[SCM] Samba Shared Repository - branch master updated
Andreas Schneider
asn at samba.org
Wed Oct 26 13:07:03 UTC 2016
The branch, master has been updated
via 790fbd6 idl: Remove unused DCERPC_FAULT_UNK_IF
via f1cc938 s4-rpc_server: Use DCERPC_NCA_S_UNKNOWN_IF for fault code
via 9ef8bfa python/tests: add simple dcerpc orphaned tests
via 3c474cd python/tests: add simple dcerpc co_cancel tests
via 04c9343 python/tests: add simple dcerpc association group tests
via ca88aa8 python/tests: add a second_connection() helper function
via 4a82e83 python/tests: check context_id values of responses correctly
via 63c2cbf python/tests: make use of self.get_auth_context_creds() and self.do_generic_bind() in _test_spnego_bind_auth_level()
via 9d647bd python/tests: make use of self.get_anon_creds() and self.get_user_creds()
via 3eae2a3 python/tests: make use of get_auth_context_creds() in _test_auth_type_level_bind_nak()
via b779f07 python/tests: make use of prepare_presentation() in _get_netlogon_ctx()
via b6569bd python/tests: make it possible to specific TARGET_HOSTNAME to raw_protocol.py
via d5b58bb python:tests: add more helper functions to RawDCERPCTest
via b788507 python/tests: we now pass test_no_auth_request_bind_pfc_CONC_MPX()
via 57539c8 pidl:Python: add PyTypeObject objects for function structs
via a546124 pidl:Python: split out a PythonElementGetSet() helper function
via d5e4707 pidl:NDR: add ReturnTypeElement() helper function
via 3638571 python:ndr: add ndr_{pack,unpack,print}_{in,out} helper functions
via 9b842ba python:ndr: verify the object type ndr_print() and ndr_unpack()
via 4017561 pidl:Python: the py_{import,export}_*() functions can be static now.
via 29e75e9 s4:pyrpc: remove unused py_{import,export}_netr_* prototypes
via f7707c0 pidl:Python: make use of the pyrpc_{import,export}_union() functions
via e0324c0 pidl:Python: provide a PyTypeObject with METH_CLASS __import__() and __export__() hooks
via 596f917 s4:pyrpc: add pyrpc_{im,ex}port_union() helper functions
via 3a0ce3e pidl:Python: provide the abstract syntax as <module>.<interface>_abstract_syntax
via 1bebcca pidl:Python: prettify names of constants
via 7423d81 pidl:NDR: keep interface->{ORIGINAL}
via a560116 pidl:Python: improve the .doc string for the get/set elements
via 47b40ac pidl:Python: make use of NDR_ERR_CODE_IS_SUCCESS()
via d4660e8 pidl:Python: __ndr_print__ functions don't get arguments and need METH_NOARGS
via b728c63 pidl:Python: check the return values of talloc_ptrtype()
via ff947f2 s4:selftest: run rpc.echo with an object based binding string
via b5abc7c s4:librpc/rpc: pass the object guid to the binding handle if required
via 47d8900 librpc/rpc: verify the passed table against the table on the handle
via 4dd06fb librpc/rpc: make sure we use the object from the handle in dcerpc_binding_handle_raw_call_send()
via 55b07e1 s3:rpc_server: pass the full ndr_interface_table to rpc_pipe_open_internal()
via db4da21 s4:librpc/rpc: no longer set FLAG_OBJECT_PRESENT and FLAG_BIGENDIAN for ndr_push_ncacn_packet()
via 47221b2 librpc/rpc: no longer set FLAG_OBJECT_PRESENT and FLAG_BIGENDIAN for ndr_{pull,push}_ncacn_packet()
via e2f2250 dcerpc.idl: set LIBNDR_FLAG_* flags based on DCERPC_PFC_FLAG_OBJECT_UUID and DCERPC_DREP_LE
via a9be262 s4:rpc_server: implement DCERPC_PFC_FLAG_CONC_MPX ordering restrictions
via 50392a9 s4:rpc_server/remote: pass through DCERPC_PFC_FLAG_CONC_MPX if it was used by the client
via d2d0947 s4:rpc_server: support DCESRV_CALL_STATE_FLAG_MULTIPLEXED by default
via f44282c s4:librpc/rpc: make sure the DCERPC_CONCURRENT_MULTIPLEX and DCERPC_PFC_FLAG_CONC_MPX are in sync
via 5bad447 s4:torture/rpc: concurrent dcerpc_echo_TestSleep requests require a connection with DCERPC_CONCURRENT_MULTIPLEX
via a701af1 s4:torture/rpc: add extra_flags to torture_rpc_connection_transport()
via 7d530e9 s4:rpc_server: return the context_id of a RESPONSE in the same way as windows
via 505a1fd s4:rpc_server: return the context_id of a FAULT in a same way as windows
via 077df7f s4:rpc_server: fill call->context on the first fragment
via be8d490 python/tests: add DCERPC_BIND_TIME_KEEP_CONNECTION_ON_ORPHAN tests to dcerpc raw protocol tests
via 133130d s4:rpc_server: implement DCERPC_BIND_TIME_KEEP_CONNECTION_ON_ORPHAN support
via a70f528 s4:rpc_server: ignore CO_CANCEL and ORPHANED PDUs
via b4345f2 s4:rpc_server: list all connection oriented pdu types explicitly
via 3b5b0c5 s3:selftest: run some rpcclient tests with "packet"
via 2e09c0f s4:selftest: run some tests with "packet"
via 2d1a798 s3-rpcclient: add packet auth level command
via b6be9b5 s3-rpcclient: support [packet] in rpcclient binding strings.
via 3b82d6c s3:rpc_server: add support for DCERPC_AUTH_LEVEL_PACKET
via 77fde81 s3:cli_pipe: add support for DCERPC_AUTH_LEVEL_PACKET
via 376e58d s3:dcerpc_helpers: correctly support DCERPC_AUTH_LEVEL_PACKET
via 36f90c8 s4:librpc/rpc: add support for DCERPC_AUTH_LEVEL_PACKET
via b72d3f0 s4-torture: test support for [packet] binding string option.
via 6f642eb librpc: support "packet" for packet level authentication in binding strings
via 1a46ff2 s4:rpc_server: convert dcesrv_auth_response() into a generic dcesrv_auth_pkt_push()
via bc73cd9 s4:rpc_server: make use of dcerpc_ncacn_push_pkt_auth() in dcesrv_auth_response()
via 2e8c496 s4:rpc_server: convert dcesrv_auth_request() into a generic dcesrv_auth_pkt_pull()
via cb94ec8 s4:rpc_server: make use of dcerpc_ncacn_pull_pkt_auth() in dcesrv_auth_request()
via daf6b8c s4:librpc/rpc: make use of dcerpc_ncacn_push_pkt_auth() in ncacn_push_request_sign()
via 4e3823a s4:librpc/rpc: convert ncacn_pull_request_auth() into a generic ncacn_pull_pkt_auth()
via 791186d s4:librpc/rpc: make use of dcerpc_ncacn_pull_pkt_auth() in ncacn_pull_request_auth()
via 857b96c librpc: add dcerpc_ncacn_push_pkt_auth() helper function
via 875d011 librpc: add dcerpc_ncacn_pull_pkt_auth() helper function
via 5f17d3b python/tests: do tests to verify spnego various auth_levels
via 60099d4 python/tests: add bind time feature related tests to dcerpc raw protocol tests
via fe5b462 s4:rpc_server: implement bind time feature negotiation
via 6d70989 python/tests: add presentation context related tests to dcerpc raw protocol tests
via 00363cd python/tests: remove unused code in _test_auth_none_level_bind()
via 1edf3d8 s4:rpc_server: process all provided presentation contexts
via 450e00a s4:rpc_server: it's not a protocol error to do an alter context with an unknown transfer syntax
via 3d179d8 s4:rpc_server: split out a dcesrv_check_or_create_context() function
via ae7e7bd s4:rpc_server: use call->conn instead of call->context->conn
via 0955218 s4:rpc_server: move dcesrv_alter_resp
via 2464325 s4:rpc_server: add DCERPC_AUTH_LEVEL_PACKET support
via 05fd543 s4:rpc_server: check the auth_pad_length overflow before calling gensec_[check,unseal]_packet()
via c5dec0e s4:rpc_server: let dcesrv_auth_request() set a fault_code
via f33e4a7 s4:rpc_server: set the full DCERPC_BIND_NAK_REASON_* in dcesrv_bind()
via 0ef4911 s4:rpc_server: set DCERPC_PFC_FLAG_DID_NOT_EXECUTE for DCERPC_FAULT_OP_RNG_ERROR
via 0271fda s4:rpc_server: a fault with UNKNOWN_IF should have DID_NOT_EXECUTE set
via 6917a1c s4:librpc/rpc: implement bind_time_feature negotiation
via 3d51359 s4:librpc/rpc: force printing in dcerpc_bh_do_ndr_print() log level >= 11
via 10e9724 s4:librpc/rpc: make use of dcerpc_pull_ncacn_packet()
via 1c34351 librpc/rpc: make use of dcerpc_pull_ncacn_packet() in dcerpc_read_ncacn_packet_done()
via fc65e48 librpc/rpc: move dcerpc_pull_ncacn_packet() from source3/librpc/rpc/ to the toplevel
via ab7868a s3:librpc: move NDR_PRINT_DEBUG() into the caller of dcerpc_pull_ncacn_packet()
via 1bfba2c s3:librpc: remove bigendian argument from dcerpc_pull_ncacn_packet()
via 3c6781e dcerpc.idl: add DCERPC_FAULT_SERVER_UNAVAILABLE
via 4400d3b dcerpc.idl: remove unused dcerpc_request._pad
via 81d730e dcerpc.idl: replace dcerpc_response._pad with a uint8 reserved
via 071fe8d s4:rpc_server: skip setting of dcerpc_request._pad
via 96d317d dcerpc.idl: add dcerpc_fault_flags bitmap
via 4464896 dcerpc.idl: split the padding from a possible fault buffer in dcerpc_fault
via 0bc10e7 dcerpc.idl: remove unused DCERPC_AUTH_LEVEL_DEFAULT
via 81b0912 auth/gensec: handle DCERPC_AUTH_LEVEL_PACKET similar to DCERPC_AUTH_LEVEL_INTEGRITY
