1
0
mirror of https://github.com/samba-team/samba.git synced 2024-12-24 21:34:56 +03:00
Commit Graph

169 Commits

Author SHA1 Message Date
Jelmer Vernooij
05bc2d7b2c r5928: Use cli_credentials in:
- gtk+ (returned by GtkHostBindingDialog as well now)
 - torture/
 - librpc/
 - lib/com/dcom/
(This used to be commit ccefd78233)
2007-10-10 13:11:08 -05:00
Jelmer Vernooij
02075be0bb r5917: First step in using the new cli_credentials structure. This patch
puts support for it into popt_common, adds a few utility functions
(in lib/credentials.c) and the callback functions for the command-line
(lib/cmdline/credentials.c). Comments are welcome :-)
(This used to be commit 1d49b57c50)
2007-10-10 13:11:08 -05:00
Andrew Bartlett
df64302213 r5902: A rather large change...
I wanted to add a simple 'workstation' argument to the DCERPC
authenticated binding calls, but this patch kind of grew from there.

With SCHANNEL, the 'workstation' name (the netbios name of the client)
matters, as this is what ties the session between the NETLOGON ops and
the SCHANNEL bind.  This changes a lot of files, and these will again
be changed when jelmer does the credentials work.

I also correct some schannel IDL to distinguish between workstation
names and account names.  The distinction matters for domain trust
accounts.

Issues in handling this (issues with lifetime of talloc pointers)
caused me to change the 'creds_CredentialsState' and 'struct
dcerpc_binding' pointers to always be talloc()ed pointers.

In the schannel DB, we now store both the domain and computername, and
query on both.  This should ensure we fault correctly when the domain
is specified incorrectly in the SCHANNEL bind.

In the RPC-SCHANNEL test, I finally fixed a bug that vl pointed out,
where the comment claimed we re-used a connection, but in fact we made
a new connection.

This was achived by breaking apart some of the
dcerpc_secondary_connection() logic.

The addition of workstation handling was also propogated to NTLMSSP
and GENSEC, for completeness.

The RPC-SAMSYNC test has been cleaned up a little, using a loop over
usernames/passwords rather than manually expanded tests.  This will be
expanded further (the code in #if 0 in this patch) to use a newly
created user account for testing.

In making this test pass test_rpc.sh, I found a bug in the RPC-ECHO
server, caused by the removal of [ref] and the assoicated pointer from
the IDL.  This has been re-added, until the underlying pidl issues are
solved.
(This used to be commit 824289dcc2)
2007-10-10 13:11:07 -05:00
Jelmer Vernooij
ef213b0248 r5866: Add InitShutdown IDL and torture test.
Implement push side of NDR_LEN4|NDR_NOTERM strings (pull side was already present)
(This used to be commit ea61ec1122)
2007-10-10 13:11:05 -05:00
Rafal Szczesniak
b55b885f1b r5651: A bit more code in userinfo test and hook up test function to
main torture binary.

rafal
(This used to be commit 94955e5325)
2007-10-10 13:10:56 -05:00
Jelmer Vernooij
80d3047333 r5490: The big (D)COM commit! :-) Contains most of the changes described in the
DCOM paper in lorikeet. This is the result of 1.5 months work (mainly
figuring out how things *really* work) at the end of 2004.

In general:
- Clearer distinction between COM and DCOM. DCOM is now merely
  the glue between DCE/RPC+ORPC and COM. COM can also work without
  DCOM now. This makes the code a lot clearer.
- Clearer distinction between NDR and DCOM. Before, NDR had a couple of
  "if"s to cope with DCOM, which are now gone.
- Use "real" arguments rather then structures for function arguments in
  COM, mainly because most of these calls are local so packing/unpacking
  data for every call is too much overhead (both speed- and code-wise)
- Support several mechanisms to load class objects:
  - from memory (e.g. part of the current executable, registered at start-up)
  - from shared object files
  - remotely
- Most things are now also named COM rather then DCOM because that's what it
  really is. After an object is created, it no longer matters whether it
  was created locally or remotely.

