Andrew Bartlett [Sun, 11 Dec 2005 08:27:14 +0000 (08:27 +0000)]
r12178: Make ldb_ildap work against localhost again, by setting the event
context into the ldb opaque. I'm sure this was done before, and must
have been lost by some other change.
Andrew Bartlett
Rafal Szczesniak [Sat, 10 Dec 2005 10:10:44 +0000 (10:10 +0000)]
r12162: More comments.
rafal
Volker Lendecke [Sat, 10 Dec 2005 09:18:03 +0000 (09:18 +0000)]
r12161: Fix a memleak and do the -O1 janitor :-)
Andrew Tridgell [Fri, 9 Dec 2005 23:43:02 +0000 (23:43 +0000)]
r12158: added ldif handlers for the ntSecurityDescriptor attribute, so when
displaying security descriptors in ldbsearch or ldbedit you can see
the SDDL version.
This also allows us to specify security descriptors in our
setup/*.ldif files in SDDL format, which is much more convenient than
the NDR binary format!
Andrew Tridgell [Fri, 9 Dec 2005 23:40:14 +0000 (23:40 +0000)]
r12157: ldb_dump_results() is useful to call from within gdb, so you can see a
set of results
Andrew Tridgell [Fri, 9 Dec 2005 23:39:00 +0000 (23:39 +0000)]
r12156: added samdb_domain_sid(), a routine to get the domain sid by looking
up the rootDomainNamingContext in the rootdse, then getting the
objectsid from the root of the domain
Volker Lendecke [Fri, 9 Dec 2005 21:49:11 +0000 (21:49 +0000)]
r12154: Torture test for bug # 3303.
Jeremy, to run this against Samba3 at all you need to insert a "goto line 957"
in line 548. Without this we fail some tests before # 16 and bail out.
While looking at it, you wanted to fix the directory-based ones a while
ago.... :-))
Volker
Stefan Metzmacher [Fri, 9 Dec 2005 20:42:09 +0000 (20:42 +0000)]
r12153: work arround the fact that epoll reports EPOLLERR and EPOLLHUP, even if
you don't ask for.
with this patch the epoll mode behaves like the select mode
metze
Stefan Metzmacher [Fri, 9 Dec 2005 20:14:55 +0000 (20:14 +0000)]
r12151: match the select mode of the standard events system and the liboop system,
and report errors as read events
metze
Volker Lendecke [Fri, 9 Dec 2005 19:36:40 +0000 (19:36 +0000)]
r12150: Reformatting
Simo Sorce [Fri, 9 Dec 2005 18:33:30 +0000 (18:33 +0000)]
r12148: add the docs for the paged results control
Stefan Metzmacher [Fri, 9 Dec 2005 17:49:48 +0000 (17:49 +0000)]
r12146: as epoll notifies EPOLLERR and EPOLLHUP implicit,
let our code make it explicit, to make it clear
metze
Stefan Metzmacher [Fri, 9 Dec 2005 17:30:14 +0000 (17:30 +0000)]
r12141: - move epoll related code into one big #ifdef, and use dummy #define's
for the case where, epoll isn't available at compile time
- only pass the private std_event_context, to the local function,
to get rid of the talloc_get_type() calls
- use the private pointer to std_event_context_init() to decide if we want to
disable epoll at runtime
metze
Stefan Metzmacher [Fri, 9 Dec 2005 16:43:19 +0000 (16:43 +0000)]
r12140: - add an additional_flags field to the fd_event struct, so that
the events backend can store private flags
- add function to access the gtk event loop ops struct
metze
Andrew Tridgell [Fri, 9 Dec 2005 06:22:09 +0000 (06:22 +0000)]
r12139: - fixed up the ace object flags checking
- allow for arbitrary access masks in sddl_encode_ace()
Andrew Tridgell [Fri, 9 Dec 2005 05:21:47 +0000 (05:21 +0000)]
r12138: added use of 2 letter SID codes in sddl_encode_sid()
Andrew Tridgell [Fri, 9 Dec 2005 04:54:30 +0000 (04:54 +0000)]
r12137: added sddl_encode(), the reverse of the sddl_decode() function added a
couple of days ago. Doesn't yet encode using the shorthand for well
known SIDs.
