IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
Add a test to check if a RPC handle can be used from a different connection
than the one where it was created, when the same association group is
requested in the bind operation of the second connection.
The association group handling is one of the differences between the S3
and S4 RPC server implementations provided by the implementation
callbacks after the merge.
Association groups work fine in the S4 implementation as the RPC server
runs in one process, except for the 'smbd' embedded services provided
by the S3 implementation like winreg (see lp_enforce_ad_dc_settings()).
In the S3 implementation, association groups should work in the same
process, but the merge introduced a bug where a new association group is
always created even when it already exists in the same process.
Signed-off-by: Samuel Cabrero <scabrero@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Add one use of popt_set_cmdline_credentials().
Fix 80 column limits when cmdline_credentials changes
to popt_get_cmdline_credentials().
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
This is consistent with the test names used by selftest, should
make the names less confusing and easier to integrate with other tools.
Autobuild-User: Jelmer Vernooij <jelmer@samba.org>
Autobuild-Date: Sat Dec 11 04:16:13 CET 2010 on sn-devel-104
The reason for this is that some systems include
<rpc/rpc.h> from within system headers. HP-UX 11.00
does so somewhere deep inside of <shadow.h>.
For torture/winbind/struct_based.c <rpc/rpc.h> resolves
to torture/rpc/rpc.h and breaks the build.
metze
There are still a few tidyups of old FSF addresses to come (in both s3
and s4). More commits soon.
(This used to be commit fcf38a38ac691abd0fa51b89dc951a08e89fdafa)
against W2k3, but they are designed to walk existing Samba3 code paths. It
might be possible that I add something like that to other subdirs like raw/.
RPC-BINDSAMBA3 excercises the bind variants that samba3 supports right now.
RPC-NETLOGSAMBA3 does a samba3 style join, does some schannel-protected
netlogon operations and leaves again. Samba3 right now does not survive this,
I'm about to fix it soon. I'll also post a *VERY* dirty hack (fake users in
sys_getpwnam()) to be able to run this in the build farm.
Volker
(This used to be commit 60b45bf8b6d0d2bb216e319891d50d0e07ab3010)
around the mess that is composite functions...
Async might be all the rage, but it's bloody painful to debug.
Andrew Bartlett
(This used to be commit 756e1dad7ce54b83f8170db3434bfcfc4afe7e65)
This support requires that the bind_ack and alter_ack recv functions
also be send the DCE/RPC fault. This would be best done by having the
ack run as a normal RPC reply callback, but this isn't easily possible
for now.
Andrew Bartlett
(This used to be commit be6dde22fe728d64d47875699d3421c6d8d872a4)
this isn't supported, fallback to NTLM.
Also, where we get a failure as 'logon failure', try and do a '3
tries' for the password, like we already do for CIFS. (Incomplete:
needs a mapping between RPC errors and the logon failure NTSTATUS).
Because we don't yet support Kerberos sign/seal to win2k3 SP1 for
DCE/RPC, disable this (causing SPNEGO to negotiate NTLM) when kerberos
isn't demanded.
Andrew Bartlett
(This used to be commit b3212d1fb91b26c1d326a289560106dffe1d2e80)
dcerpc_interface_table struct rather then a tuple of interface
name, UUID and version.
This removes the requirement for having a global list of DCE/RPC interfaces,
except for these parts of the code that use that list explicitly
(ndrdump and the scanner torture test).
This should also allow us to remove the hack that put the authservice parameter
in the dcerpc_binding struct as it can now be read directly from
dcerpc_interface_table.
I will now modify some of these functions to take a dcerpc_syntax_id
structure rather then a full dcerpc_interface_table.
(This used to be commit 8aae0f168e54c01d0866ad6e0da141dbd828574f)
The main volume of this patch was what I started working on today:
- Cleans up memory handling around DCE/RPC pipes, to have a parent talloc context.
