15 years agor1481: add idl file and torture test dummies
Stefan Metzmacher [Tue, 13 Jul 2004 18:05:02 +0000 (18:05 +0000)]
r1481: add idl file and torture test dummies
for DRSUapi (the Active Directory Replication Protocol)

I'll try to fill the idl file as part of a study project
together with some other students...

(This used to be commit 3fc9abcad712c4cc5c9879df0acaa5a19a3d8718)

15 years agor1480: gwsam has unresolved symbols in it
Stefan Metzmacher [Tue, 13 Jul 2004 17:52:29 +0000 (17:52 +0000)]
r1480: gwsam has unresolved symbols in it
(on my SuSE 9.1)

so I disable it for now

(This used to be commit 32d6f86d43394fea11ee5059c884dcaf2736747b)

15 years agor1479: print out domain too
Stefan Metzmacher [Tue, 13 Jul 2004 17:40:28 +0000 (17:40 +0000)]
r1479: print out domain too
(This used to be commit 2758c26ac96a62d7e0853e5d5fa95925ddce3420)

15 years agor1476: Don't print messages about the CCACHE not being found - this is normal.
Andrew Bartlett [Tue, 13 Jul 2004 06:39:55 +0000 (06:39 +0000)]
r1476: Don't print messages about the CCACHE not being found - this is normal.

Andrew Bartlett
(This used to be commit 30d88580efe45dc792f8d5c04f4abe0497d1551c)

15 years agor1475: More kerberos work
Andrew Bartlett [Tue, 13 Jul 2004 05:14:59 +0000 (05:14 +0000)]
r1475: More kerberos work

- We can now connect to hosts that follow the SPNEGO RFC, and *do not*
give us their principal name in the mechListMIC.
 - The client code now remembers the hostname it connects to

- We now kinit for a user, if there is not valid ticket already

- Re-introduce clock skew compensation

 - See if the username in the ccache matches the username specified
 - Use a private ccache, rather then the global one, for a 'new' kinit
 - Determine 'default' usernames.
  - The default for Krb5 is the one in the ccache, then $USER
  - For NTLMSSP, it's just $USER

Andrew Bartlett
(This used to be commit de5da669397db4ac87c6da08d3533ca3030da2b0)

15 years agor1474: It is useful if talloc_strdup() behaves like strdup()
Andrew Bartlett [Tue, 13 Jul 2004 03:23:55 +0000 (03:23 +0000)]
r1474: It is useful if talloc_strdup() behaves like strdup()
 - NULL in, NULL out

Andrew Bartlett
(This used to be commit 2cc0b3a2f1785c53268f018999a87c26539fd4a6)

15 years agor1470: Get the smb_trans2 structure out of the rap_cli_call struct.
Volker Lendecke [Mon, 12 Jul 2004 16:35:48 +0000 (16:35 +0000)]
r1470: Get the smb_trans2 structure out of the rap_cli_call struct.

Initial attempt at RAP server infrastructure. Look at rap_server.c for the
dummy functions that are supposed to implement the core functionality.

ipc_rap.c contains all the data shuffling. _rap_shareenum and _rap_serverenum2
in ipc_rap.c are (I think) regular enough to be auto-generated.

I did not test all the corner cases yet, but nevertheless I would like some
comments on the general style.


P.S: samba-3 smbclient now doesn't freak out anymore, although the results are
not entirely correct :-)
(This used to be commit 08140cc1a838b4eaa23c897b280a46c95b7ef3e0)

15 years agor1469: fix a segfault and compiler warning,
Stefan Metzmacher [Mon, 12 Jul 2004 15:34:34 +0000 (15:34 +0000)]
r1469: fix a segfault and compiler warning,

introduced by the "compiler warning fix" in rev 1460...

(This used to be commit ffb7ba35cdb2fb19b8271a3585eef075948bef9c)

15 years agor1467: disable gensec_krb5 by default till abartlet
Stefan Metzmacher [Mon, 12 Jul 2004 13:53:35 +0000 (13:53 +0000)]
r1467: disable gensec_krb5 by default till abartlet
add the kinit code

(This used to be commit 9a876be76cee3983676d8c89549162b5c4eba8b0)

15 years agor1466: the name "oid" is taken by some silly system headers - avoid it in our code
Andrew Tridgell [Mon, 12 Jul 2004 13:23:01 +0000 (13:23 +0000)]
r1466: the name "oid" is taken by some silly system headers - avoid it in our code
(This used to be commit ea5659b051f95402441e69ba4ce5aea1ed6f5c86)

15 years agor1465: always do a full C prototype, even if its only (void).
Andrew Tridgell [Mon, 12 Jul 2004 13:22:26 +0000 (13:22 +0000)]
r1465: always do a full C prototype, even if its only (void).

this declaration:

int foo();

is *not* the same as this one:

int foo(void);

the first means "I don't know what arguments it takes". The second
means "it takes no arguments"
(This used to be commit 6724932810772a10e7e51d2f6f2b106c02eafb73)

