1
0
mirror of https://github.com/samba-team/samba.git synced 2024-12-24 21:34:56 +03:00
Commit Graph

295 Commits

Author SHA1 Message Date
Stefan Metzmacher
c4a0e36143 r11546: add more errno ntstatus mappings, to get more usefull errors from socket_wrapper
metze
(This used to be commit 6375a9a95d)
2007-10-10 13:45:52 -05:00
Andrew Bartlett
b1d3d75c68 r11404: Another torture test and a new WERR.
Andrew Bartlett
(This used to be commit de83b8cd18)
2007-10-10 13:45:32 -05:00
Stefan Metzmacher
b0e342e389 r10867: add WERR_UNKNOWN_REVISION errorcode
metze
(This used to be commit b436206c49)
2007-10-10 13:39:37 -05:00
Stefan Metzmacher
5880f79f4f r10545: map ECONNRESET to NT_STATUS_CONNECTION_RESET
metze
(This used to be commit e753114e86)
2007-10-10 13:39:04 -05:00
Jelmer Vernooij
49839f356f r10513: Reduce some use of pstring. The main reason some parts of the code still
use pstring is next_token() now.
(This used to be commit a5b88bcd42)
2007-10-10 13:38:58 -05:00
Tim Potter
561a02d646 r10103: Put an #ifdef guard around ENOTSUP to fix systems that don't have it
(OpenBSD 3.7).
(This used to be commit cc24af6545)
2007-10-10 13:37:59 -05:00
Stefan Metzmacher
81021aaa95 r9638: add error code that you get when you call DsGetNCChanges() with a tmp_highest_usn which is
higher than the real highest of the source dsa

metze
(This used to be commit e4424d2a6d)
2007-10-10 13:34:36 -05:00
Stefan Metzmacher
36dcb8425d r9514: add some new error codes I was getting with DsGetNCChanges() and DsAddEntry()
metze
(This used to be commit 2cbbb8ace2)
2007-10-10 13:34:25 -05:00
Andrew Bartlett
684c824e9a r9421: Move arcfour code into it's own file, in lib/crypto.
Andrew Bartlett
(This used to be commit ca6cf46270)
2007-10-10 13:33:37 -05:00
Tim Potter
2fa50ab671 r9222: Rename smb_tree_connect() to smb_raw_tcon() to match other raw function
names.
(This used to be commit 26b191b3c9)
2007-10-10 13:31:33 -05:00
Andrew Tridgell
223262c11e r9048: added a new DOS error code (thanks to EMC)
(This used to be commit 1936c20939)
2007-10-10 13:31:11 -05:00
Jeremy Allison
3de3d6a02d r8174: Check DOS error codes in torture chkpath test.
Jeremy.
(This used to be commit ff58ecad04)
2007-10-10 13:19:17 -05:00
Andrew Tridgell
65ae28dfa7 r8125: fixed an error code mapping based on the updated torture tests
(This used to be commit a3b8a00d7f)
2007-10-10 13:19:11 -05:00
Andrew Tridgell
934831686c r8115: added support for 2 more dos error codes found during testing
(This used to be commit 97cb705713)
2007-10-10 13:19:10 -05:00
Andrew Tridgell
950f662484 r8111: fixed the client library to work against w2k3 with nt status codes
disabled. The main change is to turn off spnego, which cannot work at
all without nt status codes (w2k3 gives a ERRHRD:ERRgeneral error when
you try)

I also modified NT_STATUS_EQUAL() to allow for nt->dos code equality,
but only when nt status codes are disabled in smb.conf. That keeps all
the existing torture code working, while still allowing us to
correctly catch the cases where forced dos error codes are needed

The dos->ntstatus mapping table has been removed completely, as it
doesn't really make sense, is impossible to get right, and with the
new dos status handling isn't needed. When matching a nt status code
to a dos status code it makes far more sense to map from the nt code
to the dos code and compare, rather than the reverse, as the nt->dos
mapping is what windows has to do internally, so there really is a
valid mapping table.
(This used to be commit f21274e07b)
2007-10-10 13:19:09 -05:00
Andrew Tridgell
b3383236a2 r8106: the use of a static string for dos error codes was causing problems in
the torture code. To fix this, get rid of dos_errstr() and instead
move the strings into the nt_errstr() table, using cpp to generate the
strings
(This used to be commit 3136ad9634)
2007-10-10 13:19:08 -05:00
Andrew Tridgell
e0d521ca79 r8104: - added support for our client library to not negotiate nt status codes, controlled
with 'nt status support' option.

- make nt_errstr() display nice strings for dos status codes encoded
  using NT_STATUS_DOS()

- no longer map between dos and nt status codes in the client library,
  instead return using NT_STATUS_DOS()

- fixed the RAW-CONTEXT test to look for
  NT_STATUS_DOS(ERRSRV, ERRbaduid) instead of NT_STATUS_INVALID_HANDLE
(This used to be commit ff5549e87f)
2007-10-10 13:19:08 -05:00
Andrew Tridgell
d6c1ad5c17 r7941: fixed handling of ASN.1 objects bigger than 64k
(This used to be commit f88a601882)
2007-10-10 13:18:53 -05:00
Andrew Tridgell
7267cb3312 r7749: some bug fixes from testing with socket:testnonblock
- fixed some infinite loops in asn1.c

- ensure asn1 callers know if an error is end of buffer or bad data

- handle npending 0 in ldap server
(This used to be commit f22c3b84c8)
2007-10-10 13:18:30 -05:00
Andrew Tridgell
68853a1c7b r7746: - added TLS support to our ldap server
- this involved changing the buffer handling in the ldap server quite a
  lot, as it didn't handle partial packets at all

- removed completely bogus asn1_object_length() function. You can't
  do that with BER/DER
(This used to be commit fed6f4cc6c)
2007-10-10 13:18:30 -05:00
Andrew Tridgell
b4eee348c4 r7720: - simplify the asn1 decode of ldap_search() a lot, taking advantage of
the fact that the ldap data structures now use ldb_message_element.

