summaryrefslogtreecommitdiff
path: root/source4/librpc/rpc/dcerpc.h
AgeCommit message (Collapse)AuthorFilesLines
2007-10-10r21515: add some more PFC_FLAGS from the DCERPC spec, and fix some namesStefan Metzmacher1-0/+6
also make it possible to pass and get the assoc_group_id for a pipe. also make it possible to pass the DCERPC_PFC_FLAG_CONC_MPX flag in bind requests. From the spec it triggers support for concurrent multiplexing on a single connection. w2k3 uses the assoc_group_id feature when it becomes a domain controller of an existing domain. Know the ugly part, with this it's possible to use a policy handle from one connection on a different one... typically the DsBind() call is on the 1st connection while DsGetNCChanges() call using the first connections bind handle are on the 2nd connection. The second connection also has the DCERPC_PFC_FLAG_CONC_MPX flag attached, but that doesn't seem to be related to the cross connection handle usage Can anyone think of a nice way to implement the assoc_group_id stuff in our server? metze (This used to be commit 2d8c85397d9027485ed6dbdcca87cc1ec84c7b76)
2007-10-10r19266: Add a target_hostname element to the binding struct. This allows usAndrew Bartlett1-0/+1
to perform a lookup once, resolve the name to an IP, while still communicating the full name to the lower layers, for kerberos etc. This fixes 'net samdump', which was failing due to the schannel target name being *smbserver. Andrew Bartlett (This used to be commit 0546f487f4cc99b5549dc1e457ea243d4bd66333)
2007-10-10r15524: fix a problem with rpc faults from bind and alter contextAndrew Tridgell1-6/+5
requests. The fix involves using the same packet queue mechanism for these requests as normal requests, which also simplifies the code somewhat (This used to be commit 2e7f5add13da3061d2f2e2869d10df06b3a98f40)
2007-10-10r15426: Implement SPNEGO as the default RPC authentication mechanism. WhereAndrew Bartlett1-3/+6
this isn't supported, fallback to NTLM. Also, where we get a failure as 'logon failure', try and do a '3 tries' for the password, like we already do for CIFS. (Incomplete: needs a mapping between RPC errors and the logon failure NTSTATUS). Because we don't yet support Kerberos sign/seal to win2k3 SP1 for DCE/RPC, disable this (causing SPNEGO to negotiate NTLM) when kerberos isn't demanded. Andrew Bartlett (This used to be commit b3212d1fb91b26c1d326a289560106dffe1d2e80)
2007-10-10r14735: Use dcerpc_syntax_id rather then seperate GUID + if_version everywhereJelmer Vernooij1-4/+2
(This used to be commit a316b33057f3ec8532677980e093cd327d33f257)
2007-10-10r14714: On DCE/RPC, we need the name of the remote server used on the socket,Andrew Bartlett1-0/+2
for Kerberos. It must be the full name contacted, not the 'called name' we might want to use for \\server things, so add another function. Andrew Bartlett (This used to be commit 6d57d1dbb76e7d1ca2fd4f1a6c0bacfa7a189e2b)
2007-10-10r14542: Remove librpc, libndr and libnbt from includes.hJelmer Vernooij1-0/+1
(This used to be commit 51b4270513752d2eafbe77f9de598de16ef84a1f)
2007-10-10r14488: Install more headers.Jelmer Vernooij1-0/+1
Generate different #include lines in pidl depending on whether we're building inside or outside of the Samba tree (useful for 3rd-party projects). (This used to be commit 0c188833154c1fe565cb1735909e408a4a1a6049)
2007-10-10r14381: Kill structs.hJelmer Vernooij1-0/+4
(This used to be commit 1ffb82a7596f989c90df69573083a2c2e28f8808)
2007-10-10r14362: Only include ndr_compression.h when necessary.Jelmer Vernooij1-0/+2
(This used to be commit 4fced6dbbdc06233e5cf69f90c099fafee9baa34)
2007-10-10r13924: Split more prototypes out of include/proto.h + initial work on headerJelmer Vernooij1-2/+0
file dependencies (This used to be commit 122835876748a3eaf5e8d31ad1abddab9acb8781)
