summaryrefslogtreecommitdiff
path: root/source4/rpc_server/dcerpc_server.c
AgeCommit message (Collapse)AuthorFilesLines
2007-10-10r2646: - use a talloc destructor to ensure that sockets from the new socketAndrew Tridgell1-3/+1
library are closed on abnormal termination - convert the service.h structures to the new talloc methods (This used to be commit 2dc334a3284858eb1c7190f9687c9b6c879ecc9d)
2007-10-10r2627: use the new talloc capabilities in a bunch more places in the rpcAndrew Tridgell1-56/+37
server code. This fixes a number of memory leaks I found when testing with valgrind and smbtorture, as the cascading effect of a talloc_free() ensures that anything derived from the top level object is destroyed on disconnect. (This used to be commit 76d0b8206ce64d6ff4a192979c43dddbec726d6e)
2007-10-10r2447: let the server code use the new lib/socket/ stuffStefan Metzmacher1-6/+6
metze (This used to be commit 2fd577d2417e117a7e8c1a56feb147eae805df34)
2007-10-10r2301: add a server side warning when we receive more RPC data than weAndrew Tridgell1-0/+6
expect. It isn't an error as w2k3 does this on its first packet when NTLM2 signing is used. (This used to be commit daaee86d1441afec9915e5f2ffc10b200a1ff564)
2007-10-10r2290: Fix 'lsakey' for the server-side, it is static forAndrew Bartlett1-1/+31
'authenticated' connections. Fix kerberos session key issues - we need to call the routine for extracting the session key, not just read the cache. Andrew Bartlett (This used to be commit b80d849b6b586869fc7d3d4153db1a316f2867a9)
2007-10-10r2280: fixed the session key choice for ncacn_np and ncacn_ip_tcp in the rpc ↵Andrew Tridgell1-3/+5
server (This used to be commit 3b4ed24f4ba467a77bef8d6c25695fdbdb42b2ac)
2007-10-10r2247: talloc_destroy -> talloc_freeTim Potter1-8/+8
(This used to be commit 6c1a72c5d667245b1eec94f58e68acd22dd720ce)
2007-10-10r2050: fixed a case where code assumed you could Realloc the result of a ↵Andrew Tridgell1-2/+2
data_blob() (This used to be commit 1fdccf8dc79ea19a37be7fb047130a7c8e2407e5)
2007-10-10r2038: get rid of the optimisation in the dcerpc server that tries to avoid aAndrew Tridgell1-26/+0
data copy by playing internal games with DATA_BLOB and free(). (This used to be commit 5894b5c0f32f75734151c6c915b296204b7825ac)
2007-10-10r1993: Allow WinXP domain logon to progress a bit further (it seems broken ↵Andrew Bartlett1-4/+4
for me). Fix indent, and add a few more useful debug messages. Send a fault, if the bind is not accepted - don't just leave the client hanging. Andrew Bartlett (This used to be commit 486215edc1148ad754632be37760dc0d38b0340d)
2007-10-10r1983: a completely new implementation of tallocAndrew Tridgell1-5/+4
This version does the following: 1) talloc_free(), talloc_realloc() and talloc_steal() lose their (redundent) first arguments 2) you can use _any_ talloc pointer as a talloc context to allocate more memory. This allows you to create complex data structures where the top level structure is the logical parent of the next level down, and those are the parents of the level below that. Then destroy either the lot with a single talloc_free() or destroy any sub-part with a talloc_free() of that part 3) you can name any pointer. Use talloc_named() which is just like talloc() but takes the printf style name argument as well as the parent context and the size. The whole thing ends up being a very simple piece of code, although some of the pointer walking gets hairy. So far, I'm just using the new talloc() like the old one. The next step is to actually take advantage of the new interface properly. Expect some new commits soon that simplify some common coding styles in samba4 by using the new talloc(). (This used to be commit e35bb094c52e550b3105dd1638d8d90de71d854f)
2007-10-10r1843: return DCERPC_FAULT_LOGON_FAILURE when the auth failsStefan Metzmacher1-1/+1
metze (This used to be commit a6ce6ee878c896cfc256989894fd2b35707e3da0)
