summaryrefslogtreecommitdiff
path: root/source4/ntvfs/ipc/vfs_ipc.c
AgeCommit message (Collapse)AuthorFilesLines
2007-10-10r5902: A rather large change...Andrew Bartlett1-4/+7
I wanted to add a simple 'workstation' argument to the DCERPC authenticated binding calls, but this patch kind of grew from there. With SCHANNEL, the 'workstation' name (the netbios name of the client) matters, as this is what ties the session between the NETLOGON ops and the SCHANNEL bind. This changes a lot of files, and these will again be changed when jelmer does the credentials work. I also correct some schannel IDL to distinguish between workstation names and account names. The distinction matters for domain trust accounts. Issues in handling this (issues with lifetime of talloc pointers) caused me to change the 'creds_CredentialsState' and 'struct dcerpc_binding' pointers to always be talloc()ed pointers. In the schannel DB, we now store both the domain and computername, and query on both. This should ensure we fault correctly when the domain is specified incorrectly in the SCHANNEL bind. In the RPC-SCHANNEL test, I finally fixed a bug that vl pointed out, where the comment claimed we re-used a connection, but in fact we made a new connection. This was achived by breaking apart some of the dcerpc_secondary_connection() logic. The addition of workstation handling was also propogated to NTLMSSP and GENSEC, for completeness. The RPC-SAMSYNC test has been cleaned up a little, using a loop over usernames/passwords rather than manually expanded tests. This will be expanded further (the code in #if 0 in this patch) to use a newly created user account for testing. In making this test pass test_rpc.sh, I found a bug in the RPC-ECHO server, caused by the removal of [ref] and the assoicated pointer from the IDL. This has been re-added, until the underlying pidl issues are solved. (This used to be commit 824289dcc20908ddec957a4a892a103eec2da9b9)
2007-10-10r5501: check the return of talloc with the NT_STATUS_HAVE_NO_MEMORY()Stefan Metzmacher1-0/+3
macro... metze (This used to be commit 9ec6c0e97765e60ef195296f17d6a27b5d0dcca9)
2007-10-10r5102: This is a major simplification of the logic for controlling top levelAndrew Tridgell1-6/+1
servers in smbd. The old code still contained a fairly bit of legacy from the time when smbd was only handling SMB connection. The new code gets rid of all of the smb_server specific code in smbd/, and creates a much simpler infrastructures for new server code. Major changes include: - simplified the process model code a lot. - got rid of the top level server and service structures completely. The top level context is now the event_context. This got rid of service.h and server.h completely (they were the most confusing parts of the old code) - added service_stream.[ch] for the helper functions that are specific to stream type services (services that handle streams, and use a logically separate process per connection) - got rid of the builtin idle_handler code in the service logic, as none of the servers were using it, and it can easily be handled by a server in future by adding its own timed_event to the event context. - fixed some major memory leaks in the rpc server code. - added registration of servers, rather than hard coding our list of possible servers. This allows for servers as modules in the future. - temporarily disabled the winbind code until I add the helper functions for that type of server - added error checking on service startup. If a configured server fails to startup then smbd doesn't startup. - cleaned up the command line handling in smbd, removing unused options (This used to be commit cf6a46c3cbde7b1eb1b86bd3882b953a2de3a42e)
2007-10-10r4690: - add support for async rpc server repliesStefan Metzmacher1-29/+20
