summaryrefslogtreecommitdiff
path: root/source4/torture/rpc/samsync.c
AgeCommit message (Collapse)AuthorFilesLines
2007-10-10r8520: fixed a pile of warnings from the build farm gcc -Wall output onAndrew Tridgell1-2/+2
S390. This is an attempt to avoid the panic we're seeing in the automatic builds. The main fixes are: - assumptions that sizeof(size_t) == sizeof(int), mostly in printf formats - use of NULL format statements to perform dn searches. - assumption that sizeof() returns an int (This used to be commit a58ea6b3854973b694d2b1e22323ed7eb00e3a3f)
2007-10-10r8430: readd my hack to display the hashes with -d 100Stefan Metzmacher1-0/+9
metze (This used to be commit b3f01ef0df2579decbbb67586157d089f528dd13)
2007-10-10r8232: remove samr_String and netr_String as they are the same as lsa_StringStefan Metzmacher1-1/+1
metze (This used to be commit e601042c07d7b6eed0dc34e5b136d9266b8a0f81)
2007-10-10r7993: Further work on the Krb5 PAC.Andrew Bartlett1-2/+2
We now generate the PAC, and can verifiy both our own PAC and the PAC from Win2k3. This commit adds the PAC generation code, spits out the code to get the information we need from the NETLOGON server back into a auth/ helper function, and adds a number of glue functions. In the process of building the PAC generation code, some hints in the Microsoft PAC specification shed light on other parts of the code, and the updates to samr.idl and netlogon.idl come from those hints. Also in this commit: The Heimdal build package has been split up, so as to only link the KDC with smbd, not the client utils. To enable the PAC to be veified with gensec_krb5 (which isn't quite dead yet), the keyblock has been passed back to the calling layer. Andrew Bartlett (This used to be commit e2015671c2f7501f832ff402873ffe6e53b89466)
2007-10-10r7633: this patch started as an attempt to make the dcerpc code use a givenAndrew Tridgell1-2/+2
event_context for the socket_connect() call, so that when things that use dcerpc are running alongside anything else it doesn't block the whole process during a connect. Then of course I needed to change any code that created a dcerpc connection (such as the auth code) to also take an event context, and anything that called that and so on .... thus the size of the patch. There were 3 places where I punted: - abartlet wanted me to add a gensec_set_event_context() call instead of adding it to the gensec init calls. Andrew, my apologies for not doing this. I didn't do it as adding a new parameter allowed me to catch all the callers with the compiler. Now that its done, we could go back and use gensec_set_event_context() - the ejs code calls auth initialisation, which means it should pass in the event context from the web server. I punted on that. Needs fixing. - I used a NULL event context in dcom_get_pipe(). This is equivalent to what we did already, but should be fixed to use a callers event context. Jelmer, can you think of a clean way to do that? I also cleaned up a couple of things: - libnet_context_destroy() makes no sense. I removed it. - removed some unused vars in various places (This used to be commit 3a3025485bdb8f600ab528c0b4b4eef0c65e3fc9)
2007-10-10r6603: More work on the samdump puzzle. This implements a function pointerAndrew Bartlett1-1/+1
callback interface, so we can start dumping into more than just stdout soon. Also use the enums instead of uint32 where possible and valid. Andrew Bartlett (This used to be commit f0c67a4a24dbd7fc32fc864d61a21eeee587178e)
2007-10-10r6582: Remove the hack that metze needed because Samba4 didn't have a samdumpAndrew Bartlett1-9/+0
command. Andrew Bartlett (This used to be commit adb5a3093ea3ab82e01f488ea780106fee98733b)
2007-10-10r6565: Cludge, cludge, cludge...Andrew Bartlett1-2/+6
We need to pass the 'secure channel type' to the NETLOGON layer, which must match the account type. (Yes, jelmer objects to this inclusion of the kitchen sink ;-) Andrew Bartlett (This used to be commit 8ee208a926d2b15fdc42753b1f9ee586564c6248)
2007-10-10r6544: Use common structures between SAMR, NETLGON and the Krb5 PAC.Andrew Bartlett1-0/+45
Fill out the group list for the SamLogon reply, so clients get the supplementary groups. Andrew Bartlett (This used to be commit d9c31e60a72c345e3a23a7eb742906bcfc18721c)
2007-10-10r6523: Another string that isn't filled in. I wonder why this is, but forAndrew Bartlett1-1/+4
now don't fail the test. Andrew Bartlett (This used to be commit 437aabf15ef7c5eead4bec45eb7e10a77f392b84)
