| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
metze
(This used to be commit 1ffabbaa667c7dec6657ec523f92f072a2a47a95)
|
|
output on LSA.
Andrew Bartlett
(This used to be commit e3dce0f5be9d43d84d60e8402344dadd079f1e47)
|
|
* Add new IDL to LSA, to query information about trusted domains (for
cross-check with SamSync).
Andrew Bartlett
(This used to be commit 174c0778421b5154ff2ba809688ea6ef38a1478b)
|
|
* Add new tests for ACCOUNTs in SamSync
* Clean up names in NETLOGON and LSA
* Verify Security Descriptors against LSA, as well as SamR
Andrew Bartlett
(This used to be commit 7094502fe0346255a89667f702289b4c8dc9fa08)
|
|
some other minor fixes
(This used to be commit 9fca748fe3c12af83a006f1d0821aa560d08fc95)
|
|
(This used to be commit 4840eaeed3cfd72026babb382f26929c29702713)
|
|
verify that the security descriptor found in the SamSync is the same
as what is available over SAMR.
Unfortunately, the administrator seems unable to retrieve the SACL on
the security descriptor, so I've added a new function to compare with
a mask.
Andrew Bartlett
(This used to be commit 39ae5e1dac31a22086be50fb23261e02be877f3f)
|
|
for ACLs
(This used to be commit db72290bbe87644a89385c465855629a1f881e4f)
|
|
the GUI ACL editor on w2k to
correctly display names instead of SIDs.
(This used to be commit fdaa753578c7b80806d4040ed131f87ddbf988e0)
|
|
(This used to be commit 17911eea5995c12a2300dd3928612c77f8f0883e)
|
|
based on the current nttoken, which is completely wrong, but works as a start.
The ACL is stored in the xattr system.DosAcl, using a NDR encoded IDL
union with a version number to allow for future expansion.
pvfs does not yet check the ACL for file access. At the moment the ACL
is just query/set.
We also need to do some RPC work to allow the windows ACL editor to be
used. At the moment is queries the ACL fine, but displays an error
when it fails to map the SIDs via rpc.
(This used to be commit 3a1f20d874ab2d8b2a2f2485b7a705847abf1263)
|
|
(This used to be commit 2ff9816ae0ae41e0e63e4276a70d292888346dc7)
|
|
- move dom_sid, security_descriptor, security_* funtions to one place
and rename some of them
metze
(This used to be commit b620bdd672cfdf0e009492e648b0709e6b6d8596)
|
|
Andrew Bartlett
(This used to be commit 90398fda41dd15480899e3628df186eb02fdc139)
|
|
call has an optional sec_desc and ea_list.
(This used to be commit 8379ad14e3d51a848a99865d9ce8d56a301e8a3c)
|
|
This compares values for the domain and for secrets. We still have
some problems we need to sort out for secrets.
Also rename a number of structures in samr.idl and netlogon.idl, to
better express their consistancy.
Andrew Bartlett
(This used to be commit 3f52fa3a42b030c9aef21c8bd88aad87a0aae078)
|
|
The trickiest part about this was getting the sharing and locking
rules right, as alternate streams are separate locking spaces from the
main file for the purposes of byte range locking, and separate for
most share violation rules.
I suspect there are still problems with delete on close with alternate
data streams. I'll look at that next.
(This used to be commit b6452c4a2068cf7e837778559da002ae191b508a)
|
|
(the IDL, and the load/save meta-data logic)
- changed pvfs_resolve_name() to default to non-wildcard, needing
PVFS_RESOLVE_WILDCARD to enable wildcards. Most callers don't want
wildcards, so defaulting this way makes more sense.
- fixed deletion of EAs
(This used to be commit e7afd4403cc1b7e0928776929f8988aa6f15640b)
|
|
NETLOGON.
In particular, rename samr_Name to samr_String - given that many
strings in this pipe are not 'names', the previous was just confusing.
(I look forward to PIDL turning these into simple char * some day...).
Also export out a few changes from testjoin.c to allow for how I have
written the new RPC-SAMSYNC test.
