b9e8 r10586: Add MergedObject() builder. Default to Library() rather
then StaticLibrary()
(This used to be commit b53313dc51)
2007-10-10 13:39:08 -05:00
Andrew Bartlett
2ca10397af r10566: Clean up error messages to provide more accurate info.
Andrew Bartlett
(This used to be commit 640815008b)
2007-10-10 13:39:06 -05:00
Stefan Metzmacher
ab4d635b92 r10504: - seperate implementation specific stuff, from the generic composite
stuff.
- don't use SMBCLI_REQUEST_* state's in the genreic composite stuff
- move monitor_fn to libnet.

NOTE: I have maybe found some bugs, in code that is dirrectly in DONE or ERROR
      state in the _send() function. I haven't fixed this bugs in this
      commit! We may need some composite_trigger_*() functions or so.
      And maybe some other generic helper functions...

metze
(This used to be commit 4527815a0a)
2007-10-10 13:38:57 -05:00
Andrew Bartlett
5a522b3100 r10486: This is a merge of Brad Henry's 'net join' rework, to better perform
an ADS join, particularly as a DC.  This represents the bulk of his
Google SOC work, and I'm very pleased to intergrate it into the tree.
(Metze will intergrate the DRSUAPI work later).

Both metze and myself have also put a lot of time into this patch, and
in mentoring Brad in general.  In return, Brad has been a very good
student, and has taken the comments well.

Since it's last appearance on samba-technical@, I have made
correctness and valgrind fixups, as well as adding a new 'BINDING'
mode to the libnet_rpc routines.  This allows the exact binding string
to be passed down from the torture code, including options and exact
target host.

Andrew Bartlett
(This used to be commit d6fa105fda)
2007-10-10 13:38:53 -05:00
Jelmer Vernooij
6812c73534 r10348: Add scons scripts for remaining subsystems. Most subsystems build now,
but final linking still fails (as does generating files asn1, et, idl and proto
files)
(This used to be commit 4f0d7f75b9)
2007-10-10 13:38:30 -05:00
Jelmer Vernooij
5b02ee9b9d r10336: Add sconscript for a couple more subsystems.
(This used to be commit 59d4450453)
2007-10-10 13:38:29 -05:00
Tim Potter
58a74c723d r9994: Unused variable.
(This used to be commit ce4902f8de)
2007-10-10 13:36:27 -05:00
Jelmer Vernooij
b674411eb4 r9792: Rename StrCaseCmp -> strcasecmp_m. All these years I was thinking
StrCaseCmp was sys_strcasecmp, while it is in fact strcasecmp_m!
(This used to be commit 200a8f6652)
2007-10-10 13:35:01 -05:00
Simo Sorce
61aaf82b62 r9654: introduce the samdb_search_dn call
(This used to be commit 333ebb40d5)
2007-10-10 13:34:38 -05:00
Andrew Tridgell
b4d171d4df r9643: fixed samsync code for the new dn explode semantics
(This used to be commit 96298af202)
2007-10-10 13:34:36 -05:00
Simo Sorce
ac90ddfdb2 r9392: Fix ldb_dn_compose to make build farm happy
Add ldb_dn_string_compose so that you can build a dn starting from a
struct ldb_dn base and a set of parameters to be composed in a format
string with the same syntax of printf
(This used to be commit 31c69d0655)
2007-10-10 13:33:33 -05:00