Age | Commit message (Collapse) | Author | Files | Lines |
|
server. CONNECT security uses NTLMSSP, but does not do any signing or
sealing (or equivalently, its like signing, but with a zero filled
checksum).
(This used to be commit f4660857bc708db7f5aa7487bf7ab04bffe68928)
|
|
The intial motivation for this commit was to merge in some of the
bugfixes present in Samba3's chrcnv and string handling code into
Samba4. However, along the way I found a lot of unused functions, and
decided to do a bit more...
The strlen_m code now does not use a fixed buffer, but more work is
needed to finish off other functions in str_util.c. These fixed
length buffers hav caused very nasty, hard to chase down bugs at some
sites.
The strupper_m() function has a strupper_talloc() to replace it (we
need to go around and fix more uses, but it's a start). Use of these
new functions will avoid bugs where the upper or lowercase version of
a string is a different length.
I have removed the push_*_allocate functions, which are replaced by
calls to push_*_talloc. Likewise, pstring and other 'fixed length'
wrappers are removed, where possible.
I have removed the first ('base pointer') argument, used by push_ucs2,
as the Samba4 way of doing things ensures that this is always on an
even boundary anyway. (It was used in only one place, in any case).
(This used to be commit dfecb0150627b500cb026b8a4932fe87902ca392)
|
|
Implemented using the POSIX getaddrinfo() call (specified by POSIX 1003.1-2003 and 2553)
I'm not sure how portable this function is, so we might have to add a sys_getaddrinfo() later on.
(This used to be commit 0fb0530389751c6fb4ca58f5e9a0f23491699f17)
|
|
- Samba4-style code in lib/registry (struct registry_key instead of REG_KEY, etc)
- Use hives (like Windows has drives) instead of one root key (like a Unix FS)
- usability fixes in the GTK utilities (autodetect the username,
enable/disable options, etc)
- fix gwsam compile
- several bugfixes in the registry rpc code
- do charset conversion in nt4 registry backend
(This used to be commit 2762ed3b9bf1d67dd54d63e02cddbfd71ea89892)
|
|
(This used to be commit a0e571a9ddc01b8e90a93d591aec4b10c9926818)
|
|
have the handle type implied by the parameter name. There are four
types of handle: connect, domain, user and group handles. The
various samr_Connect functions return a connect handle, and the
samr_OpenFoo functions return a foo handle.
There is one exception - the samr_{Get,Set}Security function can
take any type of handle.
Fix up all C callers.
(This used to be commit 32f0f3154a8eb63de83145cbc8806b8906ccdc3e)
|
|
server
closes the connetion and we got EBADF from select() and event_loop_once() fails
metze
(This used to be commit 9c0e50a6f3d628156b4543d5ded89e06be696f64)
|
|
(This used to be commit 04aec4c0a3f559f6a9ccfaf990f3a2ff2e6f48df)
|
|
recently, and this broke the autoidl code)
(This used to be commit 01d66f68f6b21dc9b5c0702edcd4f56daeae9b9d)
|
|
now do these two calls successfully against w2k3.
note that you must use ncacn_ip_tcp, and must enable dcerpc sealing,
otherwise w2k3 refuses the first DRSUAPI call.
(This used to be commit 7d3e34742277f264e41739721dbf08036eebb598)
|
|
(This used to be commit 09651b831d085345dd385bc9777f97e1c0d57c6f)
|
|
NTLM sign
NTLM sign+seal
NTLM2 sign
NTLM2 sign+seal
and all of the above both with and without key exchange
the NTLM2 seal case is ugly and involves an extra data copy, which
some API changes in gensec or the ndr layer might avoid in future.
(This used to be commit fce7a4218b3136d880dd1a123e8525e3091bbed8)
|
|
Andrew Bartlett
(This used to be commit 49171e420337136d3e66300f99fa1885051e5b61)
|
|
This means that 'require NTLMv2 session security' now works for RPC
pipe signing. We don't yet have sealing, but it can't be much further.
