From 25a82b8fc93ca01b7f142a680ad9a327e8cb8fa9 Mon Sep 17 00:00:00 2001 From: Julien Kerihuel Date: Thu, 15 May 2008 13:54:07 +0200 Subject: [PATCH 01/14] This patch adds remaining padding bytes to the dcerpc_fault IDL structure and adds a const 4 bytes blob to pkt.u.fault. Signed-off-by: Stefan Metzmacher (This used to be commit 652b8c5f156b357e231057a5a0fbded88f4f9c5f) --- source4/librpc/idl/dcerpc.idl | 1 + source4/rpc_server/dcerpc_server.c | 4 ++++ 2 files changed, 5 insertions(+) diff --git a/source4/librpc/idl/dcerpc.idl b/source4/librpc/idl/dcerpc.idl index b2c67542f51..e228d85c464 100644 --- a/source4/librpc/idl/dcerpc.idl +++ b/source4/librpc/idl/dcerpc.idl @@ -116,6 +116,7 @@ interface dcerpc uint16 context_id; uint8 cancel_count; uint32 status; + [flag(NDR_REMAINING)] DATA_BLOB _pad; } dcerpc_fault; /* the auth types we know about */ diff --git a/source4/rpc_server/dcerpc_server.c b/source4/rpc_server/dcerpc_server.c index 1962a97d5b4..eb467709c9c 100644 --- a/source4/rpc_server/dcerpc_server.c +++ b/source4/rpc_server/dcerpc_server.c @@ -445,6 +445,7 @@ static NTSTATUS dcesrv_fault(struct dcesrv_call_state *call, uint32_t fault_code { struct ncacn_packet pkt; struct data_blob_list_item *rep; + uint8_t zeros[4]; NTSTATUS status; /* setup a bind_ack */ @@ -458,6 +459,9 @@ static NTSTATUS dcesrv_fault(struct dcesrv_call_state *call, uint32_t fault_code pkt.u.fault.cancel_count = 0; pkt.u.fault.status = fault_code; + ZERO_STRUCT(zeros); + pkt.u.fault._pad = data_blob_const(zeros, sizeof(zeros)); + rep = talloc(call, struct data_blob_list_item); if (!rep) { return NT_STATUS_NO_MEMORY; From 8651def04c140da23f564be46b86c5e1f33349c4 Mon Sep 17 00:00:00 2001 From: Julien Kerihuel Date: Thu, 15 May 2008 13:55:23 +0200 Subject: [PATCH 02/14] The following patch calls the op_bind operation for an interface which context is altered by dcerpc alter_context requests. It prevents dcerpc_server from returning errors (nca_s_fault_access_denied, then nca_s_fault_context_mismatch in further client requests) and keeps the connection alive. Signed-off-by: Stefan Metzmacher (This used to be commit 718f9ce6889346c92894e868f0678fbe404a43ab) --- source4/rpc_server/dcerpc_server.c | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/source4/rpc_server/dcerpc_server.c b/source4/rpc_server/dcerpc_server.c index eb467709c9c..e0351bb259e 100644 --- a/source4/rpc_server/dcerpc_server.c +++ b/source4/rpc_server/dcerpc_server.c @@ -688,6 +688,7 @@ static NTSTATUS dcesrv_alter_new_context(struct dcesrv_call_state *call, uint32_ struct dcesrv_connection_context *context; const struct dcesrv_interface *iface; struct GUID uuid, *transfer_syntax_uuid; + NTSTATUS status; if_version = call->pkt.u.alter.ctx_list[0].abstract_syntax.if_version; uuid = call->pkt.u.alter.ctx_list[0].abstract_syntax.uuid; @@ -721,6 +722,13 @@ static NTSTATUS dcesrv_alter_new_context(struct dcesrv_call_state *call, uint32_ DLIST_ADD(call->conn->contexts, context); call->context = context; + if (iface) { + status = iface->bind(call, iface); + if (!NT_STATUS_IS_OK(status)) { + return status; + } + } + return NT_STATUS_OK; } From 8a31130a761711e423ab1a788f2931586edb4b18 Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Fri, 16 May 2008 14:40:56 +0200 Subject: [PATCH 03/14] build: readd ALL_OBJS which is needed for automatic_dependencies metze (This used to be commit 5ca4f76703485d68b1aa6b38beaf208555c0cbfe) --- source4/build/smb_build/makefile.pm | 2 ++ 1 file changed, 2 insertions(+) diff --git a/source4/build/smb_build/makefile.pm b/source4/build/smb_build/makefile.pm index 43c4252f9d3..4c375cecf69 100644 --- a/source4/build/smb_build/makefile.pm +++ b/source4/build/smb_build/makefile.pm @@ -238,6 +238,8 @@ sub write($$) $self->_prepare_mk_files(); + $self->output("ALL_OBJS = " . array2oneperline($self->{all_objs}) . "\n"); + open(MAKEFILE,">$file") || die ("Can't open $file\n"); print MAKEFILE $self->{output}; close(MAKEFILE); From ef6fd2d46d2cb7afde4b152d1f1b2db092794542 Mon Sep 17 00:00:00 2001 From: Volker Lendecke Date: Fri, 16 May 2008 15:38:16 +0200 Subject: [PATCH 04/14] In torture_leave_domain, say what account was deleted (This used to be commit a9a0f24f7299c1480d8047d97c703aca8e94c79f) --- source4/torture/rpc/testjoin.