1
0
mirror of https://github.com/samba-team/samba.git synced 2024-12-24 21:34:56 +03:00
Commit Graph

957 Commits

Author SHA1 Message Date
Andrew Tridgell
8d0a36366c r6331: added IDL and test suite for the ADS style response to a datagram netlogon query.
Note that this response is almost identical to the CLDAP netlogon
response, so adding that will now be quite easy.
(This used to be commit 1ea4ed4ad1)
2007-10-10 13:11:32 -05:00
Tim Potter
6bb0231229 r6325: Rename aliasname -> alias_name in CreateDomAlias function.
(This used to be commit 63dfa9b806)
2007-10-10 13:11:32 -05:00
Andrew Tridgell
f06e39e308 r6321: added IDL and test suite for NBT dgram 'sam logon' request (sent by
clients when a user tries to login)
(This used to be commit 08ded62156)
2007-10-10 13:11:31 -05:00
Andrew Bartlett
b3221032d2 r6315: Allow sane session setup behaviour on SPNEGO regarding VUIDs.
Andrew Bartlett
(This used to be commit 6e2327ee9b)
2007-10-10 13:11:31 -05:00
Andrew Bartlett
1372e938fc r6314: A more complete RAW-CONTEXT test. This Samba4 currently fails, but it
now tests areas in extended security handling (SPNEGO) that are just
plain odd...

Andrew Bartlett
(This used to be commit d8d63e8c79)
2007-10-10 13:11:31 -05:00
Andrew Tridgell
b708e87a63 r6288: the nbt dgram server now responds to GETDC requests. It works with our
test suite, but doesn't yet seem to satisfy a nt4 client. I'm
investigating.
(This used to be commit 406217262d)
2007-10-10 13:11:29 -05:00
Andrew Bartlett
fc1b6bae23 r6286: Add back metze's test of setting a trust password to ''. I removed
this because I don't want our torture suite to leave behind accounts
with known passwords if it is stopped in the wrong place.  It is now
run behind the -X (dangerous) wrapper.

Andrew Bartlett
(This used to be commit 057a81d81e)
2007-10-10 13:11:29 -05:00
Andrew Tridgell
b0ca8ed455 r6247: added the server side code for receiving mailslot requests, and
parsing incoming netlogon requests. No replies are sent yet.
(This used to be commit 3b34df6a67)
2007-10-10 13:11:28 -05:00
Andrew Tridgell
866c62f26d r6246: stop waiting when we get a reply
(This used to be commit 8b9a5d8336)
2007-10-10 13:11:28 -05:00
Andrew Tridgell
f83e6ded9d r6245: receive and parse the GETDC response in the NBT-DGRAM test. The test
now tries to bind to port 138 if possible, so if you run it as root
and smbd/nmbd is not running then it works against windows servers
(This used to be commit 52ccdb79bc)
2007-10-10 13:11:28 -05:00
Andrew Tridgell
7c6c366150 r6223: added a bit more datagram infrastructure and the beginnings of a test
suite. The NBT-DGRAM test does a UDP/138 netlogon request, to which a
windows server sends a reply, but the windows server sends the reply
to the wrong port (it always sends to 138), so the test suite doesn't
see it.
(This used to be commit a7634625db)
2007-10-10 13:11:27 -05:00
Stefan Metzmacher
f9b3a8d3b9 r6206: go baack 10 revisions to get DatabaseDeltas, this shows that the bdc only
need one call to get in sync again (except something like NT_STATUS_MORE_ENTRIES is returned)

also the pdc only need to know the current state values

metze
(This used to be commit f4e12b3893)
2007-10-10 13:11:25 -05:00
Stefan Metzmacher
4baf0b01c4 r6197: fix for my last commit, I removed SPOOLSS_ARCHITECTURE, which was "Architecture"
(sorry richard:-)

disable lookup for DefaultSpoolDirectory until, I have fixed the parsing when WERR_MORE_DATA
is returned

metze
(This used to be commit d5993337b8)
2007-10-10 13:11:25 -05:00
Richard Sharpe
d3911fa5d7 r6195: I think Metze meant SPOOLSS_ARCHITECTURE_NT_X86, but I could be wrong.
(This used to be commit 85c2b8b944)
2007-10-10 13:11:25 -05:00
Stefan Metzmacher
746bb14367 r6194: - fix some spoolss_*Form names and types
- fix GetPrinterData(), look inside the datablob

- add idl for RemoteFindFirstChangeNotify(), without meaning yet, just to not return a DCERPC_FAULT
  when receiving this request

metze
(This used to be commit 92f3d5bd9c)
2007-10-10 13:11:25 -05:00
Stefan Metzmacher
3abce73193 r6179: - add new spoolss tests for all spoolss_Enum*() calls which didn't need
a handle as parameter,

