IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
- print "supplementalCredentials" also when --option="dssync:print_pwd_blobs=yes"
is used
abartlet: this field may contain the krb5 keys...
metze
(This used to be commit 26c69348ca)
Support conformant [string] arrays
Eliminate utf8string
This breaks xattr binary compatibility with previous versions - is that a
problem?
(This used to be commit 7596c708ba)
add struct nbt_peer_socket and use it instead of passing const char *addr, uint16 port everyhwere
(tridge: can you review this please, (make test works)
metze
(This used to be commit a599d7a4ae)
problem was that the return string was declared as:
[out] astring dcname
which means "this is a non-NULL string". The server code sometimes
returned NULL however (on getdc lookup failure), which caused the NDR
marshalling code to crash. When you declare a non-pointer return value
you are promising that the value can never be NULL.
The trivial fix is to use:
[out] astring *dcname
which leaves the API alone, but includes a pointer in the wire format,
which in turn means it is valid to send a NULL string as a response.
(This used to be commit e39bac6196)
- the unknown flag 0x10 seems to mean that this name was localy registered on this
currently asked server, that flag is not present in replica records
metze
(This used to be commit ba3685c41d)
make wrepl_nbt_name a scalar type that is another
wire representation of struct nbt_name
give wrepl_name->flags a meaning
metze
(This used to be commit 5fa13d6c2b)
domain and gets the DC's name via a mailslot call.
Metze, I renamed wbsrv_queue_reply to wbsrv_send_reply in accordance with
irpc_send_reply. Having _queue_ here and _send_ there is a bit confusing. And
as everything is async anyway, the semantics should not be too much of a
problem.
Volker
(This used to be commit 4637964b19)
- fixed winreg_GetKeySecurity() to use a sec_info field correctly
- simplied the winreg torture code, removing the separate opens for
each hive
- added torture cleanup code in winreg test
- added 'create with security descriptor' in the winreg torture test
(This used to be commit f20695decd)
descriptor. To keep it simple I just use normal IDL buffers for now,
avoiding the complex methods metze used in spoolss. We might change
that later
Also added decoding of the security_descriptor in
winreg_GetKeySecurity() in smbtorture
(This used to be commit 439f34a962)
tree with DsGeNCChanges(), this is possible as administrator
without having a DC account joined to the domain
metze
(This used to be commit e6f92444d2)
as it isn't needed
- parse some more DsAddEntry() errors
- add some more attid constands so that all attribute that are needed
for a DsAddEntry in the DC Domain Join are mapped
- add value() for __ndr_size, to more attribute container, so that the caller
doesn't need to fill them in, that was the reason for getting an NDR_FAULT
metze
(This used to be commit a9a1a6f861)
calls. The previous IDL was just a workaround for the limitations of
our older rpc infrastructure. Now that Jelmer has added much improved
string support using the charset keyword we can correctly implemenent
the unusual winreg string buffers.
Jelmer, note the little comment I put on winreg_StringBuf() about why
I couldn't use [value()] for the length field.
This also fixes EnumKey() and EnumValue() to use NTTIME fields for the
last_changed_time. I don't know why we were using a pair of uint32's,
as it is just a NTTIME.
(This used to be commit 8354b01612)
the ndr_pull/push/print functions for it in the ntacl-lsm module
- fix compiler warnings in the ldap_encode_ndr_* code
metze
(This used to be commit 83d65d0d7e)
- map the result code from rpc calls into the ejs objects
- treat winreg_String like lsa_String, hiding the length elements
(This used to be commit 2f6311c9a3)
- Convert to use lsa_String instead of eventlog_String.
- Copy across some constants.
- Implement idl and testcase for ClearEventLog() function
(This used to be commit 352b21af3f)
- Fixes annoying array-of-pointers bug in pidl.
