Andrew Tridgell [Wed, 15 Feb 2006 04:18:11 +0000 (04:18 +0000)]
r13505: allow servers to bind to non-broadcast interfaces. Servers now
specifically ask for iface_n_bcast() and have to check if it returns
NULL, in which case it is a non-broadcast interface
Andrew Tridgell [Wed, 15 Feb 2006 02:56:31 +0000 (02:56 +0000)]
r13504: add back in a comment noting fred as the contributor of the address
calculation code. This was originally done in 1997, and has been
morphed a lot since then, but fred should still get credit
Andrew Bartlett [Mon, 13 Feb 2006 00:08:16 +0000 (00:08 +0000)]
r13481: As far as I can tell, my changes in -r 12863 were dangerously untested.
We do need the gsskrb5_get_initiator_subkey() routine. But we should
ensure that we do always get a valid key, to prevent any segfaults.
Without this code, we get a different session key compared with
Win2k3, and so kerberised smb signing fails.
Andrew Bartlett
Andrew Bartlett [Mon, 13 Feb 2006 00:04:28 +0000 (00:04 +0000)]
r13480: Explain a little about how these credentials structures should be used.
Andrew Bartlett
Andrew Bartlett [Mon, 13 Feb 2006 00:02:31 +0000 (00:02 +0000)]
r13479: Return the joined domain SID and user SID as structures, not strings.
Andrew Bartlett
Andrew Bartlett [Sun, 12 Feb 2006 14:19:31 +0000 (14:19 +0000)]
r13472: After Volker's advise, try every combination of parameters. This
isn't every parameter on NTLMSSP, but it is most of the important
ones.
This showed up that we had the '128bit && LM_KEY' case messed up.
This isn't supported, so we must look instead at the 56 bit flag.
Andrew Bartlett
Andrew Bartlett [Sun, 12 Feb 2006 13:53:42 +0000 (13:53 +0000)]
r13471: With more 'try all options' testing, I found this 'simple' but in the
NTLM2 signing code.
Andrew Bartlett
Andrew Bartlett [Sun, 12 Feb 2006 12:42:37 +0000 (12:42 +0000)]
r13470: Thanks to a report from VL:
We were causing mayhem by weakening the keys at the wrong point in time.
I think this is the correct place to do it. The session key for SMB
signing, and the 'smb session key' (used for encrypting password sets)
is never weakened.
The session key used for bulk data encryption/signing is weakened.
This also makes more sense, when we look at the NTLM2 code.
Andrew Bartlett
Andrew Bartlett [Sun, 12 Feb 2006 12:06:08 +0000 (12:06 +0000)]
r13467: Add new parametric options (for testing) controlling LM_KEY and 56-bit
encryption behaviour.
Andrew Bartlett
Andrew Bartlett [Sun, 12 Feb 2006 12:04:41 +0000 (12:04 +0000)]
r13466: Make it easier to understand what this function actually does.
Andrew Bartlett
Andrew Bartlett [Thu, 9 Feb 2006 03:06:02 +0000 (03:06 +0000)]
r13405: Allow a fallback if SPNEGO is somehow disabled in the client, to just NTLMSSP.
Andrew Bartlett
Andrew Bartlett [Thu, 9 Feb 2006 03:05:22 +0000 (03:05 +0000)]
r13404: Comments, whitespace.
Andrew Bartlett
Andrew Bartlett [Thu, 9 Feb 2006 03:04:48 +0000 (03:04 +0000)]
r13403: Try to better handle a case where SPNEGO isn't available (allow us to
emulate the behaviour of XP standalone if required).
Andrew Bartlett
Andrew Bartlett [Thu, 9 Feb 2006 02:30:43 +0000 (02:30 +0000)]
r13402: Make Samba4 pass a nastier RPC-SCHANNEL test.
The new RPC-SCHANNEL test shows that the full credentials state must
be kept in some shared memory, for some length of time. In
particular, clients will reconnect with SCHANNEL (after loosing all
connections) and expect that the credentials chain will remain in the
same place.
To achive this, we do the server-side crypto in a transaction,
including the fetch/store of the shared state.