  EnumPorts
  EnumPrinterDrivers
  EnumMonitors
  EnumPrintProcessors
  EnumPrinters

  we now do cross checks between the different info levels
  and sore the results in a global context,
  so that we later can add cross checks between the different object types

- add idl for EnumMonitors and EnumPrintProcessors

metze
(This used to be commit 92a3721bc7)
2007-10-10 13:11:23 -05:00
Andrew Tridgell
772f31797d r6165: fixed up the userinfo composite code. Fixes include:
- talloc should always be done in the right context. For example, when creating
  the userinfo_state structure, place it inside the composite
  structure, not directly on the pipe. If this isn't done then
  correct cleanup can't happen on errors (as cleanup destroys the top
  level composite context only)

- define private structures like userinfo_state in the userinfo.c
  code, not in the public header

- only keep the parameters we need in the state structure. For
  example, the domain_handle is only needed in the first call, so we
  don't need to keep it around in the state structure, but the level is
  needed in later calls, so we need to keep it

- always initialise [out,ref] parameters in RPC calls. The [ref] part
  means that the call assumes the pointer it has been given is
  valid. If you don't initialise it then you will get a segv on
  recv. This is why the code was dying.

- don't use internal strucrure elements like the pipe
  pipe->conn->pending outside of the internal rpc implementation. That
  is an internal list, trying to use it from external code will cause crashes.

- rpc calls assume that rpc call strucrures remain valid for the
  duration of the call. This means you need to keep the structures
  (such as "struct samr_Close") in the userinfo_state strucrure,
  otherwise it will go out of scope during the async processing

- need to remember to change c->state to SMBCLI_REQUEST_DONE when the
  request has finished in the close handler, otherwise it will loop
  forever trying to close

Mimir, please look at the diff carefully for more detailed info on the fixes
(This used to be commit 01ea1e7762)
2007-10-10 13:11:23 -05:00
Stefan Metzmacher
64ad915111 r6109: nicer way to handle compression in the torture test
metze
(This used to be commit a3cec189e1)
2007-10-10 13:11:19 -05:00
Andrew Bartlett
a19d002cee r6032: Fix up SetServerPassword2 on NETLOGON for [bigendian]. Clearly nobody
has the patience to run test_w2k3.sh to completion :-)

It looks to me that the Windows server runs the RC4 over the C struct,
not the NDR data.

Andrew Bartlett
(This used to be commit c324d97413)
2007-10-10 13:11:16 -05:00
Andrew Bartlett
2eb3d68062 r6028: A MAJOR update to intergrate the new credentails system fully with
GENSEC, and to pull SCHANNEL into GENSEC, by making it less 'special'.

GENSEC now no longer has it's own handling of 'set username' etc,
instead it uses cli_credentials calls.

In order to link the credentails code right though Samba, a lot of
interfaces have changed to remove 'username, domain, password'
arguments, and these have been replaced with a single 'struct
cli_credentials'.

In the session setup code, a new parameter 'workgroup' contains the
client/server current workgroup, which seems unrelated to the
authentication exchange (it was being filled in from the auth info).

This allows in particular kerberos to only call back for passwords
when it actually needs to perform the kinit.

The kerberos code has been modified not to use the SPNEGO provided
'principal name' (in the mechListMIC), but to instead use the name the
host was connected to as.  This better matches Microsoft behaviour,
is more secure and allows better use of standard kerberos functions.

To achieve this, I made changes to our socket code so that the
hostname (before name resolution) is now recorded on the socket.

In schannel, most of the code from librpc/rpc/dcerpc_schannel.c is now
in libcli/auth/schannel.c, and it looks much more like a standard
GENSEC module.  The actual sign/seal code moved to
libcli/auth/schannel_sign.c in a previous commit.

The schannel credentails structure is now merged with the rest of the
credentails, as many of the values (username, workstation, domain)
where already present there.  This makes handling this in a generic
manner much easier, as there is no longer a custom entry-point.

The auth_domain module continues to be developed, but is now just as
functional as auth_winbind.  The changes here are consequential to the
schannel changes.

The only removed function at this point is the RPC-LOGIN test
(simulating the load of a WinXP login), which needs much more work to
clean it up (it contains copies of too much code from all over the
torture suite, and I havn't been able to penetrate its 'structure').