2007-10-10r6206: go baack 10 revisions to get DatabaseDeltas, this shows that the bdc onlyStefan Metzmacher1-1/+5
need one call to get in sync again (except something like NT_STATUS_MORE_ENTRIES is returned) also the pdc only need to know the current state values metze (This used to be commit f4e12b38937bd8c16fd1a8b13401a65565d4bd00)
2007-10-10r5947: print out the password hashes when -d 100 is in use,Stefan Metzmacher1-0/+9
very usefull for creating a keytab file with metze (This used to be commit 15b80a28dbf2004f63648fede61e514e55030018)
2007-10-10r5941: Commit this patch much earlier than I would normally prefer, but ↵Andrew Bartlett1-37/+65
metze needs a working tree... The main volume of this patch was what I started working on today: - Cleans up memory handling around DCE/RPC pipes, to have a parent talloc context. - Uses sepereate inner loops for some of the DCE/RPC tests The other and more important part of this patch fixes issues surrounding the new credentials framwork: This makes the struct cli_credentials always a talloc() structure, rather than on the stack. Parts of the cli_credentials code already assumed this. There were other issues, particularly in the DCERPC over SMB handling, as well as little things that had to be tidied up before test_w2k3.sh would start to pass. Andrew Bartlett (This used to be commit 0453f9d05d2e336fba1f85dbf2718d01fa2bf778)
2007-10-10r5928: Use cli_credentials in:Jelmer Vernooij1-8/+12
- gtk+ (returned by GtkHostBindingDialog as well now) - torture/ - librpc/ - lib/com/dcom/ (This used to be commit ccefd782335e01e8e6ecb2bcd28a4f999c53b1a6)
2007-10-10r5902: A rather large change...Andrew Bartlett1-16/+27
I wanted to add a simple 'workstation' argument to the DCERPC authenticated binding calls, but this patch kind of grew from there. With SCHANNEL, the 'workstation' name (the netbios name of the client) matters, as this is what ties the session between the NETLOGON ops and the SCHANNEL bind. This changes a lot of files, and these will again be changed when jelmer does the credentials work. I also correct some schannel IDL to distinguish between workstation names and account names. The distinction matters for domain trust accounts. Issues in handling this (issues with lifetime of talloc pointers) caused me to change the 'creds_CredentialsState' and 'struct dcerpc_binding' pointers to always be talloc()ed pointers. In the schannel DB, we now store both the domain and computername, and query on both. This should ensure we fault correctly when the domain is specified incorrectly in the SCHANNEL bind. In the RPC-SCHANNEL test, I finally fixed a bug that vl pointed out, where the comment claimed we re-used a connection, but in fact we made a new connection. This was achived by breaking apart some of the dcerpc_secondary_connection() logic. The addition of workstation handling was also propogated to NTLMSSP and GENSEC, for completeness. The RPC-SAMSYNC test has been cleaned up a little, using a loop over usernames/passwords rather than manually expanded tests. This will be expanded further (the code in #if 0 in this patch) to use a newly created user account for testing. In making this test pass test_rpc.sh, I found a bug in the RPC-ECHO server, caused by the removal of [ref] and the assoicated pointer from the IDL. This has been re-added, until the underlying pidl issues are solved. (This used to be commit 824289dcc20908ddec957a4a892a103eec2da9b9)
2007-10-10r5878: Be clear which machine name (We have one worksation, and one BDC) weAndrew Bartlett1-7/+7
are doing logins with. Andrew Bartlett (This used to be commit b7297c44faea0ae8b38fb9a90c22c5be3c8f689f)
2007-10-10r5876: Add a test account for the duration of the samsync - to ensure we haveAndrew Bartlett1-1/+12
a good variety of things to test against. Add code to testjoin to handle this just like test machine accounts Soon I'll remove the 'must change password' flag, so we can do logins with it. Andrew Bartlett (This used to be commit 08b47e2dc067f7e4a52b982d358ff1b0209cc1df)
2007-10-10r5390: use __location__ to make tracking down errors in RPC-SAMSYNC easierAndrew Tridgell1-9/+10
(This used to be commit 40a8340f1b0fdb3b86f6330be4e1cec3959e89ee)
2007-10-10r5364: Rename string fields called 'domain' and 'name' to be 'domain_name'.Tim Potter1-1/+1
(This used to be commit 6749b9404d4e9876ecd964e038c608f05d2c0b69)
