summaryrefslogtreecommitdiff
path: root/source4/librpc/rpc
AgeCommit message (Collapse)AuthorFilesLines
2007-10-10r2634: use discard_const_p() in a few placesAndrew Tridgell1-2/+2
(This used to be commit 56ecda2178e33508c55c6195ccec41c06e099d6f)
2007-10-10r2629: convert gensec to the new talloc modelAndrew Tridgell4-5/+5
by making our gensec structures a talloc child of the open connection we can be sure that it will be destroyed when the connection is dropped. (This used to be commit f12ee2f241aab1549bc1d9ca4c35a35a1ca0d09d)
2007-10-10r2628: got rid of some warnings and converted a few more places to use ↵Andrew Tridgell3-4/+3
hierarchical memory allocation (This used to be commit 26da45a8019a2d6c9ff2ac2a6739c7d0b42b00de)
2007-10-10r2626: the symbol gai_error is defined in /usr/include, so don't use that ↵Andrew Tridgell1-4/+4
name in our code (This used to be commit 458f85328850905db8e9808d02898c69b5f9b872)
2007-10-10r2614: support CONNECT level DCE/RPC security in both client andAndrew Tridgell4-21/+67
server. CONNECT security uses NTLMSSP, but does not do any signing or sealing (or equivalently, its like signing, but with a zero filled checksum). (This used to be commit f4660857bc708db7f5aa7487bf7ab04bffe68928)
2007-10-10r2538: Support IPv6 as transport for MSRPC. Tested against Win2k3Jelmer Vernooij2-11/+35
Implemented using the POSIX getaddrinfo() call (specified by POSIX 1003.1-2003 and 2553) I'm not sure how portable this function is, so we might have to add a sys_getaddrinfo() later on. (This used to be commit 0fb0530389751c6fb4ca58f5e9a0f23491699f17)
2007-10-10r2443: check return code of event_loop_once() to catch thet cases where the ↵Stefan Metzmacher1-2/+6
server closes the connetion and we got EBADF from select() and event_loop_once() fails metze (This used to be commit 9c0e50a6f3d628156b4543d5ded89e06be696f64)
2007-10-10r2399: Display text description of rpc fault in debug message.Tim Potter1-1/+1
(This used to be commit 04aec4c0a3f559f6a9ccfaf990f3a2ff2e6f48df)
2007-10-10r2383: fixed the handling of sending zero length dcerpc packets (I broke thisAndrew Tridgell1-1/+3
recently, and this broke the autoidl code) (This used to be commit 01d66f68f6b21dc9b5c0702edcd4f56daeae9b9d)
2007-10-10r2304: fixed a bug in old style NTLM signingAndrew Tridgell1-1/+1
(This used to be commit 09651b831d085345dd385bc9777f97e1c0d57c6f)
2007-10-10r2294: this fixes the NTLM2 sign+seal combination. I have now tested:Andrew Tridgell1-5/+8
NTLM sign NTLM sign+seal NTLM2 sign NTLM2 sign+seal and all of the above both with and without key exchange the NTLM2 seal case is ugly and involves an extra data copy, which some API changes in gensec or the ndr layer might avoid in future. (This used to be commit fce7a4218b3136d880dd1a123e8525e3091bbed8)
2007-10-10r2287: Add static.Andrew Bartlett1-1/+1
Andrew Bartlett (This used to be commit 49171e420337136d3e66300f99fa1885051e5b61)
2007-10-10r2284: Thanks to some great detective work by tridge, NTLM2 signing now works.Andrew Bartlett7-80/+109
This means that 'require NTLMv2 session security' now works for RPC pipe signing. We don't yet have sealing, but it can't be much further. This is almost all tridge's code, munged into a form that can work with the GENSEC API. This commit also includes more lsakey fixes - that key is used for all DCE-RPC level authenticated connections, even over CIFS/ncacn_np. No doubt I missed something, but I'm going to get some sleep :-) Andrew Bartlett (This used to be commit a1fe175eec884280fb7e9ca8f528134cf4600beb)
2007-10-10r2275: don't crash on a rpc BIND_NAK response ...Andrew Tridgell1-1/+6
(This used to be commit 22a6e5d50d2d40c2dfc5e36bce1132b92723dd81)
2007-10-10r2266: yay! LSA session keys on TCP now work!Andrew Tridgell4-15/+33
(This used to be commit f6ea24296acaaadcd2d59740bc88ef1a93fb1c28)
2007-10-10r2247: talloc_destroy -> talloc_freeTim Potter1-1/+1
(This used to be commit 6c1a72c5d667245b1eec94f58e68acd22dd720ce)
2007-10-10r2234: Tridge, this is a patch to allow people to set the REF_ALLOC flag onTim Potter2-0/+7
