| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
metze
(This used to be commit bbd086f2edf81028f2370be8ce0739144cd64b02)
|
|
(This used to be commit 8768bec81f57131a0c9754e8121b345c0be4a5d0)
|
|
as well?
The server side change is needed to fix a valgrind error, which was
possibly exploitable if the client sent deliberately bad data
(This used to be commit e3c04cf165fe15739197b2713e78046399aa7653)
|
|
a RPC-SECRETS on kerberos test still fails, but I'll let andrew take a
look at that later :)
(This used to be commit c260b175682c1cd95eaba958bfd9f054cb2547ea)
|
|
abstractions now.
Andrew Bartlett
(This used to be commit df31237c0cac0213c4f32fc491bcec2ea9f885c3)
|
|
length, use the amount the wapped message expanded by.
This works, because GSSAPI doesn't do AEAD (signing of headers), and
so changing the signature length after the fact is valid.
Andrew Bartlett
(This used to be commit bd1e0f679c8f2b9755051b8d34114fa127a7cf26)
|
|
(This used to be commit fcf6d827199eac83fa424f2eb87a72ed8463e150)
|
|
* Move dlinklist.h, smb.h to subsystem-specific directories
* Clean up ads.h and move what is left of it to dsdb/
(only place where it's used)
(This used to be commit f7afa1cb77f3cfa7020b57de12e6003db7cfcc42)
|
|
hierachy
metze
(This used to be commit a0aa61a8d583ef626d082c47377c87008874e235)
|
|
metze
(This used to be commit 8e87b79ce73931376b5852bc734f982f57aad4f3)
|
|
(This used to be commit 61c6100617589ac6df4f527877241464cacbf8b3)
|
|
requests. The fix involves using the same packet queue mechanism for
these requests as normal requests, which also simplifies the code
somewhat
(This used to be commit 2e7f5add13da3061d2f2e2869d10df06b3a98f40)
|
|
around the mess that is composite functions...
Async might be all the rage, but it's bloody painful to debug.
Andrew Bartlett
(This used to be commit 756e1dad7ce54b83f8170db3434bfcfc4afe7e65)
|
|
libraries.
This support requires that the bind_ack and alter_ack recv functions
also be send the DCE/RPC fault. This would be best done by having the
ack run as a normal RPC reply callback, but this isn't easily possible
for now.
Andrew Bartlett
(This used to be commit be6dde22fe728d64d47875699d3421c6d8d872a4)
|
|
Andrew Bartlett
(This used to be commit ed4ab63c2dd811d07594ba397ed22f9d02eeb63a)
|
|
(This used to be commit a316b33057f3ec8532677980e093cd327d33f257)
|
|
This allows us to correctly parse the bind_nak from NT4, when we use
an invalid auth type (the unsupported SPNEGO)..
Andrew Bartlett
(This used to be commit ce0c7f86fd5eeeacad885d732b66c65ac9103ace)
|
|
(This used to be commit 51b4270513752d2eafbe77f9de598de16ef84a1f)
|
|
string form of the structure we receive matches the generated
form. This has the effect of checking things like value() attributes.
(This used to be commit f2e68ec649658976e5bf4887713a92c14850c277)
|
|
subsystems.
This allows Samba libraries to be used by other projects (and parts of
Samba to be built as shared libraries).
(This used to be commit 44f0aba715bfedc7e1ee3d07e9a101a91dbd84b3)
|
|
(This used to be commit 70e7449318aa0e9d2639c76730a7d1683b2f4981)
|
|
now completely to a new subsystem.
(This used to be commit bbacfaaea5819e0ecadf81e8fbb424916284c809)
|
|
(This used to be commit 0aca5fd5130d980d07398f3291d294202aefe3c2)
|
|
Be a bit more strict when checking for duplicate interfaces
(This used to be commit b1286a6d27e2b5aa26f288f6aff70601b0d8ae74)
|
|
Avoids converting a static string to GUID every time we check whether
a transfer syntax is equal to that of NDR.
(This used to be commit 8dcfcaf75ab8cf4a54cf5e56f6be25acc68e3989)
|
|
back and
forth between GUID structs and strings in several places.
