12 years agor6129: - add our own MSZIP decompression implementation
Stefan Metzmacher [Wed, 30 Mar 2005 10:48:52 +0000 (10:48 +0000)]
r6129: - add our own MSZIP decompression implementation
  (taken from cabextract.c from KDE)
  this code maybe need to be rewritten and the
  compression side needs to be done,
  but for now it seems to works

- remove the dependency to zlib

(This used to be commit 5e8558c5b4365a494aa054c3e08d4084b319e6e5)

12 years agor6128: fix the build
Stefan Metzmacher [Wed, 30 Mar 2005 04:55:02 +0000 (04:55 +0000)]
r6128: fix the build

(This used to be commit 80593150341852af0816e69bd653c93228862e9b)

12 years agor6118: Make it so that we can do --with-zlib=no in configure and also a couple
Richard Sharpe [Wed, 30 Mar 2005 00:15:16 +0000 (00:15 +0000)]
r6118: Make it so that we can do --with-zlib=no in configure and also a couple
of small typos.
(This used to be commit 9b4069e84573f85ce4341ceacd35737a18726a0b)

12 years agor6115: don't try to decompress level 7 buffers yet
Stefan Metzmacher [Tue, 29 Mar 2005 13:07:20 +0000 (13:07 +0000)]
r6115: don't try to decompress level 7 buffers yet

(This used to be commit bbc0f6c5525b03deb9374fd96cb22cff4d3fb2e1)

12 years agor6114: the marker is const and is 0x434B 'CK'
Stefan Metzmacher [Tue, 29 Mar 2005 10:01:34 +0000 (10:01 +0000)]
r6114: the marker is const and is 0x434B 'CK'

(This used to be commit 4b88ff29715a98c728cf70db4889daafed8eeeb2)

12 years agor6113: Move GENSEC and the kerberos code out of libcli/auth, and into
Andrew Bartlett [Tue, 29 Mar 2005 08:24:03 +0000 (08:24 +0000)]
r6113: Move GENSEC and the kerberos code out of libcli/auth, and into
auth/gensec and auth/kerberos.

This also pulls the kerberos configure code out of libads (which is
otherwise dead), and into auth/kerberos/kerberos.m4

Andrew Bartlett
(This used to be commit e074d63f3dcf4f84239a10879112ebaf1cfa6c4f)

12 years agor6112: try to decompress all chunks and put them together
Stefan Metzmacher [Tue, 29 Mar 2005 08:10:31 +0000 (08:10 +0000)]
r6112: try to decompress all chunks and put them together

it produces the correct DATA_BLOB length, but only the first chunk is
successfull decompressed...

(This used to be commit 0d44d077975d756023f1dcc8d2c3ebf06305e355)

12 years agor6109: nicer way to handle compression in the torture test
Stefan Metzmacher [Tue, 29 Mar 2005 06:19:44 +0000 (06:19 +0000)]
r6109: nicer way to handle compression in the torture test

(This used to be commit a3cec189e1f5d137ba2f2829def03b060b59f0e2)

12 years agor6101: only allow properties we know about, that helps to catch typos!
Stefan Metzmacher [Mon, 28 Mar 2005 18:28:16 +0000 (18:28 +0000)]
r6101: only allow properties we know about, that helps to catch typos!

what does length_of() and id() do?

(This used to be commit 55963934db51fadb1340c7a2ec275aa24151dd14)

12 years agor6100: - fix nondiscriminant -> nodiscriminant (that takes me 2 days to find...:-( )
Stefan Metzmacher [Mon, 28 Mar 2005 18:25:47 +0000 (18:25 +0000)]
r6100: - fix nondiscriminant -> nodiscriminant (that takes me 2 days to find...:-( )

- use a DATA_BLOB for the driver specific data in the devmode

(This used to be commit 87d48b20769666b568ac1115246b58995d221148)

12 years agor6099: use the enum print function
Stefan Metzmacher [Mon, 28 Mar 2005 18:23:54 +0000 (18:23 +0000)]
r6099: use the enum print function

(This used to be commit ff32e2182e3f11b1b51110c9d3f34bc8781dec0b)

12 years agor6098: fix parsing of empty union cases
Stefan Metzmacher [Mon, 28 Mar 2005 18:22:45 +0000 (18:22 +0000)]
r6098: fix parsing of empty union cases

(This used to be commit f3c64120a16289472bdc56329d39c7221d00b558)

12 years agor6097: allow compression only on subcontexts
Stefan Metzmacher [Mon, 28 Mar 2005 18:21:13 +0000 (18:21 +0000)]
r6097: allow compression only on subcontexts

(This used to be commit 2a7eead1c8058f829395723028a43b0336a1cf87)

12 years agor6094: Work on the Kerberos code recently merged from Samba 3.0. This fixes
Andrew Bartlett [Mon, 28 Mar 2005 06:40:18 +0000 (06:40 +0000)]
r6094: Work on the Kerberos code recently merged from Samba 3.0.  This fixes
up issues I introduced during the merge, that caused a segfault.

I've still not got the keytab code to work for me (using Samba3 to
generate the keytab) so this is still not fully tested, but it's
better than it was.

To add debugging, I now use the krb5_get_error_message() function from
Heimdal when present, to return the custom error string, which
contains far, far more information than the simple error code does.

