Age | Commit message (Collapse) | Author | Files | Lines |
|
- added SMB2-SCANFIND test
- cleaned up continue flags in EAs and find requests
(This used to be commit 8792bc07d927e6470874230153177748afae3ee8)
|
|
- allow setting of the ALL_EAS flags bits in SMB2 getinfo
(This used to be commit 8c7c54a46dfb91c053d07a5e606892a41213c605)
|
|
- added smb2_setinfo to structs.h
(This used to be commit 5be1d334760b8422b65758d1891f9fe29185a244)
|
|
(This used to be commit ba897e537b9a1544dc214e9d5504c87fee6fced2)
|
|
QFILEINFO levels in trans2, so they can be shared with SMB2
(This used to be commit 5ca2d609e6a3766ebd07763f850ecc62209a7db7)
|
|
Thanks to lars and agruen for finding this
(This used to be commit 2acc06918574b1178eecf3d61026f84f85bb40e1)
|
|
dom_sid in it
metze
(This used to be commit 460d1b089e494efaeb0c8c7fd4601a9ef57123c5)
|
|
GENSEC, and to pull SCHANNEL into GENSEC, by making it less 'special'.
GENSEC now no longer has it's own handling of 'set username' etc,
instead it uses cli_credentials calls.
In order to link the credentails code right though Samba, a lot of
interfaces have changed to remove 'username, domain, password'
arguments, and these have been replaced with a single 'struct
cli_credentials'.
In the session setup code, a new parameter 'workgroup' contains the
client/server current workgroup, which seems unrelated to the
authentication exchange (it was being filled in from the auth info).
This allows in particular kerberos to only call back for passwords
when it actually needs to perform the kinit.
The kerberos code has been modified not to use the SPNEGO provided
'principal name' (in the mechListMIC), but to instead use the name the
host was connected to as. This better matches Microsoft behaviour,
is more secure and allows better use of standard kerberos functions.
To achieve this, I made changes to our socket code so that the
hostname (before name resolution) is now recorded on the socket.
In schannel, most of the code from librpc/rpc/dcerpc_schannel.c is now
in libcli/auth/schannel.c, and it looks much more like a standard
GENSEC module. The actual sign/seal code moved to
libcli/auth/schannel_sign.c in a previous commit.
The schannel credentails structure is now merged with the rest of the
credentails, as many of the values (username, workstation, domain)
where already present there. This makes handling this in a generic
manner much easier, as there is no longer a custom entry-point.
The auth_domain module continues to be developed, but is now just as
functional as auth_winbind. The changes here are consequential to the
schannel changes.
The only removed function at this point is the RPC-LOGIN test
(simulating the load of a WinXP login), which needs much more work to
clean it up (it contains copies of too much code from all over the
torture suite, and I havn't been able to penetrate its 'structure').
Andrew Bartlett
(This used to be commit 2301a4b38a21aa60917973451687063d83d18d66)
|
|
(This used to be commit 1d033d9dba7bc567b5458c08672ce9e570bb374b)
|
|
encapsulates all the different session setup methods, including the
multi-pass spnego code.
I have hooked this into all the places that previously used the
RAW_SESSSETUP_GENERIC method, and have removed the old
RAW_SESSSETUP_GENERIC code from clisession.c and clitree.c. A nice
side effect is that these two modules are now very simple again, back
to being "raw" session setup handling, which was what was originally
intended.
I have also used this to replace the session setup code in the
smb_composite_connect() code, and used that to build a very simple
replacement for smbcli_tree_full_connection().
As a result, smbclient, smbtorture and all our other SMB connection
code now goes via these composite async functions. That should give
them a good workout!
(This used to be commit 080d0518bc7d6fd4bc3ef783e7d4d2e3275d0799)
|
|
- make use of talloc destructors
metze
(This used to be commit 8308da6ce4a95f8c10e22949ef00e9e64f2dbb85)
|
|
- added test for chained OpenX/ReadX, simulating the OS/2 workplace shell
- fixed a bug in handling chained fnum in openx and ntcreatex in the server
(yes, I'm on holiday, but this bug was annoying me ....)
(This used to be commit b3b8958a18e302b815d98c0e3879e404bced6a08)
|
|
level. This is quite a strange level that we've never seen before, but
is used by the os2 workplace shell.
note w2k screws up this level when unicode is negotiated, so it only
passes the RAW-SEARCH test when you force non-unicode
(This used to be commit 25189b8fbf6515d573e3398dc9fca56505dc37b9)
|
|
level. Interestingly, this level did now show up on our trans2 scanner
previously as we didn't have the FLAGS2_EXTENDED_ATTRIBUTES bit set in
the client code. Now that we set that bit, new levels appear in
windows servers.
