summaryrefslogtreecommitdiff
path: root/source4/torture/rpc/lsa.c
AgeCommit message (Collapse)AuthorFilesLines
2007-10-10r11473: Based on work by Jelmer, implement the [async] flag for rpc ↵Volker Lendecke1-3/+84
requests. If it's not there (it's not yet on *any* call... :-)), the rpc client strictly sequences calls to an rpc pipe. Might need some more work on the exact sequencing semantics when a pipe with both sync and async calls is actually deployed, but I want it in for winbind simplification. Volker (This used to be commit b8f324e4f000971b7dafc263c16dd4af958ee7f9)
2007-10-10r11405: Ensure we can never have secret4 be uninitialised. Found afterAndrew Bartlett1-3/+5
volker's urging on the use of -O1. Andrew Bartlett (This used to be commit 6a7bb391ba62a4f90f57aa76c5dcc0d35fca54a4)
2007-10-10r11287: Understand the new behaviour of the LSA pipe on ncacn_ip_tcp in ↵Andrew Bartlett1-74/+178
Win2k3 SP1. Only a few operations are supported (LookupSids3 and LookupNames4), and these are only supported under schannel. This appears to be the operations Win2k3 SP1 uses to verify part of the PAC back to the server. The test is setup to pass, but not enforce (so far) this new behaviour. Andrew Bartlett (This used to be commit e15e39866e9775ba662f669a19836d33f7633f6f)
2007-10-10r9888: add IDL for lsa_QueryDomainInformationPolicy to query Kerberos Settings.Günther Deschner1-0/+33
Guenther (This used to be commit d717e878bdc05b06adcc50c3527c339be8164145)
2007-10-10r7685: Simply the test for session key logic, so we pass against NT4.Andrew Bartlett1-34/+0
Now, to try and figure out why this logic failed for jra... Andrew Bartlett (This used to be commit a32066a9ecf7cd82f66eb8381e07d014f5ac5eff)
2007-10-10r7684: Add a test aimed at checking we have agreement between client andAndrew Bartlett1-0/+34
server as to the CIFS session key. JRA had pain with this being wrong against NT4 (without spnego), hence this specific test. Andrew Bartlett (This used to be commit 47f433708ba38db9bf569567cc048e65f2786ebe)
2007-10-10r5941: Commit this patch much earlier than I would normally prefer, but ↵Andrew Bartlett1-3/+3
metze needs a working tree... The main volume of this patch was what I started working on today: - Cleans up memory handling around DCE/RPC pipes, to have a parent talloc context. - Uses sepereate inner loops for some of the DCE/RPC tests The other and more important part of this patch fixes issues surrounding the new credentials framwork: This makes the struct cli_credentials always a talloc() structure, rather than on the stack. Parts of the cli_credentials code already assumed this. There were other issues, particularly in the DCERPC over SMB handling, as well as little things that had to be tidied up before test_w2k3.sh would start to pass. Andrew Bartlett (This used to be commit 0453f9d05d2e336fba1f85dbf2718d01fa2bf778)
2007-10-10r5298: - got rid of pstring.h from includes.h. This at least makes it a bitAndrew Tridgell1-1/+1
less likely that anyone will use pstring for new code - got rid of winbind_client.h from includes.h. This one triggered a huge change, as winbind_client.h was including system/filesys.h and defining the old uint32 and uint16 types, as well as its own pstring and fstring. (This used to be commit 9db6c79e902ec538108d6b7d3324039aabe1704f)
2007-10-10r5037: got rid of all of the TALLOC_DEPRECATED stuff. My apologies for theAndrew Tridgell1-7/+7
large commit. I thought this was worthwhile to get done for consistency. (This used to be commit ec32b22ed5ec224f6324f5e069d15e92e38e15c0)
2007-10-10r4703: Add support for EnumTrustDomain, and expand the testsuite.Andrew Bartlett1-107/+137