via 5204ad6 auth/gensec: only require GENSEC_FEATURE_SIGN for DCERPC_AUTH_LEVEL_INTEGRITY as client
via 5db81a1 auth/gensec: always verify the wanted SIGN/SEAL flags
via 3a0b835 s4:ldap_server: don't use gensec_want_feature(gensec_security, GENSEC_FEATURE_{SIGN,SEAL}) as server
via 3c27a10 s3:ntlm_auth: don't use gensec_want_feature(gensec_security, GENSEC_FEATURE_{SIGN,SEAL}) as server
via 77adac8 auth/ntlmssp: always allow NTLMSSP_NEGOTIATE_{SIGN,SEAL} in gensec_ntlmssp_server_start()
via b827a7e s3:gse: pass gss_got_flags to gssapi_get_sig_size()
via f0afefe s4:gensec_gssapi: pass gss_got_flags to gssapi_get_sig_size()
via cca980e s4:gensec_krb5: also report support for GENSEC_FEATURE_SIGN as krb5_mk_priv() provides sign and seal
via 6fb4453 gensec/spnego: remember the wanted features also on the main gensec context
via 00e417f libcli/smb: handle a talloc_free() on an unsent smb1 request
via 4c08920 lib/async_req: add writev_cancel()
via 754672c s4:librpc/rpc: do not use stack allocated variables for async requests
from 84786c8 libsmb: fix leak in opendir error path
https://git.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit 790fbd62f9f7863dc362036e0fc9b08fa5f21ee9
Author: Andreas Schneider <asn at samba.org>
Date: Wed Oct 26 09:28:01 2016 +0200
idl: Remove unused DCERPC_FAULT_UNK_IF
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
Autobuild-User(master): Andreas Schneider <asn at cryptomilk.org>
Autobuild-Date(master): Wed Oct 26 15:06:44 CEST 2016 on sn-devel-144
commit f1cc938451c553061ddb71a7c13c4ececd58974b
Author: Andreas Schneider <asn at samba.org>
Date: Wed Oct 26 09:27:03 2016 +0200
s4-rpc_server: Use DCERPC_NCA_S_UNKNOWN_IF for fault code
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
commit 9ef8bfabc6dabf1b240d4bb556f5bd68ea05d69d
Author: Stefan Metzmacher <metze at samba.org>
Date: Sun Sep 11 23:25:49 2016 +0200
python/tests: add simple dcerpc orphaned tests
ORPHANED is mostly ignored. It's up to the application server
implementation to install a orphaned handler.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
commit 3c474cd4890a37c22b69f716164e2c830ab76c41
Author: Stefan Metzmacher <metze at samba.org>
Date: Sun Sep 11 23:25:49 2016 +0200
python/tests: add simple dcerpc co_cancel tests
CO_CANCEL is mostly ignored. It's up to the application server
implementation to install a cancel handler.
The only implementation I found so far is the witness server
(see [MS-SWN] WitnessrAsyncNotify), which triggers a FAULT
with DCERPC_FAULT_SERVER_UNAVAILABLE.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
commit 04c934319f4d21314fbf6232b0d3c615f11a2187
Author: Stefan Metzmacher <metze at samba.org>
Date: Tue Sep 27 08:52:14 2016 +0200
python/tests: add simple dcerpc association group tests
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
commit ca88aa8124af067a99f77ed676b3d2b4a73cc995
Author: Stefan Metzmacher <metze at samba.org>
Date: Tue Sep 27 08:33:31 2016 +0200
python/tests: add a second_connection() helper function
This can be used to create a 2nd connection.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
commit 4a82e83bf932e1efe7d64d315485c331d52a0fbd
Author: Stefan Metzmacher <metze at samba.org>
Date: Wed Sep 14 00:27:02 2016 +0200
python/tests: check context_id values of responses correctly
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
commit 63c2cbf0a01a29021df0dcc3239ee532a153bca1
Author: Stefan Metzmacher <metze at samba.org>
Date: Mon Sep 26 07:46:43 2016 +0200
python/tests: make use of self.get_auth_context_creds() and self.do_generic_bind() in _test_spnego_bind_auth_level()
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
commit 9d647bdaf3454f710575a782669c16905e04e864
Author: Stefan Metzmacher <metze at samba.org>
Date: Mon Sep 26 07:46:43 2016 +0200
python/tests: make use of self.get_anon_creds() and self.get_user_creds()
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
commit 3eae2a34278335a1566f94cceccec4fa0ba1b4f4
Author: Stefan Metzmacher <metze at samba.org>
Date: Fri Sep 16 11:13:14 2016 +0200
python/tests: make use of get_auth_context_creds() in _test_auth_type_level_bind_nak()
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
commit b779f07031bb4647dbe3343cc0d2cd5089bbb749
Author: Stefan Metzmacher <metze at samba.org>
Date: Tue Sep 20 21:07:13 2016 +0200
python/tests: make use of prepare_presentation() in _get_netlogon_ctx()
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
commit b6569bd122cf0b9f8629a54b78e404f777671d91
Author: Stefan Metzmacher <metze at samba.org>
Date: Tue Sep 20 21:06:39 2016 +0200
python/tests: make it possible to specific TARGET_HOSTNAME to raw_protocol.py
SMB_CONF_PATH=/dev/null \
SERVER=w2012r2-188.w2012r2-l6.base \
USERNAME=administrator PASSWORD=A1b2C3d4 \
python/samba/tests/dcerpc/raw_protocol.py -v -f TestDCERPC_BIND
or
SMB_CONF_PATH=/dev/null \
SERVER=172.31.9.188 TARGET_HOSTNAME=w2012r2-188.w2012r2-l6.base \
USERNAME=administrator PASSWORD=A1b2C3d4 \
python/samba/tests/dcerpc/raw_protocol.py -v -f TestDCERPC_BIND
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
commit d5b58bb730127a89feced87ad2218c4fdd1f8e1c
Author: Stefan Metzmacher <metze at samba.org>
Date: Fri Sep 16 11:11:58 2016 +0200
python:tests: add more helper functions to RawDCERPCTest
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
commit b788507cff78603912a469ca75b48739a834fd63
Author: Stefan Metzmacher <metze at samba.org>
Date: Thu Sep 15 01:18:28 2016 +0200
python/tests: we now pass test_no_auth_request_bind_pfc_CONC_MPX()
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
commit 57539c84416aeb8fc8e3a8653f790b329e6fa9a1
Author: Stefan Metzmacher <metze at samba.org>
Date: Mon Sep 12 09:20:44 2016 +0200
pidl:Python: add PyTypeObject objects for function structs
They provide get/set methods for the in_* and out_* elements
and the magic __ndr_{push,pull,print}_{in,out}__ hooks to enable
the marshalling via ndr_{push,pull,print}_{in,out}().
This provides an easy way to generate and parse the payload of
DCERPC requests and responses, which is very useful for writing
tests.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
commit a546124f10d1e2bee29bc06c0b8754257d2bdc23
Author: Stefan Metzmacher <metze at samba.org>
Date: Mon Sep 12 09:20:04 2016 +0200
pidl:Python: split out a PythonElementGetSet() helper function
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
commit d5e4707e98f3613acebb9d0de7e6f944f0b1efaf
Author: Stefan Metzmacher <metze at samba.org>
Date: Tue Sep 13 09:06:50 2016 +0200
pidl:NDR: add ReturnTypeElement() helper function
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
commit 36385711f7a891a3d24db6ff8b594a43ff071f8b
Author: Stefan Metzmacher <metze at samba.org>
Date: Tue Sep 13 05:51:42 2016 +0200
python:ndr: add ndr_{pack,unpack,print}_{in,out} helper functions
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
commit 9b842badcb0fcc4b8d95473c206c68a56211435e
Author: Stefan Metzmacher <metze at samba.org>
Date: Tue Sep 13 05:51:42 2016 +0200
python:ndr: verify the object type ndr_print() and ndr_unpack()
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
commit 40175613519e7405a16e8f896dfdc2949430bc4b
Author: Stefan Metzmacher <metze at samba.org>
Date: Tue Sep 13 01:06:18 2016 +0200
pidl:Python: the py_{import,export}_*() functions can be static now.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
commit 29e75e98763623742eacf53cc680774db49f8524
Author: Stefan Metzmacher <metze at samba.org>
Date: Tue Sep 13 04:48:13 2016 +0200
s4:pyrpc: remove unused py_{import,export}_netr_* prototypes
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
commit f7707c04a5e039e757b288ad67a0c3cac9c6466a
Author: Stefan Metzmacher <metze at samba.org>
Date: Mon Sep 12 16:33:38 2016 +0200
pidl:Python: make use of the pyrpc_{import,export}_union() functions
This avoids the linking problems at C shared object level.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
commit e0324c0cf7e7c363a5791c2e35c8820b79640a47
Author: Stefan Metzmacher <metze at samba.org>
Date: Mon Sep 12 16:33:38 2016 +0200
pidl:Python: provide a PyTypeObject with METH_CLASS __import__() and __export__() hooks
These are wrappers around the currently public C functions
'py_import_*() and 'py_export_*().
