ddiss/samba.git
12 years agos4-provision: Fix tdbdump path lookup in make test.
Andreas Schneider [Fri, 16 Dec 2011 18:03:54 +0000 (19:03 +0100)]
s4-provision: Fix tdbdump path lookup in make test.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
12 years agotalloc: Slightly simplify talloc_unlink
Volker Lendecke [Mon, 2 Jan 2012 13:56:04 +0000 (14:56 +0100)]
talloc: Slightly simplify talloc_unlink

Nested if's are hard to understand to me.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User: Volker Lendecke <vlendec@samba.org>
Autobuild-Date: Mon Jan  2 19:07:23 CET 2012 on sn-devel-104

12 years agotalloc: Fix a typo
Volker Lendecke [Mon, 2 Jan 2012 13:27:37 +0000 (14:27 +0100)]
talloc: Fix a typo

12 years agoFix the build without kerberos
Volker Lendecke [Sun, 1 Jan 2012 20:17:43 +0000 (21:17 +0100)]
Fix the build without kerberos

Autobuild-User: Volker Lendecke <vlendec@samba.org>
Autobuild-Date: Sun Jan  1 23:56:24 CET 2012 on sn-devel-104

12 years agoexamples: malloc is declared in <stdlib.h>
Volker Lendecke [Fri, 30 Dec 2011 08:55:55 +0000 (09:55 +0100)]
examples: malloc is declared in <stdlib.h>

12 years agos4: Happy New Year 2012
Stefan Metzmacher [Sun, 1 Jan 2012 19:45:48 +0000 (20:45 +0100)]
s4: Happy New Year 2012

metze

Autobuild-User: Stefan Metzmacher <metze@samba.org>
Autobuild-Date: Sun Jan  1 22:23:48 CET 2012 on sn-devel-104

12 years agos3: Happy New Year 2012
Stefan Metzmacher [Sun, 1 Jan 2012 19:45:37 +0000 (20:45 +0100)]
s3: Happy New Year 2012

metze

12 years agoFinal part of fix for bug #8679 - recvfile code path using splice() on Linux leaves...
Jeremy Allison [Sat, 31 Dec 2011 05:19:08 +0000 (21:19 -0800)]
Final part of fix for bug #8679 - recvfile code path using splice() on Linux leaves data in the pipe on short write.

The code to set a DOS error on short writeX return is amazingly
legacy code, and also breaks the reply as fixup_chain_error_packet()
enforces a 2-byte wct on any reply where smb_rcls != 0.

Found in testing by Andrew Bartlett. Thanks Andrew !

Autobuild-User: Jeremy Allison <jra@samba.org>
Autobuild-Date: Sat Dec 31 08:05:35 CET 2011 on sn-devel-104

12 years agoThird part of fix for bug #8679 - recvfile code path using splice() on Linux leaves...
Jeremy Allison [Sat, 31 Dec 2011 04:45:10 +0000 (20:45 -0800)]
Third part of fix for bug #8679 - recvfile code path using splice() on Linux leaves data in the pipe on short write.

Fix default_sys_recvfile() to correctly cope with
short writes. Return the amount written. Return
-1 and set errno if no data could be written.

12 years agoSecond part of fix for bug #8679 - recvfile code path using splice() on Linux leaves...
Jeremy Allison [Sat, 31 Dec 2011 04:23:00 +0000 (20:23 -0800)]
Second part of fix for bug #8679 - recvfile code path using splice() on Linux leaves data in the pipe on short write.

Split out the functionality of drain_socket() into a separate
function from default_sys_recvfile().

12 years agopyregistry: Remove directory support.
Jelmer Vernooij [Thu, 29 Dec 2011 17:24:49 +0000 (18:24 +0100)]
pyregistry: Remove directory support.

Autobuild-User: Jelmer Vernooij <jelmer@samba.org>
Autobuild-Date: Thu Dec 29 19:59:57 CET 2011 on sn-devel-104

12 years agoRemove the 'dir' registry backend.
Jelmer Vernooij [Thu, 29 Dec 2011 15:45:23 +0000 (16:45 +0100)]
Remove the 'dir' registry backend.

This backend was incomplete, and we already have plenty of other backends.

12 years agos4-toture: Rename memory contexts in rpc.pac for greater clarity
Andrew Bartlett [Thu, 29 Dec 2011 11:36:14 +0000 (22:36 +1100)]
s4-toture: Rename memory contexts in rpc.pac for greater clarity

This should better follow the mem_ctx/tmp_ctx pattern used elsewhere in Samba.

