1
0
mirror of https://github.com/samba-team/samba.git synced 2025-02-28 01:58:17 +03:00

926 Commits

Author SHA1 Message Date
Andrew Tridgell
f86521677d r5034: - added a type mapping function in pidl, so the type names in our IDL
files don't need to match the type names in the generated headers

- with this type mapping we no longer need definitions for the
  deprecated "int32", "uint8" etc form of types. We can now force
  everyone to use the standard types int32_t, uint8_t etc.

- fixed all the code that used the deprecated types

- converted the IDL types "int64" and "uint64" to "dlong" and
  "udlong". These are the 4 byte aligned 64 bit integers that
  Microsoft internally define as two 32 bit integers in a
  structure. After discussions with Ronnie Sahlberg we decided that
  calling these "int64" was confusing, as it implied a true 8 byte
  aligned type

- fixed all the cases where we incorrectly used things like
  "NTTIME_hyper" in our C code. The generated API now uses a NTTIME for
  those. The fact that it is hyper-aligned on the wire is not relevant
  to the API, and should remain just a IDL property
2007-10-10 13:09:15 -05:00
Andrew Tridgell
765ede8ca6 r5027: added the IDL license to the IDL directory 2007-10-10 13:09:14 -05:00
Tim Potter
19a907cb58 r5005: Add missing size specifiers to various bitmaps. 2007-10-10 13:09:12 -05:00
Stefan Metzmacher
7b09a3f725 r4962: add infrastructure to use raw krb5 auth in dcerpc client code
Note this doesn't work currently because the gensec_modules are not ready for that yet

metze
2007-10-10 13:09:10 -05:00
Andrew Tridgell
7f981b9ed9 r4944: every event_add_*() caller was having to call talloc_steal() to take
control of the event, so instead build that into the function. If you
pass NULL as mem_ctx then it leaves it as a child of the events
structure.
2007-10-10 13:09:08 -05:00
Andrew Tridgell
bf74ea34fc r4886: fixed two places where we process the send side of a socket after the
recv side in the same event. That's a bad idea, as the first callback
could decide to destroy the socket.
2007-10-10 13:09:02 -05:00
Andrew Tridgell
ae7e625bfa r4885: added a new NBT client library. Features include:
- structures defined using IDL in nbt.idl
 - build around our events structure, and talloc
 - fully async
 - supports all NBT packet fields as per rfc1002
 - easy interfaces for name query and status

For the moment there are just a couple of test functions in
namequery.c, test_name_query() and test_name_status(). These will be
removed when we hook the new library into libcli/ fully

The new library will also be a fairly good basis for a nbt
server. Although it can't be a server as-is, I wrote it with the needs
of a server in mind (for example, extremely scalable idtree based
packet handling)
2007-10-10 13:09:01 -05:00
Stefan Metzmacher
3381617a03 r4804: add more emuns and bitmaps
metze
2007-10-10 13:08:57 -05:00
Andrew Bartlett
37a81aad74 r4774: It appears the SensitiveData contains the password history, as the
remaining data.  Pity - I was looking for kerberos keys :-)

Andrew Bartlett
2007-10-10 13:08:53 -05:00
Andrew Tridgell
0d31523aae r4772: fixed checking of the conformant size for dom_sid2 2007-10-10 13:08:53 -05:00
Andrew Bartlett
3d3063b1f6 r4768: Until I can prove it, we should not have these elements marked as
size_is() base arrays.

Andrew Bartlett
2007-10-10 13:08:52 -05:00
Andrew Tridgell
71cbe28734 r4758: - added async support to the session request code
- added async support to the negprot client code

- removed two unused parameters from smbcli_full_connection() code

- converted smbclient to use smbcli_full_connection() rather than
  reinventing everything itself
2007-10-10 13:08:50 -05:00
Andrew Tridgell
468f8ebbfd r4757: added the ability of the clisocket level of libcli to handle async
socket connections. This was complicated by a few factors:

 - it meant moving the event context from clitransport to clisocket,
   so lots of structures changed

 - we need to asynchronously handle connection to lists of port
   numbers, not just one port number. The code internally tries each
   port in the list in turn, without ever blocking

 - the man page on how connect() is supposed to work asynchronously
   doesn't work in practice (now why doesn't this surprise me?). The
   getsockopt() for SOL_ERROR is supposed to retrieve the error, but
   in fact the next (unrelated) connect() call on the same socket also
   gets an error, though not the right error. To work around this I
   need to tear down the whole socket between each attempted port. I
   hate posix.

Note that clisocket.c still does a blocking name resolution call in
smbcli_sock_connect_byname(). That will be fixed when we add the async
NBT resolution code.

