Age | Commit message (Collapse) | Author | Files | Lines |
|
Andrew Bartlett
(This used to be commit 4969f86ac29aa1c4371a5cd01551f45c7fdb4cb2)
|
|
should map to SEC_RIGHTS_FILE_READ, not READ|WRITE.
Jeremy.
(This used to be commit 26f63973e6207e3b5c3123f1326027ceac38966f)
|
|
fill in correct error code for zero length and too large IPC reads
(This used to be commit bf6558b8971ccda080d463753ddae977967e7093)
|
|
StrCaseCmp was sys_strcasecmp, while it is in fact strcasecmp_m!
(This used to be commit 200a8f6652cb2de7a8037a7a4c2a204b50aee2b1)
|
|
tridge: what should be the correct error code?
see rev 3239!
metze
(This used to be commit 27ec849718b97df2d6f30e2fbacaa0423e918862)
|
|
changes
(This used to be commit 4b89d7c7296dd7abd2d8bcd3f7b702de7314d9ff)
|
|
McCall, but takes a slightly different approach that I hope will be
more generic
(This used to be commit e8260a81cf99be2ccae64135ca0572c8a6ae62ad)
|
|
non-used memory context
(This used to be commit 127e06492a545940443c93e9aec66eebefa26dc2)
|
|
the ndr_pull/push/print functions for it in the ntacl-lsm module
- fix compiler warnings in the ldap_encode_ndr_* code
metze
(This used to be commit 83d65d0d7ed9c240ad44aa2c881c1f07212bfda4)
|
|
runs on a failed ntvfs init works
(This used to be commit dac0be64c7cef18f6740053b3e6fe9a25df40c88)
|
|
RAW-STREAMS to fail)
(This used to be commit c164ee5b19f6880b7b5df8d8fb96704350432862)
|
|
metze
(This used to be commit 51ab751c619bfa05a736853723f1aeda901a0b33)
|
|
delete on close
(This used to be commit dada509f5e374872cded9035611c9d4fd9f4c4c7)
|
|
(This used to be commit 320ab3c93b05a79b77dbbb85e9b038bb07848ba5)
|
|
first two entries in a directory. This is what caused the FC3 system
shelob in the build farm to fail the RAW-UNLINK and RAW-SEARCH tests.
(This used to be commit f48abaaaca301c025ebd381f62345b3869809917)
|
|
directories open, but close search states based on an inactivity
timer, with a default of a 5 minute timeout
(This used to be commit 2e8d154e7dfb9b320a1344e957a39e96e1eefadd)
|
|
required by ISO C99.
(This used to be commit 56fd21c806e816cf4c3d23881f26474f858b45e2)
|
|
Volker
(This used to be commit 2c4fd3ff99a4ade613030b3eb47d0ed527a95be3)
|
|
(This used to be commit b71fbcf5e2c627d918aef555b8cc8dd4591d8fe7)
|
|
(This used to be commit d77b3820d16f60fb9119ac6eb70007363990b20d)
|
|
that relied on the mapping need to be fixed. The first thing is to get
all the torture tests working against w2k3 again with nt status codes
enabled. The 2nd step will be to make them pass with nt status
disabled.
This starts on the first task, fixing the assumption that
NT_STATUS_INVALID_LOCK_SEQUENCE is a valid substitute for
ERRDOS:ERRbadaccess
(This used to be commit 87cdd117081193d215c5a9e3603438e058ad777b)
|
|
(This used to be commit 14f51a99bccffac0ca284d1315ab6d4b10f3711f)
|
|
metze
(This used to be commit 66d6b1d5783cba98f2f8e1c8eed1bdc26a5bad4f)
|
|
we now can reference the DATA_BLOB that is used inside the dcesrv subsystem
metze
(This used to be commit 078f42bc3f74c66b69c7f76005812b221d691f7a)
|
|
and not for the ipc_read() replies as here the client explicit says how much data it wants
the write_fn() in dcesrv_output() now returns NTSTATUS
and the ipc specific implementations are moved to the ntvfs_ipc module
metze
(This used to be commit fe483dcd874b7243d61e9623840c672b4ea06b2c)
|
|
(This used to be commit 447d5fcc1bdbdeaf2d96dbcace36b480b5a18c73)
|
|
quite a large change as we had lots of code that assumed that
objectSid was a string in S- format.