15 years agor1464: the recent build changes completely lost the speed advantage of using
Andrew Tridgell [Mon, 12 Jul 2004 13:20:50 +0000 (13:20 +0000)]
r1464: the recent build changes completely lost the speed advantage of using
PCH (in fact, it meant that PCH was a slowdown, not a speedup). To
gain speed with PCH you must ensure that the .gch file is compiled
with _exactly_ the same options as the normal object files.

this fixes the .gch build options
(This used to be commit 910ca1748648a58daaea6a04d5c96e6c62f79c40)

15 years agor1463: fix the krb5 build
Stefan Metzmacher [Mon, 12 Jul 2004 13:15:53 +0000 (13:15 +0000)]
r1463: fix the krb5 build

(This used to be commit fc8d00b8ab28535da4ec0b7e6931bbf402a37013)

15 years agor1462: GENSEC Kerberos and SPENGO work:
Andrew Bartlett [Mon, 12 Jul 2004 09:11:13 +0000 (09:11 +0000)]
r1462: GENSEC Kerberos and SPENGO work:
 - Spelling - it's SPNEGO, not SPENGO
 - SMB signing - Krb5 logins are now correctly signed
 - SPNEGO - Changes to always tell GENSEC about incoming packets, empty or not.

Andrew Bartlett
(This used to be commit cea578d6f39a2ea4a24e7a0064c95193ab6f6df7)

15 years agor1461: ntlm_check.c is a server-side peice of code, so it belongs in AUTH.
Andrew Bartlett [Mon, 12 Jul 2004 09:07:10 +0000 (09:07 +0000)]
r1461: ntlm_check.c is a server-side peice of code, so it belongs in AUTH.

Andrew Bartlett
(This used to be commit 67ac9600664e93aa2fe9426127313b57ddaec2cf)

15 years agor1460: Avoid a compile warning.
Andrew Bartlett [Mon, 12 Jul 2004 09:02:09 +0000 (09:02 +0000)]
r1460: Avoid a compile warning.

Andrew Bartlett
(This used to be commit 10a973da88441b255eda7cbc263ef5c4f2f0fcae)

15 years agor1458: Add a new configure option, to make it possible to both find errors,
Andrew Bartlett [Mon, 12 Jul 2004 05:50:29 +0000 (05:50 +0000)]
r1458: Add a new configure option, to make it possible to both find errors,
and compile with gtk.

The --enable-developer option was just too noisy with buggy GTK headers.

Andrew Bartlett
(This used to be commit 54c3d98baf3d4f4b6fe40201b50922caf7364285)

15 years agor1457: Add the GSSAPI layer to our gensec_krb5 code.
Andrew Bartlett [Mon, 12 Jul 2004 04:26:50 +0000 (04:26 +0000)]
r1457: Add the GSSAPI layer to our gensec_krb5 code.

Andrew Bartlett
(This used to be commit 893a9a3865d7046d8b1cb0418aaf48b88beefa05)

15 years agor1456: Rename this parameter to avoid shadowing a badly-named GTK global.
Andrew Bartlett [Mon, 12 Jul 2004 02:40:38 +0000 (02:40 +0000)]
r1456: Rename this parameter to avoid shadowing a badly-named GTK global.

Andrew Bartlett
(This used to be commit 39d8949d25793e2602e0ab5ec37e213f9ccae658)

15 years agor1455: More Gtk+ updates:
Jelmer Vernooij [Sun, 11 Jul 2004 20:16:02 +0000 (20:16 +0000)]
r1455: More Gtk+ updates:
 - Start working on 'gwsam'
 - Add GtkSelectDomainDialog and GtkSelectHostDialog
(This used to be commit bea47671aa791f3c4d22263f9444aea1a73f47f1)

15 years agor1454: Today is the day of broken builds, now I get my share ... :-)
Volker Lendecke [Sun, 11 Jul 2004 16:16:02 +0000 (16:16 +0000)]
r1454: Today is the day of broken builds, now I get my share ... :-)

Add a missing file.

(This used to be commit 2bc6147c118a61f7f37f3414cce3df44625ade65)

15 years agor1453: Change the RAP client to use the ndr routines for moving bytes around.
Volker Lendecke [Sun, 11 Jul 2004 14:39:25 +0000 (14:39 +0000)]
r1453: Change the RAP client to use the ndr routines for moving bytes around.

(This used to be commit 1506da85b9e53c71a470b1ef0579e0096451b5a7)

15 years agor1452: Thanks to Volker for spotting that this code was certainly not tested...
Andrew Bartlett [Sun, 11 Jul 2004 12:59:27 +0000 (12:59 +0000)]
r1452: Thanks to Volker for spotting that this code was certainly not tested...

(make sure to actually return the result).

