summaryrefslogtreecommitdiff
path: root/source3/rpc_client/cli_pipe.c
AgeCommit message (Collapse)AuthorFilesLines
2007-12-18Fix a debug message: add missing space.Michael Adam1-2/+2
Michael (This used to be commit 6a7f2a59fc370e226ddacb195059155f28c6c157)
2007-12-17Do not close netlogon pipe in get_schannel_session_key_common().Michael Adam1-1/+0
This removes one forgotten call of cli_rpc_pipe_close(netlogon_pipe). Correction of e77c4022cfbb868e608edcb06b676658b0e201ad. Michael (This used to be commit 7f6593cddef048dd05140b05d306c708d8134f0e)
2007-12-13Refactoring out get_schannel_session_key logic.Michael Adam1-53/+39
Refactor the actual retrieval of the session key through the established netlogon pipe out of get_schannel_session_key() and get_schannel_session_key_auth_ntlmssp() into a new function get_schannel_session_key_common(). (To avoid code duplication.) Michael (This used to be commit e77c4022cfbb868e608edcb06b676658b0e201ad)
2007-12-13Rename get_trust_pw() to get_trust_pw_hash().Michael Adam1-2/+4
Michael (This used to be commit 0cde7ac9cb39a0026a38ccf66dbecefc12931074)
2007-12-13Let get_trust_pw() determine the machine_account_name to use.Michael Adam1-32/+6
Up to now each caller used its own logic. This eliminates code paths where there was a special treatment of the following situation: the domain given is not our workgroup (i.e. our own domain) and we are not a DC (i.e. it is not a typical trusted domain situation). In situation the given domain name was previously used as the machine account name, resulting in an account name of DOMAIN\\DOMAIN$, which does not seem very reasonable to me. get_trust_pw would not have obtained a password in this situation anyways. I hope I have not missed an important point here! Michael (This used to be commit 6ced4a7f88798dc449a667d63bc29bf6c569291f)
2007-12-10Remove the char[1024] strings from dynconfig. ReplaceJeremy Allison1-1/+1
them with malloc'ing accessor functions. Should save a lot of static space :-). Jeremy. (This used to be commit 52dc5eaef2106015b3a8b659e818bdb15ad94b05)
2007-11-29Remove the explicit TALLOC_CTX * from cli_struct.Jeremy Allison1-31/+4
Make us very explicit about how long a talloc ctx should last. Jeremy. (This used to be commit ba9e2be2b5a59684e854609f9d82ea1633448c62)
2007-11-20More pstring elimination.Jeremy Allison1-5/+7
Jeremy. (This used to be commit 15074de938539e7a9c527d9a6d81792adc2ac3d0)
2007-10-18RIP BOOL. Convert BOOL -> bool. I found a few interestingJeremy Allison1-4/+4
bugs in various places whilst doing this (places that assumed BOOL == int). I also need to fix the Samba4 pidl generation (next checkin). Jeremy. (This used to be commit f35a266b3cbb3e5fa6a86be60f34fe340a3ca71f)
2007-10-10r25407: Revert Longhorn join patch as it is not correct for the 3.2 tree.Gerald Carter1-2/+2
The translate_name() used by cli_session_setup_spnego() cann rely Winbindd since it is needed by the join process (and hence before Winbind can be run). (This used to be commit 00a93ed336c5f36643e6e33bd277608eaf05677c)
2007-10-10r25400: Windows 2008 (Longhorn) Interop fixes for AD specific auth2 flags,Gerald Carter1-2/+2
and client fixes. Patch from Todd Stetcher <todd.stetcher@isilon.com>. (This used to be commit 8304ccba7346597425307e260e88647e49081f68)
2007-10-10r23850: Fix whitespacing in DEBUG output.Michael Adam1-1/+1
(This used to be commit 918aad0d8b4b0c2caa8830726a17d3ad4d19f72a)
2007-10-10r23801: The FSF has moved around a lot. This fixes their Mass Ave address.Andrew Tridgell1-2/+1
