summaryrefslogtreecommitdiff
path: root/source4
diff options
context:
space:
mode:
Diffstat (limited to 'source4')
-rw-r--r--source4/BUGS24
-rw-r--r--source4/Makefile66
-rw-r--r--source4/NEWS508
-rw-r--r--source4/TODO278
-rw-r--r--source4/auth/ntlm/auth_server.c1
-rw-r--r--source4/build/m4/check_path.m419
-rw-r--r--source4/client/cifsdd.c15
-rw-r--r--source4/client/cifsdd.h4
-rw-r--r--source4/client/cifsddio.c17
-rw-r--r--source4/client/client.c9
-rw-r--r--source4/client/smbmount.c19
-rw-r--r--source4/dsdb/samdb/ldb_modules/tests/samba3sam.py32
-rw-r--r--source4/dynconfig/config.mk12
-rw-r--r--source4/dynconfig/dynconfig.c3
-rw-r--r--source4/heimdal/lib/hdb/hdb.c42
-rw-r--r--source4/heimdal/lib/hdb/hdb.h6
-rw-r--r--source4/kdc/config.mk8
-rw-r--r--source4/kdc/hdb-samba4.c (renamed from source4/kdc/hdb-ldb.c)48
-rw-r--r--source4/kdc/kdc.c17
-rw-r--r--source4/lib/ldb/ldb.i17
-rw-r--r--source4/lib/registry/tests/generic.c6
-rw-r--r--source4/lib/wmi/wmi.h2
-rw-r--r--source4/lib/wmi/wmicore.c14
-rw-r--r--source4/libcli/cliconnect.c12
-rw-r--r--source4/libcli/config.mk8
-rw-r--r--source4/libcli/drsblobs.h28
-rw-r--r--source4/libcli/raw/clisession.c7
-rw-r--r--source4/libcli/raw/clitree.c4
-rw-r--r--source4/libcli/security/security.i6
-rw-r--r--source4/libcli/security/security.py4
-rw-r--r--source4/libcli/security/security_wrap.c118
-rw-r--r--source4/libcli/smb_composite/connect.c2
-rw-r--r--source4/libcli/smb_composite/fetchfile.c1
-rw-r--r--source4/libcli/smb_composite/fsinfo.c11
-rw-r--r--source4/libcli/smb_composite/smb_composite.h2
-rw-r--r--source4/libnet/libnet_samdump_keytab.c18
-rw-r--r--source4/libnet/libnet_site.c2
-rw-r--r--source4/librpc/config.mk4
-rw-r--r--source4/librpc/idl/dcerpc.idl1
-rw-r--r--source4/librpc/idl/drsblobs.idl25
-rw-r--r--source4/librpc/ndr/ndr_drsblobs.c (renamed from source4/libcli/drsblobs.c)36
-rw-r--r--source4/librpc/rpc/dcerpc.c10
-rw-r--r--source4/librpc/rpc/dcerpc_connect.c3
-rw-r--r--source4/librpc/rpc/dcerpc_secondary.c7
-rw-r--r--source4/librpc/rpc/dcerpc_sock.c40
-rw-r--r--source4/ntvfs/cifs/vfs_cifs.c1
-rw-r--r--source4/param/loadparm.c8
-rw-r--r--source4/param/param.h3
-rw-r--r--source4/rpc_server/dcerpc_server.c8
-rw-r--r--source4/rpc_server/dcesrv_auth.c10
-rw-r--r--source4/rpc_server/lsa/dcesrv_lsa.c18
-rw-r--r--source4/rpc_server/service_rpc.c38
-rw-r--r--source4/samba4-skip1
-rwxr-xr-xsource4/script/installlib.sh4
-rwxr-xr-xsource4/script/installmisc.sh6
-rwxr-xr-xsource4/script/uninstallheader.sh35
-rw-r--r--source4/scripting/python/samba/tests/dcerpc/rpcecho.py3
-rwxr-xr-xsource4/selftest/samba4_tests.sh8
-rw-r--r--source4/setup/secrets_dc.ldif2
-rw-r--r--source4/smb_server/smb/request.c7
-rw-r--r--source4/smbd/process_model.h3
-rw-r--r--source4/smbd/process_prefork.c2
-rw-r--r--source4/smbd/process_single.c2
-rw-r--r--source4/smbd/process_standard.c5
-rw-r--r--source4/smbd/process_thread.c2
-rw-r--r--source4/smbd/service_stream.c2
-rw-r--r--source4/smbd/service_task.c2
-rw-r--r--source4/torture/basic/misc.c1
-rw-r--r--source4/torture/basic/secleak.c5
-rw-r--r--source4/torture/config.mk2
-rw-r--r--source4/torture/gentest.c5
-rw-r--r--source4/torture/locktest.c4
-rw-r--r--source4/torture/locktest2.c19
-rw-r--r--source4/torture/masktest.c9
-rw-r--r--source4/torture/raw/composite.c3
-rw-r--r--source4/torture/raw/context.c26
-rw-r--r--source4/torture/raw/lock.c5
-rw-r--r--source4/torture/raw/lockbench.c1
-rw-r--r--source4/torture/raw/notify.c37
-rw-r--r--source4/torture/raw/openbench.c1
-rw-r--r--source4/torture/raw/oplock.c5
-rw-r--r--source4/torture/raw/tconrate.c4
-rw-r--r--source4/torture/rpc/join.c6
-rw-r--r--source4/torture/rpc/lsa.c6
-rw-r--r--source4/torture/rpc/object_uuid.c87
-rw-r--r--source4/torture/rpc/rpc.c1
-rw-r--r--source4/torture/rpc/samba3rpc.c26
-rw-r--r--source4/torture/rpc/samlogon.c8
-rw-r--r--source4/torture/unix/unix_info2.c4
-rw-r--r--source4/torture/unix/whoami.c4
-rw-r--r--source4/torture/util_smb.c4
91 files changed, 1567 insertions, 392 deletions
diff --git a/source4/BUGS b/source4/BUGS
new file mode 100644
index 0000000000..1a9790ddd9
--- /dev/null
+++ b/source4/BUGS
@@ -0,0 +1,24 @@
+Samba4 alpha4 is not a final Samba release. That is more a reference
+to Samba4's lack of the features we expect you will need than a
+statement of code quality, but clearly it hasn't seen a broad
+deployment yet. If you were to upgrade Samba3 (or indeed Windows) to
+Samba4, you would find many things work, but that other key features
+you may have relied on simply are not there yet.
+
+For example, while Samba 3.0 is an excellent member of a Active
+Directory domain, Samba4 is happier as a domain controller, and it is
+in this role where it has seen deployment into production.
+
+Samba4 is subjected to an awesome battery of tests on an
+automated basis, we have found Samba4 to be very stable in it's
+behaviour. We have to recommend against upgrading production servers
+from Samba 3 to Samba 4 at this stage, because there may be the features on
+which you may rely that are not present, or the mapping of
+your configuration and user database may not be complete.
+
+If you are upgrading, or looking to develop, test or deploy Samba4, you should
+backup all configuration and data.
+
+We welcome your testing, please file bug reports at
+https://bugzilla.samba.org/, product: Samba4. Please include as much
+information as possible, such as GIT revision number and backtraces.
diff --git a/source4/Makefile b/source4/Makefile
index 813f0cedd4..74383b1a59 100644
--- a/source4/Makefile
+++ b/source4/Makefile
@@ -10,11 +10,11 @@ include mkconfig.mk
pidldir := $(srcdir)/../pidl
-BASEDIR = $(prefix)
-TORTUREDIR = $(libdir)/torture
-SWATDIR = $(datadir)/swat
-SETUPDIR = $(datadir)/setup
-NCALRPCDIR = $(localstatedir)/ncalrpc
+basedir = $(prefix)
+torturedir = $(libdir)/torture
+swatdir = $(datadir)/swat
+setupdir = $(datadir)/setup
+ncalrpcdir = $(localstatedir)/ncalrpc
BNLD = $(LD)
BNLD_FLAGS = $(LDFLAGS) $(SYS_LDFLAGS)
@@ -107,6 +107,15 @@ comsrcdir := $(srcdir)/lib/com
include data.mk
+$(foreach SCRIPT,$(wildcard scripting/bin/*),$(eval $(call binary_install_template,$(SCRIPT))))
+
+$(DESTDIR)$(bindir)/%: scripting/bin/% installdirs
+ @mkdir -p $(@D)
+ @echo Installing $(@F) as $@
+ @if test -f $@; then echo -n ""; rm -f $@.old; mv $@ $@.old; fi
+ @cp $< $@
+ @chmod $(INSTALLPERMS) $@
+
pythonmods:: $(PYTHON_PYS) $(PYTHON_SO)
DEP_FILES = $(patsubst %.ho,%.hd,$(patsubst %.o,%.d,$(ALL_OBJS))) \
@@ -133,7 +142,7 @@ include $(srcdir)/static_deps.mk
endif
clean::
- @find ../lib ../libcli -name '*.o' -o -name '*.hd' | xargs rm -f
+ @find ../lib ../libcli -name '*.o' -o -name '*.hd' | xargs rm -f
DEFAULT_HEADERS = $(srcdir)/lib/util/dlinklist.h \
$(srcdir)/version.h
@@ -155,7 +164,7 @@ testsuite:: bin/smbclient bin/cifsdd bin/smbtorture bin/nmblookup
showlayout::
@echo 'Samba will be installed into:'
- @echo ' basedir: $(BASEDIR)'
+ @echo ' basedir: $(basedir)'
@echo ' bindir: $(bindir)'
@echo ' sbindir: $(sbindir)'
@echo ' libdir: $(libdir)'
@@ -166,10 +175,10 @@ showlayout::
@echo ' piddir: $(piddir)'
@echo ' lockdir: $(lockdir)'
@echo ' logfilebase: $(logfilebase)'
- @echo ' setupdir: $(SETUPDIR)'
- @echo ' swatdir: $(SWATDIR)'
+ @echo ' setupdir: $(setupdir)'
+ @echo ' swatdir: $(swatdir)'
@echo ' mandir: $(mandir)'
- @echo ' torturedir: $(TORTUREDIR)'
+ @echo ' torturedir: $(torturedir)'
@echo ' datadir: $(datadir)'
@echo ' winbindd_socket_dir: $(winbindd_socket_dir)'
@echo ' ntp_signd_socket_dir: $(ntp_signd_socket_dir)'
@@ -181,7 +190,7 @@ showflags::
# The permissions to give the executables
INSTALLPERMS = 0755
-install:: showlayout everything installbin installsbin installdat installswat installmisc \
+install:: showlayout everything installbin installsbin installdat installmisc \
installlib installheader installpc installplugins
# DESTDIR is used here to prevent packagers wasting their time
@@ -194,10 +203,10 @@ install:: showlayout everything installbin installsbin installdat installswat in
installdirs::
@$(SHELL) $(srcdir)/script/installdirs.sh \
- $(DESTDIR)$(BASEDIR) \
+ $(DESTDIR)$(basedir) \
$(DESTDIR)$(bindir) \
$(DESTDIR)$(sbindir) \
- $(DESTDIR)$(TORTUREDIR) \
+ $(DESTDIR)$(torturedir) \
$(DESTDIR)$(libdir) \
$(DESTDIR)$(modulesdir) \
$(DESTDIR)$(mandir) \
@@ -211,7 +220,7 @@ installdirs::
$(DESTDIR)$(logfilebase) \
$(DESTDIR)$(privatedir)/tls \
$(DESTDIR)$(includedir) \
- $(DESTDIR)$(PKGCONFIGDIR) \
+ $(DESTDIR)$(pkgconfigdir) \
$(DESTDIR)$(sysconfdir)
installbin:: installdirs
@@ -228,24 +237,21 @@ installheader:: headers installdirs
installdat:: installdirs
@$(SHELL) $(srcdir)/script/installdat.sh $(DESTDIR)$(datadir) $(srcdir)
-installswat:: installdirs
-#SWAT has been disabled until further notice
-# @$(SHELL) $(srcdir)/script/installswat.sh $(DESTDIR)$(SWATDIR) $(srcdir)
-
installman:: manpages installdirs
@$(SHELL) $(srcdir)/script/installman.sh $(DESTDIR)$(mandir) $(MANPAGES)
installmisc:: installdirs
- @$(SHELL) $(srcdir)/script/installmisc.sh $(srcdir) $(DESTDIR)$(SETUPDIR) $(DESTDIR)$(bindir)
+ @$(SHELL) $(srcdir)/script/installmisc.sh $(srcdir) $(DESTDIR)$(setupdir)
installpc:: installdirs
- @$(SHELL) $(srcdir)/script/installpc.sh $(builddir) $(DESTDIR)$(PKGCONFIGDIR) $(PC_FILES)
+ @$(SHELL) $(srcdir)/script/installpc.sh $(builddir) $(DESTDIR)$(pkgconfigdir) $(PC_FILES)
-uninstall:: uninstallbin uninstallman uninstallmisc uninstalllib uninstallheader \
- uninstallplugins
+uninstall:: uninstallbin uninstallsbin uninstalldat uninstallmisc uninstalllib uninstallheader \
+ uninstallman uninstallpc uninstallplugins
uninstallmisc::
- #FIXME
+ @echo "Removing MISC files"
+ @rm -rf $(DESTDIR)$(setupdir)/*
$(DESTDIR)$(bindir)/%: bin/% installdirs
@mkdir -p $(@D)
@@ -261,20 +267,30 @@ $(DESTDIR)$(sbindir)/%: bin/% installdirs
@cp $< $@
@chmod $(INSTALLPERMS) $@
+uninstalldat::
+ @echo "Removing DAT files"
+ @rm -fr $(DESTDIR)$(datadir)/*
+
uninstallbin::
uninstalllib::
+ @echo "Removing libraries"
@$(SHELL) $(srcdir)/script/uninstalllib.sh $(DESTDIR)$(libdir) $(SHARED_LIBS)
- #@$(SHELL) $(srcdir)/script/uninstalllib.sh $(DESTDIR)$(libdir) $(STATIC_LIBS)
uninstallheader::
- @$(SHELL) $(srcdir)/script/uninstallheader.sh $(DESTDIR)$(includedir) $(PUBLIC_HEADERS)
+ @echo "Removing headers"
+ @rm -fr $(DESTDIR)$(includedir)/*
uninstallman::
+ @echo "Removing manpages"
@$(SHELL) $(srcdir)/script/uninstallman.sh $(DESTDIR)$(mandir) $(MANPAGES)
uninstallplugins::
+uninstallpc::
+ @echo "Removing package configurations"
+ @cd $(DESTDIR)$(pkgconfigdir); rm -f $(notdir $(PC_FILES))
+
config.status:
@echo "config.status does not exist. Please run ./configure."
@/bin/false
diff --git a/source4/NEWS b/source4/NEWS
new file mode 100644
index 0000000000..8a63719a0e
--- /dev/null
+++ b/source4/NEWS
@@ -0,0 +1,508 @@
+This file aims to document the major changes since the latest released version
+of Samba, 3.0. Samba 4.0 contains rewrites of several subsystems
+and uses a different internal format for most data. Since this
+file is an initial draft, please update missing items.
+
+One of the main goals of Samba 4 was Active Directory Domain Controller
+support. This means Samba now implements several protocols that are required
+by AD such as Kerberos and DNS.
+
+An (experimental) upgrade script that performs a one-way upgrade
+from Samba 3 is available in source/setup/upgrade.
+
+Removal of nmbd and introduction of process models
+==================================================
+smbd now implements several network protocols other than just CIFS and
+DCE/RPC. nmbd's functionality has been merged into smbd. smbd supports
+various 'process models' that specify how concurrent connections are
+handled (when to fork, use threads, etc).
+
+Introduction of LDB
+===================
+Samba now stores most of its persistent data in a LDAP-like database
+called LDB (see ldb(7) for more info).
+
+Removed SWAT
+==================
+Unlike previous versions, Samba4 does not provide a web interface at this time.
+
+Built-in KDC
+============
+Samba4 ships with an integrated KDC (Kerberos Key Distribution
+Center). Backed directly onto our main internal database, and
+integrated with custom code to handle the PAC, Samba4's KDC is an
+integral part of our support for AD logon protocols.
+
+Built-in LDAP Server
+====================
+Like the situation with the KDC, Samba4 ships with it's own LDAP
+server, included to provide simple, built-in LDAP services in an AD
+(rather than distinctly standards) matching manner. The database is
+LDB, and it shares that in common with the rest of Samba.
+
+Changed configuration options
+=============================
+Several configuration options have been removed in Samba4 while others have
+been introduced. This section contains a summary of changes to smb.conf and
+where these settings moved. Configuration options that have disappeared may be
+re-added later when the functionality that uses them gets reimplemented in
+Samba 4.
+
+The 'security' parameter has been split up. It is now only used to choose
+between the 'user' and 'share' security levels (the latter is not supported
+in Samba 4 yet). The other values of this option and the 'domain master' and
+'domain logons' parameters have been merged into a 'server role' parameter
+that can be either 'domain controller', 'member server' or 'standalone'. Note that
+member server support does not work yet.
+
+The following parameters have been removed:
+- passdb backend: accounts are now stored in a LDB-based SAM database,
+ see 'sam database' below.
+- update encrypted
+- public
+- guest ok
+- client schannel
+- server schannel
+- allow trusted domains
+- hosts equiv
+- map to guest
+- smb passwd file
+- algorithmic rid base
+- root directory
+- root dir
+- root
+- guest account
+- enable privileges
+- pam password change
+- passwd program
+- passwd chat debug
+- passwd chat timeout
+- check password script
+- username map
+- username level
+- unix password sync
+- restrict anonymous
+- username
+- user
+- users
+- invalid users
+- valid users
+- admin users
+- read list
+- write list
+- printer admin
+- force user
+- force group
+- group
+- write ok
+- writeable
+- writable
+- acl check permissions
+- acl group control
+- acl map full control
+- create mask
+- create mode
+- force create mode
+- security mask
+- force security mode
+- directory mask
+- directory mode
+- force directory mode
+- directory security mask
+- force directory security mode
+- force unknown acl user
+- inherit permissions
+- inherit acls
+- inherit owner
+- guest only
+- only guest
+- only user
+- allow hosts
+- deny hosts
+- preload modules
+- use kerberos keytab
+- syslog
+- syslog only
+- max log size
+- debug timestamp
+- timestamp logs
+- debug hires timestamp
+- debug pid
+- debug uid
+- allocation roundup size
+- aio read size
+- aio write size
+- aio write behind
+- large readwrite
+- protocol
+- read bmpx
+- reset on zero vc
+- acl compatibility
+- defer sharing violations
+- ea support
+- nt acl support
+- nt pipe support
+- profile acls
+- map acl inherit
+- afs share
+- max ttl
+- client use spnego
+- enable asu support
+- svcctl list
+- block size
+- change notify timeout
+- deadtime
+- getwd cache
+- keepalive
+- kernel change notify
+- lpq cache time
+- max smbd processes
+- max disk size
+- max open files
+- min print space
+- strict allocate
+- sync always
+- use mmap
+- use sendfile
+- hostname lookups
+- write cache size
+- name cache timeout
+- max reported print jobs
+- load printers
+- printcap cache time
+- printcap name
+- printcap
+- printing
+- cups options
+- cups server
+- iprint server
+- print command
+- disable spoolss
+- enable spoolss
+- lpq command
+- lprm command
+- lppause command
+- lpresume command
+- queuepause command
+- queueresume command
+- enumports command
+- addprinter command
+- deleteprinter command
+- show add printer wizard
+- os2 driver map
+- use client driver
+- default devmode
+- force printername
+- mangling method
+- mangle prefix
+- default case
+- case sensitive
+- casesignames
+- preserve case
+- short preserve case
+- mangling char
+- hide dot files
+- hide special files
+- hide unreadable
+- hide unwriteable files
+- delete veto files
+- veto files
+- hide files
+- veto oplock files
+- map readonly
+- mangled names
+- mangled map
+- max stat cache size
+- stat cache
+- store dos attributes
+- machine password timeout
+- add user script
+- rename user script
+- delete user script
+- add group script
+- delete group script
+- add user to group script
+- delete user from group script
+- set primary group script
+- add machine script
+- shutdown script
+- abort shutdown script
+- username map script
+- logon script
+- logon path
+- logon drive
+- logon home
+- domain logons
+- os level
+- lm announce
+- lm interval
+- domain master
+- browse list
+- enhanced browsing
+- wins proxy
+- wins hook
+- wins partners
+- blocking locks
+- fake oplocks
+- kernel oplocks
+- locking
+- lock spin count
+- lock spin time
+- level2 oplocks
+- oplock break wait time
+- oplock contention limit
+- posix locking
+- share modes
+- ldap server
+- ldap port
+- ldap admin dn
+- ldap delete dn
+- ldap group suffix
+- ldap idmap suffix
+- ldap machine suffix
+- ldap passwd sync
+- ldap password sync
+- ldap replication sleep
+- ldap suffix
+- ldap ssl
+- ldap timeout
+- ldap page size
+- ldap user suffix
+- add share command
+- change share command
+- delete share command
+- eventlog list
+- utmp directory
+- wtmp directory
+- utmp
+- default service
+- default
+- message command
+- dfree cache time
+- dfree command
+- get quota command
+- set quota command
+- remote announce
+- remote browse sync
+- homedir map
+- afs username map
+- afs token lifetime
+- log nt token command
+- time offset
+- NIS homedir
+- preexec
+- exec
+- preexec close
+- postexec
+- root preexec
+- root preexec close
+- root postexec
+- set directory
+- wide links
+- follow symlinks
+- dont descend
+- magic script
+- magic output
+- delete readonly
+- dos filemode
+- dos filetimes
+- dos filetime resolution
+- fake directory create times
+- panic action
+- vfs objects
+- vfs object
+- msdfs root
+- msdfs proxy
+- host msdfs
+- enable rid algorithm
+- passdb expand explicit
+- idmap backend
+- idmap uid
+- winbind uid
+- idmap gid
+- winbind gid
+- template homedir
+- template shell
+- winbind separator
+- winbind cache time
+- winbind enum users
+- winbind enum groups
+- winbind use default domain
+- winbind trusted domains only
+- winbind nested groups
+- winbind max idle children
+- winbind nss info
+
+The following parameters have been added:
++ rpc big endian (G)
+ Make Samba fake it is running on a bigendian machine when using DCE/RPC.
+ Useful for debugging.
+
+ Default: no
+
++ case insensitive filesystem (S)
+ Set to true if this share is located on a case-insensitive filesystem.
+ This disables looking for a filename by trying all possible combinations of
+ uppercase/lowercase characters and thus speeds up operations when a
+ file cannot be found.
+
+ Default: no
+
++ js include (G)
+ Path to JavaScript library.
+
+ Default: Set at compile-time
+
++ setup directory
+ Path to data used by provisioning script.
+
+ Default: Set at compile-time
+
++ ncalrpc dir
+ Directory to use for UNIX sockets used by the 'ncalrpc' DCE/RPC transport.
+
+ Default: Set at compile-time
+
++ ntvfs handler
+ Backend to the NT VFS to use (more than one can be specified). Available
+ backends include:
+
+ - posix:
+ Maps POSIX FS semantics to NT semantics
+
+ - simple:
+ Very simple backend (original testing backend).
+
+ - unixuid:
+ Sets up user credentials based on POSIX gid/uid.
+
+ - cifs:
+ Proxies a remote CIFS FS. Mainly useful for testing.
+
+ - nbench:
+ Filter module that saves data useful to the nbench benchmark suite.
+
+ - ipc:
+ Allows using SMB for inter process communication. Only used for
+ the IPC$ share.
+
+ - print:
+ Allows printing over SMB. This is LANMAN-style printing (?), not
+ the be confused with the spoolss DCE/RPC interface used by later
+ versions of Windows.
+
+ Default: unixuid default
+
++ ntptr providor
+ FIXME
+
++ dcerpc endpoint servers
+ What DCE/RPC servers to start.