Add my copyright to the SAMR server. Andrew Bartlett (This used to be commit 51e94fa26cc602ddca652776c213cd7096f9703a)
2007-10-10r4699: Move the test_EnumTrustDom() test into the test_CreateTrustedDomainAndrew Bartlett1-43/+63
test. This way, it must have at least one domain to enumerate. Andrew Bartlett (This used to be commit c19f1850ee76db07d4ab5654039bc1f78377994d)
2007-10-10r4698: - Initial implementation of trusted domains in LSA.Andrew Bartlett1-3/+3
- Use templates for Secrets and the new trusted domains - Auto-add modifiedTime, createdTime and objectGUID to records in the samdb layer. Andrew Bartlett (This used to be commit 271c8faadfe2d9e0f3d523a1cdc831f5f9e35d19)
2007-10-10r4694: 'fix' the behaviour for setting only the old, but not the new secret.Andrew Bartlett1-3/+9
(The behaviour is a little odd, but we wanted bug-for-bug, right? :-) Andrew Bartlett (This used to be commit 6a09a84320c9ab18568a66efb3839a8dcde834af)
2007-10-10r4682: A LDB-based secrets implementation in Samba4.Andrew Bartlett1-18/+49
This uses LDB (a local secrets.ldb and the global samdb) to fill out the secrets from an LSA perspective. Some small changes to come, but the bulk of the work is now done. A re-provision is required after this change. Andrew Bartlett (This used to be commit ded33033521a6a1c7ea80758c5c5aeeebb182a51)
2007-10-10r4674: Test SetSecret behaviour for local and global secrets, when settingAndrew Bartlett1-15/+103
only the OLD secret value. Andrew Bartlett (This used to be commit 5853af89c8dd5c4d6220f395bcc18708398999af)
2007-10-10r4673: Fix the IDL for the QuerySecret LSA call.Andrew Bartlett1-35/+60
This call uses a new IDL type, NTTIME_hyper. This is 8-byte aligned, as the name suggests. Expand the QuerySecret LSA calls in RPC-SAMLOGON and RPC-LSA, to validate the behaviour of times, and of the old secrets. Thanks to tridge for spotting the use of HYPER! Andrew Bartlett (This used to be commit 1fed79cb0f2ae7940639d08ef99576559d4cd06e)
2007-10-10r4671: Expand the RPC-LSA test to set secret values twice.Andrew Bartlett1-0/+60
Andrew Bartlett (This used to be commit 357d9114f002a607f80985588bbac150fa40d2bc)
2007-10-10r4660: Test what we should return for a secret that does not exist.Andrew Bartlett1-0/+9
Andrew Bartlett (This used to be commit a17a8fbf9a843c2c9e10940878b43ad8e1583091)
2007-10-10r4617: basic alter_context requests now work in our client library. The testAndrew Tridgell1-7/+7
just does a simple LSA/DSSETUP combo, which is what w2k does in the ACL editor rpc calls that triggered this work (This used to be commit 0129ec947aa1fa5a7104dc3a666af3cb9bd104f1)
2007-10-10r4603: Test creating local and global secrets over LSA.Andrew Bartlett1-97/+102
Andrew Bartlett (This used to be commit 96806136ead3d1949516b2cfe7350a4e10681c28)
2007-10-10r4585: don't consider LookupSids3 failing with NT_STATUS_ACCESS_DENIED (as ↵Andrew Tridgell1-1/+38
w2k3 does) or NT_STATUS_RPC_PROTSEQ_NOT_SUPPORTED (as longhorn does) to be an error. fixed the CreateTrustedDomain test to cope with the "torturedomain" being left over from a previous aborted run (This used to be commit 429d79815c260781fae6eed28160d7507e780f34)
2007-10-10r4443: test lsa_LookupNames3() even when lsa_LookupSids3() failsAndrew Tridgell1-0/+4
(This used to be commit d37f556258ba12479e4e9acc5cdb5535ebf41d7f)
2007-10-10r4437: added IDL and test code for lsa_LookupSids3() and lsa_LookupNames3().Andrew Tridgell1-0/+88
For some reason I am getting ACCESS_DENIED from w2k3 on lsa_LookupSids3(). I will investigate. (This used to be commit c759fa0000e37c3e93a7529a7701998af6727612)
