Andrew Tridgell [Mon, 4 Jul 2005 05:05:28 +0000 (05:05 +0000)]
r8117: fixed a bunch more dos error code handing.
The biggest change was fixing the RAW-CONTEXT test. It was forcing
capabilities to zero in an attempt to not negotiated extended
security, but as a side effect it was forcing negotiation of dos error
codes. This confused the hell out of the test code!
Also fixed a bunch of places incorrectly using NT_STATUS_V() instead
of NT_STATUS_EQUAL() and several places that had the wrong dos status
codes
(This used to be commit
0b22744f40804a0d6dc94bfc40ec09306f584f7e)
Andrew Tridgell [Mon, 4 Jul 2005 05:02:29 +0000 (05:02 +0000)]
r8116: demonstrate a little trick that can be used to track down where an
error is coming from. In this case I needed to know where a
NT_STATUS_ACCESS_DENIED was being returned, which is a very common
error, but I needed to know which place in the code was giving it
(This used to be commit
692bb1c8a1428917ed6c516d02524c2f76157181)
Andrew Tridgell [Mon, 4 Jul 2005 05:01:22 +0000 (05:01 +0000)]
r8115: added support for 2 more dos error codes found during testing
(This used to be commit
97cb70571377e3b4e5eb0b7ca516e4af349fdfea)
Andrew Tridgell [Mon, 4 Jul 2005 04:20:34 +0000 (04:20 +0000)]
r8114: fixed the build after tpots ejs commit ....
(This used to be commit
8649945cf9932a169190727f99e352ad68b0589f)
Andrew Tridgell [Mon, 4 Jul 2005 03:42:28 +0000 (03:42 +0000)]
r8113: this should fix the build on systems without heimdal
(This used to be commit
980c09cfca1744c35eb284c7177709fedba073dc)
Andrew Bartlett [Mon, 4 Jul 2005 03:34:56 +0000 (03:34 +0000)]
r8112: Remove extra headers, and add #ifdef to allow the 'not yet using
Heimdal' case.
Andrew Bartlett
(This used to be commit
b7c3c2f67188d8c8478d93e6890a81fa7d468061)
Andrew Tridgell [Mon, 4 Jul 2005 02:54:32 +0000 (02:54 +0000)]
r8111: fixed the client library to work against w2k3 with nt status codes
disabled. The main change is to turn off spnego, which cannot work at
all without nt status codes (w2k3 gives a ERRHRD:ERRgeneral error when
you try)
I also modified NT_STATUS_EQUAL() to allow for nt->dos code equality,
but only when nt status codes are disabled in smb.conf. That keeps all
the existing torture code working, while still allowing us to
correctly catch the cases where forced dos error codes are needed
The dos->ntstatus mapping table has been removed completely, as it
doesn't really make sense, is impossible to get right, and with the
new dos status handling isn't needed. When matching a nt status code
to a dos status code it makes far more sense to map from the nt code
to the dos code and compare, rather than the reverse, as the nt->dos
mapping is what windows has to do internally, so there really is a
valid mapping table.
(This used to be commit
f21274e07b361ef40fdc0fe23e96f1c9c63a091c)
Andrew Bartlett [Mon, 4 Jul 2005 02:36:16 +0000 (02:36 +0000)]
r8110: More PAC work. I still can't get WinXP to accept the PAC, but we are
much closer.
This changes PIDL to allow a subcontext to have a pad8 flag, saying to
pad behind to an 8 byte boundary. This is the only way I can explain
the 4 trainling zeros in the signature struct.
Far more importantly, the PAC code is now under self-test, both in
creating/parsing our own PAC, but also a PAC from my win2k3 server.
This required changing auth_anonymous, because I wanted to reuse the
anonymous 'server_info' generation code.
I'm still having trouble with PIDL, particulary as surrounds value(),
but I'll follow up on the list.
Andrew Bartlett
(This used to be commit
50a54bf4e9bf04d2a8e0aebb3482a2ff655c8bbb)
Andrew Bartlett [Mon, 4 Jul 2005 02:27:18 +0000 (02:27 +0000)]
r8109: Try to print out more helpful debug messages on DCERPC server-side
gensec failure to start.
Andrew Bartlett
(This used to be commit
bc8f8d2dcfbcf06bb9c49981bc3811b252a4b9b0)
Andrew Bartlett [Mon, 4 Jul 2005 02:25:33 +0000 (02:25 +0000)]
r8108: Fix indentation, and remove a discard_const_p() that we don't need any more.
