1
0
mirror of https://github.com/samba-team/samba.git synced 2025-01-22 22:04:08 +03:00

540 Commits

Author SHA1 Message Date
Jelmer Vernooij
0a40093ef3 r7249: Cope with struct member rename
(This used to be commit e7549f33f5fb06d8b2a8f31745545cc7b9c8d4f9)
2007-10-10 13:17:31 -05:00
Jelmer Vernooij
c5981f6db0 r7117: Move more manpages to the source repository
(This used to be commit b00355bf0ce241a1223dbdbb2f3b5059a2bb4204)
2007-10-10 13:17:18 -05:00
Jelmer Vernooij
e427f58622 r6973: Merge new version of pidl into the main SAMBA_4_0 branch.
The main difference in this new version is the extra data structure generated
between the IDL data structure and the NDR parser:

IDL -> NDR -> { ndr_parser, ndr_header, eparser, etc }

This makes the ndr_parser.pm internals much more sane.

Other changes include:

- Remove unnecessary calls with NDR_BUFFERS (for example, GUID doesn't have any buffers, just scalars) as well as some (unnecessary) nested setting of flags.
- Parse array loops in the C code rather then calling ndr_pull_array(). This allows us to have, for example, arrays of pointers or arrays of pointers to arrays, etc..
- Use if() {} rather then if () goto foo; everywhere
- NDR_IN no longer implies LIBNDR_FLAG_REF_ALLOC
- By default, top level pointers are now "ref" (as is the default in
  most other IDL compilers). This can be overridden using the
  default_pointer_top() property.
- initial work on new ethereal parser generators by Alan DeKok and me
- pidl now writes errors in the standard format used by compilers, which
  is parsable by most editors
- ability to warn about the fact that pidl extension(s) have been used,
  useful for making sure IDL files work with other IDL compilers.

oh, and there's probably some other things I can't think of right now..
(This used to be commit 13cf227615f6b9e0e5fa62e59197024410254f01)
2007-10-10 13:17:01 -05:00
Tim Potter
4867378592 r6951: Fix all calls to setup_logging() that use 'True' as a second argument.
In Samba4 this is now an enum.  Possibly by accident, True just happens
to map to the right value in this case.  (-:
(This used to be commit affacc539864435cbc749a4c1a6b848c61b7182b)
2007-10-10 13:17:00 -05:00
Tim Potter
e4d5dde7c8 r6930: Use NBT_NAME_CLIENT instead of the number 0.
(This used to be commit e6b53ce177d7fea7440656a7bba3dd96fb82e9f3)
2007-10-10 13:16:57 -05:00
Jelmer Vernooij
e73d051e20 r6839: Add support for building subsystems as shared libraries. This can be
done by setting:
OUTPUT_TYPE = SHARED_LIBRARY
in the [SUBSYSTEM::...] section belonging to a subsystem.

The idea is to allow multiple values to OUTPUT_TYPE simultaneously
(e.g. OUTPUT_TYPE = SHARED_LIBRARY, STATIC_LIBRARY, OBJLIST )
(This used to be commit b9d0ae93ba86fec0115f58e7940b2a6c908bc809)
2007-10-10 13:16:50 -05:00
Jelmer Vernooij
5b18cf2268 r6795: Make some functions static and remove some unused ones.
(This used to be commit 46509eb89980bfe6dabd71264d570ea356ee5a22)
2007-10-10 13:16:44 -05:00
Stefan Metzmacher
a0cb1b0a5f r6612: fix the build
metze
(This used to be commit a1c7fe2578810d7c2b3c44e8271765468d0fcaee)
2007-10-10 13:16:30 -05:00
Stefan Metzmacher
001f13eb4f r6609: remove double entry for [BINARY::getntacl]
metze
(This used to be commit 55c9746da847d053d0c5a1b599da24af0a9e4b71)
2007-10-10 13:16:30 -05:00
Andrew Bartlett
8bf57cf8f5 r6573: Start on my project to implement an NT4 compatible BDC in Samba4.
This brings in a compatability layer for Samba3 in Samba4 - where we
will start to define file formats and similar details.

The 'net samdump' command uses 'password server = ' for now, and
performs a similar task to Samba3's 'net rpc samsync'.

