summaryrefslogtreecommitdiff
path: root/source4/librpc/ndr
AgeCommit message (Collapse)AuthorFilesLines
2007-10-10r1294: A nice, large, commit...Andrew Bartlett1-1/+1
This implements gensec for Samba's server side, and brings gensec up to the standards of a full subsystem. This means that use of the subsystem is by gensec_* functions, not function pointers in structures (this is internal). This causes changes in all the existing gensec users. Our RPC server no longer contains it's own generalised security scheme, and now calls gensec directly. Gensec has also taken over the role of auth/auth_ntlmssp.c An important part of gensec, is the output of the 'session_info' struct. This is now reference counted, so that we can correctly free it when a pipe is closed, no matter if it was inherited, or created by per-pipe authentication. The schannel code is reworked, to be in the same file for client and server. ntlm_auth is reworked to use gensec. The major problem with this code is the way it relies on subsystem auto-initialisation. The primary reason for this commit now.is to allow these problems to be looked at, and fixed. There are problems with the new code: - I've tested it with smbtorture, but currently don't have VMware and valgrind working (this I'll fix soon). - The SPNEGO code is client-only at this point. - We still do not do kerberos. Andrew Bartlett (This used to be commit 07fd885fd488fd1051eacc905a2d4962f8a018ec)
2007-10-10r1274: revert -r 1239 as discussed with abartletStefan Metzmacher1-301/+0
metze (This used to be commit 52e2d038252bd745d53c687d266ad3ad62efa6fc)
2007-10-10r1269: Add a 'base' field to the ndr_ofs_list structure which is the base toTim Potter2-1/+5
which the offset applies to. In an array of structures containing relative members, the offset applies to the start of the array element being marshalled. Previously, there was no way to access the relevant structure start as by the time we have hit buffers, the head of the offset list will be the last structure being marshalled. Interestingly enough, this makes relstrs go away. I think we thought they were a special case in samba 3 but it turns out they are just regular relative elements in the idl. This makes spoolss a lot simpler than I thought it would be. I've run the samr and lsa tests and this doesn't seem to break anything. It looks like security descriptors are the only structures that contain relative members. Oh yeah, this will probably require a 'make clean && make' otherwise you will get bizzare errors. (This used to be commit d379dcdfd5f41e7cf7668354c3011b8ace190953)
2007-10-10r1264: Make sure to initialize ofs_list when creating new ndr_{push,pull}Tim Potter1-0/+2
structures. (This used to be commit 6a39b17f6d8776ae695dc5c6caa0990ab2733e3c)
2007-10-10r1239: move the old msrpc_<gen|parse>() functions to ↵Stefan Metzmacher1-0/+301
ndr_<push|pull>_format_blob() simular to ndr_<push|pull>_struct_blob() metze (This used to be commit b25dd341e0febd550a2936ca484b6fecce2ff8c2)
2007-10-10r1133: - add ndr_pull_ptr() as a separate call instead of ndr_pull_uint32()Andrew Tridgell1-0/+10
(useful for debugging IDL) - fixed a couple of places that auto-generate incorrect printf style arguments for ndr_pull_error() (This used to be commit ad3324a79ce030df4c5ed46408e662b46588f89f)
2007-10-10r1132: add a PRINTF_ATTRIBUTE to ndr_pull_error() to catch printf style ↵Andrew Tridgell1-1/+2
coding errors (This used to be commit f0940f19129f0f2eccc3bb5130b8d2dd0b60f83f)
2007-10-10r1048: - moved the schannel definitions into a separate schannel.idlAndrew Tridgell1-0/+2
- added server side support for schannel type 23. This allows WinXP to establish a schannel connection to Samba4 as an ADS DC - added client side support for schannel type 23, but disabled it as currently the client code has now way of getting the fully qualified domain name (which is needed) - report dcerpc faults in the server code in the log (This used to be commit 55e0b014fe14ca8811b55887208a1c3147ddb0d2)
2007-10-10r1030: added server side schannel supportAndrew Tridgell1-0/+23
(This used to be commit 2ac79dfba0e64056a680f21d7dd0c007f79d4a70)
2007-10-10r960: convert 'unsigned int' to uint_t in the most placesStefan Metzmacher1-1/+1
metze (This used to be commit 18062d2ed9fc9224c43143c10efbf2f6f1f5bbe0)
2007-10-10r937: - added a simple QuerySecurity implementation in samr serverAndrew Tridgell1-0/+12
