Age | Commit message (Collapse) | Author | Files | Lines |
|
This compares values for the domain and for secrets. We still have
some problems we need to sort out for secrets.
Also rename a number of structures in samr.idl and netlogon.idl, to
better express their consistancy.
Andrew Bartlett
(This used to be commit 3f52fa3a42b030c9aef21c8bd88aad87a0aae078)
|
|
NETLOGON.
In particular, rename samr_Name to samr_String - given that many
strings in this pipe are not 'names', the previous was just confusing.
(I look forward to PIDL turning these into simple char * some day...).
Also export out a few changes from testjoin.c to allow for how I have
written the new RPC-SAMSYNC test.
Andrew Bartlett
(This used to be commit 9cd666bcfb1fc752a4717010a7c4f05131dc728e)
|
|
(This used to be commit 3f75117db921e493bb77a5dc14b8ce91a6288f30)
|
|
The thing that finally convinced me that minimal includes was worth
pursuing for rpc was a compiler (tcc) that failed to build Samba due
to reaching internal limits of the size of include files. Also the
fact that includes.h.gch was 16MB, which really seems excessive. This
patch brings it back to 12M, which is still too large, but
better. Note that this patch speeds up compile times for both the pch
and non-pch case.
This change also includes the addition iof a "depends()" option in our
IDL files, allowing you to specify that one IDL file depends on
another. This capability was needed for the auto-includes generation.
(This used to be commit b8f5fa8ac8e8725f3d321004f0aedf4246fc6b49)
|
|
(This used to be commit 7067bb9b52223cafa28470f264f0b60646a07a01)
|
|
field. Add torture test for setting this feild - including all the
odd cases (not all the flags 'stick', and not others cannot be
removed).
Seperate the two 'password change' flags, and test them both in the
torture code.
Check that the password did change after every password set call.
Andrew Bartlett
(This used to be commit 3759128bd33b802d5213d50ba25f7c7d11cfe1d7)
|
|
string conversion. For RPC, all string conversions are supposed to be
done by the NDR layer, using string flags set in the IDL. The reason
this wasn't working is that I had been too lazy to do the STR_ASCII
string types properly at the NDR layer when initially writing
ndr_basic.c.
This commit fixes the ndr_basic code properly to do all ASCII
varients, by re-using the non-ascii code and a "byte_mul" local
variable. I have also removed the manual string conversion in the SAMR
torture test code.
(This used to be commit aad0e7e9d890bb56447f1f933b8f2bb78a3ee269)
|
|
IDL so this works (the previous IDL was bogus)
- changed a hyper to uint64 after looking at output on cascade on sparc
(This used to be commit db1ed5675a5271085ea0b89dd634b037ee710178)
|
|
possible to a structure creation routine. This makes for much easier
global cleanup.
(This used to be commit e14ee428ec357fab76a960387a9820a673786e27)
|
|
RPC-SAMR torture test. This closes the samr connection before working
on a open domain handle. The server is supposed to know that the open
domain handle still holds a reference to the connection, so the
connection remains valid even though it has been closed.
(This used to be commit f31e5d56e364ce8ab76fdb20b30e179b458b2ffa)
|
|
Andrew Bartlett
(This used to be commit 4904d814c0efd870ac42c790028a8448984e4749)
|
|
(This used to be commit 90a9e754db91647607eef3a2ccb08d3651fca9df)
|
|
(This used to be commit a0e571a9ddc01b8e90a93d591aec4b10c9926818)
|
|
have the handle type implied by the parameter name. There are four
types of handle: connect, domain, user and group handles. The
various samr_Connect functions return a connect handle, and the
samr_OpenFoo functions return a foo handle.
There is one exception - the samr_{Get,Set}Security function can
take any type of handle.
Fix up all C callers.
