IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
credentials.
Consistantly rename these elements in the IDL to computer_name.
Fix the server-side code to always lookup by this name.
Add new, even nastier tests to RPC-SCHANNEL to prove this.
Andrew Bartlett
(This used to be commit 341a0abeb4)
This allows the easy addition of additional named pipes and removes the
circular dependencies between the CIFS, RPC and RAP servers.
Simple tests for a custom named pipe included.
(This used to be commit 898d15acbd)
In librpc, always try SMB level authentication, even if trying
schannel, but allow fallback to anonymous. This should better
function with servers that set restrict anonymous.
There are too many parts of Samba that get, parse and modify the
binding parameters. Avoid the extra work, and add a binding element
to the struct dcerpc_pipe
The libnet vampire code has been refactored, to reduce extra layers
and to better conform with the standard argument pattern. Also, take
advantage of the new libnet_Lookup code, so we don't require the silly
'password server' smb.conf parameter.
To better support forcing traffic to be sealed for the vampire
operation, the dcerpc_bind_auth() function now takes an auth level
parameter.
Andrew Bartlett
(This used to be commit d65b354959)
structure that is more generic than just 'IP/port'.
It now passes make test, and has been reviewed and updated by
metze. (Thankyou *very* much).
This passes 'make test' as well as kerberos use (not currently in the
testsuite).
The original purpose of this patch was to have Samba able to pass a
socket address stucture from the BSD layer into the kerberos routines
and back again. It also removes nbt_peer_addr, which was being used
for a similar purpose.
It is a large change, but worthwhile I feel.
Andrew Bartlett
(This used to be commit 88198c4881)
the LSA pipe. Strangely, windows is not consistent for the LookupSids
call. Sometimes the name is terminated and sometimes not?! It might
depend on the type of rid (alias, group etc) ?
(This used to be commit c0b7e0619a)
string form of the structure we receive matches the generated
form. This has the effect of checking things like value() attributes.
(This used to be commit f2e68ec649)
dcerpc_interface_table struct rather then a tuple of interface
name, UUID and version.
This removes the requirement for having a global list of DCE/RPC interfaces,
except for these parts of the code that use that list explicitly
(ndrdump and the scanner torture test).
This should also allow us to remove the hack that put the authservice parameter
in the dcerpc_binding struct as it can now be read directly from
dcerpc_interface_table.
I will now modify some of these functions to take a dcerpc_syntax_id
structure rather then a full dcerpc_interface_table.
(This used to be commit 8aae0f168e)
the difference between these at all, and in the future the
fact that INIT_OBJ_FILES include smb_build.h will be sufficient to
have recompiles at the right time.
(This used to be commit b24f2583ed)
Completely untested, it's a bit difficult without having vista
around (yet), so - Andrew, please test it and let me know what's
wrong.
rafal
(This used to be commit b9e7522bd4)
instead make the normal composite_done() and composite_error()
functions automatically trigger a delayed callback if the caller has
had no opportunity to setup a async callback
this removes one of the common mistakes in writing a composite function
(This used to be commit f9413ce792)
samba-technical on why this should stay as a simple null terminated
string (basically to make hand-written parsers easier)
(This used to be commit 0f1de4b1db)
it only appeared to be like a SMBtrans request as it was being called
with function 0x11c017 which is "named pipe read write"
I wonder if this means we could do DCE/RPC over SMB using ntioctl
calls as well?
(This used to be commit f2b8857797)
- while running dcerpc over SMB2, the server will occasionally send us
a oh-so-useful STATUS_PENDING result meaning "I don't have a result
for you yet, but I'm working on it". These can be discarded :-)
(This used to be commit 24588a9c49)
- removed the struct dcerpc_request_state as all the state
information is already available on the dcerpc_pipe structure, so just
use that
- added a single dcerpc_recv_data() handler for receiving packets
from the transport layer. This then does the initial decoding of
the dcerpc packet, and then looks at the packet type in order to
work out who to dispatch it to. This should allow in-flight async
rpc requests to still work while a new bind or alter context is
happening
- ensure that if the transport indicates the connection is dead that
any in-flight bind or alter context requests are given an error
- removed full_request_private and instead use separate bind_private
and alter_private pointers
- added a few comments for some bits I found hard to understand
(This used to be commit 938e372bff)
ncacn_ip_tcp/ncalrpc. The problem was that svn revision 11809 removed
the logic that forced the CONNECT auth type for authenticated binds
which don't have an explicit SIGN or SEAL flag set.
(This used to be commit e7a1f11e8b)
This also removes dcerpc_bind_auth_password, the only user of
dcerpc_bind_auth. And this was not only passwords anyway.
Andrew Bartlett, as usual: Please take a close look.
Thanks,
Volker
(This used to be commit 2ff2dae3d0)
Tridge et al, please take a close look at this. It survives my basic rpc-login
test as well as rpc-lsa, but this is critical I think.
