IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
- added a test for all combinations of the inheritance ACE flags and how
they are propogated to child directories and files
(This used to be commit fdb38c8e4b)
- added test for chained OpenX/ReadX, simulating the OS/2 workplace shell
- fixed a bug in handling chained fnum in openx and ntcreatex in the server
(yes, I'm on holiday, but this bug was annoying me ....)
(This used to be commit b3b8958a18)
why does samba3 return domain_name as in the unknown_name field in the code
and on the wire it returns DCERPC_FAULT_OP_RNG_ERROR?
all of my test machines NT4,W2K,W2K3,XP returned NULL
and if I file the string in the .in.* the server echos the strings back
and returns NT_STATUS_INVALID_PARAMETER
metze
(This used to be commit 67e765b7e9)
level. This is quite a strange level that we've never seen before, but
is used by the os2 workplace shell.
note w2k screws up this level when unicode is negotiated, so it only
passes the RAW-SEARCH test when you force non-unicode
(This used to be commit 25189b8fbf)
level. Interestingly, this level did now show up on our trans2 scanner
previously as we didn't have the FLAGS2_EXTENDED_ATTRIBUTES bit set in
the client code. Now that we set that bit, new levels appear in
windows servers.
(This used to be commit 0b76d405a7)
to kukks on #samba-technical for the sniffs that allowed me to work
this out
- much simpler ntvfs open generic mapping code
- added t2open create with EA torture test to RAW-OPEN test
(This used to be commit a56d95ad89)
this not make much sense as we don't send the correct nc_name
but it shows that doesn't get a NDR_FAULT anymore,
we just need handle the conformant strings in pidl
metze
(This used to be commit be449f628f)
this is mostly just a tidyup, but also adds the privilege_mask, which
I will be using shortly in ACL checking.
note that I had to move the definition of struct security_token out of
security.idl as pidl doesn't yet handle arrays of pointers, and the
usual workaround (to use a intermediate structure) would make things
too cumbersome for this structure, especially given we never encode it
to NDR.
(This used to be commit 7b446af09b)
(NOTE: that the drsuapi_DsReplicaObjMetaData2 struct is not corrently parsed yet
and there're some unknown fields left in someother infotypes)
metze
(This used to be commit 4fd57d5e7c)
- change smbcli_read/write to take void * for the buffers to match read(2)/write(2)
all this fixes a lot of gcc-4 warnings
metze
(This used to be commit b94f92bc66)
generic->specific access mask mappings, and tests of the behaviour of
SID_CREATOR_OWNER and SEC_FLAG_MAXIMUM_ALLOWED
(This used to be commit f572fe6d29)
This removes the duplicate named SEC_RIGHTS_MAXIMUM_ALLOWED and
SEC_RIGHTS_FULL_CONTROL, which are just other names for
SEC_FLAG_MAXIMUM_ALLOWED and SEC_RIGHTS_FILE_ALL. The latter names
match the new naming conventions in security.idl
Also added names for the generic->specific mappings for files are
directories
(This used to be commit 17a4e0b3ac)
- removed the clitar code. It is unmaintained, and a horribly badly done hack
- removed client.h as it contained mostly unused definitions
- removed the unused clidfs.c code
(This used to be commit 31a7bddbb3)
definitions for security access masks, in security.idl
The previous definitions were inconsistently named, and contained many
duplicate and misleading entries. I kept finding myself tripping up
while using them.
(This used to be commit 01c0fa722f)
lm hash from the samdb, and thus not checking the verifier)
fixed the client side to calculate the lm verifier based on the nt
hash, not the lm hash (confirmed using w2k3)
(This used to be commit 27e7fb3baf)
where the warmup phase continues until all clients have done some file
IO. This gives more repeatable results when under high load
(This used to be commit aca0658f6d)
that works only on SCHANNEL secured connections (as it needs the
implicit credentials).
Fix some of the IDL.
Andrew Bartlett
(This used to be commit 90cd7b34cc)
names and other assistance from the ethereal sources.
More work needs to be done to validate some of the levels, which do
not appear in the query - perhaps they are modification levels.
Andrew Bartlett
(This used to be commit 6363553369)
seem to be 'shortcut' RPCs, that just avoid an open/query pair).
Rename a few others to give us a slightly sensible pattern.
