[SCM] Samba Shared Repository - branch master updated
Andrew Bartlett
abartlet at samba.org
Thu Feb 18 22:34:00 MST 2010
The branch, master has been updated
via 809dd8c... s4:selftest Add test for the RPC proxy
via a8b2088... s4:selftest Add infrastructure for testing against an RPC proxy
via e4523e3... misc.idl: Add reference to the slightly odd representation of if_version
via 10fed05... s4:rpc_server Record the remote connections association group ID
from af4a7c0... s4:winbind Make the 'no SID found' message even more detailed
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit 809dd8c4137e8dcb52613067fea49357b71355fa
Author: Andrew Bartlett <abartlet at samba.org>
Date: Fri Feb 19 15:57:59 2010 +1100
s4:selftest Add test for the RPC proxy
commit a8b2088a0eb6cd5b8f9a7fba276ca31418a7989a
Author: Andrew Bartlett <abartlet at samba.org>
Date: Fri Feb 19 15:56:30 2010 +1100
s4:selftest Add infrastructure for testing against an RPC proxy
This also changes the 'testenv' code to use a new environment 'all'
(we may wish to make other complex tests depend on this in future),
and exports more names in more namespaces.
Andrew Bartlett
commit e4523e3c8f68752da65bedd3c1559c78b3be67a2
Author: Andrew Bartlett <abartlet at samba.org>
Date: Fri Feb 19 15:55:28 2010 +1100
misc.idl: Add reference to the slightly odd representation of if_version
I found this confusing, so explian for the next poor programmer who
has to get up to speed with this quickly.
Andrew Bartlett
commit 10fed057cde7649b8fc8ee6611ea588a471c2483
Author: Andrew Bartlett <abartlet at samba.org>
Date: Fri Feb 19 15:53:31 2010 +1100
s4:rpc_server Record the remote connections association group ID
By recording the association group the remote server assigned to our
proxied RPC connection, we can ensure we use the same value when the
client wishes to use it.
This isn't stored in a private pointer, as mapiproxy will want to use
this feature too.
Andrew Bartlett
-----------------------------------------------------------------------
Summary of changes:
librpc/idl/misc.idl | 3 +
selftest/selftest.pl | 14 +++-
selftest/target/Samba4.pm | 114 ++++++++++++++++++++++++++---
source4/rpc_server/dcerpc_server.h | 3 +
source4/rpc_server/remote/dcesrv_remote.c | 42 +++++++++--
source4/selftest/tests.sh | 3 +
6 files changed, 162 insertions(+), 17 deletions(-)
Changeset truncated at 500 lines:
diff --git a/librpc/idl/misc.idl b/librpc/idl/misc.idl
index adaac9a..a60d30b 100644
--- a/librpc/idl/misc.idl
+++ b/librpc/idl/misc.idl
@@ -21,6 +21,9 @@ interface misc
typedef [public] struct {
GUID uuid;
+ /* The major version is encoded in the 16 least significant bits,
+ the minor in the 16 most significant bits.
+ http://www.opengroup.org/onlinepubs/9629399/chap12.htm */
uint32 if_version;
} ndr_syntax_id;
diff --git a/selftest/selftest.pl b/selftest/selftest.pl
index ba66049..ea09c26 100755
--- a/selftest/selftest.pl
+++ b/selftest/selftest.pl
@@ -457,7 +457,7 @@ my $target;
my $testenv_default = "none";
if ($opt_target eq "samba4") {
- $testenv_default = "member";
+ $testenv_default = "all";
require target::Samba4;
$target = new Samba4($bindir, $ldap, "$srcdir/setup", $exeext);
} elsif ($opt_target eq "samba3") {
@@ -729,6 +729,18 @@ my @exported_envvars = (
"DC_NETBIOSNAME",
"DC_NETBIOSALIAS",
