Age | Commit message (Collapse) | Author | Files | Lines |
|
(This used to be commit ed8d3073472fbb0850209f81dd04bd94f6d1c33d)
|
|
hack for the
winbind "bug" :-)
Volker
(This used to be commit fb9a3c7ef376f289288c71bc47d67f548ddb7194)
|
|
- allow setting of the ALL_EAS flags bits in SMB2 getinfo
(This used to be commit 8c7c54a46dfb91c053d07a5e606892a41213c605)
|
|
- added a smb2_setinfo call
- added smb2_setinfo_file*() calls
(This used to be commit da0b6fb93683331134ef2f4abd8707e0c3fc6d9d)
|
|
(This used to be commit ba897e537b9a1544dc214e9d5504c87fee6fced2)
|
|
QFILEINFO levels in trans2, so they can be shared with SMB2
(This used to be commit 5ca2d609e6a3766ebd07763f850ecc62209a7db7)
|
|
(This used to be commit ca65bf0235cbfab451e5d5ceac9f714acc0cd46c)
|
|
problem is that winbind currently relies on being able to receive on a
smb connection from within the same connections receive routine. This
means it relies on a non-serialised connection, so disable the
serialisation until winbind is fixed.
The correct fix will be to get rid of full_request() in dcerpc.c so
that bind requests can be fully async.
(This used to be commit c4115293d83a4a6d103e049c5832d4bcdc0a9dbc)
|
|
enabling of packet serialisation
(This used to be commit 6a47cd65a8b588f9ddd375c57caaba08281e7cbb)
|
|
- call async callback on error
metze
(This used to be commit 43aa5cffd3fd8bf07b236a039f5146e1e44296c6)
|
|
the associated send queue
- fixed negnowait to not watch for the SMBCLI_REQUEST_SEND state
(This used to be commit d19235ede5d352d0b0373d204f4357dddde5946f)
|
|
e.g when you supply an invalid TID or VUID)
- as we don't yet understand how to check the smb_signing of this
replies, we just ignore the whole packet
abartlet,jra,tridge:
can someone try to find out how to create and verify
the signatures for this replies.
what I noticed is that still use the increment by one for the request,
and later requests are still generated fine, only the generating and verifying
of the ntcancel replies make problems
metze
(This used to be commit e6eb0fd2c2f45d6f612d74c6b527c7b17094c907)
|
|
metze
(This used to be commit 356e7d037cf3fc24844b2efa5071917ea03e6163)
|
|
metze
(This used to be commit 16f2d92618a55188d260cadd144281b325cdacda)
|
|
(This used to be commit ba7864b07eebecd4d4eb2ce515412a49964ae179)
|
|
this was cause of the PANIC on the build farm on metze01
as we use req->out.buffer from the old request in the smb_raw_ntcancel()
and send a 0 TID, that causes our server code to crash
(a fix for the server code will follow)
metze
(This used to be commit 97cd824e44b03178706b108c7a78753faf412e8f)
|
|
(This used to be commit fa904afed93a350dd0dcd3cddc1521a4a1ad6711)
|
|
that some values aren't handled. The remaining warnings I think are
actual bugs or required functionality that is missing (mostly lack of
server side Unix extensions).
(This used to be commit 03c7da27a06736f2a27d76e6a00a24ab54453af9)
|
|
(This used to be commit d2b568a1114015839ca59c6f32bde4b06ea81ef9)
|
|
(This used to be commit 0bcea45b15b08cb42d7f6fbbb3a25f73b95f362c)
|
|
packet parsing code. This simplifies the logic in the raw client
library a fair bit
(This used to be commit f8d43f1f67876360e1295d85a3c3702d1d60ed7b)
|
|
Andrew Bartlett
(This used to be commit 6535959fd7dfddd6bafb77a266ec3a641025f880)
|
|
sequence, with a 2-millisecond timeout between firing the syn packets. Build
smbcli_sock_connect_send upon that.
Volker
(This used to be commit 5718df44d90d113304c5deed1e2e7f82ff9e928f)
|
|
* rename the composite helper functions from comp_* to composite_*
* Move the lsa initialization to wb_connect_lsa.c
* Equip smb_composite_connect with a fallback_to_anonymous
The latter two simplify wb_init_domain.c quite a bit.