the backend should check for (dce_call->state_flags & DCESRV_CALL_STATE_FLAG_MAY_ASYNC) then it's allowed to reply async then the backend should mark that call as async with dce_call->state_flags |= DCESRV_CALL_STATE_FLAG_ASYNC; later it has to manualy set r->out.result and then send the reply by calling status = dcesrv_reply(p->dce_call); NOTE: that ncacn_np doesn't support async replies yet - implement an async version of echo_TestSleep - reenable the echo_TestSleep torture test (this need to be more strict when we have support for async ncacn_np) metze (This used to be commit f0a0dbeb25b034b1333078ca085999359f5f6209)
2007-10-10r4684: the smbsrv code should not know about rpc stuffStefan Metzmacher1-8/+12
just vfs_ipc metze (This used to be commit f85ebd1e8e19f5ff271dd7d79190fea16d6a98c4)
2007-10-10r4160: fixed the file_type in ntcreatex reply on a named pipe. NT4 requires ↵Andrew Tridgell1-0/+1
this to be right. (This used to be commit e22de9734f66bee3c9eaf8191fcae9fb06a0034f)
2007-10-10r3993: use distinctive fnums in the ipc backend, to make monitoring sniffs ↵Andrew Tridgell1-1/+3
easier (This used to be commit 54209ed05686a442156f7927c58d8656aa5e4900)
2007-10-10r3737: - Get rid of the register_subsystem() and register_backend() functions.Jelmer Vernooij1-1/+1
- Re-disable tdbtool (it was building fine on my Debian box but other machines were having problems) (This used to be commit 0d7bb2c40b7a9ed59df3f8944133ea562697e814)
2007-10-10r3528: added support for the SMBntcancel() operation, which cancels anyAndrew Tridgell1-0/+10
outstanding async operation (triggering an immediate timeout). pvfs now passes the RAW-MUX test (This used to be commit 3423e2f41461d054067ef168b9b986f62cc8f77c)
2007-10-10r3466: split out request.h, signing.h, and smb_server.hAndrew Tridgell1-0/+1
(This used to be commit 7c4e6ebf05790dd6e29896dd316db0fff613aa4e)
2007-10-10r3463: separated out some more headers (asn_1.h, messages.h, dlinklist.h and ↵Andrew Tridgell1-0/+1
ioctl.h) (This used to be commit b97e395c814762024336c1cf4d7c25be8da5813a)
2007-10-10r3461: another place where "open" was used as a structure elementAndrew Tridgell1-1/+1
(This used to be commit 1087ea830e7aead86d54a1836512e88554afc919)
2007-10-10r3455: some more portability fixes. We nearly compile on solaris again now.Andrew Tridgell1-0/+1
(This used to be commit 4f33247f1ca60416415a61a7afac43c9dc8a61fd)
2007-10-10r3239: reads of more than UINT16_MAX bytes should return 0 bytesAndrew Tridgell1-5/+11
(This used to be commit 16c7dd641707b6b8b3159290ca9fa08053a10692)
2007-10-10r3167: Add a member 'endpoint' to the dcerpc_binding struct to use instead ofJelmer Vernooij1-3/+1
options[0]. (This used to be commit 18582083af800abd3d8de40eb73255c8ae6598dd)
2007-10-10r3132: - fixed a type conflict found by talloc_array_p()Andrew Tridgell1-2/+2
- use struct idr_context * in ipc code (This used to be commit c33cdd0d550fcaf78573e73b50ffe530ea6d9b17)
2007-10-10r3118: Eliminate struct dcesrv_ep_description and replace it withJelmer Vernooij1-3/+5
struct dcerpc_binding. (This used to be commit 2046e14cf8d010d4e715124859df2c1c3c782266)
2007-10-10r3114: - More work on merging the various structs that describe endpointsJelmer Vernooij1-1/+1
- Add protocol sequence to dcerpc transports (will be used later on) - Add more transports to the list (This used to be commit ab110192e6e2c1e5a3b2befe7b61158744f15d18)
2007-10-10r3081: several updates to ntvfs and server side async request handling inAndrew Tridgell1-118/+53
preparation for the full share modes and ntcreatex code that I am working on. highlights include: - changed the way a backend determines if it is allowed to process a request asynchronously. The previous method of looking at the send_fn caused problems when an intermediate ntvfs module disabled it, and the caller then wanted to finished processing using this function. The new method is a REQ_CONTROL_MAY_ASYNC flag in req->control_flags, which is also a bit easier to read - fixed 2 bugs in the readbraw server code. One related to trying to answer a readbraw with smb signing (which can't work, and crashed our signing code), the second related to error handling, which