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/source4/torture/rpc/testjoin.c b/source4/torture/rpc/testjoin.c index 100e7cead27..51efd99bd8e 100644 --- a/source4/torture/rpc/testjoin.c +++ b/source4/torture/rpc/testjoin.c @@ -508,9 +508,11 @@ _PUBLIC_ void torture_leave_domain(struct test_join *join) /* Delete machine account */ status = dcerpc_samr_DeleteUser(join->p, join, &d); if (!NT_STATUS_IS_OK(status)) { - printf("Delete of machine account failed\n"); + printf("Delete of machine account %s failed\n", + join->netbios_name); } else { - printf("Delete of machine account was successful.\n"); + printf("Delete of machine account %s was successful.\n", + join->netbios_name); } if (join->libnet_r) { From a620882e15c1b33c1eb5a0d4d1a8d8c890cc23df Mon Sep 17 00:00:00 2001 From: Volker Lendecke Date: Thu, 15 May 2008 18:09:56 +0200 Subject: [PATCH 05/14] Fix an uninitialized variable warning (This used to be commit b3d024676426000380ad86a2a4b83e7b21478978) --- source4/lib/ldb_wrap.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/source4/lib/ldb_wrap.c b/source4/lib/ldb_wrap.c index b564976524f..f47d0d5d392 100644 --- a/source4/lib/ldb_wrap.c +++ b/source4/lib/ldb_wrap.c @@ -44,7 +44,7 @@ static void ldb_wrap_debug(void *context, enum ldb_debug_level level, static void ldb_wrap_debug(void *context, enum ldb_debug_level level, const char *fmt, va_list ap) { - int samba_level; + int samba_level = -1; char *s = NULL; switch (level) { case LDB_DEBUG_FATAL: From 7350ddeabfcade6e5feb395f087d036bbbfcf65a Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Tue, 13 May 2008 09:10:25 +0200 Subject: [PATCH 06/14] torture: add RPC-BENCH-SCHANNEL1 test This tests SamLogonEx() calls on multiple (smb) connections in parallel. Sadly the smb connect needs to be serialized because of the reset on zero VC style behavior of windows. Call it like this: bin/smbtorture -U administrator%test ncacn_np:w2k3-101 -W W2K3 RPC-BENCH-SCHANNEL or bin/smbtorture -U administrator%test ncacn_np:w2k3-101 -W W2K3 -k no RPC-BENCH-SCHANNEL \ --option="torture:nprocs=4" --option="torture:timelimit=1" \ --extra-user SUB1\\sub1user%testsecret --extra-user SUB1\\sub1user%testsecret or ... Later we should add more tests, maybe using only one smb connection and different netlogon pipes. We should also test using the DCERPC_PFC_FLAG_CONC_MPX flag and just one rpc connection. DCERPC_PFC_FLAG_CONC_MPX /* supports concurrent multiplexing of a single connection.*/ metze (This used to be commit 901426c24c74390f7b1c78bb7a07c020b6ef73eb) --- source4/torture/rpc/rpc.c | 1 + source4/torture/rpc/schannel.c | 272 +++++++++++++++++++++++++++++++++ 2 files changed, 273 insertions(+) diff --git a/source4/torture/rpc/rpc.c b/source4/torture/rpc/rpc.c index fdb88b13dcc..acc1220ccc9 100644 --- a/source4/torture/rpc/rpc.c +++ b/source4/torture/rpc/rpc.c @@ -399,6 +399,7 @@ NTSTATUS torture_rpc_init(void) torture_suite_add_simple_test(suite, "SAMSYNC", torture_rpc_samsync); torture_suite_add_simple_test(suite, "SCHANNEL", torture_rpc_schannel); torture_suite_add_simple_test(suite, "SCHANNEL2", torture_rpc_schannel2); + torture_suite_add_simple_test(suite, "BENCH-SCHANNEL1", torture_rpc_schannel_bench1); torture_suite_add_suite(suite, torture_rpc_srvsvc(suite)); torture_suite_add_suite(suite, torture_rpc_svcctl(suite)); torture_suite_add_suite(suite, torture_rpc_samr_accessmask(suite)); diff --git a/source4/torture/rpc/schannel.c b/source4/torture/rpc/schannel.c index c89b71baaf4..6acce3f5ad3 100644 --- a/source4/torture/rpc/schannel.c +++ b/source4/torture/rpc/schannel.c @@ -33,6 +33,8 @@ #include "param/param.h" #include "librpc/rpc/dcerpc_proto.h" #include "auth/gensec/gensec.h" +#include "libcli/composite/composite.h" +#include "lib/events/events.h" #define TEST_MACHINE_NAME "schannel" @@ -484,3 +486,273 @@ bool torture_rpc_schannel2(struct torture_context *torture) return true; } +struct torture_schannel_bench; + +struct torture_schannel_bench_conn { + struct torture_schannel_bench *s; + int index; + struct cli_credentials *wks_creds; + struct dcerpc_pipe *pipe; + struct netr_LogonSamLogonEx r; + struct netr_NetworkInfo ninfo; + TALLOC_CTX *tmp; + uint64_t total; + uint32_t count; +}; + +struct torture_schannel_bench { + struct torture_context *tctx; + bool progress; + int timelimit; + int nprocs; + int nconns; + struct torture_schannel_bench_conn *conns; + struct test_join *join_ctx; + struct cli_credentials *wks_creds; + struct cli_credentials *user1_creds; + struct cli_credentials *user2_creds; + struct dcerpc_binding *b; + NTSTATUS error; + uint64_t total; + uint32_t count; + bool stopped; +}; + +static void torture_schannel_bench_connected(struct composite_context *c) +{ + struct torture_schannel_bench_conn *conn = c->async.private_data; + struct torture_schannel_bench *s = talloc_get_type(conn->s, + struct torture_schannel_bench); + + s->error = dcerpc_pipe_connect_b_recv(c, s->conns, &conn->pipe); + torture_comment(s->tctx, "conn[%u]: %s\n", conn->index, nt_errstr(s->error)); + if (NT_STATUS_IS_OK(s->error)) { + s->nconns++; + } +} + +static void torture_schannel_bench_recv(struct rpc_request *req); + +static bool torture_schannel_bench_start(struct torture_schannel_bench_conn *conn) +{ + struct torture_schannel_bench *s = conn->s; + NTSTATUS status; + DATA_BLOB names_blob, chal, lm_resp, nt_resp; + int flags = CLI_CRED_NTLM_AUTH; + struct rpc_request *req; + struct cli_credentials *user_creds; + + if (conn->total % 2) { + user_creds = s->user1_creds; + } else { + user_creds = s->user2_creds; + } + + if (lp_client_lanman_auth(s->tctx->lp_ctx)) { + flags |= CLI_CRED_LANMAN_AUTH; + } + + if (lp_client_ntlmv2_auth(s->tctx->lp_ctx)) { + flags |= CLI_CRED_NTLMv2_AUTH; + } + + talloc_free(conn->tmp); + conn->tmp = talloc_new(s); + ZERO_STRUCT(conn->ninfo); + ZERO_STRUCT(conn->r); + + cli_credentials_get_ntlm_username_domain(user_creds, conn->tmp, + &conn->ninfo.identity_info.account_name.string, + &conn->ninfo.identity_info.domain_name.string); + + generate_random_buffer(conn->ninfo.challenge, + sizeof(conn->ninfo.challenge)); + chal = data_blob_const(conn->ninfo.challenge, + sizeof(conn->ninfo.challenge)); + + names_blob = NTLMv2_generate_names_blob(conn->tmp, lp_iconv_convenience(s->tctx->lp_ctx), + cli_credentials_get_workstation(conn->wks_creds), + cli_credentials_get_domain(conn->wks_creds)); + + status = cli_credentials_get_ntlm_response(user_creds, conn->tmp, + &flags, + chal, + names_blob, + &lm_resp, &nt_resp, + NULL, NULL); + torture_assert_ntstatus_ok(s->tctx, status, + "cli_credentials_get_ntlm_response failed"); + + conn->ninfo.lm.data = lm_resp.data; + conn->ninfo.lm.length = lm_resp.length; + + conn->ninfo.nt.data = nt_resp.data; + conn->ninfo.nt.length = nt_resp.length; + + conn->ninfo.identity_info.parameter_control = 0; + conn->ninfo.identity_info.logon_id_low = 0; + conn->ninfo.identity_info.logon_id_high = 0; + conn->ninfo.identity_info.workstation.string = cli_credentials_get_workstation(conn->wks_creds); + + conn->r.in.server_name = talloc_asprintf(conn->tmp, "\\\\%s", dcerpc_server_name(conn->pipe)); + conn->r.in.computer_name = cli_credentials_get_workstation(conn->wks_creds); + conn->r.in.logon_level = 2; + conn->r.in.logon.network = &conn->ninfo; + conn->r.in.flags = 0; + conn->r.in.validation_level = 2; + + req = dcerpc_netr_LogonSamLogonEx_send(conn->pipe, conn->tmp, &conn->r); + torture_assert(s->tctx, req, "Failed to setup LogonSamLogonEx request"); + + req->async.callback = torture_schannel_bench_recv; + req->async.private_data = conn; + + return true; +} + +static void torture_schannel_bench_recv(struct rpc_request *req) +{ + bool ret; + struct torture_schannel_bench_conn *conn = req->async.private_data; + struct torture_schannel_bench *s = talloc_get_type(conn->s, + struct torture_schannel_bench); + + s->error = dcerpc_ndr_request_recv(req); + if (!NT_STATUS_IS_OK(s->error)) { + return; + } + + conn->total++; + conn->count++; + + if (s->stopped) { + return; + } + + ret = torture_schannel_bench_start(conn); + if (!ret) { + s->error = NT_STATUS_INTERNAL_ERROR; + } +} + +/* + test multiple schannel connection in parallel + */ +bool torture_rpc_schannel_bench1(struct torture_context *torture) +{ + bool ret = true; + NTSTATUS status; + const char *binding = torture_setting_string(torture, "binding", NULL); + struct torture_schannel_bench *s; + struct timeval start; + struct timeval end; + int i; + const char *tmp; + + s = talloc_zero(torture, struct torture_schannel_bench); + s->tctx = torture; + s->progress = torture_setting_bool(torture, "progress", true); + s->timelimit = torture_setting_int(torture, "timelimit", 10); + s->nprocs = torture_setting_int(torture, "nprocs", 4); + s->conns = talloc_zero_array(s, struct torture_schannel_bench_conn, s->nprocs); + + s->user1_creds = (struct cli_credentials *)talloc_memdup(s, + cmdline_credentials, + sizeof(*s->user1_creds)); + tmp = torture_setting_string(s->tctx, "extra_user1", NULL); + if (tmp) { + cli_credentials_parse_string(s->user1_creds, tmp, CRED_SPECIFIED); + } + s->user2_creds = (struct cli_credentials *)talloc_memdup(s, + cmdline_credentials, + sizeof(*s->user1_creds)); + tmp = torture_setting_string(s->tctx, "extra_user2", NULL); + if (tmp) { + cli_credentials_parse_string(s->user1_creds, tmp, CRED_SPECIFIED); + } + + s->join_ctx = torture_join_domain(s->tctx, talloc_asprintf(s, "%sb", TEST_MACHINE_NAME), + ACB_WSTRUST, &s->wks_creds); + torture_assert(torture, s->join_ctx != NULL, + "Failed to join domain with acct_flags=ACB_WSTRUST"); + + cli_credentials_set_kerberos_state(s->wks_creds, CRED_DONT_USE_KERBEROS); + + for (i=0; i < s->nprocs; i++) { + s->conns[i].s = s; + s->conns[i].index = i; + s->conns[i].wks_creds = (struct cli_credentials *)talloc_memdup(s->conns, + s->wks_creds, + sizeof(*s->wks_creds)); + s->conns[i].wks_creds->netlogon_creds = NULL; + } + + status = dcerpc_parse_binding(s, binding, &s->b); + torture_assert_ntstatus_ok(torture, status, "Bad binding string"); + s->b->flags &= ~DCERPC_AUTH_OPTIONS; + s->b->flags |= DCERPC_SCHANNEL | DCERPC_SIGN; + + torture_comment(torture, "Opening %d connections in parallel\n", s->nprocs); + for (i=0; i < s->nprocs; i++) { +#if 1 + s->error = dcerpc_pipe_connect_b(s->conns, &s->conns[i].pipe, s->b, + &ndr_table_netlogon, + s->conns[i].wks_creds, + torture->ev, torture->lp_ctx); + torture_assert_ntstatus_ok(torture, s->error, "Failed to connect with schannel"); +#else + /* + * This path doesn't work against windows, + * because of windows drops the connections + * which haven't reached a session setup yet + * + * The same as the reset on zero vc stuff. + */ + struct composite_context *c; + c = dcerpc_pipe_connect_b_send(s->conns, s->b, + &ndr_table_netlogon, + s->conns[i].wks_creds, + torture->ev, + torture->lp_ctx); + torture_assert(torture, c != NULL, "Failed to setup connect"); + c->async.fn = torture_schannel_bench_connected; + c->async.private_data = &s->conns[i]; + } + + while (NT_STATUS_IS_OK(s->error) && s->nprocs != s->nconns) { + int ev_ret = event_loop_once(torture->ev); + torture_assert(torture, ev_ret == 0, "event_loop_once failed"); +#endif + } + torture_assert_ntstatus_ok(torture, s->error, "Failed establish a connect"); + + torture_comment(torture, "Start looping LogonSamLogonEx on %d connections for %d secs\n", + s->nprocs, s->timelimit); + for (i=0; i < s->nprocs; i++) { + ret = torture_schannel_bench_start(&s->conns[i]); + torture_assert(torture, ret, "Failed to setup LogonSamLogonEx"); + } + + start = timeval_current(); + end = timeval_add(&start, s->timelimit, 0); + + while (NT_STATUS_IS_OK(s->error) && !timeval_expired(&end)) { + int ev_ret = event_loop_once(torture->ev); + torture_assert(torture, ev_ret == 0, "event_loop_once failed"); + } + torture_assert_ntstatus_ok(torture, s->error, "Failed some request"); + s->stopped = true; + talloc_free(s->conns); + + for (i=0; i < s->nprocs; i++) { + s->total += s->conns[i].total; + } + + torture_comment(torture, + "Total ops[%llu] (%u ops/s)\n", + (unsigned long long)s->total, + (unsigned)s->total/s->timelimit); + + torture_leave_domain(s->join_ctx); + return true; +} From 12df1406716b3fd95df509de0e40e77191176872 Mon Sep 17 00:00:00 2001 From: Volker Lendecke Date: Fri, 16 May 2008 15:44:14 +0200 Subject: [PATCH 07/14] Fix two C++ warnings (This used to be commit f75f95931c15d57b3111db4dff589be06710aea7) --- source4/torture/rpc/schannel.