summaryrefslogtreecommitdiff
path: root/source4/librpc/rpc/dcerpc_smb.c
AgeCommit message (Collapse)AuthorFilesLines
2007-10-10r7932: don't use the nbt called name as server name, for dcerpc_server_name()Stefan Metzmacher1-9/+8
in the ncacn_np trnaport it's now supported to use the ip address in smbtorture for ncacn_np tests that use dcerpc_server_name(), and we can now pass the dns host name in the tree connect when we have the dns name on the smbtorture command line metze (This used to be commit e29edbc7e62c738564ae842c9c01c969f5c70e5d)
2007-10-10r7658: don't timeout at the smb level for rpc requests as otherwise some rpcAndrew Tridgell1-0/+4
level sign/seal mechanisms can break (This used to be commit 9df569f023f9a1e0d8c35de8135a344933bc69bf)
2007-10-10r7633: this patch started as an attempt to make the dcerpc code use a givenAndrew Tridgell1-13/+0
event_context for the socket_connect() call, so that when things that use dcerpc are running alongside anything else it doesn't block the whole process during a connect. Then of course I needed to change any code that created a dcerpc connection (such as the auth code) to also take an event context, and anything that called that and so on .... thus the size of the patch. There were 3 places where I punted: - abartlet wanted me to add a gensec_set_event_context() call instead of adding it to the gensec init calls. Andrew, my apologies for not doing this. I didn't do it as adding a new parameter allowed me to catch all the callers with the compiler. Now that its done, we could go back and use gensec_set_event_context() - the ejs code calls auth initialisation, which means it should pass in the event context from the web server. I punted on that. Needs fixing. - I used a NULL event context in dcom_get_pipe(). This is equivalent to what we did already, but should be fixed to use a callers event context. Jelmer, can you think of a clean way to do that? I also cleaned up a couple of things: - libnet_context_destroy() makes no sense. I removed it. - removed some unused vars in various places (This used to be commit 3a3025485bdb8f600ab528c0b4b4eef0c65e3fc9)
2007-10-10r5902: A rather large change...Andrew Bartlett1-1/+15
I wanted to add a simple 'workstation' argument to the DCERPC authenticated binding calls, but this patch kind of grew from there. With SCHANNEL, the 'workstation' name (the netbios name of the client) matters, as this is what ties the session between the NETLOGON ops and the SCHANNEL bind. This changes a lot of files, and these will again be changed when jelmer does the credentials work. I also correct some schannel IDL to distinguish between workstation names and account names. The distinction matters for domain trust accounts. Issues in handling this (issues with lifetime of talloc pointers) caused me to change the 'creds_CredentialsState' and 'struct dcerpc_binding' pointers to always be talloc()ed pointers. In the schannel DB, we now store both the domain and computername, and query on both. This should ensure we fault correctly when the domain is specified incorrectly in the SCHANNEL bind. In the RPC-SCHANNEL test, I finally fixed a bug that vl pointed out, where the comment claimed we re-used a connection, but in fact we made a new connection. This was achived by breaking apart some of the dcerpc_secondary_connection() logic. The addition of workstation handling was also propogated to NTLMSSP and GENSEC, for completeness. The RPC-SAMSYNC test has been cleaned up a little, using a loop over usernames/passwords rather than manually expanded tests. This will be expanded further (the code in #if 0 in this patch) to use a newly created user account for testing. In making this test pass test_rpc.sh, I found a bug in the RPC-ECHO server, caused by the removal of [ref] and the assoicated pointer from the IDL. This has been re-added, until the underlying pidl issues are solved. (This used to be commit 824289dcc20908ddec957a4a892a103eec2da9b9)
2007-10-10r5137: fix typesStefan Metzmacher1-1/+1
metze (This used to be commit add1c579375d08040f722946da31ee3862f9e7ac)
2007-10-10r5037: got rid of all of the TALLOC_DEPRECATED stuff. My apologies for theAndrew Tridgell1-5/+5
large commit. I thought this was worthwhile to get done for consistency. (This used to be commit ec32b22ed5ec224f6324f5e069d15e92e38e15c0)
2007-10-10r4757: added the ability of the clisocket level of libcli to handle asyncAndrew Tridgell1-1/+1
