summaryrefslogtreecommitdiff
path: root/source3/rpc_client/cli_pipe.c
AgeCommit message (Collapse)AuthorFilesLines
2000-07-14More functions merged from TNG for rpcclient. They don't all workGerald Carter1-9/+2
currently as I have to do something about the policy handle caching issues. --jerry (This used to be commit 233b074f490b3b01f3a462284aa8117536df0082)
2000-07-07More rpcclient merge issues:Gerald Carter1-1/+1
* fixes some readline bugs from the merge * first attempt at commands (spoolenum almost works) * no changes to existing functions in HEAD; only additions of new functions. I'll weed out what I can as I go. --jerry (This used to be commit 61d2aad5dc2b212b11c981f1eca47efa627e9fc8)
1999-12-13first pass at updating head branch to be to be the same as the SAMBA_2_0 branchAndrew Tridgell1-673/+766
(This used to be commit 453a822a76780063dff23526c35408866d0c0154)
1999-12-12delineation between smb and msrpc more marked. smbd now constructsLuke Leighton1-3/+1
pdus, and then feeds them over either a "local" function call or a "remote" function call to an msrpc service. the "remote" msrpc daemon, on the other side of a unix socket, then calls the same "local" function that smbd would, if the msrpc service were being run from inside smbd. this allows a transition from local msrpc services (inside the same smbd process) to remote (over a unix socket). removed reference to pipes_struct in msrpc services. all msrpc processing functions take rpcsrv_struct which is a structure containing state info for the msrpc functions to decode and create pdus. created become_vuser() which does everything not related to connection_struct that become_user() does. removed, as best i could, connection_struct dependencies from the nt spoolss printing code. todo: remove dcinfo from rpcsrv_struct because this stores NETLOGON-specific info on a per-connection basis, and if the connection dies then so does the info, and that's a fairly serious problem. had to put pretty much everything that is in user_struct into parse_creds.c to feed unix user info over to the msrpc daemons. why? because it's expensive to do unix password/group database lookups, and it's definitely expensive to do nt user profile lookups, not to mention pretty difficult and if you did either of these it would introduce a complication / unnecessary interdependency. so, send uid/gid/num_groups/gid_t* + SID+num_rids+domain_group_rids* + unix username + nt username + nt domain + user session key etc. this is the MINIMUM info identified so far that's actually implemented. missing bits include the called and calling netbios names etc. (basically, anything that can be loaded into standard_sub() and standard_sub_basic()...) (This used to be commit aa3c659a8dba0437c17c60055a6ed30fdfecdb6d)
1999-11-29first attempt at getting \PIPE\NETLOGON working. it's pretty horrible.Luke Leighton1-12/+0
(This used to be commit 44dd3efa6380544e9a515e91960f9271498cefaf)
1999-11-27further abstraction involving client states. main client-side codeLuke Leighton1-18/+4
is pretty much independent of SMB client states, which will make it easier to add other transports. (This used to be commit a1ff7e8fc3129ba4a04722f977bc2d3725d13624)
1999-11-25cool! completed a samr* API that _would_ look like an msdn samr* api...Luke Leighton1-0/+17
if microsoft bothered to publish it. actually, there are good reasons for not publishing it: people might write programs for it, and then those programs wouldn't work on nt5, for example... (This used to be commit 8ce93b80d3b4e1c1e28aa1dde38cdef184eff3c1)
1999-11-24ok. *whew*. this is the first completed part of the restructure.Luke Leighton1-6/+6
verified that lsaquery, lsalookupsids work, and found some bugs in the parameters of these commands :-) soo... we now have an lsa_* api that has the same arguments as the nt Lsa* api! cool! the only significant coding difference is the introduction of a user_credentials structure, containing user, domain, pass and ntlmssp flags. (This used to be commit 57bff6fe82d777e599d535f076efb2328ba1188b)
1999-11-24first stages of removing struct cli_state* and uint16 fnum from allLuke Leighton1-5/+8