In order to let other python module use these function, we should
resolve the needed type object and call the __import__() or __export__()
hooks instead of linking to the other shared module at C level.
We already do the same for structs.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
commit 596f917693315cddcf4c453e75410ef786a7a8b0
Author: Stefan Metzmacher <metze at samba.org>
Date: Tue Sep 13 04:48:13 2016 +0200
s4:pyrpc: add pyrpc_{im,ex}port_union() helper functions
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
commit 3a0ce3e41d9fdab58273c239955862b03396ea19
Author: Stefan Metzmacher <metze at samba.org>
Date: Sun Sep 25 00:48:29 2016 +0200
pidl:Python: provide the abstract syntax as <module>.<interface>_abstract_syntax
The <module>.abstract_syntax alias is only kept as legacy for
the first interface in a module.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
commit 1bebccaeb93f7fb7b6e2538d63223f01587ed14d
Author: Stefan Metzmacher <metze at samba.org>
Date: Fri Sep 23 06:49:13 2016 +0200
pidl:Python: prettify names of constants
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
commit 7423d8106ef08b94821f5fc666892234feff6f05
Author: Stefan Metzmacher <metze at samba.org>
Date: Tue Sep 13 07:57:25 2016 +0200
pidl:NDR: keep interface->{ORIGINAL}
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
commit a560116aa5228885e5f52fc46fa92151357de69c
Author: Stefan Metzmacher <metze at samba.org>
Date: Tue Sep 13 09:07:32 2016 +0200
pidl:Python: improve the .doc string for the get/set elements
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
commit 47b40ac96afbd4fb28e519b9658256ecaa304e71
Author: Stefan Metzmacher <metze at samba.org>
Date: Mon Sep 12 15:12:24 2016 +0200
pidl:Python: make use of NDR_ERR_CODE_IS_SUCCESS()
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
commit d4660e869790c7da1cb97e9d95a995e5a32b34ef
Author: Stefan Metzmacher <metze at samba.org>
Date: Sun Sep 25 01:07:14 2016 +0200
pidl:Python: __ndr_print__ functions don't get arguments and need METH_NOARGS
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
commit b728c63bcb5860aed2db43139d191bc149ceba83
Author: Stefan Metzmacher <metze at samba.org>
Date: Mon Sep 12 15:12:50 2016 +0200
pidl:Python: check the return values of talloc_ptrtype()
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
commit ff947f2765a1351fa548437b1189b2025c571b50
Author: Stefan Metzmacher <metze at samba.org>
Date: Sat Sep 24 08:47:44 2016 +0200
s4:selftest: run rpc.echo with an object based binding string
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
commit b5abc7cadc48146576da3187437ca3486da05c3d
Author: Stefan Metzmacher <metze at samba.org>
Date: Sat Sep 24 00:22:41 2016 +0200
s4:librpc/rpc: pass the object guid to the binding handle if required
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
commit 47d89002a4c30e50e3efaced689dd87edbbafa9a
Author: Stefan Metzmacher <metze at samba.org>
Date: Sat Sep 24 02:24:11 2016 +0200
librpc/rpc: verify the passed table against the table on the handle
Now that all callers of dcerpc_binding_handle_create() are fixed.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
commit 4dd06fb721940ff2c7efab361da91de2fb40891f
Author: Stefan Metzmacher <metze at samba.org>
Date: Sat Sep 24 00:22:12 2016 +0200
librpc/rpc: make sure we use the object from the handle in dcerpc_binding_handle_raw_call_send()
If there's an object set on the binding handle, we need to use that
and disallow per request passing of object.
The normal client code will always have the object on the binding handle.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
commit 55b07e1dec23ba18f072127540d82ba9e4f6218a
Author: Stefan Metzmacher <metze at samba.org>
Date: Sat Sep 24 02:08:47 2016 +0200
s3:rpc_server: pass the full ndr_interface_table to rpc_pipe_open_internal()
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
commit db4da21aaa82e5fe4fb3322eaa5d65ed1301fe78
Author: Stefan Metzmacher <metze at samba.org>
Date: Tue Sep 20 21:19:28 2016 +0200
s4:librpc/rpc: no longer set FLAG_OBJECT_PRESENT and FLAG_BIGENDIAN for ndr_push_ncacn_packet()
This is no longer required, it's done inside.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
commit 47221b2f95b0a548eb6980b16ff2265ee9b9af67
Author: Stefan Metzmacher <metze at samba.org>
Date: Tue Sep 20 21:19:28 2016 +0200
librpc/rpc: no longer set FLAG_OBJECT_PRESENT and FLAG_BIGENDIAN for ndr_{pull,push}_ncacn_packet()
This is no longer required, it's done inside.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
commit e2f2250456e811ae7af3f81c4e2f65ecb58418e6
Author: Stefan Metzmacher <metze at samba.org>
Date: Tue Sep 13 17:03:47 2016 +0200
dcerpc.idl: set LIBNDR_FLAG_* flags based on DCERPC_PFC_FLAG_OBJECT_UUID and DCERPC_DREP_LE
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
commit a9be262daaa25264e7a15d055066a3eed0a95002
Author: Stefan Metzmacher <metze at samba.org>
Date: Fri Sep 16 12:35:54 2016 +0200
s4:rpc_server: implement DCERPC_PFC_FLAG_CONC_MPX ordering restrictions
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
commit 50392a92521c425b6a24c22a53a384bb7ec0ab0f
Author: Stefan Metzmacher <metze at samba.org>
Date: Thu Sep 15 18:18:46 2016 +0200
s4:rpc_server/remote: pass through DCERPC_PFC_FLAG_CONC_MPX if it was used by the client
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
commit d2d09474dd55631e127380d3931572b34e2945c2
Author: Stefan Metzmacher <metze at samba.org>
Date: Thu Sep 15 18:18:01 2016 +0200
s4:rpc_server: support DCESRV_CALL_STATE_FLAG_MULTIPLEXED by default
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
commit f44282ca07b130379043ac64ebcd6b0bb0975458
Author: Stefan Metzmacher <metze at samba.org>
Date: Thu Sep 15 18:17:44 2016 +0200
s4:librpc/rpc: make sure the DCERPC_CONCURRENT_MULTIPLEX and DCERPC_PFC_FLAG_CONC_MPX are in sync
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
commit 5bad44776826cf4e53920065e07013476d58e110
Author: Stefan Metzmacher <metze at samba.org>
Date: Thu Sep 15 08:45:51 2016 +0200
s4:torture/rpc: concurrent dcerpc_echo_TestSleep requests require a connection with DCERPC_CONCURRENT_MULTIPLEX
Concurrent requests are only allowed if the client asked for
DCERPC_PFC_FLAG_CONC_MPX in the DCERPC_BIND.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
commit a701af1d766a8787beb580d069d2f5fff2f43e98
Author: Stefan Metzmacher <metze at samba.org>
Date: Thu Sep 15 08:36:32 2016 +0200
s4:torture/rpc: add extra_flags to torture_rpc_connection_transport()
This can be used to pass DCERPC_CONCURRENT_MULTIPLEX, which
sends DCERPC_PFC_FLAG_CONC_MPX in the DCERPC_BIND.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
commit 7d530e962f25710cb3e9fe47ed1c4e237c74d770
Author: Stefan Metzmacher <metze at samba.org>
Date: Wed Sep 14 01:17:19 2016 +0200
s4:rpc_server: return the context_id of a RESPONSE in the same way as windows
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
commit 505a1fdf0dd06d357655ab8904d75b402cab44a0
Author: Stefan Metzmacher <metze at samba.org>
Date: Wed Sep 14 01:17:19 2016 +0200
s4:rpc_server: return the context_id of a FAULT in a same way as windows
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
commit 077df7f08a0073f9e768a99dd26c43f47867f442
Author: Stefan Metzmacher <metze at samba.org>
Date: Wed Sep 14 01:16:19 2016 +0200
s4:rpc_server: fill call->context on the first fragment
This allows us to get fault responses right.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
commit be8d4900e905c8687f798421ebfd64640d107bbf
Author: Stefan Metzmacher <metze at samba.org>
Date: Fri Oct 23 15:39:34 2015 +0200
python/tests: add DCERPC_BIND_TIME_KEEP_CONNECTION_ON_ORPHAN tests to dcerpc raw protocol tests
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
commit 133130d2638ce5655d95c5efc14e6b6ed8304159
Author: Stefan Metzmacher <metze at samba.org>
Date: Tue Oct 6 10:18:06 2015 +0200
s4:rpc_server: implement DCERPC_BIND_TIME_KEEP_CONNECTION_ON_ORPHAN support
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Günther Deschner <gd at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
commit a70f52894986818e4d07c81d4af8ef86f575cfbd
Author: Stefan Metzmacher <metze at samba.org>
Date: Fri Jun 26 08:10:46 2015 +0200
s4:rpc_server: ignore CO_CANCEL and ORPHANED PDUs
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Günther Deschner <gd at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
commit b4345f232b7fe88ba52abf226a91c9603b9775a8
Author: Stefan Metzmacher <metze at samba.org>
Date: Tue Oct 13 14:36:56 2015 +0200
s4:rpc_server: list all connection oriented pdu types explicitly
See DCE-RPC-1.1.pdf Section 12.6 Connection-oriented RPC PDUs Page 588.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
commit 3b5b0c5061a68dbdf9c685a8c5bf9265da67cca6
Author: Stefan Metzmacher <metze at samba.org>
Date: Fri Sep 23 04:30:03 2016 +0200
s3:selftest: run some rpcclient tests with "packet"
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Günther Deschner <gd at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
commit 2e09c0fb1e85abfe21129e144de1196991695cdf
Author: Stefan Metzmacher <metze at samba.org>
Date: Mon Sep 19 07:29:59 2016 +0200
s4:selftest: run some tests with "packet"
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Günther Deschner <gd at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
commit 2d1a798532c8a3774fec71ce3eeb3151c20d44e4
Author: Günther Deschner <gd at samba.org>
Date: Tue Sep 6 17:11:29 2016 +0200
s3-rpcclient: add packet auth level command
Guenther
Signed-off-by: Guenther Deschner <gd at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
commit b6be9b5f95537da0b6d9c1312ec8b934af1aed0f
Author: Günther Deschner <gd at samba.org>
Date: Tue Sep 6 17:07:32 2016 +0200
s3-rpcclient: support [packet] in rpcclient binding strings.