Andrew Bartlett
(This used to be commit d6a7ab57e7)
* Add new LSA calls to open trusted domains
* Add new tests for ACCOUNTs in SamSync
* Clean up names in NETLOGON and LSA
* Verify Security Descriptors against LSA, as well as SamR
Andrew Bartlett
(This used to be commit ed838beddb)
* Add new tests for ACCOUNTs in SamSync
* Clean up names in NETLOGON and LSA
* Verify Security Descriptors against LSA, as well as SamR
Andrew Bartlett
(This used to be commit 7094502fe0)
write time is sticky, and causes any subsequent writes not to update
the last write time. Added write that extends the file followed by
fnum specific smbflush. It stays the same time :-).
Jeremy.
(This used to be commit a2ea2166dc)
with setfileinfo modifying the write time. I have some ideas on how
to emulate this in the Samba server now but the commented case will
be very hard...
Jeremy.
(This used to be commit c9211d0847)
test that uses 2 connections and queries the time via pathinfo, not fileinfo.
MSDN states : "When writing to a file, the last write time is not fully updated
until all handles used for writing have been closed." - but this is obviously
untrue. W2K3 seems to use a 2 second granularity for this. Next I'll try using
SetFileTime equivalent to see if this takes the same time to take effect.
Jeremy.
(This used to be commit 2e47e241f9)
verify that the security descriptor found in the SamSync is the same
as what is available over SAMR.
Unfortunately, the administrator seems unable to retrieve the SACL on
the security descriptor, so I've added a new function to compare with
a mask.
Andrew Bartlett
(This used to be commit 39ae5e1dac)
This reduces the total size of the samba binaries from 119 Mb to 73 Mb.
Next step will be to have the build system obtain some of this information
by itself, so that we don't have to write ~10 lines per interface manually.
(This used to be commit 16d905f6b0)
queryfileinfo/setfileinfo logic, so querying/setting a security
descriptor is treated as just another file query/set operation.
This will allow NTVFS backends to see the query/set security
descriptor operations as RAW_FILEINFO_SEC_DESC and
RAW_SFILEINFO_SEC_DESC operations.
(This used to be commit f68a6b6b91)
This compares values for the domain and for secrets. We still have
some problems we need to sort out for secrets.
Also rename a number of structures in samr.idl and netlogon.idl, to
better express their consistancy.
Andrew Bartlett
(This used to be commit 3f52fa3a42)
- added a delete-on-close test to RAW-STREAMS
- don't allow rename of streams at the moment (I need to work out if
its supposed to be allowed first)
(This used to be commit f4b2b1311d)
The trickiest part about this was getting the sharing and locking
rules right, as alternate streams are separate locking spaces from the
main file for the purposes of byte range locking, and separate for
most share violation rules.
I suspect there are still problems with delete on close with alternate
data streams. I'll look at that next.
(This used to be commit b6452c4a20)
rather then a large table in librpc/gen_ndr/tables.c. This will allow us
to only link in only the required gen_ndr files (speeds up linking quite a
bit, makes binaries smaller).
Each gen_ndr_* file now has a init function that calls the init functions
of the interfaces it contains. I did it this way to keep pidl's code simple,
though it might hurt startup time a bit. I'd be happy to change it if
people like one function better.
(This used to be commit 3c436590ae)
- Use .mk files directly (no need for a SMB_*_MK() macro when adding a new SUBSYSTEM, MODULE or BINARY). This allows addition of new modules and subsystems without running configure
- Add support for generating .dot files with the Samba4 dependency tree (as used by the graphviz and springgraph utilities)
(This used to be commit 64826da834)
certainly not complete, we need to verify all incoming data, not just
accounts.
This needs to be exercised against some 'intersting' users, but for
now it shows that the IDL is already very accurate, particularly after
the previous commits cleanups of names.
Also commit the changes to keep RPC-LOGIN building.
Andrew Bartlett
(This used to be commit 87ec6834bc)
NETLOGON.
In particular, rename samr_Name to samr_String - given that many
strings in this pipe are not 'names', the previous was just confusing.
(I look forward to PIDL turning these into simple char * some day...).
Also export out a few changes from testjoin.c to allow for how I have
written the new RPC-SAMSYNC test.
Andrew Bartlett
(This used to be commit 9cd666bcfb)
We now (for the first time) start to parse the 'user sensitive info'
field, which reveals the user's NT and LM passwords from Win2k3.
Using this, the 'validate samsync against netlogon' portion of the
tests works for accounts.
Trusted domains and secrets are now retreived, but like users,
require further cross-validation work.
Andrew Bartlett
(This used to be commit c1d3794cad)
clear what the correct behaviour is for delayed stat info update.
