Age | Commit message (Collapse) | Author | Files | Lines |
|
This call uses a new IDL type, NTTIME_hyper. This is 8-byte aligned,
as the name suggests.
Expand the QuerySecret LSA calls in RPC-SAMLOGON and RPC-LSA, to
validate the behaviour of times, and of the old secrets.
Thanks to tridge for spotting the use of HYPER!
Andrew Bartlett
(This used to be commit 1fed79cb0f2ae7940639d08ef99576559d4cd06e)
|
|
and debug privileges
metze
(This used to be commit c981808ed4cfa63c7ba7c4f9190b6b14f74bab40)
|
|
to open
the parent of the specified directory ?!
(This used to be commit a012d1c978a478fe8debf0c546ed770047dbfbcf)
|
|
this is mostly just a tidyup, but also adds the privilege_mask, which
I will be using shortly in ACL checking.
note that I had to move the definition of struct security_token out of
security.idl as pidl doesn't yet handle arrays of pointers, and the
usual workaround (to use a intermediate structure) would make things
too cumbersome for this structure, especially given we never encode it
to NDR.
(This used to be commit 7b446af09b8050746bfc2c50e9d56aa94397cc1a)
|
|
apologies for not committing this earlier
(This used to be commit 0950681091ab99f0e79048a9c1db57d057a96e66)
|
|
- added support for sticky write times after a setfileinfo, by using a
write_time field in the DosAttrib xattr structure.
(This used to be commit 4a52fae82d8305e999f94f1947daa21dab54cdfd)
|
|
I see a new 64 bit time field which are seconds since 1601,
this will be mapped to NTTIME by th eparsing code
+#define NTTIME_1sec NTTIME
metze
(This used to be commit db35f3b0f99943311ff8b797e8336616dab28220)
|
|
filesystem attribute reply
- pvfs passes the RAW-STREAMS test
(This used to be commit c1a48a7542a52df734b54031f405d574e4c891e3)
|
|
BASE-DENYDOS test.
- pvfs now passes BASE-DENY1 and BASE-DENYDOS.
(This used to be commit aa09df22ee729c02552638859236d9068e9748ae)
|
|
(This used to be commit 558de54ec6432a4ae90aa14a585f32c6cd03ced2)
|
|
(This used to be commit 3f902f8d851d32fa81d89ed61bfda6edaea00984)
|
|
SA_RIGHT_FILE_EXECUTE, which depends on a flags2 bit
(This used to be commit c36851d230bcf552ed79322f8358060ab164ec09)
|
|
setting of "server signing = auto", which means to offer signing
only if we have domain logons enabled (ie. we are a DC). This is a
better match for what windows clients want, as unfortunately windows
clients always use signing if it is offered, and when they use signing
they not only go slower because of the signing itself, they also
disable large readx/writex support, so they end up sending very small
IOs for.
- changed the default max xmit again, this time matching longhorn,
which uses 12288. That seems to be a fairly good compromise value.
(This used to be commit e63edc81716fefd58a3be25deb3b25e45471f196)
|
|
ntvfs modules
the idea is that a passthru module can use ntvfs_async_state_push() before
calling ntvfs_next_*() and in the _send function it calls
ntvfs_async_state_pop() and then call the upper layer send_fn itself
- ntvfs_nbench is now fully async
- the ntvfs_map_*() functions and the trans(2) mapping functions are not converted yet
metze
(This used to be commit fde64c0dc142b53d128c8ba09af048dc58d8ef3a)
|
|
signed integer values for enum), and it is also very confusing to read.
Also, please align defines nicely. The value of SV_TYPE_DOMAIN_ENUM
was defined incorrectly, which became obvious when you align the
defines, but wasn't at all obvious in the original code.
- removed redundent defines in smb.h
(This used to be commit fe042b8e5ca15dfd986bc0c05d464214a51cc0cf)
|
|
preparation for the full share modes and ntcreatex code that I am
working on.
highlights include:
- changed the way a backend determines if it is allowed to process a
request asynchronously. The previous method of looking at the
send_fn caused problems when an intermediate ntvfs module disabled
it, and the caller then wanted to finished processing using this
function. The new method is a REQ_CONTROL_MAY_ASYNC flag in
req->control_flags, which is also a bit easier to read
- fixed 2 bugs in the readbraw server code. One related to trying to
answer a readbraw with smb signing (which can't work, and crashed
our signing code), the second related to error handling, which
attempted to send a normal SMB error packet, when readbraw must
send a 0 read reply (as it has no header)
- added several more ntvfs_generic.c generic mapping functions. This
means that backends no longer need to implement such esoteric
functions as SMBwriteunlock() if they don't want to. The backend
can just request the mapping layer turn it into a write followed by
an unlock. This makes the backends considerably simpler as they
only need to implement one style of each function for lock, read,
write, open etc, rather than the full host of functions that SMB
provides. A backend can still choose to implement them
individually, of course, and the CIFS backend does that.