Perhaps like minimal_includes.pl, we should have a way to find these
automaticly. Hmm...
Andrew Bartlett
(This used to be commit
d13b9f548e9d3696505178476d2615835cae8fe2)
Andrew Tridgell [Mon, 4 Jul 2005 01:57:53 +0000 (01:57 +0000)]
r8107: now that we properly separate DOS and NT status codes all the places
that relied on the mapping need to be fixed. The first thing is to get
all the torture tests working against w2k3 again with nt status codes
enabled. The 2nd step will be to make them pass with nt status
disabled.
This starts on the first task, fixing the assumption that
NT_STATUS_INVALID_LOCK_SEQUENCE is a valid substitute for
ERRDOS:ERRbadaccess
(This used to be commit
87cdd117081193d215c5a9e3603438e058ad777b)
Andrew Tridgell [Mon, 4 Jul 2005 01:45:52 +0000 (01:45 +0000)]
r8106: the use of a static string for dos error codes was causing problems in
the torture code. To fix this, get rid of dos_errstr() and instead
move the strings into the nt_errstr() table, using cpp to generate the
strings
(This used to be commit
3136ad9634f0a5ab46e4f83e093df87fdd36484d)
Tim Potter [Mon, 4 Jul 2005 01:31:34 +0000 (01:31 +0000)]
r8105: Add ejsrpc push/pull functions for uint16 and uint8.
(This used to be commit
ee27943e215126a2048d1082437ef2597d913371)
Andrew Tridgell [Mon, 4 Jul 2005 01:23:38 +0000 (01:23 +0000)]
r8104: - added support for our client library to not negotiate nt status codes, controlled
with 'nt status support' option.
- make nt_errstr() display nice strings for dos status codes encoded
using NT_STATUS_DOS()
- no longer map between dos and nt status codes in the client library,
instead return using NT_STATUS_DOS()
- fixed the RAW-CONTEXT test to look for
NT_STATUS_DOS(ERRSRV, ERRbaduid) instead of NT_STATUS_INVALID_HANDLE
(This used to be commit
ff5549e87ffae9f062394f30d8fd1ae95b614735)
Tim Potter [Mon, 4 Jul 2005 01:20:02 +0000 (01:20 +0000)]
r8103: Add an argument separator between the hardcoded args and $PIDL_EXTRA_ARGS
so the first extra arg isn't interpreted as a parameter to the last
hardcoded arg.
(This used to be commit
ad1700ca8e1af7933a183172f4a5ad4b56280474)
Tim Potter [Mon, 4 Jul 2005 00:30:06 +0000 (00:30 +0000)]
r8101: Fix some indentation.
(This used to be commit
baa8f0836f34c94a2f3d831e315575cfa7ced7c3)
Volker Lendecke [Sun, 3 Jul 2005 17:35:19 +0000 (17:35 +0000)]
r8099: clean up after BASE-TCON
(This used to be commit
23bff7bf6cf437e78db50b09f69fd1fbdf6aab35)
Rafal Szczesniak [Sun, 3 Jul 2005 17:17:32 +0000 (17:17 +0000)]
r8098: Add my copyright and remove unecessary header dependency.
rafal
(This used to be commit
88e7b9c2371383c469e2db73d4c8dca70aca7586)
Rafal Szczesniak [Sun, 3 Jul 2005 14:47:19 +0000 (14:47 +0000)]
r8096: Remove function that has became libnet_Lookup fuction.
rafal
(This used to be commit
9885749e36435b301c992e50d0a189860cfa4b5e)
Rafal Szczesniak [Sun, 3 Jul 2005 14:03:41 +0000 (14:03 +0000)]
r8095: Fix compiler warning.
rafal
(This used to be commit
6736ab102f60f8e14d10f430f3e5a0eef478bc81)
Rafal Szczesniak [Sun, 3 Jul 2005 13:58:47 +0000 (13:58 +0000)]
r8094: Fix compiler warnings.