msrpc client code. the intent is to hide / abstract / associate connection info behind policy handles. this makes the msrpc functions look more and more like their nt equivalents. who-hou! (This used to be commit c01b18e632aede6fce7264ef6971d7ddba945cfb)
1999-11-21you know what? this sort of thing makes me laugh. hmm, what functionsLuke Leighton1-1/+1
have we got. and what data do we have. hmm.. i wonder what the NTLMv2 user session key can be... hmmm... weell.... there's some hidden data here, generated from the user password that doesn't go over-the-wire, so that's _got_ to be involved. and... that bit of data took a lot of computation to produce, so it's probably _also_ involved... and md4 no, md5? no, how about hmac_md5 yes let's try that one (the other's didn't work) oh goodie, it worked! i love it when this sort of thing happens. took all of fifteen minutes to guess it. tried concatenating client and server challenges. tried concatenating _random_ bits of client and server challenges. tried md5 of the above. tried hmac_md5 of the above. eventually, it boils down to this: kr = MD4(NT#,username,domainname) hmacntchal=hmac_md5(kr, nt server challenge) sess_key = hmac_md5(kr, hmacntchal); (This used to be commit ab174759cd210fe1be888d0c589a5b2669f7ff1e)
1999-11-09debugging rpcclient spoolenum and spooljobs commands. oh, did i forgetLuke Leighton1-2/+2
to mention, there's a spooljobs <printer name> command, and it uses command-line completion? prints out NT print jobs really nicely, too. (This used to be commit e6e5caf16c8d120f0c11fa63061f2786098e3357)
1999-11-06horrible code to do SMBwriteX / SMBreadX for large MSRPC reads. ARGH!Luke Leighton1-93/+127
(This used to be commit 0f9d661ca2560e88a04bc529ba41ac4cf1579fa4)
1999-10-21various. debug levels changed. nmbd doesn't need libsmb/clienttrust.c.Luke Leighton1-6/+21
samr_lookup_rids() moved to a dynamic memory structure not a static one limited to 32 RIDs. cli_pipe.c reading wasn't checking ERRmoredata when DOS error codes negotiated (this terminates MSRPC code with prejudice). (This used to be commit 8976eca2db43576c32069dcda017e8777048e007)
1999-10-14adding CAP_EXTENDED_SECURITY support in a hurry last week. forgot toLuke Leighton1-29/+0
deal with linking issues in other binaries (This used to be commit 57f95a01988fb4035b2e4448f4fd3ef0d652c106)
1999-10-07- added rudimentary CAP_UNICODE support because i thought it was part ofLuke Leighton1-14/+31
a problem i was having. - added rudimentary CAP_STATUS32 support for same reason. - added hard-coded, copy-the-same-data-from-over-the-wire version of CAP_EXTENDED_SECURITY, which is a security-blob to encapsulate GSSAPI which encodes SPNEGO which is used to negotiate Kerberos or NTLMSSP. i have implemented NTLMSSP which negotiates NTLMv1 or NTLMv2 and 40-bit or 128-bit etc. i have implemented NTLMv1 / 40-bit. *whew*. (This used to be commit e5b80bd2f76fda70e41e4a9007eb035dab92ed8e)
1999-07-26renaming AUTH VERIFIER to AUTH NTLMSSP VERIFIER. ready for addingLuke Leighton1-14/+14
another RPC authentication system. (This used to be commit 1a211bafebad8c63d98b5ef275a6272013527c65)
1999-07-22BDC support.Matthew Chapman1-17/+4
Added synchronise_passdb function to update accounts in a BDC's smbpasswd. Improved rpc_read, which was still somewhat broken for multiple PDU's. modify_trust_password must initialise cli.pwd (pwd_set_nullpwd). (This used to be commit 4783ac3968df1c5c8aa0b6ba9144df8b01ae0b99)
1999-07-06use of safe_cli_errstr() and cli_establish_connection().Luke Leighton1-5/+15
(This used to be commit b60eb8c9fc61bf207ab3600eec3ca722403c4d19)
1999-06-29improving authentication code (tidyup).Luke Leighton1-4/+5
(This used to be commit ab1a6aa42db5217f025941fb5107436556bc23b7)
1999-03-23Fixed a typo where the RPC header mem_buffer was initialised as 0x8 bytes longMatthew Chapman1-1/+1
rather than 0x18. Rather nasty, I doubt the client ever worked for multiple PDU's. (This used to be commit 90b6fce780c8dff37a389493be0568923b189ff0)
1998-12-07removed nt_pipe_fnum from struct cli_state. need to be able to callLuke Leighton1-26/+28
