14 years agor6247: added the server side code for receiving mailslot requests, and
Andrew Tridgell [Fri, 8 Apr 2005 08:57:09 +0000 (08:57 +0000)]
r6247: added the server side code for receiving mailslot requests, and
parsing incoming netlogon requests. No replies are sent yet.

14 years agor6246: stop waiting when we get a reply
Andrew Tridgell [Fri, 8 Apr 2005 05:46:00 +0000 (05:46 +0000)]
r6246: stop waiting when we get a reply

14 years agor6245: receive and parse the GETDC response in the NBT-DGRAM test. The test
Andrew Tridgell [Fri, 8 Apr 2005 05:34:13 +0000 (05:34 +0000)]
r6245: receive and parse the GETDC response in the NBT-DGRAM test. The test
now tries to bind to port 138 if possible, so if you run it as root
and smbd/nmbd is not running then it works against windows servers

14 years agor6238: Ensure if realloc fails on an internal
Jeremy Allison [Thu, 7 Apr 2005 19:50:54 +0000 (19:50 +0000)]
r6238: Ensure if realloc fails on an internal
tdb we fail gracefully.

14 years agor6229: Back out these changes ...
Richard Sharpe [Wed, 6 Apr 2005 23:22:52 +0000 (23:22 +0000)]
r6229: Back out these changes ...

14 years agor6226: A couple of small typos ...
Richard Sharpe [Wed, 6 Apr 2005 16:48:28 +0000 (16:48 +0000)]
r6226: A couple of small typos ...

14 years agor6223: added a bit more datagram infrastructure and the beginnings of a test
Andrew Tridgell [Wed, 6 Apr 2005 11:17:08 +0000 (11:17 +0000)]
r6223: added a bit more datagram infrastructure and the beginnings of a test
suite. The NBT-DGRAM test does a UDP/138 netlogon request, to which a
windows server sends a reply, but the windows server sends the reply
to the wrong port (it always sends to 138), so the test suite doesn't
see it.

14 years agor6222: fixed the socket wrapper code for getsockname()
Andrew Tridgell [Wed, 6 Apr 2005 10:06:08 +0000 (10:06 +0000)]
r6222: fixed the socket wrapper code for getsockname()

14 years agor6219: This change allows us to fall back to authenticating without
Richard Sharpe [Tue, 5 Apr 2005 19:53:07 +0000 (19:53 +0000)]
r6219: This change allows us to fall back to authenticating without
DCERPC_SCHANNEL_128 if we fail. Thus, it allows us to work with Windows
NT DCs ...

14 years agor6215: Add test for LookupNames. Fix CreateUser2 test.
Tim Potter [Tue, 5 Apr 2005 11:54:53 +0000 (11:54 +0000)]
r6215: Add test for LookupNames.  Fix CreateUser2 test.

14 years agor6214: Fix typo in DomainHandle.OpenUser() function.
Tim Potter [Tue, 5 Apr 2005 11:50:47 +0000 (11:50 +0000)]
r6214: Fix typo in DomainHandle.OpenUser() function.

Implement DomainHandle.LookupNames() function.

UserHandle.DeleteUser() closes the handle so don't try and close it
when the GC destroys the class instance.

14 years agor6213: Add %array_functions for struct samr_String so we can create and
Tim Potter [Tue, 5 Apr 2005 11:48:16 +0000 (11:48 +0000)]
r6213: Add %array_functions for struct samr_String so we can create and
access arrays of them.

14 years agor6212: Treat uint8 and int8's as integers instead of chars. Swig maps a char
Tim Potter [Tue, 5 Apr 2005 11:47:21 +0000 (11:47 +0000)]
r6212: Treat uint8 and int8's as integers instead of chars.  Swig maps a char
to a string when we really want an integer.

14 years agor6211: Use cli_credentials_set_{domain,username,password}() to fill in
Tim Potter [Tue, 5 Apr 2005 09:38:51 +0000 (09:38 +0000)]
r6211: Use cli_credentials_set_{domain,username,password}() to fill in
command line arguments for credentials typemap.  Neat!

14 years agor6210: Call cli_credentials_set_conf() when initialising credentials in
Tim Potter [Tue, 5 Apr 2005 09:18:36 +0000 (09:18 +0000)]
r6210: Call cli_credentials_set_conf() when initialising credentials in
cli_credentials typemap.