Guenther
Signed-off-by: Guenther Deschner <gd at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
commit 3b82d6cc2ee5211a7d817594f4de925fd7a40a10
Author: Stefan Metzmacher <metze at samba.org>
Date: Fri Sep 23 00:16:13 2016 +0200
s3:rpc_server: add support for DCERPC_AUTH_LEVEL_PACKET
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Günther Deschner <gd at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
commit 77fde816c3e2dcf836dc9b78c505fb91a7b49191
Author: Günther Deschner <gd at samba.org>
Date: Tue Aug 30 15:52:41 2016 +0200
s3:cli_pipe: add support for DCERPC_AUTH_LEVEL_PACKET
Pair-Programmed-With: Stefan Metzmacher <metze at samba.org>
Signed-off-by: Guenther Deschner <gd at samba.org>
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
commit 376e58d2fbb1f8ed383158cafce3e73adefa7ddf
Author: Stefan Metzmacher <metze at samba.org>
Date: Fri Sep 23 00:11:03 2016 +0200
s3:dcerpc_helpers: correctly support DCERPC_AUTH_LEVEL_PACKET
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Günther Deschner <gd at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
commit 36f90c8f134c2224645b46ed9cddc5668c76756e
Author: Günther Deschner <gd at samba.org>
Date: Tue Aug 30 15:52:41 2016 +0200
s4:librpc/rpc: add support for DCERPC_AUTH_LEVEL_PACKET
Pair-Programmed-With: Stefan Metzmacher <metze at samba.org>
Signed-off-by: Guenther Deschner <gd at samba.org>
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
commit b72d3f0ba567af629d38367b2af961d804f1586d
Author: Günther Deschner <gd at samba.org>
Date: Wed Aug 31 17:51:12 2016 +0200
s4-torture: test support for [packet] binding string option.
Guenther
Signed-off-by: Guenther Deschner <gd at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
commit 6f642eb3066358fa41fb8d7e8bec420277223af4
Author: Günther Deschner <gd at samba.org>
Date: Tue Aug 30 15:44:40 2016 +0200
librpc: support "packet" for packet level authentication in binding strings
Guenther
Signed-off-by: Guenther Deschner <gd at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
commit 1a46ff2a0fb74fa0c87cb19ac786cc260450acd9
Author: Stefan Metzmacher <metze at samba.org>
Date: Fri Oct 23 16:06:17 2015 +0200
s4:rpc_server: convert dcesrv_auth_response() into a generic dcesrv_auth_pkt_push()
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
commit bc73cd97eec77a809d42596368149668d5ba2913
Author: Stefan Metzmacher <metze at samba.org>
Date: Fri Oct 23 16:06:17 2015 +0200
s4:rpc_server: make use of dcerpc_ncacn_push_pkt_auth() in dcesrv_auth_response()
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
commit 2e8c496ef5b1af57f87519cb01a3fc5efa7924ed
Author: Stefan Metzmacher <metze at samba.org>
Date: Wed Oct 28 13:04:38 2015 +0100
s4:rpc_server: convert dcesrv_auth_request() into a generic dcesrv_auth_pkt_pull()
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
commit cb94ec8424754796ea3302d36051c2ec677f7f10
Author: Stefan Metzmacher <metze at samba.org>
Date: Wed Oct 28 13:04:38 2015 +0100
s4:rpc_server: make use of dcerpc_ncacn_pull_pkt_auth() in dcesrv_auth_request()
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
commit daf6b8c01b765686e64c12e7d65c5da8f62344f8
Author: Stefan Metzmacher <metze at samba.org>
Date: Thu Sep 8 15:07:36 2016 +0200
s4:librpc/rpc: make use of dcerpc_ncacn_push_pkt_auth() in ncacn_push_request_sign()
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
commit 4e3823ae0429c376dda71bbbda46d5e5f1a0a7b6
Author: Stefan Metzmacher <metze at samba.org>
Date: Tue Oct 13 15:42:32 2015 +0200
s4:librpc/rpc: convert ncacn_pull_request_auth() into a generic ncacn_pull_pkt_auth()
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
commit 791186d8247fdce4870b4473f61a9265ffccd17d
Author: Stefan Metzmacher <metze at samba.org>
Date: Tue Oct 13 15:42:32 2015 +0200
s4:librpc/rpc: make use of dcerpc_ncacn_pull_pkt_auth() in ncacn_pull_request_auth()
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
commit 857b96cafcbd609338f33bcc17036f278063d067
Author: Stefan Metzmacher <metze at samba.org>
Date: Tue Sep 6 17:17:36 2016 +0200
librpc: add dcerpc_ncacn_push_pkt_auth() helper function
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
commit 875d0111b45c3415cda50a7b4ec6ddf70d24b621
Author: Stefan Metzmacher <metze at samba.org>
Date: Tue Sep 6 16:43:53 2016 +0200
librpc: add dcerpc_ncacn_pull_pkt_auth() helper function
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
commit 5f17d3bd29955ac5425d24213110d670f08be9b9
Author: Stefan Metzmacher <metze at samba.org>
Date: Wed Aug 31 13:15:01 2016 +0200
python/tests: do tests to verify spnego various auth_levels
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
commit 60099d491b18d460330aaeb49c1560cc5cd1816d
Author: Stefan Metzmacher <metze at samba.org>
Date: Fri Oct 23 15:39:34 2015 +0200
python/tests: add bind time feature related tests to dcerpc raw protocol tests
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
commit fe5b462a76fac9a1e16417060646cdfbb30a2ae1
Author: Stefan Metzmacher <metze at samba.org>
Date: Tue Oct 6 10:18:06 2015 +0200
s4:rpc_server: implement bind time feature negotiation
For now we don't really support any negotiated features.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
commit 6d70989c5c66d24741ff2b43a74548dc916bdb4f
Author: Stefan Metzmacher <metze at samba.org>
Date: Fri Oct 23 15:39:34 2015 +0200
python/tests: add presentation context related tests to dcerpc raw protocol tests
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
commit 00363cd2673a5ac8702acf2b4bf08cb6abc7c213
Author: Stefan Metzmacher <metze at samba.org>
Date: Wed Aug 31 15:05:37 2016 +0200
python/tests: remove unused code in _test_auth_none_level_bind()
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
commit 1edf3d89c4aa2a4dddd1ad03f0eb44fb9fa3e31e
Author: Stefan Metzmacher <metze at samba.org>
Date: Tue Oct 6 10:18:06 2015 +0200
s4:rpc_server: process all provided presentation contexts
We should respond with an explicit result for each presentation context,
while we also accept one new context per BIND/ALTER_CONTEXT.
For now we still only support NDR32, but adding NDR64 should
be fairly easy now.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
commit 450e00a8a7e987f52600573c04f0a0f7d4d3885e
Author: Stefan Metzmacher <metze at samba.org>
Date: Tue Aug 30 14:35:34 2016 +0200
s4:rpc_server: it's not a protocol error to do an alter context with an unknown transfer syntax
Windows 2012R2 only returns a protocol error if the client wants to change
between supported transfer syntaxes, e.g. from NDR32 to NDR64.
