summaryrefslogtreecommitdiff
path: root/source4/rpc_server
AgeCommit message (Collapse)AuthorFilesLines
2007-10-10r7993: Further work on the Krb5 PAC.Andrew Bartlett2-67/+6
We now generate the PAC, and can verifiy both our own PAC and the PAC from Win2k3. This commit adds the PAC generation code, spits out the code to get the information we need from the NETLOGON server back into a auth/ helper function, and adds a number of glue functions. In the process of building the PAC generation code, some hints in the Microsoft PAC specification shed light on other parts of the code, and the updates to samr.idl and netlogon.idl come from those hints. Also in this commit: The Heimdal build package has been split up, so as to only link the KDC with smbd, not the client utils. To enable the PAC to be veified with gensec_krb5 (which isn't quite dead yet), the keyblock has been passed back to the calling layer. Andrew Bartlett (This used to be commit e2015671c2f7501f832ff402873ffe6e53b89466)
2007-10-10r7927: fixed an error on partial socket writes in the rpc serverAndrew Tridgell2-2/+2
(This used to be commit 3c7b5de67294ef161289af7da6716b44ffc5d526)
2007-10-10r7865: changed pidl to take a "const void *" instead of a "void *" for theAndrew Tridgell3-3/+3
structure in ndr_push_*() and ndr_print_*(). The push and print functions really should not modify the structure. metze, to make this work I had to change your spoolss hand marshaller. Can you please check it is OK? I think that the IN and OUT sides of that function are not ever called on the same structure, so I think that attempt at remembering the value by assigning to r->in._offered was not doing anything anyway, but please correct me if I have misunderstood it. If you really do need to remember something on those structures I'd suggest the ndr_token_store() and ndr_token_retrieve() functions, which are used by pidl for just this sort of thing. (This used to be commit eee528be97fa43ca53bdc5652b4d29a0a2caf563)
2007-10-10r7860: switch our ldb storage format to use a NDR encoded objectSid. This isAndrew Tridgell5-223/+139
quite a large change as we had lots of code that assumed that objectSid was a string in S- format. metze and simo tried to convince me to use NDR format months ago, but I didn't listen, so its fair that I have the pain of fixing all the code now :-) This builds on the ldb_register_samba_handlers() and ldif handlers code I did earlier this week. There are still three parts of this conversion I have not finished: - the ltdb index records need to use the string form of the objectSid (to keep the DNs sane). Until that it done I have disabled indexing on objectSid, which is a big performance hit, but allows us to pass all our tests while I rejig the indexing system to use a externally supplied conversion function - I haven't yet put in place the code that allows client to use the "S-xxx-yyy" form for objectSid in ldap search expressions. w2k3 supports this, presumably by looking for the "S-" prefix to determine what type of objectSid form is being used by the client. I have been working on ways to handle this, but am not happy with them yet so they aren't part of this patch - I need to change pidl to generate push functions that take a "const void *" instead of a "void*" for the data pointer. That will fix the couple of new warnings this code generates. Luckily it many places the conversion to NDR formatted records actually simplified the code, as it means we no longer need as many calls to dom_sid_parse_talloc(). In some places it got more complex, but not many. (This used to be commit d40bc2fa8ddd43560315688eebdbe98bdd02756c)
2007-10-10r7850: Support mkdir() with just one parameter. Patch fromJelmer Vernooij1-0/+1
Steven Edwards <steven_ed4153@yahoo.com>. I've moved the Win32-specific tests to win32.m4 so it does not make any of the POSIX configure stuff more complicated. (This used to be commit bf85fdd01552f75b745fdf3159a7a87cd6521ed2)
2007-10-10r7802: Remove a junk file.Tim Potter1-71/+0
(This used to be commit a2d60dd878671d7ec4dbe631e8138d2279a2c6a4)
2007-10-10r7800: added the same request serialisation logic to our socket based rpcAndrew Tridgell3-0/+12
