IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
files don't need to match the type names in the generated headers
- with this type mapping we no longer need definitions for the
deprecated "int32", "uint8" etc form of types. We can now force
everyone to use the standard types int32_t, uint8_t etc.
- fixed all the code that used the deprecated types
- converted the IDL types "int64" and "uint64" to "dlong" and
"udlong". These are the 4 byte aligned 64 bit integers that
Microsoft internally define as two 32 bit integers in a
structure. After discussions with Ronnie Sahlberg we decided that
calling these "int64" was confusing, as it implied a true 8 byte
aligned type
- fixed all the cases where we incorrectly used things like
"NTTIME_hyper" in our C code. The generated API now uses a NTTIME for
those. The fact that it is hyper-aligned on the wire is not relevant
to the API, and should remain just a IDL property
- structures defined using IDL in nbt.idl
- build around our events structure, and talloc
- fully async
- supports all NBT packet fields as per rfc1002
- easy interfaces for name query and status
For the moment there are just a couple of test functions in
namequery.c, test_name_query() and test_name_status(). These will be
removed when we hook the new library into libcli/ fully
The new library will also be a fairly good basis for a nbt
server. Although it can't be a server as-is, I wrote it with the needs
of a server in mind (for example, extremely scalable idtree based
packet handling)
- added async support to the negprot client code
- removed two unused parameters from smbcli_full_connection() code
- converted smbclient to use smbcli_full_connection() rather than
reinventing everything itself
socket connections. This was complicated by a few factors:
- it meant moving the event context from clitransport to clisocket,
so lots of structures changed
- we need to asynchronously handle connection to lists of port
numbers, not just one port number. The code internally tries each
port in the list in turn, without ever blocking
- the man page on how connect() is supposed to work asynchronously
doesn't work in practice (now why doesn't this surprise me?). The
getsockopt() for SOL_ERROR is supposed to retrieve the error, but
in fact the next (unrelated) connect() call on the same socket also
gets an error, though not the right error. To work around this I
need to tear down the whole socket between each attempted port. I
hate posix.
Note that clisocket.c still does a blocking name resolution call in
smbcli_sock_connect_byname(). That will be fixed when we add the async
NBT resolution code.
Also note that I arranged things so that every SMB connection is now
async internally, so using plain smbclient or smbtorture tests all the
async features of this new code.
- Use templates for Secrets and the new trusted domains
- Auto-add modifiedTime, createdTime and objectGUID to records in the
samdb layer.
Andrew Bartlett
that the GENSEC mechanism wishes to select. It is of course up to the
GENSEC mech and the remote server to actually support this however...
Andrew Bartlett
This uses LDB (a local secrets.ldb and the global samdb) to fill out
the secrets from an LSA perspective.
Some small changes to come, but the bulk of the work is now done.
A re-provision is required after this change.
Andrew Bartlett
This call uses a new IDL type, NTTIME_hyper. This is 8-byte aligned,
as the name suggests.
Expand the QuerySecret LSA calls in RPC-SAMLOGON and RPC-LSA, to
validate the behaviour of times, and of the old secrets.
Thanks to tridge for spotting the use of HYPER!
Andrew Bartlett
token in the client (the final token in the negotiation).
Consequential fixes in the SPNEGO code, which now uses the out.length
as the indicator of 'I need to send something to the other side'.
Merge the NTLM and SPNEGO DCE-RPC authentication routines in the client.
Fix the RPC-MULTIBIND test consequent to this merge.
Andrew Bartlett
- added support for "spnego" in binding strings. This enables SPNEGO
auth in the dcerpc client code, using as many allter_context calls as
are needed
To try SPNEGO do this:
smbtorture ncacn_ip_tcp:SERVER[spnego,seal] -Uadministrator%password RPC-SAMR
use function pointers anymore
- make the module init much easier
- a lot of cleanups
don't try to read the diff in auth/ better read the new files
it passes test_echo.sh and test_rpc.sh
abartlet: please fix spelling fixes
metze
- there is no alter_nak or alter_ack packet, its all done in an
alter_response
- auto-allocated the contex_ids
- tried to fix up the dcom code to work again with
alter_context. Jelmer, please take a look :)
dcerpc_alter_context and multiple context_ids in the dcerpc client
library.
This stage does the following:
- split "struct dcerpc_pipe" into two parts, the main part being "struct dcerpc_connection", which
contains all the parts not dependent on the context, and "struct dcerpc_pipe" which has
the context dependent part. This is similar to the layering in libcli_*() for SMB
- disable the current dcerpc_alter code. I've used a #warning until i
get the 2nd phase finished. I don't know how portable #warning is, but
it won't be long before I add full alter context support anyway, so it won't last long
- cleanup the allocation of dcerpc_pipe structures. The previous code
was quite awkward.
- added #if TALLOC_DEPRECATED around the _p functions
- fixes the code that broke from the above
while doing this I fixed quite a number of places that were
incorrectly using the non type-safe talloc functions to use the type
safe ones. Some were even doing multiplies for array allocation, which
is potentially unsafe.
talloc_size() if you want the old behaviour.
I have kept talloc_p() as an alias for now. Once we change all calls
to be plain talloc() then we can remove it.