2007-10-10r12865: Upgrade the librpc and libnet code.Andrew Bartlett1-0/+1
In librpc, always try SMB level authentication, even if trying schannel, but allow fallback to anonymous. This should better function with servers that set restrict anonymous. There are too many parts of Samba that get, parse and modify the binding parameters. Avoid the extra work, and add a binding element to the struct dcerpc_pipe The libnet vampire code has been refactored, to reduce extra layers and to better conform with the standard argument pattern. Also, take advantage of the new libnet_Lookup code, so we don't require the silly 'password server' smb.conf parameter. To better support forcing traffic to be sealed for the vampire operation, the dcerpc_bind_auth() function now takes an auth level parameter. Andrew Bartlett (This used to be commit d65b354959842326fdd4bd7eb7fbeea0390f4afa)
2007-10-10r12696: Reduce the size of include/structs.hJelmer Vernooij1-0/+3
(This used to be commit 63917616016133c623fc6ff59454bc313ee7dd8f)
2007-10-10r12693: Move core data structures out of smb.h into core.hJelmer Vernooij1-3/+10
torture prototypes in seperate header (This used to be commit 73610639b23ca3743077193fa0b1de7c7f65944d)
2007-10-10r12542: Move some more prototypes out to seperate headersJelmer Vernooij1-0/+2
(This used to be commit 0aca5fd5130d980d07398f3291d294202aefe3c2)
2007-10-10r12512: Use GUID structs in API functions everywhere rather then converting ↵Jelmer Vernooij1-1/+1
back and forth between GUID structs and strings in several places. (This used to be commit 3564e2f967ef72d6301b4f7e9a311cebcded4d75)
2007-10-10r12511: Remove authservice from binding stringJelmer Vernooij1-1/+0
(This used to be commit 2188168209f07bd87d90d7ff94e8b542ced68249)
2007-10-10r12510: Change the DCE/RPC interfaces to take a pointer to aJelmer Vernooij1-2/+1
dcerpc_interface_table struct rather then a tuple of interface name, UUID and version. This removes the requirement for having a global list of DCE/RPC interfaces, except for these parts of the code that use that list explicitly (ndrdump and the scanner torture test). This should also allow us to remove the hack that put the authservice parameter in the dcerpc_binding struct as it can now be read directly from dcerpc_interface_table. I will now modify some of these functions to take a dcerpc_syntax_id structure rather then a full dcerpc_interface_table. (This used to be commit 8aae0f168e54c01d0866ad6e0da141dbd828574f)
2007-10-10r12088: Use a structure to pass arguments to dcerpc connection functionsRafal Szczesniak1-0/+10
and move migrated (async) code to a new file. rafal (This used to be commit 79b231bc534e10149d86a2c647a27c27ce524949)
2007-10-10r11889: added support for dcerpc ncacn_np over SMB2. You use it by giving theAndrew Tridgell1-0/+2
flag 'smb2' in the dcerpc binding string. This gives a pretty good test to the new SMB2 trans call. (This used to be commit f99bef585d4c1e52becc06b581bd5aaa62cf9dd7)
2007-10-10r11819: simplified the async rpc bind code a little.Andrew Tridgell1-2/+5
- removed the struct dcerpc_request_state as all the state information is already available on the dcerpc_pipe structure, so just use that - added a single dcerpc_recv_data() handler for receiving packets from the transport layer. This then does the initial decoding of the dcerpc packet, and then looks at the packet type in order to work out who to dispatch it to. This should allow in-flight async rpc requests to still work while a new bind or alter context is happening - ensure that if the transport indicates the connection is dead that any in-flight bind or alter context requests are given an error - removed full_request_private and instead use separate bind_private and alter_private pointers - added a few comments for some bits I found hard to understand (This used to be commit 938e372bffbee1982ad8268b83c43514fd2e5633)