There is a very simple example class that contains
both a class factory and a class that implements the IStream interface.
It can be tested (locally only, remotely is broken at the moment)
by running the COM-SIMPLE smbtorture test.

Still to-do:
 - Autogenerate parts of the class implementation code (using the coclass definitions in IDL)
 - Test server-side
 - Implement some of the common classes, add definitions for common interfaces.
(This used to be commit 71fd3e5c3a)
2007-10-10 13:10:50 -05:00
Jelmer Vernooij
a62ade362f r5487: - Allow disabling modules
- Disable all current DCOM functionality (I hope to commit
	a large bunch of COM and DCOM changes later today)
- Make remact and oxidresolver depend on orpc rather then dcom
(This used to be commit f298f2a547)
2007-10-10 13:10:50 -05:00
Andrew Tridgell
14bd4b8184 r5415: added a NBT-WINSREPLICATION torture test. It asks the server for the
list of partners, and for each partner dumps the complete list of
names
(This used to be commit dacf5f166a)
2007-10-10 13:10:44 -05:00
Andrew Tridgell
82e6a6e46b r5403: a simple WINS benchmarking program
(This used to be commit d0f8b5bc6d)
2007-10-10 13:10:42 -05:00
Andrew Tridgell
75ddf59ea1 r5308: trimmed back a lot of the old macros from smb_macros.h
(This used to be commit bf43c9bdcf)
2007-10-10 13:09:40 -05:00
Andrew Tridgell
e82aad1ce3 r5298: - got rid of pstring.h from includes.h. This at least makes it a bit
less likely that anyone will use pstring for new code

 - got rid of winbind_client.h from includes.h. This one triggered a
   huge change, as winbind_client.h was including system/filesys.h and
   defining the old uint32 and uint16 types, as well as its own
   pstring and fstring.
(This used to be commit 9db6c79e90)
2007-10-10 13:09:38 -05:00
Andrew Tridgell
b9bb7f596d r5294: - added a separate NBT-WINS test for WINS operations (register, refresh, release and query)
- change the iface_n_*() functions to return a "const char *" instead of a "struct ipv4_addr"
  I think that in general we should move towards "const char *" for
  all IP addresses, as this makes IPv6 much easier, and is also easier
  to debug. Andrew, when you get a chance, could you fix some of the
  auth code to use strings for IPs ?

- return a NTSTATUS error on bad name queries and node status instead
  of using rcode. This makes the calling code simpler.

- added low level name release code in libcli/nbt/

- use a real IP in the register and wins nbt torture tests, as w2k3
  WINS server silently rejects some operations that don't come from the
  IP being used (eg. it says "yes" to a release, but does not in fact
  release the name)
(This used to be commit bb1ab11d8e)
2007-10-10 13:09:37 -05:00
Andrew Tridgell
831e06810a r5156: started on test driven development of the nbt server. This adds a
NBT-REGISTER test that tests that a server correctly defends its name
against broadcast name registrations.

Jeremy, you might like to look at this. Samba3 nmbd fails to respond.
(This used to be commit bb1298a2eb)
2007-10-10 13:09:28 -05:00
Andrew Tridgell
75049fb66f r5130: added a single NBT name query benchmark. It keeps 10 queries in flight at a time.
(This used to be commit 2d23c665ff)
2007-10-10 13:09:25 -05:00
Andrew Tridgell
759da3b915 r5037: got rid of all of the TALLOC_DEPRECATED stuff. My apologies for the
large commit. I thought this was worthwhile to get done for
consistency.
(This used to be commit ec32b22ed5)
2007-10-10 13:09:15 -05:00
Tim Potter
8bf94dc7f7 r4973: Add a RAP scanner to smbtorture. win2k has call numbers 0-215 although
the cifs tr lists 250-318 also.
(This used to be commit 37b4d1a676)
2007-10-10 13:09:10 -05:00
Andrew Tridgell
913006fa2e r4899: fixed build
(This used to be commit 852f1e73b4)
2007-10-10 13:09:04 -05:00
Andrew Tridgell
2383787f19 r4891: - added a generic resolve_name() async interface in libcli/resolve/,
which will eventually try all resolution methods setup in smb.conf