Andrew Bartlett
(This used to be commit 550f17f9924fe783917318753de7d1a388423908)
2007-10-10 13:16:27 -05:00
Tim Potter
77255b7f9c r6527: Resurrect getntacl utility program. At the moment we only display the
output of ndr_print_xattr_NTACL() to stdout.
(This used to be commit b32c159c384c988385f13bbb16e610d825820e18)
2007-10-10 13:16:22 -05:00
Andrew Tridgell
e7dd6a1291 r6287: sorted out a small but surprisingly tricky dependency problem with the
ndr code for handling sids and security descriptors now that we have a
sid in the nbt IDL
(This used to be commit f8e77fcdeac704aed5e501aa9108f3ed0ab26ca4)
2007-10-10 13:11:29 -05:00
Andrew Bartlett
2eb3d68062 r6028: A MAJOR update to intergrate the new credentails system fully with
GENSEC, and to pull SCHANNEL into GENSEC, by making it less 'special'.

GENSEC now no longer has it's own handling of 'set username' etc,
instead it uses cli_credentials calls.

In order to link the credentails code right though Samba, a lot of
interfaces have changed to remove 'username, domain, password'
arguments, and these have been replaced with a single 'struct
cli_credentials'.

In the session setup code, a new parameter 'workgroup' contains the
client/server current workgroup, which seems unrelated to the
authentication exchange (it was being filled in from the auth info).

This allows in particular kerberos to only call back for passwords
when it actually needs to perform the kinit.

The kerberos code has been modified not to use the SPNEGO provided
'principal name' (in the mechListMIC), but to instead use the name the
host was connected to as.  This better matches Microsoft behaviour,
is more secure and allows better use of standard kerberos functions.

To achieve this, I made changes to our socket code so that the
hostname (before name resolution) is now recorded on the socket.

In schannel, most of the code from librpc/rpc/dcerpc_schannel.c is now
in libcli/auth/schannel.c, and it looks much more like a standard
GENSEC module.  The actual sign/seal code moved to
libcli/auth/schannel_sign.c in a previous commit.

The schannel credentails structure is now merged with the rest of the
credentails, as many of the values (username, workstation, domain)
where already present there.  This makes handling this in a generic
manner much easier, as there is no longer a custom entry-point.

The auth_domain module continues to be developed, but is now just as
functional as auth_winbind.  The changes here are consequential to the
schannel changes.

The only removed function at this point is the RPC-LOGIN test
(simulating the load of a WinXP login), which needs much more work to
clean it up (it contains copies of too much code from all over the
torture suite, and I havn't been able to penetrate its 'structure').

Andrew Bartlett
(This used to be commit 2301a4b38a21aa60917973451687063d83d18d66)
2007-10-10 13:11:15 -05:00
Jelmer Vernooij
34cde06513 r5924: Use cli_credentials in libnet/.
(This used to be commit e5bc6f4f1716568ae7022d61b5b35ee047b58414)
2007-10-10 13:11:08 -05:00
Jelmer Vernooij
02075be0bb r5917: First step in using the new cli_credentials structure. This patch
puts support for it into popt_common, adds a few utility functions
(in lib/credentials.c) and the callback functions for the command-line
(lib/cmdline/credentials.c). Comments are welcome :-)
(This used to be commit 1d49b57c50fe8c2683ea23e9df41ce8ad774db98)
2007-10-10 13:11:08 -05:00
Andrew Bartlett
df64302213 r5902: A rather large change...
I wanted to add a simple 'workstation' argument to the DCERPC
authenticated binding calls, but this patch kind of grew from there.

With SCHANNEL, the 'workstation' name (the netbios name of the client)
matters, as this is what ties the session between the NETLOGON ops and
the SCHANNEL bind.  This changes a lot of files, and these will again
be changed when jelmer does the credentials work.

I also correct some schannel IDL to distinguish between workstation
names and account names.  The distinction matters for domain trust
accounts.

Issues in handling this (issues with lifetime of talloc pointers)
caused me to change the 'creds_CredentialsState' and 'struct
dcerpc_binding' pointers to always be talloc()ed pointers.

In the schannel DB, we now store both the domain and computername, and
query on both.  This should ensure we fault correctly when the domain
is specified incorrectly in the SCHANNEL bind.

