1
0
mirror of https://github.com/samba-team/samba.git synced 2025-10-26 23:33:15 +03:00
Commit Graph

152 Commits

Author SHA1 Message Date
Andrew Bartlett
1e0f7792bb r8752: With all the infrustructure done, details like a SamSync migration
into LDB are actually quite easy.

This brings us the users, and sets basic domain information.

You are expected to have provisioned with the settings for the target
domain, and have joined the domain as a BDC.  Then simply 'net
samsync'.

Now we just need to flesh out the delta types.

Andrew Bartlett
2007-10-10 13:30:02 -05:00
Andrew Tridgell
9411bd4e5e r8748: fixed build. Andrew, please check. 2007-10-10 13:30:01 -05:00
Andrew Tridgell
3c12b46e32 r8702: fixed ntlm_auth build. Andrew, can you check I got this right? 2007-10-10 13:29:55 -05:00
Andrew Tridgell
a58ea6b385 r8520: fixed a pile of warnings from the build farm gcc -Wall output on
S390. This is an attempt to avoid the panic we're seeing in the
automatic builds.

The main fixes are:

 - assumptions that sizeof(size_t) == sizeof(int), mostly in printf formats

 - use of NULL format statements to perform dn searches.

 - assumption that sizeof() returns an int
2007-10-10 13:29:34 -05:00
Love Hörnquist Åstrand
56fd21c806 r8394: Make sure the argument to ctype is*(3) macros are unsigned char as
required by ISO C99.
2007-10-10 13:20:14 -05:00
Andrew Tridgell
b220756cb4 r8273: fixed some memory leaks in smbscript. This required converting
file_load() to use talloc, which impacted quite a few bits of code,
including our smb.conf processing.

took the opportunity to remove the gloabls in params.c while doing this
2007-10-10 13:19:29 -05:00
Jelmer Vernooij
fd3f463643 r7943: Add 'make manpages', fix 'make installman' and 'make uninstallman'.
Not part of the "all" make target yet, as it requires xsltproc
2007-10-10 13:18:53 -05:00
Andrew Tridgell
cf17f90a83 r7740: get rid of our duplicate base64 routines 2007-10-10 13:18:29 -05:00
Andrew Bartlett
4c254754d2 r7674: Fix the printf() attribute suggestion by correctly prototyping, then
declaring the static function.  The attribute only works on the
prototype, not the function.

Andrew Bartlett
2007-10-10 13:18:20 -05:00
Andrew Tridgell
3a3025485b r7633: this patch started as an attempt to make the dcerpc code use a given
event_context for the socket_connect() call, so that when things that
use dcerpc are running alongside anything else it doesn't block the
whole process during a connect.

Then of course I needed to change any code that created a dcerpc
connection (such as the auth code) to also take an event context, and
anything that called that and so on .... thus the size of the patch.

There were 3 places where I punted:

  - abartlet wanted me to add a gensec_set_event_context() call
    instead of adding it to the gensec init calls. Andrew, my
    apologies for not doing this. I didn't do it as adding a new
    parameter allowed me to catch all the callers with the
    compiler. Now that its done, we could go back and use
    gensec_set_event_context()

  - the ejs code calls auth initialisation, which means it should pass
    in the event context from the web server. I punted on that. Needs fixing.

  - I used a NULL event context in dcom_get_pipe(). This is equivalent
    to what we did already, but should be fixed to use a callers event
    context. Jelmer, can you think of a clean way to do that?

I also cleaned up a couple of things:

 - libnet_context_destroy() makes no sense. I removed it.

 - removed some unused vars in various places
2007-10-10 13:18:15 -05:00
Andrew Bartlett
50f3c2b3a2 r7525: Unify lp_load(), load_interfaces and logging setup into popt().
There is now a new --debug-stderr option to enable debug to STDERR.

popt isn't perfect, but the callbacks are used in all the main Samba
binaries, and should be used in the rest.  This avoids duplicated
code, and ensures every binary is setup correctly.

This also ensures the setup happens early enough to have -s function,
and have a correct impact on the credentials code.  (Fixing a bug that
frustrated tridge earlier today).

The only 'subtle' aspect of all this is that I'm pretty sure that the
SAMBA_COMMON popt code must be above the CREDENTIALS code, in the
popt tables.