Andrew Bartlett
(This used to be commit 8d449bbe2b9aa29315e894be1400a9475ef99468)

15 years agor1451: More missing files...
Jelmer Vernooij [Sun, 11 Jul 2004 12:51:01 +0000 (12:51 +0000)]
r1451: More missing files...
(This used to be commit 7e9884799e4f450b9693b6e29d7490288ebc969e)

15 years agor1450: Oops.. Missing files :-)
Jelmer Vernooij [Sun, 11 Jul 2004 12:38:27 +0000 (12:38 +0000)]
r1450: Oops.. Missing files :-)
(This used to be commit eaa2940ba039f59e13d44c6e2dda919ed8e388f5)

15 years agor1449: Use the config system somewhat better in libcli/auth
Jelmer Vernooij [Sun, 11 Jul 2004 12:15:58 +0000 (12:15 +0000)]
r1449: Use the config system somewhat better in libcli/auth
(This used to be commit 69de0d95c585c1a73072e921884cbd427c160176)

15 years agor1448: Indent this so proto doesn't pick it up.
Andrew Bartlett [Sun, 11 Jul 2004 12:08:33 +0000 (12:08 +0000)]
r1448: Indent this so proto doesn't pick it up.

Andrew Bartlett
(This used to be commit 1164be10af8e1b47824df391196ec37c395a4040)

15 years agor1447: Fix compile.
Andrew Bartlett [Sun, 11 Jul 2004 11:52:01 +0000 (11:52 +0000)]
r1447: Fix compile.

Andrew Bartlett
(This used to be commit b97ea8a63f044d2c20781c876575978cc4725285)

15 years agor1446: Another funciton to avoid in proto.h
Andrew Bartlett [Sun, 11 Jul 2004 11:48:21 +0000 (11:48 +0000)]
r1446: Another funciton to avoid in proto.h

Andrew Bartlett
(This used to be commit 310a570936c0d2d5af168aeca1b33206622d8355)

15 years agor1445: Ensure get_auth_data_from_tkt doesn't get into proto.h
Andrew Bartlett [Sun, 11 Jul 2004 11:45:56 +0000 (11:45 +0000)]
r1445: Ensure get_auth_data_from_tkt doesn't get into proto.h

Andrew Bartlett
(This used to be commit 159c234589e8e148180217f9ef4853b3031877db)

15 years agor1443: More changes towards Kerberos in Samba4's GENSEC.
Andrew Bartlett [Sun, 11 Jul 2004 10:47:41 +0000 (10:47 +0000)]
r1443: More changes towards Kerberos in Samba4's GENSEC.

The kerberos context is now tied in life to the GENSEC context.

Andrew Bartlett
(This used to be commit 64e99170c3b53a14d7f8d29cf78283f2bc22c1f7)

15 years agor1442: I was going to rename kerberos.c -> kerberos_kinit.c, but didn't.
Andrew Bartlett [Sun, 11 Jul 2004 10:41:44 +0000 (10:41 +0000)]
r1442: I was going to rename kerberos.c -> kerberos_kinit.c, but didn't.


(oh, and this file is somehow marked as binary...)

Andrew Bartlett
(This used to be commit 3e9aa67e3fdd9be18bdead6d45a982d30e5fd5b4)

15 years agor1441: Indentation and comment fixes.
Andrew Bartlett [Sun, 11 Jul 2004 10:38:31 +0000 (10:38 +0000)]
r1441: Indentation and comment fixes.

Andrew Bartlett
(This used to be commit 231e505dea9e9aca28eb336bcbcfb2b7b83c089c)

15 years agor1440: GENSEC improvements:
Andrew Bartlett [Sun, 11 Jul 2004 10:29:54 +0000 (10:29 +0000)]
r1440: GENSEC improvements:
 - Infrustructure for kerberos
 - Don't segfault on un-implemented backend functions
 - Add comments.

Andrew Bartlett
(This used to be commit 1c31aa42710421917428d6ba86328ea5179751bd)

15 years agor1439: Once we are authenticated, always return NT_STATUS_OK. (Makes SPENGO
Andrew Bartlett [Sun, 11 Jul 2004 10:26:50 +0000 (10:26 +0000)]
r1439: Once we are authenticated, always return NT_STATUS_OK. (Makes SPENGO
easier to code, as it may return an 'ok' with an empty blob).

Andrew Bartlett
(This used to be commit e48557158ed99eee7d3ef8231c629bbd14cda9d3)

15 years agor1438: Record the principal name we are sent in the SPENGO mechListMIC in a
Andrew Bartlett [Sun, 11 Jul 2004 10:20:42 +0000 (10:20 +0000)]
r1438: Record the principal name we are sent in the SPENGO mechListMIC in a
seperate char *, not a DATA_BLOB.

This allows us to tell if we were sent a string here, or a real MIC.
(This used to be commit 06b997c826e3ec00e0528da800e3eae0e3497a54)

15 years agor1437: Intermediate commit of krb5 for GENSEC.
Andrew Bartlett [Sun, 11 Jul 2004 10:16:36 +0000 (10:16 +0000)]
r1437: Intermediate commit of krb5 for GENSEC.

The session key in the client is wrong, we don't do signing/sealing
and we are sending raw Kerberos, not GSSAPI.

