IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
We should also test netlogon operations, but there are issues with
what state is expected to be stored (far more than we currently do).
Andrew Bartlett
(This used to be commit 39ddba0d0d)
sent me arrived on time... :-).
Refactor this code to make it comprehensible. Tested
against W2K3 SP 1 and W2K SP 4. Test 19 is different
from what I thought. Turns out delete on close on
"open" of a directory (not create) does have an
effect - even if not reported in the flag bit.
trige please test against Vista (my XP box is
refusing to serve at the moment - have to reinstall).
Jeremy.
(This used to be commit 2b708e2618)
This allows the easy addition of additional named pipes and removes the
circular dependencies between the CIFS, RPC and RAP servers.
Simple tests for a custom named pipe included.
(This used to be commit 898d15acbd)
In librpc, always try SMB level authentication, even if trying
schannel, but allow fallback to anonymous. This should better
function with servers that set restrict anonymous.
There are too many parts of Samba that get, parse and modify the
binding parameters. Avoid the extra work, and add a binding element
to the struct dcerpc_pipe
The libnet vampire code has been refactored, to reduce extra layers
and to better conform with the standard argument pattern. Also, take
advantage of the new libnet_Lookup code, so we don't require the silly
'password server' smb.conf parameter.
To better support forcing traffic to be sealed for the vampire
operation, the dcerpc_bind_auth() function now takes an auth level
parameter.
Andrew Bartlett
(This used to be commit d65b354959)
the remote server's name, or in the absence of a local nbt_server to
communicate with (or without root access), a node status request.
The result is that we are in a better position to use kerberos, as well
as to remove the 'password server' mandatory parameter for the samsync
and samdump commands. (I need this to put these into SWAT).
The only problem I have is that I must create a messaging context, which
requires a server ID. As a client process, I don't expect to get
messages, but it is currently required for replies, so I generate a
random() number. We probably need the servers to accept connections on
streamed sockets too, for client-only tasks that want IRPC.
Because I wanted to test this code, I have put the NET-API-* tests into
our test scripts, to ensure they pass and keep passing. They are good
frontends onto the libnet system, and I see no reason not to test them.
In doing so the NET-API-RPCCONNECT test was simplified to take a
binding string on the command line, removing duplicate code, and
testing the combinations in the scripts instead.
(I have done a bit of work on the list shares code in libnet_share.c
to make it pass 'make test')
In the future, I would like to extend the libcli/findds.c code (based
off volker's winbind/wb_async_helpers.c, which is why it shows up a bit
odd in the patch) to handle getting multiple name replies, sending a
getdc request to each in turn.
(posted to samba-technical for review, and I'll happily update with
any comments)
Andrew Bartlett
(This used to be commit 7ccddfd351)
structure that is more generic than just 'IP/port'.
It now passes make test, and has been reviewed and updated by
metze. (Thankyou *very* much).
This passes 'make test' as well as kerberos use (not currently in the
testsuite).
The original purpose of this patch was to have Samba able to pass a
socket address stucture from the BSD layer into the kerberos routines
and back again. It also removes nbt_peer_addr, which was being used
for a similar purpose.
It is a large change, but worthwhile I feel.
Andrew Bartlett
(This used to be commit 88198c4881)
lookups in load_interfaces(). The reason was my eth0 interface was
down, and it was being interpreted as a DNS name.
This patch changes load_interfaces() to happening automatically when
interfaces are first needed instead of on the startup of every samba
binary. This means that (for example) ldbadd doesn't call
load_interfaces(), which means no slow DNS lookups.
I also reduced the number of static globals in interface.c to 1, and
changed from malloc to talloc
When you want to force a reload of the interfaces list, you now call
unload_interfaces(), which means the next call that needs the
interfaces list will reload it
(This used to be commit f79d90bd13)
dcerpc_interface_table struct rather then a tuple of interface
name, UUID and version.
This removes the requirement for having a global list of DCE/RPC interfaces,
except for these parts of the code that use that list explicitly
(ndrdump and the scanner torture test).
This should also allow us to remove the hack that put the authservice parameter
in the dcerpc_binding struct as it can now be read directly from
dcerpc_interface_table.
I will now modify some of these functions to take a dcerpc_syntax_id
structure rather then a full dcerpc_interface_table.
(This used to be commit 8aae0f168e)
the difference between these at all, and in the future the
fact that INIT_OBJ_FILES include smb_build.h will be sufficient to
have recompiles at the right time.
(This used to be commit b24f2583ed)
We now use a different system for initializing the modules for a subsystem.
Most subsystems now have an init function that looks something like this:
init_module_fn static_init[] = STATIC_AUTH_MODULES;
init_module_fn *shared_init = load_samba_modules(NULL, "auth");
run_init_functions(static_init);
run_init_functions(shared_init);
talloc_free(shared_init);
I hope to eliminate the other init functions later on (the
init_programname_subsystems; defines).
(This used to be commit b6d2ad4ce0)
handles expanding the protoheader object list, rather then the build system,
which makes the makefile quite a bit shorter.
(This used to be commit a4088ccc70)
system
- this needs to be in one big patch, because of the merging code,
that changes client in server connections and the other way around
- use socket_connect_send/_recv() in the client code
metze
(This used to be commit f0105b7fcd)
displaying security descriptors in ldbsearch or ldbedit you can see
the SDDL version.
This also allows us to specify security descriptors in our
setup/*.ldif files in SDDL format, which is much more convenient than
the NDR binary format!
(This used to be commit 8185731c18)
Jeremy, to run this against Samba3 at all you need to insert a "goto line 957"
in line 548. Without this we fail some tests before # 16 and bail out.
