1
0
mirror of https://github.com/samba-team/samba.git synced 2025-01-12 09:18:10 +03:00
Commit Graph

141 Commits

Author SHA1 Message Date
Jelmer Vernooij
2f3551ca7c r25446: Merge some changes I made on the way home from SFO:
2007-09-29 More higher-level passing around of lp_ctx.
2007-09-29 Fix warning.
2007-09-29 Pass loadparm contexts on a higher level.
2007-09-29 Avoid using global loadparm context.
(This used to be commit 3468952e77)
2007-10-10 15:07:34 -05:00
Jelmer Vernooij
37d53832a4 r25398: Parse loadparm context to all lp_*() functions.
(This used to be commit 3fcc960839)
2007-10-10 15:07:25 -05:00
Jelmer Vernooij
ffeee68e4b r25026: Move param/param.h out of includes.h
(This used to be commit abe8349f9b)
2007-10-10 15:05:38 -05:00
Stefan Metzmacher
f14bd1a90a r24557: rename 'dcerpc_table_' -> 'ndr_table_'
metze
(This used to be commit 84651aee81)
2007-10-10 15:02:15 -05:00
Andrew Tridgell
0479a2f1cb r23792: convert Samba4 to GPLv3
There are still a few tidyups of old FSF addresses to come (in both s3
and s4). More commits soon.
(This used to be commit fcf38a38ac)
2007-10-10 14:59:12 -05:00
Andrew Bartlett
e473050052 r21175: Fix the kerberos keytab update code to handle deletes.
Fix the join code to know that the ldb layer handles the keytab update.

Andrew Bartlett
(This used to be commit d3fbc089f4)
2007-10-10 14:44:42 -05:00
Volker Lendecke
c2c8650825 r21141: Attempt to fix the build
(This used to be commit 3f41a4b014)
2007-10-10 14:44:33 -05:00
Andrew Bartlett
d2bfa66119 r20964: Show the domain name we figured out, rather than a null pointer (in
some error cases)

Andrew Bartlett
(This used to be commit 4195839d1a)
2007-10-10 14:44:04 -05:00
Andrew Bartlett
7d7d01cf4e r20397: Another user of the DsCrackNames call needs a rename following IDL clarification.
Andrew Bartlett
(This used to be commit 77169958fc)
2007-10-10 14:30:22 -05:00
Andrew Bartlett
728e4e311c r20294: Without this we don't do the ADS join against Win2k3 SP1
Andrew Bartlett
(This used to be commit 7a7f1a9764)
2007-10-10 14:29:33 -05:00
Stefan Metzmacher
ba1be45aa2 r20205: remove unused var
metze
(This used to be commit a77e1bd1b4)
2007-10-10 14:29:22 -05:00
Andrew Bartlett
334f78d206 r20113: Update the DRSUAPI CrackNames test to explore a few more cases, and in
particular to verify more expected results.

Also return more details from the join process.  Now we also return
the machine account's GUID.

Andrew Bartlett
(This used to be commit 5b32f102af)
2007-10-10 14:29:08 -05:00
Andrew Bartlett
e8e61a414a r20102: Do not reference remote_ldb before we initialise it. This should fix
up many of the build farm failures.

Andrew Bartlett
(This used to be commit 924af98ffa)
2007-10-10 14:29:06 -05:00
Andrew Bartlett
1e6807d8a1 r20099: Add some comments, and correct others.
Andrew Bartlett
(This used to be commit d1b1a4c059)
2007-10-10 14:29:05 -05:00
Stefan Metzmacher
542729273c r19934: - allow to pass a samr_UserInfo21 struct to be passed to libnet_SetPassword()
- as the SetUserInfo2() levels 26/25 and 24/23 have the same encryption
  but 26 and 24 change only the password and 25 and 23 take a info21 and change the password,
  we now use 26 with fallback to 24 or 25 with fallback to 23.
- use samr_SetUserInfo2() to match what w2k3 does (works also against nt4)
- pass the info21 to libnet_SetPassword() to set acct_flags and full_name
  together with the password (to match what w2k3 does)

metze
(This used to be commit 1b86af32f3)
2007-10-10 14:28:38 -05:00
Simo Sorce
a9e31b33b5 r19832: better prototypes for the linearization functions:
- ldb_dn_get_linearized
  returns a const string

