summaryrefslogtreecommitdiff
path: root/source4/librpc/rpc/dcerpc_smb.c
AgeCommit message (Collapse)AuthorFilesLines
2007-10-10r14714: On DCE/RPC, we need the name of the remote server used on the socket,Andrew Bartlett1-9/+19
for Kerberos. It must be the full name contacted, not the 'called name' we might want to use for \\server things, so add another function. Andrew Bartlett (This used to be commit 6d57d1dbb76e7d1ca2fd4f1a6c0bacfa7a189e2b)
2007-10-10r14542: Remove librpc, libndr and libnbt from includes.hJelmer Vernooij1-0/+1
(This used to be commit 51b4270513752d2eafbe77f9de598de16ef84a1f)
2007-10-10r14256: - rename smb_file -> smb_handleStefan Metzmacher1-4/+4
- move it into the in/out substructs again - allow file.path only on smb_fileinfo/smb_setfileinfo metze (This used to be commit be6d5298a2cdb7e7c61d70471bad445645af5963)
2007-10-10r14208: removed use of req->flags2 inside the ntvfs layer. This should helpAndrew Tridgell1-0/+1
metze on his quest to unify the ntvfs strucures for the smb and smb2 servers. The only place we needed flags2 inside ntvfs was for the FLAGS2_READ_PERMIT_EXECUTE bit, which only affects readx, so I added a readx.in.read_for_execute flag instead. (This used to be commit b78abbbce60ab0009da19a72dd769800c44298a2)
2007-10-10r14173: change smb interface structures to always useStefan Metzmacher1-4/+4
a union smb_file, to abtract - const char *path fot qpathinfo and setpathinfo - uint16_t fnum for SMB - smb2_handle handle for SMB2 the idea is to later add a struct ntvfs_handle *ntvfs so that the ntvfs subsystem don't need to know the difference between SMB and SMB2 metze (This used to be commit 2ef3f5970901b5accdb50f0d0115b5d46b0c788f)
2007-10-10r13210: Revert my named pipes patch until it passes not just 'make ↵Jelmer Vernooij1-1/+1
quicktest' but also 'make test' (This used to be commit e3d0676aee84e96e5c87bed4cd0cde75a4191953)
2007-10-10r13208: Clearly separate named pipes from the IPC$ NTVFS type.Jelmer Vernooij1-1/+1
This allows the easy addition of additional named pipes and removes the circular dependencies between the CIFS, RPC and RAP servers. Simple tests for a custom named pipe included. (This used to be commit 898d15acbd18e3b302a856c847e08c22c5024792)
2007-10-10r12608: Remove some unused #include lines.Jelmer Vernooij1-1/+0
(This used to be commit 70e7449318aa0e9d2639c76730a7d1683b2f4981)
2007-10-10r11824: fixed a valgrind error in the dcerpc_smb codeAndrew Tridgell1-1/+2
(This used to be commit 128b5ea7b369df6e7433609a24128f8bf623c4fe)
2007-10-10r11515: Add some talloc_get_typeVolker Lendecke1-2/+2
(This used to be commit 558c29971d5855308a9d8dfd21e8ac7ec24abc01)
2007-10-10r10699: fixed the dcerpc code so that you can shutdown the pipe safely fromAndrew Tridgell1-4/+15
within a callback on the pipe. This should fix a problem volker encountered with winbind. The fix invoolves making the recv_data handler free the memory for a packet, instead of having the transport layer free it after calling recv_data. When the transport layer freed it, it had no way of knowing if the callback had shutdown the pipe, so it had no way of knowing if it could safely use the pointer. Also changed the pipe shutdown hook for the smb transport to use an async SMB close. This ensures that when you shutdown the pipe, you don't block waiting for the server to ack the close of the pipe fnum. (This used to be commit c87d7f580e39245db181605f50883de07dd9632e)
2007-10-10r10683: Samba3's wbinfo -t should give the correct answer now.Volker Lendecke1-1/+1
Tridge, if you have time, you might want to look at the segfault I was still seeing. Now I store the handle to the netlogon pipe in the global winbind state and free it on the next entry into check_machacc. The problem seems to be that talloc_free()ing a pipe struct from within a callback function on that pipe is not possible. I think I can live with that, but it has been not really obvious. To reproduce the segfault you might want to look at putting a talloc_free(state->getcreds->out.netlogon) into wbsrv_samba3_check_machacc_receive_creds. This is called from a dcerpc callback function. In particular if the check failed it would be nice if I could delete the pipe directly and not post a different event to some winbind queue. I tried to delete the pipe from a timed event triggered immediately, but this also fails because the inner loop seems to hit the same event again, calling it twice. Volker (This used to be commit 5436d7764812bb632ba865e633005ed07923b57f)
