IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
There are still a few tidyups of old FSF addresses to come (in both s3
and s4). More commits soon.
(This used to be commit fcf38a38ac691abd0fa51b89dc951a08e89fdafa)
I'm only fixing the bug I introduced here,
not the rest of the mess in the pipe handling,
as we don't fill in pipe->binding and pipe->conn->binding_str
consistant...
metze
(This used to be commit cec74f352822a767770e9e00e87a94d0e37d80c9)
also make it possible to pass and get the assoc_group_id for
a pipe.
also make it possible to pass the DCERPC_PFC_FLAG_CONC_MPX flag
in bind requests. From the spec it triggers support for
concurrent multiplexing on a single connection.
w2k3 uses the assoc_group_id feature when it becomes a domain controller
of an existing domain. Know the ugly part, with this it's possible to
use a policy handle from one connection on a different one...
typically the DsBind() call is on the 1st connection while DsGetNCChanges()
call using the first connections bind handle are on the 2nd connection.
The second connection also has the DCERPC_PFC_FLAG_CONC_MPX flag attached,
but that doesn't seem to be related to the cross connection handle usage
Can anyone think of a nice way to implement the assoc_group_id stuff in our server?
metze
(This used to be commit 2d8c85397d9027485ed6dbdcca87cc1ec84c7b76)
we crashed before trying ncacn_np: for frsrpc
as frsrpc doesn't have a ncacn_np endpoint listed
in the idl header and the endpoint mapping code
was trying our smbcli lib with a
NULL target_hostname -> called_name
metze
(This used to be commit ed49e4b1f87db483768dec36732b0c9765d1d4bc)
to perform a lookup once, resolve the name to an IP, while still
communicating the full name to the lower layers, for kerberos etc.
This fixes 'net samdump', which was failing due to the schannel target
name being *smbserver.
Andrew Bartlett
(This used to be commit 0546f487f4cc99b5549dc1e457ea243d4bd66333)
around the mess that is composite functions...
Async might be all the rage, but it's bloody painful to debug.
Andrew Bartlett
(This used to be commit 756e1dad7ce54b83f8170db3434bfcfc4afe7e65)
This support requires that the bind_ack and alter_ack recv functions
also be send the DCE/RPC fault. This would be best done by having the
ack run as a normal RPC reply callback, but this isn't easily possible
for now.
Andrew Bartlett
(This used to be commit be6dde22fe728d64d47875699d3421c6d8d872a4)
this isn't supported, fallback to NTLM.
Also, where we get a failure as 'logon failure', try and do a '3
tries' for the password, like we already do for CIFS. (Incomplete:
needs a mapping between RPC errors and the logon failure NTSTATUS).
Because we don't yet support Kerberos sign/seal to win2k3 SP1 for
DCE/RPC, disable this (causing SPNEGO to negotiate NTLM) when kerberos
isn't demanded.
Andrew Bartlett
(This used to be commit b3212d1fb91b26c1d326a289560106dffe1d2e80)
is passed to dcerpc_epm_map_binding_send.
2) Replace old dcerpc_epm_map_binding with the new function
based on async code, as the above problem is fixed.
rafal
(This used to be commit 85ecb07ab595073dd44c213075d33da07aa19277)
Now, each rpc interface (named pipe, tcp/ip, lrpc and unix
socket) works asynchronously.
Comments to follow.
rafal
(This used to be commit 789f9d43db7ea59e79d5aa498e2e9fd077448825)
In librpc, always try SMB level authentication, even if trying
schannel, but allow fallback to anonymous. This should better
function with servers that set restrict anonymous.
There are too many parts of Samba that get, parse and modify the
binding parameters. Avoid the extra work, and add a binding element
to the struct dcerpc_pipe
The libnet vampire code has been refactored, to reduce extra layers
and to better conform with the standard argument pattern. Also, take
advantage of the new libnet_Lookup code, so we don't require the silly
'password server' smb.conf parameter.
To better support forcing traffic to be sealed for the vampire
operation, the dcerpc_bind_auth() function now takes an auth level
parameter.
Andrew Bartlett
(This used to be commit d65b354959842326fdd4bd7eb7fbeea0390f4afa)
Avoids converting a static string to GUID every time we check whether
a transfer syntax is equal to that of NDR.
(This used to be commit 8dcfcaf75ab8cf4a54cf5e56f6be25acc68e3989)
dcerpc_interface_table struct rather then a tuple of interface
name, UUID and version.
This removes the requirement for having a global list of DCE/RPC interfaces,
except for these parts of the code that use that list explicitly
(ndrdump and the scanner torture test).
This should also allow us to remove the hack that put the authservice parameter
in the dcerpc_binding struct as it can now be read directly from
dcerpc_interface_table.
I will now modify some of these functions to take a dcerpc_syntax_id
structure rather then a full dcerpc_interface_table.
(This used to be commit 8aae0f168e54c01d0866ad6e0da141dbd828574f)
Completely untested, it's a bit difficult without having vista
around (yet), so - Andrew, please test it and let me know what's
wrong.
rafal
(This used to be commit b9e7522bd4b626402c51a69695bea0928f5baef7)
in sync version. This step makes it easer to move further to async
dcerpc connect routine.
rafal
(This used to be commit 87b016d55315190fa3f6083c75cb783ad45ddd0b)
flag 'smb2' in the dcerpc binding string. This gives a pretty good
test to the new SMB2 trans call.
(This used to be commit f99bef585d4c1e52becc06b581bd5aaa62cf9dd7)
ncacn_ip_tcp/ncalrpc. The problem was that svn revision 11809 removed
the logic that forced the CONNECT auth type for authenticated binds
which don't have an explicit SIGN or SEAL flag set.
(This used to be commit e7a1f11e8bcba3839f74c7303bd82533a6acfbcd)
This also removes dcerpc_bind_auth_password, the only user of
dcerpc_bind_auth. And this was not only passwords anyway.
Andrew Bartlett, as usual: Please take a close look.
Thanks,
Volker
(This used to be commit 2ff2dae3d035af6cb0c131573cfd983fc9a58eee)
field, instead put a zero address. Note that zero is correct (ie. we
shouldn't do the lookup) as in the client we want to send a zero for
the server to fill in. When we make this call from the server we fill
in a real IP.
(This used to be commit e54c8b5658761c33d50a1a557d2ec77229b07b47)