socket connections. This was complicated by a few factors: - it meant moving the event context from clitransport to clisocket, so lots of structures changed - we need to asynchronously handle connection to lists of port numbers, not just one port number. The code internally tries each port in the list in turn, without ever blocking - the man page on how connect() is supposed to work asynchronously doesn't work in practice (now why doesn't this surprise me?). The getsockopt() for SOL_ERROR is supposed to retrieve the error, but in fact the next (unrelated) connect() call on the same socket also gets an error, though not the right error. To work around this I need to tear down the whole socket between each attempted port. I hate posix. Note that clisocket.c still does a blocking name resolution call in smbcli_sock_connect_byname(). That will be fixed when we add the async NBT resolution code. Also note that I arranged things so that every SMB connection is now async internally, so using plain smbclient or smbtorture tests all the async features of this new code. (This used to be commit 468f8ebbfdbdf37c757fdc4863626aa9946a8870)
2007-10-10r4616: the first phase in the addition of proper support forAndrew Tridgell1-64/+59
dcerpc_alter_context and multiple context_ids in the dcerpc client library. This stage does the following: - split "struct dcerpc_pipe" into two parts, the main part being "struct dcerpc_connection", which contains all the parts not dependent on the context, and "struct dcerpc_pipe" which has the context dependent part. This is similar to the layering in libcli_*() for SMB - disable the current dcerpc_alter code. I've used a #warning until i get the 2nd phase finished. I don't know how portable #warning is, but it won't be long before I add full alter context support anyway, so it won't last long - cleanup the allocation of dcerpc_pipe structures. The previous code was quite awkward. (This used to be commit 4004c69937be7e5dae56f9567ca607f982d395d3)
2007-10-10r4591: - converted the other _p talloc functions to not need _pAndrew Tridgell1-1/+1
- added #if TALLOC_DEPRECATED around the _p functions - fixes the code that broke from the above while doing this I fixed quite a number of places that were incorrectly using the non type-safe talloc functions to use the type safe ones. Some were even doing multiplies for array allocation, which is potentially unsafe. (This used to be commit 6e7754abd0c225527fb38363996a6e241b87b37e)
2007-10-10r4011: get rid of rpc_secdes.h and replace it with a single sane set ofAndrew Tridgell1-5/+6
definitions for security access masks, in security.idl The previous definitions were inconsistently named, and contained many duplicate and misleading entries. I kept finding myself tripping up while using them. (This used to be commit 01c0fa722f80ceeb3f81f01987de95f365a2ed3d)
2007-10-10r3419: moved the libcli/raw structures into libcli/raw/libcliraw.hAndrew Tridgell1-0/+1
and made them private (This used to be commit 386ac565c452ede1d74e06acb401ca9db99d3ff3)
2007-10-10r3383: avoid multi-part SMBtrans and SMBtrans2 replies until our client ↵Andrew Tridgell1-1/+1
library can handle them properly (they are difficult to do in an async fashion). By choosing trans.in.max_data to fix in the negotiated buffer size a server won't send us multi-part replies. I notice that windows seems to avoid them too :) (This used to be commit e23edf762cace35f937959c9ffbef718431a79b9)
2007-10-10r3322: fixed a bunch of warnings in the build, including one case where it ↵Andrew Tridgell1-1/+1
was a real bug (This used to be commit 02d5d0f685e44bd66aff4a007f0bf34c8f915574)
2007-10-10r3043: Use binding strings for specifying endpoints. The property forJelmer Vernooij1-9/+2
specifying a endpoint is now also 'endpoint' instead of 'endpoints'. The default endpoint (if none is specified) is still "ncacn_np:[\\pipe\\ifacename]", where ifacename is the name of the interface. Examples: [ uuid(60a15ec5-4de8-11d7-a637-005056a20182), endpoint("ncacn_np:[\\pipe\\rpcecho]", "ncacn_ip_tcp:") ] interface rpcecho { void dummy(); } dcerpc_binding is now converted to ep_description in the server, but I hope to completely eliminate ep_description later on. The eventual goal of all these changes is to make it easier to add transports as I'm going to add support for ncalrpc (local RPC over named pipes) and ncacn_unix_stream (Unix sockets). (This used to be commit f3da7c8b443a29b0c656c687a277384ae1353792)
2007-10-10r2710: continue with the new style of providing a parent context wheneverAndrew Tridgell1-1/+2
possible to a structure creation routine. This makes for much easier global cleanup. (This used to be commit e14ee428ec357fab76a960387a9820a673786e27)
2007-10-10r2680: switched the libcli/raw/ code over to use talloc_reference(), which ↵Andrew Tridgell1-15/+7
simplifies things quite a bit (This used to be commit c82a9cf750829c4f6982ca3133295c8599023c4e)