 - only resolution backend at the moment is bcast, which does a
   parallel broadcast to all configured network interfaces, and takes
   the first reply that comes in (this nicely demonstrates how to do
   parallel requests using the async APIs)

 - converted all the existing code to use the new resolve_name() api

 - removed all the old nmb code (yay!)
(This used to be commit 239c310f25)
2007-10-10 13:09:03 -05:00
Andrew Tridgell
8783aa8ea5 r4831: added udp support to our generic sockets library.
I decided to incorporate the udp support into the socket_ipv4.c
backend (and later in socket_ipv6.c) rather than doing a separate
backend, as so much of the code is shareable. Basically this adds a
socket_sendto() and a socket_recvfrom() call and not much all.

For udp servers, I decided to keep the call as socket_listen(), even
though dgram servers don't actually call listen(). This keeps the API
consistent.

I also added a simple local sockets testsuite in smbtorture,
LOCAL-SOCKET
(This used to be commit 9f12a45a05)
2007-10-10 13:08:59 -05:00
Andrew Tridgell
61a3d370b9 r4758: - added async support to the session request code
- added async support to the negprot client code

- removed two unused parameters from smbcli_full_connection() code

- converted smbclient to use smbcli_full_connection() rather than
  reinventing everything itself
(This used to be commit 71cbe28734)
2007-10-10 13:08:50 -05:00
Andrew Tridgell
e89fd49df7 r4757: added the ability of the clisocket level of libcli to handle async
socket connections. This was complicated by a few factors:

 - it meant moving the event context from clitransport to clisocket,
   so lots of structures changed

 - we need to asynchronously handle connection to lists of port
   numbers, not just one port number. The code internally tries each
   port in the list in turn, without ever blocking

 - the man page on how connect() is supposed to work asynchronously
   doesn't work in practice (now why doesn't this surprise me?). The
   getsockopt() for SOL_ERROR is supposed to retrieve the error, but
   in fact the next (unrelated) connect() call on the same socket also
   gets an error, though not the right error. To work around this I
   need to tear down the whole socket between each attempted port. I
   hate posix.

Note that clisocket.c still does a blocking name resolution call in
smbcli_sock_connect_byname(). That will be fixed when we add the async
NBT resolution code.

Also note that I arranged things so that every SMB connection is now
async internally, so using plain smbclient or smbtorture tests all the
async features of this new code.
(This used to be commit 468f8ebbfd)
2007-10-10 13:08:50 -05:00
Andrew Tridgell
1d795fa57b r4700: first attempt at a composite async function, smb_composite_loadfile(),
which combineds ntcreatex, readx and close into a single call that
behaves just like a normal libcli async call.
(This used to be commit 516f68fb05)
2007-10-10 13:08:45 -05:00
Andrew Tridgell
ab9ca55926 r4617: basic alter_context requests now work in our client library. The test
just does a simple LSA/DSSETUP combo, which is what w2k does in the
ACL editor rpc calls that triggered this work
(This used to be commit 0129ec947a)
2007-10-10 13:08:34 -05:00
Andrew Tridgell
500d5523d2 r4475: fixed smbd to work with the small changes in the ldb API (the most important
change was in the ldb_msg_add_*() routines, which now use the msg as a context,
and thus it needs to be a talloc ptr)
(This used to be commit 1a4713bfd0)
2007-10-10 13:07:55 -05:00
Andrew Tridgell
dda32aa5ba r4451: added initial RPC-DSSETUP torture test. It works for level1 of
ds_RolerGetPrimaryDomainInformation()
(This used to be commit 7aec3dac6f)
2007-10-10 13:07:52 -05:00
Stefan Metzmacher
00c7f9eed8 r4422: make lp_set_cmdline("torture:dangerous", "Yes") a bool parameter
metze
(This used to be commit 19482a2245)
2007-10-10 13:07:47 -05:00
Stefan Metzmacher
6acf7a782c r4169: add descriptions about binding and unc strings to the
smbtorture --usage --help output

metze
(This used to be commit 26a7f4cf5e)
2007-10-10 13:07:22 -05:00
Stefan Metzmacher
9112a632f6 r4063: - change char * -> uint8_t in struct request_buffer
- change smbcli_read/write to take void * for the buffers to match read(2)/write(2)

