1
0
mirror of https://github.com/samba-team/samba.git synced 2024-12-22 13:34:15 +03:00
Commit Graph

1203 Commits

Author SHA1 Message Date
Andrew Bartlett
90efbe0fad s3-gse Remove or make static unused/local-only GSE functions
The GSE layer is now used via the GENSEC module, so we do not need these
functions exposed any more.

Andrew Bartlett

Signed-off-by: Stefan Metzmacher <metze@samba.org>
2012-01-18 16:23:23 +01:00
Andrew Bartlett
f70c9fb76c s3-librpc Remove layer around struct gensec_security
Signed-off-by: Stefan Metzmacher <metze@samba.org>
2012-01-18 16:23:22 +01:00
Andrew Bartlett
5ddec1182e s3-librpc: Simplify SPNEGO code now that all mechs use a struct gensec_security
Signed-off-by: Stefan Metzmacher <metze@samba.org>
2012-01-18 16:23:22 +01:00
Andrew Bartlett
0c1b4c2321 s3-librpc Call SPENGO/GSSAPI via the auth_generic layer and gensec
This simplifies a lot of code, as we know we are always dealing
with a struct gensec_security, and allows the gensec module being
used to implement GSSAPI to be swapped for AD-server operation.

Andrew Bartlett

Signed-off-by: Stefan Metzmacher <metze@samba.org>
2012-01-18 16:23:22 +01:00
Andrew Bartlett
53cc9c6a30 s3-librpc Allow spnego_generic_init_client to handle kerberos too
Signed-off-by: Stefan Metzmacher <metze@samba.org>
2012-01-18 16:23:22 +01:00
Andrew Bartlett
e012ad9d8b s3-librpc Call GSSAPI via the auth_generic layer and gensec
This simplifies a lot of code, as we know we are always dealing with a
struct gensec_security, and allows the gensec module being used to
implement GSSAPI to be swapped when required for AD-server operation.

Andrew Bartlett

Signed-off-by: Stefan Metzmacher <metze@samba.org>
2012-01-18 16:23:22 +01:00
Andrew Bartlett
d95d59138c s3-gse Make gse available as a gensec client module
Signed-off-by: Stefan Metzmacher <metze@samba.org>
2012-01-18 16:23:22 +01:00
Andrew Bartlett
cbd8231e34 s3-gse: Add gensec wrapper for gse GSSAPI client
This brings in part of the s4 gensec_gssapi as the boilerplate for the
new module.

Andrew Bartlett

Signed-off-by: Stefan Metzmacher <metze@samba.org>
2012-01-18 16:23:21 +01:00
Volker Lendecke
cfebba96bd s3: Put an indirection layer into share_mode_lock
Signed-off-by: Jeremy Allison <jra@samba.org>
2012-01-12 23:59:22 +01:00
Andrew Bartlett
49bafcfa48 s3-librpc Supply target service and server to spnego_generic_init_client()
Signed-off-by: Stefan Metzmacher <metze@samba.org>
2012-01-11 09:09:43 +01:00
Andrew Bartlett
50a939ad85 s3-librpc: Rename spnego_ntlmssp_init_client and make generic
Signed-off-by: Stefan Metzmacher <metze@samba.org>
2012-01-11 09:05:01 +01:00
Andrew Bartlett
e8cd972177 s3-librpc: rename get_ntlmssp_auth_footer to be more generic
This can handle any gensec auth type now.

Andrew Bartlett

Signed-off-by: Stefan Metzmacher <metze@samba.org>
2012-01-11 09:04:52 +01:00
Andrew Bartlett
6412ff84ce s3-librpc Return user principal name on supplied mem_ctx
Signed-off-by: Stefan Metzmacher <metze@samba.org>
2012-01-11 08:25:19 +01:00
Andrew Bartlett
a00032a92d s3-libsmb Make auth_ntlmssp client more generic
As well as renaming, this allows us to start the mech by DCE/RPC auth
type or OID.

Andrew Bartlett

Signed-off-by: Stefan Metzmacher <metze@samba.org>
2012-01-06 08:12:49 +01:00
Andrew Bartlett
4ac34f3288 s3-librpc remove unused headers
Signed-off-by: Stefan Metzmacher <metze@samba.org>
2012-01-05 17:17:29 +01:00
Stefan Metzmacher
73ed88df35 s3:gse: MIT krb5 1.8.1 has a bug in gss_wrap_iov()
gss_krb5int_make_seal_token_v3_iov() doesn't set '*conf_state'.

metze
2012-01-05 17:17:28 +01:00
Andrew Bartlett
a1fd1a4c65 s3-librpc store the sign/seal flags we got in the gssapi client
Signed-off-by: Stefan Metzmacher <metze@samba.org>
2012-01-05 17:17:28 +01:00
Andrew Bartlett
860ad734ba s3-libads Factor out a new routine kerberos_get_principal_from_service_hostname()
This is now used in the GSE GSSAPI client, so that when we connect to
a target server at the CIFS level, we use the same name to connect
at the DCE/RPC level.