2007-10-10r11473: Based on work by Jelmer, implement the [async] flag for rpc ↵Volker Lendecke1-1/+10
requests. If it's not there (it's not yet on *any* call... :-)), the rpc client strictly sequences calls to an rpc pipe. Might need some more work on the exact sequencing semantics when a pipe with both sync and async calls is actually deployed, but I want it in for winbind simplification. Volker (This used to be commit b8f324e4f000971b7dafc263c16dd4af958ee7f9)
2007-10-10r7865: changed pidl to take a "const void *" instead of a "void *" for theAndrew Tridgell1-3/+3
structure in ndr_push_*() and ndr_print_*(). The push and print functions really should not modify the structure. metze, to make this work I had to change your spoolss hand marshaller. Can you please check it is OK? I think that the IN and OUT sides of that function are not ever called on the same structure, so I think that attempt at remembering the value by assigning to r->in._offered was not doing anything anyway, but please correct me if I have misunderstood it. If you really do need to remember something on those structures I'd suggest the ndr_token_store() and ndr_token_retrieve() functions, which are used by pidl for just this sort of thing. (This used to be commit eee528be97fa43ca53bdc5652b4d29a0a2caf563)
2007-10-10r7633: this patch started as an attempt to make the dcerpc code use a givenAndrew Tridgell1-3/+1
event_context for the socket_connect() call, so that when things that use dcerpc are running alongside anything else it doesn't block the whole process during a connect. Then of course I needed to change any code that created a dcerpc connection (such as the auth code) to also take an event context, and anything that called that and so on .... thus the size of the patch. There were 3 places where I punted: - abartlet wanted me to add a gensec_set_event_context() call instead of adding it to the gensec init calls. Andrew, my apologies for not doing this. I didn't do it as adding a new parameter allowed me to catch all the callers with the compiler. Now that its done, we could go back and use gensec_set_event_context() - the ejs code calls auth initialisation, which means it should pass in the event context from the web server. I punted on that. Needs fixing. - I used a NULL event context in dcom_get_pipe(). This is equivalent to what we did already, but should be fixed to use a callers event context. Jelmer, can you think of a clean way to do that? I also cleaned up a couple of things: - libnet_context_destroy() makes no sense. I removed it. - removed some unused vars in various places (This used to be commit 3a3025485bdb8f600ab528c0b4b4eef0c65e3fc9)
2007-10-10r7497: add timeouts to all rpc requests. The default timeout is 60Andrew Tridgell1-0/+6
seconds. This should prevent the problem I am seeing on a solaris box where a rpc request gets stuck forever (This used to be commit c24ab34813d675b9b81f3062fb6f30aae5697805)
2007-10-10r6565: Cludge, cludge, cludge...Andrew Bartlett1-7/+2
We need to pass the 'secure channel type' to the NETLOGON layer, which must match the account type. (Yes, jelmer objects to this inclusion of the kitchen sink ;-) Andrew Bartlett (This used to be commit 8ee208a926d2b15fdc42753b1f9ee586564c6248)
2007-10-10r5603: add "authservice()" property to the interface property listStefan Metzmacher1-0/+7
so we can specify allowed target service names in the idl file the default is "host" metze (This used to be commit bf40d5321f3257bf9354a42d31265f1a9b0d53ad)
2007-10-10r5209: Fix the endpoint mapper to work with IPX endpoints (whichJelmer Vernooij1-1/+1
accidently have the same protocol id as UUID's) Before this, Samba would give NDR errors when contacting a remote server that has IPX support enabled. This one was on my long due bugs list. (This used to be commit 7b847de64f35b8e897b64ad047d8aea3813214f8)
