IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
- gtk+ (returned by GtkHostBindingDialog as well now)
- torture/
- librpc/
- lib/com/dcom/
(This used to be commit ccefd782335e01e8e6ecb2bcd28a4f999c53b1a6)
I wanted to add a simple 'workstation' argument to the DCERPC
authenticated binding calls, but this patch kind of grew from there.
With SCHANNEL, the 'workstation' name (the netbios name of the client)
matters, as this is what ties the session between the NETLOGON ops and
the SCHANNEL bind. This changes a lot of files, and these will again
be changed when jelmer does the credentials work.
I also correct some schannel IDL to distinguish between workstation
names and account names. The distinction matters for domain trust
accounts.
Issues in handling this (issues with lifetime of talloc pointers)
caused me to change the 'creds_CredentialsState' and 'struct
dcerpc_binding' pointers to always be talloc()ed pointers.
In the schannel DB, we now store both the domain and computername, and
query on both. This should ensure we fault correctly when the domain
is specified incorrectly in the SCHANNEL bind.
In the RPC-SCHANNEL test, I finally fixed a bug that vl pointed out,
where the comment claimed we re-used a connection, but in fact we made
a new connection.
This was achived by breaking apart some of the
dcerpc_secondary_connection() logic.
The addition of workstation handling was also propogated to NTLMSSP
and GENSEC, for completeness.
The RPC-SAMSYNC test has been cleaned up a little, using a loop over
usernames/passwords rather than manually expanded tests. This will be
expanded further (the code in #if 0 in this patch) to use a newly
created user account for testing.
In making this test pass test_rpc.sh, I found a bug in the RPC-ECHO
server, caused by the removal of [ref] and the assoicated pointer from
the IDL. This has been re-added, until the underlying pidl issues are
solved.
(This used to be commit 824289dcc20908ddec957a4a892a103eec2da9b9)
so we can specify allowed target service names in the idl file
the default is "host"
metze
(This used to be commit bf40d5321f3257bf9354a42d31265f1a9b0d53ad)
less likely that anyone will use pstring for new code
- got rid of winbind_client.h from includes.h. This one triggered a
huge change, as winbind_client.h was including system/filesys.h and
defining the old uint32 and uint16 types, as well as its own
pstring and fstring.
(This used to be commit 9db6c79e902ec538108d6b7d3324039aabe1704f)
accidently have the same protocol id as UUID's)
Before this, Samba would give NDR errors when contacting
a remote server that has IPX support enabled.
This one was on my long due bugs list.
(This used to be commit 7b847de64f35b8e897b64ad047d8aea3813214f8)
the header, and defined on the wire as a 4 byte network byte order
IP. This means the calling code doesn't have to worry about network
byte order conversions.
(This used to be commit 72048e37179dd5b9ada0c5280d2f0d8c23d1a17d)
Note this doesn't work currently because the gensec_modules are not ready for that yet
metze
(This used to be commit 7b09a3f725baca5d4483b7ec24a9cb6151557bb5)
- added async support to the negprot client code
- removed two unused parameters from smbcli_full_connection() code
- converted smbclient to use smbcli_full_connection() rather than
reinventing everything itself
(This used to be commit 71cbe2873473e039b4511511302cb63f1c50bce8)
token in the client (the final token in the negotiation).
Consequential fixes in the SPNEGO code, which now uses the out.length
as the indicator of 'I need to send something to the other side'.
Merge the NTLM and SPNEGO DCE-RPC authentication routines in the client.
Fix the RPC-MULTIBIND test consequent to this merge.
Andrew Bartlett
(This used to be commit 43e3516fc03008e97ebb4ad1a0cde464303f43c6)
advanced auth types we should do a plain bind. This fixes rpc
connections to ancient servers (like sun cascade)
(This used to be commit 59a5a0b218f7182c541a06ffc4528c1160699033)
- added support for "spnego" in binding strings. This enables SPNEGO
auth in the dcerpc client code, using as many allter_context calls as
are needed
To try SPNEGO do this:
smbtorture ncacn_ip_tcp:SERVER[spnego,seal] -Uadministrator%password RPC-SAMR
(This used to be commit 9c0a3423f03111c110d21c0d3910e16aa1a8bf87)
- there is no alter_nak or alter_ack packet, its all done in an
alter_response
- auto-allocated the contex_ids
- tried to fix up the dcom code to work again with
alter_context. Jelmer, please take a look :)
(This used to be commit dd1c54add8884376601f2f8a56c01bfb8add030c)
just does a simple LSA/DSSETUP combo, which is what w2k does in the
ACL editor rpc calls that triggered this work
(This used to be commit 0129ec947aa1fa5a7104dc3a666af3cb9bd104f1)
dcerpc_alter_context and multiple context_ids in the dcerpc client
library.