Andrew Bartlett

Signed-off-by: Stefan Metzmacher <metze@samba.org>
2012-01-05 17:17:28 +01:00
Andrew Bartlett
25d7675d69 s3-librpc Use gsskrb5_get_subkey() where available to get the session key
This allows gse_get_session_key() to work against Heimdal.

Andrew Bartlett

Signed-off-by: Stefan Metzmacher <metze@samba.org>
2012-01-05 17:17:28 +01:00
Andrew Bartlett
21fb9a47ea s3-librpc Use gensec_sig_size() instead of a fixed NTLMSSP_SIG_SIZE
Signed-off-by: Stefan Metzmacher <metze@samba.org>

Autobuild-User: Stefan Metzmacher <metze@samba.org>
Autobuild-Date: Thu Dec 22 20:57:27 CET 2011 on sn-devel-104
2011-12-22 20:57:27 +01:00
Andrew Bartlett
6391fff9da s3-auth rename auth_ntlmssp_state -> auth_generic_state
This structure handles more than NTLMSSP now, at least when we are an AD DC
and so changing the name may avoid some confusion in the future.

Andrew Bartlett

Signed-off-by: Stefan Metzmacher <metze@samba.org>
2011-12-22 19:25:10 +01:00
Volker Lendecke
3441c01b16 s3: Convert open_files.idl to tab indents 2011-12-13 14:14:24 +01:00
Stefan Metzmacher
4eb5b0b392 s3:messaging.idl: obsolete unused MSG_SMB_SAM_*
metze

Autobuild-User: Stefan Metzmacher <metze@samba.org>
Autobuild-Date: Tue Dec 13 14:13:38 CET 2011 on sn-devel-104
2011-12-13 14:13:38 +01:00
Volker Lendecke
1c46fb5c3e s3: Use autogenerated open_files.idl 2011-12-02 22:43:05 +01:00
Volker Lendecke
0c325463a2 s3: Add open_files.idl 2011-12-02 22:43:05 +01:00
Volker Lendecke
a86c536227 s3: Remove some leftovers of old ctdb tdb2 code 2011-10-31 12:48:06 +01:00
Andrew Bartlett
321204eaeb s3-ntlmssp Remove references to auth_ntlmssp_context from the rpc code
We always dereferenced auth_ntlmssp_state->gensec_security, so now we
do not bother passing around the whole auth_ntlmssp_state.

Andrew Bartlett

Signed-off-by: Stefan Metzmacher <metze@samba.org>
2011-10-21 08:50:55 +02:00
Andrew Bartlett
0a0839821a s3-ntlmssp Remove auth_ntlmssp_session_key()
We now just call the gensec_session_key() directly.

Andrew Bartlett

Signed-off-by: Stefan Metzmacher <metze@samba.org>
2011-10-21 08:43:38 +02:00
Andrew Bartlett
3f079885b2 s3-ntlmssp Remove auth_ntlmssp_want_feature()
We now just call the gensec_want_feature() directly.

Andrew Bartlett

Signed-off-by: Stefan Metzmacher <metze@samba.org>
2011-10-21 08:43:33 +02:00
Andrew Bartlett
bd29f79463 s3-ntlmssp use gensec_{seal,unseal,sign,check}_packet
This avoids the indirection via the auth_ntlmsssp wrapper functions.

Andrew Bartlett

Signed-off-by: Stefan Metzmacher <metze@samba.org>
2011-10-21 08:43:23 +02:00
Andrew Bartlett
083025ccd5 s3-ntlmssp Remove auth_ntlmssp_update wrapper
We now just call gensec_update directly.

Andrew Bartlett

Signed-off-by: Stefan Metzmacher <metze@samba.org>
2011-10-21 08:43:10 +02:00
Andrew Bartlett
f9b042641f s3-ntlmssp split auth_ntlmssp_client_start() into two parts
This will allow it to be a wrapper around a gensec module, which
requires that they options be set on a context, but before the
mechanism is started.

This also simplfies the callers, by moving the lp_*() calls
into one place.

Andrew Bartlett
2011-10-18 12:25:30 +02:00
Andrew Bartlett
0c6e4adcb2 ntlmssp: Move ntlmssp code to auth/ntlmssp
This brings in the code from both libcli/auth and
source4/auth/ntlmssp.

Andrew Bartlett

Signed-off-by: Stefan Metzmacher <metze@samba.org>
2011-10-18 13:13:31 +11:00
Volker Lendecke
f5081df369 s3: Remove an unused variable 2011-09-30 10:21:43 +02:00
Andreas Schneider
61ada700a6 s3-id_cache: Use better names for id cache management ops
The IDMAP term is normally associated with Winbind's idmap stuff.
These functions deal with id caching not id mapping.