(This last point may well be worth merging back into 3.0)

Andrew Bartlett
(This used to be commit ed5755d9d1e48df7ae77a9410d30e10cb8b0cbd7)

12 years agor6093: Patch to fix sys_select so it can't drop signals if another fd
Jeremy Allison [Mon, 28 Mar 2005 03:31:44 +0000 (03:31 +0000)]
r6093: Patch to fix sys_select so it can't drop signals if another fd
is ready to read. Patch from Mark Weaver <>.
(This used to be commit 857e98e8ea842bb94c93b81d7b69e3d304f100f5)

12 years agor6088: Add the socket_wrapper library. This is a very simple library that
Jelmer Vernooij [Mon, 28 Mar 2005 01:00:39 +0000 (01:00 +0000)]
r6088: Add the socket_wrapper library. This is a very simple library that
redirects traffic (currently just IP traffic) over unix domain sockets
if the SOCKET_WRAPPER_DIR environment variable has been set.
Aim is to use this for the Samba4 torture suite on the buildfarm.

The socket_wrapper library can only be used if Samba was compiled with
--enable-developer. passes against a local smbd with SOCKET_WRAPPER_DIR set.
(and ethereal showed no traffic whatsoever)

Stuff that still needs to be fixed in socketwrapper:
 - Give ENETUNREACH if target is not localhost
 - A given port number can only be used for UDP /or/ TCP, not both.
 - Perhaps allow some calls to circumvent socketwrapper (do we need DNS?)
(This used to be commit f8a63a843ccca092d9756b64e09175d37c08550a)

12 years agor6087: - remove the dlopen code for now (before it goes back, it needs to be
Andrew Tridgell [Mon, 28 Mar 2005 00:40:18 +0000 (00:40 +0000)]
r6087: - remove the dlopen code for now (before it goes back, it needs to be
  made into something that isn't a maze of #ifdefs)

- when a module is not found, make it a non-fatal error. Otherwise the standalone ldb
  tools just bail out. The previous code meant that if you had a
  module listed and it wasn't present then you could _never_ fix it,
  as you coudln't open the ldb to remove that module from @MODULES !
(This used to be commit c4728625c093d91e522b80c049e0d42d2b5f143b)

12 years agor6086: default to stderr for error messages in ldb, so we get errors in ldb_connect()
Andrew Tridgell [Mon, 28 Mar 2005 00:37:27 +0000 (00:37 +0000)]
r6086: default to stderr for error messages in ldb, so we get errors in ldb_connect()
(This used to be commit a6e492f95c6f31ed37ee32a13a34fa2847d8352d)

12 years agor6085: dc is case insensitive
Simo Sorce [Mon, 28 Mar 2005 00:06:13 +0000 (00:06 +0000)]
r6085: dc is case insensitive
(This used to be commit 55117f1ab9171ee77cea5a6635411b23e7c542c8)

12 years agor6084: - Introduce the samldb module dependency on samba4
Simo Sorce [Sun, 27 Mar 2005 23:31:43 +0000 (23:31 +0000)]
r6084: - Introduce the samldb module dependency on samba4
- This module will take care of properly filling an user or group object
  with required fields. You just need to provide the dn and the objectclass
  and a user/group get created

(This used to be commit fb9afcaf533a4c32547d1857306e0aece8063953)

12 years agor6079: Add inline documentation on the credentials context API.
Andrew Bartlett [Sun, 27 Mar 2005 06:55:03 +0000 (06:55 +0000)]
r6079: Add inline documentation on the credentials context API.

Andrew Bartlett
(This used to be commit 258c04e3678b936bb564ecef10f14128c0a54510)

12 years agor6078: Correctly fix the failures for NT1 (not SPNEGO) session setups in the
Andrew Bartlett [Sun, 27 Mar 2005 06:26:00 +0000 (06:26 +0000)]
r6078: Correctly fix the failures for NT1 (not SPNEGO) session setups in the
client.  The issue was actually a cut-and-paste bug, I was filling in
the .old not the .nt1 part of the union.

I've also removed the 'error checks' - I'll shortly document the API
for the credentials code to clarify that it will always return a
pointer here, except in cases of programmer error.

Tridge:  I hope this is OK.

Andrew Bartlett
(This used to be commit 6439de9ec8c8d24197ea69dc337473e54c8b36b8)

12 years agor6075: added talloc_enable_null_tracking() (asked for by lifeless)
Andrew Tridgell [Sat, 26 Mar 2005 10:47:44 +0000 (10:47 +0000)]
r6075: added talloc_enable_null_tracking() (asked for by lifeless)
(This used to be commit 40b8ee186af3e7f771c680dbbb03fdcf559bf103)

12 years agor6074: fixed non-spnego connections for new credentials code
Andrew Tridgell [Sat, 26 Mar 2005 10:22:02 +0000 (10:22 +0000)]
r6074: fixed non-spnego connections for new credentials code
(This used to be commit ff6663aac8ed475bf65d9c06d7f2447a9827898c)

12 years agor6070: Fix typo's and fallback to "" as default user name if no
Jelmer Vernooij [Sat, 26 Mar 2005 01:08:59 +0000 (01:08 +0000)]
r6070: Fix typo's and fallback to "" as default user name if no
other username could be guessed.
(This used to be commit 7fe77cd65901776b5a78e8398547f364379259d3)

12 years agor6065: revert test value
Stefan Metzmacher [Fri, 25 Mar 2005 23:18:35 +0000 (23:18 +0000)]
r6065: revert test value

(This used to be commit fca4dc4827c98c02051165c1aedf5bdc5354bdda)

12 years agor6061: add start of compression support in our rpc code
Stefan Metzmacher [Fri, 25 Mar 2005 13:40:17 +0000 (13:40 +0000)]
r6061: add start of compression support in our rpc code

this is not complete cuurently...