Andrew Tridgell [Fri, 9 Dec 2005 04:11:44 +0000 (04:11 +0000)]
r12136: fixed a bug in NetWkstaTransportEnum() from the recent merge with ethereal idl
Rafal Szczesniak [Fri, 9 Dec 2005 00:04:38 +0000 (00:04 +0000)]
r12135: Move named pipe connect on smb2 function to async implementation.
Completely untested, it's a bit difficult without having vista
around (yet), so - Andrew, please test it and let me know what's
wrong.
rafal
Stefan Metzmacher [Thu, 8 Dec 2005 14:17:58 +0000 (14:17 +0000)]
r12128: add --enable-socket-wrapper
metze
Stefan Metzmacher [Thu, 8 Dec 2005 14:06:42 +0000 (14:06 +0000)]
r12127: add --option=rpc_login:samr_auth=yes, to work against w2k3
metze
Stefan Metzmacher [Thu, 8 Dec 2005 10:23:56 +0000 (10:23 +0000)]
r12126: get rid of the local ->terminate hacks, we do that genericly now
metze
Stefan Metzmacher [Thu, 8 Dec 2005 09:13:28 +0000 (09:13 +0000)]
r12125: make the deferred connection termination the default,
so that I can remove all the other versions of it
metze
Stefan Metzmacher [Thu, 8 Dec 2005 08:48:35 +0000 (08:48 +0000)]
r12124: we don't need this comment twice
metze
Stefan Metzmacher [Thu, 8 Dec 2005 08:31:59 +0000 (08:31 +0000)]
r12123: handle fde == NULL at the correct level
metze
Stefan Metzmacher [Thu, 8 Dec 2005 07:52:52 +0000 (07:52 +0000)]
r12122: add forward declaration for packet_context
metze
Stefan Metzmacher [Thu, 8 Dec 2005 07:50:38 +0000 (07:50 +0000)]
r12121: remove some dublicate code
metze
Andrew Tridgell [Thu, 8 Dec 2005 01:13:45 +0000 (01:13 +0000)]
r12116: got rid of composite_trigger_done() and composite_trigger_error(), and
instead make the normal composite_done() and composite_error()
functions automatically trigger a delayed callback if the caller has
had no opportunity to setup a async callback
this removes one of the common mistakes in writing a composite function
Stefan Metzmacher [Wed, 7 Dec 2005 08:11:50 +0000 (08:11 +0000)]
r12115: bring SMB sesssetup_spnego in sync with SMB2 sesssetup
metze
Stefan Metzmacher [Wed, 7 Dec 2005 07:28:43 +0000 (07:28 +0000)]
r12114: - smb2_keepalive() acts on the smb2_transport
- smb2_logoff() acts on the smb2_session
metze
Stefan Metzmacher [Wed, 7 Dec 2005 07:14:13 +0000 (07:14 +0000)]
r12113: in SMB2 we should only allocate a new session
when the client sends UID = 0, otherwise we return
NT_STATUS_USER_SESSION_DELETED
metze
Rafal Szczesniak [Tue, 6 Dec 2005 19:48:47 +0000 (19:48 +0000)]
r12105: Formatting.
rafal
Rafal Szczesniak [Tue, 6 Dec 2005 19:48:06 +0000 (19:48 +0000)]
r12104: Move to (sync) smb_composite_connect from smbcli_tree_full_connection()
This is one of the last places using the latter function.
rafal
Rafal Szczesniak [Tue, 6 Dec 2005 19:44:49 +0000 (19:44 +0000)]
r12103: Comments and a bit of formatting.
