Andrew Bartlett [Mon, 5 Dec 2005 01:38:26 +0000 (01:38 +0000)]
r12059: Use random keytab names (so we get different keytabs, rather than
share the MEMORY: keytab).
Andrew Bartlett
Andrew Bartlett [Mon, 5 Dec 2005 01:36:53 +0000 (01:36 +0000)]
r12058: Set an anonymous fallback, if the machine account isn't available.
Andrew Bartlett
Andrew Tridgell [Mon, 5 Dec 2005 00:43:50 +0000 (00:43 +0000)]
r12057: fixed authentication in ldb client tools
Andrew Bartlett [Sun, 4 Dec 2005 12:17:02 +0000 (12:17 +0000)]
r12056: Some clarification fixes for the keytab code, and use the right
function for enctype to string.
Andrew Bartlett
Andrew Bartlett [Sat, 3 Dec 2005 00:47:51 +0000 (00:47 +0000)]
r12037: Fix malloc corruption caused by double-free(), where realloc(ptr, 0)
is equivilant to free().
This is the issue tridge was seeing in the MEMORY: keytab code.
Andrew Bartlett
Andrew Bartlett [Sat, 3 Dec 2005 00:46:23 +0000 (00:46 +0000)]
r12036: Fix more KDC memory leaks (and there are probably still more...).
Andrew Bartlett
Andrew Bartlett [Fri, 2 Dec 2005 22:37:07 +0000 (22:37 +0000)]
r12035: Fix memory leaks in the KDC.
Andrew Bartlett
Stefan Metzmacher [Fri, 2 Dec 2005 15:51:39 +0000 (15:51 +0000)]
r12024: do some extra sleeping to give the server the chance to handle our reply
metze
Stefan Metzmacher [Fri, 2 Dec 2005 15:40:26 +0000 (15:40 +0000)]
r12023: use the NBTD IRPC proxy calls for implementing the challenge and release demand
conflict cases
metze
Stefan Metzmacher [Fri, 2 Dec 2005 15:37:52 +0000 (15:37 +0000)]
r12022: add NBTD IRPC proxy calls for wins challenge and wins release demand,
used for replication conflicts
metze
Stefan Metzmacher [Fri, 2 Dec 2005 15:30:25 +0000 (15:30 +0000)]
r12021: remove shortpath for winsdb_lookup, this isn't needed
metze
Stefan Metzmacher [Fri, 2 Dec 2005 15:02:21 +0000 (15:02 +0000)]
r12020: fix memory hierachie
metze
Stefan Metzmacher [Fri, 2 Dec 2005 14:53:56 +0000 (14:53 +0000)]
r12019: - let us only reference libblkid stuff in one file
- and make it it bit simpler, by caching the GUID struct instead of the device name
- and this also removes all compiler warnings...
metze
Andrew Tridgell [Fri, 2 Dec 2005 11:33:19 +0000 (11:33 +0000)]
r12016: fixed a valgrind error
Stefan Metzmacher [Fri, 2 Dec 2005 07:30:34 +0000 (07:30 +0000)]
r12014: free the irpc_request structure with the irpc_call_recv functions,
to match all other _recv functions we have
metze
Stefan Metzmacher [Fri, 2 Dec 2005 07:11:43 +0000 (07:11 +0000)]
r12013: fix compiler warnings
metze
Stefan Metzmacher [Fri, 2 Dec 2005 07:02:38 +0000 (07:02 +0000)]
r12012: fix renaming smbsrv_trees -> smbsrv_tcons
metze
Andrew Tridgell [Fri, 2 Dec 2005 05:29:13 +0000 (05:29 +0000)]
r12011: fixed another 'mixed code and declarations' bug
Andrew Tridgell [Fri, 2 Dec 2005 04:26:51 +0000 (04:26 +0000)]
r12010: - added support for domain specific SID codes in SDDL strings
- added a bunch more tests to LOCAL-SDDL (all the ones from our schema)
- fixed 'mixed coded declarations' bug
Andrew Tridgell [Fri, 2 Dec 2005 03:21:29 +0000 (03:21 +0000)]
r12009: made the LOCAL-SDDL test less verbose by default, and add it to the
standard tests for the build farm
Andrew Tridgell [Fri, 2 Dec 2005 03:19:23 +0000 (03:19 +0000)]
r12008: added a simple LOCAL-SDDL test suite. Only one example so far. Will be
filled in with more examples as I expand the sddl parsing code.