- moved some sec desc defines into misc.idl - fixed pw_len field in UserInfo26 - made some pipes available on TCP - added netr_DsrEnumerateDomainTrusts() to netlogon - added templates for remaining netlogon IDL calls (from ethereal) - added a unistr_noterm vs unistr error detector in ndr basic decoder - added torture test for netr_DsrEnumerateDomainTrusts() (This used to be commit ae5a5113fb83640dcb9ae4642c1b9eaf28487956)
2007-10-10r895: use _t in base ndr fnsAndrew Tridgell1-4/+4
(This used to be commit b3c00acdf0e85563b5d5ce1f9bc86cc2e781d53e)
2007-10-10r890: convert samba4 to use [u]int8_t instead of [u]int8Stefan Metzmacher1-4/+4
metze (This used to be commit 2986c5f08c8f0c26a2ea7b6ce20aae025183109f)
2007-10-10r889: convert samba4 to use [u]int16_t instead of [u]int16Stefan Metzmacher3-12/+12
metze (This used to be commit af6f1f8a01bebbecd99bc8c066519e89966e65e3)
2007-10-10r884: convert samba4 to use [u]int32_t instead of [u]int32Stefan Metzmacher6-83/+83
metze (This used to be commit 0e5517d937a2eb7cf707991d1c7498c1ab456095)
2007-10-10r873: converted samba4 to use real 64 bit integers instead ofAndrew Tridgell1-16/+61
structures. This was suggested by metze recently. I checked on the build farm and all the machines we have support 64 bit ints, and support the LL suffix for 64 bit constants. I suspect some won't support strtoll() and related functions, so we will probably need replacements for those. (This used to be commit 9a9244a1c66654c12abe4379661cba83a73c4c21)
2007-10-10r511: fix some const handlingAndrew Tridgell1-3/+3
(This used to be commit be94cc4032b23fd99823902ddcd1472a72314a88)
2007-10-10r327: fixed an uninitialised variable found by valgrindAndrew Tridgell1-0/+1
(This used to be commit 10844cf925d6a8164191a6dbbcaacc7bf8179933)
2007-10-10r275: added IDL and test code for samr_QueryDisplayInfo3(),Andrew Tridgell1-2/+18
samr_AddMultipleMembersToAlias(), samr_RemoveMultipleMembersFromAlias(), samr_OemChangePasswordUser2(), and samr_ChangePasswordUser2() The password change functions don't actually work yet (but should soon). At this stage I have just completed the IDL for them. Next step is to get the hash verifiers right and the torture test should be able to do password changes. (This used to be commit 849d0d314a2add80f2b2be6b503fea05973f998e)
2007-10-10r152: a quick airport commit ....Andrew Tridgell1-1/+1
added ldbedit, a _really_ useful command added ldbadd, ldbdel, ldbsearch and ldbmodify to build solved lots of timezone issues, we now pass the torture tests with client and server in different zones fixed several build issues I know this breaks the no-LDAP build. Wait till I arrive in San Jose for that fix. (This used to be commit af34710d4da1841653624fe304b1c8d812c0fdd9)
2004-02-03- add 'print' to the DCERPC binding stringsStefan Metzmacher1-4/+0
e.g. ncacn_np:myserver:[samr,sign,print] will now enable the packet debugging and the debugging is not bound anymore to the debuglevel >= 2 in the torture tests - also the dcesrv_remote module now supports debugging of the packets use the 'dcerpc_remote:binding' smb.conf parameter. metze (This used to be commit 40abf3c584efed7f977ddd688ea064540e5a5b13)
2004-01-11added dom_sid_string() functionAndrew Tridgell1-7/+15
(This used to be commit 399f95536bf64890284a51e4a2bbb7a15c91c3be)
2004-01-08This patch adds a better dcerpc server infastructure.Stefan Metzmacher1-27/+41
1.) We now register endpoint servers add startup via register_backend() and later use the smb.conf 'dcerpc endpoint servers' parameter to setup the dcesrv_context 2.) each endpoint server can register at context creation time as much interfaces as it wants (multiple interfaces on one endpoint are supported!) (NOTE: there's a difference between 'endpoint server' and 'endpoint'! for details look at rpc_server/dcesrv_server.h) 3.) one endpoint can have a security descriptor registered to it self this will be checked in the future when a client wants to connect to an smb pipe endpoint. 4.) we now have a 'remote' endpoint server, which works like the ntvfs_cifs module it takes this options in the [globals] section: dcerpc remote:interfaces = srvsvc, winreg, w32time, epmapper dcerpc remote:binding = ... dcerpc remote:user = ... dcerpc remote:password = ... 5.) we currently have tree endpoint servers: epmapper, rpcecho and remote the default for the 'dcerpc endpiont servers = epmapper, rpcecho' for testing you can also do dcerpc endpoint servers = rpcecho, remote, epmapper dcerpc remote:interfaces = srvsvc, samr, netlogon 6,) please notice the the epmapper now only returns NO_ENTRIES (but I think we'll find a solution for this too:-) 7.) also there're some other stuff left, but step by step :-) This patch also includes updates for the register_subsystem() , ntvfs_init(), and some other funtions to check for duplicate subsystem registration metze (hmmm, my first large commit...I hope it works as supposed :-) (This used to be commit 917e45dafd5be4c2cd90ff425b8d6f8403122349)