rafal
(This used to be commit
cca6d792945477b86b2dd91f3c90152b69ee2a15)
Simo Sorce [Sun, 3 Jul 2005 08:49:38 +0000 (08:49 +0000)]
r8091: fix invalid attribute names s/_/-/g
this will fix the build
(This used to be commit
9a8872b168c68bade31cab09bea609d2143c4e97)
Simo Sorce [Sat, 2 Jul 2005 18:43:22 +0000 (18:43 +0000)]
r8084: do not leak memory on errors
(This used to be commit
2e328e6c2fc2c66b0d0de910cd43ab232049bc90)
Simo Sorce [Sat, 2 Jul 2005 18:34:13 +0000 (18:34 +0000)]
r8083: check attribute type is valid (only ascii alphanum chars and '-' char)
fail if not
(This used to be commit
b1a61cd5d03b4c61b81c810123ffeb3621831617)
Simo Sorce [Sat, 2 Jul 2005 17:30:03 +0000 (17:30 +0000)]
r8082: large rewite of ldb_dn.c
- we do not support multpiple attribute components anymore, makes code a lot easier
they will be readded later if we found out they are really used, so far my tests
show w2k3 do not handle them as well
- fix escaping issues, move component value to be in an ldb_val structure
still need to handle binary values case
- make cononicalize functions leak less memory by giving a specific memory context
- fix tests scripts so that test-ldap can start
- make test not delete databases on completion so that I can inspect them
(This used to be commit
624a73148d125690ce18515f19231d26df207738)
Rafal Szczesniak [Sat, 2 Jul 2005 14:38:05 +0000 (14:38 +0000)]
r8081: Add simple test for RpcConnect function.
rafal
(This used to be commit
0209fc67adae9d2003f06c826557306c2141a6a8)
Rafal Szczesniak [Sat, 2 Jul 2005 14:37:21 +0000 (14:37 +0000)]
r8080: Use libnet_context where using libnet_Lookup functions now.
rafal
(This used to be commit
1815a6af06aa791bfecb4aee8742701975d35318)
Rafal Szczesniak [Sat, 2 Jul 2005 14:36:34 +0000 (14:36 +0000)]
r8079: Dcerpc pipe in libnet_context is just pipe now, instead of explicit samr.
rafal
(This used to be commit
e7870156dacb2e0346e24f8490bfd90e8b21ea96)
Rafal Szczesniak [Sat, 2 Jul 2005 14:35:01 +0000 (14:35 +0000)]
r8078: rpc connect function uses structure now.
rafal
(This used to be commit
34592b6a92591122180649de251f2ddc181fe382)
Rafal Szczesniak [Sat, 2 Jul 2005 14:33:55 +0000 (14:33 +0000)]
r8077: Propagate changes in rpc connect routine to functions using it
(it's quite common).
rafal
(This used to be commit
798b00c24ae30a08ac81342d13130a6a2f9d3a08)
Rafal Szczesniak [Sat, 2 Jul 2005 14:32:49 +0000 (14:32 +0000)]
r8076: Put name resolution methods into libnet_context. This allows libnet based
application use methods of their own choice and makes it less dependent on
smb.conf parameters.
Use libnet_context in libnet_Lookup functions which is the way to pass
default name resolution methods if caller doesn't want to bother with
specifying them.
rafal
(This used to be commit
d0ea136356bcb9c6c01120d8683b71e8689d5e5b)
Rafal Szczesniak [Sat, 2 Jul 2005 14:28:15 +0000 (14:28 +0000)]
r8075: Make rpc connect function part of libnet api, as I suppose many
implementers of more complex function might need to use it.
Also simplify io structure which essentially does the same thing
when connecting arbitrary rpc server or a domain pdc.
rafal
(This used to be commit
b28d2e96392e89e39f2499f54b6e549a8f3cfb4b)
Andrew Tridgell [Sat, 2 Jul 2005 11:13:12 +0000 (11:13 +0000)]
r8074: demonstrate calling echo_AddOne() from ejs
(This used to be commit
0c534699efb24abefd9879859cde6a9ac61e5af3)
Andrew Tridgell [Sat, 2 Jul 2005 11:12:33 +0000 (11:12 +0000)]
r8073: a successful rpc call from ejs!
the ejs_echo.c code is the stuff that needs to be auto-generated by
pidl. It only does echo_AddOne so far.
We also need a table for registering these calls. The code is
hard-wired for echo_AddOne for now.
(This used to be commit
b1ea58ddc482c373783d16331dd07378010ba39a)
Andrew Tridgell [Sat, 2 Jul 2005 06:32:06 +0000 (06:32 +0000)]
r8071: reduce the size of the default ldb tests. We run on some pretty low powered machines
in the farm, and don't want to chew too much cpu needlessly.