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/source4/torture/rpc/schannel.c b/source4/torture/rpc/schannel.c index 6acce3f5ad3..c9c8c81b3cb 100644 --- a/source4/torture/rpc/schannel.c +++ b/source4/torture/rpc/schannel.c @@ -520,7 +520,8 @@ struct torture_schannel_bench { static void torture_schannel_bench_connected(struct composite_context *c) { - struct torture_schannel_bench_conn *conn = c->async.private_data; + struct torture_schannel_bench_conn *conn = + (struct torture_schannel_bench_conn *)c->async.private_data; struct torture_schannel_bench *s = talloc_get_type(conn->s, struct torture_schannel_bench); @@ -613,7 +614,8 @@ static bool torture_schannel_bench_start(struct torture_schannel_bench_conn *con static void torture_schannel_bench_recv(struct rpc_request *req) { bool ret; - struct torture_schannel_bench_conn *conn = req->async.private_data; + struct torture_schannel_bench_conn *conn = + (struct torture_schannel_bench_conn *)req->async.private_data; struct torture_schannel_bench *s = talloc_get_type(conn->s, struct torture_schannel_bench); From 54e4fa66d4666d358e829461583443c79f06f3b3 Mon Sep 17 00:00:00 2001 From: Volker Lendecke Date: Fri, 16 May 2008 15:51:27 +0200 Subject: [PATCH 08/14] Make rpc-bench-schannel1 use two wks accounts if --option=torture:multijoin=true (This used to be commit fc3bc3c4a85b0e0ba853f3208a4e934a733cfdc4) --- source4/torture/rpc/schannel.c | 31 +++++++++++++++++++++---------- 1 file changed, 21 insertions(+), 10 deletions(-) diff --git a/source4/torture/rpc/schannel.c b/source4/torture/rpc/schannel.c index c9c8c81b3cb..f0279f0d046 100644 --- a/source4/torture/rpc/schannel.c +++ b/source4/torture/rpc/schannel.c @@ -507,8 +507,10 @@ struct torture_schannel_bench { int nprocs; int nconns; struct torture_schannel_bench_conn *conns; - struct test_join *join_ctx; - struct cli_credentials *wks_creds; + struct test_join *join_ctx1; + struct cli_credentials *wks_creds1; + struct test_join *join_ctx2; + struct cli_credentials *wks_creds2; struct cli_credentials *user1_creds; struct cli_credentials *user2_creds; struct dcerpc_binding *b; @@ -673,19 +675,27 @@ bool torture_rpc_schannel_bench1(struct torture_context *torture) cli_credentials_parse_string(s->user1_creds, tmp, CRED_SPECIFIED); } - s->join_ctx = torture_join_domain(s->tctx, talloc_asprintf(s, "%sb", TEST_MACHINE_NAME), - ACB_WSTRUST, &s->wks_creds); - torture_assert(torture, s->join_ctx != NULL, + s->join_ctx1 = torture_join_domain(s->tctx, talloc_asprintf(s, "%sb", TEST_MACHINE_NAME), + ACB_WSTRUST, &s->wks_creds1); + torture_assert(torture, s->join_ctx1 != NULL, + "Failed to join domain with acct_flags=ACB_WSTRUST"); + s->join_ctx2 = torture_join_domain(s->tctx, talloc_asprintf(s, "%sc", TEST_MACHINE_NAME), + ACB_WSTRUST, &s->wks_creds2); + torture_assert(torture, s->join_ctx2 != NULL, "Failed to join domain with acct_flags=ACB_WSTRUST"); - cli_credentials_set_kerberos_state(s->wks_creds, CRED_DONT_USE_KERBEROS); + cli_credentials_set_kerberos_state(s->wks_creds1, CRED_DONT_USE_KERBEROS); + cli_credentials_set_kerberos_state(s->wks_creds2, CRED_DONT_USE_KERBEROS); for (i=0; i < s->nprocs; i++) { s->conns[i].s = s; s->conns[i].index = i; - s->conns[i].wks_creds = (struct cli_credentials *)talloc_memdup(s->conns, - s->wks_creds, - sizeof(*s->wks_creds)); + s->conns[i].wks_creds = (struct cli_credentials *)talloc_memdup( + s->conns, s->wks_creds1,sizeof(*s->wks_creds1)); + if ((i % 