IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
functions so we can funnel through some well known functions. Should help greatly with
malloc checking.
HEAD patch to follow.
Jeremy.
(This used to be commit 620f2e608f)
On systems with /dev/urandom, this avoids a change to secrets.tdb for every fork().
For other systems, we now only re-seed after a fork, and on startup.
No need to do it per-operation. This removes the 'need_reseed'
parameter from generate_random_buffer().
Andrew Bartlett
(This used to be commit 36741d3cf5)
was 'rpcclient -c "enumprinters 2"' with 4000 printers. At some point this
completely exploded in memory usage. For every string we talloc'ed memory up
to the end of the buffer. -> O(n^2).
This survives valgrind with this number of printers. It might also have
influence on winbind with a large number of users.
All those who dare to look at samba3 rpc code, could you please take a look? I
know this is a burden, but I would like comments ;-)))
Volker
(This used to be commit af251f4ea6)
in prs_init now
testsuite/printing/psec.c cannot do a prs_mem_free() when tdb_prs_fetch fails
as the prs structure has not been initialized
(This used to be commit a363e5d8c5)
the schannel code, but I've included that anyway. :-)
This patch revives the client-side NTLMSSP support for RPC named pipes
in Samba, and cleans up the client and server schannel code. The use of the
new code is enabled by the 'sign', 'seal' and 'schannel' commands in
rpcclient.
The aim was to prove that our separate NTLMSSP client library actually
implements NTLMSSP signing and sealing as per Microsoft's NTLMv1 implementation,
in the hope that knowing this will assist us in correctly implementing
NTLMSSP signing for SMB packets. (Still not yet functional)
This patch replaces the NTLMSSP implementation in rpc_client/cli_pipe.c with
calls to libsmb/ntlmssp.c. In the process, we have gained the ability to
use the more secure NT password, and the ability to sign-only, instead of
having to seal the pipe connection. (Previously we were limited to sealing,
and could only use the LM-password derived key).
Our new client-side NTLMSSP code also needed alteration to cope with our
comparatively simple server-side implementation. A future step is to replace
it with calls to the same NTLMSSP library.
Also included in this patch is the schannel 'sign only' patch I submitted to
the team earlier. While not enabled (and not functional, at this stage) the
work in this patch makes the code paths *much* easier to follow. I have also
included similar hooks in rpccleint to allow the use of schannel on *any* pipe.
rpcclient now defaults to not using schannel (or any other extra per-pipe
authenticiation) for any connection. The 'schannel' command enables schannel
for all pipes until disabled.
This code is also much more secure than the previous code, as changes to our
cli_pipe routines ensure that the authentication footer cannot be removed
by an attacker, and more error states are correctly handled.
(The same needs to be done to our server)
Andrew Bartlett
(This used to be commit 5472ddc9ea)
back a different sized blob of encrypted password data then we were
expecting. There's an extra 32 bytes of unknown stuff.
(This used to be commit 285952fd62)
It can itself determine the length of the string it has to
transfer. Andrew B., could you take a look at the length calculation?
Is that safe?
Thanks,
Volker
(This used to be commit 0ef69b586a)
discovered that our reply is short by 4 bytes since day 1 of this code.
Added a decode function to rpcclient too.
splitted the STRING2 fields filling while trying to understand the win9x
userlist bug. (didn't fix the bug, but the reply looks closer to NT).
J.F.
(This used to be commit bfbe7f377e)
for setlinebuf which apparantly doesn't exist on HPUX 11.
include/byteorder.h:
rpc_parse/parse_prs.c:
Ding Dong the witch is dead ! :-). Ok, I'm happy 'cos I've finally deleted
all the *HORRIBLE* DBG_RW_XXX and RW_XXX macros from include/byteorder.h.
They were macros that included macros that had conditional macros included.
No one understood them (they were the cause of most of the bigendian issue
bugs). Finally, I went into parse_prs.c and inlined all of that stuff with
regular function calls. They're understandable, they're easy to edit and
they don't include macros !
JF - please look at the one comment I added (JF PLEASE CHECK). I have
tested this partly with IRIX (a bigendian system) running with AS/U on
a Solaris box in SGI's lab, and I've also confirmed these new changes
work with W2K (vmware) but there may be the odd bug lurking. Herb, if
you could re-checkout and test again with this code that would help.
Extra. Fixed bug spotted by the sharp eyes of JF - big endian unicode
packet would cause a early truncate of string parsing as we were checking for a char *
0, not a uint16 * 0.
Jeremy.
(This used to be commit 13765eca71)
We were reading the endainness in the RPC header and then never propagating
it to the internal parse_structs used to parse the data.
Also removed the "align" argument to prs_init as it was *always* set to
4, and if needed can be set differently on a case by case basis.
Now ready for AS/U testing when Herb gets it set up :-).
Jeremy.
(This used to be commit 0cd37c831d)
rpc_parse/parse_dfs.c: Had to add buffer overrun checking ! HOW DID THIS GET IN HERE !
rpc_parse/parse_prs.c: Ensure prs_alloc_mem does a memset of zero before returning.
Jeremy.
(This used to be commit c9a6a17025)
rewrote unistr2_to_ascii() to correct a bug seen on SGI boxes.
rpc_parse/parse_misc.c:
rpc_parse/parse_prs.c:
rewrote of BUFFER5 handling to NOT byteswap when it was already in
network byte order.
rpc_parse/parse_samr.c:
cleanup of samr_io_q_lookup_domain(), remove the over-parsing by 2
bytes.
rpc_server/srv_lsa.c:
UNISTR2 strings need to be NULL terminated to pleased W2K.
rpc_server/srv_spoolss_nt.c:
use snprintf instead of safe_strcpy as we want the string
truncated at 32 chars.
That should fix SUN and SGI box not able to act as printserver and the
problem with joining from a W2K wks.
J.F.
(This used to be commit 69fe739303)
the trust domain list reply on netlogon pipe was wrong, interim hack until
we have full trust relationships.
changed some unistr2 to parse the ending NULL char.
added a prs_align_needed() function. much like a prs_align but with a
condition. needed for the unistr2 parsing.
J.F.
(This used to be commit d8bf81553c)