(This used to be commit
c03753faa46d52ae4606546b57962e10c41ea3ad)
Andrew Tridgell [Sat, 2 Jul 2005 05:22:12 +0000 (05:22 +0000)]
r8070: a (as yet not working) example of how rpc calls might be made from js scripts
(This used to be commit
b9e73fa932e8289b756b557faeca1690c02a21ed)
Andrew Tridgell [Sat, 2 Jul 2005 05:21:17 +0000 (05:21 +0000)]
r8069: the beginnings of code to allow rpc calls to be made from ejs
tpot, note that this shows how you can modify passed in MprVar
variables in C call
(This used to be commit
a782541db3de6ca3b599a220265cf9e6cb0c4d7b)
Andrew Tridgell [Sat, 2 Jul 2005 05:18:33 +0000 (05:18 +0000)]
r8068: reduced the verbosity of the EPM code
(This used to be commit
4c5974fc3dabd090284b2ed455a0af114ddbec1d)
Andrew Tridgell [Sat, 2 Jul 2005 05:18:01 +0000 (05:18 +0000)]
r8067: added a method for disabling the password prompt in programs that want
cmdline credentials, but don't want a prompt if none are supplied
(This used to be commit
d7d7f7292b7032dcad6d6245510af229f12f7085)
Andrew Tridgell [Sat, 2 Jul 2005 01:17:19 +0000 (01:17 +0000)]
r8065: don't run the LOCAL-ICONV test in selftest. It does cross-checking of
the builtin iconv code with the system iconv code, and too many
platforms have broken system iconv code, making it fail in a way that
is meaningless for whether samba will work
(This used to be commit
a12950195173337869c5894c86327e7e75cf289f)
Andrew Tridgell [Fri, 1 Jul 2005 12:59:23 +0000 (12:59 +0000)]
r8059: fixed handling of delete on close fir directories
(This used to be commit
14f51a99bccffac0ca284d1315ab6d4b10f3711f)
Andrew Tridgell [Fri, 1 Jul 2005 12:47:10 +0000 (12:47 +0000)]
r8058: added testing of delete on close for files and directories
(This used to be commit
214e51b3c8021dfe31ad951603bae64fa281b0f8)
Andrew Tridgell [Fri, 1 Jul 2005 12:22:50 +0000 (12:22 +0000)]
r8057: use our defined push/pull types in the validate code (fixes a warning)
(This used to be commit
4e14ebf51e871d6d70a194e2725c2158675dc6fc)
Andrew Tridgell [Fri, 1 Jul 2005 12:20:24 +0000 (12:20 +0000)]
r8056: make the realm lowercase in our ldb (better matches w2k3)
(This used to be commit
39cfb6f739f33a33dcbee708a9a2e5f1c6c12287)
Andrew Tridgell [Fri, 1 Jul 2005 12:19:39 +0000 (12:19 +0000)]
r8055: added canonicalName to our domainDns record
(This used to be commit
1ba296b9d0ed1cf0961bdd3cde03f1ce56e1d72b)
Stefan Metzmacher [Fri, 1 Jul 2005 12:19:24 +0000 (12:19 +0000)]
r8054: add OSVersion, OSVersionEx, DNSMachineName PrintServerData
metze
(This used to be commit
47781fccbc9a4fc3867e4c3959a17765c7e4dc71)
Andrew Tridgell [Fri, 1 Jul 2005 12:18:39 +0000 (12:18 +0000)]
r8053: requests from mmc show that the auth info for a bind should be 4 byte aligned, not
8 byte aligned
(This used to be commit
c112a2b23e6cd2c55fbb7e8096a7c523a91d6814)
Stefan Metzmacher [Fri, 1 Jul 2005 12:14:42 +0000 (12:14 +0000)]
r8052: that looks nicer:-)
metze
(This used to be commit
dad0371a9fea0de080650cb081beafdaa773ceda)
Andrew Tridgell [Fri, 1 Jul 2005 11:50:30 +0000 (11:50 +0000)]
r8051: separate out the MAX EAs test, as it fills disk too much to be run regularly
(This used to be commit
dac526845ea89ba732300105b3f82210b0828102)
Stefan Metzmacher [Fri, 1 Jul 2005 11:04:33 +0000 (11:04 +0000)]
r8050: - make use of more [value()] properties
- the out subcontext's need to have a fixed size of r->in.offered,
to make windows clients happy
metze
(This used to be commit
054e1ca434b2f81de199eeb41cb6233524fc5779)
Stefan Metzmacher [Fri, 1 Jul 2005 10:58:22 +0000 (10:58 +0000)]