In the RPC-SCHANNEL test, I finally fixed a bug that vl pointed out,
where the comment claimed we re-used a connection, but in fact we made
a new connection.

This was achived by breaking apart some of the
dcerpc_secondary_connection() logic.

The addition of workstation handling was also propogated to NTLMSSP
and GENSEC, for completeness.

The RPC-SAMSYNC test has been cleaned up a little, using a loop over
usernames/passwords rather than manually expanded tests.  This will be
expanded further (the code in #if 0 in this patch) to use a newly
created user account for testing.

In making this test pass test_rpc.sh, I found a bug in the RPC-ECHO
server, caused by the removal of [ref] and the assoicated pointer from
the IDL.  This has been re-added, until the underlying pidl issues are
solved.
(This used to be commit 824289dcc20908ddec957a4a892a103eec2da9b9)
2007-10-10 13:11:07 -05:00
Tim Potter
1d64203954 r5827: Make ndrdump accept a uuid as well as a pipe name to specify
which rpc interface to use.
(This used to be commit d59bc9dc9bb3a11dd07b7862ea10d1b32e670598)
2007-10-10 13:11:04 -05:00
Tim Potter
d93d5f967f r5782: Use standard input for reading packet data if filename not specified.
(This used to be commit c3c6dafc3120ed5018a27a882cbc09e9d05fac33)
2007-10-10 13:11:03 -05:00
Rafal Szczesniak
308c7d26c1 r5425: Convert function tables to new structure (with description)
and remove unnecessary help functions as help is generated
automatically. Usage functions with precise information about
usage of each leaf node remain.

rafal
(This used to be commit eb66180d14a14cafbfc0df2b39eeaf4ad7bb43a9)
2007-10-10 13:10:44 -05:00
Rafal Szczesniak
a19b2e84f8 r5424: Automatically generate basic help display on basis of name
and description from function table.

rafal
(This used to be commit 24f7a3860e82bf632ebd6b3416e5e874e832be5f)
2007-10-10 13:10:44 -05:00
Rafal Szczesniak
16f64ae6d6 r5423: Change function table structure to allow short description
of command groups. Also give up help function pointer in the
structure since it's needed only in leaf nodes of command tree,
and leaf nodes decide about help on their own. Usage function
is still available on all levels.

rafal
(This used to be commit 48568959a86ee60c188b84078eb3872b8e185b6c)
2007-10-10 13:10:44 -05:00
Andrew Tridgell
845f5596c8 r5413: enable standard samba command line options in ndrdump (so -d works)
(This used to be commit 6f9eb74ef8536004d08ffd01ad41622b83526af6)
2007-10-10 13:10:43 -05:00
Andrew Tridgell
8f49e17044 r5412: don't force initial debug level up in ndrdump
(This used to be commit 9536936992795629d19d4004fcad78cec3a3caff)
2007-10-10 13:10:43 -05:00
Rafal Szczesniak
530d46f674 r5400: Slightly better handling of help messages in net tool.
rafal
(This used to be commit 5cebb4feedf7d6542c497fe55763d66f51b1c989)
2007-10-10 13:10:41 -05:00
Rafal Szczesniak
082a568473 r5381: Added net_user.c with net tool interface for managing user accounts.
rafal
(This used to be commit 3005f0408c647fcab65c11de9bf680f7f5831492)
2007-10-10 13:09:49 -05:00
Rafal Szczesniak
1ad9bed79d r5380: Removed extra newline.
rafal
(This used to be commit d8fa9baf24852d87fcffee8bf353604b4507683d)
2007-10-10 13:09:49 -05:00
Andrew Tridgell
dd689afdc8 r5328: - allow case sensitive nbt name lookups
- added --case-sensitive option to nmblookup