14 years agor6209: started added code to support mailslot requests over UDP/138
Andrew Tridgell [Tue, 5 Apr 2005 08:35:02 +0000 (08:35 +0000)]
r6209: started added code to support mailslot requests over UDP/138
datagrams. This adds the IDL to parse mailslot packets, plus mailslot
dispatch and listener registration code.

mailslots are used for UDP/138 browse and netlogon packets

14 years agor6208: Add cli_credentials support for swig wrappers. For the moment it
Tim Potter [Tue, 5 Apr 2005 07:58:02 +0000 (07:58 +0000)]
r6208: Add cli_credentials support for swig wrappers.  For the moment it
only does anonymous connections.

14 years agor6207: - clean up source topdir
Stefan Metzmacher [Tue, 5 Apr 2005 07:03:31 +0000 (07:03 +0000)]
r6207: - clean up source topdir
- move provision stuff to setup/
- remove unused scripts


14 years agor6206: go baack 10 revisions to get DatabaseDeltas, this shows that the bdc only
Stefan Metzmacher [Tue, 5 Apr 2005 06:55:10 +0000 (06:55 +0000)]
r6206: go baack 10 revisions to get DatabaseDeltas, this shows that the bdc only
need one call to get in sync again (except something like NT_STATUS_MORE_ENTRIES is returned)

also the pdc only need to know the current state values


14 years agor6197: fix for my last commit, I removed SPOOLSS_ARCHITECTURE, which was "Architecture"
Stefan Metzmacher [Mon, 4 Apr 2005 17:04:03 +0000 (17:04 +0000)]
r6197: fix for my last commit, I removed SPOOLSS_ARCHITECTURE, which was "Architecture"
(sorry richard:-)

disable lookup for DefaultSpoolDirectory until, I have fixed the parsing when WERR_MORE_DATA
is returned


14 years agor6196: Make the comparisons consistent with in the same expression.
Richard Sharpe [Mon, 4 Apr 2005 16:42:31 +0000 (16:42 +0000)]
r6196: Make the comparisons consistent with in the same expression.

14 years agor6195: I think Metze meant SPOOLSS_ARCHITECTURE_NT_X86, but I could be wrong.
Richard Sharpe [Mon, 4 Apr 2005 16:40:23 +0000 (16:40 +0000)]
r6195: I think Metze meant SPOOLSS_ARCHITECTURE_NT_X86, but I could be wrong.

14 years agor6194: - fix some spoolss_*Form names and types
Stefan Metzmacher [Mon, 4 Apr 2005 15:19:27 +0000 (15:19 +0000)]
r6194: - fix some spoolss_*Form names and types

- fix GetPrinterData(), look inside the datablob

- add idl for RemoteFindFirstChangeNotify(), without meaning yet, just to not return a DCERPC_FAULT
  when receiving this request


14 years agor6193: we don't need to store the handle type here,
Stefan Metzmacher [Mon, 4 Apr 2005 15:15:18 +0000 (15:15 +0000)]
r6193: we don't need to store the handle type here,
it's in handle->wire_handle.handle_type


14 years agor6192: remove handle->destroy function pointer, this should be done by talloc destruc...
Stefan Metzmacher [Mon, 4 Apr 2005 14:58:52 +0000 (14:58 +0000)]
r6192: remove handle->destroy function pointer, this should be done by talloc destructors now


14 years agor6191: fix spoolss_Enum* push code
Stefan Metzmacher [Mon, 4 Apr 2005 14:25:29 +0000 (14:25 +0000)]
r6191: fix spoolss_Enum* push code


14 years agor6190: fix gensize on unions
Stefan Metzmacher [Mon, 4 Apr 2005 14:23:34 +0000 (14:23 +0000)]
r6190: fix gensize on unions


14 years agor6189: move function to the right place
Stefan Metzmacher [Mon, 4 Apr 2005 14:22:28 +0000 (14:22 +0000)]
r6189: move function to the right place


14 years agor6188: correct fix for rev 6182
Stefan Metzmacher [Mon, 4 Apr 2005 05:52:53 +0000 (05:52 +0000)]
r6188: correct fix for rev 6182

we should start with an empty switch_list
in ndr_print as we do for ndr_pull/ndr_push


14 years agor6187: 1. Make sure that we don't try to delete . and .. in a more portable way.
Richard Sharpe [Sun, 3 Apr 2005 21:37:13 +0000 (21:37 +0000)]
r6187: 1. Make sure that we don't try to delete . and .. in a more portable way.