While looking at it, you wanted to fix the directory-based ones a while
ago.... :-))
Volker
(This used to be commit 45cd224102)
instead make the normal composite_done() and composite_error()
functions automatically trigger a delayed callback if the caller has
had no opportunity to setup a async callback
this removes one of the common mistakes in writing a composite function
(This used to be commit f9413ce792)
Abartlet, please don't break this again, it's too darn useful for
near-realistic load tests on an RPC infrastructure and can be quite easily
expanded to more weird things a workstation might do during a login.
Yes, I promise I will document this test, but this must wait until the
weekend.
I might add simulating a profile download quite soon, we have the information
available from the info3.
Thanks,
Volker
(This used to be commit 15ca9e16bb)
option torture:quick=yes/no. This should be used in all slow tests to
enable a quick mode
- enabled the test_rpc_quick.sh tests in 'make quicktest'
(This used to be commit 180c209c1b)
This also removes dcerpc_bind_auth_password, the only user of
dcerpc_bind_auth. And this was not only passwords anyway.
Andrew Bartlett, as usual: Please take a close look.
Thanks,
Volker
(This used to be commit 2ff2dae3d0)
Tridge et al, please take a close look at this. It survives my basic rpc-login
test as well as rpc-lsa, but this is critical I think.
Volker
(This used to be commit bf1a55f44c)
hundreds of logins from a single process.... :-)
Does not do all that is necessary yet. But as the old one was #ifdef'ed out,
this does not hurt much I think.
Volker
(This used to be commit f7cbef3e59)
request that the server return its own MxAc blob which contains the
maximum allowed access_mask for the returned file handle
(This used to be commit c0288aa8cd)
BASIC_INFORMATION
DISPOSITION_INFORMATION
ALLOCATION_INFORMATION
END_OF_FILE_INFORMATION
POSITION_INFORMATION
MODE_INFORMATION
(This used to be commit 8804b6a7eb)
of the fixed body part, and +1 if there's a dynamic part
- there're 3 types of dynamic blobs
with uint16_t offset/uint16_t size
with uint16_t offset/uint32_t size
with uint32_t offset/uint32_t size /* aligned to 8 bytes */
- strings are transmitted in UTF-16 with no termination and
packet into a uint16/uint16 blob
metze
(This used to be commit 79103c51e5)
'dangerous' tests) then it does a write of 160k, which causes vista to
blue screen. Otherwise it does a 120k write which works fine.
(This used to be commit b4c5d7d017)
- added a SMB2-SCANGETINFO test for scanning for available info levels
- added names for the info levels I recognise to smb2.h
(This used to be commit fe5986067e)
connects, giving the following output:
Running SMB2-CONNECT
Negprot reply:
current_time = Fri Nov 11 20:10:42 2005 EST
boot_time = Sat Nov 12 10:34:33 2005 EST
Session setup gave UID 0x40000000071
Session setup gave UID 0x140000000075
Tree connect gave tid = 0x7500000001
Tree connect gave tid = 0x7500000005
SMB2-CONNECT took 0.049024 secs
(This used to be commit a24a4c3110)
in the sgroup_merge test, so that we don't see old records as new ones
- finish the owned,sgroup,active vs. sgroup * section
metze
(This used to be commit 534e34a1a1)
the call definitions will be in smb2_calls.h, which will play a
similar role that smb_interfaces.h plays for the old SMB protocol
(This used to be commit 4ef3902a8a)
that some values aren't handled. The remaining warnings I think are
actual bugs or required functionality that is missing (mostly lack of
server side Unix extensions).
(This used to be commit 03c7da27a0)
We now put the PAC in the AS-REP, so that the client has it in the
TGT. We then validate it (and re-sign it) on a TGS-REQ, ie when the
client wants a ticket.
This should also allow us to interop with windows KDCs.
If we get an invalid PAC at the TGS stage, we just drop it.
I'm slowly trying to move the application logic out of hdb-ldb.c, and
back in with the rest of Samba's auth system, for consistancy. This
continues that trend.
Andrew Bartlett
(This used to be commit 36973b1eef)
not there (it's not yet on *any* call... :-)), the rpc client strictly
sequences calls to an rpc pipe. Might need some more work on the exact
sequencing semantics when a pipe with both sync and async calls is actually
deployed, but I want it in for winbind simplification.
Volker
(This used to be commit b8f324e4f0)
work again. The automatic value() is fine for the length, but cannot
be used for the size as the size is not the number of bytes being
sent, but the number of bytes that the server is allowed to use in the
reply
(This used to be commit 46e91f269c)
- remove useless .release attribute, we have seperate tests for this
now
- add first owned,active vs. replica test, including handling incoming
name queries from the server
metze
(This used to be commit 7843b6c5c8)
The warnings were caused by the structure assignements, which we don't
need to do. The actual values are filled in by the NDR layer later.
Andrew Bartlett
(This used to be commit f140117535)
IDL and testsuites. The server-side of this remains a stub, we should
probably be doing ldb searches for the server reference record.
Andrew Bartlett
(This used to be commit 0141ed309a)
This avoids the nasty user@DOMAIN test for now, as it has very odd
semantics with NTLMv2.
Allow only user accounts to do an interactive login.
Andrew Bartlett
(This used to be commit 690cad8083)
Only a few operations are supported (LookupSids3 and LookupNames4),
and these are only supported under schannel. This appears to be the
operations Win2k3 SP1 uses to verify part of the PAC back to the
server.
The test is setup to pass, but not enforce (so far) this new
behaviour.
Andrew Bartlett
(This used to be commit e15e39866e)