But it's a start, and if we continue to have to call Krb5 directly,
this will be the basis.

I also intend to provide an alternate implementation, using just

Andrew Bartlett
(This used to be commit eb0dd4a821dc3dbe370aea9a9c9fb05cf2592e4d)

15 years agor1436: Move GENSEC across to
Andrew Bartlett [Sun, 11 Jul 2004 10:07:51 +0000 (10:07 +0000)]
r1436: Move GENSEC across to

Andrew Bartlett
(This used to be commit 2de3a3082344fd292b1084a73a332549d6b2e25d)

15 years agor1435: talloc_steal is very useful - add a function to do it with a DATA_BLOB
Andrew Bartlett [Sun, 11 Jul 2004 06:51:58 +0000 (06:51 +0000)]
r1435: talloc_steal is very useful - add a function to do it with a DATA_BLOB

Andrew Bartlett
(This used to be commit 66d6e2611084d579a20833a4c0daa5d72ef9393c)

15 years agor1434: Merge this function in from Samba 3.0, but use a mem_ctx rather than
Andrew Bartlett [Sun, 11 Jul 2004 06:50:31 +0000 (06:50 +0000)]
r1434: Merge this function in from Samba 3.0, but use a mem_ctx rather than
an fstring.

Andrew Bartlett
(This used to be commit e8de8905b2f328395d71afdd73c77301c9366a66)

15 years agor1433: Properly use GtkTreeView:
Jelmer Vernooij [Sun, 11 Jul 2004 01:42:16 +0000 (01:42 +0000)]
r1433: Properly use GtkTreeView:
 - When a key is selected the values are immediately shown in gregedit
 - Only allow deleting jobs if one is selected.
(This used to be commit afb5f4d765cb15ba8824d8db19879bad83829561)

15 years agor1432: - Move the various Gtk-specific parts from the registry code into a directory...
Jelmer Vernooij [Sun, 11 Jul 2004 01:01:48 +0000 (01:01 +0000)]
r1432: - Move the various Gtk-specific parts from the registry code into a directory gtk/
- Move common "Samba-Gtk" code into gtk/common/ ("Connect to RPC pipe"-dialog, etc)
- Add a new utility 'gwcrontab' that can currently list, delete and add 'atsvc' jobs. It still displays times and dates as integers though, will fix that later.

Some screenshots available at:
(This used to be commit d321cf20f1f0ff33603b013c26d370669f255868)

15 years agor1429: enable spnego in smbclient too.
Stefan Metzmacher [Sat, 10 Jul 2004 10:24:58 +0000 (10:24 +0000)]
r1429: enable spnego in smbclient too.

(This used to be commit ae2e6b58629397d75a3e446ff0c50b594d029206)

15 years agor1426: Fix some of my silly compile errors...
Andrew Bartlett [Fri, 9 Jul 2004 23:38:13 +0000 (23:38 +0000)]
r1426: Fix some of my silly compile errors...

Andrew Bartlett
(This used to be commit c283837556109b9392a8cdcd867e5ae0dac1509b)

15 years agor1423: Make sure to destory the mem_ctx.
Andrew Bartlett [Fri, 9 Jul 2004 13:33:10 +0000 (13:33 +0000)]
r1423: Make sure to destory the mem_ctx.

Andrew Bartlett
(This used to be commit c5a1529d54e6b8ec2bbf7017a2f48d7535f1f016)

15 years agor1422: StrnCaseCmp now needs to be non-static.
Andrew Bartlett [Fri, 9 Jul 2004 13:08:00 +0000 (13:08 +0000)]
r1422: StrnCaseCmp now needs to be non-static.

Andrew Bartlett
(This used to be commit 6709c7010df2912eec3dfc086343cb3cb7910459)

15 years agor1421: fix a uninitialized var (thanks valgrind:-)
Stefan Metzmacher [Fri, 9 Jul 2004 12:29:33 +0000 (12:29 +0000)]
r1421: fix a uninitialized var (thanks valgrind:-)

add a view debug messages

(This used to be commit 79953dccc1f21dbabddff73a4b6d862eace29eb9)

15 years agor1420: be more strict reject if the context has the wrong type
Stefan Metzmacher [Fri, 9 Jul 2004 12:28:38 +0000 (12:28 +0000)]
r1420: be more strict reject if the context has the wrong type

(This used to be commit db19d6047c25698d0c3b7aeaab77b2a02385dbb5)

15 years agor1419: spnego inside of dcerpc using alter_context/alter_context_resp
Stefan Metzmacher [Fri, 9 Jul 2004 12:26:34 +0000 (12:26 +0000)]
r1419: spnego inside of dcerpc using alter_context/alter_context_resp
instead of auth3

(This used to be commit 19b0567ee533744a0f2778bf8549636a25d96526)

15 years agor1418: Merge Samba 3.0's recent kerberos changes into Samba4. None of this
Andrew Bartlett [Fri, 9 Jul 2004 11:46:42 +0000 (11:46 +0000)]
r1418: Merge Samba 3.0's recent kerberos changes into Samba4.  None of this
is used yet.