Andrew Bartlett
2007-10-10 13:18:06 -05:00
Rafal Szczesniak
a50ebd4a16 r7382: Convert net_user code so that is can be compiled against
changed CreateUser call. Doesn't work yet, but the test
passes.

rafal
2007-10-10 13:17:48 -05:00
Jelmer Vernooij
e7549f33f5 r7249: Cope with struct member rename 2007-10-10 13:17:31 -05:00
Jelmer Vernooij
b00355bf0c r7117: Move more manpages to the source repository 2007-10-10 13:17:18 -05:00
Jelmer Vernooij
13cf227615 r6973: Merge new version of pidl into the main SAMBA_4_0 branch.
The main difference in this new version is the extra data structure generated
between the IDL data structure and the NDR parser:

IDL -> NDR -> { ndr_parser, ndr_header, eparser, etc }

This makes the ndr_parser.pm internals much more sane.

Other changes include:

- Remove unnecessary calls with NDR_BUFFERS (for example, GUID doesn't have any buffers, just scalars) as well as some (unnecessary) nested setting of flags.
- Parse array loops in the C code rather then calling ndr_pull_array(). This allows us to have, for example, arrays of pointers or arrays of pointers to arrays, etc..
- Use if() {} rather then if () goto foo; everywhere
- NDR_IN no longer implies LIBNDR_FLAG_REF_ALLOC
- By default, top level pointers are now "ref" (as is the default in
  most other IDL compilers). This can be overridden using the
  default_pointer_top() property.
- initial work on new ethereal parser generators by Alan DeKok and me
- pidl now writes errors in the standard format used by compilers, which
  is parsable by most editors
- ability to warn about the fact that pidl extension(s) have been used,
  useful for making sure IDL files work with other IDL compilers.

oh, and there's probably some other things I can't think of right now..
2007-10-10 13:17:01 -05:00
Tim Potter
affacc5398 r6951: Fix all calls to setup_logging() that use 'True' as a second argument.
In Samba4 this is now an enum.  Possibly by accident, True just happens
to map to the right value in this case.  (-:
2007-10-10 13:17:00 -05:00
Tim Potter
e6b53ce177 r6930: Use NBT_NAME_CLIENT instead of the number 0. 2007-10-10 13:16:57 -05:00
Jelmer Vernooij
b9d0ae93ba r6839: Add support for building subsystems as shared libraries. This can be
done by setting:
OUTPUT_TYPE = SHARED_LIBRARY
in the [SUBSYSTEM::...] section belonging to a subsystem.

The idea is to allow multiple values to OUTPUT_TYPE simultaneously
(e.g. OUTPUT_TYPE = SHARED_LIBRARY, STATIC_LIBRARY, OBJLIST )
2007-10-10 13:16:50 -05:00
Jelmer Vernooij
46509eb899 r6795: Make some functions static and remove some unused ones. 2007-10-10 13:16:44 -05:00
Stefan Metzmacher
a1c7fe2578 r6612: fix the build
metze
2007-10-10 13:16:30 -05:00
Stefan Metzmacher
55c9746da8 r6609: remove double entry for [BINARY::getntacl]
metze
2007-10-10 13:16:30 -05:00
Andrew Bartlett
550f17f992 r6573: Start on my project to implement an NT4 compatible BDC in Samba4.
This brings in a compatability layer for Samba3 in Samba4 - where we
will start to define file formats and similar details.

The 'net samdump' command uses 'password server = ' for now, and
performs a similar task to Samba3's 'net rpc samsync'.

Andrew Bartlett
2007-10-10 13:16:27 -05:00
Tim Potter
b32c159c38 r6527: Resurrect getntacl utility program. At the moment we only display the
output of ndr_print_xattr_NTACL() to stdout.
2007-10-10 13:16:22 -05:00
Andrew Tridgell
f8e77fcdea r6287: sorted out a small but surprisingly tricky dependency problem with the
ndr code for handling sids and security descriptors now that we have a
sid in the nbt IDL
2007-10-10 13:11:29 -05:00
Andrew Bartlett
2301a4b38a r6028: A MAJOR update to intergrate the new credentails system fully with
GENSEC, and to pull SCHANNEL into GENSEC, by making it less 'special'.

GENSEC now no longer has it's own handling of 'set username' etc,
instead it uses cli_credentials calls.

In order to link the credentails code right though Samba, a lot of
interfaces have changed to remove 'username, domain, password'
arguments, and these have been replaced with a single 'struct
cli_credentials'.