a dcerpc_pipe structure as we discussed this morning. (This used to be commit 79969dc8daf5fdaacd26135a200ecec0b4d7663c)
2007-10-10r2185: add a callback function to the dcerpc async APIAndrew Tridgell2-0/+25
also add a demonstration of its use in the netlogon async example (This used to be commit f2a0438c66b999189c1a2ad726e91efd0748eb90)
2007-10-10r2184: use the smb.conf socket options for client code tooAndrew Tridgell1-0/+2
(This used to be commit 7256945b526a1ee68d18eb579e592f7389740c22)
2007-10-10r2180: added RPC flags "padcheck" which enables checking of all received padAndrew Tridgell3-14/+37
bytes to make sure they are zero. Non-zero values usually indicate one of two things: - the server is leaking data through sending uninitialised memory - we have mistaken a real field in the IDL for padding to differentiate between the two you really need to run with "print,padcheck" and look carefully at whether the non-zero pad bytes are random or appear to be deliberate. (This used to be commit 7fdb778f81f14aaab75ab204431e4342a462957a)
2007-10-10r2118: fixed the receipt of bigendian rpc packets with the new async code.Andrew Tridgell1-3/+10
The fix uses the new talloc_increase_ref_count() function in an interesting way. I suspect this sort of technique will become quite common. (This used to be commit a86e629a39baf0ba2a6bb347eb9b72551c1477ff)
2007-10-10r2103: in the conversion to async rpc I simplified the smb backend to onlyAndrew Tridgell4-46/+153
use readx/writex instead of the more efficient SMBtrans calls. This patch restores the efficiency by using SMBtrans when possible. (This used to be commit 83fbe080e7fcdf4168d85f654b802dc4538b8984)
2007-10-10r2100: rework the dcerpc client side library so that it is async. We nowAndrew Tridgell8-423/+747
generate a separate *_send() async function for every RPC call, and there is a single dcerpc_ndr_request_recv() call that processes the receive side of any rpc call. The caller can use dcerpc_event_context() to get a pointer to the event context for the pipe so that events can be waited for asynchronously. The only part that remains synchronous is the initial bind calls. These could also be made async if necessary, although I suspect most applications won't need them to be. (This used to be commit f5d004d8eb8c76c03342cace1976b27266cfa1f0)
2007-10-10r2041: Fix NTLMSSP RPC sealing, client -> win2k3 server.Andrew Bartlett5-26/+32
The bug (found by tridge) is that Win2k3 is being tighter about the NTLMSSP flags. If we don't negotiate sealing, we can't use it. We now have a way to indicate to the GENSEC implementation mechanisms what things we want for a connection. Andrew Bartlett (This used to be commit 86f61568ea44c5719f9b583beeeefb12e0c26f4c)
2007-10-10r2029: changed our client side dcerpc padding to match what w2k3 does - a 16Andrew Tridgell1-2/+4
byte padding of the payload portion of the packet. (This used to be commit 271831f97f3952838557bf5034c1e435b33cb14a)
2007-10-10r1993: Allow WinXP domain logon to progress a bit further (it seems broken ↵Andrew Bartlett1-3/+4
for me). Fix indent, and add a few more useful debug messages. Send a fault, if the bind is not accepted - don't just leave the client hanging. Andrew Bartlett (This used to be commit 486215edc1148ad754632be37760dc0d38b0340d)
2007-10-10r1983: a completely new implementation of tallocAndrew Tridgell2-4/+3
This version does the following: 1) talloc_free(), talloc_realloc() and talloc_steal() lose their (redundent) first arguments 2) you can use _any_ talloc pointer as a talloc context to allocate more memory. This allows you to create complex data structures where the top level structure is the logical parent of the next level down, and those are the parents of the level below that. Then destroy either the lot with a single talloc_free() or destroy any sub-part with a talloc_free() of that part 3) you can name any pointer. Use talloc_named() which is just like talloc() but takes the printf style name argument as well as the parent context and the size. The whole thing ends up being a very simple piece of code, although some of the pointer walking gets hairy. So far, I'm just using the new talloc() like the old one. The next step is to actually take advantage of the new interface properly. Expect some new commits soon that simplify some common coding styles in samba4 by using the new talloc(). (This used to be commit e35bb094c52e550b3105dd1638d8d90de71d854f)