If the proposed transfer syntax is not known to the server,
the request will be silently ignored.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
commit 3d179d86fafe281a9c9f93e8fb996bf2ee1fa10c
Author: Stefan Metzmacher <metze at samba.org>
Date: Sun Jun 28 13:15:33 2015 +0200
s4:rpc_server: split out a dcesrv_check_or_create_context() function
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
commit ae7e7bd1b79c815d644a79a3809bff58a46c617a
Author: Stefan Metzmacher <metze at samba.org>
Date: Tue Aug 16 06:40:21 2016 +0200
s4:rpc_server: use call->conn instead of call->context->conn
It's the same, but call->context might be NULL in future.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Günther Deschner <gd at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
commit 0955218b570a35a99757074be081d1bdc48a21d9
Author: Stefan Metzmacher <metze at samba.org>
Date: Tue Aug 16 06:33:41 2016 +0200
s4:rpc_server: move dcesrv_alter_resp
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Günther Deschner <gd at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
commit 24643253588e238a9766fe34ecca78ec5bb1636e
Author: Stefan Metzmacher <metze at samba.org>
Date: Wed Aug 31 21:43:14 2016 +0200
s4:rpc_server: add DCERPC_AUTH_LEVEL_PACKET support
This is basically an alias for DCERPC_AUTH_LEVEL_INTEGRITY
in the context of connection oriented DCERPC.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Günther Deschner <gd at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
commit 05fd543a7874a40b9457839b090891468d29cef3
Author: Stefan Metzmacher <metze at samba.org>
Date: Thu Sep 1 10:35:13 2016 +0200
s4:rpc_server: check the auth_pad_length overflow before calling gensec_[check,unseal]_packet()
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Günther Deschner <gd at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
commit c5dec0e41cf18ba1f787e848106985a8b9aee201
Author: Stefan Metzmacher <metze at samba.org>
Date: Thu Sep 1 10:31:04 2016 +0200
s4:rpc_server: let dcesrv_auth_request() set a fault_code
gensec_check_packet() and gensec_unseal_packet() failures
should generate DCERPC_FAULT_SEC_PKG_ERROR.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Günther Deschner <gd at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
commit f33e4a70d7ca6b20a5bd08af35333c5cfc86308d
Author: Stefan Metzmacher <metze at samba.org>
Date: Wed Aug 31 21:39:25 2016 +0200
s4:rpc_server: set the full DCERPC_BIND_NAK_REASON_* in dcesrv_bind()
This is required in order to support DCERPC_BIND_NAK_REASON_INVALID_AUTH_TYPE
vs. DCERPC_BIND_NAK_REASON_INVALID_CHECKSUM.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Günther Deschner <gd at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
commit 0ef4911d95555ad9da1b54be76e0dbaea73261d1
Author: Stefan Metzmacher <metze at samba.org>
Date: Mon Aug 29 18:37:00 2016 +0200
s4:rpc_server: set DCERPC_PFC_FLAG_DID_NOT_EXECUTE for DCERPC_FAULT_OP_RNG_ERROR
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Günther Deschner <gd at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
commit 0271fdaabedf2bbea7a5f6ee46df4c3263c5945f
Author: Stefan Metzmacher <metze at samba.org>
Date: Thu Aug 18 14:17:58 2016 +0200
s4:rpc_server: a fault with UNKNOWN_IF should have DID_NOT_EXECUTE set
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Günther Deschner <gd at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
commit 6917a1c28fd3e7f3522e81b7370e04913d7b755d
Author: Stefan Metzmacher <metze at samba.org>
Date: Tue Oct 6 12:25:53 2015 +0200
s4:librpc/rpc: implement bind_time_feature negotiation
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Günther Deschner <gd at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
commit 3d51359c86c05ec74220afb122d806fa5045c65f
Author: Stefan Metzmacher <metze at samba.org>
Date: Tue Feb 17 08:38:36 2015 +0100
s4:librpc/rpc: force printing in dcerpc_bh_do_ndr_print() log level >= 11
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Günther Deschner <gd at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
commit 10e97240efb3dc22142769c25b2c7e2d4475402d
Author: Stefan Metzmacher <metze at samba.org>
Date: Wed Oct 28 16:06:30 2015 +0100
s4:librpc/rpc: make use of dcerpc_pull_ncacn_packet()
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Günther Deschner <gd at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
commit 1c34351afccc7e47bc931a9efd031304bf095a2c
Author: Stefan Metzmacher <metze at samba.org>
Date: Wed Oct 28 12:27:43 2015 +0100
librpc/rpc: make use of dcerpc_pull_ncacn_packet() in dcerpc_read_ncacn_packet_done()
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Günther Deschner <gd at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
commit fc65e48cbef3a6fe2171fda069f77e7d561b6c3f
Author: Stefan Metzmacher <metze at samba.org>
Date: Wed Oct 28 12:23:00 2015 +0100
librpc/rpc: move dcerpc_pull_ncacn_packet() from source3/librpc/rpc/ to the toplevel
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Günther Deschner <gd at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
commit ab7868a9646f295c0edf534b84b47a5e7dc9f7d9
Author: Stefan Metzmacher <metze at samba.org>
Date: Wed Oct 28 12:21:43 2015 +0100
s3:librpc: move NDR_PRINT_DEBUG() into the caller of dcerpc_pull_ncacn_packet()
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Günther Deschner <gd at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
commit 1bfba2c5161c0e27f8c27301f258360aedf1b018
Author: Stefan Metzmacher <metze at samba.org>
Date: Wed Oct 28 12:16:05 2015 +0100
s3:librpc: remove bigendian argument from dcerpc_pull_ncacn_packet()
We should get this from the packet itself.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Günther Deschner <gd at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
commit 3c6781ee4e1990c4e9700f2e8bb228ebeec340e9
Author: Stefan Metzmacher <metze at samba.org>
Date: Tue Sep 27 18:17:42 2016 +0200
dcerpc.idl: add DCERPC_FAULT_SERVER_UNAVAILABLE
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
commit 4400d3bde58551cf504c99e9d82041d597ee5eeb
Author: Stefan Metzmacher <metze at samba.org>
Date: Tue Sep 6 15:41:30 2016 +0200
dcerpc.idl: remove unused dcerpc_request._pad
typedef struct {
uint32 alloc_hint;
uint16 context_id;
uint16 opnum;
/*
* NDR_DCERPC_REQUEST_OBJECT_PRESENT
* is defined differently for ndr_dcerpc.c and py_dcerpc.c
*/
[switch_is(NDR_DCERPC_REQUEST_OBJECT_PRESENT)] dcerpc_object object;
[flag(NDR_REMAINING)] DATA_BLOB stub_and_verifier;
} dcerpc_request;
- the generic dcerpc header has a size of 16 bytes.
- alloc_hint, context_id and opnum are 8 bytes together.
- dcerpc_object is 0 or 16 bytes.
That means stub_and_verifier is always aligned to 8 bytes
(either at offset 24 or 40).
