1
0
mirror of https://github.com/samba-team/samba.git synced 2024-12-24 21:34:56 +03:00
Commit Graph

236 Commits

Author SHA1 Message Date
Matthias Dieter Wallnöfer
65541baf4b s4:torture - Fix uninitialized variable 2009-09-06 12:31:37 +02:00
Günther Deschner
9bf74d0ed9 s4-smbtorture: test netr_ServerSetPassword2 against Samba3.
Guenther
2009-09-02 10:47:36 +02:00
Günther Deschner
3f0c8772f1 s4-smbtorture: do not hard code BDC secure channel type into RPC-NETLOGON tests.
Guenther
2009-08-27 13:41:50 +02:00
Günther Deschner
d368c73f95 s4-smbtorture: add test_SetPassword_flags to RPC-NETLOGON-S3 testsuite.
Guenther
2009-08-27 13:41:02 +02:00
Günther Deschner
46184692ad s4-smbtorture: add RPC-NETLOGON-S3 to test samba3 netlogon server.
Guenther
2009-08-26 23:04:18 +02:00
Andrew Bartlett
f050c500f1 s4:torture Make RPC-NETLOGON pass against ncaclrpc servers
The original patch didn't cope with a NULL target server name - we now key off that to decide it isn't worth checking against LDAP for this host.

I still can't get this to pass against Windows 2008, but mdw was
testing against Windows 2008R2.  at least 'make test' is happy, and
the rest should not be too hard...

Andrew Bartlett
2009-08-04 18:24:37 +10:00
Matthias Dieter Wallnöfer
64b4d02032 s4: Change constant to comply with the merged build 2009-08-03 14:23:23 +02:00
Matthias Dieter Wallnöfer
720b7ea0ee s4: Torture test for enhancements in "netr_LogonGetDomainInformations" call
This corrects and enhances the torture test of the mentioned call.
2009-08-03 09:46:30 +02:00
Günther Deschner
ec5c83c0db s4-smbtorture: add torture_suite_add_machine_workstation_rpc_iface_tcase.
Unlike torture_suite_add_machine_bdc_rpc_iface_tcase() which joins as a BDC
(ACB_SRVTRUST) this joins as a member workstation (ACB_WSTRUST).

Guenther
2009-06-29 12:43:32 +02:00
Matthias Dieter Wallnöfer
efe6552f0c NETLOGON pipe improvements
Patch for bug #4939

This refactors the NETLOGON code related to this bug:

- Introduces a new "SYNCSTATE" enum required by the "DatabaseSync2" call (acc.
to WSPP)
- Make "DatabaseSync" dependant from "DatabaseSync2" (acc. to WSPP)
- Let "DatabaseSync2" return NT_STATUS_NOT_IMPLEMENTED (I'm not sure if this is
also true when a domain is running in mixed mode)
- Make "LogonControl" and "LogonControl2" dependant form "LogonControl2Ex"
(acc. to WSPP)
- Let "LogonControl2Ex" return WERR_NOT_SUPPORTED for now
2009-06-18 13:49:25 +10:00
Andrew Bartlett
5095d7b1c8 Rework Samba4 to use the new common libcli/auth code
In particular, this is the rename from creds_ to netlogon_creds_, as
well as other links to use the new common crypto.

