summaryrefslogtreecommitdiff
path: root/source4/librpc/rpc/dcerpc_util.c
AgeCommit message (Collapse)AuthorFilesLines
2007-10-10r15504: Revert -r 15500 and -r 15503 until I'm awake, and can get my headAndrew Bartlett1-40/+91
around the mess that is composite functions... Async might be all the rage, but it's bloody painful to debug. Andrew Bartlett (This used to be commit 756e1dad7ce54b83f8170db3434bfcfc4afe7e65)
2007-10-10r15503: I may shortly have to revert all of this, but be clearer about how weAndrew Bartlett1-14/+13
handle the NTLMSSP and wrong password fallbacks. Andrew Bartlett (This used to be commit dbf51ea985e0b300631e2070e91d4d901c784c44)
2007-10-10r15500: Add support for interactive prompting on bad passwords to the RPC ↵Andrew Bartlett1-85/+35
libraries. This support requires that the bind_ack and alter_ack recv functions also be send the DCE/RPC fault. This would be best done by having the ack run as a normal RPC reply callback, but this isn't easily possible for now. Andrew Bartlett (This used to be commit be6dde22fe728d64d47875699d3421c6d8d872a4)
2007-10-10r15426: Implement SPNEGO as the default RPC authentication mechanism. WhereAndrew Bartlett1-13/+143
this isn't supported, fallback to NTLM. Also, where we get a failure as 'logon failure', try and do a '3 tries' for the password, like we already do for CIFS. (Incomplete: needs a mapping between RPC errors and the logon failure NTSTATUS). Because we don't yet support Kerberos sign/seal to win2k3 SP1 for DCE/RPC, disable this (causing SPNEGO to negotiate NTLM) when kerberos isn't demanded. Andrew Bartlett (This used to be commit b3212d1fb91b26c1d326a289560106dffe1d2e80)
2007-10-10r14962: fixed a valgrind errorAndrew Tridgell1-2/+4
(This used to be commit 5a8d13c4e67974d198d71823774950483ec42088)
2007-10-10r14735: Use dcerpc_syntax_id rather then seperate GUID + if_version everywhereJelmer Vernooij1-26/+22
(This used to be commit a316b33057f3ec8532677980e093cd327d33f257)
2007-10-10r14470: Remove some unnecessary headers.Jelmer Vernooij1-1/+0
(This used to be commit f7312dab3b9aba2b2b82e8a6e0c483a32a03a63a)
2007-10-10r14402: Generate seperate headers for RPC client functions.Jelmer Vernooij1-0/+1
(This used to be commit 7054ebf0249930843a2baf4d023ae8f62cedb109)
2007-10-10r14363: Remove credentials.h from the global includes.Jelmer Vernooij1-0/+1
(This used to be commit 98c4c3051391c6f89df5d133665f51bef66b1563)
2007-10-10r14238: This is not needed anymore, as the state structure is zeroedRafal Szczesniak1-3/+0
right after allocation. rafal (This used to be commit 87b31c51bbd1e8cb3616eb9d7dd2b7fc1a7f9c46)
2007-10-10r14211: More comments.Rafal Szczesniak1-2/+29
rafal (This used to be commit 9035de56a801f04436777b7faacf2f3b518b6942)
2007-10-10r14210: 1) Fix an issue with composite context when null event contextRafal Szczesniak1-103/+13
is passed to dcerpc_epm_map_binding_send. 2) Replace old dcerpc_epm_map_binding with the new function based on async code, as the above problem is fixed. rafal (This used to be commit 85ecb07ab595073dd44c213075d33da07aa19277)
2007-10-10r14165: More comments and my copyright.Rafal Szczesniak1-1/+19
rafal (This used to be commit 6b94e81e5a31bb413149d9328746b1fed65c7f3d)
2007-10-10r14143: Replace old function with equivalent based on new async code.Rafal Szczesniak1-67/+4
rafal (This used to be commit 036d35ff175b26dc1f55e6813f9a014a444d9af4)
2007-10-10r14136: Fix bug causing segfaults in certain circumstances (gcc3.x amongRafal Szczesniak1-7/+7
others, probably). Funny thing, it didn't segfault on my laptop and gcc4... rafal (This used to be commit 9e3321130e57daccd9649afc3af581a03655090e)
2007-10-10r14125: Fix incorrect declaration caught on build farm.Rafal Szczesniak1-1/+2
rafal (This used to be commit 93358e7d9e08bb77641c1b9a47448eb0a4dac587)
2007-10-10r14123: Huge lump of code making all of our dcerpc connect codeRafal Szczesniak1-200/+339
