summaryrefslogtreecommitdiff
path: root/source4/torture/torture.c
AgeCommit message (Collapse)AuthorFilesLines
2007-10-10r6028: A MAJOR update to intergrate the new credentails system fully withAndrew Bartlett1-4/+2
GENSEC, and to pull SCHANNEL into GENSEC, by making it less 'special'. GENSEC now no longer has it's own handling of 'set username' etc, instead it uses cli_credentials calls. In order to link the credentails code right though Samba, a lot of interfaces have changed to remove 'username, domain, password' arguments, and these have been replaced with a single 'struct cli_credentials'. In the session setup code, a new parameter 'workgroup' contains the client/server current workgroup, which seems unrelated to the authentication exchange (it was being filled in from the auth info). This allows in particular kerberos to only call back for passwords when it actually needs to perform the kinit. The kerberos code has been modified not to use the SPNEGO provided 'principal name' (in the mechListMIC), but to instead use the name the host was connected to as. This better matches Microsoft behaviour, is more secure and allows better use of standard kerberos functions. To achieve this, I made changes to our socket code so that the hostname (before name resolution) is now recorded on the socket. In schannel, most of the code from librpc/rpc/dcerpc_schannel.c is now in libcli/auth/schannel.c, and it looks much more like a standard GENSEC module. The actual sign/seal code moved to libcli/auth/schannel_sign.c in a previous commit. The schannel credentails structure is now merged with the rest of the credentails, as many of the values (username, workstation, domain) where already present there. This makes handling this in a generic manner much easier, as there is no longer a custom entry-point. The auth_domain module continues to be developed, but is now just as functional as auth_winbind. The changes here are consequential to the schannel changes. The only removed function at this point is the RPC-LOGIN test (simulating the load of a WinXP login), which needs much more work to clean it up (it contains copies of too much code from all over the torture suite, and I havn't been able to penetrate its 'structure'). Andrew Bartlett (This used to be commit 2301a4b38a21aa60917973451687063d83d18d66)
2007-10-10r5941: Commit this patch much earlier than I would normally prefer, but ↵Andrew Bartlett1-16/+17
metze needs a working tree... The main volume of this patch was what I started working on today: - Cleans up memory handling around DCE/RPC pipes, to have a parent talloc context. - Uses sepereate inner loops for some of the DCE/RPC tests The other and more important part of this patch fixes issues surrounding the new credentials framwork: This makes the struct cli_credentials always a talloc() structure, rather than on the stack. Parts of the cli_credentials code already assumed this. There were other issues, particularly in the DCERPC over SMB handling, as well as little things that had to be tidied up before test_w2k3.sh would start to pass. Andrew Bartlett (This used to be commit 0453f9d05d2e336fba1f85dbf2718d01fa2bf778)
2007-10-10r5929: Use cli_credentials for the SMB functions as well.Jelmer Vernooij1-10/+2
Fix a couple of bugs in the new cli_credentials code (This used to be commit 4ad481cfe5cde514d2ef9646147239f3faaa6173)
2007-10-10r5928: Use cli_credentials in:Jelmer Vernooij1-33/+9
- gtk+ (returned by GtkHostBindingDialog as well now) - torture/ - librpc/ - lib/com/dcom/ (This used to be commit ccefd782335e01e8e6ecb2bcd28a4f999c53b1a6)
2007-10-10r5917: First step in using the new cli_credentials structure. This patchJelmer Vernooij1-5/+5
puts support for it into popt_common, adds a few utility functions (in lib/credentials.c) and the callback functions for the command-line (lib/cmdline/credentials.c). Comments are welcome :-) (This used to be commit 1d49b57c50fe8c2683ea23e9df41ce8ad774db98)
2007-10-10r5902: A rather large change...Andrew Bartlett1-4/+6