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
commit 81d730edb59d3ab000fc28b23c3758fffca60c98
Author: Stefan Metzmacher <metze at samba.org>
Date: Tue Oct 13 16:00:40 2015 +0200
dcerpc.idl: replace dcerpc_response._pad with a uint8 reserved
typedef struct {
uint32 alloc_hint;
uint16 context_id;
uint8 cancel_count;
[value(0)] uint8 reserved;
[flag(NDR_REMAINING)] DATA_BLOB stub_and_verifier;
} dcerpc_response;
- the generic dcerpc header has a size of 16 bytes
- alloc_hint, context_id, cancel_count and reserved are 8 bytes together
So stub_and_verifier is 8 byte aligned at offset 24.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
commit 071fe8d50fbf60e9da076093203fa40ffda2672b
Author: Stefan Metzmacher <metze at samba.org>
Date: Tue Sep 6 15:38:14 2016 +0200
s4:rpc_server: skip setting of dcerpc_request._pad
This is marked as [flag(NDR_ALIGN8)] DATA_BLOB _pad;
and ndr_push_dcerpc_request() will just ignore the content
and align to 8 bytes with zero padding.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
commit 96d317def154f77f5bf1e5f67349816cd1115f48
Author: Stefan Metzmacher <metze at samba.org>
Date: Tue Sep 20 03:26:22 2016 +0200
dcerpc.idl: add dcerpc_fault_flags bitmap
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Günther Deschner <gd at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
commit 44648961671fe6b42780ab3fa95739233bad4894
Author: Stefan Metzmacher <metze at samba.org>
Date: Fri Oct 9 06:51:16 2015 +0200
dcerpc.idl: split the padding from a possible fault buffer in dcerpc_fault
The 4 bytes of padding are always present and part of the header.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Günther Deschner <gd at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
commit 0bc10e7c462065d9a1dcb27713e726f4a4e56266
Author: Stefan Metzmacher <metze at samba.org>
Date: Wed Oct 28 16:11:22 2015 +0100
dcerpc.idl: remove unused DCERPC_AUTH_LEVEL_DEFAULT
Also the default should not be DCERPC_AUTH_LEVEL_CONNECT
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Günther Deschner <gd at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
commit 81b09128637e154fc2b5749a1b09068caab1e974
Author: Stefan Metzmacher <metze at samba.org>
Date: Wed Aug 31 21:57:31 2016 +0200
auth/gensec: handle DCERPC_AUTH_LEVEL_PACKET similar to DCERPC_AUTH_LEVEL_INTEGRITY
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Günther Deschner <gd at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
commit 5204ad6a14d4ff4ecb5ed38e2a8680426bb5ed52
Author: Stefan Metzmacher <metze at samba.org>
Date: Thu Sep 1 11:00:54 2016 +0200
auth/gensec: only require GENSEC_FEATURE_SIGN for DCERPC_AUTH_LEVEL_INTEGRITY as client
On the server this check is deferred to the first request.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Günther Deschner <gd at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
commit 5db81a11013541eb9c543501e37d670471727cee
Author: Stefan Metzmacher <metze at samba.org>
Date: Thu Sep 1 10:54:17 2016 +0200
auth/gensec: always verify the wanted SIGN/SEAL flags
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Günther Deschner <gd at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
commit 3a0b835408a6efa339e8b34333906bfe3aacd6e3
Author: Stefan Metzmacher <metze at samba.org>
Date: Thu Sep 1 10:58:16 2016 +0200
s4:ldap_server: don't use gensec_want_feature(gensec_security, GENSEC_FEATURE_{SIGN,SEAL}) as server
They're always supported and using gensec_want_feature() on them would require
them in future.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Günther Deschner <gd at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
commit 3c27a10e1c77ce82dabcb68338155bc52c97a527
Author: Stefan Metzmacher <metze at samba.org>
Date: Thu Sep 1 10:58:16 2016 +0200
s3:ntlm_auth: don't use gensec_want_feature(gensec_security, GENSEC_FEATURE_{SIGN,SEAL}) as server
They're always supported and using gensec_want_feature() on them would require
them in future.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Günther Deschner <gd at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
commit 77adac8c3cd2f7419894d18db735782c9646a202
Author: Stefan Metzmacher <metze at samba.org>
Date: Thu Sep 1 10:56:57 2016 +0200
auth/ntlmssp: always allow NTLMSSP_NEGOTIATE_{SIGN,SEAL} in gensec_ntlmssp_server_start()
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Günther Deschner <gd at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
commit b827a7e8605ada8af6121177c280ef3b436a6c73
Author: Stefan Metzmacher <metze at samba.org>
Date: Fri Sep 2 08:20:37 2016 +0200
s3:gse: pass gss_got_flags to gssapi_get_sig_size()
We need to calculate the signature length based on the negotiated
flags. This is most important on the server side where,
gss_accept_sec_context() doesn't get gss_want_flags, but fills
gss_got_flags.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Günther Deschner <gd at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
commit f0afefefe41b0f8c19392f05476eb03d7911958b
Author: Stefan Metzmacher <metze at samba.org>
Date: Fri Sep 2 08:20:37 2016 +0200
s4:gensec_gssapi: pass gss_got_flags to gssapi_get_sig_size()
We need to calculate the signature length based on the negotiated
flags. This is most important on the server side where,
gss_accept_sec_context() doesn't get gss_want_flags, but fills
gss_got_flags.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Günther Deschner <gd at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
commit cca980eb5124261379aa821a1f5dc5dac9c9b04b
Author: Stefan Metzmacher <metze at samba.org>
Date: Mon Sep 5 09:00:30 2016 +0200
s4:gensec_krb5: also report support for GENSEC_FEATURE_SIGN as krb5_mk_priv() provides sign and seal
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Günther Deschner <gd at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
commit 6fb4453d1e2814674aa5f6fc70ae85d297a0b60d
Author: Stefan Metzmacher <metze at samba.org>
Date: Thu Sep 1 10:52:34 2016 +0200
gensec/spnego: remember the wanted features also on the main gensec context
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Günther Deschner <gd at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
commit 00e417ffa026025e9ebb6be0d6858b574b7422c1
Author: Stefan Metzmacher <metze at samba.org>
Date: Thu Sep 15 11:46:33 2016 +0200
libcli/smb: handle a talloc_free() on an unsent smb1 request
When a the higher level does a TALLOC_FREE() on an already
queued request, we need to check whether we already sent a byte,
if not we can try to unwind the smb1 signing sequence number,
if there was only one pending request, in all other cases
we need to disconnect the connection.
I noticed that when seeing during an smb1cli_close()
from tstream_smbXcli_np_destructor().
TODO: we may want to have a similar smbXcli_conn_cancel_read_req() in future.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
commit 4c08920b8389ddc646ac1793930fefb9f2b92cc9
Author: Stefan Metzmacher <metze at samba.org>
Date: Thu Sep 15 11:41:56 2016 +0200
lib/async_req: add writev_cancel()
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
commit 754672ce7678a686718179731225c7cc4e13db36
Author: Matthieu Patou <mat at matws.net>
Date: Wed Sep 25 16:41:03 2013 -0700
s4:librpc/rpc: do not use stack allocated variables for async requests
Signed-off-by: Matthieu Patou <mat at matws.net>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
-----------------------------------------------------------------------
Summary of changes:
auth/gensec/gensec.c | 43 +-
auth/gensec/gensec_start.c | 12 +-
auth/gensec/spnego.c | 2 +-
auth/ntlmssp/gensec_ntlmssp_server.c | 8 +
lib/async_req/async_sock.c | 38 +-
libcli/smb/smbXcli_base.c | 139 +-
librpc/idl/dcerpc.idl | 25 +-
librpc/ndr/ndr_dcerpc.c | 82 ++
librpc/rpc/binding.c | 3 +
librpc/rpc/binding_handle.c | 18 +-
librpc/rpc/dcerpc_error.c | 1 +
librpc/rpc/dcerpc_util.c | 403 +++++-
librpc/rpc/rpc_common.h | 25 +
librpc/wscript_build | 2 +-
pidl/lib/Parse/Pidl/NDR.pm | 24 +-
pidl/lib/Parse/Pidl/Samba4/Python.pm | 870 ++++++++++-
python/samba/ndr.py | 87 +-
python/samba/tests/__init__.py | 459 +++++-
python/samba/tests/dcerpc/raw_protocol.py | 2219 ++++++++++++++++++++++++++---
selftest/knownfail | 12 +
source3/librpc/crypto/gse.c | 2 +-
source3/librpc/rpc/dcerpc.h | 4 -
source3/librpc/rpc/dcerpc_helpers.c | 60 +-
source3/rpc_client/cli_pipe.c | 13 +-
source3/rpc_server/rpc_ncacn_np.c | 22 +-
source3/rpc_server/rpc_ncacn_np.h | 2 +-
source3/rpc_server/srv_pipe.c | 6 +-
source3/rpcclient/rpcclient.c | 46 +
source3/selftest/tests.py | 2 +-
source3/utils/ntlm_auth.c | 3 -
source3/winbindd/winbindd_cm.c | 2 +-
source4/auth/gensec/gensec_gssapi.c | 2 +-
source4/auth/gensec/gensec_krb5.c | 17 +-
source4/ldap_server/ldap_bind.c | 2 -
source4/librpc/rpc/dcerpc.c | 420 ++----
source4/librpc/rpc/dcerpc.h | 4 +
source4/librpc/rpc/dcerpc_auth.c | 24 +-
source4/librpc/rpc/dcerpc_sock.c | 6 +-
source4/librpc/rpc/dcerpc_util.c | 18 +-
source4/librpc/rpc/pyrpc.h | 13 -
source4/librpc/rpc/pyrpc_util.c | 93 ++
source4/librpc/rpc/pyrpc_util.h | 5 +
source4/librpc/tests/binding_string.c | 19 +
source4/rpc_server/common/reply.c | 37 +-
source4/rpc_server/dcerpc_server.c | 641 ++++++---
source4/rpc_server/dcerpc_server.h | 11 +
source4/rpc_server/dcesrv_auth.c | 310 ++--
source4/rpc_server/remote/dcesrv_remote.c | 17 +-
source4/selftest/tests.py | 5 +-
source4/torture/rpc/echo.c | 17 +
source4/torture/rpc/handles.c | 33 +-
source4/torture/rpc/rpc.c | 8 +-
source4/torture/rpc/witness.c | 2 +-
53 files changed, 5046 insertions(+), 1292 deletions(-)
Changeset truncated at 500 lines:
diff --git a/auth/gensec/gensec.c b/auth/gensec/gensec.c
index 3f3c31b..373af5c 100644
--- a/auth/gensec/gensec.c
+++ b/auth/gensec/gensec.c
@@ -227,45 +227,32 @@ _PUBLIC_ size_t gensec_max_update_size(struct gensec_security *gensec_security)
return gensec_security->max_update_size;
}
-static NTSTATUS gensec_verify_dcerpc_auth_level(struct gensec_security *gensec_security)
+static NTSTATUS gensec_verify_features(struct gensec_security *gensec_security)
{
- if (gensec_security->dcerpc_auth_level == 0) {
- return NT_STATUS_OK;
- }
-
/*
- * Because callers using the
- * gensec_start_mech_by_auth_type() never call
- * gensec_want_feature(), it isn't sensible for them
- * to have to call gensec_have_feature() manually, and
- * these are not points of negotiation, but are
- * asserted by the client
+ * gensec_want_feature(GENSEC_FEATURE_SIGN)
+ * and
+ * gensec_want_feature(GENSEC_FEATURE_SEAL)
+ * require these flags to be available.