This is almost all tridge's code, munged into a form that can work
with the GENSEC API.
This commit also includes more lsakey fixes - that key is used for all
DCE-RPC level authenticated connections, even over CIFS/ncacn_np.
No doubt I missed something, but I'm going to get some sleep :-)
Andrew Bartlett
(This used to be commit a1fe175eec884280fb7e9ca8f528134cf4600beb)
|
|
(This used to be commit 22a6e5d50d2d40c2dfc5e36bce1132b92723dd81)
|
|
(This used to be commit f6ea24296acaaadcd2d59740bc88ef1a93fb1c28)
|
|
(This used to be commit 6c1a72c5d667245b1eec94f58e68acd22dd720ce)
|
|
a dcerpc_pipe structure as we discussed this morning.
(This used to be commit 79969dc8daf5fdaacd26135a200ecec0b4d7663c)
|
|
the ndr->offset=0; stuff is ugly. We need a better way to handle this.
(This used to be commit e909bfa708aeceeaa37faa6f6dff0274f8ac7920)
|
|
(This used to be commit ef5414676ea07004aaa78d5f4c1746b3c8669d16)
|
|
plus removed unused ndr_pull_relative() function
once volker commits a test for this I'll be able to ensure it really works as expected
(This used to be commit 8ffe136ad2be52f3504d73ead0785c9c5f5d8770)
|
|
(This used to be commit d2d3433de1c1e1bc757381e9736147cc24fe8cf0)
|
|
for this struct and all sub-structures to be like spoolss relative
pointers (where offset is relative to current position).
volker will test this for me :)
(This used to be commit bd45329a3fb55a5d9f006ad601ae26a80b9a563f)
|
|
ID, so the client can choose what language they get the privilege
description in.
this is the first time I've seen a language ID on the wire in CIFS.
(This used to be commit e99d88915fbfcfb50b04330cd1a32b90222fbca3)
|
|
also add a demonstration of its use in the netlogon async example
(This used to be commit f2a0438c66b999189c1a2ad726e91efd0748eb90)
|
|
(This used to be commit 7256945b526a1ee68d18eb579e592f7389740c22)
|
|
bytes to make sure they are zero. Non-zero values usually indicate one
of two things:
- the server is leaking data through sending uninitialised memory
- we have mistaken a real field in the IDL for padding
to differentiate between the two you really need to run with
"print,padcheck" and look carefully at whether the non-zero pad bytes
are random or appear to be deliberate.
(This used to be commit 7fdb778f81f14aaab75ab204431e4342a462957a)
|
|
I had previously thought this was unnecessary, as windows doesn't use
standards compliant UTF-16, and for filesystem operations treats bytes
as UCS-2, but Bjoern Jacke has pointed out to me that this means we
don't correctly store extended UTF-16 characters as UTF-8 on
disk. This can be seen with (for example) the gothic characters with
codepoints above 64k.
This commit also adds a LOCAL-ICONV torture test that tests the first
1 million codepoints against the system iconv library, and tests 5
million random UTF-16LE buffers for identical error handling to the
system iconv library.
the lib/iconv.c changes need backporting to samba3
(This used to be commit 756f28ac95feaa84b42402723d5f7286865c78db)
|
|
(This used to be commit 9e120bff7af076bbc541a88cefb3ba400fb91caa)
|
|
(This used to be commit 5ab362cede5b6b91af42247d7b0981f3e4b4d093)
|
|
(This used to be commit 5be1b54d15e65008f0dc06a005fb205180817a6d)
|
|
(This used to be commit 253203f58f7fe6d1b7aea50822d191a8377b47da)
|
|
metze
(This used to be commit 2de544181ec75da63fdcd5ecdde9e6a533603a38)
|
|
The fix uses the new talloc_increase_ref_count() function in an
interesting way. I suspect this sort of technique will become quite
common.