+
+ Default: epmapper srvsvc wkssvc rpcecho samr netlogon lsarpc spoolss drsuapi winreg dssetup
+
++ server services
+ Services Samba should provide.
+
+ Default: smb rpc nbt wrepl ldap cldap web kdc
+
++ sam database
+ Location of the SAM (account database) database. This should be a
+ LDB URL.
+
+ Default: set at compile-time
+
++ spoolss database
+ Spoolss (printer) DCE/RPC server database. This should be a LDB URL.
+
+ Default: set at compile-time
+
++ wins config database
+ WINS configuration database location. This should be a LDB URL.
+
+ Default: set at compile-time
+
++ wins database
+ WINS database location. This should be a LDB URL.
+
+ Default: set at compile-time
+
++ client use spnego principal
+ Tells the client to use the Kerberos service principal specified by the
+ server during the security protocol negotation rather than
+ looking up the principal itself (cifs/hostname).
+
+ Default: false
+
++ nbt port
+ TCP/IP Port used by the NetBIOS over TCP/IP (NBT) implementation.
+
+ Default: 137
+
++ dgram port
+ UDP/IP port used by the NetBIOS over TCP/IP (NBT) implementation.
+
+ Default: 138
+
++ cldap port
+ UDP/IP port used by the CLDAP protocol.
+
+ Default: 389
+
++ krb5 port
+ IP port used by the kerberos KDC.
+
+ Default: 88
+
++ kpasswd port
+ IP port used by the kerberos password change protocol.
+
+ Default: 464
+
++ web port
+ TCP/IP port SWAT should listen on.
+
+ Default: 901
+
++ tls enabled
+ Enable TLS support for SWAT
+
+ Default: true
+
++ tls keyfile
+ Path to TLS key file (PEM format) to be used by SWAT. If no
+ path is specified, Samba will create a key.
+
+ Default: none
+
++ tls certfile
+ Path to TLS certificate file (PEM format) to be used by SWAT. If no
+ path is specified, Samba will create a certificate.
+
+ Default: none
+
++ tls cafile
+ Path to CA authority file Samba will use to sign TLS keys it generates. If
+ no path is specified, Samba will create a self-signed CA certificate.
+
+ Default: none
+
++ tls crlfile
+ Path to TLS certificate revocation lists file.
+
+ Default: none
+
++ swat directory
+ SWAT data directory.
+
+ Default: set at compile-time
+
++ large readwrite
+ Indicate the CIFS server is able to do large reads/writes.
+
+ Default: true
+
++ unicode
+ Enable/disable unicode support in the protocol.
+
+ Default: true
diff --git a/source4/TODO b/source4/TODO
new file mode 100644
index 0000000000..5efebed1b3
--- /dev/null
+++ b/source4/TODO
@@ -0,0 +1,278 @@
+build/smb_build/TODO
+lib/registry/TODO
+lib/tdr/TODO
+pidl/TODO
+
+- seperate adminlog mechanism (as opposed to the current DEBUG log,
+ which is not really aimed at administrators but more at developers)
+ Perhaps similar to eventlog so we can also use eventlog to retrieve the data?
+
+- testsuite for the 'net' tool
+
+- and a lot of other stuff
+
+Configuration options
+=====================
+
+The following options don't exist in Samba4 yet
+or are not converted by the upgrade script
+or will be removed:
+
+- update encrypted
+- public
+- guest ok
+- client schannel
+- server schannel
+- allow trusted domains
+- hosts equiv
+- map to guest
+- algorithmic rid base
+- root directory
+- root dir
+- root
+- guest account
+- enable privileges
+- pam password change
+- passwd program
+- passwd chat debug
+- passwd chat timeout
+- check password script
+- username map
+- username level
+- unix password sync
+- restrict anonymous
+- username
+- user
+- users
+- invalid users
+- valid users
+- admin users
+- read list
+- write list
+- printer admin
+- force user
+- force group
+- group
+- write ok
+- writeable
+- writable
+- acl check permissions
+- acl group control
+- acl map full control
+- create mask
+- create mode
+- force create mode
+- security mask
+- force security mode
+- directory mask
+- directory mode
+- force directory mode
+- directory security mask
+- force directory security mode
+- force unknown acl user
+- inherit permissions
+- inherit acls
+- inherit owner
+- guest only
+- only guest
+- only user
+- allow hosts
+- deny hosts
+- preload modules
+- use kerberos keytab
+- syslog
+- syslog only
+- max log size
+- debug timestamp
+- timestamp logs
+- debug hires timestamp
+- debug pid
+- debug uid
+- allocation roundup size
+- aio read size
+- aio write size
+- aio write behind
+- large readwrite
+- protocol
+- read bmpx
+- reset on zero vc
+- acl compatibility
+- defer sharing violations
+- ea support
+- nt acl support
+- nt pipe support
+- profile acls
+- map acl inherit
+- afs share
+- max ttl
+- client use spnego
+- enable asu support
+- svcctl list
+- block size
+- change notify timeout
+- deadtime
+- getwd cache
+- keepalive
+- kernel change notify
+- lpq cache time
+- max smbd processes
+- max disk size
+- max open files
+- min print space
+- strict allocate
+- sync always
+- use mmap
+- use sendfile
+- hostname lookups
+- write cache size
+- name cache timeout
+- max reported print jobs
+- load printers
+- printcap cache time
+- printcap name
+- printcap
+- printing
+- cups options
+- cups server
+- iprint server
+- print command
+- disable spoolss
+- enable spoolss
+- lpq command
+- lprm command
+- lppause command
+- lpresume command
+- queuepause command
+- queueresume command
+- enumports command
+- addprinter command
+- deleteprinter command
+- show add printer wizard
+- os2 driver map
+- use client driver
+- default devmode
+- force printername
+- mangling method
+- mangle prefix
+- default case
+- case sensitive
+- casesignames
+- preserve case
+- short preserve case
+- mangling char
+- hide dot files
+- hide special files
+- hide unreadable
+- hide unwriteable files
+- delete veto files
+- veto files
+- hide files
+- veto oplock files
+- map readonly
+- mangled names
+- mangled map
+- max stat cache size
+- stat cache
+- store dos attributes
+- machine password timeout
+- add user script
+- rename user script
+- delete user script
+- add group script
+- delete group script
+- add user to group script
+- delete user from group script
+- set primary group script
+- add machine script
+- shutdown script
+- abort shutdown script
+- username map script
+- logon script
+- logon path
+- logon drive
+- logon home
+- domain logons
+- os level
+- lm announce
+- lm interval
+- domain master
+- browse list
+- enhanced browsing
+- wins proxy
+- blocking locks
+- fake oplocks
+- kernel oplocks
+- locking
+- lock spin count
+- lock spin time
+- oplocks
+- level2 oplocks
+- oplock break wait time
+- oplock contention limit
+- posix locking
+- share modes
+- add share command
+- change share command
+- delete share command
+- eventlog list
+- utmp directory
+- wtmp directory
+- utmp
+- default service
+- default
+- message command
+- dfree cache time
+- dfree command
+- get quota command
+- set quota command
+- remote announce
+- remote browse sync
+- homedir map
+- afs username map
+- afs token lifetime
+- log nt token command
+- time offset
+- NIS homedir
+- preexec
+- exec
+- preexec close
+- postexec
+- root preexec
+- root preexec close
+- root postexec
+- set directory
+- wide links
+- follow symlinks
+- dont descend
+- magic script
+- magic output
+- delete readonly
+- dos filemode
+- dos filetimes
+- dos filetime resolution
+- fake directory create times
+- panic action
+- vfs objects
+- vfs object
+- msdfs root
+- msdfs proxy
+- host msdfs
+- enable rid algorithm
+- passdb expand explicit
+- idmap backend
+- idmap uid
+- winbind uid
+- idmap gid
+- winbind gid
+- template homedir
+- template shell
+- winbind separator
+- winbind cache time
+- winbind enum users
+- winbind enum groups
+- winbind use default domain
+- winbind trusted domains only
+- winbind nested groups
+- winbind max idle children
+- winbind nss info
+
diff --git a/source4/auth/ntlm/auth_server.c b/source4/auth/ntlm/auth_server.c
index bb8773e75e..539ae6aa80 100644
--- a/source4/auth/ntlm/auth_server.c
+++ b/source4/auth/ntlm/auth_server.c
@@ -80,6 +80,7 @@ static NTSTATUS server_get_challenge(struct auth_method_context *ctx, TALLOC_CTX
io.in.workgroup = ""; /* only used with SPNEGO, disabled above */
io.in.options = smb_options;
+ lp_smbcli_session_options(ctx->auth_ctx->lp_ctx, &io.in.session_options);
status = smb_composite_connect(&io, mem_ctx, lp_resolve_context(ctx->auth_ctx->lp_ctx),
ctx->auth_ctx->event_ctx);
diff --git a/source4/build/m4/check_path.m4 b/source4/build/m4/check_path.m4
index 51d5daa913..666dd3b0ae 100644
--- a/source4/build/m4/check_path.m4
+++ b/source4/build/m4/check_path.m4
@@ -23,13 +23,13 @@ winbindd_socket_dir="${localstatedir}/run/winbindd"
winbindd_privileged_socket_dir="${localstatedir}/lib/winbindd_privileged"
ntp_signd_socket_dir="${localstatedir}/run/ntp_signd"
-# Check to prevent installing directly under /usr without the FHS
-AS_IF([test ${prefix} == /usr],[
- AC_MSG_ERROR([Don't install directly under "/usr" without using the FHS option (--with-fhs). This could lead to file loss!])
-])
+AC_ARG_ENABLE(fhs,
+[AS_HELP_STRING([--enable-fhs],[Use FHS-compliant paths (default=no)])],
+[fhs=$enableval],
+[fhs=no]
+)
-AC_ARG_WITH(fhs,
-[AS_HELP_STRING([--with-fhs],[Use FHS-compliant paths (default=no)])],
+if test x$fhs = xyes; then
lockdir="${localstatedir}/lib/samba"
piddir="${localstatedir}/run/samba"
logfilebase="${localstatedir}/log/samba"
@@ -41,7 +41,12 @@ AC_ARG_WITH(fhs,
ntp_signd_socket_dir="${localstatedir}/run/samba/ntp_signd"
winbindd_socket_dir="${localstatedir}/run/samba/winbindd"
winbindd_privileged_socket_dir="${localstatedir}/lib/samba/winbindd_privileged"
-)
+else
+ # Check to prevent installing directly under /usr without the FHS
+ AS_IF([test $prefix == /usr || $prefix == /usr/local],[
+ AC_MSG_ERROR([Don't install directly under "/usr" or "/usr/local" without using the FHS option (--enable-fhs). This could lead to file loss!])
+ ])
+fi
#################################################
# set private directory location
diff --git a/source4/client/cifsdd.c b/source4/client/cifsdd.c
index 141b165ad4..5f07826d06 100644
--- a/source4/client/cifsdd.c
+++ b/source4/client/cifsdd.c
@@ -357,7 +357,8 @@ static void print_transfer_stats(void)
static struct dd_iohandle * open_file(struct resolve_context *resolve_ctx,
struct event_context *ev,
const char * which, const char **ports,
- struct smbcli_options *smb_options)
+ struct smbcli_options *smb_options,
+ struct smbcli_session_options *smb_session_options)
{
int options = 0;
const char * path = NULL;
@@ -379,13 +380,13 @@ static struct dd_iohandle * open_file(struct resolve_context *resolve_ctx,
path = check_arg_pathname("if");
handle = dd_open_path(resolve_ctx, ev, path, ports,
check_arg_numeric("ibs"), options,
- smb_options);
+ smb_options, smb_session_options);
} else if (strcmp(which, "of") == 0) {
options |= DD_WRITE;
path = check_arg_pathname("of");
handle = dd_open_path(resolve_ctx, ev, path, ports,
check_arg_numeric("obs"), options,
- smb_options);
+ smb_options, smb_session_options);
} else {
SMB_ASSERT(0);
return(NULL);
@@ -412,12 +413,14 @@ static int copy_files(struct event_context *ev, struct loadparm_context *lp_ctx)
struct dd_iohandle * ofile;
struct smbcli_options options;
+ struct smbcli_session_options session_options;
ibs = check_arg_numeric("ibs");
obs = check_arg_numeric("obs");
count = check_arg_numeric("count");
lp_smbcli_options(lp_ctx, &options);
+ lp_smbcli_session_options(lp_ctx, &session_options);
/* Allocate IO buffer. We need more than the max IO size because we
* could accumulate a remainder if ibs and obs don't match.
@@ -436,12 +439,14 @@ static int copy_files(struct event_context *ev, struct loadparm_context *lp_ctx)
(unsigned long long)iomax, options.max_xmit));
if (!(ifile = open_file(lp_resolve_context(lp_ctx), ev, "if",
- lp_smb_ports(lp_ctx), &options))) {
+ lp_smb_ports(lp_ctx), &options,
+ &session_options))) {
return(FILESYS_EXIT_CODE);
}
if (!(ofile = open_file(lp_resolve_context(lp_ctx), ev, "of",
- lp_smb_ports(lp_ctx), &options))) {
+ lp_smb_ports(lp_ctx), &options,
+ &session_options))) {
return(FILESYS_EXIT_CODE);
}
diff --git a/source4/client/cifsdd.h b/source4/client/cifsdd.h
index 21a4ad4882..3195e4334f 100644
--- a/source4/client/cifsdd.h
+++ b/source4/client/cifsdd.h
@@ -89,6 +89,7 @@ struct dd_iohandle
#define DD_OPLOCK 0x00000008
struct smbcli_options;
+struct smbcli_session_options;
struct event_context;
struct dd_iohandle * dd_open_path(struct resolve_context *resolve_ctx,
@@ -96,7 +97,8 @@ struct dd_iohandle * dd_open_path(struct resolve_context *resolve_ctx,
const char * path,
const char **ports,
uint64_t io_size, int options,
- struct smbcli_options *smb_options);
+ struct smbcli_options *smb_options,
+ struct smbcli_session_options *smb_session_options);
bool dd_fill_block(struct dd_iohandle * h, uint8_t * buf,
uint64_t * buf_size, uint64_t need_size, uint64_t block_size);
bool dd_flush_block(struct dd_iohandle * h, uint8_t * buf,
diff --git a/source4/client/cifsddio.c b/source4/client/cifsddio.c
index 4297c30012..25194a621a 100644
--- a/source4/client/cifsddio.c
+++ b/source4/client/cifsddio.c
@@ -225,7 +225,8 @@ static struct smbcli_state * init_smb_session(struct resolve_context *resolve_ct
const char * host,
const char **ports,
const char * share,
- struct smbcli_options *options)
+ struct smbcli_options *options,
+ struct smbcli_session_options *session_options)
{
NTSTATUS ret;
struct smbcli_state * cli = NULL;
@@ -236,7 +237,8 @@ static struct smbcli_state * init_smb_session(struct resolve_context *resolve_ct
ret = smbcli_full_connection(NULL, &cli, host, ports, share,
NULL /* devtype */,
cmdline_credentials, resolve_ctx,
- ev, options);
+ ev, options,
+ session_options);
if (!NT_STATUS_IS_OK(ret)) {
fprintf(stderr, "%s: connecting to //%s/%s: %s\n",
@@ -302,7 +304,8 @@ static struct dd_iohandle * open_cifs_handle(struct resolve_context *resolve_ctx
const char * path,
uint64_t io_size,
int options,
- struct smbcli_options *smb_options)
+ struct smbcli_options *smb_options,
+ struct smbcli_session_options *smb_session_options)
{
struct cifs_handle * smbh;
@@ -323,7 +326,7 @@ static struct dd_iohandle * open_cifs_handle(struct resolve_context *resolve_ctx
smbh->h.io_seek = smb_seek_func;
if ((smbh->cli = init_smb_session(resolve_ctx, ev, host, ports, share,
- smb_options)) == NULL) {
+ smb_options, smb_session_options)) == NULL) {
return(NULL);
}
@@ -344,7 +347,8 @@ struct dd_iohandle * dd_open_path(struct resolve_context *resolve_ctx,
const char **ports,
uint64_t io_size,
int options,
- struct smbcli_options *smb_options)
+ struct smbcli_options *smb_options,
+ struct smbcli_session_options *smb_session_options)
{
if (file_exist(path)) {
return(open_fd_handle(path, io_size, options));
@@ -361,7 +365,8 @@ struct dd_iohandle * dd_open_path(struct resolve_context *resolve_ctx,
return(open_cifs_handle(resolve_ctx, ev, host, ports,
share, remain,
- io_size, options, smb_options));
+ io_size, options, smb_options,
+ smb_session_options));
}
return(open_fd_handle(path, io_size, options));
diff --git a/source4/client/client.c b/source4/client/client.c
index e05e195372..266bd67025 100644
--- a/source4/client/client.c
+++ b/source4/client/client.c
@@ -3032,7 +3032,8 @@ static bool do_connect(struct smbclient_context *ctx,
const char *specified_server, const char **ports,
const char *specified_share,
struct cli_credentials *cred,
- struct smbcli_options *options)
+ struct smbcli_options *options,
+ struct smbcli_session_options *session_options)
{
NTSTATUS status;
char *server, *share;
@@ -3051,7 +3052,7 @@ static bool do_connect(struct smbclient_context *ctx,
status = smbcli_full_connection(ctx, &ctx->cli, server, ports,
share, NULL, cred, resolve_ctx,
- ev_ctx, options);
+ ev_ctx, options, session_options);
if (!NT_STATUS_IS_OK(status)) {
d_printf("Connection to \\\\%s\\%s failed - %s\n",
server, share, nt_errstr(status));
@@ -3138,6 +3139,7 @@ static int do_message_op(const char *netbios_name, const char *desthost,
struct smbclient_context *ctx;
const char *cmdstr = NULL;
struct smbcli_options smb_options;
+ struct smbcli_session_options smb_session_options;
struct poptOption long_options[] = {
POPT_AUTOHELP
@@ -3227,6 +3229,7 @@ static int do_message_op(const char *netbios_name, const char *desthost,
poptFreeContext(pc);
lp_smbcli_options(cmdline_lp_ctx, &smb_options);
+ lp_smbcli_session_options(cmdline_lp_ctx, &smb_session_options);
ev_ctx = s4_event_context_init(talloc_autofree_context());
@@ -3255,7 +3258,7 @@ static int do_message_op(const char *netbios_name, const char *desthost,
if (!do_connect(ctx, ev_ctx, lp_resolve_context(cmdline_lp_ctx),
desthost, lp_smb_ports(cmdline_lp_ctx), service,
- cmdline_credentials, &smb_options))
+ cmdline_credentials, &smb_options, &smb_session_options))
return 1;
if (base_directory)
diff --git a/source4/client/smbmount.c b/source4/client/smbmount.c
index 9ab6c375f2..37c9eaadc4 100644
--- a/source4/client/smbmount.c
+++ b/source4/client/smbmount.c
@@ -111,7 +111,8 @@ static void usr1_handler(int x)
/*****************************************************
return a connection to a server
*******************************************************/
-static struct smbcli_state *do_connection(const char *the_service, bool unicode, int maxprotocol)
+static struct smbcli_state *do_connection(const char *the_service, bool unicode, int maxprotocol,
+ struct smbcli_session_options session_options)
{
struct smbcli_state *c;
struct nmb_name called, calling;
@@ -210,11 +211,12 @@ static struct smbcli_state *do_connection(const char *the_service, bool unicode,
if (!smbcli_session_setup(c, username,
password, strlen(password),
password, strlen(password),
- workgroup)) {
+ workgroup, session_options)) {
/* if a password was not supplied then try again with a
null username */
if (password[0] || !username[0] ||
- !smbcli_session_setup(c, "", "", 0, "", 0, workgroup)) {
+ !smbcli_session_setup(c, "", "", 0, "", 0, workgroup,
+ session_options)) {
DEBUG(0,("%d: session setup failed: %s\n",
sys_getpid(), smbcli_errstr(c)));
talloc_free(c);
@@ -329,6 +331,9 @@ static void send_fs_socket(struct loadparm_context *lp_ctx,
int fd, closed = 0, res = 1;
pid_t parentpid = getppid();
struct smb_conn_opt conn_options;
+ struct smbcli_session_options session_options;
+
+ lp_smbcli_session_options(lp_ctx, &session_options);
memset(&conn_options, 0, sizeof(conn_options));
@@ -409,7 +414,8 @@ static void send_fs_socket(struct loadparm_context *lp_ctx,
DEBUG(2,("mount.smbfs[%d]: got signal, getting new socket\n", sys_getpid()));
c = do_connection(the_service,
lp_unicode(lp_ctx),
- lp_cli_maxprotocol(lp_ctx));
+ lp_cli_maxprotocol(lp_ctx),
+ session_options);
}
}
@@ -430,14 +436,17 @@ static void init_mount(struct loadparm_context *lp_ctx)
struct smbcli_state *c;
char *args[20];
int i, status;
+ struct smbcli_session_options session_options;
if (realpath(mpoint, mount_point) == NULL) {
fprintf(stderr, "Could not resolve mount point %s\n", mpoint);
return;
}
+ lp_smbcli_session_options(lp_ctx, &session_options);
- c = do_connection(service, lp_unicode(lp_ctx), lp_cli_maxprotocol(lp_ctx));
+ c = do_connection(service, lp_unicode(lp_ctx), lp_cli_maxprotocol(lp_ctx),
+ session_options);
if (!c) {
fprintf(stderr,"SMB connection failed\n");
exit(1);
diff --git a/source4/dsdb/samdb/ldb_modules/tests/samba3sam.py b/source4/dsdb/samdb/ldb_modules/tests/samba3sam.py
index 882376cb09..1fc531902d 100644
--- a/source4/dsdb/samdb/ldb_modules/tests/samba3sam.py
+++ b/source4/dsdb/samdb/ldb_modules/tests/samba3sam.py
@@ -27,6 +27,9 @@ import ldb
from ldb import SCOPE_DEFAULT, SCOPE_BASE, SCOPE_SUBTREE
from samba import Ldb, substitute_var
from samba.tests import LdbTestCase, TestCaseInTempDir, cmdline_loadparm
+import samba.dcerpc.security
+import samba.security
+import samba.ndr
datadir = os.path.join(os.path.dirname(__file__),
"../../../../../testdata/samba3")
@@ -112,6 +115,18 @@ class MapBaseTestCase(TestCaseInTempDir):
os.unlink(self.samba4.file)
super(MapBaseTestCase, self).tearDown()
+ def assertSidEquals(self, text, ndr_sid):
+ sid_obj1 = samba.ndr.ndr_unpack(samba.dcerpc.security.dom_sid,
+ str(ndr_sid[0]))
+ sid_obj2 = samba.security.Sid(text)
+ # For now, this is the only way we can compare these since the
+ # classes are in different places. Should reconcile that at some point.