asynchronous. Build is ok, and so are the tests. More comments to follow. rafal (This used to be commit a74fb6c5a2f968c56aff8ce39ce2ce9375d19b81)
2007-10-10r13726: Fix indentation.Rafal Szczesniak1-1/+1
rafal (This used to be commit cedaf08170fddc8e4a3f9e4aea0f2c7f08759061)
2007-10-10r13582: IndentAndrew Bartlett1-3/+3
(This used to be commit 06ddac2bb1899937b79e3bf89cb84c750c3ce4c5)
2007-10-10r13561: Turn all dcerpc connect and socket functions to async version.Rafal Szczesniak1-75/+6
Now, each rpc interface (named pipe, tcp/ip, lrpc and unix socket) works asynchronously. Comments to follow. rafal (This used to be commit 789f9d43db7ea59e79d5aa498e2e9fd077448825)
2007-10-10r12865: Upgrade the librpc and libnet code.Andrew Bartlett1-3/+15
In librpc, always try SMB level authentication, even if trying schannel, but allow fallback to anonymous. This should better function with servers that set restrict anonymous. There are too many parts of Samba that get, parse and modify the binding parameters. Avoid the extra work, and add a binding element to the struct dcerpc_pipe The libnet vampire code has been refactored, to reduce extra layers and to better conform with the standard argument pattern. Also, take advantage of the new libnet_Lookup code, so we don't require the silly 'password server' smb.conf parameter. To better support forcing traffic to be sealed for the vampire operation, the dcerpc_bind_auth() function now takes an auth level parameter. Andrew Bartlett (This used to be commit d65b354959842326fdd4bd7eb7fbeea0390f4afa)
2007-10-10r12608: Remove some unused #include lines.Jelmer Vernooij1-1/+0
(This used to be commit 70e7449318aa0e9d2639c76730a7d1683b2f4981)
2007-10-10r12514: Move DCE/RPC interface table to a seperate fileJelmer Vernooij1-62/+0
Be a bit more strict when checking for duplicate interfaces (This used to be commit b1286a6d27e2b5aa26f288f6aff70601b0d8ae74)
2007-10-10r12513: Similar change as my previous commit, but now for transfer syntaxes.Jelmer Vernooij1-17/+12
Avoids converting a static string to GUID every time we check whether a transfer syntax is equal to that of NDR. (This used to be commit 8dcfcaf75ab8cf4a54cf5e56f6be25acc68e3989)
2007-10-10r12512: Use GUID structs in API functions everywhere rather then converting ↵Jelmer Vernooij1-18/+13
back and forth between GUID structs and strings in several places. (This used to be commit 3564e2f967ef72d6301b4f7e9a311cebcded4d75)
2007-10-10r12511: Remove authservice from binding stringJelmer Vernooij1-7/+1
(This used to be commit 2188168209f07bd87d90d7ff94e8b542ced68249)
2007-10-10r12510: Change the DCE/RPC interfaces to take a pointer to aJelmer Vernooij1-42/+27
dcerpc_interface_table struct rather then a tuple of interface name, UUID and version. This removes the requirement for having a global list of DCE/RPC interfaces, except for these parts of the code that use that list explicitly (ndrdump and the scanner torture test). This should also allow us to remove the hack that put the authservice parameter in the dcerpc_binding struct as it can now be read directly from dcerpc_interface_table. I will now modify some of these functions to take a dcerpc_syntax_id structure rather then a full dcerpc_interface_table. (This used to be commit 8aae0f168e54c01d0866ad6e0da141dbd828574f)
2007-10-10r12135: Move named pipe connect on smb2 function to async implementation.Rafal Szczesniak1-43/+3
Completely untested, it's a bit difficult without having vista around (yet), so - Andrew, please test it and let me know what's wrong. rafal (This used to be commit b9e7522bd4b626402c51a69695bea0928f5baef7)
2007-10-10r12088: Use a structure to pass arguments to dcerpc connection functionsRafal Szczesniak1-71/+16
and move migrated (async) code to a new file. rafal (This used to be commit 79b231bc534e10149d86a2c647a27c27ce524949)
2007-10-10r12001: Replace smbcli_full_connection call with composite connect usedRafal Szczesniak1-8/+25
in sync version. This step makes it easer to move further to async dcerpc connect routine. rafal (This used to be commit 87b016d55315190fa3f6083c75cb783ad45ddd0b)
