IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
that depend on variables that come after the array in the structure or function.
This has been something that has been problematic for a while, but the
winreg QueryValue problem finally prompted me to fix it properly. We
should now go back and fix up all the ugly workarounds we have used to
avoid this problem in other calls.
Unfortunately the solution is fairly complex, and involves the use of
the internal ndr token lists (similar to the solution for relative
pointers). I wonder if anyone else will be able to follow the logic if
I get run over by a bus :-)
I decided to use IDL/NDR to encode the attribute, as it gives us a
simple way to describe and extend the saved attributes.
The xattr code needs to hook into quite a few more places in the pvfs
code, but this at least gets the basics done. I will start encoding
alternate data streams streams, DOS EAs etc soon using the same basic
mechanism.
I'll probably stick to "version 1" for the xattr.idl for quite a while
even though it will be changing, as I don't expect anyone to be
deploying this in production just yet. Once we have production users
we will need to keep compatibility by supporting all the old version
numbers in xattr.idl.
taking a context (so when you pass a NULL pointer you end up with
memory in a top level context). Fixed it by changing the API to take a
context. The context is only used if the pointer you are reallocing is
NULL.
for this struct and all sub-structures to be like spoolss relative
pointers (where offset is relative to current position).
volker will test this for me :)
generate a separate *_send() async function for every RPC call, and
there is a single dcerpc_ndr_request_recv() call that processes the
receive side of any rpc call. The caller can use
dcerpc_event_context() to get a pointer to the event context for the
pipe so that events can be waited for asynchronously.
The only part that remains synchronous is the initial bind
calls. These could also be made async if necessary, although I suspect
most applications won't need them to be.
This version does the following:
1) talloc_free(), talloc_realloc() and talloc_steal() lose their
(redundent) first arguments
2) you can use _any_ talloc pointer as a talloc context to allocate
more memory. This allows you to create complex data structures
where the top level structure is the logical parent of the next
level down, and those are the parents of the level below
that. Then destroy either the lot with a single talloc_free() or
destroy any sub-part with a talloc_free() of that part
3) you can name any pointer. Use talloc_named() which is just like
talloc() but takes the printf style name argument as well as the
parent context and the size.
The whole thing ends up being a very simple piece of code, although
some of the pointer walking gets hairy.
So far, I'm just using the new talloc() like the old one. The next
step is to actually take advantage of the new interface
properly. Expect some new commits soon that simplify some common
coding styles in samba4 by using the new talloc().
in pidl. This mechanism should be much easier to extend to the
"retrospective subcontexts" that jelmer needs.
also produced more standards complient full-pointer offsets. This
keeps ethereal happy with decoding our epmapper frames.
like normal pointers in most cases. This means we can now support
relative pointers to unions, builtin types etc, whereas we could only
previously support relative pointers to structures.
metze needs this for the PAC decoding.
This implements gensec for Samba's server side, and brings gensec up
to the standards of a full subsystem.
This means that use of the subsystem is by gensec_* functions, not
function pointers in structures (this is internal). This causes
changes in all the existing gensec users.
Our RPC server no longer contains it's own generalised security
scheme, and now calls gensec directly.
Gensec has also taken over the role of auth/auth_ntlmssp.c
An important part of gensec, is the output of the 'session_info'
struct. This is now reference counted, so that we can correctly free
it when a pipe is closed, no matter if it was inherited, or created by
per-pipe authentication.
The schannel code is reworked, to be in the same file for client and
server.
ntlm_auth is reworked to use gensec.
The major problem with this code is the way it relies on subsystem
auto-initialisation. The primary reason for this commit now.is to
allow these problems to be looked at, and fixed.
There are problems with the new code:
- I've tested it with smbtorture, but currently don't have VMware and
valgrind working (this I'll fix soon).
- The SPNEGO code is client-only at this point.
- We still do not do kerberos.
Andrew Bartlett
which the offset applies to. In an array of structures containing
relative members, the offset applies to the start of the array element
being marshalled. Previously, there was no way to access the relevant
structure start as by the time we have hit buffers, the head of the
offset list will be the last structure being marshalled.