Andrew Bartlett
(This used to be commit 2301a4b38a)
2007-10-10 13:11:15 -05:00
Stefan Metzmacher
3ec2c008b8 r6000: add some notes about the cases where compression (or what ever this is)
is used, in the reply.

metze
(This used to be commit 618dadb7ef)
2007-10-10 13:11:14 -05:00
Stefan Metzmacher
220f82e570 r5999: ups, remove the testvalue that I used against my w2k3 server
metze
(This used to be commit 3d3e09af16)
2007-10-10 13:11:14 -05:00
Stefan Metzmacher
01ab1128ce r5998: I was wrong with the highwater mark...
I think I now understand how it works:-)

metze
(This used to be commit f8add2e66a)
2007-10-10 13:11:14 -05:00
Jelmer Vernooij
4c4738938a r5977: Fix uninitialised memory bug in ndr_pull_ref_ptr(). This fixes the
Test_DoublePointer test failure.
(This used to be commit 4089d5f67d)
2007-10-10 13:11:11 -05:00
Jelmer Vernooij
7c55d0ffa5 r5976: SIDs can't have more then 5 subauths (caught by [validate] and
range())
(This used to be commit ec1eaa274b)
2007-10-10 13:11:11 -05:00
Jelmer Vernooij
88a5f8b26f r5963: Fix parameter passing for gentest and locktest
(This used to be commit 28914c89dc)
2007-10-10 13:11:11 -05:00
Stefan Metzmacher
1bb3e99d06 r5949: give things more meaning, and reuse structs where it is possible
to make things more clear

metze
(This used to be commit adefeeb4f3)
2007-10-10 13:11:11 -05:00
Stefan Metzmacher
07c705745a r5947: print out the password hashes when -d 100 is in use,
very usefull for creating a keytab file with

metze
(This used to be commit 15b80a28db)
2007-10-10 13:11:11 -05:00
Andrew Bartlett
e25cff1c11 r5942: A couple of small changes to fix things up with the new credentials
infrustructure.

Andrew Bartlett
(This used to be commit d51718ab8a)
2007-10-10 13:11:11 -05:00
Andrew Bartlett
645711c602 r5941: Commit this patch much earlier than I would normally prefer, but metze needs a working tree...
The main volume of this patch was what I started working on today:
 - Cleans up memory handling around DCE/RPC pipes, to have a parent talloc context.
 - Uses sepereate inner loops for some of the DCE/RPC tests

The other and more important part of this patch fixes issues
surrounding the new credentials framwork:

This makes the struct cli_credentials always a talloc() structure,
rather than on the stack.  Parts of the cli_credentials code already
assumed this.

There were other issues, particularly in the DCERPC over SMB handling,
as well as little things that had to be tidied up before test_w2k3.sh
would start to pass.

Andrew Bartlett
(This used to be commit 0453f9d05d)
2007-10-10 13:11:11 -05:00
Jelmer Vernooij
13b0776f60 r5929: Use cli_credentials for the SMB functions as well.
Fix a couple of bugs in the new cli_credentials code
(This used to be commit 4ad481cfe5)
2007-10-10 13:11:09 -05:00
Jelmer Vernooij
05bc2d7b2c r5928: Use cli_credentials in:
- gtk+ (returned by GtkHostBindingDialog as well now)
 - torture/
 - librpc/
 - lib/com/dcom/
(This used to be commit ccefd78233)
2007-10-10 13:11:08 -05:00
Jelmer Vernooij
02075be0bb r5917: First step in using the new cli_credentials structure. This patch
puts support for it into popt_common, adds a few utility functions
(in lib/credentials.c) and the callback functions for the command-line
(lib/cmdline/credentials.c). Comments are welcome :-)
(This used to be commit 1d49b57c50)
2007-10-10 13:11:08 -05:00
Andrew Bartlett
df64302213 r5902: A rather large change...
I wanted to add a simple 'workstation' argument to the DCERPC
authenticated binding calls, but this patch kind of grew from there.

With SCHANNEL, the 'workstation' name (the netbios name of the client)
matters, as this is what ties the session between the NETLOGON ops and
the SCHANNEL bind.  This changes a lot of files, and these will again
be changed when jelmer does the credentials work.

I also correct some schannel IDL to distinguish between workstation
names and account names.  The distinction matters for domain trust
accounts.

Issues in handling this (issues with lifetime of talloc pointers)
caused me to change the 'creds_CredentialsState' and 'struct
dcerpc_binding' pointers to always be talloc()ed pointers.

In the schannel DB, we now store both the domain and computername, and
query on both.  This should ensure we fault correctly when the domain
is specified incorrectly in the SCHANNEL bind.

In the RPC-SCHANNEL test, I finally fixed a bug that vl pointed out,
where the comment claimed we re-used a connection, but in fact we made
a new connection.

This was achived by breaking apart some of the
dcerpc_secondary_connection() logic.

The addition of workstation handling was also propogated to NTLMSSP
and GENSEC, for completeness.