2007-10-10r1757: much simpler (and smaller, faster etc) way of doing relative pointersAndrew Tridgell1-0/+5
in pidl. This mechanism should be much easier to extend to the "retrospective subcontexts" that jelmer needs. also produced more standards complient full-pointer offsets. This keeps ethereal happy with decoding our epmapper frames. (This used to be commit ecb7378bbcd86727aedfa04a9e302e06b0a2ccd9)
2007-10-10r1513: change DEBUG level to 1Stefan Metzmacher1-2/+1
metze (This used to be commit d7dd5347dd9414cfa604eeb24cb2f6dc5f99e703)
2007-10-10r1486: commit the start of the generic server infastructureStefan Metzmacher1-1/+104
the idea is to have services as modules (smb, dcerpc, swat, ...) the process_model don't know about the service it self anymore. TODO: - the smbsrv should use the smbsrv_send function - the service subsystem init should be done like for other modules - we need to have a generic socket subsystem, which handle stream, datagram, and virtuell other sockets( e.g. for the ntvfs_ipc module to connect to the dcerpc server , or for smb or dcerpc or whatever to connect to a server wide auth service) - and other fixes... NOTE: process model pthread seems to be broken( but also before this patch!) metze (This used to be commit bbe5e00715ca4013ff0dbc345aa97adc6b5c2458)
2007-10-10r1294: A nice, large, commit...Andrew Bartlett1-8/+12
This implements gensec for Samba's server side, and brings gensec up to the standards of a full subsystem. This means that use of the subsystem is by gensec_* functions, not function pointers in structures (this is internal). This causes changes in all the existing gensec users. Our RPC server no longer contains it's own generalised security scheme, and now calls gensec directly. Gensec has also taken over the role of auth/auth_ntlmssp.c An important part of gensec, is the output of the 'session_info' struct. This is now reference counted, so that we can correctly free it when a pipe is closed, no matter if it was inherited, or created by per-pipe authentication. The schannel code is reworked, to be in the same file for client and server. ntlm_auth is reworked to use gensec. The major problem with this code is the way it relies on subsystem auto-initialisation. The primary reason for this commit now.is to allow these problems to be looked at, and fixed. There are problems with the new code: - I've tested it with smbtorture, but currently don't have VMware and valgrind working (this I'll fix soon). - The SPNEGO code is client-only at this point. - We still do not do kerberos. Andrew Bartlett (This used to be commit 07fd885fd488fd1051eacc905a2d4962f8a018ec)
2007-10-10r1204: decrpc -> dcerpcTim Potter1-3/+3
(This used to be commit a5e3a26fc9a7e2c616302ed3b4a021f5755a4a13)
2007-10-10r1165: fixed handling of SMBtrans replies that should return ↵Andrew Tridgell1-1/+7
STATUS_BUFFER_OVERFLOW when more data is present. (This used to be commit 0e557fe85748558affd20a58455c4b75fee69e27)
2007-10-10r1136: - added IDL for netr_LogonGetDomainInfo()Andrew Tridgell1-38/+4
- added workstation to auth_session_info in rpc servers - added session key fetch hook in crypto backends in dcesrv - store and fetch seed as well as a session key in schannel ldb - when a client uses schannel to setup a netlogon pipe connection we also need to setup the credentials from the schannel negotiation so credentials chaining works - added server side netr_LogonGetDomainInfo() call (This used to be commit a35459387de3b6a422c5af6f658338fc7e4314b0)
2007-10-10r1078: the dxesrv_crypto_* implementations should now explicit setStefan Metzmacher1-9/+4
the dce_conn->auth_state.session_info ( the ntlmssp one works fine, but the schannel one isn't implemented yet) this is also set by the ntvfs_ipc backend on the endpoint connect. metze (This used to be commit ad3dd1789e9f124493519cb4731d9f5a563fd051)
2007-10-10r1057: added rpc packet logging for packets that generate rpc faults. ThisAndrew Tridgell1-0/+38