Andrew Tridgell [Fri, 2 Dec 2005 03:18:34 +0000 (03:18 +0000)]
r12007: fixed a valgrind error in the SMB2-SETINFO test
Andrew Tridgell [Fri, 2 Dec 2005 03:17:40 +0000 (03:17 +0000)]
r12006: don't require callers to fill in pad bytes in SMB2 calls
Andrew Tridgell [Fri, 2 Dec 2005 03:16:42 +0000 (03:16 +0000)]
r12005: added a SDDL (Security Descriptor Description Language) parser. Not
all flags are covered yet, and object aces aren't done yet.
This is needed for ACL support in ldb, as the default security
descriptor for each object class is given by the
defaultSecurityDescriptor attribute in the schema, which is stored in
SDDL format
Andrew Tridgell [Fri, 2 Dec 2005 03:14:45 +0000 (03:14 +0000)]
r12004: added some SEC_ADS_* security flags. Needed for a SDDL parser.
Rafal Szczesniak [Thu, 1 Dec 2005 22:43:30 +0000 (22:43 +0000)]
r12001: Replace smbcli_full_connection call with composite connect used
in sync version. This step makes it easer to move further to async
dcerpc connect routine.
rafal
Andrew Bartlett [Thu, 1 Dec 2005 22:18:34 +0000 (22:18 +0000)]
r12000: Update to current lorikeet-heimdal, including in particular support
for referencing an existing in-MEMORY keytab (required for the new way
we push that to GSSAPI).
Andrew Bartlett
Stefan Metzmacher [Thu, 1 Dec 2005 12:39:33 +0000 (12:39 +0000)]
r11997: for multidimentional array like this:
uint32 [num_level2][num_level1][num_level0]
fix the order they're pushed and pulled, it should be like this
for (l2=0; l2 < num_level2; l2++) {
for (l1=0; l1 < num_level1; l1++) {
for (l0=0; l0 < num_level0; l0++) {
ndr_pull_uint32(...);
}
}
}
metze
Stefan Metzmacher [Thu, 1 Dec 2005 07:09:24 +0000 (07:09 +0000)]
r11996: don't overwrite the buffercode
metze
Andrew Bartlett [Thu, 1 Dec 2005 05:20:39 +0000 (05:20 +0000)]
r11995: A big kerberos-related update.
This merges Samba4 up to current lorikeet-heimdal, which includes a
replacement for some Samba-specific hacks.
In particular, the credentials system now supplies GSS client and
server credentials. These are imported into GSS with
gss_krb5_import_creds(). Unfortunetly this can't take an MEMORY
keytab, so we now create a FILE based keytab as provision and join
time.
Because the keytab is now created in advance, we don't spend .4s at
negprot doing sha1 s2k calls. Also, because the keytab is read in
real time, any change in the server key will be correctly picked up by
the the krb5 code.
To mark entries in the secrets which should be exported to a keytab,
there is a new kerberosSecret objectClass. The new routine
cli_credentials_update_all_keytabs() searches for these, and updates
the keytabs.
This is called in the provision.js via the ejs wrapper
credentials_update_all_keytabs().
We can now (in theory) use a system-provided /etc/krb5.keytab, if
krb5Keytab: FILE:/etc/krb5.keytab
is added to the secrets.ldb record. By default the attribute
privateKeytab: secrets.keytab
is set, pointing to allow the whole private directory to be moved
without breaking the internal links.
Andrew Bartlett [Thu, 1 Dec 2005 05:10:37 +0000 (05:10 +0000)]
r11994: This function no longer needs a special declaration.
Andrew Bartlett
Andrew Bartlett [Thu, 1 Dec 2005 05:09:28 +0000 (05:09 +0000)]
r11993: As well as making an in-MEMORY keytab, allow a file-based keytab to be updated.
This allows a new password to be written in, and old entries removed
(we keep kvno and kvno-1).
Clean up the code a lot, and add comments on what it is doing...
Andrew Bartlett
Andrew Bartlett [Thu, 1 Dec 2005 05:06:52 +0000 (05:06 +0000)]
r11992: Potentially allow SPNEGO to be disabled (as occours on WinXP
standalone), and use only NTLMSSP.
(But doing so would break Samba3's client).
Andrew Bartlett
Andrew Bartlett [Thu, 1 Dec 2005 04:58:15 +0000 (04:58 +0000)]
r11991: Null termainte the list of backends. (Makes it easier to walk the list).
Andrew Bartlett
Andrew Bartlett [Thu, 1 Dec 2005 04:55:18 +0000 (04:55 +0000)]
r11990: Set the password set time as 'now', so it isn't expired back in 2004.