but I want other people to test it and help me on finishing it.
(try to change the #if 0 in torture/rpc/drsuapi.c into #if 1)

(This used to be commit 335adef37082a78e0426decb715629bd778e6582)

12 years agor6045: Couple of small GTK+ fixes
Jelmer Vernooij [Thu, 24 Mar 2005 20:29:04 +0000 (20:29 +0000)]
r6045: Couple of small GTK+ fixes
Use uint32_t and uint16_t rather then DWORD and WORD in
the NT4 backend. Add some more unknown fields..
(This used to be commit 6c3b1ec3296c7ab1ddfdcee86162f2eb0d73f5a8)

12 years agor6033: Patch from 'lifeless' to clarify behaviour with NULL pointers.
Andrew Bartlett [Thu, 24 Mar 2005 08:00:15 +0000 (08:00 +0000)]
r6033: Patch from 'lifeless' to clarify behaviour with NULL pointers.

Andrew Bartlett
(This used to be commit 48c518796797f021c9c7f319ca8cd0a0c185f64c)

12 years agor6032: Fix up SetServerPassword2 on NETLOGON for [bigendian]. Clearly nobody
Andrew Bartlett [Thu, 24 Mar 2005 06:30:38 +0000 (06:30 +0000)]
r6032: Fix up SetServerPassword2 on NETLOGON for [bigendian].  Clearly nobody
has the patience to run to completion :-)

It looks to me that the Windows server runs the RC4 over the C struct,
not the NDR data.

Andrew Bartlett
(This used to be commit c324d974134c35b4c50c91d5a932a63c78b67046)

12 years agor6031: don't try to send errors when the socket has been destroyed
Andrew Tridgell [Thu, 24 Mar 2005 04:53:20 +0000 (04:53 +0000)]
r6031: don't try to send errors when the socket has been destroyed
(This used to be commit 54c02846791cd8bda942fec847257c00013d3409)

12 years agor6030: Missing from previous commit, a small header file to link
Andrew Bartlett [Thu, 24 Mar 2005 04:45:41 +0000 (04:45 +0000)]
r6030: Missing from previous commit, a small header file to link
libcli/auth/schannel.c and libcli/auth/schannel_sign.c

Andrew Bartlett
(This used to be commit 1e0e66d7202d3f0e7fb3c90f2ca608fa08a713a6)

12 years agor6028: A MAJOR update to intergrate the new credentails system fully with
Andrew Bartlett [Thu, 24 Mar 2005 04:14:06 +0000 (04:14 +0000)]
r6028: A MAJOR update to intergrate the new credentails system fully with
GENSEC, and to pull SCHANNEL into GENSEC, by making it less 'special'.

GENSEC now no longer has it's own handling of 'set username' etc,
instead it uses cli_credentials calls.

In order to link the credentails code right though Samba, a lot of
interfaces have changed to remove 'username, domain, password'
arguments, and these have been replaced with a single 'struct

In the session setup code, a new parameter 'workgroup' contains the
client/server current workgroup, which seems unrelated to the
authentication exchange (it was being filled in from the auth info).

This allows in particular kerberos to only call back for passwords
when it actually needs to perform the kinit.

The kerberos code has been modified not to use the SPNEGO provided
'principal name' (in the mechListMIC), but to instead use the name the
host was connected to as.  This better matches Microsoft behaviour,
is more secure and allows better use of standard kerberos functions.

To achieve this, I made changes to our socket code so that the
hostname (before name resolution) is now recorded on the socket.

In schannel, most of the code from librpc/rpc/dcerpc_schannel.c is now
in libcli/auth/schannel.c, and it looks much more like a standard
GENSEC module.  The actual sign/seal code moved to
libcli/auth/schannel_sign.c in a previous commit.

The schannel credentails structure is now merged with the rest of the
credentails, as many of the values (username, workstation, domain)
where already present there.  This makes handling this in a generic
manner much easier, as there is no longer a custom entry-point.

The auth_domain module continues to be developed, but is now just as
functional as auth_winbind.  The changes here are consequential to the
schannel changes.

The only removed function at this point is the RPC-LOGIN test
(simulating the load of a WinXP login), which needs much more work to
clean it up (it contains copies of too much code from all over the
torture suite, and I havn't been able to penetrate its 'structure').

Andrew Bartlett
(This used to be commit 2301a4b38a21aa60917973451687063d83d18d66)

12 years agor6027: Add copyright, and add a useful debug message.
Andrew Bartlett [Thu, 24 Mar 2005 04:11:39 +0000 (04:11 +0000)]
r6027: Add copyright, and add a useful debug message.

Andrew Bartlett
(This used to be commit b5260cf0d4c4f2e81a310d1c94160c9fbaaa331f)

12 years agor6026: Update the kerberos keytab code to match Samba3 again.
Andrew Bartlett [Thu, 24 Mar 2005 03:36:53 +0000 (03:36 +0000)]
r6026: Update the kerberos keytab code to match Samba3 again.
(untested at this point).

Andrew Bartlett
(This used to be commit ef7f9a01b4f3fa41fd7981b260fa2fadc7ce10ad)

12 years agor6025: Remove unused variables. This code will be modified again for the new
Andrew Bartlett [Thu, 24 Mar 2005 03:35:51 +0000 (03:35 +0000)]
r6025: Remove unused variables.  This code will be modified again for the new
cli_credentials code shortly.

