Age | Commit message (Collapse) | Author | Files | Lines |
|
S390. This is an attempt to avoid the panic we're seeing in the
automatic builds.
The main fixes are:
- assumptions that sizeof(size_t) == sizeof(int), mostly in printf formats
- use of NULL format statements to perform dn searches.
- assumption that sizeof() returns an int
(This used to be commit a58ea6b3854973b694d2b1e22323ed7eb00e3a3f)
|
|
file_load() to use talloc, which impacted quite a few bits of code,
including our smb.conf processing.
took the opportunity to remove the gloabls in params.c while doing this
(This used to be commit b220756cb4f1d201ba3e771ca67e4bfae5eae748)
|
|
Jeremy.
(This used to be commit ff58ecad044dc7a3cdb4c010ea5cc1ea5e2e4b3b)
|
|
NT_STATUS_INVALID_HANDLE on a per call basis for a bad vuid. That
means it is doing checking for a valid vuid in each backend function,
rather than globally. I don't want to emulate that as it is way too
error prone, and could easily lead to a security hole, so instead
accept either error code in our test suite.
(This used to be commit aefa9e53fa97551c1b15bdd50565881e63aea9a8)
|
|
The biggest change was fixing the RAW-CONTEXT test. It was forcing
capabilities to zero in an attempt to not negotiated extended
security, but as a side effect it was forcing negotiation of dos error
codes. This confused the hell out of the test code!
Also fixed a bunch of places incorrectly using NT_STATUS_V() instead
of NT_STATUS_EQUAL() and several places that had the wrong dos status
codes
(This used to be commit 0b22744f40804a0d6dc94bfc40ec09306f584f7e)
|
|
much closer.
This changes PIDL to allow a subcontext to have a pad8 flag, saying to
pad behind to an 8 byte boundary. This is the only way I can explain
the 4 trainling zeros in the signature struct.
Far more importantly, the PAC code is now under self-test, both in
creating/parsing our own PAC, but also a PAC from my win2k3 server.
This required changing auth_anonymous, because I wanted to reuse the
anonymous 'server_info' generation code.
I'm still having trouble with PIDL, particulary as surrounds value(),
but I'll follow up on the list.
Andrew Bartlett
(This used to be commit 50a54bf4e9bf04d2a8e0aebb3482a2ff655c8bbb)
|
|
codes, controlled
with 'nt status support' option.
- make nt_errstr() display nice strings for dos status codes encoded
using NT_STATUS_DOS()
- no longer map between dos and nt status codes in the client library,
instead return using NT_STATUS_DOS()
- fixed the RAW-CONTEXT test to look for
NT_STATUS_DOS(ERRSRV, ERRbaduid) instead of NT_STATUS_INVALID_HANDLE
(This used to be commit ff5549e87ffae9f062394f30d8fd1ae95b614735)
|
|
(This used to be commit 23bff7bf6cf437e78db50b09f69fd1fbdf6aab35)
|
|
rafal
(This used to be commit 0209fc67adae9d2003f06c826557306c2141a6a8)
|
|
regularly
(This used to be commit dac526845ea89ba732300105b3f82210b0828102)
|
|
don't like to bother with netbios type names when looking for common
types: hosts (servers) and domain controllers. Also, apropriate tests
rafal
(This used to be commit 50cd94be0f876a3463aa58b7e0898e6b3340c4c2)
|
|
rafal
(This used to be commit ec29a1ffa7aec6f1822a92a8c62f5a0de51ec2ae)
|
|
rafal
(This used to be commit 4655881fac37dbf26a5d60385e5f0a70b8c1c775)
|
|
- got rid of smbcli_shutdown() and use talloc_free() instead.
(This used to be commit 1011b1bf51d420d6702ef448c894ea8ebeafa284)
|
|
server as to the CIFS session key.
JRA had pain with this being wrong against NT4 (without spnego), hence
this specific test.
Andrew Bartlett
(This used to be commit 47f433708ba38db9bf569567cc048e65f2786ebe)
|
|
event_context for the socket_connect() call, so that when things that
use dcerpc are running alongside anything else it doesn't block the
whole process during a connect.
Then of course I needed to change any code that created a dcerpc
connection (such as the auth code) to also take an event context, and
anything that called that and so on .... thus the size of the patch.
