The branch, master has been updated via 790fbd6 idl: Remove unused DCERPC_FAULT_UNK_IF via f1cc938 s4-rpc_server: Use DCERPC_NCA_S_UNKNOWN_IF for fault code via 9ef8bfa python/tests: add simple dcerpc orphaned tests via 3c474cd python/tests: add simple dcerpc co_cancel tests via 04c9343 python/tests: add simple dcerpc association group tests via ca88aa8 python/tests: add a second_connection() helper function via 4a82e83 python/tests: check context_id values of responses correctly via 63c2cbf python/tests: make use of self.get_auth_context_creds() and self.do_generic_bind() in _test_spnego_bind_auth_level() via 9d647bd python/tests: make use of self.get_anon_creds() and self.get_user_creds() via 3eae2a3 python/tests: make use of get_auth_context_creds() in _test_auth_type_level_bind_nak() via b779f07 python/tests: make use of prepare_presentation() in _get_netlogon_ctx() via b6569bd python/tests: make it possible to specific TARGET_HOSTNAME to raw_protocol.py via d5b58bb python:tests: add more helper functions to RawDCERPCTest via b788507 python/tests: we now pass test_no_auth_request_bind_pfc_CONC_MPX() via 57539c8 pidl:Python: add PyTypeObject objects for function structs via a546124 pidl:Python: split out a PythonElementGetSet() helper function via d5e4707 pidl:NDR: add ReturnTypeElement() helper function via 3638571 python:ndr: add ndr_{pack,unpack,print}_{in,out} helper functions via 9b842ba python:ndr: verify the object type ndr_print() and ndr_unpack() via 4017561 pidl:Python: the py_{import,export}_*() functions can be static now. via 29e75e9 s4:pyrpc: remove unused py_{import,export}_netr_* prototypes via f7707c0 pidl:Python: make use of the pyrpc_{import,export}_union() functions via e0324c0 pidl:Python: provide a PyTypeObject with METH_CLASS __import__() and __export__() hooks via 596f917 s4:pyrpc: add pyrpc_{im,ex}port_union() helper functions via 3a0ce3e pidl:Python: provide the abstract syntax as <module>.<interface>_abstract_syntax via 1bebcca pidl:Python: prettify names of constants via 7423d81 pidl:NDR: keep interface->{ORIGINAL} via a560116 pidl:Python: improve the .doc string for the get/set elements via 47b40ac pidl:Python: make use of NDR_ERR_CODE_IS_SUCCESS() via d4660e8 pidl:Python: __ndr_print__ functions don't get arguments and need METH_NOARGS via b728c63 pidl:Python: check the return values of talloc_ptrtype() via ff947f2 s4:selftest: run rpc.echo with an object based binding string via b5abc7c s4:librpc/rpc: pass the object guid to the binding handle if required via 47d8900 librpc/rpc: verify the passed table against the table on the handle via 4dd06fb librpc/rpc: make sure we use the object from the handle in dcerpc_binding_handle_raw_call_send() via 55b07e1 s3:rpc_server: pass the full ndr_interface_table to rpc_pipe_open_internal() via db4da21 s4:librpc/rpc: no longer set FLAG_OBJECT_PRESENT and FLAG_BIGENDIAN for ndr_push_ncacn_packet() via 47221b2 librpc/rpc: no longer set FLAG_OBJECT_PRESENT and FLAG_BIGENDIAN for ndr_{pull,push}_ncacn_packet() via e2f2250 dcerpc.idl: set LIBNDR_FLAG_* flags based on DCERPC_PFC_FLAG_OBJECT_UUID and DCERPC_DREP_LE via a9be262 s4:rpc_server: implement DCERPC_PFC_FLAG_CONC_MPX ordering restrictions via 50392a9 s4:rpc_server/remote: pass through DCERPC_PFC_FLAG_CONC_MPX if it was used by the client via d2d0947 s4:rpc_server: support DCESRV_CALL_STATE_FLAG_MULTIPLEXED by default via f44282c s4:librpc/rpc: make sure the DCERPC_CONCURRENT_MULTIPLEX and DCERPC_PFC_FLAG_CONC_MPX are in sync via 5bad447 s4:torture/rpc: concurrent dcerpc_echo_TestSleep requests require a connection with DCERPC_CONCURRENT_MULTIPLEX via a701af1 s4:torture/rpc: add extra_flags to torture_rpc_connection_transport() via 7d530e9 s4:rpc_server: return the context_id of a RESPONSE in the same way as windows via 505a1fd s4:rpc_server: return the context_id of a FAULT in a same way as windows via 077df7f s4:rpc_server: fill call->context on the first fragment via be8d490 python/tests: add DCERPC_BIND_TIME_KEEP_CONNECTION_ON_ORPHAN tests to dcerpc raw protocol tests via 133130d s4:rpc_server: implement DCERPC_BIND_TIME_KEEP_CONNECTION_ON_ORPHAN support via a70f528 s4:rpc_server: ignore CO_CANCEL and ORPHANED PDUs via b4345f2 s4:rpc_server: list all connection oriented pdu types explicitly via 3b5b0c5 s3:selftest: run some rpcclient tests with "packet" via 2e09c0f s4:selftest: run some tests with "packet" via 2d1a798 s3-rpcclient: add packet auth level command via b6be9b5 s3-rpcclient: support [packet] in rpcclient binding strings. via 3b82d6c s3:rpc_server: add support for DCERPC_AUTH_LEVEL_PACKET via 77fde81 s3:cli_pipe: add support for DCERPC_AUTH_LEVEL_PACKET via 376e58d s3:dcerpc_helpers: correctly support DCERPC_AUTH_LEVEL_PACKET via 36f90c8 s4:librpc/rpc: add support for DCERPC_AUTH_LEVEL_PACKET via b72d3f0 s4-torture: test support for [packet] binding string option. via 6f642eb librpc: support "packet" for packet level authentication in binding strings via 1a46ff2 s4:rpc_server: convert dcesrv_auth_response() into a generic dcesrv_auth_pkt_push() via bc73cd9 s4:rpc_server: make use of dcerpc_ncacn_push_pkt_auth() in dcesrv_auth_response() via 2e8c496 s4:rpc_server: convert dcesrv_auth_request() into a generic dcesrv_auth_pkt_pull() via cb94ec8 s4:rpc_server: make use of dcerpc_ncacn_pull_pkt_auth() in dcesrv_auth_request() via daf6b8c s4:librpc/rpc: make use of dcerpc_ncacn_push_pkt_auth() in ncacn_push_request_sign() via 4e3823a s4:librpc/rpc: convert ncacn_pull_request_auth() into a generic ncacn_pull_pkt_auth() via 791186d s4:librpc/rpc: make use of dcerpc_ncacn_pull_pkt_auth() in ncacn_pull_request_auth() via 857b96c librpc: add dcerpc_ncacn_push_pkt_auth() helper function via 875d011 librpc: add dcerpc_ncacn_pull_pkt_auth() helper function via 5f17d3b python/tests: do tests to verify spnego various auth_levels via 60099d4 python/tests: add bind time feature related tests to dcerpc raw protocol tests via fe5b462 s4:rpc_server: implement bind time feature negotiation via 6d70989 python/tests: add presentation context related tests to dcerpc raw protocol tests via 00363cd python/tests: remove unused code in _test_auth_none_level_bind() via 1edf3d8 s4:rpc_server: process all provided presentation contexts via 450e00a s4:rpc_server: it's not a protocol error to do an alter context with an unknown transfer syntax via 3d179d8 s4:rpc_server: split out a dcesrv_check_or_create_context() function via ae7e7bd s4:rpc_server: use call->conn instead of call->context->conn via 0955218 s4:rpc_server: move dcesrv_alter_resp via 2464325 s4:rpc_server: add DCERPC_AUTH_LEVEL_PACKET support via 05fd543 s4:rpc_server: check the auth_pad_length overflow before calling gensec_[check,unseal]_packet() via c5dec0e s4:rpc_server: let dcesrv_auth_request() set a fault_code via f33e4a7 s4:rpc_server: set the full DCERPC_BIND_NAK_REASON_* in dcesrv_bind() via 0ef4911 s4:rpc_server: set DCERPC_PFC_FLAG_DID_NOT_EXECUTE for DCERPC_FAULT_OP_RNG_ERROR via 0271fda s4:rpc_server: a fault with UNKNOWN_IF should have DID_NOT_EXECUTE set via 6917a1c s4:librpc/rpc: implement bind_time_feature negotiation via 3d51359 s4:librpc/rpc: force printing in dcerpc_bh_do_ndr_print() log level >= 11 via 10e9724 s4:librpc/rpc: make use of dcerpc_pull_ncacn_packet() via 1c34351 librpc/rpc: make use of dcerpc_pull_ncacn_packet() in dcerpc_read_ncacn_packet_done() via fc65e48 librpc/rpc: move dcerpc_pull_ncacn_packet() from source3/librpc/rpc/ to the toplevel via ab7868a s3:librpc: move NDR_PRINT_DEBUG() into the caller of dcerpc_pull_ncacn_packet() via 1bfba2c s3:librpc: remove bigendian argument from dcerpc_pull_ncacn_packet() via 3c6781e dcerpc.idl: add DCERPC_FAULT_SERVER_UNAVAILABLE via 4400d3b dcerpc.idl: remove unused dcerpc_request._pad via 81d730e dcerpc.idl: replace dcerpc_response._pad with a uint8 reserved via 071fe8d s4:rpc_server: skip setting of dcerpc_request._pad via 96d317d dcerpc.idl: add dcerpc_fault_flags bitmap via 4464896 dcerpc.idl: split the padding from a possible fault buffer in dcerpc_fault via 0bc10e7 dcerpc.idl: remove unused DCERPC_AUTH_LEVEL_DEFAULT via 81b0912 auth/gensec: handle DCERPC_AUTH_LEVEL_PACKET similar to DCERPC_AUTH_LEVEL_INTEGRITY via 5204ad6 auth/gensec: only require GENSEC_FEATURE_SIGN for DCERPC_AUTH_LEVEL_INTEGRITY as client via 5db81a1 auth/gensec: always verify the wanted SIGN/SEAL flags via 3a0b835 s4:ldap_server: don't use gensec_want_feature(gensec_security, GENSEC_FEATURE_{SIGN,SEAL}) as server via 3c27a10 s3:ntlm_auth: don't use gensec_want_feature(gensec_security, GENSEC_FEATURE_{SIGN,SEAL}) as server via 77adac8 auth/ntlmssp: always allow NTLMSSP_NEGOTIATE_{SIGN,SEAL} in gensec_ntlmssp_server_start() via b827a7e s3:gse: pass gss_got_flags to gssapi_get_sig_size() via f0afefe s4:gensec_gssapi: pass gss_got_flags to gssapi_get_sig_size() via cca980e s4:gensec_krb5: also report support for GENSEC_FEATURE_SIGN as krb5_mk_priv() provides sign and seal via 6fb4453 gensec/spnego: remember the wanted features also on the main gensec context via 00e417f libcli/smb: handle a talloc_free() on an unsent smb1 request via 4c08920 lib/async_req: add writev_cancel() via 754672c s4:librpc/rpc: do not use stack allocated variables for async requests from 84786c8 libsmb: fix leak in opendir error path