 - added case sensitivity tests to the NBT-WINS test
(This used to be commit 80a95d5688e055b36727e5c043cb36322d719763)
2007-10-10 13:09:42 -05:00
Andrew Tridgell
75ddf59ea1 r5308: trimmed back a lot of the old macros from smb_macros.h
(This used to be commit bf43c9bdcf9e654d123f6a2b29feb9189ca9e561)
2007-10-10 13:09:40 -05:00
Andrew Tridgell
bed7c9ec32 r5304: removed lib/socket/socket.h from includes.h
(This used to be commit b902ea546d2d1327b23f40ddaeeaa8e7e3662454)
2007-10-10 13:09:39 -05:00
Andrew Tridgell
8674eaa5cc r5300: more uint32 and system/filesys.h build fixes when developer mode is enabled
(This used to be commit 93931b1a741a3722c311ada80c4c9d3d670f91b2)
2007-10-10 13:09:39 -05:00
Andrew Tridgell
e82aad1ce3 r5298: - got rid of pstring.h from includes.h. This at least makes it a bit
less likely that anyone will use pstring for new code

 - got rid of winbind_client.h from includes.h. This one triggered a
   huge change, as winbind_client.h was including system/filesys.h and
   defining the old uint32 and uint16 types, as well as its own
   pstring and fstring.
(This used to be commit 9db6c79e902ec538108d6b7d3324039aabe1704f)
2007-10-10 13:09:38 -05:00
Andrew Tridgell
b9bb7f596d r5294: - added a separate NBT-WINS test for WINS operations (register, refresh, release and query)
- change the iface_n_*() functions to return a "const char *" instead of a "struct ipv4_addr"
  I think that in general we should move towards "const char *" for
  all IP addresses, as this makes IPv6 much easier, and is also easier
  to debug. Andrew, when you get a chance, could you fix some of the
  auth code to use strings for IPs ?

- return a NTSTATUS error on bad name queries and node status instead
  of using rcode. This makes the calling code simpler.

- added low level name release code in libcli/nbt/

- use a real IP in the register and wins nbt torture tests, as w2k3
  WINS server silently rejects some operations that don't come from the
  IP being used (eg. it says "yes" to a release, but does not in fact
  release the name)
(This used to be commit bb1ab11d8e0ea0bd9ae34aebeb565d36fe4b495f)
2007-10-10 13:09:37 -05:00
Andrew Tridgell
b69a2c0d6b r5261: translate nbt rcode errors to NTSTATUS codes
(This used to be commit 554d1b70e73faeb1f5ecf88f31c5810d86d76200)
2007-10-10 13:09:35 -05:00
Andrew Tridgell
fcb78064bf r5260: - show an error message on nmblookup failure
- always try to enable broadcast on nbt name sockets (this matches
  samba3 behaviour better)
(This used to be commit 919bc14e7bbc04479cf11f7a7fd4c5e46616ef46)
2007-10-10 13:09:35 -05:00
Andrew Tridgell
7f10614e94 r5252: - fixed nmblookup for the nbt api changes
- added a simple WINS server name registration and query test
(This used to be commit d56e68ebf584e50aa409d22b1ca7c9276abea962)
2007-10-10 13:09:34 -05:00
Andrew Tridgell
414f6c80b2 r5114: the nbtd task can now act as a basic B-node server. It registers its
names on the network and answers name queries. Lots of details are
still missing, but at least this now means you don't need a Samba3
nmbd to use Samba4.

missing pieces include:

 - name registrations should be "shout 3 times, then demand"

 - no WINS server yet

 - no master browser code
(This used to be commit d7d31fdc6670f026f96b50e51a4de19f0b920e5b)
2007-10-10 13:09:23 -05:00
Andrew Tridgell
e6ea227235 r5054: added a nmblookup tool, based on the new nbt library
(This used to be commit 9587cbcb9ea5303b345c31a662e9cd75d7cd705d)
2007-10-10 13:09:18 -05:00
Andrew Tridgell
759da3b915 r5037: got rid of all of the TALLOC_DEPRECATED stuff. My apologies for the
large commit. I thought this was worthwhile to get done for
consistency.
(This used to be commit ec32b22ed5ec224f6324f5e069d15e92e38e15c0)
2007-10-10 13:09:15 -05:00
Andrew Tridgell
0b673687e5 r5004: add current samba3 nmblookup.c ready for updating to new nbt lib
(This used to be commit 854f7f376d7e15524a76bdb43a56be2a1a1d8123)
2007-10-10 13:09:12 -05:00
Andrew Tridgell
51d61771f8 r5003: delete old nmblookup.c code
(This used to be commit b781a542447f9b9468ab20dd26c222a4ebfcda85)
2007-10-10 13:09:12 -05:00
Andrew Tridgell
23478fe0ca r4889: make sure ndr print flags are initialised in ndrdump
(This used to be commit c5c65ad8fb21e515535286c52847f3eb990f8036)
2007-10-10 13:09:03 -05:00
Andrew Tridgell
4d7e4c8058 r4794: - disabled the ntacl command line utilities until they are rewritten to use the same
acl format as we use in pvfs (and hopefully use common code too)