- simplified the generic structures to make them identical to the
principal call for several common SMB calls (such as
RAW_WRITE_GENERIC now being an alias for RAW_WRITE_WRITEX).
- started rewriting the pvfs_open() code in preparation for the full
ntcreatex semantics.
- in pvfs_open and ipc_open, initially allocate the open file
structure as a child of the request, so on error we don't need to
clean up. Then when we are going to succeed the open steal the
pointer into the long term backend context. This makes for much
simpler error handling (and fixes some bugs)
- use a destructor in the ipc backend to make sure that everthing is
cleaned up on receive error conditions.
- switched the ipc backend to using idtree for fnum allocation
- in the ntvfs_generic mapping routines, use a allocated secondary
structure not a stack structure to ensure the request pointer
remains valid even if the backend replies async.
(This used to be commit 3457c1836c09c82956697eb21627dfa2ed37682e)
|
|
This adds a pvfs_wait_message() routine which uses the new messaging
system, event timers and talloc destructors to give a nice generic
async event handling system with a easy to use interface. The
extensions to pvfs_lock.c are based on calls to pvfs_wait_message()
routines.
We now pass all of our smbtorture locking tests, although while
writing this code I have thought of some additonal tests that should
be added, particularly for lock cancel operations. I'll work on that
soon.
This commit also extends the smbtorture lock tests to test the rather
weird 0xEEFFFFFF locking semantics that I have discovered in
win2003. Win2003 treats the 0xEEFFFFFF boundary as special, and will
give different error codes on either side of it. Locks on both sides
are allowed, the only difference is which error code is given when a
lock is denied. Anyone like to hazard a guess as to why? It has
me stumped.
(This used to be commit 4395c0557ab175d6a8dd99df03c266325949ffa5)
|
|
enough for us to pass locktest, but does not yet support lock timeouts
and some of the other esoteric features.
(This used to be commit 58a92abd88f190bc60894a68e0528e95ae33fe39)
|
|
server side request structure to prevent a structing being freed in
some circumstances. This change replaces this with the much more
robust mechanism of talloc_increase_ref_count().
(This used to be commit 3f7741f178b359f81cc98ef18cd69bf976123e9f)
|
|
metze
(This used to be commit 442905394b5e2f74baa4d83b2f4ba5159f321dd2)
|
|
Andrew Bartlett
(This used to be commit e03195335931194372468bed2d758d4b9f686fe2)
|
|
smb.h should end with only smb protocol specific stuff in it
metze
(This used to be commit fda8e59f3d057bf849598f96f78f50f62d8514fe)
|
|
(Cleanup unused header definitions)
Andrew Bartlett
(This used to be commit 5941873f558c2af6ab5ef64e468acc8fab96ac01)
|
|
goodness and light' struct ;-)
Break apart the auth subsystem's return strucutres, into the parts
that a netlogon call cares about, and the parts that are for a local
session. This is the 'struct session_info' and it will almost
completly replace the current information stored on a vuid, but be
generic to all login methods (RPC over TCP, for example).
Andrew Bartlett
(This used to be commit d199697014d9562f9439a30b950fda798c5ef419)
|
|
metze
(This used to be commit 57151e80eb1090281401930c8fe25b20a8cf3a38)
|
|
metze
(This used to be commit 18062d2ed9fc9224c43143c10efbf2f6f1f5bbe0)
|
|
metze
(This used to be commit b5378803fdcb3b3afe7c2932a38828e83470f61a)
|
|
- remove unused lib/smbpasswd.c
- don't set the pkt size twice when doing SMB signing
(This used to be commit 69a2942f7987647a32d43c71f41ac1a82a82ccda)
|
|
metze
(This used to be commit 2986c5f08c8f0c26a2ea7b6ce20aae025183109f)
|
|
metze
(This used to be commit af6f1f8a01bebbecd99bc8c066519e89966e65e3)
|
|
metze
(This used to be commit 0e5517d937a2eb7cf707991d1c7498c1ab456095)
|
|
(This used to be commit a70eb86a3fda6c48389834c442890a73caa155f9)
|
|
(This used to be commit f61d333b2a280434181451ce735a05ad319a2515)
|
|
(This used to be commit 3068b766edb17accbf52f82a81734f6d76e9f9bc)
|
|
(This used to be commit 8e5ddf5e8eb74f667897f90baa2d00f02ca5818b)
|
|
Andrew Bartlett
(This used to be commit bd0e6c9983779e134d206ca939d221dab99521b6)
|
|
This commit kills passdb, which was only hosting the auth subsystem.
With the work tridge has done on Samba4's SAM backend, this can (and
now is) all hosted on ldb. The auth_sam.c file now references this
backend.
You will need to assign your users passwords in ldb - adding a new line:
unicodePwd: myPass
to a record, using ldbedit, should be sufficient. Naturally, this
assumes you have had your personal SAMR provisioning tutorial from
tridge. Everybody else can still use the anonymous logins.