r8049: add function that returns the build version (of w2k3 here 3790)
metze
(This used to be commit
81abbdaeb180a1618e34ab56275f6eeacfcc99ce)
Stefan Metzmacher [Fri, 1 Jul 2005 09:05:10 +0000 (09:05 +0000)]
r8046: - add somemore failure checks in the RPC-SPOOLSS test
- test AddForm on the PrintServer object
- GetForm() isn't allowed on the PrintServer object so remove NTPTR
function for it
- accept the dns name as servername in the spoolss server
metze
(This used to be commit
d8c308a4653d59514915021607fe55c5f2b38749)
Stefan Metzmacher [Fri, 1 Jul 2005 08:33:42 +0000 (08:33 +0000)]
r8045: fix valgrind warning, add zero padding when the string doesn't fill the full FIXLEN
metze
(This used to be commit
d8175b01db69436d8af64b97d7b7beca4ba4b552)
Stefan Metzmacher [Fri, 1 Jul 2005 08:27:23 +0000 (08:27 +0000)]
r8044: give a better error code
metze
(This used to be commit
fdbf822f1c90cba110d91720ea586ceef9de38b2)
Andrew Tridgell [Fri, 1 Jul 2005 08:18:48 +0000 (08:18 +0000)]
r8043: increase shell compatibility of ldb tests
(This used to be commit
60863b6faf7f78566052491340607cbb4b3f2e72)
Stefan Metzmacher [Fri, 1 Jul 2005 08:14:21 +0000 (08:14 +0000)]
r8042: give better error message
metze
(This used to be commit
70118e9529aaf7af9129df7cb3a6749598b17568)
Andrew Tridgell [Fri, 1 Jul 2005 08:04:48 +0000 (08:04 +0000)]
r8041: remove a mis-spelled debug message :-)
(This used to be commit
912fa269d293b3b55fc5fa65f9532614fe2e202d)
Andrew Tridgell [Fri, 1 Jul 2005 07:25:10 +0000 (07:25 +0000)]
r8040: run ldb test suite as part of samba 'make test'
(This used to be commit
3671459d9a4b4409904adff57548dd35da6afd42)
Andrew Tridgell [Fri, 1 Jul 2005 07:23:14 +0000 (07:23 +0000)]
r8039: allow ldb test suite to be run outside of the ldb directory
(This used to be commit
f3e3b2ccd93b87c1c240cf7e44106389b089b526)
Andrew Tridgell [Fri, 1 Jul 2005 07:02:26 +0000 (07:02 +0000)]
r8038: - fixed indexing on binary values that need base64 encoding and canonicalisation
- added support for recognising the S- form of objectsid in search
expressions. I thought this could be done with just a comparison
modified comparison function, but it turns out it also needs a
canonicalisation function so that indexing can work
(This used to be commit
7d2bee2c5619f284375ecbed14371c5e8639ed1c)
Andrew Tridgell [Fri, 1 Jul 2005 06:21:26 +0000 (06:21 +0000)]
r8037: a fairly major update to the internals of ldb. Changes are:
- moved the knowledge of attribute types out of ldb_tdb and into the
generic ldb code. This allows the ldb_match() message match logic
to be generic, so it can be used by other backend
- added the generic ability to load attribute handlers, for
canonicalisation, compare, ldif read and ldif write. In the future
this will be used by the schema module to allow us to correctly
obey the attributetype schema elements
- added attribute handlers for some of the core ldap attribute types,
Integer, DirectoryString, DN, ObjectClass etc
- added automatic registration of attribute handlers for well-known
attribute names 'cn', 'dc', 'dn', 'ou' and 'objectClass'
- converted the objectSid special handlers for Samba to the new system
- added more correct handling of indexing in tdb backend based on the
attribute canonicalisation function
- added generic support for subclasses, moving it out of the tdb
backend. This will be used in future by the schema module
- fixed several bugs in the dn_explode code. It still needs more
work, but doesn't corrupt ldb dbs any more.