2. Also, don't try to delete directories.

I am not entirely happy with this patch, and the fact that there is a
define for HAVE_SYS_STAT_H suggests that there are some systems for which
stat will not be defined, which means that the patch is not entirely

14 years agor6185: added LIBCLI_DGRAM to the list of libs to be built as part of LIBCLI
Andrew Tridgell [Sun, 3 Apr 2005 04:36:00 +0000 (04:36 +0000)]
r6185: added LIBCLI_DGRAM to the list of libs to be built as part of LIBCLI

14 years agor6184: the beginnings of the libcli/dgram/ library, and the dgram
Andrew Tridgell [Sun, 3 Apr 2005 04:32:37 +0000 (04:32 +0000)]
r6184: the beginnings of the libcli/dgram/ library, and the dgram
server. Currently just listens on port 138 and parses the packets
(using IDL like the rest of NBT). This allows me to develop the
structures and test with real packets

14 years agor6182: Jelmer, I think we need to initialize the switch_list, else we are
Richard Sharpe [Sun, 3 Apr 2005 03:58:45 +0000 (03:58 +0000)]
r6182: Jelmer, I think we need to initialize the switch_list, else we are
crash city.

14 years agor6181: Use ndr_print_set_switch_value() here as well.
Jelmer Vernooij [Sat, 2 Apr 2005 22:46:21 +0000 (22:46 +0000)]
r6181: Use ndr_print_set_switch_value() here as well.

14 years agor6180: Use token_lists for storing switch values
Jelmer Vernooij [Sat, 2 Apr 2005 20:57:27 +0000 (20:57 +0000)]
r6180: Use token_lists for storing switch values

14 years agor6179: - add new spoolss tests for all spoolss_Enum*() calls which didn't need
Stefan Metzmacher [Sat, 2 Apr 2005 06:51:54 +0000 (06:51 +0000)]
r6179: - add new spoolss tests for all spoolss_Enum*() calls which didn't need
  a handle as parameter,


  we now do cross checks between the different info levels
  and sore the results in a global context,
  so that we later can add cross checks between the different object types

- add idl for EnumMonitors and EnumPrintProcessors


14 years agor6178: fix ncacn_np connection without sign or seal against NT4
Stefan Metzmacher [Sat, 2 Apr 2005 06:10:45 +0000 (06:10 +0000)]
r6178: fix ncacn_np connection without sign or seal against NT4


14 years agor6177: Use here documents instead of print() statements to generate the
Tim Potter [Sat, 2 Apr 2005 01:43:54 +0000 (01:43 +0000)]
r6177: Use here documents instead of print() statements to generate the
Makefile fragments for the build system.  This allows the file to be
edited without using quite as many backslashes.  Some are still necessary
for interpolation of perl variables though.

I've diffed the new Makefile against the old and there are only some
extra newlines as a result of making things more consistent.

14 years agor6165: fixed up the userinfo composite code. Fixes include:
Andrew Tridgell [Fri, 1 Apr 2005 11:24:52 +0000 (11:24 +0000)]
r6165: fixed up the userinfo composite code. Fixes include:

- talloc should always be done in the right context. For example, when creating
  the userinfo_state structure, place it inside the composite
  structure, not directly on the pipe. If this isn't done then
  correct cleanup can't happen on errors (as cleanup destroys the top
  level composite context only)

- define private structures like userinfo_state in the userinfo.c
  code, not in the public header

- only keep the parameters we need in the state structure. For
  example, the domain_handle is only needed in the first call, so we
  don't need to keep it around in the state structure, but the level is
  needed in later calls, so we need to keep it

- always initialise [out,ref] parameters in RPC calls. The [ref] part
  means that the call assumes the pointer it has been given is
  valid. If you don't initialise it then you will get a segv on
  recv. This is why the code was dying.

- don't use internal strucrure elements like the pipe
  pipe->conn->pending outside of the internal rpc implementation. That
  is an internal list, trying to use it from external code will cause crashes.

- rpc calls assume that rpc call strucrures remain valid for the
  duration of the call. This means you need to keep the structures
  (such as "struct samr_Close") in the userinfo_state strucrure,
  otherwise it will go out of scope during the async processing

- need to remember to change c->state to SMBCLI_REQUEST_DONE when the
  request has finished in the close handler, otherwise it will loop
  forever trying to close

Mimir, please look at the diff carefully for more detailed info on the fixes

14 years agor6164: More comments in the code.
Rafal Szczesniak [Fri, 1 Apr 2005 08:14:57 +0000 (08:14 +0000)]
r6164: More comments in the code.