Andrew Bartlett
Andrew Tridgell [Thu, 9 Feb 2006 00:50:48 +0000 (00:50 +0000)]
r13401: remove the rename of the snprintf functions that simo accidentially
included in his last commit
James Peach [Thu, 9 Feb 2006 00:49:03 +0000 (00:49 +0000)]
r13400: Only return NULL from talloc_asprintf if vsnprintf returns an
error (ie. zero is not an error).
James Peach [Wed, 8 Feb 2006 23:44:17 +0000 (23:44 +0000)]
r13397: Propagate the error return from vsnprintf to trap the case where
we aren't linked against a C99 vsnprintf.
James Peach [Wed, 8 Feb 2006 05:14:48 +0000 (05:14 +0000)]
r13388: Report a more helpful error with malformed file options of
the form //server/share (ie. remote path missing).
James Peach [Wed, 8 Feb 2006 05:13:11 +0000 (05:13 +0000)]
r13387: Make sure smbcli_parse_unc reports a failure for strings of
the form //server. Make sure failure cases are well-defined.
Andrew Bartlett [Tue, 7 Feb 2006 23:49:35 +0000 (23:49 +0000)]
r13381: Test the SamLogonEx SamLogon call in the schannel test. This is only
available under schannel, and performs a netlogon authentication.
Andrew Bartlett
Andrew Bartlett [Tue, 7 Feb 2006 23:30:50 +0000 (23:30 +0000)]
r13380: Drop the socket, then try SAMR operations secured with netlogon on the new socket.
We should also test netlogon operations, but there are issues with
what state is expected to be stored (far more than we currently do).
Andrew Bartlett
Simo Sorce [Tue, 7 Feb 2006 00:50:38 +0000 (00:50 +0000)]
r13374: new revision of the snprintf replace code
still missing a configure test to make us
substitute our snprintf to system one when
the system one does not have positional parameters support
James Peach [Mon, 6 Feb 2006 23:01:17 +0000 (23:01 +0000)]
r13373: Implement the -p option for smbtorture.
Simo Sorce [Mon, 6 Feb 2006 22:55:34 +0000 (22:55 +0000)]
r13372: fixes ... still no joy
Jeremy Allison [Mon, 6 Feb 2006 19:43:24 +0000 (19:43 +0000)]
r13370: Added deltest21 - pull the rug out from a connection by socket
close after setting delete on close flag.
Jeremy.
Simo Sorce [Mon, 6 Feb 2006 18:29:57 +0000 (18:29 +0000)]
r13369: let's have a way to show the samba4 version through ejs
and use it in provisioning to fullfill rfc 3045 requirements
James Peach [Mon, 6 Feb 2006 04:06:55 +0000 (04:06 +0000)]
r13362: Rename variables for better consistency.
Simo Sorce [Mon, 6 Feb 2006 01:21:17 +0000 (01:21 +0000)]
r13361: initial implementation of the vlv control
seem still buggy, can't make w2k3 to like it yet
Simo Sorce [Mon, 6 Feb 2006 00:39:05 +0000 (00:39 +0000)]
r13360: Fix crash bug when 0 results are returned on the internal base search
Stefan Metzmacher [Mon, 6 Feb 2006 00:27:02 +0000 (00:27 +0000)]
r13359: make sure we don't look at s[-1]
metze
Andrew Tridgell [Sun, 5 Feb 2006 23:13:44 +0000 (23:13 +0000)]
r13358: removed some unused functions and make some local functions static
Simo Sorce [Sun, 5 Feb 2006 21:59:50 +0000 (21:59 +0000)]
r13357: more docs
Simo Sorce [Sun, 5 Feb 2006 21:25:18 +0000 (21:25 +0000)]
r13356: test utf8 usernames
Simo Sorce [Sun, 5 Feb 2006 20:57:15 +0000 (20:57 +0000)]
r13355: check controls are correctly exported
Simo Sorce [Sun, 5 Feb 2006 20:48:27 +0000 (20:48 +0000)]
r13354: Add tests to check that controls work properly
Fix asq module, add a second_stage_init to register with rootdse
Fix asq control ldap parsing routines (this was nasty to find out)
Simo Sorce [Sun, 5 Feb 2006 18:18:29 +0000 (18:18 +0000)]
r13353: Fix a crash bug in rootdse when we do not pass in credentials
a plain ldbsearch would just crash
Fix kludge_acl, not passing on the second stage registration
phase to other modules
Simo
Simo Sorce [Sun, 5 Feb 2006 17:28:27 +0000 (17:28 +0000)]
r13352: Integrate Patch to support the ManageDSAIT control
from Pete Rowley <prowley@redhat.com>
Simo Sorce [Sat, 4 Feb 2006 18:30:30 +0000 (18:30 +0000)]
r13349: In the end I could not use ldb_caseless_cmp
in attrib_handler.c functions
remove it again
Simo
Simo Sorce [Sat, 4 Feb 2006 16:46:40 +0000 (16:46 +0000)]
r13348: Put a reminder for now.