(This used to be commit 87c91e4362c51819032bfbebbb273c52e203b227)
2007-10-10r23779: Change from v2 or later to v3 or later.Jeremy Allison1-1/+1
Jeremy. (This used to be commit 407e6e695b8366369b7c76af1ff76869b45347b3)
2007-10-10r22844: Introduce const DATA_BLOB data_blob_null = { NULL, 0, NULL }; andVolker Lendecke1-15/+15
replace all data_blob(NULL, 0) calls. (This used to be commit 3d3d61687ef00181f4f04e001d42181d93ac931e)
2007-10-10r22092: - make spnego_parse_auth_response() more generic andStefan Metzmacher1-1/+1
not specific for NTLMSSP - it's possible that the server sends a mechOID and authdata if negResult != SPNEGO_NEG_RESULT_INCOMPLETE, but we still force the mechOID to be present if negResult == SPNEGO_NEG_RESULT_INCOMPLETE metze (This used to be commit e9f2aa22f90208a5e530ef3b68664151960a0a22)
2007-10-10r22001: change prototype of dump_data(), so that it takes unsigned char * now,Stefan Metzmacher1-5/+5
which matches what samba4 has. also fix all the callers to prevent compiler warnings metze (This used to be commit fa322f0cc9c26a9537ba3f0a7d4e4a25941317e7)
2007-10-10r21382: Important fix for winbind when using non-AD domains.Günther Deschner1-1/+7
Jeremy, I'm afraid you removed the "domain->initialized" from the set_dc_types_and_flags() call when the connect to PI_LSARPC_DS failed (with rev. 19148). This causes now that init_dc_connection_network is called again and again which in turn rescans the DC each time (which of course fails each time with NT_STATUS_BUFFER_TOO_SMALL). Just continue with the non-PI_LSARPC_DS scan so that the domain is initialized properly. Guenther (This used to be commit c6f63a08f55a4121cbe5aac537d2ef983dc25a97)
2007-10-10r21240: Fix longstanding Bug #4009.Günther Deschner1-1/+1
For the winbind cached ADS LDAP connection handling (ads_cached_connection()) we were (incorrectly) assuming that the service ticket lifetime equaled the tgt lifetime. For setups where the service ticket just lives 10 minutes, we were leaving hundreds of LDAP connections in CLOSE_WAIT state, until we fail to service entirely with "Too many open files". Also sequence_number() in winbindd_ads.c needs to delete the cached LDAP connection after the ads_do_search_retry() has failed to submit the search request (although the bind succeeded (returning an expired service ticket that we cannot delete from the memory cred cache - this will get fixed later)). Guenther (This used to be commit 7e1a84b7226fb8dcd5d34c64a3478a6d886a9a91)
2007-10-10r16255: Fix 'net ads join' when the workgroup is set incorrectlyGerald Carter1-6/+9
in smb.conf. This did work before the join rewrite. Samba will have problems if you try to run any of the daemons with an incorrect workgroup but it should not fail to join. The summary is that a member server should always use it's own machine name when setting up schannel since that is the only account it has. Thanks to Volker for the discussion. (This used to be commit 95763b94f709fe1ad9e381dbc6b364c2f3759024)
2007-10-10r16253: Fix another host/ UPN case in (the currently unused)Günther Deschner1-2/+2
cli_rpc_pipe_open_krb5. Guenther (This used to be commit fa19099112490daa085bb310f2f4ed877bb22b40)
2007-10-10r15129: Separate out mechanism and policy for NTLMSSP auth/sign/seal.Jeremy Allison1-0/+18
With this change (and setting lanman auth = no in smb.conf) we have *identical* NTLMSSP flags to W2K3 in SPNEGO auth. Jeremy (This used to be commit 93ca3eee55297eb7fdd38fca38103ce129987e2a)
