| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
endpoint was specified for ncacn_np.
(This used to be commit 5f47bf1187fbd07fd8eb88da2a1fea2b0e9addf8)
|
|
I have created the include/system/ directory, which will contain the
wrappers for the system includes for logical subsystems. So far I have
created include/system/kerberos.h and include/system/network.h, which
contain all the system includes for kerberos code and networking code.
These are the included in subsystems that need kerberos or networking
respectively.
Note that this method avoids the mess of #ifdef HAVE_XXX_H in every C
file, instead each C module includes the include/system/XXX.h file for
the logical system support it needs, and the details are kept isolated
in include/system/
This patch also creates a "struct ipv4_addr" which replaces "struct
in_addr" in our code. That avoids every C file needing to import all
the system networking headers.
(This used to be commit 2e25c71853f8996f73755277e448e7d670810349)
|
|
(This used to be commit 0a12cc4cadf7c1e97282a0d8ab2f486536987a77)
|
|
The thing that finally convinced me that minimal includes was worth
pursuing for rpc was a compiler (tcc) that failed to build Samba due
to reaching internal limits of the size of include files. Also the
fact that includes.h.gch was 16MB, which really seems excessive. This
patch brings it back to 12M, which is still too large, but
better. Note that this patch speeds up compile times for both the pch
and non-pch case.
This change also includes the addition iof a "depends()" option in our
IDL files, allowing you to specify that one IDL file depends on
another. This capability was needed for the auto-includes generation.
(This used to be commit b8f5fa8ac8e8725f3d321004f0aedf4246fc6b49)
|
|
(This used to be commit ff2f2b4273ce9a49599b385d32fbbd5e8f0d4c23)
|
|
(This used to be commit 0b93be9f5f89ef17f94e8e98c3a405495e04e235)
|
|
(This used to be commit eb3366d3667ddddf7ab5eae5d1fbc5de86c41072)
|
|
isn't allowed to login on a share)
(This used to be commit 8c0be60d8d59863f0bcdd17012dce923c139ce09)
|
|
(This used to be commit 29fab12d0b1649046ab2abb08b51f9845c8f8116)
|
|
rather than doing everything itself. This greatly simplifies the
code, although I really don't like the socket_recv() interface (it
always allocates memory for you, which means an extra memcpy in this
code)
- fixed several bugs in the socket_ipv4.c code, in particular client
side code used a non-blocking connect but didn't handle EINPROGRESS,
so it had no chance of working. Also fixed the error codes, using
map_nt_error_from_unix()
- cleaned up and expanded map_nt_error_from_unix()
- changed interpret_addr2() to not take a mem_ctx. It makes absolutely
no sense to allocate a fixed size 4 byte structure like this. Dozens
of places in the code were also using interpret_addr2() incorrectly
(precisely because the allocation made no sense)
(This used to be commit 7f2c771b0e0e98c5c9e5cf662592d64d34ff1205)
|
|
interpret_addr() and if someone wants to add support to that function
for ipv6 then they are welcome to.
(This used to be commit 50377db11bb727b407744e0c50805c8f90810c16)
|
|
(This used to be commit 71dfc27b8efb3057c4b7383feca0ba35ab5768a4)
|
|
- Support binding strings like :
ncacn_np:[sign]
ncacn_np:myhost[seal,sign,endpoint]
again
(This used to be commit b53f4cd1697345065c7d979ba63237bf828dc07f)
|
|
(This used to be commit 1161c33794cdb16a3d09a66258f46e0020c4aeef)
|
|
(This used to be commit 45a3e2a9815058a3a828c573573c5eee605f9129)
|
|
options[0].
(This used to be commit 18582083af800abd3d8de40eb73255c8ae6598dd)
|
|
nicely :-)
The various interface that support ncalrpc work nicely when tested
with smbtorture and ncalrpc.
Running RPC-SAMR against local smbd here is slightly faster using ncalrpc:
ncalrpc: 1.8 sec
ncacn_ip_tcp: 1.9 sec
ncacn_np: 2.5 sec
(This used to be commit 2cfc8f24ce209f47153d3a5bd7007dd1b0578b26)
|
|
transports.
ncalrpc uses the new config option "ncalrpc dir" for creating unix sockets.
