Age | Commit message (Collapse) | Author | Files | Lines |
|
metze
|
|
metze
(This used to be commit 54b873e49ff363609632fa2862208bf6b4c1b6ed)
|
|
metze
(This used to be commit ce36448d74b0c6cdf8928e10c088bf0248a95cf7)
|
|
metze
(This used to be commit 131a1cfdc9a1228d9263c77bcd31b05d2946fd50)
|
|
Windows seems to use 64 here, so we do now.
Before we got nca_proto_error fault because we send fragments
larger than the negotiated max frag size.
If the max frag size is 5840, we're sending 5837 bytes
when the auth_len is 45 and that matches w2k3 traffic.
metze
(This used to be commit 351947dba3f7a26ac871d4aa7b6bba4cd472383a)
|
|
and adds a const 4 bytes blob to pkt.u.fault.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
(This used to be commit 652b8c5f156b357e231057a5a0fbded88f4f9c5f)
|
|
metze
(This used to be commit 47447f60bc8e5dd1021752e9b011f22762e45eed)
|
|
- also add dcerpc_AuthLevel enum
metze
(This used to be commit efb2416939d5def030e56b0497bab5345426840f)
|
|
constants
(This used to be commit 0c3d38b0d9c2a335c6449955a137627ba16623a4)
|
|
(This used to be commit 9c38c61c337da911d56df33f1b72be8cf7d0d4c6)
|
|
and move it into misc.idl
The goal is to get rid a all dcerpc specific stuff in the
generated ndr layer.
metze
(This used to be commit 2ed014cfb894cccab1654e3f7d5876393e2b52d7)
|
|
also make it possible to pass and get the assoc_group_id for
a pipe.
also make it possible to pass the DCERPC_PFC_FLAG_CONC_MPX flag
in bind requests. From the spec it triggers support for
concurrent multiplexing on a single connection.
w2k3 uses the assoc_group_id feature when it becomes a domain controller
of an existing domain. Know the ugly part, with this it's possible to
use a policy handle from one connection on a different one...
typically the DsBind() call is on the 1st connection while DsGetNCChanges()
call using the first connections bind handle are on the 2nd connection.
The second connection also has the DCERPC_PFC_FLAG_CONC_MPX flag attached,
but that doesn't seem to be related to the cross connection handle usage
Can anyone think of a nice way to implement the assoc_group_id stuff in our server?
metze
(This used to be commit 2d8c85397d9027485ed6dbdcca87cc1ec84c7b76)
|
|
(This used to be commit 17d1da19474de3c501b532aec74b1fb93ed3ae3f)
|
|
metze
(This used to be commit 3daa68e1c4212f1dad98b196a096ded3204b03ba)
|
|
(This used to be commit 347ae9628202ca4de4318ef8156999239aad9192)
|
|
(This used to be commit 9c11c1ac2a9d5a6cae490fa7a2005700271d53f3)
|
|
This allows us to correctly parse the bind_nak from NT4, when we use
an invalid auth type (the unsupported SPNEGO)..
Andrew Bartlett
(This used to be commit ce0c7f86fd5eeeacad885d732b66c65ac9103ace)
|
|
(This used to be commit 430c6516d383bfd7f27287394bf8eef9f174b3e6)
|
|
aligned, not
8 byte aligned
(This used to be commit c112a2b23e6cd2c55fbb7e8096a7c523a91d6814)
|
|
metze
(This used to be commit de69d87ded11ef0954e931885761e9ecd9ce4e1b)
|
|
(This used to be commit 58fee22e0b5054de631cc5929498d490db31f348)
|
|
(This used to be commit 2009a430b03c685dd65bd573e70d3618f2e0dd0f)
|
|
it certainly doesn't make sense as LOGON_FAILURE.
Andrew Bartlett
(This used to be commit 4bec3d3f378ed8b988e00441c9bb5718b8548ba6)
|
|
is assumed to be "ptr" if not specified (just like midl).
The validator will warn when "ptr" is used at the moment, because
pidl only supports unique, ref and relative at the moment.
(This used to be commit 31bed62a9a6f7830f523d509b67970648d40aaef)
|
|
Note this doesn't work currently because the gensec_modules are not ready for that yet
metze
(This used to be commit 7b09a3f725baca5d4483b7ec24a9cb6151557bb5)
|
|
- there is no alter_nak or alter_ack packet, its all done in an
alter_response
- auto-allocated the contex_ids
- tried to fix up the dcom code to work again with
alter_context. Jelmer, please take a look :)
(This used to be commit dd1c54add8884376601f2f8a56c01bfb8add030c)
|
|
just does a simple LSA/DSSETUP combo, which is what w2k does in the
ACL editor rpc calls that triggered this work
(This used to be commit 0129ec947aa1fa5a7104dc3a666af3cb9bd104f1)
|
|
metze
(This used to be commit 5d7d6f02cf1aa731d371c97054480d83d85102cb)
|
|
The torture test DCOM-SIMPLE now successfully does an
IStream_Read and a IStream_Write call.
This test can now be run successfully against the "Simple DCOM" Visual
Studio example.