2007-10-10r10681: Convert dcerpc_open_smb to a composite function.Volker Lendecke1-42/+113
Volker (This used to be commit 42ff218ac98fab00bd58c4f50f11843ef32b4698)
2007-10-10r8520: fixed a pile of warnings from the build farm gcc -Wall output onAndrew Tridgell1-1/+1
S390. This is an attempt to avoid the panic we're seeing in the automatic builds. The main fixes are: - assumptions that sizeof(size_t) == sizeof(int), mostly in printf formats - use of NULL format statements to perform dn searches. - assumption that sizeof() returns an int (This used to be commit a58ea6b3854973b694d2b1e22323ed7eb00e3a3f)
2007-10-10r7932: don't use the nbt called name as server name, for dcerpc_server_name()Stefan Metzmacher1-9/+8
in the ncacn_np trnaport it's now supported to use the ip address in smbtorture for ncacn_np tests that use dcerpc_server_name(), and we can now pass the dns host name in the tree connect when we have the dns name on the smbtorture command line metze (This used to be commit e29edbc7e62c738564ae842c9c01c969f5c70e5d)
2007-10-10r7658: don't timeout at the smb level for rpc requests as otherwise some rpcAndrew Tridgell1-0/+4
level sign/seal mechanisms can break (This used to be commit 9df569f023f9a1e0d8c35de8135a344933bc69bf)
2007-10-10r7633: this patch started as an attempt to make the dcerpc code use a givenAndrew Tridgell1-13/+0
event_context for the socket_connect() call, so that when things that use dcerpc are running alongside anything else it doesn't block the whole process during a connect. Then of course I needed to change any code that created a dcerpc connection (such as the auth code) to also take an event context, and anything that called that and so on .... thus the size of the patch. There were 3 places where I punted: - abartlet wanted me to add a gensec_set_event_context() call instead of adding it to the gensec init calls. Andrew, my apologies for not doing this. I didn't do it as adding a new parameter allowed me to catch all the callers with the compiler. Now that its done, we could go back and use gensec_set_event_context() - the ejs code calls auth initialisation, which means it should pass in the event context from the web server. I punted on that. Needs fixing. - I used a NULL event context in dcom_get_pipe(). This is equivalent to what we did already, but should be fixed to use a callers event context. Jelmer, can you think of a clean way to do that? I also cleaned up a couple of things: - libnet_context_destroy() makes no sense. I removed it. - removed some unused vars in various places (This used to be commit 3a3025485bdb8f600ab528c0b4b4eef0c65e3fc9)
2007-10-10r5902: A rather large change...Andrew Bartlett1-1/+15
I wanted to add a simple 'workstation' argument to the DCERPC authenticated binding calls, but this patch kind of grew from there. With SCHANNEL, the 'workstation' name (the netbios name of the client) matters, as this is what ties the session between the NETLOGON ops and the SCHANNEL bind. This changes a lot of files, and these will again be changed when jelmer does the credentials work. I also correct some schannel IDL to distinguish between workstation names and account names. The distinction matters for domain trust accounts. Issues in handling this (issues with lifetime of talloc pointers) caused me to change the 'creds_CredentialsState' and 'struct dcerpc_binding' pointers to always be talloc()ed pointers. In the schannel DB, we now store both the domain and computername, and query on both. This should ensure we fault correctly when the domain is specified incorrectly in the SCHANNEL bind. In the RPC-SCHANNEL test, I finally fixed a bug that vl pointed out, where the comment claimed we re-used a connection, but in fact we made a new connection. This was achived by breaking apart some of the dcerpc_secondary_connection() logic. The addition of workstation handling was also propogated to NTLMSSP and GENSEC, for completeness. The RPC-SAMSYNC test has been cleaned up a little, using a loop over usernames/passwords rather than manually expanded tests. This will be expanded further (the code in #if 0 in this patch) to use a newly created user account for testing. In making this test pass test_rpc.sh, I found a bug in the RPC-ECHO server, caused by the removal of [ref] and the assoicated pointer from the IDL. This has been re-added, until the underlying pidl issues are solved. (This used to be commit 824289dcc20908ddec957a4a892a103eec2da9b9)