2007-10-10r2671: we're getting too many errors caused by the talloc_realloc() API notAndrew Tridgell1-1/+1
taking a context (so when you pass a NULL pointer you end up with memory in a top level context). Fixed it by changing the API to take a context. The context is only used if the pointer you are reallocing is NULL. (This used to be commit 8dc23821c9f54b2f13049b5e608a0cafb81aa540)
2007-10-10r2660: - converted the libcli/raw/ library to use talloc_increase_ref_count()Andrew Tridgell1-2/+2
rather than manual reference counts - properly support SMBexit in the cifs and posix backends - added a logoff method to all backends With these changes the RAW-CONTEXT test now passes against the posix backend (This used to be commit c315d6ac1cc40546fde1474702a6d66d07ee13c8)
2007-10-10r2628: got rid of some warnings and converted a few more places to use ↵Andrew Tridgell1-1/+1
hierarchical memory allocation (This used to be commit 26da45a8019a2d6c9ff2ac2a6739c7d0b42b00de)
2007-10-10r2287: Add static.Andrew Bartlett1-1/+1
Andrew Bartlett (This used to be commit 49171e420337136d3e66300f99fa1885051e5b61)
2007-10-10r2284: Thanks to some great detective work by tridge, NTLM2 signing now works.Andrew Bartlett1-2/+3
This means that 'require NTLMv2 session security' now works for RPC pipe signing. We don't yet have sealing, but it can't be much further. This is almost all tridge's code, munged into a form that can work with the GENSEC API. This commit also includes more lsakey fixes - that key is used for all DCE-RPC level authenticated connections, even over CIFS/ncacn_np. No doubt I missed something, but I'm going to get some sleep :-) Andrew Bartlett (This used to be commit a1fe175eec884280fb7e9ca8f528134cf4600beb)
2007-10-10r2266: yay! LSA session keys on TCP now work!Andrew Tridgell1-0/+16
(This used to be commit f6ea24296acaaadcd2d59740bc88ef1a93fb1c28)
2007-10-10r2247: talloc_destroy -> talloc_freeTim Potter1-1/+1
(This used to be commit 6c1a72c5d667245b1eec94f58e68acd22dd720ce)
2007-10-10r2103: in the conversion to async rpc I simplified the smb backend to onlyAndrew Tridgell1-20/+128
use readx/writex instead of the more efficient SMBtrans calls. This patch restores the efficiency by using SMBtrans when possible. (This used to be commit 83fbe080e7fcdf4168d85f654b802dc4538b8984)
2007-10-10r2100: rework the dcerpc client side library so that it is async. We nowAndrew Tridgell1-184/+130
generate a separate *_send() async function for every RPC call, and there is a single dcerpc_ndr_request_recv() call that processes the receive side of any rpc call. The caller can use dcerpc_event_context() to get a pointer to the event context for the pipe so that events can be waited for asynchronously. The only part that remains synchronous is the initial bind calls. These could also be made async if necessary, although I suspect most applications won't need them to be. (This used to be commit f5d004d8eb8c76c03342cace1976b27266cfa1f0)
2007-10-10r1983: a completely new implementation of tallocAndrew Tridgell1-2/+2
This version does the following: 1) talloc_free(), talloc_realloc() and talloc_steal() lose their (redundent) first arguments 2) you can use _any_ talloc pointer as a talloc context to allocate more memory. This allows you to create complex data structures where the top level structure is the logical parent of the next level down, and those are the parents of the level below that. Then destroy either the lot with a single talloc_free() or destroy any sub-part with a talloc_free() of that part 3) you can name any pointer. Use talloc_named() which is just like talloc() but takes the printf style name argument as well as the parent context and the size. The whole thing ends up being a very simple piece of code, although some of the pointer walking gets hairy. So far, I'm just using the new talloc() like the old one. The next step is to actually take advantage of the new interface properly. Expect some new commits soon that simplify some common coding styles in samba4 by using the new talloc(). (This used to be commit e35bb094c52e550b3105dd1638d8d90de71d854f)
2007-10-10r1654: rename cli_ -> smbcli_Stefan Metzmacher1-8/+8
rename CLI_ -> SMBCLI_ metze (This used to be commit 8441750fd9427dd6fe477f27e603821b4026f038)
2007-10-10r889: convert samba4 to use [u]int16_t instead of [u]int16Stefan Metzmacher1-3/+3
metze (This used to be commit af6f1f8a01bebbecd99bc8c066519e89966e65e3)
2007-10-10r884: convert samba4 to use [u]int32_t instead of [u]int32Stefan Metzmacher1-3/+3
metze (This used to be commit 0e5517d937a2eb7cf707991d1c7498c1ab456095)