- fixed null termination of elements in ildap
(This used to be commit 09060994c1)
2007-10-10 13:18:26 -05:00
Andrew Tridgell
af237084ec r7633: this patch started as an attempt to make the dcerpc code use a given
event_context for the socket_connect() call, so that when things that
use dcerpc are running alongside anything else it doesn't block the
whole process during a connect.

Then of course I needed to change any code that created a dcerpc
connection (such as the auth code) to also take an event context, and
anything that called that and so on .... thus the size of the patch.

There were 3 places where I punted:

  - abartlet wanted me to add a gensec_set_event_context() call
    instead of adding it to the gensec init calls. Andrew, my
    apologies for not doing this. I didn't do it as adding a new
    parameter allowed me to catch all the callers with the
    compiler. Now that its done, we could go back and use
    gensec_set_event_context()

  - the ejs code calls auth initialisation, which means it should pass
    in the event context from the web server. I punted on that. Needs fixing.

  - I used a NULL event context in dcom_get_pipe(). This is equivalent
    to what we did already, but should be fixed to use a callers event
    context. Jelmer, can you think of a clean way to do that?

I also cleaned up a couple of things:

 - libnet_context_destroy() makes no sense. I removed it.

 - removed some unused vars in various places
(This used to be commit 3a3025485b)
2007-10-10 13:18:15 -05:00
Andrew Tridgell
bab977dad7 r7626: a new ldap client library. Main features are:
- hooked into events system, so requests can be truly async and won't
   interfere with other processing happening at the same time

 - uses NTSTATUS codes for errors (previously errors were mostly
   ignored). In a similar fashion to the DOS error handling, I have
   reserved a range of the NTSTATUS code 32 bit space for LDAP error
   codes, so a function can return a LDAP error code in a NTSTATUS

 - much cleaner packet handling
(This used to be commit 2e3c660b2f)
2007-10-10 13:18:14 -05:00
Andrew Tridgell
9d6b3e62c2 r7566: added support for LDAPString types in the asn.1 library
(This used to be commit 1a81d28456)
2007-10-10 13:18:10 -05:00
Andrew Tridgell
4b0e5bd753 r7527: - added a ldb_search_bytree() interface, which takes a ldb_parse_tree
instead of a search expression. This allows our ldap server to pass
  its ASN.1 parsed search expressions straight to ldb, instead of going
  via strings.

- updated all the ldb modules code to handle the new interface

- got rid of the separate ldb_parse.h now that the ldb_parse
  structures are exposed externally

- moved to C99 structure initialisation in ldb

- switched ldap server to using ldb_search_bytree()
(This used to be commit 96620ab2ee)
2007-10-10 13:18:06 -05:00
Andrew Bartlett
0501a440be r6462: Move the arcfour sbox state into it's own structure, and allocate it
with talloc() for the NTLMSSP system.

Andrew Bartlett
(This used to be commit 7a93ac49c2)
2007-10-10 13:11:39 -05:00
Jelmer Vernooij
ef213b0248 r5866: Add InitShutdown IDL and torture test.
Implement push side of NDR_LEN4|NDR_NOTERM strings (pull side was already present)
(This used to be commit ea61ec1122)
2007-10-10 13:11:05 -05:00
Stefan Metzmacher
736797ef7f r5737: add some error codes
metze
(This used to be commit f543eb4ede)
2007-10-10 13:11:01 -05:00
Andrew Tridgell
e82aad1ce3 r5298: - got rid of pstring.h from includes.h. This at least makes it a bit
less likely that anyone will use pstring for new code

 - got rid of winbind_client.h from includes.h. This one triggered a
   huge change, as winbind_client.h was including system/filesys.h and
   defining the old uint32 and uint16 types, as well as its own
   pstring and fstring.
(This used to be commit 9db6c79e90)
2007-10-10 13:09:38 -05:00
Jelmer Vernooij
58a9570353 r5237: Add error code for "class not registered"
(This used to be commit b72a0ac654)
2007-10-10 13:09:33 -05:00
Andrew Tridgell
a0ab1f7afd r5107: moved the horrible ldap socket code, and the even worse
asn1-tied-to-blocking-sockets code into the ldap client and torture
suite, and out of the generic libs, so nobody else is tempted to use
it for any new code.
(This used to be commit 39d1ced21b)
2007-10-10 13:09:23 -05:00
Andrew Tridgell
99ecf2d953 r5053: - fix up the library dependencies so that tools that need nbt don't
need to pull in the whole dcerpc subsystem

- moved smbencrypt.c code into libcli/auth/
(This used to be commit 3351c636af)
2007-10-10 13:09:18 -05:00
Andrew Tridgell
759da3b915 r5037: got rid of all of the TALLOC_DEPRECATED stuff. My apologies for the
large commit. I thought this was worthwhile to get done for
consistency.
(This used to be commit ec32b22ed5)
2007-10-10 13:09:15 -05:00
Andrew Tridgell
3e44c4a3ba r4951: some of the code dealing with libcli was getting too complex trying to
handle the inverted memory hierarchy that a normal session
establishment gave. The inverted hierarchy came from that fact that
you first establish a socket, then a transport, then a session and
finally a tree. That leads to the socket being at the top of the
memory hierarchy and the tree at the bottom, which makes no sense from
the users point of view, as they want to be able to free the tree and
have everything disappear.

The core problem was that the libcli interface didn't distinguish
between establishing a primary context and a secondary context. If you
establish a 2nd session on a transport then you want the transport to
be referenced by the session, whereas if you establish a primary
session then you want the transport to be a child of the session.

To fix this I have added "parent_ctx" and "primary" arguments to the
libcli intialisation functions. This makes using the library much
easier, and gives us a memory hierarchy that makes much more sense.