2007-10-10r5137: fix typesStefan Metzmacher1-1/+1
metze (This used to be commit add1c579375d08040f722946da31ee3862f9e7ac)
2007-10-10r5037: got rid of all of the TALLOC_DEPRECATED stuff. My apologies for theAndrew Tridgell1-5/+5
large commit. I thought this was worthwhile to get done for consistency. (This used to be commit ec32b22ed5ec224f6324f5e069d15e92e38e15c0)
2007-10-10r4757: added the ability of the clisocket level of libcli to handle asyncAndrew Tridgell1-1/+1
socket connections. This was complicated by a few factors: - it meant moving the event context from clitransport to clisocket, so lots of structures changed - we need to asynchronously handle connection to lists of port numbers, not just one port number. The code internally tries each port in the list in turn, without ever blocking - the man page on how connect() is supposed to work asynchronously doesn't work in practice (now why doesn't this surprise me?). The getsockopt() for SOL_ERROR is supposed to retrieve the error, but in fact the next (unrelated) connect() call on the same socket also gets an error, though not the right error. To work around this I need to tear down the whole socket between each attempted port. I hate posix. Note that clisocket.c still does a blocking name resolution call in smbcli_sock_connect_byname(). That will be fixed when we add the async NBT resolution code. Also note that I arranged things so that every SMB connection is now async internally, so using plain smbclient or smbtorture tests all the async features of this new code. (This used to be commit 468f8ebbfdbdf37c757fdc4863626aa9946a8870)
2007-10-10r4616: the first phase in the addition of proper support forAndrew Tridgell1-64/+59
dcerpc_alter_context and multiple context_ids in the dcerpc client library. This stage does the following: - split "struct dcerpc_pipe" into two parts, the main part being "struct dcerpc_connection", which contains all the parts not dependent on the context, and "struct dcerpc_pipe" which has the context dependent part. This is similar to the layering in libcli_*() for SMB - disable the current dcerpc_alter code. I've used a #warning until i get the 2nd phase finished. I don't know how portable #warning is, but it won't be long before I add full alter context support anyway, so it won't last long - cleanup the allocation of dcerpc_pipe structures. The previous code was quite awkward. (This used to be commit 4004c69937be7e5dae56f9567ca607f982d395d3)
2007-10-10r4591: - converted the other _p talloc functions to not need _pAndrew Tridgell1-1/+1
- added #if TALLOC_DEPRECATED around the _p functions - fixes the code that broke from the above while doing this I fixed quite a number of places that were incorrectly using the non type-safe talloc functions to use the type safe ones. Some were even doing multiplies for array allocation, which is potentially unsafe. (This used to be commit 6e7754abd0c225527fb38363996a6e241b87b37e)
2007-10-10r4011: get rid of rpc_secdes.h and replace it with a single sane set ofAndrew Tridgell1-5/+6
definitions for security access masks, in security.idl The previous definitions were inconsistently named, and contained many duplicate and misleading entries. I kept finding myself tripping up while using them. (This used to be commit 01c0fa722f80ceeb3f81f01987de95f365a2ed3d)
2007-10-10r3419: moved the libcli/raw structures into libcli/raw/libcliraw.hAndrew Tridgell1-0/+1
and made them private (This used to be commit 386ac565c452ede1d74e06acb401ca9db99d3ff3)
2007-10-10r3383: avoid multi-part SMBtrans and SMBtrans2 replies until our client ↵Andrew Tridgell1-1/+1
library can handle them properly (they are difficult to do in an async fashion). By choosing trans.in.max_data to fix in the negotiated buffer size a server won't send us multi-part replies. I notice that windows seems to avoid them too :) (This used to be commit e23edf762cace35f937959c9ffbef718431a79b9)
2007-10-10r3322: fixed a bunch of warnings in the build, including one case where it ↵Andrew Tridgell1-1/+1
was a real bug (This used to be commit 02d5d0f685e44bd66aff4a007f0bf34c8f915574)
2007-10-10r3043: Use binding strings for specifying endpoints. The property forJelmer Vernooij1-9/+2