attempted to send a normal SMB error packet, when readbraw must send a 0 read reply (as it has no header) - added several more ntvfs_generic.c generic mapping functions. This means that backends no longer need to implement such esoteric functions as SMBwriteunlock() if they don't want to. The backend can just request the mapping layer turn it into a write followed by an unlock. This makes the backends considerably simpler as they only need to implement one style of each function for lock, read, write, open etc, rather than the full host of functions that SMB provides. A backend can still choose to implement them individually, of course, and the CIFS backend does that. - simplified the generic structures to make them identical to the principal call for several common SMB calls (such as RAW_WRITE_GENERIC now being an alias for RAW_WRITE_WRITEX). - started rewriting the pvfs_open() code in preparation for the full ntcreatex semantics. - in pvfs_open and ipc_open, initially allocate the open file structure as a child of the request, so on error we don't need to clean up. Then when we are going to succeed the open steal the pointer into the long term backend context. This makes for much simpler error handling (and fixes some bugs) - use a destructor in the ipc backend to make sure that everthing is cleaned up on receive error conditions. - switched the ipc backend to using idtree for fnum allocation - in the ntvfs_generic mapping routines, use a allocated secondary structure not a stack structure to ensure the request pointer remains valid even if the backend replies async. (This used to be commit 3457c1836c09c82956697eb21627dfa2ed37682e)
2007-10-10r3047: Always include a \ again before the pipe name we're opening. Without aJelmer Vernooij1-4/+3
backslash works, but is not like Windows does it. (This used to be commit f6deb3d065e1a88f92bcb8a4a138453650c97b0b)
2007-10-10r3046: \\PIPE\\ is internal (not actually included on the wire)Jelmer Vernooij1-1/+1
(This used to be commit 7771b5d8fa3db759487474eb7172df45bb3221ae)
2007-10-10r3043: Use binding strings for specifying endpoints. The property forJelmer Vernooij1-5/+0
specifying a endpoint is now also 'endpoint' instead of 'endpoints'. The default endpoint (if none is specified) is still "ncacn_np:[\\pipe\\ifacename]", where ifacename is the name of the interface. Examples: [ uuid(60a15ec5-4de8-11d7-a637-005056a20182), endpoint("ncacn_np:[\\pipe\\rpcecho]", "ncacn_ip_tcp:") ] interface rpcecho { void dummy(); } dcerpc_binding is now converted to ep_description in the server, but I hope to completely eliminate ep_description later on. The eventual goal of all these changes is to make it easier to add transports as I'm going to add support for ncalrpc (local RPC over named pipes) and ncacn_unix_stream (Unix sockets). (This used to be commit f3da7c8b443a29b0c656c687a277384ae1353792)
2007-10-10r3039: This solves the problem of async handlers in ntvfs backends not beingAndrew Tridgell1-0/+11
in the right state when called. For example, when we use the unixuid handler in the chain of handlers, and a backend decides to continue a call asynchronously then we need to ensure that the continuation happens with the right security context. The solution is to add a new ntvfs operation ntvfs_async_setup(), which calls all the way down through the layers, setting up anything that is required, and takes a private pointer. The backend wanting to make a async calls can use ntvfs_async_setup() to ensure that the modules above it are called when doing async processing. (This used to be commit a256e71029727fa1659ade6257085df537308c7d)
2007-10-10r2751: this is a new ntvfs design which tries to solve:Stefan Metzmacher1-49/+82
- the stacking of modules - finding the modules private data - hide the ntvfs details from the calling layer - I set NTVFS_INTERFACE_VERSION 0 till we are closer to release (because we need to solve some async problems with the module stacking) metze (This used to be commit 3ff03b5cb21bb79afdd3b1609be9635f6688a539)