Andrew Bartlett
(This used to be commit 9cd666bcfb1fc752a4717010a7c4f05131dc728e)
|
|
We now (for the first time) start to parse the 'user sensitive info'
field, which reveals the user's NT and LM passwords from Win2k3.
Using this, the 'validate samsync against netlogon' portion of the
tests works for accounts.
Trusted domains and secrets are now retreived, but like users,
require further cross-validation work.
Andrew Bartlett
(This used to be commit c1d3794cad8b001661b48ecb05df5c38a69be92c)
|
|
- Work on server side and local COM support (should work, just no
example classes yet)
- Use vtables so that local and remote calls can be used transparently
- Generate 'proxies and stubs' rather then heavily modified code in client.pm and server.pm. proxies (client side code) are generated in proxy.pm, stubs (server side dispatchers) are generated in stubs.pm
- Support registering classes and interfaces
- DCOM interfaces no longer have to be in the same IDL file as their
base interface, which will allow us to split up dcom.idl
(This used to be commit 7466947a23985f9bb15209b67880f7b94dc515c8)
|
|
Break out the samsync tests from RPC-NETLOGON into a new RPC-SAMSYNC,
that will cross-verify all the values.
Add support for the way netlogon credentials are shared between the
pipe that sets up schannel and the pipe that is encrypted with it.
Test this support, by calling both NETLOGON and SAMR operations in the
RPC-SCHANNEL test.
Move some of the Netlogon NEG flags into the .idl, now we have an idea
what a few of them really are.
Rename the sam_pwd_hash into a name that has meaning (all other crypto
functions were renamed in Samba4 ages ago).
Break out NTLMv2 functionality for operation on the NT hash - I intend
to do NTLMv2 logins in the samsync test in future, and naturally I
only have the hash.
Andrew Bartlett
(This used to be commit 6e6cc6fb9842113a1b0c7f6904dac709b320a6e5)
|
|
(This used to be commit 7484b9be7423ccd7e37432951700939e8a53d513)
|
|
(This used to be commit e7b67ff22fe0a76afc93ee522b253eaf5dccb11d)
|
|
(This used to be commit 709f279b192c8f9eeea04749169c00f2d57b20d3)
|
|
The torture test DCOM-SIMPLE now successfully does an
IStream_Read and a IStream_Write call.
This test can now be run successfully against the "Simple DCOM" Visual
Studio example.
(You have to quote out line 337 in pidl. pidl complains if the variable
that contains the array size follows the array. I still need to fix this
properly)
Next goals:
- Clean up code
- Server side support
- Support custom marshalling
- Support DCOM interfaces in files other then dcom.idl
(This used to be commit 8693344772a9b700533179f4bacfe27ec27dfcfe)
|
|
- OXID tables work now. IOXIDResolver is used if there is used for getting a STRINGBINDING if none is known yet
- Add custom dissectors for STRINGARRAY and DUALSTRINGARRAY. If there's a way to get rid of these later on (by supporting them thru pidl somehow), I'd be happy to use that instead of doing it manually.
I can now get to the point where we have created an object and are connected to
it. The only thing left to do is being able to set the Object UUID properly..
(This used to be commit 54e1e5edca50d3cd496c080715e84ec62cb2a10c)
|
|
use of contexts.
(This used to be commit 93eb3cd99c4fb065a69eabcead0c33804259c976)
|
|
open->generic ntvfs mapping code.
(This used to be commit ed844192d7f7ed487290f719df65f256a5b0b9bc)
|
|
This concludes the proper fixes.
Andrew Bartlett
(This used to be commit c1d025793f2994c8f1cab304c3394ab186654071)
|
|
Andrew Bartlett
(This used to be commit f1d0bb409a481aeb094c586458f2b05576d2bef8)
|
|
stored in posix xattrs
(This used to be commit bad6a88371264cffce2bf5d6ce904b7b357081de)
|
|
attributes of files.
I decided to use IDL/NDR to encode the attribute, as it gives us a
simple way to describe and extend the saved attributes.
The xattr code needs to hook into quite a few more places in the pvfs
code, but this at least gets the basics done. I will start encoding
alternate data streams streams, DOS EAs etc soon using the same basic
mechanism.