14 years agor6159: Move some more general ndr stuff (alignment calculations) to
Jelmer Vernooij [Thu, 31 Mar 2005 22:50:28 +0000 (22:50 +0000)]
r6159: Move some more general ndr stuff (alignment calculations) to

14 years agor6150: fixed a few socket_wrapper bugs.
Andrew Tridgell [Thu, 31 Mar 2005 12:40:12 +0000 (12:40 +0000)]
r6150: fixed a few socket_wrapper bugs.

  - now works properly with UDP, so the NBT tests work
  - fixed byte order in a few places
  - connect() now fails to non-localhost
  - fixed some places that tested for < 0, which should be == -1 (most syscalls
    return -1 on error, not "negative")

14 years agor6148: Add a showflags target to display the various compiler flags a la
Tim Potter [Thu, 31 Mar 2005 02:40:08 +0000 (02:40 +0000)]
r6148: Add a showflags target to display the various compiler flags a la
showlayout.  There seems to be a bunch of -D and -I stuff in LD_FLAGS
which I don't think should be there.

14 years agor6147: The maxfd was being recalculated on every event loop, which made us
Andrew Tridgell [Thu, 31 Mar 2005 02:14:31 +0000 (02:14 +0000)]
r6147: The maxfd was being recalculated on every event loop, which made us
less scalable. It only needs to be recalculated when we the highest fd
is destroyed.

14 years agor6144: Apparently there are more systems that have AF_UNIX then
Jelmer Vernooij [Thu, 31 Mar 2005 00:43:26 +0000 (00:43 +0000)]
r6144: Apparently there are more systems that have AF_UNIX then
AF_LOCAL (we already use AF_UNIX in other places).

14 years agor6143: Put compression support in the subcontext handling functions rather
Jelmer Vernooij [Thu, 31 Mar 2005 00:37:01 +0000 (00:37 +0000)]
r6143: Put compression support in the subcontext handling functions rather
then at the element level.

14 years agor6140: - Add configure option for enabling the socket-wrapper library, so it
Jelmer Vernooij [Wed, 30 Mar 2005 23:28:15 +0000 (23:28 +0000)]
r6140: - Add configure option for enabling the socket-wrapper library, so it
  can be enabled on the buildfarm without requiring --enable-developer
- Support tcp and udp being used on the same port
- FIx some portability issues (should fix the build on
   some hosts on the buildfarm)
- Ignore setting TCP_NODELAY on (semi-)TCP sockets rather then complain about
  it not being supported (saves us from a couple of error messages for each
  connection that is opened)

14 years agor6139: Move socket_wrapper to a seperate directory
Jelmer Vernooij [Wed, 30 Mar 2005 22:09:16 +0000 (22:09 +0000)]
r6139: Move socket_wrapper to a seperate directory

14 years agor6135: - make use of the new dom_sid28 type
Stefan Metzmacher [Wed, 30 Mar 2005 15:07:14 +0000 (15:07 +0000)]
r6135: - make use of the new dom_sid28 type
  (this fixes parsing of w2k blob, which some times have random gargabe data in the sid buffer)

- make the names of the DsReplicaCoursor*Ctr* 's more consistent
  and fix DsGetNCchangesCtr6 parsing


14 years agor6134: add a new type dom_sid28 which is a 28 byte fixed buffer with a dom_sid in it
Stefan Metzmacher [Wed, 30 Mar 2005 15:04:19 +0000 (15:04 +0000)]
r6134: add a new type dom_sid28 which is a 28 byte fixed buffer with a dom_sid in it


14 years agor6132: allow up to 15 sub_auth in a dom_sid
Stefan Metzmacher [Wed, 30 Mar 2005 12:27:01 +0000 (12:27 +0000)]
r6132: allow up to 15 sub_auth in a dom_sid
(tridge: asked me for that commit)


14 years agor6131: decompression of DsGetNCChanges level 2 responses works now
Stefan Metzmacher [Wed, 30 Mar 2005 11:26:02 +0000 (11:26 +0000)]
r6131: decompression of DsGetNCChanges level 2 responses works now
(and the push side isn't used currently...)


