summaryrefslogtreecommitdiff
path: root/source4/librpc/rpc/dcerpc.c
AgeCommit message (Collapse)AuthorFilesLines
2007-10-10r3103: use a destructor to ensure that on abnormnal rpc request terminationAndrew Tridgell1-0/+12
it is removed from the pending list. (This used to be commit 33176e9751374de3b5dc3f5f9b19c6824140d90a)
2007-10-10r2671: we're getting too many errors caused by the talloc_realloc() API notAndrew Tridgell1-1/+2
taking a context (so when you pass a NULL pointer you end up with memory in a top level context). Fixed it by changing the API to take a context. The context is only used if the pointer you are reallocing is NULL. (This used to be commit 8dc23821c9f54b2f13049b5e608a0cafb81aa540)
2007-10-10r2628: got rid of some warnings and converted a few more places to use ↵Andrew Tridgell1-2/+1
hierarchical memory allocation (This used to be commit 26da45a8019a2d6c9ff2ac2a6739c7d0b42b00de)
2007-10-10r2614: support CONNECT level DCE/RPC security in both client andAndrew Tridgell1-3/+49
server. CONNECT security uses NTLMSSP, but does not do any signing or sealing (or equivalently, its like signing, but with a zero filled checksum). (This used to be commit f4660857bc708db7f5aa7487bf7ab04bffe68928)
2007-10-10r2443: check return code of event_loop_once() to catch thet cases where the ↵Stefan Metzmacher1-2/+6
server closes the connetion and we got EBADF from select() and event_loop_once() fails metze (This used to be commit 9c0e50a6f3d628156b4543d5ded89e06be696f64)
2007-10-10r2399: Display text description of rpc fault in debug message.Tim Potter1-1/+1
(This used to be commit 04aec4c0a3f559f6a9ccfaf990f3a2ff2e6f48df)
2007-10-10r2383: fixed the handling of sending zero length dcerpc packets (I broke thisAndrew Tridgell1-1/+3
recently, and this broke the autoidl code) (This used to be commit 01d66f68f6b21dc9b5c0702edcd4f56daeae9b9d)
2007-10-10r2304: fixed a bug in old style NTLM signingAndrew Tridgell1-1/+1
(This used to be commit 09651b831d085345dd385bc9777f97e1c0d57c6f)
2007-10-10r2294: this fixes the NTLM2 sign+seal combination. I have now tested:Andrew Tridgell1-5/+8
NTLM sign NTLM sign+seal NTLM2 sign NTLM2 sign+seal and all of the above both with and without key exchange the NTLM2 seal case is ugly and involves an extra data copy, which some API changes in gensec or the ndr layer might avoid in future. (This used to be commit fce7a4218b3136d880dd1a123e8525e3091bbed8)
2007-10-10r2284: Thanks to some great detective work by tridge, NTLM2 signing now works.Andrew Bartlett1-55/+71
This means that 'require NTLMv2 session security' now works for RPC pipe signing. We don't yet have sealing, but it can't be much further. This is almost all tridge's code, munged into a form that can work with the GENSEC API. This commit also includes more lsakey fixes - that key is used for all DCE-RPC level authenticated connections, even over CIFS/ncacn_np. No doubt I missed something, but I'm going to get some sleep :-) Andrew Bartlett (This used to be commit a1fe175eec884280fb7e9ca8f528134cf4600beb)
2007-10-10r2275: don't crash on a rpc BIND_NAK response ...Andrew Tridgell1-1/+6
(This used to be commit 22a6e5d50d2d40c2dfc5e36bce1132b92723dd81)
2007-10-10r2234: Tridge, this is a patch to allow people to set the REF_ALLOC flag onTim Potter1-0/+4
a dcerpc_pipe structure as we discussed this morning. (This used to be commit 79969dc8daf5fdaacd26135a200ecec0b4d7663c)
2007-10-10r2185: add a callback function to the dcerpc async APIAndrew Tridgell1-0/+20
also add a demonstration of its use in the netlogon async example (This used to be commit f2a0438c66b999189c1a2ad726e91efd0748eb90)
2007-10-10r2180: added RPC flags "padcheck" which enables checking of all received padAndrew Tridgell1-14/+33
bytes to make sure they are zero. Non-zero values usually indicate one of two things: - the server is leaking data through sending uninitialised memory - we have mistaken a real field in the IDL for padding to differentiate between the two you really need to run with "print,padcheck" and look carefully at whether the non-zero pad bytes are random or appear to be deliberate. (This used to be commit 7fdb778f81f14aaab75ab204431e4342a462957a)