I was prompted to do this by a bug in the cifs backend, which was
caused by the socket not being properly torn down on a disconnect due
to the inverted memory hierarchy.
(This used to be commit 5e8fd5f701)
2007-10-10 13:09:09 -05:00
Andrew Tridgell
e89fd49df7 r4757: added the ability of the clisocket level of libcli to handle async
socket connections. This was complicated by a few factors:

 - it meant moving the event context from clitransport to clisocket,
   so lots of structures changed

 - we need to asynchronously handle connection to lists of port
   numbers, not just one port number. The code internally tries each
   port in the list in turn, without ever blocking

 - the man page on how connect() is supposed to work asynchronously
   doesn't work in practice (now why doesn't this surprise me?). The
   getsockopt() for SOL_ERROR is supposed to retrieve the error, but
   in fact the next (unrelated) connect() call on the same socket also
   gets an error, though not the right error. To work around this I
   need to tear down the whole socket between each attempted port. I
   hate posix.

Note that clisocket.c still does a blocking name resolution call in
smbcli_sock_connect_byname(). That will be fixed when we add the async
NBT resolution code.

Also note that I arranged things so that every SMB connection is now
async internally, so using plain smbclient or smbtorture tests all the
async features of this new code.
(This used to be commit 468f8ebbfd)
2007-10-10 13:08:50 -05:00
Stefan Metzmacher
592fce7fb1 r4726: - use the name tcon and tid instead of conn and cnum
- make use of talloc destructors

metze
(This used to be commit 8308da6ce4)
2007-10-10 13:08:48 -05:00
Stefan Metzmacher
fef48c0cc8 r4701: remove debugs
metze
(This used to be commit 9db0d19413)
2007-10-10 13:08:45 -05:00
Andrew Bartlett
28236430f4 r4658: (grr, commited wrong file last time).
We really should have a seperate structure for this (the ARCFOUR
sbox), but for now, get the declaration right.

Andrew Bartlett
(This used to be commit 2e16f3a8d3)
2007-10-10 13:08:39 -05:00
Andrew Tridgell
e74b3ed6f1 r4618: - tidied up the alter_context client code a bit
- there is no alter_nak or alter_ack packet, its all done in an
  alter_response

- auto-allocated the contex_ids

- tried to fix up the dcom code to work again with
  alter_context. Jelmer, please take a look :)
(This used to be commit dd1c54add8)
2007-10-10 13:08:34 -05:00
Andrew Tridgell
6836f5d0b1 r4616: the first phase in the addition of proper support for
dcerpc_alter_context and multiple context_ids in the dcerpc client
library.

This stage does the following:

 - split "struct dcerpc_pipe" into two parts, the main part being "struct dcerpc_connection", which
   contains all the parts not dependent on the context, and "struct dcerpc_pipe" which has
   the context dependent part. This is similar to the layering in libcli_*() for SMB

 - disable the current dcerpc_alter code. I've used a #warning until i
   get the 2nd phase finished. I don't know how portable #warning is, but
   it won't be long before I add full alter context support anyway, so it won't last long

 - cleanup the allocation of dcerpc_pipe structures. The previous code
   was quite awkward.
(This used to be commit 4004c69937)
2007-10-10 13:08:34 -05:00
Andrew Tridgell
11ce2cfd70 r4591: - converted the other _p talloc functions to not need _p
- added #if TALLOC_DEPRECATED around the _p functions

- fixes the code that broke from the above

while doing this I fixed quite a number of places that were
incorrectly using the non type-safe talloc functions to use the type
safe ones. Some were even doing multiplies for array allocation, which
is potentially unsafe.
(This used to be commit 6e7754abd0)
2007-10-10 13:08:30 -05:00
Andrew Tridgell
9278473ea4 r4589: forgot to commit the new NT_STATUS_RPC_PROTSEQ_NOT_SUPPORTED error code
(This used to be commit f4337c988c)
2007-10-10 13:08:30 -05:00
Andrew Tridgell
ddc10d4d37 r4549: got rid of a lot more uses of plain talloc(), instead using
talloc_size() or talloc_array_p() where appropriate.

also fixed a memory leak in pvfs_copy_file() (failed to free a memory
context)
(This used to be commit 89b74b5354)
2007-10-10 13:08:25 -05:00
Andrew Tridgell
cc55aef7c1 r4547: - added talloc_new(ctx) macro that is a neater form of the common talloc(ctx, 0) call.
- cleaned up some talloc usage in various files

I'd like to get to the point that we have no calls to talloc(), at
which point we will rename talloc_p() to talloc(), to encourage
everyone to use the typesafe functions.
(This used to be commit e6c81d7c9f)
2007-10-10 13:08:20 -05:00
Stefan Metzmacher
7ac62a7b13 r4435: add another error code
metze
(This used to be commit 02861f6305)
2007-10-10 13:07:49 -05:00
Stefan Metzmacher
cb25806d8d r4431: add WERR_NET_NAME_NOT_FOUND
metze
(This used to be commit 74e65680fa)
2007-10-10 13:07:48 -05:00
Andrew Tridgell
4d545e09c8 r4202: added smbclient commands "addprivileges" and "delprivileges" for
easily adding/removing privileges from users
(This used to be commit 8764909c05)
2007-10-10 13:07:26 -05:00
Stefan Metzmacher
a7c70d4c5e r4177: add some more error codes
metze
(This used to be commit e624bb5288)
2007-10-10 13:07:23 -05:00
Stefan Metzmacher
4b7960a091 r4084: add some more error codes
metze
(This used to be commit e5db585268)
2007-10-10 13:06:25 -05:00
Andrew Tridgell
ad3ee0a81c r4073: - added a set of lsa helper routines to make lsa lookups that are
related to filesharing. For example, in order to manipulate ACLs
  properly its important to be able to call LookupSids, and to be able
  to lookup what privileges a SID has.