14 years agor6130: More work on the NDR tree generator
Jelmer Vernooij [Wed, 30 Mar 2005 11:15:51 +0000 (11:15 +0000)]
r6130: More work on the NDR tree generator

14 years agor6129: - add our own MSZIP decompression implementation
Stefan Metzmacher [Wed, 30 Mar 2005 10:48:52 +0000 (10:48 +0000)]
r6129: - add our own MSZIP decompression implementation
  (taken from cabextract.c from KDE)
  this code maybe need to be rewritten and the
  compression side needs to be done,
  but for now it seems to works

- remove the dependency to zlib


14 years agor6128: fix the build
Stefan Metzmacher [Wed, 30 Mar 2005 04:55:02 +0000 (04:55 +0000)]
r6128: fix the build


14 years agor6118: Make it so that we can do --with-zlib=no in configure and also a couple
Richard Sharpe [Wed, 30 Mar 2005 00:15:16 +0000 (00:15 +0000)]
r6118: Make it so that we can do --with-zlib=no in configure and also a couple
of small typos.

14 years agor6115: don't try to decompress level 7 buffers yet
Stefan Metzmacher [Tue, 29 Mar 2005 13:07:20 +0000 (13:07 +0000)]
r6115: don't try to decompress level 7 buffers yet


14 years agor6114: the marker is const and is 0x434B 'CK'
Stefan Metzmacher [Tue, 29 Mar 2005 10:01:34 +0000 (10:01 +0000)]
r6114: the marker is const and is 0x434B 'CK'


14 years agor6113: Move GENSEC and the kerberos code out of libcli/auth, and into
Andrew Bartlett [Tue, 29 Mar 2005 08:24:03 +0000 (08:24 +0000)]
r6113: Move GENSEC and the kerberos code out of libcli/auth, and into
auth/gensec and auth/kerberos.

This also pulls the kerberos configure code out of libads (which is
otherwise dead), and into auth/kerberos/kerberos.m4

Andrew Bartlett

14 years agor6112: try to decompress all chunks and put them together
Stefan Metzmacher [Tue, 29 Mar 2005 08:10:31 +0000 (08:10 +0000)]
r6112: try to decompress all chunks and put them together

it produces the correct DATA_BLOB length, but only the first chunk is
successfull decompressed...


14 years agor6109: nicer way to handle compression in the torture test
Stefan Metzmacher [Tue, 29 Mar 2005 06:19:44 +0000 (06:19 +0000)]
r6109: nicer way to handle compression in the torture test


14 years agor6101: only allow properties we know about, that helps to catch typos!
Stefan Metzmacher [Mon, 28 Mar 2005 18:28:16 +0000 (18:28 +0000)]
r6101: only allow properties we know about, that helps to catch typos!

what does length_of() and id() do?


14 years agor6100: - fix nondiscriminant -> nodiscriminant (that takes me 2 days to find...:-( )
Stefan Metzmacher [Mon, 28 Mar 2005 18:25:47 +0000 (18:25 +0000)]
r6100: - fix nondiscriminant -> nodiscriminant (that takes me 2 days to find...:-( )

- use a DATA_BLOB for the driver specific data in the devmode


14 years agor6099: use the enum print function
Stefan Metzmacher [Mon, 28 Mar 2005 18:23:54 +0000 (18:23 +0000)]
r6099: use the enum print function


14 years agor6098: fix parsing of empty union cases
Stefan Metzmacher [Mon, 28 Mar 2005 18:22:45 +0000 (18:22 +0000)]
r6098: fix parsing of empty union cases


14 years agor6097: allow compression only on subcontexts
Stefan Metzmacher [Mon, 28 Mar 2005 18:21:13 +0000 (18:21 +0000)]
r6097: allow compression only on subcontexts


14 years agor6094: Work on the Kerberos code recently merged from Samba 3.0. This fixes
Andrew Bartlett [Mon, 28 Mar 2005 06:40:18 +0000 (06:40 +0000)]
r6094: Work on the Kerberos code recently merged from Samba 3.0.  This fixes
up issues I introduced during the merge, that caused a segfault.

I've still not got the keytab code to work for me (using Samba3 to
generate the keytab) so this is still not fully tested, but it's
better than it was.

To add debugging, I now use the krb5_get_error_message() function from
Heimdal when present, to return the custom error string, which
contains far, far more information than the simple error code does.

(This last point may well be worth merging back into 3.0)

Andrew Bartlett

14 years agor6093: Patch to fix sys_select so it can't drop signals if another fd
Jeremy Allison [Mon, 28 Mar 2005 03:31:44 +0000 (03:31 +0000)]
r6093: Patch to fix sys_select so it can't drop signals if another fd
is ready to read. Patch from Mark Weaver <>.