- No longer "inherit" alignment thru subcontexts
- Use "Image Object" as example DCOM object, rather then the "My Computer" object, which is built-in and can't be accessed remotely as far as I can see
(This used to be commit bd706d4964)
functions we don't need. That is a lot of functions, as ejs is only
client side, so it only needs push functions for [out] vars, and pull
functions for [in] vars
added irpc and srvsvc IDL to list of available pipes.
(This used to be commit c7a9dbe70a)
of null credentials to use if cmdline_credentials is not setup
- hide the length and size elements of a lsa_String from js scripts,
so you can use a lsa_String just as an ordinary string without
knowing its a structure. We won't do this with all structures, just
a few core ones that are used often enough to warrant it.
- make sure returned ldb arrays have a length property
(This used to be commit 12d2092dd8)
now push/pull a sample PAC, and still have the same byte buffer.
(Metze set up the string code, and probably already has a similar
patch).
Unfortunetly win2k3 still doesn't like what we provide, but every step helps.
Also use data_blob_const() when we are just wrapping data for API
reasons.
Andrew Bartlett
(This used to be commit e7c8076fc1)
(I have included the krbtgt key from my test network).
It turns out the krbtgt signature is over the 16 (or whatever,
enc-type dependent) bytes of the signature, not the entire structure.
Also do not even try to use Kerberos or GSSAPI on an IP address, it
will only fail.
Andrew Bartlett
(This used to be commit 3b9558e82f)
- added auto generation of a header with prototypes for public ejs functions
- make public functions non-static
- fixed allocation of fixed sized arrays
- added 'noejs' flag indicating that a typedef will be handled manually by ejs
- added manual functions for sid and GUID, so they show up as nice
strings in ejs scripts
This allows ejs to bring in samr, security, lsa and misc IDL functions
(This used to be commit a8cb2dbdcc)
actually a uint16 * without the [string] attribute, a la the the
system_name argument to samr_Connect().
Initialising the pointer to NULL is sufficient and we still pass the
RPC-WINREG test against win2k3.
(This used to be commit 407d962dac)
- add a new 'sptr' (simple-full) pointer type to simulate what we need to support pipes
like epmapper and mgmt that uses 'ptr' full pointer in their spec
- I runned make test and test_w2k3.sh with this, all fine
does we have any other pipe using 'unique' pointer where we need 'ptr'?
btw: jelmer, what does 'ignore' pointers do? they are allowed in pidl but not implemented!
metze
(This used to be commit d19068bfb2)
- move to handmodified pull/push code for PAC_BUFFER
to get the _ndr_size field and the subcontext size right
- after looking closely to the sample w2k3 PAC in our torture test (and some more in my archive)
I found out that the first uint32 before the netr_SamInfo3 was also a pointer,
(and we passed a NULL pointer there before, so I think that was the reason why the windows clients doesn't want our PAC)
w2k3 uses this for unique pointers:
ptr = ndr->ptr_count * 4;
ptr |= 0x00020000;
ndr->ptr_count;
- do one more pull/push round with the sample PAC
metze
(This used to be commit 0eee179415)
much closer.
This changes PIDL to allow a subcontext to have a pad8 flag, saying to
pad behind to an 8 byte boundary. This is the only way I can explain
the 4 trainling zeros in the signature struct.
Far more importantly, the PAC code is now under self-test, both in
creating/parsing our own PAC, but also a PAC from my win2k3 server.
This required changing auth_anonymous, because I wanted to reuse the
anonymous 'server_info' generation code.
I'm still having trouble with PIDL, particulary as surrounds value(),
but I'll follow up on the list.
Andrew Bartlett
(This used to be commit 50a54bf4e9)
We now generate the PAC, and can verifiy both our own PAC and the PAC
from Win2k3.
This commit adds the PAC generation code, spits out the code to get
the information we need from the NETLOGON server back into a auth/
helper function, and adds a number of glue functions.
In the process of building the PAC generation code, some hints in the
Microsoft PAC specification shed light on other parts of the code, and
the updates to samr.idl and netlogon.idl come from those hints.
Also in this commit:
The Heimdal build package has been split up, so as to only link the
KDC with smbd, not the client utils.