(This used to be commit 32f0f3154a8eb63de83145cbc8806b8906ccdc3e)
|
|
fails this and it kills the pipe, so we can't run the rest of the test
(This used to be commit bdb49f01b75aa5b3a458ee4629e867bee1d03358)
|
|
(This used to be commit 306eb848654e0cadb0ebe10c29420fc0c30a64c4)
|
|
on trunk
(This used to be commit 606caddeb95382287fa41a5017ca473d0301be6b)
|
|
group in a state where it can't be deleted via samr, which breaks
repeated runs of the test.
(This used to be commit bcad9efd728983c2d8932ef93eebd3d0c6d4d085)
|
|
(This used to be commit fb5796b0dccf7cd518db03e6456d986f17e50345)
|
|
Rework our random number generation system.
On systems with /dev/urandom, this avoids a change to secrets.tdb for every fork().
For other systems, we now only re-seed after a fork, and on startup.
No need to do it per-operation. This removes the 'need_reseed'
parameter from generate_random_buffer().
This also requires that we start the secrets subsystem, as that is
where the reseed value is stored, for systems without /dev/urandom.
In order to aviod identical streams in forked children, the random
state is re-initialised after the fork(), at the same point were we do
that to the tdbs.
Andrew Bartlett
(This used to be commit b97d3cb2efd68310b1aea8a3ac40a64979c8cdae)
|
|
metze
(This used to be commit f65cba9047c6a206e5aaade15b157e07fe4c8bd2)
|
|
pwd -> password
passwd -> password
username -> account_name
Also work on consistant structure feild names between these two pipes,
and fix up some callers to use samr_Password for the netlogon
credential code.
Andrew Bartlett
(This used to be commit 4e35418c2776f7b79be5b358ffd077754685d1ac)
|
|
This includes the netlogon pipe, for the machine account password
change system.
Andrew Bartlett
(This used to be commit 49d545a82057ee8b60d50aa55e908efe59875150)
|
|
names rather than our crazy naming scheme. So DES is now called
des_crypt() rather than smbhash()
- added the code from the solution of the ADS crypto challenge that
allows Samba to correctly handle a 128 bit session key in all of the
netr_ServerAuthenticateX() varients. A huge thanks to Luke Howard
from PADL for solving this one!
- restructured the server side rpc authentication to allow for other
than NTLMSSP sign and seal. This commit just adds the structure, the
next commit will add schannel server side support.
- added 128 bit session key support to our client side code, and
testing against w2k3 with smbtorture. Works well.
(This used to be commit 729b2f41c924a0b435d44a14209e6dacc2304cee)
|
|
indicate this although I could not find any consistent pattern.
I found this as 'net rpc group list local' in Samba3 sets this to 250 and only
gets a fixed, but incomplete list of groups out of W2k3.
I tried to correlate the results I got from w2k3 with the LDAP contents of the
corresponding entries, but I could not find anything. Ethereal only decodes
the lower byte, but to get all it seems necessary to have 0xffff here.
If you have time, could you might want to spend some of it decoding the bits
for SAMR completeness....
Volker
(This used to be commit 74e59c45603a9f897a24e37fc7626cf8ffc81403)
|
|
metze
(This used to be commit b5378803fdcb3b3afe7c2932a38828e83470f61a)
|
|
- moved some sec desc defines into misc.idl
- fixed pw_len field in UserInfo26
- made some pipes available on TCP
- added netr_DsrEnumerateDomainTrusts() to netlogon
- added templates for remaining netlogon IDL calls (from ethereal)
- added a unistr_noterm vs unistr error detector in ndr basic decoder
- added torture test for netr_DsrEnumerateDomainTrusts()
(This used to be commit ae5a5113fb83640dcb9ae4642c1b9eaf28487956)
|
|
- added start of QueryDomainInfo in samr server
"net rpc info" from samba3 now works against a samba4 server. I
suspect join will work fairly soon.
(This used to be commit 0a2c6a1062d0e364356853001f5f39bdb542f453)
|
|
GetDomPwInfo
(This used to be commit 00096609978e829b5da36040c15afa087e71eaa5)
|
|
metze
(This used to be commit 2986c5f08c8f0c26a2ea7b6ce20aae025183109f)
|
|
metze
(This used to be commit af6f1f8a01bebbecd99bc8c066519e89966e65e3)
|
|
metze
(This used to be commit 0e5517d937a2eb7cf707991d1c7498c1ab456095)
|
|
structures. This was suggested by metze recently.