- added 3 new commands to smbclient "lookupname", "lookupsid" and
  "privileges"
(This used to be commit 8780c40f05)
2007-10-10 13:06:23 -05:00
Andrew Tridgell
14c65343b0 r4066: add a mapping for NT_STATUS_NO_MORE_ENTRIES
(This used to be commit 335b1c6a52)
2007-10-10 13:06:22 -05:00
Andrew Tridgell
41999d67c1 r4065: fixed ntstatus->dos error code for NT_STATUS_NO_SUCH_FILE
(This used to be commit 19efd83b86)
2007-10-10 13:06:21 -05:00
Stefan Metzmacher
9112a632f6 r4063: - change char * -> uint8_t in struct request_buffer
- change smbcli_read/write to take void * for the buffers to match read(2)/write(2)

all this fixes a lot of gcc-4 warnings

metze
(This used to be commit b94f92bc66)
2007-10-10 13:06:21 -05:00
Stefan Metzmacher
3129264308 r3910: add some error codes
metze
(This used to be commit 64570b7a47)
2007-10-10 13:06:05 -05:00
Stefan Metzmacher
243b314a23 r3901: fix compiler warnings
metze
(This used to be commit efe840c8b0)
2007-10-10 13:06:03 -05:00
Stefan Metzmacher
ac40a16d6a r3900: fix compiler warning
metze
(This used to be commit f2ff50dfc4)
2007-10-10 13:06:03 -05:00
Stefan Metzmacher
2877f415ae r3899: fix compiler warnings
metze
(This used to be commit b1b47bda01)
2007-10-10 13:06:03 -05:00
Jelmer Vernooij
cc368fa69e r3898: Work towards local/server DCOM support, start working
on Simple example server side implementation
(This used to be commit 98afb504d9)
2007-10-10 13:06:02 -05:00
Andrew Tridgell
5f868bc1ac r3826: - added testing of ea lists in NTTRANS CREATE
- fixed push/pull of chained ea lists

- fixed a bug in the nttrans wire encoding
(This used to be commit fcd0922407)
2007-10-10 13:05:57 -05:00
Stefan Metzmacher
856ee66537 r3810: create a LIB_SECURITY subsystem
- move dom_sid, security_descriptor, security_* funtions to one place
  and rename some of them

metze
(This used to be commit b620bdd672)
2007-10-10 13:05:56 -05:00
Andrew Tridgell
285db33399 r3792: improved the posix -> nt error mapping, so we get things like
NT_STATUS_HOST_UNREACHABLE instead of NT_STATUS_UNSUCCESSFUL
(This used to be commit f2a488e566)
2007-10-10 13:05:54 -05:00
Andrew Bartlett
fd5135a63b r3686: The results of some work on the NETLOGON pipe:
Break out the samsync tests from RPC-NETLOGON into a new RPC-SAMSYNC,
that will cross-verify all the values.

Add support for the way netlogon credentials are shared between the
pipe that sets up schannel and the pipe that is encrypted with it.

Test this support, by calling both NETLOGON and SAMR operations in the
RPC-SCHANNEL test.

Move some of the Netlogon NEG flags into the .idl, now we have an idea
what a few of them really are.

Rename the sam_pwd_hash into a name that has meaning (all other crypto
functions were renamed in Samba4 ages ago).

Break out NTLMv2 functionality for operation on the NT hash - I intend
to do NTLMv2 logins in the samsync test in future, and naturally I
only have the hash.

Andrew Bartlett
(This used to be commit 6e6cc6fb98)
2007-10-10 13:05:43 -05:00
Andrew Bartlett
5805c780dc r3655: As required by the new torture test, add the LM session key output
parameter to SMBNTLMv2encrypt().

Andrew Bartlett
(This used to be commit 75ff351faf)
2007-10-10 13:05:42 -05:00
Andrew Tridgell
9fe5fa11d6 r3545: initial support for using extended attributes to hold extended dos attributes of files.
I decided to use IDL/NDR to encode the attribute, as it gives us a
simple way to describe and extend the saved attributes.

The xattr code needs to hook into quite a few more places in the pvfs
code, but this at least gets the basics done. I will start encoding
alternate data streams streams, DOS EAs etc soon using the same basic
mechanism.

I'll probably stick to "version 1" for the xattr.idl for quite a while
even though it will be changing, as I don't expect anyone to be
deploying this in production just yet. Once we have production users
we will need to keep compatibility by supporting all the old version
numbers in xattr.idl.
(This used to be commit c54253ed1b)
2007-10-10 13:05:30 -05:00
Andrew Tridgell
acc9f59c7f r3476: fixed some const warnings
(This used to be commit 7dc58dc01e)
2007-10-10 13:05:18 -05:00
Andrew Tridgell
3643fb1109 r3463: separated out some more headers (asn_1.h, messages.h, dlinklist.h and ioctl.h)
(This used to be commit b97e395c81)
2007-10-10 13:05:17 -05:00
Andrew Tridgell
a1d0b97ed4 r3462: separate out the crypto includes
(This used to be commit 3f75117db9)
2007-10-10 13:05:16 -05:00
Andrew Tridgell
edbfc0f6e7 r3453: - split out the auth and popt includes
- tidied up some of the system includes

- moved a few more structures back from misc.idl to netlogon.idl and samr.idl now that pidl
  knows about inter-IDL dependencies
(This used to be commit 7b7477ac42)
2007-10-10 13:05:13 -05:00
Andrew Tridgell
ead3508ac8 r3447: more include/system/XXX.h include files
(This used to be commit 264ce91810)
2007-10-10 13:05:12 -05:00
Andrew Tridgell
652b8b34f8 r3441: some include file cleanups and general housekeeping
(This used to be commit 73ea8ee6c2)
2007-10-10 13:05:11 -05:00
Andrew Tridgell
9f1210a243 r3419: moved the libcli/raw structures into libcli/raw/libcliraw.h
and made them private
(This used to be commit 386ac565c4)
2007-10-10 13:05:07 -05:00
Andrew Bartlett
6593327948 r3358: Try to put all the basic struct dom_sid manipulation functions in one
place.  (I always have trouble finding one half or the other).