Thankyou Simo for the suggestion.

Andrew Bartlett

Autobuild-User: Andrew Bartlett <abartlet@samba.org>
Autobuild-Date: Thu Dec 29 14:14:06 CET 2011 on sn-devel-104

12 years agos4-gensec: Rename memory contexts in gensec_util for greater clarity
Andrew Bartlett [Thu, 29 Dec 2011 11:34:28 +0000 (22:34 +1100)]
s4-gensec: Rename memory contexts in gensec_util for greater clarity

This should better follow the mem_ctx/tmp_ctx pattern used elsewhere in Samba.

Thankyou Simo for the suggestion.

Andrew Bartlett

12 years agos4-gensec: Rename memory contexts in gensec_krb5 for greater clarity
Andrew Bartlett [Thu, 29 Dec 2011 11:33:27 +0000 (22:33 +1100)]
s4-gensec: Rename memory contexts in gensec_krb5 for greater clarity

This should better follow the mem_ctx/tmp_ctx pattern used elsewhere in Samba.

Thankyou Simo for the suggestion.

Andrew Bartlett

12 years agos4-gensec: Rename memory contexts in gensec_gssapi for greater clarity
Andrew Bartlett [Thu, 29 Dec 2011 11:31:36 +0000 (22:31 +1100)]
s4-gensec: Rename memory contexts in gensec_gssapi for greater clarity

This should better follow the mem_ctx/tmp_ctx pattern used elsewhere in Samba.

Thankyou Simo for the suggestion.

Andrew Bartlett

12 years agos4-auth: Rename memory contexts for greater clarity
Andrew Bartlett [Thu, 29 Dec 2011 11:30:07 +0000 (22:30 +1100)]
s4-auth: Rename memory contexts for greater clarity

This should better follow the mem_ctx/tmp_ctx pattern used elsewhere in Samba.

Thankyou Simo for the suggestion.

Andrew Bartlett

12 years agoauth/kerberos: Rename memory contexts for greater clarity
Andrew Bartlett [Thu, 29 Dec 2011 11:26:06 +0000 (22:26 +1100)]
auth/kerberos: Rename memory contexts for greater clarity

This should better follow the mem_ctx/tmp_ctx pattern used elsewhere in Samba.

Thankyou Simo for the suggestion.

Andrew Bartlett

12 years agos4-gensec remove auth_session dep from gensec_gssapi.c
Andrew Bartlett [Thu, 29 Dec 2011 01:15:42 +0000 (12:15 +1100)]
s4-gensec remove auth_session dep from gensec_gssapi.c

Autobuild-User: Andrew Bartlett <abartlet@samba.org>
Autobuild-Date: Thu Dec 29 05:37:11 CET 2011 on sn-devel-104

12 years agos4-gensec Remove fallback for simple privileges
Andrew Bartlett [Thu, 29 Dec 2011 01:00:21 +0000 (12:00 +1100)]
s4-gensec Remove fallback for simple privileges

This makes the dependencies simpler, as this code path is no longer
required.  (That is, it makes no sense to have an NTLM login without
an auth context, and the gensec_gssapi and gensec_krb5 modules call
the PAC blob function below instead).

Andrew Bartlett

12 years agos4-torture: Demonstrate handling of the PAC in a custom auth_context
Andrew Bartlett [Thu, 29 Dec 2011 00:46:41 +0000 (11:46 +1100)]
s4-torture: Demonstrate handling of the PAC in a custom auth_context

This demonstrates how a different function pointer can be supplied
to handle the PAC blob, without depending on the provisioned samdb etc.

Andrew Bartlett

12 years agos4-gensec: Pass the auth context in during gensec test
Andrew Bartlett [Thu, 29 Dec 2011 02:51:55 +0000 (13:51 +1100)]
s4-gensec: Pass the auth context in during gensec test

12 years agos4-pyauth: Make sure event context allows nesting
Andrew Bartlett [Thu, 29 Dec 2011 02:51:17 +0000 (13:51 +1100)]
s4-pyauth: Make sure event context allows nesting

12 years agos4-gensec: Move parsing of the PAC blob and creating the session_info into auth
Andrew Bartlett [Wed, 28 Dec 2011 06:48:45 +0000 (17:48 +1100)]
s4-gensec: Move parsing of the PAC blob and creating the session_info into auth

This uses a single callback to handle the PAC from the DATA_BLOB
format until it becomes a struct auth_session_info.