specifying a endpoint is now also 'endpoint' instead of 'endpoints'. The default endpoint (if none is specified) is still "ncacn_np:[\\pipe\\ifacename]", where ifacename is the name of the interface. Examples: [ uuid(60a15ec5-4de8-11d7-a637-005056a20182), endpoint("ncacn_np:[\\pipe\\rpcecho]", "ncacn_ip_tcp:") ] interface rpcecho { void dummy(); } dcerpc_binding is now converted to ep_description in the server, but I hope to completely eliminate ep_description later on. The eventual goal of all these changes is to make it easier to add transports as I'm going to add support for ncalrpc (local RPC over named pipes) and ncacn_unix_stream (Unix sockets). (This used to be commit f3da7c8b443a29b0c656c687a277384ae1353792)
2007-10-10r2710: continue with the new style of providing a parent context wheneverAndrew Tridgell1-1/+2
possible to a structure creation routine. This makes for much easier global cleanup. (This used to be commit e14ee428ec357fab76a960387a9820a673786e27)
2007-10-10r2680: switched the libcli/raw/ code over to use talloc_reference(), which ↵Andrew Tridgell1-15/+7
simplifies things quite a bit (This used to be commit c82a9cf750829c4f6982ca3133295c8599023c4e)
2007-10-10r2671: we're getting too many errors caused by the talloc_realloc() API notAndrew Tridgell1-1/+1
taking a context (so when you pass a NULL pointer you end up with memory in a top level context). Fixed it by changing the API to take a context. The context is only used if the pointer you are reallocing is NULL. (This used to be commit 8dc23821c9f54b2f13049b5e608a0cafb81aa540)
2007-10-10r2660: - converted the libcli/raw/ library to use talloc_increase_ref_count()Andrew Tridgell1-2/+2
rather than manual reference counts - properly support SMBexit in the cifs and posix backends - added a logoff method to all backends With these changes the RAW-CONTEXT test now passes against the posix backend (This used to be commit c315d6ac1cc40546fde1474702a6d66d07ee13c8)
2007-10-10r2628: got rid of some warnings and converted a few more places to use ↵Andrew Tridgell1-1/+1
hierarchical memory allocation (This used to be commit 26da45a8019a2d6c9ff2ac2a6739c7d0b42b00de)
2007-10-10r2287: Add static.Andrew Bartlett1-1/+1
Andrew Bartlett (This used to be commit 49171e420337136d3e66300f99fa1885051e5b61)
2007-10-10r2284: Thanks to some great detective work by tridge, NTLM2 signing now works.Andrew Bartlett1-2/+3
This means that 'require NTLMv2 session security' now works for RPC pipe signing. We don't yet have sealing, but it can't be much further. This is almost all tridge's code, munged into a form that can work with the GENSEC API. This commit also includes more lsakey fixes - that key is used for all DCE-RPC level authenticated connections, even over CIFS/ncacn_np. No doubt I missed something, but I'm going to get some sleep :-) Andrew Bartlett (This used to be commit a1fe175eec884280fb7e9ca8f528134cf4600beb)
2007-10-10r2266: yay! LSA session keys on TCP now work!Andrew Tridgell1-0/+16
(This used to be commit f6ea24296acaaadcd2d59740bc88ef1a93fb1c28)
2007-10-10r2247: talloc_destroy -> talloc_freeTim Potter1-1/+1
(This used to be commit 6c1a72c5d667245b1eec94f58e68acd22dd720ce)
2007-10-10r2103: in the conversion to async rpc I simplified the smb backend to onlyAndrew Tridgell1-20/+128
use readx/writex instead of the more efficient SMBtrans calls. This patch restores the efficiency by using SMBtrans when possible. (This used to be commit 83fbe080e7fcdf4168d85f654b802dc4538b8984)
2007-10-10r2100: rework the dcerpc client side library so that it is async. We nowAndrew Tridgell1-184/+130
generate a separate *_send() async function for every RPC call, and there is a single dcerpc_ndr_request_recv() call that processes the receive side of any rpc call. The caller can use dcerpc_event_context() to get a pointer to the event context for the pipe so that events can be waited for asynchronously. The only part that remains synchronous is the initial bind calls. These could also be made async if necessary, although I suspect most applications won't need them to be. (This used to be commit f5d004d8eb8c76c03342cace1976b27266cfa1f0)
2007-10-10r1983: a completely new implementation of tallocAndrew Tridgell1-2/+2