To enable the PAC to be veified with gensec_krb5 (which isn't quite
dead yet), the keyblock has been passed back to the calling layer.
Andrew Bartlett
(This used to be commit e2015671c2)
they slightly changed the semantics of value() in pidl, which broke
a optimisation hack in some of our IDL files.
I've changed the idl files to remove the hack for now. Sometime we
need to find a better way to handle these :-)
(This used to be commit 765f75ea63)
- fix some typos in EnumPrintServerForms()/GetPrintServerForms()
- add AddPrintServerForms()/SetPrintServerForms() and DeletePrintServerForms
metze
(This used to be commit 7390638842)
- this is an abstraction layer for print services,
like out NTVFS subsystem for file services
- all protocol specific details are still in rpc_server/spoolss/
- like the stupid in and out Buffer handling
- checking of the r->in.server_name
- ...
- this subsystem can have multiple implementation
selected by the "ntptr providor" global-section parameter
- I currently added a "simple_ldb" backend,
that stores Printers, Forms, Ports, Monitors, ...
in the spoolss.db, and does no real printing
this backend is basicly for testing, how the spoolss protocol
works
- the interface is just a prototype and will be changed a bit
the next days or weeks, till the simple_ldb backend can
handle all calls that are used by normal w2k3/xp clients
- I'll also make the api async, as the ntvfs api
this will make things like the RemoteFindFirstPrinterChangeNotifyEx(),
that opens a connection back to the client, easier to implement,
as we should not block the whole smbd for that
- the idea is to later implement a "unix" backend
that works like the current samba3 code
- and maybe some embedded print server vendors can write there own
backend that can directly talk to a printer without having cups or something like this
- the default settings are (it currently makes no sense to change them :-):
ntptr providor = simple_ldb
spoolss database = $private_dir/spoolss.db
metze
(This used to be commit 455b5536d4)
- add EnumMonitors() server code and return "Standard TCP/IP Port"
- add parsing for opening Ports and Monitors with OpenPrinterEx()
metze
(This used to be commit 08e6de37bc)
- use the same names as etherel (offered,needed) for the buffer sizes
(and they are really independently used)
metze
(This used to be commit f5532a5b74)
Add notes on mailslots
Add TODO list for pidl, including some plans on switching
over to using [string] attributes for pidl.
(This used to be commit fca195ce07)
management system I proposed on samba-technical a couple of days
ago. Essentially it is a very lightweight way for any code in Samba to
make IDL based rpc calls to anywhere else in the code, without the
client or server having to go to the trouble of setting up a full rpc
service.
It can be used with any of our existing IDL, but I expect it will
mostly be used for a new set of Samba specific management calls.
The LOCAL-IRPC torture test demonstrates how it can be used by calling
the echo_AddOne() call over this transport.
(This used to be commit 3d589a0995)
Change the IDL file for the echo interface to match the one we use for
Windows. The only thing different between the two files currently is the
names of the scalar types and the handling of strings.
(This used to be commit b264c61061)
parsing code for the spoolss_Enum* functions, there still same handwritten code needed
but just to stack the autogenerated code into the correct way
metze
(This used to be commit 155d18e8b7)
now able to use constructions like these:
[size_is(20)] int *x; -> Pointer to array of 20 ints
[size_is(20)] int x[]; -> Array of 20 ints
[size_is(20)] int *x[]; -> Array of 20 pointers to ints
[size_is(20,)] int *x[] -> Array of 20 pointers to ints
[size_is(,20)] int *x[]; -> Pointer to array of 20 ints
[size_is(,20)] int **x; -> Pointer to pointer to array of 20 ints
[size_is(20)] int x[][30]; -> 20 blocks of 30 ints
(This used to be commit ecf583da71)
The main difference in this new version is the extra data structure generated
between the IDL data structure and the NDR parser:
IDL -> NDR -> { ndr_parser, ndr_header, eparser, etc }
This makes the ndr_parser.pm internals much more sane.