2007-10-10r2710: continue with the new style of providing a parent context wheneverAndrew Tridgell1-18/+8
possible to a structure creation routine. This makes for much easier global cleanup. (This used to be commit e14ee428ec357fab76a960387a9820a673786e27)
2007-10-10r2660: - converted the libcli/raw/ library to use talloc_increase_ref_count()Andrew Tridgell1-2/+41
rather than manual reference counts - properly support SMBexit in the cifs and posix backends - added a logoff method to all backends With these changes the RAW-CONTEXT test now passes against the posix backend (This used to be commit c315d6ac1cc40546fde1474702a6d66d07ee13c8)
2007-10-10r2634: use discard_const_p() in a few placesAndrew Tridgell1-2/+2
(This used to be commit 56ecda2178e33508c55c6195ccec41c06e099d6f)
2007-10-10r2627: use the new talloc capabilities in a bunch more places in the rpcAndrew Tridgell1-1/+1
server code. This fixes a number of memory leaks I found when testing with valgrind and smbtorture, as the cascading effect of a talloc_free() ensures that anything derived from the top level object is destroyed on disconnect. (This used to be commit 76d0b8206ce64d6ff4a192979c43dddbec726d6e)
2007-10-10r2561: completely redid the ntvfs module chaining code, You can now do ↵Andrew Tridgell1-10/+10
something like: ntvfs handler = nbench posix and the nbench pass-thru module will be called before the posix module. The chaining logic is now much saner, and less racy, with each level in the chain getting its own private pointer rather than relying on save/restore logic in the pass-thru module. The only pass-thru module we have at the moment is the nbench one (which records all traffic in a nbench compatibe format), but I plan on soon writing a "unixuid" pass-thru module that will implement the setegid()/setgroups()/seteuid() logic for standard posix uid handling. This separation of the posix backend from the uid handling should simplify the code, and make development easier. I also modified the nbench module so it can do multiple chaining, so if you want to you can do: ntvfs module = nbench nbench posix and it will save 2 copies of the log file in /tmp. This is really only useful for testing at the moment until we have more than one pass-thru module. (This used to be commit f84c0af35cb54c8fdc4933afefc18fa4c062aae4)
2007-10-10r2249: got rid of some more mem_ctx elements in structuresAndrew Tridgell1-4/+4
(This used to be commit 21ef338cbbe96acc8594ffc550ef60c6a40fb951)
2007-10-10r1499: combine struct user_struct and struct smbsrv_userStefan Metzmacher1-2/+2
to a struct smbsrv_session that the same as cli_session for the client we need a gensec_security pointer there (spnego support will follow) prefix some related functions with smbsrv_ metze (This used to be commit f276378157bb9994c4c91ce46150a510de5c33f8)
2007-10-10r1470: Get the smb_trans2 structure out of the rap_cli_call struct.Volker Lendecke1-0/+3
Initial attempt at RAP server infrastructure. Look at rap_server.c for the dummy functions that are supposed to implement the core functionality. ipc_rap.c contains all the data shuffling. _rap_shareenum and _rap_serverenum2 in ipc_rap.c are (I think) regular enough to be auto-generated. I did not test all the corner cases yet, but nevertheless I would like some comments on the general style. Volker P.S: samba-3 smbclient now doesn't freak out anymore, although the results are not entirely correct :-) (This used to be commit 08140cc1a838b4eaa23c897b280a46c95b7ef3e0)
2007-10-10r1294: A nice, large, commit...Andrew Bartlett1-3/+3