- ldb_dn_alloc_linearized
  allocs astring with the linearized dn
(This used to be commit 3929c086d5)
2007-10-10 14:28:22 -05:00
Simo Sorce
4889eb9f7a r19831: Big ldb_dn optimization and interfaces enhancement patch
This patch changes a lot of the code in ldb_dn.c, and also
removes and add a number of manipulation functions around.

The aim is to avoid validating a dn if not necessary as the
validation code is necessarily slow. This is mainly to speed up
internal operations where input is not user generated and so we
can assume the DNs need no validation. The code is designed to
keep the data as a string if possible.

The code is not yet 100% perfect, but pass all the tests so far.
A memleak is certainly present, I'll work on that next.

Simo.
(This used to be commit a580c871d3)
2007-10-10 14:28:22 -05:00
Andrew Bartlett
13dbee3ffe r19598: Ahead of a merge to current lorikeet-heimdal:
Break up auth/auth.h not to include the world.

Add credentials_krb5.h with the kerberos dependent prototypes.

Andrew Bartlett
(This used to be commit 2b569c42e0)
2007-10-10 14:25:00 -05:00
Jelmer Vernooij
5a6e2bc9ae r19573: Move secrets.o into param/ (subsystems haven't been integrated yet).
(This used to be commit 8143de855c)
2007-10-10 14:24:55 -05:00
Andrew Bartlett
2ac52f809a r19309: Split out checks for LDB_SUCCESS from checks for the expected number
of returned entries.

Andrew Bartlett
(This used to be commit 84efd9ecd9)
2007-10-10 14:21:06 -05:00
Simo Sorce
59b66744f7 r19299: Fix possible memleaks
(This used to be commit 6fad80bb09)
2007-10-10 14:21:04 -05:00
Andrew Bartlett
57b8c5cd22 r19266: Add a target_hostname element to the binding struct. This allows us
to perform a lookup once, resolve the name to an IP, while still
communicating the full name to the lower layers, for kerberos etc.

This fixes 'net samdump', which was failing due to the schannel target
name being *smbserver.

Andrew Bartlett
(This used to be commit 0546f487f4)
2007-10-10 14:21:00 -05:00
Andrew Bartlett
9ce0de670b r19261: Fix use of unitialised variables. (The binding string is used, if not
NULL).

This showed up in a manual pre-TP3 test of the 'net samdump' code, and
shows the critical need for the windows testing infrustructure on the
build farm.

Andrew Bartlett
(This used to be commit 9cef40779a)
2007-10-10 14:20:59 -05:00
Günther Deschner
e7ede84c33 r18609: error_string should not contain newlines.
Guenther
(This used to be commit 5566667564)
2007-10-10 14:18:56 -05:00
Andrew Bartlett
626d3ad012 r17954: Avoid including \n in error strings (left over from DEBUG() conversion).
Make it easier to debug CrackNames failures.

Andrew Bartlett
(This used to be commit 5dd07074db)
2007-10-10 14:16:56 -05:00
Simo Sorce
a23b63a8e5 r17516: Change helper function names to make more clear what they are meant to do
(This used to be commit ad75cf8695)
2007-10-10 14:15:31 -05:00
Andrew Bartlett
345c9f043f r16226: Fixes for various segfault bugs found against a buggy Samba4. With
the current API we need to check both that the RPC didn't fault, and
that the query succeeded.

Also print the right things in debug messages.

Andrew Bartlett
(This used to be commit d18e515391)
2007-10-10 14:09:06 -05:00
Andrew Bartlett
7f0a396e3b r15504: Revert -r 15500 and -r 15503 until I'm awake, and can get my head
around the mess that is composite functions...

Async might be all the rage, but it's bloody painful to debug.