servers as I added to the smb server yesterday. This means rpc server code can assume it runs serially unless it explicitly sets the async flag on the request and returns (This used to be commit 8546adb56aa4dda608a176409c243b074aeca77d)
2007-10-10r7756: Don't segfault by trying to search for the NULL DN, if the wrongAndrew Bartlett1-5/+7
password was entered. We would not use the results of the search in any case. Andrew Bartlett (This used to be commit edeb908acaaaaab13bef4d2e3fae18d87c07af81)
2007-10-10r7755: fixed an uninitialised event_ctx found by abartletAndrew Tridgell1-3/+4
(This used to be commit 1462da3b6d190eecfb82268e6f2f04a42d8d5298)
2007-10-10r7644: - remove some dublicate structures SetForm and AddForm uses the same ↵Stefan Metzmacher1-3/+63
struct - fix some typos in EnumPrintServerForms()/GetPrintServerForms() - add AddPrintServerForms()/SetPrintServerForms() and DeletePrintServerForms metze (This used to be commit 73906388421beebb34f2a00c9e0d1fc8b400a42a)
2007-10-10r7643: This patch adds a new NTPTR subsystem:Stefan Metzmacher4-668/+294
- this is an abstraction layer for print services, like out NTVFS subsystem for file services - all protocol specific details are still in rpc_server/spoolss/ - like the stupid in and out Buffer handling - checking of the r->in.server_name - ... - this subsystem can have multiple implementation selected by the "ntptr providor" global-section parameter - I currently added a "simple_ldb" backend, that stores Printers, Forms, Ports, Monitors, ... in the spoolss.db, and does no real printing this backend is basicly for testing, how the spoolss protocol works - the interface is just a prototype and will be changed a bit the next days or weeks, till the simple_ldb backend can handle all calls that are used by normal w2k3/xp clients - I'll also make the api async, as the ntvfs api this will make things like the RemoteFindFirstPrinterChangeNotifyEx(), that opens a connection back to the client, easier to implement, as we should not block the whole smbd for that - the idea is to later implement a "unix" backend that works like the current samba3 code - and maybe some embedded print server vendors can write there own backend that can directly talk to a printer without having cups or something like this - the default settings are (it currently makes no sense to change them :-): ntptr providor = simple_ldb spoolss database = $private_dir/spoolss.db metze (This used to be commit 455b5536d41bc31ebef8290812f45d4a38afa8e9)
2007-10-10r7634: move TestSleep functions so that all of them are togetherStefan Metzmacher1-22/+22
metze (This used to be commit 520d5c67329e957121e3b71c1ffc0be3893c2033)
2007-10-10r7633: this patch started as an attempt to make the dcerpc code use a givenAndrew Tridgell3-4/+6
event_context for the socket_connect() call, so that when things that use dcerpc are running alongside anything else it doesn't block the whole process during a connect. Then of course I needed to change any code that created a dcerpc connection (such as the auth code) to also take an event context, and anything that called that and so on .... thus the size of the patch. There were 3 places where I punted: - abartlet wanted me to add a gensec_set_event_context() call instead of adding it to the gensec init calls. Andrew, my apologies for not doing this. I didn't do it as adding a new parameter allowed me to catch all the callers with the compiler. Now that its done, we could go back and use gensec_set_event_context() - the ejs code calls auth initialisation, which means it should pass in the event context from the web server. I punted on that. Needs fixing. - I used a NULL event context in dcom_get_pipe(). This is equivalent to what we did already, but should be fixed to use a callers event context. Jelmer, can you think of a clean way to do that? I also cleaned up a couple of things: - libnet_context_destroy() makes no sense. I removed it. - removed some unused vars in various places (This used to be commit 3a3025485bdb8f600ab528c0b4b4eef0c65e3fc9)
2007-10-10r7582: Better way to have a fast path searching for a specific DN.Simo Sorce3-60/+50