Signed-off-by: Simo Sorce <idra@samba.org>
2011-08-21 09:08:25 -04:00
Simo Sorce
5c1a8dcf8e s3-messaging: Add preforked child-parent message types
Signed-off-by: Andreas Schneider <asn@samba.org>
Signed-off-by: Simo Sorce <idra@samba.org>
2011-08-21 09:05:06 -04:00
Simo Sorce
d1bc22eeb3 s3-rpc_server: Use rpc_epmapper_mode() in ep_register()
Signed-off-by: Andreas Schneider <asn@samba.org>
Signed-off-by: Simo Sorce <idra@samba.org>
2011-08-21 09:05:03 -04:00
Simo Sorce
0825a52a36 Revert "s3-messaging: IDMAP_ messages belongs to the Winbind range"
This reverts commit 102f39ae3e.

These messages are handled by smbd not winbind, and could potentially be of
general interest.

Autobuild-User: Simo Sorce <idra@samba.org>
Autobuild-Date: Fri Aug 19 16:16:05 CEST 2011 on sn-devel-104
2011-08-19 16:16:05 +02:00
Simo Sorce
102f39ae3e s3-messaging: IDMAP_ messages belongs to the Winbind range
Autobuild-User: Simo Sorce <idra@samba.org>
Autobuild-Date: Tue Aug 16 22:27:05 CEST 2011 on sn-devel-104
2011-08-16 22:27:05 +02:00
Simo Sorce
9f12575712 s3-messaging: Change classification of MSG_SMB_CONF_UPDATED.
smbd is not the only daemon interested in smb.conf changes. Move this
message to the GENERAL class so that all interested partied (nmbd,
winbindd, spoolssd, etc..) can receive this notification.

Signed-off-by: Andreas Schneider <asn@samba.org>
2011-08-11 14:58:05 +02:00
Simo Sorce
b706fd37f6 s3-messaging: Fix messaging classes.
This has been broken since ff0ac5b0 (May 2007).
Basically all messages were belonging to the General class except for CTDB
messages.
This fixed the message_send_all() function to correctly compute the class, and
fixes registrations to include all they need to cope with the fact not all
messages are of calss general (registrations rotted a bit because as long as
FLAG_MSG_GENERAL was defined the process woould receive all messages).

Signed-off-by: Andreas Schneider <asn@samba.org>
2011-08-11 14:58:01 +02:00
Simo Sorce
cb1af61cb1 s3-messaging: Remove obsolete class.
The FLAG_MSG_PRINT_NOTIFY class is actually obsolete and never used, as the
only message belonging to it is not used either.

Signed-off-by: Andreas Schneider <asn@samba.org>
2011-08-11 14:57:55 +02:00
Andrew Bartlett
7b1d6a6a05 selftest: test plugin_s4_dc against all ncacn_np tests
Changes to the s3 epmapper behaviour seem to have fixed the rest of these
tests.

Andrew Bartlett
2011-08-03 18:48:05 +10:00
Andrew Bartlett
1231b784a1 s3-ntlmssp Remove auth_ntlmssp_and_flags()
There is no need to mask out these flags as they simply are not set
yet.

The correct abstraction is to ask for NTLMSSP features.

Andrew Bartlett

Signed-off-by: Andrew Tridgell <tridge@samba.org>
2011-08-03 18:48:03 +10:00
Andrew Bartlett
bba5f0a641 s3-ntlmssp Remove auth_ntlmssp_or_flags
We now just use auth_ntlmssp_want_feature to get extra flags
on the NTLMSSP context

Andrew Bartlett

Signed-off-by: Andrew Tridgell <tridge@samba.org>
2011-08-03 18:48:03 +10:00
Andrew Bartlett
778bf87d8d s3-ntlmssp Remove calls to auth_ntlmssp_and_flags from the server
This is changed so that the callers ask for the additional flags
that they need, starting with no additional flags.

This helps to create a proper abstraction layer in
ntlmssp_wrap/auth_ntlmssp.

Andrew Bartlett

Signed-off-by: Andrew Tridgell <tridge@samba.org>
2011-08-03 18:48:03 +10:00
Andrew Bartlett
6d7ac4f1ad s3-ntlmssp Add mem_ctx argument to auth_ntlmssp_update
This clarifies the lifetime of the returned token.