metze and simo tried to convince me to use NDR format months ago, but
I didn't listen, so its fair that I have the pain of fixing all the
code now :-)
This builds on the ldb_register_samba_handlers() and ldif handlers
code I did earlier this week. There are still three parts of this
conversion I have not finished:
- the ltdb index records need to use the string form of the objectSid
(to keep the DNs sane). Until that it done I have disabled indexing on
objectSid, which is a big performance hit, but allows us to pass
all our tests while I rejig the indexing system to use a externally
supplied conversion function
- I haven't yet put in place the code that allows client to use the
"S-xxx-yyy" form for objectSid in ldap search expressions. w2k3
supports this, presumably by looking for the "S-" prefix to
determine what type of objectSid form is being used by the client. I
have been working on ways to handle this, but am not happy with
them yet so they aren't part of this patch
- I need to change pidl to generate push functions that take a
"const void *" instead of a "void*" for the data pointer. That will
fix the couple of new warnings this code generates.
Luckily it many places the conversion to NDR formatted records
actually simplified the code, as it means we no longer need as many
calls to dom_sid_parse_talloc(). In some places it got more complex,
but not many.
(This used to be commit d40bc2fa8ddd43560315688eebdbe98bdd02756c)
|
|
Steven Edwards <steven_ed4153@yahoo.com>.
I've moved the Win32-specific tests to win32.m4 so it does not
make any of the POSIX configure stuff more complicated.
(This used to be commit bf85fdd01552f75b745fdf3159a7a87cd6521ed2)
|
|
(This used to be commit 9adacb0d1620d4cfadd515239b853977cf03a719)
|
|
(This used to be commit 1f35642bed1129d0834906b3e94e8868992d6eb9)
|
|
survives
smbtorture *DENY* .
Volker
(This used to be commit da78ed1a4d1f7966d8013278436a710d258879e1)
|
|
the filesystem
(This used to be commit 71e281ae2fe2ce169aeb09f72376a60d28845808)
|
|
that fixes the RAW-RENAME test
metze
(This used to be commit e27c1ab89b21726d3c9e7f8f7af22d1ff38f2413)
|
|
when you cancel a lock, w2k3 gives NT_STATUS_FILE_LOCK_CONFLICT not
NT_STATUS_CANCELLED. Strange.
(This used to be commit a4f17fcd9218f16b6cc166b2f797e8889d6f63f4)
|
|
we now survive the RAW-UNLINK test without crashing
metze
(This used to be commit c2149963911bf95892e732b744f244fd76ff88c8)
|
|
Thanks Marc!
(This used to be commit d1c5eb3693b77b3eb7527dc2758a6ea75a100376)
|
|
management system I proposed on samba-technical a couple of days
ago. Essentially it is a very lightweight way for any code in Samba to
make IDL based rpc calls to anywhere else in the code, without the
client or server having to go to the trouble of setting up a full rpc
service.
It can be used with any of our existing IDL, but I expect it will
mostly be used for a new set of Samba specific management calls.
The LOCAL-IRPC torture test demonstrates how it can be used by calling
the echo_AddOne() call over this transport.
(This used to be commit 3d589a09954eb8b318f567e1150b0c27412fb942)
|
|
Fix memory handling for blkid caches which need to be cleared when session is
done.
(This used to be commit c623cc60541f747f0a801eb77d97bb0a3bb6956f)
|
|
if possible.
Implement smbclient's 'fsinfo' comand family which allows you to query file
system information in all known levels.
(This used to be commit 660d6e3915d0539dd78c77df6707ea84edb4d509)
|
|
open with openx and the 'truncate if exists' flag
(This used to be commit aa82b105d5871b3ca693a0757bb48cc589d88824)
|
|
code. On lock cancel don't retry the lock.
(This used to be commit dffeb3c3d44d1b837a6036c47eb809ce1bd53b22)
|
|
Thanks to lars and agruen for finding this
(This used to be commit 2acc06918574b1178eecf3d61026f84f85bb40e1)
|
|
(This used to be commit 321fbae51267153102e47845736f2c3a5abfe0be)
|
|
DCERPC_SCHANNEL_128 if we fail. Thus, it allows us to work with Windows
NT DCs ...
(This used to be commit 3034b226705c4736d57c9bf4e9470c4d44c72e8e)
|
|
GENSEC, and to pull SCHANNEL into GENSEC, by making it less 'special'.
GENSEC now no longer has it's own handling of 'set username' etc,
instead it uses cli_credentials calls.
