summaryrefslogtreecommitdiff
path: root/source3/rpc_client
AgeCommit message (Collapse)AuthorFilesLines
2003-10-24This commit was manufactured by cvs2svn to create branch 'SAMBA_3_0'.(This ↵cvs2svn Import User1-0/+104
used to be commit e569418861a867437cd5e2cce87ad82e752da3fb)
2003-10-24New files for support of initshutdown pipe. Win2k doesn't respond properlyJim McDonough1-0/+104
to all requests on the winreg pipe, so we need to handle this new pipe. First part of fix for bug #534 (This used to be commit 532fab74c12d8c55872c2bad2abead2647f919d7)
2003-10-22Merge from 3_0:Volker Lendecke1-0/+1
In cli_lsa_lookup_sids don't leave the domain field uninitialized if some sid could not be mapped. Otherwise this call is unnecessarily complicated to call. Volker (This used to be commit 198b01fc54ce7a5beeddc680b30da291639b4eda)
2003-10-22In cli_lsa_lookup_sids don't leave the domain field uninitialized ifVolker Lendecke1-0/+1
some sid could not be mapped. Otherwise this call is unnecessarily complicated to call. Volker (This used to be commit 1337338522242a430b3c5655ffdff3f701fbfcce)
2003-10-20Merge Volker's fix.Jeremy Allison1-0/+6
It's a perfectly valid condition to have zero alias members. Jeremy. (This used to be commit aa7fb71357921c9d1fa1d32e5eaff912428e4fdf)
2003-10-20It's a perfectly valid condition to have zero alias members.Volker Lendecke1-0/+6
Volker (This used to be commit ccdcd88732c99497fc563379df7837c35eba72be)
2003-10-18Add client side code to do endpoint map queries. Currently does oneJim McDonough1-0/+61
fixed query. Updates to come soon. (This used to be commit 3ca8240affba20bb26749354f59b83799b4f1e44)
2003-10-06split some security related functions in their own files.Simo Sorce1-3/+3
(no need to include all of smbd files to use some basic sec functions) also minor compile fixes couldn't compile to test these due to some kerberos problems wirh 3.0, but on HEAD they're working well, so I suppose it's ok to commit (This used to be commit c78f2d0bd15ecd2ba643bb141cc35a3405787aa1)
2003-10-06split some security related functions in their own files.Simo Sorce1-3/+3
(no need to include all of smbd files to use some basic sec functions) also minor compile fixes (This used to be commit 66074d3b097d8cf2a231bf08c7f4db62da68189d)
2003-10-01commit sign only patch from Andrew; bug 167; tested using 2k & XP ↵Gerald Carter1-17/+12
clientspreviously joined to the Samba domain (This used to be commit 9d2e585e5e6f9066c6901aa8d8308734f8667296)
2003-10-01commit sign only patch from Andrew; bug 167; tested using 2k & XP ↵Gerald Carter1-17/+12
clientspreviously joined to the Samba domain (This used to be commit 3802f5895ee18507c6f467bd11db0b1147a6fdfd)
2003-09-29Merge from 3.0:Tim Potter1-8/+8
>Fix for #480. Change the interface for init_unistr2 to not take a length >but a flags field. We were assuming that 2*strlen(mb_string) == length of ucs2-le string. >This is not the case. Count it after conversion. >Jeremy. (This used to be commit e2ab9e54cd0ec0002175cf18ff364f4aebaf85a0)
2003-09-25Fix for #480. Change the interface for init_unistr2 to not take a lengthJeremy Allison1-8/+8
but a flags field. We were assuming that 2*strlen(mb_string) == length of ucs2-le string. This is not the case. Count it after conversion. Jeremy. (This used to be commit f82c273a42f930c7152cfab84394781744815e0e)
2003-09-22fix some warnings found by the Sun C compilerGerald Carter1-1/+1
(This used to be commit 585764305aa84a7732f71f2e01227e1a6a08664f)
2003-09-22fix some warnings found by the Sun C compilerGerald Carter1-1/+1
(This used to be commit e1fac713e25692a5790c3261ba323732930f5249)