Andrew Bartlett
(This used to be commit 224b59edba)
2007-10-10 13:05:00 -05:00
Jelmer Vernooij
1331667abf r3331: Add string descriptions for a couple more WERROR's
(This used to be commit 1d374cdeb0)
2007-10-10 13:04:56 -05:00
Andrew Tridgell
e481385391 r3322: fixed a bunch of warnings in the build, including one case where it was a real bug
(This used to be commit 02d5d0f685)
2007-10-10 13:04:55 -05:00
Andrew Tridgell
9d055846f2 r3278: - rewrote the client side rpc connection code to use lib/socket/
rather than doing everything itself. This greatly simplifies the
  code, although I really don't like the socket_recv() interface (it
  always allocates memory for you, which means an extra memcpy in this
  code)

- fixed several bugs in the socket_ipv4.c code, in particular client
  side code used a non-blocking connect but didn't handle EINPROGRESS,
  so it had no chance of working. Also fixed the error codes, using
  map_nt_error_from_unix()

- cleaned up and expanded map_nt_error_from_unix()

- changed interpret_addr2() to not take a mem_ctx. It makes absolutely
  no sense to allocate a fixed size 4 byte structure like this. Dozens
  of places in the code were also using interpret_addr2() incorrectly
  (precisely because the allocation made no sense)
(This used to be commit 7f2c771b0e)
2007-10-10 13:04:49 -05:00
Andrew Tridgell
e1c43f243a r3206: - added the reverse map for ERRbaduid to NT_STATUS_INVALID_HANDLE
- force disable spnego in the RAW-CONTEXT test (it breaks the test)
(This used to be commit 3f247ec21c)
2007-10-10 13:04:41 -05:00
Andrew Tridgell
6b2fc6e2d4 r3197: fixed error code mapping for ENOTDIR
(This used to be commit 2c852539ed)
2007-10-10 13:04:40 -05:00
Andrew Tridgell
651f3903f0 r3131: - make map_nt_error_from_unix() return NT_STATUS_UNSUCCESSFUL if errno is 0
- more consistent checking for system call return values in simple backend
(This used to be commit 375a9a1347)
2007-10-10 13:02:24 -05:00
Stefan Metzmacher
d78ae0b646 r3044: resolve the error code for WERR_DS_OBJ_NOT_FOUND to the name
metze
(This used to be commit c79bbe54b4)
2007-10-10 13:01:53 -05:00
Stefan Metzmacher
9d26f044a3 r2883: set BOOL to the internal values not the wire ones
metze
(This used to be commit ad7b0385cf)
2007-10-10 12:59:42 -05:00
Andrew Tridgell
7d32679e96 r2857: this commit gets rid of smb_ucs2_t, wpstring and fpstring, plus lots of associated functions.
The motivation for this change was to avoid having to convert to/from
ucs2 strings for so many operations. Doing that was slow, used many
static buffers, and was also incorrect as it didn't cope properly with
unicode codepoints above 65536 (which could not be represented
correctly as smb_ucs2_t chars)

The two core functions that allowed this change are next_codepoint()
and push_codepoint(). These functions allow you to correctly walk a
arbitrary multi-byte string a character at a time without converting
the whole string to ucs2.

While doing this cleanup I also fixed several ucs2 string handling
bugs. See the commit for details.

The following code (which counts the number of occuraces of 'c' in a
string) shows how to use the new interface:

size_t count_chars(const char *s, char c)
{
	size_t count = 0;

	while (*s) {
		size_t size;
		codepoint_t c2 = next_codepoint(s, &size);
		if (c2 == c) count++;
		s += size;
	}

	return count;
}
(This used to be commit 814881f0e5)
2007-10-10 12:59:39 -05:00
Stefan Metzmacher
e54cc10f16 r2749: add asn1_read_implicit_Integer()
metze
(This used to be commit a62fbcb30f)
2007-10-10 12:59:30 -05:00
Andrew Tridgell
5b44130afa r2671: we're getting too many errors caused by the talloc_realloc() API not
taking a context (so when you pass a NULL pointer you end up with
memory in a top level context). Fixed it by changing the API to take a
context. The context is only used if the pointer you are reallocing is
NULL.
(This used to be commit 8dc23821c9)
2007-10-10 12:59:20 -05:00
Andrew Bartlett
9a9dcc7250 r2552: Character set conversion and string handling updates.
The intial motivation for this commit was to merge in some of the
bugfixes present in Samba3's chrcnv and string handling code into
Samba4.  However, along the way I found a lot of unused functions, and
decided to do a bit more...

The strlen_m code now does not use a fixed buffer, but more work is
needed to finish off other functions in str_util.c.  These fixed
length buffers hav caused very nasty, hard to chase down bugs at some
sites.

The strupper_m() function has a strupper_talloc() to replace it (we
need to go around and fix more uses, but it's a start).  Use of these
new functions will avoid bugs where the upper or lowercase version of
a string is a different length.

I have removed the push_*_allocate functions, which are replaced by
calls to push_*_talloc.  Likewise, pstring and other 'fixed length'
wrappers are removed, where possible.

I have removed the first ('base pointer') argument, used by push_ucs2,
as the Samba4 way of doing things ensures that this is always on an
even boundary anyway.  (It was used in only one place, in any case).
(This used to be commit dfecb01506)
2007-10-10 12:59:05 -05:00
Andrew Bartlett
5e7259a697 r2535: Make certain, that even if we have invalid ASN.1 here, and the caller does not check the return value, that we don't return uninitialised memory here.
Andrew Bartlett
(This used to be commit 0e081ecb9d)
2007-10-10 12:59:03 -05:00
Andrew Tridgell
ca60193f24 r2520: - finished implementing the server side of the old style search requests
(This used to be commit 4e4859c06b)
2007-10-10 12:59:01 -05:00
Tim Potter
bc8ef3d1b6 r2516: Remove duplicate line.
(This used to be commit dff6262e4f)
2007-10-10 12:59:01 -05:00
Andrew Bartlett
211d3cff2f r2507: Allow a case-insensitive lookup when converting strings into NTSTATUS
values.