Andrew Bartlett
(This used to be commit 2aa0b55fb86648731d5f2201fa5a6aa993b7ca48)
|
|
This removes the code that tried to lookup posix groups, as well as
the code that was tied to the SAM_ACCOUNT.
This should make auth_ldb much easier to write :-)
Andrew Bartlett
(This used to be commit e096ee2112adecaa69b6b3eb155a4e8f80dfc0f7)
|
|
samr_QueryUserInfo levels except for the password
set levels.
This means that a large part of the RPC-SAMR torture test now runs correctly against Samba4
(This used to be commit ec0a51898f543578e755207d81ed5c1524861c64)
|
|
(This used to be commit 2cb06b39d91ef18b21c18e9376ccbd8076aeecf8)
|
|
Not all the auth code is merged - only those parts that are actually
being used in Samba4.
There is a lot more work to do in the NTLMSSP area, and I hope to
develop that work here. There is a start on this here - splitting
NTLMSSP into two parts that my operate in an async fashion (before and
after the actual authentication)
Andrew Bartlett
(This used to be commit 5876c78806e6a6c44613a1354e8d564b427d0c9f)
|
|
I'd like to see more protocol defininitions in the IDL files and less
in smb.h where possible.
(This used to be commit 854b875bbe447955fb0c3876f046931d0bfde06c)
|
|
and exclude some files from Makefile.in
metze
(This used to be commit f77990cf2496f72d02566f09477349436be3dfcd)
|
|
This adds support for bigendian rpc in the client. I have installed
SUN pcnetlink locally and am using it to test the samba4 rpc
code. This allows us to easily find places where we have stuffed up
the types (such as 2 uint16 versus a uint32), as testing both
big-endian and little-endian easily shows which is correct. I have now
used this to fix several bugs like that in the samba4 IDL.
In order to make this work I also had to redefine a GUID as a true
structure, not a blob. From the pcnetlink wire it is clear that it is
indeed defined as a structure (the byte order changes). This required
changing lots of Samba code to use a GUID as a structure.
I also had to fix the if_version code in dcerpc syntax IDs, as it
turns out they are a single uint32 not two uint16s.
The big-endian support is a bit ugly at the moment, and breaks the
layering in some places. More work is needed, especially on the server
side.
(This used to be commit bb1af644a5a7b188290ce36232f255da0e5d66d2)
|
|
don't cause fragmented pdus (I'll add fragments shortly)
* change data_blob_talloc() to not zero memory when the 2nd argument
is NULL. The zeroing just masks bugs, and can't even allow a DOS
attack
* modified pidl to ensure that [ref] arguments to the out side of
functions are allocated when parsing the in side. This allows rpc
backends to assume that [ref] variables are all setup. Doesn't work
correctly for [ref] arrays yet
* changed DLIST_ADD_END() to take the type instead of a tmp
variable. This means you don't need to declare a silly tmp variable in
the caller
(This used to be commit 46e0a358198eeb9af1907ee2a29025d3ab23b6d1)
|
|
(This used to be commit 5fb01b0ec0321724c25669151ea7c20e6ec182d0)
|
|
(This used to be commit d7b6aa1e2ec1dc475e1bd5dce1c537720bc65eac)
|
|
generated headers)
(This used to be commit 7f2ac326f9d6019ca72f3b70ad1cdbeff6c2c9a5)
|
|
CVS: Enter Log. Lines beginning with `CVS:' are removed automatically
CVS:
CVS: Committing in .
CVS:
CVS: Modified Files:
CVS: Makefile.in configure.in include/includes.h include/ntvfs.h
CVS: include/smb.h lib/iconv.c lib/module.c ntvfs/ntvfs_base.c
CVS: ntvfs/cifs/vfs_cifs.c ntvfs/ipc/vfs_ipc.c
CVS: ntvfs/posix/vfs_posix.c ntvfs/print/vfs_print.c
CVS: ntvfs/reference/vfs_ref.c ntvfs/simple/vfs_simple.c
CVS: passdb/pdb_interface.c
CVS: Added Files:
CVS: include/module.h
CVS: ----------------------------------------------------------------------
Update to the modules system. Fixed:
- get rid of smb_probe_module
- merge older updates from 3.0
- introduced register_subsystem() and register_backend() functions
- adapt ntvfs and charset to use new register functions
- made smb_load_modules() work recursively (e.g. 'preload modules = /usr/lib/samba')
- got rid of some old remains
Things that still need work:
- Did I break tankFS? I don't think so, but I can't test it here :-(
- Add 'postload modules = ' (for modules that need to be loaded after fork() in smbd, if applicable)
- Convert RPC, auth, passdb, etc to use new register_{subsystem,backend}() functions
- Accept wildcards in 'preload modules' option, instead of loading recursively
(This used to be commit 7512b9ab1a8b3103f7a6c13f736353c46a26b668)
|
|
In general I prefer "struct foo" to just "foo" for most
structures. There are exceptions.
(This used to be commit 04eb12b56c653f98801ab29411f47564ab32fa58)
|