I wanted to add a simple 'workstation' argument to the DCERPC authenticated binding calls, but this patch kind of grew from there. With SCHANNEL, the 'workstation' name (the netbios name of the client) matters, as this is what ties the session between the NETLOGON ops and the SCHANNEL bind. This changes a lot of files, and these will again be changed when jelmer does the credentials work. I also correct some schannel IDL to distinguish between workstation names and account names. The distinction matters for domain trust accounts. Issues in handling this (issues with lifetime of talloc pointers) caused me to change the 'creds_CredentialsState' and 'struct dcerpc_binding' pointers to always be talloc()ed pointers. In the schannel DB, we now store both the domain and computername, and query on both. This should ensure we fault correctly when the domain is specified incorrectly in the SCHANNEL bind. In the RPC-SCHANNEL test, I finally fixed a bug that vl pointed out, where the comment claimed we re-used a connection, but in fact we made a new connection. This was achived by breaking apart some of the dcerpc_secondary_connection() logic. The addition of workstation handling was also propogated to NTLMSSP and GENSEC, for completeness. The RPC-SAMSYNC test has been cleaned up a little, using a loop over usernames/passwords rather than manually expanded tests. This will be expanded further (the code in #if 0 in this patch) to use a newly created user account for testing. In making this test pass test_rpc.sh, I found a bug in the RPC-ECHO server, caused by the removal of [ref] and the assoicated pointer from the IDL. This has been re-added, until the underlying pidl issues are solved. (This used to be commit 824289dcc20908ddec957a4a892a103eec2da9b9)
2007-10-10r5866: Add InitShutdown IDL and torture test.Jelmer Vernooij1-0/+1
Implement push side of NDR_LEN4|NDR_NOTERM strings (pull side was already present) (This used to be commit ea61ec1122841716ed5d90085ba79e7bf691bd6a)
2007-10-10r5651: A bit more code in userinfo test and hook up test function toRafal Szczesniak1-0/+3
main torture binary. rafal (This used to be commit 94955e5325ceddd35673da74afb19d1676b5b23c)
2007-10-10r5490: The big (D)COM commit! :-) Contains most of the changes described in theJelmer Vernooij1-0/+3
DCOM paper in lorikeet. This is the result of 1.5 months work (mainly figuring out how things *really* work) at the end of 2004. In general: - Clearer distinction between COM and DCOM. DCOM is now merely the glue between DCE/RPC+ORPC and COM. COM can also work without DCOM now. This makes the code a lot clearer. - Clearer distinction between NDR and DCOM. Before, NDR had a couple of "if"s to cope with DCOM, which are now gone. - Use "real" arguments rather then structures for function arguments in COM, mainly because most of these calls are local so packing/unpacking data for every call is too much overhead (both speed- and code-wise) - Support several mechanisms to load class objects: - from memory (e.g. part of the current executable, registered at start-up) - from shared object files - remotely - Most things are now also named COM rather then DCOM because that's what it really is. After an object is created, it no longer matters whether it was created locally or remotely. There is a very simple example class that contains both a class factory and a class that implements the IStream interface. It can be tested (locally only, remotely is broken at the moment) by running the COM-SIMPLE smbtorture test. Still to-do: - Autogenerate parts of the class implementation code (using the coclass definitions in IDL) - Test server-side - Implement some of the common classes, add definitions for common interfaces. (This used to be commit 71fd3e5c3aac5f0002001ab29d2248e6c6842d6f)
2007-10-10r5487: - Allow disabling modulesJelmer Vernooij1-13/+0
- Disable all current DCOM functionality (I hope to commit a large bunch of COM and DCOM changes later today) - Make remact and oxidresolver depend on orpc rather then dcom (This used to be commit f298f2a5478a905fe385b8d68318db92ee984374)
2007-10-10r5415: added a NBT-WINSREPLICATION torture test. It asks the server for theAndrew Tridgell1-0/+1
list of partners, and for each partner dumps the complete list of names (This used to be commit dacf5f166a0d5a7bc1d96e730748811c9f47bba6)
2007-10-10r5403: a simple WINS benchmarking programAndrew Tridgell1-0/+1
(This used to be commit d0f8b5bc6d64688cf9ad19d203d173ad2735f001)
2007-10-10r5308: trimmed back a lot of the old macros from smb_macros.hAndrew Tridgell1-0/+2
(This used to be commit bf43c9bdcf9e654d123f6a2b29feb9189ca9e561)
2007-10-10r5298: - got rid of pstring.h from includes.h. This at least makes it a bitAndrew Tridgell1-0/+1
less likely that anyone will use pstring for new code - got rid of winbind_client.h from includes.h. This one triggered a huge change, as winbind_client.h was including system/filesys.h and defining the old uint32 and uint16 types, as well as its own pstring and fstring. (This used to be commit 9db6c79e902ec538108d6b7d3324039aabe1704f)