Andrew Bartlett

Signed-off-by: Andrew Tridgell <tridge@samba.org>
2011-08-03 18:48:03 +10:00
Andrew Bartlett
dee845eb70 s3-ntlmssp Add mem_ctx argument to auth_ntlmssp_get_session_key() 2011-08-03 18:48:02 +10:00
Andrew Bartlett
d3fe48ba48 gensec: Remove mem_ctx from calls that do not return memory
Signed-off-by: Andrew Tridgell <tridge@samba.org>
2011-08-03 18:48:01 +10:00
Andreas Schneider
4b751b29e5 s3-librpc: Remove obsolete dcerpc_binding_vector_create(). 2011-08-01 08:50:35 +02:00
Andreas Schneider
02cdb65fc6 s3-librpc: Add dcerpc_binding_vector_replace_iface(). 2011-08-01 08:50:35 +02:00
Andreas Schneider
9cc6f90424 s3-librpc: Add dcerpc_binding_vector_dup(). 2011-08-01 08:50:35 +02:00
Andreas Schneider
169d0c4312 s3-librpc: Add dcerpc_binding_vector_add_unix(). 2011-08-01 08:50:35 +02:00
Andreas Schneider
eaced2e909 s3-librpc: Add dcerpc_binding_vector_add_port(). 2011-08-01 08:50:35 +02:00
Andreas Schneider
c810e47519 s3-librpc: Add dcerpc_binding_vector_add_np_default(). 2011-08-01 08:50:35 +02:00
Andreas Schneider
08523ed6b8 s3-librpc: Add dcerpc_binding_vector_new(). 2011-08-01 08:50:34 +02:00
Günther Deschner
3fd1652104 s3-secrets: add lsa_secret struct to secrets IDL.
Guenther
2011-07-31 22:37:26 +02:00
Andrew Bartlett
481f05ce02 s3-gse Work around the MIT 1.9 gss_krb5_import_cred
We detect this function at configure time, but it currently fails to
operate the way we need - that is, when the principal is not
specified, it gives this error.  When the principal is specified we
get 'wrong principal in request' in the GSS acceptor, so for now the
best option is to fall back to the alternate approach.

Andrew Bartlett

Autobuild-User: Andrew Bartlett <abartlet@samba.org>
Autobuild-Date: Wed Jul 20 06:35:05 CEST 2011 on sn-devel-104
2011-07-20 06:35:05 +02:00
Andrew Bartlett
8ee3ba791d s3-gse Allow printing the partial error string
We may not be able to obtain the full error string, so print what we can get.

This is required when the error is the the GSSAPI layer, not the mechanism.

Andrew Bartlett
2011-07-20 12:04:45 +10:00
Andreas Schneider
c69f2c4de9 s3-librpc: Pass messaging context to dcerpc register functions. 2011-07-14 16:10:47 +02:00
Andreas Schneider
45f70db010 s3-auth: Added remote_address to ntlmssp server.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
2011-07-04 18:28:00 +10:00
Andreas Schneider
541f3cf639 s3-rpc_server: Migrate rpc function to tsocket_address.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
2011-07-04 18:27:58 +10:00
Volker Lendecke
0a74caa473 s3: explicitly pass domain_sid to wbint_LookupRids() (bug #7841)
Autobuild-User: Volker Lendecke <vlendec@samba.org>
Autobuild-Date: Mon Jun 27 18:21:30 CEST 2011 on sn-devel-104
2011-06-27 18:21:30 +02:00
Andrew Bartlett
74eed8f3ed s3-param Remove special case for global_myname(), rename to lp_netbios_name()
There is no reason this can't be a normal constant string in the
loadparm system, now that we have lp_set_cmdline() to handle overrides
correctly.

Andrew Bartlett
2011-06-09 12:40:09 +02:00
Andrew Bartlett
a772797a38 librpc/idr Use the Samba3 notify.idl in common.
The extra fields in the structure that Samba4 does not use should not
bother it.

Andrew Bartlett

Signed-off-by: Andrew Tridgell <tridge@samba.org>
2011-06-09 12:40:08 +02:00
Andrew Bartlett
d057116cc2 server_id.idl: Bring server_id.idl in common
Andrew Bartlett

Signed-off-by: Andrew Tridgell <tridge@samba.org>
2011-06-09 12:40:08 +02:00
Andrew Bartlett
174893c312 s3-server_id change pid to hyper
This matches Samba4's server_id.

Signed-off-by: Andrew Tridgell <tridge@samba.org>
2011-06-09 12:40:08 +02:00
Andrew Bartlett
cc3b75b807 s3-server_id Add task_id to server_id to match Samba4
This will allow this structure to be shared, and allow us to create a
common messaging system between all Samba processes.  Samba4 uses the
task_id to indicate the different tasks within a single unix process.

Andrew Bartlett

Signed-off-by: Andrew Tridgell <tridge@samba.org>
2011-06-09 12:40:08 +02:00
Michael Adam
9549cf125a s3:librpc: remove unused file librpc/ndr/util.h
Autobuild-User: Michael Adam <obnox@samba.org>
Autobuild-Date: Tue May 31 15:19:46 CEST 2011 on sn-devel-104
2011-05-31 15:19:46 +02:00
Christian Ambach
df650fa8cf s3:smbd remove unused code
in the early CTDB days, the RELEASE_IP message was defined
and some code was added to react on such a message to make
smbd exit if the IP address it was using for the server socket
is removed by CTDB.
Later, it was discovered that we need to stop smbd immediately
and logic was added to ctdb_conn to call release_ip() without
going through the messaging system.

So this code is not used and can be removed

Autobuild-User: Christian Ambach <ambi@samba.org>
Autobuild-Date: Fri May 20 16:18:24 CEST 2011 on sn-devel-104
2011-05-20 16:18:24 +02:00
Andrew Bartlett
c615ebed6e s3-lib Replace StrCaseCmp() with strcasecmp_m()
strcasecmp_m() never needs to call to talloc, and via next_codepoint()
still has an ASCII fast-path bypassing iconv() calls.