rafal
Stefan Metzmacher [Tue, 6 Dec 2005 17:59:20 +0000 (17:59 +0000)]
r12102: for SMB2 we need to allocate tcons per session
metze
Stefan Metzmacher [Tue, 6 Dec 2005 17:42:04 +0000 (17:42 +0000)]
r12101: revert my last commit, I breaks the build and I don't know why...
metze
Stefan Metzmacher [Tue, 6 Dec 2005 14:17:06 +0000 (14:17 +0000)]
r12095: the most SMB2 opcodes need a valid session and tcon,
metze
Stefan Metzmacher [Tue, 6 Dec 2005 14:14:43 +0000 (14:14 +0000)]
r12094: - implement dummy smb2srv_tcon()
- implement smb2srv_tdis()
metze
Stefan Metzmacher [Tue, 6 Dec 2005 14:11:55 +0000 (14:11 +0000)]
r12093: add missing file
metze
Stefan Metzmacher [Tue, 6 Dec 2005 13:26:24 +0000 (13:26 +0000)]
r12092: - add dummy functions for the missing SMB2 opcodes
- implement keepalive and logoff
metze
Stefan Metzmacher [Tue, 6 Dec 2005 12:33:32 +0000 (12:33 +0000)]
r12091: the SMB2 specific level are not available via SMB
(get rid of the compiler warnings)
metze
Stefan Metzmacher [Tue, 6 Dec 2005 11:52:16 +0000 (11:52 +0000)]
r12090: use the _trigger_error() function in the function
that allocated the composite_context
metze
Rafal Szczesniak [Tue, 6 Dec 2005 11:11:11 +0000 (11:11 +0000)]
r12089: Couple of fixes in cases of memory outage before we sort
out how and when to use composite_error() and composite_trigger_error().
Spotted by Metze.
rafal
Rafal Szczesniak [Tue, 6 Dec 2005 08:58:21 +0000 (08:58 +0000)]
r12088: Use a structure to pass arguments to dcerpc connection functions
and move migrated (async) code to a new file.
rafal
Rafal Szczesniak [Tue, 6 Dec 2005 08:56:13 +0000 (08:56 +0000)]
r12087: Split dcerpc pipe connection functions into separate file.
It's going to contain async functions and ncacn_np is the
first.
rafal
Andrew Tridgell [Tue, 6 Dec 2005 05:25:03 +0000 (05:25 +0000)]
r12086: reverted the utf8string change in xattr.idl. See the discussion on
samba-technical on why this should stay as a simple null terminated
string (basically to make hand-written parsers easier)
Andrew Tridgell [Tue, 6 Dec 2005 03:53:51 +0000 (03:53 +0000)]
r12085: wkssvc.idl updated based on work by Ronnie Sahlberg to bring the
Samba4 and ethereal IDL into line, so ethereal doesn't lose any
existing strucutres when switching to idl
Andrew Tridgell [Tue, 6 Dec 2005 03:51:54 +0000 (03:51 +0000)]
r12084: added a comment on what is appropriate for parameter_control
Andrew Tridgell [Tue, 6 Dec 2005 00:12:32 +0000 (00:12 +0000)]
r12082: fixed a valgrind error found by kukks in the transs server handling
Rafal Szczesniak [Mon, 5 Dec 2005 22:34:45 +0000 (22:34 +0000)]
r12079: Fix to the comment for sake of completness...