2003-12-31the endpoint mapper now works in bigendian modeAndrew Tridgell2-3/+6
(This used to be commit 1f89d89954a3501e08efa97d1276ba9bb2d2305f)
2003-12-19addition of samr_SetSecurity() from kaiAndrew Tridgell1-1/+1
we needed to adjust the alignment of [relative] buffers for this to work. I wonder if they are always 4 byte aligned? (This used to be commit 9cd0a0b8b976e62c6da71b7e55cba5b38483620d)
2003-12-19fixed the AddAliasMem test codeAndrew Tridgell1-0/+23
(This used to be commit abe7ffcece5fcb75b0cf5633dd5871fa3e3c1723)
2003-12-16fixed formatting of uuids in debug outputAndrew Tridgell1-1/+1
(This used to be commit 7895796ef8a0dfe5de1404e630b2489fdec39a56)
2003-12-16added support for big-endian ucs2 strings (as used by big-endianAndrew Tridgell1-7/+17
msrpc). this was easier than I expected! (This used to be commit a0a51af6b746b1f82faaa49d33c17fea9d708fb0)
2003-12-16a fairly large commit!Andrew Tridgell1-47/+30
This adds support for bigendian rpc in the client. I have installed SUN pcnetlink locally and am using it to test the samba4 rpc code. This allows us to easily find places where we have stuffed up the types (such as 2 uint16 versus a uint32), as testing both big-endian and little-endian easily shows which is correct. I have now used this to fix several bugs like that in the samba4 IDL. In order to make this work I also had to redefine a GUID as a true structure, not a blob. From the pcnetlink wire it is clear that it is indeed defined as a structure (the byte order changes). This required changing lots of Samba code to use a GUID as a structure. I also had to fix the if_version code in dcerpc syntax IDs, as it turns out they are a single uint32 not two uint16s. The big-endian support is a bit ugly at the moment, and breaks the layering in some places. More work is needed, especially on the server side. (This used to be commit bb1af644a5a7b188290ce36232f255da0e5d66d2)
2003-12-12Added routines for arrays of uint16s.Tim Potter1-0/+33
(This used to be commit 370512f6644507ed0457de71ab5a50207e00e750)
2003-12-12 * the RPC-ECHO pipe now works in smbd, as long as the data sizesAndrew Tridgell1-1/+1
don't cause fragmented pdus (I'll add fragments shortly) * change data_blob_talloc() to not zero memory when the 2nd argument is NULL. The zeroing just masks bugs, and can't even allow a DOS attack * modified pidl to ensure that [ref] arguments to the out side of functions are allocated when parsing the in side. This allows rpc backends to assume that [ref] variables are all setup. Doesn't work correctly for [ref] arrays yet * changed DLIST_ADD_END() to take the type instead of a tmp variable. This means you don't need to declare a silly tmp variable in the caller (This used to be commit 46e0a358198eeb9af1907ee2a29025d3ab23b6d1)
2003-12-02 * netr_ServerPasswordSet() now works - the test suite changes theAndrew Tridgell1-1/+3
machine account password. * neater handling on value() options in IDL. The auto-print code will now display the right value so you don't need to initialise it in your C code (This used to be commit 3dd978b12bb5571fba4e1839c0f7ee60cf729aa2)
2003-12-01added netr_ServerReqChallenge and cleaned up byte array printingAndrew Tridgell2-11/+13
(This used to be commit bb42107dccf3a384a4a5c029b4d2752e0898d7cb)
2003-12-01started adding netlogon IDL and test suiteAndrew Tridgell1-0/+28
(This used to be commit 3d64eefb464d09fb6e84d6139f801887a278cf86)
2003-11-30Added EnumPrinterDriver, GetPrinterDriver (still in progress)Tim Potter1-0/+17
(This used to be commit a818439b5915fd70b8aa3d3045f658b3f59a6bea)
2003-11-28Added EnumJobs, GetJob, SetJob RPCs.Tim Potter1-0/+17
(This used to be commit a06cbbbf1fa1e873bb13bc86d14694b2af791e22)
2003-11-28added auto-generation of the IDL interface tables. This makes two lessAndrew Tridgell2-40/+3
places that need to be edited when someone adds a new IDL file. (This used to be commit ccd9ddeed679baa6cbb05ac728b381b50420e00f)
2003-11-26Implemented EnumForms and GetForm.Tim Potter1-0/+17
(This used to be commit 822750592cffb175aa7afb268bc7cb47bbab47e4)
2003-11-26signed DCERPC over TCP now works !Andrew Tridgell2-77/+38