Other changes include:
- Remove unnecessary calls with NDR_BUFFERS (for example, GUID doesn't have any buffers, just scalars) as well as some (unnecessary) nested setting of flags.
- Parse array loops in the C code rather then calling ndr_pull_array(). This allows us to have, for example, arrays of pointers or arrays of pointers to arrays, etc..
- Use if() {} rather then if () goto foo; everywhere
- NDR_IN no longer implies LIBNDR_FLAG_REF_ALLOC
- By default, top level pointers are now "ref" (as is the default in
most other IDL compilers). This can be overridden using the
default_pointer_top() property.
- initial work on new ethereal parser generators by Alan DeKok and me
- pidl now writes errors in the standard format used by compilers, which
is parsable by most editors
- ability to warn about the fact that pidl extension(s) have been used,
useful for making sure IDL files work with other IDL compilers.
oh, and there's probably some other things I can't think of right now..
(This used to be commit 13cf227615)
response.
To work around the fact that the type of the returned data is not
encoded in the packet, this required adding ndr_pull_union_blob()
which allows us to pull a blob into a union with a specified switch
value, in this case the switch value comes from the calling NtVer field.
(This used to be commit bd27e626c2)
Running as a non-root user using socket_wrapper is possible by simple
export SOCKET_WRAPPER_DIR before running 'make test'
(This used to be commit 6d93fcc407)
We need to pass the 'secure channel type' to the NETLOGON layer, which
must match the account type.
(Yes, jelmer objects to this inclusion of the kitchen sink ;-)
Andrew Bartlett
(This used to be commit 8ee208a926)
now tries to bind to port 138 if possible, so if you run it as root
and smbd/nmbd is not running then it works against windows servers
(This used to be commit 52ccdb79bc)
suite. The NBT-DGRAM test does a UDP/138 netlogon request, to which a
windows server sends a reply, but the windows server sends the reply
to the wrong port (it always sends to 138), so the test suite doesn't
see it.
(This used to be commit a7634625db)
datagrams. This adds the IDL to parse mailslot packets, plus mailslot
dispatch and listener registration code.
mailslots are used for UDP/138 browse and netlogon packets
(This used to be commit f20e7e5200)
- fix GetPrinterData(), look inside the datablob
- add idl for RemoteFindFirstChangeNotify(), without meaning yet, just to not return a DCERPC_FAULT
when receiving this request
metze
(This used to be commit 92f3d5bd9c)
server. Currently just listens on port 138 and parses the packets
(using IDL like the rest of NBT). This allows me to develop the
structures and test with real packets
(This used to be commit 10d64a5253)
a handle as parameter,
EnumPorts
EnumPrinterDrivers
EnumMonitors
EnumPrintProcessors
EnumPrinters
we now do cross checks between the different info levels
and sore the results in a global context,
so that we later can add cross checks between the different object types
- add idl for EnumMonitors and EnumPrintProcessors
metze
(This used to be commit 92a3721bc7)
(this fixes parsing of w2k blob, which some times have random gargabe data in the sid buffer)
- make the names of the DsReplicaCoursor*Ctr* 's more consistent
and fix DsGetNCchangesCtr6 parsing
metze
(This used to be commit 75e427dca9)
this is not complete cuurently...
but I want other people to test it and help me on finishing it.
(try to change the #if 0 in torture/rpc/drsuapi.c into #if 1)
metze
(This used to be commit 335adef370)
has the patience to run test_w2k3.sh to completion :-)
It looks to me that the Windows server runs the RC4 over the C struct,
not the NDR data.
Andrew Bartlett
(This used to be commit c324d97413)
I wanted to add a simple 'workstation' argument to the DCERPC
authenticated binding calls, but this patch kind of grew from there.
With SCHANNEL, the 'workstation' name (the netbios name of the client)
matters, as this is what ties the session between the NETLOGON ops and
the SCHANNEL bind. This changes a lot of files, and these will again
be changed when jelmer does the credentials work.
I also correct some schannel IDL to distinguish between workstation
names and account names. The distinction matters for domain trust
accounts.