Also note that I arranged things so that every SMB connection is now
async internally, so using plain smbclient or smbtorture tests all the
async features of this new code.
2007-10-10 13:08:50 -05:00
Andrew Bartlett
d360f30948 r4720: Reformat, rename, and convert to enums parts of the LSA IDL specification.
Andrew Bartlett
2007-10-10 13:08:48 -05:00
Andrew Bartlett
cd9e795e40 r4708: Comparing with LDAP, it is clear that these 'flags' are in fact the
POSIX offset for the trusted domain.

Andrew Bartlett
2007-10-10 13:08:46 -05:00
Stefan Metzmacher
57bf3d7a83 r4705: use an enum for reject_reason
metze
2007-10-10 13:08:45 -05:00
Andrew Bartlett
51e94fa26c r4703: Add support for EnumTrustDomain, and expand the testsuite.
Add my copyright to the SAMR server.

Andrew Bartlett
2007-10-10 13:08:45 -05:00
Stefan Metzmacher
7d8ba92da2 r4702: implment idl, torture test and server code for netr_ServerPasswordSet2()
metze
2007-10-10 13:08:45 -05:00
Andrew Bartlett
271c8faadf r4698: - Initial implementation of trusted domains in LSA.
- Use templates for Secrets and the new trusted domains

 - Auto-add modifiedTime, createdTime and objectGUID to records in the
   samdb layer.

Andrew Bartlett
2007-10-10 13:08:44 -05:00
Andrew Bartlett
7200a01545 r4691: Make the DCE-RPC bind code compleatly generic to the number of passes
that the GENSEC mechanism wishes to select.  It is of course up to the
GENSEC mech and the remote server to actually support this however...

Andrew Bartlett
2007-10-10 13:08:44 -05:00
Andrew Bartlett
ded3303352 r4682: A LDB-based secrets implementation in Samba4.
This uses LDB (a local secrets.ldb and the global samdb) to fill out
the secrets from an LSA perspective.

Some small changes to come, but the bulk of the work is now done.

A re-provision is required after this change.

Andrew Bartlett
2007-10-10 13:08:42 -05:00
Stefan Metzmacher
0d2286ba56 r4676: NTTIME_1sec is a standard NTTIME for the calling code
as it's already converted in the pull/push code

metze
2007-10-10 13:08:41 -05:00
Andrew Bartlett
1fed79cb0f r4673: Fix the IDL for the QuerySecret LSA call.
This call uses a new IDL type, NTTIME_hyper.  This is 8-byte aligned,
as the name suggests.

Expand the QuerySecret LSA calls in RPC-SAMLOGON and RPC-LSA, to
validate the behaviour of times, and of the old secrets.

Thanks to tridge for spotting the use of HYPER!

Andrew Bartlett
2007-10-10 13:08:40 -05:00
Stefan Metzmacher
b6543a6e30 r4650: - make more use of bitmap and enum's
- move some structs out of misc.idl

metze
2007-10-10 13:08:39 -05:00
Stefan Metzmacher
fa798fe1f0 r4649: make more use of bitmap and enum's
metze
2007-10-10 13:08:39 -05:00
Andrew Tridgell
6f2019c307 r4644: allow DSSETUP on ncacn_ip_tcp 2007-10-10 13:08:38 -05:00
Andrew Tridgell
4e62bd2a34 r4638: expose lsa and drsuapi on ncalrpc 2007-10-10 13:08:37 -05:00
Andrew Bartlett
f2bd7a5a69 r4636: Per tridge's wish (and probably correct behaviour), don't key off a
specific GENSEC mech type, but on the behaviour of the mech.

Andrew Bartlett
2007-10-10 13:08:37 -05:00
Andrew Bartlett
43e3516fc0 r4635: Fix NTLMSSP to return NT_STATUS_OK when it has constructed the auth
token in the client (the final token in the negotiation).

Consequential fixes in the SPNEGO code, which now uses the out.length
as the indicator of 'I need to send something to the other side'.

Merge the NTLM and SPNEGO DCE-RPC authentication routines in the client.

Fix the RPC-MULTIBIND test consequent to this merge.

Andrew Bartlett
2007-10-10 13:08:37 -05:00
Andrew Tridgell
59a5a0b218 r4630: for ncacn_np if we don't have an explicit request for one of the
advanced auth types we should do a plain bind. This fixes rpc
connections to ancient servers (like sun cascade)
2007-10-10 13:08:36 -05:00
Andrew Tridgell
9c0a3423f0 r4627: - simplified the dcerpc auth code using a common function
- added support for "spnego" in binding strings. This enables SPNEGO
  auth in the dcerpc client code, using as many allter_context calls as
  are needed