2007-10-10r4322: use a nicer nameStefan Metzmacher1-3/+3
metze (This used to be commit f8ea82cbd1856f589132e2a96b8d658745036b3e)
2007-10-10r4310: fixed the authority_name field in lsa_GetUserName()Andrew Tridgell1-1/+4
(This used to be commit f78506697ad23456fcac6e8916d0dad05b0df6cc)
2007-10-10r4309: idl and torture test for lsa_GetUserName()Stefan Metzmacher1-1/+28
why does samba3 return domain_name as in the unknown_name field in the code and on the wire it returns DCERPC_FAULT_OP_RNG_ERROR? all of my test machines NT4,W2K,W2K3,XP returned NULL and if I file the string in the .in.* the server echos the strings back and returns NT_STATUS_INVALID_PARAMETER metze (This used to be commit 67e765b7e984d7aac2a7786b5bd0c80d10d6de5d)
2007-10-10r4308: [out,ref] pointer needs to set (don't corrupt the stack and segfault)Stefan Metzmacher1-0/+2
metze PS: <tridge> "silly tridge forgot a out [ref] var" :-) (This used to be commit a46c68a80001f5fe9d37cc4ce374071b6fe63076)
2007-10-10r4279: added IDL and test code for lsa_AddPrivilegesToAccount() and ↵Andrew Tridgell1-3/+70
lsa_RemovePrivilegesFromAccount() (This used to be commit 705b870c73995609c8d3ebb24418538bfe20c05b)
2007-10-10r4277: - added server support for lsa_EnumAccounts()Andrew Tridgell1-16/+21
- expanded the lsa test suite to better test lsa_EnumAccounts() (This used to be commit bafdb1772977d98fd57bb31a328af7cb1deee788)
2007-10-10r4195: added IDL, test suite and server side code for lsa_LookupPrivValueAndrew Tridgell1-3/+24
(This used to be commit 7bddd4740332017bb5f4bddcc9ba0234d05378bd)
2007-10-10r4052: fixed a bunch of code to use the type safe _p allocation macrosAndrew Tridgell1-2/+2
(This used to be commit 80d15fa3402a9d1183467463f6b21c0b674bc442)
2007-10-10r4035: more effort on consistent naming of the access mask bits.Andrew Tridgell1-9/+9
This removes the duplicate named SEC_RIGHTS_MAXIMUM_ALLOWED and SEC_RIGHTS_FULL_CONTROL, which are just other names for SEC_FLAG_MAXIMUM_ALLOWED and SEC_RIGHTS_FILE_ALL. The latter names match the new naming conventions in security.idl Also added names for the generic->specific mappings for files are directories (This used to be commit 17a4e0b3aca227b40957ed1e0c57e498debc6ddf)
2007-10-10r3978: added IDL and test code for lsa_LookupSids2() and lsa_LookupNames2()Andrew Tridgell1-0/+89
(This used to be commit 9da455ed56ebc167f295b231c2730e3ff9c94617)
2007-10-10r3919: Add more info levels to the QueryTrustedDomainInfo structures, withAndrew Bartlett1-1/+1
names and other assistance from the ethereal sources. More work needs to be done to validate some of the levels, which do not appear in the query - perhaps they are modification levels. Andrew Bartlett (This used to be commit 63635533693fa364b0c697a3fe1010b3eb8b17d3)
2007-10-10r3917: A few more LSA RPCs found in my wanderings (for trusted domains, theseAndrew Bartlett1-14/+61
seem to be 'shortcut' RPCs, that just avoid an open/query pair). Rename a few others to give us a slightly sensible pattern. Andrew Bartlett (This used to be commit d6a7ab57e74ab89dd163d5f9f5f901e586b0aad4)
2007-10-10r3907: * Rename lsa_Name to lsa_StringAndrew Bartlett1-13/+28
* Add new IDL to LSA, to query information about trusted domains (for cross-check with SamSync). Andrew Bartlett (This used to be commit 174c0778421b5154ff2ba809688ea6ef38a1478b)
2007-10-10r3904: * Add new LSA calls to open trusted domainsAndrew Bartlett1-7/+61
* Add new tests for ACCOUNTs in SamSync * Clean up names in NETLOGON and LSA * Verify Security Descriptors against LSA, as well as SamR Andrew Bartlett (This used to be commit 7094502fe0346255a89667f702289b4c8dc9fa08)