This allows a seperation between the GSS acceptor code and the PAC
interpretation code based on the supplied auth context.

Andrew Bartlett

Autobuild-User: Andrew Bartlett <abartlet@samba.org>
Autobuild-Date: Thu Dec 29 01:10:59 CET 2011 on sn-devel-104

12 years agos4-gensec: fix cyrus sasl module after update() protype change
Andrew Bartlett [Wed, 28 Dec 2011 06:31:03 +0000 (17:31 +1100)]
s4-gensec: fix cyrus sasl module after update() protype change

12 years agoauth/kerberos: Make pac_data_out in kerberos_decode_pac() optional
Andrew Bartlett [Wed, 28 Dec 2011 05:01:38 +0000 (16:01 +1100)]
auth/kerberos: Make pac_data_out in kerberos_decode_pac() optional

12 years agos4-auth Remove unused auth_context_create_from_ldb()
Andrew Bartlett [Tue, 27 Dec 2011 23:38:52 +0000 (10:38 +1100)]
s4-auth Remove unused auth_context_create_from_ldb()

12 years agos4-gensec: Allow a PAC to be obtained from any GSS mech
Andrew Bartlett [Tue, 27 Dec 2011 11:02:16 +0000 (22:02 +1100)]
s4-gensec: Allow a PAC to be obtained from any GSS mech

This may allow Luke Howard's moonshot to work with a little less effort
at some point in the future.

Andrew Bartlett

12 years agoauth/kerberos: Move gssapi_parse.c to the top level
Andrew Bartlett [Tue, 27 Dec 2011 11:00:22 +0000 (22:00 +1100)]
auth/kerberos: Move gssapi_parse.c to the top level

This will help with writing a gensec module for the s3 gse layer.

Andrew Bartlett

12 years agocredentials: Always honour the return value of E_deshash()
Andrew Bartlett [Tue, 27 Dec 2011 10:30:49 +0000 (21:30 +1100)]
credentials: Always honour the return value of E_deshash()

When this returns false, the hash value is not correct as the password
could not be converted into an uppercase, 14 char or less ASCII string.

Andrew Bartlett

12 years agos4-ntlmssp Do not allow LM key without a LM password
Andrew Bartlett [Tue, 27 Dec 2011 08:50:36 +0000 (19:50 +1100)]
s4-ntlmssp Do not allow LM key without a LM password

12 years agos3-auth Fix talloc parent for s4 event context in auth_samba4
Andrew Bartlett [Mon, 26 Dec 2011 11:59:17 +0000 (22:59 +1100)]
s3-auth Fix talloc parent for s4 event context in auth_samba4

12 years agos3-auth: Remove protype for already-removed auth_ntlmssp_start
Andrew Bartlett [Mon, 26 Dec 2011 00:51:08 +0000 (11:51 +1100)]
s3-auth: Remove protype for already-removed auth_ntlmssp_start

12 years agogensec: Allow an alternate set of modules to be specified
Andrew Bartlett [Sun, 25 Dec 2011 23:53:56 +0000 (10:53 +1100)]
gensec: Allow an alternate set of modules to be specified

This will allow s3 to specify modules to use as a list, rather than
needing to start the individual module with gensec_start_mech_by_ops()

Andrew Bartlett

12 years agolib/charset: Remove an unused variable
Volker Lendecke [Sun, 25 Dec 2011 10:49:04 +0000 (11:49 +0100)]
lib/charset: Remove an unused variable

Autobuild-User: Volker Lendecke <vlendec@samba.org>
Autobuild-Date: Sun Dec 25 15:07:56 CET 2011 on sn-devel-104

12 years agos3: Fix fn signatures in charset_macosx.c
Volker Lendecke [Sun, 25 Dec 2011 10:43:43 +0000 (11:43 +0100)]
s3: Fix fn signatures in charset_macosx.c

12 years agos3: Fix a 64-bit warning
Volker Lendecke [Sun, 25 Dec 2011 10:35:07 +0000 (11:35 +0100)]
s3: Fix a 64-bit warning

12 years agos3: Fix linking on Lion
Volker Lendecke [Sun, 25 Dec 2011 10:00:11 +0000 (11:00 +0100)]
s3: Fix linking on Lion

We are using CoreFoundation functions in charset_macosx.c. We need to link
against that.