Old way was ugly and had a bug, you couldn't add an attribute named dn or distinguishedName and search for it, tdb would change that search in a dn search. This makes it also possible to search by dn against an ldap server as the old method was not supported by ldap syntaxes. sss (This used to be commit a614466dec2484a0d39bdfae53da822cfcf80926)
2007-10-10r7580: - add GetPrinterDriverDirectory() idl, torture test and server codeStefan Metzmacher2-16/+152
- add EnumMonitors() server code and return "Standard TCP/IP Port" - add parsing for opening Ports and Monitors with OpenPrinterEx() metze (This used to be commit 08e6de37bc293e2f000d03b51642964d92d6e95e)
2007-10-10r7574: - seperate [in] and [out] buffers and buf_sizesStefan Metzmacher1-29/+15
- use the same names as etherel (offered,needed) for the buffer sizes (and they are really independently used) metze (This used to be commit f5532a5b74e972f44ed8aa19ee9c5851a4b40f65)
2007-10-10r7536: doesn't spam the smbd_log in the build_farm...Stefan Metzmacher1-1/+1
metze (This used to be commit 9f4ed54c58a1d029b171ad199dd4a7ccf1f96f64)
2007-10-10r7507: fixed the problem with users being shown too many times in aclAndrew Tridgell1-3/+3
editors, and added a test for it. (This used to be commit 9e428881f6fc0a422ac9011d847e8f692284397a)
2007-10-10r7465: - return empty lists for nowStefan Metzmacher1-4/+10
- return WERR_NOT_SUPPORTED on AddPort() (we pass the RPC-SPOOLSS test now :-) metze (This used to be commit d62db5b7d3b6418e870b87c8fd33a1587ecc1728)
2007-10-10r7370: change debug levelsStefan Metzmacher1-4/+4
metze (This used to be commit 665e4f0bd47117ce597f7eb6be0b89420582c471)
2007-10-10r7368: some server side spoolss stuff, w2k3 shows the printers icon,Stefan Metzmacher1-28/+200
and I can view the print server properties... But it didn't like our EnumPorts() reply and also didn't show the test Form... (jerry: can you have a look at this?) metze (This used to be commit 42c9a66da9b4adf1c44dcca13ea184ed2e7a4681)
2007-10-10r7313: Prefix a few functions with ncacn_ rather then dcerpc_ because they areJelmer Vernooij2-5/+5
ncacn_ specific (This used to be commit 875cce126878172eedb43b4ecab3970ea9d82e4a)
2007-10-10r7312: Add IDL for ncadg packets.Jelmer Vernooij3-16/+16
(This used to be commit 2009a430b03c685dd65bd573e70d3618f2e0dd0f)
2007-10-10r7195: - Fix echo pipeJelmer Vernooij1-0/+3
- Don't allocate strings - Give higher preference to the [out] part of variables when they are being used by another [out] variable. Also make sure that [in] variables never use [out] variables (i.e. switch_is() on an [in] variable can no longer use an [out] variable). (This used to be commit 837c83d77a2d1990419c4f3e343616daf8da5799)
2007-10-10r7159: Improve the messages from pidl's validator module.Jelmer Vernooij1-1/+1
Change the IDL file for the echo interface to match the one we use for Windows. The only thing different between the two files currently is the names of the scalar types and the handling of strings. (This used to be commit b264c61061d222347919837600adf809fbadfb13)
2007-10-10r7120: make use of the new 'noopnum' property and get rid of handwrittenStefan Metzmacher1-18/+8
parsing code for the spoolss_Enum* functions, there still same handwritten code needed but just to stack the autogenerated code into the correct way metze (This used to be commit 155d18e8b78afebfb4a84e43e3b4d8fc6c9cc4e2)
2007-10-10r6973: Merge new version of pidl into the main SAMBA_4_0 branch.Jelmer Vernooij1-0/+2
The main difference in this new version is the extra data structure generated between the IDL data structure and the NDR parser: IDL -> NDR -> { ndr_parser, ndr_header, eparser, etc } This makes the ndr_parser.pm internals much more sane. Other changes include: - Remove unnecessary calls with NDR_BUFFERS (for example, GUID doesn't have any buffers, just scalars) as well as some (unnecessary) nested setting of flags. - Parse array loops in the C code rather then calling ndr_pull_array(). This allows us to have, for example, arrays of pointers or arrays of pointers to arrays, etc.. - Use if() {} rather then if () goto foo; everywhere - NDR_IN no longer implies LIBNDR_FLAG_REF_ALLOC - By default, top level pointers are now "ref" (as is the default in most other IDL compilers). This can be overridden using the default_pointer_top() property. - initial work on new ethereal parser generators by Alan DeKok and me - pidl now writes errors in the standard format used by compilers, which is parsable by most editors - ability to warn about the fact that pidl extension(s) have been used, useful for making sure IDL files work with other IDL compilers. oh, and there's probably some other things I can't think of right now.. (This used to be commit 13cf227615f6b9e0e5fa62e59197024410254f01)