2003-09-09sync 3.0 into HEAD for the last timeGerald Carter3-31/+25
(This used to be commit c17a7dc9a190156a069da3e861c18fd3f81224ad)
2003-08-19- Fix the kerberos downgrade problem:Andrew Bartlett2-14/+7
- When connecting to the NETOGON pipe, we make a call to auth2, in order to verify our identity. This call was being made with negotiation flags of 0x1ff. This caused our account to be downgraded. If we instead make the call with flags > 1ff (such as 0x701ff), then this does not occour. - This is *not* related to the use of kerberos for the CIFS-level connection My theory is that Win2k has a test to see if we are sending *exactly* what NT4 sent - setting any other flags seems to cause us to remain intact. Also ensure that we only have 'setup schannel' code in a few places, not scattered around cmd_netlogon too. Andrew Bartlett (This used to be commit e10f0529fe9d8d245b3cd001cce6a9a86896679c)
2003-08-19working on fix for BUG #294. Not done yet, but this at least clearsGerald Carter1-2/+2
up some of the false positives in "rpcclient -c getdriver". Also make sure that we ask for version2 and 3 drivers on x86. (This used to be commit 5be51515680da910b623f486108d91f9ea914bd2)
2003-08-15get rid of more compiler warningsHerb Lewis3-14/+14
(This used to be commit 398bd14fc6e2f8ab2f34211270e179b8928a6669)
2003-08-14Change Samba to always use extended security for it's guest logins, (ie,Andrew Bartlett1-1/+1
NTLMSSP with "" username, NULL password), and add --machine-pass (-P) to all of Samba's clients. When connecting to an Active Directory DC, you must initiate the CIFS level session setup with Kerberos, not a guest login. If you don't, your machine account is demoted to NT4. Andrew Bartlett (This used to be commit 3547cb3def45a90f99f67829a533eac1ccba5e77)
2003-08-04Memory leak fix for create_rpc_bind_req()Tim Potter1-0/+1
(This used to be commit 4d26feabd75d5b298276b0c5880b9765507bb6ae)
2003-08-02port latest changes from SAMBA_3_0 treeSimo Sorce5-21/+127
(This used to be commit 3101c236b8241dc0183995ffceed551876427de4)
2003-08-01Update my copyrights according to my agreement with IBMJim McDonough1-1/+1
(This used to be commit a2bd8f0bfa12f2a1e33c96bc9dabcc0e2171700d)
2003-07-31working on transtive trusts issue:Gerald Carter1-0/+5
* use DsEnumerateDomainTrusts() instead of LDAP search. wbinfo -m now lists all trusted downlevel domains and all domains in the forest. Thnigs to do: o Look at Krb5 connection trusted domains o make sure to initial the trusted domain cache as soon as possible (This used to be commit 0ab00ccaedf204b39c86a9e1c2fcac5f15d0e033)
2003-07-30Save us from possibly uninitialised variable (caught by gcc).Jeremy Allison1-4/+4
Jeremy. (This used to be commit f3f29665bd2c396c4756cd23f603ac768fea66fd)
2003-07-30add a few more tidy ups. Now onto winbinddGerald Carter1-0/+8
(This used to be commit f8abdd23e1d4aed56c263c3228e702b191af4c64)
2003-07-30add support for DsEnumerateDomainTrusted for enumerating all theGerald Carter1-2/+53
trusted domains in a forest. (This used to be commit c691c7f7d9afb8af542dc83cf934df1dfd38ef17)
2003-07-25domain in schannel bind credentials must be the dest domain, not oursGerald Carter1-1/+3
(This used to be commit e12f6a8c13f27c3caea96b467cc4294e20dad341)
2003-07-25Schannel, once setup, may be used on *ANY* TCP/IP connection until theAndrew Bartlett1-3/+52
connection that set it up has been shut down. (Also, pipes still connected, and reconnections to the same pipe (eg SAMR) may continue to use that session key until their TCP/IP connection is shut down) Allow further testing by printing out the session key, and allowing it's input into rpcclient. Next step is automatic storage in a TDB. Andrew Bartlett (This used to be commit fa4d7be1619b51aacec37ddf995c940b8100aef9)
