summaryrefslogtreecommitdiff
path: root/source4/librpc/rpc/dcerpc_util.c
AgeCommit message (Collapse)AuthorFilesLines
2007-10-10r12514: Move DCE/RPC interface table to a seperate fileJelmer Vernooij1-62/+0
Be a bit more strict when checking for duplicate interfaces (This used to be commit b1286a6d27e2b5aa26f288f6aff70601b0d8ae74)
2007-10-10r12513: Similar change as my previous commit, but now for transfer syntaxes.Jelmer Vernooij1-17/+12
Avoids converting a static string to GUID every time we check whether a transfer syntax is equal to that of NDR. (This used to be commit 8dcfcaf75ab8cf4a54cf5e56f6be25acc68e3989)
2007-10-10r12512: Use GUID structs in API functions everywhere rather then converting ↵Jelmer Vernooij1-18/+13
back and forth between GUID structs and strings in several places. (This used to be commit 3564e2f967ef72d6301b4f7e9a311cebcded4d75)
2007-10-10r12511: Remove authservice from binding stringJelmer Vernooij1-7/+1
(This used to be commit 2188168209f07bd87d90d7ff94e8b542ced68249)
2007-10-10r12510: Change the DCE/RPC interfaces to take a pointer to aJelmer Vernooij1-42/+27
dcerpc_interface_table struct rather then a tuple of interface name, UUID and version. This removes the requirement for having a global list of DCE/RPC interfaces, except for these parts of the code that use that list explicitly (ndrdump and the scanner torture test). This should also allow us to remove the hack that put the authservice parameter in the dcerpc_binding struct as it can now be read directly from dcerpc_interface_table. I will now modify some of these functions to take a dcerpc_syntax_id structure rather then a full dcerpc_interface_table. (This used to be commit 8aae0f168e54c01d0866ad6e0da141dbd828574f)
2007-10-10r12135: Move named pipe connect on smb2 function to async implementation.Rafal Szczesniak1-43/+3
Completely untested, it's a bit difficult without having vista around (yet), so - Andrew, please test it and let me know what's wrong. rafal (This used to be commit b9e7522bd4b626402c51a69695bea0928f5baef7)
2007-10-10r12088: Use a structure to pass arguments to dcerpc connection functionsRafal Szczesniak1-71/+16
and move migrated (async) code to a new file. rafal (This used to be commit 79b231bc534e10149d86a2c647a27c27ce524949)
2007-10-10r12001: Replace smbcli_full_connection call with composite connect usedRafal Szczesniak1-8/+25
in sync version. This step makes it easer to move further to async dcerpc connect routine. rafal (This used to be commit 87b016d55315190fa3f6083c75cb783ad45ddd0b)
2007-10-10r11889: added support for dcerpc ncacn_np over SMB2. You use it by giving theAndrew Tridgell1-7/+65
flag 'smb2' in the dcerpc binding string. This gives a pretty good test to the new SMB2 trans call. (This used to be commit f99bef585d4c1e52becc06b581bd5aaa62cf9dd7)
2007-10-10r11816: this fixes some of the problems with the recent async rpc changes andAndrew Tridgell1-0/+12
ncacn_ip_tcp/ncalrpc. The problem was that svn revision 11809 removed the logic that forced the CONNECT auth type for authenticated binds which don't have an explicit SIGN or SEAL flag set. (This used to be commit e7a1f11e8bcba3839f74c7303bd82533a6acfbcd)
2007-10-10r11809: Make dcerpc_bind_auth async.Volker Lendecke1-3/+3
This also removes dcerpc_bind_auth_password, the only user of dcerpc_bind_auth. And this was not only passwords anyway. Andrew Bartlett, as usual: Please take a close look. Thanks, Volker (This used to be commit 2ff2dae3d035af6cb0c131573cfd983fc9a58eee)
2007-10-10r11497: Don't name parameters 'floor'. Rename fl and floor to epm_floor forAndrew Bartlett1-58/+58
consistancy. Andrew Bartlett (This used to be commit 8787eb982f899c68a490fb9c71c21ec1d9ec0308)
