IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
done by setting:
OUTPUT_TYPE = SHARED_LIBRARY
in the [SUBSYSTEM::...] section belonging to a subsystem.
The idea is to allow multiple values to OUTPUT_TYPE simultaneously
(e.g. OUTPUT_TYPE = SHARED_LIBRARY, STATIC_LIBRARY, OBJLIST )
response.
To work around the fact that the type of the returned data is not
encoded in the packet, this required adding ndr_pull_union_blob()
which allows us to pull a blob into a union with a specified switch
value, in this case the switch value comes from the calling NtVer field.
- qfsinfo (query file system information)
- appendacl (append an ACL to existing file's security descriptor and get new
full ACL)
The second one also includes an improvement to security descriptor handling
which allows to copy security descriptor. Written by Peter Novodvorsky
<peter.novodvorsky@ru.ibm.com>
Both functions have corresponding torture tests added. Tested under valgrind and
work against Samba 4 and Windows XP.
ToDo: document composite call creation process in prog_guide.txt
suite. The NBT-DGRAM test does a UDP/138 netlogon request, to which a
windows server sends a reply, but the windows server sends the reply
to the wrong port (it always sends to 138), so the test suite doesn't
see it.
datagrams. This adds the IDL to parse mailslot packets, plus mailslot
dispatch and listener registration code.
mailslots are used for UDP/138 browse and netlogon packets
server. Currently just listens on port 138 and parses the packets
(using IDL like the rest of NBT). This allows me to develop the
structures and test with real packets
auth/gensec and auth/kerberos.
This also pulls the kerberos configure code out of libads (which is
otherwise dead), and into auth/kerberos/kerberos.m4
Andrew Bartlett
up issues I introduced during the merge, that caused a segfault.
I've still not got the keytab code to work for me (using Samba3 to
generate the keytab) so this is still not fully tested, but it's
better than it was.
To add debugging, I now use the krb5_get_error_message() function from
Heimdal when present, to return the custom error string, which
contains far, far more information than the simple error code does.
(This last point may well be worth merging back into 3.0)
Andrew Bartlett
client. The issue was actually a cut-and-paste bug, I was filling in
the .old not the .nt1 part of the union.
I've also removed the 'error checks' - I'll shortly document the API
for the credentials code to clarify that it will always return a
pointer here, except in cases of programmer error.
Tridge: I hope this is OK.
Andrew Bartlett
GENSEC, and to pull SCHANNEL into GENSEC, by making it less 'special'.
GENSEC now no longer has it's own handling of 'set username' etc,
instead it uses cli_credentials calls.
In order to link the credentails code right though Samba, a lot of
interfaces have changed to remove 'username, domain, password'
arguments, and these have been replaced with a single 'struct
cli_credentials'.
In the session setup code, a new parameter 'workgroup' contains the
client/server current workgroup, which seems unrelated to the
authentication exchange (it was being filled in from the auth info).
This allows in particular kerberos to only call back for passwords
when it actually needs to perform the kinit.
The kerberos code has been modified not to use the SPNEGO provided
'principal name' (in the mechListMIC), but to instead use the name the
host was connected to as. This better matches Microsoft behaviour,
is more secure and allows better use of standard kerberos functions.
To achieve this, I made changes to our socket code so that the
hostname (before name resolution) is now recorded on the socket.
In schannel, most of the code from librpc/rpc/dcerpc_schannel.c is now
in libcli/auth/schannel.c, and it looks much more like a standard
GENSEC module. The actual sign/seal code moved to
libcli/auth/schannel_sign.c in a previous commit.
The schannel credentails structure is now merged with the rest of the
credentails, as many of the values (username, workstation, domain)
where already present there. This makes handling this in a generic
manner much easier, as there is no longer a custom entry-point.
The auth_domain module continues to be developed, but is now just as
functional as auth_winbind. The changes here are consequential to the
schannel changes.
The only removed function at this point is the RPC-LOGIN test
(simulating the load of a WinXP login), which needs much more work to
clean it up (it contains copies of too much code from all over the
torture suite, and I havn't been able to penetrate its 'structure').
Andrew Bartlett