2007-10-10r2118: fixed the receipt of bigendian rpc packets with the new async code.Andrew Tridgell1-3/+10
The fix uses the new talloc_increase_ref_count() function in an interesting way. I suspect this sort of technique will become quite common. (This used to be commit a86e629a39baf0ba2a6bb347eb9b72551c1477ff)
2007-10-10r2103: in the conversion to async rpc I simplified the smb backend to onlyAndrew Tridgell1-10/+6
use readx/writex instead of the more efficient SMBtrans calls. This patch restores the efficiency by using SMBtrans when possible. (This used to be commit 83fbe080e7fcdf4168d85f654b802dc4538b8984)
2007-10-10r2100: rework the dcerpc client side library so that it is async. We nowAndrew Tridgell1-138/+354
generate a separate *_send() async function for every RPC call, and there is a single dcerpc_ndr_request_recv() call that processes the receive side of any rpc call. The caller can use dcerpc_event_context() to get a pointer to the event context for the pipe so that events can be waited for asynchronously. The only part that remains synchronous is the initial bind calls. These could also be made async if necessary, although I suspect most applications won't need them to be. (This used to be commit f5d004d8eb8c76c03342cace1976b27266cfa1f0)
2007-10-10r2041: Fix NTLMSSP RPC sealing, client -> win2k3 server.Andrew Bartlett1-0/+18
The bug (found by tridge) is that Win2k3 is being tighter about the NTLMSSP flags. If we don't negotiate sealing, we can't use it. We now have a way to indicate to the GENSEC implementation mechanisms what things we want for a connection. Andrew Bartlett (This used to be commit 86f61568ea44c5719f9b583beeeefb12e0c26f4c)
2007-10-10r2029: changed our client side dcerpc padding to match what w2k3 does - a 16Andrew Tridgell1-2/+4
byte padding of the payload portion of the packet. (This used to be commit 271831f97f3952838557bf5034c1e435b33cb14a)
2007-10-10r1983: a completely new implementation of tallocAndrew Tridgell1-2/+1
This version does the following: 1) talloc_free(), talloc_realloc() and talloc_steal() lose their (redundent) first arguments 2) you can use _any_ talloc pointer as a talloc context to allocate more memory. This allows you to create complex data structures where the top level structure is the logical parent of the next level down, and those are the parents of the level below that. Then destroy either the lot with a single talloc_free() or destroy any sub-part with a talloc_free() of that part 3) you can name any pointer. Use talloc_named() which is just like talloc() but takes the printf style name argument as well as the parent context and the size. The whole thing ends up being a very simple piece of code, although some of the pointer walking gets hairy. So far, I'm just using the new talloc() like the old one. The next step is to actually take advantage of the new interface properly. Expect some new commits soon that simplify some common coding styles in samba4 by using the new talloc(). (This used to be commit e35bb094c52e550b3105dd1638d8d90de71d854f)
2007-10-10r1872: revert -r 1845 because the caling function should look at the fault_codeStefan Metzmacher1-12/+2
when it gets NT_STATUS_NET_WRITE_FAULT metze (This used to be commit 084845c1ab5e8acdb91f1d93b87d3f58e5de1bfd)
2007-10-10r1845: map DCERPC_FAULT_LOGON_FAILURE to NT_STATUS_LOGON_FAILUREStefan Metzmacher1-2/+11
metze (This used to be commit 0cf0c3646038574e73c77a0b7adbdf6d04fe7207)
2007-10-10r1645: added a debug when a RPC fault is receivedAndrew Tridgell1-0/+1
(This used to be commit cb1830909952dd0d0fed2090e820f1ee2552a7a2)
2007-10-10r1509: in order to interoperate with NT3.1 we need to ignore extra data at ↵Andrew Tridgell1-3/+7
the end of RPC PDUs. It turns out that NT3.1 adds junk onto the end of every PDU. (This used to be commit a4a89cffd85c213a4d751c24ccda438e44df4d2e)
2007-10-10r1419: spnego inside of dcerpc using alter_context/alter_context_respStefan Metzmacher1-6/+76
instead of auth3 metze (This used to be commit 19b0567ee533744a0f2778bf8549636a25d96526)
2007-10-10r1294: A nice, large, commit...Andrew Bartlett1-32/+26