Andrew Bartlett
(This used to be commit 13d09c8e9a50ae265059e4a0d92a07c651018a6c)

12 years agor6024: Some of the ordering constraints on the popt callbacks were getting
Andrew Bartlett [Thu, 24 Mar 2005 03:32:25 +0000 (03:32 +0000)]
r6024: Some of the ordering constraints on the popt callbacks were getting
painful, so don't call lp_*() functions until the post stage (rather
than in the cli_credentails_init(), which is called in the pre stage),
and don't open the secrets.ldb looking for the machine account details
until we actually need them (well after popt is done, and we know we have the other things right).

Set the domain and realm, as well as the account and password for -P
(fetch machine password) operation.

Allow NETLOGON credentials to be stored in this structure - will allow
SCHANNEL to be made more generic.

Clarify why we don't do special checks for NULL pointers, particularly
in the anonymous check (it indicates a programmer error, not a
run-time condition).

Also make lib/credentials.c a little more consistant.

Andrew Bartlett
(This used to be commit 730e6056b730c15008772c30cd6f7c03fb6b7e5f)

12 years agor6019: Add IDL and server side code for Test_DoublePointer
Jelmer Vernooij [Thu, 24 Mar 2005 00:58:52 +0000 (00:58 +0000)]
r6019: Add IDL and server side code for Test_DoublePointer
(This used to be commit 0559f22bbe854b7d5e15db471e51264cce413e6f)

12 years agor6018: Add idl and server side for Test_Surrounding
Jelmer Vernooij [Thu, 24 Mar 2005 00:56:53 +0000 (00:56 +0000)]
r6018: Add idl and server side for Test_Surrounding
(This used to be commit ed11601aef11df35f30b10e422e7113976dc6f26)

12 years agor6015: Add testprogs/ directory and original rpcecho sources
Jelmer Vernooij [Wed, 23 Mar 2005 23:52:38 +0000 (23:52 +0000)]
r6015: Add testprogs/ directory and original rpcecho sources
( from tridges junkcode at )
(This used to be commit e33397f383342d91326a5c2939c5213a5fc5d9cd)

12 years agor6010: Change the testing order, so we test all transports for each binding
Andrew Bartlett [Wed, 23 Mar 2005 22:15:48 +0000 (22:15 +0000)]
r6010: Change the testing order, so we test all transports for each binding
option, rather than all binding options for each transport.

This means that we get to most of the tests earlier, with at least
some binding options.  (And allows us to have some confidence before
waiting for an RPC-SAMR test to finish with bigendian).

Andrew Bartlett
(This used to be commit 5c3e4df804e38037d0337e8ef288127d6cdda28a)

12 years agor6000: add some notes about the cases where compression (or what ever this is)
Stefan Metzmacher [Wed, 23 Mar 2005 19:24:11 +0000 (19:24 +0000)]
r6000: add some notes about the cases where compression (or what ever this is)
is used, in the reply.

(This used to be commit 618dadb7ef092af0f2c13c2e67874041f54f4e98)

12 years agor5999: ups, remove the testvalue that I used against my w2k3 server
Stefan Metzmacher [Wed, 23 Mar 2005 18:55:12 +0000 (18:55 +0000)]
r5999: ups, remove the testvalue that I used against my w2k3 server

(This used to be commit 3d3e09af16c4f9a6bc8f6ae615f744a04f352ed0)

12 years agor5998: I was wrong with the highwater mark...
Stefan Metzmacher [Wed, 23 Mar 2005 18:54:06 +0000 (18:54 +0000)]
r5998: I was wrong with the highwater mark...

I think I now understand how it works:-)

(This used to be commit f8add2e66a56896d9bb18991091e1b17c29910b1)

12 years agor5992: Rename schannel.c -> schannel_sign.c. The rest of the schannel code
Andrew Bartlett [Wed, 23 Mar 2005 09:05:40 +0000 (09:05 +0000)]
r5992: Rename schannel.c -> schannel_sign.c.  The rest of the schannel code
(from librpc) will be moved into schannel.c soon.

Andrew Bartlett
(This used to be commit d6c80ff74b0550641c253316b37f1050c207791c)

12 years agor5989: Display authentication information (list of available auth protocols
Jelmer Vernooij [Wed, 23 Mar 2005 01:42:29 +0000 (01:42 +0000)]
r5989: Display authentication information (list of available auth protocols
+ principal names per endpoint) to gepdump. Still need to fix memory management
in the GTK+ utilities...
(This used to be commit b48a0af0b0fbf1234627ec785699896a44b23e75)

12 years agor5988: Fix the -P option (use machine account credentials) to use the Samba4
Andrew Bartlett [Wed, 23 Mar 2005 01:30:43 +0000 (01:30 +0000)]
r5988: Fix the -P option (use machine account credentials) to use the Samba4
secrets system, and not the old system from Samba3.

This allowed the code from auth_domain to be shared - we now only
lookup the secrets.ldb in lib/credentials.c.

In order to link the resultant binary, samdb_search() has been moved
from deep inside rpc_server into lib/gendb.c, along with the existing
gendb_search_v().  The vast majority of this patch is the simple
rename that followed,

(Depending on the whole SAMDB for just this function seemed pointless,
and brought in futher dependencies, such as smbencrypt.c).