14 years agor6088: Add the socket_wrapper library. This is a very simple library that
Jelmer Vernooij [Mon, 28 Mar 2005 01:00:39 +0000 (01:00 +0000)]
r6088: Add the socket_wrapper library. This is a very simple library that
redirects traffic (currently just IP traffic) over unix domain sockets
if the SOCKET_WRAPPER_DIR environment variable has been set.
Aim is to use this for the Samba4 torture suite on the buildfarm.

The socket_wrapper library can only be used if Samba was compiled with
--enable-developer. passes against a local smbd with SOCKET_WRAPPER_DIR set.
(and ethereal showed no traffic whatsoever)

Stuff that still needs to be fixed in socketwrapper:
 - Give ENETUNREACH if target is not localhost
 - A given port number can only be used for UDP /or/ TCP, not both.
 - Perhaps allow some calls to circumvent socketwrapper (do we need DNS?)

14 years agor6087: - remove the dlopen code for now (before it goes back, it needs to be
Andrew Tridgell [Mon, 28 Mar 2005 00:40:18 +0000 (00:40 +0000)]
r6087: - remove the dlopen code for now (before it goes back, it needs to be
  made into something that isn't a maze of #ifdefs)

- when a module is not found, make it a non-fatal error. Otherwise the standalone ldb
  tools just bail out. The previous code meant that if you had a
  module listed and it wasn't present then you could _never_ fix it,
  as you coudln't open the ldb to remove that module from @MODULES !

14 years agor6086: default to stderr for error messages in ldb, so we get errors in ldb_connect()
Andrew Tridgell [Mon, 28 Mar 2005 00:37:27 +0000 (00:37 +0000)]
r6086: default to stderr for error messages in ldb, so we get errors in ldb_connect()

14 years agor6085: dc is case insensitive
Simo Sorce [Mon, 28 Mar 2005 00:06:13 +0000 (00:06 +0000)]
r6085: dc is case insensitive

14 years agor6084: - Introduce the samldb module dependency on samba4
Simo Sorce [Sun, 27 Mar 2005 23:31:43 +0000 (23:31 +0000)]
r6084: - Introduce the samldb module dependency on samba4
- This module will take care of properly filling an user or group object
  with required fields. You just need to provide the dn and the objectclass
  and a user/group get created


14 years agor6079: Add inline documentation on the credentials context API.
Andrew Bartlett [Sun, 27 Mar 2005 06:55:03 +0000 (06:55 +0000)]
r6079: Add inline documentation on the credentials context API.

Andrew Bartlett

14 years agor6078: Correctly fix the failures for NT1 (not SPNEGO) session setups in the
Andrew Bartlett [Sun, 27 Mar 2005 06:26:00 +0000 (06:26 +0000)]
r6078: Correctly fix the failures for NT1 (not SPNEGO) session setups in the
client.  The issue was actually a cut-and-paste bug, I was filling in
the .old not the .nt1 part of the union.

I've also removed the 'error checks' - I'll shortly document the API
for the credentials code to clarify that it will always return a
pointer here, except in cases of programmer error.

Tridge:  I hope this is OK.

Andrew Bartlett

14 years agor6075: added talloc_enable_null_tracking() (asked for by lifeless)
Andrew Tridgell [Sat, 26 Mar 2005 10:47:44 +0000 (10:47 +0000)]
r6075: added talloc_enable_null_tracking() (asked for by lifeless)

14 years agor6074: fixed non-spnego connections for new credentials code
Andrew Tridgell [Sat, 26 Mar 2005 10:22:02 +0000 (10:22 +0000)]
r6074: fixed non-spnego connections for new credentials code

14 years agor6070: Fix typo's and fallback to "" as default user name if no
Jelmer Vernooij [Sat, 26 Mar 2005 01:08:59 +0000 (01:08 +0000)]
r6070: Fix typo's and fallback to "" as default user name if no
other username could be guessed.

14 years agor6065: revert test value
Stefan Metzmacher [Fri, 25 Mar 2005 23:18:35 +0000 (23:18 +0000)]
r6065: revert test value


14 years agor6061: add start of compression support in our rpc code
Stefan Metzmacher [Fri, 25 Mar 2005 13:40:17 +0000 (13:40 +0000)]
r6061: add start of compression support in our rpc code

this is not complete cuurently...

but I want other people to test it and help me on finishing it.
(try to change the #if 0 in torture/rpc/drsuapi.c into #if 1)


14 years agor6045: Couple of small GTK+ fixes
Jelmer Vernooij [Thu, 24 Mar 2005 20:29:04 +0000 (20:29 +0000)]
r6045: Couple of small GTK+ fixes
Use uint32_t and uint16_t rather then DWORD and WORD in
the NT4 backend. Add some more unknown fields..