+ # domain controller stuff
+ "MEMBER_SERVER",
+ "MEMBER_SERVER_IP",
+ "MEMBER_NETBIOSNAME",
+ "MEMBER_NETBIOSALIAS",
+
+ # domain controller stuff
+ "RPC_PROXY_SERVER",
+ "RPC_PROXY_SERVER_IP",
+ "RPC_PROXY_NETBIOSNAME",
+ "RPC_PROXY_NETBIOSALIAS",
+
# server stuff
"SERVER",
"SERVER_IP",
diff --git a/selftest/target/Samba4.pm b/selftest/target/Samba4.pm
index b3f1e58..c1d6bec 100644
--- a/selftest/target/Samba4.pm
+++ b/selftest/target/Samba4.pm
@@ -715,7 +715,7 @@ sub provision_raw_step2($$$)
sub provision($$$$$$$)
{
- my ($self, $prefix, $server_role, $netbiosname, $netbiosalias, $swiface, $password, $kdc_ipv4) = @_;
+ my ($self, $prefix, $server_role, $netbiosname, $netbiosalias, $swiface, $password, $kdc_ipv4, $extra_smbconf_options) = @_;
my $ctx = $self->provision_raw_prepare($prefix, $server_role,
$netbiosname, $netbiosalias,
@@ -730,6 +730,7 @@ sub provision($$$$$$$)
max xmit = 32K
server max protocol = SMB2
+ $extra_smbconf_options
[tmp]
path = $ctx->{tmpdir}
@@ -825,7 +826,8 @@ sub provision_member($$$)
"localmember",
3,
"localmemberpass",
- $dcvars->{SERVER_IP});
+ $dcvars->{SERVER_IP},
+ "");
$ret or die("Unable to provision");
@@ -834,16 +836,63 @@ sub provision_member($$$)
$cmd .= "SOCKET_WRAPPER_DEFAULT_IFACE=\"$ret->{SOCKET_WRAPPER_DEFAULT_IFACE}\" ";
$cmd .= "KRB5_CONFIG=\"$ret->{KRB5_CONFIG}\" ";
$cmd .= "$net join $ret->{CONFIGURATION} $dcvars->{DOMAIN} member";
- $cmd .= " -U$dcvars->{USERNAME}\%$dcvars->{PASSWORD}";
+ $cmd .= " -U$dcvars->{DC_USERNAME}\%$dcvars->{DC_PASSWORD}";
system($cmd) == 0 or die("Join failed\n$cmd");
- $ret->{DC_SERVER} = $dcvars->{SERVER};
- $ret->{DC_SERVER_IP} = $dcvars->{SERVER_IP};
- $ret->{DC_NETBIOSNAME} = $dcvars->{NETBIOSNAME};
- $ret->{DC_NETBIOSALIAS} = $dcvars->{NETBIOSALIAS};
- $ret->{DC_USERNAME} = $dcvars->{USERNAME};
- $ret->{DC_PASSWORD} = $dcvars->{PASSWORD};
+ $ret->{MEMBER_SERVER} = $ret->{SERVER};
+ $ret->{MEMBER_SERVER_IP} = $ret->{SERVER_IP};
+ $ret->{MEMBER_NETBIOSNAME} = $ret->{NETBIOSNAME};
+ $ret->{MEMBER_NETBIOSALIAS} = $ret->{NETBIOSALIAS};
+ $ret->{MEMBER_USERNAME} = $ret->{USERNAME};
+ $ret->{MEMBER_PASSWORD} = $ret->{PASSWORD};
+
+ $ret->{DC_SERVER} = $dcvars->{DC_SERVER};
+ $ret->{DC_SERVER_IP} = $dcvars->{DC_SERVER_IP};
+ $ret->{DC_NETBIOSNAME} = $dcvars->{DC_NETBIOSNAME};
+ $ret->{DC_NETBIOSALIAS} = $dcvars->{DC_NETBIOSALIAS};
+ $ret->{DC_USERNAME} = $dcvars->{DC_USERNAME};
+ $ret->{DC_PASSWORD} = $dcvars->{DC_PASSWORD};
+
+ return $ret;
+}
+
+sub provision_rpc_proxy($$$)
+{
+ my ($self, $prefix, $dcvars) = @_;
+ print "PROVISIONING RPC PROXY...";
+
+ my $extra_smbconf_options = "dcerpc_remote:binding = ncacn_ip_tcp:localdc1
+ dcerpc endpoint servers = epmapper, remote
+ dcerpc_remote:interfaces = rpcecho
+";
+
+ my $ret = $self->provision($prefix,
+ "member server",
+ "localrpcproxy4",
+ "localrpcproxy",
+ 4,
+ "localrpcproxypass",
+ $dcvars->{SERVER_IP},
+ $extra_smbconf_options);
+
+ $ret or die("Unable to provision");
+
+ my $net = $self->bindir_path("net");
+ my $cmd = "";
+ $cmd .= "SOCKET_WRAPPER_DEFAULT_IFACE=\"$ret->{SOCKET_WRAPPER_DEFAULT_IFACE}\" ";
+ $cmd .= "KRB5_CONFIG=\"$ret->{KRB5_CONFIG}\" ";
+ $cmd .= "$net join $ret->{CONFIGURATION} $dcvars->{DOMAIN} member";
+ $cmd .= " -U$dcvars->{DC_USERNAME}\%$dcvars->{DC_PASSWORD}";
+