Andrew Bartlett
2009-04-14 16:23:44 +10:00
Günther Deschner
10d72781fd s4-smbtorture: verify each password change via samlogon in SAMR-PASSWORDS-PWDLASTSET test.
Guenther
2009-01-06 16:03:54 +01:00
Jelmer Vernooij
dcc4081f75 Fix more compiler warnings. 2008-12-23 23:22:57 +01:00
Günther Deschner
93c61a814a s4: smbtorture, fix the build of netlogon test after idl change.
Guenther
2008-12-17 23:52:15 +01:00
Günther Deschner
188695f07f s4: fix smbtorture build after idl change.
Guenther
2008-12-17 23:23:56 +01:00
Günther Deschner
c4a5788e82 s4-smbtorture: add simple netr_ServerGetTrustInfo test.
Guenther
2008-12-10 11:58:28 +01:00
Stefan Metzmacher
e9d1c3e7ea RAW-NETLOGON: check netr_GetAnyDCName() result
metze
2008-12-04 12:48:44 +01:00
Günther Deschner
db26f7b7c4 s4-smbtorture: add test for netr_DatabaseRedo.
Guenther
2008-11-06 18:52:48 +01:00
Günther Deschner
524156333b s4-netlogon: merge netr_ServerPasswordSet2 from s3 idl.
Guenther
2008-10-29 08:57:52 +01:00
Günther Deschner
556b5bb9ee s4-netlogon: merge netr_ServerPasswordSet from s3 idl.
Guenther
2008-10-29 08:57:52 +01:00
Günther Deschner
1798e9d7ec s4-netlogon: merge netr_ServerReqChallenge from s3 idl.
Guenther
2008-10-29 08:57:52 +01:00
Günther Deschner
8e4c691c0a s4-netlogon: merge netr_ServerAuthenticate{2,3} from s3 idl.
Guenther
2008-10-29 08:57:51 +01:00
Günther Deschner
ef37351f18 s4-netlogon: merge netr_DatabaseSync2 from s3 idl.
Guenther
2008-10-29 08:57:51 +01:00
Günther Deschner
cbc0b63a77 s4-netlogon: merge netr_DatabaseSync from s3 idl.
Guenther
2008-10-29 08:57:51 +01:00
Günther Deschner
f285af6367 s4-netlogon: merge netr_LogonSamLogon{Ex,WithFlags} from s3 idl.
Guenther
2008-10-29 08:57:31 +01:00
Günther Deschner
0de8811a59 s4-netlogon: merge netr_AccountSync from s3 idl.
Guenther
2008-10-29 08:57:28 +01:00
Günther Deschner
fccd5a4dfd s4-netlogon: merge netr_AccountDeltas from s3 idl.
Guenther
2008-10-29 08:57:28 +01:00
Günther Deschner
6f2179b088 s4-netlogon: merge netr_DatabaseDeltas from s3 idl.
Guenther
2008-10-29 08:57:28 +01:00
Günther Deschner
4f6264b66c s4-netlogon: merge netr_LogonGetDomainInfo from s3 idl.
Guenther
2008-10-29 08:57:27 +01:00
Günther Deschner
359927dd34 s4-netlogon: merge netr_LogonControl2Ex from s3 idl.
Guenther
2008-10-29 08:57:27 +01:00
Günther Deschner
8a79378469 s4-netlogon: merge netr_LogonControl2 from s3 idl.
Guenther
2008-10-29 08:57:27 +01:00
Günther Deschner
388952f82c s4-netlogon: merge netr_LogonControl from s3 idl.
Guenther
2008-10-29 08:57:26 +01:00
Günther Deschner
f0697b0ad5 s4-netlogon: merge netr_DsRGetDCName{Ex,Ex2} from s3 idl.
Guenther
2008-10-29 08:56:52 +01:00
Günther Deschner
f82a117832 s4-netlogon: merge netr_GetDcName from s3 idl.
Guenther
2008-10-28 23:40:53 +01:00
Günther Deschner
a674a3bbf3 s4-netlogon: merge netr_GetAnyDCName from s3 idl (untested).
Guenther
2008-10-28 23:40:53 +01:00
Günther Deschner
2a329c4963 s4-netlogon: merge netr_DsRGetSiteName from s3 idl.
Guenther
2008-10-28 23:40:52 +01:00
Günther Deschner
2a7de4e3f8 s4-netlogon: merge netr_DsrEnumerateDomainTrusts from s3 idl.
Guenther
2008-10-28 23:40:52 +01:00
Günther Deschner
0992a9d987 s4-netlogon: merge netr_DsrGetDcSiteCoverageW from s3 idl.
Guenther
2008-10-28 23:40:51 +01:00
Günther Deschner
532fd92bdb s4-smbtorture: fix test_LogonUasLogoff.
Guenther
2008-10-28 23:40:51 +01:00
Günther Deschner
bb3836a67f s4-smbtorture: fix test_LogonUasLogon.
Guenther
2008-10-28 23:40:44 +01:00
Jelmer Vernooij
922a29992e Remove iconv_convenience parameter from simple string push/pull
functions.
2008-10-24 03:40:09 +02:00
Andrew Bartlett
4fb64f13d5 Add a test to RPC-NETLOGON for random machine account passwords.
Andrew Bartlett
2008-10-17 14:06:33 +11:00
Andrew Tridgell
025ff92f59 expanded the netlogon test to better simulate the WSPP NRPC test that
we had some trouble with
2008-10-03 17:10:53 -07:00
Andrew Bartlett
7831169af5 Test re-setting the challenge after an auth3 in RPC-NETLOGON 2008-09-22 15:37:16 -07:00
Andrew Bartlett
960bd9df1f Add a test to explore Netlogon PAC validation
However, I have still not figured out this protocol yet, and the docs
are rather unclear... :-(