LsaLookupSids etc from within SamrQueryAliasMembers, for example. fnum is now a parameter to client functions. thanks to mike black for starting the ball rolling. (This used to be commit bee8f7fa6b0f7f995f71303f4e14a4aaed0c2437)
1998-11-17- group database API. oops and oh dear, the threat has been carried out:Luke Leighton1-1/+0
the pre-alpha "domain group" etc parameters have disappeared. - interactive debug detection - re-added mem_man (andrew's memory management, detects memory corruption) - american spellings of "initialise" replaced with english spelling of "initialise". - started on "lookup_name()" and "lookup_sid()" functions. proper ones. - moved lots of functions around. created some modules of commonly used code. e.g the password file locking code, which is used in groupfile.c and aliasfile.c and smbpass.c - moved RID_TYPE_MASK up another bit. this is really unfortunate, but there is no other "fast" way to identify users from groups from aliases. i do not believe that this code saves us anything (the multipliers) and puts us at a disadvantage (reduces the useable rid space). the designers of NT aren't silly: if they can get away with a user- interface-speed LsaLookupNames / LsaLookupSids, then so can we. i spoke with isaac at the cifs conference, the only time for example that they do a security context check is on file create. certainly not on individual file reads / writes, which would drastically hit their performance and ours, too. - renamed myworkgroup to global_sam_name, amongst other things, when used in the rpc code. there is also a global_member_name, as we are always responsible for a SAM database, the scope of which is limited by the role of the machine (e.g if a member of a workgroup, your SAM is for _local_ logins only, and its name is the name of your server. you even still have a SID. see LsaQueryInfoPolicy, levels 3 and 5). - updated functionality of groupname.c to be able to cope with names like DOMAIN\group and SERVER\alias. used this code to be able to do aliases as well as groups. this code may actually be better off being used in username mapping, too. - created a connect to serverlist function in clientgen.c and used it in password.c - initialisation in server.c depends on the role of the server. well, it does now. - rpctorture. smbtorture. EXERCISE EXTREME CAUTION. (This used to be commit 0d21e1e6090b933f396c764af535ca3388a562db)
1998-11-13Makefile.in configure configure.in include/config.h.in: Changes for DGUX and ↵Jeremy Allison1-1/+1
UNIXWARE. groupdb/aliasdb.c groupdb/aliasfile.c groupdb/groupfile.c: Don't use snprinf, use slprintf. include/includes.h: Fix YP problem. include/smb.h: Fix ZERO_STRUCTP. lib/util_sock.c: Added strerror() in debugs. passdb/ldap.c: Don't use snprinf, use slprintf. rpc_client/cli_lsarpc.c rpc_client/cli_pipe.c rpc_parse/parse_sec.c rpc_server/srv_pipe.c: Don't use snprinf, use slprintf. script/installman.sh: DGUX changes. smbd/open.c smbd/oplock.c: Fixed gcc warnings. web/swat.c: Changes USER to SWAT_USER. (This used to be commit 4c2b5a00983501e5d4aad1456ba8b5ab0dfd9b4c)
1998-11-12cleaning up conflicts between group code not yet committed andLuke Leighton1-1/+1
changes from yesterday by me, jeremy and andrew. jeremy, your ACB_PWNOTREQ mod would have caused a crash if the user didn't exist (first check should be for smb_pass != NULL) (This used to be commit cbac0f165d351ba9497c222e55e453d781376e58)
1998-11-12Moved some code (NTLMSSPcalc) out of smbdes and inline for paranioaJeremy Allison1-4/+31
resons and my own piece of mind... Jeremy. (This used to be commit 45131501f23ce1eec2f23fe2c1060cd5a2736ec9)
1998-10-22libsmb/smbdes.c: #ifdef'ed out code prior to removal.Jeremy Allison1-1/+30
rpc_client/cli_pipe.c: Inlined code removed from smbdes.c rpc_server/srv_samr.c: Fixed unused variable warning. rpc_server/srv_util.c: Inlined code removed from smbdes.c Luke - the above changes are the first part of the changes you and I discussed as being neccessary at the CIFS conference. *PLEASE REVIEW THESE CHANGES* - make sure I haven't broken any of the authenticated DCE/RPC code. smbd/nttrans.c: Fixed to allow NT5.0beta2 to use Samba shares with NT SMB support. smbd/open.c: Fixed mkdir when called from nttrans calls. smbd/server.c: Set correct size for strcpy of global_myworkgroup. Jeremy. (This used to be commit d891421d16ff80998dee429227bd391455f9d1a1)