In the session setup code, a new parameter 'workgroup' contains the
client/server current workgroup, which seems unrelated to the
authentication exchange (it was being filled in from the auth info).

This allows in particular kerberos to only call back for passwords
when it actually needs to perform the kinit.

The kerberos code has been modified not to use the SPNEGO provided
'principal name' (in the mechListMIC), but to instead use the name the
host was connected to as.  This better matches Microsoft behaviour,
is more secure and allows better use of standard kerberos functions.

To achieve this, I made changes to our socket code so that the
hostname (before name resolution) is now recorded on the socket.

In schannel, most of the code from librpc/rpc/dcerpc_schannel.c is now
in libcli/auth/schannel.c, and it looks much more like a standard
GENSEC module.  The actual sign/seal code moved to
libcli/auth/schannel_sign.c in a previous commit.

The schannel credentails structure is now merged with the rest of the
credentails, as many of the values (username, workstation, domain)
where already present there.  This makes handling this in a generic
manner much easier, as there is no longer a custom entry-point.

The auth_domain module continues to be developed, but is now just as
functional as auth_winbind.  The changes here are consequential to the
schannel changes.

The only removed function at this point is the RPC-LOGIN test
(simulating the load of a WinXP login), which needs much more work to
clean it up (it contains copies of too much code from all over the
torture suite, and I havn't been able to penetrate its 'structure').

Andrew Bartlett
2007-10-10 13:11:15 -05:00
Jelmer Vernooij
e5bc6f4f17 r5924: Use cli_credentials in libnet/. 2007-10-10 13:11:08 -05:00
Jelmer Vernooij
1d49b57c50 r5917: First step in using the new cli_credentials structure. This patch
puts support for it into popt_common, adds a few utility functions
(in lib/credentials.c) and the callback functions for the command-line
(lib/cmdline/credentials.c). Comments are welcome :-)
2007-10-10 13:11:08 -05:00
Andrew Bartlett
824289dcc2 r5902: A rather large change...
I wanted to add a simple 'workstation' argument to the DCERPC
authenticated binding calls, but this patch kind of grew from there.

With SCHANNEL, the 'workstation' name (the netbios name of the client)
matters, as this is what ties the session between the NETLOGON ops and
the SCHANNEL bind.  This changes a lot of files, and these will again
be changed when jelmer does the credentials work.

I also correct some schannel IDL to distinguish between workstation
names and account names.  The distinction matters for domain trust
accounts.

Issues in handling this (issues with lifetime of talloc pointers)
caused me to change the 'creds_CredentialsState' and 'struct
dcerpc_binding' pointers to always be talloc()ed pointers.

In the schannel DB, we now store both the domain and computername, and
query on both.  This should ensure we fault correctly when the domain
is specified incorrectly in the SCHANNEL bind.

In the RPC-SCHANNEL test, I finally fixed a bug that vl pointed out,
where the comment claimed we re-used a connection, but in fact we made
a new connection.

This was achived by breaking apart some of the
dcerpc_secondary_connection() logic.

The addition of workstation handling was also propogated to NTLMSSP
and GENSEC, for completeness.

The RPC-SAMSYNC test has been cleaned up a little, using a loop over
usernames/passwords rather than manually expanded tests.  This will be
expanded further (the code in #if 0 in this patch) to use a newly
created user account for testing.

In making this test pass test_rpc.sh, I found a bug in the RPC-ECHO
server, caused by the removal of [ref] and the assoicated pointer from
the IDL.  This has been re-added, until the underlying pidl issues are
solved.
2007-10-10 13:11:07 -05:00
Tim Potter
d59bc9dc9b r5827: Make ndrdump accept a uuid as well as a pipe name to specify
which rpc interface to use.
2007-10-10 13:11:04 -05:00
Tim Potter
c3c6dafc31 r5782: Use standard input for reading packet data if filename not specified. 2007-10-10 13:11:03 -05:00
Rafal Szczesniak
eb66180d14 r5425: Convert function tables to new structure (with description)
and remove unnecessary help functions as help is generated
automatically. Usage functions with precise information about
usage of each leaf node remain.

rafal
2007-10-10 13:10:44 -05:00
Rafal Szczesniak
24f7a3860e r5424: Automatically generate basic help display on basis of name
and description from function table.