2003-07-23Fix out of date comment.Tim Potter1-2/+1
(This used to be commit 2e5bd1665430768b06da99beba5ac11a59c9bf07)
2003-07-17fix the build. Ifdef out some codeGerald Carter1-0/+3
(This used to be commit e66541d0e1befec5d589890994454dd639ea0665)
2003-07-17In the presense of RPC fragments, schannel is not strictly request/reply,Andrew Bartlett1-5/+0
so the shared sequence number will not be strictly odd/even. Andrew Bartlett (This used to be commit 77c3e69aef545d3f9b7cec9efdc366cbeb0c745e)
2003-07-16trying to get HEAD building again. If you want the codeGerald Carter5-628/+630
prior to this merge, checkout HEAD_PRE_3_0_0_BETA_3_MERGE (This used to be commit adb98e7b7cd0f025b52c570e4034eebf4047b1ad)
2003-07-16Fix up our auth_pipe code to always cope with fragmented datagrams,Andrew Bartlett1-64/+41
in both SCHANNEL and NTLMSSP. (Try not to deal with a general case as individual special cases...) Andrew Bartlett (This used to be commit 6ca77bd28f16f9f65ff40bf8996e39356de5b4f8)
2003-07-15fix schannel processing on fragmented PDUs. 'net rpc vampire' works again.Gerald Carter1-1/+1
(This used to be commit ff0c71148e405eeb49efbc51461325c7f2207433)
2003-07-14Fix compile error noticed by Ken Cross, use the utility function insteadAndrew Bartlett1-14/+4
of an inline replacement... Andrew Bartlett (This used to be commit d941255a97fc6d0d62eae1602075b1aa0481cde5)
2003-07-14Jeremy requested that I get my NTLMSSP patch into CVS. He didn't requestAndrew Bartlett1-564/+493
the schannel code, but I've included that anyway. :-) This patch revives the client-side NTLMSSP support for RPC named pipes in Samba, and cleans up the client and server schannel code. The use of the new code is enabled by the 'sign', 'seal' and 'schannel' commands in rpcclient. The aim was to prove that our separate NTLMSSP client library actually implements NTLMSSP signing and sealing as per Microsoft's NTLMv1 implementation, in the hope that knowing this will assist us in correctly implementing NTLMSSP signing for SMB packets. (Still not yet functional) This patch replaces the NTLMSSP implementation in rpc_client/cli_pipe.c with calls to libsmb/ntlmssp.c. In the process, we have gained the ability to use the more secure NT password, and the ability to sign-only, instead of having to seal the pipe connection. (Previously we were limited to sealing, and could only use the LM-password derived key). Our new client-side NTLMSSP code also needed alteration to cope with our comparatively simple server-side implementation. A future step is to replace it with calls to the same NTLMSSP library. Also included in this patch is the schannel 'sign only' patch I submitted to the team earlier. While not enabled (and not functional, at this stage) the work in this patch makes the code paths *much* easier to follow. I have also included similar hooks in rpccleint to allow the use of schannel on *any* pipe. rpcclient now defaults to not using schannel (or any other extra per-pipe authenticiation) for any connection. The 'schannel' command enables schannel for all pipes until disabled. This code is also much more secure than the previous code, as changes to our cli_pipe routines ensure that the authentication footer cannot be removed by an attacker, and more error states are correctly handled. (The same needs to be done to our server) Andrew Bartlett (This used to be commit 5472ddc9eaf4e79c5b2e1c8ee8c7f190dc285f19)