makes it much easier to develop the IDL for new requests, especially for sealed pipes, where ethereal cannot easily extract the data. (This used to be commit 0cde043592d2d2439cf0cd8bf113545e78be5dfd)
2007-10-10r1004: continue tridge's work on dcerpc server auth/crypto codeStefan Metzmacher1-2/+7
I made it much more generic, and we should be able to add a module interface to this code, so that other DCERPC_AUTH types can be added via modules... metze (This used to be commit d09abeb686c43c62322205689273d1b417113004)
2007-10-10r995: - renamed many of our crypto routines to use the industry standardAndrew Tridgell1-1/+1
names rather than our crazy naming scheme. So DES is now called des_crypt() rather than smbhash() - added the code from the solution of the ADS crypto challenge that allows Samba to correctly handle a 128 bit session key in all of the netr_ServerAuthenticateX() varients. A huge thanks to Luke Howard from PADL for solving this one! - restructured the server side rpc authentication to allow for other than NTLMSSP sign and seal. This commit just adds the structure, the next commit will add schannel server side support. - added 128 bit session key support to our client side code, and testing against w2k3 with smbtorture. Works well. (This used to be commit 729b2f41c924a0b435d44a14209e6dacc2304cee)
2007-10-10r918: - dcerpc endpoint name are case insensitiveAndrew Tridgell1-1/+1
this fix allows samba3 to join a samba4 domain using "net rpc join" (This used to be commit 876a6eecc3db99a137b58993ce7cf69f277e7499)
2007-10-10r889: convert samba4 to use [u]int16_t instead of [u]int16Stefan Metzmacher1-2/+2
metze (This used to be commit af6f1f8a01bebbecd99bc8c066519e89966e65e3)
2007-10-10r884: convert samba4 to use [u]int32_t instead of [u]int32Stefan Metzmacher1-10/+10
metze (This used to be commit 0e5517d937a2eb7cf707991d1c7498c1ab456095)
2007-10-10r649: return unknown interface when the client not yetStefan Metzmacher1-0/+5
binds succesful to an interface metze (This used to be commit c39e450702cfa2b577c64e14ba1428fd95db7ade)
2007-10-10r623: setUserInfo level 24 (password set) now works in the SAMR server. This ↵Andrew Tridgell1-2/+11
includes all of the password complexity, password history and other password restrictions. (This used to be commit cb070b9084d95cf5178edbef951b75eab62b7220)
2007-10-10r464: a big improvement to the API for writing server-side RPCAndrew Tridgell1-17/+4
servers. Previously the server pipe code needed to return the RPC level status (nearly always "OK") and separately set the function call return using r->out.result. All the programmers writing servers (metze, jelmer and me) were often getting this wrong, by doing things like "return NT_STATUS_NO_MEMORY" which was really quite meaningless as there is no code like that at the dcerpc level. I have now modified pidl to generate the necessary boilerplate so that just returning the status you want from the function will work. So for a NTSTATUS function you return NT_STATUS_XXX and from a WERROR function you return WERR_XXX. If you really want to generate a DCERPC level fault rather than just a return value in your function then you should use the DCESRV_FAULT() macro which will correctly generate a fault for you. As a side effect, this also adds automatic type checking of all of our server side rpc functions, which was impossible with the old API. When I changed the API I found and fixed quite a few functions with the wrong type information, so this is definately useful. I have also changed the server side template generation to generate a DCERPC "operation range error" by default when you have not yet filled in a server side function. This allows us to correctly implement functions in any order in our rpc pipe servers and give the client the right information about the fault. (This used to be commit a4df5c7cf88891a78d82c8d6d7f058d8485e73f0)
