IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
This needs to be fixed in Samba3 as well. It might be exploitable (I
haven't confirmed one way or the other), so I think this should be
fixed for 3.0.25
(This used to be commit 4766175ff2)
dcerpc_ship_next_request() logic was added the penidng queue was split
in two, but we also needed to update the code which removes requests
from the queue to know about the two queues. Following the pattern
used in other client libs, I based which queue to remove from on
req->state, and added a new state RPC_REQUEST_QUEUED. This fixes a
crash that happens when rpc requests time out.
This patch also fixes the handling of timed out bind requests, and the
talloc_reference handling in dcerpc_ndr_request_recv().
(This used to be commit f51a129b52)
Samba4. This only broke on global catalog queries, which turned out to
be due to changes in the partitions module that metze needed for his
DRSUAPI work.
I've reworked partitions.c to always include the 'problematic' control,
and therefore demonstrated that this is the issue. This ensures
consistency, and should help with finding issues like this in future.
As this control (DSDB_CONTROL_CURRENT_PARTITION_OID) is not intended to
be linearised, I've added logic to allow it to be skipped when creating
network packets.
I've likewise make our LDAP server skip unknown controls, when marked
'not critical' on it's input, rather than just dropping the entire
request. I need some help to generate a correct error packet when it is
marked critical.
Further work could perhaps be to have the ldap_encode routine return a
textual description of what failed to encode, as that would have saved
me a lot of time...
Andrew Bartlett
(This used to be commit eef710668f)
was we were not checking the result of a convert_string() call, and it
was giving -1. We then passed -1 to fwrite() on stdout, which on aix
and macosx wrote all of available memory to stdout :)
To fix this, replace non-printing chars with ? in d_printf if the
string cannot be converted
(This used to be commit d20102d363)
few authentication tests. Now that the tests correctly 'fail', I was
able to fix the credentials subsystem to honour USER and PASSWD.
To get --machine-pass working, I needed ldb to always load it's static
modules, so I put this in ldb_connect().
Andrew Bartlett
(This used to be commit 3430d8c072)
current test makes no sense with the new test system. For example, it
does "mkdir bla" then "cd bla" then "cd ..", but it now does these as
separate smbclient commands, which makes no sense at all. It even
seems to try to run them in parallel???
The test fails (segfault, plus lots of errors), but gets reported as a
success
(This used to be commit 9e3bbdee50)
you do a tdb_set_max_dead(tdb, n), then for this tdb a delete operation will
only mark a record as dead and re-use it if a new record is created. The
parameter n allows for at most n dead records per hash chain. If this number
is exceeded, all dead records are put on the central freelist.
Volker
(This used to be commit 98a27ab28a)
Don't just exit the test with 'return True', actually process the result.
Turn off password complexity checking for the password length test.
Andrew Bartlett
(This used to be commit 1a7635baa7)
This changes the main selftest code to be in perl rather than in shell script.
The selftest script is now no longer a black box but a regular executable that takes
--help.
This adds the following features:
* "make test TESTS=foo" will run only the tests that match the regex "foo"
* ability to deal with expected failures. the suite will not warn about tests
that fail and are known to fail, but will warn about other failing tests and
tests that are succeeding tests but incorrectly marked as failing.
* ability to print a summary with all failures at the end of the run
It also opens up the way to the following features, which I hope to implement later:
* "environments", for example having a complete domains with DCs and domain members
in a testenvironment
* only set up smbd if necessary (not when running LOCAL tests, for example)
* different mktestsetup scripts per target. except for the mktestsetup script, we can
use the same infrastructure for samba 3 or windows.
(This used to be commit 38f867880b)
this incorrect argument.
This also fixes the server-side valgrind issue, but we need to chase
down the real issue.
Andrew Bartlett
(This used to be commit a0c78a75ac)
It's already been disabled for a while, as it required some compile flags that broke other things.
While this backend was an interesting proof-of-concept, this module doesn't really add any value.
It's not possible to map between windows registry and gconf semantics and I can't think of
any reason why you would want to do so.
(This used to be commit 02481df3e8)
Fedora DS CVS, plus changes to split up 00core.ldif.
Now we 'just' need to work to make the tests pass...
Andrew Bartlett
(This used to be commit d214cb1ccf)
assoc_groups are shared between idl-interfaces and connections.
But you can't close a samr policy handle on a lsa pipe.
add RPC-HANDLES-RANDOM-ASSOC test, which shows that
you can't bind with an invalid assoc_group_id
metze
(This used to be commit 26b0e03a77)
It's now possible to use "struct foo" without a typedef in IDL files.
echo_info4 is the first type that's been converted.
(This used to be commit 3ac68e858d)
are not shared between connections. It tests three types of policy
handles, on lsa, samr and drsuapi. You need to run on ncacn_ip_tcp
with seal for drsuapi.
Metze, can you have a look and see how this tallies with what you've
seen?
(This used to be commit c1f41ac045)
exit.
If we kill smbd right away, we can interrupt the gcov data file
writeout. Instead, we now wait up to 20 seconds for the process to
exit, before sending it a kill -9.
Andrew Bartlett
(This used to be commit c547bce3d3)
using the pattern in the clilsa code, it didn't fill in the p->binding
structure. This affects nearly all users of dcerpc_pipe_open_smb(), so
the simplest fix is to ensure that dcerpc_pipe_open_smb() initialises
the binding if its not already there.
- re-enable the RAW-ACLS test
(This used to be commit d8875c286d)
Stop passing the VM config file path to wintest_2k3_dc.sh on the command line as it is now properly passed through the environment.
Windows tests, including the DC tests found in test_w2k3.sh should work properly with 'make wintest' and a configured VMware environment.
These tests are executed on build-farm host bnhtest.
(This used to be commit 7496a28b43)
I'm only fixing the bug I introduced here,
not the rest of the mess in the pipe handling,
as we don't fill in pipe->binding and pipe->conn->binding_str
consistant...
metze
(This used to be commit cec74f3528)
generate a random buffer explicit to make valgrind happy
found by valgrind in the build-farm on fort, there are some more places
like this...
metze
(This used to be commit 2654f595ca)
- use the PFC_CONC_MPX flag for the 3rd connection
- to DsGetNCChanges requests on the 3rd connection with the bind handle
from the 2nd connection to match w2k3
metze
(This used to be commit 5071af332c)
also make it possible to pass and get the assoc_group_id for
a pipe.
also make it possible to pass the DCERPC_PFC_FLAG_CONC_MPX flag
in bind requests. From the spec it triggers support for
concurrent multiplexing on a single connection.
w2k3 uses the assoc_group_id feature when it becomes a domain controller
of an existing domain. Know the ugly part, with this it's possible to
use a policy handle from one connection on a different one...
typically the DsBind() call is on the 1st connection while DsGetNCChanges()
call using the first connections bind handle are on the 2nd connection.
The second connection also has the DCERPC_PFC_FLAG_CONC_MPX flag attached,
but that doesn't seem to be related to the cross connection handle usage
Can anyone think of a nice way to implement the assoc_group_id stuff in our server?
metze
(This used to be commit 2d8c85397d)
--option="become dc:smbtorture dc=mydcname"
--option="become dc:do not unjoin=yes"
joins as mydcname and creates mydcname_*.ldb files under lp_private_dir()
metze
(This used to be commit 22bc6d541e)