This implements gensec for Samba's server side, and brings gensec up to the standards of a full subsystem. This means that use of the subsystem is by gensec_* functions, not function pointers in structures (this is internal). This causes changes in all the existing gensec users. Our RPC server no longer contains it's own generalised security scheme, and now calls gensec directly. Gensec has also taken over the role of auth/auth_ntlmssp.c An important part of gensec, is the output of the 'session_info' struct. This is now reference counted, so that we can correctly free it when a pipe is closed, no matter if it was inherited, or created by per-pipe authentication. The schannel code is reworked, to be in the same file for client and server. ntlm_auth is reworked to use gensec. The major problem with this code is the way it relies on subsystem auto-initialisation. The primary reason for this commit now.is to allow these problems to be looked at, and fixed. There are problems with the new code: - I've tested it with smbtorture, but currently don't have VMware and valgrind working (this I'll fix soon). - The SPNEGO code is client-only at this point. - We still do not do kerberos. Andrew Bartlett (This used to be commit 07fd885fd488fd1051eacc905a2d4962f8a018ec)
2007-10-10r1200: Add 'gensec', our generic security layer.Andrew Bartlett1-27/+31
This layer is used for DCERPC security, as well as ntlm_auth at this time. It expect things like SASL and the CIFS layer to use it as well. The particular purpose of this layer is to introduce SPENGO, which needs generic access to the actual implementation mechanisms. Schannel, due to it's 'interesting' setup properties is in GENSEC, but is only in the RPC code. Andrew Bartlett (This used to be commit 902af49006fb8cfecaadd3cc0c10e2e542083fb1)
2007-10-10r1077: fix segfault in schannel over ncacn_ip_tcpStefan Metzmacher1-0/+2
metze (This used to be commit 9e9a52692ebe9d47f1a08740ea1dcb8f46041211)
2007-10-10r1068: make the dcerpc client side auth/crypto code much more genericStefan Metzmacher1-25/+27
metze (This used to be commit 1706ff88a72c6578a109c2cf24f2f009812c3892)
2007-10-10r962: convert 'unsigned' and 'unsigned int' to uint_tStefan Metzmacher1-1/+1
metze (This used to be commit 57151e80eb1090281401930c8fe25b20a8cf3a38)
2007-10-10r889: convert samba4 to use [u]int16_t instead of [u]int16Stefan Metzmacher1-4/+4
metze (This used to be commit af6f1f8a01bebbecd99bc8c066519e89966e65e3)
2007-10-10r884: convert samba4 to use [u]int32_t instead of [u]int32Stefan Metzmacher1-3/+3
metze (This used to be commit 0e5517d937a2eb7cf707991d1c7498c1ab456095)
2007-10-10r874: This patch is a pile of work on NTLMSSP:Andrew Bartlett1-0/+4
Samba's NTLMSSP code is now fully talloc based, which should go a long way to cleaning up the memory leaks in this code. This also avoids a lot of extra copies of data, as we now allocate the 'return' blobs on a caller-supplied context. I have also been doing a lot of work towards NTLM2 signing and sealing. I have this working for sealing, but not for the verifier (MD5 integrity check on the stream) which is still incorrect. (I can aim a rpcecho sinkdata from a Win2k3 box to my server, and the data arrives intact, but the signature check fails. It does however match the test values I have...). The new torture test is cludged in - when we get a unit test suite back, I'll happliy put it in the 'right' place.... Andrew Bartlett (This used to be commit 399e2e2b1149b8d1c070aa7f0d5131c0b577d2b9)
2007-10-10r793: - don't make templates members of any class that would make them showAndrew Tridgell1-0/+3
up in searches like "objectclass=user" - auto-add the computer objectclass for computer accounts on create - added two types of password change call in samr server - reset last_fault_code before each dcerpc call (This used to be commit c1a65f83f6a4c51e60efd204dab89c20cda65d2b)
2004-02-10- modified the dcerpc client security code to be generic, so ntlmsspAndrew Tridgell1-21/+21
and schannel are both instances of possible security modules - added schannel sign and sign/seal support to the dcerpc client code. You select it with binding options of "schannel,sign" or "schannel,seal". (This used to be commit 05db0b9d942cad8f1dd574dc35b759e5e79d4195)