2007-10-10r10368: when building the epm tower, don't put host names in the ip addressAndrew Tridgell1-1/+12
field, instead put a zero address. Note that zero is correct (ie. we shouldn't do the lookup) as in the client we want to send a zero for the server to fill in. When we make this call from the server we fill in a real IP. (This used to be commit e54c8b5658761c33d50a1a557d2ec77229b07b47)
2007-10-10r10184: Fix a stack of unhandled enumeration warnings.Tim Potter1-0/+6
(This used to be commit aeb42a446b3c28c5cf6800606b3f9b70c49cb94b)
2007-10-10r8820: Push this common block of code into the caller.Andrew Bartlett1-39/+18
Use talloc_steal() rather than talloc_reference(). Andrew Bartlett (This used to be commit 8774f971f3926c5c37aad1e8dfeafa394de87d63)
2007-10-10r8811: Fix the build..Jelmer Vernooij1-0/+2
(This used to be commit fac77f5fa267da57a55e88cad8993897e80741a0)
2007-10-10r8073: a successful rpc call from ejs!Andrew Tridgell1-0/+14
the ejs_echo.c code is the stuff that needs to be auto-generated by pidl. It only does echo_AddOne so far. We also need a table for registering these calls. The code is hard-wired for echo_AddOne for now. (This used to be commit b1ea58ddc482c373783d16331dd07378010ba39a)
2007-10-10r8068: reduced the verbosity of the EPM codeAndrew Tridgell1-3/+3
(This used to be commit 4c5974fc3dabd090284b2ed455a0af114ddbec1d)
2007-10-10r7633: this patch started as an attempt to make the dcerpc code use a givenAndrew Tridgell1-12/+20
event_context for the socket_connect() call, so that when things that use dcerpc are running alongside anything else it doesn't block the whole process during a connect. Then of course I needed to change any code that created a dcerpc connection (such as the auth code) to also take an event context, and anything that called that and so on .... thus the size of the patch. There were 3 places where I punted: - abartlet wanted me to add a gensec_set_event_context() call instead of adding it to the gensec init calls. Andrew, my apologies for not doing this. I didn't do it as adding a new parameter allowed me to catch all the callers with the compiler. Now that its done, we could go back and use gensec_set_event_context() - the ejs code calls auth initialisation, which means it should pass in the event context from the web server. I punted on that. Needs fixing. - I used a NULL event context in dcom_get_pipe(). This is equivalent to what we did already, but should be fixed to use a callers event context. Jelmer, can you think of a clean way to do that? I also cleaned up a couple of things: - libnet_context_destroy() makes no sense. I removed it. - removed some unused vars in various places (This used to be commit 3a3025485bdb8f600ab528c0b4b4eef0c65e3fc9)
2007-10-10r7497: add timeouts to all rpc requests. The default timeout is 60Andrew Tridgell1-0/+1
seconds. This should prevent the problem I am seeing on a solaris box where a rpc request gets stuck forever (This used to be commit c24ab34813d675b9b81f3062fb6f30aae5697805)
2007-10-10r7313: Prefix a few functions with ncacn_ rather then dcerpc_ because they areJelmer Vernooij1-1/+1
ncacn_ specific (This used to be commit 875cce126878172eedb43b4ecab3970ea9d82e4a)
2007-10-10r7312: Add IDL for ncadg packets.Jelmer Vernooij1-3/+3
(This used to be commit 2009a430b03c685dd65bd573e70d3618f2e0dd0f)
2007-10-10r6795: Make some functions static and remove some unused ones.Jelmer Vernooij1-1/+1
(This used to be commit 46509eb89980bfe6dabd71264d570ea356ee5a22)
2007-10-10r6565: Cludge, cludge, cludge...Andrew Bartlett1-3/+3
We need to pass the 'secure channel type' to the NETLOGON layer, which must match the account type. (Yes, jelmer objects to this inclusion of the kitchen sink ;-) Andrew Bartlett (This used to be commit 8ee208a926d2b15fdc42753b1f9ee586564c6248)