+ self.assertEquals(sid_obj1.sid_rev_num, sid_obj2.sid_rev_num)
+ self.assertEquals(sid_obj1.num_auths, sid_obj2.num_auths)
+ # FIXME: self.assertEquals(sid_obj1.id_auth, sid_obj2.id_auth)
+ # FIXME: self.assertEquals(sid_obj1.sub_auths[:sid_obj1.num_auths],
+ # sid_obj2.sub_auths[:sid_obj2.num_auths])
+
class Samba3SamTestCase(MapBaseTestCase):
@@ -150,10 +165,8 @@ class Samba3SamTestCase(MapBaseTestCase):
self.assertEquals(str(msg[0].dn),
"cn=Replicator,ou=Groups,dc=vernstok,dc=nl")
self.assertTrue("objectSid" in msg[0])
- # FIXME: NDR unpack msg[0]["objectSid"] before comparing:
- # self.assertEquals(msg[0]["objectSid"],
- # "S-1-5-21-4231626423-2410014848-2360679739-552")
- # Check mapping of objectClass
+ self.assertSidEquals("S-1-5-21-4231626423-2410014848-2360679739-552",
+ msg[0]["objectSid"])
oc = set(msg[0]["objectClass"])
self.assertEquals(oc, set(["group"]))
@@ -459,17 +472,14 @@ primaryGroupID: 1-5-21-4231626423-2410014848-2360679739-512
self.assertEquals(str(res[0].dn), self.samba4.dn("cn=X"))
self.assertEquals(res[0]["dnsHostName"], "x")
self.assertEquals(res[0]["lastLogon"], "x")
- # FIXME:Properly compare sid,requires converting between NDR encoding
- # and string
- #self.assertEquals(res[0]["objectSid"],
- # "S-1-5-21-4231626423-2410014848-2360679739-552")
+ self.assertSidEquals("S-1-5-21-4231626423-2410014848-2360679739-552",
+ res[0]["objectSid"])
self.assertTrue("objectSid" in res[0])
self.assertEquals(str(res[1].dn), self.samba4.dn("cn=A"))
self.assertTrue(not "dnsHostName" in res[1])
self.assertEquals(res[1]["lastLogon"], "x")
- # FIXME: Properly compare sid,see above
- #self.assertEquals(res[1]["objectSid"],
- # "S-1-5-21-4231626423-2410014848-2360679739-552")
+ self.assertSidEquals("S-1-5-21-4231626423-2410014848-2360679739-552",
+ res[1]["objectSid"])
self.assertTrue("objectSid" in res[1])
# Search by generated attribute
diff --git a/source4/dynconfig/config.mk b/source4/dynconfig/config.mk
index 699c30e764..f79cdb8e75 100644
--- a/source4/dynconfig/config.mk
+++ b/source4/dynconfig/config.mk
@@ -6,19 +6,19 @@ DYNCONFIG_OBJ_FILES = $(dynconfigsrcdir)/dynconfig.o
# These can be overridden by command line switches (see samba(8))
# or in smb.conf (see smb.conf(5))
CONFIG4FILE = $(sysconfdir)/smb.conf
-PKGCONFIGDIR = $(libdir)/pkgconfig
+pkgconfigdir = $(libdir)/pkgconfig
LMHOSTSFILE4 = $(sysconfdir)/lmhosts
$(dynconfigsrcdir)/dynconfig.o: CFLAGS+=-DCONFIGFILE=\"$(CONFIG4FILE)\" -DBINDIR=\"$(bindir)\" \
-DLMHOSTSFILE=\"$(LMHOSTSFILE4)\" \
-DLOCKDIR=\"$(lockdir)\" -DPIDDIR=\"$(piddir)\" -DDATADIR=\"$(datadir)\" \
-DLOGFILEBASE=\"$(logfilebase)\" \
- -DCONFIGDIR=\"$(sysconfdir)\" -DNCALRPCDIR=\"$(NCALRPCDIR)\" \
- -DSWATDIR=\"$(SWATDIR)\" \
+ -DCONFIGDIR=\"$(sysconfdir)\" -DNCALRPCDIR=\"$(ncalrpcdir)\" \
+ -DSWATDIR=\"$(swatdir)\" \
-DPRIVATE_DIR=\"$(privatedir)\" \
- -DMODULESDIR=\"$(modulesdir)\" -DJSDIR=\"$(JSDIR)\" \
- -DTORTUREDIR=\"$(TORTUREDIR)\" \
- -DSETUPDIR=\"$(SETUPDIR)\" \
+ -DMODULESDIR=\"$(modulesdir)\" \
+ -DTORTUREDIR=\"$(torturedir)\" \
+ -DSETUPDIR=\"$(setupdir)\" \
-DWINBINDD_PRIVILEGED_SOCKET_DIR=\"$(winbindd_privileged_socket_dir)\" \
-DWINBINDD_SOCKET_DIR=\"$(winbindd_socket_dir)\" \
-DNTP_SIGND_SOCKET_DIR=\"$(ntp_signd_socket_dir)\"
diff --git a/source4/dynconfig/dynconfig.c b/source4/dynconfig/dynconfig.c
index 507570318d..e0cabef317 100644
--- a/source4/dynconfig/dynconfig.c
+++ b/source4/dynconfig/dynconfig.c
@@ -79,9 +79,6 @@ _PUBLIC_ const char *dyn_SWATDIR = SWATDIR;
/** SETUP files (source files used by the provision) */
_PUBLIC_ const char *dyn_SETUPDIR = SETUPDIR;
-/** EJS Javascript library includes */
-_PUBLIC_ const char *dyn_JSDIR = JSDIR;
-
/** Where to find the winbindd socket */
_PUBLIC_ const char *dyn_WINBINDD_SOCKET_DIR = WINBINDD_SOCKET_DIR;
diff --git a/source4/heimdal/lib/hdb/hdb.c b/source4/heimdal/lib/hdb/hdb.c
index 3fddabb2d0..19c170767d 100644
--- a/source4/heimdal/lib/hdb/hdb.c
+++ b/source4/heimdal/lib/hdb/hdb.c
@@ -31,34 +31,27 @@
* SUCH DAMAGE.
*/
+#include "krb5.h"
+#include "krb5_locl.h"
#include "hdb_locl.h"
-
RCSID("$Id$");
#ifdef HAVE_DLFCN_H
#include <dlfcn.h>
#endif
-struct hdb_method {
- const char *prefix;
- krb5_error_code (*create)(krb5_context, HDB **, const char *filename);
-};
-
static struct hdb_method methods[] = {
#if HAVE_DB1 || HAVE_DB3
- {"db:", hdb_db_create},
+ {HDB_INTERFACE_VERSION, "db:", hdb_db_create},
#endif
#if HAVE_NDBM
- {"ndbm:", hdb_ndbm_create},
+ {HDB_INTERFACE_VERSION, "ndbm:", hdb_ndbm_create},
#endif
#if defined(OPENLDAP) && !defined(OPENLDAP_MODULE)
- {"ldap:", hdb_ldap_create},
- {"ldapi:", hdb_ldapi_create},
-#endif
-#ifdef HAVE_LDB /* Used for integrated samba build */
- {"ldb:", hdb_ldb_create},
+ {HDB_INTERFACE_VERSION, "ldap:", hdb_ldap_create},
+ {HDB_INTERFACE_VERSION, "ldapi:", hdb_ldapi_create},
#endif
- {NULL, NULL}
+ {0, NULL, NULL}
};
#if HAVE_DB1 || HAVE_DB3
@@ -398,11 +391,32 @@ hdb_create(krb5_context context, HDB **db, const char *filename)
{
const struct hdb_method *h;
const char *residual;
+ krb5_error_code ret;
+ struct krb5_plugin *list = NULL, *e;
if(filename == NULL)
filename = HDB_DEFAULT_DB;
krb5_add_et_list(context, initialize_hdb_error_table_r);
h = find_method (filename, &residual);
+
+ if (h == NULL) {
+ ret = _krb5_plugin_find(context, PLUGIN_TYPE_DATA, "hdb", &list);
+ if(ret == 0 && list != NULL) {
+ for (e = list; e != NULL; e = _krb5_plugin_get_next(e)) {
+ h = _krb5_plugin_get_symbol(e);
+ if (strncmp (filename, h->prefix, strlen(h->prefix)) == 0
+ && h->interface_version == HDB_INTERFACE_VERSION) {
+ residual = filename + strlen(h->prefix);
+ break;
+ }
+ }
+ if (e == NULL) {
+ h = NULL;
+ _krb5_plugin_free(list);
+ }
+ }
+ }
+
#ifdef HAVE_DLOPEN
if (h == NULL)
h = find_dynamic_method (context, filename, &residual);
diff --git a/source4/heimdal/lib/hdb/hdb.h b/source4/heimdal/lib/hdb/hdb.h
index bc1b744015..5c2097ea59 100644
--- a/source4/heimdal/lib/hdb/hdb.h
+++ b/source4/heimdal/lib/hdb/hdb.h
@@ -139,6 +139,12 @@ typedef krb5_error_code (*hdb_foreach_func_t)(krb5_context, HDB*,
hdb_entry_ex*, void*);
extern krb5_kt_ops hdb_kt_ops;
+struct hdb_method {
+ int interface_version;
+ const char *prefix;
+ krb5_error_code (*create)(krb5_context, HDB **, const char *filename);
+};
+
#include <hdb-protos.h>
#endif /* __HDB_H__ */
diff --git a/source4/kdc/config.mk b/source4/kdc/config.mk
index b3e5bfdb92..dfd2879bd6 100644
--- a/source4/kdc/config.mk
+++ b/source4/kdc/config.mk
@@ -6,7 +6,7 @@
INIT_FUNCTION = server_service_kdc_init
SUBSYSTEM = samba
PRIVATE_DEPENDENCIES = \
- HEIMDAL_KDC HDB_LDB
+ HEIMDAL_KDC HDB_SAMBA4
# End SUBSYSTEM KDC
#######################
@@ -14,7 +14,7 @@ KDC_OBJ_FILES = $(addprefix $(kdcsrcdir)/, kdc.o kpasswdd.o)
#######################
# Start SUBSYSTEM KDC
-[SUBSYSTEM::HDB_LDB]
+[SUBSYSTEM::HDB_SAMBA4]
CFLAGS = -Iheimdal/kdc -Iheimdal/lib/hdb
PRIVATE_DEPENDENCIES = \
LIBLDB auth_sam auth_sam_reply CREDENTIALS \
@@ -22,5 +22,5 @@ PRIVATE_DEPENDENCIES = \
# End SUBSYSTEM KDC
#######################
-HDB_LDB_OBJ_FILES = $(addprefix $(kdcsrcdir)/, hdb-ldb.o pac-glue.o)
-$(eval $(call proto_header_template,$(kdcsrcdir)/pac_glue.h,$(HDB_LDB_OBJ_FILES:.o=.c)))
+HDB_SAMBA4_OBJ_FILES = $(addprefix $(kdcsrcdir)/, hdb-samba4.o pac-glue.o)
+$(eval $(call proto_header_template,$(kdcsrcdir)/pac_glue.h,$(HDB_SAMBA4_OBJ_FILES:.o=.c)))
diff --git a/source4/kdc/hdb-ldb.c b/source4/kdc/hdb-samba4.c
index 4fde75cf70..d7317f17d4 100644
--- a/source4/kdc/hdb-ldb.c
+++ b/source4/kdc/hdb-samba4.c
@@ -53,8 +53,8 @@
#include "../lib/crypto/md4.h"
enum hdb_ldb_ent_type
-{ HDB_LDB_ENT_TYPE_CLIENT, HDB_LDB_ENT_TYPE_SERVER,
- HDB_LDB_ENT_TYPE_KRBTGT, HDB_LDB_ENT_TYPE_TRUST, HDB_LDB_ENT_TYPE_ANY };
+{ HDB_SAMBA4_ENT_TYPE_CLIENT, HDB_SAMBA4_ENT_TYPE_SERVER,
+ HDB_SAMBA4_ENT_TYPE_KRBTGT, HDB_SAMBA4_ENT_TYPE_TRUST, HDB_SAMBA4_ENT_TYPE_ANY };
enum trust_direction {
UNKNOWN = 0,
@@ -115,26 +115,26 @@ static HDBFlags uf2HDBFlags(krb5_context context, int userAccountControl, enum h
/* Account types - clear the invalid bit if it turns out to be valid */
if (userAccountControl & UF_NORMAL_ACCOUNT) {
- if (ent_type == HDB_LDB_ENT_TYPE_CLIENT || ent_type == HDB_LDB_ENT_TYPE_ANY) {
+ if (ent_type == HDB_SAMBA4_ENT_TYPE_CLIENT || ent_type == HDB_SAMBA4_ENT_TYPE_ANY) {
flags.client = 1;
}
flags.invalid = 0;
}
if (userAccountControl & UF_INTERDOMAIN_TRUST_ACCOUNT) {
- if (ent_type == HDB_LDB_ENT_TYPE_CLIENT || ent_type == HDB_LDB_ENT_TYPE_ANY) {
+ if (ent_type == HDB_SAMBA4_ENT_TYPE_CLIENT || ent_type == HDB_SAMBA4_ENT_TYPE_ANY) {
flags.client = 1;
}
flags.invalid = 0;
}
if (userAccountControl & UF_WORKSTATION_TRUST_ACCOUNT) {
- if (ent_type == HDB_LDB_ENT_TYPE_CLIENT || ent_type == HDB_LDB_ENT_TYPE_ANY) {
+ if (ent_type == HDB_SAMBA4_ENT_TYPE_CLIENT || ent_type == HDB_SAMBA4_ENT_TYPE_ANY) {
flags.client = 1;
}
flags.invalid = 0;
}
if (userAccountControl & UF_SERVER_TRUST_ACCOUNT) {
- if (ent_type == HDB_LDB_ENT_TYPE_CLIENT || ent_type == HDB_LDB_ENT_TYPE_ANY) {
+ if (ent_type == HDB_SAMBA4_ENT_TYPE_CLIENT || ent_type == HDB_SAMBA4_ENT_TYPE_ANY) {
flags.client = 1;
}
flags.invalid = 0;
@@ -551,7 +551,7 @@ static krb5_error_code LDB_message2entry(krb5_context context, HDB *db,
entry_ex->entry.principal = malloc(sizeof(*(entry_ex->entry.principal)));
- if (ent_type == HDB_LDB_ENT_TYPE_ANY && principal == NULL) {
+ if (ent_type == HDB_SAMBA4_ENT_TYPE_ANY && principal == NULL) {
const char *samAccountName = ldb_msg_find_attr_as_string(msg, "samAccountName", NULL);
if (!samAccountName) {
krb5_set_error_string(context, "LDB_message2entry: no samAccountName present");
@@ -587,7 +587,7 @@ static krb5_error_code LDB_message2entry(krb5_context context, HDB *db,
entry_ex->entry.flags = uf2HDBFlags(context, userAccountControl, ent_type);
- if (ent_type == HDB_LDB_ENT_TYPE_KRBTGT) {
+ if (ent_type == HDB_SAMBA4_ENT_TYPE_KRBTGT) {
entry_ex->entry.flags.invalid = 0;
entry_ex->entry.flags.server = 1;
entry_ex->entry.flags.forwardable = 1;
@@ -631,7 +631,7 @@ static krb5_error_code LDB_message2entry(krb5_context context, HDB *db,
*entry_ex->entry.valid_end = nt_time_to_unix(acct_expiry);
}
- if (ent_type != HDB_LDB_ENT_TYPE_KRBTGT) {
+ if (ent_type != HDB_SAMBA4_ENT_TYPE_KRBTGT) {
NTTIME must_change_time
= samdb_result_force_password_change((struct ldb_context *)db->hdb_db, mem_ctx,
domain_dn, msg);
@@ -909,16 +909,16 @@ static krb5_error_code LDB_lookup_principal(krb5_context context, struct ldb_con
}
switch (ent_type) {
- case HDB_LDB_ENT_TYPE_CLIENT:
- case HDB_LDB_ENT_TYPE_TRUST:
- case HDB_LDB_ENT_TYPE_ANY:
+ case HDB_SAMBA4_ENT_TYPE_CLIENT:
+ case HDB_SAMBA4_ENT_TYPE_TRUST:
+ case HDB_SAMBA4_ENT_TYPE_ANY:
/* Can't happen */
return EINVAL;
- case HDB_LDB_ENT_TYPE_KRBTGT:
+ case HDB_SAMBA4_ENT_TYPE_KRBTGT:
filter = talloc_asprintf(mem_ctx, "(&(objectClass=user)(samAccountName=%s))",
KRB5_TGS_NAME);
break;
- case HDB_LDB_ENT_TYPE_SERVER:
+ case HDB_SAMBA4_ENT_TYPE_SERVER:
filter = talloc_asprintf(mem_ctx, "(&(objectClass=user)(samAccountName=%s))",
short_princ_talloc);
break;
@@ -1075,7 +1075,7 @@ static krb5_error_code LDB_fetch_client(krb5_context context, HDB *db,
}
ret = LDB_message2entry(context, db, mem_ctx,
- principal, HDB_LDB_ENT_TYPE_CLIENT,
+ principal, HDB_SAMBA4_ENT_TYPE_CLIENT,
msg[0], realm_ref_msg[0], entry_ex);
return ret;
}
@@ -1136,7 +1136,7 @@ static krb5_error_code LDB_fetch_krbtgt(krb5_context context, HDB *db,
ret = LDB_lookup_principal(context, (struct ldb_context *)db->hdb_db,
mem_ctx,
- principal, HDB_LDB_ENT_TYPE_KRBTGT, realm_dn, &msg);
+ principal, HDB_SAMBA4_ENT_TYPE_KRBTGT, realm_dn, &msg);
if (ret != 0) {
krb5_warnx(context, "LDB_fetch: could not find principal in DB");
@@ -1145,7 +1145,7 @@ static krb5_error_code LDB_fetch_krbtgt(krb5_context context, HDB *db,
}
ret = LDB_message2entry(context, db, mem_ctx,
- principal, HDB_LDB_ENT_TYPE_KRBTGT,
+ principal, HDB_SAMBA4_ENT_TYPE_KRBTGT,
msg[0], realm_ref_msg_1[0], entry_ex);
if (ret != 0) {
krb5_warnx(context, "LDB_fetch: message2entry failed");
@@ -1265,7 +1265,7 @@ static krb5_error_code LDB_fetch_server(krb5_context context, HDB *db,
ret = LDB_lookup_principal(context, (struct ldb_context *)db->hdb_db,
mem_ctx,
- principal, HDB_LDB_ENT_TYPE_SERVER, realm_dn, &msg);
+ principal, HDB_SAMBA4_ENT_TYPE_SERVER, realm_dn, &msg);
if (ret != 0) {
return ret;
@@ -1273,7 +1273,7 @@ static krb5_error_code LDB_fetch_server(krb5_context context, HDB *db,
}
ret = LDB_message2entry(context, db, mem_ctx,
- principal, HDB_LDB_ENT_TYPE_SERVER,
+ principal, HDB_SAMBA4_ENT_TYPE_SERVER,
msg[0], realm_ref_msg[0], entry_ex);
if (ret != 0) {
krb5_warnx(context, "LDB_fetch: message2entry failed");
@@ -1358,7 +1358,7 @@ static krb5_error_code LDB_seq(krb5_context context, HDB *db, unsigned flags, hd
if (priv->index < priv->count) {
ret = LDB_message2entry(context, db, mem_ctx,
- NULL, HDB_LDB_ENT_TYPE_ANY,
+ NULL, HDB_SAMBA4_ENT_TYPE_ANY,
priv->msgs[priv->index++],
priv->realm_ref_msgs[0], entry);
} else {
@@ -1476,7 +1476,7 @@ static krb5_error_code LDB_destroy(krb5_context context, HDB *db)
* (hdb_ldb_create) from the kpasswdd -> krb5 -> keytab_hdb -> hdb
* code */
-NTSTATUS kdc_hdb_ldb_create(TALLOC_CTX *mem_ctx,
+NTSTATUS kdc_hdb_samba4_create(TALLOC_CTX *mem_ctx,
struct event_context *ev_ctx,
struct loadparm_context *lp_ctx,
krb5_context context, struct HDB **db, const char *arg)
@@ -1536,12 +1536,12 @@ NTSTATUS kdc_hdb_ldb_create(TALLOC_CTX *mem_ctx,
return NT_STATUS_OK;
}
-krb5_error_code hdb_ldb_create(krb5_context context, struct HDB **db, const char *arg)
+krb5_error_code hdb_samba4_create(krb5_context context, struct HDB **db, const char *arg)
{
NTSTATUS nt_status;
/* The global kdc_mem_ctx and kdc_lp_ctx, Disgusting, ugly hack, but it means one less private hook */
- nt_status = kdc_hdb_ldb_create(kdc_mem_ctx, event_context_find(kdc_mem_ctx), kdc_lp_ctx,
- context, db, arg);
+ nt_status = kdc_hdb_samba4_create(kdc_mem_ctx, event_context_find(kdc_mem_ctx), kdc_lp_ctx,
+ context, db, arg);
if (NT_STATUS_IS_OK(nt_status)) {
return 0;
diff --git a/source4/kdc/kdc.c b/source4/kdc/kdc.c
index 030eb23c10..83c6f1c2ee 100644
--- a/source4/kdc/kdc.c
+++ b/source4/kdc/kdc.c
@@ -667,6 +667,11 @@ static void kdc_task_init(struct task_server *task)
NTSTATUS status;
krb5_error_code ret;
struct interface *ifaces;
+ struct hdb_method hdb_samba4 = {
+ .interface_version = HDB_INTERFACE_VERSION,
+ .prefix = "samba4:",
+ .create = hdb_samba4_create
+ };
switch (lp_server_role(task->lp_ctx)) {
case ROLE_STANDALONE:
@@ -724,7 +729,7 @@ static void kdc_task_init(struct task_server *task)
}
kdc->config->num_db = 1;
- status = kdc_hdb_ldb_create(kdc, task->event_ctx, task->lp_ctx,
+ status = kdc_hdb_samba4_create(kdc, task->event_ctx, task->lp_ctx,
kdc->smb_krb5_context->krb5_context,
&kdc->config->db[0], NULL);
if (!NT_STATUS_IS_OK(status)) {
@@ -732,6 +737,16 @@ static void kdc_task_init(struct task_server *task)
return;
}
+
+ /* Register hdb-samba4 hooks */
+ ret = krb5_plugin_register(kdc->smb_krb5_context->krb5_context,
+ PLUGIN_TYPE_DATA, "hdb",
+ &hdb_samba4);
+ if(ret) {
+ task_server_terminate(task, "kdc: failed to register hdb keytab");
+ return;
+ }
+
ret = krb5_kt_register(kdc->smb_krb5_context->krb5_context, &hdb_kt_ops);
if(ret) {
task_server_terminate(task, "kdc: failed to register hdb keytab");
diff --git a/source4/lib/ldb/ldb.i b/source4/lib/ldb/ldb.i
index 1e3a3169c8..024ba1959a 100644
--- a/source4/lib/ldb/ldb.i
+++ b/source4/lib/ldb/ldb.i
@@ -1219,22 +1219,6 @@ int py_module_del_transaction(struct ldb_module *mod)
return LDB_SUCCESS;
}
-int py_module_wait(struct ldb_handle *mod, enum ldb_wait_type wait_type)
-{
- PyObject *py_ldb = mod->private_data;
- PyObject *py_result;
-
- py_result = PyObject_CallMethod(py_ldb, "wait", "i", wait_type);
-
- if (py_result == NULL) {
- return LDB_ERR_OPERATIONS_ERROR;
- }
-
- Py_DECREF(py_result);
-
- return LDB_SUCCESS;
-}
-
int py_module_sequence_number(struct ldb_module *mod, struct ldb_request *req)
{
PyObject *py_ldb = mod->private_data;
@@ -1308,7 +1292,6 @@ int py_module_init (struct ldb_module *mod)
$1->start_transaction = py_module_start_transaction;
$1->end_transaction = py_module_end_transaction;
$1->del_transaction = py_module_del_transaction;
- $1->wait = py_module_wait;
$1->sequence_number = py_module_sequence_number;
}
diff --git a/source4/lib/registry/tests/generic.c b/source4/lib/registry/tests/generic.c
index 6eae26bc46..2b7eb838ba 100644
--- a/source4/lib/registry/tests/generic.c
+++ b/source4/lib/registry/tests/generic.c
@@ -53,7 +53,7 @@ static bool test_reg_val_data_string_dword(struct torture_context *ctx)
static bool test_reg_val_data_string_sz(struct torture_context *ctx)
{
DATA_BLOB db;
- db.length = convert_string_talloc(ctx, lp_iconv_convenience(ctx->lp_ctx), CH_UNIX, CH_UTF16,
+ db.length = convert_string_talloc(ctx, lp_iconv_convenience(ctx->lp_ctx), CH_UTF8, CH_UTF16,
"bla", 3, (void **)&db.data);
torture_assert_str_equal(ctx, "bla",
reg_val_data_string(ctx, lp_iconv_convenience(ctx->lp_ctx), REG_SZ, db),
@@ -88,7 +88,7 @@ static bool test_reg_val_data_string_empty(struct torture_context *ctx)
static bool test_reg_val_description(struct torture_context *ctx)
{
DATA_BLOB data;
- data.length = convert_string_talloc(ctx, lp_iconv_convenience(ctx->lp_ctx), CH_UNIX, CH_UTF16,
+ data.length = convert_string_talloc(ctx, lp_iconv_convenience(ctx->lp_ctx), CH_UTF8, CH_UTF16,
"stationary traveller",
strlen("stationary traveller"),
(void **)&data.data);
@@ -102,7 +102,7 @@ static bool test_reg_val_description(struct torture_context *ctx)
static bool test_reg_val_description_nullname(struct torture_context *ctx)
{
DATA_BLOB data;
- data.length = convert_string_talloc(ctx, lp_iconv_convenience(ctx->lp_ctx), CH_UNIX, CH_UTF16,
+ data.length = convert_string_talloc(ctx, lp_iconv_convenience(ctx->lp_ctx), CH_UTF8, CH_UTF16,
"west berlin",
strlen("west berlin"),
(void **)&data.data);
diff --git a/source4/lib/wmi/wmi.h b/source4/lib/wmi/wmi.h
index 32543a8ca7..46c9b70cdb 100644
--- a/source4/lib/wmi/wmi.h
+++ b/source4/lib/wmi/wmi.h
@@ -27,7 +27,7 @@
/** FIXME: Use credentials struct rather than user/password here */
WERROR WBEM_ConnectServer(struct com_context *ctx, const char *server, const char *nspace,
- const char *user, const char *password,
+ struct cli_credentials *credentials,
const char *locale, uint32_t flags, const char *authority,
struct IWbemContext* wbem_ctx, struct IWbemServices** services);
const char *wmi_errstr(WERROR werror);
diff --git a/source4/lib/wmi/wmicore.c b/source4/lib/wmi/wmicore.c
index 49c1e03312..3ac6c89292 100644
--- a/source4/lib/wmi/wmicore.c
+++ b/source4/lib/wmi/wmicore.c
@@ -51,7 +51,7 @@ void wmi_init(struct com_context **ctx, struct cli_credentials *credentials)
/** FIXME: Use credentials struct rather than user/password here */
WERROR WBEM_ConnectServer(struct com_context *ctx, const char *server, const uint16_t *nspace,
- const char *user, const char *password,
+ struct cli_credentials *credentials,
const char *locale, uint32_t flags, const char *authority,
struct IWbemContext* wbem_ctx, struct IWbemServices** services)
{
@@ -61,18 +61,6 @@ WERROR WBEM_ConnectServer(struct com_context *ctx, const char *server, const uin
struct IUnknown **mqi;
struct IWbemLevel1Login *pL;
- if (user) {
- char *cred;
- struct cli_credentials *cc;
-
- cred = talloc_asprintf(NULL, "%s%%%s", user, password);
- cc = cli_credentials_init(cred);
- cli_credentials_set_conf(cc, global_loadparm);
- cli_credentials_parse_string(cc, cred, CRED_SPECIFIED);
- dcom_add_server_credentials(ctx, server, cc);
- talloc_free(cred);
- }
-
GUID_from_string(CLSID_WBEMLEVEL1LOGIN, &clsid);
GUID_from_string(COM_IWBEMLEVEL1LOGIN_UUID, &iid);
result = dcom_create_object(ctx, &clsid, server, 1, &iid, &mqi, &coresult);
diff --git a/source4/libcli/cliconnect.c b/source4/libcli/cliconnect.c
index c20a7fd935..e42b04cdc5 100644
--- a/source4/libcli/cliconnect.c
+++ b/source4/libcli/cliconnect.c
@@ -69,12 +69,14 @@ NTSTATUS smbcli_negprot(struct smbcli_state *cli, bool unicode, int maxprotocol)
/* wrapper around smb_raw_sesssetup() */
NTSTATUS smbcli_session_setup(struct smbcli_state *cli,
struct cli_credentials *credentials,
- const char *workgroup)
+ const char *workgroup,
+ struct smbcli_session_options options)
{
struct smb_composite_sesssetup setup;
NTSTATUS status;
- cli->session = smbcli_session_init(cli->transport, cli, true);
+ cli->session = smbcli_session_init(cli->transport, cli, true,
+ options);
if (!cli->session) return NT_STATUS_UNSUCCESSFUL;
setup.in.sesskey = cli->transport->negotiate.sesskey;
@@ -144,7 +146,8 @@ NTSTATUS smbcli_full_connection(TALLOC_CTX *parent_ctx,
struct cli_credentials *credentials,
struct resolve_context *resolve_ctx,
struct event_context *ev,
- struct smbcli_options *options)
+ struct smbcli_options *options,
+ struct smbcli_session_options *session_options)
{
struct smbcli_tree *tree;
NTSTATUS status;
@@ -155,7 +158,8 @@ NTSTATUS smbcli_full_connection(TALLOC_CTX *parent_ctx,
&tree, host, ports,
sharename, devtype,
credentials, resolve_ctx, ev,
- options);
+ options,
+ session_options);
if (!NT_STATUS_IS_OK(status)) {
goto done;
}
diff --git a/source4/libcli/config.mk b/source4/libcli/config.mk
index 2f81d7cff0..d68a2a2ce3 100644
--- a/source4/libcli/config.mk
+++ b/source4/libcli/config.mk
@@ -67,14 +67,6 @@ PUBLIC_DEPENDENCIES = LIBSAMBA-UTIL LIBCLI_NDR_NETLOGON
LIBCLI_NETLOGON_OBJ_FILES = $(addprefix $(libclinbtsrcdir)/, \
netlogon.o)
-[SUBSYSTEM::LIBCLI_DRSBLOBS]
-PUBLIC_DEPENDENCIES = LIBNDR
-
-LIBCLI_DRSBLOBS_OBJ_FILES = $(addprefix $(libclisrcdir)/, \
- drsblobs.o)
-
-$(eval $(call proto_header_template,$(libclisrcdir)/drsblobs_proto.h,$(LIBCLI_DRSBLOBS_OBJ_FILES:.o=.c)))
-
[PYTHON::python_netbios]
LIBRARY_REALNAME = samba/netbios.$(SHLIBEXT)
PUBLIC_DEPENDENCIES = LIBCLI_NBT DYNCONFIG LIBSAMBA-HOSTCONFIG
diff --git a/source4/libcli/drsblobs.h b/source4/libcli/drsblobs.h
deleted file mode 100644
index 8fee4114be..0000000000
--- a/source4/libcli/drsblobs.h
+++ /dev/null
@@ -1,28 +0,0 @@
-/*
- Unix SMB/CIFS implementation.