(You have to quote out line 337 in pidl. pidl complains if the variable
that contains the array size follows the array. I still need to fix this
properly)
Next goals:
- Clean up code
- Server side support
- Support custom marshalling
- Support DCOM interfaces in files other then dcom.idl
(This used to be commit 8693344772a9b700533179f4bacfe27ec27dfcfe)
|
|
(This used to be commit 6fab01df000a126d2d01c41ead952d027f755309)
|
|
- Support for sending over the object UUID in DCERPC calls
- Simple torture test for the DCOM "Simple" object
- Generate extra argument for "object" interfaces in pidl
- Some stubs for common DCOM functions
(This used to be commit c052f2e1edd816206d8974af3140cec7ef97a70c)
|
|
from lhorn
(This used to be commit 9ef399a769805ecfc78fc32e066b20e8efe34290)
|
|
the current ones. It took me three hours to realise that the DCOM standard
contains false protocol numbers (apparently someone converted the protocol
numbers to hex twice, i.e. 13 -> 0c and 14 to 0d). There are no longer
duplicates in the list with protocol numbers now.
(This used to be commit f355cd426462a72575ef3c3b769f676334976986)
|
|
(This used to be commit b7ac0cb692ea373f754d7a40b44a7b0756459287)
|
|
or when signing or sealing fails
DCERPC_FAULT_LOGON_FAILURE = 0x00000005;
metze
(This used to be commit 6ed2ce4edca9dbdb30e52e83d62227656d671a29)
|
|
- Support for "object oriented" interfaces in pidl
- Support for inherited interfaces in pidl
- Simplification of the support for properties on an interface
- Start on dcom rpc torture tests
(This used to be commit 45c3d0036b8510102816f9cdff9210098259cc5f)
|
|
and it seems to be raw krb5, but I need to do some tests
metze
(This used to be commit 01612927902ed5e4d0109fec453307cdcb95336f)
|
|
- added server side support for schannel type 23. This allows WinXP to establish a schannel connection
to Samba4 as an ADS DC
- added client side support for schannel type 23, but disabled it as currently the client
code has now way of getting the fully qualified domain name (which is needed)
- report dcerpc faults in the server code in the log
(This used to be commit 55e0b014fe14ca8811b55887208a1c3147ddb0d2)
|
|
(This used to be commit 2ac79dfba0e64056a680f21d7dd0c007f79d4a70)
|
|
binds succesful to an interface
metze
(This used to be commit c39e450702cfa2b577c64e14ba1428fd95db7ade)
|
|
metze
(This used to be commit 75bca5dcfa68de0d18a144a221260d2f728e0bfc)
|
|
(This used to be commit 3c8d580d2c2ae528c5725145d81761296b8be04d)
|
|
and schannel are both instances of possible security modules
- added schannel sign and sign/seal support to the dcerpc client
code. You select it with binding options of "schannel,sign" or
"schannel,seal".
(This used to be commit 05db0b9d942cad8f1dd574dc35b759e5e79d4195)
|
|
(This used to be commit 691f9c1c4448fb54846fcfffeca43601bcd44138)
|
|
This adds support for bigendian rpc in the client. I have installed
SUN pcnetlink locally and am using it to test the samba4 rpc
code. This allows us to easily find places where we have stuffed up
the types (such as 2 uint16 versus a uint32), as testing both
big-endian and little-endian easily shows which is correct. I have now
used this to fix several bugs like that in the samba4 IDL.
In order to make this work I also had to redefine a GUID as a true
structure, not a blob. From the pcnetlink wire it is clear that it is
indeed defined as a structure (the byte order changes). This required
changing lots of Samba code to use a GUID as a structure.
I also had to fix the if_version code in dcerpc syntax IDs, as it
turns out they are a single uint32 not two uint16s.
The big-endian support is a bit ugly at the moment, and breaks the
layering in some places. More work is needed, especially on the server
side.
(This used to be commit bb1af644a5a7b188290ce36232f255da0e5d66d2)
|
|
(This used to be commit f5df126c254bcb96dfb42096d7247215c7e7a89a)
|
|
implements the epm_Lookup() call, I'll add the other important calls
soon. I was rather pleased to find that epm_Lookup() worked first
time, which is particularly surprising given its complexity.
This required quite a bit of new infrastructure:
* a generic way of handling dcerpc policy handles in the rpc server
* added type checked varients of talloc. These are much less error
prone. I'd like to move to using these for nearly all uses of
talloc.
* added more dcerpc fault handling code, and translation from
NTSTATUS to a dcerpc fault code
* added data_blob_talloc_zero() for allocating an initially zero
blob
* added a endpoint enumeration hook in the dcerpc endpoint server
operations
(This used to be commit 3f85f9b782dc17417baf1ca557fcae22f5b6a83a)
|
|
(This used to be commit 6e7c50bcd9929b6b1400b3155f55e6c9a4a730b3)
|
|
don't cause fragmented pdus (I'll add fragments shortly)
* change data_blob_talloc() to not zero memory when the 2nd argument
is NULL. The zeroing just masks bugs, and can't even allow a DOS
attack
* modified pidl to ensure that [ref] arguments to the out side of
functions are allocated when parsing the in side. This allows rpc
backends to assume that [ref] variables are all setup. Doesn't work
correctly for [ref] arrays yet
* changed DLIST_ADD_END() to take the type instead of a tmp
variable. This means you don't need to declare a silly tmp variable in
the caller
(This used to be commit 46e0a358198eeb9af1907ee2a29025d3ab23b6d1)
|
|
* make far more generated functions static
* get rid of gen_rpc, and include the client calls in ndr_*.c
* added placeholder IDL for a number of intefaces (dcom, wzcsvc, browser etc)
(This used to be commit a2bdf0be0119023df3c2b9ea515ed355020f2625)
|