Andrew Bartlett
(This used to be commit 756e1dad7c)
2007-10-10 14:05:43 -05:00
Andrew Bartlett
5f36534629 r15500: Add support for interactive prompting on bad passwords to the RPC libraries.
This support requires that the bind_ack and alter_ack recv functions
also be send the DCE/RPC fault.  This would be best done by having the
ack run as a normal RPC reply callback, but this isn't easily possible
for now.

Andrew Bartlett
(This used to be commit be6dde22fe)
2007-10-10 14:05:42 -05:00
Rafal Szczesniak
538adbf677 r15435: Turn libnet_RpcConnectDCInfo into another level of libnet_RpcConnect
and make it async. Also, update any other usages of old function.
Build goes fine and so do tests, comments to follow.

rafal
(This used to be commit aef0a2de9d)
2007-10-10 14:05:36 -05:00
Andrew Bartlett
5f4d86f955 r15426: Implement SPNEGO as the default RPC authentication mechanism. Where
this isn't supported, fallback to NTLM.

Also, where we get a failure as 'logon failure', try and do a '3
tries' for the password, like we already do for CIFS.  (Incomplete:
needs a mapping between RPC errors and the logon failure NTSTATUS).

Because we don't yet support Kerberos sign/seal to win2k3 SP1 for
DCE/RPC, disable this (causing SPNEGO to negotiate NTLM) when kerberos
isn't demanded.

Andrew Bartlett
(This used to be commit b3212d1fb9)
2007-10-10 14:05:36 -05:00
Jelmer Vernooij
e002300f23 r15328: Move some functions around, remove dependencies.
Remove some autogenerated headers (which had prototypes now autogenerated by pidl)
Remove ndr_security.h from a few places - it's no longer necessary
(This used to be commit c19c2b51d3)
2007-10-10 14:05:17 -05:00
Stefan Metzmacher
1af925f394 r14860: create libcli/security/security.h
metze
(This used to be commit 9ec706238c)
2007-10-10 13:59:44 -05:00
Andrew Bartlett
d52f31848d r14716: Remove username from debug message, it just causes valgrind assertions.
Andrew Bartlett
(This used to be commit c978fea2a1)
2007-10-10 13:59:12 -05:00
Jelmer Vernooij
4f1c8daa36 r14470: Remove some unnecessary headers.
(This used to be commit f7312dab3b)
2007-10-10 13:57:29 -05:00
Jelmer Vernooij
8528016978 r14464: Don't include ndr_BASENAME.h files unless strictly required, instead
try to include just the BASENAME.h files (containing only structs)
(This used to be commit 3dd477ca51)
2007-10-10 13:57:27 -05:00
Jelmer Vernooij
1060f6b3f6 r14402: Generate seperate headers for RPC client functions.
(This used to be commit 7054ebf024)
2007-10-10 13:57:19 -05:00
Jelmer Vernooij
3f16241a1d r14363: Remove credentials.h from the global includes.
(This used to be commit 98c4c30513)
2007-10-10 13:57:14 -05:00
Jelmer Vernooij
4ac2be9958 r13924: Split more prototypes out of include/proto.h + initial work on header
file dependencies
(This used to be commit 1228358767)
2007-10-10 13:52:24 -05:00
Andrew Bartlett
fc29c3250a r13104: Migrate and set secrets keytab values in the 'net join' code. This
avoids falling back to in-memory keytabs.

Andrew Bartlett
(This used to be commit 59fbce01c6)
2007-10-10 13:51:25 -05:00
Andrew Bartlett
1f72942873 r12976: Patch from Brad Henry <j0j0@riod.ca>:
This patch pulls the AD site name generation and site join code from
libnet/libnet_join.c and puts it into a new file, libnet/libnet_site.c.
This way, a common means for site name, configuration dn and server dn
generation exists so it doesn't need to be rewritten in new code (such
as the future libnet_leave for example).

I've made a couple of changes, but nothing dramatic.  Nice work Brad!