Andrew Bartlett
(This used to be commit d878643071)
2008-08-27 21:36:27 +10:00
Jelmer Vernooij
263a77c561 Remove more uses of global_loadparm.
(This used to be commit a1715b1f48)
2008-02-21 15:45:32 +01:00
Andrew Bartlett
34dd0dc610 Native move servers will refuse these SamSync operations, so don't
count them as errors.

Andrew Bartlett
(This used to be commit 5c39f31356)
2008-01-11 09:22:26 +11:00
Günther Deschner
b466534a0d r26286: IDL and torture test for netr_ServerTrustPasswordsGet().
Guenther
(This used to be commit 231fe8826b)
2007-12-21 05:48:09 +01:00
Günther Deschner
96b46e9907 r26285: Add IDL and torture test for netr_ServerPasswordGet().
Guenther
(This used to be commit d64244cfe8)
2007-12-21 05:48:08 +01:00
Günther Deschner
785928dcec r26273: Add IDL and torture test for netr_NetrEnumerateTurstedDomains() and
netr_NetrEnumerateTurstedDomainsEx().

Guenther
(This used to be commit 32a189e850)
2007-12-21 05:47:56 +01:00
Jelmer Vernooij
bbdfbf8d9d r26238: Add a loadparm context parameter to torture_context, remove more uses of global_loadparm.
(This used to be commit a33a553054)
2007-12-21 05:47:20 +01:00
Günther Deschner
1fdd7e1bb5 r25895: Add torture test for netr_DsRAddressToSitenamesW and
netr_DsRAddressToSitenamesExW.

Guenther
(This used to be commit 848b885925)
2007-12-21 05:44:44 +01:00
Jelmer Vernooij
37d53832a4 r25398: Parse loadparm context to all lp_*() functions.
(This used to be commit 3fcc960839)
2007-10-10 15:07:25 -05:00
Jelmer Vernooij
98b57d5eb6 r25035: Fix some more warnings, use service pointer rather than service number in more places.
(This used to be commit df9cebcb97)
2007-10-10 15:05:43 -05:00
Jelmer Vernooij
ffeee68e4b r25026: Move param/param.h out of includes.h
(This used to be commit abe8349f9b)
2007-10-10 15:05:38 -05:00
Jelmer Vernooij
9c006b122f r24850: Convert to torture API.
(This used to be commit 6c7a004b9d)
2007-10-10 15:03:19 -05:00
Jelmer Vernooij
919aa6b27e r24735: Use torture API in more places.
(This used to be commit 1319d88c09)
2007-10-10 15:03:00 -05:00
Stefan Metzmacher
f14bd1a90a r24557: rename 'dcerpc_table_' -> 'ndr_table_'
metze
(This used to be commit 84651aee81)
2007-10-10 15:02:15 -05:00
Andrew Tridgell
0479a2f1cb r23792: convert Samba4 to GPLv3
There are still a few tidyups of old FSF addresses to come (in both s3
and s4). More commits soon.
(This used to be commit fcf38a38ac)
2007-10-10 14:59:12 -05:00
Günther Deschner
38af1b1c05 r23386: Correctly fill in server name in DsrGetDcSiteCoverageW() test.
Guenther
(This used to be commit 2fc02ab992)
2007-10-10 14:53:15 -05:00
Günther Deschner
8d9e0d5323 r23385: Adding netr_DsRGetForestTrustInformation() test to query transitive forest
trusts as well as our primary domain.