2007-10-10r5294: - added a separate NBT-WINS test for WINS operations (register, ↵Andrew Tridgell1-0/+1
refresh, release and query) - change the iface_n_*() functions to return a "const char *" instead of a "struct ipv4_addr" I think that in general we should move towards "const char *" for all IP addresses, as this makes IPv6 much easier, and is also easier to debug. Andrew, when you get a chance, could you fix some of the auth code to use strings for IPs ? - return a NTSTATUS error on bad name queries and node status instead of using rcode. This makes the calling code simpler. - added low level name release code in libcli/nbt/ - use a real IP in the register and wins nbt torture tests, as w2k3 WINS server silently rejects some operations that don't come from the IP being used (eg. it says "yes" to a release, but does not in fact release the name) (This used to be commit bb1ab11d8e0ea0bd9ae34aebeb565d36fe4b495f)
2007-10-10r5156: started on test driven development of the nbt server. This adds aAndrew Tridgell1-0/+3
NBT-REGISTER test that tests that a server correctly defends its name against broadcast name registrations. Jeremy, you might like to look at this. Samba3 nmbd fails to respond. (This used to be commit bb1298a2eb192ec2cd547a299334cc82a63a5acc)
2007-10-10r5130: added a single NBT name query benchmark. It keeps 10 queries in ↵Andrew Tridgell1-0/+1
flight at a time. (This used to be commit 2d23c665ffda7619dc9b9c2dbcbc422b0854998c)
2007-10-10r5037: got rid of all of the TALLOC_DEPRECATED stuff. My apologies for theAndrew Tridgell1-2/+2
large commit. I thought this was worthwhile to get done for consistency. (This used to be commit ec32b22ed5ec224f6324f5e069d15e92e38e15c0)
2007-10-10r4973: Add a RAP scanner to smbtorture. win2k has call numbers 0-215 althoughTim Potter1-0/+1
the cifs tr lists 250-318 also. (This used to be commit 37b4d1a676f341bc32a2a5a49fdfe2667636ccef)
2007-10-10r4899: fixed buildAndrew Tridgell1-5/+5
(This used to be commit 852f1e73b4b4241a61372279318c23369488d3bc)
2007-10-10r4891: - added a generic resolve_name() async interface in libcli/resolve/,Andrew Tridgell1-20/+9
which will eventually try all resolution methods setup in smb.conf - only resolution backend at the moment is bcast, which does a parallel broadcast to all configured network interfaces, and takes the first reply that comes in (this nicely demonstrates how to do parallel requests using the async APIs) - converted all the existing code to use the new resolve_name() api - removed all the old nmb code (yay!) (This used to be commit 239c310f255e43dd2d1c2433f666c9faaacbdce3)
2007-10-10r4831: added udp support to our generic sockets library.Andrew Tridgell1-0/+1
I decided to incorporate the udp support into the socket_ipv4.c backend (and later in socket_ipv6.c) rather than doing a separate backend, as so much of the code is shareable. Basically this adds a socket_sendto() and a socket_recvfrom() call and not much all. For udp servers, I decided to keep the call as socket_listen(), even though dgram servers don't actually call listen(). This keeps the API consistent. I also added a simple local sockets testsuite in smbtorture, LOCAL-SOCKET (This used to be commit 9f12a45a05c5c447fb4ec18c8dd28f70e90e32a5)
2007-10-10r4758: - added async support to the session request codeAndrew Tridgell1-40/+12
- added async support to the negprot client code - removed two unused parameters from smbcli_full_connection() code - converted smbclient to use smbcli_full_connection() rather than reinventing everything itself (This used to be commit 71cbe2873473e039b4511511302cb63f1c50bce8)
2007-10-10r4757: added the ability of the clisocket level of libcli to handle asyncAndrew Tridgell1-3/+0
socket connections. This was complicated by a few factors: - it meant moving the event context from clitransport to clisocket, so lots of structures changed - we need to asynchronously handle connection to lists of port numbers, not just one port number. The code internally tries each port in the list in turn, without ever blocking - the man page on how connect() is supposed to work asynchronously doesn't work in practice (now why doesn't this surprise me?). The getsockopt() for SOL_ERROR is supposed to retrieve the error, but in fact the next (unrelated) connect() call on the same socket also gets an error, though not the right error. To work around this I need to tear down the whole socket between each attempted port. I hate posix. Note that clisocket.c still does a blocking name resolution call in smbcli_sock_connect_byname(). That will be fixed when we add the async NBT resolution code. Also note that I arranged things so that every SMB connection is now async internally, so using plain smbclient or smbtorture tests all the async features of this new code. (This used to be commit 468f8ebbfdbdf37c757fdc4863626aa9946a8870)