2007-10-10r11889: added support for dcerpc ncacn_np over SMB2. You use it by giving theAndrew Tridgell1-7/+65
flag 'smb2' in the dcerpc binding string. This gives a pretty good test to the new SMB2 trans call. (This used to be commit f99bef585d4c1e52becc06b581bd5aaa62cf9dd7)
2007-10-10r11816: this fixes some of the problems with the recent async rpc changes andAndrew Tridgell1-0/+12
ncacn_ip_tcp/ncalrpc. The problem was that svn revision 11809 removed the logic that forced the CONNECT auth type for authenticated binds which don't have an explicit SIGN or SEAL flag set. (This used to be commit e7a1f11e8bcba3839f74c7303bd82533a6acfbcd)
2007-10-10r11809: Make dcerpc_bind_auth async.Volker Lendecke1-3/+3
This also removes dcerpc_bind_auth_password, the only user of dcerpc_bind_auth. And this was not only passwords anyway. Andrew Bartlett, as usual: Please take a close look. Thanks, Volker (This used to be commit 2ff2dae3d035af6cb0c131573cfd983fc9a58eee)
2007-10-10r11497: Don't name parameters 'floor'. Rename fl and floor to epm_floor forAndrew Bartlett1-58/+58
consistancy. Andrew Bartlett (This used to be commit 8787eb982f899c68a490fb9c71c21ec1d9ec0308)
2007-10-10r10368: when building the epm tower, don't put host names in the ip addressAndrew Tridgell1-1/+12
field, instead put a zero address. Note that zero is correct (ie. we shouldn't do the lookup) as in the client we want to send a zero for the server to fill in. When we make this call from the server we fill in a real IP. (This used to be commit e54c8b5658761c33d50a1a557d2ec77229b07b47)
2007-10-10r10184: Fix a stack of unhandled enumeration warnings.Tim Potter1-0/+6
(This used to be commit aeb42a446b3c28c5cf6800606b3f9b70c49cb94b)
2007-10-10r8820: Push this common block of code into the caller.Andrew Bartlett1-39/+18
Use talloc_steal() rather than talloc_reference(). Andrew Bartlett (This used to be commit 8774f971f3926c5c37aad1e8dfeafa394de87d63)
2007-10-10r8811: Fix the build..Jelmer Vernooij1-0/+2
(This used to be commit fac77f5fa267da57a55e88cad8993897e80741a0)
2007-10-10r8073: a successful rpc call from ejs!Andrew Tridgell1-0/+14
the ejs_echo.c code is the stuff that needs to be auto-generated by pidl. It only does echo_AddOne so far. We also need a table for registering these calls. The code is hard-wired for echo_AddOne for now. (This used to be commit b1ea58ddc482c373783d16331dd07378010ba39a)
2007-10-10r8068: reduced the verbosity of the EPM codeAndrew Tridgell1-3/+3
(This used to be commit 4c5974fc3dabd090284b2ed455a0af114ddbec1d)
2007-10-10r7633: this patch started as an attempt to make the dcerpc code use a givenAndrew Tridgell1-12/+20
event_context for the socket_connect() call, so that when things that use dcerpc are running alongside anything else it doesn't block the whole process during a connect. Then of course I needed to change any code that created a dcerpc connection (such as the auth code) to also take an event context, and anything that called that and so on .... thus the size of the patch. There were 3 places where I punted: - abartlet wanted me to add a gensec_set_event_context() call instead of adding it to the gensec init calls. Andrew, my apologies for not doing this. I didn't do it as adding a new parameter allowed me to catch all the callers with the compiler. Now that its done, we could go back and use gensec_set_event_context() - the ejs code calls auth initialisation, which means it should pass in the event context from the web server. I punted on that. Needs fixing. - I used a NULL event context in dcom_get_pipe(). This is equivalent to what we did already, but should be fixed to use a callers event context. Jelmer, can you think of a clean way to do that? I also cleaned up a couple of things: - libnet_context_destroy() makes no sense. I removed it. - removed some unused vars in various places (This used to be commit 3a3025485bdb8f600ab528c0b4b4eef0c65e3fc9)