Andrew Bartlett
(This used to be commit 59e361f7cc)
2007-10-10 12:59:00 -05:00
Andrew Tridgell
2e55ba2018 r2498: added STATUS_NO_MORE_FILES to nt status codes that we can map to a string
(This used to be commit b719199963)
2007-10-10 12:58:58 -05:00
Stefan Metzmacher
d9d634ce97 r2347: merge LDAP ASN.1 fixes from trunk
metze
(This used to be commit 492a00d909)
2007-10-10 12:58:45 -05:00
Volker Lendecke
3e454a5891 r2173: Fix asn1 BOOLEANs. Thanks to Love Hornquist-Astrand.
Volker
(This used to be commit 53f58c053b)
2007-10-10 12:58:29 -05:00
Stefan Metzmacher
deb288d82e r2166: sync the asn1 stuff with trunk
metze
(This used to be commit 46762c9ee0)
2007-10-10 12:58:28 -05:00
Stefan Metzmacher
0575d5e0d2 r2124: merge from trunk (-r 2123):
Argl. I could never get the naming right. Having the most significant byte at
the lowest memory address is big endian, at least according to the google
search for 'big endian'....

Volker
(This used to be commit bc4c188362)
2007-10-10 12:58:26 -05:00
Stefan Metzmacher
776d90d801 r2122: merge from trunk (-r 2120):
Fix bug found by Love H?\195?\182rnquist ?\195?\133strand: asn1_write_Integer needs to push
stuff little endian.
(This used to be commit 79bee828fb)
2007-10-10 12:58:26 -05:00
Andrew Tridgell
f3d9466469 r2102: fixed a race condition when handling dos errors that are in our
table. Should get rid of the static buffer completely at some point.
(This used to be commit e0bda61112)
2007-10-10 12:58:25 -05:00
Andrew Bartlett
18bbab7268 r2099: Get rid of another private ARCFOUR implementation from the codebase.
Andrew Bartlett
(This used to be commit 0237389ce7)
2007-10-10 12:58:24 -05:00
Andrew Tridgell
35d65298d5 r2037: switched the asn.1 code to use talloc
(This used to be commit c0862278ca)
2007-10-10 12:58:19 -05:00
Andrew Bartlett
dcd43a4cbe r1990: Fix breakage caused by the recent talloc changes. (Failure to process
an SPNEGO login from WinXP at least).

talloc_asprintf_append() lost an argument, but because TALLOC_CTX is
now a void*, this was not picked up by the compiler.

I've tested the login (asn1), but not the registry/gtk changes.

Andrew Bartlett
(This used to be commit 4294be4405)
2007-10-10 12:58:15 -05:00
Stefan Metzmacher
c074e30e2e r1856: - move asn1 functions to asn1.c
- merge some stuff from trunk

metze
(This used to be commit 267edf1c0b)
2007-10-10 12:58:02 -05:00
Stefan Metzmacher
69d6435358 r1851: if we try to peek a subtag, check if the parent tag has remaining data
metze
(This used to be commit 01626ed381)
2007-10-10 12:58:02 -05:00
Simo Sorce
2e28edd233 r1771: OK Let's add tests for ldap.
Thanks to Metze and Volker for their unvaluable support :)
(This used to be commit e6a6c0737a)
2007-10-10 12:57:56 -05:00
Stefan Metzmacher
fa8d37adae r1756: merge volkers ldap client lib to samba4 for simo to start with the
ldap server code

it's not compiled in yet...

metze
(This used to be commit 48939adca1)
2007-10-10 12:57:54 -05:00
Andrew Bartlett
8ed563cfbb r1723: Make sure we bail out on error in reading a OID.
Andrew Bartlett
(This used to be commit 6da7b65851)
2007-10-10 12:57:50 -05:00
Stefan Metzmacher
c5fbb6f23c r1654: rename cli_ -> smbcli_
rename CLI_ -> SMBCLI_

metze
(This used to be commit 8441750fd9)
2007-10-10 12:57:47 -05:00
Andrew Bartlett
f607197054 r1498: (merge from 3.0)
Rework our random number generation system.

On systems with /dev/urandom, this avoids a change to secrets.tdb for every fork().

For other systems, we now only re-seed after a fork, and on startup.
No need to do it per-operation.  This removes the 'need_reseed'
parameter from generate_random_buffer().

This also requires that we start the secrets subsystem, as that is
where the reseed value is stored, for systems without /dev/urandom.

In order to aviod identical streams in forked children, the random
state is re-initialised after the fork(), at the same point were we do
that to the tdbs.

Andrew Bartlett
(This used to be commit b97d3cb2ef)
2007-10-10 12:57:35 -05:00
Andrew Bartlett
b359f5d893 r1352: Add a 'peek' function to our ASN1 code, so we can safely perform the
various switches without looking one byte past te end of the buffer.
(This used to be commit 5bce188d42)
2007-10-10 12:56:52 -05:00
Volker Lendecke
0fa0eaa383 r1342: When fixing _lsa_lookupsids in samba3 I wanted to find out the number of SIDs
w2k3 can handle in a single request. With the samba3 client rpc libs I can do
about 21000 SIDs in a single request. test_many_LookupSIDs with 10000 SIDs
fails on the subsequent request with a NET_WRITE_FAULT. Maybe the Samba4 DCE
people want to take a look at this -- I don't see the problem.

Bug fix: SID components should be treated as unsigned when parsing

Volker
(This used to be commit 8c997a2ad2)
2007-10-10 12:56:51 -05:00
Stefan Metzmacher
25bf685da5 r1274: revert -r 1239 as discussed with abartlet
metze
(This used to be commit 52e2d03825)
2007-10-10 12:56:48 -05:00
Tim Potter
37fcf22364 r1268: varient -> variant
(This used to be commit de5984c956)
2007-10-10 12:56:46 -05:00
Stefan Metzmacher
81db9ef442 r1239: move the old msrpc_<gen|parse>() functions to ndr_<push|pull>_format_blob()
simular to ndr_<push|pull>_struct_blob()

metze
(This used to be commit b25dd341e0)
2007-10-10 12:56:46 -05:00
Andrew Bartlett
be081037e0 r1200: Add 'gensec', our generic security layer.
This layer is used for DCERPC security, as well as ntlm_auth at this
time.  It expect things like SASL and the CIFS layer to use it as
well.