Andrew Bartlett
2011-05-18 16:12:08 +02:00
Andrew Bartlett
41b3c38587 librpc/ndr Merge ndr_print_sockaddr_storage() into common code
There is no longer a reason to leave this source3 specific, and this
brings it into a library (avoiding duplicate symbols).

Andrew Bartlett
2011-05-18 16:12:08 +02:00
Michael Adam
05e8881fef s3:librpc: remove unneded gssapi includes from source3/librpc/crypto/gse.c
These come in via the smb_krb5.h include (and lib/replace/system/kerberos.h)
in the end.

Pair-Programmed-With: Stefan Metzmacher <metze@samba.org>

Autobuild-User: Michael Adam <obnox@samba.org>
Autobuild-Date: Tue May 10 23:12:31 CEST 2011 on sn-devel-104
2011-05-10 23:12:31 +02:00
Jeremy Allison
4f41be356a Fix many const compiler warnings. 2011-05-05 10:41:59 -07:00
Günther Deschner
0bb4701a74 s3: remove various references to server side dcerpc structs (which are not needed).
Guenther
2011-05-02 15:03:44 +02:00
Günther Deschner
80fa624861 s3: move pipe_auth_data to dcerpc.h
Guenther
2011-05-02 15:03:44 +02:00
Günther Deschner
bc781bf7d9 s3-proto: remove duplicate prototypes.
Guenther
2011-04-29 21:01:05 +02:00
Günther Deschner
faf1175125 s3-proto: move more librpc prototypes to librpc/rpc/dcerpc.h
Guenther
2011-04-29 21:01:04 +02:00
Günther Deschner
bc6f24e89f s3-build: remove some unused headers.
Guenther
2011-04-29 12:19:03 +02:00
Andrew Bartlett
91ebf22fa8 s3-rpc_server Fix compile without kerberos
Autobuild-User: Andrew Bartlett <abartlet@samba.org>
Autobuild-Date: Wed Apr 27 23:08:48 CEST 2011 on sn-devel-104
2011-04-27 23:08:48 +02:00
Andrew Bartlett
cd7112ba84 s3-gse: Don't release the mech OID from gss_accept_security_context
This is constant data according to the man pages I find for this
fucntion, and causes a segfault to free() when linked to Heimdal.  I
am advised that while it is constant for gss_mech_krb5, it may not be
for other mechanisms, so an assert will ensure this is dealt with by
the programmer who extends this code in future.

Andrew Bartlett
2011-04-27 11:56:48 +10:00
Andrew Bartlett
6ec4306f8c auth/kerberos: Create common helper to get the verified PAC from GSSAPI
This only works for Heimdal and MIT Krb5 1.8, other versions will get
an ACCESS_DEINED error.

We no longer manually verify any details of the PAC in Samba for
GSSAPI logins, as we never had the information to do it properly, and
it is better to have the GSSAPI library handle it.

Andrew Bartlett
2011-04-27 11:56:48 +10:00
Andrew Bartlett
3a2afe4285 s3-gse: Allow the GSSAPI wrapper to load a keytab using gss_krb5_import_cred()
This Heimdal function does not set the global state, and allows the
GSSAPI server to progress further when compiled against Heimdal (such
as in the top level build).

The ability to specify a keytab has been removed from the API as it is
unused, and and the Heimdal function (avoiding setting global
variables) works with an open keytab.

Andrew Bartlett
2011-04-20 04:31:07 +02:00
Andrew Bartlett
1f534422cc s3-gse Allow GSSAPI wrapper to compile against Heimdal 2011-04-16 11:43:05 +02:00
Volker Lendecke
a671885f49 s3: Add wbint_Sids2UnixIDs idl & implementation
Signed-off-by: Jeremy Allison <jra@samba.org>
2011-04-13 14:13:25 -07:00
Volker Lendecke
091fd0f0f7 s3: Add wbint_LookupSids
This will be called from wb_lookupsids to query remote DCs via lsa

Signed-off-by: Jeremy Allison <jra@samba.org>
2011-04-13 14:13:24 -07:00
Günther Deschner
f102748061 s3-librpc: let librpc/rpc/dcerpc.h include ndr and generated dcerpc headers.
Guenther
2011-04-12 12:20:43 +02:00
Andrew Bartlett
0415a5736e s3-librpc Fix creation of in-memory keytab for previous password
We set the current password twice, rather than the current and old
password.