2007-10-10r4962: add infrastructure to use raw krb5 auth in dcerpc client codeStefan Metzmacher1-1/+4
Note this doesn't work currently because the gensec_modules are not ready for that yet metze (This used to be commit 7b09a3f725baca5d4483b7ec24a9cb6151557bb5)
2007-10-10r4630: for ncacn_np if we don't have an explicit request for one of theAndrew Tridgell1-2/+2
advanced auth types we should do a plain bind. This fixes rpc connections to ancient servers (like sun cascade) (This used to be commit 59a5a0b218f7182c541a06ffc4528c1160699033)
2007-10-10r4627: - simplified the dcerpc auth code using a common functionAndrew Tridgell1-2/+6
- added support for "spnego" in binding strings. This enables SPNEGO auth in the dcerpc client code, using as many allter_context calls as are needed To try SPNEGO do this: smbtorture ncacn_ip_tcp:SERVER[spnego,seal] -Uadministrator%password RPC-SAMR (This used to be commit 9c0a3423f03111c110d21c0d3910e16aa1a8bf87)
2007-10-10r4619: Remove extern declaration of dcerpc_pipes, which is now staticJelmer Vernooij1-3/+0
(This used to be commit 95e849bf94160ae4807a54b28e351539c1119215)
2007-10-10r4618: - tidied up the alter_context client code a bitAndrew Tridgell1-0/+3
- there is no alter_nak or alter_ack packet, its all done in an alter_response - auto-allocated the contex_ids - tried to fix up the dcom code to work again with alter_context. Jelmer, please take a look :) (This used to be commit dd1c54add8884376601f2f8a56c01bfb8add030c)
2007-10-10r4616: the first phase in the addition of proper support forAndrew Tridgell1-21/+32
dcerpc_alter_context and multiple context_ids in the dcerpc client library. This stage does the following: - split "struct dcerpc_pipe" into two parts, the main part being "struct dcerpc_connection", which contains all the parts not dependent on the context, and "struct dcerpc_pipe" which has the context dependent part. This is similar to the layering in libcli_*() for SMB - disable the current dcerpc_alter code. I've used a #warning until i get the 2nd phase finished. I don't know how portable #warning is, but it won't be long before I add full alter context support anyway, so it won't last long - cleanup the allocation of dcerpc_pipe structures. The previous code was quite awkward. (This used to be commit 4004c69937be7e5dae56f9567ca607f982d395d3)
2007-10-10r4086: - make dcerpc_ndr_request_table_send() the default and rename it to justStefan Metzmacher1-4/+3
dcerpc_ndr_request_send() - this allows us to call dcerpc_log_packet() when we receive a packet we can't parse correctly metze (This used to be commit a7a6cea112a180a28188997ca99f30d8dd286bb8)
2007-10-10r3790: use a registration function that is called from dcerpc_*_init functionsJelmer Vernooij1-0/+8
rather then a large table in librpc/gen_ndr/tables.c. This will allow us to only link in only the required gen_ndr files (speeds up linking quite a bit, makes binaries smaller). Each gen_ndr_* file now has a init function that calls the init functions of the interfaces it contains. I did it this way to keep pidl's code simple, though it might hurt startup time a bit. I'd be happy to change it if people like one function better. (This used to be commit 3c436590ae95b58ad6d00e72d6fdd08a4d80f208)
2007-10-10r3412: Add NCACN_SPX and NCADG_IPX transportsJelmer Vernooij1-1/+1
(This used to be commit ff2f2b4273ce9a49599b385d32fbbd5e8f0d4c23)
2007-10-10r3167: Add a member 'endpoint' to the dcerpc_binding struct to use instead ofJelmer Vernooij1-0/+1
options[0]. (This used to be commit 18582083af800abd3d8de40eb73255c8ae6598dd)
2007-10-10r3157: Add ncacn_httpJelmer Vernooij1-1/+2
(This used to be commit a0c4138edf919ee0c4b236f201c09fc4deb2cc09)
