IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
- This required using NETLOGON_NEG_AUTH2_FLAGS for the
SetupCredentials2 negotiation flags, which is what Samba3 does,
because otherwise the server uses different crypto.
- This tests the returned session keys, which we decrypt.
- Update the Samba4 notion of a 'session key' to be a DATA_BLOB in
most places.
- Fix session key code to return NT_STATUS_NO_SESSION_KEY if none is
available.
- Remove a useless argument to SMBsesskeygen_ntv1
- move netr_CredentialState from the .idl to the new credentials.h
Andrew Bartlett
(This used to be commit 44f8b5b53e)
servers. Previously the server pipe code needed to return the RPC
level status (nearly always "OK") and separately set the function call
return using r->out.result. All the programmers writing servers
(metze, jelmer and me) were often getting this wrong, by doing things
like "return NT_STATUS_NO_MEMORY" which was really quite meaningless
as there is no code like that at the dcerpc level.
I have now modified pidl to generate the necessary boilerplate so that
just returning the status you want from the function will work. So for
a NTSTATUS function you return NT_STATUS_XXX and from a WERROR
function you return WERR_XXX. If you really want to generate a DCERPC
level fault rather than just a return value in your function then you
should use the DCESRV_FAULT() macro which will correctly generate a
fault for you.
As a side effect, this also adds automatic type checking of all of our
server side rpc functions, which was impossible with the old API. When
I changed the API I found and fixed quite a few functions with the
wrong type information, so this is definately useful.
I have also changed the server side template generation to generate a
DCERPC "operation range error" by default when you have not yet filled
in a server side function. This allows us to correctly implement
functions in any order in our rpc pipe servers and give the client the
right information about the fault.
(This used to be commit a4df5c7cf8)
request (a dead socket). I discovered this when testing against Sun's
PC-NetLink.
cleaned up the naming of some of the samr requests
add IDL and test code for samr_QueryGroupMember(),
samr_SetMemberAttributesOfGroup() and samr_Shutdown(). (actually, I
didn't leave the samr_Shutdown() test in, as its fatal to windows
servers due to doing exactly what it says it does).
(This used to be commit 925bc2622c)
samr_GetBootKeyInformation() and samr_Connect3()
also added some stub IDL for samr_SetBootKeyInformation() although I
don't yet have working test code. This one is tricky, as if you get it
wrong then the target system won't boot any more :)
(This used to be commit 118b6fc292)
- completed the IDL and test code for the various set user password
mechanisms in samr. Three password mechanisms are now working, the
UserInfo24 method, the OemChangePasswordUser2() method (which only
sets the LM password) and the ChangePasswordUser2() method which sets
both the LM and NT passwords.
- updated some crypto routines to support the password change tests
(This used to be commit 051efa2abf)
samr_AddMultipleMembersToAlias(),
samr_RemoveMultipleMembersFromAlias(), samr_OemChangePasswordUser2(),
and samr_ChangePasswordUser2()
The password change functions don't actually work yet (but should
soon). At this stage I have just completed the IDL for them. Next step
is to get the hash verifiers right and the torture test should be able
to do password changes.
(This used to be commit 849d0d314a)
samr_GetDisplayEnumerationIndex(), samr_TestPrivateFunctionsDomain(),
samr_TestPrivateFunctionsUser() and samr_RemoveMemberFromForeignDomain()
(This used to be commit 53c6670887)
- Start with the LDB backend
- The API is now more windows-like, which should make it easier to use
in rpc_server
- Added a GTK+ front-end
- Added some more IDL
More updates will follow, especially in the RPC field..
(This used to be commit 3adffa0217)
and schannel are both instances of possible security modules
- added schannel sign and sign/seal support to the dcerpc client
code. You select it with binding options of "schannel,sign" or
"schannel,seal".
(This used to be commit 05db0b9d94)
we needed to adjust the alignment of [relative] buffers for this to
work. I wonder if they are always 4 byte aligned?
(This used to be commit 9cd0a0b8b9)
uint32 followed by a GUID. I needed to fix this to support running in
mixed-mode rpc (where smbtorture is bigendian and w2k3 is
little-endian). Otherwise when you send back a policy handle the
server doesn't recognise it.
(This used to be commit 9b1c76a8e9)
This adds support for bigendian rpc in the client. I have installed
SUN pcnetlink locally and am using it to test the samba4 rpc
code. This allows us to easily find places where we have stuffed up
the types (such as 2 uint16 versus a uint32), as testing both
big-endian and little-endian easily shows which is correct. I have now
used this to fix several bugs like that in the samba4 IDL.