Until we do not have an internal utf8 compliant
casefloding function we cannot pass this test
in the non-samba build
Simo Sorce [Sat, 4 Feb 2006 16:44:27 +0000 (16:44 +0000)]
r13347: - Now we compare values with an optimized utf8
safe function if the user provides an utf8
compliant casefold function to ldb.
- Fix toupper_m and tolower_m to not crash if
the case tables are not found
- Let load_case_table() search into the correct
directory in the search tree for the case
tables so that we can test utf8
Simo
Stefan Metzmacher [Sat, 4 Feb 2006 14:08:24 +0000 (14:08 +0000)]
r13346: use private proto header files for the torture tests
metze
Stefan Metzmacher [Sat, 4 Feb 2006 13:54:30 +0000 (13:54 +0000)]
r13345: let us replicate with NT4sp6a
I don't yet know what the extra data in the start_association call mean...
This also let w2k use WREPL_REPL_INFORM messages to us, but w2k3 doesn't
it do it yet...
metze
Andrew Bartlett [Sat, 4 Feb 2006 11:19:09 +0000 (11:19 +0000)]
r13344: Trust SASL to have subtle distinctions between NULL and zero-length
responses...
Also trust OpenLDAP to be pedantic about it, breaking connections to AD.
In any case, we now get this 'right' (by nasty overloading hacks, but
hey), and we can now use system-supplied OpenLDAP libs and SASL/GSSAPI
to talk to Samba4.
Andrew Bartlett
Andrew Bartlett [Sat, 4 Feb 2006 09:53:50 +0000 (09:53 +0000)]
r13342: Make the GSSAPI SASL mech actually work, by (shock horror) reading the spec.
GSSAPI differs from GSS-SPNEGO in an additional 3 packets, negotiating
a buffer size and what integrity protection/privacy should be used.
I worked off draft-ietf-sasl-gssapi-03, and this works against Win2k3.
I'm doing this in the hope that Apple clients as well as SASL-based
LDAP tools may get a bit further.
I still can't get ldapsearch to work, it fails with the ever-helpful
'Local error'.
Andrew Bartlett
Andrew Bartlett [Sat, 4 Feb 2006 09:50:02 +0000 (09:50 +0000)]
r13341: Trivial.
Andrew Bartlett [Sat, 4 Feb 2006 09:49:33 +0000 (09:49 +0000)]
r13340: The gensec_init() needs to be after the popt processing, as it
disables modules based on parametric options.
Andrew Bartlett
Andrew Bartlett [Sat, 4 Feb 2006 09:48:22 +0000 (09:48 +0000)]
r13339: Propogate more error infomation into the error packet and reformat the
code a little. This also fixes a segfault when we didn't fill in the
error message.
Andrew Bartlett
Simo Sorce [Sat, 4 Feb 2006 08:55:35 +0000 (08:55 +0000)]
r13336: Doh! We actually never optimized for the ascii case.
In the 3.0 branches it is fixed this but we missed it for samba4
Simo Sorce [Sat, 4 Feb 2006 07:57:57 +0000 (07:57 +0000)]
r13335: Fix the build and add an utf8 safe ldb_hadler_fold function
based on ldb_casefold
Andrew Bartlett [Sat, 4 Feb 2006 07:56:30 +0000 (07:56 +0000)]
r13334: Add comments describing what these functions do.
We still need many more, but it is a start...
Andrew Bartlett
Simo Sorce [Sat, 4 Feb 2006 06:57:28 +0000 (06:57 +0000)]
r13333: revert previous commit I will use ldb_caseless_cmp in attrib_handlers
to correctly support utf8 comparisons
add an ldb_attr_Casefold function for attribute names and use it
instead of casefold in the right places
Simo Sorce [Sat, 4 Feb 2006 05:59:48 +0000 (05:59 +0000)]
r13328: After the attribute name check cleanup it turned up ldb_caseless_cmp()
was used just in one places and by mistake, as there we should have
been using ldb_attr_cmp()
Remove ldb_caseless_cmp() ... going on with the cleanup and utf8 compliance
effort.