-
- Manually parsed structures found in the DRS protocol
-
- Copyright (C) Andrew Bartlett <abartlet@samba.org> 2008
-
- This program is free software; you can redistribute it and/or modify
- it under the terms of the GNU General Public License as published by
- the Free Software Foundation; either version 3 of the License, or
- (at your option) any later version.
-
- This program is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- GNU General Public License for more details.
-
- You should have received a copy of the GNU General Public License
- along with this program. If not, see <http://www.gnu.org/licenses/>.
-*/
-
-#ifndef __LIBCLI_DRSBLOBS_H__
-#define __LIBCLI_DRSBLOBS_H__
-
-#include "librpc/gen_ndr/ndr_drsblobs.h"
-
-#include "libcli/drsblobs_proto.h"
-#endif /* __CLDAP_SERVER_PROTO_H__ */
diff --git a/source4/libcli/raw/clisession.c b/source4/libcli/raw/clisession.c
index ad4ca7b471..38d8f700f2 100644
--- a/source4/libcli/raw/clisession.c
+++ b/source4/libcli/raw/clisession.c
@@ -35,7 +35,8 @@
Initialize the session context
****************************************************************************/
struct smbcli_session *smbcli_session_init(struct smbcli_transport *transport,
- TALLOC_CTX *parent_ctx, bool primary)
+ TALLOC_CTX *parent_ctx, bool primary,
+ struct smbcli_session_options options)
{
struct smbcli_session *session;
uint16_t flags2;
@@ -53,9 +54,7 @@ struct smbcli_session *smbcli_session_init(struct smbcli_transport *transport,
}
session->pid = (uint16_t)getpid();
session->vuid = UID_FIELD_INVALID;
- session->options.lanman_auth = lp_client_lanman_auth(global_loadparm);
- session->options.ntlmv2_auth = lp_client_ntlmv2_auth(global_loadparm);
- session->options.plaintext_auth = lp_client_plaintext_auth(global_loadparm);
+ session->options = options;
capabilities = transport->negotiate.capabilities;
diff --git a/source4/libcli/raw/clitree.c b/source4/libcli/raw/clitree.c
index 15cd70833c..4b5d2dc397 100644
--- a/source4/libcli/raw/clitree.c
+++ b/source4/libcli/raw/clitree.c
@@ -177,7 +177,8 @@ NTSTATUS smbcli_tree_full_connection(TALLOC_CTX *parent_ctx,
struct cli_credentials *credentials,
struct resolve_context *resolve_ctx,
struct event_context *ev,
- struct smbcli_options *options)
+ struct smbcli_options *options,
+ struct smbcli_session_options *session_options)
{
struct smb_composite_connect io;
NTSTATUS status;
@@ -200,6 +201,7 @@ NTSTATUS smbcli_tree_full_connection(TALLOC_CTX *parent_ctx,
* is complete -- abartlet 2008-04-28 */
io.in.workgroup = lp_workgroup(global_loadparm);
io.in.options = *options;
+ io.in.session_options = *session_options;
status = smb_composite_connect(&io, parent_ctx, resolve_ctx, ev);
if (NT_STATUS_IS_OK(status)) {
diff --git a/source4/libcli/security/security.i b/source4/libcli/security/security.i
index 6ba106bb5f..420439d147 100644
--- a/source4/libcli/security/security.i
+++ b/source4/libcli/security/security.i
@@ -105,6 +105,12 @@ typedef struct security_descriptor {
%talloctype(dom_sid);
typedef struct dom_sid {
+ %immutable;
+ uint8_t sid_rev_num;
+ int8_t num_auths;/* [range(0,15)] */
+ uint8_t id_auth[6];
+ uint32_t *sub_auths;
+ %mutable;
%extend {
dom_sid(TALLOC_CTX *mem_ctx, const char *text) {
return dom_sid_parse_talloc(mem_ctx, text);
diff --git a/source4/libcli/security/security.py b/source4/libcli/security/security.py
index c310dde56b..8afb3eda61 100644
--- a/source4/libcli/security/security.py
+++ b/source4/libcli/security/security.py
@@ -147,6 +147,10 @@ security_descriptor_swigregister(security_descriptor)
class Sid(object):
thisown = _swig_property(lambda x: x.this.own(), lambda x, v: x.this.own(v), doc='The membership flag')
__repr__ = _swig_repr
+ sid_rev_num = _swig_property(_security.Sid_sid_rev_num_get)
+ num_auths = _swig_property(_security.Sid_num_auths_get)
+ id_auth = _swig_property(_security.Sid_id_auth_get)
+ sub_auths = _swig_property(_security.Sid_sub_auths_get)
def __init__(self, *args, **kwargs):
_security.Sid_swiginit(self,_security.new_Sid(*args, **kwargs))
def __repr__(self):
diff --git a/source4/libcli/security/security_wrap.c b/source4/libcli/security/security_wrap.c
index b7d66b5aec..f7e3c2fb21 100644
--- a/source4/libcli/security/security_wrap.c
+++ b/source4/libcli/security/security_wrap.c
@@ -2712,6 +2712,28 @@ SWIGINTERN void delete_security_token(security_token *self){ talloc_free(self);
SWIGINTERN security_descriptor *new_security_descriptor(TALLOC_CTX *mem_ctx){ return security_descriptor_initialise(mem_ctx); }
SWIGINTERN void delete_security_descriptor(security_descriptor *self){ talloc_free(self); }
+SWIGINTERNINLINE PyObject*
+SWIG_From_unsigned_SS_long (unsigned long value)
+{
+ return (value > LONG_MAX) ?
+ PyLong_FromUnsignedLong(value) : PyInt_FromLong((long)(value));
+}
+
+
+SWIGINTERNINLINE PyObject *
+SWIG_From_unsigned_SS_char (unsigned char value)
+{
+ return SWIG_From_unsigned_SS_long (value);
+}
+
+
+SWIGINTERNINLINE PyObject *
+SWIG_From_signed_SS_char (signed char value)
+{
+ return SWIG_From_long (value);
+}
+
+
SWIGINTERN swig_type_info*
SWIG_pchar_descriptor(void)
{
@@ -3337,6 +3359,98 @@ SWIGINTERN PyObject *security_descriptor_swiginit(PyObject *SWIGUNUSEDPARM(self)
return SWIG_Python_InitShadowInstance(args);
}
+SWIGINTERN PyObject *_wrap_Sid_sid_rev_num_get(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ dom_sid *arg1 = (dom_sid *) 0 ;
+ void *argp1 = 0 ;
+ int res1 = 0 ;
+ PyObject *swig_obj[1] ;
+ uint8_t result;
+
+ if (!args) SWIG_fail;
+ swig_obj[0] = args;
+ res1 = SWIG_ConvertPtr(swig_obj[0], &argp1,SWIGTYPE_p_dom_sid, 0 | 0 );
+ if (!SWIG_IsOK(res1)) {
+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "Sid_sid_rev_num_get" "', argument " "1"" of type '" "dom_sid *""'");
+ }
+ arg1 = (dom_sid *)(argp1);
+ result = (uint8_t) ((arg1)->sid_rev_num);
+ resultobj = SWIG_From_unsigned_SS_char((unsigned char)(result));
+ return resultobj;
+fail:
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_Sid_num_auths_get(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ dom_sid *arg1 = (dom_sid *) 0 ;
+ void *argp1 = 0 ;
+ int res1 = 0 ;
+ PyObject *swig_obj[1] ;
+ int8_t result;
+
+ if (!args) SWIG_fail;
+ swig_obj[0] = args;
+ res1 = SWIG_ConvertPtr(swig_obj[0], &argp1,SWIGTYPE_p_dom_sid, 0 | 0 );
+ if (!SWIG_IsOK(res1)) {
+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "Sid_num_auths_get" "', argument " "1"" of type '" "dom_sid *""'");
+ }
+ arg1 = (dom_sid *)(argp1);
+ result = (int8_t) ((arg1)->num_auths);
+ resultobj = SWIG_From_signed_SS_char((signed char)(result));
+ return resultobj;
+fail:
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_Sid_id_auth_get(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ dom_sid *arg1 = (dom_sid *) 0 ;
+ void *argp1 = 0 ;
+ int res1 = 0 ;
+ PyObject *swig_obj[1] ;
+ uint8_t *result = 0 ;
+
+ if (!args) SWIG_fail;
+ swig_obj[0] = args;
+ res1 = SWIG_ConvertPtr(swig_obj[0], &argp1,SWIGTYPE_p_dom_sid, 0 | 0 );
+ if (!SWIG_IsOK(res1)) {
+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "Sid_id_auth_get" "', argument " "1"" of type '" "dom_sid *""'");
+ }
+ arg1 = (dom_sid *)(argp1);
+ result = (uint8_t *)(uint8_t *) ((arg1)->id_auth);
+ resultobj = SWIG_NewPointerObj(SWIG_as_voidptr(result), SWIGTYPE_p_unsigned_char, 0 | 0 );
+ return resultobj;
+fail:
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_Sid_sub_auths_get(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ dom_sid *arg1 = (dom_sid *) 0 ;
+ void *argp1 = 0 ;
+ int res1 = 0 ;
+ PyObject *swig_obj[1] ;
+ uint32_t *result = 0 ;
+
+ if (!args) SWIG_fail;
+ swig_obj[0] = args;
+ res1 = SWIG_ConvertPtr(swig_obj[0], &argp1,SWIGTYPE_p_dom_sid, 0 | 0 );
+ if (!SWIG_IsOK(res1)) {
+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "Sid_sub_auths_get" "', argument " "1"" of type '" "dom_sid *""'");
+ }
+ arg1 = (dom_sid *)(argp1);
+ result = (uint32_t *) ((arg1)->sub_auths);
+ resultobj = SWIG_NewPointerObj(SWIG_as_voidptr(result), SWIGTYPE_p_unsigned_int, 0 | 0 );
+ return resultobj;
+fail:
+ return NULL;
+}
+
+
SWIGINTERN PyObject *_wrap_new_Sid(PyObject *SWIGUNUSEDPARM(self), PyObject *args, PyObject *kwargs) {
PyObject *resultobj = 0;
TALLOC_CTX *arg1 = (TALLOC_CTX *) 0 ;
@@ -3561,6 +3675,10 @@ static PyMethodDef SwigMethods[] = {
{ (char *)"delete_security_descriptor", (PyCFunction)_wrap_delete_security_descriptor, METH_O, NULL},
{ (char *)"security_descriptor_swigregister", security_descriptor_swigregister, METH_VARARGS, NULL},
{ (char *)"security_descriptor_swiginit", security_descriptor_swiginit, METH_VARARGS, NULL},
+ { (char *)"Sid_sid_rev_num_get", (PyCFunction)_wrap_Sid_sid_rev_num_get, METH_O, NULL},
+ { (char *)"Sid_num_auths_get", (PyCFunction)_wrap_Sid_num_auths_get, METH_O, NULL},
+ { (char *)"Sid_id_auth_get", (PyCFunction)_wrap_Sid_id_auth_get, METH_O, NULL},
+ { (char *)"Sid_sub_auths_get", (PyCFunction)_wrap_Sid_sub_auths_get, METH_O, NULL},
{ (char *)"new_Sid", (PyCFunction) _wrap_new_Sid, METH_VARARGS | METH_KEYWORDS, NULL},
{ (char *)"Sid___str__", (PyCFunction)_wrap_Sid___str__, METH_O, NULL},
{ (char *)"Sid___eq__", (PyCFunction) _wrap_Sid___eq__, METH_VARARGS | METH_KEYWORDS, NULL},
diff --git a/source4/libcli/smb_composite/connect.c b/source4/libcli/smb_composite/connect.c
index e56339f96b..a4137290bb 100644
--- a/source4/libcli/smb_composite/connect.c
+++ b/source4/libcli/smb_composite/connect.c
@@ -234,7 +234,7 @@ static NTSTATUS connect_negprot(struct composite_context *c,
NT_STATUS_NOT_OK_RETURN(status);
/* next step is a session setup */
- state->session = smbcli_session_init(state->transport, state, true);
+ state->session = smbcli_session_init(state->transport, state, true, io->in.session_options);
NT_STATUS_HAVE_NO_MEMORY(state->session);
/* setup for a tconx (or at least have the structure ready to
diff --git a/source4/libcli/smb_composite/fetchfile.c b/source4/libcli/smb_composite/fetchfile.c
index 9cd02a51f4..ff4f0e7930 100644
--- a/source4/libcli/smb_composite/fetchfile.c
+++ b/source4/libcli/smb_composite/fetchfile.c
@@ -147,6 +147,7 @@ struct composite_context *smb_composite_fetchfile_send(struct smb_composite_fetc
state->connect->in.workgroup = io->in.workgroup;
state->connect->in.options = io->in.options;
+ state->connect->in.session_options = io->in.session_options;
state->creq = smb_composite_connect_send(state->connect, state,
io->in.resolve_ctx, event_ctx);
diff --git a/source4/libcli/smb_composite/fsinfo.c b/source4/libcli/smb_composite/fsinfo.c
index 270d71f518..dc5327a29c 100644
--- a/source4/libcli/smb_composite/fsinfo.c
+++ b/source4/libcli/smb_composite/fsinfo.c
@@ -127,7 +127,8 @@ static void fsinfo_composite_handler(struct composite_context *creq)
composite fsinfo call - connects to a tree and queries a file system information
*/
struct composite_context *smb_composite_fsinfo_send(struct smbcli_tree *tree,
- struct smb_composite_fsinfo *io)
+ struct smb_composite_fsinfo *io,
+ struct resolve_context *resolve_ctx)
{
struct composite_context *c;
struct fsinfo_state *state;
@@ -154,13 +155,14 @@ struct composite_context *smb_composite_fsinfo_send(struct smbcli_tree *tree,
state->connect->in.workgroup = io->in.workgroup;
state->connect->in.options = tree->session->transport->options;
+ state->connect->in.session_options = tree->session->options;
c->state = COMPOSITE_STATE_IN_PROGRESS;
state->stage = FSINFO_CONNECT;
c->private_data = state;
state->creq = smb_composite_connect_send(state->connect, state,
- lp_resolve_context(global_loadparm), c->event_ctx);
+ resolve_ctx, c->event_ctx);
if (state->creq == NULL) goto failed;
@@ -197,9 +199,10 @@ NTSTATUS smb_composite_fsinfo_recv(struct composite_context *c, TALLOC_CTX *mem_
*/
NTSTATUS smb_composite_fsinfo(struct smbcli_tree *tree,
TALLOC_CTX *mem_ctx,
- struct smb_composite_fsinfo *io)
+ struct smb_composite_fsinfo *io,
+ struct resolve_context *resolve_ctx)
{
- struct composite_context *c = smb_composite_fsinfo_send(tree, io);
+ struct composite_context *c = smb_composite_fsinfo_send(tree, io, resolve_ctx);
return smb_composite_fsinfo_recv(c, mem_ctx);
}
diff --git a/source4/libcli/smb_composite/smb_composite.h b/source4/libcli/smb_composite/smb_composite.h
index 7f4b9d73e4..08ca40c833 100644
--- a/source4/libcli/smb_composite/smb_composite.h
+++ b/source4/libcli/smb_composite/smb_composite.h
@@ -57,6 +57,7 @@ struct smb_composite_fetchfile {
const char *workgroup;
const char *filename;
struct smbcli_options options;
+ struct smbcli_session_options session_options;
struct resolve_context *resolve_ctx;
} in;
struct {
@@ -98,6 +99,7 @@ struct smb_composite_connect {
bool fallback_to_anonymous;
const char *workgroup;
struct smbcli_options options;
+ struct smbcli_session_options session_options;
} in;
struct {
struct smbcli_tree *tree;
diff --git a/source4/libnet/libnet_samdump_keytab.c b/source4/libnet/libnet_samdump_keytab.c
index 0c4d3e5c59..4b71b0c24d 100644
--- a/source4/libnet/libnet_samdump_keytab.c
+++ b/source4/libnet/libnet_samdump_keytab.c
@@ -68,6 +68,11 @@ static NTSTATUS samdump_keytab_handle_user(TALLOC_CTX *mem_ctx,
return NT_STATUS_OK;
}
+struct libnet_samdump_keytab_data {
+ const char *keytab_name;
+ struct loadparm_context *lp_ctx;
+};
+
static NTSTATUS libnet_samdump_keytab_fn(TALLOC_CTX *mem_ctx,
void *private,
enum netr_SamDatabaseID database,
@@ -75,8 +80,7 @@ static NTSTATUS libnet_samdump_keytab_fn(TALLOC_CTX *mem_ctx,
char **error_string)
{
NTSTATUS nt_status = NT_STATUS_OK;
- const char *keytab_name = private;
-
+ struct libnet_samdump_keytab_data *data = private;
*error_string = NULL;
switch (delta->delta_type) {
case NETR_DELTA_USER:
@@ -85,8 +89,8 @@ static NTSTATUS libnet_samdump_keytab_fn(TALLOC_CTX *mem_ctx,
if (database == SAM_DATABASE_DOMAIN) {
nt_status = samdump_keytab_handle_user(mem_ctx,
event_context_find(mem_ctx),
- global_loadparm,
- keytab_name,
+ data->lp_ctx,
+ data->keytab_name,
delta);
break;
}
@@ -101,14 +105,18 @@ static NTSTATUS libnet_samdump_keytab_fn(TALLOC_CTX *mem_ctx,
NTSTATUS libnet_SamDump_keytab(struct libnet_context *ctx, TALLOC_CTX *mem_ctx, struct libnet_SamDump_keytab *r)
{
NTSTATUS nt_status;
+ struct libnet_samdump_keytab_data data;
struct libnet_SamSync r2;
+ data.keytab_name = r->in.keytab_name;
+ data.lp_ctx = ctx->lp_ctx;
+
r2.out.error_string = NULL;
r2.in.binding_string = r->in.binding_string;
r2.in.rid_crypt = true;
r2.in.init_fn = NULL;
r2.in.delta_fn = libnet_samdump_keytab_fn;
- r2.in.fn_ctx = discard_const(r->in.keytab_name);
+ r2.in.fn_ctx = &data;
r2.in.machine_account = r->in.machine_account;
nt_status = libnet_SamSync_netlogon(ctx, mem_ctx, &r2);
r->out.error_string = r2.out.error_string;
diff --git a/source4/libnet/libnet_site.c b/source4/libnet/libnet_site.c
index bb65de1f54..5647a93b8d 100644
--- a/source4/libnet/libnet_site.c
+++ b/source4/libnet/libnet_site.c
@@ -56,7 +56,7 @@ NTSTATUS libnet_FindSite(TALLOC_CTX *ctx, struct libnet_context *lctx, struct li
search.in.version = NETLOGON_NT_VERSION_5 | NETLOGON_NT_VERSION_5EX;
search.in.map_response = true;
- cldap = cldap_socket_init(tmp_ctx, lctx->event_ctx, lp_iconv_convenience(global_loadparm));
+ cldap = cldap_socket_init(tmp_ctx, lctx->event_ctx, lp_iconv_convenience(lctx->lp_ctx));
status = cldap_netlogon(cldap, tmp_ctx, &search);
if (!NT_STATUS_IS_OK(status) || !search.out.netlogon.nt5_ex.client_site) {
/*
diff --git a/source4/librpc/config.mk b/source4/librpc/config.mk
index cf41f9884a..41dd17e428 100644
--- a/source4/librpc/config.mk
+++ b/source4/librpc/config.mk
@@ -144,9 +144,9 @@ PUBLIC_DEPENDENCIES = LIBNDR NDR_COMPRESSION NDR_SECURITY NDR_SAMR ASN1_UTIL
NDR_DRSUAPI_OBJ_FILES = $(gen_ndrsrcdir)/ndr_drsuapi.o $(ndrsrcdir)/ndr_drsuapi.o
[SUBSYSTEM::NDR_DRSBLOBS]
-PUBLIC_DEPENDENCIES = LIBNDR NDR_MISC NDR_DRSUAPI LIBCLI_DRSBLOBS
+PUBLIC_DEPENDENCIES = LIBNDR NDR_MISC NDR_DRSUAPI
-NDR_DRSBLOBS_OBJ_FILES = $(gen_ndrsrcdir)/ndr_drsblobs.o
+NDR_DRSBLOBS_OBJ_FILES = $(gen_ndrsrcdir)/ndr_drsblobs.o $(ndrsrcdir)/ndr_drsblobs.o
[SUBSYSTEM::NDR_SASL_HELPERS]
PUBLIC_DEPENDENCIES = LIBNDR
diff --git a/source4/librpc/idl/dcerpc.idl b/source4/librpc/idl/dcerpc.idl
index 1c6574b11b..a78329d990 100644
--- a/source4/librpc/idl/dcerpc.idl
+++ b/source4/librpc/idl/dcerpc.idl
@@ -261,6 +261,7 @@ interface dcerpc
const uint8 DCERPC_PFC_FLAG_OBJECT_UUID = 0x80; /* on valid guid is in the optional object field */
/* these offsets are needed by the signing code */
+ const uint8 DCERPC_PFC_OFFSET = 3;
const uint8 DCERPC_DREP_OFFSET = 4;
const uint8 DCERPC_FRAG_LEN_OFFSET = 8;
const uint8 DCERPC_AUTH_LEN_OFFSET = 10;
diff --git a/source4/librpc/idl/drsblobs.idl b/source4/librpc/idl/drsblobs.idl
index 6b1f649ff5..31fe8a359e 100644
--- a/source4/librpc/idl/drsblobs.idl
+++ b/source4/librpc/idl/drsblobs.idl
@@ -415,18 +415,27 @@ interface drsblobs {
[relative] AuthenticationInformationArray *previous;
} trustAuthInOutBlob;
- typedef [public] struct {
- uint8 confounder[512];
- trustAuthInOutBlob outgoing;
- trustAuthInOutBlob incoming;
- [value(ndr_size_trustAuthInOutBlob(&outgoing, ndr->flags))] uint32 outgoing_size;
- [value(ndr_size_trustAuthInOutBlob(&incoming, ndr->flags))] uint32 incoming_size;
- } trustAuthInAndOutBlob;
-
+ typedef [public,gensize] struct {
+ uint32 count;
+ [relative] AuthenticationInformation *current[count];
+ } trustCurrentPasswords;
+
void decode_trustAuthInOut(
[in] trustAuthInOutBlob blob
);
+ typedef [public,nopull] struct {
+ uint8 confounder[512];
+ [subcontext(0),subcontext_size(outgoing_size)] trustCurrentPasswords outgoing;
+ [subcontext(0),subcontext_size(incoming_size)] trustCurrentPasswords incoming;
+ [value(ndr_size_trustCurrentPasswords(&outgoing, ndr->flags))] uint32 outgoing_size;
+ [value(ndr_size_trustCurrentPasswords(&incoming, ndr->flags))] uint32 incoming_size;
