1
0
mirror of https://github.com/samba-team/samba.git synced 2024-12-24 21:34:56 +03:00
Commit Graph

55 Commits

Author SHA1 Message Date
Jelmer Vernooij
710ea94988 r15297: Move create_security_token() to samdb as it requires SAMDB (and the rest of LIBSECURITY doesn't)
Make the ldb password_hash module only depend on some keys manipulation code, not full heimdal
Some other dependency fixes
(This used to be commit 5b3ab728ed)
2007-10-10 14:05:04 -05:00
Jelmer Vernooij
69b51f702a r15207: Introduce PRIVATE_DEPENDENCIES and PUBLIC_DEPENDENCIES as replacement
for REQUIRED_SUBSYSTEMS.
(This used to be commit adc8a019b6)
2007-10-10 14:04:18 -05:00
Jelmer Vernooij
18cddd580e r14575: Move some path-related functions to libsamba-config so libsamba-util
doesn't have to depend on the lp_* functions.
(This used to be commit f97df7d90a)
2007-10-10 13:58:52 -05:00
Jelmer Vernooij
17ae598141 r13938: Around round of splitups
(This used to be commit 2d655f0528)
2007-10-10 13:52:29 -05:00
Jelmer Vernooij
5c8447773f r12801: Some more include/ cleanups (remove unused macros + move files
to specific dirs)
(This used to be commit 243cf760b0)
2007-10-10 13:49:57 -05:00
Jelmer Vernooij
78c50015bb r12694: Move some headers to the directory of the subsystem they belong to.
(This used to be commit c722f665c9)
2007-10-10 13:49:39 -05:00
Jelmer Vernooij
bc4aebfaec r12670: Make a couple of dependencies stricter
Re-introduce and use the OUTPUT_TYPE property for MODULEs to force
specific modules to always be included
(This used to be commit f9eede3d40)
2007-10-10 13:49:35 -05:00
Jelmer Vernooij
2cd5ca7d25 r12542: Move some more prototypes out to seperate headers
(This used to be commit 0aca5fd513)
2007-10-10 13:47:55 -05:00
Andrew Bartlett
a1827a1deb r12227: I realised that I wasn't yet seeing authenticated LDAP for the ldb
backend.

The idea is that every time we open an LDB, we can provide a
session_info and/or credentials.  This would allow any ldb to be remote
to LDAP.  We should also support provisioning to a authenticated ldap
server.

(They are separate so we can say authenticate as foo for remote, but
here we just want a token of SYSTEM).

Andrew Bartlett
(This used to be commit ae2f3a64ee)
2007-10-10 13:47:22 -05:00
Andrew Bartlett
e5445967bc r11316: Kill off a bit more of the old secrets system...
Andrew Bartlett
(This used to be commit c46ef43224)
2007-10-10 13:45:19 -05:00
Jelmer Vernooij
49839f356f r10513: Reduce some use of pstring. The main reason some parts of the code still
use pstring is next_token() now.
(This used to be commit a5b88bcd42)
2007-10-10 13:38:58 -05:00
Volker Lendecke
9593101ec1 r10491: First step towards wbinfo -t: This issues a name request for the primary
domain and gets the DC's name via a mailslot call.

Metze, I renamed wbsrv_queue_reply to wbsrv_send_reply in accordance with
irpc_send_reply. Having _queue_ here and _send_ there is a bit confusing. And
as everything is async anyway, the semantics should not be too much of a
problem.

Volker
(This used to be commit 4637964b19)
2007-10-10 13:38:54 -05:00
Tim Potter
878e139f09 r9357: Remove DBGC_CLASS cruft copied over from Samba 3. I would like to
replace this with something funkier.
(This used to be commit 8d376d56c7)
2007-10-10 13:33:27 -05:00
Andrew Bartlett
8a68f96f8c r7827: Add in-memory keytab to Samba4, using the new MEMORY_WILDCARD keytab
support in Heimdal.

This removes the 'ext_keytab' step from my Samba4/WinXP client howto.

In doing this work, I realised that the replay cache in Heimdal is
currently a no-op, so I have removed the calls to it, and therefore
the mutex calls from passdb/secrets.c.

This patch also includes a replacement 'magic' mechanism detection,
that does not issue extra error messages from deep inside the GSSAPI
code.