14 years agor6033: Patch from 'lifeless' to clarify behaviour with NULL pointers.
Andrew Bartlett [Thu, 24 Mar 2005 08:00:15 +0000 (08:00 +0000)]
r6033: Patch from 'lifeless' to clarify behaviour with NULL pointers.

Andrew Bartlett

14 years agor6032: Fix up SetServerPassword2 on NETLOGON for [bigendian]. Clearly nobody
Andrew Bartlett [Thu, 24 Mar 2005 06:30:38 +0000 (06:30 +0000)]
r6032: Fix up SetServerPassword2 on NETLOGON for [bigendian].  Clearly nobody
has the patience to run to completion :-)

It looks to me that the Windows server runs the RC4 over the C struct,
not the NDR data.

Andrew Bartlett

14 years agor6031: don't try to send errors when the socket has been destroyed
Andrew Tridgell [Thu, 24 Mar 2005 04:53:20 +0000 (04:53 +0000)]
r6031: don't try to send errors when the socket has been destroyed

14 years agor6030: Missing from previous commit, a small header file to link
Andrew Bartlett [Thu, 24 Mar 2005 04:45:41 +0000 (04:45 +0000)]
r6030: Missing from previous commit, a small header file to link
libcli/auth/schannel.c and libcli/auth/schannel_sign.c

Andrew Bartlett

14 years agor6028: A MAJOR update to intergrate the new credentails system fully with
Andrew Bartlett [Thu, 24 Mar 2005 04:14:06 +0000 (04:14 +0000)]
r6028: A MAJOR update to intergrate the new credentails system fully with
GENSEC, and to pull SCHANNEL into GENSEC, by making it less 'special'.

GENSEC now no longer has it's own handling of 'set username' etc,
instead it uses cli_credentials calls.

In order to link the credentails code right though Samba, a lot of
interfaces have changed to remove 'username, domain, password'
arguments, and these have been replaced with a single 'struct

In the session setup code, a new parameter 'workgroup' contains the
client/server current workgroup, which seems unrelated to the
authentication exchange (it was being filled in from the auth info).

This allows in particular kerberos to only call back for passwords
when it actually needs to perform the kinit.

The kerberos code has been modified not to use the SPNEGO provided
'principal name' (in the mechListMIC), but to instead use the name the
host was connected to as.  This better matches Microsoft behaviour,
is more secure and allows better use of standard kerberos functions.

To achieve this, I made changes to our socket code so that the
hostname (before name resolution) is now recorded on the socket.

In schannel, most of the code from librpc/rpc/dcerpc_schannel.c is now
in libcli/auth/schannel.c, and it looks much more like a standard
GENSEC module.  The actual sign/seal code moved to
libcli/auth/schannel_sign.c in a previous commit.

The schannel credentails structure is now merged with the rest of the
credentails, as many of the values (username, workstation, domain)
where already present there.  This makes handling this in a generic
manner much easier, as there is no longer a custom entry-point.

The auth_domain module continues to be developed, but is now just as
functional as auth_winbind.  The changes here are consequential to the
schannel changes.

The only removed function at this point is the RPC-LOGIN test
(simulating the load of a WinXP login), which needs much more work to
clean it up (it contains copies of too much code from all over the
torture suite, and I havn't been able to penetrate its 'structure').

Andrew Bartlett

14 years agor6027: Add copyright, and add a useful debug message.
Andrew Bartlett [Thu, 24 Mar 2005 04:11:39 +0000 (04:11 +0000)]
r6027: Add copyright, and add a useful debug message.

Andrew Bartlett

14 years agor6026: Update the kerberos keytab code to match Samba3 again.
Andrew Bartlett [Thu, 24 Mar 2005 03:36:53 +0000 (03:36 +0000)]
r6026: Update the kerberos keytab code to match Samba3 again.
(untested at this point).

Andrew Bartlett

14 years agor6025: Remove unused variables. This code will be modified again for the new
Andrew Bartlett [Thu, 24 Mar 2005 03:35:51 +0000 (03:35 +0000)]
r6025: Remove unused variables.  This code will be modified again for the new
cli_credentials code shortly.

