| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
metze
(This used to be commit a3cec189e1f5d137ba2f2829def03b060b59f0e2)
|
|
has the patience to run test_w2k3.sh to completion :-)
It looks to me that the Windows server runs the RC4 over the C struct,
not the NDR data.
Andrew Bartlett
(This used to be commit c324d974134c35b4c50c91d5a932a63c78b67046)
|
|
GENSEC, and to pull SCHANNEL into GENSEC, by making it less 'special'.
GENSEC now no longer has it's own handling of 'set username' etc,
instead it uses cli_credentials calls.
In order to link the credentails code right though Samba, a lot of
interfaces have changed to remove 'username, domain, password'
arguments, and these have been replaced with a single 'struct
cli_credentials'.
In the session setup code, a new parameter 'workgroup' contains the
client/server current workgroup, which seems unrelated to the
authentication exchange (it was being filled in from the auth info).
This allows in particular kerberos to only call back for passwords
when it actually needs to perform the kinit.
The kerberos code has been modified not to use the SPNEGO provided
'principal name' (in the mechListMIC), but to instead use the name the
host was connected to as. This better matches Microsoft behaviour,
is more secure and allows better use of standard kerberos functions.
To achieve this, I made changes to our socket code so that the
hostname (before name resolution) is now recorded on the socket.
In schannel, most of the code from librpc/rpc/dcerpc_schannel.c is now
in libcli/auth/schannel.c, and it looks much more like a standard
GENSEC module. The actual sign/seal code moved to
libcli/auth/schannel_sign.c in a previous commit.
The schannel credentails structure is now merged with the rest of the
credentails, as many of the values (username, workstation, domain)
where already present there. This makes handling this in a generic
manner much easier, as there is no longer a custom entry-point.
The auth_domain module continues to be developed, but is now just as
functional as auth_winbind. The changes here are consequential to the
schannel changes.
The only removed function at this point is the RPC-LOGIN test
(simulating the load of a WinXP login), which needs much more work to
clean it up (it contains copies of too much code from all over the
torture suite, and I havn't been able to penetrate its 'structure').
Andrew Bartlett
(This used to be commit 2301a4b38a21aa60917973451687063d83d18d66)
|
|
is used, in the reply.
metze
(This used to be commit 618dadb7ef092af0f2c13c2e67874041f54f4e98)
|
|
metze
(This used to be commit 3d3e09af16c4f9a6bc8f6ae615f744a04f352ed0)
|
|
I think I now understand how it works:-)
metze
(This used to be commit f8add2e66a56896d9bb18991091e1b17c29910b1)
|
|
Test_DoublePointer test failure.
(This used to be commit 4089d5f67d6e4121056a63ececb13187fd773636)
|
|
range())
(This used to be commit ec1eaa274b997197ca6996457229c802f1b76d56)
|
|
(This used to be commit 28914c89dc1400d8364c13258ec0e8558acc7dfd)
|
|
to make things more clear
metze
(This used to be commit adefeeb4f362dba06cddacf6f58194ef1f967ec9)
|
|
very usefull for creating a keytab file with
metze
(This used to be commit 15b80a28dbf2004f63648fede61e514e55030018)
|
|
infrustructure.
Andrew Bartlett
(This used to be commit d51718ab8a3771ada4e342a384b744edb803db40)
|
|
metze needs a working tree...
The main volume of this patch was what I started working on today:
- Cleans up memory handling around DCE/RPC pipes, to have a parent talloc context.
- Uses sepereate inner loops for some of the DCE/RPC tests
The other and more important part of this patch fixes issues
surrounding the new credentials framwork:
This makes the struct cli_credentials always a talloc() structure,
rather than on the stack. Parts of the cli_credentials code already
assumed this.
There were other issues, particularly in the DCERPC over SMB handling,
as well as little things that had to be tidied up before test_w2k3.sh
would start to pass.
Andrew Bartlett
(This used to be commit 0453f9d05d2e336fba1f85dbf2718d01fa2bf778)
|
|
Fix a couple of bugs in the new cli_credentials code
(This used to be commit 4ad481cfe5cde514d2ef9646147239f3faaa6173)
|
|
- gtk+ (returned by GtkHostBindingDialog as well now)
- torture/
- librpc/
- lib/com/dcom/
(This used to be commit ccefd782335e01e8e6ecb2bcd28a4f999c53b1a6)
|
|
puts support for it into popt_common, adds a few utility functions
(in lib/credentials.c) and the callback functions for the command-line
(lib/cmdline/credentials.c). Comments are welcome :-)
(This used to be commit 1d49b57c50fe8c2683ea23e9df41ce8ad774db98)
|
|
I wanted to add a simple 'workstation' argument to the DCERPC
authenticated binding calls, but this patch kind of grew from there.