Andrew Bartlett
Andrew Bartlett [Thu, 1 Dec 2005 04:54:28 +0000 (04:54 +0000)]
r11989: Rather than grabbing the machine account details at this point, grab
them 'later'. We will need to handle the errors when we call the
get_* methods.
Andrew Bartlett
Andrew Bartlett [Thu, 1 Dec 2005 04:52:54 +0000 (04:52 +0000)]
r11988: Setup the sessionInfo just before the connect, rather than earlier
when we havn't finished popt.
Andrew Bartlett
Andrew Bartlett [Thu, 1 Dec 2005 04:50:28 +0000 (04:50 +0000)]
r11987: Clarify the accountExpires behaviour in the KDC.
Andrew Bartlett
Andrew Tridgell [Thu, 1 Dec 2005 00:25:06 +0000 (00:25 +0000)]
r11984: LGPL on header and testsuite as well
Andrew Tridgell [Thu, 1 Dec 2005 00:23:01 +0000 (00:23 +0000)]
r11983: make talloc LGPL. This makes more sense given that ldb depends on
talloc, and ldb is now LGPL
Andrew Tridgell [Thu, 1 Dec 2005 00:22:08 +0000 (00:22 +0000)]
r11982: ensure the fde event gets freed before the socket itself, as otherwise
we get a error from epoll about disabling events for a file descriptor
that is closed
Andrew Tridgell [Thu, 1 Dec 2005 00:19:36 +0000 (00:19 +0000)]
r11981: we should allocate request specific memory in ldb modules off the
request strucutre. It will take a while for this to happen everywhere.
Andrew Tridgell [Thu, 1 Dec 2005 00:18:29 +0000 (00:18 +0000)]
r11980: ronnie worked out that opcode 0xb in SMB2 is in fact ioctl, and that
it only appeared to be like a SMBtrans request as it was being called
with function 0x11c017 which is "named pipe read write"
I wonder if this means we could do DCE/RPC over SMB using ntioctl
calls as well?
Stefan Metzmacher [Wed, 30 Nov 2005 17:07:02 +0000 (17:07 +0000)]
r11974: only look at $pl->{POINTER_TYPE} when $pl is defined
metze
Stefan Metzmacher [Wed, 30 Nov 2005 13:10:44 +0000 (13:10 +0000)]
r11973: make it easier to find bugs
metze
Stefan Metzmacher [Wed, 30 Nov 2005 12:40:26 +0000 (12:40 +0000)]
r11972: handle [noejs] property also on functions
metze
Stefan Metzmacher [Wed, 30 Nov 2005 12:39:32 +0000 (12:39 +0000)]
r11971: add nbt specific continue wrapper
metze
Andrew Tridgell [Wed, 30 Nov 2005 04:45:26 +0000 (04:45 +0000)]
r11970: fixed a valgrind error. The auth info from the alter_context reply was
being freed before being given to gensec_update()
Andrew Tridgell [Wed, 30 Nov 2005 03:35:17 +0000 (03:35 +0000)]
r11969: got rid of the very annoying 'failed to open /secrets.tdb'
messages. As discussed with Andrew, this will soon be replaced with a
system that marks the credentials to use the machine accout from the
database rather than pre-loading the machine account details here.
The reason we got the annoying messages is this was being called
before smb.conf is loaded, so the code doesn't yet know the location
of the private directory
Tim Potter [Wed, 30 Nov 2005 03:20:25 +0000 (03:20 +0000)]
r11968: More warning fixes. We're on track to getting to double digits for
the number of warnings generated now.
Tim Potter [Wed, 30 Nov 2005 02:08:15 +0000 (02:08 +0000)]
r11967: Fix more 64-bit warnings.
Tim Potter [Wed, 30 Nov 2005 00:00:53 +0000 (00:00 +0000)]
r11965: Try to fix some 64-bit warnings.
Jelmer Vernooij [Tue, 29 Nov 2005 13:54:51 +0000 (13:54 +0000)]
r11959: Use DOS_errors array for displaying WERROR values
Andrew Tridgell [Tue, 29 Nov 2005 12:34:03 +0000 (12:34 +0000)]
r11958: - fixed memory leaks in the ldb_result handling in ldb operations
- removed an unnecessary level of pointer in ldb_search structure
Andrew Tridgell [Tue, 29 Nov 2005 10:12:01 +0000 (10:12 +0000)]
r11957: fixed up code meant for debugging
Andrew Tridgell [Tue, 29 Nov 2005 08:58:39 +0000 (08:58 +0000)]
r11956: removed the old rootdse.ldif, and the provision.js code that uses it
Andrew Tridgell [Tue, 29 Nov 2005 08:55:13 +0000 (08:55 +0000)]
r11955: got rid of the old rootDSE code in the ldap server.