Andrew Bartlett
(This used to be commit 45f67b3f6d)
2007-10-10 13:51:13 -05:00
Andrew Bartlett
243e07cfa2 r12930: Fix ADS join: I wasn't filling in the flag 'realm' variable any more.
Andrew Bartlett
(This used to be commit 5c5a2974c9)
2007-10-10 13:51:08 -05:00
Andrew Bartlett
b15582ed81 r12903: Factor out a new routine libnet_RpcConnectDCInfo, to both connect to
the remote sever, and to query it for domain information.

Provide and use this information in the SamSync/Vampire callbacks, to allow a
parallel connection to LDAP, if we are talking to AD.  This allows us
to get at some important attributes not exposed in the old protocol.

With this, we are able to do a all-GUI vampire of a AD domain from
SWAT, including getting all the SIDs, servicePrincipalNames and the
like correct.

Andrew Bartlett
(This used to be commit 918358cee0)
2007-10-10 13:51:00 -05:00
Andrew Bartlett
d790d8d6ed r12886: Rename 'secure_channel_type' parameter to domain join as 'join_type'.
Andrew Bartlett
(This used to be commit a3b3e09a9a)
2007-10-10 13:50:58 -05:00
Andrew Bartlett
f2df13958c r12883: Fix the build...
Andrew Bartlett
(This used to be commit 8f7d14048f)
2007-10-10 13:50:57 -05:00
Andrew Bartlett
e15136af9e r12882: Allow the netbios name to be specified at all times.
Andrew Bartlett
(This used to be commit f4f4dcf217)
2007-10-10 13:50:57 -05:00
Andrew Bartlett
a5a79e8b8c r12865: Upgrade the librpc and libnet code.
In librpc, always try SMB level authentication, even if trying
schannel, but allow fallback to anonymous.  This should better
function with servers that set restrict anonymous.

There are too many parts of Samba that get, parse and modify the
binding parameters.  Avoid the extra work, and add a binding element
to the struct dcerpc_pipe

The libnet vampire code has been refactored, to reduce extra layers
and to better conform with the standard argument pattern.  Also, take
advantage of the new libnet_Lookup code, so we don't require the silly
'password server' smb.conf parameter.

To better support forcing traffic to be sealed for the vampire
operation, the dcerpc_bind_auth() function now takes an auth level
parameter.

Andrew Bartlett
(This used to be commit d65b354959)
2007-10-10 13:50:55 -05:00
Andrew Bartlett
b135f4467f r12858: This moves the libnet_LookupPdc code to use a GetDC request to find
the remote server's name, or in the absence of a local nbt_server to
communicate with (or without root access), a node status request.

The result is that we are in a better position to use kerberos, as well
as to remove the 'password server' mandatory parameter for the samsync
and samdump commands.  (I need this to put these into SWAT).

The only problem I have is that I must create a messaging context, which
requires a server ID.  As a client process, I don't expect to get
messages, but it is currently required for replies, so I generate a
random() number.  We probably need the servers to accept connections on
streamed sockets too, for client-only tasks that want IRPC.

Because I wanted to test this code, I have put the NET-API-* tests into
our test scripts, to ensure they pass and keep passing.  They are good
frontends onto the libnet system, and I see no reason not to test them.

In doing so the NET-API-RPCCONNECT test was simplified to take a
binding string on the command line, removing duplicate code, and
testing the combinations in the scripts instead.

(I have done a bit of work on the list shares code in libnet_share.c
to make it pass 'make test')

In the future, I would like to extend the libcli/findds.c code (based
off volker's winbind/wb_async_helpers.c, which is why it shows up a bit
odd in the patch) to handle getting multiple name replies, sending a
getdc request to each in turn.

