Stefan Metzmacher [Wed, 23 Mar 2005 18:54:06 +0000 (18:54 +0000)]
r5998: I was wrong with the highwater mark...
I think I now understand how it works:-)
metze
Andrew Bartlett [Wed, 23 Mar 2005 09:05:40 +0000 (09:05 +0000)]
r5992: Rename schannel.c -> schannel_sign.c. The rest of the schannel code
(from librpc) will be moved into schannel.c soon.
Andrew Bartlett
Jelmer Vernooij [Wed, 23 Mar 2005 01:42:29 +0000 (01:42 +0000)]
r5989: Display authentication information (list of available auth protocols
+ principal names per endpoint) to gepdump. Still need to fix memory management
in the GTK+ utilities...
Andrew Bartlett [Wed, 23 Mar 2005 01:30:43 +0000 (01:30 +0000)]
r5988: Fix the -P option (use machine account credentials) to use the Samba4
secrets system, and not the old system from Samba3.
This allowed the code from auth_domain to be shared - we now only
lookup the secrets.ldb in lib/credentials.c.
In order to link the resultant binary, samdb_search() has been moved
from deep inside rpc_server into lib/gendb.c, along with the existing
gendb_search_v(). The vast majority of this patch is the simple
rename that followed,
(Depending on the whole SAMDB for just this function seemed pointless,
and brought in futher dependencies, such as smbencrypt.c).
Andrew Bartlett
Jelmer Vernooij [Wed, 23 Mar 2005 01:02:29 +0000 (01:02 +0000)]
r5987: Add credentials callback for gtk+. The gtk+ apps now no longer
ask for a password when kerberos is being used.
Jelmer Vernooij [Wed, 23 Mar 2005 01:00:23 +0000 (01:00 +0000)]
r5986: Fix the build. Metze, could you please verify that this fix is correct?
Andrew Bartlett [Wed, 23 Mar 2005 00:15:41 +0000 (00:15 +0000)]
r5985: Actually adding auth_domain.c in -r 5983 would probably have been a
good idea....
Andrew Bartlett
Andrew Bartlett [Wed, 23 Mar 2005 00:07:21 +0000 (00:07 +0000)]
r5984: Add index and attributes to default ldif for secrets.ldb
Andrew Bartlett
Andrew Bartlett [Wed, 23 Mar 2005 00:05:44 +0000 (00:05 +0000)]
r5983: Start support for being a domain member in Samba4.
This adds the auth_domain module to the auth subsystem, and cleans up
some small details around the join process (ensuring all the right
info is in the DB).
Andrew Bartlett
Jelmer Vernooij [Tue, 22 Mar 2005 23:20:41 +0000 (23:20 +0000)]
r5980: Fix double free after unexpected disconnect.
Jelmer Vernooij [Tue, 22 Mar 2005 23:00:12 +0000 (23:00 +0000)]
r5977: Fix uninitialised memory bug in ndr_pull_ref_ptr(). This fixes the
Test_DoublePointer test failure.
Jelmer Vernooij [Tue, 22 Mar 2005 22:11:50 +0000 (22:11 +0000)]
r5976: SIDs can't have more then 5 subauths (caught by [validate] and
range())
Jelmer Vernooij [Tue, 22 Mar 2005 19:30:59 +0000 (19:30 +0000)]
r5963: Fix parameter passing for gentest and locktest
Stefan Metzmacher [Tue, 22 Mar 2005 14:49:11 +0000 (14:49 +0000)]
r5949: give things more meaning, and reuse structs where it is possible
to make things more clear
metze
Stefan Metzmacher [Tue, 22 Mar 2005 14:45:43 +0000 (14:45 +0000)]
r5947: print out the password hashes when -d 100 is in use,
very usefull for creating a keytab file with
metze
Andrew Bartlett [Tue, 22 Mar 2005 10:33:53 +0000 (10:33 +0000)]
r5942: A couple of small changes to fix things up with the new credentials
infrustructure.
Andrew Bartlett
Andrew Bartlett [Tue, 22 Mar 2005 08:00:45 +0000 (08:00 +0000)]
r5941: Commit this patch much earlier than I would normally prefer, but metze needs a working tree...
