summaryrefslogtreecommitdiff
path: root/source4/rpc_server/dcerpc_server.h
AgeCommit message (Collapse)AuthorFilesLines
2007-10-10r21835: fixed a rpc server bug where we failed to remove a call from oneAndrew Tridgell1-0/+12
linked list when moving it to another. This could cause a valgrind error under the RPC-SCANNER test. (This used to be commit 9ba8c008513e362fbb860af899006505cadb4a2f)
2007-10-10r20646: first preparations for cluster enablement. This changes "Andrew Tridgell1-1/+1
uint32_t server_id to struct server_id server_id; which allows a server ID to have an node number. The node number will be zero in non-clustered case. This is the most basic hook needed for clustering, and ctdb. (This used to be commit 2365abaa991d57d68c6ebe9be608e01c907102eb)
2007-10-10r18363: Found a rather nasty bug in our fragment handling.Andrew Bartlett1-2/+5
We were adding packet fragments onto the *reply* queue, not the recieve queue. This worked, as long as we got a whole packet before we did any reply work, but failed once the backend called a remote LDAP server (and I presume something invoked the event loop). Andrew Bartlett (This used to be commit a0162e0ace48104d94f7b7dd3d2f62a7f42e10c6)
2007-10-10r17340: initialize elements od dcesrc_call_state in one central placeStefan Metzmacher1-1/+8
and pass the messaging context to the call metze (This used to be commit 0d7f16d7befa1e8824173d7b9da580e6a92ae4e5)
2007-10-10r15772: pass the messaging context and server_id to the dcerpc server subsystemStefan Metzmacher1-0/+6
metze (This used to be commit fb1debf219089188d1a8233ab3ff4ff314f7df0b)
2007-10-10r14735: Use dcerpc_syntax_id rather then seperate GUID + if_version everywhereJelmer Vernooij1-2/+1
(This used to be commit a316b33057f3ec8532677980e093cd327d33f257)
2007-10-10r14542: Remove librpc, libndr and libnbt from includes.hJelmer Vernooij1-1/+1
(This used to be commit 51b4270513752d2eafbe77f9de598de16ef84a1f)
2007-10-10r14486: remove the need of a stream_connection on a dcesrv_connection,Stefan Metzmacher1-1/+8
and let the transport set callbacks for getting the own and peer socket_address metze (This used to be commit 56fac3ddbbeecb834e5c7a439df344e11fe12a7b)
2007-10-10r14484: Install more headersJelmer Vernooij1-0/+5
(This used to be commit 430c6516d383bfd7f27287394bf8eef9f174b3e6)
2007-10-10r14380: Reduce the size of structs.hJelmer Vernooij1-0/+2
(This used to be commit 1a16a6f1dfa66499af43a6b88b3ea69a6a75f1fe)
2007-10-10r13923: make the state_flags per dcesrv_connectionStefan Metzmacher1-3/+4
this will may help with a generic named pipe solution metze (This used to be commit c6fa9bd15cdb096c3dfc7a4109d9298933981255)
2007-10-10r12696: Reduce the size of include/structs.hJelmer Vernooij1-0/+1
(This used to be commit 63917616016133c623fc6ff59454bc313ee7dd8f)
2007-10-10r12542: Move some more prototypes out to seperate headersJelmer Vernooij1-0/+2
(This used to be commit 0aca5fd5130d980d07398f3291d294202aefe3c2)
2007-10-10r12512: Use GUID structs in API functions everywhere rather then converting ↵Jelmer Vernooij1-2/+2
back and forth between GUID structs and strings in several places. (This used to be commit 3564e2f967ef72d6301b4f7e9a311cebcded4d75)
2007-10-10r10078: - add a 'struct data_blob_list_item'Stefan Metzmacher1-4/+1
- use this for the send_queue's of the different stream_servers to not redefine the same struct so often, and it maybe will be used in other places too metze (This used to be commit b6694f067ab7aff0ee303dbfe8a6e7fad801e7e9)
2007-10-10r8036: revert rev 8023/8024 as they have a bugs.Stefan Metzmacher1-1/+1
metze (This used to be commit 66d6b1d5783cba98f2f8e1c8eed1bdc26a5bad4f)
2007-10-10r8023: use a pointer to a DATA_BLOB for each reply,Stefan Metzmacher1-1/+1
that will allow the write_fn callback of dcesrv_output() to reference the memory with a valid TALLOC pointer metze (This used to be commit d0574d407f426f5c001e943dee5c03d24f4fb21c)
2007-10-10r7865: changed pidl to take a "const void *" instead of a "void *" for theAndrew Tridgell1-1/+1