2007-10-10r5298: - got rid of pstring.h from includes.h. This at least makes it a bitAndrew Tridgell1-3/+3
less likely that anyone will use pstring for new code - got rid of winbind_client.h from includes.h. This one triggered a huge change, as winbind_client.h was including system/filesys.h and defining the old uint32 and uint16 types, as well as its own pstring and fstring. (This used to be commit 9db6c79e902ec538108d6b7d3324039aabe1704f)
2007-10-10r5037: got rid of all of the TALLOC_DEPRECATED stuff. My apologies for theAndrew Tridgell1-9/+9
large commit. I thought this was worthwhile to get done for consistency. (This used to be commit ec32b22ed5ec224f6324f5e069d15e92e38e15c0)
2007-10-10r4776: Add more debugs to SamSync test.Andrew Bartlett1-25/+64
Andrew Bartlett (This used to be commit 70860779ae4d6be6d592e3635b091f0a5f29df6a)
2007-10-10r4708: Comparing with LDAP, it is clear that these 'flags' are in fact theAndrew Bartlett1-1/+1
POSIX offset for the trusted domain. Andrew Bartlett (This used to be commit cd9e795e4004e28dc0184b86f0c44431378fc3ff)
2007-10-10r4683: fix the buildStefan Metzmacher1-1/+1
metze (This used to be commit b020dbec89a85619ae3ee12f4dd0e3828d30ba04)
2007-10-10r4682: A LDB-based secrets implementation in Samba4.Andrew Bartlett1-3/+9
This uses LDB (a local secrets.ldb and the global samdb) to fill out the secrets from an LSA perspective. Some small changes to come, but the bulk of the work is now done. A re-provision is required after this change. Andrew Bartlett (This used to be commit ded33033521a6a1c7ea80758c5c5aeeebb182a51)
2007-10-10r4673: Fix the IDL for the QuerySecret LSA call.Andrew Bartlett1-6/+65
This call uses a new IDL type, NTTIME_hyper. This is 8-byte aligned, as the name suggests. Expand the QuerySecret LSA calls in RPC-SAMLOGON and RPC-LSA, to validate the behaviour of times, and of the old secrets. Thanks to tridge for spotting the use of HYPER! Andrew Bartlett (This used to be commit 1fed79cb0f2ae7940639d08ef99576559d4cd06e)
2007-10-10r4616: the first phase in the addition of proper support forAndrew Tridgell1-2/+3
dcerpc_alter_context and multiple context_ids in the dcerpc client library. This stage does the following: - split "struct dcerpc_pipe" into two parts, the main part being "struct dcerpc_connection", which contains all the parts not dependent on the context, and "struct dcerpc_pipe" which has the context dependent part. This is similar to the layering in libcli_*() for SMB - disable the current dcerpc_alter code. I've used a #warning until i get the 2nd phase finished. I don't know how portable #warning is, but it won't be long before I add full alter context support anyway, so it won't last long - cleanup the allocation of dcerpc_pipe structures. The previous code was quite awkward. (This used to be commit 4004c69937be7e5dae56f9567ca607f982d395d3)
2007-10-10r4591: - converted the other _p talloc functions to not need _pAndrew Tridgell1-1/+1
- added #if TALLOC_DEPRECATED around the _p functions - fixes the code that broke from the above while doing this I fixed quite a number of places that were incorrectly using the non type-safe talloc functions to use the type safe ones. Some were even doing multiplies for array allocation, which is potentially unsafe. (This used to be commit 6e7754abd0c225527fb38363996a6e241b87b37e)
2007-10-10r4590: Make RPC-SAMSYNC pass againt Win2k3.Andrew Bartlett1-4/+9
Andrew Bartlett (This used to be commit 7bb00a80ac55252b8c05b33fd576b8606470e9be)
2007-10-10r4549: got rid of a lot more uses of plain talloc(), instead usingAndrew Tridgell1-2/+2
talloc_size() or talloc_array_p() where appropriate. also fixed a memory leak in pvfs_copy_file() (failed to free a memory context) (This used to be commit 89b74b53546e1570b11b3702f40bee58aed8c503)
2007-10-10r4532: - rename bitmap -> bitsStefan Metzmacher1-1/+1
the next commit is support for typedef bitmap {...}; in pidl metze (This used to be commit bd06a85cb747aea29a400050cb9d25a3240ef1cc)
2007-10-10r4035: more effort on consistent naming of the access mask bits.Andrew Tridgell1-9/+9
This removes the duplicate named SEC_RIGHTS_MAXIMUM_ALLOWED and SEC_RIGHTS_FULL_CONTROL, which are just other names for SEC_FLAG_MAXIMUM_ALLOWED and SEC_RIGHTS_FILE_ALL. The latter names match the new naming conventions in security.idl Also added names for the generic->specific mappings for files are directories (This used to be commit 17a4e0b3aca227b40957ed1e0c57e498debc6ddf)