There were 3 places where I punted:
- abartlet wanted me to add a gensec_set_event_context() call
instead of adding it to the gensec init calls. Andrew, my
apologies for not doing this. I didn't do it as adding a new
parameter allowed me to catch all the callers with the
compiler. Now that its done, we could go back and use
gensec_set_event_context()
- the ejs code calls auth initialisation, which means it should pass
in the event context from the web server. I punted on that. Needs fixing.
- I used a NULL event context in dcom_get_pipe(). This is equivalent
to what we did already, but should be fixed to use a callers event
context. Jelmer, can you think of a clean way to do that?
I also cleaned up a couple of things:
- libnet_context_destroy() makes no sense. I removed it.
- removed some unused vars in various places
(This used to be commit 3a3025485bdb8f600ab528c0b4b4eef0c65e3fc9)
|
|
There is now a new --debug-stderr option to enable debug to STDERR.
popt isn't perfect, but the callbacks are used in all the main Samba
binaries, and should be used in the rest. This avoids duplicated
code, and ensures every binary is setup correctly.
This also ensures the setup happens early enough to have -s function,
and have a correct impact on the credentials code. (Fixing a bug that
frustrated tridge earlier today).
The only 'subtle' aspect of all this is that I'm pretty sure that the
SAMBA_COMMON popt code must be above the CREDENTIALS code, in the
popt tables.
Andrew Bartlett
(This used to be commit 50f3c2b3a22971f40e0d3a88127b5120bfc47591)
|
|
get stuck waiting on no file descriptors, with no timeout, so it sits
forever. I need to fix that bug separately, but to prevent build farm
machines being totally stuck, this timeout will be used.
(This used to be commit 5cccf0a770e0c1069f940fa8f4853f64327dc90c)
|
|
confused with an async function.
(This used to be commit 340ad67cada15329051c205c5b094ad641718c72)
|
|
rafal
(This used to be commit bac24d9774f6f9298278a1dd9ab7718d8ab6c87c)
|
|
rafal
(This used to be commit 2614aa69341f21fc02a9b08fc1657364f78aafbd)
|
|
management system I proposed on samba-technical a couple of days
ago. Essentially it is a very lightweight way for any code in Samba to
make IDL based rpc calls to anywhere else in the code, without the
client or server having to go to the trouble of setting up a full rpc
service.
It can be used with any of our existing IDL, but I expect it will
mostly be used for a new set of Samba specific management calls.
The LOCAL-IRPC torture test demonstrates how it can be used by calling
the echo_AddOne() call over this transport.
(This used to be commit 3d589a09954eb8b318f567e1150b0c27412fb942)
|
|
with INVALID_NAME.
Jeremy.
(This used to be commit ec72d7d614caf9504d98c96c86906ed598f8be78)
|
|
(This used to be commit b896daf11c3efb1b3ca939575da9dab82b395777)
|
|
Volker
(This used to be commit 81ddffde369c5b5e91bc130510f43c6841a789c4)
|
|
important, but it does
help find memory leaks (and in fact, there was one, fixed in next commit)
(This used to be commit ab19e38c236366f2a93ea1f44911c56519779c9d)
|
|
(This used to be commit b3dd5c326efef2165106f719573202325ee63e02)
|
|
interestingly, w2k3 seems to have 4 different varients of the netlogon
cldap response. We decode two of them so far. The other two are tricky
as they aren't distinguished by a command code, they use the same
command codes (0x13 and 0x17) but have quite a different format. Very
strange!
(This used to be commit 58f1c39282e281450fe94ceab7ca0a53ec7172e1)
|
|
(This used to be commit d1e0b7a2e3078c9cc1baff2fd17222ebae94ada7)
|
|
with user del function.
rafal
(This used to be commit a6b191188294c447fc4942c632fe905984048834)
|
|
rafal
(This used to be commit 0dc416b8e4bcab319b2fc66fa15c49f490492664)
|
|
suite. The NBT-DGRAM test does a UDP/138 netlogon request, to which a
windows server sends a reply, but the windows server sends the reply
to the wrong port (it always sends to 138), so the test suite doesn't
see it.
(This used to be commit a7634625dbc944dd8256a822be290010f341a571)
|
|
GENSEC, and to pull SCHANNEL into GENSEC, by making it less 'special'.
