summaryrefslogtreecommitdiff
path: root/source3/rpc_client/cli_pipe.c
AgeCommit message (Collapse)AuthorFilesLines
2010-03-24s3:ntlmssp: pass names and use_ntlmv2 to ntlmssp_client_start() and store themStefan Metzmacher1-1/+5
Inspired by the NTLMSSP merge work by Andrew Bartlett. metze Signed-off-by: Günther Deschner <gd@samba.org>
2010-02-17Fix bug #7146 - Samba miss-parses authenticated RPC packets.Jeremy Allison1-15/+47
Parts of the Samba RPC client and server code misinterpret authenticated packets. DCE authenticated packets actually look like this : +--------------------------+ |header | | ... frag_len (packet len)| | ... auth_len | +--------------------------+ | | | Data payload | ... .... | | +--------------------------+ | | | auth_pad_len bytes | +--------------------------+ | | | Auth footer | | auth_pad_len value | +--------------------------+ | | | Auth payload | | (auth_len bytes long) | +--------------------------+ That's right. The pad bytes come *before* the footer specifying how many pad bytes there are. In order to read this you must seek to the end of the packet and subtract the auth_len (in the packet header) and the auth footer length (a known value). The client and server code gets this right (mostly) in 3.0.x -> 3.4.x so long as the pad alignment is on an 8 byte boundary (there are some special cases in the code for this). Tridge discovered there are some (DRS replication) cases where on 64-bit machines where the pad alignment is on a 16-byte boundary. This breaks the existing S3 hand-optimized rpc code. This patch removes all the special cases in client and server code, and allows the pad alignment for generated packets to be specified by changing a constant in include/local.h (this doesn't affect received packets, the new code always handles them correctly whatever pad alignment is used). This patch also works correctly with rpcclient using sign+seal from the 3.4.x and 3.3.x builds (testing with 3.0.x and 3.2.x to follow) so even as a server it should still work with older libsmbclient and winbindd code. Jeremy
2010-01-06s3: Fix infinite loop in NCACN_IP_TCP asa there is no timeout. Assume ↵Bo Yang1-4/+22
lsa_pipe_tcp is ok but network is down, then send request is ok, but select() on writeable fds loops forever since there is no response. Signed-off-by: Bo Yang <boyang@samba.org>
2009-12-22s3:ntlmssp: only include ntlmssp.h where actually neededAndrew Bartlett1-0/+1
Andrew Bartlett
2009-12-22s3:ntlmssp: remove the typedef NTLMSSP_STATEAndrew Bartlett1-1/+1
Andrew Bartlett
2009-11-27s3-kerberos: only use krb5 headers where required.Günther Deschner1-0/+1
This seems to be the only way to deal with mixed heimdal/MIT setups during merged build. Guenther
2009-11-26s3-rpc: running minimal_includes.pl on rpc_client and rpc_server.Günther Deschner1-2/+0
Guenther
2009-11-12Remove erroneous 'presult = NULL' changes. Now presult only gets setJeremy Allison1-9/+2
if NTSTATUS == OK. Jeremy.
2009-11-12Revert "Ensure every return path initializes presult as NULL."Jeremy Allison1-40/+0
Vl is correct, this is the wrong way to fix this. This reverts commit 83c2c177a5e86d04da37384f1f04230c8274e1e6.
2009-11-12Ensure all callers to the rpc_client/cli_pipe functions correctlyJeremy Allison1-2/+2
initialize return variables. Jeremy.
2009-11-12Ensure every return path initializes presult as NULL.Jeremy Allison1-0/+40
Ensures no crashes in calling code that forgets to init return as null. Jeremy.
2009-11-10s3-rpc_client: make sure cli_rpc_pipe_open_schannel() does not always return ↵Günther Deschner1-1/+3
NT_STATUS_OK. Guenther
2009-11-08Revert "s3: Do not directly reference the ndr_table_* in rpcclient"Volker Lendecke1-14/+0
This reverts commit 70c698fd547c4bc19cf77693608bbb34acac40b5.
2009-11-08s3: Do not directly reference the ndr_table_* in rpcclientVolker Lendecke1-0/+14
2009-11-07s3: Register the ndr_interfaces dynamicallyVolker Lendecke1-37/+110
2009-11-07s3: Get rid of a NULL terminatorVolker Lendecke1-2/+1
2009-11-07s3: Get rid of explicit pipe namesVolker Lendecke1-49/+54
2009-11-07s3: get_pipe_name_from_iface -> get_pipe_name_from_syntaxVolker Lendecke1-7/+9
2009-11-06s3-kerberos: modify cli_krb5_get_ticket to take a new impersonate_princ_s arg.Günther Deschner1-1/+1
Guenther
2009-11-03s3: Remove debug_ctx()Volker Lendecke1-17/+17
smbd just crashed on me: In a debug message I called a routine preparing a string that itself used debug_ctx. The outer routine also used it after the inner routine had returned. It was still referencing the talloc context that the outer debug_ctx() had given us, which the inner DEBUG had already freed.