2007-10-10r6272: For 'programmed' use of an anonymous account, we should useAndrew Bartlett1-2/+9
cli_credentials_set_conf(), not cli_credentials_guess(). Also, clarify why for particular flags, we don't do a DCERPC-level authentication. Andrew Bartlett (This used to be commit 838925761d004a1426107f4c5c84d0276fddb2c0)
2007-10-10r6178: fix ncacn_np connection without sign or seal against NT4Stefan Metzmacher1-1/+4
metze (This used to be commit d92100fcc2066454df441a1ea2c7b9940fa19fa1)
2007-10-10r6028: A MAJOR update to intergrate the new credentails system fully withAndrew Bartlett1-3/+9
GENSEC, and to pull SCHANNEL into GENSEC, by making it less 'special'. GENSEC now no longer has it's own handling of 'set username' etc, instead it uses cli_credentials calls. In order to link the credentails code right though Samba, a lot of interfaces have changed to remove 'username, domain, password' arguments, and these have been replaced with a single 'struct cli_credentials'. In the session setup code, a new parameter 'workgroup' contains the client/server current workgroup, which seems unrelated to the authentication exchange (it was being filled in from the auth info). This allows in particular kerberos to only call back for passwords when it actually needs to perform the kinit. The kerberos code has been modified not to use the SPNEGO provided 'principal name' (in the mechListMIC), but to instead use the name the host was connected to as. This better matches Microsoft behaviour, is more secure and allows better use of standard kerberos functions. To achieve this, I made changes to our socket code so that the hostname (before name resolution) is now recorded on the socket. In schannel, most of the code from librpc/rpc/dcerpc_schannel.c is now in libcli/auth/schannel.c, and it looks much more like a standard GENSEC module. The actual sign/seal code moved to libcli/auth/schannel_sign.c in a previous commit. The schannel credentails structure is now merged with the rest of the credentails, as many of the values (username, workstation, domain) where already present there. This makes handling this in a generic manner much easier, as there is no longer a custom entry-point. The auth_domain module continues to be developed, but is now just as functional as auth_winbind. The changes here are consequential to the schannel changes. The only removed function at this point is the RPC-LOGIN test (simulating the load of a WinXP login), which needs much more work to clean it up (it contains copies of too much code from all over the torture suite, and I havn't been able to penetrate its 'structure'). Andrew Bartlett (This used to be commit 2301a4b38a21aa60917973451687063d83d18d66)
2007-10-10r5976: SIDs can't have more then 5 subauths (caught by [validate] andJelmer Vernooij1-0/+3
range()) (This used to be commit ec1eaa274b997197ca6996457229c802f1b76d56)
2007-10-10r5941: Commit this patch much earlier than I would normally prefer, but ↵Andrew Bartlett1-103/+88
metze needs a working tree... The main volume of this patch was what I started working on today: - Cleans up memory handling around DCE/RPC pipes, to have a parent talloc context. - Uses sepereate inner loops for some of the DCE/RPC tests The other and more important part of this patch fixes issues surrounding the new credentials framwork: This makes the struct cli_credentials always a talloc() structure, rather than on the stack. Parts of the cli_credentials code already assumed this. There were other issues, particularly in the DCERPC over SMB handling, as well as little things that had to be tidied up before test_w2k3.sh would start to pass. Andrew Bartlett (This used to be commit 0453f9d05d2e336fba1f85dbf2718d01fa2bf778)