The partitioning logic is still there, but we only have one
partition. If we need partitioning in the future it might be better to
remove this partitioning code and use a partitioning module instead
Andrew Tridgell [Tue, 29 Nov 2005 08:52:41 +0000 (08:52 +0000)]
r11954: add the static rootdse content to the sam ldb,and enable the rootdse
module in @MODULES
Andrew Tridgell [Tue, 29 Nov 2005 08:51:36 +0000 (08:51 +0000)]
r11953: enabled the rootdse module in the ldb modules code
Andrew Tridgell [Tue, 29 Nov 2005 08:50:52 +0000 (08:50 +0000)]
r11952: added a rootdse module. This will replace the existing rootdse code in
the ldap server. The reason for the change is that ldb modules need
some way to get at the static info stored in the rootDSE (such as the
location of the schema) but they can't do that right now
Andrew Tridgell [Mon, 28 Nov 2005 22:53:42 +0000 (22:53 +0000)]
r11949: make sure we ask gensec to give us a session key
andrew, this answers your question on irc about whether the same
session key mechanisms are used in smb2. They are - the RPC-LSA secret
tests pass fine over ncacn_np on SMB2, which means the session key
must be working
Stefan Metzmacher [Mon, 28 Nov 2005 13:15:57 +0000 (13:15 +0000)]
r11941: fix cut'n'paste bug
metze
Andrew Bartlett [Mon, 28 Nov 2005 07:59:46 +0000 (07:59 +0000)]
r11940: Love has clarified why this code does what it does.
Andrew Bartlett
Andrew Bartlett [Sun, 27 Nov 2005 02:03:42 +0000 (02:03 +0000)]
r11931: Add a short README explaining what this directory is all about.
Andrew Bartlett
Andrew Bartlett [Sun, 27 Nov 2005 02:02:44 +0000 (02:02 +0000)]
r11930: Add socket/packet handling code for kpasswdd
Allow ticket requests with only a netbios name to be considered 'null'
addresses, and therefore allowed by default.
Use the netbios address as the workstation name for the allowed
workstations check with krb5.
Andrew Bartlett
Andrew Bartlett [Sun, 27 Nov 2005 02:00:37 +0000 (02:00 +0000)]
r11929: Add static, comments.
Andrew Bartlett
Andrew Bartlett [Sun, 27 Nov 2005 02:00:12 +0000 (02:00 +0000)]
r11928: More Kerberos musings...
Andrew Bartlett
Stefan Metzmacher [Fri, 25 Nov 2005 15:36:47 +0000 (15:36 +0000)]
r11913: if we have a UNIQUE name with more than 1 address,
it becomes implicit an MHOMED record
metze
Stefan Metzmacher [Fri, 25 Nov 2005 15:30:35 +0000 (15:30 +0000)]
r11912: fix nbt_name_registration, there's still some minor stuff todo,
e.g. to return the first address of the 0x1B address as first
address in the 0x1C reply, and handle sgroup merge overflow
of 25 addresses
metze
Stefan Metzmacher [Fri, 25 Nov 2005 13:44:16 +0000 (13:44 +0000)]
r11911: as we pass the owned_released vs. replica test now, run it with make test
metze
Stefan Metzmacher [Fri, 25 Nov 2005 13:43:12 +0000 (13:43 +0000)]
r11910: fix nbt_name_release and nbt_name_query, so that we pass the owned_released vs. replica
winsrepl torture test
metze
Stefan Metzmacher [Fri, 25 Nov 2005 12:03:40 +0000 (12:03 +0000)]
r11908: implement SGROUP merging, that passes the different owner tests
(but only without socket_wrapper, I need to look at that later
and then add the different_owner test to NBT-WINSREPLICATION-QUICK
so that it'll be runned by make test)
metze
Andrew Tridgell [Fri, 25 Nov 2005 11:51:47 +0000 (11:51 +0000)]
r11907: added testing of SMB2 keepalive
Andrew Tridgell [Fri, 25 Nov 2005 11:51:15 +0000 (11:51 +0000)]
r11906: opcode 13 appears to be keepalive. Metze guessed this one :-)
Andrew Tridgell [Fri, 25 Nov 2005 11:33:57 +0000 (11:33 +0000)]
r11905: added SMB2_FLUSH as opcode 7. Thanks to metze and volker for help
brainstorming this one.