2007-10-10r6939: Get rid of SUBSYSTEM::NDR since all it did was require NDR_RAW.Tim Potter1-1/+1
(This used to be commit e077d9948f1406c61982d49c2fd925852fdf6553)
2007-10-10r6907: Unixinfo for samba4, not activated by default.Volker Lendecke2-0/+187
Volker (This used to be commit 81ddffde369c5b5e91bc130510f43c6841a789c4)
2007-10-10r6863: lib-friendlier names + fix some dependenciesJelmer Vernooij1-3/+1
(This used to be commit cab81a51bfd435b54e6f0d5a308aaf6828d38c00)
2007-10-10r6839: Add support for building subsystems as shared libraries. This can beJelmer Vernooij1-1/+1
done by setting: OUTPUT_TYPE = SHARED_LIBRARY in the [SUBSYSTEM::...] section belonging to a subsystem. The idea is to allow multiple values to OUTPUT_TYPE simultaneously (e.g. OUTPUT_TYPE = SHARED_LIBRARY, STATIC_LIBRARY, OBJLIST ) (This used to be commit b9d0ae93ba86fec0115f58e7940b2a6c908bc809)
2007-10-10r6795: Make some functions static and remove some unused ones.Jelmer Vernooij1-3/+3
(This used to be commit 46509eb89980bfe6dabd71264d570ea356ee5a22)
2007-10-10r6714: We can only ask GENSEC questions if we are authenticated.Andrew Bartlett1-1/+3
Andrew Bartlett (This used to be commit b429712f1e8234c64138aaa8ff67dce94988406c)
2007-10-10r6705: let the gensec module decide if messages can be signed and sealed in ↵Stefan Metzmacher1-0/+4
a different order than a strict request - reply sequence Note: we should also fix the client code... metze (This used to be commit 0a61d1f65150546f7a7582512ca010d156f963bf)
2007-10-10r6606: add a DCESRV_FAULT_VOID() marco to use in void functionsStefan Metzmacher1-0/+6
metze (This used to be commit a379836de63951bcfbc281425af3db7094248f2f)
2007-10-10r6604: solved a memory hierarchy ordering problem that led to crashes onAndrew Tridgell1-5/+5
ncacn_ip_tcp and ncalrpc for the standard process model. Thanks to Jelmer for noticing this bug! (This used to be commit 81863cdd8bba0d4e39a1b4dc7e6dd7e6cafb38cf)
2007-10-10r6544: Use common structures between SAMR, NETLGON and the Krb5 PAC.Andrew Bartlett2-15/+35
Fill out the group list for the SamLogon reply, so clients get the supplementary groups. Andrew Bartlett (This used to be commit d9c31e60a72c345e3a23a7eb742906bcfc18721c)
2007-10-10r6526: Rename this RPC fault. Everybody else calls this ACCESS_DENIED, andAndrew Bartlett1-1/+1
it certainly doesn't make sense as LOGON_FAILURE. Andrew Bartlett (This used to be commit 4bec3d3f378ed8b988e00441c9bb5718b8548ba6)
2007-10-10r6470: Remove ldb_search_free() it is not needed anymore.Simo Sorce1-2/+2
Just use talloc_free() to release the memory after an ldb_search(). (This used to be commit 4f0948dab0aa5e8b6a4ce486f3668ca8dfae23db)
2007-10-10r6457: Simply the RPC server code for the choice of GENSEC mech - it's justAndrew Bartlett1-46/+14
one function call now, so no need for a wrapper function. Andrew Bartlett (This used to be commit c023f5c5e8c0aec6317e49105b92bc9d186ce11e)
2007-10-10r6325: Rename aliasname -> alias_name in CreateDomAlias function.Tim Potter1-11/+11
(This used to be commit 63dfa9b80649928baf72687381fcfb6dd4d20032)
2007-10-10r6193: we don't need to store the handle type here,Stefan Metzmacher2-3/+1
it's in handle->wire_handle.handle_type metze (This used to be commit 539286bc9fa1638dd564fb2f8ba924a0ede8db08)
2007-10-10r6192: remove handle->destroy function pointer, this should be done by ↵Stefan Metzmacher2-5/+0
talloc destructors now metze (This used to be commit 862226f557dddf989cbbdbfd5aa2bf6f2312fdf0)
2007-10-10r6084: - Introduce the samldb module dependency on samba4Simo Sorce1-122/+82
- This module will take care of properly filling an user or group object with required fields. You just need to provide the dn and the objectclass and a user/group get created Simo. (This used to be commit fb9afcaf533a4c32547d1857306e0aece8063953)
