Age | Commit message (Collapse) | Author | Files | Lines | |
---|---|---|---|---|---|
2010-05-31 | s3:ntlmssp Use a TALLOC_CTX for ntlmssp_sign_packet() and ntlmssp_seal_packet() | Andrew Bartlett | 1 | -5/+10 | |
This ensures the results can't be easily left to leak. Andrew Bartlett Signed-off-by: Stefan Metzmacher <metze@samba.org> Signed-off-by: Günther Deschner <gd@samba.org> | |||||
2010-05-31 | ntlmssp: Make the ntlmssp.h from source3/ a common header | Andrew Bartlett | 1 | -1/+1 | |
The code is not yet in common, but I hope to fix that soon. Andrew Bartlett Signed-off-by: Stefan Metzmacher <metze@samba.org> Signed-off-by: Günther Deschner <gd@samba.org> | |||||
2010-05-18 | s3-rpc_client: move protos to cli_netlogon.h | Günther Deschner | 1 | -0/+1 | |
Guenther | |||||
2010-05-18 | s3: Remove use of iconv_convenience. | Jelmer Vernooij | 1 | -1/+1 | |
2010-05-06 | s3: only include gen_ndr headers where needed. | Günther Deschner | 1 | -0/+16 | |
This shrinks include/includes.h.gch by the size of 7 MB and reduces build time as follows: ccache build w/o patch real 4m21.529s ccache build with patch real 3m6.402s pch build w/o patch real 4m26.318s pch build with patch real 3m6.932s Guenther | |||||
2010-03-29 | s3:rpc_client: return at least 10 sec as old timeout in rpccli_set_timeout() ↵ | Stefan Metzmacher | 1 | -3/+12 | |
instead of 0 metze | |||||
2010-03-29 | s3:rpc_client: add set_timeout hook to rpc_cli_transport | Stefan Metzmacher | 1 | -20/+5 | |
metze | |||||
2010-03-29 | s3:rpc_client: add rpccli_is_connected() | Stefan Metzmacher | 1 | -0/+13 | |
metze | |||||
2010-03-29 | s3:rpc_client: don't mix layers and keep a reference to cli_state in the caller | Stefan Metzmacher | 1 | -8/+17 | |
We should not rely on the backend to have a reference to the cli_state. This will make it possible for the backend to set its cli_state reference to NULL, when the transport is dead. metze | |||||
2010-03-24 | s3:ntlmssp: pass names and use_ntlmv2 to ntlmssp_client_start() and store them | Stefan Metzmacher | 1 | -1/+5 | |
Inspired by the NTLMSSP merge work by Andrew Bartlett. metze Signed-off-by: Günther Deschner <gd@samba.org> | |||||
2010-02-17 | Fix bug #7146 - Samba miss-parses authenticated RPC packets. | Jeremy Allison | 1 | -15/+47 | |
Parts of the Samba RPC client and server code misinterpret authenticated packets. DCE authenticated packets actually look like this : +--------------------------+ |header | | ... frag_len (packet len)| | ... auth_len | +--------------------------+ | | | Data payload | ... .... | | +--------------------------+ | | | auth_pad_len bytes | +--------------------------+ | | | Auth footer | | auth_pad_len value | +--------------------------+ | | | Auth payload | | (auth_len bytes long) | +--------------------------+ That's right. The pad bytes come *before* the footer specifying how many pad bytes there are. In order to read this you must seek to the end of the packet and subtract the auth_len (in the packet header) and the auth footer length (a known value). The client and server code gets this right (mostly) in 3.0.x -> 3.4.x so long as the pad alignment is on an 8 byte boundary (there are some special cases in the code for this). Tridge discovered there are some (DRS replication) cases where on 64-bit machines where the pad alignment is on a 16-byte boundary. This breaks the existing S3 hand-optimized rpc code. This patch removes all the special cases in client and server code, and allows the pad alignment for generated packets to be specified by changing a constant in include/local.h (this doesn't affect received packets, the new code always handles them correctly whatever pad alignment is used). This patch also works correctly with rpcclient using sign+seal from the 3.4.x and 3.3.x builds (testing with 3.0.x and 3.2.x to follow) so even as a server it should still work with older libsmbclient and winbindd code. Jeremy | |||||