2009-10-13s3: use enum netr_SchannelType all over the place.Günther Deschner1-1/+1
Guenther
2009-10-05s3: Remove a scary error message -- talloc_move can not fail :-)Volker Lendecke1-5/+0
Signed-off-by: Günther Deschner <gd@samba.org>
2009-09-25s3:rpc_client: don't randomly fragment rpc pdu's in developer modeStefan Metzmacher1-2/+2
This is really confusing and also breaks against windows, as it doesn't accept fragmented bind requests. metze
2009-09-17spnego: share spnego_parse.Günther Deschner1-0/+1
Guenther
2009-09-16libcli/auth: rewrite schannel sign/seal code to be more genericStefan Metzmacher1-17/+24
This prepares support for HMAC-SHA256/AES. metze
2009-09-16s3-dcerpc: remove more obsolete or duplicate headers.Günther Deschner1-22/+22
Guenther
2009-09-16s3-schannel: add dump_NL_AUTH_SIGNATURE.Günther Deschner1-20/+3
Guenther
2009-09-16schannel: fully share schannel sign/seal between s3 and 4.Günther Deschner1-41/+64
Guenther
2009-09-16s3-schannel: fix blob length when pulling off a NL_AUTH_SIGNATURE inGünther Deschner1-1/+1
cli_pipe_verify_schannel(). Guenther
2009-09-15s3-dcerpc: fix remaining old auth level constants.Günther Deschner1-6/+6
Guenther
2009-09-15s3-dcerpc: remove unsed auth type defines as seen on the wire.Günther Deschner1-5/+5
Guenther
2009-09-15s3-dcerpc: use dcerpc_AuthLevel and remove duplicate set of flags.Günther Deschner1-35/+35
Guenther
2009-09-11s3-rpc_client: add dcerpc_transport_t to cli_rpc_pipe_open_schannel().Günther Deschner1-3/+6
Guenther
2009-09-11s3-rpc_client: add dcerpc_transport_t to cli_rpc_pipe_open_spnego_ntlmssp ↵Günther Deschner1-2/+8
and cli_rpc_pipe_open_ntlmssp. Guenther
2009-09-11s3-rpc_client: add cli_rpc_pipe_open_noauth_transport.Günther Deschner1-14/+26
Guenther
2009-09-11s3-schannel: use NL_AUTH_SIGNATURE for schannel sign & seal (client & server).Günther Deschner1-10/+29
Guenther
2009-09-11s3-rpc_client: add enum dcerpc_transport_t to rpc_cli_transport struct.Günther Deschner1-0/+8
Guenther
2009-09-08s3-rpc_client: use NL_AUTH_MESSAGE in create_schannel_auth_rpc_bind_req().Günther Deschner1-7/+24
Guenther
2009-09-08s3-schannel: Fix Bug #6697. Interdomain trusts with Windows 2008 R2 DCs.Günther Deschner1-1/+1
The Schannel verifier (aka NL_AUTH_SIGNATURE) structure (32 byte) sent from a W2k8r2 DC is passed in a buffer with the size of a NL_AUTH_SHA2_SIGNATURE (56 byte). We should just ignore the remaining 12 zeroed bytes and proceed. Guenther
2009-07-31s3:rpc_client: add dispatch_send/recv() to struct rpc_pipe_clientStefan Metzmacher1-0/+8
metze
2009-07-28Added prefer_ipv4 bool parameter to resolve_name().Jeremy Allison1-1/+1
W2K3 DC's can have IPv6 addresses but won't serve krb5/ldap or cldap on those addresses. Make sure when we're asking for DC's we prefer IPv4. If you have an IPv6-only network this prioritizing code will be a no-op. And if you have a mixed network then you need to prioritize IPv4 due to W2K3 DC's. Jeremy.
2009-07-27Lift the event loop in rpc_api_pipe_req() one level into cli_do_rpc_ndrVolker Lendecke1-33/+0
2009-07-05Remove "typedef struct ndr_syntax_id RPC_IFACE;"Volker Lendecke1-8/+9
2009-05-18Fix a type-punned warningVolker Lendecke1-1/+1
2009-04-20Remove use of talloc_reference in cli_rpc_pipe_open_schannel_with_key()Andrew Bartlett1-5/+7
2009-04-14Make Samba3 use the new common libcli/auth codeAndrew Bartlett1-5/+5
This is particuarly in the netlogon client (but not server at this stage)
2009-04-14Rework Samba3 to use new libcli/auth code (partial)Andrew Bartlett1-0/+1
This commit is mostly to cope with the removal of SamOemHash (replaced by arcfour_crypt()) and other collisions (such as changed function arguments compared to Samba3). We still provide creds_hash3 until Samba3 uses the credentials code in netlogon server Andrew Bartlett
2009-04-06Correct sync wrappers in cli_pipe.cVolker Lendecke1-4/+14
2009-03-24Convert rpc_pipe_bind to tevent_reqVolker Lendecke1-50/+46
2009-03-24Convert rpc_cli_transport->trans to tevent_reqVolker Lendecke1-19/+11