(This used to be commit a86e629a39baf0ba2a6bb347eb9b72551c1477ff)
|
|
RPC-ECHO test to use it to test asynchronous rpc operations.
(This used to be commit a5eb6cad5050928fab593e1f9a82fbfba589120c)
|
|
use readx/writex instead of the more efficient SMBtrans calls. This
patch restores the efficiency by using SMBtrans when possible.
(This used to be commit 83fbe080e7fcdf4168d85f654b802dc4538b8984)
|
|
generate a separate *_send() async function for every RPC call, and
there is a single dcerpc_ndr_request_recv() call that processes the
receive side of any rpc call. The caller can use
dcerpc_event_context() to get a pointer to the event context for the
pipe so that events can be waited for asynchronously.
The only part that remains synchronous is the initial bind
calls. These could also be made async if necessary, although I suspect
most applications won't need them to be.
(This used to be commit f5d004d8eb8c76c03342cace1976b27266cfa1f0)
|
|
--enable-developer warning for when they are missing.
Andrew Bartlett
(This used to be commit 8115e44d47bcd65edba08d10117180ae508cdbc1)
|
|
The bug (found by tridge) is that Win2k3 is being tighter about the
NTLMSSP flags. If we don't negotiate sealing, we can't use it.
We now have a way to indicate to the GENSEC implementation mechanisms
what things we want for a connection.
Andrew Bartlett
(This used to be commit 86f61568ea44c5719f9b583beeeefb12e0c26f4c)
|
|
byte padding of the payload portion of the packet.
(This used to be commit 271831f97f3952838557bf5034c1e435b33cb14a)
|
|
to a uint32, there're two uint32 with 0x00000000
metze
(This used to be commit 80f27766cb6d2c4e00232f7e3d5cde75ad84d094)
|
|
metze
(This used to be commit a3a4b9c9ea2692b3ca85d9a4a094e36609831f19)
|
|
for me).
Fix indent, and add a few more useful debug messages.
Send a fault, if the bind is not accepted - don't just leave the client hanging.
Andrew Bartlett
(This used to be commit 486215edc1148ad754632be37760dc0d38b0340d)
|
|
(This used to be commit 6ffdfd779936ce8c5ca49c5f444e8da2bbeee0a8)
|
|
This version does the following:
1) talloc_free(), talloc_realloc() and talloc_steal() lose their
(redundent) first arguments
2) you can use _any_ talloc pointer as a talloc context to allocate
more memory. This allows you to create complex data structures
where the top level structure is the logical parent of the next
level down, and those are the parents of the level below
that. Then destroy either the lot with a single talloc_free() or
destroy any sub-part with a talloc_free() of that part
3) you can name any pointer. Use talloc_named() which is just like
talloc() but takes the printf style name argument as well as the
parent context and the size.
The whole thing ends up being a very simple piece of code, although
some of the pointer walking gets hairy.
So far, I'm just using the new talloc() like the old one. The next
step is to actually take advantage of the new interface
properly. Expect some new commits soon that simplify some common
coding styles in samba4 by using the new talloc().
(This used to be commit e35bb094c52e550b3105dd1638d8d90de71d854f)
|
|
(This used to be commit 8bf6841a8e9c7fa6d12c6631c9c845edbe52a455)
|
|
Volker
(This used to be commit 5d9b5a2e58cb271ea38de96e2b4b252ded2b1cdf)
|
|
sure,
but pidl there says "syntax error".
Volker
(This used to be commit c26dc367e4ef2619016d8063a9dfcc7a94be865b)
|
|
metze
(This used to be commit 874d4506094123a1f42c32c3ad37f6374f5958e8)
|
|
this should be used in the torture tests when we got NT_STATU_NET_WRITE_FAULT
metze
(This used to be commit 964748389bb7560ba141d71bb9256a8552c7db92)
|