Andrew Bartlett

14 years agor6024: Some of the ordering constraints on the popt callbacks were getting
Andrew Bartlett [Thu, 24 Mar 2005 03:32:25 +0000 (03:32 +0000)]
r6024: Some of the ordering constraints on the popt callbacks were getting
painful, so don't call lp_*() functions until the post stage (rather
than in the cli_credentails_init(), which is called in the pre stage),
and don't open the secrets.ldb looking for the machine account details
until we actually need them (well after popt is done, and we know we have the other things right).

Set the domain and realm, as well as the account and password for -P
(fetch machine password) operation.

Allow NETLOGON credentials to be stored in this structure - will allow
SCHANNEL to be made more generic.

Clarify why we don't do special checks for NULL pointers, particularly
in the anonymous check (it indicates a programmer error, not a
run-time condition).

Also make lib/credentials.c a little more consistant.

Andrew Bartlett

14 years agor6019: Add IDL and server side code for Test_DoublePointer
Jelmer Vernooij [Thu, 24 Mar 2005 00:58:52 +0000 (00:58 +0000)]
r6019: Add IDL and server side code for Test_DoublePointer

14 years agor6018: Add idl and server side for Test_Surrounding
Jelmer Vernooij [Thu, 24 Mar 2005 00:56:53 +0000 (00:56 +0000)]
r6018: Add idl and server side for Test_Surrounding

14 years agor6015: Add testprogs/ directory and original rpcecho sources
Jelmer Vernooij [Wed, 23 Mar 2005 23:52:38 +0000 (23:52 +0000)]
r6015: Add testprogs/ directory and original rpcecho sources
( from tridges junkcode at )

14 years agor6010: Change the testing order, so we test all transports for each binding
Andrew Bartlett [Wed, 23 Mar 2005 22:15:48 +0000 (22:15 +0000)]
r6010: Change the testing order, so we test all transports for each binding
option, rather than all binding options for each transport.

This means that we get to most of the tests earlier, with at least
some binding options.  (And allows us to have some confidence before
waiting for an RPC-SAMR test to finish with bigendian).

Andrew Bartlett

14 years agor6000: add some notes about the cases where compression (or what ever this is)
Stefan Metzmacher [Wed, 23 Mar 2005 19:24:11 +0000 (19:24 +0000)]
r6000: add some notes about the cases where compression (or what ever this is)
is used, in the reply.


14 years agor5999: ups, remove the testvalue that I used against my w2k3 server
Stefan Metzmacher [Wed, 23 Mar 2005 18:55:12 +0000 (18:55 +0000)]
r5999: ups, remove the testvalue that I used against my w2k3 server


14 years agor5998: I was wrong with the highwater mark...
Stefan Metzmacher [Wed, 23 Mar 2005 18:54:06 +0000 (18:54 +0000)]
r5998: I was wrong with the highwater mark...

I think I now understand how it works:-)


14 years agor5992: Rename schannel.c -> schannel_sign.c. The rest of the schannel code
Andrew Bartlett [Wed, 23 Mar 2005 09:05:40 +0000 (09:05 +0000)]
r5992: Rename schannel.c -> schannel_sign.c.  The rest of the schannel code
(from librpc) will be moved into schannel.c soon.

Andrew Bartlett

14 years agor5989: Display authentication information (list of available auth protocols
Jelmer Vernooij [Wed, 23 Mar 2005 01:42:29 +0000 (01:42 +0000)]
r5989: Display authentication information (list of available auth protocols
+ principal names per endpoint) to gepdump. Still need to fix memory management
in the GTK+ utilities...

14 years agor5988: Fix the -P option (use machine account credentials) to use the Samba4
Andrew Bartlett [Wed, 23 Mar 2005 01:30:43 +0000 (01:30 +0000)]
r5988: Fix the -P option (use machine account credentials) to use the Samba4
secrets system, and not the old system from Samba3.

This allowed the code from auth_domain to be shared - we now only
lookup the secrets.ldb in lib/credentials.c.

In order to link the resultant binary, samdb_search() has been moved
from deep inside rpc_server into lib/gendb.c, along with the existing
gendb_search_v().  The vast majority of this patch is the simple
rename that followed,

(Depending on the whole SAMDB for just this function seemed pointless,
and brought in futher dependencies, such as smbencrypt.c).

Andrew Bartlett