structure in ndr_push_*() and ndr_print_*(). The push and print functions really should not modify the structure. metze, to make this work I had to change your spoolss hand marshaller. Can you please check it is OK? I think that the IN and OUT sides of that function are not ever called on the same structure, so I think that attempt at remembering the value by assigning to r->in._offered was not doing anything anyway, but please correct me if I have misunderstood it. If you really do need to remember something on those structures I'd suggest the ndr_token_store() and ndr_token_retrieve() functions, which are used by pidl for just this sort of thing. (This used to be commit eee528be97fa43ca53bdc5652b4d29a0a2caf563)
2007-10-10r7800: added the same request serialisation logic to our socket based rpcAndrew Tridgell1-0/+2
servers as I added to the smb server yesterday. This means rpc server code can assume it runs serially unless it explicitly sets the async flag on the request and returns (This used to be commit 8546adb56aa4dda608a176409c243b074aeca77d)
2007-10-10r7312: Add IDL for ncadg packets.Jelmer Vernooij1-1/+1
(This used to be commit 2009a430b03c685dd65bd573e70d3618f2e0dd0f)
2007-10-10r6192: remove handle->destroy function pointer, this should be done by ↵Stefan Metzmacher1-1/+0
talloc destructors now metze (This used to be commit 862226f557dddf989cbbdbfd5aa2bf6f2312fdf0)
2007-10-10r5902: A rather large change...Andrew Bartlett1-1/+1
I wanted to add a simple 'workstation' argument to the DCERPC authenticated binding calls, but this patch kind of grew from there. With SCHANNEL, the 'workstation' name (the netbios name of the client) matters, as this is what ties the session between the NETLOGON ops and the SCHANNEL bind. This changes a lot of files, and these will again be changed when jelmer does the credentials work. I also correct some schannel IDL to distinguish between workstation names and account names. The distinction matters for domain trust accounts. Issues in handling this (issues with lifetime of talloc pointers) caused me to change the 'creds_CredentialsState' and 'struct dcerpc_binding' pointers to always be talloc()ed pointers. In the schannel DB, we now store both the domain and computername, and query on both. This should ensure we fault correctly when the domain is specified incorrectly in the SCHANNEL bind. In the RPC-SCHANNEL test, I finally fixed a bug that vl pointed out, where the comment claimed we re-used a connection, but in fact we made a new connection. This was achived by breaking apart some of the dcerpc_secondary_connection() logic. The addition of workstation handling was also propogated to NTLMSSP and GENSEC, for completeness. The RPC-SAMSYNC test has been cleaned up a little, using a loop over usernames/passwords rather than manually expanded tests. This will be expanded further (the code in #if 0 in this patch) to use a newly created user account for testing. In making this test pass test_rpc.sh, I found a bug in the RPC-ECHO server, caused by the removal of [ref] and the assoicated pointer from the IDL. This has been re-added, until the underlying pidl issues are solved. (This used to be commit 824289dcc20908ddec957a4a892a103eec2da9b9)
2007-10-10r5437: Allow Samba4 to be compiled by tcc (www.tinycc.org). It still crashes ↵Jelmer Vernooij1-1/+1
when linking though. (This used to be commit 2e1e8db6dc877eb32b51cfc3d9c8f463d14530ec)
2007-10-10r5102: This is a major simplification of the logic for controlling top levelAndrew Tridgell1-1/+1
servers in smbd. The old code still contained a fairly bit of legacy from the time when smbd was only handling SMB connection. The new code gets rid of all of the smb_server specific code in smbd/, and creates a much simpler infrastructures for new server code. Major changes include: - simplified the process model code a lot. - got rid of the top level server and service structures completely. The top level context is now the event_context. This got rid of service.h and server.h completely (they were the most confusing parts of the old code) - added service_stream.[ch] for the helper functions that are specific to stream type services (services that handle streams, and use a logically separate process per connection) - got rid of the builtin idle_handler code in the service logic, as none of the servers were using it, and it can easily be handled by a server in future by adding its own timed_event to the event context. - fixed some major memory leaks in the rpc server code. - added registration of servers, rather than hard coding our list of possible servers. This allows for servers as modules in the future. - temporarily disabled the winbind code until I add the helper functions for that type of server - added error checking on service startup. If a configured server fails to startup then smbd doesn't startup. - cleaned up the command line handling in smbd, removing unused options (This used to be commit cf6a46c3cbde7b1eb1b86bd3882b953a2de3a42e)
