Age | Commit message (Collapse) | Author | Files | Lines |
|
(This used to be commit 447d5fcc1bdbdeaf2d96dbcace36b480b5a18c73)
|
|
quite a large change as we had lots of code that assumed that
objectSid was a string in S- format.
metze and simo tried to convince me to use NDR format months ago, but
I didn't listen, so its fair that I have the pain of fixing all the
code now :-)
This builds on the ldb_register_samba_handlers() and ldif handlers
code I did earlier this week. There are still three parts of this
conversion I have not finished:
- the ltdb index records need to use the string form of the objectSid
(to keep the DNs sane). Until that it done I have disabled indexing on
objectSid, which is a big performance hit, but allows us to pass
all our tests while I rejig the indexing system to use a externally
supplied conversion function
- I haven't yet put in place the code that allows client to use the
"S-xxx-yyy" form for objectSid in ldap search expressions. w2k3
supports this, presumably by looking for the "S-" prefix to
determine what type of objectSid form is being used by the client. I
have been working on ways to handle this, but am not happy with
them yet so they aren't part of this patch
- I need to change pidl to generate push functions that take a
"const void *" instead of a "void*" for the data pointer. That will
fix the couple of new warnings this code generates.
Luckily it many places the conversion to NDR formatted records
actually simplified the code, as it means we no longer need as many
calls to dom_sid_parse_talloc(). In some places it got more complex,
but not many.
(This used to be commit d40bc2fa8ddd43560315688eebdbe98bdd02756c)
|
|
Steven Edwards <steven_ed4153@yahoo.com>.
I've moved the Win32-specific tests to win32.m4 so it does not
make any of the POSIX configure stuff more complicated.
(This used to be commit bf85fdd01552f75b745fdf3159a7a87cd6521ed2)
|
|
(This used to be commit 9adacb0d1620d4cfadd515239b853977cf03a719)
|
|
(This used to be commit 1f35642bed1129d0834906b3e94e8868992d6eb9)
|
|
survives
smbtorture *DENY* .
Volker
(This used to be commit da78ed1a4d1f7966d8013278436a710d258879e1)
|
|
the filesystem
(This used to be commit 71e281ae2fe2ce169aeb09f72376a60d28845808)
|
|
that fixes the RAW-RENAME test
metze
(This used to be commit e27c1ab89b21726d3c9e7f8f7af22d1ff38f2413)
|
|
when you cancel a lock, w2k3 gives NT_STATUS_FILE_LOCK_CONFLICT not
NT_STATUS_CANCELLED. Strange.
(This used to be commit a4f17fcd9218f16b6cc166b2f797e8889d6f63f4)
|
|
we now survive the RAW-UNLINK test without crashing
metze
(This used to be commit c2149963911bf95892e732b744f244fd76ff88c8)
|
|
Thanks Marc!
(This used to be commit d1c5eb3693b77b3eb7527dc2758a6ea75a100376)
|
|
management system I proposed on samba-technical a couple of days
ago. Essentially it is a very lightweight way for any code in Samba to
make IDL based rpc calls to anywhere else in the code, without the
client or server having to go to the trouble of setting up a full rpc
service.
It can be used with any of our existing IDL, but I expect it will
mostly be used for a new set of Samba specific management calls.
The LOCAL-IRPC torture test demonstrates how it can be used by calling
the echo_AddOne() call over this transport.
(This used to be commit 3d589a09954eb8b318f567e1150b0c27412fb942)
|
|
Fix memory handling for blkid caches which need to be cleared when session is
done.
(This used to be commit c623cc60541f747f0a801eb77d97bb0a3bb6956f)
|
|
if possible.
Implement smbclient's 'fsinfo' comand family which allows you to query file
system information in all known levels.
(This used to be commit 660d6e3915d0539dd78c77df6707ea84edb4d509)
|
|
open with openx and the 'truncate if exists' flag
(This used to be commit aa82b105d5871b3ca693a0757bb48cc589d88824)
|
|
code. On lock cancel don't retry the lock.