Volker
(This used to be commit deb127e04ea01ae93394da5ebffb39d81caeb6d9)
|
|
(This used to be commit b714ab64fd79d5cabc39779774fae7c3861a84da)
|
|
tridge: I think this is correct, comments?
metze
(This used to be commit e06ca726f3df013d869d943338bc6b7a151cdd3f)
|
|
stuff.
- don't use SMBCLI_REQUEST_* state's in the genreic composite stuff
- move monitor_fn to libnet.
NOTE: I have maybe found some bugs, in code that is dirrectly in DONE or ERROR
state in the _send() function. I haven't fixed this bugs in this
commit! We may need some composite_trigger_*() functions or so.
And maybe some other generic helper functions...
metze
(This used to be commit 4527815a0a9b96e460f301cb1f0c0b3964c166fc)
|
|
- fixed ncacn_ip_tcp to use the generic async name resolution methods,
so NBT names now work (as requested several times by abartlet!)
- changed resolve_name() to take an event_context, so it doesn't cause
the whole process to block
- cleaned up the talloc_find_parent_bytype() calls to go via a cleaner
event_context_find() call
(This used to be commit b3d491b210a8b889a25efcb273e70fefbd01b7f7)
|
|
warnings
(This used to be commit 4f9f4312e98cce7589fc8e094d08e76cc697ab3d)
|
|
found by Coverity
(This used to be commit d1b7a4a24c3af1bfcc289a3476c9fb33ed2fb840)
|
|
seem to be used anywhere yet.
(This used to be commit 9e5ce3a28892241e2b080c0fa187ee99042c2330)
|
|
(This used to be commit 5e6d330e7388e47e1b2bfc96fff07682e90f63a5)
|
|
names.
(This used to be commit 26b191b3c9529b2dae5d004819dab46657064408)
|
|
(This used to be commit fac77f5fa267da57a55e88cad8993897e80741a0)
|
|
S390. This is an attempt to avoid the panic we're seeing in the
automatic builds.
The main fixes are:
- assumptions that sizeof(size_t) == sizeof(int), mostly in printf formats
- use of NULL format statements to perform dn searches.
- assumption that sizeof() returns an int
(This used to be commit a58ea6b3854973b694d2b1e22323ed7eb00e3a3f)
|
|
Thanks to lha for giving me a login on a netbsd machine to see this
(This used to be commit 4e66f682e4f1c31bbe9441a13af2c245db31433d)
|
|
metze
(This used to be commit f308b72b19ab1e0e2f5a732bd1bc13082a634a9c)
|
|
disabled. The main change is to turn off spnego, which cannot work at
all without nt status codes (w2k3 gives a ERRHRD:ERRgeneral error when
you try)
I also modified NT_STATUS_EQUAL() to allow for nt->dos code equality,
but only when nt status codes are disabled in smb.conf. That keeps all
the existing torture code working, while still allowing us to
correctly catch the cases where forced dos error codes are needed
The dos->ntstatus mapping table has been removed completely, as it
doesn't really make sense, is impossible to get right, and with the
new dos status handling isn't needed. When matching a nt status code
to a dos status code it makes far more sense to map from the nt code
to the dos code and compare, rather than the reverse, as the nt->dos
mapping is what windows has to do internally, so there really is a
valid mapping table.
(This used to be commit f21274e07b361ef40fdc0fe23e96f1c9c63a091c)
|
|
codes, controlled
with 'nt status support' option.
- make nt_errstr() display nice strings for dos status codes encoded
using NT_STATUS_DOS()
- no longer map between dos and nt status codes in the client library,
instead return using NT_STATUS_DOS()
- fixed the RAW-CONTEXT test to look for
NT_STATUS_DOS(ERRSRV, ERRbaduid) instead of NT_STATUS_INVALID_HANDLE
(This used to be commit ff5549e87ffae9f062394f30d8fd1ae95b614735)
|
|
data or params
(This used to be commit b4f2d17ace6a609ec87da103a89e36edee8903f9)
|
|
Andrew Bartlett
(This used to be commit 817160ec1a85724c8bf482f128ea687396de0888)
|
|
(This used to be commit 0163d7fe99caee54c6c2bd614e4f076fd00a6176)
|
|
- add a request destructor, to make it safe to destroy a pending
request with talloc_free()
(This used to be commit 72c6988767249caa585f37fec4c0afbf41557ec2)
|
|
event_context for the socket_connect() call, so that when things that
use dcerpc are running alongside anything else it doesn't block the
whole process during a connect.