2007-10-10r14643: Merge dcerpc_errstr from Samba 4.Günther Deschner1-1/+1
Might need to rework prs_dcerpc_status(). Guenther (This used to be commit 38b18f428ba941f4d9a14fa2de45cb0cd793a754)
2007-10-10r14585: Tighten argument list of kerberos_kinit_password again,Günther Deschner1-1/+1
kerberos_kinit_password_ext provides access to more options. Guenther (This used to be commit afc519530f94b420b305fc28f83c16db671d0d7f)
2007-10-10r14449: fix the build (sorry everyone)Gerald Carter1-1/+2
(This used to be commit e49ca3af8c2522aee670e6b807d7b3df31be47f6)
2007-10-10r14448: * protect against NULL cli_state* pointers in cli_rpc_pipe_open()Gerald Carter1-0/+6
* Fix inverted logic check for machine accounts in get_md4pw() (This used to be commit a36529535dcb5a262e7627b80fb62a31240dc8ad)
2007-10-10r14121: We never pass NULL to the rpc_api_pipe fn so don'tJeremy Allison1-2/+2
trigger coverity checks by testing for NULL. Jeremy. (This used to be commit 6b4484159293d725613249adbfa01472dea1c722)
2007-10-10r13722: Ensure we use the correct enumerated type. Bug #3558Jeremy Allison1-1/+1
from jason@ncac.gwu.edu. Jeremy. (This used to be commit 00f8b4e1aa44904c91af8eb6ac4c3f196986c339)
2007-10-10r13641: Finish fix for #3510. Don't use client schannel when toldJeremy Allison1-9/+13
not to, cope with a server that doesn't offer schannel also. Jeremy (This used to be commit 68005f6bdb70883eace0d9067c76c3360a803023)
2007-10-10r13316: Let the carnage begin....Gerald Carter1-3/+3
Sync with trunk as off r13315 (This used to be commit 17e63ac4ed8325c0d44fe62b2442449f3298559f)
2007-10-10r12275: Fix memory leak found by Mikhail Kshevetskiy <kl@laska.dorms.spbu.ru>Jeremy Allison1-0/+2
and followed up by derrell@samba.org. Jeremy. (This used to be commit 5cab88f1444177129bb5521ccc4afd8869e9bf25)
2007-10-10r12236: r11740@cabra: derrell | 2005-12-14 13:16:58 -0500Derrell Lipman1-1/+1
check in the DEBUG message referenced in the previous commit (This used to be commit 6c04a8f9adfcd40fb0f1e1fcd4e22056ee463046)
2007-10-10r12225: r11729@cabra: derrell | 2005-12-13 22:59:45 -0500Derrell Lipman1-0/+9
1. Fix a crash bug which should have reared its ugly head ages ago, but for some reason, remained dormant until recently. The bug pertained to libsmbclient doing a structure assignment of a cli after having opened a pipe. The pipe open code makes a copy of the cli pointer that was passed to it. If the cli is later copied (and that cli pointer that was saved is no longer valid), the pipe code will cause a crash during shutdown or when the copied cli is closed. 2. The 'type' field in enumerated shares was not being set correctly with the new RPC-based mechanism for enumerating shares. (This used to be commit 62a02b8f2a1fcb66881a9c9636e0b27e3049c5a1)
2007-10-10r11492: Fix bug #3224 (I hope). Correctly use machine_account_nameJeremy Allison1-8/+13
and client_name when doing netlogon credential setup. Jeremy. (This used to be commit 37e6ef9389041f58eada167239fd022f01c5fecb)
2007-10-10r11491: If we get a reject ensure we're printing out the server/domain/machineJeremy Allison1-2/+2
a/c we were asking for. Jeremy. (This used to be commit 3ba5d02cff61d64dbab1fef28f74ea6509f4f8e9)
2007-10-10r11137: Compile with only 2 warnings (I'm still working on that code) on a gcc4Jeremy Allison1-10/+10
x86_64 box. Jeremy. (This used to be commit d720867a788c735e56d53d63265255830ec21208)
2007-10-10r10801: Janitor for tpot - remember to keep 3.0 in sync.Jeremy Allison1-0/+4