The main volume of this patch was what I started working on today:
- Cleans up memory handling around DCE/RPC pipes, to have a parent talloc context.
- Uses sepereate inner loops for some of the DCE/RPC tests
The other and more important part of this patch fixes issues
surrounding the new credentials framwork:
This makes the struct cli_credentials always a talloc() structure,
rather than on the stack. Parts of the cli_credentials code already
assumed this.
There were other issues, particularly in the DCERPC over SMB handling,
as well as little things that had to be tidied up before test_w2k3.sh
would start to pass.
Andrew Bartlett
Stefan Metzmacher [Tue, 22 Mar 2005 06:58:27 +0000 (06:58 +0000)]
r5940: fix schannel against w2k, it skips the confounder in the signature (24 bytes) for singed packets
but it accepts 32 bytes from the client.
(w2k3 accept it the otherway arround too)
metze
Andrew Tridgell [Tue, 22 Mar 2005 06:00:51 +0000 (06:00 +0000)]
r5939: improve talloc_realloc() docs after feedback from lifeless
Andrew Tridgell [Tue, 22 Mar 2005 05:51:41 +0000 (05:51 +0000)]
r5938: - allow NULL string argument to talloc_vasprintf_append()
- default to using va_copy(), thus assuming a modern libc
Andrew Tridgell [Tue, 22 Mar 2005 04:22:39 +0000 (04:22 +0000)]
r5937: - performance improvement to talloc_asprintf_append()
- allow standalone talloc to use gcc printf attributes
Jelmer Vernooij [Tue, 22 Mar 2005 01:35:12 +0000 (01:35 +0000)]
r5932: Use cli_credentials somewhat more in the Gtk+ code
Support ncacn_spx in DCE/RPC bindings.
Jelmer Vernooij [Tue, 22 Mar 2005 00:26:27 +0000 (00:26 +0000)]
r5930: Fix initialisation of dcerpc_binding->authservice
Jelmer Vernooij [Mon, 21 Mar 2005 23:35:58 +0000 (23:35 +0000)]
r5929: Use cli_credentials for the SMB functions as well.
Fix a couple of bugs in the new cli_credentials code
Jelmer Vernooij [Mon, 21 Mar 2005 21:22:07 +0000 (21:22 +0000)]
r5928: Use cli_credentials in:
- gtk+ (returned by GtkHostBindingDialog as well now)
- torture/
- librpc/
- lib/com/dcom/
Jelmer Vernooij [Mon, 21 Mar 2005 18:42:32 +0000 (18:42 +0000)]
r5924: Use cli_credentials in libnet/.
Jelmer Vernooij [Mon, 21 Mar 2005 02:08:38 +0000 (02:08 +0000)]
r5917: First step in using the new cli_credentials structure. This patch
puts support for it into popt_common, adds a few utility functions
(in lib/credentials.c) and the callback functions for the command-line
(lib/cmdline/credentials.c). Comments are welcome :-)
Jelmer Vernooij [Sat, 19 Mar 2005 19:31:25 +0000 (19:31 +0000)]
r5906: Fix the usage of the internal popt (make proto should ignore it)
Updated included popt to 1.7.
Andrew Bartlett [Sat, 19 Mar 2005 10:28:31 +0000 (10:28 +0000)]
r5903: While I can't test IPv6, metze asked me to commit a matching change
for unknown hosts that I just did for IPv4.
Andrew Bartlett
Andrew Bartlett [Sat, 19 Mar 2005 08:34:43 +0000 (08:34 +0000)]
r5902: A rather large change...
I wanted to add a simple 'workstation' argument to the DCERPC
authenticated binding calls, but this patch kind of grew from there.
With SCHANNEL, the 'workstation' name (the netbios name of the client)
matters, as this is what ties the session between the NETLOGON ops and
the SCHANNEL bind. This changes a lot of files, and these will again
be changed when jelmer does the credentials work.
I also correct some schannel IDL to distinguish between workstation
names and account names. The distinction matters for domain trust
accounts.
Issues in handling this (issues with lifetime of talloc pointers)
caused me to change the 'creds_CredentialsState' and 'struct
dcerpc_binding' pointers to always be talloc()ed pointers.