With SCHANNEL, the 'workstation' name (the netbios name of the client)
matters, as this is what ties the session between the NETLOGON ops and
the SCHANNEL bind. This changes a lot of files, and these will again
be changed when jelmer does the credentials work.
I also correct some schannel IDL to distinguish between workstation
names and account names. The distinction matters for domain trust
accounts.
Issues in handling this (issues with lifetime of talloc pointers)
caused me to change the 'creds_CredentialsState' and 'struct
dcerpc_binding' pointers to always be talloc()ed pointers.
In the schannel DB, we now store both the domain and computername, and
query on both. This should ensure we fault correctly when the domain
is specified incorrectly in the SCHANNEL bind.
In the RPC-SCHANNEL test, I finally fixed a bug that vl pointed out,
where the comment claimed we re-used a connection, but in fact we made
a new connection.
This was achived by breaking apart some of the
dcerpc_secondary_connection() logic.
The addition of workstation handling was also propogated to NTLMSSP
and GENSEC, for completeness.
The RPC-SAMSYNC test has been cleaned up a little, using a loop over
usernames/passwords rather than manually expanded tests. This will be
expanded further (the code in #if 0 in this patch) to use a newly
created user account for testing.
In making this test pass test_rpc.sh, I found a bug in the RPC-ECHO
server, caused by the removal of [ref] and the assoicated pointer from
the IDL. This has been re-added, until the underlying pidl issues are
solved.
(This used to be commit 824289dcc20908ddec957a4a892a103eec2da9b9)
|
|
Andrew Bartlett
(This used to be commit 7822101cb5213f192f3195648970784a9de4fac4)
|
|
are doing logins with.
Andrew Bartlett
(This used to be commit b7297c44faea0ae8b38fb9a90c22c5be3c8f689f)
|
|
a good variety of things to test against.
Add code to testjoin to handle this just like test machine accounts
Soon I'll remove the 'must change password' flag, so we can do logins with it.
Andrew Bartlett
(This used to be commit 08b47e2dc067f7e4a52b982d358ff1b0209cc1df)
|
|
Implement push side of NDR_LEN4|NDR_NOTERM strings (pull side was already present)
(This used to be commit ea61ec1122841716ed5d90085ba79e7bf691bd6a)
|
|
metze
(This used to be commit 63229b9503950847fbecd6ec22171d8c18d7ac91)
|
|
also add a really simple torture test for DsGetNCChanges
metze
(This used to be commit bcde67a7eff9ad82919e90fd64c02a17610c6f0e)
|
|
the SAMR server.
Andrew Bartlett
(This used to be commit fd748f9d2f8f354f76587d92b94de83bffe1c6dc)
|
|
used to be)
Add oxid mapping table support in DCOM
(This used to be commit e193555f0eec2dda8c8760e9668181200fef0a1e)
|
|
(the torture test currently only tests if the idl is correct)
- add start for idl for DsGetNCChanges()
(if someone didn't noticed the current ethereal trunk code can
successful decrypt DCERPC and LDAP gsskrb5 encrypted blobs,
when you provide a keytab and have compiled against heimdal :-)
- add a view bitmaps and enum's for better debugging
metze
(This used to be commit cf7c1352ab2857b80256e02f70ab3fbd5177d596)
|
|
open on the same file on the same connection.
Jeremy.
(This used to be commit 23733abfa201347265f54232989b608b11ad7a85)
|
|
metze
(This used to be commit bb2622a0c94127a31855adc41d90289219a1ddd7)
|
|
btw proves the function is completely broken but that's what
tests are for)
rafal
(This used to be commit 7278c7d8370d52fed1e6a7dfc848a3efa06ccd61)
|
|
rafal
(This used to be commit e492a2a604a930690a7cbec8aee17b8229bcf928)
|
|
(This used to be commit a9b13f67012d235d98920e639f59411d57a79bd7)
|
|
- Keep COM and DCOM more seperated
(This used to be commit f694f484c422d0c86beb58e8f62f134f8676d5e1)
|
|
- Always put IID in vtables (useful for asserts)
- Add table to keep track of DCOM proxy classes
- Bunch of smaller bug fixes
(This used to be commit 26d5a0b92c66bc86d0c26f687f83fa712342ac32)
|
|
(This used to be commit 00ef0feaddc096d8f5e2755feecaec37d589a99c)
|
|
need a NULL domain (or a "" domain, except this breaks NTLMv2, and I
need to look into it a bit more).
