Age | Commit message (Collapse) | Author | Files | Lines |
|
This is a merge of Brad Henry's 'net join' rework, to better perform
an ADS join, particularly as a DC. This represents the bulk of his
Google SOC work, and I'm very pleased to intergrate it into the tree.
(Metze will intergrate the DRSUAPI work later).
Both metze and myself have also put a lot of time into this patch, and
in mentoring Brad in general. In return, Brad has been a very good
student, and has taken the comments well.
Since it's last appearance on samba-technical@, I have made
correctness and valgrind fixups, as well as adding a new 'BINDING'
mode to the libnet_rpc routines. This allows the exact binding string
to be passed down from the torture code, including options and exact
target host.
(This used to be commit ab20533e7db9e64c8fb5e7f971ab5d3a040e00ab)
|
|
an ADS join, particularly as a DC. This represents the bulk of his
Google SOC work, and I'm very pleased to intergrate it into the tree.
(Metze will intergrate the DRSUAPI work later).
Both metze and myself have also put a lot of time into this patch, and
in mentoring Brad in general. In return, Brad has been a very good
student, and has taken the comments well.
Since it's last appearance on samba-technical@, I have made
correctness and valgrind fixups, as well as adding a new 'BINDING'
mode to the libnet_rpc routines. This allows the exact binding string
to be passed down from the torture code, including options and exact
target host.
Andrew Bartlett
(This used to be commit d6fa105fdabbeb83a9b0e50dad49d1649afdb2a4)
|
|
described on the list. I probably need to write more specific NTLMv2
sucess and failure mode tests.
Andrew Bartlett
(This used to be commit c4d608734a98277b1f761142eb3f89086b539847)
|
|
that a given set of (working) POSIX functions are available (without
prefixes to their names, etc). See lib/replace/README for a list.
Functions that behave different from their POSIX specification
(such as sys_select, sys_read, etc) have kept the sys_ prefix.
(This used to be commit 29919a71059b29fa27a49b1f5b84bb8881de65fc)
|
|
I still have issues with Win2k3 SP1, and Samba4 doesn't pass it's own
test for the moment, but I'm working on these issues :-)
This required a change to the credentials API, so that the special
case for NTLM logins using a principal was indeed handled as a
special, not general case.
Also don't set the realm from a ccache, as then it overrides --option=realm=.
Andrew Bartlett
(This used to be commit 194e8f07c0cb4685797c5a7a074577c62dfdebe3)
|
|
Jelmer, can you see a better approach to this? As far as I am aware
protocol towers don't use hostnames, they always use IP addresses
(This used to be commit 7a3ec95d9911e8c0a278f5a94513e4fd61979eab)
|
|
but final linking still fails (as does generating files asn1, et, idl and proto
files)
(This used to be commit 4f0d7f75b99c7f4388d8acb0838577d86baf68b5)
|
|
Andrew Bartlett
(This used to be commit e05e87b3fe1dae058e2a3588578d09ea1cfd2142)
|
|
(This used to be commit 59d4450453c25f5cce9b67b808ff0c4433c1d194)
|
|
Remove unused includes of dynconfig.h
(This used to be commit 59083b7ba60d518ddb59646c4fd69938afd079b3)
|
|
(This used to be commit 4a4b0537183e16b00a94f0411e423c943d79cba9)
|
|
(This used to be commit f4f9337619f7793f5ad23fcb59a8e8751941fec6)
|
|
the async name resolution mechanisms
(This used to be commit b3a9d759bb7c6ca892f9810389292e79d963ca61)
|
|
connection.
metze
(This used to be commit 589541b7402506422e8a85a857ea48910b24f2d6)
|
|
- handle the case where we're no valid pull partner of the tested server
metze
(This used to be commit d2e62dc205dd450ce57b9566c29e82878eb8471b)
|
|
Don't dump the pac to x.dat (accidental commit).
Andrew Bartlett
(This used to be commit a798d76a4ad6c0cb280d4e03e9819702acb16f55)
|
|
Jeremy.
(This used to be commit da70b2ab2df6d8239811b12b471c578cbff6dca8)
|
|
metze
(This used to be commit d8b84112bb40605b07a77ab5f7a44ac1807ccc59)
|
|
- use LIBCLI_WREPL for the winsreplication client code
- fix some dependencies
metze
(This used to be commit 7dd931ee5ac1408da8d14d00f43d19473e06871e)
|
|
with an aim to make the code simpiler and more correct.
Gone is the old (since the very early Samba 3.0 krb5 days) 'iterate over
all keytypes)' code in gensec_krb5, we now follow the approach used in
gensec_gssapi, and use a keytab.
I have also done a lot of work in the GSSAPI code, to try and reduce
the diff between us and upstream heimdal. It was becoming hard to
track patches in this code, and I also want this patch (the DCE_STYLE
support) to be in a 'manageable' state for when lha considers it for
merging. (metze assures me it still has memory leak problems, but
I've started to address some of that).
This patch also includes a simple update of other code to current
heimdal, as well as changes we need for better PAC verification.
On the PAC side of things we now match windows member servers by
checking the name and authtime on an incoming PAC. Not generating these
right was the cause of the PAC pain, and so now both the main code and
torture test validate this behaviour.
One thing doesn't work with this patch:
- the sealing of RPC pipes with kerberos, Samba -> Samba seems
broken. I'm pretty sure this is related to AES, and the need to break
apart the gss_wrap interface.
Andrew Bartlett
(This used to be commit a3aba57c00a9c5318f4706db55d03f64e8bea60c)
|
|
'make clean gcov' to generate a set of files describing the test coverage
of the Samba 4 code.