Andrew Bartlett
(This used to be commit e13c671619bd290a8b3cae8555cb281a9a185ee0)

12 years agor5987: Add credentials callback for gtk+. The gtk+ apps now no longer
Jelmer Vernooij [Wed, 23 Mar 2005 01:02:29 +0000 (01:02 +0000)]
r5987: Add credentials callback for gtk+. The gtk+ apps now no longer
ask for a password when kerberos is being used.
(This used to be commit 642ec7cbef6d392b49ed0fe86d1816d4953e30ad)

12 years agor5986: Fix the build. Metze, could you please verify that this fix is correct?
Jelmer Vernooij [Wed, 23 Mar 2005 01:00:23 +0000 (01:00 +0000)]
r5986: Fix the build. Metze, could you please verify that this fix is correct?
(This used to be commit f3006e623bcf65a05238fbd3362ee958b948e70b)

12 years agor5985: Actually adding auth_domain.c in -r 5983 would probably have been a
Andrew Bartlett [Wed, 23 Mar 2005 00:15:41 +0000 (00:15 +0000)]
r5985: Actually adding auth_domain.c in -r 5983 would probably have been a
good idea....

Andrew Bartlett
(This used to be commit 84b566a36bbe7101c5fbd90c131b13e6c259c990)

12 years agor5984: Add index and attributes to default ldif for secrets.ldb
Andrew Bartlett [Wed, 23 Mar 2005 00:07:21 +0000 (00:07 +0000)]
r5984: Add index and attributes to default ldif for secrets.ldb

Andrew Bartlett
(This used to be commit 41dea45892362c4b25a93d8719fb7843485a7b98)

12 years agor5983: Start support for being a domain member in Samba4.
Andrew Bartlett [Wed, 23 Mar 2005 00:05:44 +0000 (00:05 +0000)]
r5983: Start support for being a domain member in Samba4.

This adds the auth_domain module to the auth subsystem, and cleans up
some small details around the join process (ensuring all the right
info is in the DB).

Andrew Bartlett
(This used to be commit 858cbfb8210239aa85a01da95e5beb9546a998a5)

12 years agor5980: Fix double free after unexpected disconnect.
Jelmer Vernooij [Tue, 22 Mar 2005 23:20:41 +0000 (23:20 +0000)]
r5980: Fix double free after unexpected disconnect.
(This used to be commit 6149bd3702a0293fc1f798de7c399e3e6858416d)

12 years agor5977: Fix uninitialised memory bug in ndr_pull_ref_ptr(). This fixes the
Jelmer Vernooij [Tue, 22 Mar 2005 23:00:12 +0000 (23:00 +0000)]
r5977: Fix uninitialised memory bug in ndr_pull_ref_ptr(). This fixes the
Test_DoublePointer test failure.
(This used to be commit 4089d5f67d6e4121056a63ececb13187fd773636)

12 years agor5976: SIDs can't have more then 5 subauths (caught by [validate] and
Jelmer Vernooij [Tue, 22 Mar 2005 22:11:50 +0000 (22:11 +0000)]
r5976: SIDs can't have more then 5 subauths (caught by [validate] and
(This used to be commit ec1eaa274b997197ca6996457229c802f1b76d56)

12 years agor5963: Fix parameter passing for gentest and locktest
Jelmer Vernooij [Tue, 22 Mar 2005 19:30:59 +0000 (19:30 +0000)]
r5963: Fix parameter passing for gentest and locktest
(This used to be commit 28914c89dc1400d8364c13258ec0e8558acc7dfd)

12 years agor5949: give things more meaning, and reuse structs where it is possible
Stefan Metzmacher [Tue, 22 Mar 2005 14:49:11 +0000 (14:49 +0000)]
r5949: give things more meaning, and reuse structs where it is possible
to make things more clear

(This used to be commit adefeeb4f362dba06cddacf6f58194ef1f967ec9)

12 years agor5947: print out the password hashes when -d 100 is in use,
Stefan Metzmacher [Tue, 22 Mar 2005 14:45:43 +0000 (14:45 +0000)]
r5947: print out the password hashes when -d 100 is in use,
very usefull for creating a keytab file with

(This used to be commit 15b80a28dbf2004f63648fede61e514e55030018)

12 years agor5942: A couple of small changes to fix things up with the new credentials
Andrew Bartlett [Tue, 22 Mar 2005 10:33:53 +0000 (10:33 +0000)]
r5942: A couple of small changes to fix things up with the new credentials

Andrew Bartlett
(This used to be commit d51718ab8a3771ada4e342a384b744edb803db40)

12 years agor5941: Commit this patch much earlier than I would normally prefer, but metze needs...
Andrew Bartlett [Tue, 22 Mar 2005 08:00:45 +0000 (08:00 +0000)]
r5941: Commit this patch much earlier than I would normally prefer, but metze needs a working tree...

The main volume of this patch was what I started working on today:
 - Cleans up memory handling around DCE/RPC pipes, to have a parent talloc context.
 - Uses sepereate inner loops for some of the DCE/RPC tests

The other and more important part of this patch fixes issues
surrounding the new credentials framwork:

This makes the struct cli_credentials always a talloc() structure,
rather than on the stack.  Parts of the cli_credentials code already
assumed this.

There were other issues, particularly in the DCERPC over SMB handling,
as well as little things that had to be tidied up before
would start to pass.

Andrew Bartlett
(This used to be commit 0453f9d05d2e336fba1f85dbf2718d01fa2bf778)

12 years agor5940: fix schannel against w2k, it skips the confounder in the signature (24 bytes...
Stefan Metzmacher [Tue, 22 Mar 2005 06:58:27 +0000 (06:58 +0000)]
r5940: fix schannel against w2k, it skips the confounder in the signature (24 bytes) for singed packets
but it accepts 32 bytes from the client.

