Age | Commit message (Collapse) | Author | Files | Lines |
|
(This used to be commit 513fc9c24493e007a9e4d034ca05657897a5eac2)
|
|
(This used to be commit c2c563bf985a8fdd28beacb3dbdf650c11af2fa7)
|
|
rafal
(This used to be commit 4ac3c145fccc203323e3bf8772bccd290a82cf63)
|
|
callback interface, so we can start dumping into more than just stdout
soon.
Also use the enums instead of uint32 where possible and valid.
Andrew Bartlett
(This used to be commit f0c67a4a24dbd7fc32fc864d61a21eeee587178e)
|
|
command.
Andrew Bartlett
(This used to be commit adb5a3093ea3ab82e01f488ea780106fee98733b)
|
|
(This used to be commit 13ab07214e33e16d873befb3c34ed149d11a09ab)
|
|
We need to pass the 'secure channel type' to the NETLOGON layer, which
must match the account type.
(Yes, jelmer objects to this inclusion of the kitchen sink ;-)
Andrew Bartlett
(This used to be commit 8ee208a926d2b15fdc42753b1f9ee586564c6248)
|
|
trouble with the epoll() based event handling
- changes the test to use a local directory instead of the prefix lock
directory, so the LOCAL-MESSAGING test can run as non-root even when
the lock directory is not writeable
(This used to be commit 079e1f4e85832f8d14ac385511ff67473e139ca1)
|
|
(This used to be commit d1e0b7a2e3078c9cc1baff2fd17222ebae94ada7)
|
|
Fill out the group list for the SamLogon reply, so clients get the
supplementary groups.
Andrew Bartlett
(This used to be commit d9c31e60a72c345e3a23a7eb742906bcfc18721c)
|
|
(This used to be commit 3e610e3952867658a59424301a6ef0573e0a0c1f)
|
|
(This used to be commit 70b4a687c01a05b752438f39146ad0a240c976d5)
|
|
Andrew Bartlett
(This used to be commit 4fc2a056cd38de7b3e2bc972958b5c104ba57ba7)
|
|
now don't fail the test.
Andrew Bartlett
(This used to be commit 437aabf15ef7c5eead4bec45eb7e10a77f392b84)
|
|
(the call freed the memory it used to fill in the result structure)
(This used to be commit b352ef1a4282ddadf85e635112ff51dc3222a854)
|
|
Andrew Bartlett
(This used to be commit 8d503fb153c25580c06dd13ca83df47f9e434c7a)
|
|
client and server logic code. In future, this may allow us to build
only the NTLMSSP client, and not the server, but in the short-term, it
allows me greater sainity in moving around these files.
Andrew Bartlett
(This used to be commit 2f22841c6753e3d5816c12bd463b71f74e1d8796)
|
|
The aim here is to remove the extra layer of abstraction, and to then
use the credentials code directly in the NTLMSSP layer.
Andrew Bartlett
(This used to be commit b14c530dfd3e56975dea7e30aa8d62d4f2827700)
|
|
schannel test.
Andrew Bartlett
(This used to be commit 7e554e31d93c6f0c3968dfcb774b3135573d97b1)
|
|
with Richard and Andrew.
rafal
(This used to be commit 400f6d5f87c7a0b49bfd289521a3cf4af2586235)
|
|
deleted last time running the test.
rafal
(This used to be commit 91df25a795b3754c9445af6ade53cbc89ec4a545)
|
|
lp_workgroup parameter as domain name to operate on.
rafal
(This used to be commit ea251d4f79c96145b4c14074d258aeb07c742f41)
|
|
simulate real conditions of calling the function.
rafal
(This used to be commit 2518122c9e230639db253ff02de1843cb3448198)
|
|
with user del function.
rafal
(This used to be commit a6b191188294c447fc4942c632fe905984048834)
|
|
rafal
(This used to be commit 0dc416b8e4bcab319b2fc66fa15c49f490492664)
|
|
rafal
(This used to be commit 76fb84c1ee2896f762278b0c5592ab418d6cf87c)
|
|
rafal
(This used to be commit 7539397240414a736bd581b85821635837d16a2e)
|
|
- qfsinfo (query file system information)
- appendacl (append an ACL to existing file's security descriptor and get new
full ACL)
The second one also includes an improvement to security descriptor handling
which allows to copy security descriptor. Written by Peter Novodvorsky
<peter.novodvorsky@ru.ibm.com>
Both functions have corresponding torture tests added. Tested under valgrind and
work against Samba 4 and Windows XP.