1998-10-21Fixed mainly signed/unsigned issues found by SGI cc in -fullwarn mode.Jeremy Allison1-3/+1
smbd/chgpasswd.c: Fixed (my) stupid bug where I was returning stack based variables. Doh ! smbd/trans2.c: Allows SETFILEINFO as well as QFILEINFO on directory handles. Jeremy. (This used to be commit 0b44d27d0b5cc3948a6c2d78370ccddf1a84cd80)
1998-10-21oops!Luke Leighton1-1/+1
(This used to be commit 500e5536bee8ea8e58d5991bfab2cff923068926)
1998-10-21signed / unsigned issuesLuke Leighton1-1/+1
(This used to be commit bd2fc6bb85739cb8e7ed2254e2a553486daed054)
1998-10-21fixing smbd encrypted rpcs (data lens, alloc hints, sequence nums argh).Luke Leighton1-1/+2
put unicode strings after SAMLOGON query regardless of whether it's an NT mailslot or a non-NT mailslot, after having observed this behaviour out of NT machines. (This used to be commit c101113ec20ed0ba633e78e4ee45596cdccaf1b5)
1998-10-20signed / unsigned warnings (found by herb).Luke Leighton1-2/+2
how do i switch on these warnings in gcc????? (This used to be commit 39db385a0c47c11adb6bf3bac89c4bb76f675049)
1998-10-20some quite important bug-fixes i missed because i transferred the wrongLuke Leighton1-6/+7
smb.tgz file from my portable. particularly the call to mem_data followed by a realloc of that data in cli_pipe.c's rpc_read() function. smbd responses now use p->rdata_i which is a faked-up pointer into p->rdata's response data. rdata can be very long; rdata_i is limited to point to no more than max_tsize - 0x18 in length. this will make it an almost trivial task to add the encrypted rpc headers after rdata_i, and mem_buf_copy will cope admirably with rhdr chained to rdata_i chained to auth_verifier etc etc... (This used to be commit 05a297e3a98c14360782af4ad0d851638fb5da9a)
1998-10-19- dce/rpc codeLuke Leighton1-18/+25
- removed debug info in struni2 and unistr2 (security risk) - rpc_pipe function was getting pointer to data then calling realloc *dur* - password check function, the start of "credential checking", user, wks, domain, pass as the credentials (not just user,pass which is incorrect in a domain context) - cli_write needs to return ssize_t not size_t, because total can be -1 if the write fails. - fixed signed / unsigned warnings (how come i don't get those any more when i compile with gcc???) - nt password change added in smbd. yes, jeremy, i verified that the SMBtrans2 version still works. (This used to be commit fcfb40d2b0fc565ee4f66b3a3761c246366a2ef3)
1998-10-17Small tidyups for gcc in 'preen' mode....Jeremy Allison1-1/+1
Jeremy. (This used to be commit 60dc1a4a00a22088d33369588b0d5eb292cf084a)
1998-10-16made pass_check_smb() available for dce/rpc use.Luke Leighton1-1/+1
(This used to be commit 95e8a910c5d9ba0ef57669fb1256eaa932e0bb09)
1998-10-16rpc client mods (ntlmssp flags)Luke Leighton1-20/+11
(This used to be commit 16256f86bf451535c7955b8f51a9b88fc33a8e4d)
1998-10-15bug-fixing against:Luke Leighton1-4/+22
AS/U: it returns dce/rpc "first" and "last" bits _clear_ in a bind/ack response, when they should be set in a (small) packet. they also, in the bind/ack do not set a secondary address string at all, so we can't check against that... Win95: client-side dce/rpc code is a bit odd. it does a "WaitNamedPipeState" and has slightly different pipe-naming (\PIPE\LANMAN is joined by \PIPE\SRVSVC, \PIPE\WINREG etc whereas nt just has \PIPE\LANMAN and \PIPE\). Win95-USRMGR.EXE: added LsaOpenPolicy (renamed existing to LsaOpenPolicy2). added SamrConnect (renamed existing to SamrConnect2). (This used to be commit a7fccd807b938cbb51002ebae8c7a48b40dbb655)
1998-10-14warnings spotted by ./configure.developer optionsLuke Leighton1-20/+10
(This used to be commit 29434bf195b438f4ab41a10ac5ce03f9c2d2ac2f)
1998-10-14dce/rpcLuke Leighton1-41/+125
(This used to be commit 69f5f9f88935de1f63ffc9aa19c0629b395e66e6)