Andrew Bartlett
(This used to be commit c19d5706f4)
2007-10-10 13:18:41 -05:00
Jelmer Vernooij
5b18cf2268 r6795: Make some functions static and remove some unused ones.
(This used to be commit 46509eb899)
2007-10-10 13:16:44 -05:00
Andrew Bartlett
8bf57cf8f5 r6573: Start on my project to implement an NT4 compatible BDC in Samba4.
This brings in a compatability layer for Samba3 in Samba4 - where we
will start to define file formats and similar details.

The 'net samdump' command uses 'password server = ' for now, and
performs a similar task to Samba3's 'net rpc samsync'.

Andrew Bartlett
(This used to be commit 550f17f992)
2007-10-10 13:16:27 -05:00
Tim Potter
ee461300a5 r5781: Fix build.
(This used to be commit 35354456b2)
2007-10-10 13:11:03 -05:00
Simo Sorce
b1b14817ea r5585: LDB interfaces change:
changes:
- ldb_wrap disappears from code and become a private structure of db_wrap.c
  thanks to our move to talloc in ldb code, we do not need to expose it anymore

- removal of ldb_close() function form the code
  thanks to our move to talloc in ldb code, we do not need it anymore
  use talloc_free() to close and free an ldb database

- some minor updates to ldb modules code to cope with the change and fix some
  bugs I found out during the process
(This used to be commit d58be9e74b)
2007-10-10 13:10:55 -05:00
Andrew Tridgell
a5bd1ccada r5307: removed db_wrap.h from includes.h
(This used to be commit 826baec7b3)
2007-10-10 13:09:40 -05:00
Andrew Tridgell
e82aad1ce3 r5298: - got rid of pstring.h from includes.h. This at least makes it a bit
less likely that anyone will use pstring for new code

 - got rid of winbind_client.h from includes.h. This one triggered a
   huge change, as winbind_client.h was including system/filesys.h and
   defining the old uint32 and uint16 types, as well as its own
   pstring and fstring.
(This used to be commit 9db6c79e90)
2007-10-10 13:09:38 -05:00
Andrew Tridgell
fedf0b0d91 r5296: - only include the tdb headers where they are needed
- removed the u32 hack in events.c as I think this was only needed as
  tdb.h defines u32. Metze, can you check that this hack is indeed no
  longer needed on your suse system?
(This used to be commit 6f79432fe6)
2007-10-10 13:09:38 -05:00
Andrew Tridgell
55d4d36993 r5102: This is a major simplification of the logic for controlling top level
servers in smbd. The old code still contained a fairly bit of legacy
from the time when smbd was only handling SMB connection. The new code
gets rid of all of the smb_server specific code in smbd/, and creates
a much simpler infrastructures for new server code.

Major changes include:

 - simplified the process model code a lot.

 - got rid of the top level server and service structures
   completely. The top level context is now the event_context. This
   got rid of service.h and server.h completely (they were the most
   confusing parts of the old code)

 - added service_stream.[ch] for the helper functions that are
   specific to stream type services (services that handle streams, and
   use a logically separate process per connection)

 - got rid of the builtin idle_handler code in the service logic, as
   none of the servers were using it, and it can easily be handled by
   a server in future by adding its own timed_event to the event
   context.

 - fixed some major memory leaks in the rpc server code.

 - added registration of servers, rather than hard coding our list of
   possible servers. This allows for servers as modules in the future.

 - temporarily disabled the winbind code until I add the helper
   functions for that type of server

 - added error checking on service startup. If a configured server
   fails to startup then smbd doesn't startup.

 - cleaned up the command line handling in smbd, removing unused options
(This used to be commit cf6a46c3cb)
2007-10-10 13:09:22 -05:00
Andrew Bartlett
a249198d53 r4682: A LDB-based secrets implementation in Samba4.
This uses LDB (a local secrets.ldb and the global samdb) to fill out
the secrets from an LSA perspective.

Some small changes to come, but the bulk of the work is now done.

A re-provision is required after this change.

Andrew Bartlett
(This used to be commit ded3303352)
2007-10-10 13:08:42 -05:00
Andrew Bartlett
44113c4de1 r4355: More work from the elves on Christmas eve:
- Update Samba4's kerberos code to match the 'salting' changes in
   Samba3 (and many other cleanups by jra).

 - Move GENSEC into the modern era of talloc destructors.  This avoids
   many of the memory leaks in this code, as we now can't somehow
   'forget' to call the end routine.
  - This required fixing some of the talloc hierarchies.