2010-01-06 | s3: Fix infinite loop in NCACN_IP_TCP asa there is no timeout. Assume ↵ | Bo Yang | 1 | -4/+22 | |
lsa_pipe_tcp is ok but network is down, then send request is ok, but select() on writeable fds loops forever since there is no response. Signed-off-by: Bo Yang <boyang@samba.org> | |||||
2009-12-22 | s3:ntlmssp: only include ntlmssp.h where actually needed | Andrew Bartlett | 1 | -0/+1 | |
Andrew Bartlett | |||||
2009-12-22 | s3:ntlmssp: remove the typedef NTLMSSP_STATE | Andrew Bartlett | 1 | -1/+1 | |
Andrew Bartlett | |||||
2009-11-27 | s3-kerberos: only use krb5 headers where required. | Günther Deschner | 1 | -0/+1 | |
This seems to be the only way to deal with mixed heimdal/MIT setups during merged build. Guenther | |||||
2009-11-26 | s3-rpc: running minimal_includes.pl on rpc_client and rpc_server. | Günther Deschner | 1 | -2/+0 | |
Guenther | |||||
2009-11-12 | Remove erroneous 'presult = NULL' changes. Now presult only gets set | Jeremy Allison | 1 | -9/+2 | |
if NTSTATUS == OK. Jeremy. | |||||
2009-11-12 | Revert "Ensure every return path initializes presult as NULL." | Jeremy Allison | 1 | -40/+0 | |
Vl is correct, this is the wrong way to fix this. This reverts commit 83c2c177a5e86d04da37384f1f04230c8274e1e6. | |||||
2009-11-12 | Ensure all callers to the rpc_client/cli_pipe functions correctly | Jeremy Allison | 1 | -2/+2 | |
initialize return variables. Jeremy. | |||||
2009-11-12 | Ensure every return path initializes presult as NULL. | Jeremy Allison | 1 | -0/+40 | |
Ensures no crashes in calling code that forgets to init return as null. Jeremy. | |||||
2009-11-10 | s3-rpc_client: make sure cli_rpc_pipe_open_schannel() does not always return ↵ | Günther Deschner | 1 | -1/+3 | |
NT_STATUS_OK. Guenther | |||||
2009-11-08 | Revert "s3: Do not directly reference the ndr_table_* in rpcclient" | Volker Lendecke | 1 | -14/+0 | |
This reverts commit 70c698fd547c4bc19cf77693608bbb34acac40b5. | |||||
2009-11-08 | s3: Do not directly reference the ndr_table_* in rpcclient | Volker Lendecke | 1 | -0/+14 | |
2009-11-07 | s3: Register the ndr_interfaces dynamically | Volker Lendecke | 1 | -37/+110 | |
2009-11-07 | s3: Get rid of a NULL terminator | Volker Lendecke | 1 | -2/+1 | |
2009-11-07 | s3: Get rid of explicit pipe names | Volker Lendecke | 1 | -49/+54 | |
2009-11-07 | s3: get_pipe_name_from_iface -> get_pipe_name_from_syntax | Volker Lendecke | 1 | -7/+9 | |
2009-11-06 | s3-kerberos: modify cli_krb5_get_ticket to take a new impersonate_princ_s arg. | Günther Deschner | 1 | -1/+1 | |
Guenther | |||||
2009-11-03 | s3: Remove debug_ctx() | Volker Lendecke | 1 | -17/+17 | |
smbd just crashed on me: In a debug message I called a routine preparing a string that itself used debug_ctx. The outer routine also used it after the inner routine had returned. It was still referencing the talloc context that the outer debug_ctx() had given us, which the inner DEBUG had already freed. | |||||
