summaryrefslogtreecommitdiff
path: root/source4/rpc_server/dcerpc_server.c
AgeCommit message (Collapse)AuthorFilesLines
2007-10-10r3630: More work on DCOM server sideJelmer Vernooij1-0/+4
(This used to be commit e995a1c0e5d2ee2dc50c31c01ce281a303dd5231)
2007-10-10r3586: Fix some of the issues with the module init functions.Jelmer Vernooij1-5/+4
Both subsystems and modules can now have init functions, which can be specified in .mk files (INIT_FUNCTION = ...) The build system will define : - SUBSYSTEM_init_static_modules that calls the init functions of all statically compiled modules. Failing to load will generate an error which is not fatal - BINARY_init_subsystems that calls the init functions (if defined) for the subsystems the binary depends on This removes the hack with the "static bool Initialised = " and the "lazy_init" functions (This used to be commit 7a8244761bfdfdfb48f8264d76951ebdfbf7bd8a)
2007-10-10r3507: - added deferred replies on sharing violation in pvfs open. TheAndrew Tridgell1-8/+5
deferred reply is short-circuited immediately when the file is closed by another user, allowing it to be opened by the waiting user. - added a sane set of timeval manipulation routines - converted all the events code and code that uses it to use struct timeval instead of time_t, which allows for microsecond resolution instead of 1 second resolution. This was needed for doing the pvfs deferred open code, and is why the patch is so big. (This used to be commit 0d51511d408d91eb5f68a35e980e0875299b1831)
2007-10-10r3497: removed some include cruft, and split out librpc/gen_ndr/tables.hAndrew Tridgell1-0/+1
(This used to be commit 7dd3a5a6dadb0edc4fad56deba84f24b1e6dd2bc)
2007-10-10r3468: split out dcerpc_server.hAndrew Tridgell1-0/+1
(This used to be commit 729e0026e4408f74f140375537d4fe48c1fc3242)
2007-10-10r3463: separated out some more headers (asn_1.h, messages.h, dlinklist.h and ↵Andrew Tridgell1-0/+1
ioctl.h) (This used to be commit b97e395c814762024336c1cf4d7c25be8da5813a)
2007-10-10r3453: - split out the auth and popt includesAndrew Tridgell1-1/+1
- tidied up some of the system includes - moved a few more structures back from misc.idl to netlogon.idl and samr.idl now that pidl knows about inter-IDL dependencies (This used to be commit 7b7477ac42d96faac1b0ff361525d2c63cedfc64)
2007-10-10r3428: switched to using minimal includes for the auto-generated RPC code.Andrew Tridgell1-0/+3
The thing that finally convinced me that minimal includes was worth pursuing for rpc was a compiler (tcc) that failed to build Samba due to reaching internal limits of the size of include files. Also the fact that includes.h.gch was 16MB, which really seems excessive. This patch brings it back to 12M, which is still too large, but better. Note that this patch speeds up compile times for both the pch and non-pch case. This change also includes the addition iof a "depends()" option in our IDL files, allowing you to specify that one IDL file depends on another. This capability was needed for the auto-includes generation. (This used to be commit b8f5fa8ac8e8725f3d321004f0aedf4246fc6b49)
2007-10-10r3323: more warning reductionsAndrew Tridgell1-1/+1
(This used to be commit 5921587ec26e4892efc678421277e4969417d7f5)
2007-10-10r3320: fixed bugs in the rpc_server code in handling partial packet receives ↵Andrew Tridgell1-4/+1
and sends it now passes the non-blocking test suite (This used to be commit 6cdf485fb263c69d62ea2e98236d92ffbf6b7a3e)
2007-10-10r3167: Add a member 'endpoint' to the dcerpc_binding struct to use instead ofJelmer Vernooij1-7/+3
options[0]. (This used to be commit 18582083af800abd3d8de40eb73255c8ae6598dd)
2007-10-10r3165: Support local connections in Gtk+ toolsJelmer Vernooij1-1/+1
(This used to be commit 3de0cf22ddd6b7fb4a2214f3f99d37174c54840f)
2007-10-10r3163: Add server side support for ncalrpc: and ncacn_unix_stream:Jelmer Vernooij1-7/+7
Examples of binding strings are : ncalrpc:[EPMAPPER] ncacn_unix_stream:[/tmp/epmapper] N.B. The unix socket support in lib/socket/ appears to close and remove the socket it is listening on after the first client disconnects so until that has been fixed, it is only possible to do one ncalrpc: or ncacn_unix_stream: request per instance of smbd :-) Support for looking up NCALRPC names via the endpoint mapper will be added later. (This used to be commit 426f3e63cae3d306dcdc13ee4b655eed30057ff8)
2007-10-10r3118: Eliminate struct dcesrv_ep_description and replace it withJelmer Vernooij1-55/+17
struct dcerpc_binding. (This used to be commit 2046e14cf8d010d4e715124859df2c1c3c782266)
2007-10-10r3114: - More work on merging the various structs that describe endpointsJelmer Vernooij1-13/+22