+ } trustDomainPasswords;
+
+ void decode_trustDomainPasswords(
+ [in] trustDomainPasswords blob
+ );
+
typedef [public] struct {
uint32 marker;
DATA_BLOB data;
diff --git a/source4/libcli/drsblobs.c b/source4/librpc/ndr/ndr_drsblobs.c
index 126f2ccc40..aecb0c3b16 100644
--- a/source4/libcli/drsblobs.c
+++ b/source4/librpc/ndr/ndr_drsblobs.c
@@ -20,7 +20,7 @@
*/
#include "includes.h"
-#include "libcli/drsblobs.h"
+#include "librpc/gen_ndr/ndr_drsblobs.h"
/* parser auto-generated by pidl, then hand-modified by abartlet */
@@ -176,4 +176,38 @@ _PUBLIC_ void ndr_print_trustAuthInOutBlob(struct ndr_print *ndr, const char *na
ndr->depth--;
}
+_PUBLIC_ enum ndr_err_code ndr_pull_trustDomainPasswords(struct ndr_pull *ndr, int ndr_flags, struct trustDomainPasswords *r)
+{
+ if (ndr_flags & NDR_SCALARS) {
+ uint32_t offset;
+ NDR_PULL_ALIGN(ndr, 4);
+ NDR_PULL_NEED_BYTES(ndr, 8);
+
+ offset = ndr->offset;
+ ndr->offset = ndr->data_size - 8;
+
+ NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->outgoing_size));
+ NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->incoming_size));
+
+ ndr->offset = offset;
+ NDR_CHECK(ndr_pull_array_uint8(ndr, NDR_SCALARS, r->confounder, 512));
+ {
+ struct ndr_pull *_ndr_outgoing;
+ NDR_CHECK(ndr_pull_subcontext_start(ndr, &_ndr_outgoing, 0, r->outgoing_size));
+ NDR_CHECK(ndr_pull_trustCurrentPasswords(_ndr_outgoing, NDR_SCALARS|NDR_BUFFERS, &r->outgoing));
+ NDR_CHECK(ndr_pull_subcontext_end(ndr, _ndr_outgoing, 0, r->outgoing_size));
+ }
+ {
+ struct ndr_pull *_ndr_incoming;
+ NDR_CHECK(ndr_pull_subcontext_start(ndr, &_ndr_incoming, 0, r->incoming_size));
+ NDR_CHECK(ndr_pull_trustCurrentPasswords(_ndr_incoming, NDR_SCALARS|NDR_BUFFERS, &r->incoming));
+ NDR_CHECK(ndr_pull_subcontext_end(ndr, _ndr_incoming, 0, r->incoming_size));
+ }
+ NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->outgoing_size));
+ NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->incoming_size));
+ }
+ if (ndr_flags & NDR_BUFFERS) {
+ }
+ return NDR_ERR_SUCCESS;
+}
diff --git a/source4/librpc/rpc/dcerpc.c b/source4/librpc/rpc/dcerpc.c
index 5bbcc5e91c..4e07cc7b57 100644
--- a/source4/librpc/rpc/dcerpc.c
+++ b/source4/librpc/rpc/dcerpc.c
@@ -33,9 +33,7 @@
_PUBLIC_ NTSTATUS dcerpc_init(void)
{
- gensec_init(global_loadparm);
-
- return NT_STATUS_OK;
+ return gensec_init(global_loadparm);
}
static void dcerpc_connection_dead(struct dcerpc_connection *conn, NTSTATUS status);
@@ -334,6 +332,7 @@ static NTSTATUS ncacn_push_request_sign(struct dcerpc_connection *c,
DATA_BLOB creds2;
size_t payload_length;
enum ndr_err_code ndr_err;
+ size_t hdr_size = DCERPC_REQUEST_LENGTH;
/* non-signed packets are simpler */
if (sig_size == 0) {
@@ -367,6 +366,7 @@ static NTSTATUS ncacn_push_request_sign(struct dcerpc_connection *c,
if (pkt->pfc_flags & DCERPC_PFC_FLAG_OBJECT_UUID) {
ndr->flags |= LIBNDR_FLAG_OBJECT_PRESENT;
+ hdr_size += 16;
}
ndr_err = ndr_push_ncacn_packet(ndr, NDR_SCALARS|NDR_BUFFERS, pkt);
@@ -415,7 +415,7 @@ static NTSTATUS ncacn_push_request_sign(struct dcerpc_connection *c,
case DCERPC_AUTH_LEVEL_PRIVACY:
status = gensec_seal_packet(c->security_state.generic_state,
mem_ctx,
- blob->data + DCERPC_REQUEST_LENGTH,
+ blob->data + hdr_size,
payload_length,
blob->data,
blob->length,
@@ -428,7 +428,7 @@ static NTSTATUS ncacn_push_request_sign(struct dcerpc_connection *c,
case DCERPC_AUTH_LEVEL_INTEGRITY:
status = gensec_sign_packet(c->security_state.generic_state,
mem_ctx,
- blob->data + DCERPC_REQUEST_LENGTH,
+ blob->data + hdr_size,
payload_length,
blob->data,
blob->length,
diff --git a/source4/librpc/rpc/dcerpc_connect.c b/source4/librpc/rpc/dcerpc_connect.c
index 318b8fe36d..b117a98270 100644
--- a/source4/librpc/rpc/dcerpc_connect.c
+++ b/source4/librpc/rpc/dcerpc_connect.c
@@ -121,6 +121,7 @@ static struct composite_context *dcerpc_pipe_connect_ncacn_np_smb_send(TALLOC_CT
conn->in.workgroup = lp_workgroup(lp_ctx);
lp_smbcli_options(lp_ctx, &conn->in.options);
+ lp_smbcli_session_options(lp_ctx, &conn->in.session_options);
/*
* provide proper credentials - user supplied, but allow a
@@ -137,7 +138,7 @@ static struct composite_context *dcerpc_pipe_connect_ncacn_np_smb_send(TALLOC_CT
/* send smb connect request */
conn_req = smb_composite_connect_send(conn, s->io.pipe->conn,
- lp_resolve_context(lp_ctx),
+ s->io.resolve_ctx,
s->io.pipe->conn->event_ctx);
if (composite_nomem(conn_req, c)) return c;
diff --git a/source4/librpc/rpc/dcerpc_secondary.c b/source4/librpc/rpc/dcerpc_secondary.c
index abc67ad38b..b4d5d05b61 100644
--- a/source4/librpc/rpc/dcerpc_secondary.c
+++ b/source4/librpc/rpc/dcerpc_secondary.c
@@ -95,13 +95,14 @@ _PUBLIC_ struct composite_context* dcerpc_secondary_connection_send(struct dcerp
s->binding->host,
s->binding->target_hostname,
atoi(s->binding->endpoint),
- lp_resolve_context(global_loadparm));
+ dcerpc_resolve_ctx(s->pipe->conn));
composite_continue(c, pipe_tcp_req, continue_open_tcp, c);
return c;
case NCALRPC:
- pipe_ncalrpc_req = dcerpc_pipe_open_pipe_send(s->pipe2->conn, lp_ncalrpc_dir(global_loadparm),
- s->binding->endpoint);
+ case NCACN_UNIX_STREAM:
+ pipe_ncalrpc_req = dcerpc_pipe_open_unix_stream_send(s->pipe2->conn,
+ dcerpc_unix_socket_path(s->pipe->conn));
composite_continue(c, pipe_ncalrpc_req, continue_open_pipe, c);
return c;
diff --git a/source4/librpc/rpc/dcerpc_sock.c b/source4/librpc/rpc/dcerpc_sock.c
index 7480beae33..1e2b4cde48 100644
--- a/source4/librpc/rpc/dcerpc_sock.c
+++ b/source4/librpc/rpc/dcerpc_sock.c
@@ -39,6 +39,9 @@ struct sock_private {
struct packet_context *packet;
uint32_t pending_reads;
+
+ struct resolve_context *resolve_ctx;
+ const char *path; /* For ncacn_unix_sock and ncalrpc */
};
@@ -307,6 +310,7 @@ static struct composite_context *dcerpc_pipe_open_socket_send(TALLOC_CTX *mem_ct
struct resolve_context *resolve_context,
struct socket_address *server,
const char *target_hostname,
+ const char *full_path,
enum dcerpc_transport_t transport)
{
struct composite_context *c;
@@ -334,6 +338,9 @@ static struct composite_context *dcerpc_pipe_open_socket_send(TALLOC_CTX *mem_ct
talloc_steal(s->sock, s->socket_ctx);
+ s->sock->resolve_ctx = resolve_context;
+ s->sock->path = talloc_reference(s->sock, full_path);
+
conn_req = socket_connect_send(s->socket_ctx, NULL, s->server, 0,
resolve_context,
c->event_ctx);
@@ -386,6 +393,7 @@ static void continue_ip_resolve_name(struct composite_context *ctx)
sock_ipv4_req = dcerpc_pipe_open_socket_send(c, s->conn,
s->resolve_ctx,
s->srvaddr, s->target_hostname,
+ NULL,
NCACN_IP_TCP);
composite_continue(c, sock_ipv4_req, continue_ipv4_open_socket, c);
}
@@ -561,6 +569,7 @@ struct composite_context *dcerpc_pipe_open_unix_stream_send(struct dcerpc_connec
sock_unix_req = dcerpc_pipe_open_socket_send(c, s->conn,
NULL,
s->srvaddr, NULL,
+ s->path,
NCALRPC);
composite_continue(c, sock_unix_req, continue_unix_open_socket, c);
return c;
@@ -579,13 +588,6 @@ NTSTATUS dcerpc_pipe_open_unix_stream_recv(struct composite_context *c)
}
-struct pipe_np_state {
- char *full_path;
- struct socket_address *srvaddr;
- struct dcerpc_connection *conn;
-};
-
-
/*
Stage 2 of dcerpc_pipe_open_pipe_send: receive socket open request
*/
@@ -612,13 +614,13 @@ struct composite_context* dcerpc_pipe_open_pipe_send(struct dcerpc_connection *c
struct composite_context *c;
struct composite_context *sock_np_req;
- struct pipe_np_state *s;
+ struct pipe_unix_state *s;
/* composite context allocation and setup */
c = composite_create(conn, conn->event_ctx);
if (c == NULL) return NULL;
- s = talloc_zero(c, struct pipe_np_state);
+ s = talloc_zero(c, struct pipe_unix_state);
if (composite_nomem(s, c)) return c;
c->private_data = s;
@@ -628,15 +630,15 @@ struct composite_context* dcerpc_pipe_open_pipe_send(struct dcerpc_connection *c
s->conn = conn;
string_replace(canon, '/', '\\');
- s->full_path = talloc_asprintf(canon, "%s/%s", ncalrpc_dir, canon);
- if (composite_nomem(s->full_path, c)) return c;
+ s->path = talloc_asprintf(canon, "%s/%s", ncalrpc_dir, canon);
+ if (composite_nomem(s->path, c)) return c;
/* prepare server address using path and transport name */
- s->srvaddr = socket_address_from_strings(conn, "unix", s->full_path, 0);
+ s->srvaddr = socket_address_from_strings(conn, "unix", s->path, 0);
if (composite_nomem(s->srvaddr, c)) return c;
/* send socket open request */
- sock_np_req = dcerpc_pipe_open_socket_send(c, s->conn, NULL, s->srvaddr, NULL, NCALRPC);
+ sock_np_req = dcerpc_pipe_open_socket_send(c, s->conn, NULL, s->srvaddr, NULL, s->path, NCALRPC);
composite_continue(c, sock_np_req, continue_np_open_socket, c);
return c;
}
@@ -662,3 +664,15 @@ NTSTATUS dcerpc_pipe_open_pipe(struct dcerpc_connection *conn, const char *ncalr
struct composite_context *c = dcerpc_pipe_open_pipe_send(conn, ncalrpc_dir, identifier);
return dcerpc_pipe_open_pipe_recv(c);
}
+
+const char *dcerpc_unix_socket_path(struct dcerpc_connection *p)
+{
+ struct sock_private *sock = (struct sock_private *)p->transport.private_data;
+ return sock->path;
+}
+
+struct resolve_context *dcerpc_resolve_ctx(struct dcerpc_connection *p)
+{
+ struct sock_private *sock = (struct sock_private *)p->transport.private_data;
+ return sock->resolve_ctx;
+}
diff --git a/source4/ntvfs/cifs/vfs_cifs.c b/source4/ntvfs/cifs/vfs_cifs.c
index 844fa11cc5..9bc36a1762 100644
--- a/source4/ntvfs/cifs/vfs_cifs.c
+++ b/source4/ntvfs/cifs/vfs_cifs.c
@@ -206,6 +206,7 @@ static NTSTATUS cvfs_connect(struct ntvfs_module_context *ntvfs,
io.in.service = remote_share;
io.in.service_type = "?????";
lp_smbcli_options(ntvfs->ctx->lp_ctx, &io.in.options);
+ lp_smbcli_session_options(ntvfs->ctx->lp_ctx, &io.in.session_options);
if (!(ntvfs->ctx->client_caps & NTVFS_CLIENT_CAP_LEVEL_II_OPLOCKS)) {
io.in.options.use_level2_oplocks = false;
diff --git a/source4/param/loadparm.c b/source4/param/loadparm.c
index 15edbd1f89..0042dbd876 100644
--- a/source4/param/loadparm.c
+++ b/source4/param/loadparm.c
@@ -2629,3 +2629,11 @@ void lp_smbcli_options(struct loadparm_context *lp_ctx,
options->use_oplocks = true;
options->use_level2_oplocks = true;
}
+
+void lp_smbcli_session_options(struct loadparm_context *lp_ctx,
+ struct smbcli_session_options *options)
+{
+ options->lanman_auth = lp_client_lanman_auth(lp_ctx);
+ options->ntlmv2_auth = lp_client_ntlmv2_auth(lp_ctx);
+ options->plaintext_auth = lp_client_plaintext_auth(lp_ctx);
+}
diff --git a/source4/param/param.h b/source4/param/param.h
index 4ed2654692..4c6e8b79a2 100644
--- a/source4/param/param.h
+++ b/source4/param/param.h
@@ -60,6 +60,7 @@ enum announce_as {/* Types of machine we can announce as. */
struct loadparm_context;
struct loadparm_service;
struct smbcli_options;
+struct smbcli_session_options;
void reload_charcnv(struct loadparm_context *lp_ctx);
@@ -318,6 +319,8 @@ int lp_maxprintjobs(struct loadparm_service *service, struct loadparm_service *s
struct smb_iconv_convenience *lp_iconv_convenience(struct loadparm_context *lp_ctx);
void lp_smbcli_options(struct loadparm_context *lp_ctx,
struct smbcli_options *options);
+void lp_smbcli_session_options(struct loadparm_context *lp_ctx,
+ struct smbcli_session_options *options);
/* The following definitions come from param/generic.c */
diff --git a/source4/rpc_server/dcerpc_server.c b/source4/rpc_server/dcerpc_server.c
index e5f59d0cf9..893055d3b1 100644
--- a/source4/rpc_server/dcerpc_server.c
+++ b/source4/rpc_server/dcerpc_server.c
@@ -870,10 +870,6 @@ static NTSTATUS dcesrv_request(struct dcesrv_call_state *call)
call->context = context;
call->ndr_pull = pull;
- if (call->pkt.pfc_flags & DCERPC_PFC_FLAG_OBJECT_UUID) {
- pull->flags |= LIBNDR_FLAG_OBJECT_PRESENT;
- }
-
if (!(call->pkt.drep[0] & DCERPC_DREP_LE)) {
pull->flags |= LIBNDR_FLAG_BIGENDIAN;
}
@@ -1112,6 +1108,10 @@ NTSTATUS dcesrv_input_process(struct dcesrv_connection *dce_conn)
ndr->flags |= LIBNDR_FLAG_BIGENDIAN;
}
+ if (CVAL(blob.data, DCERPC_PFC_OFFSET) & DCERPC_PFC_FLAG_OBJECT_UUID) {
+ ndr->flags |= LIBNDR_FLAG_OBJECT_PRESENT;
+ }
+
ndr_err = ndr_pull_ncacn_packet(ndr, NDR_SCALARS|NDR_BUFFERS, &call->pkt);
if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
talloc_free(dce_conn->partial_input.data);
diff --git a/source4/rpc_server/dcesrv_auth.c b/source4/rpc_server/dcesrv_auth.c
index 16bf4eb7ed..52d5631cfd 100644
--- a/source4/rpc_server/dcesrv_auth.c
+++ b/source4/rpc_server/dcesrv_auth.c
@@ -287,6 +287,7 @@ bool dcesrv_auth_request(struct dcesrv_call_state *call, DATA_BLOB *full_packet)
struct ndr_pull *ndr;
NTSTATUS status;
enum ndr_err_code ndr_err;
+ size_t hdr_size = DCERPC_REQUEST_LENGTH;
if (!dce_conn->auth_state.auth_info ||
!dce_conn->auth_state.gensec_security) {
@@ -335,6 +336,11 @@ bool dcesrv_auth_request(struct dcesrv_call_state *call, DATA_BLOB *full_packet)
ndr->flags |= LIBNDR_FLAG_BIGENDIAN;
}
+ if (pkt->pfc_flags & DCERPC_PFC_FLAG_OBJECT_UUID) {
+ ndr->flags |= LIBNDR_FLAG_OBJECT_PRESENT;
+ hdr_size += 16;
+ }
+
ndr_err = ndr_pull_dcerpc_auth(ndr, NDR_SCALARS|NDR_BUFFERS, &auth);
if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
talloc_free(ndr);
@@ -346,13 +352,13 @@ bool dcesrv_auth_request(struct dcesrv_call_state *call, DATA_BLOB *full_packet)
case DCERPC_AUTH_LEVEL_PRIVACY:
status = gensec_unseal_packet(dce_conn->auth_state.gensec_security,
call,
- full_packet->data + DCERPC_REQUEST_LENGTH,
+ full_packet->data + hdr_size,
pkt->u.request.stub_and_verifier.length,
full_packet->data,
full_packet->length-auth.credentials.length,
&auth.credentials);
memcpy(pkt->u.request.stub_and_verifier.data,
- full_packet->data + DCERPC_REQUEST_LENGTH,
+ full_packet->data + hdr_size,
pkt->u.request.stub_and_verifier.length);
break;
diff --git a/source4/rpc_server/lsa/dcesrv_lsa.c b/source4/rpc_server/lsa/dcesrv_lsa.c
index 3b70f3e934..7b15241b96 100644
--- a/source4/rpc_server/lsa/dcesrv_lsa.c
+++ b/source4/rpc_server/lsa/dcesrv_lsa.c
@@ -626,7 +626,7 @@ static NTSTATUS dcesrv_lsa_CreateTrustedDomain_base(struct dcesrv_call_state *dc
const char *name;
DATA_BLOB session_key = data_blob(NULL, 0);
DATA_BLOB trustAuthIncoming, trustAuthOutgoing, auth_blob;
- struct trustAuthInAndOutBlob auth_struct;
+ struct trustDomainPasswords auth_struct;
int ret;
NTSTATUS nt_status;
enum ndr_err_code ndr_err;
@@ -679,7 +679,7 @@ static NTSTATUS dcesrv_lsa_CreateTrustedDomain_base(struct dcesrv_call_state *dc
ndr_err = ndr_pull_struct_blob(&auth_blob, mem_ctx,
lp_iconv_convenience(dce_call->conn->dce_ctx->lp_ctx),
&auth_struct,
- (ndr_pull_flags_fn_t)ndr_pull_trustAuthInAndOutBlob);
+ (ndr_pull_flags_fn_t)ndr_pull_trustDomainPasswords);
if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
return NT_STATUS_INVALID_PARAMETER;
}
@@ -689,7 +689,7 @@ static NTSTATUS dcesrv_lsa_CreateTrustedDomain_base(struct dcesrv_call_state *dc
ndr_err = ndr_push_struct_blob(&trustAuthIncoming, mem_ctx,
lp_iconv_convenience(dce_call->conn->dce_ctx->lp_ctx),
&auth_struct.incoming,
- (ndr_push_flags_fn_t)ndr_push_trustAuthInOutBlob);
+ (ndr_push_flags_fn_t)ndr_push_trustDomainPasswords);
if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
return NT_STATUS_INVALID_PARAMETER;
}
@@ -701,7 +701,7 @@ static NTSTATUS dcesrv_lsa_CreateTrustedDomain_base(struct dcesrv_call_state *dc
ndr_err = ndr_push_struct_blob(&trustAuthOutgoing, mem_ctx,
lp_iconv_convenience(dce_call->conn->dce_ctx->lp_ctx),
&auth_struct.outgoing,
- (ndr_push_flags_fn_t)ndr_push_trustAuthInOutBlob);
+ (ndr_push_flags_fn_t)ndr_push_trustDomainPasswords);
if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
return NT_STATUS_INVALID_PARAMETER;
}
@@ -859,11 +859,11 @@ static NTSTATUS dcesrv_lsa_CreateTrustedDomain_base(struct dcesrv_call_state *dc
if (auth_struct.incoming.count) {
int i;
for (i=0; i < auth_struct.incoming.count; i++ ) {
- if (auth_struct.incoming.current->array[i].AuthType == TRUST_AUTH_TYPE_NT4OWF) {
+ if (auth_struct.incoming.current[i]->AuthType == TRUST_AUTH_TYPE_NT4OWF) {
samdb_msg_add_hash(trusted_domain_state->policy->sam_ldb,
mem_ctx, msg_user, "unicodePwd",
- &auth_struct.incoming.current->array[i].AuthInfo.nt4owf.password);
- } else if (auth_struct.incoming.current->array[i].AuthType == TRUST_AUTH_TYPE_CLEAR) {
+ &auth_struct.incoming.current[i]->AuthInfo.nt4owf.password);
+ } else if (auth_struct.incoming.current[i]->AuthType == TRUST_AUTH_TYPE_CLEAR) {
struct samr_Password hash;
/*
. We cannot do this, as windows chooses to send in random passwords here, that won't convert to UTF8
@@ -871,8 +871,8 @@ static NTSTATUS dcesrv_lsa_CreateTrustedDomain_base(struct dcesrv_call_state *dc
mem_ctx, msg_user, "userPassword",
auth_struct.incoming.current->array[i].AuthInfo.clear.password);
*/
- mdfour(hash.hash, auth_struct.incoming.current->array[i].AuthInfo.clear.password,
- auth_struct.incoming.current->array[i].AuthInfo.clear.size);
+ mdfour(hash.hash, auth_struct.incoming.current[i]->AuthInfo.clear.password,
+ auth_struct.incoming.current[i]->AuthInfo.clear.size);
samdb_msg_add_hash(trusted_domain_state->policy->sam_ldb,
mem_ctx, msg_user, "unicodePwd",
&hash);
diff --git a/source4/rpc_server/service_rpc.c b/source4/rpc_server/service_rpc.c
index b68cec4c7d..2ef8591c32 100644
--- a/source4/rpc_server/service_rpc.c
+++ b/source4/rpc_server/service_rpc.c
@@ -436,6 +436,25 @@ static void dcesrv_task_init(struct task_server *task)
NTSTATUS status;
struct dcesrv_context *dce_ctx;
struct dcesrv_endpoint *e;
+ extern NTSTATUS dcerpc_server_wkssvc_init(void);
+ extern NTSTATUS dcerpc_server_drsuapi_init(void);
+ extern NTSTATUS dcerpc_server_winreg_init(void);
+ extern NTSTATUS dcerpc_server_spoolss_init(void);
+ extern NTSTATUS dcerpc_server_epmapper_init(void);
+ extern NTSTATUS dcerpc_server_srvsvc_init(void);
+ extern NTSTATUS dcerpc_server_netlogon_init(void);