1998-10-09signed / unsigned issues spotted by herbLuke Leighton1-2/+2
(This used to be commit 0b90442021aa3adb5ae7f09c53c9e54c7655d8c5)
1998-10-09dce/rpc.Luke Leighton1-2/+11
(This used to be commit e0445419b2d50ae6efef36f4f295ebcfdbf1ad82)
1998-10-09basic client-side ntcreateX function (hard-wired values except filename)Luke Leighton1-12/+27
(This used to be commit caeb99201a1471bd709b4e8f07c57e5caabf0795)
1998-10-09dce/rpcLuke Leighton1-8/+12
(This used to be commit 32d0f5e4a564686ad6b270dd24423ee49a81f223)
1998-10-08dce/rpcLuke Leighton1-24/+234
(This used to be commit 62fdeef1b79c5c4c9bf0e860881651711bb80b9a)
1998-10-07dce/rpcLuke Leighton1-29/+58
(This used to be commit 6677b888bdb45df00646eb7cc13005b9465ff971)
1998-10-06dce/rpcLuke Leighton1-9/+15
(This used to be commit eb279cabd059603b6c8d9b74e4fd31c4ffe87593)
1998-10-02Makefile.in :Luke Leighton1-474/+467
- added srvsvc client files clientgen.c : - replaced cli_error(cli, int *cls, int *err) with cli_error(cli, uint8 cls, uint32 *err). this version detects 32 bit status messages. the DOS error "MORE_DATA", the equivalent of the 32 bit *warning* 0x8000 0005 (STATUS_BUFFER_OVERFLOW), was being processed as an error, terminating the cli_receive_trans() call. cli_pipe.c : - replaced calls that had been incorrectly modified from 32 bit warnings (0x8000 0005 - STATUS_BUFFER_OVERFLOW) to 8 bit DOS errors (0x01 0xEA - MORE_DATA). the use of the old version of cli_error (DOS only) instead of the new one (DOS and 32 bit) caused the dce/rpc client code to fail. - replaced 2 space indentation with tab indentation in all functions. cli_srvsvc.c : cmd_srvsvc.c : - added these files back in, fixing them up to use jeremy's modified versions of the dce/rpc client functions. parse_srv.c : - added back in some "unused" functions required by dce/rpc client-side code. it would be helpful if all such "unused" functions could be added back in. rpcclient.c : - added "session", "file", "share", "connection" enumeration functions back in. these are equivalent to nt's "NetXXXXXEnum" Win32 (MSDN) functions. - added "srvinfo" function back in. this is equivalent to nt's NetServerGetInfo Win32 (MSDN) function. (This used to be commit bcf39ffdcc64e049bca2d70a394a99976291e81d)
1998-10-02microsoft is slowly fixing some buffer overflow errors in dce/rpc code (SP4).Luke Leighton1-2/+2
therefore, they are being more strict, first in the server-side code, and now in the client-side code. this fixes a bind-request that was too short by 16 bytes, and an rpc-request that was too long by 24 bytes. (This used to be commit a69ed7846a1e1403ea51d76d6962b97e8c768b29)
1998-09-05tridge the destroyer returns!Andrew Tridgell1-5/+4
prompted by the interpret_security() dead code that Jean-Francois pointed out I added a make target "finddead" that finds potentially dead (ie. unused) code. It spat out 304 function names ... I went through these are deleted many of them, making others static (finddead also reports functions that are used only in the local file). in doing this I have almost certainly deleted some useful code. I may have even prevented compilation with some compile options. I apologise. I decided it was better to get rid of this code now and add back the one or two functions that are needed than to keep all this baggage. So, if I have done a bit too much "destroying" then let me know. Keep the swearing to a minimum :) One bit I didn't do is the ubibt code. Chris, can you look at that? Heaps of unused functions there. Can they be made static? (This used to be commit 2204475c87f3024ea8fd1fbd7385b2def617a46f)
1998-05-12This is a security audit change of the main source.Jeremy Allison1-3/+6
It removed all ocurrences of the following functions : sprintf strcpy strcat The replacements are slprintf, safe_strcpy and safe_strcat. It should not be possible to use code in Samba that uses sprintf, strcpy or strcat, only the safe_equivalents. Once Andrew has fixed the slprintf implementation then this code will be moved back to the 1.9.18 code stream. Jeremy. (This used to be commit 2d774454005f0b54e5684cf618da7060594dfcbb)