summaryrefslogtreecommitdiff
path: root/source4/rpc_server/dcerpc_server.h
AgeCommit message (Collapse)AuthorFilesLines
2007-10-10r2290: Fix 'lsakey' for the server-side, it is static forAndrew Bartlett1-0/+1
'authenticated' connections. Fix kerberos session key issues - we need to call the routine for extracting the session key, not just read the cache. Andrew Bartlett (This used to be commit b80d849b6b586869fc7d3d4153db1a316f2867a9)
2007-10-10r2280: fixed the session key choice for ncacn_np and ncacn_ip_tcp in the rpc ↵Andrew Tridgell1-0/+3
server (This used to be commit 3b4ed24f4ba467a77bef8d6c25695fdbdb42b2ac)
2007-10-10r1486: commit the start of the generic server infastructureStefan Metzmacher1-1/+3
the idea is to have services as modules (smb, dcerpc, swat, ...) the process_model don't know about the service it self anymore. TODO: - the smbsrv should use the smbsrv_send function - the service subsystem init should be done like for other modules - we need to have a generic socket subsystem, which handle stream, datagram, and virtuell other sockets( e.g. for the ntvfs_ipc module to connect to the dcerpc server , or for smb or dcerpc or whatever to connect to a server wide auth service) - and other fixes... NOTE: process model pthread seems to be broken( but also before this patch!) metze (This used to be commit bbe5e00715ca4013ff0dbc345aa97adc6b5c2458)
2007-10-10r1294: A nice, large, commit...Andrew Bartlett1-22/+1
This implements gensec for Samba's server side, and brings gensec up to the standards of a full subsystem. This means that use of the subsystem is by gensec_* functions, not function pointers in structures (this is internal). This causes changes in all the existing gensec users. Our RPC server no longer contains it's own generalised security scheme, and now calls gensec directly. Gensec has also taken over the role of auth/auth_ntlmssp.c An important part of gensec, is the output of the 'session_info' struct. This is now reference counted, so that we can correctly free it when a pipe is closed, no matter if it was inherited, or created by per-pipe authentication. The schannel code is reworked, to be in the same file for client and server. ntlm_auth is reworked to use gensec. The major problem with this code is the way it relies on subsystem auto-initialisation. The primary reason for this commit now.is to allow these problems to be looked at, and fixed. There are problems with the new code: - I've tested it with smbtorture, but currently don't have VMware and valgrind working (this I'll fix soon). - The SPNEGO code is client-only at this point. - We still do not do kerberos. Andrew Bartlett (This used to be commit 07fd885fd488fd1051eacc905a2d4962f8a018ec)
2007-10-10r1136: - added IDL for netr_LogonGetDomainInfo()Andrew Tridgell1-0/+1
- added workstation to auth_session_info in rpc servers - added session key fetch hook in crypto backends in dcesrv - store and fetch seed as well as a session key in schannel ldb - when a client uses schannel to setup a netlogon pipe connection we also need to setup the credentials from the schannel negotiation so credentials chaining works - added server side netr_LogonGetDomainInfo() call (This used to be commit a35459387de3b6a422c5af6f658338fc7e4314b0)
2007-10-10r1078: the dxesrv_crypto_* implementations should now explicit setStefan Metzmacher1-4/+1
the dce_conn->auth_state.session_info ( the ntlmssp one works fine, but the schannel one isn't implemented yet) this is also set by the ntvfs_ipc backend on the endpoint connect. metze (This used to be commit ad3dd1789e9f124493519cb4731d9f5a563fd051)
2007-10-10r1030: added server side schannel supportAndrew Tridgell1-1/+1
(This used to be commit 2ac79dfba0e64056a680f21d7dd0c007f79d4a70)
2007-10-10r1022: add the session_info() call to the dcerpc server auth backendsStefan Metzmacher1-0/+1
metze (This used to be commit d1ab26b907f1eb2be31fe6946ffa5b8255fc6ac9)
2007-10-10r1010: make the dcesrv_crypto code a bit more generic...Stefan Metzmacher1-2/+2
fix type 'cyrpto' -> 'crypto' metze (This used to be commit 90f4777dfcb141b646063128c82f4c03bd176413)
2007-10-10r1004: continue tridge's work on dcerpc server auth/crypto codeStefan Metzmacher1-1/+22
I made it much more generic, and we should be able to add a module interface to this code, so that other DCERPC_AUTH types can be added via modules... metze (This used to be commit d09abeb686c43c62322205689273d1b417113004)
2007-10-10r995: - renamed many of our crypto routines to use the industry standardAndrew Tridgell1-1/+1