rafal
Stefan Metzmacher [Mon, 5 Dec 2005 22:22:05 +0000 (22:22 +0000)]
r12078: fix the build on hosts with old compilers
metze
Stefan Metzmacher [Mon, 5 Dec 2005 15:47:15 +0000 (15:47 +0000)]
r12075: remove NBT-WINSREPLICATION-QUICK test, as we now pass the NBT-WINSREPLICATION
test
metze
Stefan Metzmacher [Mon, 5 Dec 2005 15:26:49 +0000 (15:26 +0000)]
r12074: in accept() we need to set socket name of the child socket by looking
up what address the client has used, as the socket is maybe bound to '0.0.0.0'
metze
Stefan Metzmacher [Mon, 5 Dec 2005 15:22:38 +0000 (15:22 +0000)]
r12073: fix vlgrind error, calculate the correct size for memcpy()
and don't assume out_len is >= sizeof(*in_addr)
metze
Stefan Metzmacher [Mon, 5 Dec 2005 12:47:32 +0000 (12:47 +0000)]
r12072: fix sgroup,active,owned vs. sgroup,non-active case
metze
Stefan Metzmacher [Mon, 5 Dec 2005 12:25:19 +0000 (12:25 +0000)]
r12071: - implement MHOMED merging
- implement late release demands
we now pass the full NBT-WINSREPLICATION torture test
but only with non-socket_wrapper mode
metze
Stefan Metzmacher [Mon, 5 Dec 2005 12:18:16 +0000 (12:18 +0000)]
r12070: make sure a unique record with multiple addresses becauses mhomed
metze
Stefan Metzmacher [Mon, 5 Dec 2005 10:24:07 +0000 (10:24 +0000)]
r12069: fix typo
metze
Stefan Metzmacher [Mon, 5 Dec 2005 10:15:56 +0000 (10:15 +0000)]
r12068: a better fix to prevent crashing, on errors
metze
Stefan Metzmacher [Mon, 5 Dec 2005 10:03:10 +0000 (10:03 +0000)]
r12067: print out some more details
metze
Stefan Metzmacher [Mon, 5 Dec 2005 07:56:22 +0000 (07:56 +0000)]
r12066: - add a unique,active,owner vs. unique,active,replica tests where
we respond with the replicas address to the challenge
- fix some skip checks
metze
Stefan Metzmacher [Mon, 5 Dec 2005 06:55:20 +0000 (06:55 +0000)]
r12065: fix compiler warning
metze
Andrew Tridgell [Mon, 5 Dec 2005 06:05:02 +0000 (06:05 +0000)]
r12064: pass back the socket level error correctly (so we get
NT_STATUS_CONNECTION_REFUSED when a KDC is not listening)
Andrew Tridgell [Mon, 5 Dec 2005 06:01:22 +0000 (06:01 +0000)]
r12063: fixed the krb5 client code to handle ICMP port unreachable errors, and
error out immediatelly. This prevents a long timeout
Andrew Bartlett [Mon, 5 Dec 2005 04:10:13 +0000 (04:10 +0000)]
r12062: SASL negotiation now requires a gensec_security context, so that we
only try permitted mechanims.
Andrew Bartlett
Andrew Bartlett [Mon, 5 Dec 2005 03:42:28 +0000 (03:42 +0000)]
r12061: Add missing file to previous commit. This provides a hook on which to
attach a restriction on available GENSEC mechanisms.
Andrew Bartlett
Andrew Bartlett [Mon, 5 Dec 2005 03:20:40 +0000 (03:20 +0000)]
r12060: Work towards allowing the credentials system to allow/deny certain
GENSEC mechansims. This will allow a machine join to an NT4 domain to
avoid even trying kerberos, or a sensitive operation to require it.
Andrew Bartlett
Andrew Bartlett [Mon, 5 Dec 2005 01:38:26 +0000 (01:38 +0000)]
r12059: Use random keytab names (so we get different keytabs, rather than
share the MEMORY: keytab).
Andrew Bartlett
Andrew Bartlett [Mon, 5 Dec 2005 01:36:53 +0000 (01:36 +0000)]
r12058: Set an anonymous fallback, if the machine account isn't available.
Andrew Bartlett
Andrew Tridgell [Mon, 5 Dec 2005 00:43:50 +0000 (00:43 +0000)]
r12057: fixed authentication in ldb client tools
Andrew Bartlett [Sun, 4 Dec 2005 12:17:02 +0000 (12:17 +0000)]
r12056: Some clarification fixes for the keytab code, and use the right
function for enctype to string.