12 years agotdb: Use tdb_parse_record in tdb_update_hash
Volker Lendecke [Mon, 19 Dec 2011 12:39:04 +0000 (13:39 +0100)]
tdb: Use tdb_parse_record in tdb_update_hash

This avoids a tdb_fetch, thus a malloc/memcpy/free in the tdb_store path

12 years agotdb: Use tdb_parse_record in tdb_update_hash
Volker Lendecke [Mon, 19 Dec 2011 12:39:04 +0000 (13:39 +0100)]
tdb: Use tdb_parse_record in tdb_update_hash

This avoids a tdb_fetch, thus a malloc/memcpy/free in the tdb_store path

12 years agolibreplace: Don't check for standards.h on darwin (Lion)
Volker Lendecke [Fri, 23 Dec 2011 20:37:57 +0000 (21:37 +0100)]
libreplace: Don't check for standards.h on darwin (Lion)

standards.h on Lion holds a #warning that standards.h will be removed. This is
annoying during the build.

12 years agoFix bug #8679 - recvfile code path using splice() on Linux leaves data in the pipe...
Jeremy Allison [Sun, 25 Dec 2011 05:12:09 +0000 (21:12 -0800)]
Fix bug #8679 - recvfile code path using splice() on Linux leaves data in the pipe on short write

Bug found and fix suggested by Andrew Bartlett.

Autobuild-User: Jeremy Allison <jra@samba.org>
Autobuild-Date: Sun Dec 25 07:46:38 CET 2011 on sn-devel-104

12 years agolib: Fix NT_STATUS_ALL_SIDS_FILTERED definition
Volker Lendecke [Fri, 23 Dec 2011 20:41:03 +0000 (21:41 +0100)]
lib: Fix NT_STATUS_ALL_SIDS_FILTERED definition

This seems to be more in line with all the other NT_STATUS definitions.

Metze, please check.

Autobuild-User: Volker Lendecke <vlendec@samba.org>
Autobuild-Date: Fri Dec 23 23:19:17 CET 2011 on sn-devel-104

12 years agos3:lib/ctdbd_conn: try ctdbd_init_connection() as root
Stefan Metzmacher [Fri, 23 Dec 2011 13:45:45 +0000 (14:45 +0100)]
s3:lib/ctdbd_conn: try ctdbd_init_connection() as root

ctdbd_traverse is only called if the main db_context is already
open. So if we could get to information via dbwrap_fetch,
we should also be able to traverse.

metze

Autobuild-User: Stefan Metzmacher <metze@samba.org>
Autobuild-Date: Fri Dec 23 18:19:14 CET 2011 on sn-devel-104

12 years agos4:torture/rpc/netlogon.c - factor out the computer name check in an own test
Matthias Dieter Wallnöfer [Thu, 24 Nov 2011 16:38:14 +0000 (17:38 +0100)]
s4:torture/rpc/netlogon.c - factor out the computer name check in an own test

This check is by no ways specific to "DsRGetSiteName" and hence it should
be factored out in an own function.
Samba at the moment does not implement the expected behaviour so I have
added the "torture_skip" action.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User: Stefan Metzmacher <metze@samba.org>
Autobuild-Date: Fri Dec 23 12:17:48 CET 2011 on sn-devel-104

12 years agos4:netlogon RPC server - dcesrv_netr_DsRGetSiteName - add a small explaination
Matthias Dieter Wallnöfer [Thu, 24 Nov 2011 16:03:00 +0000 (17:03 +0100)]
s4:netlogon RPC server - dcesrv_netr_DsRGetSiteName - add a small explaination

NETLOGON pipe is only thought for DCs.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
12 years agos4:libcli/finddcs_nbt.c - free "req" consistently with "finddcs_cldap.c"
Matthias Dieter Wallnöfer [Thu, 22 Dec 2011 15:49:48 +0000 (16:49 +0100)]
s4:libcli/finddcs_nbt.c - free "req" consistently with "finddcs_cldap.c"

It is more obvious to free where the context for the first time appears.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
12 years agoldb:ldb_tdb.c - fix warnings in "ltdb_init_rootdse"
Matthias Dieter Wallnöfer [Thu, 22 Dec 2011 10:50:49 +0000 (11:50 +0100)]
ldb:ldb_tdb.c - fix warnings in "ltdb_init_rootdse"