The particular purpose of this layer is to introduce SPENGO, which
needs generic access to the actual implementation mechanisms.

Schannel, due to it's 'interesting' setup properties is in GENSEC, but
is only in the RPC code.

Andrew Bartlett
(This used to be commit 902af49006)
2007-10-10 12:56:44 -05:00
Andrew Bartlett
bf598954f7 r1198: Merge the Samba 3.0 ntlm_auth, including the kerberos and SPENGO parts.
I have moved the SPNEGO and Kerberos code into libcli/auth, and intend
to refactor them into the same format as NTLMSSP.

Andrew Bartlett
(This used to be commit 58da78a746)
2007-10-10 12:56:44 -05:00
Andrew Bartlett
9f38798509 r1129: Remove unused function.
Andrew Bartlett
(This used to be commit 4d23b9e039)
2007-10-10 12:56:39 -05:00
Andrew Bartlett
46c88d561f r1061: The start of the SamLogon call for the NETLOGON pipe.
Changes:

- Check for a valid 'pipe_state' in netr_ServerAuthenticate3 before
  we dereference it

- removes the expansionroom[7] in the netr_SamInfo* structs to 7
individual elements.
- renames netr_SamInfo -> netr_SamInfo2
          netr_SamInfo2 -> netr_SamInfo3
  - Having the thing we always called an 'info3' being 'netr_SamInfo2'
    was just too confusing.

- Expand and fill in extra details about users from the SAM, into
  the server_info, for processing into the SamLogon reply.

- Add a dum_sid_dup() function to duplicate a struct dom_sid

The SamLogon code currently does not return supplementary groups, and is
only tested with Samba4 smbtorture.

Andrew Bartlett
(This used to be commit 6c92563b79)
2007-10-10 12:56:35 -05:00
Andrew Tridgell
8087d844ef r995: - renamed many of our crypto routines to use the industry standard
names rather than our crazy naming scheme. So DES is now called
  des_crypt() rather than smbhash()

- added the code from the solution of the ADS crypto challenge that
  allows Samba to correctly handle a 128 bit session key in all of the
  netr_ServerAuthenticateX() varients. A huge thanks to Luke Howard
  from PADL for solving this one!

- restructured the server side rpc authentication to allow for other
  than NTLMSSP sign and seal. This commit just adds the structure, the
  next commit will add schannel server side support.

- added 128 bit session key support to our client side code, and
  testing against w2k3 with smbtorture. Works well.
(This used to be commit 729b2f41c9)
2007-10-10 12:56:25 -05:00
Andrew Tridgell
dfbf620129 r975: slight improvemet to nt_errstr(), still needs to be fixed properly
(getting rid of the static buffer)
(This used to be commit 86a6236c2a)
2007-10-10 12:56:24 -05:00
Stefan Metzmacher
770e3307ce r962: convert 'unsigned' and 'unsigned int' to uint_t
metze
(This used to be commit 57151e80eb)
2007-10-10 12:56:23 -05:00
Stefan Metzmacher
98d291423f r961: convert 'uchar' to 'uint8_t'
metze
(This used to be commit 9f914e4af9)
2007-10-10 12:56:23 -05:00
Stefan Metzmacher
fa2e9ec311 r960: convert 'unsigned int' to uint_t in the most places
metze
(This used to be commit 18062d2ed9)
2007-10-10 12:56:23 -05:00
Stefan Metzmacher
45e93c19ef r943: change samba4 to use 'uint8_t' instead of 'unsigned char'
metze
(This used to be commit b5378803fd)
2007-10-10 12:56:21 -05:00
Andrew Tridgell
8b3f08cefc r898: - remove some unused macros
- remove unused lib/smbpasswd.c

- don't set the pkt size twice when doing SMB signing
(This used to be commit 69a2942f79)
2007-10-10 12:56:18 -05:00
Stefan Metzmacher
fcd718c7d8 r890: convert samba4 to use [u]int8_t instead of [u]int8
metze
(This used to be commit 2986c5f08c)
2007-10-10 12:56:16 -05:00
Stefan Metzmacher
f88bf54c7f r889: convert samba4 to use [u]int16_t instead of [u]int16
metze
(This used to be commit af6f1f8a01)
2007-10-10 12:56:16 -05:00
Stefan Metzmacher
f9d8f8843d r884: convert samba4 to use [u]int32_t instead of [u]int32
metze
(This used to be commit 0e5517d937)
2007-10-10 12:56:15 -05:00
Andrew Bartlett
5b0ab386cb r874: This patch is a pile of work on NTLMSSP:
Samba's NTLMSSP code is now fully talloc based, which should go a long
way to cleaning up the memory leaks in this code.  This also avoids a
lot of extra copies of data, as we now allocate the 'return' blobs on
a caller-supplied context.

I have also been doing a lot of work towards NTLM2 signing and
sealing.  I have this working for sealing, but not for the verifier
(MD5 integrity check on the stream) which is still incorrect.

(I can aim a rpcecho sinkdata from a Win2k3 box to my server, and the
data arrives intact, but the signature check fails.  It does however
match the test values I have...).

The new torture test is cludged in - when we get a unit test suite
back, I'll happliy put it in the 'right' place....

Andrew Bartlett
(This used to be commit 399e2e2b11)
2007-10-10 12:56:14 -05:00
Andrew Tridgell
579c13da43 r873: converted samba4 to use real 64 bit integers instead of
structures. This was suggested by metze recently.

I checked on the build farm and all the machines we have support 64
bit ints, and support the LL suffix for 64 bit constants. I suspect
some won't support strtoll() and related functions, so we will
probably need replacements for those.
(This used to be commit 9a9244a1c6)
2007-10-10 12:56:14 -05:00
Andrew Tridgell
5767c10773 r718: removed some more unused code, and two source files
(This used to be commit a9768c25fd)
2007-10-10 12:53:44 -05:00
Andrew Bartlett
dce84ffd37 r610: - Merge the Samba3 'ntlm_auth --diagnostics' testsuite to Samba4.
- This required using NETLOGON_NEG_AUTH2_FLAGS for the
    SetupCredentials2 negotiation flags, which is what Samba3 does,
    because otherwise the server uses different crypto.
  - This tests the returned session keys, which we decrypt.