https://git.samba.org/?p=samba.git;a=shortlog;h=master - Log ----------------------------------------------------------------- commit 790fbd62f9f7863dc362036e0fc9b08fa5f21ee9 Author: Andreas Schneider <a...@samba.org> Date: Wed Oct 26 09:28:01 2016 +0200 idl: Remove unused DCERPC_FAULT_UNK_IF Signed-off-by: Andreas Schneider <a...@samba.org> Reviewed-by: Stefan Metzmacher <me...@samba.org> Autobuild-User(master): Andreas Schneider <a...@cryptomilk.org> Autobuild-Date(master): Wed Oct 26 15:06:44 CEST 2016 on sn-devel-144 commit f1cc938451c553061ddb71a7c13c4ececd58974b Author: Andreas Schneider <a...@samba.org> Date: Wed Oct 26 09:27:03 2016 +0200 s4-rpc_server: Use DCERPC_NCA_S_UNKNOWN_IF for fault code Signed-off-by: Andreas Schneider <a...@samba.org> Reviewed-by: Stefan Metzmacher <me...@samba.org> commit 9ef8bfabc6dabf1b240d4bb556f5bd68ea05d69d Author: Stefan Metzmacher <me...@samba.org> Date: Sun Sep 11 23:25:49 2016 +0200 python/tests: add simple dcerpc orphaned tests ORPHANED is mostly ignored. It's up to the application server implementation to install a orphaned handler. Signed-off-by: Stefan Metzmacher <me...@samba.org> Reviewed-by: Andreas Schneider <a...@samba.org> commit 3c474cd4890a37c22b69f716164e2c830ab76c41 Author: Stefan Metzmacher <me...@samba.org> Date: Sun Sep 11 23:25:49 2016 +0200 python/tests: add simple dcerpc co_cancel tests CO_CANCEL is mostly ignored. It's up to the application server implementation to install a cancel handler. The only implementation I found so far is the witness server (see [MS-SWN] WitnessrAsyncNotify), which triggers a FAULT with DCERPC_FAULT_SERVER_UNAVAILABLE. Signed-off-by: Stefan Metzmacher <me...@samba.org> Reviewed-by: Andreas Schneider <a...@samba.org> commit 04c934319f4d21314fbf6232b0d3c615f11a2187 Author: Stefan Metzmacher <me...@samba.org> Date: Tue Sep 27 08:52:14 2016 +0200 python/tests: add simple dcerpc association group tests Signed-off-by: Stefan Metzmacher <me...@samba.org> Reviewed-by: Andreas Schneider <a...@samba.org> commit ca88aa8124af067a99f77ed676b3d2b4a73cc995 Author: Stefan Metzmacher <me...@samba.org> Date: Tue Sep 27 08:33:31 2016 +0200 python/tests: add a second_connection() helper function This can be used to create a 2nd connection. Signed-off-by: Stefan Metzmacher <me...@samba.org> Reviewed-by: Andreas Schneider <a...@samba.org> commit 4a82e83bf932e1efe7d64d315485c331d52a0fbd Author: Stefan Metzmacher <me...@samba.org> Date: Wed Sep 14 00:27:02 2016 +0200 python/tests: check context_id values of responses correctly Signed-off-by: Stefan Metzmacher <me...@samba.org> Reviewed-by: Andreas Schneider <a...@samba.org> commit 63c2cbf0a01a29021df0dcc3239ee532a153bca1 Author: Stefan Metzmacher <me...@samba.org> Date: Mon Sep 26 07:46:43 2016 +0200 python/tests: make use of self.get_auth_context_creds() and self.do_generic_bind() in _test_spnego_bind_auth_level() Signed-off-by: Stefan Metzmacher <me...@samba.org> Reviewed-by: Andreas Schneider <a...@samba.org> commit 9d647bdaf3454f710575a782669c16905e04e864 Author: Stefan Metzmacher <me...@samba.org> Date: Mon Sep 26 07:46:43 2016 +0200 python/tests: make use of self.get_anon_creds() and self.get_user_creds() Signed-off-by: Stefan Metzmacher <me...@samba.org> Reviewed-by: Andreas Schneider <a...@samba.org> commit 3eae2a34278335a1566f94cceccec4fa0ba1b4f4 Author: Stefan Metzmacher <me...@samba.org> Date: Fri Sep 16 11:13:14 2016 +0200 python/tests: make use of get_auth_context_creds() in _test_auth_type_level_bind_nak() Signed-off-by: Stefan Metzmacher <me...@samba.org> Reviewed-by: Andreas Schneider <a...@samba.org> commit b779f07031bb4647dbe3343cc0d2cd5089bbb749 Author: Stefan Metzmacher <me...@samba.org> Date: Tue Sep 20 21:07:13 2016 +0200 python/tests: make use of prepare_presentation() in _get_netlogon_ctx() Signed-off-by: Stefan Metzmacher <me...@samba.org> Reviewed-by: Andreas Schneider <a...@samba.org> commit b6569bd122cf0b9f8629a54b78e404f777671d91 Author: Stefan Metzmacher <me...@samba.org> Date: Tue Sep 20 21:06:39 2016 +0200 python/tests: make it possible to specific TARGET_HOSTNAME to raw_protocol.py SMB_CONF_PATH=/dev/null \ SERVER=w2012r2-188.w2012r2-l6.base \ USERNAME=administrator PASSWORD=A1b2C3d4 \ python/samba/tests/dcerpc/raw_protocol.py -v -f TestDCERPC_BIND or SMB_CONF_PATH=/dev/null \ SERVER=172.31.9.188 TARGET_HOSTNAME=w2012r2-188.w2012r2-l6.base \ USERNAME=administrator PASSWORD=A1b2C3d4 \ python/samba/tests/dcerpc/raw_protocol.py -v -f TestDCERPC_BIND Signed-off-by: Stefan Metzmacher <me...@samba.org> Reviewed-by: Andreas Schneider <a...@samba.org> commit d5b58bb730127a89feced87ad2218c4fdd1f8e1c Author: Stefan Metzmacher <me...@samba.org> Date: Fri Sep 16 11:11:58 2016 +0200 python:tests: add more helper functions to RawDCERPCTest Signed-off-by: Stefan Metzmacher <me...@samba.org> Reviewed-by: Andreas Schneider <a...@samba.org> commit b788507cff78603912a469ca75b48739a834fd63 Author: Stefan Metzmacher <me...@samba.org> Date: Thu Sep 15 01:18:28 2016 +0200 python/tests: we now pass test_no_auth_request_bind_pfc_CONC_MPX() Signed-off-by: Stefan Metzmacher <me...@samba.org> Reviewed-by: Andreas Schneider <a...@samba.org> commit 57539c84416aeb8fc8e3a8653f790b329e6fa9a1 Author: Stefan Metzmacher <me...@samba.org> Date: Mon Sep 12 09:20:44 2016 +0200 pidl:Python: add PyTypeObject objects for function structs They provide get/set methods for the in_* and out_* elements and the magic __ndr_{push,pull,print}_{in,out}__ hooks to enable the marshalling via ndr_{push,pull,print}_{in,out}(). This provides an easy way to generate and parse the payload of DCERPC requests and responses, which is very useful for writing tests. Signed-off-by: Stefan Metzmacher <me...@samba.org> Reviewed-by: Andreas Schneider <a...@samba.org> commit a546124f10d1e2bee29bc06c0b8754257d2bdc23 Author: Stefan Metzmacher <me...@samba.org> Date: Mon Sep 12 09:20:04 2016 +0200 pidl:Python: split out a PythonElementGetSet() helper function Signed-off-by: Stefan Metzmacher <me...@samba.org> Reviewed-by: Andreas Schneider <a...@samba.org> commit d5e4707e98f3613acebb9d0de7e6f944f0b1efaf Author: Stefan Metzmacher <me...@samba.org> Date: Tue Sep 13 09:06:50 2016 +0200 pidl:NDR: add ReturnTypeElement() helper function Signed-off-by: Stefan Metzmacher <me...@samba.org> Reviewed-by: Andreas Schneider <a...@samba.org> commit 36385711f7a891a3d24db6ff8b594a43ff071f8b Author: Stefan Metzmacher <me...@samba.org> Date: Tue Sep 13 05:51:42 2016 +0200 python:ndr: add ndr_{pack,unpack,print}_{in,out} helper functions Signed-off-by: Stefan Metzmacher <me...@samba.org> Reviewed-by: Andreas Schneider <a...@samba.org> commit 9b842badcb0fcc4b8d95473c206c68a56211435e Author: Stefan Metzmacher <me...@samba.org> Date: Tue Sep 13 05:51:42 2016 +0200 python:ndr: verify the object type ndr_print() and ndr_unpack() Signed-off-by: Stefan Metzmacher <me...@samba.org> Reviewed-by: Andreas Schneider <a...@samba.org> commit 40175613519e7405a16e8f896dfdc2949430bc4b Author: Stefan Metzmacher <me...@samba.org> Date: Tue Sep 13 01:06:18 2016 +0200 pidl:Python: the py_{import,export}_*() functions can be static now. Signed-off-by: Stefan Metzmacher <me...@samba.org> Reviewed-by: Andreas Schneider <a...@samba.org> commit 29e75e98763623742eacf53cc680774db49f8524 Author: Stefan Metzmacher <me...@samba.org> Date: Tue Sep 13 04:48:13 2016 +0200 s4:pyrpc: remove unused py_{import,export}_netr_* prototypes Signed-off-by: Stefan Metzmacher <me...@samba.org> Reviewed-by: Andreas Schneider <a...@samba.org> commit f7707c04a5e039e757b288ad67a0c3cac9c6466a Author: Stefan Metzmacher <me...@samba.org> Date: Mon Sep 12 16:33:38 2016 +0200 pidl:Python: make use of the pyrpc_{import,export}_union() functions This avoids the linking problems at C shared object level. Signed-off-by: Stefan Metzmacher <me...