Issues in handling this (issues with lifetime of talloc pointers)
caused me to change the 'creds_CredentialsState' and 'struct
dcerpc_binding' pointers to always be talloc()ed pointers.
In the schannel DB, we now store both the domain and computername, and
query on both. This should ensure we fault correctly when the domain
is specified incorrectly in the SCHANNEL bind.
In the RPC-SCHANNEL test, I finally fixed a bug that vl pointed out,
where the comment claimed we re-used a connection, but in fact we made
a new connection.
This was achived by breaking apart some of the
dcerpc_secondary_connection() logic.
The addition of workstation handling was also propogated to NTLMSSP
and GENSEC, for completeness.
The RPC-SAMSYNC test has been cleaned up a little, using a loop over
usernames/passwords rather than manually expanded tests. This will be
expanded further (the code in #if 0 in this patch) to use a newly
created user account for testing.
In making this test pass test_rpc.sh, I found a bug in the RPC-ECHO
server, caused by the removal of [ref] and the assoicated pointer from
the IDL. This has been re-added, until the underlying pidl issues are
solved.
(This used to be commit 824289dcc2)
that can be handled.
tridge: do you think it would make sense to change the sub_auth[num_auths] to sub_auth[5],
so we can copy the struct by sid1 = sid2;
comments please
metze
(This used to be commit 2fc8a604b0)
(the torture test currently only tests if the idl is correct)
- add start for idl for DsGetNCChanges()
(if someone didn't noticed the current ethereal trunk code can
successful decrypt DCERPC and LDAP gsskrb5 encrypted blobs,
when you provide a keytab and have compiled against heimdal :-)
- add a view bitmaps and enum's for better debugging
metze
(This used to be commit cf7c1352ab)
- Always put IID in vtables (useful for asserts)
- Add table to keep track of DCOM proxy classes
- Bunch of smaller bug fixes
(This used to be commit 26d5a0b92c)
- Makes union handling less special
- Allows unions in arrays, etc
- Compatible with midl
- Pidl will warn about switch_type() and the type of the switch_is() variable being different
(This used to be commit dc6b4ffc82)
array can now only be :
type *name[];
rather then :
type *name;
which was supported in the past. Warnings will be given when the first
syntax is used. Reasons for this change in behaviour include improved
readability and the fact that the second format makes dealing with multiple
levels of pointers harder.
(This used to be commit a416de5825)
- add and fix some PrinterInfo levels
- add and fix some DriverInfo levels
- fix EnumPrinterDriver torture test
the curent RPC-SPOOLSS now passes on w2k3
metze
(This used to be commit 14b88ca20d)
DCOM paper in lorikeet. This is the result of 1.5 months work (mainly
figuring out how things *really* work) at the end of 2004.
In general:
- Clearer distinction between COM and DCOM. DCOM is now merely
the glue between DCE/RPC+ORPC and COM. COM can also work without
DCOM now. This makes the code a lot clearer.
- Clearer distinction between NDR and DCOM. Before, NDR had a couple of
"if"s to cope with DCOM, which are now gone.
- Use "real" arguments rather then structures for function arguments in
COM, mainly because most of these calls are local so packing/unpacking
data for every call is too much overhead (both speed- and code-wise)
- Support several mechanisms to load class objects:
- from memory (e.g. part of the current executable, registered at start-up)
- from shared object files
- remotely
- Most things are now also named COM rather then DCOM because that's what it
really is. After an object is created, it no longer matters whether it
was created locally or remotely.
There is a very simple example class that contains
both a class factory and a class that implements the IStream interface.
It can be tested (locally only, remotely is broken at the moment)
by running the COM-SIMPLE smbtorture test.
Still to-do:
- Autogenerate parts of the class implementation code (using the coclass definitions in IDL)
- Test server-side
- Implement some of the common classes, add definitions for common interfaces.