2007-10-10r1874: add dcerpc_errstr() function to display a fault code by name,Stefan Metzmacher1-0/+59
this should be used in the torture tests when we got NT_STATU_NET_WRITE_FAULT metze (This used to be commit 964748389bb7560ba141d71bb9256a8552c7db92)
2007-10-10r1872: revert -r 1845 because the caling function should look at the fault_codeStefan Metzmacher1-12/+2
when it gets NT_STATUS_NET_WRITE_FAULT metze (This used to be commit 084845c1ab5e8acdb91f1d93b87d3f58e5de1bfd)
2007-10-10r1850: when we have a username and use sign or seal on a dcerpc over npStefan Metzmacher1-1/+2
use dcerpc auth instead off smb auth metze (This used to be commit 6b429234968da7e51de95b6ede2afe3c1605debb)
2007-10-10r1845: map DCERPC_FAULT_LOGON_FAILURE to NT_STATUS_LOGON_FAILUREStefan Metzmacher1-2/+11
metze (This used to be commit 0cf0c3646038574e73c77a0b7adbdf6d04fe7207)
2007-10-10r1821: fixed reference to "status" that should be "result"Andrew Tridgell1-1/+1
(This used to be commit bdf7d66d299b0956fbf17b38291089585b2b54bf)
2007-10-10r1786: Add support for the 'helpstring' attribute on interfacesJelmer Vernooij1-0/+1
(This used to be commit 85fb26a05d57e58795b0c0ffa93dc9e0fa902431)
2007-10-10r1703: - Lots of RPC updates, adding new pipes and protocols.Jelmer Vernooij1-3/+3
- More updates/fixes to the ethereal parser generator (This used to be commit 547f860285b117e291bf3dbaca0707dc268b214e)
2007-10-10r1654: rename cli_ -> smbcli_Stefan Metzmacher2-16/+16
rename CLI_ -> SMBCLI_ metze (This used to be commit 8441750fd9427dd6fe477f27e603821b4026f038)
2007-10-10r1645: added a debug when a RPC fault is receivedAndrew Tridgell1-0/+1
(This used to be commit cb1830909952dd0d0fed2090e820f1ee2552a7a2)
2007-10-10r1509: in order to interoperate with NT3.1 we need to ignore extra data at ↵Andrew Tridgell1-3/+7
the end of RPC PDUs. It turns out that NT3.1 adds junk onto the end of every PDU. (This used to be commit a4a89cffd85c213a4d751c24ccda438e44df4d2e)
2007-10-10r1498: (merge from 3.0)Andrew Bartlett1-1/+1
Rework our random number generation system. On systems with /dev/urandom, this avoids a change to secrets.tdb for every fork(). For other systems, we now only re-seed after a fork, and on startup. No need to do it per-operation. This removes the 'need_reseed' parameter from generate_random_buffer(). This also requires that we start the secrets subsystem, as that is where the reseed value is stored, for systems without /dev/urandom. In order to aviod identical streams in forked children, the random state is re-initialised after the fork(), at the same point were we do that to the tdbs. Andrew Bartlett (This used to be commit b97d3cb2efd68310b1aea8a3ac40a64979c8cdae)
2007-10-10r1475: More kerberos workAndrew Bartlett1-0/+7
- We can now connect to hosts that follow the SPNEGO RFC, and *do not* give us their principal name in the mechListMIC. - The client code now remembers the hostname it connects to - We now kinit for a user, if there is not valid ticket already - Re-introduce clock skew compensation TODO: - See if the username in the ccache matches the username specified - Use a private ccache, rather then the global one, for a 'new' kinit - Determine 'default' usernames. - The default for Krb5 is the one in the ccache, then $USER - For NTLMSSP, it's just $USER Andrew Bartlett (This used to be commit de5da669397db4ac87c6da08d3533ca3030da2b0)
2007-10-10r1419: spnego inside of dcerpc using alter_context/alter_context_respStefan Metzmacher6-11/+170
instead of auth3 metze (This used to be commit 19b0567ee533744a0f2778bf8549636a25d96526)
2007-10-10r1354: Make it clear that the first gensec_update takes a NULL data_blob.Andrew Bartlett1-2/+3