- use a common torture_setup_dir() function for setting up a test
directory in torture tests.
(This used to be commit f7fb34715b)
- Work on server side and local COM support (should work, just no
example classes yet)
- Use vtables so that local and remote calls can be used transparently
- Generate 'proxies and stubs' rather then heavily modified code in client.pm and server.pm. proxies (client side code) are generated in proxy.pm, stubs (server side dispatchers) are generated in stubs.pm
- Support registering classes and interfaces
- DCOM interfaces no longer have to be in the same IDL file as their
base interface, which will allow us to split up dcom.idl
(This used to be commit 7466947a23)
Break out the samsync tests from RPC-NETLOGON into a new RPC-SAMSYNC,
that will cross-verify all the values.
Add support for the way netlogon credentials are shared between the
pipe that sets up schannel and the pipe that is encrypted with it.
Test this support, by calling both NETLOGON and SAMR operations in the
RPC-SCHANNEL test.
Move some of the Netlogon NEG flags into the .idl, now we have an idea
what a few of them really are.
Rename the sam_pwd_hash into a name that has meaning (all other crypto
functions were renamed in Samba4 ages ago).
Break out NTLMv2 functionality for operation on the NT hash - I intend
to do NTLMv2 logins in the samsync test in future, and naturally I
only have the hash.
Andrew Bartlett
(This used to be commit 6e6cc6fb98)
RPC-SAMLOGON of their own.
I have expanded the tests to validate the use of various flags, which
change some of the crypto behaviour.
Andrew Bartlett
(This used to be commit 3a140a3691)
appear in netlogon, despite what the LM response may look like).
Make the logon tests less verbose - only print test names on failure.
Andrew Bartlett
(This used to be commit 49c335bcd8)
Samba3/OpenLDAP for. For a concrete situation you have to adapt the domain,
pdcname and usernames/passwords. Sorry, not parametrized yet, but this should
be doable if necessary.
Volker
(This used to be commit 02f5205872)
(Hmm, this whole section should be broken out into a new file, I
think).
Add new tests, particularly of the LM key for NTLMv2 responses, and
the (changed, apparently) session key for LMv2 only logins.
Next is to add SAMR modification and cross-validation.
Andrew Bartlett
(This used to be commit be99ee4719)
waiting for a chkpath response
- fixed open async send in BASE-DISCONNECT
with these changes BASE-DISCONNECT crashes Samba4, as it was designed
to do. I'll work on a fix :)
(This used to be commit 25e0138464)
parsing, so that module init can take account of lp_ parms (thats
why gensec:krb5=no wasn't working)
- added a BASE-DISCONNECT torture test that tests server response to
clients disconnecting with open lock and open requests pending
(This used to be commit 5205f598b8)
The torture test DCOM-SIMPLE now successfully does an
IStream_Read and a IStream_Write call.
This test can now be run successfully against the "Simple DCOM" Visual
Studio example.
(You have to quote out line 337 in pidl. pidl complains if the variable
that contains the array size follows the array. I still need to fix this
properly)
Next goals:
- Clean up code
- Server side support
- Support custom marshalling
- Support DCOM interfaces in files other then dcom.idl
(This used to be commit 8693344772)
this test demonstrates how w2k3 handles the special semantics of
DENY_DOS when 2 opens happen on the same connection. The 2nd open
doesn't actually do a NTFS open, it happens as a secondary reference
to the same internal file handle in the CIFS layer. The evidence is
that the 2nd open shares the same POSITION_INFORMATION field as the
first open, but only for the special DENY_DOS cases that would
normally be refused.
(This used to be commit eeec57d4f6)
Both subsystems and modules can now have init functions, which can be
specified in .mk files (INIT_FUNCTION = ...)
The build system will define :
- SUBSYSTEM_init_static_modules that calls the init functions of all statically compiled modules. Failing to load will generate an error which is not fatal
- BINARY_init_subsystems that calls the init functions (if defined) for the subsystems the binary depends on
This removes the hack with the "static bool Initialised = " and the
"lazy_init" functions
(This used to be commit 7a8244761b)
- pvfs now passes BASE-OPENATTR
- pvfs also passes the BASE-DEFER_OPEN test, but it is not a well
formed test for regular running so I am removing it from the list of
tests to run in test_posix.sh (the test is covered better by RAW-MUX
anyway)
(This used to be commit cb76bd218e)
which will join as a w2k dc joins a ads domain
(this is currently not fully implmented,
I just have listed the steps we need to do)
metze
(This used to be commit 29cd3d20e3)
run test_posix.sh in a reaonable time by using posix:sharedelay=100000
this still tests correct multiplex behaviour
(This used to be commit 64a6db5b02)
This allows potentially NULL pointers to be referenced, without an if ()
for every use. (previously, it would segfault).