+ system($cmd) == 0 or die("Join failed\n$cmd");
+
+ $ret->{RPC_PROXY_SERVER} = $ret->{SERVER};
+ $ret->{RPC_PROXY_SERVER_IP} = $ret->{SERVER_IP};
+ $ret->{RPC_PROXY_NETBIOSNAME} = $ret->{NETBIOSNAME};
+ $ret->{RPC_PROXY_NETBIOSALIAS} = $ret->{NETBIOSALIAS};
+ $ret->{RPC_PROXY_USERNAME} = $ret->{USERNAME};
+ $ret->{RPC_PROXY_PASSWORD} = $ret->{PASSWORD};
return $ret;
}
@@ -859,11 +908,18 @@ sub provision_dc($$)
"localdc",
1,
"localdcpass",
- "127.0.0.1");
+ "127.0.0.1", "");
$self->add_wins_config("$prefix/private") or
die("Unable to add wins configuration");
+ $ret->{DC_SERVER} = $ret->{SERVER};
+ $ret->{DC_SERVER_IP} = $ret->{SERVER_IP};
+ $ret->{DC_NETBIOSNAME} = $ret->{NETBIOSNAME};
+ $ret->{DC_NETBIOSALIAS} = $ret->{NETBIOSALIAS};
+ $ret->{DC_USERNAME} = $ret->{USERNAME};
+ $ret->{DC_PASSWORD} = $ret->{PASSWORD};
+
return $ret;
}
@@ -942,11 +998,32 @@ sub setup_env($$$)
if ($envname eq "dc") {
return $self->setup_dc("$path/dc");
+ } elsif ($envname eq "rpc_proxy") {
+ if (not defined($self->{vars}->{dc})) {
+ $self->setup_dc("$path/dc");
+ }
+ return $self->setup_rpc_proxy("$path/rpc_proxy", $self->{vars}->{dc});
} elsif ($envname eq "member") {
if (not defined($self->{vars}->{dc})) {
$self->setup_dc("$path/dc");
}
return $self->setup_member("$path/member", $self->{vars}->{dc});
+ } elsif ($envname eq "all") {
+ if (not defined($self->{vars}->{dc})) {
+ $self->setup_dc("$path/dc");
+ }
+ my $ret = $self->setup_member("$path/member", $self->{vars}->{dc});
+ if (not defined($self->{vars}->{rpc_proxy})) {
+ my $rpc_proxy_ret = $self->setup_rpc_proxy("$path/rpc_proxy", $self->{vars}->{dc});
+
+ $ret->{RPC_PROXY_SERVER} = $rpc_proxy_ret->{SERVER};
+ $ret->{RPC_PROXY_SERVER_IP} = $rpc_proxy_ret->{SERVER_IP};
+ $ret->{RPC_PROXY_NETBIOSNAME} = $rpc_proxy_ret->{NETBIOSNAME};
+ $ret->{RPC_PROXY_NETBIOSALIAS} = $rpc_proxy_ret->{NETBIOSALIAS};
+ $ret->{RPC_PROXY_USERNAME} = $rpc_proxy_ret->{USERNAME};
+ $ret->{RPC_PROXY_PASSWORD} = $rpc_proxy_ret->{PASSWORD};
+ }
+ return $ret;
} else {
die("Samba4 can't provide environment '$envname'");
}
@@ -962,6 +1039,23 @@ sub setup_member($$$$)
$self->wait_for_start($env);
+ $self->{vars}->{member} = $env;
+
+ return $env;
+}
+
+sub setup_rpc_proxy($$$$)
+{
+ my ($self, $path, $dc_vars) = @_;
+
+ my $env = $self->provision_rpc_proxy($path, $dc_vars);
+
+ $self->check_or_start($env, ($ENV{SMBD_MAXTIME} or 7500));
+
+ $self->wait_for_start($env);
+
+ $self->{vars}->{rpc_proxy} = $env;
+
return $env;
}
diff --git a/source4/rpc_server/dcerpc_server.h b/source4/rpc_server/dcerpc_server.h
index d273f6e..3a9c8fe 100644
--- a/source4/rpc_server/dcerpc_server.h
+++ b/source4/rpc_server/dcerpc_server.h
@@ -260,6 +260,9 @@ struct dcesrv_assoc_group {
/* parent context */
struct dcesrv_context *dce_ctx;
+
+ /* Remote association group ID (if proxied) */
+ uint32_t proxied_id;
};
/* server-wide context information for the dcerpc server */
diff --git a/source4/rpc_server/remote/dcesrv_remote.c b/source4/rpc_server/remote/dcesrv_remote.c
index e20e87b..9c4174b 100644
--- a/source4/rpc_server/remote/dcesrv_remote.c
+++ b/source4/rpc_server/remote/dcesrv_remote.c
@@ -3,7 +3,9 @@
remote dcerpc operations
Copyright (C) Stefan (metze) Metzmacher 2004
-
+ Copyright (C) Julien Kerihuel 2008-2009
+ Copyright (C) Andrew Bartlett <abartlet at samba.org> 2010