We should ignore the LDB result.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
12 years agos4:drsuapi/getncchanges: the default for isRecycled is FALSE
Stefan Metzmacher [Tue, 15 Nov 2011 11:42:22 +0000 (12:42 +0100)]
s4:drsuapi/getncchanges: the default for isRecycled is FALSE

metze

Autobuild-User: Matthieu Patou <mat@samba.org>
Autobuild-Date: Fri Dec 23 09:30:09 CET 2011 on sn-devel-104

12 years agos4-drsuapi: we store boolean in upppercase so we need to test them in uppercase
Matthieu Patou [Mon, 14 Nov 2011 17:32:41 +0000 (18:32 +0100)]
s4-drsuapi: we store boolean in upppercase so we need to test them in uppercase

Signed-off-by: Stefan Metzmacher <metze@samba.org>
12 years agos4-kcc: Remove also deleted objects that are not in the Deleted Object container
Matthieu Patou [Tue, 15 Nov 2011 11:38:51 +0000 (12:38 +0100)]
s4-kcc: Remove also deleted objects that are not in the Deleted Object container

For the configuration container we do a full scan at every run of the
kcc-delete service. For the base DN we introduce a new parameter that
avoid the full scan to kick just when samba starts.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
12 years agos4-ldb: Add isRecycled when is defined in the schema
Matthieu Patou [Tue, 1 Nov 2011 22:12:47 +0000 (23:12 +0100)]
s4-ldb: Add isRecycled when is defined in the schema

Signed-off-by: Stefan Metzmacher <metze@samba.org>
12 years agos4:rpc-dnsserver: Set the rank for the new DNS record correctly
Amitay Isaacs [Fri, 23 Dec 2011 05:15:26 +0000 (16:15 +1100)]
s4:rpc-dnsserver: Set the rank for the new DNS record correctly

Autobuild-User: Amitay Isaacs <amitay@samba.org>
Autobuild-Date: Fri Dec 23 07:56:34 CET 2011 on sn-devel-104

12 years agotest:dnsserver: Add zone creation and deletion test
Amitay Isaacs [Tue, 20 Dec 2011 03:41:43 +0000 (14:41 +1100)]
test:dnsserver: Add zone creation and deletion test

12 years agosamba-tool:dns: Fix a typo
Amitay Isaacs [Tue, 20 Dec 2011 01:07:11 +0000 (12:07 +1100)]
samba-tool:dns: Fix a typo

12 years agosamba-tool:dns: Add zone create/delete commands
Amitay Isaacs [Tue, 20 Dec 2011 01:06:47 +0000 (12:06 +1100)]
samba-tool:dns: Add zone create/delete commands

12 years agoldif-handler: Fix the case for attribute dnsproperty
Amitay Isaacs [Tue, 20 Dec 2011 01:05:49 +0000 (12:05 +1100)]
ldif-handler: Fix the case for attribute dnsproperty

12 years agos4:rpc-dnsserver: Add comments
Amitay Isaacs [Mon, 19 Dec 2011 01:16:45 +0000 (12:16 +1100)]
s4:rpc-dnsserver: Add comments

12 years agos4:rpc-dnsserver: Make sure that zone information is filled in
Amitay Isaacs [Fri, 16 Dec 2011 06:59:59 +0000 (17:59 +1100)]
s4:rpc-dnsserver: Make sure that zone information is filled in

This fixes the problem of NULL zone in zone operations when specific
zone is specified and no zone filter is specified.

12 years agos4:rpc-dnsserver: Implement zone management RPC operations
Amitay Isaacs [Fri, 16 Dec 2011 04:41:15 +0000 (15:41 +1100)]
s4:rpc-dnsserver: Implement zone management RPC operations

- ZoneCreate operation to create zone.
- DeleteZoneFromDs operation to delete zone

When a zone is deleted, all the records in that zone are also deleted.

12 years agos4:rpc-dnsserver: Add multiple DNS records in a single operation
Amitay Isaacs [Mon, 19 Dec 2011 01:13:46 +0000 (12:13 +1100)]
s4:rpc-dnsserver: Add multiple DNS records in a single operation

This allows to add dnsNode objectclass with multiple DNS records in a
single operation. Useful for creating @ record which has NS and SOA
records.