This version does the following: 1) talloc_free(), talloc_realloc() and talloc_steal() lose their (redundent) first arguments 2) you can use _any_ talloc pointer as a talloc context to allocate more memory. This allows you to create complex data structures where the top level structure is the logical parent of the next level down, and those are the parents of the level below that. Then destroy either the lot with a single talloc_free() or destroy any sub-part with a talloc_free() of that part 3) you can name any pointer. Use talloc_named() which is just like talloc() but takes the printf style name argument as well as the parent context and the size. The whole thing ends up being a very simple piece of code, although some of the pointer walking gets hairy. So far, I'm just using the new talloc() like the old one. The next step is to actually take advantage of the new interface properly. Expect some new commits soon that simplify some common coding styles in samba4 by using the new talloc(). (This used to be commit e35bb094c52e550b3105dd1638d8d90de71d854f)
2007-10-10r1654: rename cli_ -> smbcli_Stefan Metzmacher1-8/+8
rename CLI_ -> SMBCLI_ metze (This used to be commit 8441750fd9427dd6fe477f27e603821b4026f038)
2007-10-10r889: convert samba4 to use [u]int16_t instead of [u]int16Stefan Metzmacher1-3/+3
metze (This used to be commit af6f1f8a01bebbecd99bc8c066519e89966e65e3)
2007-10-10r884: convert samba4 to use [u]int32_t instead of [u]int32Stefan Metzmacher1-3/+3
metze (This used to be commit 0e5517d937a2eb7cf707991d1c7498c1ab456095)
2007-10-10r335: added much better handling of servers that die unexpectedly during aAndrew Tridgell1-0/+1
request (a dead socket). I discovered this when testing against Sun's PC-NetLink. cleaned up the naming of some of the samr requests add IDL and test code for samr_QueryGroupMember(), samr_SetMemberAttributesOfGroup() and samr_Shutdown(). (actually, I didn't leave the samr_Shutdown() test in, as its fatal to windows servers due to doing exactly what it says it does). (This used to be commit 925bc2622c105dee4ffff809c6c35cd209a839f8)
2004-02-10- modified the dcerpc client security code to be generic, so ntlmsspAndrew Tridgell1-1/+0
and schannel are both instances of possible security modules - added schannel sign and sign/seal support to the dcerpc client code. You select it with binding options of "schannel,sign" or "schannel,seal". (This used to be commit 05db0b9d942cad8f1dd574dc35b759e5e79d4195)
2004-02-03make more function static, they are still available via the function pointersStefan Metzmacher1-1/+1
metze (This used to be commit 4597643e76a34397cd2344a91d7045163ea7a942)
2004-01-20added code to the RPC-SPOOLSS test that demonstrates that policyAndrew Tridgell1-0/+15
handles are not shared between open dcerpc connections, even when those connections are on the same SMB socket. I have tested this with w2k3, w2k and NT4. It seems that policy handles have a strict scope of the dcerpc connection on which they were opened. I realise that this goes against existing folk-law in the team, but it seems that the previous testing (I'm not sure who did this?) was wrong. Perhaps clients do send us policy handles from other connections, but if they do then the correct thing to do is to fail the operation with a dcerpc fault. I suspect that failing it with exactly the right dcerpc fault code is important. (This used to be commit 2ed24d29bafd9055d5782acdd595cd0f378a651a)
2003-12-16a fairly large commit!Andrew Tridgell1-2/+2
This adds support for bigendian rpc in the client. I have installed SUN pcnetlink locally and am using it to test the samba4 rpc code. This allows us to easily find places where we have stuffed up the types (such as 2 uint16 versus a uint32), as testing both big-endian and little-endian easily shows which is correct. I have now used this to fix several bugs like that in the samba4 IDL. In order to make this work I also had to redefine a GUID as a true structure, not a blob. From the pcnetlink wire it is clear that it is indeed defined as a structure (the byte order changes). This required changing lots of Samba code to use a GUID as a structure. I also had to fix the if_version code in dcerpc syntax IDs, as it turns out they are a single uint32 not two uint16s. The big-endian support is a bit ugly at the moment, and breaks the layering in some places. More work is needed, especially on the server side. (This used to be commit bb1af644a5a7b188290ce36232f255da0e5d66d2)
2003-12-11the next step in the dcerpc server code. Added the link between theAndrew Tridgell1-1/+1
IPC IO routines and the dcerpc endpoint servers. (This used to be commit 4929c53bc8dddda8a763fdfbcf81a79776d01113)
2003-12-10the rest of the initial rpc server side infrastructureAndrew Tridgell1-1/+1
(This used to be commit 5fb01b0ec0321724c25669151ea7c20e6ec182d0)