names rather than our crazy naming scheme. So DES is now called des_crypt() rather than smbhash() - added the code from the solution of the ADS crypto challenge that allows Samba to correctly handle a 128 bit session key in all of the netr_ServerAuthenticateX() varients. A huge thanks to Luke Howard from PADL for solving this one! - restructured the server side rpc authentication to allow for other than NTLMSSP sign and seal. This commit just adds the structure, the next commit will add schannel server side support. - added 128 bit session key support to our client side code, and testing against w2k3 with smbtorture. Works well. (This used to be commit 729b2f41c924a0b435d44a14209e6dacc2304cee)
2007-10-10r884: convert samba4 to use [u]int32_t instead of [u]int32Stefan Metzmacher1-4/+4
metze (This used to be commit 0e5517d937a2eb7cf707991d1c7498c1ab456095)
2007-10-10r623: setUserInfo level 24 (password set) now works in the SAMR server. This ↵Andrew Tridgell1-0/+3
includes all of the password complexity, password history and other password restrictions. (This used to be commit cb070b9084d95cf5178edbef951b75eab62b7220)
2007-10-10r464: a big improvement to the API for writing server-side RPCAndrew Tridgell1-0/+3
servers. Previously the server pipe code needed to return the RPC level status (nearly always "OK") and separately set the function call return using r->out.result. All the programmers writing servers (metze, jelmer and me) were often getting this wrong, by doing things like "return NT_STATUS_NO_MEMORY" which was really quite meaningless as there is no code like that at the dcerpc level. I have now modified pidl to generate the necessary boilerplate so that just returning the status you want from the function will work. So for a NTSTATUS function you return NT_STATUS_XXX and from a WERROR function you return WERR_XXX. If you really want to generate a DCERPC level fault rather than just a return value in your function then you should use the DCESRV_FAULT() macro which will correctly generate a fault for you. As a side effect, this also adds automatic type checking of all of our server side rpc functions, which was impossible with the old API. When I changed the API I found and fixed quite a few functions with the wrong type information, so this is definately useful. I have also changed the server side template generation to generate a DCERPC "operation range error" by default when you have not yet filled in a server side function. This allows us to correctly implement functions in any order in our rpc pipe servers and give the client the right information about the fault. (This used to be commit a4df5c7cf88891a78d82c8d6d7f058d8485e73f0)
2007-10-10r374: allow for a policy_handle fetch using a handle type ofAndrew Tridgell1-0/+1
DCESRV_HANDLE_ANY. This is needed for operations like samr_Close() that take any handle type. (This used to be commit 6fbbfc4462388c4c86f9f0ddd3cdd99225512ef2)
2007-10-10r67: added a destroy hook in the policy handle -> wire handle code to allow ↵Andrew Tridgell1-0/+1
backends to cleanup handle data (This used to be commit af0c21c1e175ca2ebb687dc6dff83da919280271)
2004-02-02some DEBUG and comment fixesStefan Metzmacher1-0/+5
metze (This used to be commit 5ac4f878687eb0fa95a2e5830a8372168a27d3b3)
2004-01-08This patch adds a better dcerpc server infastructure.Stefan Metzmacher1-47/+82
1.) We now register endpoint servers add startup via register_backend() and later use the smb.conf 'dcerpc endpoint servers' parameter to setup the dcesrv_context 2.) each endpoint server can register at context creation time as much interfaces as it wants (multiple interfaces on one endpoint are supported!) (NOTE: there's a difference between 'endpoint server' and 'endpoint'! for details look at rpc_server/dcesrv_server.h) 3.) one endpoint can have a security descriptor registered to it self this will be checked in the future when a client wants to connect to an smb pipe endpoint. 4.) we now have a 'remote' endpoint server, which works like the ntvfs_cifs module it takes this options in the [globals] section: dcerpc remote:interfaces = srvsvc, winreg, w32time, epmapper dcerpc remote:binding = ... dcerpc remote:user = ... dcerpc remote:password = ... 5.) we currently have tree endpoint servers: epmapper, rpcecho and remote the default for the 'dcerpc endpiont servers = epmapper, rpcecho' for testing you can also do dcerpc endpoint servers = rpcecho, remote, epmapper dcerpc remote:interfaces = srvsvc, samr, netlogon 6,) please notice the the epmapper now only returns NO_ENTRIES (but I think we'll find a solution for this too:-) 7.) also there're some other stuff left, but step by step :-) This patch also includes updates for the register_subsystem() , ntvfs_init(), and some other funtions to check for duplicate subsystem registration metze (hmmm, my first large commit...I hope it works as supposed :-) (This used to be commit 917e45dafd5be4c2cd90ff425b8d6f8403122349)