(This used to be commit dffeb3c3d44d1b837a6036c47eb809ce1bd53b22)
|
|
Thanks to lars and agruen for finding this
(This used to be commit 2acc06918574b1178eecf3d61026f84f85bb40e1)
|
|
(This used to be commit 321fbae51267153102e47845736f2c3a5abfe0be)
|
|
DCERPC_SCHANNEL_128 if we fail. Thus, it allows us to work with Windows
NT DCs ...
(This used to be commit 3034b226705c4736d57c9bf4e9470c4d44c72e8e)
|
|
GENSEC, and to pull SCHANNEL into GENSEC, by making it less 'special'.
GENSEC now no longer has it's own handling of 'set username' etc,
instead it uses cli_credentials calls.
In order to link the credentails code right though Samba, a lot of
interfaces have changed to remove 'username, domain, password'
arguments, and these have been replaced with a single 'struct
cli_credentials'.
In the session setup code, a new parameter 'workgroup' contains the
client/server current workgroup, which seems unrelated to the
authentication exchange (it was being filled in from the auth info).
This allows in particular kerberos to only call back for passwords
when it actually needs to perform the kinit.
The kerberos code has been modified not to use the SPNEGO provided
'principal name' (in the mechListMIC), but to instead use the name the
host was connected to as. This better matches Microsoft behaviour,
is more secure and allows better use of standard kerberos functions.
To achieve this, I made changes to our socket code so that the
hostname (before name resolution) is now recorded on the socket.
In schannel, most of the code from librpc/rpc/dcerpc_schannel.c is now
in libcli/auth/schannel.c, and it looks much more like a standard
GENSEC module. The actual sign/seal code moved to
libcli/auth/schannel_sign.c in a previous commit.
The schannel credentails structure is now merged with the rest of the
credentails, as many of the values (username, workstation, domain)
where already present there. This makes handling this in a generic
manner much easier, as there is no longer a custom entry-point.
The auth_domain module continues to be developed, but is now just as
functional as auth_winbind. The changes here are consequential to the
schannel changes.
The only removed function at this point is the RPC-LOGIN test
(simulating the load of a WinXP login), which needs much more work to
clean it up (it contains copies of too much code from all over the
torture suite, and I havn't been able to penetrate its 'structure').
Andrew Bartlett
(This used to be commit 2301a4b38a21aa60917973451687063d83d18d66)
|
|
secrets system, and not the old system from Samba3.
This allowed the code from auth_domain to be shared - we now only
lookup the secrets.ldb in lib/credentials.c.
In order to link the resultant binary, samdb_search() has been moved
from deep inside rpc_server into lib/gendb.c, along with the existing
gendb_search_v(). The vast majority of this patch is the simple
rename that followed,
(Depending on the whole SAMDB for just this function seemed pointless,
and brought in futher dependencies, such as smbencrypt.c).
Andrew Bartlett
(This used to be commit e13c671619bd290a8b3cae8555cb281a9a185ee0)
|
|
I wanted to add a simple 'workstation' argument to the DCERPC
authenticated binding calls, but this patch kind of grew from there.
With SCHANNEL, the 'workstation' name (the netbios name of the client)
matters, as this is what ties the session between the NETLOGON ops and
the SCHANNEL bind. This changes a lot of files, and these will again
be changed when jelmer does the credentials work.
I also correct some schannel IDL to distinguish between workstation
names and account names. The distinction matters for domain trust
accounts.
Issues in handling this (issues with lifetime of talloc pointers)
caused me to change the 'creds_CredentialsState' and 'struct
dcerpc_binding' pointers to always be talloc()ed pointers.
In the schannel DB, we now store both the domain and computername, and
query on both. This should ensure we fault correctly when the domain
is specified incorrectly in the SCHANNEL bind.
In the RPC-SCHANNEL test, I finally fixed a bug that vl pointed out,
where the comment claimed we re-used a connection, but in fact we made
a new connection.
This was achived by breaking apart some of the
dcerpc_secondary_connection() logic.
The addition of workstation handling was also propogated to NTLMSSP
and GENSEC, for completeness.
The RPC-SAMSYNC test has been cleaned up a little, using a loop over
usernames/passwords rather than manually expanded tests. This will be
expanded further (the code in #if 0 in this patch) to use a newly
created user account for testing.
