IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
event_context for the socket_connect() call, so that when things that
use dcerpc are running alongside anything else it doesn't block the
whole process during a connect.
Then of course I needed to change any code that created a dcerpc
connection (such as the auth code) to also take an event context, and
anything that called that and so on .... thus the size of the patch.
There were 3 places where I punted:
- abartlet wanted me to add a gensec_set_event_context() call
instead of adding it to the gensec init calls. Andrew, my
apologies for not doing this. I didn't do it as adding a new
parameter allowed me to catch all the callers with the
compiler. Now that its done, we could go back and use
gensec_set_event_context()
- the ejs code calls auth initialisation, which means it should pass
in the event context from the web server. I punted on that. Needs fixing.
- I used a NULL event context in dcom_get_pipe(). This is equivalent
to what we did already, but should be fixed to use a callers event
context. Jelmer, can you think of a clean way to do that?
I also cleaned up a couple of things:
- libnet_context_destroy() makes no sense. I removed it.
- removed some unused vars in various places
(This used to be commit 3a3025485bdb8f600ab528c0b4b4eef0c65e3fc9)
seconds. This should prevent the problem I am seeing on a solaris box
where a rpc request gets stuck forever
(This used to be commit c24ab34813d675b9b81f3062fb6f30aae5697805)
The main difference in this new version is the extra data structure generated
between the IDL data structure and the NDR parser:
IDL -> NDR -> { ndr_parser, ndr_header, eparser, etc }
This makes the ndr_parser.pm internals much more sane.
Other changes include:
- Remove unnecessary calls with NDR_BUFFERS (for example, GUID doesn't have any buffers, just scalars) as well as some (unnecessary) nested setting of flags.
- Parse array loops in the C code rather then calling ndr_pull_array(). This allows us to have, for example, arrays of pointers or arrays of pointers to arrays, etc..
- Use if() {} rather then if () goto foo; everywhere
- NDR_IN no longer implies LIBNDR_FLAG_REF_ALLOC
- By default, top level pointers are now "ref" (as is the default in
most other IDL compilers). This can be overridden using the
default_pointer_top() property.
- initial work on new ethereal parser generators by Alan DeKok and me
- pidl now writes errors in the standard format used by compilers, which
is parsable by most editors
- ability to warn about the fact that pidl extension(s) have been used,
useful for making sure IDL files work with other IDL compilers.
oh, and there's probably some other things I can't think of right now..
(This used to be commit 13cf227615f6b9e0e5fa62e59197024410254f01)
The main volume of this patch was what I started working on today:
- Cleans up memory handling around DCE/RPC pipes, to have a parent talloc context.
- Uses sepereate inner loops for some of the DCE/RPC tests
The other and more important part of this patch fixes issues
surrounding the new credentials framwork:
This makes the struct cli_credentials always a talloc() structure,
rather than on the stack. Parts of the cli_credentials code already
assumed this.
There were other issues, particularly in the DCERPC over SMB handling,
as well as little things that had to be tidied up before test_w2k3.sh
would start to pass.
Andrew Bartlett
(This used to be commit 0453f9d05d2e336fba1f85dbf2718d01fa2bf778)
to fix dcerpc_pipe_close() on a secondary connection,
while the callers mem_ctx of a request is still valid
- fix up some memory contexts
TODO: split up output mem_ctx from ndr_pull context
metze
(This used to be commit 0bcbd694e903a3caeb0daa81b2f115ec8a1b93d5)
make it possible to add optimisations to the events code such as
keeping the next timed event in a sorted list, and using epoll for
file descriptor events.