In order to make this work I also had to redefine a GUID as a true
structure, not a blob. From the pcnetlink wire it is clear that it is
indeed defined as a structure (the byte order changes). This required
changing lots of Samba code to use a GUID as a structure.
I also had to fix the if_version code in dcerpc syntax IDs, as it
turns out they are a single uint32 not two uint16s.
The big-endian support is a bit ugly at the moment, and breaks the
layering in some places. More work is needed, especially on the server
side.
(This used to be commit bb1af644a5)
server endpoints. We can now successfully setup listening endpoints on
high ports, then use our endpoint mapper redirect incoming clients to
the right port.
also greatly cleanup the rpc over tcp session handling.
(This used to be commit 593bc29bbe)
needs quite a bit more work to get it finished. The biggest missing
feature is the lack of NTLMSSP which is needed for basic
authentication over tcp
(This used to be commit 9fb0f03693)
for some reason the epm_Lookup replies can't be parsed by ethereal,
although w2k parses then fine as does the Samba4 NDR code.
(This used to be commit 097e7ca99d)
implements the epm_Lookup() call, I'll add the other important calls
soon. I was rather pleased to find that epm_Lookup() worked first
time, which is particularly surprising given its complexity.
This required quite a bit of new infrastructure:
* a generic way of handling dcerpc policy handles in the rpc server
* added type checked varients of talloc. These are much less error
prone. I'd like to move to using these for nearly all uses of
talloc.
* added more dcerpc fault handling code, and translation from
NTSTATUS to a dcerpc fault code
* added data_blob_talloc_zero() for allocating an initially zero
blob
* added a endpoint enumeration hook in the dcerpc endpoint server
operations
(This used to be commit 3f85f9b782)
don't cause fragmented pdus (I'll add fragments shortly)
* change data_blob_talloc() to not zero memory when the 2nd argument
is NULL. The zeroing just masks bugs, and can't even allow a DOS
attack
* modified pidl to ensure that [ref] arguments to the out side of
functions are allocated when parsing the in side. This allows rpc
backends to assume that [ref] variables are all setup. Doesn't work
correctly for [ref] arrays yet
* changed DLIST_ADD_END() to take the type instead of a tmp
variable. This means you don't need to declare a silly tmp variable in
the caller
(This used to be commit 46e0a35819)
makes pidl about 3x faster, and also gives us much better error
reporting and a more standard grammer definition that will be much
easier to code in lex/yacc if we want to do so at a later
date. (Parse::Yapp uses essentially the same grammer file as lex/yacc)
It also means we no longer need Parse::RecDescent, which should make
pidl much more portable.
(This used to be commit 4bbaffeb44)
This patch adds the samr_CreateUser2 function, which is create_user
in Samba 3.0.
This also adds a torture suite that checks for various valid and invalid
account flags, and that they are persistant.
Also, a patch by Anthony Liguori to fix the build
Andrew Bartlett
(This used to be commit 53e657b745)
unknown1 is profile_path
If we are going to use automatic backend database generation then we
are going to have to move to really consistent field names in all our
IDL. Thats the only way we are going to be able to automate it a
lot. That will take a couple of days to do when we get to it.
(This used to be commit 1732aae562)
yet, but at least the request is understood by w2k3
Also modified pidl to allow multiple branches in a union to have the
same element. This is used in netlogon.
(This used to be commit 983c0e9683)
machine account password.
* neater handling on value() options in IDL. The auto-print code
will now display the right value so you don't need to initialise
it in your C code
(This used to be commit 3dd978b12b)
I would like the netlogon test suite to eventually do a new domain
join using a fake workstation name, then remove itself afterwards, but
for now I'm assuming we are already joined to the domain when the
testsuite runs. This means you need to use the Samba3 net command to
do a join before running RPC-NETLOGON
(This used to be commit 8c7a9446a0)
a pipe. I'm not sure how possible this will be without lots of human
intervention, but its an interesting thing to try.
(This used to be commit d5afe7c6a8)
* allow for an interface to list its endpoints in the IDL file, so we
can automatically make the server listen on the right pipes, and
can scan pipes more easily (I don't take advantage of this yet,
just putting the infrastructure in place)
(This used to be commit c8b8480244)
* make far more generated functions static
* get rid of gen_rpc, and include the client calls in ndr_*.c
* added placeholder IDL for a number of intefaces (dcom, wzcsvc, browser etc)
(This used to be commit a2bdf0be01)
uuid 82273fdc-e32a-18c3-3f78-827929dc23ea version 0x0000:0x0000 'eventlog'
24 calls available
WARNING: local IDL defines 4 calls
when all the WARNINGs are gone then we know we have all the calls :)
(This used to be commit f5821b2468)
* moved ntlmssp code into libcli/auth/, and updated to latest ntlmssp
code from samba3 (thanks Andrew! the new interface is great)
* added signing/ntlmssp support in the dcerpc code
* added a dcerpc_auth.c module for the various dcerpc auth mechanisms
(This used to be commit c18c9b5585)
test suite. The test suite dumps all of the interfaces available on
all pipes. There sure are a lot more interfaces on w2k3 than w2k !