Add support to the Samba4 server for these logins. This will need
extension when we handle trusted domains as a DC, as it is a principal
name, not just another format for the username.
Andrew Bartlett
(This used to be commit de02c7c222a32d2b3fb8ee8b715749b96cb647f9)
|
|
array can now only be :
type *name[];
rather then :
type *name;
which was supported in the past. Warnings will be given when the first
syntax is used. Reasons for this change in behaviour include improved
readability and the fact that the second format makes dealing with multiple
levels of pointers harder.
(This used to be commit a416de5825c540fd3741731c4be05e9a659a6fdb)
|
|
rafal
(This used to be commit f061652b75b1c5a203232c1a440fa9ba3e0bd2c3)
|
|
main torture binary.
rafal
(This used to be commit 94955e5325ceddd35673da74afb19d1676b5b23c)
|
|
to enumerate (recursively!) over all keys with EnumPrinterKey later on.
Guenther
(This used to be commit 46ae4010f2293fb1933aacd2da582fcb1c0a5e1d)
|
|
doesn't break anything at the moment.
rafal
(This used to be commit eb13c1bcfc330b046b76563c4eeb9d1ae438d37b)
|
|
so we can specify allowed target service names in the idl file
the default is "host"
metze
(This used to be commit bf40d5321f3257bf9354a42d31265f1a9b0d53ad)
|
|
WERR_NOT_SUPPORTED though.
(This used to be commit ba4730a37838f45db1b77b777af8efdb45a06006)
|
|
function returns non-OK. If a non-OK status is returned then some or
all or r.out is likely to be uninitialised.
(This used to be commit 0e83a306b06442a1adfe02ea6bdb727a42c7bacf)
|
|
we maybe use this in the build farm
metze
(This used to be commit 98e32260f5f4bf3b66fd9238c061618a3b49197c)
|
|
- add and fix some PrinterInfo levels
- add and fix some DriverInfo levels
- fix EnumPrinterDriver torture test
the curent RPC-SPOOLSS now passes on w2k3
metze
(This used to be commit 14b88ca20dc64702f1c1b457a09b1f13b1964654)
|
|
metze
(This used to be commit 81f4afcbfa296f54634ba2a88e9ef3e966405fc3)
|
|
- add OpenPrinter() server code that just calls OpenPrinterEx()
- fix OpenPrinterEx logic, we pass the invalid printer names test now
metze
(This used to be commit 3085d3728eaf76097319f648ab4bc7f9447bbe10)
|
|
metze
(This used to be commit fd7950abe62e91108157619ace8e96e99110b668)
|
|
DCOM paper in lorikeet. This is the result of 1.5 months work (mainly
figuring out how things *really* work) at the end of 2004.
In general:
- Clearer distinction between COM and DCOM. DCOM is now merely
the glue between DCE/RPC+ORPC and COM. COM can also work without
DCOM now. This makes the code a lot clearer.
- Clearer distinction between NDR and DCOM. Before, NDR had a couple of
"if"s to cope with DCOM, which are now gone.
- Use "real" arguments rather then structures for function arguments in
COM, mainly because most of these calls are local so packing/unpacking
data for every call is too much overhead (both speed- and code-wise)
- Support several mechanisms to load class objects:
- from memory (e.g. part of the current executable, registered at start-up)
- from shared object files
- remotely
- Most things are now also named COM rather then DCOM because that's what it
really is. After an object is created, it no longer matters whether it
was created locally or remotely.
There is a very simple example class that contains
both a class factory and a class that implements the IStream interface.
It can be tested (locally only, remotely is broken at the moment)
by running the COM-SIMPLE smbtorture test.
Still to-do:
- Autogenerate parts of the class implementation code (using the coclass definitions in IDL)
- Test server-side
- Implement some of the common classes, add definitions for common interfaces.
(This used to be commit 71fd3e5c3aac5f0002001ab29d2248e6c6842d6f)
|
|
for the spoolss_Enum* functions
metze
(This used to be commit bfcc86e706cf32672323eda939e5def6694509a8)
|