+ extern NTSTATUS dcerpc_server_rpcecho_init(void);
+ extern NTSTATUS dcerpc_server_unixinfo_init(void);
+ extern NTSTATUS dcerpc_server_samr_init(void);
+ extern NTSTATUS dcerpc_server_remote_init(void);
+ extern NTSTATUS dcerpc_server_lsa_init(void);
+ init_module_fn static_init[] = { STATIC_DCESRV_MODULES };
+ init_module_fn *shared_init = load_samba_modules(NULL, task->lp_ctx, "dcerpc_server");
+
+ run_init_functions(static_init);
+ run_init_functions(shared_init);
+
+ talloc_free(shared_init);
task_server_set_title(task, "task[dcesrv]");
@@ -462,25 +481,6 @@ failed:
NTSTATUS server_service_rpc_init(void)
{
- extern NTSTATUS dcerpc_server_wkssvc_init(void);
- extern NTSTATUS dcerpc_server_drsuapi_init(void);
- extern NTSTATUS dcerpc_server_winreg_init(void);
- extern NTSTATUS dcerpc_server_spoolss_init(void);
- extern NTSTATUS dcerpc_server_epmapper_init(void);
- extern NTSTATUS dcerpc_server_srvsvc_init(void);
- extern NTSTATUS dcerpc_server_netlogon_init(void);
- extern NTSTATUS dcerpc_server_rpcecho_init(void);
- extern NTSTATUS dcerpc_server_unixinfo_init(void);
- extern NTSTATUS dcerpc_server_samr_init(void);
- extern NTSTATUS dcerpc_server_remote_init(void);
- extern NTSTATUS dcerpc_server_lsa_init(void);
- init_module_fn static_init[] = { STATIC_DCESRV_MODULES };
- init_module_fn *shared_init = load_samba_modules(NULL, global_loadparm, "dcerpc_server");
- run_init_functions(static_init);
- run_init_functions(shared_init);
-
- talloc_free(shared_init);
-
return register_server_service("rpc", dcesrv_task_init);
}
diff --git a/source4/samba4-skip b/source4/samba4-skip
index 5fa40ee706..e3e2d2d525 100644
--- a/source4/samba4-skip
+++ b/source4/samba4-skip
@@ -59,4 +59,3 @@ samba4.ntvfs.cifs.raw.
^samba4.net.api.become.dc.*$ # Fails
nss.test # Fails
raw.offline # Samba 4 doesn't have much offline support yet
-winreg* #Does not authenticate against the target server
diff --git a/source4/script/installlib.sh b/source4/script/installlib.sh
index 962c9562b1..cc9ff0b9ea 100755
--- a/source4/script/installlib.sh
+++ b/source4/script/installlib.sh
@@ -15,7 +15,9 @@ for p in $*; do
mv $LIBDIR/$p2 $LIBDIR/$p2.old
fi
cp $p $LIBDIR/
- ln -sf $p2 $LIBDIR/$lnname
+ if [ $p2 != $lnname ]; then
+ ln -sf $p2 $LIBDIR/$lnname
+ fi
done
cat << EOF
diff --git a/source4/script/installmisc.sh b/source4/script/installmisc.sh
index eb347307ba..2bd34b119f 100755
--- a/source4/script/installmisc.sh
+++ b/source4/script/installmisc.sh
@@ -3,7 +3,6 @@
SRCDIR="$1"
SETUPDIR="$2"
-BINDIR="$3"
cd $SRCDIR || exit 1
@@ -25,9 +24,4 @@ cp setup/provision.smb.conf.dc $SETUPDIR || exit 1
cp setup/provision.smb.conf.member $SETUPDIR || exit 1
cp setup/provision.smb.conf.standalone $SETUPDIR || exit 1
-echo "Installing script tools"
-mkdir -p "$BINDIR"
-rm -f scripting/bin/*~
-cp scripting/bin/* $BINDIR/ || exit 1
-
exit 0
diff --git a/source4/script/uninstallheader.sh b/source4/script/uninstallheader.sh
deleted file mode 100755
index cb491f071a..0000000000
--- a/source4/script/uninstallheader.sh
+++ /dev/null
@@ -1,35 +0,0 @@
-#!/bin/sh
-# based on uninstallbin.sh:
-# 4 July 96 Dan.Shearer@UniSA.edu.au
-
-INCLUDEDIR=$1
-shift
-
-if [ ! -d $INCLUDEDIR ]; then
- echo Directory $INCLUDEDIR does not exist!
- echo Do a "make installbin" or "make install" first.
- exit 1
-fi
-
-for p in $*; do
- p2=`basename $p`
- if [ -f $INCLUDEDIR/$p2 ]; then
- echo Removing $INCLUDEDIR/$p2
- rm -f $INCLUDEDIR/$p2
- if [ -f $INCLUDEDIR/$p2 ]; then
- echo Cannot remove $INCLUDEDIR/$p2 ... does $USER have privileges?
- fi
- fi
-done
-
-
-cat << EOF
-======================================================================
-The headers have been uninstalled. You may restore the headers using
-the command "make installheader" or "make install" to install binaries,
-man pages, modules and shell scripts. You can restore a previous
-version of the headers (if there were any) using "make revert".
-======================================================================
-EOF
-
-exit 0
diff --git a/source4/scripting/python/samba/tests/dcerpc/rpcecho.py b/source4/scripting/python/samba/tests/dcerpc/rpcecho.py
index 12638e2397..06790736b8 100644
--- a/source4/scripting/python/samba/tests/dcerpc/rpcecho.py
+++ b/source4/scripting/python/samba/tests/dcerpc/rpcecho.py
@@ -25,7 +25,8 @@ from samba.tests import RpcInterfaceTestCase
class RpcEchoTests(RpcInterfaceTestCase):
def setUp(self):
- self.conn = echo.rpcecho("ncalrpc:", self.get_loadparm())
+ self.conn = echo.rpcecho("ncalrpc:", self.get_loadparm(),
+ self.get_credentials())
def test_two_contexts(self):
self.conn2 = echo.rpcecho("ncalrpc:", self.get_loadparm(), basis_connection=self.conn)
diff --git a/source4/selftest/samba4_tests.sh b/source4/selftest/samba4_tests.sh
index 667b21975f..bfe386af69 100755
--- a/source4/selftest/samba4_tests.sh
+++ b/source4/selftest/samba4_tests.sh
@@ -91,7 +91,7 @@ plantest "ldb" none TEST_DATA_PREFIX=\$PREFIX $LDBDIR/tests/test-tdb.sh
# that they stay passing
ncacn_np_tests="RPC-SCHANNEL RPC-JOIN RPC-LSA RPC-DSSETUP RPC-ALTERCONTEXT RPC-MULTIBIND RPC-NETLOGON RPC-HANDLES RPC-SAMSYNC RPC-SAMBA3SESSIONKEY RPC-SAMBA3-GETUSERNAME RPC-SAMBA3-LSA RPC-BINDSAMBA3 RPC-NETLOGSAMBA3 RPC-ASYNCBIND RPC-LSALOOKUP RPC-LSA-GETUSER RPC-SCHANNEL2 RPC-AUTHCONTEXT"
ncalrpc_tests="RPC-SCHANNEL RPC-JOIN RPC-LSA RPC-DSSETUP RPC-ALTERCONTEXT RPC-MULTIBIND RPC-NETLOGON RPC-DRSUAPI RPC-ASYNCBIND RPC-LSALOOKUP RPC-LSA-GETUSER RPC-SCHANNEL2 RPC-AUTHCONTEXT"
-ncacn_ip_tcp_tests="RPC-SCHANNEL RPC-JOIN RPC-LSA RPC-DSSETUP RPC-ALTERCONTEXT RPC-MULTIBIND RPC-NETLOGON RPC-HANDLES RPC-DSSYNC RPC-ASYNCBIND RPC-LSALOOKUP RPC-LSA-GETUSER RPC-SCHANNEL2 RPC-AUTHCONTEXT"
+ncacn_ip_tcp_tests="RPC-SCHANNEL RPC-JOIN RPC-LSA RPC-DSSETUP RPC-ALTERCONTEXT RPC-MULTIBIND RPC-NETLOGON RPC-HANDLES RPC-DSSYNC RPC-ASYNCBIND RPC-LSALOOKUP RPC-LSA-GETUSER RPC-SCHANNEL2 RPC-AUTHCONTEXT RPC-OBJECTUUID"
slow_ncacn_np_tests="RPC-SAMLOGON RPC-SAMR RPC-SAMR-USERS RPC-SAMR-PASSWORDS"
slow_ncalrpc_tests="RPC-SAMR RPC-SAMR-PASSWORDS"
slow_ncacn_ip_tcp_tests="RPC-SAMR RPC-SAMR-PASSWORDS RPC-CRACKNAMES"
@@ -328,9 +328,9 @@ for mech in \
name="smb.signing on with $signoptions"
plantest "$name local-creds" member $VALGRIND $smb4torture //"\$NETBIOSNAME"/tmp $signoptions -U"\$NETBIOSNAME/\$USERNAME"%"\$PASSWORD" BASE-XCOPY "$*"
done
-plantest "--signing=yes anon" dc $VALGRIND $smb4torture //"\$NETBIOSNAME"/tmp -k no --signing=yes -U% BASE-XCOPY "$*"
-plantest "--signing=required anon" dc $VALGRIND $smb4torture //"\$NETBIOSNAME"/tmp -k no --signing=required -U% BASE-XCOPY "$*"
-plantest "--signing=no anon" member $VALGRIND $smb4torture //"\$NETBIOSNAME"/tmp -k no --signing=no -U% BASE-XCOPY "$*"
+plantest "smb.signing --signing=yes anon" dc $VALGRIND $smb4torture //"\$NETBIOSNAME"/tmp -k no --signing=yes -U% BASE-XCOPY "$*"
+plantest "smb.signing --signing=required anon" dc $VALGRIND $smb4torture //"\$NETBIOSNAME"/tmp -k no --signing=required -U% BASE-XCOPY "$*"
+plantest "smb.signing --signing=no anon" member $VALGRIND $smb4torture //"\$NETBIOSNAME"/tmp -k no --signing=no -U% BASE-XCOPY "$*"
NBT_TESTS=`$smb4torture --list | grep "^NBT-" | xargs`
diff --git a/source4/setup/secrets_dc.ldif b/source4/setup/secrets_dc.ldif
index abc5860cf7..8ae5578e6b 100644
--- a/source4/setup/secrets_dc.ldif
+++ b/source4/setup/secrets_dc.ldif
@@ -22,7 +22,7 @@ realm: ${REALM}
sAMAccountName: krbtgt
objectSid: ${DOMAINSID}
servicePrincipalName: kadmin/changepw
-krb5Keytab: HDB:ldb:${SAM_LDB}:
+krb5Keytab: HDB:samba4:${SAM_LDB}:
#The trailing : here is a HACK, but it matches the Heimdal format.
# A hook from our credentials system into HDB, as we must be on a KDC,
diff --git a/source4/smb_server/smb/request.c b/source4/smb_server/smb/request.c
index c7fa2d7d8a..241c262857 100644
--- a/source4/smb_server/smb/request.c
+++ b/source4/smb_server/smb/request.c
@@ -135,7 +135,12 @@ void smbsrv_setup_reply(struct smbsrv_request *req, uint_t wct, size_t buflen)
flags2 = FLAGS2_LONG_PATH_COMPONENTS |
FLAGS2_EXTENDED_ATTRIBUTES |
FLAGS2_IS_LONG_NAME;
- flags2 |= (req->flags2 & (FLAGS2_UNICODE_STRINGS|FLAGS2_EXTENDED_SECURITY));
+#define _SMB_FLAGS2_ECHOED_FLAGS ( \
+ FLAGS2_UNICODE_STRINGS | \
+ FLAGS2_EXTENDED_SECURITY | \
+ FLAGS2_SMB_SECURITY_SIGNATURES \
+)
+ flags2 |= (req->flags2 & _SMB_FLAGS2_ECHOED_FLAGS);
if (req->smb_conn->negotiate.client_caps & CAP_STATUS32) {
flags2 |= FLAGS2_32_BIT_ERROR_CODES;
}
diff --git a/source4/smbd/process_model.h b/source4/smbd/process_model.h
index a9b33a4725..6afb66ff20 100644
--- a/source4/smbd/process_model.h
+++ b/source4/smbd/process_model.h
@@ -63,7 +63,8 @@ struct model_ops {
void *);
/* function to terminate a connection or task */
- void (*terminate)(struct event_context *, const char *reason);
+ void (*terminate)(struct event_context *, struct loadparm_context *lp_ctx,
+ const char *reason);
/* function to set a title for the connection or task */
void (*set_title)(struct event_context *, const char *title);
diff --git a/source4/smbd/process_prefork.c b/source4/smbd/process_prefork.c
index 0d17e5301d..1b369613ff 100644
--- a/source4/smbd/process_prefork.c
+++ b/source4/smbd/process_prefork.c
@@ -189,7 +189,7 @@ static void prefork_new_task(struct event_context *ev,
/* called when a task goes down */
-_NORETURN_ static void prefork_terminate(struct event_context *ev, const char *reason)
+_NORETURN_ static void prefork_terminate(struct event_context *ev, struct loadparm_context *lp_ctx, const char *reason)
{
DEBUG(2,("prefork_terminate: reason[%s]\n",reason));
}
diff --git a/source4/smbd/process_single.c b/source4/smbd/process_single.c
index a7a27ef9e0..26afff9930 100644
--- a/source4/smbd/process_single.c
+++ b/source4/smbd/process_single.c
@@ -95,7 +95,7 @@ static void single_new_task(struct event_context *ev,
/* called when a task goes down */
-static void single_terminate(struct event_context *ev, const char *reason)
+static void single_terminate(struct event_context *ev, struct loadparm_context *lp_ctx, const char *reason)
{
DEBUG(2,("single_terminate: reason[%s]\n",reason));
}
diff --git a/source4/smbd/process_standard.c b/source4/smbd/process_standard.c
index c8f90209b6..0a864dabb2 100644
--- a/source4/smbd/process_standard.c
+++ b/source4/smbd/process_standard.c
@@ -196,13 +196,14 @@ static void standard_new_task(struct event_context *ev,
/* called when a task goes down */
-_NORETURN_ static void standard_terminate(struct event_context *ev, const char *reason)
+_NORETURN_ static void standard_terminate(struct event_context *ev, struct loadparm_context *lp_ctx,
+ const char *reason)
{
DEBUG(2,("standard_terminate: reason[%s]\n",reason));
/* this reload_charcnv() has the effect of freeing the iconv context memory,
which makes leak checking easier */
- reload_charcnv(global_loadparm);
+ reload_charcnv(lp_ctx);
talloc_free(ev);
diff --git a/source4/smbd/process_thread.c b/source4/smbd/process_thread.c
index 540d956420..597cf587f1 100644
--- a/source4/smbd/process_thread.c
+++ b/source4/smbd/process_thread.c
@@ -188,7 +188,7 @@ static void thread_new_task(struct event_context *ev,
}
/* called when a task goes down */
-static void thread_terminate(struct event_context *event_ctx, const char *reason)
+static void thread_terminate(struct event_context *event_ctx, struct loadparm_context *lp_ctx, const char *reason)
{
DEBUG(10,("thread_terminate: reason[%s]\n",reason));
diff --git a/source4/smbd/service_stream.c b/source4/smbd/service_stream.c
index 48eda46dc7..ce5b6519a1 100644
--- a/source4/smbd/service_stream.c
+++ b/source4/smbd/service_stream.c
@@ -78,8 +78,8 @@ void stream_terminate_connection(struct stream_connection *srv_conn, const char
talloc_free(srv_conn->event.fde);
srv_conn->event.fde = NULL;
+ model_ops->terminate(event_ctx, srv_conn->lp_ctx, reason);
talloc_free(srv_conn);
- model_ops->terminate(event_ctx, reason);
}
/**
diff --git a/source4/smbd/service_task.c b/source4/smbd/service_task.c
index 2274685059..9a2903e281 100644
--- a/source4/smbd/service_task.c
+++ b/source4/smbd/service_task.c
@@ -35,7 +35,7 @@ void task_server_terminate(struct task_server *task, const char *reason)
struct event_context *event_ctx = task->event_ctx;
const struct model_ops *model_ops = task->model_ops;
DEBUG(0,("task_server_terminate: [%s]\n", reason));
- model_ops->terminate(event_ctx, reason);
+ model_ops->terminate(event_ctx, task->lp_ctx, reason);
/* don't free this above, it might contain the 'reason' being printed */
talloc_free(task);
diff --git a/source4/torture/basic/misc.c b/source4/torture/basic/misc.c
index 24e0324bc3..c129fd586b 100644
--- a/source4/torture/basic/misc.c
+++ b/source4/torture/basic/misc.c
@@ -823,6 +823,7 @@ static struct composite_context *torture_connect_async(
smb->in.fallback_to_anonymous=false;
smb->in.workgroup=workgroup;
lp_smbcli_options(tctx->lp_ctx, &smb->in.options);
+ lp_smbcli_session_options(tctx->lp_ctx, &smb->in.session_options);
return smb_composite_connect_send(smb,mem_ctx,
lp_resolve_context(tctx->lp_ctx),ev);
diff --git a/source4/torture/basic/secleak.c b/source4/torture/basic/secleak.c
index 4caeee72a4..ca1fd444d9 100644
--- a/source4/torture/basic/secleak.c
+++ b/source4/torture/basic/secleak.c
@@ -36,8 +36,11 @@ static bool try_failed_login(struct torture_context *tctx, struct smbcli_state *
NTSTATUS status;
struct smb_composite_sesssetup setup;
struct smbcli_session *session;
+ struct smbcli_session_options options;
- session = smbcli_session_init(cli->transport, cli, false);
+ lp_smbcli_session_options(tctx->lp_ctx, &options);
+
+ session = smbcli_session_init(cli->transport, cli, false, options);
setup.in.sesskey = cli->transport->negotiate.sesskey;
setup.in.capabilities = cli->transport->negotiate.capabilities;
setup.in.workgroup = lp_workgroup(tctx->lp_ctx);
diff --git a/source4/torture/config.mk b/source4/torture/config.mk
index 96da10b5df..211d09756d 100644
--- a/source4/torture/config.mk
+++ b/source4/torture/config.mk
@@ -116,7 +116,7 @@ torture_rpc_OBJ_FILES = $(addprefix $(torturesrcdir)/rpc/, \
eventlog.o epmapper.o winreg.o initshutdown.o oxidresolve.o remact.o mgmt.o \
scanner.o autoidl.o countcalls.o testjoin.o schannel.o netlogon.o remote_pac.o samlogon.o \
samsync.o bind.o dssetup.o alter_context.o bench.o samba3rpc.o rpc.o async_bind.o \
- handles.o frsapi.o)
+ handles.o frsapi.o object_uuid.o)
$(eval $(call proto_header_template,$(torturesrcdir)/rpc/proto.h,$(torture_rpc_OBJ_FILES:.o=.c)))
diff --git a/source4/torture/gentest.c b/source4/torture/gentest.c
index fecdfda56e..3bf3ad8b1b 100644
--- a/source4/torture/gentest.c
+++ b/source4/torture/gentest.c
@@ -214,7 +214,9 @@ static bool connect_servers(struct event_context *ev,
for (j=0;j<NINSTANCES;j++) {
NTSTATUS status;
struct smbcli_options smb_options;
+ struct smbcli_session_options smb_session_options;
lp_smbcli_options(lp_ctx, &smb_options);
+ lp_smbcli_session_options(lp_ctx, &smb_session_options);
printf("Connecting to \\\\%s\\%s as %s - instance %d\n",
servers[i].server_name, servers[i].share_name,
@@ -238,7 +240,8 @@ static bool connect_servers(struct event_context *ev,
servers[i].share_name, "A:",
servers[i].credentials,
lp_resolve_context(lp_ctx), ev,
- &smb_options);
+ &smb_options,
+ &smb_session_options);
}
if (!NT_STATUS_IS_OK(status)) {
printf("Failed to connect to \\\\%s\\%s - %s\n",
diff --git a/source4/torture/locktest.c b/source4/torture/locktest.c
index 9c7bffb6f4..a511e261cb 100644
--- a/source4/torture/locktest.c
+++ b/source4/torture/locktest.c
@@ -117,8 +117,10 @@ static struct smbcli_state *connect_one(struct event_context *ev,
NTSTATUS status;
int retries = 10;
struct smbcli_options options;
+ struct smbcli_session_options session_options;
lp_smbcli_options(lp_ctx, &options);
+ lp_smbcli_session_options(lp_ctx, &session_options);
printf("connect_one(%s, %d, %d)\n", share, snum, conn);
@@ -164,7 +166,7 @@ static struct smbcli_state *connect_one(struct event_context *ev,
share, NULL,
servers[snum],
lp_resolve_context(lp_ctx),
- ev, &options);
+ ev, &options, &session_options);
if (!NT_STATUS_IS_OK(status)) {
sleep(2);
}
diff --git a/source4/torture/locktest2.c b/source4/torture/locktest2.c
index e6c4728f0d..b49b8d256a 100644
--- a/source4/torture/locktest2.c
+++ b/source4/torture/locktest2.c
@@ -138,7 +138,8 @@ static bool try_unlock(struct smbcli_state *c, int fstype,
return a connection to a server
*******************************************************/
static struct smbcli_state *connect_one(char *share, const char **ports,
- struct smb_options *optionsi,
+ struct smb_options *options,
+ struct smb_options *session_options,
struct event_context *ev)
{
struct smbcli_state *c;
@@ -168,7 +169,7 @@ static struct smbcli_state *connect_one(char *share, const char **ports,
nt_status = smbcli_full_connection(NULL,
&c, myname, server_n, ports, share, NULL,
username, lp_workgroup(), password, ev,
- options);
+ options, session_options);
if (!NT_STATUS_IS_OK(nt_status)) {
DEBUG(0, ("smbcli_full_connection failed with error %s\n", nt_errstr(nt_status)));
return NULL;
@@ -185,6 +186,7 @@ static void reconnect(struct smbcli_state *cli[NSERVERS][NCONNECTIONS],
int fnum[NSERVERS][NUMFSTYPES][NCONNECTIONS][NFILES],
const char **ports,
struct smbcli_options *options,
+ struct smbcli_session_options *session_options,
struct event_context *ev,
char *share1, char *share2)
{
@@ -204,7 +206,7 @@ static void reconnect(struct smbcli_state *cli[NSERVERS][NCONNECTIONS],
smbcli_ulogoff(cli[server][conn]);
talloc_free(cli[server][conn]);
}
- cli[server][conn] = connect_one(share[server], ports, options, ev);
+ cli[server][conn] = connect_one(share[server], ports, options, session_options, ev);
if (!cli[server][conn]) {
DEBUG(0,("Failed to connect to %s\n", share[server]));
exit(1);