- Uses sepereate inner loops for some of the DCE/RPC tests
The other and more important part of this patch fixes issues
surrounding the new credentials framwork:
This makes the struct cli_credentials always a talloc() structure,
rather than on the stack. Parts of the cli_credentials code already
assumed this.
There were other issues, particularly in the DCERPC over SMB handling,
as well as little things that had to be tidied up before test_w2k3.sh
would start to pass.
Andrew Bartlett
(This used to be commit 0453f9d05d2e336fba1f85dbf2718d01fa2bf778)
- gtk+ (returned by GtkHostBindingDialog as well now)
- torture/
- librpc/
- lib/com/dcom/
(This used to be commit ccefd782335e01e8e6ecb2bcd28a4f999c53b1a6)
I wanted to add a simple 'workstation' argument to the DCERPC
authenticated binding calls, but this patch kind of grew from there.
With SCHANNEL, the 'workstation' name (the netbios name of the client)
matters, as this is what ties the session between the NETLOGON ops and
the SCHANNEL bind. This changes a lot of files, and these will again
be changed when jelmer does the credentials work.
I also correct some schannel IDL to distinguish between workstation
names and account names. The distinction matters for domain trust
accounts.
Issues in handling this (issues with lifetime of talloc pointers)
caused me to change the 'creds_CredentialsState' and 'struct
dcerpc_binding' pointers to always be talloc()ed pointers.
In the schannel DB, we now store both the domain and computername, and
query on both. This should ensure we fault correctly when the domain
is specified incorrectly in the SCHANNEL bind.
In the RPC-SCHANNEL test, I finally fixed a bug that vl pointed out,
where the comment claimed we re-used a connection, but in fact we made
a new connection.
This was achived by breaking apart some of the
dcerpc_secondary_connection() logic.
The addition of workstation handling was also propogated to NTLMSSP
and GENSEC, for completeness.
The RPC-SAMSYNC test has been cleaned up a little, using a loop over
usernames/passwords rather than manually expanded tests. This will be
expanded further (the code in #if 0 in this patch) to use a newly
created user account for testing.
In making this test pass test_rpc.sh, I found a bug in the RPC-ECHO
server, caused by the removal of [ref] and the assoicated pointer from
the IDL. This has been re-added, until the underlying pidl issues are
solved.
(This used to be commit 824289dcc20908ddec957a4a892a103eec2da9b9)
so we can specify allowed target service names in the idl file
the default is "host"
metze
(This used to be commit bf40d5321f3257bf9354a42d31265f1a9b0d53ad)
token in the client (the final token in the negotiation).
Consequential fixes in the SPNEGO code, which now uses the out.length
as the indicator of 'I need to send something to the other side'.
Merge the NTLM and SPNEGO DCE-RPC authentication routines in the client.
Fix the RPC-MULTIBIND test consequent to this merge.
Andrew Bartlett
(This used to be commit 43e3516fc03008e97ebb4ad1a0cde464303f43c6)
The thing that finally convinced me that minimal includes was worth
pursuing for rpc was a compiler (tcc) that failed to build Samba due
to reaching internal limits of the size of include files. Also the
fact that includes.h.gch was 16MB, which really seems excessive. This
patch brings it back to 12M, which is still too large, but
better. Note that this patch speeds up compile times for both the pch
and non-pch case.
This change also includes the addition iof a "depends()" option in our
IDL files, allowing you to specify that one IDL file depends on
another. This capability was needed for the auto-includes generation.
(This used to be commit b8f5fa8ac8e8725f3d321004f0aedf4246fc6b49)
this means -U DOM\\user is know allowed
- torture:userdomain is a new smb.conf parameter
because lp_workgroup is not the domain of the user
- we use torture:userdomain now in the tests instad of lp_workgroup
- for backward compat the userdomain is lp_workgroup() by default and
not lp_netbios_name(), which my change later to match 'net' and 'smbclient'..
- we now have dublicate options e.g. -N -s ...
tridge: can we change this?
metze
(This used to be commit 4733dcbf5f17422a8a4c9f99664270b3aa66c586)