GENSEC now no longer has it's own handling of 'set username' etc,
instead it uses cli_credentials calls.
In order to link the credentails code right though Samba, a lot of
interfaces have changed to remove 'username, domain, password'
arguments, and these have been replaced with a single 'struct
cli_credentials'.
In the session setup code, a new parameter 'workgroup' contains the
client/server current workgroup, which seems unrelated to the
authentication exchange (it was being filled in from the auth info).
This allows in particular kerberos to only call back for passwords
when it actually needs to perform the kinit.
The kerberos code has been modified not to use the SPNEGO provided
'principal name' (in the mechListMIC), but to instead use the name the
host was connected to as. This better matches Microsoft behaviour,
is more secure and allows better use of standard kerberos functions.
To achieve this, I made changes to our socket code so that the
hostname (before name resolution) is now recorded on the socket.
In schannel, most of the code from librpc/rpc/dcerpc_schannel.c is now
in libcli/auth/schannel.c, and it looks much more like a standard
GENSEC module. The actual sign/seal code moved to
libcli/auth/schannel_sign.c in a previous commit.
The schannel credentails structure is now merged with the rest of the
credentails, as many of the values (username, workstation, domain)
where already present there. This makes handling this in a generic
manner much easier, as there is no longer a custom entry-point.
The auth_domain module continues to be developed, but is now just as
functional as auth_winbind. The changes here are consequential to the
schannel changes.
The only removed function at this point is the RPC-LOGIN test
(simulating the load of a WinXP login), which needs much more work to
clean it up (it contains copies of too much code from all over the
torture suite, and I havn't been able to penetrate its 'structure').
Andrew Bartlett
(This used to be commit 2301a4b38a21aa60917973451687063d83d18d66)
|
|
metze needs a working tree...
The main volume of this patch was what I started working on today:
- Cleans up memory handling around DCE/RPC pipes, to have a parent talloc context.
- Uses sepereate inner loops for some of the DCE/RPC tests
The other and more important part of this patch fixes issues
surrounding the new credentials framwork:
This makes the struct cli_credentials always a talloc() structure,
rather than on the stack. Parts of the cli_credentials code already
assumed this.
There were other issues, particularly in the DCERPC over SMB handling,
as well as little things that had to be tidied up before test_w2k3.sh
would start to pass.
Andrew Bartlett
(This used to be commit 0453f9d05d2e336fba1f85dbf2718d01fa2bf778)
|
|
Fix a couple of bugs in the new cli_credentials code
(This used to be commit 4ad481cfe5cde514d2ef9646147239f3faaa6173)
|
|
- gtk+ (returned by GtkHostBindingDialog as well now)
- torture/
- librpc/
- lib/com/dcom/
(This used to be commit ccefd782335e01e8e6ecb2bcd28a4f999c53b1a6)
|
|
puts support for it into popt_common, adds a few utility functions
(in lib/credentials.c) and the callback functions for the command-line
(lib/cmdline/credentials.c). Comments are welcome :-)
(This used to be commit 1d49b57c50fe8c2683ea23e9df41ce8ad774db98)
|
|
I wanted to add a simple 'workstation' argument to the DCERPC
authenticated binding calls, but this patch kind of grew from there.
With SCHANNEL, the 'workstation' name (the netbios name of the client)
matters, as this is what ties the session between the NETLOGON ops and
the SCHANNEL bind. This changes a lot of files, and these will again
be changed when jelmer does the credentials work.
I also correct some schannel IDL to distinguish between workstation
names and account names. The distinction matters for domain trust
accounts.
Issues in handling this (issues with lifetime of talloc pointers)
caused me to change the 'creds_CredentialsState' and 'struct
dcerpc_binding' pointers to always be talloc()ed pointers.
In the schannel DB, we now store both the domain and computername, and
query on both. This should ensure we fault correctly when the domain
is specified incorrectly in the SCHANNEL bind.
In the RPC-SCHANNEL test, I finally fixed a bug that vl pointed out,
where the comment claimed we re-used a connection, but in fact we made
a new connection.
This was achived by breaking apart some of the
dcerpc_secondary_connection() logic.
The addition of workstation handling was also propogated to NTLMSSP
and GENSEC, for completeness.
The RPC-SAMSYNC test has been cleaned up a little, using a loop over
usernames/passwords rather than manually expanded tests. This will be
expanded further (the code in #if 0 in this patch) to use a newly
created user account for testing.