*/
- switch (gensec_security->dcerpc_auth_level) {
- case DCERPC_AUTH_LEVEL_INTEGRITY:
+ if (gensec_security->want_features & GENSEC_FEATURE_SIGN) {
if (!gensec_have_feature(gensec_security, GENSEC_FEATURE_SIGN)) {
DEBUG(0,("Did not manage to negotiate mandatory feature "
- "SIGN for dcerpc auth_level %u\n",
- gensec_security->dcerpc_auth_level));
+ "SIGN\n"));
return NT_STATUS_ACCESS_DENIED;
}
- break;
- case DCERPC_AUTH_LEVEL_PRIVACY:
- if (!gensec_have_feature(gensec_security, GENSEC_FEATURE_SIGN)) {
+ }
+ if (gensec_security->want_features & GENSEC_FEATURE_SEAL) {
+ if (!gensec_have_feature(gensec_security, GENSEC_FEATURE_SEAL)) {
DEBUG(0,("Did not manage to negotiate mandatory feature "
- "SIGN for dcerpc auth_level %u\n",
- gensec_security->dcerpc_auth_level));
+ "SEAL\n"));
return NT_STATUS_ACCESS_DENIED;
}
- if (!gensec_have_feature(gensec_security, GENSEC_FEATURE_SEAL)) {
+ if (!gensec_have_feature(gensec_security, GENSEC_FEATURE_SIGN)) {
DEBUG(0,("Did not manage to negotiate mandatory feature "
- "SEAL for dcerpc auth_level %u\n",
- gensec_security->dcerpc_auth_level));
+ "SIGN for SEAL\n"));
return NT_STATUS_ACCESS_DENIED;
}
- break;
- default:
- break;
}
return NT_STATUS_OK;
@@ -315,7 +302,7 @@ _PUBLIC_ NTSTATUS gensec_update_ev(struct gensec_security *gensec_security,
* these are not points of negotiation, but are
* asserted by the client
*/
- status = gensec_verify_dcerpc_auth_level(gensec_security);
+ status = gensec_verify_features(gensec_security);
if (!NT_STATUS_IS_OK(status)) {
return status;
}
@@ -490,7 +477,7 @@ static void gensec_update_subreq_done(struct tevent_req *subreq)
* these are not points of negotiation, but are
* asserted by the client
*/
- status = gensec_verify_dcerpc_auth_level(state->gensec_security);
+ status = gensec_verify_features(state->gensec_security);
if (tevent_req_nterror(req, status)) {
return;
}
diff --git a/auth/gensec/gensec_start.c b/auth/gensec/gensec_start.c
index 1e61627..31a5559 100644
--- a/auth/gensec/gensec_start.c
+++ b/auth/gensec/gensec_start.c
@@ -742,7 +742,17 @@ _PUBLIC_ NTSTATUS gensec_start_mech_by_authtype(struct gensec_security *gensec_s
gensec_want_feature(gensec_security, GENSEC_FEATURE_DCE_STYLE);
gensec_want_feature(gensec_security, GENSEC_FEATURE_ASYNC_REPLIES);
if (auth_level == DCERPC_AUTH_LEVEL_INTEGRITY) {
- gensec_want_feature(gensec_security, GENSEC_FEATURE_SIGN);
+ if (gensec_security->gensec_role == GENSEC_CLIENT) {
+ gensec_want_feature(gensec_security, GENSEC_FEATURE_SIGN);
+ }
+ } else if (auth_level == DCERPC_AUTH_LEVEL_PACKET) {
+ /*
+ * For connection oriented DCERPC DCERPC_AUTH_LEVEL_PACKET (4)
+ * has the same behavior as DCERPC_AUTH_LEVEL_INTEGRITY (5).
+ */
+ if (gensec_security->gensec_role == GENSEC_CLIENT) {
+ gensec_want_feature(gensec_security, GENSEC_FEATURE_SIGN);
+ }
} else if (auth_level == DCERPC_AUTH_LEVEL_PRIVACY) {
gensec_want_feature(gensec_security, GENSEC_FEATURE_SIGN);
gensec_want_feature(gensec_security, GENSEC_FEATURE_SEAL);
diff --git a/auth/gensec/spnego.c b/auth/gensec/spnego.c
index 5f5047a..4787892 100644
--- a/auth/gensec/spnego.c
+++ b/auth/gensec/spnego.c
@@ -1571,8 +1571,8 @@ static void gensec_spnego_want_feature(struct gensec_security *gensec_security,
{
struct spnego_state *spnego_state = (struct spnego_state *)gensec_security->private_data;
+ gensec_security->want_features |= feature;
if (!spnego_state || !spnego_state->sub_sec_security) {
- gensec_security->want_features |= feature;
return;
}
diff --git a/auth/ntlmssp/gensec_ntlmssp_server.c b/auth/ntlmssp/gensec_ntlmssp_server.c
index 99cedd0..da0cd50 100644
--- a/auth/ntlmssp/gensec_ntlmssp_server.c
+++ b/auth/ntlmssp/gensec_ntlmssp_server.c
@@ -167,6 +167,14 @@ NTSTATUS gensec_ntlmssp_server_start(struct gensec_security *gensec_security)
ntlmssp_state->neg_flags |= NTLMSSP_NEGOTIATE_LM_KEY;
}
+ /*
+ * We always allow NTLMSSP_NEGOTIATE_SIGN and NTLMSSP_NEGOTIATE_SEAL.
+ *
+ * These will be removed if the client doesn't want them.
+ */
+ ntlmssp_state->neg_flags |= NTLMSSP_NEGOTIATE_SIGN;
+ ntlmssp_state->neg_flags |= NTLMSSP_NEGOTIATE_SEAL;
+
if (gensec_security->want_features & GENSEC_FEATURE_SESSION_KEY) {
ntlmssp_state->neg_flags |= NTLMSSP_NEGOTIATE_SIGN;
}
diff --git a/lib/async_req/async_sock.c b/lib/async_req/async_sock.c
index 3af1748..db3916e 100644
--- a/lib/async_req/async_sock.c
+++ b/lib/async_req/async_sock.c
@@ -235,6 +235,7 @@ int async_connect_recv(struct tevent_req *req, int *perrno)
struct writev_state {
struct tevent_context *ev;
+ struct tevent_queue_entry *queue_entry;
int fd;
struct tevent_fd *fde;
struct iovec *iov;
@@ -246,6 +247,7 @@ struct writev_state {
static void writev_cleanup(struct tevent_req *req,
enum tevent_req_state req_state);
+static bool writev_cancel(struct tevent_req *req);
static void writev_trigger(struct tevent_req *req, void *private_data);
static void writev_handler(struct tevent_context *ev, struct tevent_fd *fde,
uint16_t flags, void *private_data);
@@ -275,6 +277,7 @@ struct tevent_req *writev_send(TALLOC_CTX *mem_ctx, struct tevent_context *ev,
state->err_on_readability = err_on_readability;
tevent_req_set_cleanup_fn(req, writev_cleanup);
+ tevent_req_set_cancel_fn(req, writev_cancel);
if (queue == NULL) {
state->fde = tevent_add_fd(state->ev, state, state->fd,
@@ -285,8 +288,9 @@ struct tevent_req *writev_send(TALLOC_CTX *mem_ctx, struct tevent_context *ev,
return req;
}
- if (!tevent_queue_add(queue, ev, req, writev_trigger, NULL)) {
- tevent_req_oom(req);
+ state->queue_entry = tevent_queue_add_entry(queue, ev, req,
+ writev_trigger, NULL);
+ if (tevent_req_nomem(state->queue_entry, req)) {
return tevent_req_post(req, ev);
}
return req;
@@ -297,13 +301,43 @@ static void writev_cleanup(struct tevent_req *req,
{
struct writev_state *state = tevent_req_data(req, struct writev_state);
+ TALLOC_FREE(state->queue_entry);
TALLOC_FREE(state->fde);
}
+static bool writev_cancel(struct tevent_req *req)
+{
+ struct writev_state *state = tevent_req_data(req, struct writev_state);
+
+ TALLOC_FREE(state->queue_entry);
+ TALLOC_FREE(state->fde);
+
+ if (state->count == 0) {
+ /*
+ * already completed.
+ */
+ return false;
+ }
+
+ tevent_req_defer_callback(req, state->ev);
+ if (state->total_size > 0) {
+ /*
+ * We've already started to write :-(
+ */
+ tevent_req_error(req, EIO);
+ return false;
+ }
+
+ tevent_req_error(req, ECANCELED);
+ return true;
+}
+
static void writev_trigger(struct tevent_req *req, void *private_data)
{
struct writev_state *state = tevent_req_data(req, struct writev_state);
+ state->queue_entry = NULL;
+
state->fde = tevent_add_fd(state->ev, state, state->fd, state->flags,
writev_handler, req);
if (tevent_req_nomem(state->fde, req)) {
diff --git a/libcli/smb/smbXcli_base.c b/libcli/smb/smbXcli_base.c
index 0a2473e..e24090d 100644
--- a/libcli/smb/smbXcli_base.c
+++ b/libcli/smb/smbXcli_base.c
@@ -839,6 +839,70 @@ static uint16_t smb1cli_alloc_mid(struct smbXcli_conn *conn)
}
}
+static NTSTATUS smbXcli_req_cancel_write_req(struct tevent_req *req)
+{
+ struct smbXcli_req_state *state =
+ tevent_req_data(req,
+ struct smbXcli_req_state);
+ struct smbXcli_conn *conn = state->conn;
+ size_t num_pending = talloc_array_length(conn->pending);
+ ssize_t ret;
+ int err;
+ bool ok;
+
+ if (state->write_req == NULL) {
+ return NT_STATUS_OK;
+ }
+
+ /*
+ * Check if it's possible to cancel the request.