Guenther
(This used to be commit 7b19df13a4)
2007-10-10 14:53:14 -05:00
Günther Deschner
eb9ae52981 r23381: Merge netr_GetDcName WERROR return and WERROR_DOMAIN_CONTROLLER_NOT_FOUND from
SAMBA_3_0.

Guenther
(This used to be commit 841ad140a3)
2007-10-10 14:53:13 -05:00
Günther Deschner
adf23c651b r23240: Fill in netr_DsrGetDcSiteCoverageW.
Guenther
(This used to be commit 9c2b964233)
2007-10-10 14:53:06 -05:00
Günther Deschner
d875b7d620 r23129: Merge from 3_0:
* netr_DsRGetDCName_flags, netr_DsRGetDCNameInfo_AddressType and netr_DsR_DcFlags
* the mask in netr_DsRGetDCNameEx2 turns out to be samr_AcctFlags

Guenther
(This used to be commit 9cdd6d9782)
2007-10-10 14:52:52 -05:00
Stefan Metzmacher
40cd2d7780 r22944: fix bug #4618:
rename private -> private_data

metze
(This used to be commit 58551f2f28)
2007-10-10 14:52:30 -05:00
Andrew Bartlett
ca3e134c8b r22171: At least walk over the test_SetupCredentials2 before bailing as 'we
don't do this yet'...

Andrew Bartlett
(This used to be commit 99786cbaa9)
2007-10-10 14:49:57 -05:00
Jelmer Vernooij
a39f239cb2 r19392: Use torture_setting_* rather than lp_parm_* where possible.
(This used to be commit b28860978f)
2007-10-10 14:21:24 -05:00
Andrew Bartlett
749015548d r17988: Add 'not for Samba4' hacks into the RPC-NETLOGON torture test.
Andrew Bartlett
(This used to be commit 2aa0e6a1bf)
2007-10-10 14:17:01 -05:00
Andrew Bartlett
e905fed4e0 r17956: LSA Cleanup!
This commit cleans up a number of aspects of the LSA interface.

Firstly, we do 2 simple searches on opening the LSA policy, to obtain
the basic information we need.  This also avoids us searching for
dnsDomain (an invented attribute).

While I was at it, I added and tested new LSA calls, including the
enumTrustedDomainsEx call.  I have also merged the identical structures
lsa_DomainInformation and lsa_DomainList.

Also in this commit: Fix netlogon use of uninitialised variables.

Andrew Bartlett
(This used to be commit 3f3fa7f466)
2007-10-10 14:16:57 -05:00
Jelmer Vernooij
0329d755a7 r17930: Merge noinclude branch:
* Move dlinklist.h, smb.h to subsystem-specific directories
 * Clean up ads.h and move what is left of it to dsdb/
   (only place where it's used)
(This used to be commit f7afa1cb77)
2007-10-10 14:16:54 -05:00
Andrew Tridgell
19b1b7b221 r15902: more test code that should be using d_printf()
(This used to be commit b52adaa045)
2007-10-10 14:08:38 -05:00
Andrew Tridgell
72209db1a1 r15898: use d_printf() in some more places to fix more torture seg faults on
solaris
(This used to be commit dd1ef82560)
2007-10-10 14:08:38 -05:00
Jelmer Vernooij
909b111f58 r14720: Add torture_context argument to all torture tests
(This used to be commit 3c7a5ce291)
2007-10-10 13:59:13 -05:00
Jelmer Vernooij
4f1c8daa36 r14470: Remove some unnecessary headers.
(This used to be commit f7312dab3b)
2007-10-10 13:57:29 -05:00
Jelmer Vernooij
8528016978 r14464: Don't include ndr_BASENAME.h files unless strictly required, instead
try to include just the BASENAME.h files (containing only structs)
(This used to be commit 3dd477ca51)
2007-10-10 13:57:27 -05:00
Jelmer Vernooij
1060f6b3f6 r14402: Generate seperate headers for RPC client functions.
(This used to be commit 7054ebf024)
2007-10-10 13:57:19 -05:00
Jelmer Vernooij
eefe30b7d8 r14379: Build torture/rpc/ as a seperate smbtorture module. Move helper
functions for rpc out of torture/torture.c
(This used to be commit 1d2d970f3b)
2007-10-10 13:57:16 -05:00
Jelmer Vernooij
4ac2be9958 r13924: Split more prototypes out of include/proto.h + initial work on header
file dependencies
(This used to be commit 1228358767)
2007-10-10 13:52:24 -05:00
Andrew Bartlett
9d1954c25d r13583: Realise that the member server name appears in all calls that use the
credentials.