Simo.
Simo Sorce [Sat, 4 Feb 2006 01:27:47 +0000 (01:27 +0000)]
r13325: let samba register it's own utf8 aware functions in ldb
Simo Sorce [Sat, 4 Feb 2006 00:38:48 +0000 (00:38 +0000)]
r13324: From now on check attribute names obey rfc2251
Also add a way to provide utf8 compliant functions
by registering them with ldb_set_utf8_fns()
Next comes code to register samba internal utf8 functions.
Simo.
Andrew Bartlett [Fri, 3 Feb 2006 23:19:00 +0000 (23:19 +0000)]
r13321: Bind to each interface and to the 0.0.0.0 interface on the KDC. This
was pointed out by Maurice Massar. It ensures we get the addresses
for the krb5_mk_priv() correct (otherwise an MIT kpasswdd fails over
localhost).
Also never run the KDC unless we are a DC.
Andrew Bartlett
Andrew Bartlett [Fri, 3 Feb 2006 23:07:58 +0000 (23:07 +0000)]
r13320: Fix kpasswd's use of the local HDB. /dev/null was a bad idea, we want
'no filename' instead.
Andrew Bartlett
Andrew Bartlett [Fri, 3 Feb 2006 22:30:30 +0000 (22:30 +0000)]
r13317: Create a new function messaging_client_init() which can be used when
we don't have a server messaging context. We should replace the
datagram messages with stream sockets in this case, so we don't have
to create a unique socket.
Andrew Bartlett
Simo Sorce [Fri, 3 Feb 2006 15:58:41 +0000 (15:58 +0000)]
r13307: docs
Jeremy Allison [Fri, 3 Feb 2006 02:07:22 +0000 (02:07 +0000)]
r13297: It's a good thing the shipment of function headers tridge
sent me arrived on time... :-).
Refactor this code to make it comprehensible. Tested
against W2K3 SP 1 and W2K SP 4. Test 19 is different
from what I thought. Turns out delete on close on
"open" of a directory (not create) does have an
effect - even if not reported in the flag bit.
trige please test against Vista (my XP box is
refusing to serve at the moment - have to reinstall).
Jeremy.
Simo Sorce [Wed, 1 Feb 2006 20:48:05 +0000 (20:48 +0000)]
r13289: Check the tree is not NULL
Thanks to Aaron J. Seigo <aseigo@kde.org> for spotting this
Andrew Tridgell [Wed, 1 Feb 2006 10:50:26 +0000 (10:50 +0000)]
r13283: added two optimisations to the tdb transactions code. The first is to
more agressively coalesce entries in the linked list of the undo
log. The second is to ensure that writes during a transaction into the
hash table don't cause the size of the undo log linked list to grow.
These optimisations don't affect Samba much, but they make a huge
difference to the use of ldb in kde
Andrew Bartlett [Wed, 1 Feb 2006 10:04:55 +0000 (10:04 +0000)]
r13282: Indentation, and ensure we handle the talloc_free in the right place
all the time.
Andrew Bartlett
Andrew Bartlett [Wed, 1 Feb 2006 10:04:11 +0000 (10:04 +0000)]
r13281: Use TALLOC_CTX * not a void *, and use tmp_ctx as the name for consistancy.
(I was chasing ghosts in this code, and decided to do a cleanup while
I was there).
Andrew Bartlett
James Peach [Wed, 1 Feb 2006 06:05:08 +0000 (06:05 +0000)]
r13280: Tidy up formatting.
Andrew Tridgell [Wed, 1 Feb 2006 05:24:19 +0000 (05:24 +0000)]
r13278: remove a silly strcasecmp() replacement
Andrew Tridgell [Wed, 1 Feb 2006 05:22:44 +0000 (05:22 +0000)]
r13277: print a useful error message when test 17 fails
Andrew Tridgell [Wed, 1 Feb 2006 05:20:54 +0000 (05:20 +0000)]
r13276: start to work towards the BASE-DELETE test passing. This change
ensures that we give the right error code to opens that are denied due
to the file having delete pending set
Jeremy Allison [Wed, 1 Feb 2006 04:41:54 +0000 (04:41 +0000)]
r13275: With a liberal sprinkling of smb_raw_exit this
now passes for me for W2K and W2K3... booting the XP
box to test it...
