Age | Commit message (Collapse) | Author | Files | Lines |
|
Andrew Bartlett
(This used to be commit 8e78830ffc9280b48e1e690d95a94f1645e6e496)
|
|
Andrew Bartlett
(This used to be commit 6a9b6373273f135fe012a6603707d77c2a65e9fa)
|
|
- add --krbtgtpass and --machinepass options, with them you can easy set them to default
values for testing so that you don't need to setup a new keytab file when you rerun provision.pl
metze
(This used to be commit cfb72455970c182aaba67bf9cf9775a854f143ff)
|
|
this is ifdef'ed out currently because we use 'unique' pointers in the epmapper pipe,
where we should use 'ptr' full pointers.
metze
(This used to be commit ccc9d9267a60287eff1fb26132aa7cae3b39dcee)
|
|
length too,
it's always 16 bytes smaller than the size in the PAC_BUFFER
we now dump the blob's on LOCAL-PAC with -d 10
metze
(This used to be commit 4ef721ce53539ac56ca8ac4d601f512149ca7283)
|
|
- check if the buffer length of the original and created buffer are equal
metze
(This used to be commit 84ff2d87e28df3e2b3c1495a9ea48f40221b96ae)
|
|
metze
(This used to be commit 25f5d1db296b03b62869c8467b652a0df3107222)
|
|
memory checks
- move to handmodified pull/push code for PAC_BUFFER
to get the _ndr_size field and the subcontext size right
- after looking closely to the sample w2k3 PAC in our torture test (and some more in my archive)
I found out that the first uint32 before the netr_SamInfo3 was also a pointer,
(and we passed a NULL pointer there before, so I think that was the reason why the windows clients doesn't want our PAC)
w2k3 uses this for unique pointers:
ptr = ndr->ptr_count * 4;
ptr |= 0x00020000;
ndr->ptr_count;
- do one more pull/push round with the sample PAC
metze
(This used to be commit 0eee17941595e9842a264bf89ac73ca66cea7ed5)
|
|
metze
(This used to be commit 5fcaa21d67e399aab4af15f4f6f919203c1152e5)
|
|
metze
(This used to be commit d75c97b8476357bee4d3ba5f8464193c8d296cdd)
|
|
metze
(This used to be commit a2a8aa322d722bd8a1ab672eacfe2f812d621f84)
|
|
metze
(This used to be commit f308b72b19ab1e0e2f5a732bd1bc13082a634a9c)
|
|
rafal
(This used to be commit 9f0dfafcdeceb23c19686d2163e6ff6e613bd067)
|
|
(This used to be commit 46632e2048f0b87de351cd3f26229cfc4b3384ca)
|
|
report from robert collins.
- updated talloc guide to reflect the fact that over the last few
months talloc overhead compared to malloc has dropped, probably due
to a bunch of small changes. It now costs about 4% more than malloc
on my box
(This used to be commit 689a9ccf91f9de560a500787d85321abe096b948)
|
|
(This used to be commit a3b8a00d7f67da5bc1187ce271a8df1601411dbc)
|
|
(This used to be commit 93c2d93ed81c688d5e191aed0dc70ecfe59830ea)
|
|
(This used to be commit acd9fad3a4c578e20cd4bdb79a000a7ff70f680c)
|
|
(This used to be commit b71fbcf5e2c627d918aef555b8cc8dd4591d8fe7)
|
|
NT_STATUS_INVALID_HANDLE on a per call basis for a bad vuid. That
means it is doing checking for a valid vuid in each backend function,
rather than globally. I don't want to emulate that as it is way too
error prone, and could easily lead to a security hole, so instead
accept either error code in our test suite.
(This used to be commit aefa9e53fa97551c1b15bdd50565881e63aea9a8)
|
|
(This used to be commit d77b3820d16f60fb9119ac6eb70007363990b20d)
|
|
torture code that can tell the difference between dos and ntstatus
codes without mapping
(This used to be commit 5521060c089c2181a2f3c7aeabd2f3ba813c6e60)
|
|
(This used to be commit 0f76449a08955cfe50178b6accfd631d7cf42da3)
|
|
The biggest change was fixing the RAW-CONTEXT test. It was forcing
capabilities to zero in an attempt to not negotiated extended
security, but as a side effect it was forcing negotiation of dos error
codes. This confused the hell out of the test code!
Also fixed a bunch of places incorrectly using NT_STATUS_V() instead
of NT_STATUS_EQUAL() and several places that had the wrong dos status
codes
(This used to be commit 0b22744f40804a0d6dc94bfc40ec09306f584f7e)
|
|
error is coming from. In this case I needed to know where a
NT_STATUS_ACCESS_DENIED was being returned, which is a very common
error, but I needed to know which place in the code was giving it
(This used to be commit 692bb1c8a1428917ed6c516d02524c2f76157181)
|
|
(This used to be commit 97cb70571377e3b4e5eb0b7ca516e4af349fdfea)
|
|
(This used to be commit 8649945cf9932a169190727f99e352ad68b0589f)
|
|
(This used to be commit 980c09cfca1744c35eb284c7177709fedba073dc)
|
|
Heimdal' case.