(This used to be commit f94bc07990)
I have recoded the core dcerpc packet structures (all the PDUs etc) in
terms of IDL, which means we now use pidl to generate all the code for
handling the most basic dcerpc packets. This is not normally possible
as it isn't completely valid NDR, but pidl has a number of extensions
that make it quite easy.
This also means we get the server side dcerpc
marshalling/unmarshalling code for free.
(This used to be commit 92bcad0258)
* added a NDR validator. The way it works is that when the
DCERPC_DEBUG_VALIDATE_* flags are set the dcerpc system will
perform NDR buffer validation. On sending a request the packet is
first marshalled, then unmarahslled, then marshalled again, and it is
confirmed that the two marshalling results are idential. This
ensures that our pull and push routines are absolutely in sync, so
that we can be very confident that if a routine works in the client
then the corresponding routine must work on the server side. A
similar validation is performed on all replies.
* a result of this change is that pidl is fussier about the [ref]
tag. You can only use it on pointers (which is the only place it
makes sense)
* fixed a basic alignment bug in the push side of the NDR code
* added server side pull/push support. Our dcerpc system is now fully
ready to be used on the server side.
* fixed the relative offset pointer list. It must be traversed in
reverse order on push
* added automatic value setting for the size parameter in outgoing
SdBuf structures.
* expanded the ndr debugging code to always give a message on any
failure
* fixed the subcontext push code
* fixed some memory leaks in smbtorture RPC tests
(This used to be commit 8ecf720206)
that currently, but will in a couple of hours when I've finished my
NDR validator code)
* only a pointer can be [ref]
(This used to be commit 4e174564ae)
interface. We now support an arbitrary set of flags to each parser,
and these can be used to control the string types. I have provided
some common IDL string types in librpc/idl/idl_types.h which needs to
be included in every IDL file.
* added IDL for the endpoint mapper. Added a test suite that enumerates
all endpoints on the server.
(This used to be commit d2665f36a7)
are in fact 4 byte aligned. Create a ULONG8 type in samr for
those. This type should probably be made global later.
(This used to be commit e7dd116138)
alignment correctly for unions that have non-uint16 discriminants
fixed the union handling in srvsvc.idl. (metze, please take a look at
the changes, your IDL did match what was one the wire in most cases,
but isn't the way IDL is usually coded)
(This used to be commit 7b5d028729)
entriesreturned does not appear as a top-level IDL item. It appears in the
structure that is returned.
I have traces of TransportEnum that Ethereal properly dissects ...
(This used to be commit e3f0460378)
I am also concerned about the difference between NetShareEnum and
NetShareEnumAll. I would be interested to see a trace of NetShareEnumAll.
I also think we should stick to the names used in MSDN where possible, as
that makes it easier for people who are familiar with MSDN to help us get
this right.
(This used to be commit 580939e62e)
test user called "samrtorturetest" and then deletes it. The next step
is to do all possible user operations on that temporary user.
(This used to be commit 41fc922954)
on function names in ethereal)
implement TransportEnum - quite a cute call, you can ask for the
workstations list of network transports, including its ethernet
address.
(This used to be commit 62d7e9819c)
I think this is our first complete pipe for Samba4 (albeit a simple
one). Of course, there may be lots more info levels that Samba3 didn't
do. Time to explore :)
(This used to be commit 3305226140)
number of "magic" add-ons to IDL to make it less painful, hopefully
this will make IDL generation useful for horrible systems like spoolss
(This used to be commit e18dba7d5a)
in OpenPolicy and OpenPolicy2, so we don't in fact need the
[struct_len] attribute. This makes our IDL much closer to the MS IDL.
(This used to be commit f0a8f063a6)
properly, I'm still investigating that.
* changed dcerpc fault status code to NT_STATUS_NETWORK_WRITE_FAULT,
which I think is a better mapping
(This used to be commit 9ad28f6ddb)
interestingly, win2000 doesn't return the same list of rights via
lsa_EnumAccountRights() and lsa_EnumPrivsAccount()
(This used to be commit 447c5f13d4)
files around, but also added the first bits of auto-generated code for
the lsa pipe.
I haven't updated the Makefile to call pidl yet, so for now the code
was cut-and-pasted into librpc/ndr/ndr_lsa.c manually
(This used to be commit 6b222d3b65)