Andrew Bartlett
Andrew Bartlett [Sat, 3 Dec 2005 00:47:51 +0000 (00:47 +0000)]
r12037: Fix malloc corruption caused by double-free(), where realloc(ptr, 0)
is equivilant to free().
This is the issue tridge was seeing in the MEMORY: keytab code.
Andrew Bartlett
Andrew Bartlett [Sat, 3 Dec 2005 00:46:23 +0000 (00:46 +0000)]
r12036: Fix more KDC memory leaks (and there are probably still more...).
Andrew Bartlett
Andrew Bartlett [Fri, 2 Dec 2005 22:37:07 +0000 (22:37 +0000)]
r12035: Fix memory leaks in the KDC.
Andrew Bartlett
Stefan Metzmacher [Fri, 2 Dec 2005 15:51:39 +0000 (15:51 +0000)]
r12024: do some extra sleeping to give the server the chance to handle our reply
metze
Stefan Metzmacher [Fri, 2 Dec 2005 15:40:26 +0000 (15:40 +0000)]
r12023: use the NBTD IRPC proxy calls for implementing the challenge and release demand
conflict cases
metze
Stefan Metzmacher [Fri, 2 Dec 2005 15:37:52 +0000 (15:37 +0000)]
r12022: add NBTD IRPC proxy calls for wins challenge and wins release demand,
used for replication conflicts
metze
Stefan Metzmacher [Fri, 2 Dec 2005 15:30:25 +0000 (15:30 +0000)]
r12021: remove shortpath for winsdb_lookup, this isn't needed
metze
Stefan Metzmacher [Fri, 2 Dec 2005 15:02:21 +0000 (15:02 +0000)]
r12020: fix memory hierachie
metze
Stefan Metzmacher [Fri, 2 Dec 2005 14:53:56 +0000 (14:53 +0000)]
r12019: - let us only reference libblkid stuff in one file
- and make it it bit simpler, by caching the GUID struct instead of the device name
- and this also removes all compiler warnings...
metze
Andrew Tridgell [Fri, 2 Dec 2005 11:33:19 +0000 (11:33 +0000)]
r12016: fixed a valgrind error
Stefan Metzmacher [Fri, 2 Dec 2005 07:30:34 +0000 (07:30 +0000)]
r12014: free the irpc_request structure with the irpc_call_recv functions,
to match all other _recv functions we have
metze
Stefan Metzmacher [Fri, 2 Dec 2005 07:11:43 +0000 (07:11 +0000)]
r12013: fix compiler warnings
metze
Stefan Metzmacher [Fri, 2 Dec 2005 07:02:38 +0000 (07:02 +0000)]
r12012: fix renaming smbsrv_trees -> smbsrv_tcons
metze
Andrew Tridgell [Fri, 2 Dec 2005 05:29:13 +0000 (05:29 +0000)]
r12011: fixed another 'mixed code and declarations' bug
Andrew Tridgell [Fri, 2 Dec 2005 04:26:51 +0000 (04:26 +0000)]
r12010: - added support for domain specific SID codes in SDDL strings
- added a bunch more tests to LOCAL-SDDL (all the ones from our schema)
- fixed 'mixed coded declarations' bug
Andrew Tridgell [Fri, 2 Dec 2005 03:21:29 +0000 (03:21 +0000)]
r12009: made the LOCAL-SDDL test less verbose by default, and add it to the
standard tests for the build farm
Andrew Tridgell [Fri, 2 Dec 2005 03:19:23 +0000 (03:19 +0000)]
r12008: added a simple LOCAL-SDDL test suite. Only one example so far. Will be
filled in with more examples as I expand the sddl parsing code.
Andrew Tridgell [Fri, 2 Dec 2005 03:18:34 +0000 (03:18 +0000)]
r12007: fixed a valgrind error in the SMB2-SETINFO test
Andrew Tridgell [Fri, 2 Dec 2005 03:17:40 +0000 (03:17 +0000)]
r12006: don't require callers to fill in pad bytes in SMB2 calls
Andrew Tridgell [Fri, 2 Dec 2005 03:16:42 +0000 (03:16 +0000)]
r12005: added a SDDL (Security Descriptor Description Language) parser. Not
all flags are covered yet, and object aces aren't done yet.