Andrew Tridgell [Fri, 25 Nov 2005 11:12:08 +0000 (11:12 +0000)]
r11904: added smb2_tdis() testing
Andrew Tridgell [Fri, 25 Nov 2005 11:11:47 +0000 (11:11 +0000)]
r11903: added smb2_tdis() (opcode 4)
Andrew Tridgell [Fri, 25 Nov 2005 11:05:21 +0000 (11:05 +0000)]
r11902: added smb2_logoff() testing
Andrew Tridgell [Fri, 25 Nov 2005 11:04:42 +0000 (11:04 +0000)]
r11901: added smb2_logoff() support (metze correctly guessed opcode 2 was
logoff)
Stefan Metzmacher [Fri, 25 Nov 2005 10:46:38 +0000 (10:46 +0000)]
r11900: - make sure address and registered_by are replaced when they're not present
- make sure we don't add active records with 0 addresses
metze
Stefan Metzmacher [Fri, 25 Nov 2005 10:44:03 +0000 (10:44 +0000)]
r11899: add some usefull debug messages
metze
Stefan Metzmacher [Fri, 25 Nov 2005 10:11:01 +0000 (10:11 +0000)]
r11897: add 2 more sgroup vs. sgroup tests with the replica having no addresses
metze
Stefan Metzmacher [Fri, 25 Nov 2005 10:08:31 +0000 (10:08 +0000)]
r11896: max_version of 0 means unlimited
metze
Stefan Metzmacher [Fri, 25 Nov 2005 08:24:36 +0000 (08:24 +0000)]
r11895: - reorder some code to make it easier to follow, how the fields appear on the wire
- add some comments to the header file, to represent the wire format
metze
Andrew Tridgell [Fri, 25 Nov 2005 06:50:29 +0000 (06:50 +0000)]
r11894: fixed SMB2 trans code for pipe_flags
Andrew Tridgell [Fri, 25 Nov 2005 06:48:12 +0000 (06:48 +0000)]
r11893: fixed a dependency problem
Andrew Tridgell [Fri, 25 Nov 2005 05:56:16 +0000 (05:56 +0000)]
r11892: forgot to commit these changes
Andrew Tridgell [Fri, 25 Nov 2005 05:46:46 +0000 (05:46 +0000)]
r11891: - added pipe_flags field in smb2_trans
- while running dcerpc over SMB2, the server will occasionally send us
a oh-so-useful STATUS_PENDING result meaning "I don't have a result
for you yet, but I'm working on it". These can be discarded :-)
Andrew Tridgell [Fri, 25 Nov 2005 05:26:12 +0000 (05:26 +0000)]
r11890: added tests for the last few fields in SMB2 find requests
Andrew Tridgell [Fri, 25 Nov 2005 05:25:37 +0000 (05:25 +0000)]
r11889: added support for dcerpc ncacn_np over SMB2. You use it by giving the
flag 'smb2' in the dcerpc binding string. This gives a pretty good
test to the new SMB2 trans call.
Andrew Tridgell [Fri, 25 Nov 2005 05:23:55 +0000 (05:23 +0000)]
r11888: - added SMB2 trans support
- added session key to SMB2
- renamed 'unknown2' in create to 'impersonation'
Stefan Metzmacher [Thu, 24 Nov 2005 09:22:38 +0000 (09:22 +0000)]
r11887: reorder some tests
metze
Volker Lendecke [Wed, 23 Nov 2005 18:49:30 +0000 (18:49 +0000)]
r11885: Add forgotten files
Volker Lendecke [Wed, 23 Nov 2005 17:21:08 +0000 (17:21 +0000)]
r11884: Download ntconfig.pol
Volker Lendecke [Wed, 23 Nov 2005 15:52:23 +0000 (15:52 +0000)]
r11883: Also look up the membership in the domain local groups.
Volker
Stefan Metzmacher [Wed, 23 Nov 2005 12:30:57 +0000 (12:30 +0000)]
r11882: - use some better names
- we now pass the same_owner tests so test them with make test
metze
Stefan Metzmacher [Wed, 23 Nov 2005 12:29:37 +0000 (12:29 +0000)]
r11881: fix debug messages
metze
Stefan Metzmacher [Wed, 23 Nov 2005 12:24:12 +0000 (12:24 +0000)]
r11880: - we finally start to apply replicas to our database
- currently only the ADD, REPLACE and NOT REPLACE cases are handled complete
- other cases are just skiped for now
metze
Stefan Metzmacher [Wed, 23 Nov 2005 12:19:38 +0000 (12:19 +0000)]
r11879: some fixes for the new ldb api
metze
Stefan Metzmacher [Wed, 23 Nov 2005 11:37:54 +0000 (11:37 +0000)]
r11878: don't get only newer records than the last one we got
metze