I also removed the loop events code, as it wasn't being used anywhere,
and changed timed events to always be one-shot (as adding a new timed
event in the event handler is so easy to do if needed)
(This used to be commit d7b4b6de51342a65bf46fce772d313f92f8d73d3)
- there is no alter_nak or alter_ack packet, its all done in an
alter_response
- auto-allocated the contex_ids
- tried to fix up the dcom code to work again with
alter_context. Jelmer, please take a look :)
(This used to be commit dd1c54add8884376601f2f8a56c01bfb8add030c)
just does a simple LSA/DSSETUP combo, which is what w2k does in the
ACL editor rpc calls that triggered this work
(This used to be commit 0129ec947aa1fa5a7104dc3a666af3cb9bd104f1)
dcerpc_alter_context and multiple context_ids in the dcerpc client
library.
This stage does the following:
- split "struct dcerpc_pipe" into two parts, the main part being "struct dcerpc_connection", which
contains all the parts not dependent on the context, and "struct dcerpc_pipe" which has
the context dependent part. This is similar to the layering in libcli_*() for SMB
- disable the current dcerpc_alter code. I've used a #warning until i
get the 2nd phase finished. I don't know how portable #warning is, but
it won't be long before I add full alter context support anyway, so it won't last long
- cleanup the allocation of dcerpc_pipe structures. The previous code
was quite awkward.
(This used to be commit 4004c69937be7e5dae56f9567ca607f982d395d3)
- added #if TALLOC_DEPRECATED around the _p functions
- fixes the code that broke from the above
while doing this I fixed quite a number of places that were
incorrectly using the non type-safe talloc functions to use the type
safe ones. Some were even doing multiplies for array allocation, which
is potentially unsafe.
(This used to be commit 6e7754abd0c225527fb38363996a6e241b87b37e)
talloc_size() or talloc_array_p() where appropriate.
also fixed a memory leak in pvfs_copy_file() (failed to free a memory
context)
(This used to be commit 89b74b53546e1570b11b3702f40bee58aed8c503)
is less efficient, but I really doubt that matters.
- use enum in epmapper.idl for protocol type
- added support for "enum8bit" flag, used in epmapper.idl
(This used to be commit 1a24a50384b7f588844cd012f1218ca242ca4507)
will automatically be freed on program exit. This is useful for reducing
clutter in leak reports
(This used to be commit cf73dda652e0a121901f22771104be6751c0fcb9)
dcerpc_ndr_request_send()
- this allows us to call dcerpc_log_packet() when we receive a packet we
can't parse correctly
metze
(This used to be commit a7a6cea112a180a28188997ca99f30d8dd286bb8)
rather then a large table in librpc/gen_ndr/tables.c. This will allow us
to only link in only the required gen_ndr files (speeds up linking quite a
bit, makes binaries smaller).
Each gen_ndr_* file now has a init function that calls the init functions
of the interfaces it contains. I did it this way to keep pidl's code simple,
though it might hurt startup time a bit. I'd be happy to change it if
people like one function better.
(This used to be commit 3c436590ae95b58ad6d00e72d6fdd08a4d80f208)
The torture test DCOM-SIMPLE now successfully does an
IStream_Read and a IStream_Write call.
This test can now be run successfully against the "Simple DCOM" Visual
Studio example.
(You have to quote out line 337 in pidl. pidl complains if the variable
that contains the array size follows the array. I still need to fix this
properly)
Next goals:
- Clean up code
- Server side support
- Support custom marshalling
- Support DCOM interfaces in files other then dcom.idl
(This used to be commit 8693344772a9b700533179f4bacfe27ec27dfcfe)
- OXID tables work now. IOXIDResolver is used if there is used for getting a STRINGBINDING if none is known yet
- Add custom dissectors for STRINGARRAY and DUALSTRINGARRAY. If there's a way to get rid of these later on (by supporting them thru pidl somehow), I'd be happy to use that instead of doing it manually.
I can now get to the point where we have created an object and are connected to
it. The only thing left to do is being able to set the Object UUID properly..
(This used to be commit 54e1e5edca50d3cd496c080715e84ec62cb2a10c)
Both subsystems and modules can now have init functions, which can be
specified in .mk files (INIT_FUNCTION = ...)