2007-10-10r4690: - add support for async rpc server repliesStefan Metzmacher1-2/+39
the backend should check for (dce_call->state_flags & DCESRV_CALL_STATE_FLAG_MAY_ASYNC) then it's allowed to reply async then the backend should mark that call as async with dce_call->state_flags |= DCESRV_CALL_STATE_FLAG_ASYNC; later it has to manualy set r->out.result and then send the reply by calling status = dcesrv_reply(p->dce_call); NOTE: that ncacn_np doesn't support async replies yet - implement an async version of echo_TestSleep - reenable the echo_TestSleep torture test (this need to be more strict when we have support for async ncacn_np) metze (This used to be commit f0a0dbeb25b034b1333078ca085999359f5f6209)
2007-10-10r4640: first stage in the server side support for multiple context_ids on ↵Andrew Tridgell1-12/+24
one pipe this stage does the following: - simplifies the dcerpc_handle handling, and all the callers of it - split out the context_id depenent state into a linked list of established contexts - fixed some talloc handling in several rpc servers that i noticed while doing the above (This used to be commit fde042b3fc609c94e2c7eedcdd72ecdf489cf63b)
2007-10-10r4288: don't use struct dcerpc_interface_table anymore in theStefan Metzmacher1-7/+17
main rpc server code. let the backends specify a ndr_push/ndr_pull function like we already do with the dispatch() function. this allows an interface implmentation to work as real proxy without needing to know the idl for an interface that means just the plain decrypted payload can be forwarded If someone want to write such a backend, patches are wellcome metze (This used to be commit a150bdf140d9165a05cbc7cac40b6e3c03a7bd3c)
2007-10-10r3118: Eliminate struct dcesrv_ep_description and replace it withJelmer Vernooij1-14/+3
struct dcerpc_binding. (This used to be commit 2046e14cf8d010d4e715124859df2c1c3c782266)
2007-10-10r3114: - More work on merging the various structs that describe endpointsJelmer Vernooij1-3/+1
- Add protocol sequence to dcerpc transports (will be used later on) - Add more transports to the list (This used to be commit ab110192e6e2c1e5a3b2befe7b61158744f15d18)
2007-10-10r2627: use the new talloc capabilities in a bunch more places in the rpcAndrew Tridgell1-6/+0
server code. This fixes a number of memory leaks I found when testing with valgrind and smbtorture, as the cascading effect of a talloc_free() ensures that anything derived from the top level object is destroyed on disconnect. (This used to be commit 76d0b8206ce64d6ff4a192979c43dddbec726d6e)
2007-10-10r2290: Fix 'lsakey' for the server-side, it is static forAndrew Bartlett1-0/+1
'authenticated' connections. Fix kerberos session key issues - we need to call the routine for extracting the session key, not just read the cache. Andrew Bartlett (This used to be commit b80d849b6b586869fc7d3d4153db1a316f2867a9)
2007-10-10r2280: fixed the session key choice for ncacn_np and ncacn_ip_tcp in the rpc ↵Andrew Tridgell1-0/+3
server (This used to be commit 3b4ed24f4ba467a77bef8d6c25695fdbdb42b2ac)
2007-10-10r1486: commit the start of the generic server infastructureStefan Metzmacher1-1/+3
the idea is to have services as modules (smb, dcerpc, swat, ...) the process_model don't know about the service it self anymore. TODO: - the smbsrv should use the smbsrv_send function - the service subsystem init should be done like for other modules - we need to have a generic socket subsystem, which handle stream, datagram, and virtuell other sockets( e.g. for the ntvfs_ipc module to connect to the dcerpc server , or for smb or dcerpc or whatever to connect to a server wide auth service) - and other fixes... NOTE: process model pthread seems to be broken( but also before this patch!) metze (This used to be commit bbe5e00715ca4013ff0dbc345aa97adc6b5c2458)
2007-10-10r1294: A nice, large, commit...Andrew Bartlett1-22/+1