- removed a lot of old cruft from our autoconf tests. This may well break some builds,
  but then we can fix them properly instead of the "if solaris version 5.1.2" crap

This was prompted by someone sending me solaris 10 patches that
patched the configure script with if statements for several more
versions of solaris to check for and do special stuff. That is just
silly.
(This used to be commit 1ea59d1146f041e9befbb435e901c6d7d497c52c)
2007-10-10 13:08:56 -05:00
Andrew Bartlett
8799d6b44c r4762: Store the results of a 'net join' in the LDB.
Like Samba3, the storage of the primary domain password is keyed off
the domain name, so we can join multiple domains, and just swap
'workgroup =' around.

Andrew Bartlett
(This used to be commit 54a231780e028c6433cac296f2fbc64e39632dfd)
2007-10-10 13:08:51 -05:00
Andrew Bartlett
335a277662 r4722: Start to add 'net join' to Samba4.
Andrew Bartlett
(This used to be commit a9b960609142e15ba5950eb1b22944eb6df18d9c)
2007-10-10 13:08:48 -05:00
Stefan Metzmacher
46a32687da r4620: - add interface functions to the auth subsystem so that callers doesn't need to
use function pointers anymore
- make the module init much easier
- a lot of cleanups

don't try to read the diff in auth/ better read the new files

it passes test_echo.sh and test_rpc.sh

abartlet: please fix spelling fixes

metze
(This used to be commit 3c0d16b8236451f2cfd38fc3db8ae2906106d847)
2007-10-10 13:08:34 -05:00
Andrew Tridgell
6836f5d0b1 r4616: the first phase in the addition of proper support for
dcerpc_alter_context and multiple context_ids in the dcerpc client
library.

This stage does the following:

 - split "struct dcerpc_pipe" into two parts, the main part being "struct dcerpc_connection", which
   contains all the parts not dependent on the context, and "struct dcerpc_pipe" which has
   the context dependent part. This is similar to the layering in libcli_*() for SMB

 - disable the current dcerpc_alter code. I've used a #warning until i
   get the 2nd phase finished. I don't know how portable #warning is, but
   it won't be long before I add full alter context support anyway, so it won't last long

 - cleanup the allocation of dcerpc_pipe structures. The previous code
   was quite awkward.
(This used to be commit 4004c69937be7e5dae56f9567ca607f982d395d3)
2007-10-10 13:08:34 -05:00
Andrew Tridgell
11ce2cfd70 r4591: - converted the other _p talloc functions to not need _p
- added #if TALLOC_DEPRECATED around the _p functions

- fixes the code that broke from the above

while doing this I fixed quite a number of places that were
incorrectly using the non type-safe talloc functions to use the type
safe ones. Some were even doing multiplies for array allocation, which
is potentially unsafe.
(This used to be commit 6e7754abd0c225527fb38363996a6e241b87b37e)
2007-10-10 13:08:30 -05:00
Andrew Tridgell
ddc10d4d37 r4549: got rid of a lot more uses of plain talloc(), instead using
talloc_size() or talloc_array_p() where appropriate.

also fixed a memory leak in pvfs_copy_file() (failed to free a memory
context)
(This used to be commit 89b74b53546e1570b11b3702f40bee58aed8c503)
2007-10-10 13:08:25 -05:00
Stefan Metzmacher
b5b1c52a98 r4419: move security_token stuff to the libcli/security/
and debug privileges

metze
(This used to be commit c981808ed4cfa63c7ba7c4f9190b6b14f74bab40)
2007-10-10 13:07:47 -05:00
Andrew Bartlett
0f1444b772 r4358: At metze's request, the Christmas elves have removed gensec_end in
favor of talloc_free().

Andrew Bartlett
(This used to be commit 1933cd12fbaed56e13f2386b19de6ade99bf9478)
2007-10-10 13:07:37 -05:00