2007-10-10r6032: Fix up SetServerPassword2 on NETLOGON for [bigendian]. Clearly nobodyAndrew Bartlett1-3/+7
has the patience to run test_w2k3.sh to completion :-) It looks to me that the Windows server runs the RC4 over the C struct, not the NDR data. Andrew Bartlett (This used to be commit c324d974134c35b4c50c91d5a932a63c78b67046)
2007-10-10r5988: Fix the -P option (use machine account credentials) to use the Samba4Andrew Bartlett8-118/+58
secrets system, and not the old system from Samba3. This allowed the code from auth_domain to be shared - we now only lookup the secrets.ldb in lib/credentials.c. In order to link the resultant binary, samdb_search() has been moved from deep inside rpc_server into lib/gendb.c, along with the existing gendb_search_v(). The vast majority of this patch is the simple rename that followed, (Depending on the whole SAMDB for just this function seemed pointless, and brought in futher dependencies, such as smbencrypt.c). Andrew Bartlett (This used to be commit e13c671619bd290a8b3cae8555cb281a9a185ee0)
2007-10-10r5941: Commit this patch much earlier than I would normally prefer, but ↵Andrew Bartlett1-7/+14
metze needs a working tree... The main volume of this patch was what I started working on today: - Cleans up memory handling around DCE/RPC pipes, to have a parent talloc context. - Uses sepereate inner loops for some of the DCE/RPC tests The other and more important part of this patch fixes issues surrounding the new credentials framwork: This makes the struct cli_credentials always a talloc() structure, rather than on the stack. Parts of the cli_credentials code already assumed this. There were other issues, particularly in the DCERPC over SMB handling, as well as little things that had to be tidied up before test_w2k3.sh would start to pass. Andrew Bartlett (This used to be commit 0453f9d05d2e336fba1f85dbf2718d01fa2bf778)
2007-10-10r5928: Use cli_credentials in:Jelmer Vernooij1-5/+7
- gtk+ (returned by GtkHostBindingDialog as well now) - torture/ - librpc/ - lib/com/dcom/ (This used to be commit ccefd782335e01e8e6ecb2bcd28a4f999c53b1a6)
2007-10-10r5902: A rather large change...Andrew Bartlett6-20/+24
I wanted to add a simple 'workstation' argument to the DCERPC authenticated binding calls, but this patch kind of grew from there. With SCHANNEL, the 'workstation' name (the netbios name of the client) matters, as this is what ties the session between the NETLOGON ops and the SCHANNEL bind. This changes a lot of files, and these will again be changed when jelmer does the credentials work. I also correct some schannel IDL to distinguish between workstation names and account names. The distinction matters for domain trust accounts. Issues in handling this (issues with lifetime of talloc pointers) caused me to change the 'creds_CredentialsState' and 'struct dcerpc_binding' pointers to always be talloc()ed pointers. In the schannel DB, we now store both the domain and computername, and query on both. This should ensure we fault correctly when the domain is specified incorrectly in the SCHANNEL bind. In the RPC-SCHANNEL test, I finally fixed a bug that vl pointed out, where the comment claimed we re-used a connection, but in fact we made a new connection. This was achived by breaking apart some of the dcerpc_secondary_connection() logic. The addition of workstation handling was also propogated to NTLMSSP and GENSEC, for completeness. The RPC-SAMSYNC test has been cleaned up a little, using a loop over usernames/passwords rather than manually expanded tests. This will be expanded further (the code in #if 0 in this patch) to use a newly created user account for testing. In making this test pass test_rpc.sh, I found a bug in the RPC-ECHO server, caused by the removal of [ref] and the assoicated pointer from the IDL. This has been re-added, until the underlying pidl issues are solved. (This used to be commit 824289dcc20908ddec957a4a892a103eec2da9b9)
2007-10-10r5879: Rename SAMR_FIELD_WORKSTATION to SAMR_FIELD_WORKSTATIONS - it is a list.Andrew Bartlett1-3/+3
Andrew Bartlett (This used to be commit 7822101cb5213f192f3195648970784a9de4fac4)