all this fixes a lot of gcc-4 warnings

metze
(This used to be commit b94f92bc66)
2007-10-10 13:06:21 -05:00
Andrew Tridgell
58c326809a r4052: fixed a bunch of code to use the type safe _p allocation macros
(This used to be commit 80d15fa340)
2007-10-10 13:06:18 -05:00
Andrew Tridgell
cc8f4358cc r4035: more effort on consistent naming of the access mask bits.
This removes the duplicate named SEC_RIGHTS_MAXIMUM_ALLOWED and
SEC_RIGHTS_FULL_CONTROL, which are just other names for
SEC_FLAG_MAXIMUM_ALLOWED and SEC_RIGHTS_FILE_ALL. The latter names
match the new naming conventions in security.idl

Also added names for the generic->specific mappings for files are
directories
(This used to be commit 17a4e0b3ac)
2007-10-10 13:06:16 -05:00
Andrew Tridgell
607e302238 r4013: got rid of a bunch of unused or unmaintained code
- removed the clitar code. It is unmaintained, and a horribly badly done hack

 - removed client.h as it contained mostly unused definitions

 - removed the unused clidfs.c code
(This used to be commit 31a7bddbb3)
2007-10-10 13:06:15 -05:00
Andrew Tridgell
fdc9f417d8 r4011: get rid of rpc_secdes.h and replace it with a single sane set of
definitions for security access masks, in security.idl

The previous definitions were inconsistently named, and contained many
duplicate and misleading entries. I kept finding myself tripping up
while using them.
(This used to be commit 01c0fa722f)
2007-10-10 13:06:13 -05:00
Andrew Tridgell
9e5bee246f r3945: expanded the BASE-PROPERTIES test to print a nicely formatted list of
the capabilities and filesystem attribute bits of the server.
(This used to be commit 9debe29381)
2007-10-10 13:06:07 -05:00
Jelmer Vernooij
cc368fa69e r3898: Work towards local/server DCOM support, start working
on Simple example server side implementation
(This used to be commit 98afb504d9)
2007-10-10 13:06:02 -05:00
Jelmer Vernooij
d53fd3d8d5 r3891: Add rot (Running Object Table) interface
(This used to be commit 4840eaeed3)
2007-10-10 13:06:02 -05:00
Andrew Tridgell
bbf009b46f r3829: added a RAW-ACLS test suite that tests query/set of ACLs on a file
(This used to be commit 2ff9816ae0)
2007-10-10 13:05:57 -05:00
Andrew Tridgell
4719461a07 r3746: added RAW-STREAMS and RAW-EAS tests to smbtorture
(This used to be commit 5ed3d68d20)
2007-10-10 13:05:50 -05:00
Andrew Tridgell
0e255bb542 r3699: - split the delayed write testing out of RAW-WRITE, as it is not yet
clear what the correct behaviour is for delayed stat info update.

- use a common torture_setup_dir() function for setting up a test
  directory in torture tests.
(This used to be commit f7fb34715b)
2007-10-10 13:05:45 -05:00
Andrew Bartlett
fd5135a63b r3686: The results of some work on the NETLOGON pipe:
Break out the samsync tests from RPC-NETLOGON into a new RPC-SAMSYNC,
that will cross-verify all the values.

Add support for the way netlogon credentials are shared between the
pipe that sets up schannel and the pipe that is encrypted with it.

Test this support, by calling both NETLOGON and SAMR operations in the
RPC-SCHANNEL test.

Move some of the Netlogon NEG flags into the .idl, now we have an idea
what a few of them really are.

Rename the sam_pwd_hash into a name that has meaning (all other crypto
functions were renamed in Samba4 ages ago).

Break out NTLMv2 functionality for operation on the NT hash - I intend
to do NTLMv2 logins in the samsync test in future, and naturally I
only have the hash.

Andrew Bartlett
(This used to be commit 6e6cc6fb98)
2007-10-10 13:05:43 -05:00
Andrew Bartlett
a8db4dcf03 r3677: Seperate the SamLogon tests from the main RPC-NETLOGON test into a
RPC-SAMLOGON of their own.