(posted to samba-technical for review, and I'll happily update with
any comments)

Andrew Bartlett
(This used to be commit 7ccddfd351)
2007-10-10 13:50:54 -05:00
Jelmer Vernooij
78c50015bb r12694: Move some headers to the directory of the subsystem they belong to.
(This used to be commit c722f665c9)
2007-10-10 13:49:39 -05:00
Jelmer Vernooij
d4de4c2d21 r12608: Remove some unused #include lines.
(This used to be commit 70e7449318)
2007-10-10 13:49:03 -05:00
Jelmer Vernooij
2cd5ca7d25 r12542: Move some more prototypes out to seperate headers
(This used to be commit 0aca5fd513)
2007-10-10 13:47:55 -05:00
Jelmer Vernooij
acd6a086b3 r12510: Change the DCE/RPC interfaces to take a pointer to a
dcerpc_interface_table struct rather then a tuple of interface
name, UUID and version.

This removes the requirement for having a global list of DCE/RPC interfaces,
except for these parts of the code that use that list explicitly
(ndrdump and the scanner torture test).

This should also allow us to remove the hack that put the authservice parameter
in the dcerpc_binding struct as it can now be read directly from
dcerpc_interface_table.

I will now modify some of these functions to take a dcerpc_syntax_id
structure rather then a full dcerpc_interface_table.
(This used to be commit 8aae0f168e)
2007-10-10 13:47:48 -05:00
Andrew Bartlett
7448b93a2e r12430: Clarify libnet_join code. Add/fix comments.
Andrew Bartlett
(This used to be commit a3372935ee)
2007-10-10 13:47:37 -05:00
Andrew Bartlett
758873b9fb r12423: Remove DEBUG(0) printouts in favor of more information to the caller.
I assume this works better with SWAT and the like anyway.

Andrew Bartlett
(This used to be commit b11975703d)
2007-10-10 13:47:36 -05:00
Andrew Bartlett
8e0948bbad r12421: Handle the case where we are a joining as different account types far better.
Andrew Bartlett
(This used to be commit 0ce82e8a41)
2007-10-10 13:47:35 -05:00
Andrew Bartlett
a1827a1deb r12227: I realised that I wasn't yet seeing authenticated LDAP for the ldb
backend.

The idea is that every time we open an LDB, we can provide a
session_info and/or credentials.  This would allow any ldb to be remote
to LDAP.  We should also support provisioning to a authenticated ldap
server.

(They are separate so we can say authenticate as foo for remote, but
here we just want a token of SYSTEM).

Andrew Bartlett
(This used to be commit ae2f3a64ee)
2007-10-10 13:47:22 -05:00
Andrew Bartlett
9c6b7f2d62 r11995: A big kerberos-related update.
This merges Samba4 up to current lorikeet-heimdal, which includes a
replacement for some Samba-specific hacks.

In particular, the credentials system now supplies GSS client and
server credentials.  These are imported into GSS with
gss_krb5_import_creds().  Unfortunetly this can't take an MEMORY
keytab, so we now create a FILE based keytab as provision and join
time.

Because the keytab is now created in advance, we don't spend .4s at
negprot doing sha1 s2k calls.  Also, because the keytab is read in
real time, any change in the server key will be correctly picked up by
the the krb5 code.

To mark entries in the secrets which should be exported to a keytab,
there is a new kerberosSecret objectClass.  The new routine
cli_credentials_update_all_keytabs() searches for these, and updates
the keytabs.

This is called in the provision.js via the ejs wrapper
credentials_update_all_keytabs().

We can now (in theory) use a system-provided /etc/krb5.keytab, if

krb5Keytab: FILE:/etc/krb5.keytab

is added to the secrets.ldb record.  By default the attribute

privateKeytab: secrets.keytab

is set, pointing to allow the whole private directory to be moved
without breaking the internal links.
(This used to be commit 6b75573df4)
2007-10-10 13:46:56 -05:00
Simo Sorce
5c95905871 r11567: Ldb API change patch.
This patch changes the way lsb_search is called and the meaning of the returned integer.
The last argument of ldb_search is changed from struct ldb_message to struct ldb_result
which contains a pointer to a struct ldb_message list and a count of the number of messages.
The return is not the count of messages anymore but instead it is an ldb error value.