Andrew Bartlett
(This used to be commit 7596f311c9a18314716f64476030ce3dfcdd98bb)

15 years agor1409: if we have no user name don't use extended security
Stefan Metzmacher [Thu, 8 Jul 2004 18:32:53 +0000 (18:32 +0000)]
r1409: if we have no user name don't use extended security

the capabilities in the union smb_sesssetup should be used to decide
if we can use extented security

(This used to be commit e3760fcc17cc645d942f0fc7f7325976391309ea)

15 years agor1406: I got spnego in the smb client working
Stefan Metzmacher [Thu, 8 Jul 2004 18:03:14 +0000 (18:03 +0000)]
r1406: I got spnego in the smb client working

so I set 'use spnego = True'

(This used to be commit e06898f88c82c286574f9d73de1a9de829b1ded8)

15 years agor1403: commit volkers initial RAP torture test
Stefan Metzmacher [Thu, 8 Jul 2004 16:41:10 +0000 (16:41 +0000)]
r1403: commit volkers initial RAP torture test

we'll try to autogenerate the specific calls in future by pidl
and create a new subsystem for the rap lib

after that the server side will be added

(This used to be commit f1bbde6bb4790f915c1fdbb53f6452c5ea454936)

15 years agor1402: we should prompt for a password if it's not given by -U
Stefan Metzmacher [Thu, 8 Jul 2004 16:35:50 +0000 (16:35 +0000)]
r1402: we should prompt for a password if it's not given by -U

(This used to be commit acde1358c940ed159a67e433e662c255103a1a02)

15 years agor1377: add examples for sections
Stefan Metzmacher [Wed, 7 Jul 2004 13:35:15 +0000 (13:35 +0000)]
r1377: add examples for sections

so you want/need to use the new build system
just look at the top of build/smb_build/public.m4

and look at the examples in the rest of the tree

(This used to be commit afe2efd1437a7951d2ed6fcf7b4e06fdd4b95beb)

15 years agor1374: Fix signed/unsigned warnings (actually found by g++) after unsigned int
Tim Potter [Wed, 7 Jul 2004 01:02:54 +0000 (01:02 +0000)]
r1374: Fix signed/unsigned warnings (actually found by g++) after unsigned int
changes in r1018.
(This used to be commit 45b4016530fc0bfa13146f73a503866b5dbed517)

15 years agor1372: Remove the 'default' case from the SPENGO state machine, and fix up
Andrew Bartlett [Tue, 6 Jul 2004 23:20:23 +0000 (23:20 +0000)]
r1372: Remove the 'default' case from the SPENGO state machine, and fix up
some compiler warnings that allowed us to see.

Andrew Bartlett
(This used to be commit 1a6c2018dd49519e6fccdd5a7f35d70b67d45275)

15 years agor1367: SPNEGO know uses gensec_subcontext_start() in all places
Stefan Metzmacher [Tue, 6 Jul 2004 18:53:12 +0000 (18:53 +0000)]
r1367: SPNEGO know uses gensec_subcontext_start() in all places

(This used to be commit f7379324025c599cd201ce6d0905f0ca2c24ce73)

15 years agor1366: handle the case where the client need to send the negTokenInit before
Stefan Metzmacher [Tue, 6 Jul 2004 18:07:00 +0000 (18:07 +0000)]
r1366: handle the case where the client need to send the negTokenInit before
getting something from the server.
(this is needed by SPNEGO in dcerpc)

(This used to be commit ec978555f0bd612b80dfa49ccc880a3858285879)

15 years agor1365: in SPNEGO_SERVER_TARG we should not check the spnego_negResult
Stefan Metzmacher [Tue, 6 Jul 2004 17:58:56 +0000 (17:58 +0000)]
r1365: in SPNEGO_SERVER_TARG we should not check the spnego_negResult
because the client don't send this

(This used to be commit b1217a4ef6592082bb02fd0596a0563bacdf1d8e)

15 years agor1364: the SPNEGO_SERVER_TARG state is different from the SPNEGO_CLIENT_TARG
Stefan Metzmacher [Tue, 6 Jul 2004 17:53:44 +0000 (17:53 +0000)]
r1364: the SPNEGO_SERVER_TARG state is different from the SPNEGO_CLIENT_TARG

the client checks but not send spnego_negResult

(This used to be commit 49e4d375e9504f595aaa64ac62ddb421f082c424)

15 years agor1363: add SPNEGO_NONE_RESULT as spnego_negResult value
Stefan Metzmacher [Tue, 6 Jul 2004 17:46:47 +0000 (17:46 +0000)]
r1363: add SPNEGO_NONE_RESULT as spnego_negResult value
this should indicate that we don't send a spnego_negResult t all over the wire

(This used to be commit 69d685d81784e5fb33e41d3244498ac620a2f5f0)

15 years agor1360: - remove unused state SPNEGO_CLIENT_SEND_MECHS
Stefan Metzmacher [Tue, 6 Jul 2004 15:03:31 +0000 (15:03 +0000)]
r1360: - remove unused state SPNEGO_CLIENT_SEND_MECHS