The build system will define :
- SUBSYSTEM_init_static_modules that calls the init functions of all statically compiled modules. Failing to load will generate an error which is not fatal
- BINARY_init_subsystems that calls the init functions (if defined) for the subsystems the binary depends on
This removes the hack with the "static bool Initialised = " and the
"lazy_init" functions
(This used to be commit 7a8244761bfdfdfb48f8264d76951ebdfbf7bd8a)
- Support for sending over the object UUID in DCERPC calls
- Simple torture test for the DCOM "Simple" object
- Generate extra argument for "object" interfaces in pidl
- Some stubs for common DCOM functions
(This used to be commit c052f2e1edd816206d8974af3140cec7ef97a70c)
The thing that finally convinced me that minimal includes was worth
pursuing for rpc was a compiler (tcc) that failed to build Samba due
to reaching internal limits of the size of include files. Also the
fact that includes.h.gch was 16MB, which really seems excessive. This
patch brings it back to 12M, which is still too large, but
better. Note that this patch speeds up compile times for both the pch
and non-pch case.
This change also includes the addition iof a "depends()" option in our
IDL files, allowing you to specify that one IDL file depends on
another. This capability was needed for the auto-includes generation.
(This used to be commit b8f5fa8ac8e8725f3d321004f0aedf4246fc6b49)
taking a context (so when you pass a NULL pointer you end up with
memory in a top level context). Fixed it by changing the API to take a
context. The context is only used if the pointer you are reallocing is
NULL.
(This used to be commit 8dc23821c9f54b2f13049b5e608a0cafb81aa540)
server. CONNECT security uses NTLMSSP, but does not do any signing or
sealing (or equivalently, its like signing, but with a zero filled
checksum).
(This used to be commit f4660857bc708db7f5aa7487bf7ab04bffe68928)
closes the connetion and we got EBADF from select() and event_loop_once() fails
metze
(This used to be commit 9c0e50a6f3d628156b4543d5ded89e06be696f64)
NTLM sign
NTLM sign+seal
NTLM2 sign
NTLM2 sign+seal
and all of the above both with and without key exchange
the NTLM2 seal case is ugly and involves an extra data copy, which
some API changes in gensec or the ndr layer might avoid in future.
(This used to be commit fce7a4218b3136d880dd1a123e8525e3091bbed8)
This means that 'require NTLMv2 session security' now works for RPC
pipe signing. We don't yet have sealing, but it can't be much further.
This is almost all tridge's code, munged into a form that can work
with the GENSEC API.
This commit also includes more lsakey fixes - that key is used for all
DCE-RPC level authenticated connections, even over CIFS/ncacn_np.
No doubt I missed something, but I'm going to get some sleep :-)
Andrew Bartlett
(This used to be commit a1fe175eec884280fb7e9ca8f528134cf4600beb)
bytes to make sure they are zero. Non-zero values usually indicate one
of two things:
- the server is leaking data through sending uninitialised memory
- we have mistaken a real field in the IDL for padding
to differentiate between the two you really need to run with
"print,padcheck" and look carefully at whether the non-zero pad bytes
are random or appear to be deliberate.
(This used to be commit 7fdb778f81f14aaab75ab204431e4342a462957a)
The fix uses the new talloc_increase_ref_count() function in an
interesting way. I suspect this sort of technique will become quite
common.
(This used to be commit a86e629a39baf0ba2a6bb347eb9b72551c1477ff)
use readx/writex instead of the more efficient SMBtrans calls. This
patch restores the efficiency by using SMBtrans when possible.
(This used to be commit 83fbe080e7fcdf4168d85f654b802dc4538b8984)
generate a separate *_send() async function for every RPC call, and
there is a single dcerpc_ndr_request_recv() call that processes the
receive side of any rpc call. The caller can use
dcerpc_event_context() to get a pointer to the event context for the
pipe so that events can be waited for asynchronously.
The only part that remains synchronous is the initial bind
calls. These could also be made async if necessary, although I suspect
most applications won't need them to be.
(This used to be commit f5d004d8eb8c76c03342cace1976b27266cfa1f0)