Update doco, and allow talloc_unlink to match.
Andrew Bartlett
(This used to be commit 59757c7f9d)
testing. Interestingly, w2k3 does not allow the cancel of an
outstanding async open request, whereas it does allow the cancel of an
outstanding async lock request. To support this I have changed the
pvfs_wait interface to provide a enum on why the event is happening,
so the callback can decide what to do.
(This used to be commit f23d6a2800)
The previous code didn't handle the case where the file got renamed or
deleted while waiting for the sharing violation delay. To handle this
we need to make the 2nd open a full open call, including the name
resolve call etc. Luckily this simplifies the logic.
I also expanded the RAW-MUX test to include the case where we do
open/open/open/close/close, with the 3rd open async, and that open
gets retried after both the first close and the 2nd close, with the
first retry failing and the 2nd retry working. The tests the "async
reply after a async reply" logic in pvfs_open().
(This used to be commit eded2ad9c9)
- Support for sending over the object UUID in DCERPC calls
- Simple torture test for the DCOM "Simple" object
- Generate extra argument for "object" interfaces in pidl
- Some stubs for common DCOM functions
(This used to be commit c052f2e1ed)
deferred reply is short-circuited immediately when the file is
closed by another user, allowing it to be opened by the waiting user.
- added a sane set of timeval manipulation routines
- converted all the events code and code that uses it to use struct
timeval instead of time_t, which allows for microsecond resolution
instead of 1 second resolution. This was needed for doing the pvfs
deferred open code, and is why the patch is so big.
(This used to be commit 0d51511d40)
NT_STATUS_BUFFER_TOO_SMALL or a NT_STATUS_NET_WRITE_FAULT if I try other user accounts. Must've got something to do with the auth padding...
(This used to be commit f6f3d312bf)
this brings us down to about 11k lines of headers included with
includes.h, while still retaining the speed of building with pch
(This used to be commit 10188869ef)
- tidied up some of the system includes
- moved a few more structures back from misc.idl to netlogon.idl and samr.idl now that pidl
knows about inter-IDL dependencies
(This used to be commit 7b7477ac42)
total include lines in compiling C files in Samba (the .gch file is
now 5M instead of 12M)
This also gets rid of the silly gtk compile warning for non-gtk code
(This used to be commit 8ebd20cf55)
I have created the include/system/ directory, which will contain the
wrappers for the system includes for logical subsystems. So far I have
created include/system/kerberos.h and include/system/network.h, which
contain all the system includes for kerberos code and networking code.
These are the included in subsystems that need kerberos or networking
respectively.
Note that this method avoids the mess of #ifdef HAVE_XXX_H in every C
file, instead each C module includes the include/system/XXX.h file for
the logical system support it needs, and the details are kept isolated
in include/system/
This patch also creates a "struct ipv4_addr" which replaces "struct
in_addr" in our code. That avoids every C file needing to import all
the system networking headers.
(This used to be commit 2e25c71853)
the DCOM calls are wrappers around several local calls, so you get things like:
WERROR foobar ( [in] int num_ifaces,
[in,size_is(num_ifaces)] IID *ifaces,
[out,size_is(num_ifaces)] WERROR *results);
(This used to be commit 0873bf2cbe)
The thing that finally convinced me that minimal includes was worth
pursuing for rpc was a compiler (tcc) that failed to build Samba due
to reaching internal limits of the size of include files. Also the
fact that includes.h.gch was 16MB, which really seems excessive. This
patch brings it back to 12M, which is still too large, but
better. Note that this patch speeds up compile times for both the pch
and non-pch case.
This change also includes the addition iof a "depends()" option in our
IDL files, allowing you to specify that one IDL file depends on
another. This capability was needed for the auto-includes generation.
(This used to be commit b8f5fa8ac8)
Add torture test for RemoteActivation
The request is now send correctly and we get back a valid response
from Windows but r->in.Interfaces is set to 0 somewhere while parsing
the response...