- Add protocol sequence to dcerpc transports (will be used later on) - Add more transports to the list (This used to be commit ab110192e6e2c1e5a3b2befe7b61158744f15d18)
2007-10-10r3043: Use binding strings for specifying endpoints. The property forJelmer Vernooij1-9/+27
specifying a endpoint is now also 'endpoint' instead of 'endpoints'. The default endpoint (if none is specified) is still "ncacn_np:[\\pipe\\ifacename]", where ifacename is the name of the interface. Examples: [ uuid(60a15ec5-4de8-11d7-a637-005056a20182), endpoint("ncacn_np:[\\pipe\\rpcecho]", "ncacn_ip_tcp:") ] interface rpcecho { void dummy(); } dcerpc_binding is now converted to ep_description in the server, but I hope to completely eliminate ep_description later on. The eventual goal of all these changes is to make it easier to add transports as I'm going to add support for ncalrpc (local RPC over named pipes) and ncacn_unix_stream (Unix sockets). (This used to be commit f3da7c8b443a29b0c656c687a277384ae1353792)
2007-10-10r2710: continue with the new style of providing a parent context wheneverAndrew Tridgell1-21/+25
possible to a structure creation routine. This makes for much easier global cleanup. (This used to be commit e14ee428ec357fab76a960387a9820a673786e27)
2007-10-10r2673: in the rpc server, free up the old call when we decide to extend anAndrew Tridgell1-1/+3
existing call rather than creating a new one. This prevents call structures hanging around on the rpc connection context until it is closed (This used to be commit c51ca7c0e73b97435c245cd440a4fb979cf6a4f3)
2007-10-10r2671: we're getting too many errors caused by the talloc_realloc() API notAndrew Tridgell1-2/+3
taking a context (so when you pass a NULL pointer you end up with memory in a top level context). Fixed it by changing the API to take a context. The context is only used if the pointer you are reallocing is NULL. (This used to be commit 8dc23821c9f54b2f13049b5e608a0cafb81aa540)
2007-10-10r2660: - converted the libcli/raw/ library to use talloc_increase_ref_count()Andrew Tridgell1-4/+0
rather than manual reference counts - properly support SMBexit in the cifs and posix backends - added a logoff method to all backends With these changes the RAW-CONTEXT test now passes against the posix backend (This used to be commit c315d6ac1cc40546fde1474702a6d66d07ee13c8)
2007-10-10r2646: - use a talloc destructor to ensure that sockets from the new socketAndrew Tridgell1-3/+1
library are closed on abnormal termination - convert the service.h structures to the new talloc methods (This used to be commit 2dc334a3284858eb1c7190f9687c9b6c879ecc9d)
2007-10-10r2627: use the new talloc capabilities in a bunch more places in the rpcAndrew Tridgell1-56/+37
server code. This fixes a number of memory leaks I found when testing with valgrind and smbtorture, as the cascading effect of a talloc_free() ensures that anything derived from the top level object is destroyed on disconnect. (This used to be commit 76d0b8206ce64d6ff4a192979c43dddbec726d6e)
2007-10-10r2447: let the server code use the new lib/socket/ stuffStefan Metzmacher1-6/+6
metze (This used to be commit 2fd577d2417e117a7e8c1a56feb147eae805df34)
2007-10-10r2301: add a server side warning when we receive more RPC data than weAndrew Tridgell1-0/+6
expect. It isn't an error as w2k3 does this on its first packet when NTLM2 signing is used. (This used to be commit daaee86d1441afec9915e5f2ffc10b200a1ff564)
2007-10-10r2290: Fix 'lsakey' for the server-side, it is static forAndrew Bartlett1-1/+31
'authenticated' connections. Fix kerberos session key issues - we need to call the routine for extracting the session key, not just read the cache. Andrew Bartlett (This used to be commit b80d849b6b586869fc7d3d4153db1a316f2867a9)
2007-10-10r2280: fixed the session key choice for ncacn_np and ncacn_ip_tcp in the rpc ↵Andrew Tridgell1-3/+5
server (This used to be commit 3b4ed24f4ba467a77bef8d6c25695fdbdb42b2ac)
2007-10-10r2247: talloc_destroy -> talloc_freeTim Potter1-8/+8
(This used to be commit 6c1a72c5d667245b1eec94f58e68acd22dd720ce)
2007-10-10r2050: fixed a case where code assumed you could Realloc the result of a ↵Andrew Tridgell1-2/+2
data_blob() (This used to be commit 1fdccf8dc79ea19a37be7fb047130a7c8e2407e5)
2007-10-10r2038: get rid of the optimisation in the dcerpc server that tries to avoid aAndrew Tridgell1-26/+0
data copy by playing internal games with DATA_BLOB and free(). (This used to be commit 5894b5c0f32f75734151c6c915b296204b7825ac)
2007-10-10r1993: Allow WinXP domain logon to progress a bit further (it seems broken ↵Andrew Bartlett1-4/+4
for me). Fix indent, and add a few more useful debug messages. Send a fault, if the bind is not accepted - don't just leave the client hanging. Andrew Bartlett (This used to be commit 486215edc1148ad754632be37760dc0d38b0340d)