(This used to be commit b15cfbe2512961a199ecb069730d9a19787579f5)
|
|
(This used to be commit a0c4138edf919ee0c4b236f201c09fc4deb2cc09)
|
|
protocol towers
(This used to be commit f41dfc6c5a85bf241e4bcc0669f6191bf531e89a)
|
|
- Make sure a epm_tower struct is completely initialized
- Some more minor fixes
(This used to be commit d560dcbdb85cb2c6915bdb9e2f82f1872b0f5a52)
|
|
dcerpc_binding)
Let test fail if messaging_init() fails instead of generating segfault in the LOCAL-MESSAGING test
(This used to be commit 0609f410ef756501d50c04b544387ae547fcd63c)
|
|
Add tests for dcerpc_binding_from_tower()
(This used to be commit 88c6d34bba1a409127b26f86bd963bfab30a804c)
|
|
Add local test for testing the functions dcerpc_parse_binding(),
dcerpc_binding_string() and dcerpc_binding_build_tower()
(This used to be commit 7a07c2c769b8e51178789eed4a31577f5d39f63a)
|
|
- Add protocol sequence to dcerpc transports (will be used later on)
- Add more transports to the list
(This used to be commit ab110192e6e2c1e5a3b2befe7b61158744f15d18)
|
|
(This used to be commit 53567a83cbca9df60bef76a15df24d2cd89a16b0)
|
|
backslash works, but is not like Windows does it.
(This used to be commit f6deb3d065e1a88f92bcb8a4a138453650c97b0b)
|
|
(This used to be commit 7771b5d8fa3db759487474eb7172df45bb3221ae)
|
|
specifying a endpoint is now also 'endpoint' instead of 'endpoints'. The
default endpoint (if none is specified) is still "ncacn_np:[\\pipe\\ifacename]",
where ifacename is the name of the interface.
Examples:
[
uuid(60a15ec5-4de8-11d7-a637-005056a20182),
endpoint("ncacn_np:[\\pipe\\rpcecho]", "ncacn_ip_tcp:")
]
interface rpcecho
{
void dummy();
}
dcerpc_binding is now converted to ep_description in the server, but I hope to
completely eliminate ep_description later on.
The eventual goal of all these changes is to make it easier to add
transports as I'm going to add support for
ncalrpc (local RPC over named pipes) and ncacn_unix_stream (Unix sockets).
(This used to be commit f3da7c8b443a29b0c656c687a277384ae1353792)
|
|
[] is now mandatory
: after the hostname is no longer allowed
examples of allowed binding strings:
ncacn_np:myhost[samr]
ncacn_ip_tcp:10.0.0.1[1045]
ncacn_ip_tcp:2001:7b8:37b:1:210:dcff:fecb:a9e3[1024,sign,seal]
ncacn_np:myhost
ncacn_ip_tcp:192.168.4.2
308FB580-1EB2-11CA-923B-08002B1075A7@ncacn_ip_tcp:192.168.4.2
308FB580-1EB2-11CA-923B-08002B1075A7@ncacn_ip_tcp:192.168.4.2[,print]
Note that the last two lines are not recognized by smbtorture as a binding
string yet. dcerpc_parse_binding() does accept them though.
(This used to be commit c15862e778507287bddef7967383d4b5d22eaee9)
|
|
the [gensize] property to a struct or union will make pidl generate a
ndr_size_*() function.
(not all nasty bits of NDR are completely covered yet by the
ndr_size*() functions, support for those will be added when necessary)
I also have a local patch (not applied now) that simplifies the pidl output
and eliminates the number of functions required. It would, however, make
pidl more complex.
(This used to be commit 7c823f886afd0c4c6ee838f17882ca0658417011)
|
|
that can generate these kinds of functions
(This used to be commit ebca2516502560edfd4056fbb4cfc9718a108efa)
|
|
(This used to be commit 273d0049b5339e3288b264e5a4393bfab1d4e239)
|
|
the current ones. It took me three hours to realise that the DCOM standard
contains false protocol numbers (apparently someone converted the protocol
numbers to hex twice, i.e. 13 -> 0c and 14 to 0d). There are no longer
duplicates in the list with protocol numbers now.
(This used to be commit f355cd426462a72575ef3c3b769f676334976986)
|
|
"sign", "seal" or "connect"
(This used to be commit f3adabf6896b75f5293dbde3f9de737f35d95a10)
|
|
possible to a structure creation routine. This makes for much easier
global cleanup.