2003-07-03Removed strupper/strlower macros that automatically map to ↵Jeremy Allison2-19/+19
strupper_m/strlower_m. I really want people to think about when they're using multibyte strings. Jeremy. (This used to be commit ff222716a08af65d26ad842ce4c2841cc6540959)
2003-06-12Fix for bug#3. Show comments when doing 'net group -l'.Volker Lendecke1-0/+51
Volker (This used to be commit e5664adc07307a066c5312d9224cef2c69a40f77)
2003-06-09Add some basic DEBUG statements at level 10 so we can see what is beingJeremy Allison1-0/+54
called. This is *essential* (and should be done on all the other cli_XX rpc calls) to help debug winbindd problems remotely. Jeremy. (This used to be commit bc215612cb7c1abc7fb78eda4016ba9e64cdc785)
2003-05-16Merge: clarify secure channel connection comment.Tim Potter1-4/+4
(This used to be commit dd063a298f9d5244d7b79c029c563b4d966019c1)
2003-05-16Clarify a comment: The secure channel connection must be opened on theTim Potter1-4/+4
same session (TCP connection) as the one the challenge was requested from. (This used to be commit 5cb9b99f0f5dad589ac7def667e354d6f92f8822)
2003-05-12Fix two bugs that were stopping net rpc vampire from working over secureTim Potter1-2/+10
channel: - If the domain name passed to create_rpc_bind_req() is empty, use lp_workgroup() - Correctly set the auth_padding field when the send_size is a multiple of 8 bytes I've tested with nt4sp6 and win2ksp0 and it seems to work, although there are no password hashes transferred from win2k. The empty passwords are being protected by the secure channel encryption though. (This used to be commit a8c11e855611c91e94787387c62ac629232cacfa)
2003-05-11Ok, this is a hack. On a netsec bind reply I did not see anythingVolker Lendecke1-0/+20
useful in the auth verifier yet. So this patch ignores it. Really checking this would be a lot more intrusive: in rpc_api_pipe we would have to distinguish between binds and normal requests, or have more state in the netsec info of cli_state, which is also somewhat hackish. Volker (This used to be commit 8de04fcf680a9bc5054965577eb500e0541ffe66)
2003-05-08This puts real netlogon connection caching to winbind. This becomesVolker Lendecke2-26/+22
important once we start doing schannel, as there would be a lot more roundtrips for the second PIPE open and bind. With this patch logging in to a member server is a matter of two (three if you count the ack...) packets between us and the DC. Volker (This used to be commit 5b3cb7725a974629d0bd8b707bc2940c36b8745e)
2003-05-07Always initialise this - it helps callers who use this in a loop...Andrew Bartlett1-0/+2
Andrew Bartlett (This used to be commit 97bc047434284527f25e130a72981da704ed1212)
2003-05-01Turn down some DEBUG()s and remove some duplicate code spotted by dfenwick.Andrew Bartlett1-1/+1
Andrew Bartlett (This used to be commit 542a8b1817d3930e03e08e16e9711cacceb6df61)
2003-04-28Fixes from Ronan Waide <waider@waider.ie> for large RPC writes.Jeremy Allison1-2/+2
Jeremy. (This used to be commit 30512b7d3ea3470e4aca08638a5c0ea14791a6e7)
2003-04-28Fixes from Ronan Waide <waider@waider.ie> for large RPC writes.Jeremy Allison1-2/+2
Jeremy. (This used to be commit a330bf170eb8e78200367c90833cbc90255642cb)
2003-04-25Minor cleanup of enum domain groups/aliases:Tim Potter1-12/+18
- return NT_STATUS_NO_MEMORY instead of NT_STATUS_UNSUCESSFUL if a talloc fails - don't try and tallocate memory when the number of entries returned was zero - rename some cut&pasted variable names in enum domain aliases function (This used to be commit aa748e1da543f0e59df8a56996ebd9510732507e)