ToDo: document composite call creation process in prog_guide.txt
(This used to be commit 441cff62ac75ed16851ce7b8daf9d03eb4c3ec79)
|
|
Thanks to lars and agruen for finding this
(This used to be commit 2acc06918574b1178eecf3d61026f84f85bb40e1)
|
|
Samba4 without Samba3 nmbd
(This used to be commit f4d07d7d3b6973b503d8c98f177471dd6cebfa92)
|
|
netlogon query.
Note that this response is almost identical to the CLDAP netlogon
response, so adding that will now be quite easy.
(This used to be commit 1ea4ed4ad1d9336f8288283688fa2d7bebfa533c)
|
|
(This used to be commit 63dfa9b80649928baf72687381fcfb6dd4d20032)
|
|
clients when a user tries to login)
(This used to be commit 08ded62156b387457bc56b5910e1ddc813b375bd)
|
|
Andrew Bartlett
(This used to be commit 6e2327ee9bb3a9695eb85c6891f73f46d382919f)
|
|
now tests areas in extended security handling (SPNEGO) that are just
plain odd...
Andrew Bartlett
(This used to be commit d8d63e8c79f80a0cc64e2264a2671005752c34c4)
|
|
test suite, but doesn't yet seem to satisfy a nt4 client. I'm
investigating.
(This used to be commit 406217262dff5adb5d0cb0028198e08f66cc85f4)
|
|
this because I don't want our torture suite to leave behind accounts
with known passwords if it is stopped in the wrong place. It is now
run behind the -X (dangerous) wrapper.
Andrew Bartlett
(This used to be commit 057a81d81ed8dfaf323be118e32df2cf1c92cc09)
|
|
parsing incoming netlogon requests. No replies are sent yet.
(This used to be commit 3b34df6a674cd2aeddc354cdadae3f0e1c000d45)
|
|
(This used to be commit 8b9a5d8336da43619fc1ea8f081d5ade98f0599b)
|
|
now tries to bind to port 138 if possible, so if you run it as root
and smbd/nmbd is not running then it works against windows servers
(This used to be commit 52ccdb79bc922be52c24dd393323dbbee83a2aea)
|
|
suite. The NBT-DGRAM test does a UDP/138 netlogon request, to which a
windows server sends a reply, but the windows server sends the reply
to the wrong port (it always sends to 138), so the test suite doesn't
see it.