2007-10-10r7497: add timeouts to all rpc requests. The default timeout is 60Andrew Tridgell1-0/+1
seconds. This should prevent the problem I am seeing on a solaris box where a rpc request gets stuck forever (This used to be commit c24ab34813d675b9b81f3062fb6f30aae5697805)
2007-10-10r7313: Prefix a few functions with ncacn_ rather then dcerpc_ because they areJelmer Vernooij1-1/+1
ncacn_ specific (This used to be commit 875cce126878172eedb43b4ecab3970ea9d82e4a)
2007-10-10r7312: Add IDL for ncadg packets.Jelmer Vernooij1-3/+3
(This used to be commit 2009a430b03c685dd65bd573e70d3618f2e0dd0f)
2007-10-10r6795: Make some functions static and remove some unused ones.Jelmer Vernooij1-1/+1
(This used to be commit 46509eb89980bfe6dabd71264d570ea356ee5a22)
2007-10-10r6565: Cludge, cludge, cludge...Andrew Bartlett1-3/+3
We need to pass the 'secure channel type' to the NETLOGON layer, which must match the account type. (Yes, jelmer objects to this inclusion of the kitchen sink ;-) Andrew Bartlett (This used to be commit 8ee208a926d2b15fdc42753b1f9ee586564c6248)
2007-10-10r6272: For 'programmed' use of an anonymous account, we should useAndrew Bartlett1-2/+9
cli_credentials_set_conf(), not cli_credentials_guess(). Also, clarify why for particular flags, we don't do a DCERPC-level authentication. Andrew Bartlett (This used to be commit 838925761d004a1426107f4c5c84d0276fddb2c0)
2007-10-10r6178: fix ncacn_np connection without sign or seal against NT4Stefan Metzmacher1-1/+4
metze (This used to be commit d92100fcc2066454df441a1ea2c7b9940fa19fa1)
2007-10-10r6028: A MAJOR update to intergrate the new credentails system fully withAndrew Bartlett1-3/+9
GENSEC, and to pull SCHANNEL into GENSEC, by making it less 'special'. GENSEC now no longer has it's own handling of 'set username' etc, instead it uses cli_credentials calls. In order to link the credentails code right though Samba, a lot of interfaces have changed to remove 'username, domain, password' arguments, and these have been replaced with a single 'struct cli_credentials'. In the session setup code, a new parameter 'workgroup' contains the client/server current workgroup, which seems unrelated to the authentication exchange (it was being filled in from the auth info). This allows in particular kerberos to only call back for passwords when it actually needs to perform the kinit. The kerberos code has been modified not to use the SPNEGO provided 'principal name' (in the mechListMIC), but to instead use the name the host was connected to as. This better matches Microsoft behaviour, is more secure and allows better use of standard kerberos functions. To achieve this, I made changes to our socket code so that the hostname (before name resolution) is now recorded on the socket. In schannel, most of the code from librpc/rpc/dcerpc_schannel.c is now in libcli/auth/schannel.c, and it looks much more like a standard GENSEC module. The actual sign/seal code moved to libcli/auth/schannel_sign.c in a previous commit. The schannel credentails structure is now merged with the rest of the credentails, as many of the values (username, workstation, domain) where already present there. This makes handling this in a generic manner much easier, as there is no longer a custom entry-point. The auth_domain module continues to be developed, but is now just as functional as auth_winbind. The changes here are consequential to the schannel changes. The only removed function at this point is the RPC-LOGIN test (simulating the load of a WinXP login), which needs much more work to clean it up (it contains copies of too much code from all over the torture suite, and I havn't been able to penetrate its 'structure'). Andrew Bartlett (This used to be commit 2301a4b38a21aa60917973451687063d83d18d66)
2007-10-10r5976: SIDs can't have more then 5 subauths (caught by [validate] andJelmer Vernooij1-0/+3
range()) (This used to be commit ec1eaa274b997197ca6996457229c802f1b76d56)