Jeremy. (This used to be commit 92fa541f6e92c03a49372ff73f9790afa2c0151c)
2007-10-10r10780: Fix typo noticed by Volker.Jeremy Allison1-1/+1
Jeremy. (This used to be commit 76408ddd5bec22bbbee2236101bf65b407d2c664)
2007-10-10r10778: Allow schannel setup over NTLMSSP authenticated pipes.Jeremy Allison1-0/+106
Jeremy. (This used to be commit ed62720f897ebf10f5ae50a3e9cf7788c9570183)
2007-10-10r10747: Remove overparanoid check that broke RPC function calls with noJelmer Vernooij1-5/+0
[in] parameters. (This used to be commit 03a3caaddd5bf28a059d4edb5e55031f7e5de94a)
2007-10-10r10745: Fix artificial 1k restriction.Jeremy Allison1-1/+3
Jeremy. (This used to be commit bb1ba9a9089b38bf400d48b992f7977ce926aeaf)
2007-10-10r10656: BIG merge from trunk. Features not copied overGerald Carter1-1147/+2012
* \PIPE\unixinfo * winbindd's {group,alias}membership new functions * winbindd's lookupsids() functionality * swat (trunk changes to be reverted as per discussion with Deryck) (This used to be commit 939c3cb5d78e3a2236209b296aa8aba8bdce32d3)
2007-10-10r8805: Merge a duplicate struct. Get ready to support SPNEGO rpc binds.Jeremy Allison1-3/+4
Jeremy. (This used to be commit fd6e342746edfda2f25df1ae0067d359b756e0cd)
2007-10-10r7415: * big change -- volker's new async winbindd from trunkGerald Carter1-111/+214
(This used to be commit a0ac9a8ffd4af31a0ebc423b4acbb2f043d865b8)
2007-10-10r7385: Rewrite the RPC bind parsing functions to follow the spec. I haven't yetJeremy Allison1-5/+10
tested this so I may have screwed this up - however it now follows the DCE spec. valgrinded tests to follow.... Jeremy. (This used to be commit 877e0a61f5821c89149b1403d08675dd7db8039e)
2007-10-10r4570: Replace cli->nt_pipe_fnum with an array of NT file numbers, one for eachVolker Lendecke1-26/+26
supported pipe. Netlogon is still special, as we open that twice, one to do the auth2, the other one with schannel. The client interface is completely unchanged for those who only use a single pie. cli->pipe_idx is used as the index for everything except the "real" client rpc calls, which have been explicitly converted in my last commit. Next step is to get winbind to just use a single smb connection for multiple pipes. Volker (This used to be commit dc294c52e0216424236057ca6cd35e1ebf51d0da)
2007-10-10r4561: This looks a lot larger than it is, this is to reduce the clutter on ↵Volker Lendecke1-12/+12
future patches. Pass down the pipe_idx down to all functions in cli_pipe where nt_pipe_fnum is referenced. First step towards having multiple pipes on a cli_struct. The idea is to not have a single nt_pipe_fnum but an array for the pipes we support. Volker (This used to be commit 93eab050201d4e55096a8820226749f001597b5d)
2007-10-10r1380: adding debug message when encouting an ASU specific bug in an ↵Gerald Carter1-3/+5
rpc_bind reply (This used to be commit c6e73ff091b4d87111b33735400fdd10d4c8671c)
2007-10-10r991: Allow winbindd to use the domain trust account passwordGerald Carter1-3/+0
for setting up an schannel connection. This solves the problem of a Samba DC running winbind, trusting a native mode AD domain, and needing to enumerate AD users via wbinfo -u. (This used to be commit e9f109d1b38e0b0adec9b7e9a907f90a79d297ea)
2007-10-10r704: BUG 1315: fix for schannel client connections to server's that don't ↵Gerald Carter1-6/+18
support 128 bit encryption (This used to be commit 316ba5ad89ddfa445d44d28141c5901fc64aec90)