* moved ntlmssp code into libcli/auth/, and updated to latest ntlmssp code from samba3 (thanks Andrew! the new interface is great) * added signing/ntlmssp support in the dcerpc code * added a dcerpc_auth.c module for the various dcerpc auth mechanisms (This used to be commit c18c9b5585a3e5f7868562820c14f7cb529cdbcd)
2003-11-24added tests for epm_Map endpointer map callsAndrew Tridgell1-0/+3
(This used to be commit 570ad78525ffcc116842270b62ba41c86c2a018d)
2003-11-24added tests for the remaining calls on the rpc management interfaceAndrew Tridgell1-0/+32
(This used to be commit 00f9b0e12061c175334f96805ca8333f28f74d91)
2003-11-24added the dcerpc remote management interfaces as mgmt.idl, and wrote aAndrew Tridgell3-6/+38
test suite. The test suite dumps all of the interfaces available on all pipes. There sure are a lot more interfaces on w2k3 than w2k ! (This used to be commit f94bc079902d725b63155d8d2de5bf408c6e7335)
2003-11-23added a tool called 'ndrdump' that allows you to dump NDR dataAndrew Tridgell1-1/+1
according to the current IDL taking the data from a file. In combination with a little hack to ethereal to extract data this is a quite powerful IDL development tool. (This used to be commit 229a325c3cf0d4dc1e910ed32e1d7391040aeba1)
2003-11-23ooh, this is fun!Andrew Tridgell3-5/+75
I have recoded the core dcerpc packet structures (all the PDUs etc) in terms of IDL, which means we now use pidl to generate all the code for handling the most basic dcerpc packets. This is not normally possible as it isn't completely valid NDR, but pidl has a number of extensions that make it quite easy. This also means we get the server side dcerpc marshalling/unmarshalling code for free. (This used to be commit 92bcad02587c3c1b31b523ee9fa46658a6cef9ff)
2003-11-22 * fixed null terminated string handlingAndrew Tridgell2-3/+8
* fixed nested relative offsets in push functions the spoolss torture test now passes! (This used to be commit 60ced76160e4f4e2b511ebbeec31130c8ebcdd22)
2003-11-22 * fixed NDR flag inheritance across push subcontextsAndrew Tridgell1-0/+3
* don't consider not doing lsa_QueryInfoPolicy level 11 a failure (w2k3 doesn't have this level, w2k does) * on a NDR validation failure dump the failed data at level 3 (This used to be commit 9d5078962f0f8aef3360dea4c4774cf8de1fdc26)
2003-11-22a fairly major upgrade to the dcerpc systemAndrew Tridgell4-28/+244
* added a NDR validator. The way it works is that when the DCERPC_DEBUG_VALIDATE_* flags are set the dcerpc system will perform NDR buffer validation. On sending a request the packet is first marshalled, then unmarahslled, then marshalled again, and it is confirmed that the two marshalling results are idential. This ensures that our pull and push routines are absolutely in sync, so that we can be very confident that if a routine works in the client then the corresponding routine must work on the server side. A similar validation is performed on all replies. * a result of this change is that pidl is fussier about the [ref] tag. You can only use it on pointers (which is the only place it makes sense) * fixed a basic alignment bug in the push side of the NDR code * added server side pull/push support. Our dcerpc system is now fully ready to be used on the server side. * fixed the relative offset pointer list. It must be traversed in reverse order on push * added automatic value setting for the size parameter in outgoing SdBuf structures. * expanded the ndr debugging code to always give a message on any failure * fixed the subcontext push code * fixed some memory leaks in smbtorture RPC tests (This used to be commit 8ecf720206a2eef3f8ea7cbdb1f460664a5dba9a)
2003-11-22added some explanations for epmapper IDL and dom_sid2Andrew Tridgell1-1/+11
(This used to be commit 5962f1cffa9273cc06c8a3c4a112f3ce94b84dae)
2003-11-21cleaner handling of relative pointers to stringsAndrew Tridgell1-3/+3
(This used to be commit 4022e710755a61a3439f739a78fa6965b9b7788e)
2003-11-21* changed the way strings are handled in pidl to a much more generalAndrew Tridgell3-240/+270
interface. We now support an arbitrary set of flags to each parser, and these can be used to control the string types. I have provided some common IDL string types in librpc/idl/idl_types.h which needs to be included in every IDL file. * added IDL for the endpoint mapper. Added a test suite that enumerates all endpoints on the server. (This used to be commit d2665f36a75b482ff82733f72ffac938c2acf87a)