(This used to be commit
944c5844ab441b96d8e5d7b2d151982139d1fab9)
Stefan Metzmacher [Fri, 1 Jul 2005 06:05:49 +0000 (06:05 +0000)]
r8036: revert rev 8023/8024 as they have a bugs.
metze
(This used to be commit
66d6b1d5783cba98f2f8e1c8eed1bdc26a5bad4f)
Andrew Tridgell [Fri, 1 Jul 2005 05:20:08 +0000 (05:20 +0000)]
r8035: added indexing tests. current ldb fails the integer indexing, will be fixed shortly
(This used to be commit
a9c32445035a09978c5fdbc189a2767e7650dfc2)
Andrew Tridgell [Fri, 1 Jul 2005 02:17:38 +0000 (02:17 +0000)]
r8033: - add easier valgrind testing
- add tests for the @SUBCLASSES ltdb special
(This used to be commit
ad6e62fdcf0432fcf4d41edb1727cbba1b7528b7)
Andrew Tridgell [Fri, 1 Jul 2005 01:25:55 +0000 (01:25 +0000)]
r8032: added loop detection into talloc. Robert Collins found a way to make a
memory loop with talloc_unlink(), so now we detect it and handle it
(This used to be commit
563058e78b8c74e821fabf6a43fa861c1ad09944)
Stefan Metzmacher [Thu, 30 Jun 2005 20:53:24 +0000 (20:53 +0000)]
r8028: fix a crash bug in ulogoff, when the tree_connect failed before
metze
(This used to be commit
a2e34475d723eb74fc58b9afa9f4a863b1277b0d)
Stefan Metzmacher [Thu, 30 Jun 2005 19:25:55 +0000 (19:25 +0000)]
r8024: avoid one memcpy in the ipc_trans dcesrv_output() callback
we now can reference the DATA_BLOB that is used inside the dcesrv subsystem
metze
(This used to be commit
078f42bc3f74c66b69c7f76005812b221d691f7a)
Stefan Metzmacher [Thu, 30 Jun 2005 19:24:29 +0000 (19:24 +0000)]
r8023: use a pointer to a DATA_BLOB for each reply,
that will allow the write_fn callback of dcesrv_output()
to reference the memory with a valid TALLOC pointer
metze
(This used to be commit
d0574d407f426f5c001e943dee5c03d24f4fb21c)
Stefan Metzmacher [Thu, 30 Jun 2005 17:10:03 +0000 (17:10 +0000)]
r8021: we only need to return STATUS_BUFFER_OVERFLOW for the ipc_trans replies
and not for the ipc_read() replies as here the client explicit says how much data it wants
the write_fn() in dcesrv_output() now returns NTSTATUS
and the ipc specific implementations are moved to the ntvfs_ipc module
metze
(This used to be commit
fe483dcd874b7243d61e9623840c672b4ea06b2c)
Stefan Metzmacher [Thu, 30 Jun 2005 17:05:02 +0000 (17:05 +0000)]
r8020: - add --with-selftest-prefix option that specify the prefix used in make test
- also we use ./prefix test as default and not `pwd`/prefix-test
to workaround the path length limit for unix sockets
... char sun_path[108]; ...
metze
(This used to be commit
d04057b932266325b1267597b2bc202db392a88a)
Andrew Bartlett [Thu, 30 Jun 2005 11:23:33 +0000 (11:23 +0000)]
r8016: Get the keyblock arguments correct. (the context struct changed, but
I forgot to update the users)
Andrew Bartlett
(This used to be commit
44b86b7e6570e31ab07ce12593fb8834325c52c8)
Andrew Bartlett [Thu, 30 Jun 2005 08:26:58 +0000 (08:26 +0000)]
r8013: Remember to add the header containing the prototype for the pac
generating function...
Andrew Bartlett
(This used to be commit
707cf5fba8e5652043d392d3ee77d042eb9c3a90)
Jelmer Vernooij [Thu, 30 Jun 2005 08:00:08 +0000 (08:00 +0000)]
r8012: Add UUID for NDR64 transfer syntax.
(This used to be commit
6a3f62222285fa091968bb025edfe21fcf5dfb86)
Andrew Tridgell [Thu, 30 Jun 2005 03:59:02 +0000 (03:59 +0000)]
r8011: arrgh, commit the right version this time
(This used to be commit
5efea40ea63b6951b3bd4362f1ae57f960fefecf)
Andrew Tridgell [Thu, 30 Jun 2005 03:56:55 +0000 (03:56 +0000)]
r8010: added testing of wildcard attributes
(This used to be commit
25d3872a6ebbc152a83695e667f5d08e69c8c8ea)
Andrew Tridgell [Thu, 30 Jun 2005 03:32:43 +0000 (03:32 +0000)]
r8009: expanded the ldb test suite. It worried me that some changes I have
pending, which I know break lots of features, still passed our test
suite! Now they don't.
