Age | Commit message (Collapse) | Author | Files | Lines |
|
I'm only fixing the bug I introduced here,
not the rest of the mess in the pipe handling,
as we don't fill in pipe->binding and pipe->conn->binding_str
consistant...
metze
(This used to be commit cec74f352822a767770e9e00e87a94d0e37d80c9)
|
|
also make it possible to pass and get the assoc_group_id for
a pipe.
also make it possible to pass the DCERPC_PFC_FLAG_CONC_MPX flag
in bind requests. From the spec it triggers support for
concurrent multiplexing on a single connection.
w2k3 uses the assoc_group_id feature when it becomes a domain controller
of an existing domain. Know the ugly part, with this it's possible to
use a policy handle from one connection on a different one...
typically the DsBind() call is on the 1st connection while DsGetNCChanges()
call using the first connections bind handle are on the 2nd connection.
The second connection also has the DCERPC_PFC_FLAG_CONC_MPX flag attached,
but that doesn't seem to be related to the cross connection handle usage
Can anyone think of a nice way to implement the assoc_group_id stuff in our server?
metze
(This used to be commit 2d8c85397d9027485ed6dbdcca87cc1ec84c7b76)
|
|
we crashed before trying ncacn_np: for frsrpc
as frsrpc doesn't have a ncacn_np endpoint listed
in the idl header and the endpoint mapping code
was trying our smbcli lib with a
NULL target_hostname -> called_name
metze
(This used to be commit ed49e4b1f87db483768dec36732b0c9765d1d4bc)
|
|
metze
(This used to be commit 1b6621814ba83724e05c0c2bea28d6eb295a3655)
|
|
(This used to be commit 0221d5b6c4250a3a2c86c623c534996d7decb1f6)
|
|
to perform a lookup once, resolve the name to an IP, while still
communicating the full name to the lower layers, for kerberos etc.
This fixes 'net samdump', which was failing due to the schannel target
name being *smbserver.
Andrew Bartlett
(This used to be commit 0546f487f4cc99b5549dc1e457ea243d4bd66333)
|
|
and create an event context explicit
metze
(This used to be commit 02ec14e55390d7e21073d2c41a0c76b128b8b4e9)
|
|
metze
(This used to be commit 60afb466831da7a6946079ef0683cb6bff5edeb9)
|
|
- add some comments
metze
(This used to be commit adb4ba9db2d22277e24fa56bdd781f9628f1a076)
|
|
(This used to be commit c910a3f9c8c657b290bc03a47a6b4cba20f02a55)
|
|
around the mess that is composite functions...
Async might be all the rage, but it's bloody painful to debug.
Andrew Bartlett
(This used to be commit 756e1dad7ce54b83f8170db3434bfcfc4afe7e65)
|
|
handle the NTLMSSP and wrong password fallbacks.
Andrew Bartlett
(This used to be commit dbf51ea985e0b300631e2070e91d4d901c784c44)
|
|
libraries.
This support requires that the bind_ack and alter_ack recv functions
also be send the DCE/RPC fault. This would be best done by having the
ack run as a normal RPC reply callback, but this isn't easily possible
for now.
Andrew Bartlett
(This used to be commit be6dde22fe728d64d47875699d3421c6d8d872a4)
|
|
this isn't supported, fallback to NTLM.
Also, where we get a failure as 'logon failure', try and do a '3
tries' for the password, like we already do for CIFS. (Incomplete:
needs a mapping between RPC errors and the logon failure NTSTATUS).
Because we don't yet support Kerberos sign/seal to win2k3 SP1 for
DCE/RPC, disable this (causing SPNEGO to negotiate NTLM) when kerberos
isn't demanded.
Andrew Bartlett
(This used to be commit b3212d1fb91b26c1d326a289560106dffe1d2e80)
|
|
(This used to be commit 5a8d13c4e67974d198d71823774950483ec42088)
|
|
(This used to be commit a316b33057f3ec8532677980e093cd327d33f257)
|
|
(This used to be commit f7312dab3b9aba2b2b82e8a6e0c483a32a03a63a)
|
|
(This used to be commit 7054ebf0249930843a2baf4d023ae8f62cedb109)
|
|
(This used to be commit 98c4c3051391c6f89df5d133665f51bef66b1563)
|
|
right after allocation.
rafal
(This used to be commit 87b31c51bbd1e8cb3616eb9d7dd2b7fc1a7f9c46)
|
|
rafal
(This used to be commit 9035de56a801f04436777b7faacf2f3b518b6942)
|
|
is passed to dcerpc_epm_map_binding_send.
2) Replace old dcerpc_epm_map_binding with the new function
based on async code, as the above problem is fixed.
rafal
(This used to be commit 85ecb07ab595073dd44c213075d33da07aa19277)
|
|
rafal
(This used to be commit 6b94e81e5a31bb413149d9328746b1fed65c7f3d)
|
|
rafal
(This used to be commit 036d35ff175b26dc1f55e6813f9a014a444d9af4)
|
|
others, probably). Funny thing, it didn't segfault on my laptop
and gcc4...
rafal
(This used to be commit 9e3321130e57daccd9649afc3af581a03655090e)
|
|
rafal
(This used to be commit 93358e7d9e08bb77641c1b9a47448eb0a4dac587)
|
|
asynchronous. Build is ok, and so are the tests.