2) && (torture_setting_bool(torture, "multijoin", false))) { + memcpy(s->conns[i].wks_creds, s->wks_creds2, + talloc_get_size(s->conns[i].wks_creds)); + } s->conns[i].wks_creds->netlogon_creds = NULL; } @@ -755,6 +765,7 @@ bool torture_rpc_schannel_bench1(struct torture_context *torture) (unsigned long long)s->total, (unsigned)s->total/s->timelimit); - torture_leave_domain(s->join_ctx); + torture_leave_domain(s->join_ctx1); + torture_leave_domain(s->join_ctx2); return true; } From 335813c735153dd3f1bbeb102a876d51c22943c8 Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Fri, 16 May 2008 12:13:11 +0200 Subject: [PATCH 09/14] lib/socket: remove unused configure check for HAVE_WORKING_AF_LOCAL metze (This used to be commit 1c7905cfb4c77edeb24ac612a544e777cf49e184) --- source4/build/tests/unixsock.c | 93 ---------------------------------- source4/lib/socket/config.m4 | 10 ---- 2 files changed, 103 deletions(-) delete mode 100644 source4/build/tests/unixsock.c diff --git a/source4/build/tests/unixsock.c b/source4/build/tests/unixsock.c deleted file mode 100644 index f2765d68f67..00000000000 --- a/source4/build/tests/unixsock.c +++ /dev/null @@ -1,93 +0,0 @@ -/* -*- c-file-style: "linux" -*- - * - * Try creating a Unix-domain socket, opening it, and reading from it. - * The POSIX name for these is AF_LOCAL/PF_LOCAL. - * - * This is used by the Samba autoconf scripts to detect systems which - * don't have Unix-domain sockets, such as (probably) VMS, or systems - * on which they are broken under some conditions, such as RedHat 7.0 - * (unpatched). We can't build WinBind there at the moment. - * - * Coding standard says to always use exit() for this, not return, so - * we do. - * - * Martin Pool , June 2000. */ - -/* TODO: Look for AF_LOCAL (most standard), AF_UNIX, and AF_FILE. */ - -#include - -#ifdef HAVE_SYS_SOCKET_H -# include -#endif - -#ifdef HAVE_SYS_UN_H -# include -#endif - -#ifdef HAVE_SYS_TYPES_H -# include -#endif - -#if HAVE_SYS_WAIT_H -# include -#endif - -#if HAVE_ERRNO_DECL -# include -#else -extern int errno; -#endif - -static int bind_socket(char const *filename) -{ - int sock_fd; - struct sockaddr_un name; - size_t size; - - /* Create the socket. */ - if ((sock_fd = socket(PF_LOCAL, SOCK_STREAM, 0)) < 0) { - perror ("socket(PF_LOCAL, SOCK_STREAM)"); - exit(1); - } - - /* Bind a name to the socket. */ - name.sun_family = AF_LOCAL; - strncpy(name.sun_path, filename, sizeof (name.sun_path)); - - /* The size of the address is - the offset of the start of the filename, - plus its length, - plus one for the terminating null byte. - Alternatively you can just do: - size = SUN_LEN (&name); - */ - size = SUN_LEN(&name); - /* XXX: This probably won't work on unfriendly libcs */ - - if (bind(sock_fd, (struct sockaddr *) &name, size) < 0) { - perror ("bind"); - exit(1); - } - - return sock_fd; -} - - -int main(void) -{ - int sock_fd; - int kid; - char const *filename = "conftest.unixsock.sock"; - - /* abolish hanging */ - alarm(15); /* secs */ - - if ((sock_fd = bind_socket(filename)) < 0) - exit(1); - - /* the socket will be deleted when autoconf cleans up these - files. */ - - exit(0); -} diff --git a/source4/lib/socket/config.m4 b/source4/lib/socket/config.m4 index b40002b3211..e5ae9ecc77b 100644 --- a/source4/lib/socket/config.m4 +++ b/source4/lib/socket/config.m4 @@ -31,16 +31,6 @@ if test x"$samba_cv_unixsocket" = x"yes"; then AC_DEFINE(HAVE_UNIXSOCKET,1,[If we need to build with unixscoket support]) fi -AC_CACHE_CHECK([for AF_LOCAL socket support], samba_cv_HAVE_WORKING_AF_LOCAL, [ -AC_TRY_RUN([#include "${srcdir-.