(This used to be commit
5801167c8dfc8a61bfeac396bca8ffd3d5270296)
Andrew Tridgell [Thu, 30 Jun 2005 01:59:51 +0000 (01:59 +0000)]
r8006: I have seen w2k3 send multiple encoding syntaxes in rpc bind
requests. This is a simple change to accept that, as long as the first
one is NDR.
(This used to be commit
330293ddff39266abb688c6292e59472ff47aebe)
Andrew Tridgell [Thu, 30 Jun 2005 01:57:57 +0000 (01:57 +0000)]
r8005: escape '"' characters in ldap expressions. Makes scripting easier.
(This used to be commit
2de986455c9b616132f06a69c2f135019da2bb8b)
Andrew Tridgell [Thu, 30 Jun 2005 01:36:02 +0000 (01:36 +0000)]
r8004: added a maximum EAs size test from Kukks.
(This used to be commit
426c4d08ac9191c02dcd604a21ea390b7d255a41)
Andrew Tridgell [Thu, 30 Jun 2005 01:34:53 +0000 (01:34 +0000)]
r8003: ensure that we don't try to send a trans request with more than 64k data or params
(This used to be commit
b4f2d17ace6a609ec87da103a89e36edee8903f9)
Andrew Tridgell [Thu, 30 Jun 2005 01:26:52 +0000 (01:26 +0000)]
r8002: favor addresses on our local interfaces in NBT name resolution if
possible. This is needed because w2k3 will return bogus IPs in its
name resolution replies when it has an unplugged network interface.
(This used to be commit
2fafc230520fb5bbe9f763de94aaba87b56f5411)
Andrew Bartlett [Thu, 30 Jun 2005 01:04:51 +0000 (01:04 +0000)]
r8001: Also fill in the krbtgt checksum, and make sure to put the right
checksum in the right place...
Andrew Bartlett
(This used to be commit
90d0f502da20add6784c883b2085cde519604933)
Andrew Bartlett [Wed, 29 Jun 2005 22:31:45 +0000 (22:31 +0000)]
r8000: It seems make proto is required, for reasons I can't explain.
Andrew Bartlett
(This used to be commit
b10f224f5515a97fc4fd5c40b304180593df79ea)
Rafal Szczesniak [Wed, 29 Jun 2005 20:30:12 +0000 (20:30 +0000)]
r7999: Fix lacking structure definition.
rafal
(This used to be commit
6886aefe4c78e3e208eacb3c4b76f1189bd1352a)
Andrew Bartlett [Wed, 29 Jun 2005 13:55:09 +0000 (13:55 +0000)]
r7993: Further work on the Krb5 PAC.
We now generate the PAC, and can verifiy both our own PAC and the PAC
from Win2k3.
This commit adds the PAC generation code, spits out the code to get
the information we need from the NETLOGON server back into a auth/
helper function, and adds a number of glue functions.
In the process of building the PAC generation code, some hints in the
Microsoft PAC specification shed light on other parts of the code, and
the updates to samr.idl and netlogon.idl come from those hints.
Also in this commit:
The Heimdal build package has been split up, so as to only link the
KDC with smbd, not the client utils.
To enable the PAC to be veified with gensec_krb5 (which isn't quite
dead yet), the keyblock has been passed back to the calling layer.
Andrew Bartlett
(This used to be commit
e2015671c2f7501f832ff402873ffe6e53b89466)
Andrew Bartlett [Wed, 29 Jun 2005 13:48:51 +0000 (13:48 +0000)]
r7991: I forgot to free the keyblock once we are done with it.
Andrew Bartlett
(This used to be commit
a68e348375ab026385e7d5162ed8da8f2adbd84e)
Andrew Bartlett [Wed, 29 Jun 2005 07:55:16 +0000 (07:55 +0000)]
r7990: An attempt at documenting the current state of cludges required to get
Samba4 going, with kerberos.
Andrew Bartlett
(This used to be commit
d027d0f10682ca5906d2f1ae2889d476db61be9a)
Andrew Bartlett [Wed, 29 Jun 2005 03:01:35 +0000 (03:01 +0000)]
r7989: Allow the use of hashed passwords in the kerberos client and server,
and create the in-memory keytab with the correct kvno, if available.