Then of course I needed to change any code that created a dcerpc
connection (such as the auth code) to also take an event context, and
anything that called that and so on .... thus the size of the patch.
There were 3 places where I punted:
- abartlet wanted me to add a gensec_set_event_context() call
instead of adding it to the gensec init calls. Andrew, my
apologies for not doing this. I didn't do it as adding a new
parameter allowed me to catch all the callers with the
compiler. Now that its done, we could go back and use
gensec_set_event_context()
- the ejs code calls auth initialisation, which means it should pass
in the event context from the web server. I punted on that. Needs fixing.
- I used a NULL event context in dcom_get_pipe(). This is equivalent
to what we did already, but should be fixed to use a callers event
context. Jelmer, can you think of a clean way to do that?
I also cleaned up a couple of things:
- libnet_context_destroy() makes no sense. I removed it.
- removed some unused vars in various places
(This used to be commit 3a3025485bdb8f600ab528c0b4b4eef0c65e3fc9)
|
|
(This used to be commit 64fb327ccf80d2d501ae559a6c4336a066191df0)
|
|
Thanks to lars and agruen for finding this
(This used to be commit 2acc06918574b1178eecf3d61026f84f85bb40e1)
|
|
GENSEC, and to pull SCHANNEL into GENSEC, by making it less 'special'.
GENSEC now no longer has it's own handling of 'set username' etc,
instead it uses cli_credentials calls.
In order to link the credentails code right though Samba, a lot of
interfaces have changed to remove 'username, domain, password'
arguments, and these have been replaced with a single 'struct
cli_credentials'.
In the session setup code, a new parameter 'workgroup' contains the
client/server current workgroup, which seems unrelated to the
authentication exchange (it was being filled in from the auth info).
This allows in particular kerberos to only call back for passwords
when it actually needs to perform the kinit.
The kerberos code has been modified not to use the SPNEGO provided
'principal name' (in the mechListMIC), but to instead use the name the
host was connected to as. This better matches Microsoft behaviour,
is more secure and allows better use of standard kerberos functions.
To achieve this, I made changes to our socket code so that the
hostname (before name resolution) is now recorded on the socket.
In schannel, most of the code from librpc/rpc/dcerpc_schannel.c is now
in libcli/auth/schannel.c, and it looks much more like a standard
GENSEC module. The actual sign/seal code moved to
libcli/auth/schannel_sign.c in a previous commit.
The schannel credentails structure is now merged with the rest of the
credentails, as many of the values (username, workstation, domain)
where already present there. This makes handling this in a generic
manner much easier, as there is no longer a custom entry-point.
The auth_domain module continues to be developed, but is now just as
functional as auth_winbind. The changes here are consequential to the
schannel changes.
The only removed function at this point is the RPC-LOGIN test
(simulating the load of a WinXP login), which needs much more work to
clean it up (it contains copies of too much code from all over the
torture suite, and I havn't been able to penetrate its 'structure').
Andrew Bartlett
(This used to be commit 2301a4b38a21aa60917973451687063d83d18d66)
|
|
metze needs a working tree...
The main volume of this patch was what I started working on today:
- Cleans up memory handling around DCE/RPC pipes, to have a parent talloc context.
- Uses sepereate inner loops for some of the DCE/RPC tests
The other and more important part of this patch fixes issues
surrounding the new credentials framwork:
This makes the struct cli_credentials always a talloc() structure,
rather than on the stack. Parts of the cli_credentials code already
assumed this.
There were other issues, particularly in the DCERPC over SMB handling,
as well as little things that had to be tidied up before test_w2k3.sh
would start to pass.
Andrew Bartlett
(This used to be commit 0453f9d05d2e336fba1f85dbf2718d01fa2bf778)
|
|
Fix a couple of bugs in the new cli_credentials code
(This used to be commit 4ad481cfe5cde514d2ef9646147239f3faaa6173)
|
|
(This used to be commit c5aef260c4581bfc0d32ec09fac3414156c40230)
|