@@ -354,6 +356,7 @@ static void test_locks(char *share1, char *share2,
char *nfspath1, char *nfspath2,
const char **ports,
struct smbcli_options *options,
+ struct smbcli_session_options *session_options,
struct event_context *ev)
{
struct smbcli_state *cli[NSERVERS][NCONNECTIONS];
@@ -383,7 +386,7 @@ static void test_locks(char *share1, char *share2,
recorded[n].needed = true;
}
- reconnect(cli, nfs, fnum, ports, options, ev, share1, share2);
+ reconnect(cli, nfs, fnum, ports, options, session_options, ev, share1, share2);
open_files(cli, nfs, fnum);
n = retest(cli, nfs, fnum, numops);
@@ -394,7 +397,7 @@ static void test_locks(char *share1, char *share2,
n1 = n;
close_files(cli, nfs, fnum);
- reconnect(cli, nfs, fnum, ports, options, ev, share1, share2);
+ reconnect(cli, nfs, fnum, ports, options, session_options, ev, share1, share2);
open_files(cli, nfs, fnum);
for (i=0;i<n-1;i++) {
@@ -421,7 +424,7 @@ static void test_locks(char *share1, char *share2,
}
close_files(cli, nfs, fnum);
- reconnect(cli, nfs, fnum, ports, options, ev, share1, share2);
+ reconnect(cli, nfs, fnum, ports, options, session_options, ev, share1, share2);
open_files(cli, nfs, fnum);
showall = true;
n1 = retest(cli, nfs, fnum, n);
@@ -469,6 +472,7 @@ static void usage(void)
extern char *optarg;
extern int optind;
struct smbcli_options options;
+ struct smbcli_session_options session_options;
int opt;
char *p;
int seed;
@@ -554,8 +558,9 @@ static void usage(void)
locking_init(1);
lp_smbcli_options(lp_ctx, &options);
+ lp_smbcli_session_options(lp_ctx, &session_options);
test_locks(share1, share2, nfspath1, nfspath2, lp_smb_ports(lp_ctx),
- &options, ev);
+ &options, &session_options, ev);
return(0);
}
diff --git a/source4/torture/masktest.c b/source4/torture/masktest.c
index 35e9a57fe8..a739a1e1b5 100644
--- a/source4/torture/masktest.c
+++ b/source4/torture/masktest.c
@@ -76,7 +76,8 @@ return a connection to a server
static struct smbcli_state *connect_one(struct resolve_context *resolve_ctx,
struct event_context *ev,
char *share, const char **ports,
- struct smbcli_options *options)
+ struct smbcli_options *options,
+ struct smbcli_session_options *session_options)
{
struct smbcli_state *c;
fstring server;
@@ -95,7 +96,7 @@ static struct smbcli_state *connect_one(struct resolve_context *resolve_ctx,
ports,
share, NULL,
cmdline_credentials, resolve_ctx, ev,
- options);
+ options, session_options);
if (!NT_STATUS_IS_OK(status)) {
return NULL;
@@ -296,6 +297,7 @@ static void usage(poptContext pc)
struct event_context *ev;
struct loadparm_context *lp_ctx;
struct smbcli_options options;
+ struct smbcli_session_options session_options;
poptContext pc;
int argc_new, i;
char **argv_new;
@@ -360,9 +362,10 @@ static void usage(poptContext pc)
gensec_init(lp_ctx);
lp_smbcli_options(lp_ctx, &options);
+ lp_smbcli_session_options(lp_ctx, &session_options);
cli = connect_one(lp_resolve_context(lp_ctx), ev, share,
- lp_smb_ports(lp_ctx), &options);
+ lp_smb_ports(lp_ctx), &options, &session_options);
if (!cli) {
DEBUG(0,("Failed to connect to %s\n", share));
exit(1);
diff --git a/source4/torture/raw/composite.c b/source4/torture/raw/composite.c
index d73ac1327e..7f1f5943e1 100644
--- a/source4/torture/raw/composite.c
+++ b/source4/torture/raw/composite.c
@@ -164,6 +164,7 @@ static bool test_fetchfile(struct smbcli_state *cli, struct torture_context *tct
io2.in.filename = fname;
io2.in.resolve_ctx = lp_resolve_context(tctx->lp_ctx);
lp_smbcli_options(tctx->lp_ctx, &io2.in.options);
+ lp_smbcli_session_options(tctx->lp_ctx, &io2.in.session_options);
printf("testing parallel fetchfile with %d ops\n", torture_numops);
@@ -358,7 +359,7 @@ static bool test_fsinfo(struct smbcli_state *cli, struct torture_context *tctx)
c = talloc_array(tctx, struct composite_context *, torture_numops);
for (i=0; i<torture_numops; i++) {
- c[i] = smb_composite_fsinfo_send(cli->tree,&io1);
+ c[i] = smb_composite_fsinfo_send(cli->tree, &io1, lp_resolve_context(tctx->lp_ctx));
c[i]->async.fn = loadfile_complete;
c[i]->async.private_data = count;
}
diff --git a/source4/torture/raw/context.c b/source4/torture/raw/context.c
index 15e736fff5..450ad0f260 100644
--- a/source4/torture/raw/context.c
+++ b/source4/torture/raw/context.c
@@ -81,6 +81,7 @@ static bool test_session(struct smbcli_state *cli, struct torture_context *tctx)
const char *fname = BASEDIR "\\test.txt";
uint8_t c = 1;
int i;
+ struct smbcli_session_options options;
printf("TESTING SESSION HANDLING\n");
@@ -89,7 +90,10 @@ static bool test_session(struct smbcli_state *cli, struct torture_context *tctx)
}
printf("create a second security context on the same transport\n");
- session = smbcli_session_init(cli->transport, tctx, false);
+
+ lp_smbcli_session_options(tctx->lp_ctx, &options);
+
+ session = smbcli_session_init(cli->transport, tctx, false, options);
setup.in.sesskey = cli->transport->negotiate.sesskey;
setup.in.capabilities = cli->transport->negotiate.capabilities; /* ignored in secondary session setup, except by our libs, which care about the extended security bit */
@@ -103,7 +107,7 @@ static bool test_session(struct smbcli_state *cli, struct torture_context *tctx)
session->vuid = setup.out.vuid;
printf("create a third security context on the same transport, with vuid set\n");
- session2 = smbcli_session_init(cli->transport, tctx, false);
+ session2 = smbcli_session_init(cli->transport, tctx, false, options);
session2->vuid = session->vuid;
setup.in.sesskey = cli->transport->negotiate.sesskey;
@@ -130,7 +134,7 @@ static bool test_session(struct smbcli_state *cli, struct torture_context *tctx)
if (cli->transport->negotiate.capabilities & CAP_EXTENDED_SECURITY) {
printf("create a fourth security context on the same transport, without extended security\n");
- session3 = smbcli_session_init(cli->transport, tctx, false);
+ session3 = smbcli_session_init(cli->transport, tctx, false, options);
session3->vuid = session->vuid;
setup.in.sesskey = cli->transport->negotiate.sesskey;
@@ -144,7 +148,7 @@ static bool test_session(struct smbcli_state *cli, struct torture_context *tctx)
CHECK_STATUS(status, NT_STATUS_LOGON_FAILURE);
printf("create a fouth anonymous security context on the same transport, without extended security\n");
- session4 = smbcli_session_init(cli->transport, tctx, false);
+ session4 = smbcli_session_init(cli->transport, tctx, false, options);
session4->vuid = session->vuid;
setup.in.sesskey = cli->transport->negotiate.sesskey;
@@ -230,7 +234,7 @@ static bool test_session(struct smbcli_state *cli, struct torture_context *tctx)
setups[i].in.credentials = cmdline_credentials;
- sessions[i] = smbcli_session_init(cli->transport, tctx, false);
+ sessions[i] = smbcli_session_init(cli->transport, tctx, false, options);
composite_contexts[i] = smb_composite_sesssetup_send(sessions[i], &setups[i]);
}
@@ -379,6 +383,7 @@ static bool test_tree_ulogoff(struct smbcli_state *cli, struct torture_context *
const char *fname1 = BASEDIR "\\test1.txt";
const char *fname2 = BASEDIR "\\test2.txt";
uint8_t c = 1;
+ struct smbcli_session_options options;
printf("TESTING TREE with ulogoff\n");
@@ -389,8 +394,10 @@ static bool test_tree_ulogoff(struct smbcli_state *cli, struct torture_context *
share = torture_setting_string(tctx, "share", NULL);
host = torture_setting_string(tctx, "host", NULL);
+ lp_smbcli_session_options(tctx->lp_ctx, &options);
+
printf("create the first new sessions\n");
- session1 = smbcli_session_init(cli->transport, tctx, false);
+ session1 = smbcli_session_init(cli->transport, tctx, false, options);
setup.in.sesskey = cli->transport->negotiate.sesskey;
setup.in.capabilities = cli->transport->negotiate.capabilities;
setup.in.workgroup = lp_workgroup(tctx->lp_ctx);
@@ -446,7 +453,7 @@ static bool test_tree_ulogoff(struct smbcli_state *cli, struct torture_context *
CHECK_STATUS(status, NT_STATUS_OK);
printf("create the second new sessions\n");
- session2 = smbcli_session_init(cli->transport, tctx, false);
+ session2 = smbcli_session_init(cli->transport, tctx, false, options);
setup.in.sesskey = cli->transport->negotiate.sesskey;
setup.in.capabilities = cli->transport->negotiate.capabilities;
setup.in.workgroup = lp_workgroup(tctx->lp_ctx);
@@ -634,6 +641,7 @@ static bool test_pid_2sess(struct smbcli_state *cli, struct torture_context *tct
const char *fname = BASEDIR "\\test.txt";
uint8_t c = 1;
uint16_t vuid1, vuid2;
+ struct smbcli_session_options options;
printf("TESTING PID HANDLING WITH 2 SESSIONS\n");
@@ -641,8 +649,10 @@ static bool test_pid_2sess(struct smbcli_state *cli, struct torture_context *tct
return false;
}
+ lp_smbcli_session_options(tctx->lp_ctx, &options);
+
printf("create a second security context on the same transport\n");
- session = smbcli_session_init(cli->transport, tctx, false);
+ session = smbcli_session_init(cli->transport, tctx, false, options);
setup.in.sesskey = cli->transport->negotiate.sesskey;
setup.in.capabilities = cli->transport->negotiate.capabilities; /* ignored in secondary session setup, except by our libs, which care about the extended security bit */
diff --git a/source4/torture/raw/lock.c b/source4/torture/raw/lock.c
index cd8d606795..dbe071c9ad 100644
--- a/source4/torture/raw/lock.c
+++ b/source4/torture/raw/lock.c
@@ -456,11 +456,14 @@ static bool test_async(struct torture_context *tctx,
const char *fname = BASEDIR "\\test.txt";
time_t t;
struct smbcli_request *req;
+ struct smbcli_session_options options;
if (!torture_setup_dir(cli, BASEDIR)) {
return false;
}
+ lp_smbcli_session_options(tctx->lp_ctx, &options);
+
printf("Testing LOCKING_ANDX_CANCEL_LOCK\n");
io.generic.level = RAW_LOCK_LOCKX;
@@ -590,7 +593,7 @@ static bool test_async(struct torture_context *tctx,
}
printf("create a new sessions\n");
- session = smbcli_session_init(cli->transport, tctx, false);
+ session = smbcli_session_init(cli->transport, tctx, false, options);
setup.in.sesskey = cli->transport->negotiate.sesskey;
setup.in.capabilities = cli->transport->negotiate.capabilities;
setup.in.workgroup = lp_workgroup(tctx->lp_ctx);
diff --git a/source4/torture/raw/lockbench.c b/source4/torture/raw/lockbench.c
index 21541d003b..26fad4235e 100644
--- a/source4/torture/raw/lockbench.c
+++ b/source4/torture/raw/lockbench.c
@@ -195,6 +195,7 @@ static void reopen_connection(struct event_context *ev, struct timed_event *te,
io->in.fallback_to_anonymous = false;
io->in.workgroup = lp_workgroup(state->tctx->lp_ctx);
lp_smbcli_options(state->tctx->lp_ctx, &io->in.options);
+ lp_smbcli_session_options(state->tctx->lp_ctx, &io->in.session_options);
/* kill off the remnants of the old connection */
talloc_free(state->tree);
diff --git a/source4/torture/raw/notify.c b/source4/torture/raw/notify.c
index 25c91eb88b..d7541b7c71 100644
--- a/source4/torture/raw/notify.c
+++ b/source4/torture/raw/notify.c
@@ -583,7 +583,9 @@ static bool test_notify_mask(struct smbcli_state *cli, struct torture_context *t
notify.nttrans.in.buffer_size = 1000;
notify.nttrans.in.recursive = true;
-#define NOTIFY_MASK_TEST(setup, op, cleanup, Action, expected, nchanges) \
+#define NOTIFY_MASK_TEST(test_name, setup, op, cleanup, Action, expected, nchanges) \
+ do { \
+ smbcli_getatr(cli->tree, test_name, NULL, NULL, NULL); \
do { for (mask=i=0;i<32;i++) { \
struct smbcli_request *req; \
status = smb_raw_open(cli->tree, tctx, &io); \
@@ -640,24 +642,25 @@ static bool test_notify_mask(struct smbcli_state *cli, struct torture_context *t
mask, expected); \
} \
} \
- } while (0)
+ } while (0); \
+ } while (0);
printf("testing mkdir\n");
- NOTIFY_MASK_TEST(;,
+ NOTIFY_MASK_TEST("testing mkdir",;,
smbcli_mkdir(cli->tree, BASEDIR "\\tname1");,
smbcli_rmdir(cli->tree, BASEDIR "\\tname1");,
NOTIFY_ACTION_ADDED,
FILE_NOTIFY_CHANGE_DIR_NAME, 1);
printf("testing create file\n");
- NOTIFY_MASK_TEST(;,
+ NOTIFY_MASK_TEST("testing create file",;,
smbcli_close(cli->tree, smbcli_open(cli->tree, BASEDIR "\\tname1", O_CREAT, 0));,
smbcli_unlink(cli->tree, BASEDIR "\\tname1");,
NOTIFY_ACTION_ADDED,
FILE_NOTIFY_CHANGE_FILE_NAME, 1);
printf("testing unlink\n");
- NOTIFY_MASK_TEST(
+ NOTIFY_MASK_TEST("testing unlink",
smbcli_close(cli->tree, smbcli_open(cli->tree, BASEDIR "\\tname1", O_CREAT, 0));,
smbcli_unlink(cli->tree, BASEDIR "\\tname1");,
;,
@@ -665,7 +668,7 @@ static bool test_notify_mask(struct smbcli_state *cli, struct torture_context *t
FILE_NOTIFY_CHANGE_FILE_NAME, 1);
printf("testing rmdir\n");
- NOTIFY_MASK_TEST(
+ NOTIFY_MASK_TEST("testing rmdir",
smbcli_mkdir(cli->tree, BASEDIR "\\tname1");,
smbcli_rmdir(cli->tree, BASEDIR "\\tname1");,
;,
@@ -673,7 +676,7 @@ static bool test_notify_mask(struct smbcli_state *cli, struct torture_context *t
FILE_NOTIFY_CHANGE_DIR_NAME, 1);
printf("testing rename file\n");
- NOTIFY_MASK_TEST(
+ NOTIFY_MASK_TEST("testing rename file",
smbcli_close(cli->tree, smbcli_open(cli->tree, BASEDIR "\\tname1", O_CREAT, 0));,
smbcli_rename(cli->tree, BASEDIR "\\tname1", BASEDIR "\\tname2");,
smbcli_unlink(cli->tree, BASEDIR "\\tname2");,
@@ -681,7 +684,7 @@ static bool test_notify_mask(struct smbcli_state *cli, struct torture_context *t
FILE_NOTIFY_CHANGE_FILE_NAME|FILE_NOTIFY_CHANGE_ATTRIBUTES|FILE_NOTIFY_CHANGE_CREATION, 2);
printf("testing rename dir\n");
- NOTIFY_MASK_TEST(
+ NOTIFY_MASK_TEST("testing rename dir",
smbcli_mkdir(cli->tree, BASEDIR "\\tname1");,
smbcli_rename(cli->tree, BASEDIR "\\tname1", BASEDIR "\\tname2");,
smbcli_rmdir(cli->tree, BASEDIR "\\tname2");,
@@ -689,7 +692,7 @@ static bool test_notify_mask(struct smbcli_state *cli, struct torture_context *t
FILE_NOTIFY_CHANGE_DIR_NAME, 2);
printf("testing set path attribute\n");
- NOTIFY_MASK_TEST(
+ NOTIFY_MASK_TEST("testing set path attribute",
smbcli_close(cli->tree, smbcli_open(cli->tree, BASEDIR "\\tname1", O_CREAT, 0));,
smbcli_setatr(cli->tree, BASEDIR "\\tname1", FILE_ATTRIBUTE_HIDDEN, 0);,
smbcli_unlink(cli->tree, BASEDIR "\\tname1");,
@@ -697,7 +700,7 @@ static bool test_notify_mask(struct smbcli_state *cli, struct torture_context *t
FILE_NOTIFY_CHANGE_ATTRIBUTES, 1);
printf("testing set path write time\n");
- NOTIFY_MASK_TEST(
+ NOTIFY_MASK_TEST("testing set path write time",
smbcli_close(cli->tree, smbcli_open(cli->tree, BASEDIR "\\tname1", O_CREAT, 0));,
smbcli_setatr(cli->tree, BASEDIR "\\tname1", FILE_ATTRIBUTE_NORMAL, 1000);,
smbcli_unlink(cli->tree, BASEDIR "\\tname1");,
@@ -705,7 +708,7 @@ static bool test_notify_mask(struct smbcli_state *cli, struct torture_context *t
FILE_NOTIFY_CHANGE_LAST_WRITE, 1);
printf("testing set file attribute\n");
- NOTIFY_MASK_TEST(
+ NOTIFY_MASK_TEST("testing set file attribute",
fnum2 = create_complex_file(cli, tctx, BASEDIR "\\tname1");,
smbcli_fsetatr(cli->tree, fnum2, FILE_ATTRIBUTE_HIDDEN, 0, 0, 0, 0);,
(smbcli_close(cli->tree, fnum2), smbcli_unlink(cli->tree, BASEDIR "\\tname1"));,
@@ -718,7 +721,7 @@ static bool test_notify_mask(struct smbcli_state *cli, struct torture_context *t
}
else {
printf("testing set file create time\n");
- NOTIFY_MASK_TEST(
+ NOTIFY_MASK_TEST("testing set file create time",
fnum2 = create_complex_file(cli, tctx,
BASEDIR "\\tname1");,
smbcli_fsetatr(cli->tree, fnum2, 0, t, 0, 0, 0);,
@@ -729,7 +732,7 @@ static bool test_notify_mask(struct smbcli_state *cli, struct torture_context *t
}
printf("testing set file access time\n");
- NOTIFY_MASK_TEST(
+ NOTIFY_MASK_TEST("testing set file access time",
fnum2 = create_complex_file(cli, tctx, BASEDIR "\\tname1");,
smbcli_fsetatr(cli->tree, fnum2, 0, 0, t, 0, 0);,
(smbcli_close(cli->tree, fnum2), smbcli_unlink(cli->tree, BASEDIR "\\tname1"));,
@@ -737,7 +740,7 @@ static bool test_notify_mask(struct smbcli_state *cli, struct torture_context *t
FILE_NOTIFY_CHANGE_LAST_ACCESS, 1);
printf("testing set file write time\n");
- NOTIFY_MASK_TEST(
+ NOTIFY_MASK_TEST("testing set file write time",
fnum2 = create_complex_file(cli, tctx, BASEDIR "\\tname1");,
smbcli_fsetatr(cli->tree, fnum2, 0, 0, 0, t, 0);,
(smbcli_close(cli->tree, fnum2), smbcli_unlink(cli->tree, BASEDIR "\\tname1"));,
@@ -745,7 +748,7 @@ static bool test_notify_mask(struct smbcli_state *cli, struct torture_context *t
FILE_NOTIFY_CHANGE_LAST_WRITE, 1);
printf("testing set file change time\n");
- NOTIFY_MASK_TEST(
+ NOTIFY_MASK_TEST("testing set file change time",
fnum2 = create_complex_file(cli, tctx, BASEDIR "\\tname1");,
smbcli_fsetatr(cli->tree, fnum2, 0, 0, 0, 0, t);,
(smbcli_close(cli->tree, fnum2), smbcli_unlink(cli->tree, BASEDIR "\\tname1"));,
@@ -754,7 +757,7 @@ static bool test_notify_mask(struct smbcli_state *cli, struct torture_context *t
printf("testing write\n");
- NOTIFY_MASK_TEST(
+ NOTIFY_MASK_TEST("testing write",
fnum2 = create_complex_file(cli, tctx, BASEDIR "\\tname1");,
smbcli_write(cli->tree, fnum2, 1, &c, 10000, 1);,
(smbcli_close(cli->tree, fnum2), smbcli_unlink(cli->tree, BASEDIR "\\tname1"));,
@@ -762,7 +765,7 @@ static bool test_notify_mask(struct smbcli_state *cli, struct torture_context *t
0, 1);
printf("testing truncate\n");
- NOTIFY_MASK_TEST(
+ NOTIFY_MASK_TEST("testing truncate",
fnum2 = create_complex_file(cli, tctx, BASEDIR "\\tname1");,
smbcli_ftruncate(cli->tree, fnum2, 10000);,
(smbcli_close(cli->tree, fnum2), smbcli_unlink(cli->tree, BASEDIR "\\tname1"));,
diff --git a/source4/torture/raw/openbench.c b/source4/torture/raw/openbench.c
index 26b862c33f..ec94637445 100644
--- a/source4/torture/raw/openbench.c
+++ b/source4/torture/raw/openbench.c
@@ -137,6 +137,7 @@ static void reopen_connection(struct event_context *ev, struct timed_event *te,
io->in.fallback_to_anonymous = false;
io->in.workgroup = lp_workgroup(state->tctx->lp_ctx);
lp_smbcli_options(state->tctx->lp_ctx, &io->in.options);
+ lp_smbcli_session_options(state->tctx->lp_ctx, &io->in.session_options);
/* kill off the remnants of the old connection */