I'll probably stick to "version 1" for the xattr.idl for quite a while
even though it will be changing, as I don't expect anyone to be
deploying this in production just yet. Once we have production users
we will need to keep compatibility by supporting all the old version
numbers in xattr.idl.
(This used to be commit c54253ed1b7dce1d14f43e747da61089aea87094)
|
|
(This used to be commit 6fab01df000a126d2d01c41ead952d027f755309)
|
|
and then possibly does a epm_Map call().
ncacn_np now also uses dcerpc_epm_map_binding()
(This used to be commit 77eec3fa18dbbf4d774ccf04c7a38b0887f26ca6)
|
|
Thanks to tridge for some help on this one!
(This used to be commit 1104667190aa144e2c7d79ece9a55502b98d0351)
|
|
up connection.
(This used to be commit 8076db7a1f9e11c725e481a0bda4dbc354c9612f)
|
|
- Support for sending over the object UUID in DCERPC calls
- Simple torture test for the DCOM "Simple" object
- Generate extra argument for "object" interfaces in pidl
- Some stubs for common DCOM functions
(This used to be commit c052f2e1edd816206d8974af3140cec7ef97a70c)
|
|
metze
(This used to be commit 08b26ed7ec41f0575da79858ccd0bf0f9a27b2b2)
|
|
(This used to be commit 640e3a8ce865a72b171bdf15c8cf5afc2987a5d3)
|
|
NT_STATUS_BUFFER_TOO_SMALL or a NT_STATUS_NET_WRITE_FAULT if I try other user accounts. Must've got something to do with the auth padding...
(This used to be commit f6f3d312bf43354564a9b0816edc3a13b520192d)
|
|
- add support for strings where the length excludes the NULLTERM
metze
(This used to be commit 8251d8b3e5af351972aa41aed63f7a7d2640910e)
|
|
- tidied up some of the system includes
- moved a few more structures back from misc.idl to netlogon.idl and samr.idl now that pidl
knows about inter-IDL dependencies
(This used to be commit 7b7477ac42d96faac1b0ff361525d2c63cedfc64)
|
|
(This used to be commit 8e25117103b0339441bc6328176ed34034005528)
|
|
describes a COM class. A coclass is the implementation of one or more
interfaces. It has a UUID referred to as it's CLSID (Class ID).
Also adding an example coclass called "CoffeeMachine". You can give
it a string (or a cup, whatever you like ;-) and it will fill it with
"COFFEE" (kind of the like the echo pipe is for regular RPC). CoffeeMachine's
Windows implementation already works, a torture test for Samba will follow
soon.
(This used to be commit 05dd840b6ffba0d38d98e2e80d856e2f2b5d877c)
|
|
(This used to be commit c1f345eefdce3f6fc9e3a526543b2b9a6441e566)
|
|
the DCOM calls are wrappers around several local calls, so you get things like:
WERROR foobar ( [in] int num_ifaces,
[in,size_is(num_ifaces)] IID *ifaces,
[out,size_is(num_ifaces)] WERROR *results);
(This used to be commit 0873bf2cbe3589988e518cf68ad4d14343b9240b)
|
|
(This used to be commit da7ec2ae68112697e95b502f9ae093a4f504abe9)
|
|
The thing that finally convinced me that minimal includes was worth
pursuing for rpc was a compiler (tcc) that failed to build Samba due
to reaching internal limits of the size of include files. Also the
fact that includes.h.gch was 16MB, which really seems excessive. This
patch brings it back to 12M, which is still too large, but
better. Note that this patch speeds up compile times for both the pch
and non-pch case.
This change also includes the addition iof a "depends()" option in our
IDL files, allowing you to specify that one IDL file depends on
another. This capability was needed for the auto-includes generation.
(This used to be commit b8f5fa8ac8e8725f3d321004f0aedf4246fc6b49)
|
|
Add torture test for RemoteActivation
The request is now send correctly and we get back a valid response
from Windows but r->in.Interfaces is set to 0 somewhere while parsing
the response...
(This used to be commit cabec03422f0c7140b56b2d5c4ec8ca663b406fc)
|