(w2k3 accept it the otherway arround too)

(This used to be commit 08d4c3b9f8558ee40c73a22b3ec110b052f28110)

12 years agor5939: improve talloc_realloc() docs after feedback from lifeless
Andrew Tridgell [Tue, 22 Mar 2005 06:00:51 +0000 (06:00 +0000)]
r5939: improve talloc_realloc() docs after feedback from lifeless
(This used to be commit 301cbb0d12919f83d6b735c2e23b49fb49d5394d)

12 years agor5938: - allow NULL string argument to talloc_vasprintf_append()
Andrew Tridgell [Tue, 22 Mar 2005 05:51:41 +0000 (05:51 +0000)]
r5938: - allow NULL string argument to talloc_vasprintf_append()

- default to using va_copy(), thus assuming a modern libc
(This used to be commit 3060b26c9e745330682f6209d97e723113b65b56)

12 years agor5937: - performance improvement to talloc_asprintf_append()
Andrew Tridgell [Tue, 22 Mar 2005 04:22:39 +0000 (04:22 +0000)]
r5937: - performance improvement to talloc_asprintf_append()

- allow standalone talloc to use gcc printf attributes
(This used to be commit e25aa54e962796e6e7385afed57aa287ef6f869d)

12 years agor5932: Use cli_credentials somewhat more in the Gtk+ code
Jelmer Vernooij [Tue, 22 Mar 2005 01:35:12 +0000 (01:35 +0000)]
r5932: Use cli_credentials somewhat more in the Gtk+ code
Support ncacn_spx in DCE/RPC bindings.
(This used to be commit a0233a3a9a83176ae46873d3a25ed601758a1511)

12 years agor5930: Fix initialisation of dcerpc_binding->authservice
Jelmer Vernooij [Tue, 22 Mar 2005 00:26:27 +0000 (00:26 +0000)]
r5930: Fix initialisation of dcerpc_binding->authservice
(This used to be commit f8cf161e0e59bd6b2a62135be8511403f4e9ca70)

12 years agor5929: Use cli_credentials for the SMB functions as well.
Jelmer Vernooij [Mon, 21 Mar 2005 23:35:58 +0000 (23:35 +0000)]
r5929: Use cli_credentials for the SMB functions as well.
Fix a couple of bugs in the new cli_credentials code
(This used to be commit 4ad481cfe5cde514d2ef9646147239f3faaa6173)

12 years agor5928: Use cli_credentials in:
Jelmer Vernooij [Mon, 21 Mar 2005 21:22:07 +0000 (21:22 +0000)]
r5928: Use cli_credentials in:
 - gtk+ (returned by GtkHostBindingDialog as well now)
 - torture/
 - librpc/
 - lib/com/dcom/
(This used to be commit ccefd782335e01e8e6ecb2bcd28a4f999c53b1a6)

12 years agor5924: Use cli_credentials in libnet/.
Jelmer Vernooij [Mon, 21 Mar 2005 18:42:32 +0000 (18:42 +0000)]
r5924: Use cli_credentials in libnet/.
(This used to be commit e5bc6f4f1716568ae7022d61b5b35ee047b58414)

12 years agor5917: First step in using the new cli_credentials structure. This patch
Jelmer Vernooij [Mon, 21 Mar 2005 02:08:38 +0000 (02:08 +0000)]
r5917: First step in using the new cli_credentials structure. This patch
puts support for it into popt_common, adds a few utility functions
(in lib/credentials.c) and the callback functions for the command-line
(lib/cmdline/credentials.c). Comments are welcome :-)
(This used to be commit 1d49b57c50fe8c2683ea23e9df41ce8ad774db98)

12 years agor5906: Fix the usage of the internal popt (make proto should ignore it)
Jelmer Vernooij [Sat, 19 Mar 2005 19:31:25 +0000 (19:31 +0000)]
r5906: Fix the usage of the internal popt (make proto should ignore it)
Updated included popt to 1.7.
(This used to be commit d60cb643e8a46771f3d836307ea45b869f34dc9b)

12 years agor5903: While I can't test IPv6, metze asked me to commit a matching change
Andrew Bartlett [Sat, 19 Mar 2005 10:28:31 +0000 (10:28 +0000)]
r5903: While I can't test IPv6, metze asked me to commit a matching change
for unknown hosts that I just did for IPv4.

Andrew Bartlett
(This used to be commit 7e1d82a200b3c679b727e0ef28a245389708ae2f)

12 years agor5902: A rather large change...
Andrew Bartlett [Sat, 19 Mar 2005 08:34:43 +0000 (08:34 +0000)]
r5902: A rather large change...

I wanted to add a simple 'workstation' argument to the DCERPC
authenticated binding calls, but this patch kind of grew from there.

With SCHANNEL, the 'workstation' name (the netbios name of the client)
matters, as this is what ties the session between the NETLOGON ops and
the SCHANNEL bind.  This changes a lot of files, and these will again
be changed when jelmer does the credentials work.

I also correct some schannel IDL to distinguish between workstation
names and account names.  The distinction matters for domain trust

Issues in handling this (issues with lifetime of talloc pointers)
caused me to change the 'creds_CredentialsState' and 'struct
dcerpc_binding' pointers to always be talloc()ed pointers.

In the schannel DB, we now store both the domain and computername, and
query on both.  This should ensure we fault correctly when the domain
is specified incorrectly in the SCHANNEL bind.

In the RPC-SCHANNEL test, I finally fixed a bug that vl pointed out,
where the comment claimed we re-used a connection, but in fact we made
a new connection.

This was achived by breaking apart some of the
dcerpc_secondary_connection() logic.