@samba.org> Reviewed-by: Andreas Schneider <a...@samba.org> commit e0324c0cf7e7c363a5791c2e35c8820b79640a47 Author: Stefan Metzmacher <me...@samba.org> Date: Mon Sep 12 16:33:38 2016 +0200 pidl:Python: provide a PyTypeObject with METH_CLASS __import__() and __export__() hooks These are wrappers around the currently public C functions 'py_import_*() and 'py_export_*(). In order to let other python module use these function, we should resolve the needed type object and call the __import__() or __export__() hooks instead of linking to the other shared module at C level. We already do the same for structs. Signed-off-by: Stefan Metzmacher <me...@samba.org> Reviewed-by: Andreas Schneider <a...@samba.org> commit 596f917693315cddcf4c453e75410ef786a7a8b0 Author: Stefan Metzmacher <me...@samba.org> Date: Tue Sep 13 04:48:13 2016 +0200 s4:pyrpc: add pyrpc_{im,ex}port_union() helper functions Signed-off-by: Stefan Metzmacher <me...@samba.org> Reviewed-by: Andreas Schneider <a...@samba.org> commit 3a0ce3e41d9fdab58273c239955862b03396ea19 Author: Stefan Metzmacher <me...@samba.org> Date: Sun Sep 25 00:48:29 2016 +0200 pidl:Python: provide the abstract syntax as <module>.<interface>_abstract_syntax The <module>.abstract_syntax alias is only kept as legacy for the first interface in a module. Signed-off-by: Stefan Metzmacher <me...@samba.org> Reviewed-by: Andreas Schneider <a...@samba.org> commit 1bebccaeb93f7fb7b6e2538d63223f01587ed14d Author: Stefan Metzmacher <me...@samba.org> Date: Fri Sep 23 06:49:13 2016 +0200 pidl:Python: prettify names of constants Signed-off-by: Stefan Metzmacher <me...@samba.org> Reviewed-by: Andreas Schneider <a...@samba.org> commit 7423d8106ef08b94821f5fc666892234feff6f05 Author: Stefan Metzmacher <me...@samba.org> Date: Tue Sep 13 07:57:25 2016 +0200 pidl:NDR: keep interface->{ORIGINAL} Signed-off-by: Stefan Metzmacher <me...@samba.org> Reviewed-by: Andreas Schneider <a...@samba.org> commit a560116aa5228885e5f52fc46fa92151357de69c Author: Stefan Metzmacher <me...@samba.org> Date: Tue Sep 13 09:07:32 2016 +0200 pidl:Python: improve the .doc string for the get/set elements Signed-off-by: Stefan Metzmacher <me...@samba.org> Reviewed-by: Andreas Schneider <a...@samba.org> commit 47b40ac96afbd4fb28e519b9658256ecaa304e71 Author: Stefan Metzmacher <me...@samba.org> Date: Mon Sep 12 15:12:24 2016 +0200 pidl:Python: make use of NDR_ERR_CODE_IS_SUCCESS() Signed-off-by: Stefan Metzmacher <me...@samba.org> Reviewed-by: Andreas Schneider <a...@samba.org> commit d4660e869790c7da1cb97e9d95a995e5a32b34ef Author: Stefan Metzmacher <me...@samba.org> Date: Sun Sep 25 01:07:14 2016 +0200 pidl:Python: __ndr_print__ functions don't get arguments and need METH_NOARGS Signed-off-by: Stefan Metzmacher <me...@samba.org> Reviewed-by: Andreas Schneider <a...@samba.org> commit b728c63bcb5860aed2db43139d191bc149ceba83 Author: Stefan Metzmacher <me...@samba.org> Date: Mon Sep 12 15:12:50 2016 +0200 pidl:Python: check the return values of talloc_ptrtype() Signed-off-by: Stefan Metzmacher <me...@samba.org> Reviewed-by: Andreas Schneider <a...@samba.org> commit ff947f2765a1351fa548437b1189b2025c571b50 Author: Stefan Metzmacher <me...@samba.org> Date: Sat Sep 24 08:47:44 2016 +0200 s4:selftest: run rpc.echo with an object based binding string Signed-off-by: Stefan Metzmacher <me...@samba.org> Reviewed-by: Andreas Schneider <a...@samba.org> commit b5abc7cadc48146576da3187437ca3486da05c3d Author: Stefan Metzmacher <me...@samba.org> Date: Sat Sep 24 00:22:41 2016 +0200 s4:librpc/rpc: pass the object guid to the binding handle if required Signed-off-by: Stefan Metzmacher <me...@samba.org> Reviewed-by: Andreas Schneider <a...@samba.org> commit 47d89002a4c30e50e3efaced689dd87edbbafa9a Author: Stefan Metzmacher <me...@samba.org> Date: Sat Sep 24 02:24:11 2016 +0200 librpc/rpc: verify the passed table against the table on the handle Now that all callers of dcerpc_binding_handle_create() are fixed. Signed-off-by: Stefan Metzmacher <me...@samba.org> Reviewed-by: Andreas Schneider <a...@samba.org> commit 4dd06fb721940ff2c7efab361da91de2fb40891f Author: Stefan Metzmacher <me...@samba.org> Date: Sat Sep 24 00:22:12 2016 +0200 librpc/rpc: make sure we use the object from the handle in dcerpc_binding_handle_raw_call_send() If there's an object set on the binding handle, we need to use that and disallow per request passing of object. The normal client code will always have the object on the binding handle. Signed-off-by: Stefan Metzmacher <me...@samba.org> Reviewed-by: Andreas Schneider <a...@samba.org> commit 55b07e1dec23ba18f072127540d82ba9e4f6218a Author: Stefan Metzmacher <me...@samba.org> Date: Sat Sep 24 02:08:47 2016 +0200 s3:rpc_server: pass the full ndr_interface_table to rpc_pipe_open_internal() Signed-off-by: Stefan Metzmacher <me...@samba.org> Reviewed-by: Andreas Schneider <a...@samba.org> commit db4da21aaa82e5fe4fb3322eaa5d65ed1301fe78 Author: Stefan Metzmacher <me...@samba.org> Date: Tue Sep 20 21:19:28 2016 +0200 s4:librpc/rpc: no longer set FLAG_OBJECT_PRESENT and FLAG_BIGENDIAN for ndr_push_ncacn_packet() This is no longer required, it's done inside. Signed-off-by: Stefan Metzmacher <me...@samba.org> Reviewed-by: Andreas Schneider <a...@samba.org> commit 47221b2f95b0a548eb6980b16ff2265ee9b9af67 Author: Stefan Metzmacher <me...@samba.org> Date: Tue Sep 20 21:19:28 2016 +0200 librpc/rpc: no longer set FLAG_OBJECT_PRESENT and FLAG_BIGENDIAN for ndr_{pull,push}_ncacn_packet() This is no longer required, it's done inside. Signed-off-by: Stefan Metzmacher <me...@samba.org> Reviewed-by: Andreas Schneider <a...@samba.org> commit e2f2250456e811ae7af3f81c4e2f65ecb58418e6 Author: Stefan Metzmacher <me...@samba.org> Date: Tue Sep 13 17:03:47 2016 +0200 dcerpc.idl: set LIBNDR_FLAG_* flags based on DCERPC_PFC_FLAG_OBJECT_UUID and DCERPC_DREP_LE Signed-off-by: Stefan Metzmacher <me...@samba.org> Reviewed-by: Andreas Schneider <a...@samba.org> commit a9be262daaa25264e7a15d055066a3eed0a95002 Author: Stefan Metzmacher <me...@samba.org> Date: Fri Sep 16 12:35:54 2016 +0200 s4:rpc_server: implement DCERPC_PFC_FLAG_CONC_MPX ordering restrictions Signed-off-by: Stefan Metzmacher <me...@samba.org> Reviewed-by: Andreas Schneider <a...@samba.org> commit 50392a92521c425b6a24c22a53a384bb7ec0ab0f Author: Stefan Metzmacher <me...@samba.org> Date: Thu Sep 15 18:18:46 2016 +0200 s4:rpc_server/remote: pass through DCERPC_PFC_FLAG_CONC_MPX if it was used by the client Signed-off-by: Stefan Metzmacher <me...@samba.org> Reviewed-by: Andreas Schneider <a...@samba.org> commit d2d09474dd55631e127380d3931572b34e2945c2 Author: Stefan Metzmacher <me...@samba.org> Date: Thu Sep 15 18:18:01 2016 +0200 s4:rpc_server: support DCESRV_CALL_STATE_FLAG_MULTIPLEXED by default Signed-off-by: Stefan Metzmacher <me...@samba.org> Reviewed-by: Andreas Schneider <a...@samba.org> commit f44282ca07b130379043ac64ebcd6b0bb0975458 Author: Stefan Metzmacher <me...@samba.org> Date: Thu Sep 15 18:17:44 2016 +0200 s4:librpc/rpc: make sure the DCERPC_CONCURRENT_MULTIPLEX and DCERPC_PFC_FLAG_CONC_MPX are in sync Signed-off-by: Stefan Metzmacher <me...@samba.org> Reviewed-by: Andreas Schneider <a...@samba.org> commit 5bad44776826cf4e53920065e07013476d58e110 Author: Stefan Metzmacher <me...@samba.org> Date: Thu Sep 15 08:45:51 2016 +0200 s4:torture/rpc: concurrent dcerpc_echo_TestSleep requests require a connection with DCERPC_CONCURRENT_MULTIPLEX Concurrent requests are only allowed if the client asked for DCERPC_PFC_FLAG_CONC_MPX in the DCERPC_BIND. Signed-off-by: Stefan Metzmacher <me...@samba.org> Reviewed-by: Andreas Schneider <a...@samba.org> commit a701af1d766a8787beb580d069d2f5fff2f43e98 Author: Stefan Metzmacher <me...@samba.org> Date: Thu Sep 15 08:36:32 2016 +0200 s4:torture/rpc: add extra_flags to torture_rpc_connection_transport() This can be used to pass DCERPC_CONCURRENT_MULTIPLEX, which sends DCERPC_PFC_FLAG_CONC_MPX in the DCERPC_BIND. Signed-off-by: Stefan Metzmacher <me...@samba.org> Reviewed-by: Andreas Schneider <a...@samba.org> commit 7d530e962f25710cb3e9fe47ed1c4e237c74d770 Author: Stefan Metzmacher <me...@samba.org> Date: Wed Sep 14 01:17:19 2016 +0200 s4:rpc_server: return the context_id of a RESPONSE in the same way as windows Signed-off-by: Stefan Metzmacher <me...@samba.org> Reviewed-by: Andreas Schneider <a...@samba.org> commit 505a1fdf0dd06d357655ab8904d75b402cab44a0 Author: Stefan Metzmacher <me...