2007-10-10r4700: first attempt at a composite async function, smb_composite_loadfile(),Andrew Tridgell1-0/+1
which combineds ntcreatex, readx and close into a single call that behaves just like a normal libcli async call. (This used to be commit 516f68fb054f0717f0429e031aa820776ecc6597)
2007-10-10r4617: basic alter_context requests now work in our client library. The testAndrew Tridgell1-0/+1
just does a simple LSA/DSSETUP combo, which is what w2k does in the ACL editor rpc calls that triggered this work (This used to be commit 0129ec947aa1fa5a7104dc3a666af3cb9bd104f1)
2007-10-10r4475: fixed smbd to work with the small changes in the ldb API (the most ↵Andrew Tridgell1-1/+3
important change was in the ldb_msg_add_*() routines, which now use the msg as a context, and thus it needs to be a talloc ptr) (This used to be commit 1a4713bfd0e519f3eb7b3241121ff914a6eeef18)
2007-10-10r4451: added initial RPC-DSSETUP torture test. It works for level1 ofAndrew Tridgell1-0/+1
ds_RolerGetPrimaryDomainInformation() (This used to be commit 7aec3dac6fd5165cfca5c650aaa29234e278d95d)
2007-10-10r4422: make lp_set_cmdline("torture:dangerous", "Yes") a bool parameterStefan Metzmacher1-1/+1
metze (This used to be commit 19482a2245abbf9154423ca8997957b56333fba2)
2007-10-10r4169: add descriptions about binding and unc strings to theStefan Metzmacher1-1/+45
smbtorture --usage --help output metze (This used to be commit 26a7f4cf5ec4e3697a715f4880468c7f30ba5948)
2007-10-10r4063: - change char * -> uint8_t in struct request_bufferStefan Metzmacher1-10/+10
- change smbcli_read/write to take void * for the buffers to match read(2)/write(2) all this fixes a lot of gcc-4 warnings metze (This used to be commit b94f92bc6637f748d6f7049f4f9a30b0b8d18a7a)
2007-10-10r4052: fixed a bunch of code to use the type safe _p allocation macrosAndrew Tridgell1-1/+1
(This used to be commit 80d15fa3402a9d1183467463f6b21c0b674bc442)
2007-10-10r4035: more effort on consistent naming of the access mask bits.Andrew Tridgell1-1/+1
This removes the duplicate named SEC_RIGHTS_MAXIMUM_ALLOWED and SEC_RIGHTS_FULL_CONTROL, which are just other names for SEC_FLAG_MAXIMUM_ALLOWED and SEC_RIGHTS_FILE_ALL. The latter names match the new naming conventions in security.idl Also added names for the generic->specific mappings for files are directories (This used to be commit 17a4e0b3aca227b40957ed1e0c57e498debc6ddf)
2007-10-10r4013: got rid of a bunch of unused or unmaintained codeAndrew Tridgell1-5/+1
- removed the clitar code. It is unmaintained, and a horribly badly done hack - removed client.h as it contained mostly unused definitions - removed the unused clidfs.c code (This used to be commit 31a7bddbb3815b4d625e993dbce4805dae1c18f8)
2007-10-10r4011: get rid of rpc_secdes.h and replace it with a single sane set ofAndrew Tridgell1-34/+39
definitions for security access masks, in security.idl The previous definitions were inconsistently named, and contained many duplicate and misleading entries. I kept finding myself tripping up while using them. (This used to be commit 01c0fa722f80ceeb3f81f01987de95f365a2ed3d)
2007-10-10r3945: expanded the BASE-PROPERTIES test to print a nicely formatted list ofAndrew Tridgell1-28/+3
the capabilities and filesystem attribute bits of the server. (This used to be commit 9debe2938194d686eb9ef46f7e10010490f2a624)
2007-10-10r3898: Work towards local/server DCOM support, start workingJelmer Vernooij1-0/+9
on Simple example server side implementation (This used to be commit 98afb504d95ccca4d6ec48273e10b52ccfa26ad0)
2007-10-10r3891: Add rot (Running Object Table) interfaceJelmer Vernooij1-0/+1
(This used to be commit 4840eaeed3cfd72026babb382f26929c29702713)
2007-10-10r3829: added a RAW-ACLS test suite that tests query/set of ACLs on a fileAndrew Tridgell1-0/+1
(This used to be commit 2ff9816ae0ae41e0e63e4276a70d292888346dc7)
2007-10-10r3746: added RAW-STREAMS and RAW-EAS tests to smbtortureAndrew Tridgell1-0/+2
(This used to be commit 5ed3d68d20860bdedcfeb2461af570aedc689674)
2007-10-10r3699: - split the delayed write testing out of RAW-WRITE, as it is not yetAndrew Tridgell1-0/+1