- remove unsed gensec_user forward, it's done by the gensec layer know

(This used to be commit e19e5a91f2fd988546f42473bf241dff3c2fe198)

15 years agor1359: fix uninit var - found by valgrind
Stefan Metzmacher [Tue, 6 Jul 2004 14:42:07 +0000 (14:42 +0000)]
r1359: fix uninit var - found by valgrind

(This used to be commit 264afea9ec3ada4df51e5f5de4c0b977024af40b)

15 years agor1358: Re-indent the SPENGO implementation, and work on the basis of a
Andrew Bartlett [Tue, 6 Jul 2004 03:02:33 +0000 (03:02 +0000)]
r1358: Re-indent the SPENGO implementation, and work on the basis of a
switch, rather than a series of if statements.

Also start to use the GENSEC subcontexts, and add some comments
explaining some of the 'odd' logic in parts.

I'll probably break these out into subfunctions soon.

Thanks to metze for getting me to do this :-)

Andrew Bartlett
(This used to be commit 73e03596d3b2ad5927e8154d0fbfbdae9ec3f717)

15 years agor1357: Work on GENSEC:
Andrew Bartlett [Tue, 6 Jul 2004 02:59:05 +0000 (02:59 +0000)]
r1357: Work on GENSEC:

 - Add the concept of a 'subcontext' into gensec, so that the spengo
   code doesn't have to figure out how to make one.
   (A subcontext inherits the username, domain, password (or callback)
   from the main context).

 - Add comments to some other routines, and explain a bit about what
   the various 'start' functions are for.

Andrew Bartlett
(This used to be commit 7aedbfbdd92b4ca93cbd0babff16e7526201ee88)

15 years agor1356: Fix logic bugs in ntlm_auth.
Andrew Bartlett [Tue, 6 Jul 2004 02:56:26 +0000 (02:56 +0000)]
r1356: Fix logic bugs in ntlm_auth.

Andrew Bartlett
(This used to be commit 871e98ce5771bc96527f7ad4da07a7d6c1ae1c3c)

15 years agor1355: Add const (I missed this when I changed the function prototype earlier)
Andrew Bartlett [Tue, 6 Jul 2004 02:54:06 +0000 (02:54 +0000)]
r1355: Add const (I missed this when I changed the function prototype earlier)

Andrew Bartlett
(This used to be commit dbe484a0c2c1ef99b71621208fb3fec68fe4fada)

15 years agor1354: Make it clear that the first gensec_update takes a NULL data_blob.
Andrew Bartlett [Tue, 6 Jul 2004 02:20:45 +0000 (02:20 +0000)]
r1354: Make it clear that the first gensec_update takes a NULL data_blob.

Andrew Bartlett
(This used to be commit 842a5dfc1f313b771fef14a484be6eea8c6eedf8)

15 years agor1353: Fix compile with new ASN1 peek code.
Andrew Bartlett [Tue, 6 Jul 2004 02:18:24 +0000 (02:18 +0000)]
r1353: Fix compile with new ASN1 peek code.

Andrew Bartlett
(This used to be commit 9039a2a1128d8af278cae76c0aa6d5362b3671e4)

15 years agor1352: Add a 'peek' function to our ASN1 code, so we can safely perform the
Andrew Bartlett [Tue, 6 Jul 2004 01:28:12 +0000 (01:28 +0000)]
r1352: Add a 'peek' function to our ASN1 code, so we can safely perform the
various switches without looking one byte past te end of the buffer.
(This used to be commit 5bce188d429b4166f3d0314922ae40204de182a7)

15 years agor1351: add derpc spengo wrapper
Stefan Metzmacher [Tue, 6 Jul 2004 01:16:57 +0000 (01:16 +0000)]
r1351: add derpc spengo wrapper
not yet used and not working because of bugs in the gensec spnego code

(This used to be commit b9795ed5735ad88a2ba9608d3d8804edf77e4cd4)

15 years agor1350: - init nt_status- found by valgrind
Stefan Metzmacher [Tue, 6 Jul 2004 01:03:36 +0000 (01:03 +0000)]
r1350: - init nt_status- found by valgrind

- set auth_type = DCERPC_AUTH_TYPE_SPNEGO

(This used to be commit 7354521f3cfaa2ead8fac38a68b7704d43731f72)

15 years agor1349: don't segfault with empty data_blob
Stefan Metzmacher [Tue, 6 Jul 2004 01:01:39 +0000 (01:01 +0000)]
r1349: don't segfault with empty data_blob

(This used to be commit a826accd55e90cb0628f198886ba1ae6c845e68b)

15 years agor1348: get gensec backend by OID instead of name
Stefan Metzmacher [Tue, 6 Jul 2004 00:22:27 +0000 (00:22 +0000)]
r1348: get gensec backend by OID instead of name

(This used to be commit 38e00f87191b86901b603e66aec1e7e71f74c29f)