@samba.org> Date: Wed Sep 14 01:17:19 2016 +0200 s4:rpc_server: return the context_id of a FAULT in a same way as windows Signed-off-by: Stefan Metzmacher <me...@samba.org> Reviewed-by: Andreas Schneider <a...@samba.org> commit 077df7f08a0073f9e768a99dd26c43f47867f442 Author: Stefan Metzmacher <me...@samba.org> Date: Wed Sep 14 01:16:19 2016 +0200 s4:rpc_server: fill call->context on the first fragment This allows us to get fault responses right. Signed-off-by: Stefan Metzmacher <me...@samba.org> Reviewed-by: Andreas Schneider <a...@samba.org> commit be8d4900e905c8687f798421ebfd64640d107bbf Author: Stefan Metzmacher <me...@samba.org> Date: Fri Oct 23 15:39:34 2015 +0200 python/tests: add DCERPC_BIND_TIME_KEEP_CONNECTION_ON_ORPHAN tests to dcerpc raw protocol tests Signed-off-by: Stefan Metzmacher <me...@samba.org> Reviewed-by: Andreas Schneider <a...@samba.org> commit 133130d2638ce5655d95c5efc14e6b6ed8304159 Author: Stefan Metzmacher <me...@samba.org> Date: Tue Oct 6 10:18:06 2015 +0200 s4:rpc_server: implement DCERPC_BIND_TIME_KEEP_CONNECTION_ON_ORPHAN support Signed-off-by: Stefan Metzmacher <me...@samba.org> Reviewed-by: Günther Deschner <g...@samba.org> Reviewed-by: Andreas Schneider <a...@samba.org> commit a70f52894986818e4d07c81d4af8ef86f575cfbd Author: Stefan Metzmacher <me...@samba.org> Date: Fri Jun 26 08:10:46 2015 +0200 s4:rpc_server: ignore CO_CANCEL and ORPHANED PDUs Signed-off-by: Stefan Metzmacher <me...@samba.org> Reviewed-by: Günther Deschner <g...@samba.org> Reviewed-by: Andreas Schneider <a...@samba.org> commit b4345f232b7fe88ba52abf226a91c9603b9775a8 Author: Stefan Metzmacher <me...@samba.org> Date: Tue Oct 13 14:36:56 2015 +0200 s4:rpc_server: list all connection oriented pdu types explicitly See DCE-RPC-1.1.pdf Section 12.6 Connection-oriented RPC PDUs Page 588. Signed-off-by: Stefan Metzmacher <me...@samba.org> Reviewed-by: Andreas Schneider <a...@samba.org> commit 3b5b0c5061a68dbdf9c685a8c5bf9265da67cca6 Author: Stefan Metzmacher <me...@samba.org> Date: Fri Sep 23 04:30:03 2016 +0200 s3:selftest: run some rpcclient tests with "packet" Signed-off-by: Stefan Metzmacher <me...@samba.org> Reviewed-by: Günther Deschner <g...@samba.org> Reviewed-by: Andreas Schneider <a...@samba.org> commit 2e09c0fb1e85abfe21129e144de1196991695cdf Author: Stefan Metzmacher <me...@samba.org> Date: Mon Sep 19 07:29:59 2016 +0200 s4:selftest: run some tests with "packet" Signed-off-by: Stefan Metzmacher <me...@samba.org> Reviewed-by: Günther Deschner <g...@samba.org> Reviewed-by: Andreas Schneider <a...@samba.org> commit 2d1a798532c8a3774fec71ce3eeb3151c20d44e4 Author: Günther Deschner <g...@samba.org> Date: Tue Sep 6 17:11:29 2016 +0200 s3-rpcclient: add packet auth level command Guenther Signed-off-by: Guenther Deschner <g...@samba.org> Reviewed-by: Andreas Schneider <a...@samba.org> commit b6be9b5f95537da0b6d9c1312ec8b934af1aed0f Author: Günther Deschner <g...@samba.org> Date: Tue Sep 6 17:07:32 2016 +0200 s3-rpcclient: support [packet] in rpcclient binding strings. Guenther Signed-off-by: Guenther Deschner <g...@samba.org> Reviewed-by: Andreas Schneider <a...@samba.org> commit 3b82d6cc2ee5211a7d817594f4de925fd7a40a10 Author: Stefan Metzmacher <me...@samba.org> Date: Fri Sep 23 00:16:13 2016 +0200 s3:rpc_server: add support for DCERPC_AUTH_LEVEL_PACKET Signed-off-by: Stefan Metzmacher <me...@samba.org> Reviewed-by: Günther Deschner <g...@samba.org> Reviewed-by: Andreas Schneider <a...@samba.org> commit 77fde816c3e2dcf836dc9b78c505fb91a7b49191 Author: Günther Deschner <g...@samba.org> Date: Tue Aug 30 15:52:41 2016 +0200 s3:cli_pipe: add support for DCERPC_AUTH_LEVEL_PACKET Pair-Programmed-With: Stefan Metzmacher <me...@samba.org> Signed-off-by: Guenther Deschner <g...@samba.org> Signed-off-by: Stefan Metzmacher <me...@samba.org> Reviewed-by: Andreas Schneider <a...@samba.org> commit 376e58d2fbb1f8ed383158cafce3e73adefa7ddf Author: Stefan Metzmacher <me...@samba.org> Date: Fri Sep 23 00:11:03 2016 +0200 s3:dcerpc_helpers: correctly support DCERPC_AUTH_LEVEL_PACKET Signed-off-by: Stefan Metzmacher <me...@samba.org> Reviewed-by: Günther Deschner <g...@samba.org> Reviewed-by: Andreas Schneider <a...@samba.org> commit 36f90c8f134c2224645b46ed9cddc5668c76756e Author: Günther Deschner <g...@samba.org> Date: Tue Aug 30 15:52:41 2016 +0200 s4:librpc/rpc: add support for DCERPC_AUTH_LEVEL_PACKET Pair-Programmed-With: Stefan Metzmacher <me...@samba.org> Signed-off-by: Guenther Deschner <g...@samba.org> Signed-off-by: Stefan Metzmacher <me...@samba.org> Reviewed-by: Andreas Schneider <a...@samba.org> commit b72d3f0ba567af629d38367b2af961d804f1586d Author: Günther Deschner <g...@samba.org> Date: Wed Aug 31 17:51:12 2016 +0200 s4-torture: test support for [packet] binding string option. Guenther Signed-off-by: Guenther Deschner <g...@samba.org> Reviewed-by: Stefan Metzmacher <me...@samba.org> Reviewed-by: Andreas Schneider <a...@samba.org> commit 6f642eb3066358fa41fb8d7e8bec420277223af4 Author: Günther Deschner <g...@samba.org> Date: Tue Aug 30 15:44:40 2016 +0200 librpc: support "packet" for packet level authentication in binding strings Guenther Signed-off-by: Guenther Deschner <g...@samba.org> Reviewed-by: Stefan Metzmacher <me...@samba.org> Reviewed-by: Andreas Schneider <a...@samba.org> commit 1a46ff2a0fb74fa0c87cb19ac786cc260450acd9 Author: Stefan Metzmacher <me...@samba.org> Date: Fri Oct 23 16:06:17 2015 +0200 s4:rpc_server: convert dcesrv_auth_response() into a generic dcesrv_auth_pkt_push() Signed-off-by: Stefan Metzmacher <me...@samba.org> Reviewed-by: Andreas Schneider <a...@samba.org> commit bc73cd97eec77a809d42596368149668d5ba2913 Author: Stefan Metzmacher <me...@samba.org> Date: Fri Oct 23 16:06:17 2015 +0200 s4:rpc_server: make use of dcerpc_ncacn_push_pkt_auth() in dcesrv_auth_response() Signed-off-by: Stefan Metzmacher <me...@samba.org> Reviewed-by: Andreas Schneider <a...@samba.org> commit 2e8c496ef5b1af57f87519cb01a3fc5efa7924ed Author: Stefan Metzmacher <me...@samba.org> Date: Wed Oct 28 13:04:38 2015 +0100 s4:rpc_server: convert dcesrv_auth_request() into a generic dcesrv_auth_pkt_pull() Signed-off-by: Stefan Metzmacher <me...@samba.org> Reviewed-by: Andreas Schneider <a...@samba.org> commit cb94ec8424754796ea3302d36051c2ec677f7f10 Author: Stefan Metzmacher <me...@samba.org> Date: Wed Oct 28 13:04:38 2015 +0100 s4:rpc_server: make use of dcerpc_ncacn_pull_pkt_auth() in dcesrv_auth_request() Signed-off-by: Stefan Metzmacher <me...@samba.org> Reviewed-by: Andreas Schneider <a...@samba.org> commit daf6b8c01b765686e64c12e7d65c5da8f62344f8 Author: Stefan Metzmacher <me...@samba.org> Date: Thu Sep 8 15:07:36 2016 +0200 s4:librpc/rpc: make use of dcerpc_ncacn_push_pkt_auth() in ncacn_push_request_sign() Signed-off-by: Stefan Metzmacher <me...@samba.org> Reviewed-by: Andreas Schneider <a...@samba.org> commit 4e3823ae0429c376dda71bbbda46d5e5f1a0a7b6 Author: Stefan Metzmacher <me...@samba.org> Date: Tue Oct 13 15:42:32 2015 +0200 s4:librpc/rpc: convert ncacn_pull_request_auth() into a generic ncacn_pull_pkt_auth() Signed-off-by: Stefan Metzmacher <me...@samba.org> Reviewed-by: Andreas Schneider <a...@samba.org> commit 791186d8247fdce4870b4473f61a9265ffccd17d Author: Stefan Metzmacher <me...@samba.org> Date: Tue Oct 13 15:42:32 2015 +0200 s4:librpc/rpc: make use of dcerpc_ncacn_pull_pkt_auth() in ncacn_pull_request_auth() Signed-off-by: Stefan Metzmacher <me...@samba.org> Reviewed-by: Andreas Schneider <a...@samba.org> commit 857b96cafcbd609338f33bcc17036f278063d067 Author: Stefan Metzmacher <me...@samba.org> Date: Tue Sep 6 17:17:36 2016 +0200 librpc: add dcerpc_ncacn_push_pkt_auth() helper function Signed-off-by: Stefan Metzmacher <me...@samba.org> Reviewed-by: Andreas Schneider <a...@samba.org> commit 875d0111b45c3415cda50a7b4ec6ddf70d24b621 Author: Stefan Metzmacher <me...@samba.org> Date: Tue Sep 6 16:43:53 2016 +0200 librpc: add dcerpc_ncacn_pull_pkt_auth() helper function Signed-off-by: Stefan Metzmacher <me...@samba.org> Reviewed-by: Andreas Schneider <a...@samba.org> commit 5f17d3bd29955ac5425d24213110d670f08be9b9 Author: Stefan Metzmacher <me...@samba.org> Date: Wed Aug 31 13:15:01 2016 +0200 python/tests: do tests to verify spnego various auth_levels Signed-off-by: Stefan Metzmacher <me...@samba.org> Reviewed-by: Andreas Schneider <a...@samba.org> commit 60099d491b18d460330aaeb49c1560cc5cd1816d Author: Stefan Metzmacher <me...@samba.org> Date: Fri Oct 23 15:39:34 2015 +0200 python/tests: add bind time feature related tests to dcerpc raw protocol tests Signed-off-by: Stefan Metzmacher <me...