12 years agos4:rpc-dnsserver: Use handy macros for error checking
Amitay Isaacs [Fri, 16 Dec 2011 01:20:43 +0000 (12:20 +1100)]
s4:rpc-dnsserver: Use handy macros for error checking

12 years agos4:rpc-dnsserver: Implement DirectoryPartitionInfo RPC operation
Amitay Isaacs [Fri, 16 Dec 2011 01:11:42 +0000 (12:11 +1100)]
s4:rpc-dnsserver: Implement DirectoryPartitionInfo RPC operation

12 years agos4:rpc-dnsserver: Fix the enumeration of DNS records
Amitay Isaacs [Thu, 15 Dec 2011 08:45:22 +0000 (19:45 +1100)]
s4:rpc-dnsserver: Fix the enumeration of DNS records

If a node has data and children, do not return the children unless
the node is the top level node.

12 years agos4:rpc-dnsserver: Use cached zone information to get rootservers
Amitay Isaacs [Thu, 15 Dec 2011 08:45:10 +0000 (19:45 +1100)]
s4:rpc-dnsserver: Use cached zone information to get rootservers

This removes the hardcoded search for DC=RootDNSServers, and uses
the cached zone information.

12 years agoidl:dnsserver: Add DNS_DP_STATE enumeration for diretory partition state
Amitay Isaacs [Thu, 15 Dec 2011 07:52:21 +0000 (18:52 +1100)]
idl:dnsserver: Add DNS_DP_STATE enumeration for diretory partition state

12 years agos4:rpc-dnsserver: Implement EnumDirectoryPartition operation
Amitay Isaacs [Thu, 15 Dec 2011 07:27:39 +0000 (18:27 +1100)]
s4:rpc-dnsserver: Implement EnumDirectoryPartition operation

12 years agos4:rpc-dnsserver: Cache DNS partition information
Amitay Isaacs [Thu, 15 Dec 2011 06:44:32 +0000 (17:44 +1100)]
s4:rpc-dnsserver: Cache DNS partition information

This information will be used for the RPC calls for partition
information.

12 years agos4:rpc-dnsserver: If a zone is reverse zone, set the fReverse flag
Amitay Isaacs [Wed, 14 Dec 2011 05:17:31 +0000 (16:17 +1100)]
s4:rpc-dnsserver: If a zone is reverse zone, set the fReverse flag

And use fReverse flag in the enumeration of zones.

12 years agos4:rpc-dnsserver: For PTR records, use dns_name_equal instead of strcmp to compare
Amitay Isaacs [Wed, 14 Dec 2011 05:16:23 +0000 (16:16 +1100)]
s4:rpc-dnsserver: For PTR records, use dns_name_equal instead of strcmp to compare

12 years agosamba-tool:dns: Add support for reverse names (PTR records)
Amitay Isaacs [Wed, 14 Dec 2011 04:54:31 +0000 (15:54 +1100)]
samba-tool:dns: Add support for reverse names (PTR records)

12 years agos4-provision: Set dNSProperty attribute for dns zones
Amitay Isaacs [Wed, 14 Dec 2011 03:47:05 +0000 (14:47 +1100)]
s4-provision: Set dNSProperty attribute for dns zones

12 years agos3-librpc Use gensec_sig_size() instead of a fixed NTLMSSP_SIG_SIZE
Andrew Bartlett [Wed, 21 Dec 2011 04:54:20 +0000 (15:54 +1100)]
s3-librpc Use gensec_sig_size() instead of a fixed NTLMSSP_SIG_SIZE

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User: Stefan Metzmacher <metze@samba.org>
Autobuild-Date: Thu Dec 22 20:57:27 CET 2011 on sn-devel-104

12 years agos3-rpc_server: Rework pipe_ntlmssp_auth_bind() to be generic
Andrew Bartlett [Wed, 21 Dec 2011 04:34:17 +0000 (15:34 +1100)]
s3-rpc_server: Rework pipe_ntlmssp_auth_bind() to be generic

Signed-off-by: Stefan Metzmacher <metze@samba.org>
12 years agos3-rpc_server: Allow gensec mechanisms to return NT_STATUS_OK
Andrew Bartlett [Wed, 21 Dec 2011 04:28:26 +0000 (15:28 +1100)]
s3-rpc_server: Allow gensec mechanisms to return NT_STATUS_OK

If a kerberos mechanism is added, then it can return OK after just one packet.