Consistantly rename these elements in the IDL to computer_name.

Fix the server-side code to always lookup by this name.

Add new, even nastier tests to RPC-SCHANNEL to prove this.

Andrew Bartlett
(This used to be commit 341a0abeb4)
2007-10-10 13:51:58 -05:00
Stefan Metzmacher
1a53c1dc92 r13346: use private proto header files for the torture tests
metze
(This used to be commit 67837dbd2b)
2007-10-10 13:51:47 -05:00
Andrew Bartlett
a5a79e8b8c r12865: Upgrade the librpc and libnet code.
In librpc, always try SMB level authentication, even if trying
schannel, but allow fallback to anonymous.  This should better
function with servers that set restrict anonymous.

There are too many parts of Samba that get, parse and modify the
binding parameters.  Avoid the extra work, and add a binding element
to the struct dcerpc_pipe

The libnet vampire code has been refactored, to reduce extra layers
and to better conform with the standard argument pattern.  Also, take
advantage of the new libnet_Lookup code, so we don't require the silly
'password server' smb.conf parameter.

To better support forcing traffic to be sealed for the vampire
operation, the dcerpc_bind_auth() function now takes an auth level
parameter.

Andrew Bartlett
(This used to be commit d65b354959)
2007-10-10 13:50:55 -05:00
Jelmer Vernooij
78c50015bb r12694: Move some headers to the directory of the subsystem they belong to.
(This used to be commit c722f665c9)
2007-10-10 13:49:39 -05:00
Jelmer Vernooij
25bb00fbcd r12693: Move core data structures out of smb.h into core.h
torture prototypes in seperate header
(This used to be commit 73610639b2)
2007-10-10 13:49:39 -05:00
Jelmer Vernooij
d4de4c2d21 r12608: Remove some unused #include lines.
(This used to be commit 70e7449318)
2007-10-10 13:49:03 -05:00
Jelmer Vernooij
acd6a086b3 r12510: Change the DCE/RPC interfaces to take a pointer to a
dcerpc_interface_table struct rather then a tuple of interface
name, UUID and version.

This removes the requirement for having a global list of DCE/RPC interfaces,
except for these parts of the code that use that list explicitly
(ndrdump and the scanner torture test).

This should also allow us to remove the hack that put the authservice parameter
in the dcerpc_binding struct as it can now be read directly from
dcerpc_interface_table.

I will now modify some of these functions to take a dcerpc_syntax_id
structure rather then a full dcerpc_interface_table.
(This used to be commit 8aae0f168e)
2007-10-10 13:47:48 -05:00
Andrew Bartlett
b1d3d75c68 r11404: Another torture test and a new WERR.
Andrew Bartlett
(This used to be commit de83b8cd18)
2007-10-10 13:45:32 -05:00
Andrew Bartlett
56b4e4b62c r11402: In response to comments by volker, expand our Netlogon DsRGetDCName
IDL and testsuites.  The server-side of this remains a stub, we should
probably be doing ldb searches for the server reference record.

Andrew Bartlett
(This used to be commit 0141ed309a)
2007-10-10 13:45:31 -05:00
Andrew Bartlett
0511b5df16 r11298: Consolidate the 'short' samlogon tests, and move to using the
credentials system for password -> NTLM translation.

