IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
Both subsystems and modules can now have init functions, which can be
specified in .mk files (INIT_FUNCTION = ...)
The build system will define :
- SUBSYSTEM_init_static_modules that calls the init functions of all statically compiled modules. Failing to load will generate an error which is not fatal
- BINARY_init_subsystems that calls the init functions (if defined) for the subsystems the binary depends on
This removes the hack with the "static bool Initialised = " and the
"lazy_init" functions
(This used to be commit 7a8244761bfdfdfb48f8264d76951ebdfbf7bd8a)
deferred reply is short-circuited immediately when the file is
closed by another user, allowing it to be opened by the waiting user.
- added a sane set of timeval manipulation routines
- converted all the events code and code that uses it to use struct
timeval instead of time_t, which allows for microsecond resolution
instead of 1 second resolution. This was needed for doing the pvfs
deferred open code, and is why the patch is so big.
(This used to be commit 0d51511d408d91eb5f68a35e980e0875299b1831)
- tidied up some of the system includes
- moved a few more structures back from misc.idl to netlogon.idl and samr.idl now that pidl
knows about inter-IDL dependencies
(This used to be commit 7b7477ac42d96faac1b0ff361525d2c63cedfc64)
The thing that finally convinced me that minimal includes was worth
pursuing for rpc was a compiler (tcc) that failed to build Samba due
to reaching internal limits of the size of include files. Also the
fact that includes.h.gch was 16MB, which really seems excessive. This
patch brings it back to 12M, which is still too large, but
better. Note that this patch speeds up compile times for both the pch
and non-pch case.
This change also includes the addition iof a "depends()" option in our
IDL files, allowing you to specify that one IDL file depends on
another. This capability was needed for the auto-includes generation.
(This used to be commit b8f5fa8ac8e8725f3d321004f0aedf4246fc6b49)
Examples of binding strings are :
ncalrpc:[EPMAPPER]
ncacn_unix_stream:[/tmp/epmapper]
N.B. The unix socket support in lib/socket/ appears to close and remove the
socket it is listening on after the first client disconnects so until
that has been fixed, it is only possible to do one ncalrpc: or ncacn_unix_stream: request per instance of smbd :-)
Support for looking up NCALRPC names via the endpoint mapper will be added later.
(This used to be commit 426f3e63cae3d306dcdc13ee4b655eed30057ff8)
- Add protocol sequence to dcerpc transports (will be used later on)
- Add more transports to the list
(This used to be commit ab110192e6e2c1e5a3b2befe7b61158744f15d18)
specifying a endpoint is now also 'endpoint' instead of 'endpoints'. The
default endpoint (if none is specified) is still "ncacn_np:[\\pipe\\ifacename]",
where ifacename is the name of the interface.
Examples:
[
uuid(60a15ec5-4de8-11d7-a637-005056a20182),
endpoint("ncacn_np:[\\pipe\\rpcecho]", "ncacn_ip_tcp:")
]
interface rpcecho
{
void dummy();
}
dcerpc_binding is now converted to ep_description in the server, but I hope to
completely eliminate ep_description later on.
The eventual goal of all these changes is to make it easier to add
transports as I'm going to add support for
ncalrpc (local RPC over named pipes) and ncacn_unix_stream (Unix sockets).
(This used to be commit f3da7c8b443a29b0c656c687a277384ae1353792)
existing call rather than creating a new one. This prevents call
structures hanging around on the rpc connection context until it is
closed
(This used to be commit c51ca7c0e73b97435c245cd440a4fb979cf6a4f3)
taking a context (so when you pass a NULL pointer you end up with
memory in a top level context). Fixed it by changing the API to take a
context. The context is only used if the pointer you are reallocing is
NULL.
(This used to be commit 8dc23821c9f54b2f13049b5e608a0cafb81aa540)
rather than manual reference counts
- properly support SMBexit in the cifs and posix backends
- added a logoff method to all backends
With these changes the RAW-CONTEXT test now passes against the posix backend
(This used to be commit c315d6ac1cc40546fde1474702a6d66d07ee13c8)
library are closed on abnormal termination
- convert the service.h structures to the new talloc methods
(This used to be commit 2dc334a3284858eb1c7190f9687c9b6c879ecc9d)
server code. This fixes a number of memory leaks I found when testing
with valgrind and smbtorture, as the cascading effect of a
talloc_free() ensures that anything derived from the top level object
is destroyed on disconnect.
(This used to be commit 76d0b8206ce64d6ff4a192979c43dddbec726d6e)
expect. It isn't an error as w2k3 does this on its first packet when
NTLM2 signing is used.
(This used to be commit daaee86d1441afec9915e5f2ffc10b200a1ff564)
'authenticated' connections.
Fix kerberos session key issues - we need to call the
routine for extracting the session key, not just read the cache.
Andrew Bartlett
(This used to be commit b80d849b6b586869fc7d3d4153db1a316f2867a9)
Fix indent, and add a few more useful debug messages.
Send a fault, if the bind is not accepted - don't just leave the client hanging.
Andrew Bartlett
(This used to be commit 486215edc1148ad754632be37760dc0d38b0340d)
This version does the following:
1) talloc_free(), talloc_realloc() and talloc_steal() lose their
(redundent) first arguments
2) you can use _any_ talloc pointer as a talloc context to allocate
more memory. This allows you to create complex data structures
where the top level structure is the logical parent of the next
level down, and those are the parents of the level below
that. Then destroy either the lot with a single talloc_free() or
destroy any sub-part with a talloc_free() of that part
3) you can name any pointer. Use talloc_named() which is just like
talloc() but takes the printf style name argument as well as the
parent context and the size.