In the schannel DB, we now store both the domain and computername, and
query on both. This should ensure we fault correctly when the domain
is specified incorrectly in the SCHANNEL bind.
In the RPC-SCHANNEL test, I finally fixed a bug that vl pointed out,
where the comment claimed we re-used a connection, but in fact we made
a new connection.
This was achived by breaking apart some of the
dcerpc_secondary_connection() logic.
The addition of workstation handling was also propogated to NTLMSSP
and GENSEC, for completeness.
The RPC-SAMSYNC test has been cleaned up a little, using a loop over
usernames/passwords rather than manually expanded tests. This will be
expanded further (the code in #if 0 in this patch) to use a newly
created user account for testing.
In making this test pass test_rpc.sh, I found a bug in the RPC-ECHO
server, caused by the removal of [ref] and the assoicated pointer from
the IDL. This has been re-added, until the underlying pidl issues are
solved.
Andrew Bartlett [Sat, 19 Mar 2005 08:18:24 +0000 (08:18 +0000)]
r5901: Add another option to the test script - the realm, which must match
the real ream, not just the short domain name.
Andrew Bartlett
Andrew Bartlett [Sat, 19 Mar 2005 08:11:49 +0000 (08:11 +0000)]
r5900: Use flatname to specify the netbios domain name (matches what win2k3
uses for trusted domain records) in the secrets join records.
Andrew Bartlett
Andrew Bartlett [Sat, 19 Mar 2005 06:49:03 +0000 (06:49 +0000)]
r5899: Fix spelling.
Andrew Bartlett
Andrew Bartlett [Sat, 19 Mar 2005 06:07:33 +0000 (06:07 +0000)]
r5898: Handle errors in the 'sync' name and IP address handling code.
Andrew Bartlett
Andrew Bartlett [Sat, 19 Mar 2005 03:15:23 +0000 (03:15 +0000)]
r5895: Remove old auth_domain code - to be replaced with entirely new implementation.
Andrew Bartlett
Andrew Bartlett [Fri, 18 Mar 2005 04:25:10 +0000 (04:25 +0000)]
r5879: Rename SAMR_FIELD_WORKSTATION to SAMR_FIELD_WORKSTATIONS - it is a list.
Andrew Bartlett
Andrew Bartlett [Fri, 18 Mar 2005 04:09:52 +0000 (04:09 +0000)]
r5878: Be clear which machine name (We have one worksation, and one BDC) we
are doing logins with.
Andrew Bartlett
Andrew Bartlett [Fri, 18 Mar 2005 03:17:30 +0000 (03:17 +0000)]
r5877: It is not an error to have a zero-length secret, after decryption.
Andrew Bartlett
Andrew Bartlett [Fri, 18 Mar 2005 03:16:53 +0000 (03:16 +0000)]
r5876: Add a test account for the duration of the samsync - to ensure we have
a good variety of things to test against.
Add code to testjoin to handle this just like test machine accounts
Soon I'll remove the 'must change password' flag, so we can do logins with it.
Andrew Bartlett
Jelmer Vernooij [Fri, 18 Mar 2005 00:17:10 +0000 (00:17 +0000)]
r5871: Remove file with unused function (that uses fstring)
Remove fstring usage from version.c
Jelmer Vernooij [Thu, 17 Mar 2005 20:29:18 +0000 (20:29 +0000)]
r5867: winreg depends on initshutdown now (uses initshutdown_String)
Jelmer Vernooij [Thu, 17 Mar 2005 20:28:01 +0000 (20:28 +0000)]
r5866: Add InitShutdown IDL and torture test.
Implement push side of NDR_LEN4|NDR_NOTERM strings (pull side was already present)
Jelmer Vernooij [Thu, 17 Mar 2005 12:45:10 +0000 (12:45 +0000)]
r5853: Move some of the functions not specific to the Samba NDR parser generator
to a new ndr.pm.
Add function that can generate a "OrderTable" describing the order
in which the NDR data will be pushed/pulled.
Jelmer Vernooij [Thu, 17 Mar 2005 12:12:57 +0000 (12:12 +0000)]
r5852: Rename ndr.pm to ndr_parser.pm
I'm going to add a ndr.pm later on that'll generate a
tree with necessary information for the two NDR backends
(eparser, ndr_parser) containing alignment info, etc.