(This used to be commit 0b76d405a73e924dc2706f28bbf1084a59c9b393)
|
|
setfileinfo allows
for multiple EAs to be set at once. This fixes all the ea code to allow for that.
(This used to be commit b26828bef5d55e5eef0e34a164e76292df45e207)
|
|
to kukks on #samba-technical for the sniffs that allowed me to work
this out
- much simpler ntvfs open generic mapping code
- added t2open create with EA torture test to RAW-OPEN test
(This used to be commit a56d95ad89b4f32a05974c4fe9a816d67aa369e3)
|
|
- change smbcli_read/write to take void * for the buffers to match read(2)/write(2)
all this fixes a lot of gcc-4 warnings
metze
(This used to be commit b94f92bc6637f748d6f7049f4f9a30b0b8d18a7a)
|
|
(This used to be commit eec698254f67365f27b4b7569fa982e22472aca1)
|
|
(This used to be commit 1f3f9f829444cb889c6782c4fe52773fd6867b55)
|
|
queryfileinfo/setfileinfo logic, so querying/setting a security
descriptor is treated as just another file query/set operation.
This will allow NTVFS backends to see the query/set security
descriptor operations as RAW_FILEINFO_SEC_DESC and
RAW_SFILEINFO_SEC_DESC operations.
(This used to be commit f68a6b6b915c37e48c42390c1e74c2d1c2636fa9)
|
|
call has an optional sec_desc and ea_list.
(This used to be commit 8379ad14e3d51a848a99865d9ce8d56a301e8a3c)
|
|
The trickiest part about this was getting the sharing and locking
rules right, as alternate streams are separate locking spaces from the
main file for the purposes of byte range locking, and separate for
most share violation rules.
I suspect there are still problems with delete on close with alternate
data streams. I'll look at that next.
(This used to be commit b6452c4a2068cf7e837778559da002ae191b508a)
|
|
preparation for adding code to pass the BASE-DENY1 and BASE-DENYDOS
tests, which require a shared filesystem handle for some specific
combinations of two DENY_DOS opens on the same connection.
(This used to be commit 6e4fdf01d19051e3923d7703dbf990fc1722b09a)
|
|
stored in posix xattrs
(This used to be commit bad6a88371264cffce2bf5d6ce904b7b357081de)
|
|
structure element called "open" as its a macro on solaris.
(This used to be commit 4e92e15c4e396b1d8cd211192888fea68c2cf0f9)
|
|
generating the
prototypes itself
(This used to be commit e694aeefe7c725d417abdd3c48d16ff1d932c223)
|
|
- combine setattre and standard levels in setfileinfo, as they use the
same structure
(This used to be commit e9aa1f789955533aca4fe43d5d74ffa1e8d1300b)
|
|
simplify code by making them aliases
(This used to be commit 91a1dc121cba77a3400935c199897cde50396cdd)
|
|
the ntvfs_generic mapping functions rather than sending the exact
function asked for. This allows the generic mapping functions to be
tested by comparing the behaviour of smbtorture against two cifs
backend shares, one using "cifs:mapgeneric = true" and the other
"cifs:mapgeneric = False"
(This used to be commit c240c6bca5e10f1acbff45b0ed41c4c1ebcaae96)
|
|
preparation for the full share modes and ntcreatex code that I am
working on.
highlights include:
- changed the way a backend determines if it is allowed to process a
request asynchronously. The previous method of looking at the
send_fn caused problems when an intermediate ntvfs module disabled
it, and the caller then wanted to finished processing using this
function. The new method is a REQ_CONTROL_MAY_ASYNC flag in
req->control_flags, which is also a bit easier to read
- fixed 2 bugs in the readbraw server code. One related to trying to
answer a readbraw with smb signing (which can't work, and crashed
our signing code), the second related to error handling, which
attempted to send a normal SMB error packet, when readbraw must
send a 0 read reply (as it has no header)
- added several more ntvfs_generic.c generic mapping functions. This
means that backends no longer need to implement such esoteric
functions as SMBwriteunlock() if they don't want to. The backend
can just request the mapping layer turn it into a write followed by
an unlock. This makes the backends considerably simpler as they
only need to implement one style of each function for lock, read,
write, open etc, rather than the full host of functions that SMB
provides. A backend can still choose to implement them
individually, of course, and the CIFS backend does that.
- simplified the generic structures to make them identical to the
principal call for several common SMB calls (such as
RAW_WRITE_GENERIC now being an alias for RAW_WRITE_WRITEX).
- started rewriting the pvfs_open() code in preparation for the full
ntcreatex semantics.
- in pvfs_open and ipc_open, initially allocate the open file
structure as a child of the request, so on error we don't need to
clean up. Then when we are going to succeed the open steal the
pointer into the long term backend context. This makes for much
simpler error handling (and fixes some bugs)
- use a destructor in the ipc backend to make sure that everthing is
cleaned up on receive error conditions.