Interestingly enough, this makes relstrs go away. I think we thought
they were a special case in samba 3 but it turns out they are just
regular relative elements in the idl. This makes spoolss a lot simpler
than I thought it would be.
I've run the samr and lsa tests and this doesn't seem to break anything.
It looks like security descriptors are the only structures that contain
relative members.
Oh yeah, this will probably require a 'make clean && make' otherwise you
will get bizzare errors.
- added server side support for schannel type 23. This allows WinXP to establish a schannel connection
to Samba4 as an ADS DC
- added client side support for schannel type 23, but disabled it as currently the client
code has now way of getting the fully qualified domain name (which is needed)
- report dcerpc faults in the server code in the log
e.g.
ncacn_np:myserver:[samr,sign,print]
will now enable the packet debugging
and the debugging is not bound anymore to the debuglevel >= 2
in the torture tests
- also the dcesrv_remote module now supports debugging of the packets
use the 'dcerpc_remote:binding' smb.conf parameter.
metze
don't cause fragmented pdus (I'll add fragments shortly)
* change data_blob_talloc() to not zero memory when the 2nd argument
is NULL. The zeroing just masks bugs, and can't even allow a DOS
attack
* modified pidl to ensure that [ref] arguments to the out side of
functions are allocated when parsing the in side. This allows rpc
backends to assume that [ref] variables are all setup. Doesn't work
correctly for [ref] arrays yet
* changed DLIST_ADD_END() to take the type instead of a tmp
variable. This means you don't need to declare a silly tmp variable in
the caller
* moved ntlmssp code into libcli/auth/, and updated to latest ntlmssp
code from samba3 (thanks Andrew! the new interface is great)
* added signing/ntlmssp support in the dcerpc code
* added a dcerpc_auth.c module for the various dcerpc auth mechanisms
according to the current IDL taking the data from a file. In
combination with a little hack to ethereal to extract data this is a
quite powerful IDL development tool.
I have recoded the core dcerpc packet structures (all the PDUs etc) in
terms of IDL, which means we now use pidl to generate all the code for
handling the most basic dcerpc packets. This is not normally possible
as it isn't completely valid NDR, but pidl has a number of extensions
that make it quite easy.
This also means we get the server side dcerpc
marshalling/unmarshalling code for free.
* don't consider not doing lsa_QueryInfoPolicy level 11 a failure
(w2k3 doesn't have this level, w2k does)
* on a NDR validation failure dump the failed data at level 3
* added a NDR validator. The way it works is that when the
DCERPC_DEBUG_VALIDATE_* flags are set the dcerpc system will
perform NDR buffer validation. On sending a request the packet is
first marshalled, then unmarahslled, then marshalled again, and it is
confirmed that the two marshalling results are idential. This
ensures that our pull and push routines are absolutely in sync, so
that we can be very confident that if a routine works in the client
then the corresponding routine must work on the server side. A
similar validation is performed on all replies.
* a result of this change is that pidl is fussier about the [ref]
tag. You can only use it on pointers (which is the only place it
makes sense)
* fixed a basic alignment bug in the push side of the NDR code
* added server side pull/push support. Our dcerpc system is now fully
ready to be used on the server side.
* fixed the relative offset pointer list. It must be traversed in
reverse order on push
* added automatic value setting for the size parameter in outgoing
SdBuf structures.
* expanded the ndr debugging code to always give a message on any
failure
* fixed the subcontext push code
* fixed some memory leaks in smbtorture RPC tests
interface. We now support an arbitrary set of flags to each parser,
and these can be used to control the string types. I have provided
some common IDL string types in librpc/idl/idl_types.h which needs to
be included in every IDL file.
* added IDL for the endpoint mapper. Added a test suite that enumerates
all endpoints on the server.
alignment correctly for unions that have non-uint16 discriminants
fixed the union handling in srvsvc.idl. (metze, please take a look at
the changes, your IDL did match what was one the wire in most cases,
but isn't the way IDL is usually coded)