Stefan Metzmacher [Thu, 17 Mar 2005 04:24:35 +0000 (04:24 +0000)]
r5850: enable parsing of revision 4 security acl's
metze
Stefan Metzmacher [Thu, 17 Mar 2005 00:33:56 +0000 (00:33 +0000)]
r5839: add LDAP DirSync control idl
metze
Stefan Metzmacher [Wed, 16 Mar 2005 15:47:19 +0000 (15:47 +0000)]
r5830: start to analyse the attribute values, depending on the attribute type
metze
Stefan Metzmacher [Wed, 16 Mar 2005 09:25:52 +0000 (09:25 +0000)]
r5828: add some idl for DsAddEntry()
metze
Tim Potter [Wed, 16 Mar 2005 06:18:20 +0000 (06:18 +0000)]
r5827: Make ndrdump accept a uuid as well as a pipe name to specify
which rpc interface to use.
Stefan Metzmacher [Tue, 15 Mar 2005 16:05:43 +0000 (16:05 +0000)]
r5800: fix recursiv printing in ndr_print_DsGetNCChangesInfo1()
metze
Stefan Metzmacher [Tue, 15 Mar 2005 14:42:09 +0000 (14:42 +0000)]
r5799: more DsGetNCChanges updates, I'm starting to understand it...
also add a really simple torture test for DsGetNCChanges
metze
Stefan Metzmacher [Tue, 15 Mar 2005 14:37:02 +0000 (14:37 +0000)]
r5798: limit the size of an sid, 28 bytes complete is the biggest SID
that can be handled.
tridge: do you think it would make sense to change the sub_auth[num_auths] to sub_auth[5],
so we can copy the struct by sid1 = sid2;
comments please
metze
Stefan Metzmacher [Tue, 15 Mar 2005 14:33:38 +0000 (14:33 +0000)]
r5797: - add idl property [subcontext_size()]
this can be used like this
[subcontext_size(28),subcontext(0)] dom_sid sid;
this descripes a fixed 28 byte buffer which contains a dom_sid,
and the rest of the buffer is padded with zero bytes if the dom_sid doesn't
need all 28 byte in it's ndr encoding.
- only push and pull the subcontext when we are in the NDR_SCALARS section
(tridge, jelmer: I hope this is correct for all cases...!?:-)
metze
Stefan Metzmacher [Tue, 15 Mar 2005 14:25:59 +0000 (14:25 +0000)]
r5796: add ndr_* function for int8 and int16
metze
Jelmer Vernooij [Mon, 14 Mar 2005 01:11:13 +0000 (01:11 +0000)]
r5785: Fix subcontext pushes
Andrew Bartlett [Sun, 13 Mar 2005 06:43:34 +0000 (06:43 +0000)]
r5783: Test renaming of accounts in the RPC-SAMR test, and add support into
the SAMR server.
Andrew Bartlett
Tim Potter [Sun, 13 Mar 2005 03:16:07 +0000 (03:16 +0000)]
r5782: Use standard input for reading packet data if filename not specified.
Tim Potter [Sun, 13 Mar 2005 02:48:16 +0000 (02:48 +0000)]
r5781: Fix build.
Tim Potter [Sun, 13 Mar 2005 02:20:51 +0000 (02:20 +0000)]
r5780: Remove unused arguments.
Tim Potter [Sun, 13 Mar 2005 01:40:45 +0000 (01:40 +0000)]
r5779: Remove signal and timeout gubbage from tdb.
Tim Potter [Sun, 13 Mar 2005 01:01:24 +0000 (01:01 +0000)]
r5778: Remove tdb_set_lock_alarm() function from wrappers at tridge's request.
Tim Potter [Sat, 12 Mar 2005 22:24:46 +0000 (22:24 +0000)]
r5777: At some stage SIG_ATOMIC_T was renamed to sig_atomic_t. This should
fix abartlet's compile problem.
Jelmer Vernooij [Sat, 12 Mar 2005 17:12:52 +0000 (17:12 +0000)]
r5775: Remove some unused functions (unions are no longer as special as they used to be)
Add oxid mapping table support in DCOM
Tim Potter [Sat, 12 Mar 2005 09:55:08 +0000 (09:55 +0000)]
r5769: Fix unused variable warning.