2003-12-16it turns out that a wire policy handle isn't a blob either, its aAndrew Tridgell1-1/+0
uint32 followed by a GUID. I needed to fix this to support running in mixed-mode rpc (where smbtorture is bigendian and w2k3 is little-endian). Otherwise when you send back a policy handle the server doesn't recognise it. (This used to be commit 9b1c76a8e9e953e051072441f8938ee17a674d35)
2003-12-14ntlmssp over rpc over tcp now fully worksAndrew Tridgell1-1/+1
I needed to hack the ntlmssp code a little, as the auth code in samba4 is out of date relative to the samba3 auth code. I need to do a merge :) (This used to be commit 6ee0935afe9444bf9bb24eed4e02e8377dc746b7)
2003-12-14fixed a bug handling multiple PDUs being read from a socket at oneAndrew Tridgell1-0/+10
time in the rpc server. started on the framework for the dcerpc authentication server code (This used to be commit 74041b6a0a60d792e1b220496d66ec27b9ee6c25)
2003-12-13completed the linkage between the endpoint mapper and the dcerpcAndrew Tridgell1-0/+1
server endpoints. We can now successfully setup listening endpoints on high ports, then use our endpoint mapper redirect incoming clients to the right port. also greatly cleanup the rpc over tcp session handling. (This used to be commit 593bc29bbe0e46d356d001160e8a3332a88f2fa8)
2003-12-13make the IO in the dcerpc over TCP server completely async, handlingAndrew Tridgell1-0/+4
partial packets on both input and output (This used to be commit 4f46606af880f6dd86c20b8dc5799102a8e80cc9)
2003-12-13dcerpc over tcp in the samba4 server now works to some extent. ItAndrew Tridgell1-2/+2
needs quite a bit more work to get it finished. The biggest missing feature is the lack of NTLMSSP which is needed for basic authentication over tcp (This used to be commit 9fb0f0369356909c99389e2cbc525be27c08793c)
2003-12-13rpcdump.exe now works fine against a Samba4 serverAndrew Tridgell1-0/+1
for some reason the epm_Lookup replies can't be parsed by ethereal, although w2k parses then fine as does the Samba4 NDR code. (This used to be commit 097e7ca99d947932df5674c36e628ca6b8f31d3a)
2003-12-13added a basic dcerpc endpoint mapper to Samba4. Currently onlyAndrew Tridgell1-1/+30
implements the epm_Lookup() call, I'll add the other important calls soon. I was rather pleased to find that epm_Lookup() worked first time, which is particularly surprising given its complexity. This required quite a bit of new infrastructure: * a generic way of handling dcerpc policy handles in the rpc server * added type checked varients of talloc. These are much less error prone. I'd like to move to using these for nearly all uses of talloc. * added more dcerpc fault handling code, and translation from NTSTATUS to a dcerpc fault code * added data_blob_talloc_zero() for allocating an initially zero blob * added a endpoint enumeration hook in the dcerpc endpoint server operations (This used to be commit 3f85f9b782dc17417baf1ca557fcae22f5b6a83a)
2003-12-12we now support pdu fragmentation on both input and output in the rpcAndrew Tridgell1-1/+8
server code (This used to be commit 4dac9517188f2dba06df481071063543ede89495)
2003-12-12 * the RPC-ECHO pipe now works in smbd, as long as the data sizesAndrew Tridgell1-2/+29
don't cause fragmented pdus (I'll add fragments shortly) * change data_blob_talloc() to not zero memory when the 2nd argument is NULL. The zeroing just masks bugs, and can't even allow a DOS attack * modified pidl to ensure that [ref] arguments to the out side of functions are allocated when parsing the in side. This allows rpc backends to assume that [ref] variables are all setup. Doesn't work correctly for [ref] arrays yet * changed DLIST_ADD_END() to take the type instead of a tmp variable. This means you don't need to declare a silly tmp variable in the caller (This used to be commit 46e0a358198eeb9af1907ee2a29025d3ab23b6d1)
2003-12-10initial rpc server side infrastructureAndrew Tridgell1-0/+72
(This used to be commit 3706af7a6cb2090e0baeff5ee54bf49ebda2cce1)