2007-10-10r3136: - Allow specifying socket type when adding smbd serviceJelmer Vernooij1-0/+1
- Make sure a epm_tower struct is completely initialized - Some more minor fixes (This used to be commit d560dcbdb85cb2c6915bdb9e2f82f1872b0f5a52)
2007-10-10r3125: Store object UUID directly instead of using a pointer (struct ↵Jelmer Vernooij1-1/+1
dcerpc_binding) Let test fail if messaging_init() fails instead of generating segfault in the LOCAL-MESSAGING test (This used to be commit 0609f410ef756501d50c04b544387ae547fcd63c)
2007-10-10r3114: - More work on merging the various structs that describe endpointsJelmer Vernooij1-1/+3
- Add protocol sequence to dcerpc transports (will be used later on) - Add more transports to the list (This used to be commit ab110192e6e2c1e5a3b2befe7b61158744f15d18)
2007-10-10r3032: Somewhat stricter syntax for binding strings:Jelmer Vernooij1-0/+1
[] is now mandatory : after the hostname is no longer allowed examples of allowed binding strings: ncacn_np:myhost[samr] ncacn_ip_tcp:10.0.0.1[1045] ncacn_ip_tcp:2001:7b8:37b:1:210:dcff:fecb:a9e3[1024,sign,seal] ncacn_np:myhost ncacn_ip_tcp:192.168.4.2 308FB580-1EB2-11CA-923B-08002B1075A7@ncacn_ip_tcp:192.168.4.2 308FB580-1EB2-11CA-923B-08002B1075A7@ncacn_ip_tcp:192.168.4.2[,print] Note that the last two lines are not recognized by smbtorture as a binding string yet. dcerpc_parse_binding() does accept them though. (This used to be commit c15862e778507287bddef7967383d4b5d22eaee9)
2007-10-10r2614: support CONNECT level DCE/RPC security in both client andAndrew Tridgell1-10/+11
server. CONNECT security uses NTLMSSP, but does not do any signing or sealing (or equivalently, its like signing, but with a zero filled checksum). (This used to be commit f4660857bc708db7f5aa7487bf7ab04bffe68928)
2007-10-10r2284: Thanks to some great detective work by tridge, NTLM2 signing now works.Andrew Bartlett1-2/+3
This means that 'require NTLMv2 session security' now works for RPC pipe signing. We don't yet have sealing, but it can't be much further. This is almost all tridge's code, munged into a form that can work with the GENSEC API. This commit also includes more lsakey fixes - that key is used for all DCE-RPC level authenticated connections, even over CIFS/ncacn_np. No doubt I missed something, but I'm going to get some sleep :-) Andrew Bartlett (This used to be commit a1fe175eec884280fb7e9ca8f528134cf4600beb)
2007-10-10r2266: yay! LSA session keys on TCP now work!Andrew Tridgell1-0/+3
(This used to be commit f6ea24296acaaadcd2d59740bc88ef1a93fb1c28)
2007-10-10r2234: Tridge, this is a patch to allow people to set the REF_ALLOC flag onTim Potter1-0/+3
a dcerpc_pipe structure as we discussed this morning. (This used to be commit 79969dc8daf5fdaacd26135a200ecec0b4d7663c)
2007-10-10r2185: add a callback function to the dcerpc async APIAndrew Tridgell1-0/+5
also add a demonstration of its use in the netlogon async example (This used to be commit f2a0438c66b999189c1a2ad726e91efd0748eb90)
2007-10-10r2180: added RPC flags "padcheck" which enables checking of all received padAndrew Tridgell1-0/+3
bytes to make sure they are zero. Non-zero values usually indicate one of two things: - the server is leaking data through sending uninitialised memory - we have mistaken a real field in the IDL for padding to differentiate between the two you really need to run with "print,padcheck" and look carefully at whether the non-zero pad bytes are random or appear to be deliberate. (This used to be commit 7fdb778f81f14aaab75ab204431e4342a462957a)
2007-10-10r2103: in the conversion to async rpc I simplified the smb backend to onlyAndrew Tridgell1-1/+1
use readx/writex instead of the more efficient SMBtrans calls. This patch restores the efficiency by using SMBtrans when possible. (This used to be commit 83fbe080e7fcdf4168d85f654b802dc4538b8984)