Andrew Bartlett (This used to be commit 842a5dfc1f313b771fef14a484be6eea8c6eedf8)
2007-10-10r1351: add derpc spengo wrapperStefan Metzmacher1-0/+79
not yet used and not working because of bugs in the gensec spnego code metze (This used to be commit b9795ed5735ad88a2ba9608d3d8804edf77e4cd4)
2007-10-10r1294: A nice, large, commit...Andrew Bartlett6-136/+376
This implements gensec for Samba's server side, and brings gensec up to the standards of a full subsystem. This means that use of the subsystem is by gensec_* functions, not function pointers in structures (this is internal). This causes changes in all the existing gensec users. Our RPC server no longer contains it's own generalised security scheme, and now calls gensec directly. Gensec has also taken over the role of auth/auth_ntlmssp.c An important part of gensec, is the output of the 'session_info' struct. This is now reference counted, so that we can correctly free it when a pipe is closed, no matter if it was inherited, or created by per-pipe authentication. The schannel code is reworked, to be in the same file for client and server. ntlm_auth is reworked to use gensec. The major problem with this code is the way it relies on subsystem auto-initialisation. The primary reason for this commit now.is to allow these problems to be looked at, and fixed. There are problems with the new code: - I've tested it with smbtorture, but currently don't have VMware and valgrind working (this I'll fix soon). - The SPNEGO code is client-only at this point. - We still do not do kerberos. Andrew Bartlett (This used to be commit 07fd885fd488fd1051eacc905a2d4962f8a018ec)
2007-10-10r1200: Add 'gensec', our generic security layer.Andrew Bartlett6-319/+162
This layer is used for DCERPC security, as well as ntlm_auth at this time. It expect things like SASL and the CIFS layer to use it as well. The particular purpose of this layer is to introduce SPENGO, which needs generic access to the actual implementation mechanisms. Schannel, due to it's 'interesting' setup properties is in GENSEC, but is only in the RPC code. Andrew Bartlett (This used to be commit 902af49006fb8cfecaadd3cc0c10e2e542083fb1)
2007-10-10r1136: - added IDL for netr_LogonGetDomainInfo()Andrew Tridgell1-0/+35
- added workstation to auth_session_info in rpc servers - added session key fetch hook in crypto backends in dcesrv - store and fetch seed as well as a session key in schannel ldb - when a client uses schannel to setup a netlogon pipe connection we also need to setup the credentials from the schannel negotiation so credentials chaining works - added server side netr_LogonGetDomainInfo() call (This used to be commit a35459387de3b6a422c5af6f658338fc7e4314b0)
2007-10-10r1077: fix segfault in schannel over ncacn_ip_tcpStefan Metzmacher2-13/+15
metze (This used to be commit 9e9a52692ebe9d47f1a08740ea1dcb8f46041211)
2007-10-10r1068: make the dcerpc client side auth/crypto code much more genericStefan Metzmacher6-282/+370
metze (This used to be commit 1706ff88a72c6578a109c2cf24f2f009812c3892)
2007-10-10r1048: - moved the schannel definitions into a separate schannel.idlAndrew Tridgell1-6/+14
- added server side support for schannel type 23. This allows WinXP to establish a schannel connection to Samba4 as an ADS DC - added client side support for schannel type 23, but disabled it as currently the client code has now way of getting the fully qualified domain name (which is needed) - report dcerpc faults in the server code in the log (This used to be commit 55e0b014fe14ca8811b55887208a1c3147ddb0d2)
2007-10-10r1042: added testing of 128 bit schannel session keysAndrew Tridgell2-1/+9
(This used to be commit 96fc2b6f1e7372cc3646bd52172187b8a689c15a)
2007-10-10r1041: - pulled the domain join code out of the netlogon test and made it a ↵Andrew Tridgell3-57/+88
separate utility function, to allow multiple torture tests to temporarily join a domain - fixed a session key size problem - added a schannel test suite - allow schannel to work with ncacn_ip_tcp (This used to be commit 36f05e4d575099fcb957b8a55781c38dcd2e1177)