This stage does the following:
- split "struct dcerpc_pipe" into two parts, the main part being "struct dcerpc_connection", which
contains all the parts not dependent on the context, and "struct dcerpc_pipe" which has
the context dependent part. This is similar to the layering in libcli_*() for SMB
- disable the current dcerpc_alter code. I've used a #warning until i
get the 2nd phase finished. I don't know how portable #warning is, but
it won't be long before I add full alter context support anyway, so it won't last long
- cleanup the allocation of dcerpc_pipe structures. The previous code
was quite awkward.
(This used to be commit 4004c69937be7e5dae56f9567ca607f982d395d3)
is less efficient, but I really doubt that matters.
- use enum in epmapper.idl for protocol type
- added support for "enum8bit" flag, used in epmapper.idl
(This used to be commit 1a24a50384b7f588844cd012f1218ca242ca4507)
rather then a large table in librpc/gen_ndr/tables.c. This will allow us
to only link in only the required gen_ndr files (speeds up linking quite a
bit, makes binaries smaller).
Each gen_ndr_* file now has a init function that calls the init functions
of the interfaces it contains. I did it this way to keep pidl's code simple,
though it might hurt startup time a bit. I'd be happy to change it if
people like one function better.
(This used to be commit 3c436590ae95b58ad6d00e72d6fdd08a4d80f208)
The torture test DCOM-SIMPLE now successfully does an
IStream_Read and a IStream_Write call.
This test can now be run successfully against the "Simple DCOM" Visual
Studio example.
(You have to quote out line 337 in pidl. pidl complains if the variable
that contains the array size follows the array. I still need to fix this
properly)
Next goals:
- Clean up code
- Server side support
- Support custom marshalling
- Support DCOM interfaces in files other then dcom.idl
(This used to be commit 8693344772a9b700533179f4bacfe27ec27dfcfe)
and then possibly does a epm_Map call().
ncacn_np now also uses dcerpc_epm_map_binding()
(This used to be commit 77eec3fa18dbbf4d774ccf04c7a38b0887f26ca6)
I have created the include/system/ directory, which will contain the
wrappers for the system includes for logical subsystems. So far I have
created include/system/kerberos.h and include/system/network.h, which
contain all the system includes for kerberos code and networking code.
These are the included in subsystems that need kerberos or networking
respectively.
Note that this method avoids the mess of #ifdef HAVE_XXX_H in every C
file, instead each C module includes the include/system/XXX.h file for
the logical system support it needs, and the details are kept isolated
in include/system/
This patch also creates a "struct ipv4_addr" which replaces "struct
in_addr" in our code. That avoids every C file needing to import all
the system networking headers.
(This used to be commit 2e25c71853f8996f73755277e448e7d670810349)
The thing that finally convinced me that minimal includes was worth
pursuing for rpc was a compiler (tcc) that failed to build Samba due
to reaching internal limits of the size of include files. Also the
fact that includes.h.gch was 16MB, which really seems excessive. This
patch brings it back to 12M, which is still too large, but
better. Note that this patch speeds up compile times for both the pch
and non-pch case.
This change also includes the addition iof a "depends()" option in our
IDL files, allowing you to specify that one IDL file depends on
another. This capability was needed for the auto-includes generation.
(This used to be commit b8f5fa8ac8e8725f3d321004f0aedf4246fc6b49)
rather than doing everything itself. This greatly simplifies the
code, although I really don't like the socket_recv() interface (it
always allocates memory for you, which means an extra memcpy in this
code)
- fixed several bugs in the socket_ipv4.c code, in particular client
side code used a non-blocking connect but didn't handle EINPROGRESS,
so it had no chance of working. Also fixed the error codes, using
map_nt_error_from_unix()
- cleaned up and expanded map_nt_error_from_unix()
- changed interpret_addr2() to not take a mem_ctx. It makes absolutely
no sense to allocate a fixed size 4 byte structure like this. Dozens
of places in the code were also using interpret_addr2() incorrectly
(precisely because the allocation made no sense)
(This used to be commit 7f2c771b0e0e98c5c9e5cf662592d64d34ff1205)
interpret_addr() and if someone wants to add support to that function
for ipv6 then they are welcome to.
(This used to be commit 50377db11bb727b407744e0c50805c8f90810c16)
- Support binding strings like :
ncacn_np:[sign]
ncacn_np:myhost[seal,sign,endpoint]
again
(This used to be commit b53f4cd1697345065c7d979ba63237bf828dc07f)