In making this test pass test_rpc.sh, I found a bug in the RPC-ECHO
server, caused by the removal of [ref] and the assoicated pointer from
the IDL. This has been re-added, until the underlying pidl issues are
solved.
(This used to be commit 824289dcc20908ddec957a4a892a103eec2da9b9)
|
|
basic_info. Add null_nttime() as the equivalent of the existing
null_time() call for cheecking for valid NTTIME values
(This used to be commit 439ce2efbf7d2ba9b17d6b4bfaf651e781140715)
|
|
macro...
metze
(This used to be commit 9ec6c0e97765e60ef195296f17d6a27b5d0dcca9)
|
|
dev and fs types
this prevents the main smbsrv code from crashing when someone does a
tree connect on a print share
metze
(This used to be commit e8b081d5d10ef617eaed88fd05990e7753a85b99)
|
|
(This used to be commit 196c45b834c39f293b9533cec5cfe5a77382d4e2)
|
|
(This used to be commit 826baec7b348814a7bbdcdbec8c8526514f25da1)
|
|
changes
(This used to be commit e7e015f79b10c353848a17f31c91a0593790a560)
|
|
less likely that anyone will use pstring for new code
- got rid of winbind_client.h from includes.h. This one triggered a
huge change, as winbind_client.h was including system/filesys.h and
defining the old uint32 and uint16 types, as well as its own
pstring and fstring.
(This used to be commit 9db6c79e902ec538108d6b7d3324039aabe1704f)
|
|
- removed the u32 hack in events.c as I think this was only needed as
tdb.h defines u32. Metze, can you check that this hack is indeed no
longer needed on your suse system?
(This used to be commit 6f79432fe656164d4770dbce114a30dda5e7bf9a)
|
|
various data types:
Add ndr_flags argument to all ndr push/pull scalar functions
(This used to be commit ab490c0c882bb13de190546c50a0631ecb8255ad)
|
|
(This used to be commit 7f54c8a339f36aa43c9340be70ab7f0067593ef2)
|
|
gettimeofday() call
and just use timeval_current() when its actually needed
(This used to be commit 236403cc4dc2924ed6a898acae0bb44cc1688dcc)
|
|
make it possible to add optimisations to the events code such as
keeping the next timed event in a sorted list, and using epoll for
file descriptor events.
I also removed the loop events code, as it wasn't being used anywhere,
and changed timed events to always be one-shot (as adding a new timed
event in the event handler is so easy to do if needed)
(This used to be commit d7b4b6de51342a65bf46fce772d313f92f8d73d3)
|
|
metze
(This used to be commit add1c579375d08040f722946da31ee3862f9e7ac)
|
|
rename the core structure to composite_context and the wait routine to
composite_wait() (suggestion from metze)
(This used to be commit cf11d05e35179c2c3e51c5ab370cd0a3fb15f24a)
|
|
servers in smbd. The old code still contained a fairly bit of legacy
from the time when smbd was only handling SMB connection. The new code
gets rid of all of the smb_server specific code in smbd/, and creates
a much simpler infrastructures for new server code.
Major changes include:
- simplified the process model code a lot.
- got rid of the top level server and service structures
completely. The top level context is now the event_context. This
got rid of service.h and server.h completely (they were the most
confusing parts of the old code)
- added service_stream.[ch] for the helper functions that are
specific to stream type services (services that handle streams, and
use a logically separate process per connection)
- got rid of the builtin idle_handler code in the service logic, as
none of the servers were using it, and it can easily be handled by
a server in future by adding its own timed_event to the event
context.
- fixed some major memory leaks in the rpc server code.
- added registration of servers, rather than hard coding our list of
possible servers. This allows for servers as modules in the future.
- temporarily disabled the winbind code until I add the helper
functions for that type of server
- added error checking on service startup. If a configured server
fails to startup then smbd doesn't startup.
- cleaned up the command line handling in smbd, removing unused options
(This used to be commit cf6a46c3cbde7b1eb1b86bd3882b953a2de3a42e)
|
|
pvfs_access_check_unix().