talloc_free(state->tree);
diff --git a/source4/torture/raw/oplock.c b/source4/torture/raw/oplock.c
index fd8d292980..7e964b4d42 100644
--- a/source4/torture/raw/oplock.c
+++ b/source4/torture/raw/oplock.c
@@ -175,10 +175,11 @@ static bool open_connection_no_level2_oplocks(struct torture_context *tctx,
struct smbcli_state **c)
{
NTSTATUS status;
-
struct smbcli_options options;
+ struct smbcli_session_options session_options;
lp_smbcli_options(tctx->lp_ctx, &options);
+ lp_smbcli_session_options(tctx->lp_ctx, &session_options);
options.use_level2_oplocks = false;
@@ -188,7 +189,7 @@ static bool open_connection_no_level2_oplocks(struct torture_context *tctx,
torture_setting_string(tctx, "share", NULL),
NULL, cmdline_credentials,
lp_resolve_context(tctx->lp_ctx),
- tctx->ev, &options);
+ tctx->ev, &options, &session_options);
if (!NT_STATUS_IS_OK(status)) {
printf("Failed to open connection - %s\n", nt_errstr(status));
return false;
diff --git a/source4/torture/raw/tconrate.c b/source4/torture/raw/tconrate.c
index 6f0ba0d617..66ef2ae2dd 100644
--- a/source4/torture/raw/tconrate.c
+++ b/source4/torture/raw/tconrate.c
@@ -69,8 +69,10 @@ static int fork_tcon_client(struct torture_context *tctx,
struct timeval end;
struct timeval now;
struct smbcli_options options;
+ struct smbcli_session_options session_options;
lp_smbcli_options(tctx->lp_ctx, &options);
+ lp_smbcli_session_options(tctx->lp_ctx, &session_options);
child = fork();
if (child == -1) {
@@ -100,7 +102,7 @@ static int fork_tcon_client(struct torture_context *tctx,
host, lp_smb_ports(tctx->lp_ctx), share,
NULL, cmdline_credentials,
lp_resolve_context(tctx->lp_ctx),
- tctx->ev, &options);
+ tctx->ev, &options, &session_options);
if (!NT_STATUS_IS_OK(status)) {
printf("failed to connect to //%s/%s: %s\n",
diff --git a/source4/torture/rpc/join.c b/source4/torture/rpc/join.c
index 77da32d572..ee0c05360f 100644
--- a/source4/torture/rpc/join.c
+++ b/source4/torture/rpc/join.c
@@ -19,6 +19,7 @@ bool torture_rpc_join(struct torture_context *torture)
struct smbcli_state *cli;
const char *host = torture_setting_string(torture, "host", NULL);
struct smbcli_options options;
+ struct smbcli_session_options session_options;
/* Join domain as a member server. */
tj = torture_join_domain(torture,
@@ -33,13 +34,14 @@ bool torture_rpc_join(struct torture_context *torture)
}
lp_smbcli_options(torture->lp_ctx, &options);
+ lp_smbcli_session_options(torture->lp_ctx, &session_options);
status = smbcli_full_connection(tj, &cli, host,
lp_smb_ports(torture->lp_ctx),
"IPC$", NULL,
machine_account,
lp_resolve_context(torture->lp_ctx),
- torture->ev, &options);
+ torture->ev, &options, &session_options);
if (!NT_STATUS_IS_OK(status)) {
DEBUG(0, ("%s failed to connect to IPC$ with workstation credentials\n",
TORTURE_NETBIOS_NAME));
@@ -65,7 +67,7 @@ bool torture_rpc_join(struct torture_context *torture)
"IPC$", NULL,
machine_account,
lp_resolve_context(torture->lp_ctx),
- torture->ev, &options);
+ torture->ev, &options, &session_options);
if (!NT_STATUS_IS_OK(status)) {
DEBUG(0, ("%s failed to connect to IPC$ with workstation credentials\n",
TORTURE_NETBIOS_NAME));
diff --git a/source4/torture/rpc/lsa.c b/source4/torture/rpc/lsa.c
index 69bf33352b..af5ee4f6e1 100644
--- a/source4/torture/rpc/lsa.c
+++ b/source4/torture/rpc/lsa.c
@@ -2077,7 +2077,7 @@ static bool test_CreateTrustedDomainEx2(struct dcerpc_pipe *p,
struct lsa_CreateTrustedDomainEx2 r;
struct lsa_TrustDomainInfoInfoEx trustinfo;
struct lsa_TrustDomainInfoAuthInfoInternal authinfo;
- struct trustAuthInAndOutBlob auth_struct;
+ struct trustDomainPasswords auth_struct;
DATA_BLOB auth_blob;
struct dom_sid *domsid[12];
struct policy_handle trustdom_handle[12];
@@ -2125,9 +2125,9 @@ static bool test_CreateTrustedDomainEx2(struct dcerpc_pipe *p,
auth_struct.incoming.count = 0;
ndr_err = ndr_push_struct_blob(&auth_blob, mem_ctx, lp_iconv_convenience(tctx->lp_ctx), &auth_struct,
- (ndr_push_flags_fn_t)ndr_push_trustAuthInAndOutBlob);
+ (ndr_push_flags_fn_t)ndr_push_trustDomainPasswords);
if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
- printf("ndr_push_struct_blob of trustAuthInAndOutBlob structure failed");
+ printf("ndr_push_struct_blob of trustDomainPasswords structure failed");
ret = false;
}
diff --git a/source4/torture/rpc/object_uuid.c b/source4/torture/rpc/object_uuid.c
new file mode 100644
index 0000000000..5a77bd1c29
--- /dev/null
+++ b/source4/torture/rpc/object_uuid.c
@@ -0,0 +1,87 @@
+/*
+ Unix SMB/CIFS implementation.
+
+ test suite for behaviour of object uuids in rpc requests
+
+ Copyright (C) Stefan Metzmacher 2008
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; either version 3 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program. If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "torture/torture.h"
+#include "librpc/gen_ndr/ndr_dssetup.h"
+#include "librpc/gen_ndr/ndr_dssetup_c.h"
+#include "librpc/gen_ndr/ndr_lsa.h"
+#include "librpc/gen_ndr/ndr_lsa_c.h"
+#include "torture/rpc/rpc.h"
+
+/*
+ this tests the send object uuids in the dcerpc request
+*/
+
+static bool test_random_uuid(struct torture_context *torture)
+{
+ NTSTATUS status;
+ struct dcerpc_pipe *p1, *p2;
+ struct rpc_request *req;
+ struct GUID uuid;
+ struct dssetup_DsRoleGetPrimaryDomainInformation r1;
+ struct lsa_GetUserName r2;
+ struct lsa_StringPointer authority_name_p;
+
+ torture_comment(torture, "RPC-OBJECTUUID-RANDOM\n");
+
+ status = torture_rpc_connection(torture, &p1, &ndr_table_dssetup);
+ torture_assert_ntstatus_ok(torture, status, "opening dsetup pipe1");
+
+ status = torture_rpc_connection(torture, &p2, &ndr_table_lsarpc);
+ torture_assert_ntstatus_ok(torture, status, "opening lsa pipe1");
+
+ uuid = GUID_random();
+
+ r1.in.level = DS_ROLE_BASIC_INFORMATION;
+ req = dcerpc_ndr_request_send(p1, &uuid,
+ &ndr_table_dssetup,
+ NDR_DSSETUP_DSROLEGETPRIMARYDOMAININFORMATION,
+ torture, &r1);
+ status = dcerpc_ndr_request_recv(req);
+ torture_assert_ntstatus_ok(torture, status, "DsRoleGetPrimaryDomainInformation failed");
+ torture_assert_werr_ok(torture, r1.out.result, "DsRoleGetPrimaryDomainInformation failed");
+
+ uuid = GUID_random();
+
+ r2.in.system_name = "\\";
+ r2.in.account_name = NULL;
+ r2.in.authority_name = &authority_name_p;
+ authority_name_p.string = NULL;
+
+ req = dcerpc_ndr_request_send(p2, &uuid,
+ &ndr_table_lsarpc,
+ NDR_LSA_GETUSERNAME,
+ torture, &r2);
+ status = dcerpc_ndr_request_recv(req);
+ torture_assert_ntstatus_ok(torture, status, "lsaClose failed");
+ torture_assert_ntstatus_ok(torture, r2.out.result, "lsaClose failed");
+
+ return true;
+}
+
+struct torture_suite *torture_rpc_object_uuid(TALLOC_CTX *mem_ctx)
+{
+ struct torture_suite *suite;
+ suite = torture_suite_create(mem_ctx, "OBJECTUUID");
+ torture_suite_add_simple_test(suite, "random-uuid", test_random_uuid);
+ return suite;
+}
diff --git a/source4/torture/rpc/rpc.c b/source4/torture/rpc/rpc.c
index 85f7bde16c..c35f93e3f9 100644
--- a/source4/torture/rpc/rpc.c
+++ b/source4/torture/rpc/rpc.c
@@ -387,6 +387,7 @@ NTSTATUS torture_rpc_init(void)
torture_suite_add_suite(suite, torture_rpc_atsvc(suite));
torture_suite_add_suite(suite, torture_rpc_wkssvc(suite));
torture_suite_add_suite(suite, torture_rpc_handles(suite));
+ torture_suite_add_suite(suite, torture_rpc_object_uuid(suite));
torture_suite_add_suite(suite, torture_rpc_winreg(suite));
torture_suite_add_simple_test(suite, "SPOOLSS", torture_rpc_spoolss);
torture_suite_add_suite(suite, torture_rpc_spoolss_notify(suite));
diff --git a/source4/torture/rpc/samba3rpc.c b/source4/torture/rpc/samba3rpc.c
index 3bbf6cf223..260c1cc149 100644
--- a/source4/torture/rpc/samba3rpc.c
+++ b/source4/torture/rpc/samba3rpc.c
@@ -74,6 +74,7 @@ bool torture_bind_authcontext(struct torture_context *torture)
struct cli_credentials *anon_creds;
struct smb_composite_sesssetup setup;
struct smbcli_options options;
+ struct smbcli_session_options session_options;
mem_ctx = talloc_init("torture_bind_authcontext");
@@ -83,13 +84,14 @@ bool torture_bind_authcontext(struct torture_context *torture)
}
lp_smbcli_options(torture->lp_ctx, &options);
+ lp_smbcli_session_options(torture->lp_ctx, &session_options);
status = smbcli_full_connection(mem_ctx, &cli,
torture_setting_string(torture, "host", NULL),
lp_smb_ports(torture->lp_ctx),
"IPC$", NULL, cmdline_credentials,
lp_resolve_context(torture->lp_ctx),
- torture->ev, &options);
+ torture->ev, &options, &session_options);
if (!NT_STATUS_IS_OK(status)) {
d_printf("smbcli_full_connection failed: %s\n",
nt_errstr(status));
@@ -142,7 +144,7 @@ bool torture_bind_authcontext(struct torture_context *torture)
goto done;
}
- session2 = smbcli_session_init(cli->transport, mem_ctx, false);
+ session2 = smbcli_session_init(cli->transport, mem_ctx, false, session_options);
if (session2 == NULL) {
d_printf("smbcli_session_init failed\n");
goto done;
@@ -288,6 +290,7 @@ bool torture_bind_samba3(struct torture_context *torture)
bool ret = false;
struct smbcli_state *cli;
struct smbcli_options options;
+ struct smbcli_session_options session_options;
mem_ctx = talloc_init("torture_bind_authcontext");
@@ -297,13 +300,14 @@ bool torture_bind_samba3(struct torture_context *torture)
}
lp_smbcli_options(torture->lp_ctx, &options);
+ lp_smbcli_session_options(torture->lp_ctx, &session_options);
status = smbcli_full_connection(mem_ctx, &cli,
torture_setting_string(torture, "host", NULL),
lp_smb_ports(torture->lp_ctx),
"IPC$", NULL, cmdline_credentials,
lp_resolve_context(torture->lp_ctx),
- torture->ev, &options);
+ torture->ev, &options, &session_options);
if (!NT_STATUS_IS_OK(status)) {
d_printf("smbcli_full_connection failed: %s\n",
nt_errstr(status));
@@ -1195,6 +1199,7 @@ bool torture_netlogon_samba3(struct torture_context *torture)
const char *wks_name;
int i;
struct smbcli_options options;
+ struct smbcli_session_options session_options;
wks_name = torture_setting_string(torture, "wksname", NULL);
if (wks_name == NULL) {
@@ -1214,13 +1219,14 @@ bool torture_netlogon_samba3(struct torture_context *torture)
}
lp_smbcli_options(torture->lp_ctx, &options);
+ lp_smbcli_session_options(torture->lp_ctx, &session_options);
status = smbcli_full_connection(mem_ctx, &cli,
torture_setting_string(torture, "host", NULL),
lp_smb_ports(torture->lp_ctx),
"IPC$", NULL, anon_creds,
lp_resolve_context(torture->lp_ctx),
- torture->ev, &options);
+ torture->ev, &options, &session_options);
if (!NT_STATUS_IS_OK(status)) {
d_printf("smbcli_full_connection failed: %s\n",
nt_errstr(status));
@@ -1299,15 +1305,17 @@ static bool test_join3(struct torture_context *tctx,
struct smbcli_state *cli;
struct cli_credentials *wks_creds;
struct smbcli_options options;
+ struct smbcli_session_options session_options;
lp_smbcli_options(tctx->lp_ctx, &options);
+ lp_smbcli_session_options(tctx->lp_ctx, &session_options);
status = smbcli_full_connection(tctx, &cli,
torture_setting_string(tctx, "host", NULL),
lp_smb_ports(tctx->lp_ctx),
"IPC$", NULL, smb_creds,
lp_resolve_context(tctx->lp_ctx),
- tctx->ev, &options);
+ tctx->ev, &options, &session_options);
if (!NT_STATUS_IS_OK(status)) {
d_printf("smbcli_full_connection failed: %s\n",
nt_errstr(status));
@@ -1670,19 +1678,21 @@ bool torture_samba3_rpc_getusername(struct torture_context *torture)
struct cli_credentials *user_creds;
char *domain_name;
struct smbcli_options options;
+ struct smbcli_session_options session_options;
if (!(mem_ctx = talloc_new(torture))) {
return false;
}
lp_smbcli_options(torture->lp_ctx, &options);
+ lp_smbcli_session_options(torture->lp_ctx, &session_options);
status = smbcli_full_connection(
mem_ctx, &cli, torture_setting_string(torture, "host", NULL),
lp_smb_ports(torture->lp_ctx),
"IPC$", NULL, cmdline_credentials,
lp_resolve_context(torture->lp_ctx),
- torture->ev, &options);
+ torture->ev, &options, &session_options);
if (!NT_STATUS_IS_OK(status)) {
d_printf("(%s) smbcli_full_connection failed: %s\n",
__location__, nt_errstr(status));
@@ -1709,7 +1719,7 @@ bool torture_samba3_rpc_getusername(struct torture_context *torture)
lp_smb_ports(torture->lp_ctx),
"IPC$", NULL, anon_creds,
lp_resolve_context(torture->lp_ctx),
- torture->ev, &options);
+ torture->ev, &options, &session_options);
if (!NT_STATUS_IS_OK(status)) {
d_printf("(%s) anon smbcli_full_connection failed: %s\n",
__location__, nt_errstr(status));
@@ -1762,7 +1772,7 @@ bool torture_samba3_rpc_getusername(struct torture_context *torture)
struct smb_composite_sesssetup setup;
struct smbcli_tree *tree;
- session2 = smbcli_session_init(cli->transport, mem_ctx, false);
+ session2 = smbcli_session_init(cli->transport, mem_ctx, false, session_options);
if (session2 == NULL) {
d_printf("(%s) smbcli_session_init failed\n",
__location__);
diff --git a/source4/torture/rpc/samlogon.c b/source4/torture/rpc/samlogon.c
index 4fbffee41e..b7028e6609 100644
--- a/source4/torture/rpc/samlogon.c
+++ b/source4/torture/rpc/samlogon.c
@@ -53,7 +53,9 @@ struct samlogon_state {
const char *comment;
const char *account_name;
const char *account_domain;
+ const char *netbios_name;
const char *password;
+ const char *workgroup;
struct dcerpc_pipe *p;
int function_level;
uint32_t parameter_control;
@@ -593,7 +595,7 @@ static bool test_lmv2_ntlmv2_broken(struct samlogon_state *samlogon_state,
DATA_BLOB lmv2_response = data_blob(NULL, 0);
DATA_BLOB lmv2_session_key = data_blob(NULL, 0);
DATA_BLOB ntlmv2_session_key = data_blob(NULL, 0);
- DATA_BLOB names_blob = NTLMv2_generate_names_blob(samlogon_state->mem_ctx, samlogon_state->iconv_convenience, TEST_MACHINE_NAME, lp_workgroup(global_loadparm));
+ DATA_BLOB names_blob = NTLMv2_generate_names_blob(samlogon_state->mem_ctx, samlogon_state->iconv_convenience, TEST_MACHINE_NAME, samlogon_state->workgroup);
uint8_t lm_session_key[8];
uint8_t user_session_key[16];
@@ -741,7 +743,7 @@ static bool test_lmv2_ntlm_broken(struct samlogon_state *samlogon_state,
DATA_BLOB lmv2_response = data_blob(NULL, 0);
DATA_BLOB lmv2_session_key = data_blob(NULL, 0);
DATA_BLOB ntlmv2_session_key = data_blob(NULL, 0);
- DATA_BLOB names_blob = NTLMv2_generate_names_blob(samlogon_state->mem_ctx, samlogon_state->iconv_convenience, lp_netbios_name(global_loadparm), lp_workgroup(global_loadparm));
+ DATA_BLOB names_blob = NTLMv2_generate_names_blob(samlogon_state->mem_ctx, samlogon_state->iconv_convenience, samlogon_state->netbios_name, samlogon_state->workgroup);
DATA_BLOB ntlm_response = data_blob_talloc(samlogon_state->mem_ctx, NULL, 24);
DATA_BLOB ntlm_session_key = data_blob_talloc(samlogon_state->mem_ctx, NULL, 16);
@@ -1337,6 +1339,8 @@ static bool test_SamLogon(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
samlogon_state.account_name = account_name;
samlogon_state.account_domain = account_domain;
samlogon_state.password = plain_pass;
+ samlogon_state.workgroup = lp_workgroup(tctx->lp_ctx);
+ samlogon_state.netbios_name = lp_netbios_name(tctx->lp_ctx);
samlogon_state.p = p;
samlogon_state.creds = creds;
samlogon_state.expected_error = expected_error;
diff --git a/source4/torture/unix/unix_info2.c b/source4/torture/unix/unix_info2.c
index d7482ddcf1..3bddde2a97 100644
--- a/source4/torture/unix/unix_info2.c
+++ b/source4/torture/unix/unix_info2.c
@@ -56,15 +56,17 @@ static struct smbcli_state *connect_to_server(struct torture_context *tctx)
const char *host = torture_setting_string(tctx, "host", NULL);
const char *share = torture_setting_string(tctx, "share", NULL);
struct smbcli_options options;
+ struct smbcli_session_options session_options;
lp_smbcli_options(tctx->lp_ctx, &options);
+ lp_smbcli_session_options(tctx->lp_ctx, &session_options);
status = smbcli_full_connection(tctx, &cli, host,
lp_smb_ports(tctx->lp_ctx),
share, NULL,
cmdline_credentials,
lp_resolve_context(tctx->lp_ctx),
- tctx->ev, &options);
+ tctx->ev, &options, &session_options);
if (!NT_STATUS_IS_OK(status)) {
printf("failed to connect to //%s/%s: %s\n",
diff --git a/source4/torture/unix/whoami.c b/source4/torture/unix/whoami.c
index 39d0a12ab1..d742e23e82 100644
--- a/source4/torture/unix/whoami.c
+++ b/source4/torture/unix/whoami.c
@@ -77,14 +77,16 @@ static struct smbcli_state *connect_to_server(struct torture_context *tctx,
const char *host = torture_setting_string(tctx, "host", NULL);
const char *share = torture_setting_string(tctx, "share", NULL);
struct smbcli_options options;
+ struct smbcli_session_options session_options;
lp_smbcli_options(tctx->lp_ctx, &options);
+ lp_smbcli_session_options(tctx->lp_ctx, &session_options);
status = smbcli_full_connection(tctx, &cli, host,
lp_smb_ports(tctx->lp_ctx),
share, NULL,
creds, lp_resolve_context(tctx->lp_ctx),
- tctx->ev, &options);
+ tctx->ev, &options, &session_options);
if (!NT_STATUS_IS_OK(status)) {
printf("failed to connect to //%s/%s: %s\n",
diff --git a/source4/torture/util_smb.c b/source4/torture/util_smb.c
index 938e7d6c03..32e4453aca 100644
--- a/source4/torture/util_smb.c
+++ b/source4/torture/util_smb.c
@@ -475,8 +475,10 @@ _PUBLIC_ bool torture_open_connection_share(TALLOC_CTX *mem_ctx,
NTSTATUS status;
struct smbcli_options options;
+ struct smbcli_session_options session_options;
lp_smbcli_options(tctx->lp_ctx, &options);
+ lp_smbcli_session_options(tctx->lp_ctx, &session_options);
options.use_oplocks = torture_setting_bool(tctx, "use_oplocks", true);
options.use_level2_oplocks = torture_setting_bool(tctx, "use_level2_oplocks", true);
@@ -486,7 +488,7 @@ _PUBLIC_ bool torture_open_connection_share(TALLOC_CTX *mem_ctx,
sharename, NULL,
cmdline_credentials,
lp_resolve_context(tctx->lp_ctx),
- ev, &options);
+ ev, &options, &session_options);
if (!NT_STATUS_IS_OK(status)) {
printf("Failed to open connection - %s\n", nt_errstr(status));
return false;