Andrew Bartlett
2011-04-06 12:34:58 +10:00
Günther Deschner
a730dff783 s3-libndr: add ../librpc/ndr/libndr.h include in some places.
Guenther
2011-03-31 00:14:01 +02:00
Günther Deschner
6e3f0d28a4 s3-includes: only include ntdomain.h where needed.
Guenther
2011-03-30 01:13:09 +02:00
Günther Deschner
146c1aac99 s3-auth: rpc_server needs auth.h
Guenther
2011-03-30 01:13:09 +02:00
Günther Deschner
b903c28939 librpc: bring more librpc prototypes in common.
Guenther
2011-03-23 23:59:11 +01:00
Andreas Schneider
73faa82bf9 s3-rpc_server: Implement an endpoint monitor loop. 2011-03-23 17:19:22 +01:00
Andreas Schneider
81a2046879 s3-librpc: Leave the epm registration connection open. 2011-03-23 17:19:22 +01:00
Stefan Metzmacher
72c1fe0081 librpc/rpc: move DCERPC_ flags to rpc_common.h
metze

Autobuild-User: Stefan Metzmacher <metze@samba.org>
Autobuild-Date: Sun Mar 13 20:45:53 CET 2011 on sn-devel-104
2011-03-13 20:45:53 +01:00
Stefan Metzmacher
f7840b3293 s3:librpc/rpc: add DCERPC_ANON_FALLBACK flag
With this they're in sync with source4.

metze
2011-03-13 19:24:57 +01:00
Stefan Metzmacher
08dca92499 librpc/rpc: move struct dcerpc_binding to rpc_common.h
metze
2011-03-13 16:53:05 +01:00
Stefan Metzmacher
7b7baecf1a s3:librpc/rpc: add target_principal to struct dcerpc_binding
This brings the source3 copy in sync with the source4 copy
of struct dcerpc_binding.

metze
2011-03-13 16:52:59 +01:00
Stefan Metzmacher
83c55ac67e librpc/rpc: move enum dcerpc_transport_t to rpc_common.h
metze
2011-03-13 16:33:06 +01:00
Stefan Metzmacher
b738e092a2 librpc/rpc: move dcerpc_binding_handle stuff to rpc_common.h
metze

Autobuild-User: Stefan Metzmacher <metze@samba.org>
Autobuild-Date: Fri Mar 11 12:28:08 CET 2011 on sn-devel-104
2011-03-11 12:28:08 +01:00
Stefan Metzmacher
5657c96714 s3:librpc/rpc: remove unused dcerpc_pipe define hack
metze
2011-03-11 11:02:24 +01:00
Günther Deschner
d92e060dd9 s3-epmap: fix uninitialized variable in ep_register()
Guenther

Signed-off-by: Günther Deschner <gd@samba.org>
2011-03-08 11:41:31 +01:00
Andreas Schneider
ce491edcad s3-librpc: Register NCALRPC pipes.
Signed-off-by: Günther Deschner <gd@samba.org>
2011-03-08 11:41:30 +01:00
Andreas Schneider
cc5b88545d s3-rpc_server: Introduce transport in pipe_struct.
Signed-off-by: Günther Deschner <gd@samba.org>
2011-03-08 11:41:30 +01:00
Andreas Schneider
148ed2c3f9 s3-librpc: Register endpoints using ncalrpc.
Signed-off-by: Günther Deschner <gd@samba.org>
2011-03-08 11:41:29 +01:00
Andreas Schneider
d343409d6b s3-rpc_client: Added DCERPC_AUTH_TYPE_NCALRPC bind.
Signed-off-by: Günther Deschner <gd@samba.org>
2011-03-08 11:41:29 +01:00
Andreas Schneider
c80e519cdc s3-librpc: Free memory we don't need.
Signed-off-by: Günther Deschner <gd@samba.org>
2011-03-08 11:41:28 +01:00
Andreas Schneider
a45353b3e2 s3-librpc: Added tcpip support for dcerpc_binding_vector_create.
Signed-off-by: Günther Deschner <gd@samba.org>
2011-03-08 11:41:28 +01:00
Andreas Schneider
bf18403c81 s3-rpc_client: Move client pipe functions to own header. 2011-02-28 18:15:04 +01:00
Gregor Beck
58081884f7 s3: smbcontrol to notify smbd about idmap changes
Autobuild-User: Michael Adam <obnox@samba.org>
Autobuild-Date: Mon Feb 28 14:07:23 CET 2011 on sn-devel-104
2011-02-28 14:07:23 +01:00
Andrew Bartlett
2e69e89456 s3-auth Rename auth_serversupplied_info varaiables: server_info -> session_info
These variables, of type struct auth_serversupplied_info were poorly
named when added into 2001, and in good consistant practice, this has
extended all over the codebase in the years since.

The structure is also not ideal for it's current purpose.  Originally
intended to convey the results of the authentication modules, it
really describes all the essential attributes of a session.  This
rename will reduce the volume of a future patch to replaced these with
a struct auth_session_info, with auth_serversupplied_info confined to
the lower levels of the auth subsystem, and then eliminated.

(The new structure will be the output of create_local_token(), and the
change in struct definition will ensure that this is always run, populating
local groups and privileges).

Andrew Bartlett

Signed-off-by: Stefan Metzmacher <metze@samba.org>
2011-02-22 16:20:10 +11:00
Andreas Schneider
59f7bcbc39 s3-librpc: Only register NCACN_NP.
This is the only transport we support at the moment.
2011-02-21 23:00:02 +01:00
Andrew Tridgell
c8b2b10976 s3-waf: use SAMBA3_*() build rules in source3/build
this brings the s3 waf build much closer to the proposed s3build top
level build, using the same bld.SAMBA3_*() rules

There are a few renames of subsystems in here, with a 3 suffix where
it would create a conflict.

Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2011-02-18 16:46:41 +11:00
Andrew Tridgell
41b1f97943 s3-build: allow waf build of s3 IDL files from any top directory
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2011-02-18 15:09:46 +11:00
Günther Deschner
6840549123 s3: add server_id.idl and use only autogenerated code.
Volker, Tridge and other clustering gurus, please check.

It is ok to get rid of ifdef CLUSTER_SUPPORT here, right ?
Why was unique_id not marshalled at all ?

Guenther
2011-02-17 16:02:19 +01:00
Günther Deschner
e34ba447ec s3-librpc: move server_id marshalling to own helper file.
(in preparation of merging struct server_id).

Guenther

Autobuild-User: Günther Deschner <gd@samba.org>
Autobuild-Date: Wed Feb 16 00:02:33 CET 2011 on sn-devel-104
2011-02-16 00:02:33 +01:00
Günther Deschner
b3ea56ae16 s3-librpc: no need to globally include endpointmapper headers.
Guenther

Autobuild-User: Günther Deschner <gd@samba.org>
Autobuild-Date: Mon Feb 14 12:31:56 CET 2011 on sn-devel-104
2011-02-14 12:31:56 +01:00
Günther Deschner
9d9659896b s3-librpc: remove duplicate prototypes.
Guenther
2011-02-14 11:47:19 +01:00
Günther Deschner
ad0a3185ce librpc: move preg.idl to main directory.
Guenther

Autobuild-User: Günther Deschner <gd@samba.org>
Autobuild-Date: Thu Feb 10 13:56:49 CET 2011 on sn-devel-104
2011-02-10 13:56:49 +01:00
Günther Deschner
fdd4d56405 s3: give ../librpc/ndr/util.c its own header.
Guenther
2011-02-10 12:58:06 +01:00
Günther Deschner
84dbc2a82d ndr: merge ndr_map_error2string and ndr_errstr.
Guenther
2011-02-08 08:58:31 +01:00
Günther Deschner
8b55ae1785 ndr: move null_ndr_syntax_id to the common libndr location.
Guenther
2011-02-08 08:58:21 +01:00
Günther Deschner
724c982131 ndr: merge duplicate ndr_map_error2ntstatus() functions.
Guenther
2011-02-08 08:58:11 +01:00
Jeremy Allison
40850b3b27 Fix a couple of missing checks on talloc returns.
Autobuild-User: Jeremy Allison <jra@samba.org>
Autobuild-Date: Wed Feb  2 22:23:46 CET 2011 on sn-devel-104
2011-02-02 22:23:46 +01:00
Günther Deschner
885887ac1b s3-waf: no need to call pidl with --samba3-ndr-client anymore.
Guenther

Autobuild-User: Günther Deschner <gd@samba.org>
Autobuild-Date: Wed Feb  2 21:38:23 CET 2011 on sn-devel-104
2011-02-02 21:38:23 +01:00
Günther Deschner
586b2ee826 s3-epmap: use correct dcerpc client header in dcerpc_ep.c
Guenther

Autobuild-User: Günther Deschner <gd@samba.org>
Autobuild-Date: Wed Feb  2 19:50:02 CET 2011 on sn-devel-104
2011-02-02 19:50:02 +01:00
Andreas Schneider
31779662b7 s3-librpc: Added dcerpc_binding_vector_create function. 2011-02-02 12:44:20 +01:00
Andreas Schneider
20afe97177 s3-librpc: Added dcerpc register endpoint functions. 2011-02-02 12:44:20 +01:00
Günther Deschner
c9f4fad75c idl: add file_id idl.
Guenther

Autobuild-User: Günther Deschner <gd@samba.org>
Autobuild-Date: Tue Jan 25 12:27:00 CET 2011 on sn-devel-104
2011-01-25 12:27:00 +01:00
Günther Deschner
f0b3c72bcc s3-libndr: remove cmdline_lp_ctx.
Guenther
2011-01-25 11:42:46 +01:00
Günther Deschner
7eac3100ea libndr: move ndr_print_bool to ndr_basic.c
Guenther
2011-01-25 11:42:46 +01:00
Stefan Metzmacher
b7d6d3b840 s3:librpc: remove prototype of dcerpc_binding_handle_set_ref_alloc()
This function doesn't exist anymore.

metze
2011-01-21 07:21:10 +01:00
David Disseldorp
0b188e7784 s3-printing: Initiate pcap reload from parent smbd
Since commit 7022554, smbds share a printcap cache (printer_list.tdb),
therefore ordering of events between smbd processes is important when
updating printcap cache information. Consider the following two process
example:
1) smbd1 receives HUP or printcap cache time expiry
2) smbd1 checks whether pcap needs refresh, it does
3) smbd1 marks pcap as refreshed
4) smbd1 forks child1 to obtain cups printer info
5) smbd2 receives HUP or printcap cache time expiry
6) smbd2 checks whether pcap needs refresh, it does not (due to step 3)
7) smbd2 reloads printer shares prior to child1 completion (stale pcap)
8) child1 completion, pcap cache (printer_list.tdb) is updated by smbd1
9) smbd1 reloads printer shares based on new pcap information

In this case both smbd1 and smbd2 are reliant on the pcap update
performed on child1 completion.
The prior commit "reload shares after pcap cache fill" ensures that
smbd1 only reloads printer shares following pcap update, however smbd2
continues to present shares based on stale pcap data.