Stefan Metzmacher [Sat, 12 Mar 2005 09:25:39 +0000 (09:25 +0000)]
r5766: get some more DsGetNCChanges stuff parsing correct
metze
Stefan Metzmacher [Sat, 12 Mar 2005 08:51:37 +0000 (08:51 +0000)]
r5765: remove unused var
metze
Stefan Metzmacher [Sat, 12 Mar 2005 08:29:54 +0000 (08:29 +0000)]
r5764: add support for embedded ref pointers
metze
Stefan Metzmacher [Fri, 11 Mar 2005 12:15:50 +0000 (12:15 +0000)]
r5742: - add torture test and idl for DsReplicaUpdateRefs()
(the torture test currently only tests if the idl is correct)
- add start for idl for DsGetNCChanges()
(if someone didn't noticed the current ethereal trunk code can
successful decrypt DCERPC and LDAP gsskrb5 encrypted blobs,
when you provide a keytab and have compiled against heimdal :-)
- add a view bitmaps and enum's for better debugging
metze
Stefan Metzmacher [Fri, 11 Mar 2005 10:33:01 +0000 (10:33 +0000)]
r5737: add some error codes
metze
Stefan Metzmacher [Fri, 11 Mar 2005 10:09:16 +0000 (10:09 +0000)]
r5736: fix to avoid endless recursion in ndr_size_*() calculation
metze
Jeremy Allison [Thu, 10 Mar 2005 21:42:20 +0000 (21:42 +0000)]
r5730: More fun with delayed write semantics with multiple file handles
open on the same file on the same connection.
Jeremy.
Steve French [Wed, 9 Mar 2005 21:56:00 +0000 (21:56 +0000)]
r5716: Add new Unix extensions defines for infolevels
Jelmer Vernooij [Wed, 9 Mar 2005 15:39:55 +0000 (15:39 +0000)]
r5709: Leave out the pull/push call with NDR_BUFFERS for not just
scalars but also for structs/unions containing only scalars.
Jelmer Vernooij [Tue, 8 Mar 2005 22:24:47 +0000 (22:24 +0000)]
r5697: Give an error message when a ref pointer is NULL (requested by tpot)
Stefan Metzmacher [Mon, 7 Mar 2005 12:45:19 +0000 (12:45 +0000)]
r5682: fix the build
metze
Stefan Metzmacher [Mon, 7 Mar 2005 12:27:03 +0000 (12:27 +0000)]
r5681: fix the build and compiler wanings
metze
Jelmer Vernooij [Mon, 7 Mar 2005 12:02:48 +0000 (12:02 +0000)]
r5680: Don't crash if none of the predefined keys is available (reported by Alexander)
Rafal Szczesniak [Mon, 7 Mar 2005 05:12:33 +0000 (05:12 +0000)]
r5679: Complete basic test of rpc_composite_userinfo function (which
btw proves the function is completely broken but that's what
tests are for)
rafal
Rafal Szczesniak [Mon, 7 Mar 2005 05:10:44 +0000 (05:10 +0000)]
r5678: Torture tests require also libnet in order to run NET-* tests.
rafal
Rafal Szczesniak [Mon, 7 Mar 2005 05:09:37 +0000 (05:09 +0000)]
r5677: Split structure definitions from implementation.
rafal
Jelmer Vernooij [Mon, 7 Mar 2005 02:14:38 +0000 (02:14 +0000)]
r5676: Fix some alignment issues and IRemoteActivation
Jelmer Vernooij [Sun, 6 Mar 2005 22:37:31 +0000 (22:37 +0000)]
r5675: - More DCOM bug fixes
- Keep COM and DCOM more seperated
Jelmer Vernooij [Sun, 6 Mar 2005 21:43:54 +0000 (21:43 +0000)]
r5674: - Re-enable DCOM support.
- Always put IID in vtables (useful for asserts)
- Add table to keep track of DCOM proxy classes
- Bunch of smaller bug fixes
Jelmer Vernooij [Sun, 6 Mar 2005 17:02:14 +0000 (17:02 +0000)]
r5672: Use switch_type() and the token storage mechanism for unions:
- Makes union handling less special
- Allows unions in arrays, etc
- Compatible with midl
- Pidl will warn about switch_type() and the type of the switch_is() variable being different
Jelmer Vernooij [Sun, 6 Mar 2005 15:57:08 +0000 (15:57 +0000)]
r5671: Bunch of fixes related to arrays and pointers to arrays.