@samba.org> Reviewed-by: Andreas Schneider <a...@samba.org> commit fe5b462a76fac9a1e16417060646cdfbb30a2ae1 Author: Stefan Metzmacher <me...@samba.org> Date: Tue Oct 6 10:18:06 2015 +0200 s4:rpc_server: implement bind time feature negotiation For now we don't really support any negotiated features. Signed-off-by: Stefan Metzmacher <me...@samba.org> Reviewed-by: Andreas Schneider <a...@samba.org> commit 6d70989c5c66d24741ff2b43a74548dc916bdb4f Author: Stefan Metzmacher <me...@samba.org> Date: Fri Oct 23 15:39:34 2015 +0200 python/tests: add presentation context related tests to dcerpc raw protocol tests Signed-off-by: Stefan Metzmacher <me...@samba.org> Reviewed-by: Andreas Schneider <a...@samba.org> commit 00363cd2673a5ac8702acf2b4bf08cb6abc7c213 Author: Stefan Metzmacher <me...@samba.org> Date: Wed Aug 31 15:05:37 2016 +0200 python/tests: remove unused code in _test_auth_none_level_bind() Signed-off-by: Stefan Metzmacher <me...@samba.org> Reviewed-by: Andreas Schneider <a...@samba.org> commit 1edf3d89c4aa2a4dddd1ad03f0eb44fb9fa3e31e Author: Stefan Metzmacher <me...@samba.org> Date: Tue Oct 6 10:18:06 2015 +0200 s4:rpc_server: process all provided presentation contexts We should respond with an explicit result for each presentation context, while we also accept one new context per BIND/ALTER_CONTEXT. For now we still only support NDR32, but adding NDR64 should be fairly easy now. Signed-off-by: Stefan Metzmacher <me...@samba.org> Reviewed-by: Andreas Schneider <a...@samba.org> commit 450e00a8a7e987f52600573c04f0a0f7d4d3885e Author: Stefan Metzmacher <me...@samba.org> Date: Tue Aug 30 14:35:34 2016 +0200 s4:rpc_server: it's not a protocol error to do an alter context with an unknown transfer syntax Windows 2012R2 only returns a protocol error if the client wants to change between supported transfer syntaxes, e.g. from NDR32 to NDR64. If the proposed transfer syntax is not known to the server, the request will be silently ignored. Signed-off-by: Stefan Metzmacher <me...@samba.org> Reviewed-by: Andreas Schneider <a...@samba.org> commit 3d179d86fafe281a9c9f93e8fb996bf2ee1fa10c Author: Stefan Metzmacher <me...@samba.org> Date: Sun Jun 28 13:15:33 2015 +0200 s4:rpc_server: split out a dcesrv_check_or_create_context() function Signed-off-by: Stefan Metzmacher <me...@samba.org> Reviewed-by: Andreas Schneider <a...@samba.org> commit ae7e7bd1b79c815d644a79a3809bff58a46c617a Author: Stefan Metzmacher <me...@samba.org> Date: Tue Aug 16 06:40:21 2016 +0200 s4:rpc_server: use call->conn instead of call->context->conn It's the same, but call->context might be NULL in future. Signed-off-by: Stefan Metzmacher <me...@samba.org> Reviewed-by: Günther Deschner <g...@samba.org> Reviewed-by: Andreas Schneider <a...@samba.org> commit 0955218b570a35a99757074be081d1bdc48a21d9 Author: Stefan Metzmacher <me...@samba.org> Date: Tue Aug 16 06:33:41 2016 +0200 s4:rpc_server: move dcesrv_alter_resp Signed-off-by: Stefan Metzmacher <me...@samba.org> Reviewed-by: Günther Deschner <g...@samba.org> Reviewed-by: Andreas Schneider <a...@samba.org> commit 24643253588e238a9766fe34ecca78ec5bb1636e Author: Stefan Metzmacher <me...@samba.org> Date: Wed Aug 31 21:43:14 2016 +0200 s4:rpc_server: add DCERPC_AUTH_LEVEL_PACKET support This is basically an alias for DCERPC_AUTH_LEVEL_INTEGRITY in the context of connection oriented DCERPC. Signed-off-by: Stefan Metzmacher <me...@samba.org> Reviewed-by: Günther Deschner <g...@samba.org> Reviewed-by: Andreas Schneider <a...@samba.org> commit 05fd543a7874a40b9457839b090891468d29cef3 Author: Stefan Metzmacher <me...@samba.org> Date: Thu Sep 1 10:35:13 2016 +0200 s4:rpc_server: check the auth_pad_length overflow before calling gensec_[check,unseal]_packet() Signed-off-by: Stefan Metzmacher <me...@samba.org> Reviewed-by: Günther Deschner <g...@samba.org> Reviewed-by: Andreas Schneider <a...@samba.org> commit c5dec0e41cf18ba1f787e848106985a8b9aee201 Author: Stefan Metzmacher <me...@samba.org> Date: Thu Sep 1 10:31:04 2016 +0200 s4:rpc_server: let dcesrv_auth_request() set a fault_code gensec_check_packet() and gensec_unseal_packet() failures should generate DCERPC_FAULT_SEC_PKG_ERROR. Signed-off-by: Stefan Metzmacher <me...@samba.org> Reviewed-by: Günther Deschner <g...@samba.org> Reviewed-by: Andreas Schneider <a...@samba.org> commit f33e4a70d7ca6b20a5bd08af35333c5cfc86308d Author: Stefan Metzmacher <me...@samba.org> Date: Wed Aug 31 21:39:25 2016 +0200 s4:rpc_server: set the full DCERPC_BIND_NAK_REASON_* in dcesrv_bind() This is required in order to support DCERPC_BIND_NAK_REASON_INVALID_AUTH_TYPE vs. DCERPC_BIND_NAK_REASON_INVALID_CHECKSUM. Signed-off-by: Stefan Metzmacher <me...@samba.org> Reviewed-by: Günther Deschner <g...@samba.org> Reviewed-by: Andreas Schneider <a...@samba.org> commit 0ef4911d95555ad9da1b54be76e0dbaea73261d1 Author: Stefan Metzmacher <me...@samba.org> Date: Mon Aug 29 18:37:00 2016 +0200 s4:rpc_server: set DCERPC_PFC_FLAG_DID_NOT_EXECUTE for DCERPC_FAULT_OP_RNG_ERROR Signed-off-by: Stefan Metzmacher <me...@samba.org> Reviewed-by: Günther Deschner <g...@samba.org> Reviewed-by: Andreas Schneider <a...@samba.org> commit 0271fdaabedf2bbea7a5f6ee46df4c3263c5945f Author: Stefan Metzmacher <me...@samba.org> Date: Thu Aug 18 14:17:58 2016 +0200 s4:rpc_server: a fault with UNKNOWN_IF should have DID_NOT_EXECUTE set Signed-off-by: Stefan Metzmacher <me...@samba.org> Reviewed-by: Günther Deschner <g...@samba.org> Reviewed-by: Andreas Schneider <a...@samba.org> commit 6917a1c28fd3e7f3522e81b7370e04913d7b755d Author: Stefan Metzmacher <me...@samba.org> Date: Tue Oct 6 12:25:53 2015 +0200 s4:librpc/rpc: implement bind_time_feature negotiation Signed-off-by: Stefan Metzmacher <me...@samba.org> Reviewed-by: Günther Deschner <g...@samba.org> Reviewed-by: Andreas Schneider <a...@samba.org> commit 3d51359c86c05ec74220afb122d806fa5045c65f Author: Stefan Metzmacher <me...@samba.org> Date: Tue Feb 17 08:38:36 2015 +0100 s4:librpc/rpc: force printing in dcerpc_bh_do_ndr_print() log level >= 11 Signed-off-by: Stefan Metzmacher <me...@samba.org> Reviewed-by: Günther Deschner <g...@samba.org> Reviewed-by: Andreas Schneider <a...@samba.org> commit 10e97240efb3dc22142769c25b2c7e2d4475402d Author: Stefan Metzmacher <me...@samba.org> Date: Wed Oct 28 16:06:30 2015 +0100 s4:librpc/rpc: make use of dcerpc_pull_ncacn_packet() Signed-off-by: Stefan Metzmacher <me...@samba.org> Reviewed-by: Günther Deschner <g...@samba.org> Reviewed-by: Andreas Schneider <a...@samba.org> commit 1c34351afccc7e47bc931a9efd031304bf095a2c Author: Stefan Metzmacher <me...@samba.org> Date: Wed Oct 28 12:27:43 2015 +0100 librpc/rpc: make use of dcerpc_pull_ncacn_packet() in dcerpc_read_ncacn_packet_done() Signed-off-by: Stefan Metzmacher <me...@samba.org> Reviewed-by: Günther Deschner <g...@samba.org> Reviewed-by: Andreas Schneider <a...@samba.org> commit fc65e48cbef3a6fe2171fda069f77e7d561b6c3f Author: Stefan Metzmacher <me...@samba.org> Date: Wed Oct 28 12:23:00 2015 +0100 librpc/rpc: move dcerpc_pull_ncacn_packet() from source3/librpc/rpc/ to the toplevel Signed-off-by: Stefan Metzmacher <me...@samba.org> Reviewed-by: Günther Deschner <g...@samba.org> Reviewed-by: Andreas Schneider <a...@samba.org> commit ab7868a9646f295c0edf534b84b47a5e7dc9f7d9 Author: Stefan Metzmacher <me...@samba.org> Date: Wed Oct 28 12:21:43 2015 +0100 s3:librpc: move NDR_PRINT_DEBUG() into the caller of dcerpc_pull_ncacn_packet() Signed-off-by: Stefan Metzmacher <me...@samba.org> Reviewed-by: Günther Deschner <g...@samba.org> Reviewed-by: Andreas Schneider <a...@samba.org> commit 1bfba2c5161c0e27f8c27301f258360aedf1b018 Author: Stefan Metzmacher <me...@samba.org> Date: Wed Oct 28 12:16:05 2015 +0100 s3:librpc: remove bigendian argument from dcerpc_pull_ncacn_packet() We should get this from the packet itself. Signed-off-by: Stefan Metzmacher <me...@samba.org> Reviewed-by: Günther Deschner <g...@samba.org> Reviewed-by: Andreas Schneider <a...@samba.org> commit 3c6781ee4e1990c4e9700f2e8bb228ebeec340e9 Author: Stefan Metzmacher <me...@samba.org> Date: Tue Sep 27 18:17:42 2016 +0200 dcerpc.idl: add DCERPC_FAULT_SERVER_UNAVAILABLE Signed-off-by: Stefan Metzmacher <me...@samba.org> Reviewed-by: Andreas Schneider <a...@samba.org> commit 4400d3bde58551cf504c99e9d82041d597ee5eeb Author: Stefan Metzmacher <me...