This implements gensec for Samba's server side, and brings gensec up to the standards of a full subsystem. This means that use of the subsystem is by gensec_* functions, not function pointers in structures (this is internal). This causes changes in all the existing gensec users. Our RPC server no longer contains it's own generalised security scheme, and now calls gensec directly. Gensec has also taken over the role of auth/auth_ntlmssp.c An important part of gensec, is the output of the 'session_info' struct. This is now reference counted, so that we can correctly free it when a pipe is closed, no matter if it was inherited, or created by per-pipe authentication. The schannel code is reworked, to be in the same file for client and server. ntlm_auth is reworked to use gensec. The major problem with this code is the way it relies on subsystem auto-initialisation. The primary reason for this commit now.is to allow these problems to be looked at, and fixed. There are problems with the new code: - I've tested it with smbtorture, but currently don't have VMware and valgrind working (this I'll fix soon). - The SPNEGO code is client-only at this point. - We still do not do kerberos. Andrew Bartlett (This used to be commit 07fd885fd488fd1051eacc905a2d4962f8a018ec)
2007-10-10r1291: rename struct smbsrv_context to smbsrv_connectionStefan Metzmacher1-1/+1
because this is the connection state per transport layer (tcp) connection I also moved the substructs directly into smbsrv_connection, because they don't need a struct name and we should allway pass the complete smbsrv_connection struct into functions metze (This used to be commit 60f823f201fcedf5473008e8453a6351e73a92c7)
2007-10-10r1280: rename struct request_context to smbsrv_requestStefan Metzmacher1-31/+31
metze (This used to be commit a85d2db5826a84b812ea5162a11f54edd25f74e3)
2007-10-10r1279: rename struct tcon_context to smbsrv_tconStefan Metzmacher1-12/+12
metze (This used to be commit 99473fab4b1ff87a795f3c08f4c521d9beb504c0)
2007-10-10r1277: rename struct server_context to smbsrv_ontextStefan Metzmacher1-1/+1
because I need server_context fot the generic server infastructure metze (This used to be commit 0712f9f30797e65362c99423c0cf158a2f539000)
2007-10-10r1165: fixed handling of SMBtrans replies that should return ↵Andrew Tridgell1-4/+4
STATUS_BUFFER_OVERFLOW when more data is present. (This used to be commit 0e557fe85748558affd20a58455c4b75fee69e27)
2007-10-10r1078: the dxesrv_crypto_* implementations should now explicit setStefan Metzmacher1-8/+13
the dce_conn->auth_state.session_info ( the ntlmssp one works fine, but the schannel one isn't implemented yet) this is also set by the ntvfs_ipc backend on the endpoint connect. metze (This used to be commit ad3dd1789e9f124493519cb4731d9f5a563fd051)
2007-10-10r1019: Push the auth subsystem away from using typedef, and over to the 'allAndrew Bartlett1-1/+3
goodness and light' struct ;-) Break apart the auth subsystem's return strucutres, into the parts that a netlogon call cares about, and the parts that are for a local session. This is the 'struct session_info' and it will almost completly replace the current information stored on a vuid, but be generic to all login methods (RPC over TCP, for example). Andrew Bartlett (This used to be commit d199697014d9562f9439a30b950fda798c5ef419)
2007-10-10r889: convert samba4 to use [u]int16_t instead of [u]int16Stefan Metzmacher1-8/+8
metze (This used to be commit af6f1f8a01bebbecd99bc8c066519e89966e65e3)
2007-10-10r884: convert samba4 to use [u]int32_t instead of [u]int32Stefan Metzmacher1-1/+1
metze (This used to be commit 0e5517d937a2eb7cf707991d1c7498c1ab456095)
2007-10-10r623: setUserInfo level 24 (password set) now works in the SAMR server. This ↵Andrew Tridgell1-0/+5
includes all of the password complexity, password history and other password restrictions. (This used to be commit cb070b9084d95cf5178edbef951b75eab62b7220)
2004-02-02some DEBUG and comment fixesStefan Metzmacher1-2/+4
metze (This used to be commit 5ac4f878687eb0fa95a2e5830a8372168a27d3b3)
2004-01-20dcerpc server output now copes with the client blocking part wayAndrew Tridgell1-2/+2
through a read. This happens to also avoid a memcpy on output for dcerpc over tcp. (This used to be commit e7c53ad1856e299d82d84b5837189ae3191c32de)
2004-01-08This patch adds a better dcerpc server infastructure.Stefan Metzmacher1-10/+12