clear what the correct behaviour is for delayed stat info update. - use a common torture_setup_dir() function for setting up a test directory in torture tests. (This used to be commit f7fb34715b7d6ea3c35ddd684cfb27459a420339)
2007-10-10r3686: The results of some work on the NETLOGON pipe:Andrew Bartlett1-0/+1
Break out the samsync tests from RPC-NETLOGON into a new RPC-SAMSYNC, that will cross-verify all the values. Add support for the way netlogon credentials are shared between the pipe that sets up schannel and the pipe that is encrypted with it. Test this support, by calling both NETLOGON and SAMR operations in the RPC-SCHANNEL test. Move some of the Netlogon NEG flags into the .idl, now we have an idea what a few of them really are. Rename the sam_pwd_hash into a name that has meaning (all other crypto functions were renamed in Samba4 ages ago). Break out NTLMv2 functionality for operation on the NT hash - I intend to do NTLMv2 logins in the samsync test in future, and naturally I only have the hash. Andrew Bartlett (This used to be commit 6e6cc6fb9842113a1b0c7f6904dac709b320a6e5)
2007-10-10r3677: Seperate the SamLogon tests from the main RPC-NETLOGON test into aAndrew Bartlett1-0/+1
RPC-SAMLOGON of their own. I have expanded the tests to validate the use of various flags, which change some of the crypto behaviour. Andrew Bartlett (This used to be commit 3a140a3691ce49ebf4d1efcb99cfffd26c68a28f)
2007-10-10r3660: This simulates the logon sequence of a XP login session I'm currently ↵Volker Lendecke1-0/+1
tuning Samba3/OpenLDAP for. For a concrete situation you have to adapt the domain, pdcname and usernames/passwords. Sorry, not parametrized yet, but this should be doable if necessary. Volker (This used to be commit 02f52058722fc1aea02d4fe237c97404d8e4f491)
2007-10-10r3633: - moved module init functions to after smb.conf and command lineAndrew Tridgell1-2/+5
parsing, so that module init can take account of lp_ parms (thats why gensec:krb5=no wasn't working) - added a BASE-DISCONNECT torture test that tests server response to clients disconnecting with open lock and open requests pending (This used to be commit 5205f598b8c0be6985e61cc842cc5da109ba5b7e)
2007-10-10r3608: added BASE-DENYDOS testAndrew Tridgell1-0/+1
this test demonstrates how w2k3 handles the special semantics of DENY_DOS when 2 opens happen on the same connection. The 2nd open doesn't actually do a NTFS open, it happens as a secondary reference to the same internal file handle in the CIFS layer. The evidence is that the 2nd open shares the same POSITION_INFORMATION field as the first open, but only for the special DENY_DOS cases that would normally be refused. (This used to be commit eeec57d4f6d18a40e0ce451bfe051b3f699e8337)
2007-10-10r3586: Fix some of the issues with the module init functions.Jelmer Vernooij1-0/+2
Both subsystems and modules can now have init functions, which can be specified in .mk files (INIT_FUNCTION = ...) The build system will define : - SUBSYSTEM_init_static_modules that calls the init functions of all statically compiled modules. Failing to load will generate an error which is not fatal - BINARY_init_subsystems that calls the init functions (if defined) for the subsystems the binary depends on This removes the hack with the "static bool Initialised = " and the "lazy_init" functions (This used to be commit 7a8244761bfdfdfb48f8264d76951ebdfbf7bd8a)
2007-10-10r3574: the RAW-OPEN test changes broke a couple of the other tests. ThisAndrew Tridgell1-54/+1
fixes most of them, although RAW-SEARCH still fails (due to an interaction with the new xattr code) (This used to be commit 09b4652b40c4cfca027765178bd5a0adbaa666c2)
2007-10-10r3513: Add (the infrastructure for) DCOM support. Contents:Jelmer Vernooij1-0/+3
- Support for sending over the object UUID in DCERPC calls - Simple torture test for the DCOM "Simple" object - Generate extra argument for "object" interfaces in pidl - Some stubs for common DCOM functions (This used to be commit c052f2e1edd816206d8974af3140cec7ef97a70c)
2007-10-10r3507: - added deferred replies on sharing violation in pvfs open. TheAndrew Tridgell1-16/+14
deferred reply is short-circuited immediately when the file is closed by another user, allowing it to be opened by the waiting user. - added a sane set of timeval manipulation routines - converted all the events code and code that uses it to use struct timeval instead of time_t, which allows for microsecond resolution instead of 1 second resolution. This was needed for doing the pvfs deferred open code, and is why the patch is so big. (This used to be commit 0d51511d408d91eb5f68a35e980e0875299b1831)