(This used to be commit e14ee428ec357fab76a960387a9820a673786e27)
|
|
the cli context too
(This used to be commit 417d0c0ba182aab3a3a23db76ff7ac7cbc663cb6)
|
|
rather than manual reference counts
- properly support SMBexit in the cifs and posix backends
- added a logoff method to all backends
With these changes the RAW-CONTEXT test now passes against the posix backend
(This used to be commit c315d6ac1cc40546fde1474702a6d66d07ee13c8)
|
|
(This used to be commit 56ecda2178e33508c55c6195ccec41c06e099d6f)
|
|
server. CONNECT security uses NTLMSSP, but does not do any signing or
sealing (or equivalently, its like signing, but with a zero filled
checksum).
(This used to be commit f4660857bc708db7f5aa7487bf7ab04bffe68928)
|
|
Implemented using the POSIX getaddrinfo() call (specified by POSIX 1003.1-2003 and 2553)
I'm not sure how portable this function is, so we might have to add a sys_getaddrinfo() later on.
(This used to be commit 0fb0530389751c6fb4ca58f5e9a0f23491699f17)
|
|
This means that 'require NTLMv2 session security' now works for RPC
pipe signing. We don't yet have sealing, but it can't be much further.
This is almost all tridge's code, munged into a form that can work
with the GENSEC API.
This commit also includes more lsakey fixes - that key is used for all
DCE-RPC level authenticated connections, even over CIFS/ncacn_np.
No doubt I missed something, but I'm going to get some sleep :-)
Andrew Bartlett
(This used to be commit a1fe175eec884280fb7e9ca8f528134cf4600beb)
|
|
(This used to be commit f6ea24296acaaadcd2d59740bc88ef1a93fb1c28)
|
|
bytes to make sure they are zero. Non-zero values usually indicate one
of two things:
- the server is leaking data through sending uninitialised memory
- we have mistaken a real field in the IDL for padding
to differentiate between the two you really need to run with
"print,padcheck" and look carefully at whether the non-zero pad bytes
are random or appear to be deliberate.
(This used to be commit 7fdb778f81f14aaab75ab204431e4342a462957a)
|
|
generate a separate *_send() async function for every RPC call, and
there is a single dcerpc_ndr_request_recv() call that processes the
receive side of any rpc call. The caller can use
dcerpc_event_context() to get a pointer to the event context for the
pipe so that events can be waited for asynchronously.
The only part that remains synchronous is the initial bind
calls. These could also be made async if necessary, although I suspect
most applications won't need them to be.
(This used to be commit f5d004d8eb8c76c03342cace1976b27266cfa1f0)
|
|
use dcerpc auth instead off smb auth
metze
(This used to be commit 6b429234968da7e51de95b6ede2afe3c1605debb)
|
|
(This used to be commit bdf7d66d299b0956fbf17b38291089585b2b54bf)
|
|
- More updates/fixes to the ethereal parser generator
(This used to be commit 547f860285b117e291bf3dbaca0707dc268b214e)
|
|
rename CLI_ -> SMBCLI_
metze
(This used to be commit 8441750fd9427dd6fe477f27e603821b4026f038)
|
|
This implements gensec for Samba's server side, and brings gensec up
to the standards of a full subsystem.
This means that use of the subsystem is by gensec_* functions, not
function pointers in structures (this is internal). This causes
changes in all the existing gensec users.
Our RPC server no longer contains it's own generalised security
scheme, and now calls gensec directly.
Gensec has also taken over the role of auth/auth_ntlmssp.c
An important part of gensec, is the output of the 'session_info'
struct. This is now reference counted, so that we can correctly free
it when a pipe is closed, no matter if it was inherited, or created by
per-pipe authentication.
The schannel code is reworked, to be in the same file for client and
server.
ntlm_auth is reworked to use gensec.
The major problem with this code is the way it relies on subsystem
auto-initialisation. The primary reason for this commit now.is to
allow these problems to be looked at, and fixed.
There are problems with the new code:
- I've tested it with smbtorture, but currently don't have VMware and
valgrind working (this I'll fix soon).
- The SPNEGO code is client-only at this point.
- We still do not do kerberos.
Andrew Bartlett
(This used to be commit 07fd885fd488fd1051eacc905a2d4962f8a018ec)
|