Andrew Bartlett
(This used to be commit d22cbf1b0c)
2007-10-10 13:45:15 -05:00
Andrew Bartlett
099c3d5327 r10697: Change the torture join code to return a credentials structure, as
that is what most of the callers want anyway.

Remove and re-add the account for the torture case, rather than just
modify it.

Test with a user account (needs work to change the password).

Andrew Bartlett
(This used to be commit 38bebef024)
2007-10-10 13:39:20 -05:00
Andrew Bartlett
5a522b3100 r10486: This is a merge of Brad Henry's 'net join' rework, to better perform
an ADS join, particularly as a DC.  This represents the bulk of his
Google SOC work, and I'm very pleased to intergrate it into the tree.
(Metze will intergrate the DRSUAPI work later).

Both metze and myself have also put a lot of time into this patch, and
in mentoring Brad in general.  In return, Brad has been a very good
student, and has taken the comments well.

Since it's last appearance on samba-technical@, I have made
correctness and valgrind fixups, as well as adding a new 'BINDING'
mode to the libnet_rpc routines.  This allows the exact binding string
to be passed down from the torture code, including options and exact
target host.

Andrew Bartlett
(This used to be commit d6fa105fda)
2007-10-10 13:38:53 -05:00
Andrew Bartlett
51cbc188df r10402: Make the RPC-SAMLOGON test pass against Win2k3 SP0 again.
I still have issues with Win2k3 SP1, and Samba4 doesn't pass it's own
test for the moment, but I'm working on these issues :-)

This required a change to the credentials API, so that the special
case for NTLM logins using a principal was indeed handled as a
special, not general case.

Also don't set the realm from a ccache, as then it overrides --option=realm=.

Andrew Bartlett
(This used to be commit 194e8f07c0)
2007-10-10 13:38:39 -05:00
Tim Potter
a22221014c r10255: Fix some more 64-bit warnings.
(This used to be commit f4f9337619)
2007-10-10 13:38:12 -05:00
Andrew Bartlett
24186a80eb r9728: A *major* update to the credentials system, to incorporate the
Kerberos CCACHE into the system.

This again allows the use of the system ccache when no username is
specified, and brings more code in common between gensec_krb5 and
gensec_gssapi.

It also has a side-effect that may (or may not) be expected: If there
is a ccache, even if it is not used (perhaps the remote server didn't
want kerberos), it will change the default username.

Andrew Bartlett
(This used to be commit 6202267f6e)
2007-10-10 13:34:54 -05:00
Jelmer Vernooij
5b18cf2268 r6795: Make some functions static and remove some unused ones.
(This used to be commit 46509eb899)
2007-10-10 13:16:44 -05:00
Andrew Bartlett
fc1b6bae23 r6286: Add back metze's test of setting a trust password to ''. I removed
this because I don't want our torture suite to leave behind accounts
with known passwords if it is stopped in the wrong place.  It is now
run behind the -X (dangerous) wrapper.

Andrew Bartlett
(This used to be commit 057a81d81e)
2007-10-10 13:11:29 -05:00
Andrew Bartlett
a19d002cee r6032: Fix up SetServerPassword2 on NETLOGON for [bigendian]. Clearly nobody
has the patience to run test_w2k3.sh to completion :-)

It looks to me that the Windows server runs the RC4 over the C struct,
not the NDR data.

Andrew Bartlett
(This used to be commit c324d97413)
2007-10-10 13:11:16 -05:00
Andrew Bartlett
2eb3d68062 r6028: A MAJOR update to intergrate the new credentails system fully with
GENSEC, and to pull SCHANNEL into GENSEC, by making it less 'special'.

GENSEC now no longer has it's own handling of 'set username' etc,
instead it uses cli_credentials calls.

In order to link the credentails code right though Samba, a lot of
interfaces have changed to remove 'username, domain, password'
arguments, and these have been replaced with a single 'struct
cli_credentials'.

In the session setup code, a new parameter 'workgroup' contains the
client/server current workgroup, which seems unrelated to the
authentication exchange (it was being filled in from the auth info).

This allows in particular kerberos to only call back for passwords
when it actually needs to perform the kinit.