Fixes a problem with the cifsfs filesystem
(This used to be commit 8ebc61a2297176515d767ef0f67ec912293ab905)
|
|
large commit. I thought this was worthwhile to get done for
consistency.
(This used to be commit ec32b22ed5ec224f6324f5e069d15e92e38e15c0)
|
|
(This used to be commit e32ade44858b869001d2990c788a7e34fb70b121)
|
|
this is what win2k3 does.
(This used to be commit 145d7c03df477eca08cb81d221e3a1b60ccf8c7f)
|
|
pvfs_shortname
- made the mangle cache size configurable
(This used to be commit 4adbd01812a53395f175bd6d8e402ad5451f7561)
|
|
control of the event, so instead build that into the function. If you
pass NULL as mem_ctx then it leaves it as a child of the events
structure.
(This used to be commit 7f981b9ed96f39027cbfd500f41e0c2be64cbb50)
|
|
complexity was that events didn't automatically cleanup
themselves. This was because the events code was written before we had
talloc destructors, so you needed to call event_remove_XX() to clean
the event out of the event lists from every piece of code that used
events. I have now added automatic event destructors, which in turn
allowed me to simplify a lot of the calling code.
The 2nd source of complexity was caused by the ref_count, which was
needed to cope with event handlers destroying events while handling
them, which meant the linked lists became invalid, so the ref_count ws
used to mark events for later destruction.
The new system is much simpler. I now have a ev->destruction_count,
which is incremented in all event destructors. The event dispatch code
checks for changes to this and handles it.
(This used to be commit a3c7417cfeab429ffb22d5546b205818f531a7b4)
|
|
is supplies the server event context during the connect.
(This used to be commit 133e67bb1fa661b0e0d340091be4160f9af04fe3)
|
|
(This used to be commit a034556faa5d15fee44a58be3aea8aee8ffae3c8)
|
|
socket connections. This was complicated by a few factors:
- it meant moving the event context from clitransport to clisocket,
so lots of structures changed
- we need to asynchronously handle connection to lists of port
numbers, not just one port number. The code internally tries each
port in the list in turn, without ever blocking
- the man page on how connect() is supposed to work asynchronously
doesn't work in practice (now why doesn't this surprise me?). The
getsockopt() for SOL_ERROR is supposed to retrieve the error, but
in fact the next (unrelated) connect() call on the same socket also
gets an error, though not the right error. To work around this I
need to tear down the whole socket between each attempted port. I
hate posix.
Note that clisocket.c still does a blocking name resolution call in
smbcli_sock_connect_byname(). That will be fixed when we add the async
NBT resolution code.
Also note that I arranged things so that every SMB connection is now
async internally, so using plain smbclient or smbtorture tests all the
async features of this new code.
(This used to be commit 468f8ebbfdbdf37c757fdc4863626aa9946a8870)
|
|
- stream_socket services
the smb, ldap and rpc service which sets up a srtam socket end then
waits for connections
and
- task services
which this you can create a seperate task that do something
(this is also going through the process_model subsystem
so with -M standard a new process for this created
with -M thread a new thread ...
I'll add datagram services later when we whave support for datagram sockets in lib/socket/
see the next commit as an example for service_task's
metze
(This used to be commit d5fa02746c6569b09b6e05785642da2fad3ba3e0)
|
|
- make use of talloc destructors
metze
(This used to be commit 8308da6ce4a95f8c10e22949ef00e9e64f2dbb85)
|
|
the backend should check for
(dce_call->state_flags & DCESRV_CALL_STATE_FLAG_MAY_ASYNC)
then it's allowed to reply async
then the backend should mark that call as async with
dce_call->state_flags |= DCESRV_CALL_STATE_FLAG_ASYNC;
later it has to manualy set r->out.result
and then send the reply by calling
status = dcesrv_reply(p->dce_call);
NOTE: that ncacn_np doesn't support async replies yet
- implement an async version of echo_TestSleep
- reenable the echo_TestSleep torture test
(this need to be more strict when we have support for async ncacn_np)
metze
(This used to be commit f0a0dbeb25b034b1333078ca085999359f5f6209)
|