The addition of workstation handling was also propogated to NTLMSSP
and GENSEC, for completeness.

The RPC-SAMSYNC test has been cleaned up a little, using a loop over
usernames/passwords rather than manually expanded tests.  This will be
expanded further (the code in #if 0 in this patch) to use a newly
created user account for testing.

In making this test pass, I found a bug in the RPC-ECHO
server, caused by the removal of [ref] and the assoicated pointer from
the IDL.  This has been re-added, until the underlying pidl issues are
(This used to be commit 824289dcc20908ddec957a4a892a103eec2da9b9)

12 years agor5901: Add another option to the test script - the realm, which must match
Andrew Bartlett [Sat, 19 Mar 2005 08:18:24 +0000 (08:18 +0000)]
r5901: Add another option to the test script - the realm, which must match
the real ream, not just the short domain name.

Andrew Bartlett
(This used to be commit d585e1a759888df01cfabfec2d6d5506cf3bd426)

12 years agor5900: Use flatname to specify the netbios domain name (matches what win2k3
Andrew Bartlett [Sat, 19 Mar 2005 08:11:49 +0000 (08:11 +0000)]
r5900: Use flatname to specify the netbios domain name (matches what win2k3
uses for trusted domain records) in the secrets join records.

Andrew Bartlett
(This used to be commit a6c502832c4ef471bd423b795f210abf3bb96ca5)

12 years agor5899: Fix spelling.
Andrew Bartlett [Sat, 19 Mar 2005 06:49:03 +0000 (06:49 +0000)]
r5899: Fix spelling.

Andrew Bartlett
(This used to be commit 50af206477d8834d58629131e8cc994fb194adfe)

12 years agor5898: Handle errors in the 'sync' name and IP address handling code.
Andrew Bartlett [Sat, 19 Mar 2005 06:07:33 +0000 (06:07 +0000)]
r5898: Handle errors in the 'sync' name and IP address handling code.

Andrew Bartlett
(This used to be commit 6b8b40f73bd8b7ce23effc8eb1d808db77bcbf8b)

12 years agor5895: Remove old auth_domain code - to be replaced with entirely new implementation.
Andrew Bartlett [Sat, 19 Mar 2005 03:15:23 +0000 (03:15 +0000)]
r5895: Remove old auth_domain code - to be replaced with entirely new implementation.

Andrew Bartlett
(This used to be commit a16339729d25fc5b12846207afe3800df7fca8d5)

12 years agor5879: Rename SAMR_FIELD_WORKSTATION to SAMR_FIELD_WORKSTATIONS - it is a list.
Andrew Bartlett [Fri, 18 Mar 2005 04:25:10 +0000 (04:25 +0000)]

Andrew Bartlett
(This used to be commit 7822101cb5213f192f3195648970784a9de4fac4)

12 years agor5878: Be clear which machine name (We have one worksation, and one BDC) we
Andrew Bartlett [Fri, 18 Mar 2005 04:09:52 +0000 (04:09 +0000)]
r5878: Be clear which machine name (We have one worksation, and one BDC) we
are doing logins with.

Andrew Bartlett
(This used to be commit b7297c44faea0ae8b38fb9a90c22c5be3c8f689f)

12 years agor5877: It is not an error to have a zero-length secret, after decryption.
Andrew Bartlett [Fri, 18 Mar 2005 03:17:30 +0000 (03:17 +0000)]
r5877: It is not an error to have a zero-length secret, after decryption.

Andrew Bartlett
(This used to be commit b484776cc4d48690d45c668f9253015eb0d6207d)

12 years agor5876: Add a test account for the duration of the samsync - to ensure we have
Andrew Bartlett [Fri, 18 Mar 2005 03:16:53 +0000 (03:16 +0000)]
r5876: Add a test account for the duration of the samsync - to ensure we have
a good variety of things to test against.

Add code to testjoin to handle this just like test machine accounts

Soon I'll remove the 'must change password' flag, so we can do logins with it.

Andrew Bartlett
(This used to be commit 08b47e2dc067f7e4a52b982d358ff1b0209cc1df)

12 years agor5871: Remove file with unused function (that uses fstring)
Jelmer Vernooij [Fri, 18 Mar 2005 00:17:10 +0000 (00:17 +0000)]
r5871: Remove file with unused function (that uses fstring)
Remove fstring usage from version.c
(This used to be commit d25163159c19d6f948551438f459d161ba6ea4ac)

12 years agor5867: winreg depends on initshutdown now (uses initshutdown_String)
Jelmer Vernooij [Thu, 17 Mar 2005 20:29:18 +0000 (20:29 +0000)]
r5867: winreg depends on initshutdown now (uses initshutdown_String)
(This used to be commit ff478d44bed302f4a27edea56e9b7e897e62c769)

12 years agor5866: Add InitShutdown IDL and torture test.
Jelmer Vernooij [Thu, 17 Mar 2005 20:28:01 +0000 (20:28 +0000)]
r5866: Add InitShutdown IDL and torture test.
Implement push side of NDR_LEN4|NDR_NOTERM strings (pull side was already present)
(This used to be commit ea61ec1122841716ed5d90085ba79e7bf691bd6a)

12 years agor5853: Move some of the functions not specific to the Samba NDR parser generator
Jelmer Vernooij [Thu, 17 Mar 2005 12:45:10 +0000 (12:45 +0000)]
r5853: Move some of the functions not specific to the Samba NDR parser generator
to a new
Add function that can generate a "OrderTable" describing the order
in which the NDR data will be pushed/pulled.
(This used to be commit 2603a7326d7e54a012a95e37fd54433b85d8acc4)

