Category: Samba

0

socket_wrapper 1.3.0 and fd-passing

A new version of socket_wrapper has just been released. In short, socket_wrapper is a library passing all socket communications through unix sockets. It aims to help client/server software development teams willing to gain full functional test coverage. It makes possible to run several instances of the full software stack on the same machine and perform locally functional testing of complex network configurations. New in version...

0

Samba and GnuTLS

TL;DR SMB3 file transfer with encryption will be 4-6 times faster with Samba 4.12 Samba is getting out of the crypto business GnuTLS >= 3.4.7 required FIPS compliance ahead Introduction More or less since the beginning of Samba, it implemented the cryptography it needed to talk to Windows on its own. One reason is that Windows didn’t follow the standards or used ciphers nobody else...

3

Samba 4.7.0 (Samba AD for the Enterprise)

Enterprise distributions like Red Hat or SUSE are required to ship with MIT Kerberos. The reason is that several institutions or governments have a hard requirement for a special Kerberos implementation. It is the reason why the distributions by these vendors (Fedora, RHEL, openSUSE, SLES) only package Samba FS and not the AD component. To get Samba AD into RHEL some day it was clear,...

3

Microsoft Catalog Files and Digital Signatures decoded

TL;DR: Parse and print .cat files: parsemscat Introduction Günther Deschner and myself are looking into the new Microsoft Printing Protocol [MS-PAR]. Printing always means you have to deal with drivers. Microsoft package-aware v3 print drivers and v4 print drivers contain Microsoft Catalog files. A Catalog file (.cat) is a digitally-signed file. To be more precise it is a PKCS7 certificate with embedded data. Before I...

0

uid_wrapper-1.2.0 released!

I’ve just released uid_wrapper-1.2.0, a testing tool to fake privilege separation! The new version correctly checks privileges when changing IDs and has a lot more tests! Learn more at https://cwrap.org.

0

Hunting down a fd closing bug in Samba

In Samba I had a failing test suite. I have nss_wrapper compiled with debug messages turned on, so it showed me the following line: NWRAP_ERROR(23052) – nwrap_he_parse_line: 3 Invalid line[TDB]: ‘DB’ The file should parse a hosts file like /etc/hosts, but the debug line showed that it tried to parse a TDB (Trivial Database) file, Samba database backend. I’ve started to investigate it and wondered...

0

New uid_wrapper with full threading support.

Today I’ve released a new version of uid_wrapper (1.1.0) with full threading support. Robin Hack a colleague of mine spent a lot of time improving the code and writing tests for it. It now survives funny things like forking in a thread. We also added two missing functions and fixed several bugs. uid_wrapper is a tool to help you writing tests for your application. If...

0

resolv_wrapper 1.0.0 – the new cwrap tool

I’ve released a new preloadable wrapper named resolv_wrapper which can be used for nameserver redirection or DNS response faking. It can be used in testing environment to route DNS queries to a real nameserver separate from resolv.conf or fake one with simple config file. We tested it on Linux, FreeBSD and Solaris. It should work on other UNIX flavors too. You can download resolv_wrapper here.

0

A talk about cwrap at LinuxCon Europe

Next week is the LinuxCon Europe in Düsseldorf, Germany. I will be there and give a talk about cwrap, a set of tools to make client/server testing easy on a single machine. Testing network applications correctly is hard. This talk will demonstrate how to create a fully isolated network environment for client and server testing on a single host, complete with synthetic account information, hostname...

0

How to get real DNS resolving in ‘make test’?

As you might know I’m working (hacking) on Samba. Samba has a DNS implementation to easier integrate all the AD features. The problem is we would like to talk to the DNS server but /etc/resolv.conf points to a nameserver so your machine is correctly working in your network environment. For this Samba in our dns resolver library we implemented a way to setup a dns_hosts_file...