2007-10-10r335: added much better handling of servers that die unexpectedly during aAndrew Tridgell1-0/+1
request (a dead socket). I discovered this when testing against Sun's PC-NetLink. cleaned up the naming of some of the samr requests add IDL and test code for samr_QueryGroupMember(), samr_SetMemberAttributesOfGroup() and samr_Shutdown(). (actually, I didn't leave the samr_Shutdown() test in, as its fatal to windows servers due to doing exactly what it says it does). (This used to be commit 925bc2622c105dee4ffff809c6c35cd209a839f8)
2004-02-10- modified the dcerpc client security code to be generic, so ntlmsspAndrew Tridgell1-1/+0
and schannel are both instances of possible security modules - added schannel sign and sign/seal support to the dcerpc client code. You select it with binding options of "schannel,sign" or "schannel,seal". (This used to be commit 05db0b9d942cad8f1dd574dc35b759e5e79d4195)
2004-02-03make more function static, they are still available via the function pointersStefan Metzmacher1-1/+1
metze (This used to be commit 4597643e76a34397cd2344a91d7045163ea7a942)
2004-01-20added code to the RPC-SPOOLSS test that demonstrates that policyAndrew Tridgell1-0/+15
handles are not shared between open dcerpc connections, even when those connections are on the same SMB socket. I have tested this with w2k3, w2k and NT4. It seems that policy handles have a strict scope of the dcerpc connection on which they were opened. I realise that this goes against existing folk-law in the team, but it seems that the previous testing (I'm not sure who did this?) was wrong. Perhaps clients do send us policy handles from other connections, but if they do then the correct thing to do is to fail the operation with a dcerpc fault. I suspect that failing it with exactly the right dcerpc fault code is important. (This used to be commit 2ed24d29bafd9055d5782acdd595cd0f378a651a)
2003-12-16a fairly large commit!Andrew Tridgell1-2/+2
This adds support for bigendian rpc in the client. I have installed SUN pcnetlink locally and am using it to test the samba4 rpc code. This allows us to easily find places where we have stuffed up the types (such as 2 uint16 versus a uint32), as testing both big-endian and little-endian easily shows which is correct. I have now used this to fix several bugs like that in the samba4 IDL. In order to make this work I also had to redefine a GUID as a true structure, not a blob. From the pcnetlink wire it is clear that it is indeed defined as a structure (the byte order changes). This required changing lots of Samba code to use a GUID as a structure. I also had to fix the if_version code in dcerpc syntax IDs, as it turns out they are a single uint32 not two uint16s. The big-endian support is a bit ugly at the moment, and breaks the layering in some places. More work is needed, especially on the server side. (This used to be commit bb1af644a5a7b188290ce36232f255da0e5d66d2)
2003-12-11the next step in the dcerpc server code. Added the link between theAndrew Tridgell1-1/+1
IPC IO routines and the dcerpc endpoint servers. (This used to be commit 4929c53bc8dddda8a763fdfbcf81a79776d01113)
2003-12-10the rest of the initial rpc server side infrastructureAndrew Tridgell1-1/+1
(This used to be commit 5fb01b0ec0321724c25669151ea7c20e6ec182d0)
2003-11-26signed DCERPC over TCP now works !Andrew Tridgell1-10/+1
* moved ntlmssp code into libcli/auth/, and updated to latest ntlmssp code from samba3 (thanks Andrew! the new interface is great) * added signing/ntlmssp support in the dcerpc code * added a dcerpc_auth.c module for the various dcerpc auth mechanisms (This used to be commit c18c9b5585a3e5f7868562820c14f7cb529cdbcd)
2003-11-24initial implementation of dcerpc over tcp. RPC-EPMAPPER works, now toAndrew Tridgell1-3/+4
add epm_Map calls and support the rest of the pipes (This used to be commit 39add481582609ddb9d0b3bae45fde3226ece481)
2003-11-24 * prepared the dcerpc subsystem for adding the RPC over TCP transportAndrew Tridgell1-91/+153
* fixed a uninitialised variable bug in pidl (found by valgrind) (This used to be commit 8bce61b8af6351c72c0dd84dc61b49d8aeb1fbbd)
2003-11-18use the auto-generated UUID, version and name rather than listing themAndrew Tridgell1-2/+5
in the dcerpc core code (This used to be commit 16ffeb7c80bfe7f1bfbfce8c98066e9ddbca7686)
2003-11-06another major bit of restructuring of rpc in Samba4. Mostly movingAndrew Tridgell1-0/+320
files around, but also added the first bits of auto-generated code for the lsa pipe. I haven't updated the Makefile to call pidl yet, so for now the code was cut-and-pasted into librpc/ndr/ndr_lsa.c manually (This used to be commit 6b222d3b6541ee74cf8bf3f0913cd444903ca991)