2009-10-13 | s3: use enum netr_SchannelType all over the place. | Günther Deschner | 1 | -1/+1 | |
Guenther | |||||
2009-10-05 | s3: Remove a scary error message -- talloc_move can not fail :-) | Volker Lendecke | 1 | -5/+0 | |
Signed-off-by: Günther Deschner <gd@samba.org> | |||||
2009-09-25 | s3:rpc_client: don't randomly fragment rpc pdu's in developer mode | Stefan Metzmacher | 1 | -2/+2 | |
This is really confusing and also breaks against windows, as it doesn't accept fragmented bind requests. metze | |||||
2009-09-17 | spnego: share spnego_parse. | Günther Deschner | 1 | -0/+1 | |
Guenther | |||||
2009-09-16 | libcli/auth: rewrite schannel sign/seal code to be more generic | Stefan Metzmacher | 1 | -17/+24 | |
This prepares support for HMAC-SHA256/AES. metze | |||||
2009-09-16 | s3-dcerpc: remove more obsolete or duplicate headers. | Günther Deschner | 1 | -22/+22 | |
Guenther | |||||
2009-09-16 | s3-schannel: add dump_NL_AUTH_SIGNATURE. | Günther Deschner | 1 | -20/+3 | |
Guenther | |||||
2009-09-16 | schannel: fully share schannel sign/seal between s3 and 4. | Günther Deschner | 1 | -41/+64 | |
Guenther | |||||
2009-09-16 | s3-schannel: fix blob length when pulling off a NL_AUTH_SIGNATURE in | Günther Deschner | 1 | -1/+1 | |
cli_pipe_verify_schannel(). Guenther | |||||
2009-09-15 | s3-dcerpc: fix remaining old auth level constants. | Günther Deschner | 1 | -6/+6 | |
Guenther | |||||
2009-09-15 | s3-dcerpc: remove unsed auth type defines as seen on the wire. | Günther Deschner | 1 | -5/+5 | |
Guenther | |||||
2009-09-15 | s3-dcerpc: use dcerpc_AuthLevel and remove duplicate set of flags. | Günther Deschner | 1 | -35/+35 | |
Guenther | |||||
2009-09-11 | s3-rpc_client: add dcerpc_transport_t to cli_rpc_pipe_open_schannel(). | Günther Deschner | 1 | -3/+6 | |
Guenther | |||||
2009-09-11 | s3-rpc_client: add dcerpc_transport_t to cli_rpc_pipe_open_spnego_ntlmssp ↵ | Günther Deschner | 1 | -2/+8 | |
and cli_rpc_pipe_open_ntlmssp. Guenther | |||||
2009-09-11 | s3-rpc_client: add cli_rpc_pipe_open_noauth_transport. | Günther Deschner | 1 | -14/+26 | |
Guenther | |||||
2009-09-11 | s3-schannel: use NL_AUTH_SIGNATURE for schannel sign & seal (client & server). | Günther Deschner | 1 | -10/+29 | |
Guenther | |||||
2009-09-11 | s3-rpc_client: add enum dcerpc_transport_t to rpc_cli_transport struct. | Günther Deschner | 1 | -0/+8 | |
Guenther | |||||
2009-09-08 | s3-rpc_client: use NL_AUTH_MESSAGE in create_schannel_auth_rpc_bind_req(). | Günther Deschner | 1 | -7/+24 | |
Guenther | |||||
2009-09-08 | s3-schannel: Fix Bug #6697. Interdomain trusts with Windows 2008 R2 DCs. | Günther Deschner | 1 | -1/+1 | |
The Schannel verifier (aka NL_AUTH_SIGNATURE) structure (32 byte) sent from a W2k8r2 DC is passed in a buffer with the size of a NL_AUTH_SHA2_SIGNATURE (56 byte). We should just ignore the remaining 12 zeroed bytes and proceed. Guenther | |||||
2009-07-31 | s3:rpc_client: add dispatch_send/recv() to struct rpc_pipe_client | Stefan Metzmacher | 1 | -0/+8 | |
metze | |||||
2009-07-28 | Added prefer_ipv4 bool parameter to resolve_name(). | Jeremy Allison | 1 | -1/+1 | |
W2K3 DC's can have IPv6 addresses but won't serve krb5/ldap or cldap on those addresses. Make sure when we're asking for DC's we prefer IPv4. If you have an IPv6-only network this prioritizing code will be a no-op. And if you have a mixed network then you need to prioritize IPv4 due to W2K3 DC's. Jeremy. |