Andrew Bartlett

Signed-off-by: Stefan Metzmacher <metze@samba.org>
12 years agos3-rpc_server: rename pipe_ntlmssp_verify_final() to pipe_auth_generic_verify_final()
Andrew Bartlett [Wed, 21 Dec 2011 04:17:45 +0000 (15:17 +1100)]
s3-rpc_server: rename pipe_ntlmssp_verify_final() to pipe_auth_generic_verify_final()

Signed-off-by: Stefan Metzmacher <metze@samba.org>
12 years agos3-rpc_server: Rename dcesrv_ntlmssp.[ch] to dcesrv_auth_generic.[ch]
Andrew Bartlett [Wed, 21 Dec 2011 04:09:29 +0000 (15:09 +1100)]
s3-rpc_server: Rename dcesrv_ntlmssp.[ch] to dcesrv_auth_generic.[ch]

Signed-off-by: Stefan Metzmacher <metze@samba.org>
12 years agos3-rpc_server rename NTLMSSP functions to auth_generic..()
Andrew Bartlett [Wed, 21 Dec 2011 03:40:04 +0000 (14:40 +1100)]
s3-rpc_server rename NTLMSSP functions to auth_generic..()

Signed-off-by: Stefan Metzmacher <metze@samba.org>
12 years agos3-rpc_server rename ntlmssp_server_auth_start() -> auth_generic_server_start()
Andrew Bartlett [Wed, 21 Dec 2011 03:32:43 +0000 (14:32 +1100)]
s3-rpc_server rename ntlmssp_server_auth_start() -> auth_generic_server_start()

By adding an OID parameter we can make this routine generic to any
gensec module that may be made available.

Andrew Bartlett

Signed-off-by: Stefan Metzmacher <metze@samba.org>
12 years agos3-rpc_server remove unused header
Andrew Bartlett [Fri, 16 Dec 2011 06:05:12 +0000 (17:05 +1100)]
s3-rpc_server remove unused header

Signed-off-by: Stefan Metzmacher <metze@samba.org>
12 years agos3-auth split the auth_generic functions into a seperate file
Andrew Bartlett [Fri, 16 Dec 2011 05:55:36 +0000 (16:55 +1100)]
s3-auth split the auth_generic functions into a seperate file

Signed-off-by: Stefan Metzmacher <metze@samba.org>
12 years agos3-rpc_server request both sign and seal for clarity
Andrew Bartlett [Fri, 16 Dec 2011 05:44:17 +0000 (16:44 +1100)]
s3-rpc_server request both sign and seal for clarity

Signed-off-by: Stefan Metzmacher <metze@samba.org>
12 years agos3-auth remove auth_ntlmssp_start(), call auth_generic_start() directly
Andrew Bartlett [Fri, 16 Dec 2011 05:38:53 +0000 (16:38 +1100)]
s3-auth remove auth_ntlmssp_start(), call auth_generic_start() directly

This makes it clear that this can support more than just NTLMSSP.

Andrew Bartlett

Signed-off-by: Stefan Metzmacher <metze@samba.org>
12 years agos3-auth rename auth_ntlmssp_prepare() -> auth_generic_prepare()
Andrew Bartlett [Fri, 16 Dec 2011 05:08:56 +0000 (16:08 +1100)]
s3-auth rename auth_ntlmssp_prepare() -> auth_generic_prepare()

This function handles more than NTLMSSP now, at least when we are an AD DC
and so changing the name may avoid some confusion in the future.

Andrew Bartlett

Signed-off-by: Stefan Metzmacher <metze@samba.org>
12 years agos3-auth rename auth_ntlmssp_state -> auth_generic_state
Andrew Bartlett [Fri, 16 Dec 2011 05:07:24 +0000 (16:07 +1100)]
s3-auth rename auth_ntlmssp_state -> auth_generic_state

This structure handles more than NTLMSSP now, at least when we are an AD DC
and so changing the name may avoid some confusion in the future.

Andrew Bartlett

Signed-off-by: Stefan Metzmacher <metze@samba.org>
12 years agos3-rpc_server request the DCE_STYLE feature in ntlmssp_server_auth_start
Andrew Bartlett [Fri, 16 Dec 2011 04:55:08 +0000 (15:55 +1100)]
s3-rpc_server request the DCE_STYLE feature in ntlmssp_server_auth_start

This is not used or honoured by NTLMSSP, but I hope to make this routine
more generic in the future.

Andrew Bartlett

Signed-off-by: Stefan Metzmacher <metze@samba.org>
12 years agos3-netlogon: use dsgetdcname() instead of get_dc_name()
Sumit Bose [Thu, 24 Nov 2011 17:22:57 +0000 (12:22 -0500)]
s3-netlogon: use dsgetdcname() instead of get_dc_name()

Sometimes the domain parameter might not contain the NetBIOS name of the remote
domain but the DNS name.