2007-10-10r445: fixed the bind_nak codeAndrew Tridgell1-2/+7
(This used to be commit f3799e7720e13e12b59168cf4afbf2dfe87868f7)
2007-10-10r67: added a destroy hook in the policy handle -> wire handle code to allow ↵Andrew Tridgell1-3/+1
backends to cleanup handle data (This used to be commit af0c21c1e175ca2ebb687dc6dff83da919280271)
2004-02-02some DEBUG and comment fixesStefan Metzmacher1-4/+4
metze (This used to be commit 5ac4f878687eb0fa95a2e5830a8372168a27d3b3)
2004-01-20dcerpc server output now copes with the client blocking part wayAndrew Tridgell1-9/+44
through a read. This happens to also avoid a memcpy on output for dcerpc over tcp. (This used to be commit e7c53ad1856e299d82d84b5837189ae3191c32de)
2004-01-20avoid a copy of the data being input to the dcerpc server in the mostAndrew Tridgell1-4/+29
common case of there being no pending partial data and a full dcerpc packet being received. We should use this same model for the smb server. It gives us efficient memory usage while allowing for completely async socket operations. (This used to be commit 9aab321fb6e2f3499efd8ca5bc88ce2cb8e68219)
2004-01-08This patch adds a better dcerpc server infastructure.Stefan Metzmacher1-156/+373
1.) We now register endpoint servers add startup via register_backend() and later use the smb.conf 'dcerpc endpoint servers' parameter to setup the dcesrv_context 2.) each endpoint server can register at context creation time as much interfaces as it wants (multiple interfaces on one endpoint are supported!) (NOTE: there's a difference between 'endpoint server' and 'endpoint'! for details look at rpc_server/dcesrv_server.h) 3.) one endpoint can have a security descriptor registered to it self this will be checked in the future when a client wants to connect to an smb pipe endpoint. 4.) we now have a 'remote' endpoint server, which works like the ntvfs_cifs module it takes this options in the [globals] section: dcerpc remote:interfaces = srvsvc, winreg, w32time, epmapper dcerpc remote:binding = ... dcerpc remote:user = ... dcerpc remote:password = ... 5.) we currently have tree endpoint servers: epmapper, rpcecho and remote the default for the 'dcerpc endpiont servers = epmapper, rpcecho' for testing you can also do dcerpc endpoint servers = rpcecho, remote, epmapper dcerpc remote:interfaces = srvsvc, samr, netlogon 6,) please notice the the epmapper now only returns NO_ENTRIES (but I think we'll find a solution for this too:-) 7.) also there're some other stuff left, but step by step :-) This patch also includes updates for the register_subsystem() , ntvfs_init(), and some other funtions to check for duplicate subsystem registration metze (hmmm, my first large commit...I hope it works as supposed :-) (This used to be commit 917e45dafd5be4c2cd90ff425b8d6f8403122349)
2003-12-17added a smb.conf flag "rpc big endian" that tells our rpc server toAndrew Tridgell1-33/+39
send packets in bigendian format. (This used to be commit 44df662960e662a55a9f27627f838771503a7a59)
2003-12-16it turns out that a wire policy handle isn't a blob either, its aAndrew Tridgell1-1/+0
uint32 followed by a GUID. I needed to fix this to support running in mixed-mode rpc (where smbtorture is bigendian and w2k3 is little-endian). Otherwise when you send back a policy handle the server doesn't recognise it. (This used to be commit 9b1c76a8e9e953e051072441f8938ee17a674d35)
2003-12-16a fairly large commit!Andrew Tridgell1-7/+6
This adds support for bigendian rpc in the client. I have installed SUN pcnetlink locally and am using it to test the samba4 rpc code. This allows us to easily find places where we have stuffed up the types (such as 2 uint16 versus a uint32), as testing both big-endian and little-endian easily shows which is correct. I have now used this to fix several bugs like that in the samba4 IDL. In order to make this work I also had to redefine a GUID as a true structure, not a blob. From the pcnetlink wire it is clear that it is indeed defined as a structure (the byte order changes). This required changing lots of Samba code to use a GUID as a structure. I also had to fix the if_version code in dcerpc syntax IDs, as it turns out they are a single uint32 not two uint16s. The big-endian support is a bit ugly at the moment, and breaks the layering in some places. More work is needed, especially on the server side. (This used to be commit bb1af644a5a7b188290ce36232f255da0e5d66d2)
