Age | Commit message (Collapse) | Author | Files | Lines |
|
metze
(This used to be commit f2196bf9b662d3f38d59eceb8c54f9d2e3f7b505)
|
|
routines to return an NTSTATUS. This should help track down errors.
Use a bit of talloc_steal and talloc_unlink to get the real socket to
be a child of the GENSEC or TLS socket.
Always return a new socket, even for the 'pass-though' case.
Andrew Bartlett
(This used to be commit 003e2ab93c87267ba28cd67bd85975bad62a8ea2)
|
|
contexts from the application layer into the socket layer.
This improves a number of correctness aspects, as we now allow LDAP
packets to cross multiple SASL packets. It should also make it much
easier to write async LDAP tests from windows clients, as they use SASL
by default. It is also vital to allowing OpenLDAP clients to use GSSAPI
against Samba4, as it negotiates a rather small SASL buffer size.
This patch mirrors the earlier work done to move TLS into the socket
layer.
Unusual in this pstch is the extra read callback argument I take. As
SASL is a layer on top of a socket, it is entirely possible for the
SASL layer to drain a socket dry, but for the caller not to have read
all the decrypted data. This would leave the system without an event
to restart the read (as the socket is dry).
As such, I re-invoke the read handler from a timed callback, which
should trigger on the next running of the event loop. I believe that
the TLS code does require a similar callback.
In trying to understand why this is required, imagine a SASL-encrypted
LDAP packet in the following formation:
+-----------------+---------------------+
| SASL Packet #1 | SASL Packet #2 |
----------------------------------------+
| LDAP Packet #1 | LDAP Packet #2 |
----------------------------------------+
In the old code, this was illegal, but it is perfectly standard
SASL-encrypted LDAP. Without the callback, we would read and process
the first LDAP packet, and the SASL code would have read the second SASL
packet (to decrypt enough data for the LDAP packet), and no data would
remain on the socket.
Without data on the socket, read events stop. That is why I add timed
events, until the SASL buffer is drained.
Another approach would be to add a hack to the event system, to have it
pretend there remained data to read off the network (but that is ugly).
In improving the code, to handle more real-world cases, I've been able
to remove almost all the special-cases in the testnonblock code. The
only special case is that we must use a deterministic partial packet
when calling send, rather than a random length. (1 + n/2). This is
needed because of the way the SASL and TLS code works, and the 'resend
on failure' requirements.
Andrew Bartlett
(This used to be commit 5d7c9c12cb2b39673172a357092b80cd814850b0)
|
|
- the 0xffffffffffffffff seqnum is reserved for SMB2 Break (oplock breaks)
so don't use it in a request. we should someday try to test this...
metze
(This used to be commit 730cdc4475822e28cb400116641294a7f98ad0b5)
|
|
security
descriptor. This is something that W2k3 does _not_ pass and probably is not
expected to, it seems the don't check access at tconX time.
Thanks to metze for the hint how in the srvsvc_NetShareInfo1501 struct the
length of the sd can be encoded in idl.
As metze says, there's probably more to the share secdesc, this needs more
testing. This one is here to walk the samba3 code.
Volker
(This used to be commit 67185508229a8d7f144c22cb194f573c932d6de5)
|
|
metze
(This used to be commit 1f48e7dca6a06078f3655a7f7a8f109bd6c0cb8e)
|
|
metze
(This used to be commit 49b96ac44a883c020c69df7a12df154dc4faa4d5)
|
|
metze
(This used to be commit 8d4fd35b10b176d31f986bbca5848091dffcd657)
|
|
RAW_NOTIFY_NTTRANS,RAW_NOTIFY_SMB2
- parse SMB2 Notify reponse
metze
(This used to be commit de50e0ccddfad16ad7b254770f4c52c1abe707b9)
|
|
metze
(This used to be commit a455dc7a8392230395c0e444f76a4ca13192f871)
|
|
metze
(This used to be commit e40d62363c2123fff37b35c1c7004e85a6786c2a)
|
|
the operation doesn't need a valid file handle in that case
metze
(This used to be commit d41a83d55945b07020349339888f3a34ac4eff4e)
|
|
metze
(This used to be commit 58bed7322c7e552d0462a11ce5d46a282c31f8f7)
|
|
preallocated
- body_size doesn't contain the preallocated byte so don't remove it
metze
(This used to be commit 3cf50e26b7dc11d85c46ef81a36c74acf97085c0)
|
|
(found by valgrind)
metze
(This used to be commit 283bec8295b6302dfe3dc12c82d7870bdfee8b37)
|
|
of smb_search_data
metze
(This used to be commit 78c201db8a47a71908698c4dda2add4cf85694d9)
|
|
Guenther
(This used to be commit 075242b97614202ee265577c9e5dd499e56bd768)
|
|
rafal
(This used to be commit 48a9f822442c8b115fd61d9c6781d8100df2bf9e)
|
|
is no padding...
the following patch is needed for vista beta2 to connect to samba4
metze
(This used to be commit 58baae8fc463cd2c4e4ce532c153ad80313b03eb)
|
|
there're 8 more unknown bytes...