@samba.org> Date: Tue Sep 6 15:41:30 2016 +0200 dcerpc.idl: remove unused dcerpc_request._pad typedef struct { uint32 alloc_hint; uint16 context_id; uint16 opnum; /* * NDR_DCERPC_REQUEST_OBJECT_PRESENT * is defined differently for ndr_dcerpc.c and py_dcerpc.c */ [switch_is(NDR_DCERPC_REQUEST_OBJECT_PRESENT)] dcerpc_object object; [flag(NDR_REMAINING)] DATA_BLOB stub_and_verifier; } dcerpc_request; - the generic dcerpc header has a size of 16 bytes. - alloc_hint, context_id and opnum are 8 bytes together. - dcerpc_object is 0 or 16 bytes. That means stub_and_verifier is always aligned to 8 bytes (either at offset 24 or 40). Signed-off-by: Stefan Metzmacher <me...@samba.org> Reviewed-by: Andreas Schneider <a...@samba.org> commit 81d730edb59d3ab000fc28b23c3758fffca60c98 Author: Stefan Metzmacher <me...@samba.org> Date: Tue Oct 13 16:00:40 2015 +0200 dcerpc.idl: replace dcerpc_response._pad with a uint8 reserved typedef struct { uint32 alloc_hint; uint16 context_id; uint8 cancel_count; [value(0)] uint8 reserved; [flag(NDR_REMAINING)] DATA_BLOB stub_and_verifier; } dcerpc_response; - the generic dcerpc header has a size of 16 bytes - alloc_hint, context_id, cancel_count and reserved are 8 bytes together So stub_and_verifier is 8 byte aligned at offset 24. Signed-off-by: Stefan Metzmacher <me...@samba.org> Reviewed-by: Andreas Schneider <a...@samba.org> commit 071fe8d50fbf60e9da076093203fa40ffda2672b Author: Stefan Metzmacher <me...@samba.org> Date: Tue Sep 6 15:38:14 2016 +0200 s4:rpc_server: skip setting of dcerpc_request._pad This is marked as [flag(NDR_ALIGN8)] DATA_BLOB _pad; and ndr_push_dcerpc_request() will just ignore the content and align to 8 bytes with zero padding. Signed-off-by: Stefan Metzmacher <me...@samba.org> Reviewed-by: Andreas Schneider <a...@samba.org> commit 96d317def154f77f5bf1e5f67349816cd1115f48 Author: Stefan Metzmacher <me...@samba.org> Date: Tue Sep 20 03:26:22 2016 +0200 dcerpc.idl: add dcerpc_fault_flags bitmap Signed-off-by: Stefan Metzmacher <me...@samba.org> Reviewed-by: Günther Deschner <g...@samba.org> Reviewed-by: Andreas Schneider <a...@samba.org> commit 44648961671fe6b42780ab3fa95739233bad4894 Author: Stefan Metzmacher <me...@samba.org> Date: Fri Oct 9 06:51:16 2015 +0200 dcerpc.idl: split the padding from a possible fault buffer in dcerpc_fault The 4 bytes of padding are always present and part of the header. Signed-off-by: Stefan Metzmacher <me...@samba.org> Reviewed-by: Günther Deschner <g...@samba.org> Reviewed-by: Andreas Schneider <a...@samba.org> commit 0bc10e7c462065d9a1dcb27713e726f4a4e56266 Author: Stefan Metzmacher <me...@samba.org> Date: Wed Oct 28 16:11:22 2015 +0100 dcerpc.idl: remove unused DCERPC_AUTH_LEVEL_DEFAULT Also the default should not be DCERPC_AUTH_LEVEL_CONNECT Signed-off-by: Stefan Metzmacher <me...@samba.org> Reviewed-by: Günther Deschner <g...@samba.org> Reviewed-by: Andreas Schneider <a...@samba.org> commit 81b09128637e154fc2b5749a1b09068caab1e974 Author: Stefan Metzmacher <me...@samba.org> Date: Wed Aug 31 21:57:31 2016 +0200 auth/gensec: handle DCERPC_AUTH_LEVEL_PACKET similar to DCERPC_AUTH_LEVEL_INTEGRITY Signed-off-by: Stefan Metzmacher <me...@samba.org> Reviewed-by: Günther Deschner <g...@samba.org> Reviewed-by: Andreas Schneider <a...@samba.org> commit 5204ad6a14d4ff4ecb5ed38e2a8680426bb5ed52 Author: Stefan Metzmacher <me...@samba.org> Date: Thu Sep 1 11:00:54 2016 +0200 auth/gensec: only require GENSEC_FEATURE_SIGN for DCERPC_AUTH_LEVEL_INTEGRITY as client On the server this check is deferred to the first request. Signed-off-by: Stefan Metzmacher <me...@samba.org> Reviewed-by: Günther Deschner <g...@samba.org> Reviewed-by: Andreas Schneider <a...@samba.org> commit 5db81a11013541eb9c543501e37d670471727cee Author: Stefan Metzmacher <me...@samba.org> Date: Thu Sep 1 10:54:17 2016 +0200 auth/gensec: always verify the wanted SIGN/SEAL flags Signed-off-by: Stefan Metzmacher <me...@samba.org> Reviewed-by: Günther Deschner <g...@samba.org> Reviewed-by: Andreas Schneider <a...@samba.org> commit 3a0b835408a6efa339e8b34333906bfe3aacd6e3 Author: Stefan Metzmacher <me...@samba.org> Date: Thu Sep 1 10:58:16 2016 +0200 s4:ldap_server: don't use gensec_want_feature(gensec_security, GENSEC_FEATURE_{SIGN,SEAL}) as server They're always supported and using gensec_want_feature() on them would require them in future. Signed-off-by: Stefan Metzmacher <me...@samba.org> Reviewed-by: Günther Deschner <g...@samba.org> Reviewed-by: Andreas Schneider <a...@samba.org> commit 3c27a10e1c77ce82dabcb68338155bc52c97a527 Author: Stefan Metzmacher <me...@samba.org> Date: Thu Sep 1 10:58:16 2016 +0200 s3:ntlm_auth: don't use gensec_want_feature(gensec_security, GENSEC_FEATURE_{SIGN,SEAL}) as server They're always supported and using gensec_want_feature() on them would require them in future. Signed-off-by: Stefan Metzmacher <me...@samba.org> Reviewed-by: Günther Deschner <g...@samba.org> Reviewed-by: Andreas Schneider <a...@samba.org> commit 77adac8c3cd2f7419894d18db735782c9646a202 Author: Stefan Metzmacher <me...@samba.org> Date: Thu Sep 1 10:56:57 2016 +0200 auth/ntlmssp: always allow NTLMSSP_NEGOTIATE_{SIGN,SEAL} in gensec_ntlmssp_server_start() Signed-off-by: Stefan Metzmacher <me...@samba.org> Reviewed-by: Günther Deschner <g...@samba.org> Reviewed-by: Andreas Schneider <a...@samba.org> commit b827a7e8605ada8af6121177c280ef3b436a6c73 Author: Stefan Metzmacher <me...@samba.org> Date: Fri Sep 2 08:20:37 2016 +0200 s3:gse: pass gss_got_flags to gssapi_get_sig_size() We need to calculate the signature length based on the negotiated flags. This is most important on the server side where, gss_accept_sec_context() doesn't get gss_want_flags, but fills gss_got_flags. Signed-off-by: Stefan Metzmacher <me...@samba.org> Reviewed-by: Günther Deschner <g...@samba.org> Reviewed-by: Andreas Schneider <a...@samba.org> commit f0afefefe41b0f8c19392f05476eb03d7911958b Author: Stefan Metzmacher <me...@samba.org> Date: Fri Sep 2 08:20:37 2016 +0200 s4:gensec_gssapi: pass gss_got_flags to gssapi_get_sig_size() We need to calculate the signature length based on the negotiated flags. This is most important on the server side where, gss_accept_sec_context() doesn't get gss_want_flags, but fills gss_got_flags. Signed-off-by: Stefan Metzmacher <me...@samba.org> Reviewed-by: Günther Deschner <g...@samba.org> Reviewed-by: Andreas Schneider <a...@samba.org> commit cca980eb5124261379aa821a1f5dc5dac9c9b04b Author: Stefan Metzmacher <me...@samba.org> Date: Mon Sep 5 09:00:30 2016 +0200 s4:gensec_krb5: also report support for GENSEC_FEATURE_SIGN as krb5_mk_priv() provides sign and seal Signed-off-by: Stefan Metzmacher <me...@samba.org> Reviewed-by: Günther Deschner <g...@samba.org> Reviewed-by: Andreas Schneider <a...@samba.org> commit 6fb4453d1e2814674aa5f6fc70ae85d297a0b60d Author: Stefan Metzmacher <me...@samba.org> Date: Thu Sep 1 10:52:34 2016 +0200 gensec/spnego: remember the wanted features also on the main gensec context Signed-off-by: Stefan Metzmacher <me...@samba.org> Reviewed-by: Günther Deschner <g...@samba.org> Reviewed-by: Andreas Schneider <a...@samba.org> commit 00e417ffa026025e9ebb6be0d6858b574b7422c1 Author: Stefan Metzmacher <me...@samba.org> Date: Thu Sep 15 11:46:33 2016 +0200 libcli/smb: handle a talloc_free() on an unsent smb1 request When a the higher level does a TALLOC_FREE() on an already queued request, we need to check whether we already sent a byte, if not we can try to unwind the smb1 signing sequence number, if there was only one pending request, in all other cases we need to disconnect the connection. I noticed that when seeing during an smb1cli_close() from tstream_smbXcli_np_destructor(). TODO: we may want to have a similar smbXcli_conn_cancel_read_req() in future. Signed-off-by: Stefan Metzmacher <me...@samba.org> Reviewed-by: Andreas Schneider <a...@samba.org> commit 4c08920b8389ddc646ac1793930fefb9f2b92cc9 Author: Stefan Metzmacher <me...@samba.org> Date: Thu Sep 15 11:41:56 2016 +0200 lib/async_req: add writev_cancel() Signed-off-by: Stefan Metzmacher <me...@samba.org> Reviewed-by: Andreas Schneider <a...@samba.org> commit 754672ce7678a686718179731225c7cc4e13db36 Author: Matthieu Patou <m...@matws.net> Date: Wed Sep 25 16:41:03 2013 -0700 s4:librpc/rpc: do not use stack allocated variables for async requests Signed-off-by: Matthieu Patou <m...@matws.net> Reviewed-by: Stefan Metzmacher <me...@samba.org> Reviewed-by: Andreas Schneider <a...