12 years agor5852: Rename to
Jelmer Vernooij [Thu, 17 Mar 2005 12:12:57 +0000 (12:12 +0000)]
r5852: Rename to
I'm going to add a later on that'll generate a
tree with necessary information for the two NDR backends
(eparser, ndr_parser) containing alignment info, etc.
(This used to be commit 5162daa9464cd64930f5a8fd0d7b381b122c931d)

12 years agor5850: enable parsing of revision 4 security acl's
Stefan Metzmacher [Thu, 17 Mar 2005 04:24:35 +0000 (04:24 +0000)]
r5850: enable parsing of revision 4 security acl's

(This used to be commit 2a6a075c7da2da7bb62fb42936252717bb9d0593)

12 years agor5839: add LDAP DirSync control idl
Stefan Metzmacher [Thu, 17 Mar 2005 00:33:56 +0000 (00:33 +0000)]
r5839: add LDAP DirSync control idl

(This used to be commit 29d898a338e20c76a2270557b0c401a9672af094)

12 years agor5830: start to analyse the attribute values, depending on the attribute type
Stefan Metzmacher [Wed, 16 Mar 2005 15:47:19 +0000 (15:47 +0000)]
r5830: start to analyse the attribute values, depending on the attribute type

(This used to be commit 63229b9503950847fbecd6ec22171d8c18d7ac91)

12 years agor5828: add some idl for DsAddEntry()
Stefan Metzmacher [Wed, 16 Mar 2005 09:25:52 +0000 (09:25 +0000)]
r5828: add some idl for DsAddEntry()

(This used to be commit 3e6ec811288d74921bf3e393213e75d928156772)

12 years agor5827: Make ndrdump accept a uuid as well as a pipe name to specify
Tim Potter [Wed, 16 Mar 2005 06:18:20 +0000 (06:18 +0000)]
r5827: Make ndrdump accept a uuid as well as a pipe name to specify
which rpc interface to use.
(This used to be commit d59bc9dc9bb3a11dd07b7862ea10d1b32e670598)

12 years agor5800: fix recursiv printing in ndr_print_DsGetNCChangesInfo1()
Stefan Metzmacher [Tue, 15 Mar 2005 16:05:43 +0000 (16:05 +0000)]
r5800: fix recursiv printing in ndr_print_DsGetNCChangesInfo1()

(This used to be commit 1084ad4bfce6bc20537f5bfccb5a25b60f503b32)

12 years agor5799: more DsGetNCChanges updates, I'm starting to understand it...
Stefan Metzmacher [Tue, 15 Mar 2005 14:42:09 +0000 (14:42 +0000)]
r5799: more DsGetNCChanges updates, I'm starting to understand it...

also add a really simple torture test for DsGetNCChanges

(This used to be commit bcde67a7eff9ad82919e90fd64c02a17610c6f0e)

12 years agor5798: limit the size of an sid, 28 bytes complete is the biggest SID
Stefan Metzmacher [Tue, 15 Mar 2005 14:37:02 +0000 (14:37 +0000)]
r5798: limit the size of an sid, 28 bytes complete is the biggest SID
that can be handled.

tridge: do you think it would make sense to change the sub_auth[num_auths] to sub_auth[5],
        so we can copy the struct by sid1 = sid2;
comments please

(This used to be commit 2fc8a604b003a6c3425eb7bbf77fbe467c956085)

12 years agor5797: - add idl property [subcontext_size()]
Stefan Metzmacher [Tue, 15 Mar 2005 14:33:38 +0000 (14:33 +0000)]
r5797: - add idl property [subcontext_size()]

  this can be used like this
  [subcontext_size(28),subcontext(0)] dom_sid sid;

  this descripes a fixed 28 byte buffer which contains a dom_sid,
  and the rest of the buffer is padded with zero bytes if the dom_sid doesn't
  need all 28 byte in it's ndr encoding.

- only push and pull the subcontext when we are in the NDR_SCALARS section
  (tridge, jelmer: I hope this is correct for all cases...!?:-)

(This used to be commit 483bb1418fd5c70c418142ade80c1e286adfa05a)

12 years agor5796: add ndr_* function for int8 and int16
Stefan Metzmacher [Tue, 15 Mar 2005 14:25:59 +0000 (14:25 +0000)]
r5796: add ndr_* function for int8 and int16

(This used to be commit 8ac0928a914c1cee3f0493b515f03c6422a8b71a)

12 years agor5785: Fix subcontext pushes
Jelmer Vernooij [Mon, 14 Mar 2005 01:11:13 +0000 (01:11 +0000)]
r5785: Fix subcontext pushes
(This used to be commit 0d590906cd7706ebd8c6d5921546291e98067864)

12 years agor5783: Test renaming of accounts in the RPC-SAMR test, and add support into
Andrew Bartlett [Sun, 13 Mar 2005 06:43:34 +0000 (06:43 +0000)]
r5783: Test renaming of accounts in the RPC-SAMR test, and add support into
the SAMR server.

Andrew Bartlett
(This used to be commit fd748f9d2f8f354f76587d92b94de83bffe1c6dc)

12 years agor5782: Use standard input for reading packet data if filename not specified.
Tim Potter [Sun, 13 Mar 2005 03:16:07 +0000 (03:16 +0000)]
r5782: Use standard input for reading packet data if filename not specified.
(This used to be commit c3c6dafc3120ed5018a27a882cbc09e9d05fac33)