 - Update the Samba4 notion of a 'session key' to be a DATA_BLOB in
   most places.

 - Fix session key code to return NT_STATUS_NO_SESSION_KEY if none is
   available.

 - Remove a useless argument to SMBsesskeygen_ntv1

 - move netr_CredentialState from the .idl to the new credentials.h

Andrew Bartlett
(This used to be commit 44f8b5b53e)
2007-10-10 12:51:51 -05:00
Andrew Bartlett
d8bb3d81a6 r451: More NTLMSSP work.
The work here is trying to get the LM_KEY option for NLTMSSP
operating, however until that functions properly, it is now controlled
by some new smb.conf options, defaulting off.

Andrew Bartlett
(This used to be commit c63eb35b45)
2007-10-10 12:51:43 -05:00
Andrew Bartlett
9f084101dd r443: Update Samba4 to the auth and NTLMSSP code from Samba3.
Not all the auth code is merged - only those parts that are actually
being used in Samba4.

There is a lot more work to do in the NTLMSSP area, and I hope to
develop that work here.  There is a start on this here - splitting
NTLMSSP into two parts that my operate in an async fashion (before and
after the actual authentication)

Andrew Bartlett
(This used to be commit 5876c78806)
2007-10-10 12:51:42 -05:00
Andrew Tridgell
2b9fb9618a r324: - don't reseed on every password generate
- check for overflow (very unlikely) in random buffer generation
(This used to be commit 548ec1efef)
2007-10-10 12:51:32 -05:00
Andrew Tridgell
5f545543f0 r305: - added IDL and test code for samr_RidToSid()
- completed the IDL and test code for the various set user password
  mechanisms in samr. Three password mechanisms are now working, the
  UserInfo24 method, the OemChangePasswordUser2() method (which only
  sets the LM password) and the ChangePasswordUser2() method which sets
  both the LM and NT passwords.

- updated some crypto routines to support the password change tests
(This used to be commit 051efa2abf)
2007-10-10 12:51:19 -05:00
Andrew Tridgell
8fce9e3c54 r275: added IDL and test code for samr_QueryDisplayInfo3(),
samr_AddMultipleMembersToAlias(),
samr_RemoveMultipleMembersFromAlias(), samr_OemChangePasswordUser2(),
and samr_ChangePasswordUser2()

The password change functions don't actually work yet (but should
soon). At this stage I have just completed the IDL for them. Next step
is to get the hash verifiers right and the torture test should be able
to do password changes.
(This used to be commit 849d0d314a)
2007-10-10 12:51:19 -05:00
Andrew Tridgell
b9411f8aca r265: fixed a bug in the string to sid conversion code
(This used to be commit 117aa5cab7)
2007-10-10 12:51:18 -05:00
Andrew Tridgell
ac193579e7 r152: a quick airport commit ....
added ldbedit, a _really_ useful command

added ldbadd, ldbdel, ldbsearch and ldbmodify to build

solved lots of timezone issues, we now pass the torture tests with
client and server in different zones

fixed several build issues

I know this breaks the no-LDAP build. Wait till I arrive in San Jose for that
fix.
(This used to be commit af34710d4d)
2007-10-10 12:51:11 -05:00
Andrew Tridgell
984bfce2d9 r101: added lsa_SetSecret() and lsa_QuerySecret()
this required some crypto infrastructure and some sid utilities
(This used to be commit 37d0efa9c2)
2007-10-10 12:51:06 -05:00
Andrew Tridgell
b087ed4821 r23: get rid of def_finfo
(This used to be commit 25b7ec390a)
2007-10-10 12:50:33 -05:00
Tim Potter
4639eb5a58 Convert libcli routines to use cli_tree instead of cli_state. Port
smbtorture to use the new interface.

Part 2 will be to eliminate cli_state from smbtorture as this is now
the only place where it is used.
(This used to be commit db1cc96af6)
2004-02-08 00:51:07 +00:00
Andrew Tridgell
8b30b0071c * another small API change in the credentials code
* don't use static variables in the smbdes code
(This used to be commit e6e0906464)
2003-12-01 22:13:11 +00:00
Andrew Tridgell
b4b0177fdb added netr_ServerAuthenticate() and test code
I would like the netlogon test suite to eventually do a new domain
join using a fake workstation name, then remove itself afterwards, but
for now I'm assuming we are already joined to the domain when the
testsuite runs. This means you need to use the Samba3 net command to
do a join before running RPC-NETLOGON
(This used to be commit 8c7a9446a0)
2003-12-01 04:13:43 +00:00
Andrew Tridgell
7602aa50fd * got rid of UNISTR2 and everything that depends on it
* removed a bunch of code that needs to be rewritten using the new
    interfaces
(This used to be commit 9b02b486ef)
2003-12-01 00:17:30 +00:00
Andrew Tridgell
e0ac659917 signed DCERPC over TCP now works !
* moved ntlmssp code into libcli/auth/, and updated to latest ntlmssp
   code from samba3 (thanks Andrew! the new interface is great)

 * added signing/ntlmssp support in the dcerpc code

 * added a dcerpc_auth.c module for the various dcerpc auth mechanisms
(This used to be commit c18c9b5585)
2003-11-26 01:16:41 +00:00
Andrew Tridgell
d47d14f2ff reduced the number of magic types we need in mkproto.pl
In general I prefer "struct foo" to just "foo" for most
structures. There are exceptions.
(This used to be commit 04eb12b56c)
2003-11-23 01:53:54 +00:00
Andrew Tridgell
d285c6f14f * add another WERR err code
* use the top-level function argument printing to show more detail in
   RPC-* tests
(This used to be commit 33bb878562)
2003-11-17 11:55:56 +00:00
Andrew Tridgell
ef2e26c91b first public release of samba4 code
(This used to be commit b0510b5428)
2003-08-13 01:53:07 +00:00