 - The new krb5 seems more sensitive to getting the service name
   right, so start actually setting the service name on the krb5 context.

Andrew Bartlett
(This used to be commit 278bf1a61a)
2007-10-10 13:07:37 -05:00
Stefan Metzmacher
3308087bae r3971: fix compiler warnings
metze
(This used to be commit 234166606d)
2007-10-10 13:06:09 -05:00
Andrew Tridgell
a1d0b97ed4 r3462: separate out the crypto includes
(This used to be commit 3f75117db9)
2007-10-10 13:05:16 -05:00
Andrew Bartlett
98052096e3 r3359: Add magic auto-initialisation hooks here, to match the rest of
secrets.  (Which will, I am assured, go away).

Andrew Bartlett
(This used to be commit 415ba95927)
2007-10-10 13:05:01 -05:00
Andrew Tridgell
304a9eafd4 r3181: shutdown the secrets db on exit so we don't constantly get talloc leak warnings
(This used to be commit 11713da2ef)
2007-10-10 13:04:37 -05:00
Andrew Tridgell
8d1e35e243 r3014: got rid of the old intra-smbd messaging system in preparation for the new one
(This used to be commit 283e38aeb2)
2007-10-10 12:59:57 -05:00
Andrew Tridgell
12ea0fd34c r3005: added talloc wrappers around tdb_open() and ldb_connect(), so that the
caller doesn't have to worry about the constraint of only opening a
database a single time in a process. These wrappers will ensure that
only a single open is done, and will auto-close when the last instance
is gone.

When you are finished with a database pointer, use talloc_free() to
close it.

note that this code does not take account of the threads process
model, and does not yet take account of symlinks or hard links to tdb
files.
(This used to be commit 04e1171996)
2007-10-10 12:59:56 -05:00
Andrew Bartlett
f607197054 r1498: (merge from 3.0)
Rework our random number generation system.

On systems with /dev/urandom, this avoids a change to secrets.tdb for every fork().

For other systems, we now only re-seed after a fork, and on startup.
No need to do it per-operation.  This removes the 'need_reseed'
parameter from generate_random_buffer().

This also requires that we start the secrets subsystem, as that is
where the reseed value is stored, for systems without /dev/urandom.

In order to aviod identical streams in forked children, the random
state is re-initialised after the fork(), at the same point were we do
that to the tdbs.

Andrew Bartlett
(This used to be commit b97d3cb2ef)
2007-10-10 12:57:35 -05:00
Andrew Bartlett
bf598954f7 r1198: Merge the Samba 3.0 ntlm_auth, including the kerberos and SPENGO parts.
I have moved the SPNEGO and Kerberos code into libcli/auth, and intend
to refactor them into the same format as NTLMSSP.

Andrew Bartlett
(This used to be commit 58da78a746)
2007-10-10 12:56:44 -05:00
Stefan Metzmacher
fa2e9ec311 r960: convert 'unsigned int' to uint_t in the most places
metze
(This used to be commit 18062d2ed9)
2007-10-10 12:56:23 -05:00
Andrew Tridgell
f11cc69df3 r826: removed a pile of old code, in preparation for a new ACL handling system. I'd like to get rid of DOM_SID completely soon
(This used to be commit e306e27cf3)
2007-10-10 12:53:53 -05:00
Andrew Bartlett
d12e825042 r685: The SAM is dead! Long live the new SAM! ;-)
This commit kills passdb, which was only hosting the auth subsystem.

With the work tridge has done on Samba4's SAM backend, this can (and
now is) all hosted on ldb.  The auth_sam.c file now references this
backend.

You will need to assign your users passwords in ldb - adding a new line:

unicodePwd: myPass

to a record, using ldbedit, should be sufficient.  Naturally, this
assumes you have had your personal SAMR provisioning tutorial from
tridge.  Everybody else can still use the anonymous logins.

Andrew Bartlett
(This used to be commit 2aa0b55fb8)
2007-10-10 12:53:42 -05:00
Stefan Metzmacher
f236700ef6 r665: merge over the new build system from my tmp branch
to the main SAMBA_4_0 tree.