(This used to be commit 3564e2f967ef72d6301b4f7e9a311cebcded4d75)
|
|
dcerpc_interface_table struct rather then a tuple of interface
name, UUID and version.
This removes the requirement for having a global list of DCE/RPC interfaces,
except for these parts of the code that use that list explicitly
(ndrdump and the scanner torture test).
This should also allow us to remove the hack that put the authservice parameter
in the dcerpc_binding struct as it can now be read directly from
dcerpc_interface_table.
I will now modify some of these functions to take a dcerpc_syntax_id
structure rather then a full dcerpc_interface_table.
(This used to be commit 8aae0f168e54c01d0866ad6e0da141dbd828574f)
|
|
instead make the normal composite_done() and composite_error()
functions automatically trigger a delayed callback if the caller has
had no opportunity to setup a async callback
this removes one of the common mistakes in writing a composite function
(This used to be commit f9413ce792ded682e05134b66d433eeec293e6f1)
|
|
being freed before being given to gensec_update()
(This used to be commit cf2cb4279e2b31989eee2fec848982b10fcc2136)
|
|
flag 'smb2' in the dcerpc binding string. This gives a pretty good
test to the new SMB2 trans call.
(This used to be commit f99bef585d4c1e52becc06b581bd5aaa62cf9dd7)
|
|
after volker gently pointed out that I should be wearing a paper bag
over my head for the last attempt :-)
(This used to be commit 7e132761fce75f64d3e7d42f650c45a483e37e3e)
|
|
destroying the dcerpc pipe
(This used to be commit 0b91602fa4b9a8b40331d088bdaac76381eac7ef)
|
|
- removed the struct dcerpc_request_state as all the state
information is already available on the dcerpc_pipe structure, so just
use that
- added a single dcerpc_recv_data() handler for receiving packets
from the transport layer. This then does the initial decoding of
the dcerpc packet, and then looks at the packet type in order to
work out who to dispatch it to. This should allow in-flight async
rpc requests to still work while a new bind or alter context is
happening
- ensure that if the transport indicates the connection is dead that
any in-flight bind or alter context requests are given an error
- removed full_request_private and instead use separate bind_private
and alter_private pointers
- added a few comments for some bits I found hard to understand
(This used to be commit 938e372bffbee1982ad8268b83c43514fd2e5633)
|
|
(This used to be commit e1bf1c326f297321a6c8fdf9679130dba102669e)
|
|
This also removes dcerpc_bind_auth_password, the only user of
dcerpc_bind_auth. And this was not only passwords anyway.
Andrew Bartlett, as usual: Please take a close look.
Thanks,
Volker
(This used to be commit 2ff2dae3d035af6cb0c131573cfd983fc9a58eee)
|
|
closely. Survives RPC-ALTERCONTEXT.
Volker
(This used to be commit 1875c4808f8c30a6f750b88e166d43a736d5edc7)
|
|
Tridge et al, please take a close look at this. It survives my basic rpc-login
test as well as rpc-lsa, but this is critical I think.
Volker
(This used to be commit bf1a55f44c84d9bb8b2f83f5d25727550ca8fcf2)
|
|
(This used to be commit 3e4ab756f421acd747e9ea4c48b0f61d48dfa8fd)
|
|
requests. If it's
not there (it's not yet on *any* call... :-)), the rpc client strictly
sequences calls to an rpc pipe. Might need some more work on the exact
sequencing semantics when a pipe with both sync and async calls is actually
deployed, but I want it in for winbind simplification.
Volker
(This used to be commit b8f324e4f000971b7dafc263c16dd4af958ee7f9)
|
|
within a callback on the pipe. This should fix a problem volker
encountered with winbind. The fix invoolves making the recv_data
handler free the memory for a packet, instead of having the transport
layer free it after calling recv_data. When the transport layer freed
it, it had no way of knowing if the callback had shutdown the pipe, so
it had no way of knowing if it could safely use the pointer.
Also changed the pipe shutdown hook for the smb transport to use an
async SMB close. This ensures that when you shutdown the pipe, you
don't block waiting for the server to ack the close of the pipe fnum.
(This used to be commit c87d7f580e39245db181605f50883de07dd9632e)
|
|
data to be signed/sealed. We can use this to split the data from the
signature portion of the resultant wrapped packet.