Note:
- vista-CTP also support this as a server,
but uses the old format as client
- but vista-beta2 only uses and accept the new format
metze
(This used to be commit b3bdd4afdefc9ad3550f86a0aa6e6c90bf8ab416)
|
|
as we setup the 1 padding byte for non present dynamic part,
we need to overwrite it when we're getting a real dynamic part,
so we need to remove the buf->size +=1 when we do the first
push to the dynamic part (when buf->dynamic is still but->body + buf->body_fixed)
metze
(This used to be commit f309209629ad1b63a76fc06163a3eeb07dce4c86)
|
|
so we know that the 9th bytes is just uninitialized padding
metze
(This used to be commit f97a21b970ed23973cced2c67b5bc9ecd7afee88)
|
|
metze
(This used to be commit 429215113bd999466141df0a2e3b3097d677df1f)
|
|
simpler
- use ndr_push_struct_blob() for RAW_SFILEINFO_SEC_DESC
metze
(This used to be commit 79e51f033e680303431e56e818346b66a836d044)
|
|
metze
(This used to be commit f099fcb6e3a38d6df22cb3a0c7c666333e41f11b)
|
|
metze
(This used to be commit 81702c36c28e9e32860c5d91887d2ad2121ce306)
|
|
metze
(This used to be commit 6164d1e22e0545f558315591d49f862de06ea945)
|
|
metze
(This used to be commit dcc02df8297162a7fd913560194d9e821798dbe0)
|
|
correct grammar
(This used to be commit 26a2fa97e4c819e630bc9b50e11c8d5328c7b8c8)
|
|
the "92" to
"100" will give funny permissions...
Volker
(This used to be commit b76a3d4f590963d48eae8a9899d17ae3833c3dfa)
|
|
correct, or we try and do a memcmp on the trailing '\0'.
This happens because we now use memcmp for the prefix matching.
I just wish I had a test other than a particular invocation of the OSX
client. (I've tried and failed so far)
Andrew Bartlett
(This used to be commit 36aa8390807581442c68ac3ee9dd6eb05d89b86d)
|
|
(This used to be commit 61c6100617589ac6df4f527877241464cacbf8b3)
|
|
(This used to be commit 7ea51fb624ded55f69f235a6791de871f754e8fa)
|
|
(This used to be commit 8a7047c102cdbcf746dcdf8a52554816b7770026)
|
|
metze
(This used to be commit 1a9bfa2ac96d09d34d3c974ec5d89dc23bf3e153)
|
|
metze
(This used to be commit 4a307d7185862675fee23f55d3f85950a76f551d)
|
|
metze
(This used to be commit 8f1850ef65dc8c860912639d787d82399d015f13)
|
|
(This used to be commit 1a57b16715bf8b82e8f9118c3ab401acf081d02c)
|
|
metze
(This used to be commit 4e8c9bbd768a0d3f8719d8f2005d9b1b527c44fd)
|
|
dynamic size if 0
metze
(This used to be commit c7e8e79d75fd53fa37e9220e5bc9cac7ab574ff6)
|
|
metze
(This used to be commit 8aebd7adc9a0288ebf6b8d84fc376d699054a520)
|
|
but it's valid in this case
metze
(This used to be commit 92c19b1ba4e89bd1e973e084b254087c98ceac18)
|
|
as new levels
metze
(This used to be commit 91806353174704857dfcc15a730af7232cfde660)
|
|
large offsets, before sending large offset requests
metze
(This used to be commit b9ba2b8c5a314ba9e559e50bea4deb692dc0f3ec)
|
|
metze
(This used to be commit 1f50b2e0534ee25861b6812b64d91f63cbb118ad)
|
|
level
metze
(This used to be commit 95bf41b4d4ec96349802955e364fe44ef85f9077)
|
|
metze
(This used to be commit 0d983fa46fff588cf94e58732e36e324e2f0478a)
|
|
metze
(This used to be commit 2c9db9429106094b8ee9fa45e6f9a89af7c3725f)
|
|
metze
(This used to be commit 3cab02f6f513cf7eb3d8863e62952766bb4d908f)
|
|
metze
(This used to be commit 47dc1ed25323e76b93d9cef2a389726734d2e735)
|