I tryed to keep the patch as tiny as possible bu as you can guess I had to change a good
amount of places. I also tried to double check all my changes being sure that the calling
functions would still behave as before. But this patch is big enough that I fear some bug
may have been introduced anyway even if it passes the test suite. So if you are currently
working on any file being touched please give it a deep look and blame me for any error.

Simo.
(This used to be commit 22c8c97e6f)
2007-10-10 13:45:53 -05:00
Andrew Bartlett
56d3064db6 r11410: Fix rejoin as a BDC by modifying, rather than trying to recreate, the
server reference.

Andrew Bartlett
(This used to be commit 302219928f)
2007-10-10 13:45:33 -05:00
Andrew Bartlett
9bdc1a77f5 r11407: Push 'recreate account' logic into libnet/libnet_join.c. We don't
return the pesky USER_EXISTS 'error' code any more, and it is much
easier to handle this inline.

Andrew Bartlett
(This used to be commit a7eb796cf5)
2007-10-10 13:45:32 -05:00
Andrew Bartlett
900d6fab32 r11349: Actually add all the new spns...
Andrew Bartlett
(This used to be commit 63eede2ad3)
2007-10-10 13:45:22 -05:00
Andrew Bartlett
26fde8dee1 r11348: Fixes for 'net join':
- Add more servicePrincipalNames
 - Always add them, not just for BDC accounts, and not just the first
   time the account is created (it might be an upgrade from an NT4
   account).

This should fix us for being a domain member in ADS again.
(This used to be commit 3821821d4c)
2007-10-10 13:45:21 -05:00
Andrew Bartlett
2a2a350057 r11287: Understand the new behaviour of the LSA pipe on ncacn_ip_tcp in Win2k3 SP1.
Only a few operations are supported (LookupSids3 and LookupNames4),
and these are only supported under schannel.  This appears to be the
operations Win2k3 SP1 uses to verify part of the PAC back to the
server.

The test is setup to pass, but not enforce (so far) this new
behaviour.

Andrew Bartlett
(This used to be commit e15e39866e)
2007-10-10 13:45:13 -05:00
Andrew Bartlett
22a9779328 r11197: indent
(This used to be commit a432ba105c)
2007-10-10 13:45:00 -05:00
Volker Lendecke
17355fbbd4 r11094: Connect to SAM, implement getdcname
(This used to be commit a14398715e)
2007-10-10 13:44:48 -05:00
Andrew Tridgell
a599edf04c r10913: This patch isn't as big as it looks ...
most of the changes are fixes to make all the ldb code compile without
warnings on gcc4. Unfortunately That required a lot of casts :-(

I have also added the start of an 'operational' module, which will
replace the timestamp module, plus add support for some other
operational attributes

In ldb_msg_*() I added some new utility functions to make the
operational module sane, and remove the 'ldb' argument from the
ldb_msg_add_*() functions. That argument was only needed back in the
early days of ldb when we didn't use the hierarchical talloc and thus
needed a place to get the allocation function from. Now its just a
pain to pass around everywhere.

Also added a ldb_debug_set() function that calls ldb_debug() plus sets
the result using ldb_set_errstring(). That saves on some awkward
coding in a few places.
(This used to be commit f6818daecc)
2007-10-10 13:39:41 -05:00
Andrew Bartlett
1377cca5f4 r10810: This adds the hooks required to communicate the current user from the
authenticated session down into LDB.  This associates a session info
structure with the open LDB, allowing a future ldb_ntacl module to
allow/deny operations on that basis.

Along the way, I cleaned up a few things, and added new helper functions
to assist.  In particular the LSA pipe uses simpler queries for some of
the setup.

In ldap_server, I have removed the 'ldasrv:hacked' module, which hasn't
been worked on (other than making it continue to compile) since January,
and I think the features of this module are being put into ldb anyway.

I have also changed the partitions in ldap_server to be initialised
after the connection, with the private pointer used to associate the ldb
with the incoming session.