2003-12-15fixed the transfer syntax in the dcerpc bind replyAndrew Tridgell1-2/+2
(This used to be commit 39a7c660f4b7cafb0414842329669dd4724b07db)
2003-12-14added auto-generation of the server side boilerplate code for eachAndrew Tridgell1-1/+17
pipe. The server side code gets generated as librpc/gen_ndr/ndr_NAME_s.c and gets included in the pipe module (This used to be commit bd3dcfe5820489a838e19b244266bd9126af5eb4)
2003-12-14fixed fragmented signed connections to our rpc server over SMBAndrew Tridgell1-1/+3
(This used to be commit f5df126c254bcb96dfb42096d7247215c7e7a89a)
2003-12-14ntlmssp over rpc over tcp now fully worksAndrew Tridgell1-8/+36
I needed to hack the ntlmssp code a little, as the auth code in samba4 is out of date relative to the samba3 auth code. I need to do a merge :) (This used to be commit 6ee0935afe9444bf9bb24eed4e02e8377dc746b7)
2003-12-14fixed some memory leaks in the rpc server codeAndrew Tridgell1-12/+7
(This used to be commit 20458556017f426ab57ca9a9d098cacecefbdcff)
2003-12-14fixed a bug handling multiple PDUs being read from a socket at oneAndrew Tridgell1-59/+62
time in the rpc server. started on the framework for the dcerpc authentication server code (This used to be commit 74041b6a0a60d792e1b220496d66ec27b9ee6c25)
2003-12-13completed the linkage between the endpoint mapper and the dcerpcAndrew Tridgell1-7/+36
server endpoints. We can now successfully setup listening endpoints on high ports, then use our endpoint mapper redirect incoming clients to the right port. also greatly cleanup the rpc over tcp session handling. (This used to be commit 593bc29bbe0e46d356d001160e8a3332a88f2fa8)
2003-12-13make the IO in the dcerpc over TCP server completely async, handlingAndrew Tridgell1-1/+55
partial packets on both input and output (This used to be commit 4f46606af880f6dd86c20b8dc5799102a8e80cc9)
2003-12-13dcerpc over tcp in the samba4 server now works to some extent. ItAndrew Tridgell1-25/+45
needs quite a bit more work to get it finished. The biggest missing feature is the lack of NTLMSSP which is needed for basic authentication over tcp (This used to be commit 9fb0f0369356909c99389e2cbc525be27c08793c)
2003-12-13rpcdump.exe now works fine against a Samba4 serverAndrew Tridgell1-0/+1
for some reason the epm_Lookup replies can't be parsed by ethereal, although w2k parses then fine as does the Samba4 NDR code. (This used to be commit 097e7ca99d947932df5674c36e628ca6b8f31d3a)
2003-12-13added the epm_Map() call.Andrew Tridgell1-0/+1
the RPC-EPMAPPER torture test now passes (This used to be commit fbdcf9ef548aefb1233cbb22a60bff3eacba996f)
2003-12-13added a basic dcerpc endpoint mapper to Samba4. Currently onlyAndrew Tridgell1-8/+56
implements the epm_Lookup() call, I'll add the other important calls soon. I was rather pleased to find that epm_Lookup() worked first time, which is particularly surprising given its complexity. This required quite a bit of new infrastructure: * a generic way of handling dcerpc policy handles in the rpc server * added type checked varients of talloc. These are much less error prone. I'd like to move to using these for nearly all uses of talloc. * added more dcerpc fault handling code, and translation from NTSTATUS to a dcerpc fault code * added data_blob_talloc_zero() for allocating an initially zero blob * added a endpoint enumeration hook in the dcerpc endpoint server operations (This used to be commit 3f85f9b782dc17417baf1ca557fcae22f5b6a83a)