(This used to be commit a7634625dbc944dd8256a822be290010f341a571)
|
|
need one call to get in sync again (except something like NT_STATUS_MORE_ENTRIES is returned)
also the pdc only need to know the current state values
metze
(This used to be commit f4e12b38937bd8c16fd1a8b13401a65565d4bd00)
|
|
"Architecture"
(sorry richard:-)
disable lookup for DefaultSpoolDirectory until, I have fixed the parsing when WERR_MORE_DATA
is returned
metze
(This used to be commit d5993337b814560cd59d8d08b30fe31e2fb9fd28)
|
|
(This used to be commit 85c2b8b9447efdcefe16517a5509357262c6229c)
|
|
- fix GetPrinterData(), look inside the datablob
- add idl for RemoteFindFirstChangeNotify(), without meaning yet, just to not return a DCERPC_FAULT
when receiving this request
metze
(This used to be commit 92f3d5bd9c700032612ac20dc7635730c555c4da)
|
|
a handle as parameter,
EnumPorts
EnumPrinterDrivers
EnumMonitors
EnumPrintProcessors
EnumPrinters
we now do cross checks between the different info levels
and sore the results in a global context,
so that we later can add cross checks between the different object types
- add idl for EnumMonitors and EnumPrintProcessors
metze
(This used to be commit 92a3721bc7a28d521090b10eb3b1eed089036432)
|
|
- talloc should always be done in the right context. For example, when creating
the userinfo_state structure, place it inside the composite
structure, not directly on the pipe. If this isn't done then
correct cleanup can't happen on errors (as cleanup destroys the top
level composite context only)
- define private structures like userinfo_state in the userinfo.c
code, not in the public header
- only keep the parameters we need in the state structure. For
example, the domain_handle is only needed in the first call, so we
don't need to keep it around in the state structure, but the level is
needed in later calls, so we need to keep it
- always initialise [out,ref] parameters in RPC calls. The [ref] part
means that the call assumes the pointer it has been given is
valid. If you don't initialise it then you will get a segv on
recv. This is why the code was dying.
- don't use internal strucrure elements like the pipe
pipe->conn->pending outside of the internal rpc implementation. That
is an internal list, trying to use it from external code will cause crashes.
- rpc calls assume that rpc call strucrures remain valid for the
duration of the call. This means you need to keep the structures
(such as "struct samr_Close") in the userinfo_state strucrure,
otherwise it will go out of scope during the async processing
- need to remember to change c->state to SMBCLI_REQUEST_DONE when the
request has finished in the close handler, otherwise it will loop
forever trying to close
Mimir, please look at the diff carefully for more detailed info on the fixes
(This used to be commit 01ea1e7762e214e87e74d6f28d6efeb6cdea9736)
|
|
metze
(This used to be commit a3cec189e1f5d137ba2f2829def03b060b59f0e2)
|
|
has the patience to run test_w2k3.sh to completion :-)
It looks to me that the Windows server runs the RC4 over the C struct,
not the NDR data.
Andrew Bartlett
(This used to be commit c324d974134c35b4c50c91d5a932a63c78b67046)
|
|
GENSEC, and to pull SCHANNEL into GENSEC, by making it less 'special'.
GENSEC now no longer has it's own handling of 'set username' etc,
instead it uses cli_credentials calls.
In order to link the credentails code right though Samba, a lot of
interfaces have changed to remove 'username, domain, password'
arguments, and these have been replaced with a single 'struct
cli_credentials'.
In the session setup code, a new parameter 'workgroup' contains the
client/server current workgroup, which seems unrelated to the
authentication exchange (it was being filled in from the auth info).
This allows in particular kerberos to only call back for passwords
when it actually needs to perform the kinit.
The kerberos code has been modified not to use the SPNEGO provided
'principal name' (in the mechListMIC), but to instead use the name the
host was connected to as. This better matches Microsoft behaviour,
is more secure and allows better use of standard kerberos functions.
To achieve this, I made changes to our socket code so that the
hostname (before name resolution) is now recorded on the socket.
In schannel, most of the code from librpc/rpc/dcerpc_schannel.c is now
in libcli/auth/schannel.c, and it looks much more like a standard
GENSEC module. The actual sign/seal code moved to
libcli/auth/schannel_sign.c in a previous commit.
The schannel credentails structure is now merged with the rest of the
credentails, as many of the values (username, workstation, domain)
where already present there. This makes handling this in a generic
manner much easier, as there is no longer a custom entry-point.
The auth_domain module continues to be developed, but is now just as
functional as auth_winbind. The changes here are consequential to the
schannel changes.
The only removed function at this point is the RPC-LOGIN test
(simulating the load of a WinXP login), which needs much more work to
clean it up (it contains copies of too much code from all over the
torture suite, and I havn't been able to penetrate its 'structure').
Andrew Bartlett
(This used to be commit 2301a4b38a21aa60917973451687063d83d18d66)
|