(This used to be commit cabec03422)
- added new tests BASE-NTDENY1 and BASE-NTDENY2. These are the
ntcreatex equivalents of the BASE-DENY1 and BASE-DENY2
tests. Unfortunately, with ntcreatex there are 4 million combination
and trying each one takes 1 second, so randomised testing is the
only choice. The BASE-DENY1 test can operate in parallel with
hundreds of connections, speeding things up a bit (as most time is
spent waiting 1 second for a sharing violation to come back)
(This used to be commit b95493d3d1)
them properly (they are difficult to do in an async fashion).
By choosing trans.in.max_data to fix in the negotiated buffer size a
server won't send us multi-part replies.
I notice that windows seems to avoid them too :)
(This used to be commit e23edf762c)
rather extensive test reveals some really bizarre error code
handling in w2k3.
- extended and simplified the RAW-CHKPATH test, making it easier to
read (note that Samba3 fails the new tests - jra may wish to look)
- marked RAW-CHKPATH as pass for pvfs
(This used to be commit 32dccf91cf)
rather than doing everything itself. This greatly simplifies the
code, although I really don't like the socket_recv() interface (it
always allocates memory for you, which means an extra memcpy in this
code)
- fixed several bugs in the socket_ipv4.c code, in particular client
side code used a non-blocking connect but didn't handle EINPROGRESS,
so it had no chance of working. Also fixed the error codes, using
map_nt_error_from_unix()
- cleaned up and expanded map_nt_error_from_unix()
- changed interpret_addr2() to not take a mem_ctx. It makes absolutely
no sense to allocate a fixed size 4 byte structure like this. Dozens
of places in the code were also using interpret_addr2() incorrectly
(precisely because the allocation made no sense)
(This used to be commit 7f2c771b0e)
- auto-cleanup old searches that the client forgot to close (common with old searches)
- expanded the RAW-SEARCH test to test more than 256 old searches, and
old search rewind (w2k3 fails this - it appears to not support rewind
on old style searches)
(This used to be commit bc83d823b2)
- made idtree return a "struct idr_context *" instead of a void*
- more efficient idr_remove for ids that are not present (patch from Jim Houston)
(This used to be commit f8d12d4b4a)
Add local test for testing the functions dcerpc_parse_binding(),
dcerpc_binding_string() and dcerpc_binding_build_tower()
(This used to be commit 7a07c2c769)
I'm not quite sure what's going on here, but adjust expected values
till I can find out how to reproduce this the other way...
Andrew Bartlett
(This used to be commit 3f0f6b38f2)
field. Add torture test for setting this feild - including all the
odd cases (not all the flags 'stick', and not others cannot be
removed).
Seperate the two 'password change' flags, and test them both in the
torture code.
Check that the password did change after every password set call.
Andrew Bartlett
(This used to be commit 3759128bd3)
- added a pvfs_lock_close_pending() hook to remove pending locks on file close
- fixed the private ptr argument to messaging_deregister() in pvfs_wait
- fixed a bug in continuing lock requests after a lock that is blocking a pending lock is removed
- removed bogus brl_unlock() call in lock continue
- corrected error code for LOCKING_ANDX_CHANGE_LOCKTYPE
- expanded the lock cancel test suite to test lock cancel by unlock and by close
- added a testsuite for LOCKING_ANDX_CHANGE_LOCKTYPE
(This used to be commit 5ef80f034d)
This adds a pvfs_wait_message() routine which uses the new messaging
system, event timers and talloc destructors to give a nice generic
async event handling system with a easy to use interface. The
extensions to pvfs_lock.c are based on calls to pvfs_wait_message()
routines.
We now pass all of our smbtorture locking tests, although while
writing this code I have thought of some additonal tests that should
be added, particularly for lock cancel operations. I'll work on that
soon.
This commit also extends the smbtorture lock tests to test the rather
weird 0xEEFFFFFF locking semantics that I have discovered in
win2003. Win2003 treats the 0xEEFFFFFF boundary as special, and will
give different error codes on either side of it. Locks on both sides
are allowed, the only difference is which error code is given when a
lock is denied. Anyone like to hazard a guess as to why? It has
me stumped.
(This used to be commit 4395c0557a)
full. This means callers can just "send and forget" rather than
having to check for a temporary failure. The mechanism takes nice
advantage of the timed events handling is our events code. A message
will only fail now if we completely run out of some resource (such
as memory).
- changed the test code not to do retries itself, but only to warn on real failures
(This used to be commit 8cddc610a2)
- added the new messaging system, based on unix domain sockets. It
gets over 10k messages/second on my laptop without any socket
cacheing, which is better than I expected.
- added a LOCAL-MESSAGING torture test
(This used to be commit 3af06478da)