2007-10-10r5932: Use cli_credentials somewhat more in the Gtk+ codeJelmer Vernooij1-6/+3
Support ncacn_spx in DCE/RPC bindings. (This used to be commit a0233a3a9a83176ae46873d3a25ed601758a1511)
2007-10-10r5930: Fix initialisation of dcerpc_binding->authserviceJelmer Vernooij1-0/+2
(This used to be commit f8cf161e0e59bd6b2a62135be8511403f4e9ca70)
2007-10-10r5929: Use cli_credentials for the SMB functions as well.Jelmer Vernooij1-6/+4
Fix a couple of bugs in the new cli_credentials code (This used to be commit 4ad481cfe5cde514d2ef9646147239f3faaa6173)
2007-10-10r5928: Use cli_credentials in:Jelmer Vernooij1-39/+25
- gtk+ (returned by GtkHostBindingDialog as well now) - torture/ - librpc/ - lib/com/dcom/ (This used to be commit ccefd782335e01e8e6ecb2bcd28a4f999c53b1a6)
2007-10-10r5902: A rather large change...Andrew Bartlett1-112/+95
I wanted to add a simple 'workstation' argument to the DCERPC authenticated binding calls, but this patch kind of grew from there. With SCHANNEL, the 'workstation' name (the netbios name of the client) matters, as this is what ties the session between the NETLOGON ops and the SCHANNEL bind. This changes a lot of files, and these will again be changed when jelmer does the credentials work. I also correct some schannel IDL to distinguish between workstation names and account names. The distinction matters for domain trust accounts. Issues in handling this (issues with lifetime of talloc pointers) caused me to change the 'creds_CredentialsState' and 'struct dcerpc_binding' pointers to always be talloc()ed pointers. In the schannel DB, we now store both the domain and computername, and query on both. This should ensure we fault correctly when the domain is specified incorrectly in the SCHANNEL bind. In the RPC-SCHANNEL test, I finally fixed a bug that vl pointed out, where the comment claimed we re-used a connection, but in fact we made a new connection. This was achived by breaking apart some of the dcerpc_secondary_connection() logic. The addition of workstation handling was also propogated to NTLMSSP and GENSEC, for completeness. The RPC-SAMSYNC test has been cleaned up a little, using a loop over usernames/passwords rather than manually expanded tests. This will be expanded further (the code in #if 0 in this patch) to use a newly created user account for testing. In making this test pass test_rpc.sh, I found a bug in the RPC-ECHO server, caused by the removal of [ref] and the assoicated pointer from the IDL. This has been re-added, until the underlying pidl issues are solved. (This used to be commit 824289dcc20908ddec957a4a892a103eec2da9b9)
2007-10-10r5603: add "authservice()" property to the interface property listStefan Metzmacher1-4/+8
so we can specify allowed target service names in the idl file the default is "host" metze (This used to be commit bf40d5321f3257bf9354a42d31265f1a9b0d53ad)
2007-10-10r5302: fixed a compilation problem on solaris caused by the recent includeAndrew Tridgell1-1/+1
changes (This used to be commit e7e015f79b10c353848a17f31c91a0593790a560)
2007-10-10r5298: - got rid of pstring.h from includes.h. This at least makes it a bitAndrew Tridgell1-1/+1
less likely that anyone will use pstring for new code - got rid of winbind_client.h from includes.h. This one triggered a huge change, as winbind_client.h was including system/filesys.h and defining the old uint32 and uint16 types, as well as its own pstring and fstring. (This used to be commit 9db6c79e902ec538108d6b7d3324039aabe1704f)
2007-10-10r5291: fixed ncacn_ip_tcp against windowsAndrew Tridgell1-3/+2
(This used to be commit 8df8308f7f7c937ea8bcbb4336e98911824ece48)
2007-10-10r5286: Some first steps in making the pidl code somewhat more generic for theJelmer Vernooij1-2/+2