This implements gensec for Samba's server side, and brings gensec up to the standards of a full subsystem. This means that use of the subsystem is by gensec_* functions, not function pointers in structures (this is internal). This causes changes in all the existing gensec users. Our RPC server no longer contains it's own generalised security scheme, and now calls gensec directly. Gensec has also taken over the role of auth/auth_ntlmssp.c An important part of gensec, is the output of the 'session_info' struct. This is now reference counted, so that we can correctly free it when a pipe is closed, no matter if it was inherited, or created by per-pipe authentication. The schannel code is reworked, to be in the same file for client and server. ntlm_auth is reworked to use gensec. The major problem with this code is the way it relies on subsystem auto-initialisation. The primary reason for this commit now.is to allow these problems to be looked at, and fixed. There are problems with the new code: - I've tested it with smbtorture, but currently don't have VMware and valgrind working (this I'll fix soon). - The SPNEGO code is client-only at this point. - We still do not do kerberos. Andrew Bartlett (This used to be commit 07fd885fd488fd1051eacc905a2d4962f8a018ec)
2007-10-10r1136: - added IDL for netr_LogonGetDomainInfo()Andrew Tridgell1-0/+1
- added workstation to auth_session_info in rpc servers - added session key fetch hook in crypto backends in dcesrv - store and fetch seed as well as a session key in schannel ldb - when a client uses schannel to setup a netlogon pipe connection we also need to setup the credentials from the schannel negotiation so credentials chaining works - added server side netr_LogonGetDomainInfo() call (This used to be commit a35459387de3b6a422c5af6f658338fc7e4314b0)
2007-10-10r1078: the dxesrv_crypto_* implementations should now explicit setStefan Metzmacher1-4/+1
the dce_conn->auth_state.session_info ( the ntlmssp one works fine, but the schannel one isn't implemented yet) this is also set by the ntvfs_ipc backend on the endpoint connect. metze (This used to be commit ad3dd1789e9f124493519cb4731d9f5a563fd051)
2007-10-10r1030: added server side schannel supportAndrew Tridgell1-1/+1
(This used to be commit 2ac79dfba0e64056a680f21d7dd0c007f79d4a70)
2007-10-10r1022: add the session_info() call to the dcerpc server auth backendsStefan Metzmacher1-0/+1
metze (This used to be commit d1ab26b907f1eb2be31fe6946ffa5b8255fc6ac9)
2007-10-10r1010: make the dcesrv_crypto code a bit more generic...Stefan Metzmacher1-2/+2
fix type 'cyrpto' -> 'crypto' metze (This used to be commit 90f4777dfcb141b646063128c82f4c03bd176413)
2007-10-10r1004: continue tridge's work on dcerpc server auth/crypto codeStefan Metzmacher1-1/+22
I made it much more generic, and we should be able to add a module interface to this code, so that other DCERPC_AUTH types can be added via modules... metze (This used to be commit d09abeb686c43c62322205689273d1b417113004)
2007-10-10r995: - renamed many of our crypto routines to use the industry standardAndrew Tridgell1-1/+1
names rather than our crazy naming scheme. So DES is now called des_crypt() rather than smbhash() - added the code from the solution of the ADS crypto challenge that allows Samba to correctly handle a 128 bit session key in all of the netr_ServerAuthenticateX() varients. A huge thanks to Luke Howard from PADL for solving this one! - restructured the server side rpc authentication to allow for other than NTLMSSP sign and seal. This commit just adds the structure, the next commit will add schannel server side support. - added 128 bit session key support to our client side code, and testing against w2k3 with smbtorture. Works well. (This used to be commit 729b2f41c924a0b435d44a14209e6dacc2304cee)
2007-10-10r884: convert samba4 to use [u]int32_t instead of [u]int32Stefan Metzmacher1-4/+4
metze (This used to be commit 0e5517d937a2eb7cf707991d1c7498c1ab456095)
2007-10-10r623: setUserInfo level 24 (password set) now works in the SAMR server. This ↵Andrew Tridgell1-0/+3
includes all of the password complexity, password history and other password restrictions. (This used to be commit cb070b9084d95cf5178edbef951b75eab62b7220)
2007-10-10r464: a big improvement to the API for writing server-side RPCAndrew Tridgell1-0/+3