(This used to be commit 71fd3e5c3a)
- added a new IDL type "udlongr", which is like udlong, but with the
two uint32 halves reversed
- modified the winsrepl.idl to cope with a wider range of packets
(This used to be commit bc8d60c918)
on tcp port 42. This is enough to reasonably decode (with ndrdump) all
the packets I have seen on the wire. It will need some fine tuning
once I understand the protocol a bit more.
(This used to be commit 3f90bc1321)
is assumed to be "ptr" if not specified (just like midl).
The validator will warn when "ptr" is used at the moment, because
pidl only supports unique, ref and relative at the moment.
(This used to be commit 31bed62a9a)
do secure server WACK responses
- added a ldap_string_to_time() function, for converting a LDAP
formatted time to a time_t
(This used to be commit 9aa3313b3f)
- fixed a bug in the send queue handling on timeouts
- added support for handling unexpected replies (replies to the wrong
port) at the nbtsocket layer
- added separate layer 2 code for wins refresh and wins registration
(This used to be commit 2502b02898)
accidently have the same protocol id as UUID's)
Before this, Samba would give NDR errors when contacting
a remote server that has IPX support enabled.
This one was on my long due bugs list.
(This used to be commit 7b847de64f)
the header, and defined on the wire as a 4 byte network byte order
IP. This means the calling code doesn't have to worry about network
byte order conversions.
(This used to be commit 72048e3717)
names on the network and answers name queries. Lots of details are
still missing, but at least this now means you don't need a Samba3
nmbd to use Samba4.
missing pieces include:
- name registrations should be "shout 3 times, then demand"
- no WINS server yet
- no master browser code
(This used to be commit d7d31fdc66)
files don't need to match the type names in the generated headers
- with this type mapping we no longer need definitions for the
deprecated "int32", "uint8" etc form of types. We can now force
everyone to use the standard types int32_t, uint8_t etc.
- fixed all the code that used the deprecated types
- converted the IDL types "int64" and "uint64" to "dlong" and
"udlong". These are the 4 byte aligned 64 bit integers that
Microsoft internally define as two 32 bit integers in a
structure. After discussions with Ronnie Sahlberg we decided that
calling these "int64" was confusing, as it implied a true 8 byte
aligned type
- fixed all the cases where we incorrectly used things like
"NTTIME_hyper" in our C code. The generated API now uses a NTTIME for
those. The fact that it is hyper-aligned on the wire is not relevant
to the API, and should remain just a IDL property
(This used to be commit f86521677d)
- structures defined using IDL in nbt.idl
- build around our events structure, and talloc
- fully async
- supports all NBT packet fields as per rfc1002
- easy interfaces for name query and status
For the moment there are just a couple of test functions in
namequery.c, test_name_query() and test_name_status(). These will be
removed when we hook the new library into libcli/ fully
The new library will also be a fairly good basis for a nbt
server. Although it can't be a server as-is, I wrote it with the needs
of a server in mind (for example, extremely scalable idtree based
packet handling)
(This used to be commit ae7e625bfa)
- Use templates for Secrets and the new trusted domains
- Auto-add modifiedTime, createdTime and objectGUID to records in the
samdb layer.
Andrew Bartlett
(This used to be commit 271c8faadf)
This uses LDB (a local secrets.ldb and the global samdb) to fill out
the secrets from an LSA perspective.
Some small changes to come, but the bulk of the work is now done.
A re-provision is required after this change.
Andrew Bartlett
(This used to be commit ded3303352)
This call uses a new IDL type, NTTIME_hyper. This is 8-byte aligned,
as the name suggests.
Expand the QuerySecret LSA calls in RPC-SAMLOGON and RPC-LSA, to
validate the behaviour of times, and of the old secrets.
Thanks to tridge for spotting the use of HYPER!
Andrew Bartlett
(This used to be commit 1fed79cb0f)
- there is no alter_nak or alter_ack packet, its all done in an
alter_response
- auto-allocated the contex_ids
- tried to fix up the dcom code to work again with
alter_context. Jelmer, please take a look :)
(This used to be commit dd1c54add8)