+ * If the result is true it's not to late.
+ * See writev_cancel().
+ */
+ ok = tevent_req_cancel(state->write_req);
+ if (ok) {
+ TALLOC_FREE(state->write_req);
+
+ if (conn->protocol >= PROTOCOL_SMB2_02) {
+ /*
+ * SMB2 has a sane signing state.
+ */
+ return NT_STATUS_OK;
+ }
+
+ if (num_pending > 1) {
+ /*
+ * We have more pending requests following us. This
+ * means the signing state will be broken for them.
+ *
+ * As a solution we could add the requests directly to
+ * our outgoing queue and do the signing in the trigger
+ * function and then use writev_send() without passing a
+ * queue. That way we'll only sign packets we're most
+ * likely send to the wire.
+ */
+ return NT_STATUS_REQUEST_OUT_OF_SEQUENCE;
+ }
+
+ /*
+ * If we're the only request that's
+ * pending, we're able to recover the signing
+ * state.
+ */
+ smb_signing_cancel_reply(conn->smb1.signing,
+ state->smb1.one_way_seqnum);
+ return NT_STATUS_OK;
+ }
+
+ ret = writev_recv(state->write_req, &err);
+ TALLOC_FREE(state->write_req);
+ if (ret == -1) {
+ return map_nt_error_from_unix_common(err);
+ }
+
+ return NT_STATUS_OK;
+}
+
void smbXcli_req_unset_pending(struct tevent_req *req)
{
struct smbXcli_req_state *state =
@@ -847,14 +911,23 @@ void smbXcli_req_unset_pending(struct tevent_req *req)
struct smbXcli_conn *conn = state->conn;
size_t num_pending = talloc_array_length(conn->pending);
size_t i;
+ NTSTATUS cancel_status;
- TALLOC_FREE(state->write_req);
+ cancel_status = smbXcli_req_cancel_write_req(req);
if (state->smb1.mid != 0) {
/*
* This is a [nt]trans[2] request which waits
* for more than one reply.
*/
+ if (!NT_STATUS_IS_OK(cancel_status)) {
+ /*
+ * If the write_req cancel didn't work
+ * we can't use the connection anymore.
+ */
+ smbXcli_conn_disconnect(conn, cancel_status);
+ return;
+ }
return;
}
@@ -866,8 +939,18 @@ void smbXcli_req_unset_pending(struct tevent_req *req)
* conn->pending. So if nothing is pending anymore, we need to
* delete the socket read fde.
*/
+ /* TODO: smbXcli_conn_cancel_read_req */
TALLOC_FREE(conn->pending);
conn->read_smb_req = NULL;
+
+ if (!NT_STATUS_IS_OK(cancel_status)) {
+ /*
+ * If the write_req cancel didn't work
+ * we can't use the connection anymore.
+ */
+ smbXcli_conn_disconnect(conn, cancel_status);
+ return;
+ }
return;
}
@@ -882,6 +965,15 @@ void smbXcli_req_unset_pending(struct tevent_req *req)
* right thing nevertheless, the point of this routine is to
* remove ourselves from conn->pending.
*/
+
+ if (!NT_STATUS_IS_OK(cancel_status)) {
+ /*
+ * If the write_req cancel didn't work
+ * we can't use the connection anymore.
+ */
+ smbXcli_conn_disconnect(conn, cancel_status);
+ return;
+ }
return;
}
@@ -898,6 +990,15 @@ void smbXcli_req_unset_pending(struct tevent_req *req)
*/
conn->pending = talloc_realloc(NULL, conn->pending, struct tevent_req *,
num_pending - 1);
+
+ if (!NT_STATUS_IS_OK(cancel_status)) {
+ /*
+ * If the write_req cancel didn't work
+ * we can't use the connection anymore.
+ */
+ smbXcli_conn_disconnect(conn, cancel_status);
+ return;
+ }
return;
}
@@ -907,19 +1008,31 @@ static void smbXcli_req_cleanup(struct tevent_req *req,
struct smbXcli_req_state *state =
tevent_req_data(req,
struct smbXcli_req_state);
-
- TALLOC_FREE(state->write_req);
+ struct smbXcli_conn *conn = state->conn;
+ NTSTATUS cancel_status;
switch (req_state) {
case TEVENT_REQ_RECEIVED:
/*
* Make sure we really remove it from
* the pending array on destruction.
+ *
+ * smbXcli_req_unset_pending() calls
+ * smbXcli_req_cancel_write_req() internal
*/
state->smb1.mid = 0;
smbXcli_req_unset_pending(req);
return;
default:
+ cancel_status = smbXcli_req_cancel_write_req(req);
+ if (!NT_STATUS_IS_OK(cancel_status)) {
+ /*
+ * If the write_req cancel didn't work
+ * we can't use the connection anymore.
+ */
+ smbXcli_conn_disconnect(conn, cancel_status);
+ return;
+ }
return;
}
}
@@ -1084,6 +1197,8 @@ void smbXcli_conn_disconnect(struct smbXcli_conn *conn, NTSTATUS status)
state = tevent_req_data(req, struct smbXcli_req_state);
if (state->smb1.chained_requests == NULL) {
+ bool in_progress;
+
/*
* We're dead. No point waiting for trans2
* replies.
@@ -1097,6 +1212,14 @@ void smbXcli_conn_disconnect(struct smbXcli_conn *conn, NTSTATUS status)
continue;
}
+ in_progress = tevent_req_is_in_progress(req);
+ if (!in_progress) {
+ /*
+ * already finished
+ */
+ continue;
+ }
+
/*
* we need to defer the callback, because we may notify
* more then one caller.
@@ -1110,6 +1233,8 @@ void smbXcli_conn_disconnect(struct smbXcli_conn *conn, NTSTATUS status)
num_chained = talloc_array_length(chain);
for (i=0; i<num_chained; i++) {
+ bool in_progress;
+
req = chain[i];
state = tevent_req_data(req, struct smbXcli_req_state);
@@ -1126,6 +1251,14 @@ void smbXcli_conn_disconnect(struct smbXcli_conn *conn, NTSTATUS status)
continue;
}
+ in_progress = tevent_req_is_in_progress(req);
+ if (!in_progress) {
+ /*
+ * already finished
+ */
+ continue;
+ }
+
/*
* we need to defer the callback, because we may notify
* more than one caller.
diff --git a/librpc/idl/dcerpc.idl b/librpc/idl/dcerpc.idl
index 527804d..1e06bc1 100644
--- a/librpc/idl/dcerpc.idl
+++ b/librpc/idl/dcerpc.idl
@@ -61,7 +61,6 @@ interface dcerpc
* is defined differently for ndr_dcerpc.c and py_dcerpc.c
*/
[switch_is(NDR_DCERPC_REQUEST_OBJECT_PRESENT)] dcerpc_object object;
- [flag(NDR_ALIGN8)] DATA_BLOB _pad;
[flag(NDR_REMAINING)] DATA_BLOB stub_and_verifier;
} dcerpc_request;
@@ -146,7 +145,7 @@ interface dcerpc
uint32 alloc_hint;
uint16 context_id;
uint8 cancel_count;
- [flag(NDR_ALIGN8)] DATA_BLOB _pad;
+ [value(0)] uint8 reserved;
[flag(NDR_REMAINING)] DATA_BLOB stub_and_verifier;
} dcerpc_response;
@@ -199,6 +198,7 @@ interface dcerpc
DCERPC_NCA_S_FAULT_OBJECT_NOT_FOUND = 0x1C000024,
DCERPC_NCA_S_FAULT_NO_CLIENT_STUB = 0x1C000025,
DCERPC_FAULT_ACCESS_DENIED = 0x00000005,
+ DCERPC_FAULT_SERVER_UNAVAILABLE = 0x000006ba,
DCERPC_FAULT_NO_CALL_ACTIVE = 0x000006bd,
DCERPC_FAULT_CANT_PERFORM = 0x000006d8,
DCERPC_FAULT_OUT_OF_RESOURCES = 0x000006d9,
@@ -207,7 +207,6 @@ interface dcerpc
} dcerpc_nca_status;
const int DCERPC_FAULT_OP_RNG_ERROR = DCERPC_NCA_S_OP_RNG_ERROR;
- const int DCERPC_FAULT_UNK_IF = DCERPC_NCA_S_UNKNOWN_IF;
const int DCERPC_FAULT_NDR = DCERPC_FAULT_BAD_STUB_DATA;
const int DCERPC_FAULT_INVALID_TAG = DCERPC_NCA_S_FAULT_INVALID_TAG;
const int DCERPC_FAULT_CONTEXT_MISMATCH = DCERPC_NCA_S_FAULT_CONTEXT_MISMATCH;
@@ -217,14 +216,22 @@ interface dcerpc
to see what fault w2k3 returns in this case */
const int DCERPC_FAULT_TODO = 0x00000042;
+ typedef [bitmap8bit] bitmap {
+ DCERPC_FAULT_FLAG_EXTENDED_ERROR_INFORMATION = 0x01
+ } dcerpc_fault_flags;
+
typedef struct {
--
Samba Shared Repository
More information about the samba-cvs
mailing list