}/build/tests/unixsock.c"], - samba_cv_HAVE_WORKING_AF_LOCAL=yes, - samba_cv_HAVE_WORKING_AF_LOCAL=no, - samba_cv_HAVE_WORKING_AF_LOCAL=cross)]) -if test x"$samba_cv_HAVE_WORKING_AF_LOCAL" != xno -then - AC_DEFINE(HAVE_WORKING_AF_LOCAL, 1, [Define if you have working AF_LOCAL sockets]) -fi - dnl test for ipv6 using the gethostbyname2() function. That should be sufficient dnl for now AC_CHECK_FUNCS(gethostbyname2, have_ipv6=true, have_ipv6=false) From a65e5994ad9ecc2a70f24a5080a1c311d22ed2be Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Fri, 16 May 2008 12:29:21 +0200 Subject: [PATCH 10/14] lib/replace: add checks for HAVE_SOCK_SIN_LEN and HAVE_UNIXSOCKET Moved from the samba specific locations metze (This used to be commit e674128ee2f11596f358ed46104c9d25eb2f754f) --- source4/lib/replace/libreplace_network.m4 | 40 +++++++++++++++++++++++ 1 file changed, 40 insertions(+) diff --git a/source4/lib/replace/libreplace_network.m4 b/source4/lib/replace/libreplace_network.m4 index 5ab71f160ad..d29c13196dc 100644 --- a/source4/lib/replace/libreplace_network.m4 +++ b/source4/lib/replace/libreplace_network.m4 @@ -62,6 +62,46 @@ AC_CHECK_MEMBER(struct sockaddr_storage.__ss_family, fi fi +AC_CACHE_CHECK([for sin_len in sock],libreplace_cv_HAVE_SOCK_SIN_LEN,[ + AC_TRY_COMPILE( + [ +#include +#include +#include + ],[ +struct sockaddr_in sock; sock.sin_len = sizeof(sock); + ],[ + libreplace_cv_HAVE_SOCK_SIN_LEN=yes + ],[ + libreplace_cv_HAVE_SOCK_SIN_LEN=no + ]) +]) +if test x"$libreplace_cv_HAVE_SOCK_SIN_LEN" = x"yes"; then + AC_DEFINE(HAVE_SOCK_SIN_LEN,1,[Whether the sockaddr_in struct has a sin_len property]) +fi + +############################################ +# check for unix domain sockets +AC_CACHE_CHECK([for unix domain sockets],libreplace_cv_HAVE_UNIXSOCKET,[ + AC_TRY_COMPILE([ +#include +#include +#include +#include +#include + ],[ +struct sockaddr_un sunaddr; +sunaddr.sun_family = AF_UNIX; + ],[ + libreplace_cv_HAVE_UNIXSOCKET=yes + ],[ + libreplace_cv_HAVE_UNIXSOCKET=no + ]) +]) +if test x"$libreplace_cv_HAVE_UNIXSOCKET" = x"yes"; then + AC_DEFINE(HAVE_UNIXSOCKET,1,[If we need to build with unixscoket support]) +fi + dnl The following test is roughl taken from the cvs sources. dnl dnl If we can't find connect, try looking in -lsocket, -lnsl, and -linet. From c7c9aa7e7a2d941486fb21fd15e57653cc8b14e0 Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Fri, 16 May 2008 12:30:49 +0200 Subject: [PATCH 11/14] lib/socket: remove unused configure checks for HAVE_SOCK_SIN_LEN and HAVE_UNIXSOCKET and rely on libreplace metze (This used to be commit 5de605bb2ef88a1f3e61c64e557c7f069d0f6dad) --- source4/lib/socket/config.m4 | 28 +++------------------------- 1 file changed, 3 insertions(+), 25 deletions(-) diff --git a/source4/lib/socket/config.m4 b/source4/lib/socket/config.m4 index e5ae9ecc77b..871c57f97c1 100644 --- a/source4/lib/socket/config.m4 +++ b/source4/lib/socket/config.m4 @@ -1,34 +1,12 @@ AC_CHECK_FUNCS(writev) AC_CHECK_FUNCS(readv) -AC_CACHE_CHECK([for sin_len in sock],samba_cv_HAVE_SOCK_SIN_LEN,[ -AC_TRY_COMPILE([#include -#include -#include ], -[struct sockaddr_in sock; sock.sin_len = sizeof(sock);], -samba_cv_HAVE_SOCK_SIN_LEN=yes,samba_cv_HAVE_SOCK_SIN_LEN=no)]) -if test x"$samba_cv_HAVE_SOCK_SIN_LEN" = x"yes"; then - AC_DEFINE(HAVE_SOCK_SIN_LEN,1,[Whether the sockaddr_in struct has a sin_len property]) -fi - ############################################ # check for unix domain sockets -AC_CACHE_CHECK([for unix domain sockets],samba_cv_unixsocket, [ - AC_TRY_COMPILE([ -#include -#include -#include -#include -#include ], -[ - struct sockaddr_un sunaddr; - sunaddr.sun_family = AF_UNIX; -], - samba_cv_unixsocket=yes,samba_cv_unixsocket=no)]) +# done by AC_LIBREPLACE_NETWORK_CHECKS SMB_ENABLE(socket_unix, NO) -if test x"$samba_cv_unixsocket" = x"yes"; then - SMB_ENABLE(socket_unix, YES) - AC_DEFINE(HAVE_UNIXSOCKET,1,[If we need to build with unixscoket support]) +if test x"$libreplace_cv_HAVE_UNIXSOCKET" = x"yes"; then + SMB_ENABLE(socket_unix, YES) fi dnl test for ipv6 using the gethostbyname2() function. That should be sufficient From 097b5ae7633d2f89abe9f89202a8af1438b590cd Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Fri, 16 May 2008 12:46:10 +0200 Subject: [PATCH 12/14] lib/replace: move sys/sockio.h and sys/un.h checks into AC_LIBREPLACE_NETWORK_CHECKS metze (This used to be commit 7f26a5425e706a97cc07c5139b3fea4fde9e4020) --- source4/lib/replace/libreplace.m4 | 1 - source4/lib/replace/libreplace_network.m4 | 1 + 2 files changed, 1 