Andrew Bartlett
(This used to be commit b7c3c2f67188d8c8478d93e6890a81fa7d468061)
|
|
disabled. The main change is to turn off spnego, which cannot work at
all without nt status codes (w2k3 gives a ERRHRD:ERRgeneral error when
you try)
I also modified NT_STATUS_EQUAL() to allow for nt->dos code equality,
but only when nt status codes are disabled in smb.conf. That keeps all
the existing torture code working, while still allowing us to
correctly catch the cases where forced dos error codes are needed
The dos->ntstatus mapping table has been removed completely, as it
doesn't really make sense, is impossible to get right, and with the
new dos status handling isn't needed. When matching a nt status code
to a dos status code it makes far more sense to map from the nt code
to the dos code and compare, rather than the reverse, as the nt->dos
mapping is what windows has to do internally, so there really is a
valid mapping table.
(This used to be commit f21274e07b361ef40fdc0fe23e96f1c9c63a091c)
|
|
much closer.
This changes PIDL to allow a subcontext to have a pad8 flag, saying to
pad behind to an 8 byte boundary. This is the only way I can explain
the 4 trainling zeros in the signature struct.
Far more importantly, the PAC code is now under self-test, both in
creating/parsing our own PAC, but also a PAC from my win2k3 server.
This required changing auth_anonymous, because I wanted to reuse the
anonymous 'server_info' generation code.
I'm still having trouble with PIDL, particulary as surrounds value(),
but I'll follow up on the list.
Andrew Bartlett
(This used to be commit 50a54bf4e9bf04d2a8e0aebb3482a2ff655c8bbb)
|
|
gensec failure to start.
Andrew Bartlett
(This used to be commit bc8f8d2dcfbcf06bb9c49981bc3811b252a4b9b0)
|
|
any more.
Perhaps like minimal_includes.pl, we should have a way to find these
automaticly. Hmm...
Andrew Bartlett
(This used to be commit d13b9f548e9d3696505178476d2615835cae8fe2)
|
|
that relied on the mapping need to be fixed. The first thing is to get
all the torture tests working against w2k3 again with nt status codes
enabled. The 2nd step will be to make them pass with nt status
disabled.
This starts on the first task, fixing the assumption that
NT_STATUS_INVALID_LOCK_SEQUENCE is a valid substitute for
ERRDOS:ERRbadaccess
(This used to be commit 87cdd117081193d215c5a9e3603438e058ad777b)
|
|
the torture code. To fix this, get rid of dos_errstr() and instead
move the strings into the nt_errstr() table, using cpp to generate the
strings
(This used to be commit 3136ad9634f0a5ab46e4f83e093df87fdd36484d)
|
|
(This used to be commit ee27943e215126a2048d1082437ef2597d913371)
|
|
codes, controlled
with 'nt status support' option.
- make nt_errstr() display nice strings for dos status codes encoded
using NT_STATUS_DOS()
- no longer map between dos and nt status codes in the client library,
instead return using NT_STATUS_DOS()
- fixed the RAW-CONTEXT test to look for
NT_STATUS_DOS(ERRSRV, ERRbaduid) instead of NT_STATUS_INVALID_HANDLE
(This used to be commit ff5549e87ffae9f062394f30d8fd1ae95b614735)
|
|
so the first extra arg isn't interpreted as a parameter to the last
hardcoded arg.
(This used to be commit ad1700ca8e1af7933a183172f4a5ad4b56280474)
|
|
(This used to be commit baa8f0836f34c94a2f3d831e315575cfa7ced7c3)
|
|
(This used to be commit 23bff7bf6cf437e78db50b09f69fd1fbdf6aab35)
|
|
rafal
(This used to be commit 88e7b9c2371383c469e2db73d4c8dca70aca7586)
|
|
rafal
(This used to be commit 9885749e36435b301c992e50d0a189860cfa4b5e)
|
|
rafal
(This used to be commit 6736ab102f60f8e14d10f430f3e5a0eef478bc81)
|
|
rafal
(This used to be commit cca6d792945477b86b2dd91f3c90152b69ee2a15)
|
|
this will fix the build
(This used to be commit 9a8872b168c68bade31cab09bea609d2143c4e97)
|
|
(This used to be commit 2e328e6c2fc2c66b0d0de910cd43ab232049bc90)
|
|
fail if not
(This used to be commit b1a61cd5d03b4c61b81c810123ffeb3621831617)
|
|
- we do not support multpiple attribute components anymore, makes code a lot easier
they will be readded later if we found out they are really used, so far my tests
show w2k3 do not handle them as well
- fix escaping issues, move component value to be in an ldb_val structure
still need to handle binary values case
- make cononicalize functions leak less memory by giving a specific memory context
- fix tests scripts so that test-ldap can start
- make test not delete databases on completion so that I can inspect them
(This used to be commit 624a73148d125690ce18515f19231d26df207738)
|
|
rafal
(This used to be commit 0209fc67adae9d2003f06c826557306c2141a6a8)
|
|
rafal
(This used to be commit 1815a6af06aa791bfecb4aee8742701975d35318)
|