Andrew Bartlett
(This used to be commit
7b7b2b038e25f3d767b5db7d6e41dd947fdde091)
Andrew Bartlett [Wed, 29 Jun 2005 02:28:57 +0000 (02:28 +0000)]
r7988: Store the KVNO for the machine account, and set it up in the provision.
Andrew Bartlett
(This used to be commit
90e94a4630c24282cd93ee05e258877b38e24a57)
Andrew Bartlett [Tue, 28 Jun 2005 22:13:53 +0000 (22:13 +0000)]
r7986: Fix the compile, thanks to HotaruT.
This won't actually work until I get the keyblock filled in again, but
at least it will compile.
I first need to decide if we want to keep the server-side gensec_krb5
code at all, now we have the GSSAPI layer doing what we want.
Andrew Bartlett
(This used to be commit
28e49de9293002ee89f0666144c9028daefdde88)
Andrew Bartlett [Tue, 28 Jun 2005 10:58:41 +0000 (10:58 +0000)]
r7980: Forgot to add kerberos_pac.c to this config.mk file.
Andrew Bartlett
(This used to be commit
bba58a1876353effbef540dd0db9e66db5343c35)
Andrew Bartlett [Tue, 28 Jun 2005 09:37:04 +0000 (09:37 +0000)]
r7979: Metze reminded me to try one more combination, and we can now verify
the 'PAC', required for interopability with Active Directory.
This is still a cludge, as it doesn't handle different encryption
types, but that should be fairly easy to fix (needs PIDL/IDL changes).
Andrew Bartlett
(This used to be commit
690cfc44cef9b349cc31417d8353b6ce1c7832e1)
Andrew Bartlett [Tue, 28 Jun 2005 08:27:50 +0000 (08:27 +0000)]
r7978: A start again on PAC verification. I have noticed that the kerberos
keys appear at the end of the PAC, which I feel is deliberate (it
makes this much easier).
I still can't make it work, but I'm sure we are closer.
Andrew Bartlett
(This used to be commit
6f0e1c80ae7b1e31e7a3fbff84f07442ee5a31cf)
Andrew Tridgell [Tue, 28 Jun 2005 02:49:35 +0000 (02:49 +0000)]
r7977: split up 'make clean' a little more as it is overflowing the command line size limits
on some platforms
(This used to be commit
e18dc32074fe56d7ccbcf9cc621a4b88abe957b1)
Andrew Bartlett [Tue, 28 Jun 2005 00:57:38 +0000 (00:57 +0000)]
r7971: structs.h update
(This used to be commit
31e7df1392f39e170e3d072b8356e746208d0621)
Andrew Bartlett [Tue, 28 Jun 2005 00:57:15 +0000 (00:57 +0000)]
r7970: This SMB signing code (merged from 3.0) turned out to be bogus.
Andrew Bartlett
(This used to be commit
817160ec1a85724c8bf482f128ea687396de0888)
Andrew Bartlett [Tue, 28 Jun 2005 00:56:39 +0000 (00:56 +0000)]
r7969: It seems reasonable that our tickets be marked renewable, in the
absense of an apparent AD flag to control this behaviour.
Andrew Bartlett
(This used to be commit
9886aa6f0e64cdb30774bfba3f2c683a3dbec9c4)
Andrew Bartlett [Tue, 28 Jun 2005 00:55:44 +0000 (00:55 +0000)]
r7968: Pull the PAC from within GSSAPI, rather than only when using our own
'mock GSSAPI'.
Many thanks to Luke Howard for the work he has done on Heimdal for
XAD, to provide the right API hooks in GSSAPI.
Next step is to verify the signatures, and to build the PAC for the
KDC end.
Andrew Bartlett
(This used to be commit
2e82743c98e563e97c5a215d09efa0121854d0f7)
Andrew Bartlett [Tue, 28 Jun 2005 00:52:10 +0000 (00:52 +0000)]
r7967: We don't have the ms_krb5 stuff any more.
Andrew Bartlett
(This used to be commit
56a5ccd7d924343609698b034b91b4891fb3f08a)
Andrew Bartlett [Tue, 28 Jun 2005 00:51:35 +0000 (00:51 +0000)]
r7966: We need a better way to do this, but enable the KDC by default, if we
have kerberos.
Andrew Bartlett
(This used to be commit
3d82b1417b9f2e31089cb8ee7e4f98bd226f2e75)