Andrew Bartlett
(This used to be commit fd7203789a)
2007-10-10 13:39:32 -05:00
Andrew Bartlett
2e3c917957 r10701: Ensure we return the right user handle.
Andrew Bartlett
(This used to be commit 732b247a49)
2007-10-10 13:39:21 -05:00
Andrew Bartlett
b7a47635ca r10696: Return the realm to the caller, not NULL...
Also return an indication of if the join was of a new account, or
reworking an existing account.

Andrew Bartlett
(This used to be commit b6e4b36c4f)
2007-10-10 13:39:20 -05:00
Andrew Bartlett
2ca10397af r10566: Clean up error messages to provide more accurate info.
Andrew Bartlett
(This used to be commit 640815008b)
2007-10-10 13:39:06 -05:00
Andrew Bartlett
5a522b3100 r10486: This is a merge of Brad Henry's 'net join' rework, to better perform
an ADS join, particularly as a DC.  This represents the bulk of his
Google SOC work, and I'm very pleased to intergrate it into the tree.
(Metze will intergrate the DRSUAPI work later).

Both metze and myself have also put a lot of time into this patch, and
in mentoring Brad in general.  In return, Brad has been a very good
student, and has taken the comments well.

Since it's last appearance on samba-technical@, I have made
correctness and valgrind fixups, as well as adding a new 'BINDING'
mode to the libnet_rpc routines.  This allows the exact binding string
to be passed down from the torture code, including options and exact
target host.

Andrew Bartlett
(This used to be commit d6fa105fda)
2007-10-10 13:38:53 -05:00
Simo Sorce
3e4c4cff21 r9391: Convert all the code to use struct ldb_dn to ohandle ldap like distinguished names
Provide more functions to handle DNs in this form
(This used to be commit 692e35b779)
2007-10-10 13:33:32 -05:00
Andrew Bartlett
64cdbaf8f1 r8981: Add comments, fix typos (in attribute names) and check for errors in
SamSync and 'net join'.

Andrew Bartlett
(This used to be commit 257240b0e2)
2007-10-10 13:31:03 -05:00
Andrew Bartlett
1af6537520 r8970: Add 'ADS' join support to Samba4.
We now fill in the servicePrincipalName over LDAP, just like XP does,
and store the kvno in our local db.

Andrew Bartlett
(This used to be commit 5547c4e6f6)
2007-10-10 13:31:01 -05:00
Andrew Bartlett
50468b3dfe r8952: Partial work commit to find the DN of the new machine account - we
will use ldb to add servicePrincipalNames to this.

Andrew Bartlett
(This used to be commit c1f8cab3e3)
2007-10-10 13:30:59 -05:00
Andrew Bartlett
6cec8025b0 r8847: Rework the Samba4 'net join' code. I'm trying to get this closer to
what WinXP does when joining an AD domain, but in the meantime this
removes the excess unions, and uses the LSA pipe in same way XP does.

Andrew Bartlett
(This used to be commit d2789c4260)
2007-10-10 13:30:11 -05:00
Andrew Bartlett
96ead1a02b r8248: Make these comments more accurate.
Andrew Bartlett
(This used to be commit 00e1cf7941)
2007-10-10 13:19:25 -05:00
Stefan Metzmacher
0b92507760 r8232: remove samr_String and netr_String as they are the same as lsa_String
metze
(This used to be commit e601042c07)
2007-10-10 13:19:22 -05:00
Rafal Szczesniak
4fa6a156bc r8077: Propagate changes in rpc connect routine to functions using it
(it's quite common).

rafal
(This used to be commit 798b00c24a)
2007-10-10 13:19:06 -05:00
Andrew Bartlett
4c36a59f43 r7203: Fill in the error message and fail if we can't open the secrets database.
Andrew Bartlett
(This used to be commit 27257170f4)
2007-10-10 13:17:25 -05:00
Andrew Bartlett
cf687fce84 r6525: Remove incorrect comment.
Andrew Bartlett
(This used to be commit 7c8a0d86d4)
2007-10-10 13:16:22 -05:00
Andrew Bartlett
79f6bcd5ae r5988: Fix the -P option (use machine account credentials) to use the Samba4
secrets system, and not the old system from Samba3.