Volker
(This used to be commit bf1a55f44c)
- add an idtree_limit to limit the max VUID we give the clients
it's UINT16_MAX (0xffff) for the SMB protocol
- add auth_time to the smbsrv_session statistics
- use the session_info as marker for finished and non-finished
session setups
metze
(This used to be commit 7eb10048b2)
them
- add a idtree_limit to the tcons substructure of smbsrv_connection
this controls what the highest TID is we give away to the client
it's UINT16_MAX (0xFFFF) for the SMB protocol
metze
(This used to be commit f3bf5a2c09)
allowing it to specify the initial read size (thus preventing
over-reading) and to stop the recv process when needed. This is used
by the dcerpc socket code, which relies on not getting packets when it
isn't ready for them
(This used to be commit f869fd674e)
not there (it's not yet on *any* call... :-)), the rpc client strictly
sequences calls to an rpc pipe. Might need some more work on the exact
sequencing semantics when a pipe with both sync and async calls is actually
deployed, but I want it in for winbind simplification.
Volker
(This used to be commit b8f324e4f0)
work again. The automatic value() is fine for the length, but cannot
be used for the size as the size is not the number of bytes being
sent, but the number of bytes that the server is allowed to use in the
reply
(This used to be commit 46e91f269c)
IDL and testsuites. The server-side of this remains a stub, we should
probably be doing ldb searches for the server reference record.
Andrew Bartlett
(This used to be commit 0141ed309a)
- Adds -rpath bin/ so you don't have to install Samba in order to use compiled binaries.
- Writes out pkg-config files when building shared libs
- Supports automatic fallback to MERGEDOBJ (which is the default) or
OBJ_LIST (if ld -r is not supported)
Building with shared libs reduces the size of the Samba binaries from
197 Mb to 60 Mb (including libraries) on my system (GCC4, with debugging).
To build with shared libraries support enabled, run:
LIBRARY_OUTPUT_TYPE=SHARED_LIBRARY ./config.status
init functions don't get called correctly yet when using shared libs, so
you won't be able to actually run anything with success :-)
Once init functions are done, I'll look at support for loading shared
modules once again.
Based on a patch by Peter Novodvorsky (nidd on IRC).
(This used to be commit 0b54405685)
files working. It doesn't quite work though. (-:
This patch also allows a struct.field format to be used in an IMPORT
statement instead of a type name.
Jelmer, what do you think?
(This used to be commit d770f85347)
- print "supplementalCredentials" also when --option="dssync:print_pwd_blobs=yes"
is used
abartlet: this field may contain the krb5 keys...
metze
(This used to be commit 26c69348ca)
Support conformant [string] arrays
Eliminate utf8string
This breaks xattr binary compatibility with previous versions - is that a
problem?
(This used to be commit 7596c708ba)
add struct nbt_peer_socket and use it instead of passing const char *addr, uint16 port everyhwere
(tridge: can you review this please, (make test works)
metze
(This used to be commit a599d7a4ae)
this is the compression algorithm used by w2k3 for DsGetNCChanges().
This algorithm isn't known yet, but it seems to be some sort of Lempel-Ziv
algorithm.
metze
(This used to be commit 694252b6e0)
problem was that the return string was declared as:
[out] astring dcname
which means "this is a non-NULL string". The server code sometimes
returned NULL however (on getdc lookup failure), which caused the NDR
marshalling code to crash. When you declare a non-pointer return value
you are promising that the value can never be NULL.
The trivial fix is to use:
[out] astring *dcname
which leaves the API alone, but includes a pointer in the wire format,
which in turn means it is valid to send a NULL string as a response.
(This used to be commit e39bac6196)
within a callback on the pipe. This should fix a problem volker
encountered with winbind. The fix invoolves making the recv_data
handler free the memory for a packet, instead of having the transport
layer free it after calling recv_data. When the transport layer freed
it, it had no way of knowing if the callback had shutdown the pipe, so
it had no way of knowing if it could safely use the pointer.
Also changed the pipe shutdown hook for the smb transport to use an
async SMB close. This ensures that when you shutdown the pipe, you
don't block waiting for the server to ack the close of the pipe fnum.
(This used to be commit c87d7f580e)
Tridge, if you have time, you might want to look at the segfault I was still
seeing. Now I store the handle to the netlogon pipe in the global winbind
state and free it on the next entry into check_machacc. The problem seems to
be that talloc_free()ing a pipe struct from within a callback function on that
pipe is not possible. I think I can live with that, but it has been not really
obvious. To reproduce the segfault you might want to look at putting a
talloc_free(state->getcreds->out.netlogon) into
wbsrv_samba3_check_machacc_receive_creds. This is called from a dcerpc
callback function.
In particular if the check failed it would be nice if I could delete the pipe
directly and not post a different event to some winbind queue.
I tried to delete the pipe from a timed event triggered immediately, but this
also fails because the inner loop seems to hit the same event again, calling
it twice.
Volker
(This used to be commit 5436d77648)
- the unknown flag 0x10 seems to mean that this name was localy registered on this
currently asked server, that flag is not present in replica records
metze
(This used to be commit ba3685c41d)
make wrepl_nbt_name a scalar type that is another
wire representation of struct nbt_name
give wrepl_name->flags a meaning
metze
(This used to be commit 5fa13d6c2b)
domain and gets the DC's name via a mailslot call.
Metze, I renamed wbsrv_queue_reply to wbsrv_send_reply in accordance with
irpc_send_reply. Having _queue_ here and _send_ there is a bit confusing. And
as everything is async anyway, the semantics should not be too much of a
problem.
Volker
(This used to be commit 4637964b19)