+
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 3 of the License, or
@@ -43,7 +45,10 @@ static NTSTATUS remote_op_bind(struct dcesrv_call_state *dce_call, const struct
const char *binding = lp_parm_string(dce_call->conn->dce_ctx->lp_ctx, NULL, "dcerpc_remote", "binding");
const char *user, *pass, *domain;
struct cli_credentials *credentials;
+ bool must_free_credentials = true;
bool machine_account;
+ struct dcerpc_binding *b;
+ struct composite_context *pipe_conn_req;
machine_account = lp_parm_bool(dce_call->conn->dce_ctx->lp_ctx, NULL, "dcerpc_remote", "use_machine_account", false);
@@ -96,17 +101,42 @@ static NTSTATUS remote_op_bind(struct dcesrv_call_state *dce_call, const struct
} else if (dce_call->conn->auth_state.session_info->credentials) {
DEBUG(5, ("dcerpc_remote: RPC Proxy: Using delegated credentials\n"));
credentials = dce_call->conn->auth_state.session_info->credentials;
+ must_free_credentials = false;
} else {
DEBUG(1,("dcerpc_remote: RPC Proxy: You must supply binding, user and password or have delegated credentials\n"));
return NT_STATUS_INVALID_PARAMETER;
}
- status = dcerpc_pipe_connect(priv,
- &(priv->c_pipe), binding, table,
- credentials, dce_call->event_ctx,
- dce_call->conn->dce_ctx->lp_ctx);
+ /* parse binding string to the structure */
+ status = dcerpc_parse_binding(dce_call->context, binding, &b);
+ if (!NT_STATUS_IS_OK(status)) {
+ DEBUG(0, ("Failed to parse dcerpc binding '%s'\n", binding));
+ return status;
+ }
+
+ DEBUG(3, ("Using binding %s\n", dcerpc_binding_string(dce_call->context, b)));
+
+ /* If we already have a remote association group ID, then use that */
+ if (dce_call->context->assoc_group->proxied_id != 0) {
+ b->assoc_group_id = dce_call->context->assoc_group->proxied_id;
+ }
+
+ pipe_conn_req = dcerpc_pipe_connect_b_send(dce_call->context, b, table,
+ credentials, dce_call->event_ctx, dce_call->conn->dce_ctx->lp_ctx);
+ status = dcerpc_pipe_connect_b_recv(pipe_conn_req, dce_call->context, &(priv->c_pipe));
+
+ if (must_free_credentials) {
+ talloc_free(credentials);
+ }
+
+ if (!NT_STATUS_IS_OK(status)) {
+ return status;
+ }
+
+ if (dce_call->context->assoc_group->proxied_id == 0) {
+ dce_call->context->assoc_group->proxied_id = priv->c_pipe->assoc_group_id;
+ }
- talloc_free(credentials);
if (!NT_STATUS_IS_OK(status)) {
return status;
}
diff --git a/source4/selftest/tests.sh b/source4/selftest/tests.sh
index 0fdb737..e6a8c25 100755
--- a/source4/selftest/tests.sh
+++ b/source4/selftest/tests.sh
@@ -365,6 +365,9 @@ plantest "rpc.samr.users against member server with local creds" member $VALGRIN
plantest "rpc.samr.passwords against member server with local creds" member $VALGRIND $smb4torture ncacn_np:"\$NETBIOSNAME" -U"\$NETBIOSNAME/\$USERNAME"%"\$PASSWORD" "RPC-SAMR-PASSWORDS" "$*"
plantest "blackbox.smbclient against member server with local creds" member $samba4srcdir/client/tests/test_smbclient.sh "\$NETBIOSNAME" "\$USERNAME" "\$PASSWORD" "\$NETBIOSNAME" "$PREFIX"
+# RPC Proxy
+plantest "rpc.echo against rpc proxy with domain creds" rpc_proxy $VALGRIND $smb4torture ncacn_ip_tcp:"\$RPC_PROXY_NETBIOSNAME" -U"\$DOMAIN/\$DC_USERNAME"%"\$DC_PASSWORD" RPC-ECHO "$*"
+
# Tests SMB signing
for mech in \
--
Samba Shared Repository
More information about the samba-cvs
mailing list