insertion(+), 1 deletion(-) diff --git a/source4/lib/replace/libreplace.m4 b/source4/lib/replace/libreplace.m4 index 2b33d97989a..6a85ff5a829 100644 --- a/source4/lib/replace/libreplace.m4 +++ b/source4/lib/replace/libreplace.m4 @@ -96,7 +96,6 @@ fi AC_CHECK_HEADERS(sys/syslog.h syslog.h) AC_CHECK_HEADERS(sys/time.h time.h) AC_CHECK_HEADERS(stdarg.h vararg.h) -AC_CHECK_HEADERS(sys/sockio.h sys/un.h) AC_CHECK_HEADERS(sys/mount.h mntent.h) AC_CHECK_HEADERS(stropts.h) diff --git a/source4/lib/replace/libreplace_network.m4 b/source4/lib/replace/libreplace_network.m4 index d29c13196dc..f2d177b1654 100644 --- a/source4/lib/replace/libreplace_network.m4 +++ b/source4/lib/replace/libreplace_network.m4 @@ -8,6 +8,7 @@ LIBREPLACE_NETWORK_LIBS="" AC_CHECK_HEADERS(sys/socket.h netinet/in.h netdb.h arpa/inet.h) AC_CHECK_HEADERS(netinet/ip.h netinet/tcp.h netinet/in_systm.h netinet/in_ip.h) +AC_CHECK_HEADERS(sys/sockio.h sys/un.h) dnl we need to check that net/if.h really can be used, to cope with hpux dnl where including it always fails From 626b2da5a9109cfa50b8bf471d5b0c59351cfc17 Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Sat, 17 May 2008 00:02:28 +0200 Subject: [PATCH 13/14] smbd: add session_info to struct stream_connection NULL represents an anoymous connection, as that's cheaper than always calling auth_anonymous_session_info(), That means if the caller wants to use the transport layer session_info he should call auth_anonymous_session_info() to create the session info. metze (This used to be commit 3777d0307b346bcf363ab5ad783e802682034a9a) --- source4/smbd/service_stream.h | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/source4/smbd/service_stream.h b/source4/smbd/service_stream.h index 04d23a56f26..d57a54cdc90 100644 --- a/source4/smbd/service_stream.h +++ b/source4/smbd/service_stream.h @@ -50,6 +50,12 @@ struct stream_connection { struct messaging_context *msg_ctx; struct loadparm_context *lp_ctx; + /* + * this transport layer session info, normally NULL + * which means the same as an anonymous session info + */ + struct auth_session_info *session_info; + bool processing; const char *terminate; }; From 250478d0445cf56e8b0b4e876977a9ae968ff55b Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Sat, 17 May 2008 00:01:05 +0200 Subject: [PATCH 14/14] smbd: pass down lp_ctx to stream_new_connection_merge() metze (This used to be commit 91e9062265a68e3a1fe5e092503ec44ae5ea034e) --- source4/smbd/service_stream.c | 2 ++ source4/wrepl_server/wrepl_in_connection.c | 2 +- 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/source4/smbd/service_stream.c b/source4/smbd/service_stream.c index 9f744efa812..e27d87ec750 100644 --- a/source4/smbd/service_stream.c +++ b/source4/smbd/service_stream.c @@ -119,6 +119,7 @@ void stream_io_handler_callback(void *private, uint16_t flags) a server connection */ NTSTATUS stream_new_connection_merge(struct event_context *ev, + struct loadparm_context *lp_ctx, const struct model_ops *model_ops, struct socket_context *sock, const struct stream_server_ops *stream_ops, @@ -140,6 +141,7 @@ NTSTATUS stream_new_connection_merge(struct event_context *ev, srv_conn->ops = stream_ops; srv_conn->msg_ctx = msg_ctx; srv_conn->event.ctx = ev; + srv_conn->lp_ctx = lp_ctx; srv_conn->event.fde = event_add_fd(ev, srv_conn, socket_get_fd(sock), EVENT_FD_READ, stream_io_handler_fde, srv_conn); diff --git a/source4/wrepl_server/wrepl_in_connection.c b/source4/wrepl_server/wrepl_in_connection.c index 34d94d73a6b..25227481b88 100644 --- a/source4/wrepl_server/wrepl_in_connection.c +++ b/source4/wrepl_server/wrepl_in_connection.c @@ -230,7 +230,7 @@ NTSTATUS wreplsrv_in_connection_merge(struct wreplsrv_partner *partner, wrepl_in->service = service; wrepl_in->partner = partner; - status = stream_new_connection_merge(service->task->event_ctx, model_ops, + status = stream_new_connection_merge(service->task->event_ctx, service->task->lp_ctx, model_ops, sock, &wreplsrv_stream_ops, service->task->msg_ctx, wrepl_in, &conn); NT_STATUS_NOT_OK_RETURN(status);