- switched the ipc backend to using idtree for fnum allocation
- in the ntvfs_generic mapping routines, use a allocated secondary
structure not a stack structure to ensure the request pointer
remains valid even if the backend replies async.
(This used to be commit 3457c1836c09c82956697eb21627dfa2ed37682e)
|
|
enough for us to pass locktest, but does not yet support lock timeouts
and some of the other esoteric features.
(This used to be commit 58a92abd88f190bc60894a68e0528e95ae33fe39)
|
|
(This used to be commit 4e4859c06b9de5fe60ebd17cfb09eed480b79ec1)
|
|
original core level calls). The old code was completely wrong in many respects.
also fixed the EA_SIZE level in the server
extended the RAW-SEARCH test suite to test the new code properly
(This used to be commit 71480271ad84b57fcdde264a54bb2408cf783255)
|
|
pointless
(This used to be commit 5fcad57128e47d4d6c0f387d5563d9de2fc08351)
|
|
(This used to be commit 1de5aa5b1d6a9b4b3ed18935c562b0bf03a4d94e)
|
|
(This used to be commit e50fc00671ace0085632f35ec99ad1125cd4d546)
|
|
e.g. we now have 'union smb_mkdir' and 'enum smb_mkdir_level' in sync
we may should also rename 'RAW_MKDIR_*' -> 'SMB_MKDIR_*'
metze
(This used to be commit 0bb50dcf1ccb9797000fcbea4d8a73f2d2a3db77)
|
|
metze
(This used to be commit 2986c5f08c8f0c26a2ea7b6ce20aae025183109f)
|
|
metze
(This used to be commit af6f1f8a01bebbecd99bc8c066519e89966e65e3)
|
|
metze
(This used to be commit 0e5517d937a2eb7cf707991d1c7498c1ab456095)
|
|
structures. This was suggested by metze recently.
I checked on the build farm and all the machines we have support 64
bit ints, and support the LL suffix for 64 bit constants. I suspect
some won't support strtoll() and related functions, so we will
probably need replacements for those.
(This used to be commit 9a9244a1c66654c12abe4379661cba83a73c4c21)
|
|
rare thing, a non-length string (ie. not a WIRE_STRING) but a null
terminated char string. There wasn't a good interface to pull that
out of a blob (all the string interfaces assumed WIRE_STRINGS). Added
a new one, only used for this call. Sucks, I know - but the alternatives
suck more. Added tests for some of the unix info returned.
Jeremy.
(This used to be commit 4d0ed04c54b105789ffd32334c3b0e544f02418c)
|
|
Jeremy.
(This used to be commit a25ae9addbb362abf67a0cbd6e62bf4cbe06d8b7)
|
|
This adds support for bigendian rpc in the client. I have installed
SUN pcnetlink locally and am using it to test the samba4 rpc
code. This allows us to easily find places where we have stuffed up
the types (such as 2 uint16 versus a uint32), as testing both
big-endian and little-endian easily shows which is correct. I have now
used this to fix several bugs like that in the samba4 IDL.
In order to make this work I also had to redefine a GUID as a true
structure, not a blob. From the pcnetlink wire it is clear that it is
indeed defined as a structure (the byte order changes). This required
changing lots of Samba code to use a GUID as a structure.
I also had to fix the if_version code in dcerpc syntax IDs, as it
turns out they are a single uint32 not two uint16s.
The big-endian support is a bit ugly at the moment, and breaks the
layering in some places. More work is needed, especially on the server
side.
(This used to be commit bb1af644a5a7b188290ce36232f255da0e5d66d2)
|
|
more like the other major SMB functions
* added SMBntrename code
(This used to be commit f2d3dc9893fa0e089c407fa16ce9ff13587e70cd)
|
|
(This used to be commit b2ced24fc0be4944dd96f160e435f4c6773debcd)
|
|
successful LSA OpenPolicy using smbtorture
(This used to be commit e925c315f55905060fcca1b188ae1f7e40baf514)
|
|
- added SMBD_LISTEN_BACKLOG in local.h
- added the beginnings of a ndr/rpc parsing framework for Samba4. It
currently correctly parses security descriptors for the nttrans
QUERY_SECDESC call, but I hope it will become a reasonable framework
that an idl based generator can work to
(This used to be commit 9bf904fc34f88e0581f93656e73d3c01ca96f761)
|
|
the same for trans and trans2.
(This used to be commit 7d21af3fdf6cf5144a41021425179ca2bba553b3)
|
|
fields in level 261 and level 262 of directory search are, plus the
names of the levels
the unknown fields are a 64bit unique file id, and match the 64 bit
number from the internal_information qfileinfo level
(This used to be commit b69f54eb028a24144a2e813f059b08644118ab09)
|