I checked on the build farm and all the machines we have support 64
bit ints, and support the LL suffix for 64 bit constants. I suspect
some won't support strtoll() and related functions, so we will
probably need replacements for those.
(This used to be commit 9a9244a1c66654c12abe4379661cba83a73c4c21)
|
|
Currently this only authentiates the machine, not real users.
As a consequence of running the Samba4 NETLOGON test against Samba4, I
found a number of issues in the SAMR server, which I have addressed.
There are more templates in the provison.ldif for this reason.
I also added some debug to our credentials code, and fixed some bugs
in the auth_sam module.
The static buffer in generate_random_string() bit me badly, so I
removed it in favor of a talloc based system.
Andrew Bartlett
(This used to be commit 94624e519b66def97758b8a48a01ffe9029176f0)
|
|
includes all
of the password complexity, password history and other password restrictions.
(This used to be commit cb070b9084d95cf5178edbef951b75eab62b7220)
|
|
samr_DeleteDomainGroup.
I've added the hidden attribute numMembers that must be maintained by
Add/DelGroupMember for the GroupInfoAll query.
Volker
(This used to be commit 945d7478605c1bd67e4162ebb0635ab7da11faaf)
|
|
Andrew Bartlett
(This used to be commit a04b074c049db832f4c02a35d951d40875fce6d1)
|
|
unmapped names
(This used to be commit e3b31625f476cb1b8a4d5003dee2c574582c9b46)
|
|
in our new samr server
(This used to be commit 0f2503111498e809237e0155962db55dfde8cbfb)
|
|
added tests for the level 23 and 25 password change methods
(This used to be commit d49f7a6a0d1895de3d654a5b46c6aec3a57fde76)
|
|
thanks to Luke Howard for this test
(This used to be commit 891653e7d40f581016085e2c32e2802eea7e7ade)
|
|
afterwards for the RPC-NETLOGON test. This makes it much simpler to
run the test and also means that it doesn't distrurb any existing
domain join you might have.
(This used to be commit feac996794d5cc16e3612fb2901668a9b1e1d274)
|
|
(This used to be commit 4b4f025504cb5b92c8b119259f1df622cd72ec7c)
|
|
yay!
(This used to be commit 0221566cf5ff7dc5ce0de9af451b935ed8615f4e)
|
|
stick
(This used to be commit b2ebaf95b75b050ad02ca967867337cd81faa859)
|
|
possibly destructive tests. Use with care!
Added IDL and test code for samr_Shutdown() and samr_SetDsrmPassword()
(This used to be commit 84de0b7e58c69e0817b9d475de0895a54cc95927)
|
|
request (a dead socket). I discovered this when testing against Sun's
PC-NetLink.
cleaned up the naming of some of the samr requests
add IDL and test code for samr_QueryGroupMember(),
samr_SetMemberAttributesOfGroup() and samr_Shutdown(). (actually, I
didn't leave the samr_Shutdown() test in, as its fatal to windows
servers due to doing exactly what it says it does).
(This used to be commit 925bc2622c105dee4ffff809c6c35cd209a839f8)
|
|
(for example, not filling in extra
fields in level21 setuserinfo)
(This used to be commit d06ed158f9aef94159bfc09065ca5ad0c4c99de3)
|
|
Also added much better handling of random password generation in the
password change test code
(This used to be commit 67ae0b2a9851c1e77fdaa9f317a83bd54950618f)
|
|
samr_GetBootKeyInformation() and samr_Connect3()
also added some stub IDL for samr_SetBootKeyInformation() although I
don't yet have working test code. This one is tricky, as if you get it
wrong then the target system won't boot any more :)
(This used to be commit 118b6fc292ba3257511b1b83846582013fb59b23)
|