2007-10-10r1983: a completely new implementation of tallocAndrew Tridgell1-5/+4
This version does the following: 1) talloc_free(), talloc_realloc() and talloc_steal() lose their (redundent) first arguments 2) you can use _any_ talloc pointer as a talloc context to allocate more memory. This allows you to create complex data structures where the top level structure is the logical parent of the next level down, and those are the parents of the level below that. Then destroy either the lot with a single talloc_free() or destroy any sub-part with a talloc_free() of that part 3) you can name any pointer. Use talloc_named() which is just like talloc() but takes the printf style name argument as well as the parent context and the size. The whole thing ends up being a very simple piece of code, although some of the pointer walking gets hairy. So far, I'm just using the new talloc() like the old one. The next step is to actually take advantage of the new interface properly. Expect some new commits soon that simplify some common coding styles in samba4 by using the new talloc(). (This used to be commit e35bb094c52e550b3105dd1638d8d90de71d854f)
2007-10-10r1843: return DCERPC_FAULT_LOGON_FAILURE when the auth failsStefan Metzmacher1-1/+1
metze (This used to be commit a6ce6ee878c896cfc256989894fd2b35707e3da0)
2007-10-10r1757: much simpler (and smaller, faster etc) way of doing relative pointersAndrew Tridgell1-0/+5
in pidl. This mechanism should be much easier to extend to the "retrospective subcontexts" that jelmer needs. also produced more standards complient full-pointer offsets. This keeps ethereal happy with decoding our epmapper frames. (This used to be commit ecb7378bbcd86727aedfa04a9e302e06b0a2ccd9)
2007-10-10r1513: change DEBUG level to 1Stefan Metzmacher1-2/+1
metze (This used to be commit d7dd5347dd9414cfa604eeb24cb2f6dc5f99e703)
2007-10-10r1486: commit the start of the generic server infastructureStefan Metzmacher1-1/+104
the idea is to have services as modules (smb, dcerpc, swat, ...) the process_model don't know about the service it self anymore. TODO: - the smbsrv should use the smbsrv_send function - the service subsystem init should be done like for other modules - we need to have a generic socket subsystem, which handle stream, datagram, and virtuell other sockets( e.g. for the ntvfs_ipc module to connect to the dcerpc server , or for smb or dcerpc or whatever to connect to a server wide auth service) - and other fixes... NOTE: process model pthread seems to be broken( but also before this patch!) metze (This used to be commit bbe5e00715ca4013ff0dbc345aa97adc6b5c2458)
2007-10-10r1294: A nice, large, commit...Andrew Bartlett1-8/+12
This implements gensec for Samba's server side, and brings gensec up to the standards of a full subsystem. This means that use of the subsystem is by gensec_* functions, not function pointers in structures (this is internal). This causes changes in all the existing gensec users. Our RPC server no longer contains it's own generalised security scheme, and now calls gensec directly. Gensec has also taken over the role of auth/auth_ntlmssp.c An important part of gensec, is the output of the 'session_info' struct. This is now reference counted, so that we can correctly free it when a pipe is closed, no matter if it was inherited, or created by per-pipe authentication. The schannel code is reworked, to be in the same file for client and server. ntlm_auth is reworked to use gensec. The major problem with this code is the way it relies on subsystem auto-initialisation. The primary reason for this commit now.is to allow these problems to be looked at, and fixed. There are problems with the new code: - I've tested it with smbtorture, but currently don't have VMware and valgrind working (this I'll fix soon). - The SPNEGO code is client-only at this point. - We still do not do kerberos. Andrew Bartlett (This used to be commit 07fd885fd488fd1051eacc905a2d4962f8a018ec)
2007-10-10r1204: decrpc -> dcerpcTim Potter1-3/+3
(This used to be commit a5e3a26fc9a7e2c616302ed3b4a021f5755a4a13)
2007-10-10r1165: fixed handling of SMBtrans replies that should return ↵Andrew Tridgell1-1/+7
STATUS_BUFFER_OVERFLOW when more data is present. (This used to be commit 0e557fe85748558affd20a58455c4b75fee69e27)
2007-10-10r1136: - added IDL for netr_LogonGetDomainInfo()Andrew Tridgell1-38/+4