To try SPNEGO do this:

  smbtorture ncacn_ip_tcp:SERVER[spnego,seal] -Uadministrator%password RPC-SAMR
2007-10-10 13:08:35 -05:00
Stefan Metzmacher
3c0d16b823 r4620: - add interface functions to the auth subsystem so that callers doesn't need to
use function pointers anymore
- make the module init much easier
- a lot of cleanups

don't try to read the diff in auth/ better read the new files

it passes test_echo.sh and test_rpc.sh

abartlet: please fix spelling fixes

metze
2007-10-10 13:08:34 -05:00
Jelmer Vernooij
95e849bf94 r4619: Remove extern declaration of dcerpc_pipes, which is now static 2007-10-10 13:08:34 -05:00
Andrew Tridgell
dd1c54add8 r4618: - tidied up the alter_context client code a bit
- there is no alter_nak or alter_ack packet, its all done in an
  alter_response

- auto-allocated the contex_ids

- tried to fix up the dcom code to work again with
  alter_context. Jelmer, please take a look :)
2007-10-10 13:08:34 -05:00
Andrew Tridgell
0129ec947a r4617: basic alter_context requests now work in our client library. The test
just does a simple LSA/DSSETUP combo, which is what w2k does in the
ACL editor rpc calls that triggered this work
2007-10-10 13:08:34 -05:00
Andrew Tridgell
4004c69937 r4616: the first phase in the addition of proper support for
dcerpc_alter_context and multiple context_ids in the dcerpc client
library.

This stage does the following:

 - split "struct dcerpc_pipe" into two parts, the main part being "struct dcerpc_connection", which
   contains all the parts not dependent on the context, and "struct dcerpc_pipe" which has
   the context dependent part. This is similar to the layering in libcli_*() for SMB

 - disable the current dcerpc_alter code. I've used a #warning until i
   get the 2nd phase finished. I don't know how portable #warning is, but
   it won't be long before I add full alter context support anyway, so it won't last long

 - cleanup the allocation of dcerpc_pipe structures. The previous code
   was quite awkward.
2007-10-10 13:08:34 -05:00
Andrew Tridgell
6e7754abd0 r4591: - converted the other _p talloc functions to not need _p
- added #if TALLOC_DEPRECATED around the _p functions

- fixes the code that broke from the above

while doing this I fixed quite a number of places that were
incorrectly using the non type-safe talloc functions to use the type
safe ones. Some were even doing multiplies for array allocation, which
is potentially unsafe.
2007-10-10 13:08:30 -05:00
Andrew Tridgell
b65a95c117 r4588: fixed the double bind in ncalrpc with dcerpc_secondary_connection() 2007-10-10 13:08:30 -05:00
Andrew Tridgell
244370d624 r4587: fixed dcerpc_secondary_connection() for ncacn_ip_tcp
this fixes RPC-SAMLOGON and some other tests on ncacn_ip_tcp
2007-10-10 13:08:29 -05:00
Stefan Metzmacher
c2523adc0a r4568: make use of SidType and move it to lsa.idl
metze
2007-10-10 13:08:28 -05:00
Andrew Tridgell
08d7b77efc r4564: added a comment on lsa_EnumAccounts IDL 2007-10-10 13:08:28 -05:00
Stefan Metzmacher
2a859fbc90 r4558: more use of bitmaps and enums
metze
2007-10-10 13:08:27 -05:00
Stefan Metzmacher
c3b2d2cca3 r4557: support for [flags()] on typedef enum|bitmap
NDR_PAHEX is handled by ndr_print_enum() now

metze
2007-10-10 13:08:27 -05:00
Stefan Metzmacher
a4d9403423 r4555: fix some dependencies
metze
2007-10-10 13:08:27 -05:00
Stefan Metzmacher
ed1c98cb9d r4554: create svcctl_ServerType bitmap
metze
2007-10-10 13:08:27 -05:00
Stefan Metzmacher
3e224575e5 r4552: use samr_AcctFlags in netlogon.idl
metze
2007-10-10 13:08:26 -05:00
Andrew Tridgell
2011bbeb84 r4550: talloc() is now typesafe. It is exactly equivalent to the old talloc_p() macro. Use
talloc_size() if you want the old behaviour.

I have kept talloc_p() as an alias for now. Once we change all calls
to be plain talloc() then we can remove it.
2007-10-10 13:08:26 -05:00
Andrew Tridgell
89b74b5354 r4549: got rid of a lot more uses of plain talloc(), instead using
talloc_size() or talloc_array_p() where appropriate.

also fixed a memory leak in pvfs_copy_file() (failed to free a memory
context)
2007-10-10 13:08:25 -05:00
Stefan Metzmacher
109c91650a r4542: use bitmap for samr_FieldsPresent and samr_AcctFlags
metze
2007-10-10 13:08:20 -05:00
Stefan Metzmacher
fd96a07c5a r4541: make use of new enum and bitmap features
metze
2007-10-10 13:08:19 -05:00