I have expanded the tests to validate the use of various flags, which
change some of the crypto behaviour.

Andrew Bartlett
(This used to be commit 3a140a3691)
2007-10-10 13:05:43 -05:00
Volker Lendecke
f847f3a3e1 r3660: This simulates the logon sequence of a XP login session I'm currently tuning
Samba3/OpenLDAP for. For a concrete situation you have to adapt the domain,
pdcname and usernames/passwords. Sorry, not parametrized yet, but this should
be doable if necessary.

Volker
(This used to be commit 02f5205872)
2007-10-10 13:05:42 -05:00
Andrew Tridgell
4815480bb6 r3633: - moved module init functions to after smb.conf and command line
parsing, so that module init can take account of lp_ parms (thats
  why gensec:krb5=no wasn't working)

- added a BASE-DISCONNECT torture test that tests server response to
  clients disconnecting with open lock and open requests pending
(This used to be commit 5205f598b8)
2007-10-10 13:05:41 -05:00
Andrew Tridgell
d8565f89b7 r3608: added BASE-DENYDOS test
this test demonstrates how w2k3 handles the special semantics of
DENY_DOS when 2 opens happen on the same connection. The 2nd open
doesn't actually do a NTFS open, it happens as a secondary reference
to the same internal file handle in the CIFS layer. The evidence is
that the 2nd open shares the same POSITION_INFORMATION field as the
first open, but only for the special DENY_DOS cases that would
normally be refused.
(This used to be commit eeec57d4f6)
2007-10-10 13:05:38 -05:00
Jelmer Vernooij
71db46ea66 r3586: Fix some of the issues with the module init functions.
Both subsystems and modules can now have init functions, which can be
specified in .mk files (INIT_FUNCTION = ...)

The build system will define :
 - SUBSYSTEM_init_static_modules that calls the init functions of all statically compiled modules. Failing to load will generate an error which is not fatal
 - BINARY_init_subsystems that calls the init functions (if defined) for the subsystems the binary depends on

This removes the hack with the "static bool Initialised = " and the
"lazy_init" functions
(This used to be commit 7a8244761b)
2007-10-10 13:05:36 -05:00
Andrew Tridgell
a9158e0d47 r3574: the RAW-OPEN test changes broke a couple of the other tests. This
fixes most of them, although RAW-SEARCH still fails (due to an
interaction with the new xattr code)
(This used to be commit 09b4652b40)
2007-10-10 13:05:33 -05:00
Jelmer Vernooij
6d3c74a67b r3513: Add (the infrastructure for) DCOM support. Contents:
- Support for sending over the object UUID in DCERPC calls
 - Simple torture test for the DCOM "Simple" object
 - Generate extra argument for "object" interfaces in pidl
 - Some stubs for common DCOM functions
(This used to be commit c052f2e1ed)
2007-10-10 13:05:23 -05:00
Andrew Tridgell
dde0705807 r3507: - added deferred replies on sharing violation in pvfs open. The
deferred reply is short-circuited immediately when the file is
  closed by another user, allowing it to be opened by the waiting user.

- added a sane set of timeval manipulation routines

- converted all the events code and code that uses it to use struct
  timeval instead of time_t, which allows for microsecond resolution
  instead of 1 second resolution. This was needed for doing the pvfs
  deferred open code, and is why the patch is so big.
(This used to be commit 0d51511d40)
2007-10-10 13:05:23 -05:00
Andrew Tridgell
6f214cc510 r3494: got rid of include/rewrite.h, and split out the dynconfig.h header
(This used to be commit 558de54ec6)
2007-10-10 13:05:22 -05:00
Andrew Tridgell
a99b6219a8 r3481: split out client.h and events.h
(This used to be commit c6f4865744)
2007-10-10 13:05:20 -05:00
Andrew Tridgell
3643fb1109 r3463: separated out some more headers (asn_1.h, messages.h, dlinklist.h and ioctl.h)
(This used to be commit b97e395c81)
2007-10-10 13:05:17 -05:00