- added workstation to auth_session_info in rpc servers - added session key fetch hook in crypto backends in dcesrv - store and fetch seed as well as a session key in schannel ldb - when a client uses schannel to setup a netlogon pipe connection we also need to setup the credentials from the schannel negotiation so credentials chaining works - added server side netr_LogonGetDomainInfo() call (This used to be commit a35459387de3b6a422c5af6f658338fc7e4314b0)
2007-10-10r1078: the dxesrv_crypto_* implementations should now explicit setStefan Metzmacher1-9/+4
the dce_conn->auth_state.session_info ( the ntlmssp one works fine, but the schannel one isn't implemented yet) this is also set by the ntvfs_ipc backend on the endpoint connect. metze (This used to be commit ad3dd1789e9f124493519cb4731d9f5a563fd051)
2007-10-10r1057: added rpc packet logging for packets that generate rpc faults. ThisAndrew Tridgell1-0/+38
makes it much easier to develop the IDL for new requests, especially for sealed pipes, where ethereal cannot easily extract the data. (This used to be commit 0cde043592d2d2439cf0cd8bf113545e78be5dfd)
2007-10-10r1004: continue tridge's work on dcerpc server auth/crypto codeStefan Metzmacher1-2/+7
I made it much more generic, and we should be able to add a module interface to this code, so that other DCERPC_AUTH types can be added via modules... metze (This used to be commit d09abeb686c43c62322205689273d1b417113004)
2007-10-10r995: - renamed many of our crypto routines to use the industry standardAndrew Tridgell1-1/+1
names rather than our crazy naming scheme. So DES is now called des_crypt() rather than smbhash() - added the code from the solution of the ADS crypto challenge that allows Samba to correctly handle a 128 bit session key in all of the netr_ServerAuthenticateX() varients. A huge thanks to Luke Howard from PADL for solving this one! - restructured the server side rpc authentication to allow for other than NTLMSSP sign and seal. This commit just adds the structure, the next commit will add schannel server side support. - added 128 bit session key support to our client side code, and testing against w2k3 with smbtorture. Works well. (This used to be commit 729b2f41c924a0b435d44a14209e6dacc2304cee)
2007-10-10r918: - dcerpc endpoint name are case insensitiveAndrew Tridgell1-1/+1
this fix allows samba3 to join a samba4 domain using "net rpc join" (This used to be commit 876a6eecc3db99a137b58993ce7cf69f277e7499)
2007-10-10r889: convert samba4 to use [u]int16_t instead of [u]int16Stefan Metzmacher1-2/+2
metze (This used to be commit af6f1f8a01bebbecd99bc8c066519e89966e65e3)
2007-10-10r884: convert samba4 to use [u]int32_t instead of [u]int32Stefan Metzmacher1-10/+10
metze (This used to be commit 0e5517d937a2eb7cf707991d1c7498c1ab456095)
2007-10-10r649: return unknown interface when the client not yetStefan Metzmacher1-0/+5
binds succesful to an interface metze (This used to be commit c39e450702cfa2b577c64e14ba1428fd95db7ade)
2007-10-10r623: setUserInfo level 24 (password set) now works in the SAMR server. This ↵Andrew Tridgell1-2/+11
includes all of the password complexity, password history and other password restrictions. (This used to be commit cb070b9084d95cf5178edbef951b75eab62b7220)
2007-10-10r464: a big improvement to the API for writing server-side RPCAndrew Tridgell1-17/+4
servers. Previously the server pipe code needed to return the RPC level status (nearly always "OK") and separately set the function call return using r->out.result. All the programmers writing servers (metze, jelmer and me) were often getting this wrong, by doing things like "return NT_STATUS_NO_MEMORY" which was really quite meaningless as there is no code like that at the dcerpc level. I have now modified pidl to generate the necessary boilerplate so that just returning the status you want from the function will work. So for a NTSTATUS function you return NT_STATUS_XXX and from a WERROR function you return WERR_XXX. If you really want to generate a DCERPC level fault rather than just a return value in your function then you should use the DCESRV_FAULT() macro which will correctly generate a fault for you. As a side effect, this also adds automatic type checking of all of our server side rpc functions, which was impossible with the old API. When I changed the API I found and fixed quite a few functions with the wrong type information, so this is definately useful. I have also changed the server side template generation to generate a DCERPC "operation range error" by default when you have not yet filled in a server side function. This allows us to correctly implement functions in any order in our rpc pipe servers and give the client the right information about the fault. (This used to be commit a4df5c7cf88891a78d82c8d6d7f058d8485e73f0)
2007-10-10r445: fixed the bind_nak codeAndrew Tridgell1-2/+7
(This used to be commit f3799e7720e13e12b59168cf4afbf2dfe87868f7)