15 years agor1347: - remove typedef
Stefan Metzmacher [Tue, 6 Jul 2004 00:15:39 +0000 (00:15 +0000)]
r1347: - remove typedef

- pass down gensec_user to the sub context

- if segfault when mechType is NULL

(This used to be commit 3f84263c27add3bf01eea88618f707da925bed5c)

15 years agor1346: revert my last spnego changes
Stefan Metzmacher [Tue, 6 Jul 2004 00:09:10 +0000 (00:09 +0000)]
r1346: revert my last spnego changes

(This used to be commit 7b8237bfb3c302a448a7db0236c0a953603dcd89)

15 years agor1345: add extended security spnego support to the smb client
Stefan Metzmacher [Mon, 5 Jul 2004 23:28:49 +0000 (23:28 +0000)]
r1345: add extended security spnego support to the smb client

set lp_use_spnego = False, because I can't get it working yet
but I commit it so others can help me

(This used to be commit 2445cceba9ab9bd928c8bc50927a39509e4526b0)

15 years agor1344: add gensec_start_mech_by_name()
Stefan Metzmacher [Mon, 5 Jul 2004 23:26:07 +0000 (23:26 +0000)]
r1344: add gensec_start_mech_by_name()

some gensec spnego fixes
(NULL pointer and length checks)

(This used to be commit 41ff6d0cd47f6295fe7fe1d31fec7306416ce199)

15 years agor1343: formating
Stefan Metzmacher [Mon, 5 Jul 2004 23:23:01 +0000 (23:23 +0000)]
r1343: formating

(This used to be commit 442905394b5e2f74baa4d83b2f4ba5159f321dd2)

15 years agor1342: When fixing _lsa_lookupsids in samba3 I wanted to find out the number of SIDs
Volker Lendecke [Mon, 5 Jul 2004 20:33:17 +0000 (20:33 +0000)]
r1342: When fixing _lsa_lookupsids in samba3 I wanted to find out the number of SIDs
w2k3 can handle in a single request. With the samba3 client rpc libs I can do
about 21000 SIDs in a single request. test_many_LookupSIDs with 10000 SIDs
fails on the subsequent request with a NET_WRITE_FAULT. Maybe the Samba4 DCE
people want to take a look at this -- I don't see the problem.

Bug fix: SID components should be treated as unsigned when parsing

(This used to be commit 8c997a2ad2e89a640f854b556ef76a3d52c15963)

15 years agor1337: use sess->nt1. in sesssetup_nt1 :-)
Stefan Metzmacher [Mon, 5 Jul 2004 07:49:00 +0000 (07:49 +0000)]
r1337: use sess->nt1. in sesssetup_nt1 :-)

(This used to be commit ee711c71fedd9d24b5a78b51d9dc3e166645260f)

15 years agor1336: check the vuid in old style sessionsetup too
Stefan Metzmacher [Mon, 5 Jul 2004 07:29:14 +0000 (07:29 +0000)]
r1336: check the vuid in old style sessionsetup too

(This used to be commit 32e307857ccc99b446e7574d46b610c63ee03583)

Stefan Metzmacher [Mon, 5 Jul 2004 07:24:14 +0000 (07:24 +0000)]
should cause DEBUG(0,(...));

(This used to be commit 80851e67783a9c3c8bdd7f2b52e0b46dd7b18d05)

15 years agor1334: remove unused stuff
Stefan Metzmacher [Mon, 5 Jul 2004 07:15:12 +0000 (07:15 +0000)]
r1334: remove unused stuff

(This used to be commit 7a8786269b4f9e4962b51dd734171adf04021c15)

15 years agor1323: allow '-' in IDENTIFIERS
Stefan Metzmacher [Thu, 1 Jul 2004 22:39:25 +0000 (22:39 +0000)]
r1323: allow '-' in IDENTIFIERS

accept '--' comments

implement the
<name> DEFINITIONS ::=



(This used to be commit 4422547711b9d653999433f36d48dccebc006bce)

15 years agor1321: find the '::=' directly by th lexer
Stefan Metzmacher [Thu, 1 Jul 2004 21:57:51 +0000 (21:57 +0000)]
r1321: find the '::=' directly by th lexer

(This used to be commit 52674db28203b3a7f35c36379670813f9297b5ed)

15 years agor1313: Split up OpenPrinterEx into functions to handle opening printers and print
Tim Potter [Thu, 1 Jul 2004 04:17:26 +0000 (04:17 +0000)]
r1313: Split up OpenPrinterEx into functions to handle opening printers and print
(This used to be commit 0edf17ac38b43cadb07dc0840730cd9b4e381713)

15 years agor1310: one more #line statement
Stefan Metzmacher [Wed, 30 Jun 2004 20:41:56 +0000 (20:41 +0000)]
r1310: one more #line statement

(This used to be commit d752eb660fd974fe3a14ed04974e54b3c385527c)