This is needed for ACL support in ldb, as the default security
descriptor for each object class is given by the
defaultSecurityDescriptor attribute in the schema, which is stored in
SDDL format
Andrew Tridgell [Fri, 2 Dec 2005 03:14:45 +0000 (03:14 +0000)]
r12004: added some SEC_ADS_* security flags. Needed for a SDDL parser.
Rafal Szczesniak [Thu, 1 Dec 2005 22:43:30 +0000 (22:43 +0000)]
r12001: Replace smbcli_full_connection call with composite connect used
in sync version. This step makes it easer to move further to async
dcerpc connect routine.
rafal
Andrew Bartlett [Thu, 1 Dec 2005 22:18:34 +0000 (22:18 +0000)]
r12000: Update to current lorikeet-heimdal, including in particular support
for referencing an existing in-MEMORY keytab (required for the new way
we push that to GSSAPI).
Andrew Bartlett
Stefan Metzmacher [Thu, 1 Dec 2005 12:39:33 +0000 (12:39 +0000)]
r11997: for multidimentional array like this:
uint32 [num_level2][num_level1][num_level0]
fix the order they're pushed and pulled, it should be like this
for (l2=0; l2 < num_level2; l2++) {
for (l1=0; l1 < num_level1; l1++) {
for (l0=0; l0 < num_level0; l0++) {
ndr_pull_uint32(...);
}
}
}
metze
Stefan Metzmacher [Thu, 1 Dec 2005 07:09:24 +0000 (07:09 +0000)]
r11996: don't overwrite the buffercode
metze
Andrew Bartlett [Thu, 1 Dec 2005 05:20:39 +0000 (05:20 +0000)]
r11995: A big kerberos-related update.
This merges Samba4 up to current lorikeet-heimdal, which includes a
replacement for some Samba-specific hacks.
In particular, the credentials system now supplies GSS client and
server credentials. These are imported into GSS with
gss_krb5_import_creds(). Unfortunetly this can't take an MEMORY
keytab, so we now create a FILE based keytab as provision and join
time.
Because the keytab is now created in advance, we don't spend .4s at
negprot doing sha1 s2k calls. Also, because the keytab is read in
real time, any change in the server key will be correctly picked up by
the the krb5 code.
To mark entries in the secrets which should be exported to a keytab,
there is a new kerberosSecret objectClass. The new routine
cli_credentials_update_all_keytabs() searches for these, and updates
the keytabs.
This is called in the provision.js via the ejs wrapper
credentials_update_all_keytabs().
We can now (in theory) use a system-provided /etc/krb5.keytab, if
krb5Keytab: FILE:/etc/krb5.keytab
is added to the secrets.ldb record. By default the attribute
privateKeytab: secrets.keytab
is set, pointing to allow the whole private directory to be moved
without breaking the internal links.
Andrew Bartlett [Thu, 1 Dec 2005 05:10:37 +0000 (05:10 +0000)]
r11994: This function no longer needs a special declaration.
Andrew Bartlett
Andrew Bartlett [Thu, 1 Dec 2005 05:09:28 +0000 (05:09 +0000)]
r11993: As well as making an in-MEMORY keytab, allow a file-based keytab to be updated.
This allows a new password to be written in, and old entries removed
(we keep kvno and kvno-1).
Clean up the code a lot, and add comments on what it is doing...
Andrew Bartlett
Andrew Bartlett [Thu, 1 Dec 2005 05:06:52 +0000 (05:06 +0000)]
r11992: Potentially allow SPNEGO to be disabled (as occours on WinXP
standalone), and use only NTLMSSP.
(But doing so would break Samba3's client).
Andrew Bartlett