Autobuild-User: Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date: Thu Dec 22 19:21:21 CET 2011 on sn-devel-104

12 years agos3-netlogon: Add support to authenticate trusted domains.
Sumit Bose [Tue, 22 Nov 2011 13:02:20 +0000 (08:02 -0500)]
s3-netlogon: Add support to authenticate trusted domains.

12 years agos4-torture: Test rpc schannel netr_LogonGetCapability.
Stefan Metzmacher [Sat, 19 Sep 2009 19:14:17 +0000 (21:14 +0200)]
s4-torture: Test rpc schannel netr_LogonGetCapability.

metze

12 years agos3-rpc_server: Pass in our flags to netlogon_creds_server_init().
Stefan Metzmacher [Tue, 29 Sep 2009 07:16:13 +0000 (09:16 +0200)]
s3-rpc_server: Pass in our flags to netlogon_creds_server_init().

metze

12 years agos3-netlogon: Add support for LogonGetCapabilities.
Stefan Metzmacher [Sat, 19 Sep 2009 19:07:20 +0000 (21:07 +0200)]
s3-netlogon: Add support for LogonGetCapabilities.

This is also needed to support AES.

metze

12 years agos4-librpc: Fix netlogon schannel client connect.
Andreas Schneider [Thu, 22 Dec 2011 15:32:31 +0000 (16:32 +0100)]
s4-librpc: Fix netlogon schannel client connect.

As a client we request as much flags as possible. The server checks
which flags it supports and returns the same negotiation flags or less.
So we need to store the negotiate flags from the server. We need them
later if we have to call netr_LogonGetCapabilities.

12 years agos3:torture/test_smb2: also try PROTOCOL_SMB2_24
Stefan Metzmacher [Thu, 22 Dec 2011 12:14:21 +0000 (13:14 +0100)]
s3:torture/test_smb2: also try PROTOCOL_SMB2_24

metze

Autobuild-User: Stefan Metzmacher <metze@samba.org>
Autobuild-Date: Thu Dec 22 17:47:17 CET 2011 on sn-devel-104

12 years agolib/param: add support for "SMB2_24" in smb.conf options
Stefan Metzmacher [Thu, 22 Dec 2011 12:12:24 +0000 (13:12 +0100)]
lib/param: add support for "SMB2_24" in smb.conf options

metze

12 years agos3:smb2_negprot: add support for PROTOCOL_SMB2_24
Stefan Metzmacher [Thu, 22 Dec 2011 12:11:57 +0000 (13:11 +0100)]
s3:smb2_negprot: add support for PROTOCOL_SMB2_24

metze

12 years agolibcli/smb: add PROTOCOL_SMB2_24 support
Stefan Metzmacher [Thu, 22 Dec 2011 12:08:44 +0000 (13:08 +0100)]
libcli/smb: add PROTOCOL_SMB2_24 support

metze

12 years agolibcli/smb: add SMB2_DIALECT_REVISION_224
Stefan Metzmacher [Thu, 22 Dec 2011 12:07:48 +0000 (13:07 +0100)]
libcli/smb: add SMB2_DIALECT_REVISION_224

This is specified in the new [MS-SMB2] preview document.

metze

12 years agos3-auth Restore shortcut for guest security token
Andrew Bartlett [Wed, 21 Dec 2011 06:26:23 +0000 (17:26 +1100)]
s3-auth Restore shortcut for guest security token

This was lost when the server_info and session_info structures were split.

This helps avoid doing lookups for the guest account to determine the
uid/gid and SID values.

Andrew Bartlett

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User: Stefan Metzmacher <metze@samba.org>
Autobuild-Date: Thu Dec 22 15:51:09 CET 2011 on sn-devel-104

12 years agoruncmd: use set_close_on_exec()
Andrew Tridgell [Wed, 30 Nov 2011 04:18:29 +0000 (15:18 +1100)]
runcmd: use set_close_on_exec()

this prevents a fd leak to child processes

Autobuild-User: Andrew Bartlett <abartlet@samba.org>
Autobuild-Date: Thu Dec 22 14:00:06 CET 2011 on sn-devel-104

12 years agoruncmd: use a pipe for stdin to child processes
Andrew Tridgell [Wed, 30 Nov 2011 03:07:51 +0000 (14:07 +1100)]
runcmd: use a pipe for stdin to child processes

this allows child processes to detect the exit of the parent by
looking for EOF on stdin