Jeremy.
Jeremy Allison [Wed, 1 Feb 2006 04:09:02 +0000 (04:09 +0000)]
r13272: Re-arrange so all the normal tests we can pass come first.
Jeremy.
Jeremy Allison [Wed, 1 Feb 2006 03:36:04 +0000 (03:36 +0000)]
r13271: Do the same tests with directories.
Jeremy.
Jeremy Allison [Wed, 1 Feb 2006 02:30:57 +0000 (02:30 +0000)]
r13270: Add tests for even more insane delete-on-close semantics.
Jeremy.
Andrew Bartlett [Wed, 1 Feb 2006 01:38:39 +0000 (01:38 +0000)]
r13269: ${prefix} is a special case in the autoconf/build system, and should
be escaped as \${prefix}, otherwise it evaluates too early as "NONE".
Andrew Bartlett
Andrew Tridgell [Tue, 31 Jan 2006 23:37:56 +0000 (23:37 +0000)]
r13268: fixed typo noticed by Aaron Seigo
Andrew Bartlett [Tue, 31 Jan 2006 22:58:50 +0000 (22:58 +0000)]
r13265: Clarify how delegation works with the remote RPC backend.
Andrew Bartlett
James Peach [Tue, 31 Jan 2006 22:41:53 +0000 (22:41 +0000)]
r13264: Move declaration before code.
James Peach [Tue, 31 Jan 2006 21:56:12 +0000 (21:56 +0000)]
r13263: Check whether open(2) will accept the O_DIRECT flag. This should fix the
build on NetBSD.
Andrew Bartlett [Tue, 31 Jan 2006 11:16:43 +0000 (11:16 +0000)]
r13258: Fix the talloc heirachy for ldb_tdb.
In the return value res->msgs, msgs was not a child of res, in the
indexed path. Instead, it hung directly off the ldb, which was
sometimes a long-term context.
Also remove unused parameters.
Found by --leak-report-full
Andrew Bartlett
Andrew Bartlett [Tue, 31 Jan 2006 10:03:44 +0000 (10:03 +0000)]
r13256: Free temporary memory on error cases, and try to clean up what's left
earlier.
Move gendb_search() to use talloc_vasprintf() and steal only the parts
actually being used for the results.
Andrew Bartlett
James Peach [Tue, 31 Jan 2006 06:09:18 +0000 (06:09 +0000)]
r13255: New CIFS dd client for use in performance testing. The guts of this is
in client/cifsdd*, which implements a minimal implementation of dd. The
IO path is careful to always perform IO at the requested block size.
There is a very basic test suite in script/tests/test_cifsdd.sh which
covers local and remote IO at a variety of block sizes.
Added to lib/util_str.c is a small set of conv_str_*() functions to
convert strings to the corresponding type.
smbcli_parse_unc is modified to insert NULL terminators after its
hostname and sharename parameters. This allows it to correctly parse a
path of the form //foo/share/path/file.
Andrew Bartlett [Tue, 31 Jan 2006 03:20:18 +0000 (03:20 +0000)]
r13253: More work to ensure that we don't keep data on long-term contexts.
Andrew Bartlett
Andrew Bartlett [Tue, 31 Jan 2006 03:15:16 +0000 (03:15 +0000)]
r13252: Cleanup, both in code, comments and talloc use:
In particular, I've used the --leak-report-full option to smbd to
track down memory that shouldn't be on a long-term context. This is
now talloc_free()ed much earlier.
Andrew Bartlett
Andrew Bartlett [Tue, 31 Jan 2006 02:01:52 +0000 (02:01 +0000)]
r13250: I missed a couple of talloc_free()'s
Andrew Bartlett
James Peach [Tue, 31 Jan 2006 01:53:21 +0000 (01:53 +0000)]
r13249: Check for alloca.h. popt needs this.
James Peach [Tue, 31 Jan 2006 01:51:31 +0000 (01:51 +0000)]
r13248: Revert revision 13071. It turns out that sys/param.h can be implicitly
included from other headers. In this case, undeffing MIN and MAX is a
really bad idea because the subsequent include of sys/param.h will do
nothing because of its include guards.