2003-12-17added a smb.conf flag "rpc big endian" that tells our rpc server toAndrew Tridgell1-10/+10
send packets in bigendian format. (This used to be commit 44df662960e662a55a9f27627f838771503a7a59)
2003-12-16added a define for the DCERPC little-endian data representation flagAndrew Tridgell1-8/+8
(This used to be commit 691f9c1c4448fb54846fcfffeca43601bcd44138)
2003-12-16a fairly large commit!Andrew Tridgell1-14/+75
This adds support for bigendian rpc in the client. I have installed SUN pcnetlink locally and am using it to test the samba4 rpc code. This allows us to easily find places where we have stuffed up the types (such as 2 uint16 versus a uint32), as testing both big-endian and little-endian easily shows which is correct. I have now used this to fix several bugs like that in the samba4 IDL. In order to make this work I also had to redefine a GUID as a true structure, not a blob. From the pcnetlink wire it is clear that it is indeed defined as a structure (the byte order changes). This required changing lots of Samba code to use a GUID as a structure. I also had to fix the if_version code in dcerpc syntax IDs, as it turns out they are a single uint32 not two uint16s. The big-endian support is a bit ugly at the moment, and breaks the layering in some places. More work is needed, especially on the server side. (This used to be commit bb1af644a5a7b188290ce36232f255da0e5d66d2)
2003-12-14fixed fragmented signed connections to our rpc server over SMBAndrew Tridgell1-1/+1
(This used to be commit f5df126c254bcb96dfb42096d7247215c7e7a89a)
2003-12-14fixed a bug handling multiple PDUs being read from a socket at oneAndrew Tridgell1-44/+3
time in the rpc server. started on the framework for the dcerpc authentication server code (This used to be commit 74041b6a0a60d792e1b220496d66ec27b9ee6c25)
2003-11-27a couple of tidyupsAndrew Tridgell1-3/+13
* don't try to map the epmapper uuid ! * some preliminary support for alter context pdus (This used to be commit f9857e56850cabfac06534fb33ff7a7a04346a9b)
2003-11-26by default sign RPC over TCP but not RPC over SMB. I will add command line ↵Andrew Tridgell1-10/+49
control soon (This used to be commit 215852116c1fb8c0d8ef559155a3dd55346f0c31)
2003-11-26transfer syntax V2 isn't as magic as I thoughtAndrew Tridgell1-4/+2
(This used to be commit bb3bb5dc8d494afd077fa613d064767d7aad90cd)
2003-11-26added auto-determination of the DCERPC over TCP port number by askingAndrew Tridgell1-5/+9
the servers endpoint mapper (This used to be commit 4abf5376b00f580eb69196e55a792cc7eb4c9880)
2003-11-26fixed some memory leaks in the dcerpc use of ntlmssp signingAndrew Tridgell1-0/+5
(This used to be commit abbc9993b8f7eb9f57e079db1d0b170d0b9aa443)
2003-11-26signed DCERPC over TCP now works !Andrew Tridgell1-31/+215
* moved ntlmssp code into libcli/auth/, and updated to latest ntlmssp code from samba3 (thanks Andrew! the new interface is great) * added signing/ntlmssp support in the dcerpc code * added a dcerpc_auth.c module for the various dcerpc auth mechanisms (This used to be commit c18c9b5585a3e5f7868562820c14f7cb529cdbcd)
2003-11-24initial implementation of dcerpc over tcp. RPC-EPMAPPER works, now toAndrew Tridgell1-1/+1
add epm_Map calls and support the rest of the pipes (This used to be commit 39add481582609ddb9d0b3bae45fde3226ece481)
2003-11-24 * prepared the dcerpc subsystem for adding the RPC over TCP transportAndrew Tridgell1-9/+9
* fixed a uninitialised variable bug in pidl (found by valgrind) (This used to be commit 8bce61b8af6351c72c0dd84dc61b49d8aeb1fbbd)
2003-11-24added tests for the remaining calls on the rpc management interfaceAndrew Tridgell1-33/+2
(This used to be commit 00f9b0e12061c175334f96805ca8333f28f74d91)
2003-11-24added the dcerpc remote management interfaces as mgmt.idl, and wrote aAndrew Tridgell1-2/+5
test suite. The test suite dumps all of the interfaces available on all pipes. There sure are a lot more interfaces on w2k3 than w2k ! (This used to be commit f94bc079902d725b63155d8d2de5bf408c6e7335)