In order to link the credentails code right though Samba, a lot of
interfaces have changed to remove 'username, domain, password'
arguments, and these have been replaced with a single 'struct
cli_credentials'.
In the session setup code, a new parameter 'workgroup' contains the
client/server current workgroup, which seems unrelated to the
authentication exchange (it was being filled in from the auth info).
This allows in particular kerberos to only call back for passwords
when it actually needs to perform the kinit.
The kerberos code has been modified not to use the SPNEGO provided
'principal name' (in the mechListMIC), but to instead use the name the
host was connected to as. This better matches Microsoft behaviour,
is more secure and allows better use of standard kerberos functions.
To achieve this, I made changes to our socket code so that the
hostname (before name resolution) is now recorded on the socket.
In schannel, most of the code from librpc/rpc/dcerpc_schannel.c is now
in libcli/auth/schannel.c, and it looks much more like a standard
GENSEC module. The actual sign/seal code moved to
libcli/auth/schannel_sign.c in a previous commit.
The schannel credentails structure is now merged with the rest of the
credentails, as many of the values (username, workstation, domain)
where already present there. This makes handling this in a generic
manner much easier, as there is no longer a custom entry-point.
The auth_domain module continues to be developed, but is now just as
functional as auth_winbind. The changes here are consequential to the
schannel changes.
The only removed function at this point is the RPC-LOGIN test
(simulating the load of a WinXP login), which needs much more work to
clean it up (it contains copies of too much code from all over the
torture suite, and I havn't been able to penetrate its 'structure').
Andrew Bartlett
(This used to be commit 2301a4b38a21aa60917973451687063d83d18d66)
|
|
secrets system, and not the old system from Samba3.
This allowed the code from auth_domain to be shared - we now only
lookup the secrets.ldb in lib/credentials.c.
In order to link the resultant binary, samdb_search() has been moved
from deep inside rpc_server into lib/gendb.c, along with the existing
gendb_search_v(). The vast majority of this patch is the simple
rename that followed,
(Depending on the whole SAMDB for just this function seemed pointless,
and brought in futher dependencies, such as smbencrypt.c).
Andrew Bartlett
(This used to be commit e13c671619bd290a8b3cae8555cb281a9a185ee0)
|
|
I wanted to add a simple 'workstation' argument to the DCERPC
authenticated binding calls, but this patch kind of grew from there.
With SCHANNEL, the 'workstation' name (the netbios name of the client)
matters, as this is what ties the session between the NETLOGON ops and
the SCHANNEL bind. This changes a lot of files, and these will again
be changed when jelmer does the credentials work.
I also correct some schannel IDL to distinguish between workstation
names and account names. The distinction matters for domain trust
accounts.
Issues in handling this (issues with lifetime of talloc pointers)
caused me to change the 'creds_CredentialsState' and 'struct
dcerpc_binding' pointers to always be talloc()ed pointers.
In the schannel DB, we now store both the domain and computername, and
query on both. This should ensure we fault correctly when the domain
is specified incorrectly in the SCHANNEL bind.
In the RPC-SCHANNEL test, I finally fixed a bug that vl pointed out,
where the comment claimed we re-used a connection, but in fact we made
a new connection.
This was achived by breaking apart some of the
dcerpc_secondary_connection() logic.
The addition of workstation handling was also propogated to NTLMSSP
and GENSEC, for completeness.
The RPC-SAMSYNC test has been cleaned up a little, using a loop over
usernames/passwords rather than manually expanded tests. This will be
expanded further (the code in #if 0 in this patch) to use a newly
created user account for testing.
In making this test pass test_rpc.sh, I found a bug in the RPC-ECHO
server, caused by the removal of [ref] and the assoicated pointer from
the IDL. This has been re-added, until the underlying pidl issues are
solved.
(This used to be commit 824289dcc20908ddec957a4a892a103eec2da9b9)
|
|
basic_info. Add null_nttime() as the equivalent of the existing
null_time() call for cheecking for valid NTTIME values
(This used to be commit 439ce2efbf7d2ba9b17d6b4bfaf651e781140715)
|
|
macro...
metze
(This used to be commit 9ec6c0e97765e60ef195296f17d6a27b5d0dcca9)
|
|
dev and fs types
this prevents the main smbsrv code from crashing when someone does a
tree connect on a print share
metze
(This used to be commit e8b081d5d10ef617eaed88fd05990e7753a85b99)
|