Andrew Bartlett [Tue, 31 Jan 2006 01:50:54 +0000 (01:50 +0000)]
r13247: Try to make better use of talloc in the auth/ and auth/gensec code.
We don't want temporary memory hanging around on the long-term
contexts.
Andrew Bartlett
Andrew Bartlett [Tue, 31 Jan 2006 01:49:56 +0000 (01:49 +0000)]
r13246: Print winbindd pipe location correctly.
Andrew Bartlett
Andrew Bartlett [Tue, 31 Jan 2006 01:48:07 +0000 (01:48 +0000)]
r13245: Don't segfault if we don't have a credentials structure on this gensec
context.
Andrew Bartlett
Andrew Bartlett [Tue, 31 Jan 2006 00:48:57 +0000 (00:48 +0000)]
r13244: Allow control of the location of the Samba3-compatible winbindd pipe
in Samba4. This allows us to start winbindd by default, including in
'make test'.
This is via a new 'winbindd socket directory' parameter for utilities
linked against loadparm, as well as a --with-winbindd-socket-dir
option to configure (setting the default and the value for simple
clients).
I hope to add basic winbindd tests, to ensure continued correct
operation, but at least now I don't have to manually change my 'server
services' line.
The other problem with the hard-coded /tmp/.winbind is that RedHat has
moved this in Fedora (to /var/run I think). For this reason, this
functionality should probably be ported to Samba3 as well.
The default for Samba4 is PREFIX/var/run/winbind_pipe.
I have also re-added the paranoia checks from Samba3 for correct
permissions on the socket directory.
Andrew Bartlett
James Peach [Tue, 31 Jan 2006 00:00:10 +0000 (00:00 +0000)]
r13243: Bring __FUNCTION__ checks across from Samba 3.
James Peach [Mon, 30 Jan 2006 23:43:17 +0000 (23:43 +0000)]
r13242: cc-1009 cc: WARNING File = librpc/idl/nbt.idl, Line = 579
cc-1009 cc: WARNING File = librpc/idl/nbt.idl, Line = 580
A "/*" appears inside a comment.
James Peach [Mon, 30 Jan 2006 23:09:21 +0000 (23:09 +0000)]
r13241: Work around missing AS_HELP_STRING definition in autoconf 2.57. Fix
from Brad Hards <bradh@frogmouth.net>.
Andrew Bartlett [Mon, 30 Jan 2006 22:23:17 +0000 (22:23 +0000)]
r13240: Make the test scripts use the new smb.conf location (in PREFIX/etc).
Andrew Bartlett
Andrew Bartlett [Mon, 30 Jan 2006 22:22:37 +0000 (22:22 +0000)]
r13239: Silly little patch: make the order of declaration match the order of use.
Stefan Metzmacher [Mon, 30 Jan 2006 08:12:35 +0000 (08:12 +0000)]
r13228: revert more stuff from 13208
metze
Stefan Metzmacher [Mon, 30 Jan 2006 07:59:53 +0000 (07:59 +0000)]
r13227: revert some more stuff from 13208
metze
Stefan Metzmacher [Mon, 30 Jan 2006 07:58:45 +0000 (07:58 +0000)]
r13226: remove empty file
metze>
James Peach [Mon, 30 Jan 2006 05:24:59 +0000 (05:24 +0000)]
r13225: Enable full compiler warnings for developer mode on IRIX.
Jelmer Vernooij [Sat, 28 Jan 2006 20:08:03 +0000 (20:08 +0000)]
r13210: Revert my named pipes patch until it passes not just 'make quicktest' but
also 'make test'
Jelmer Vernooij [Sat, 28 Jan 2006 12:58:38 +0000 (12:58 +0000)]
r13208: Clearly separate named pipes from the IPC$ NTVFS type.
This allows the easy addition of additional named pipes and removes the
circular dependencies between the CIFS, RPC and RAP servers.
Simple tests for a custom named pipe included.
Andrew Bartlett [Sat, 28 Jan 2006 12:19:20 +0000 (12:19 +0000)]
r13207: Use the new API for using/not using kerbeors in hdb-ldb.c
Update the rootdse module to use the new schema.
Andrew Bartlett