servers. Previously the server pipe code needed to return the RPC level status (nearly always "OK") and separately set the function call return using r->out.result. All the programmers writing servers (metze, jelmer and me) were often getting this wrong, by doing things like "return NT_STATUS_NO_MEMORY" which was really quite meaningless as there is no code like that at the dcerpc level. I have now modified pidl to generate the necessary boilerplate so that just returning the status you want from the function will work. So for a NTSTATUS function you return NT_STATUS_XXX and from a WERROR function you return WERR_XXX. If you really want to generate a DCERPC level fault rather than just a return value in your function then you should use the DCESRV_FAULT() macro which will correctly generate a fault for you. As a side effect, this also adds automatic type checking of all of our server side rpc functions, which was impossible with the old API. When I changed the API I found and fixed quite a few functions with the wrong type information, so this is definately useful. I have also changed the server side template generation to generate a DCERPC "operation range error" by default when you have not yet filled in a server side function. This allows us to correctly implement functions in any order in our rpc pipe servers and give the client the right information about the fault. (This used to be commit a4df5c7cf88891a78d82c8d6d7f058d8485e73f0)
2007-10-10r374: allow for a policy_handle fetch using a handle type ofAndrew Tridgell1-0/+1
DCESRV_HANDLE_ANY. This is needed for operations like samr_Close() that take any handle type. (This used to be commit 6fbbfc4462388c4c86f9f0ddd3cdd99225512ef2)
2007-10-10r67: added a destroy hook in the policy handle -> wire handle code to allow ↵Andrew Tridgell1-0/+1
backends to cleanup handle data (This used to be commit af0c21c1e175ca2ebb687dc6dff83da919280271)
2004-02-02some DEBUG and comment fixesStefan Metzmacher1-0/+5
metze (This used to be commit 5ac4f878687eb0fa95a2e5830a8372168a27d3b3)
2004-01-08This patch adds a better dcerpc server infastructure.Stefan Metzmacher1-47/+82
1.) We now register endpoint servers add startup via register_backend() and later use the smb.conf 'dcerpc endpoint servers' parameter to setup the dcesrv_context 2.) each endpoint server can register at context creation time as much interfaces as it wants (multiple interfaces on one endpoint are supported!) (NOTE: there's a difference between 'endpoint server' and 'endpoint'! for details look at rpc_server/dcesrv_server.h) 3.) one endpoint can have a security descriptor registered to it self this will be checked in the future when a client wants to connect to an smb pipe endpoint. 4.) we now have a 'remote' endpoint server, which works like the ntvfs_cifs module it takes this options in the [globals] section: dcerpc remote:interfaces = srvsvc, winreg, w32time, epmapper dcerpc remote:binding = ... dcerpc remote:user = ... dcerpc remote:password = ... 5.) we currently have tree endpoint servers: epmapper, rpcecho and remote the default for the 'dcerpc endpiont servers = epmapper, rpcecho' for testing you can also do dcerpc endpoint servers = rpcecho, remote, epmapper dcerpc remote:interfaces = srvsvc, samr, netlogon 6,) please notice the the epmapper now only returns NO_ENTRIES (but I think we'll find a solution for this too:-) 7.) also there're some other stuff left, but step by step :-) This patch also includes updates for the register_subsystem() , ntvfs_init(), and some other funtions to check for duplicate subsystem registration metze (hmmm, my first large commit...I hope it works as supposed :-) (This used to be commit 917e45dafd5be4c2cd90ff425b8d6f8403122349)
2003-12-16it turns out that a wire policy handle isn't a blob either, its aAndrew Tridgell1-1/+0
uint32 followed by a GUID. I needed to fix this to support running in mixed-mode rpc (where smbtorture is bigendian and w2k3 is little-endian). Otherwise when you send back a policy handle the server doesn't recognise it. (This used to be commit 9b1c76a8e9e953e051072441f8938ee17a674d35)
2003-12-14ntlmssp over rpc over tcp now fully worksAndrew Tridgell1-1/+1
I needed to hack the ntlmssp code a little, as the auth code in samba4 is out of date relative to the samba3 auth code. I need to do a merge :) (This used to be commit 6ee0935afe9444bf9bb24eed4e02e8377dc746b7)