(This used to be commit 72bb84add469ad4f027ddbd8d73bb846b0609fa2)
|
|
DRSUAPI CrackNames.
We can't pass the full cracknames test until the initial provision is
updated, the seperate DomainControllerInfo and canonical names support
is added.
Andrew Bartlett
(This used to be commit ed24d88f0e8c6371acf6638a1c5f2112bc0bf285)
|
|
Guenther
(This used to be commit d717e878bdc05b06adcc50c3527c339be8164145)
|
|
(This used to be commit 6e30dd8a50e9afc4942cd925e6e0266d960923dd)
|
|
Andrew Bartlett
(This used to be commit a6597181f62e5b0ec95232a2dd69b5d85de845b8)
|
|
(This used to be commit 9e375d82e828879704442e5a27a9938015953de2)
|
|
More CrackNames testing
Andrew Bartlett
(This used to be commit 0913dec6a98e735e5e3157a2fceec94f57dd706c)
|
|
StrCaseCmp was sys_strcasecmp, while it is in fact strcasecmp_m!
(This used to be commit 200a8f6652cb2de7a8037a7a4c2a204b50aee2b1)
|
|
Andrew Bartlett
(This used to be commit fccbc15555871059e62bf720f115b2307a171667)
|
|
Andrew Bartlett
(This used to be commit ad60d4571568d5b3edd98199462812a2f30c36cd)
|
|
Kerberos CCACHE into the system.
This again allows the use of the system ccache when no username is
specified, and brings more code in common between gensec_krb5 and
gensec_gssapi.
It also has a side-effect that may (or may not) be expected: If there
is a ccache, even if it is not used (perhaps the remote server didn't
want kerberos), it will change the default username.
Andrew Bartlett
(This used to be commit 6202267f6ec1446d6bd11d1d37d05a977bc8d315)
|
|
Andrew Bartlett
(This used to be commit b1b0e26e537677793a92af02464ff1e83fce9610)
|
|
- fixed ncacn_ip_tcp to use the generic async name resolution methods,
so NBT names now work (as requested several times by abartlet!)
- changed resolve_name() to take an event_context, so it doesn't cause
the whole process to block
- cleaned up the talloc_find_parent_bytype() calls to go via a cleaner
event_context_find() call
(This used to be commit b3d491b210a8b889a25efcb273e70fefbd01b7f7)
|
|
Andrew Bartlett
(This used to be commit 1cd62944f1387a3922e01dbee9bcf28f96f131ad)
|
|
krb5_context.
Andrew Bartlett
(This used to be commit 47699019dbb7aa48e7acd6bf8364e40917db8410)
|
|
(This used to be commit d3b5d006717c24660244c6475ffc73cb0b56d021)
|
|
problems with signed chars
(This used to be commit 4b3e3a9633bf7ce57f537b9897c0e9c613a99f7a)
|
|
(This used to be commit 7e6957b906be760e7eb7e6ab6dbc86efeb0c42d2)
|
|
For example:
bin/smbtorture //xx/y LOCAL-PAC --option 'torture:pac_file=x.dat' --option 'torture:pac_kdc_key=B286757148AF7FD252C53603A150B7E7' --option 'torture:pac_member_key=D217FAEAE5E6B5F95CCC94077AB8A5FC'
(This used to be commit e0978ead23c493a802ce69ed7be871b2a9a54498)
|
|
simultaneously with
NTCREATEX_DISP_CREATE (create if not exists, else fail) they might end up with
two or more times NT_STATUS_OK as EEXIST is not correctly handled.
Jeremy, please look closely at this. You can easily verify this by adding a
smb_msleep(100) to the top of open_file_ntcreate and run the new samba4
torture test. It does also happen without the msleep, but not as reliably.
Thanks,
Volker
(This used to be commit c803d4c9a588e39a90ddfe900be9b9de1a861f82)
|
|
(This used to be commit ba909a64e92e9b2d2c8fd02fc9e9e0e7aa49dd0a)
|
|
(This used to be commit 0e30c80a53af45ee9112513c02a6a231e8b1a133)
|
|
- fixed winreg_GetKeySecurity() to use a sec_info field correctly
- simplied the winreg torture code, removing the separate opens for
each hive
- added torture cleanup code in winreg test
- added 'create with security descriptor' in the winreg torture test
(This used to be commit f20695decd587f7b6bbdbd4861441bd19ab85078)
|
|
descriptor. To keep it simple I just use normal IDL buffers for now,
avoiding the complex methods metze used in spoolss. We might change
that later
Also added decoding of the security_descriptor in
winreg_GetKeySecurity() in smbtorture
(This used to be commit 439f34a9621e2e96329c30cfed8d78b8fdfbd8a2)
|
|
Andrew Bartlett
(This used to be commit 01c4a970ec22b3915b8017da018bd500b4fffcbc)
|
|
CrackNames.
Andrew Bartlett
(This used to be commit a82a419579872fc78b02c29972eaf55da22088c1)
|
|
Volker
(This used to be commit 71571fffc0493a5658c5980e6ebe4d8f9ada4699)
|
|
Andrew Bartlett
(This used to be commit 340955220443533cc70dcb0ef9bae4815f30e6c5)
|
|
Andrew Bartlett
(This used to be commit 4c6052ccfd6ff01eb00d8f953ae8912ea6dedba3)
|
|
distinguished names
Provide more functions to handle DNs in this form
(This used to be commit 692e35b7797e39533dd2a1c4b63d9da30f1eb5ba)
|