More comments to follow.
rafal
(This used to be commit a74fb6c5a2f968c56aff8ce39ce2ce9375d19b81)
|
|
rafal
(This used to be commit cedaf08170fddc8e4a3f9e4aea0f2c7f08759061)
|
|
(This used to be commit 06ddac2bb1899937b79e3bf89cb84c750c3ce4c5)
|
|
Now, each rpc interface (named pipe, tcp/ip, lrpc and unix
socket) works asynchronously.
Comments to follow.
rafal
(This used to be commit 789f9d43db7ea59e79d5aa498e2e9fd077448825)
|
|
In librpc, always try SMB level authentication, even if trying
schannel, but allow fallback to anonymous. This should better
function with servers that set restrict anonymous.
There are too many parts of Samba that get, parse and modify the
binding parameters. Avoid the extra work, and add a binding element
to the struct dcerpc_pipe
The libnet vampire code has been refactored, to reduce extra layers
and to better conform with the standard argument pattern. Also, take
advantage of the new libnet_Lookup code, so we don't require the silly
'password server' smb.conf parameter.
To better support forcing traffic to be sealed for the vampire
operation, the dcerpc_bind_auth() function now takes an auth level
parameter.
Andrew Bartlett
(This used to be commit d65b354959842326fdd4bd7eb7fbeea0390f4afa)
|
|
(This used to be commit 70e7449318aa0e9d2639c76730a7d1683b2f4981)
|
|
Be a bit more strict when checking for duplicate interfaces
(This used to be commit b1286a6d27e2b5aa26f288f6aff70601b0d8ae74)
|
|
Avoids converting a static string to GUID every time we check whether
a transfer syntax is equal to that of NDR.
(This used to be commit 8dcfcaf75ab8cf4a54cf5e56f6be25acc68e3989)
|
|
back and
forth between GUID structs and strings in several places.
(This used to be commit 3564e2f967ef72d6301b4f7e9a311cebcded4d75)
|
|
(This used to be commit 2188168209f07bd87d90d7ff94e8b542ced68249)
|
|
dcerpc_interface_table struct rather then a tuple of interface
name, UUID and version.
This removes the requirement for having a global list of DCE/RPC interfaces,
except for these parts of the code that use that list explicitly
(ndrdump and the scanner torture test).
This should also allow us to remove the hack that put the authservice parameter
in the dcerpc_binding struct as it can now be read directly from
dcerpc_interface_table.
I will now modify some of these functions to take a dcerpc_syntax_id
structure rather then a full dcerpc_interface_table.
(This used to be commit 8aae0f168e54c01d0866ad6e0da141dbd828574f)
|
|
Completely untested, it's a bit difficult without having vista
around (yet), so - Andrew, please test it and let me know what's
wrong.
rafal
(This used to be commit b9e7522bd4b626402c51a69695bea0928f5baef7)
|
|
and move migrated (async) code to a new file.
rafal
(This used to be commit 79b231bc534e10149d86a2c647a27c27ce524949)
|
|
in sync version. This step makes it easer to move further to async
dcerpc connect routine.
rafal
(This used to be commit 87b016d55315190fa3f6083c75cb783ad45ddd0b)
|
|
flag 'smb2' in the dcerpc binding string. This gives a pretty good
test to the new SMB2 trans call.
(This used to be commit f99bef585d4c1e52becc06b581bd5aaa62cf9dd7)
|
|
ncacn_ip_tcp/ncalrpc. The problem was that svn revision 11809 removed
the logic that forced the CONNECT auth type for authenticated binds
which don't have an explicit SIGN or SEAL flag set.
(This used to be commit e7a1f11e8bcba3839f74c7303bd82533a6acfbcd)
|
|
This also removes dcerpc_bind_auth_password, the only user of
dcerpc_bind_auth. And this was not only passwords anyway.
Andrew Bartlett, as usual: Please take a close look.
Thanks,
Volker
(This used to be commit 2ff2dae3d035af6cb0c131573cfd983fc9a58eee)
|
|
consistancy.
Andrew Bartlett
(This used to be commit 8787eb982f899c68a490fb9c71c21ec1d9ec0308)
|
|
field, instead put a zero address. Note that zero is correct (ie. we
shouldn't do the lookup) as in the client we want to send a zero for
the server to fill in. When we make this call from the server we fill
in a real IP.
(This used to be commit e54c8b5658761c33d50a1a557d2ec77229b07b47)
|
|
(This used to be commit aeb42a446b3c28c5cf6800606b3f9b70c49cb94b)
|
|
Use talloc_steal() rather than talloc_reference().
Andrew Bartlett
(This used to be commit 8774f971f3926c5c37aad1e8dfeafa394de87d63)
|
|
(This used to be commit fac77f5fa267da57a55e88cad8993897e80741a0)
|
|
the ejs_echo.c code is the stuff that needs to be auto-generated by
pidl. It only does echo_AddOne so far.
We also need a table for registering these calls. The code is
hard-wired for echo_AddOne for now.
(This used to be commit b1ea58ddc482c373783d16331dd07378010ba39a)
|
|
(This used to be commit 4c5974fc3dabd090284b2ed455a0af114ddbec1d)
|