15 years agor1309: use #line 1 ""
Stefan Metzmacher [Wed, 30 Jun 2004 20:04:19 +0000 (20:04 +0000)]
r1309: use #line 1 ""
(for better bug tracking)

when generating

(This used to be commit 390c03b9297f2105c0c5277fca049fe653e8b012)

15 years agor1308: move smb_panic() to lib/fault.c
Stefan Metzmacher [Wed, 30 Jun 2004 19:46:28 +0000 (19:46 +0000)]
r1308: move smb_panic() to lib/fault.c

merge the backtrace stuff from 3.0

(This used to be commit 4daf1bafc71cc8f13188aeb85d81aa7513d57d95)

15 years agor1307: remove unused stuff from pasn1
Stefan Metzmacher [Wed, 30 Jun 2004 18:10:25 +0000 (18:10 +0000)]
r1307: remove unused stuff from pasn1

(This used to be commit 1727ef2bb9377ace00700f3c3e32ea6a4d267f60)

15 years agor1306: commit the first steps of my ASN.1 compiler
Stefan Metzmacher [Wed, 30 Jun 2004 17:35:26 +0000 (17:35 +0000)]
r1306: commit the first steps of my ASN.1 compiler

called 'pasn1', it works like 'pidl'

and we may can autogenerate ASN.1 code out of it.
(NOTE: the complete LDAP ASN.1 definition is in the RFC 2251,
 and maybe some others too :-)

I'm not completly shure if we'll use it in future,
but I commit it so that it won't be lost...

(This used to be commit ddcaf7b63a0bc49ef1fc2d85d0ba81d67db48790)

15 years agor1305: Grrr, fix my build breakage...
Andrew Bartlett [Wed, 30 Jun 2004 02:05:26 +0000 (02:05 +0000)]
r1305: Grrr, fix my build breakage...

Declare variables at the start of a block.

Andrew Bartlett
(This used to be commit 9f5394703e81db9ed93648e06e48b0364a04a696)

15 years agor1294: A nice, large, commit...
Andrew Bartlett [Tue, 29 Jun 2004 09:40:10 +0000 (09:40 +0000)]
r1294: A nice, large, commit...

This implements gensec for Samba's server side, and brings gensec up
to the standards of a full subsystem.

This means that use of the subsystem is by gensec_* functions, not
function pointers in structures (this is internal).  This causes
changes in all the existing gensec users.

Our RPC server no longer contains it's own generalised security
scheme, and now calls gensec directly.

Gensec has also taken over the role of auth/auth_ntlmssp.c

An important part of gensec, is the output of the 'session_info'
struct.  This is now reference counted, so that we can correctly free
it when a pipe is closed, no matter if it was inherited, or created by
per-pipe authentication.

The schannel code is reworked, to be in the same file for client and

ntlm_auth is reworked to use gensec.

The major problem with this code is the way it relies on subsystem
auto-initialisation.  The primary reason for this commit to
allow these problems to be looked at, and fixed.

There are problems with the new code:
- I've tested it with smbtorture, but currently don't have VMware and
  valgrind working (this I'll fix soon).
- The SPNEGO code is client-only at this point.
- We still do not do kerberos.

Andrew Bartlett
(This used to be commit 07fd885fd488fd1051eacc905a2d4962f8a018ec)

15 years agor1293: Indent
Andrew Bartlett [Tue, 29 Jun 2004 09:23:37 +0000 (09:23 +0000)]
r1293: Indent

Andrew Bartlett
(This used to be commit 9002584c020a48ab37cce103b4413e871aae2985)

15 years agor1292: Add const to the subsystem/module registration code.
Andrew Bartlett [Tue, 29 Jun 2004 09:20:18 +0000 (09:20 +0000)]
r1292: Add const to the subsystem/module registration code.

Add some 'multi init' code, until we get a better set of infrustructure.

Andrew Bartlett
(This used to be commit 982422b2d286335378531ae9523e74192340af3c)

15 years agor1291: rename struct smbsrv_context to smbsrv_connection
Stefan Metzmacher [Tue, 29 Jun 2004 07:40:14 +0000 (07:40 +0000)]
r1291: rename struct smbsrv_context to smbsrv_connection
because this is the connection state per transport layer (tcp)

I also moved the substructs directly into smbsrv_connection,
because they don't need a struct name and we should allway pass the complete
smbsrv_connection struct into functions

(This used to be commit 60f823f201fcedf5473008e8453a6351e73a92c7)

15 years agor1286: rename struct tcon_context to smbsrv_tcon
Stefan Metzmacher [Mon, 28 Jun 2004 11:10:24 +0000 (11:10 +0000)]
r1286: rename struct tcon_context to smbsrv_tcon

(This used to be commit a6c0ca9de52b2395b092cb245bb94cbd55dfdd46)

15 years agor1281: move include/context.h to smb_server/smb_server.h
Stefan Metzmacher [Mon, 28 Jun 2004 08:45:27 +0000 (08:45 +0000)]
r1281: move include/context.h to smb_server/smb_server.h

(This used to be commit 7b4ad993ad7c937ef9bee1a48a8bda62f2f5d3b9)