This commit addresses the above problem by driving pcap cache and
printer share updates from the parent smbd process.
1) smbd0 (parent) receives a HUP or printcap cache time expiry
2) smbd0 forks child0 to obtain cups printer info
3) child0 completion, pcap cache (printer_list.tdb) is updated by smbd0
4) smbd0 reloads printer shares
5) smbd0 notifies child smbds of pcap update via message_send_all()
6) child smbds read fresh pcap data and reload printer shares

This architecture has the additional advantage that only a single
process (the parent smbd) requests printer information from the printcap
backend.

Use time_mono in housekeeping functions As suggested by Björn Jacke.
2011-01-07 15:37:39 -08:00
Stefan Metzmacher
fbcbeabd65 s3:build: don't use cli_wbint.c any more
metze
2011-01-04 16:37:19 +01:00
Stefan Metzmacher
2d466b41cd s3:librpc: use netsec_outgoing_sig_size() instead of a hardcoded signature
size

metze
2011-01-03 16:44:29 +01:00
Volker Lendecke
ab1b857f58 s3: Fix bug 7842: WINBIND_LOOKUPRIDS does not return the proper domain name
Autobuild-User: Jeremy Allison <jra@samba.org>
Autobuild-Date: Mon Dec  6 21:18:07 CET 2010 on sn-devel-104
2010-12-06 21:18:07 +01:00
Jelmer Vernooij
8cf61377aa waf: Remove lib prefix from libraries manually. 2010-10-26 10:17:17 -07:00
Günther Deschner
0a1ce77e29 s3-libndr: handle NDR_ERR_IPV6ADDRESS case in ndr_errstr().
Guenther
2010-10-05 13:09:05 +00:00
Volker Lendecke
bad98e37e7 s3: Add "smbcontrol winbindd ip-dropped <local-ip>"
This is supposed to improve the winbind reconnect time after an ip address
has been moved away from a box. Any kind of HA scenario will benefit from
this, because winbindd does not have to wait for the TCP timeout to kick in
when a local IP address has been dropped and DC replies are not received
anymore.
2010-09-30 14:30:33 +02:00
Günther Deschner
0e1588aa98 s3-waf: add NDR_PERFCOUNT subsystem.
Guenther
2010-09-28 01:16:48 +02:00
Günther Deschner
db4bec3f4c s3-waf: convert LIBNET et al into subsystems.
Guenther
2010-09-24 21:09:45 -07:00
Günther Deschner
fa3eb7f5d4 s3-waf: let winbind depend on SRV_NDR_WBINT and RPCCLI_NDR_WBINT.
Guenther
2010-09-24 12:14:23 -07:00
Günther Deschner
2b76785311 s3-waf: add RPC_NDR_WBINT to librpc/wscript_build.
Guenther
2010-09-24 12:14:11 -07:00
Günther Deschner
c54881b2e1 s3-waf: add wscript_build to s3 librpc dir for NDR_ subsystems.
Guenther
2010-09-24 11:12:39 -07:00
Simo Sorce
926a3f4fcd s3-dcerpc: Use spnego own sign/seal functions
Signed-off-by: Günther Deschner <gd@samba.org>
2010-09-23 10:54:24 -07:00
Simo Sorce
3453bc7b11 s3-dcerpc: make auth context opaque
This way we always double check in advance that the context
is of the right type with talloc_get_type_abort instead of
potentially accessing random memory by addressing the wrong
structure in the union.

Signed-off-by: Günther Deschner <gd@samba.org>
2010-09-23 10:54:24 -07:00
Simo Sorce
d10e192b83 s3-dcerpc: finally remove the legaqcy spnego_type variable from pipe_auth_data
Signed-off-by: Günther Deschner <gd@samba.org>
2010-09-23 10:54:23 -07:00
Simo Sorce
4cdee9b0ed s3-dcerpc: add spnego server helpers
squashed: add michlistMIC signature checks

Signed-off-by: Günther Deschner <gd@samba.org>
2010-09-23 10:54:23 -07:00
Simo Sorce
77c73a5ec9 spnego: make spnego_context public
Signed-off-by: Günther Deschner <gd@samba.org>
2010-09-23 10:54:23 -07:00
Simo Sorce
2c9f420d75 s3-dcerpc: move client spnego stuff in /librpc/crypto
Signed-off-by: Günther Deschner <gd@samba.org>
2010-09-23 10:54:22 -07:00