This required merging the gsskrb5_wrap_size patch from
lorikeet-heimdal, and fixes AES encrption issues on DCE/RPC (we no
longer use a static 45 byte value).
This fixes one of the krb5 issues in my list.
Andrew Bartlett
(This used to be commit e4f2afc34362953f56a026b66ae1aea81e9db104)
|
|
(This used to be commit fac77f5fa267da57a55e88cad8993897e80741a0)
|
|
(This used to be commit 4e14ebf51e871d6d70a194e2725c2158675dc6fc)
|
|
structure in ndr_push_*() and ndr_print_*(). The push and print
functions really should not modify the structure.
metze, to make this work I had to change your spoolss hand
marshaller. Can you please check it is OK? I think that the IN and OUT
sides of that function are not ever called on the same structure, so I
think that attempt at remembering the value by assigning to
r->in._offered was not doing anything anyway, but please correct me if
I have misunderstood it.
If you really do need to remember something on those structures I'd
suggest the ndr_token_store() and ndr_token_retrieve() functions,
which are used by pidl for just this sort of thing.
(This used to be commit eee528be97fa43ca53bdc5652b4d29a0a2caf563)
|
|
does finally answer the request and it is on the smb transport that we
don't die in the callback code as the rpc request state is gone.
(This used to be commit d47477c5c3acbaa7242fa3a06d4095258db86297)
|
|
event_context for the socket_connect() call, so that when things that
use dcerpc are running alongside anything else it doesn't block the
whole process during a connect.
Then of course I needed to change any code that created a dcerpc
connection (such as the auth code) to also take an event context, and
anything that called that and so on .... thus the size of the patch.
There were 3 places where I punted:
- abartlet wanted me to add a gensec_set_event_context() call
instead of adding it to the gensec init calls. Andrew, my
apologies for not doing this. I didn't do it as adding a new
parameter allowed me to catch all the callers with the
compiler. Now that its done, we could go back and use
gensec_set_event_context()
- the ejs code calls auth initialisation, which means it should pass
in the event context from the web server. I punted on that. Needs fixing.
- I used a NULL event context in dcom_get_pipe(). This is equivalent
to what we did already, but should be fixed to use a callers event
context. Jelmer, can you think of a clean way to do that?
I also cleaned up a couple of things:
- libnet_context_destroy() makes no sense. I removed it.
- removed some unused vars in various places
(This used to be commit 3a3025485bdb8f600ab528c0b4b4eef0c65e3fc9)
|
|
seconds. This should prevent the problem I am seeing on a solaris box
where a rpc request gets stuck forever
(This used to be commit c24ab34813d675b9b81f3062fb6f30aae5697805)
|
|
ncacn_ specific
(This used to be commit 875cce126878172eedb43b4ecab3970ea9d82e4a)
|
|
(This used to be commit 2009a430b03c685dd65bd573e70d3618f2e0dd0f)
|
|
The main difference in this new version is the extra data structure generated
between the IDL data structure and the NDR parser:
IDL -> NDR -> { ndr_parser, ndr_header, eparser, etc }
This makes the ndr_parser.pm internals much more sane.
Other changes include:
- Remove unnecessary calls with NDR_BUFFERS (for example, GUID doesn't have any buffers, just scalars) as well as some (unnecessary) nested setting of flags.
- Parse array loops in the C code rather then calling ndr_pull_array(). This allows us to have, for example, arrays of pointers or arrays of pointers to arrays, etc..
- Use if() {} rather then if () goto foo; everywhere
- NDR_IN no longer implies LIBNDR_FLAG_REF_ALLOC
- By default, top level pointers are now "ref" (as is the default in
most other IDL compilers). This can be overridden using the
default_pointer_top() property.
- initial work on new ethereal parser generators by Alan DeKok and me
- pidl now writes errors in the standard format used by compilers, which
is parsable by most editors
- ability to warn about the fact that pidl extension(s) have been used,
useful for making sure IDL files work with other IDL compilers.
oh, and there's probably some other things I can't think of right now..
(This used to be commit 13cf227615f6b9e0e5fa62e59197024410254f01)
|