In making this test pass test_rpc.sh, I found a bug in the RPC-ECHO
server, caused by the removal of [ref] and the assoicated pointer from
the IDL. This has been re-added, until the underlying pidl issues are
solved.
(This used to be commit 824289dcc20908ddec957a4a892a103eec2da9b9)
|
|
Implement push side of NDR_LEN4|NDR_NOTERM strings (pull side was already present)
(This used to be commit ea61ec1122841716ed5d90085ba79e7bf691bd6a)
|
|
main torture binary.
rafal
(This used to be commit 94955e5325ceddd35673da74afb19d1676b5b23c)
|
|
DCOM paper in lorikeet. This is the result of 1.5 months work (mainly
figuring out how things *really* work) at the end of 2004.
In general:
- Clearer distinction between COM and DCOM. DCOM is now merely
the glue between DCE/RPC+ORPC and COM. COM can also work without
DCOM now. This makes the code a lot clearer.
- Clearer distinction between NDR and DCOM. Before, NDR had a couple of
"if"s to cope with DCOM, which are now gone.
- Use "real" arguments rather then structures for function arguments in
COM, mainly because most of these calls are local so packing/unpacking
data for every call is too much overhead (both speed- and code-wise)
- Support several mechanisms to load class objects:
- from memory (e.g. part of the current executable, registered at start-up)
- from shared object files
- remotely
- Most things are now also named COM rather then DCOM because that's what it
really is. After an object is created, it no longer matters whether it
was created locally or remotely.
There is a very simple example class that contains
both a class factory and a class that implements the IStream interface.
It can be tested (locally only, remotely is broken at the moment)
by running the COM-SIMPLE smbtorture test.
Still to-do:
- Autogenerate parts of the class implementation code (using the coclass definitions in IDL)
- Test server-side
- Implement some of the common classes, add definitions for common interfaces.
(This used to be commit 71fd3e5c3aac5f0002001ab29d2248e6c6842d6f)
|
|
- Disable all current DCOM functionality (I hope to commit
a large bunch of COM and DCOM changes later today)
- Make remact and oxidresolver depend on orpc rather then dcom
(This used to be commit f298f2a5478a905fe385b8d68318db92ee984374)
|
|
list of partners, and for each partner dumps the complete list of
names
(This used to be commit dacf5f166a0d5a7bc1d96e730748811c9f47bba6)
|
|
(This used to be commit d0f8b5bc6d64688cf9ad19d203d173ad2735f001)
|
|
(This used to be commit bf43c9bdcf9e654d123f6a2b29feb9189ca9e561)
|
|
less likely that anyone will use pstring for new code
- got rid of winbind_client.h from includes.h. This one triggered a
huge change, as winbind_client.h was including system/filesys.h and
defining the old uint32 and uint16 types, as well as its own
pstring and fstring.
(This used to be commit 9db6c79e902ec538108d6b7d3324039aabe1704f)
|
|
refresh, release and query)
- change the iface_n_*() functions to return a "const char *" instead of a "struct ipv4_addr"
I think that in general we should move towards "const char *" for
all IP addresses, as this makes IPv6 much easier, and is also easier
to debug. Andrew, when you get a chance, could you fix some of the
auth code to use strings for IPs ?
- return a NTSTATUS error on bad name queries and node status instead
of using rcode. This makes the calling code simpler.
- added low level name release code in libcli/nbt/
- use a real IP in the register and wins nbt torture tests, as w2k3
WINS server silently rejects some operations that don't come from the
IP being used (eg. it says "yes" to a release, but does not in fact
release the name)
(This used to be commit bb1ab11d8e0ea0bd9ae34aebeb565d36fe4b495f)
|
|
NBT-REGISTER test that tests that a server correctly defends its name
against broadcast name registrations.
Jeremy, you might like to look at this. Samba3 nmbd fails to respond.
(This used to be commit bb1298a2eb192ec2cd547a299334cc82a63a5acc)
|
|
flight at a time.
(This used to be commit 2d23c665ffda7619dc9b9c2dbcbc422b0854998c)
|
|
large commit. I thought this was worthwhile to get done for
consistency.
(This used to be commit ec32b22ed5ec224f6324f5e069d15e92e38e15c0)
|