Andreas Schneider Blog


Samba and GnuTLS

TL;DR SMB3 file transfer with encryption will be 4-6 times faster with Samba 4.12 Samba is getting out of the crypto business GnuTLS >= 3.4.7 required FIPS compliance ahead Introduction More or less since the beginning of Samba, it implemented the cryptography it needed to talk to Windows on its own. One reason is that Windows didn’t follow the standards or used ciphers nobody else...


cmocka version 1.1.2 released

I’m happy to announce version 1.1.2 of cmocka, a unit testing framework for C with mocking support. ChangeLog Added function to filter tests (cmocka_set_test_filter) Added new mocking example (uptime) Fixed fixture error reporting Fixed compiler flags detection Some improvement for API documentation


Profiling a camera with darktable-chart

I’ve written an article about “Profiling a camera with darktable-chart” which has been published at The article is about how to get the same color profile of you camera for your raw developing process. If you wonder what darktable is, it is a raw developer software for photographers.


Using AMD Open Source and the amdgpu-pro OpenCL driver for image processing

I have an AMD grahpics card and use the great Open Source driver which comes with my Linux distribution. However for image processing I want the OpenCL support of my graphics card. Currently that’s only provided by the amdgpu-pro driver. However it is possible to just extract the files needed for OpenCL and use them. Here is how to do this: Go to Select...


Samba 4.7.0 (Samba AD for the Enterprise)

Enterprise distributions like Red Hat or SUSE are required to ship with MIT Kerberos. The reason is that several institutions or governments have a hard requirement for a special Kerberos implementation. It is the reason why the distributions by these vendors (Fedora, RHEL, openSUSE, SLES) only package Samba FS and not the AD component. To get Samba AD into RHEL some day it was clear,...


Microsoft Catalog Files and Digital Signatures decoded

TL;DR: Parse and print .cat files: parsemscat Introduction Günther Deschner and myself are looking into the new Microsoft Printing Protocol [MS-PAR]. Printing always means you have to deal with drivers. Microsoft package-aware v3 print drivers and v4 print drivers contain Microsoft Catalog files. A Catalog file (.cat) is a digitally-signed file. To be more precise it is a PKCS7 certificate with embedded data. Before I...


A new cmocka release version 1.1.0

It took more than a year but finally Jakub and I released a new version of cmocka today. If you don’t know it yet, cmocka is a unit testing framework for C with support for mock objects! We set the version number to 1.1.0 because we have some new features: Support to catch multiple exceptions Support to verify call ordering (for mocking) Support to pass...


Testing PAM modules and PAM-aware applications in the Matrix

Jakub Hrozek and I are proud to announce the first release of pam_wrapper. This tool allows you to either simplify testing PAM modules or your application using PAM to authenticate users. PAM (Pluggable Authentication Modules) is a layer of abstraction on top of Unix authentication. For testing PAM-aware applications we have written a simple PAM module called pam_matrix. If you plan to test a PAM...


uid_wrapper-1.2.0 released!

I’ve just released uid_wrapper-1.2.0, a testing tool to fake privilege separation! The new version correctly checks privileges when changing IDs and has a lot more tests! Learn more at


libssh is running in the Matrix now

Since I joined the libssh project we started to write tests to find regression and make development easier. This has been achieved using the a unit testing framework called cmocka which I maintain and develop. The problem is that to run these tests you need to modify the sshd configuration and setup a test user so that the tests can be successfully executed. This is...