The existing implementation wasn't really solid and I never liked it
anyway. Egypt rightfully pointed out flaws in the code, so it has
been changed so that it allocates the required memory up front
and returns that string to the caller, who then has to free it up.
Added a function to render SIDS.
Made the build set warnings as errors. Still no idea why this wasn't
the case already.
When non-supported types were returned in queries, ADSI just pooped
itself and tore down the Meterpreter session. This a happy tester
Meterpreter does not make!
This code includes more support for ADSI types with attempts to be
semi-sane in stringifying them.
Plus, Meterpreter no longer crashes.
In a previous commit, I rejigged the way commands were overloaded,
and added what appeared to be a micro-optimisation to prevent
the thread from being imperonsated twice. Ultimately it wouldn't
make any differnce, so why I put it in there I really don't know.
The optimisation actually resulted in a breakage in the case where
base commands weren't present but extension commands were. As a
result all extended commands didn't get impersonated unless they
were overloading. This is not a good thing at all.
This fix removed that total stupidity and restores some level of
sanity.
Apologies for my idiocy.
In similar vein to the migration issue, incognito was crashing when
running under SYSTEM processes (such as lsass.exe). This was because
of a pointer truncation problem when processes were being enumerated.
There was also some other quirky logic going on, but nothing too
damaging. I added some other simple code tidies while I was in there.
* We now check to make sure that the required files are on disk and
show an error message if not found.
* README updated to indicate that submodule initialisation is needed.
Sometimes results can be success values but not S_OK, so this change
contains code which will force the result to S_OK in those cases so that
the caller doesn't get an indication which makes it believe that there is
an error.
The ADSI API is supposed to support the notion of only returning
a fixed number of results from AD when we specify the
ADS_SEARCHPREF_SIZE_LIMIT value in the search parameters, but it
doesn't appear to do that (at least not my Win2k setup).
This change includes a bit more debugging output and keeps track of
the number of rows processed so that the maximum site is actually
honoured.
A few minor issues around formatting collisions, nothing huge.
.gitignore fixes too
Conflicts:
source/common/base_dispatch_common.c
source/extensions/stdapi/server/stdapi.c