This allowed the code from auth_domain to be shared - we now only
lookup the secrets.ldb in lib/credentials.c.

In order to link the resultant binary, samdb_search() has been moved
from deep inside rpc_server into lib/gendb.c, along with the existing
gendb_search_v().  The vast majority of this patch is the simple
rename that followed,

(Depending on the whole SAMDB for just this function seemed pointless,
and brought in futher dependencies, such as smbencrypt.c).

Andrew Bartlett
(This used to be commit e13c671619)
2007-10-10 13:11:12 -05:00
Andrew Bartlett
d735487aad r5983: Start support for being a domain member in Samba4.
This adds the auth_domain module to the auth subsystem, and cleans up
some small details around the join process (ensuring all the right
info is in the DB).

Andrew Bartlett
(This used to be commit 858cbfb821)
2007-10-10 13:11:12 -05:00
Andrew Bartlett
645711c602 r5941: Commit this patch much earlier than I would normally prefer, but metze needs a working tree...
The main volume of this patch was what I started working on today:
 - Cleans up memory handling around DCE/RPC pipes, to have a parent talloc context.
 - Uses sepereate inner loops for some of the DCE/RPC tests

The other and more important part of this patch fixes issues
surrounding the new credentials framwork:

This makes the struct cli_credentials always a talloc() structure,
rather than on the stack.  Parts of the cli_credentials code already
assumed this.

There were other issues, particularly in the DCERPC over SMB handling,
as well as little things that had to be tidied up before test_w2k3.sh
would start to pass.

Andrew Bartlett
(This used to be commit 0453f9d05d)
2007-10-10 13:11:11 -05:00
Andrew Bartlett
a25443dbeb r5900: Use flatname to specify the netbios domain name (matches what win2k3
uses for trusted domain records) in the secrets join records.

Andrew Bartlett
(This used to be commit a6c502832c)
2007-10-10 13:11:07 -05:00
Simo Sorce
b1b14817ea r5585: LDB interfaces change:
changes:
- ldb_wrap disappears from code and become a private structure of db_wrap.c
  thanks to our move to talloc in ldb code, we do not need to expose it anymore

- removal of ldb_close() function form the code
  thanks to our move to talloc in ldb code, we do not need it anymore
  use talloc_free() to close and free an ldb database

- some minor updates to ldb modules code to cope with the change and fix some
  bugs I found out during the process
(This used to be commit d58be9e74b)
2007-10-10 13:10:55 -05:00
Tim Potter
abc28d66e9 r5364: Rename string fields called 'domain' and 'name' to be 'domain_name'.
(This used to be commit 6749b9404d)
2007-10-10 13:09:46 -05:00
Andrew Tridgell
e82aad1ce3 r5298: - got rid of pstring.h from includes.h. This at least makes it a bit
less likely that anyone will use pstring for new code

 - got rid of winbind_client.h from includes.h. This one triggered a
   huge change, as winbind_client.h was including system/filesys.h and
   defining the old uint32 and uint16 types, as well as its own
   pstring and fstring.
(This used to be commit 9db6c79e90)
2007-10-10 13:09:38 -05:00
Andrew Tridgell
759da3b915 r5037: got rid of all of the TALLOC_DEPRECATED stuff. My apologies for the
large commit. I thought this was worthwhile to get done for
consistency.
(This used to be commit ec32b22ed5)
2007-10-10 13:09:15 -05:00
Andrew Bartlett
8799d6b44c r4762: Store the results of a 'net join' in the LDB.
Like Samba3, the storage of the primary domain password is keyed off
the domain name, so we can join multiple domains, and just swap
'workgroup =' around.

Andrew Bartlett
(This used to be commit 54a231780e)
2007-10-10 13:08:51 -05:00
Andrew Bartlett
335a277662 r4722: Start to add 'net join' to Samba4.
Andrew Bartlett
(This used to be commit a9b9606091)
2007-10-10 13:08:48 -05:00