2007-10-10r3428: switched to using minimal includes for the auto-generated RPC code.Andrew Tridgell1-0/+1
The thing that finally convinced me that minimal includes was worth pursuing for rpc was a compiler (tcc) that failed to build Samba due to reaching internal limits of the size of include files. Also the fact that includes.h.gch was 16MB, which really seems excessive. This patch brings it back to 12M, which is still too large, but better. Note that this patch speeds up compile times for both the pch and non-pch case. This change also includes the addition iof a "depends()" option in our IDL files, allowing you to specify that one IDL file depends on another. This capability was needed for the auto-includes generation. (This used to be commit b8f5fa8ac8e8725f3d321004f0aedf4246fc6b49)
2007-10-10r3324: made the smbtorture code completely warning freeAndrew Tridgell1-1/+1
(This used to be commit 7067bb9b52223cafa28470f264f0b60646a07a01)
2007-10-10r2266: yay! LSA session keys on TCP now work!Andrew Tridgell1-150/+0
(This used to be commit f6ea24296acaaadcd2d59740bc88ef1a93fb1c28)
2007-10-10r2203: delete the key after testing, so as not to clutter the server with ↵Andrew Tridgell1-0/+2
random keys (This used to be commit d98ed1fbe52b547c461f1b6a859504e96e0e3ee7)
2007-10-10r2202: don't close the smb pipe after the puzzle testAndrew Tridgell1-2/+0
(This used to be commit 591ee2308c95982caf5453d35ebf6530208037fd)
2007-10-10r2201: removed an exit I accidentially left inAndrew Tridgell1-1/+0
(This used to be commit e1d13631f0163b69401a07c51e449ea1e32239bf)
2007-10-10r2200: solved another piece of the lsakey puzzle - the session key for lsaAndrew Tridgell1-0/+152
encryption on ncacn_ip_tcp is a fixed buffer! I don't yet know what the buffer is, but this code proves its the same buffer for different w2k3 servers and different user passwords, plus it is independent of the negotiated NTLMSSP session key. (This used to be commit 05fd38f3cfd9476bc1cf7fed838a942a75569c0a)
2007-10-10r2199: the unknown 16 bit number in lsa_LookupPrivDisplayName() is a languageAndrew Tridgell1-1/+8
ID, so the client can choose what language they get the privilege description in. this is the first time I've seen a language ID on the wire in CIFS. (This used to be commit e99d88915fbfcfb50b04330cd1a32b90222fbca3)
2007-10-10r2186: setting [ref] output pointers in dcerpc calls is pointless. Removed itAndrew Tridgell1-4/+0
for test_LookupPrivDisplayName (This used to be commit 2d8f4005926e15dcb56a6501091a56475a99712d)
2007-10-10r2179: two more lsa torture tests from Richard Renard. Thanks!Andrew Tridgell1-1/+70
(This used to be commit 25f85efd75bd54ff142027a8741edaa94725ca9a)
2007-10-10r2031: add a check for a blank secret return in lsa secret testsAndrew Tridgell1-8/+13
(This used to be commit eddb31d19654853189d1c3c52105a6240d100456)
2007-10-10r1637: - w2k3 can't handle more than 1000 names in a LookupNames requestAndrew Tridgell1-3/+3
- use a SID that w2k3 likes in CreateTrustedDomain (This used to be commit b5f25fdb7440ba21f073f4ca7fa9a8771a6ebaf4)
2007-10-10r1342: When fixing _lsa_lookupsids in samba3 I wanted to find out the number ↵Volker Lendecke1-0/+54
of SIDs w2k3 can handle in a single request. With the samba3 client rpc libs I can do about 21000 SIDs in a single request. test_many_LookupSIDs with 10000 SIDs fails on the subsequent request with a NET_WRITE_FAULT. Maybe the Samba4 DCE people want to take a look at this -- I don't see the problem. Bug fix: SID components should be treated as unsigned when parsing Volker (This used to be commit 8c997a2ad2e89a640f854b556ef76a3d52c15963)