The whole thing ends up being a very simple piece of code, although
some of the pointer walking gets hairy.
So far, I'm just using the new talloc() like the old one. The next
step is to actually take advantage of the new interface
properly. Expect some new commits soon that simplify some common
coding styles in samba4 by using the new talloc().
(This used to be commit e35bb094c52e550b3105dd1638d8d90de71d854f)
in pidl. This mechanism should be much easier to extend to the
"retrospective subcontexts" that jelmer needs.
also produced more standards complient full-pointer offsets. This
keeps ethereal happy with decoding our epmapper frames.
(This used to be commit ecb7378bbcd86727aedfa04a9e302e06b0a2ccd9)
the idea is to have services as modules (smb, dcerpc, swat, ...)
the process_model don't know about the service it self anymore.
TODO:
- the smbsrv should use the smbsrv_send function
- the service subsystem init should be done like for other modules
- we need to have a generic socket subsystem, which handle stream, datagram,
and virtuell other sockets( e.g. for the ntvfs_ipc module to connect to the dcerpc server
, or for smb or dcerpc or whatever to connect to a server wide auth service)
- and other fixes...
NOTE: process model pthread seems to be broken( but also before this patch!)
metze
(This used to be commit bbe5e00715ca4013ff0dbc345aa97adc6b5c2458)
This implements gensec for Samba's server side, and brings gensec up
to the standards of a full subsystem.
This means that use of the subsystem is by gensec_* functions, not
function pointers in structures (this is internal). This causes
changes in all the existing gensec users.
Our RPC server no longer contains it's own generalised security
scheme, and now calls gensec directly.
Gensec has also taken over the role of auth/auth_ntlmssp.c
An important part of gensec, is the output of the 'session_info'
struct. This is now reference counted, so that we can correctly free
it when a pipe is closed, no matter if it was inherited, or created by
per-pipe authentication.
The schannel code is reworked, to be in the same file for client and
server.
ntlm_auth is reworked to use gensec.
The major problem with this code is the way it relies on subsystem
auto-initialisation. The primary reason for this commit now.is to
allow these problems to be looked at, and fixed.
There are problems with the new code:
- I've tested it with smbtorture, but currently don't have VMware and
valgrind working (this I'll fix soon).
- The SPNEGO code is client-only at this point.
- We still do not do kerberos.
Andrew Bartlett
(This used to be commit 07fd885fd488fd1051eacc905a2d4962f8a018ec)
- added workstation to auth_session_info in rpc servers
- added session key fetch hook in crypto backends in dcesrv
- store and fetch seed as well as a session key in schannel ldb
- when a client uses schannel to setup a netlogon pipe connection we
also need to setup the credentials from the schannel negotiation so
credentials chaining works
- added server side netr_LogonGetDomainInfo() call
(This used to be commit a35459387de3b6a422c5af6f658338fc7e4314b0)
the dce_conn->auth_state.session_info
( the ntlmssp one works fine, but the schannel one isn't implemented yet)
this is also set by the ntvfs_ipc backend on the endpoint connect.
metze
(This used to be commit ad3dd1789e9f124493519cb4731d9f5a563fd051)
makes it much easier to develop the IDL for new requests, especially
for sealed pipes, where ethereal cannot easily extract the data.
(This used to be commit 0cde043592d2d2439cf0cd8bf113545e78be5dfd)
I made it much more generic, and we should be able to add a
module interface to this code, so that other DCERPC_AUTH types can be added
via modules...
metze
(This used to be commit d09abeb686c43c62322205689273d1b417113004)
names rather than our crazy naming scheme. So DES is now called
des_crypt() rather than smbhash()
- added the code from the solution of the ADS crypto challenge that
allows Samba to correctly handle a 128 bit session key in all of the
netr_ServerAuthenticateX() varients. A huge thanks to Luke Howard
from PADL for solving this one!
- restructured the server side rpc authentication to allow for other
than NTLMSSP sign and seal. This commit just adds the structure, the
next commit will add schannel server side support.
- added 128 bit session key support to our client side code, and
testing against w2k3 with smbtorture. Works well.
(This used to be commit 729b2f41c924a0b435d44a14209e6dacc2304cee)
servers. Previously the server pipe code needed to return the RPC
level status (nearly always "OK") and separately set the function call
return using r->out.result. All the programmers writing servers
(metze, jelmer and me) were often getting this wrong, by doing things
like "return NT_STATUS_NO_MEMORY" which was really quite meaningless
as there is no code like that at the dcerpc level.
I have now modified pidl to generate the necessary boilerplate so that
just returning the status you want from the function will work. So for
a NTSTATUS function you return NT_STATUS_XXX and from a WERROR
function you return WERR_XXX. If you really want to generate a DCERPC
level fault rather than just a return value in your function then you
should use the DCESRV_FAULT() macro which will correctly generate a
fault for you.
As a side effect, this also adds automatic type checking of all of our
server side rpc functions, which was impossible with the old API. When
I changed the API I found and fixed quite a few functions with the
wrong type information, so this is definately useful.
I have also changed the server side template generation to generate a
DCERPC "operation range error" by default when you have not yet filled
in a server side function. This allows us to correctly implement
functions in any order in our rpc pipe servers and give the client the
right information about the fault.
(This used to be commit a4df5c7cf88891a78d82c8d6d7f058d8485e73f0)