1.) We now register endpoint servers add startup via register_backend() and later use the smb.conf 'dcerpc endpoint servers' parameter to setup the dcesrv_context 2.) each endpoint server can register at context creation time as much interfaces as it wants (multiple interfaces on one endpoint are supported!) (NOTE: there's a difference between 'endpoint server' and 'endpoint'! for details look at rpc_server/dcesrv_server.h) 3.) one endpoint can have a security descriptor registered to it self this will be checked in the future when a client wants to connect to an smb pipe endpoint. 4.) we now have a 'remote' endpoint server, which works like the ntvfs_cifs module it takes this options in the [globals] section: dcerpc remote:interfaces = srvsvc, winreg, w32time, epmapper dcerpc remote:binding = ... dcerpc remote:user = ... dcerpc remote:password = ... 5.) we currently have tree endpoint servers: epmapper, rpcecho and remote the default for the 'dcerpc endpiont servers = epmapper, rpcecho' for testing you can also do dcerpc endpoint servers = rpcecho, remote, epmapper dcerpc remote:interfaces = srvsvc, samr, netlogon 6,) please notice the the epmapper now only returns NO_ENTRIES (but I think we'll find a solution for this too:-) 7.) also there're some other stuff left, but step by step :-) This patch also includes updates for the register_subsystem() , ntvfs_init(), and some other funtions to check for duplicate subsystem registration metze (hmmm, my first large commit...I hope it works as supposed :-) (This used to be commit 917e45dafd5be4c2cd90ff425b8d6f8403122349)
2003-12-16a fairly large commit!Andrew Tridgell1-10/+76
This adds support for bigendian rpc in the client. I have installed SUN pcnetlink locally and am using it to test the samba4 rpc code. This allows us to easily find places where we have stuffed up the types (such as 2 uint16 versus a uint32), as testing both big-endian and little-endian easily shows which is correct. I have now used this to fix several bugs like that in the samba4 IDL. In order to make this work I also had to redefine a GUID as a true structure, not a blob. From the pcnetlink wire it is clear that it is indeed defined as a structure (the byte order changes). This required changing lots of Samba code to use a GUID as a structure. I also had to fix the if_version code in dcerpc syntax IDs, as it turns out they are a single uint32 not two uint16s. The big-endian support is a bit ugly at the moment, and breaks the layering in some places. More work is needed, especially on the server side. (This used to be commit bb1af644a5a7b188290ce36232f255da0e5d66d2)
2003-12-13dcerpc over tcp in the samba4 server now works to some extent. ItAndrew Tridgell1-1/+1
needs quite a bit more work to get it finished. The biggest missing feature is the lack of NTLMSSP which is needed for basic authentication over tcp (This used to be commit 9fb0f0369356909c99389e2cbc525be27c08793c)
2003-12-13rpcdump.exe now works fine against a Samba4 serverAndrew Tridgell1-7/+56
for some reason the epm_Lookup replies can't be parsed by ethereal, although w2k parses then fine as does the Samba4 NDR code. (This used to be commit 097e7ca99d947932df5674c36e628ca6b8f31d3a)
2003-12-12 * the RPC-ECHO pipe now works in smbd, as long as the data sizesAndrew Tridgell1-0/+5
don't cause fragmented pdus (I'll add fragments shortly) * change data_blob_talloc() to not zero memory when the 2nd argument is NULL. The zeroing just masks bugs, and can't even allow a DOS attack * modified pidl to ensure that [ref] arguments to the out side of functions are allocated when parsing the in side. This allows rpc backends to assume that [ref] variables are all setup. Doesn't work correctly for [ref] arrays yet * changed DLIST_ADD_END() to take the type instead of a tmp variable. This means you don't need to declare a silly tmp variable in the caller (This used to be commit 46e0a358198eeb9af1907ee2a29025d3ab23b6d1)