various data types: Add ndr_flags argument to all ndr push/pull scalar functions (This used to be commit ab490c0c882bb13de190546c50a0631ecb8255ad)
2007-10-10r5209: Fix the endpoint mapper to work with IPX endpoints (whichJelmer Vernooij1-9/+128
accidently have the same protocol id as UUID's) Before this, Samba would give NDR errors when contacting a remote server that has IPX support enabled. This one was on my long due bugs list. (This used to be commit 7b847de64f35b8e897b64ad047d8aea3813214f8)
2007-10-10r5155: define ipv4address as a based IDL type, mapped to a "const char *" inAndrew Tridgell1-29/+8
the header, and defined on the wire as a 4 byte network byte order IP. This means the calling code doesn't have to worry about network byte order conversions. (This used to be commit 72048e37179dd5b9ada0c5280d2f0d8c23d1a17d)
2007-10-10r5148: use ipv4_addr also in epmapper idlStefan Metzmacher1-4/+4
metze (This used to be commit cbc1f172822363e1fc4495d27248464403748cae)
2007-10-10r5037: got rid of all of the TALLOC_DEPRECATED stuff. My apologies for theAndrew Tridgell1-2/+2
large commit. I thought this was worthwhile to get done for consistency. (This used to be commit ec32b22ed5ec224f6324f5e069d15e92e38e15c0)
2007-10-10r4962: add infrastructure to use raw krb5 auth in dcerpc client codeStefan Metzmacher1-0/+3
Note this doesn't work currently because the gensec_modules are not ready for that yet metze (This used to be commit 7b09a3f725baca5d4483b7ec24a9cb6151557bb5)
2007-10-10r4758: - added async support to the session request codeAndrew Tridgell1-7/+6
- added async support to the negprot client code - removed two unused parameters from smbcli_full_connection() code - converted smbclient to use smbcli_full_connection() rather than reinventing everything itself (This used to be commit 71cbe2873473e039b4511511302cb63f1c50bce8)
2007-10-10r4635: Fix NTLMSSP to return NT_STATUS_OK when it has constructed the authAndrew Bartlett1-4/+10
token in the client (the final token in the negotiation). Consequential fixes in the SPNEGO code, which now uses the out.length as the indicator of 'I need to send something to the other side'. Merge the NTLM and SPNEGO DCE-RPC authentication routines in the client. Fix the RPC-MULTIBIND test consequent to this merge. Andrew Bartlett (This used to be commit 43e3516fc03008e97ebb4ad1a0cde464303f43c6)
2007-10-10r4630: for ncacn_np if we don't have an explicit request for one of theAndrew Tridgell1-0/+4
advanced auth types we should do a plain bind. This fixes rpc connections to ancient servers (like sun cascade) (This used to be commit 59a5a0b218f7182c541a06ffc4528c1160699033)
2007-10-10r4627: - simplified the dcerpc auth code using a common functionAndrew Tridgell1-66/+41
- added support for "spnego" in binding strings. This enables SPNEGO auth in the dcerpc client code, using as many allter_context calls as are needed To try SPNEGO do this: smbtorture ncacn_ip_tcp:SERVER[spnego,seal] -Uadministrator%password RPC-SAMR (This used to be commit 9c0a3423f03111c110d21c0d3910e16aa1a8bf87)
2007-10-10r4618: - tidied up the alter_context client code a bitAndrew Tridgell1-3/+3
- there is no alter_nak or alter_ack packet, its all done in an alter_response - auto-allocated the contex_ids - tried to fix up the dcom code to work again with alter_context. Jelmer, please take a look :) (This used to be commit dd1c54add8884376601f2f8a56c01bfb8add030c)
2007-10-10r4617: basic alter_context requests now work in our client library. The testAndrew Tridgell1-0/+47
just does a simple LSA/DSSETUP combo, which is what w2k does in the ACL editor rpc calls that triggered this work (This used to be commit 0129ec947aa1fa5a7104dc3a666af3cb9bd104f1)