The kerberos code has been modified not to use the SPNEGO provided
'principal name' (in the mechListMIC), but to instead use the name the
host was connected to as.  This better matches Microsoft behaviour,
is more secure and allows better use of standard kerberos functions.

To achieve this, I made changes to our socket code so that the
hostname (before name resolution) is now recorded on the socket.

In schannel, most of the code from librpc/rpc/dcerpc_schannel.c is now
in libcli/auth/schannel.c, and it looks much more like a standard
GENSEC module.  The actual sign/seal code moved to
libcli/auth/schannel_sign.c in a previous commit.

The schannel credentails structure is now merged with the rest of the
credentails, as many of the values (username, workstation, domain)
where already present there.  This makes handling this in a generic
manner much easier, as there is no longer a custom entry-point.

The auth_domain module continues to be developed, but is now just as
functional as auth_winbind.  The changes here are consequential to the
schannel changes.

The only removed function at this point is the RPC-LOGIN test
(simulating the load of a WinXP login), which needs much more work to
clean it up (it contains copies of too much code from all over the
torture suite, and I havn't been able to penetrate its 'structure').

Andrew Bartlett
(This used to be commit 2301a4b38a)
2007-10-10 13:11:15 -05:00
Andrew Bartlett
645711c602 r5941: Commit this patch much earlier than I would normally prefer, but metze needs a working tree...
The main volume of this patch was what I started working on today:
 - Cleans up memory handling around DCE/RPC pipes, to have a parent talloc context.
 - Uses sepereate inner loops for some of the DCE/RPC tests

The other and more important part of this patch fixes issues
surrounding the new credentials framwork:

This makes the struct cli_credentials always a talloc() structure,
rather than on the stack.  Parts of the cli_credentials code already
assumed this.

There were other issues, particularly in the DCERPC over SMB handling,
as well as little things that had to be tidied up before test_w2k3.sh
would start to pass.

Andrew Bartlett
(This used to be commit 0453f9d05d)
2007-10-10 13:11:11 -05:00
Andrew Bartlett
df64302213 r5902: A rather large change...
I wanted to add a simple 'workstation' argument to the DCERPC
authenticated binding calls, but this patch kind of grew from there.

With SCHANNEL, the 'workstation' name (the netbios name of the client)
matters, as this is what ties the session between the NETLOGON ops and
the SCHANNEL bind.  This changes a lot of files, and these will again
be changed when jelmer does the credentials work.

I also correct some schannel IDL to distinguish between workstation
names and account names.  The distinction matters for domain trust
accounts.

Issues in handling this (issues with lifetime of talloc pointers)
caused me to change the 'creds_CredentialsState' and 'struct
dcerpc_binding' pointers to always be talloc()ed pointers.

In the schannel DB, we now store both the domain and computername, and
query on both.  This should ensure we fault correctly when the domain
is specified incorrectly in the SCHANNEL bind.

In the RPC-SCHANNEL test, I finally fixed a bug that vl pointed out,
where the comment claimed we re-used a connection, but in fact we made
a new connection.

This was achived by breaking apart some of the
dcerpc_secondary_connection() logic.

The addition of workstation handling was also propogated to NTLMSSP
and GENSEC, for completeness.

The RPC-SAMSYNC test has been cleaned up a little, using a loop over
usernames/passwords rather than manually expanded tests.  This will be
expanded further (the code in #if 0 in this patch) to use a newly
created user account for testing.

In making this test pass test_rpc.sh, I found a bug in the RPC-ECHO
server, caused by the removal of [ref] and the assoicated pointer from
the IDL.  This has been re-added, until the underlying pidl issues are
solved.
(This used to be commit 824289dcc2)
2007-10-10 13:11:07 -05:00
Andrew Tridgell
e82aad1ce3 r5298: - got rid of pstring.h from includes.h. This at least makes it a bit
less likely that anyone will use pstring for new code

 - got rid of winbind_client.h from includes.h. This one triggered a
   huge change, as winbind_client.h was including system/filesys.h and
   defining the old uint32 and uint16 types, as well as its own
   pstring and fstring.
(This used to be commit 9db6c79e90)
2007-10-10 13:09:38 -05:00