@samba.org> ----------------------------------------------------------------------- Summary of changes: auth/gensec/gensec.c | 43 +- auth/gensec/gensec_start.c | 12 +- auth/gensec/spnego.c | 2 +- auth/ntlmssp/gensec_ntlmssp_server.c | 8 + lib/async_req/async_sock.c | 38 +- libcli/smb/smbXcli_base.c | 139 +- librpc/idl/dcerpc.idl | 25 +- librpc/ndr/ndr_dcerpc.c | 82 ++ librpc/rpc/binding.c | 3 + librpc/rpc/binding_handle.c | 18 +- librpc/rpc/dcerpc_error.c | 1 + librpc/rpc/dcerpc_util.c | 403 +++++- librpc/rpc/rpc_common.h | 25 + librpc/wscript_build | 2 +- pidl/lib/Parse/Pidl/NDR.pm | 24 +- pidl/lib/Parse/Pidl/Samba4/Python.pm | 870 ++++++++++- python/samba/ndr.py | 87 +- python/samba/tests/__init__.py | 459 +++++- python/samba/tests/dcerpc/raw_protocol.py | 2219 ++++++++++++++++++++++++++--- selftest/knownfail | 12 + source3/librpc/crypto/gse.c | 2 +- source3/librpc/rpc/dcerpc.h | 4 - source3/librpc/rpc/dcerpc_helpers.c | 60 +- source3/rpc_client/cli_pipe.c | 13 +- source3/rpc_server/rpc_ncacn_np.c | 22 +- source3/rpc_server/rpc_ncacn_np.h | 2 +- source3/rpc_server/srv_pipe.c | 6 +- source3/rpcclient/rpcclient.c | 46 + source3/selftest/tests.py | 2 +- source3/utils/ntlm_auth.c | 3 - source3/winbindd/winbindd_cm.c | 2 +- source4/auth/gensec/gensec_gssapi.c | 2 +- source4/auth/gensec/gensec_krb5.c | 17 +- source4/ldap_server/ldap_bind.c | 2 - source4/librpc/rpc/dcerpc.c | 420 ++---- source4/librpc/rpc/dcerpc.h | 4 + source4/librpc/rpc/dcerpc_auth.c | 24 +- source4/librpc/rpc/dcerpc_sock.c | 6 +- source4/librpc/rpc/dcerpc_util.c | 18 +- source4/librpc/rpc/pyrpc.h | 13 - source4/librpc/rpc/pyrpc_util.c | 93 ++ source4/librpc/rpc/pyrpc_util.h | 5 + source4/librpc/tests/binding_string.c | 19 + source4/rpc_server/common/reply.c | 37 +- source4/rpc_server/dcerpc_server.c | 641 ++++++--- source4/rpc_server/dcerpc_server.h | 11 + source4/rpc_server/dcesrv_auth.c | 310 ++-- source4/rpc_server/remote/dcesrv_remote.c | 17 +- source4/selftest/tests.py | 5 +- source4/torture/rpc/echo.c | 17 + source4/torture/rpc/handles.c | 33 +- source4/torture/rpc/rpc.c | 8 +- source4/torture/rpc/witness.c | 2 +- 53 files changed, 5046 insertions(+), 1292 deletions(-) Changeset truncated at 500 lines: diff --git a/auth/gensec/gensec.c b/auth/gensec/gensec.c index 3f3c31b..373af5c 100644 --- a/auth/gensec/gensec.c +++ b/auth/gensec/gensec.c @@ -227,45 +227,32 @@ _PUBLIC_ size_t gensec_max_update_size(struct gensec_security *gensec_security) return gensec_security->max_update_size; } -static NTSTATUS gensec_verify_dcerpc_auth_level(struct gensec_security *gensec_security) +static NTSTATUS gensec_verify_features(struct gensec_security *gensec_security) { - if (gensec_security->dcerpc_auth_level == 0) { - return NT_STATUS_OK; - } - /* - * Because callers using the - * gensec_start_mech_by_auth_type() never call - * gensec_want_feature(), it isn't sensible for them - * to have to call gensec_have_feature() manually, and - * these are not points of negotiation, but are - * asserted by the client + * gensec_want_feature(GENSEC_FEATURE_SIGN) + * and + * gensec_want_feature(GENSEC_FEATURE_SEAL) + * require these flags to be available. */ - switch (gensec_security->dcerpc_auth_level) { - case DCERPC_AUTH_LEVEL_INTEGRITY: + if (gensec_security->want_features & GENSEC_FEATURE_SIGN) { if (!gensec_have_feature(gensec_security, GENSEC_FEATURE_SIGN)) { DEBUG(0,("Did not manage to negotiate mandatory feature " - "SIGN for dcerpc auth_level %u\n", - gensec_security->dcerpc_auth_level)); + "SIGN\n")); return NT_STATUS_ACCESS_DENIED; } - break; - case DCERPC_AUTH_LEVEL_PRIVACY: - if (!gensec_have_feature(gensec_security, GENSEC_FEATURE_SIGN)) { + } + if (gensec_security->want_features & GENSEC_FEATURE_SEAL) { + if (!gensec_have_feature(gensec_security, GENSEC_FEATURE_SEAL)) { DEBUG(0,("Did not manage to negotiate mandatory feature " - "SIGN for dcerpc auth_level %u\n", - gensec_security->dcerpc_auth_level)); + "SEAL\n")); return NT_STATUS_ACCESS_DENIED; } - if (!gensec_have_feature(gensec_security, GENSEC_FEATURE_SEAL)) { + if (!gensec_have_feature(gensec_security, GENSEC_FEATURE_SIGN)) { DEBUG(0,("Did not manage to negotiate mandatory feature " - "SEAL for dcerpc auth_level %u\n", - gensec_security->dcerpc_auth_level)); + "SIGN for SEAL\n")); return NT_STATUS_ACCESS_DENIED; } - break; - default: - break; } return NT_STATUS_OK; @@ -315,7 +302,7 @@ _PUBLIC_ NTSTATUS gensec_update_ev(struct gensec_security *gensec_security, * these are not points of negotiation, but are * asserted by the client */ - status = gensec_verify_dcerpc_auth_level(gensec_security); + status = gensec_verify_features(gensec_security); if (!NT_STATUS_IS_OK(status)) { return status; } @@ -490,7 +477,7 @@ static void gensec_update_subreq_done(struct tevent_req *subreq) * these are not points of negotiation, but are * asserted by the client */ - status = gensec_verify_dcerpc_auth_level(state->gensec_security); + status = gensec_verify_features(state->gensec_security); if (tevent_req_nterror(req, status)) { return; } diff --git a/auth/gensec/gensec_start.c b/auth/gensec/gensec_start.c index 1e61627..31a5559 100644 --- a/auth/gensec/gensec_start.c +++ b/auth/gensec/gensec_start.c @@ -742,7 +742,17 @@ _PUBLIC_ NTSTATUS gensec_start_mech_by_authtype(struct gensec_security *gensec_s gensec_want_feature(gensec_security, GENSEC_FEATURE_DCE_STYLE); gensec_want_feature(gensec_security, GENSEC_FEATURE_ASYNC_REPLIES); if (auth_level == DCERPC_AUTH_LEVEL_INTEGRITY) { - gensec_want_feature(gensec_security, GENSEC_FEATURE_SIGN); + if (gensec_security->gensec_role == GENSEC_CLIENT) { + gensec_want_feature(gensec_security, GENSEC_FEATURE_SIGN); + } + } else if (auth_level == DCERPC_AUTH_LEVEL_PACKET) { + /* + * For connection oriented DCERPC DCERPC_AUTH_LEVEL_PACKET (4) + * has the same behavior as DCERPC_AUTH_LEVEL_INTEGRITY (5). + */ + if (gensec_security->gensec_role == GENSEC_CLIENT) { + gensec_want_feature(gensec_security, GENSEC_FEATURE_SIGN); + } } else if (auth_level == DCERPC_AUTH_LEVEL_PRIVACY) { gensec_want_feature(gensec_security, GENSEC_FEATURE_SIGN); gensec_want_feature(gensec_security, GENSEC_FEATURE_SEAL); diff --git a/auth/gensec/spnego.c b/auth/gensec/spnego.c index 5f5047a..4787892 100644 --- a/auth/gensec/spnego.c +++ b/auth/gensec/spnego.c @@ -1571,8 +1571,8 @@ static void gensec_spnego_want_feature(struct gensec_security *gensec_security, { struct spnego_state *spnego_state = (struct spnego_state *)gensec_security->private_data; + gensec_security->want_features |= feature; if (!spnego_state || !spnego_state->sub_sec_security) { - gensec_security->want_features |= feature; return; } diff --git a/auth/ntlmssp/gensec_ntlmssp_server.c b/auth/ntlmssp/gensec_ntlmssp_server.c index 99cedd0..da0cd50 100644 --- a/auth/ntlmssp/gensec_ntlmssp_server.c +++ b/auth/ntlmssp/gensec_ntlmssp_server.c @@ -167,6 +167,14 @@ NTSTATUS gensec_ntlmssp_server_start(struct gensec_security *gensec_security) ntlmssp_state->neg_flags |= NTLMSSP_NEGOTIATE_LM_KEY; } + /* + * We always allow NTLMSSP_NEGOTIATE_SIGN and NTLMSSP_NEGOTIATE_SEAL. + * + * These will be removed if the client doesn't want them. + */ + ntlmssp_state->neg_flags |= NTLMSSP_NEGOTIATE_SIGN; + ntlmssp_state->neg_flags |= NTLMSSP_NEGOTIATE_SEAL; + if (gensec_security->want_features & GENSEC_FEATURE_SESSION_KEY) { ntlmssp_state->neg_flags |= NTLMSSP_NEGOTIATE_SIGN; } diff --git a/lib/async_req/async_sock.c b/lib/async_req/async_sock.c index 3af1748..db3916e 100644 --- a/lib/async_req/async_sock.c +++ b/lib/async_req/async_sock.c @@ -235,6 +235,7 @@ int async_connect_recv(struct tevent_req *req, int *perrno) struct writev_state { struct tevent_context *ev; + struct tevent_queue_entry *queue_entry; int fd; struct tevent_fd *fde; struct iovec *iov; @@ -246,6 +247,7 @@ struct writev_state { static void writev_cleanup(struct tevent_req *req, enum tevent_req_state req_state); +static bool writev_cancel(struct tevent_req *req); static void writev_trigger(struct tevent_req *req, void *private_data); static void writev_handler(struct tevent_context *ev, struct tevent_fd *fde, uint16_t flags, void *private_data); @@ -275,6 +277,7 @@ struct tevent_req *writev_send(TALLOC_CTX *mem_ctx, struct tevent_context *ev, state->err_on_readability = err_on_readability; tevent_req_set_cleanup_fn(req, writev_cleanup); + tevent_req_set_cancel_fn(req, writev_cancel); if (queue == NULL) { state->fde = tevent_add_fd(state->ev, state, state->fd, @@ -285,8 +288,9 @@ struct tevent_req *writev_send(TALLOC_CTX *mem_ctx, struct tevent_context *ev, return req; } - if (!tevent_queue_add(queue, ev, req, writev_trigger, NULL)) { - tevent_req_oom(req); + state->queue_entry = tevent_queue_add_entry(queue, ev, req, + writev_trigger, NULL); + if (tevent_req_nomem(state->queue_entry, req)) { return tevent_req_post(req, ev); } return req; @@ -297,13 +301,43 @@ static void writev_cleanup(struct tevent_req *req, { struct writev_state *state = tevent_req_data(req, struct writev_state); + TALLOC_FREE(state->queue_entry); TALLOC_FREE(state->fde); } +static bool writev_cancel(struct tevent_req *req) +{ + struct writev_state *state = tevent_req_data(req, struct writev_state); + + TALLOC_FREE(state->queue_entry); + TALLOC_FREE(state->fde); + + if (state->count == 0) { + /* + * already completed. + */ + return false; + } + + tevent_req_defer_callback(req, state->ev); + if (state->total_size > 0) { + /* + * We've already started to write :-( + */ + tevent_req_error(req, EIO); + return false; + } + + tevent_req_error(req, ECANCELED); + return true; +} + static void writev_trigger(struct tevent_req *req, void *private_data) { struct writev_state *state = tevent_req_data(req, struct writev_state); + state->queue_entry = NULL; + state->fde = tevent_add_fd(state->ev, state, state->fd, state->flags, writev_handler, req); if (tevent_req_nomem(state->fde, req)) { diff --git a/libcli/smb/smbXcli_base.c b/libcli/smb/smbXcli_base.c index 0a2473e..e24090d 100644 --- a/libcli/smb/smbXcli_base.c +++ b/libcli/smb/smbXcli_base.c @@ -839,6 +839,70 @@ static uint16_t smb1cli_alloc_mid(struct smbXcli_conn *conn) } } +static NTSTATUS smbXcli_req_cancel_write_req(struct tevent_req *req) +{ + struct smbXcli_req_state *state = + tevent_req_data(req, + struct smbXcli_req_state); + struct smbXcli_conn *conn = state->conn; + size_t num_pending = talloc_array_length(conn->pending); + ssize_t ret; + int err; + bool ok; + + if (state->write_req == NULL) { + return NT_STATUS_OK; + } + + /* + * Check if it's possible to cancel the request. + * If the result is true it's not to late. + * See writev_cancel(). + */ + ok = tevent_req_cancel(state->write_req); + if (ok) { + TALLOC_FREE(state->write_req); + + if (conn->protocol >= PROTOCOL_SMB2_02) { + /* + * SMB2 has a sane signing state. + */ + return NT_STATUS_OK; + } + + if (num_pending > 1) { + /* + * We have more pending requests following us. This + * means the signing state will be broken for them. + * + * As a solution we could add the requests directly to + * our outgoing queue and do the signing in the trigger + * function and then use writev_send() without passing a + * queue. That way we'll only sign packets we're most + * likely send to the wire. + */ + return NT_STATUS_REQUEST_OUT_OF_SEQUENCE; + } + + /* + * If we're the only request that's + * pending, we're able to recover the signing + * state. + */ + smb_signing_cancel_reply(conn->smb1.signing, + state->smb1.one_way_seqnum); + return NT_STATUS_OK; + } + + ret = writev_recv(state->write_req, &err); + TALLOC_FREE(state->write_req); + if (ret == -1) { + return map_nt_error_from_unix_common(err); + } + + return NT_STATUS_OK; +} + void smbXcli_req_unset_pending(struct tevent_req *req) { struct smbXcli_req_state *state = @@ -847,14 +911,23 @@ void smbXcli_req_unset_pending(struct tevent_req *req) struct smbXcli_conn *conn = state->conn; size_t num_pending = talloc_array_length(conn->pending); size_t i; + NTSTATUS cancel_status; - TALLOC_FREE(state->write_req); + cancel_status = smbXcli_req_cancel_write_req(req); if (state->smb1.mid != 0) { /* * This is a [nt]trans[2] request which waits * for more than one reply. */ + if (!NT_STATUS_IS_OK(cancel_status)) { + /* + * If the write_req cancel didn't work + * we can't use the connection anymore. + */ + smbXcli_conn_disconnect(conn, cancel_status); + return; + } return; } @@ -866,8 +939,18 @@ void smbXcli_req_unset_pending(struct tevent_req *req) * conn->pending. So if nothing is pending anymore, we need to * delete the socket read fde. */ + /* TODO: smbXcli_conn_cancel_read_req */ TALLOC_FREE(conn->pending); conn->read_smb_req = NULL; + + if (!NT_STATUS_IS_OK(cancel_status)) { + /* + * If the write_req cancel didn't work + * we can't use the connection anymore. + */ + smbXcli_conn_disconnect(conn, cancel_status); + return; + } return; } @@ -882,6 +965,15 @@ void smbXcli_req_unset_pending(struct tevent_req *req) * right thing nevertheless, the point of this routine is to * remove ourselves from conn->pending. */ + + if (!NT_STATUS_IS_OK(cancel_status)) { + /* + * If the write_req cancel didn't work + * we can't use the connection anymore. + */ + smbXcli_conn_disconnect(conn, cancel_status); + return; + } return; } @@ -898,6 +990,15 @@ void smbXcli_req_unset_pending(struct tevent_req *req) */ conn->pending = talloc_realloc(NULL, conn->pending, struct tevent_req *, num_pending - 1); + + if (!NT_STATUS_IS_OK(cancel_status)) { + /* + * If the write_req cancel didn't work + * we can't use the connection anymore. + */ + smbXcli_conn_disconnect(conn, cancel_status); + return; + } return; } @@ -907,19 +1008,31 @@ static void smbXcli_req_cleanup(struct tevent_req *req, struct smbXcli_req_state *state = tevent_req_data(req, struct smbXcli_req_state); - - TALLOC_FREE(state->write_req); + struct smbXcli_conn *conn = state->conn; + NTSTATUS cancel_status; switch (req_state) { case TEVENT_REQ_RECEIVED: /* * Make sure we really remove it from * the pending array on destruction. + * + * smbXcli_req_unset_pending() calls + * smbXcli_req_cancel_write_req() internal */ state->smb1.mid = 0; smbXcli_req_unset_pending(req); return; default: + cancel_status = smbXcli_req_cancel_write_req(req); + if (!NT_STATUS_IS_OK(cancel_status)) { + /* + * If the write_req cancel didn't work + * we can't use the connection anymore. + */ + smbXcli_conn_disconnect(conn, cancel_status); + return; + } return; } } @@ -1084,6 +1197,8 @@ void smbXcli_conn_disconnect(struct smbXcli_conn *conn, NTSTATUS status) state = tevent_req_data(req, struct smbXcli_req_state); if (state->smb1.chained_requests == NULL) { + bool in_progress; + /* * We're dead. No point waiting for trans2 * replies. @@ -1097,6 +1212,14 @@ void smbXcli_conn_disconnect(struct smbXcli_conn *conn, NTSTATUS status) continue; } + in_progress = tevent_req_is_in_progress(req); + if (!in_progress) { + /* + * already finished + */ + continue; + } + /* * we need to defer the callback, because we may notify * more then one caller. @@ -1110,6 +1233,8 @@ void smbXcli_conn_disconnect(struct smbXcli_conn *conn, NTSTATUS status) num_chained = talloc_array_length(chain); for (i=0; i<num_chained; i++) { + bool in_progress; + req = chain[i]; state = tevent_req_data(req, struct smbXcli_req_state); @@ -1126,6 +1251,14 @@ void smbXcli_conn_disconnect(struct smbXcli_conn *conn, NTSTATUS status) continue; } + in_progress = tevent_req_is_in_progress(req); + if (!in_progress) { + /* + * already finished + */ + continue; + } + /* * we need to defer the callback, because we may notify * more than one caller. diff --git a/librpc/idl/dcerpc.idl b/librpc/idl/dcerpc.idl index 527804d..1e06bc1 100644 --- a/librpc/idl/dcerpc.idl +++ b/librpc/idl/dcerpc.idl @@ -61,7 +61,6 @@ interface dcerpc * is defined differently for ndr_dcerpc.c and py_dcerpc.c */ [switch_is(NDR_DCERPC_REQUEST_OBJECT_PRESENT)] dcerpc_object object; - [flag(NDR_ALIGN8)] DATA_BLOB _pad; [flag(NDR_REMAINING)] DATA_BLOB stub_and_verifier; } dcerpc_request; @@ -146,7 +145,7 @@ interface dcerpc uint32 alloc_hint; uint16 context_id; uint8 cancel_count; - [flag(NDR_ALIGN8)] DATA_BLOB _pad; + [value(0)] uint8 reserved; [flag(NDR_REMAINING)] DATA_BLOB stub_and_verifier; } dcerpc_response; @@ -199,6 +198,7 @@ interface dcerpc DCERPC_NCA_S_FAULT_OBJECT_NOT_FOUND = 0x1C000024, DCERPC_NCA_S_FAULT_NO_CLIENT_STUB = 0x1C000025, DCERPC_FAULT_ACCESS_DENIED = 0x00000005, + DCERPC_FAULT_SERVER_UNAVAILABLE = 0x000006ba, DCERPC_FAULT_NO_CALL_ACTIVE = 0x000006bd, DCERPC_FAULT_CANT_PERFORM = 0x000006d8, DCERPC_FAULT_OUT_OF_RESOURCES = 0x000006d9, @@ -207,7 +207,6 @@ interface dcerpc } dcerpc_nca_status; const int DCERPC_FAULT_OP_RNG_ERROR = DCERPC_NCA_S_OP_RNG_ERROR; - const int DCERPC_FAULT_UNK_IF = DCERPC_NCA_S_UNKNOWN_IF; const int DCERPC_FAULT_NDR = DCERPC_FAULT_BAD_STUB_DATA; const int DCERPC_FAULT_INVALID_TAG = DCERPC_NCA_S_FAULT_INVALID_TAG; const int DCERPC_FAULT_CONTEXT_MISMATCH = DCERPC_NCA_S_FAULT_CONTEXT_MISMATCH; @@ -217,14 +216,22 @@ interface dcerpc to see what fault w2k3 returns in this case */ const int DCERPC_FAULT_TODO = 0x00000042; + typedef [bitmap8bit] bitmap { + DCERPC_FAULT_FLAG_EXTENDED_ERROR_INFORMATION = 0x01 + } dcerpc_fault_flags; + typedef struct { -- Samba Shared Repository