2007-10-10r4003: run successful against a nt4 sp6 pdc with one nt4 sp6 trust and a ↵Stefan Metzmacher1-6/+19
w2k3 trust metze (This used to be commit 5101cd51a24fdcda8dd8fc4da446782948290f9b)
2007-10-10r4002: NT 4.0 sp6a can't do schannel 128Stefan Metzmacher1-2/+2
metze (This used to be commit c04a77ed6945db0292434fb5461a884708a9ebf2)
2007-10-10r3921: Cross-test SIDs in RPC-SAMSYNC, fix the build.Andrew Bartlett1-4/+14
Andrew Bartlett (This used to be commit 49c794a6b215f81fd0dba0e7f6812c647b3d91c7)
2007-10-10r3917: A few more LSA RPCs found in my wanderings (for trusted domains, theseAndrew Bartlett1-2/+2
seem to be 'shortcut' RPCs, that just avoid an open/query pair). Rename a few others to give us a slightly sensible pattern. Andrew Bartlett (This used to be commit d6a7ab57e74ab89dd163d5f9f5f901e586b0aad4)
2007-10-10r3909: Fix cross-reference test for trusted domains.Andrew Bartlett1-4/+4
Andrew Bartlett (This used to be commit f2c86e619440c715499a28da5bfe22272458f0af)
2007-10-10r3907: * Rename lsa_Name to lsa_StringAndrew Bartlett1-2/+20
* Add new IDL to LSA, to query information about trusted domains (for cross-check with SamSync). Andrew Bartlett (This used to be commit 174c0778421b5154ff2ba809688ea6ef38a1478b)
2007-10-10r3905: (oops, missing file: samsync.c)Andrew Bartlett1-32/+207
* Add new LSA calls to open trusted domains * Add new tests for ACCOUNTs in SamSync * Clean up names in NETLOGON and LSA * Verify Security Descriptors against LSA, as well as SamR Andrew Bartlett (This used to be commit ed838beddb3cb7b0015313a310303f831ed4f11b)
2007-10-10r3885: Add security descriptor comparison to our RPC-SAMSYNC test. We nowAndrew Bartlett1-0/+46
verify that the security descriptor found in the SamSync is the same as what is available over SAMR. Unfortunately, the administrator seems unable to retrieve the SACL on the security descriptor, so I've added a new function to compare with a mask. Andrew Bartlett (This used to be commit 39ae5e1dac31a22086be50fb23261e02be877f3f)
2007-10-10r3810: create a LIB_SECURITY subsystemStefan Metzmacher1-1/+1
- move dom_sid, security_descriptor, security_* funtions to one place and rename some of them metze (This used to be commit b620bdd672cfdf0e009492e648b0709e6b6d8596)
2007-10-10r3808: Put these in the same order as the IDL, to make it easier to spot ↵Andrew Bartlett1-8/+8
what's unimplemetned (tests of the group members) Andrew Bartlett (This used to be commit 3b81305e2b7ee3e6acabcd8b0e9ed121d4b08840)
2007-10-10r3807: Cross-check the basic attributes for groups and aliases in RPC-SAMSYNC.Andrew Bartlett1-6/+111
Andrew Bartlett (This used to be commit 90398fda41dd15480899e3628df186eb02fdc139)
2007-10-10r3805: Fix the LSA portions of the RPC-SAMSYNC test - I was not using the LSAAndrew Bartlett1-3/+1
secrets interface correctly. (New interface added). Andrew Bartlett (This used to be commit 994ac7f031e2b2d528595a4a0a446d92074d6ecf)
2007-10-10r3804: Add more comparison tests in RPC-SAMSYNC.Andrew Bartlett1-34/+220
This compares values for the domain and for secrets. We still have some problems we need to sort out for secrets. Also rename a number of structures in samr.idl and netlogon.idl, to better express their consistancy. Andrew Bartlett (This used to be commit 3f52fa3a42b030c9aef21c8bd88aad87a0aae078)
2007-10-10r3725: The new RPC-SAMSYNC test, complete with SAMR comparisons. This isAndrew Bartlett1-136/+372
certainly not complete, we need to verify all incoming data, not just accounts. This needs to be exercised against some 'intersting' users, but for now it shows that the IDL is already very accurate, particularly after the previous commits cleanups of names. Also commit the changes to keep RPC-LOGIN building. Andrew Bartlett (This used to be commit 87ec6834bc75012527454abc0e854b1cf2120088)
2007-10-10r3716: Improvements in the RPC-SAMSYNC tests:Andrew Bartlett1-7/+162
We now (for the first time) start to parse the 'user sensitive info' field, which reveals the user's NT and LM passwords from Win2k3. Using this, the 'validate samsync against netlogon' portion of the tests works for accounts. Trusted domains and secrets are now retreived, but like users, require further cross-validation work. Andrew Bartlett (This used to be commit c1d3794cad8b001661b48ecb05df5c38a69be92c)
2007-10-10r3687: Gaah - I forgot to add the new file for the RPC-SAMSYNC test...Andrew Bartlett1-0/+423
See -r 3686 Andrew Bartlett (This used to be commit ab12134286267299c0bf60d03407429bb7de593f)