Simo Sorce [Sun, 6 Mar 2005 15:33:40 +0000 (15:33 +0000)]
r5670: simplify and clarify ldb_modules.c code
rectify the test schema
correct a glitch in schema module
Jelmer Vernooij [Sun, 6 Mar 2005 12:33:44 +0000 (12:33 +0000)]
r5669: Couple of minor clearifications, simplifications.
Andrew Bartlett [Sun, 6 Mar 2005 08:24:34 +0000 (08:24 +0000)]
r5668: Add tests to RPC-SAMLOGON to test for user@REALM style logins. These
need a NULL domain (or a "" domain, except this breaks NTLMv2, and I
need to look into it a bit more).
Add support to the Samba4 server for these logins. This will need
extension when we handle trusted domains as a DC, as it is a principal
name, not just another format for the username.
Andrew Bartlett
Andrew Bartlett [Sun, 6 Mar 2005 06:37:38 +0000 (06:37 +0000)]
r5667: Move schannel state into libcli/auth (as it belongs with schannel,
which will move in with the rest of GENSEC shortly).
Add the RID as another element in the schannel state.
Andrew Bartlett
Andrew Tridgell [Sat, 5 Mar 2005 22:50:13 +0000 (22:50 +0000)]
r5666: winxp will use a NTTIME of -1 to mean "don't change" in setfileinfo
basic_info. Add null_nttime() as the equivalent of the existing
null_time() call for cheecking for valid NTTIME values
Andrew Tridgell [Sat, 5 Mar 2005 21:59:48 +0000 (21:59 +0000)]
r5665: the data within el2->values can still be used at this point, so don't free
Andrew Tridgell [Sat, 5 Mar 2005 21:59:02 +0000 (21:59 +0000)]
r5664: simo, please look into this. It is possible for the number of elements
in msg[0] to be 0, in which case we crash. This is a workaround.
Also, if you could please split up this function into readable
pieces. It's a bit of a mess at the moment.
Jelmer Vernooij [Sat, 5 Mar 2005 19:26:45 +0000 (19:26 +0000)]
r5663: Revert some changes I didn't mean to commit...
Jelmer Vernooij [Sat, 5 Mar 2005 19:20:12 +0000 (19:20 +0000)]
r5662: eventlog uses dom_sid so it depends on security
Jelmer Vernooij [Sat, 5 Mar 2005 18:34:18 +0000 (18:34 +0000)]
r5661: Be a little stricter on syntax regarding arrays. A pointer to an
array can now only be :
type *name[];
rather then :
type *name;
which was supported in the past. Warnings will be given when the first
syntax is used. Reasons for this change in behaviour include improved
readability and the fact that the second format makes dealing with multiple
levels of pointers harder.
Jelmer Vernooij [Sat, 5 Mar 2005 16:50:02 +0000 (16:50 +0000)]
r5660: Reduce number of generated "{}"'s
No longer complain about pointers to arrays - we support those.
Rafal Szczesniak [Fri, 4 Mar 2005 00:25:16 +0000 (00:25 +0000)]
r5652: Add libnet tests section to torture test.
rafal
Rafal Szczesniak [Fri, 4 Mar 2005 00:24:21 +0000 (00:24 +0000)]
r5651: A bit more code in userinfo test and hook up test function to
main torture binary.
rafal
Alexander Bokovoy [Thu, 3 Mar 2005 09:26:08 +0000 (09:26 +0000)]
r5646: state->loadfile might be NULL after allocation so this is really
should be NT_STATUS_HAVE_NO_MEMORY(state->loadfile) instead of
NT_STATUS_NOT_OK_RETURN(status).
Günther Deschner [Wed, 2 Mar 2005 00:15:06 +0000 (00:15 +0000)]
r5611: Add EnumPrinterDataEx-test (for now just for PrinterDriverData, we need
to enumerate (recursively!) over all keys with EnumPrinterKey later on.
Guenther