NOTE: that it's not completely ready, but it's functional:-)

metze
(This used to be commit c78a2ddb28)
2007-10-10 12:53:36 -05:00
Andrew Tridgell
9c07ce7aa4 r506: got rid of unused function secrets_get_trusted_domains()
(This used to be commit bb74a94e26)
2007-10-10 12:51:46 -05:00
Gerald Carter
381a903d00 r42: importing .cvsignore files
(This used to be commit 11717ae912)
2007-10-10 12:50:40 -05:00
Stefan Metzmacher
947f90b881 remove pdb_nisplus, its also removed in samba3, because it was broken
metze
(This used to be commit db0b222202)
2004-02-18 13:17:03 +00:00
Stefan Metzmacher
cc977af616 as I renamed the PDB subsystem to PASSDB, we need to rename
the static init functions of the modules too:-)

metze
(This used to be commit 09839de27c)
2004-02-11 12:45:47 +00:00
Stefan Metzmacher
f5cb6392b3 the subsystem name is 'PASSDB' so name the modules 'passdb_XXX'
metze
(This used to be commit 1516f79749)
2004-02-09 21:57:07 +00:00
Stefan Metzmacher
e7d68c3f7a fix pdb_ldap build if LDAP support was detected
metze
(This used to be commit 3d50b327ce)
2004-02-09 21:04:42 +00:00
Stefan Metzmacher
1c798aba40 - port AUTH and PASSDB subsystems to new
SMB_SUBSYSTEM() scheme

- some const fixes in ntvfs

metze
(This used to be commit af89a78123)
2004-02-03 11:10:56 +00:00
Stefan Metzmacher
26ecaa3226 - move all SMB server stuff to smb_server/*
and create the SMB server subsystem

- remove unused XML and MYSQL configure tests

metze
(This used to be commit 956d212c83)
2004-02-03 05:47:36 +00:00
Andrew Tridgell
24c22aef90 a fairly large commit!
This adds support for bigendian rpc in the client. I have installed
SUN pcnetlink locally and am using it to test the samba4 rpc
code. This allows us to easily find places where we have stuffed up
the types (such as 2 uint16 versus a uint32), as testing both
big-endian and little-endian easily shows which is correct. I have now
used this to fix several bugs like that in the samba4 IDL.

In order to make this work I also had to redefine a GUID as a true
structure, not a blob. From the pcnetlink wire it is clear that it is
indeed defined as a structure (the byte order changes). This required
changing lots of Samba code to use a GUID as a structure.

I also had to fix the if_version code in dcerpc syntax IDs, as it
turns out they are a single uint32 not two uint16s.

The big-endian support is a bit ugly at the moment, and breaks the
layering in some places. More work is needed, especially on the server
side.
(This used to be commit bb1af644a5)
2003-12-16 09:02:58 +00:00
Andrew Tridgell
16309de71d * the RPC-ECHO pipe now works in smbd, as long as the data sizes
don't cause fragmented pdus (I'll add fragments shortly)

 * change data_blob_talloc() to not zero memory when the 2nd argument
   is NULL. The zeroing just masks bugs, and can't even allow a DOS
   attack

 * modified pidl to ensure that [ref] arguments to the out side of
   functions are allocated when parsing the in side. This allows rpc
   backends to assume that [ref] variables are all setup. Doesn't work
   correctly for [ref] arrays yet

 * changed DLIST_ADD_END() to take the type instead of a tmp
   variable. This means you don't need to declare a silly tmp variable in
   the caller
(This used to be commit 46e0a35819)
2003-12-12 03:59:09 +00:00
Andrew Tridgell
3c76426f2e * removed some unused code
* updated tdb to latest version from Samba3

 * removed some extraneous ';' in tdbutil.c (Thanks to Erlend Aasland
   for pointing this out)
(This used to be commit f3eaf270e5)
2003-12-10 03:02:12 +00:00
Jelmer Vernooij
47702c8552 Initial step at cleaning and splitting up configure.in.
(This used to be commit 369a9c1ac1)
2003-12-02 11:10:56 +00:00
Andrew Tridgell
06ae424835 * netr_ServerPasswordSet() now works - the test suite changes the
machine account password.

  * neater handling on value() options in IDL. The auto-print code
    will now display the right value so you don't need to initialise
    it in your C code
(This used to be commit 3dd978b12b)
2003-12-02 00:31:54 +00:00
Andrew Tridgell
8d92b0a392 got rid of more group mapping code
(This used to be commit 2955ce55ee)
2003-12-01 00:29:13 +00:00