The RPC-SAMSYNC test has been cleaned up a little, using a loop over
usernames/passwords rather than manually expanded tests.  This will be
expanded further (the code in #if 0 in this patch) to use a newly
created user account for testing.

In making this test pass test_rpc.sh, I found a bug in the RPC-ECHO
server, caused by the removal of [ref] and the assoicated pointer from
the IDL.  This has been re-added, until the underlying pidl issues are
solved.
(This used to be commit 824289dcc2)
2007-10-10 13:11:07 -05:00
Andrew Bartlett
5aa2646be8 r5879: Rename SAMR_FIELD_WORKSTATION to SAMR_FIELD_WORKSTATIONS - it is a list.
Andrew Bartlett
(This used to be commit 7822101cb5)
2007-10-10 13:11:06 -05:00
Andrew Bartlett
2b41ba049e r5878: Be clear which machine name (We have one worksation, and one BDC) we
are doing logins with.

Andrew Bartlett
(This used to be commit b7297c44fa)
2007-10-10 13:11:06 -05:00
Andrew Bartlett
00ac91fa29 r5876: Add a test account for the duration of the samsync - to ensure we have
a good variety of things to test against.

Add code to testjoin to handle this just like test machine accounts

Soon I'll remove the 'must change password' flag, so we can do logins with it.

Andrew Bartlett
(This used to be commit 08b47e2dc0)
2007-10-10 13:11:06 -05:00
Jelmer Vernooij
ef213b0248 r5866: Add InitShutdown IDL and torture test.
Implement push side of NDR_LEN4|NDR_NOTERM strings (pull side was already present)
(This used to be commit ea61ec1122)
2007-10-10 13:11:05 -05:00
Stefan Metzmacher
c638a8380d r5830: start to analyse the attribute values, depending on the attribute type
metze
(This used to be commit 63229b9503)
2007-10-10 13:11:05 -05:00
Stefan Metzmacher
cead12981f r5799: more DsGetNCChanges updates, I'm starting to understand it...
also add a really simple torture test for DsGetNCChanges

metze
(This used to be commit bcde67a7ef)
2007-10-10 13:11:04 -05:00
Andrew Bartlett
d830fcd7d1 r5783: Test renaming of accounts in the RPC-SAMR test, and add support into
the SAMR server.

Andrew Bartlett
(This used to be commit fd748f9d2f)
2007-10-10 13:11:03 -05:00
Jelmer Vernooij
e9ca6e48ff r5775: Remove some unused functions (unions are no longer as special as they used to be)
Add oxid mapping table support in DCOM
(This used to be commit e193555f0e)
2007-10-10 13:11:02 -05:00
Stefan Metzmacher
4b83366b6c r5742: - add torture test and idl for DsReplicaUpdateRefs()
(the torture test currently only tests if the idl is correct)

- add start for idl for DsGetNCChanges()
  (if someone didn't noticed the current ethereal trunk code can
   successful decrypt DCERPC and LDAP gsskrb5 encrypted blobs,
   when you provide a keytab and have compiled against heimdal :-)

- add a view bitmaps and enum's for better debugging

metze
(This used to be commit cf7c1352ab)
2007-10-10 13:11:01 -05:00
Jeremy Allison
f52643c23c r5730: More fun with delayed write semantics with multiple file handles
open on the same file on the same connection.
Jeremy.
(This used to be commit 23733abfa2)
2007-10-10 13:11:00 -05:00
Stefan Metzmacher
c857c03170 r5681: fix the build and compiler wanings
metze
(This used to be commit bb2622a0c9)
2007-10-10 13:11:00 -05:00
Rafal Szczesniak
983306c819 r5679: Complete basic test of rpc_composite_userinfo function (which
btw proves the function is completely broken but that's what
tests are for)

rafal
(This used to be commit 7278c7d837)
2007-10-10 13:10:59 -05:00
Rafal Szczesniak
3a9d9ab5b0 r5678: Torture tests require also libnet in order to run NET-* tests.
rafal
(This used to be commit e492a2a604)
2007-10-10 13:10:59 -05:00
Jelmer Vernooij
d892500e73 r5676: Fix some alignment issues and IRemoteActivation
(This used to be commit a9b13f6701)
2007-10-10 13:10:59 -05:00
Jelmer Vernooij
dd2aefd56b r5675: - More DCOM bug fixes
- Keep COM and DCOM more seperated
(This used to be commit f694f484c4)
2007-10-10 13:10:59 -05:00
Jelmer Vernooij
77ec3f684d r5674: - Re-enable DCOM support.
- Always put IID in vtables (useful for asserts)
- Add table to keep track of DCOM proxy classes
- Bunch of smaller bug fixes
(This used to be commit 26d5a0b92c)
2007-10-10 13:10:59 -05:00