rafal
2007-10-10 13:10:44 -05:00
Rafal Szczesniak
48568959a8 r5423: Change function table structure to allow short description
of command groups. Also give up help function pointer in the
structure since it's needed only in leaf nodes of command tree,
and leaf nodes decide about help on their own. Usage function
is still available on all levels.

rafal
2007-10-10 13:10:44 -05:00
Andrew Tridgell
6f9eb74ef8 r5413: enable standard samba command line options in ndrdump (so -d works) 2007-10-10 13:10:43 -05:00
Andrew Tridgell
9536936992 r5412: don't force initial debug level up in ndrdump 2007-10-10 13:10:43 -05:00
Rafal Szczesniak
5cebb4feed r5400: Slightly better handling of help messages in net tool.
rafal
2007-10-10 13:10:41 -05:00
Rafal Szczesniak
3005f0408c r5381: Added net_user.c with net tool interface for managing user accounts.
rafal
2007-10-10 13:09:49 -05:00
Rafal Szczesniak
d8fa9baf24 r5380: Removed extra newline.
rafal
2007-10-10 13:09:49 -05:00
Andrew Tridgell
80a95d5688 r5328: - allow case sensitive nbt name lookups
- added --case-sensitive option to nmblookup

 - added case sensitivity tests to the NBT-WINS test
2007-10-10 13:09:42 -05:00
Andrew Tridgell
bf43c9bdcf r5308: trimmed back a lot of the old macros from smb_macros.h 2007-10-10 13:09:40 -05:00
Andrew Tridgell
b902ea546d r5304: removed lib/socket/socket.h from includes.h 2007-10-10 13:09:39 -05:00
Andrew Tridgell
93931b1a74 r5300: more uint32 and system/filesys.h build fixes when developer mode is enabled 2007-10-10 13:09:39 -05:00
Andrew Tridgell
9db6c79e90 r5298: - got rid of pstring.h from includes.h. This at least makes it a bit
less likely that anyone will use pstring for new code

 - got rid of winbind_client.h from includes.h. This one triggered a
   huge change, as winbind_client.h was including system/filesys.h and
   defining the old uint32 and uint16 types, as well as its own
   pstring and fstring.
2007-10-10 13:09:38 -05:00
Andrew Tridgell
bb1ab11d8e r5294: - added a separate NBT-WINS test for WINS operations (register, refresh, release and query)
- change the iface_n_*() functions to return a "const char *" instead of a "struct ipv4_addr"
  I think that in general we should move towards "const char *" for
  all IP addresses, as this makes IPv6 much easier, and is also easier
  to debug. Andrew, when you get a chance, could you fix some of the
  auth code to use strings for IPs ?

- return a NTSTATUS error on bad name queries and node status instead
  of using rcode. This makes the calling code simpler.

- added low level name release code in libcli/nbt/

- use a real IP in the register and wins nbt torture tests, as w2k3
  WINS server silently rejects some operations that don't come from the
  IP being used (eg. it says "yes" to a release, but does not in fact
  release the name)
2007-10-10 13:09:37 -05:00
Andrew Tridgell
554d1b70e7 r5261: translate nbt rcode errors to NTSTATUS codes 2007-10-10 13:09:35 -05:00
Andrew Tridgell
919bc14e7b r5260: - show an error message on nmblookup failure
- always try to enable broadcast on nbt name sockets (this matches
  samba3 behaviour better)
2007-10-10 13:09:35 -05:00
Andrew Tridgell
d56e68ebf5 r5252: - fixed nmblookup for the nbt api changes
- added a simple WINS server name registration and query test
2007-10-10 13:09:34 -05:00
Andrew Tridgell
d7d31fdc66 r5114: the nbtd task can now act as a basic B-node server. It registers its
names on the network and answers name queries. Lots of details are
still missing, but at least this now means you don't need a Samba3
nmbd to use Samba4.

missing pieces include:

 - name registrations should be "shout 3 times, then demand"

 - no WINS server yet

 - no master browser code
2007-10-10 13:09:23 -05:00
Andrew Tridgell
9587cbcb9e r5054: added a nmblookup tool, based on the new nbt library 2007-10-10 13:09:18 -05:00
Andrew Tridgell
ec32b22ed5 r5037: got rid of all of the TALLOC_DEPRECATED stuff. My apologies for the
large commit. I thought this was worthwhile to get done for
consistency.
2007-10-10 13:09:15 -05:00