Age | Commit message (Collapse) | Author | Files | Lines | |
---|---|---|---|---|---|
2010-02-17 | Fix bug #7146 - Samba miss-parses authenticated RPC packets. | Jeremy Allison | 1 | -15/+47 | |
Parts of the Samba RPC client and server code misinterpret authenticated packets. DCE authenticated packets actually look like this : +--------------------------+ |header | | ... frag_len (packet len)| | ... auth_len | +--------------------------+ | | | Data payload | ... .... | | +--------------------------+ | | | auth_pad_len bytes | +--------------------------+ | | | Auth footer | | auth_pad_len value | +--------------------------+ | | | Auth payload | | (auth_len bytes long) | +--------------------------+ That's right. The pad bytes come *before* the footer specifying how many pad bytes there are. In order to read this you must seek to the end of the packet and subtract the auth_len (in the packet header) and the auth footer length (a known value). The client and server code gets this right (mostly) in 3.0.x -> 3.4.x so long as the pad alignment is on an 8 byte boundary (there are some special cases in the code for this). Tridge discovered there are some (DRS replication) cases where on 64-bit machines where the pad alignment is on a 16-byte boundary. This breaks the existing S3 hand-optimized rpc code. This patch removes all the special cases in client and server code, and allows the pad alignment for generated packets to be specified by changing a constant in include/local.h (this doesn't affect received packets, the new code always handles them correctly whatever pad alignment is used). This patch also works correctly with rpcclient using sign+seal from the 3.4.x and 3.3.x builds (testing with 3.0.x and 3.2.x to follow) so even as a server it should still work with older libsmbclient and winbindd code. Jeremy | |||||
2010-01-10 | s3: Remove some unused variables | Volker Lendecke | 1 | -7/+0 | |
2010-01-06 | s3: Fix infinite loop in NCACN_IP_TCP asa there is no timeout. Assume ↵ | Bo Yang | 5 | -4/+112 | |
lsa_pipe_tcp is ok but network is down, then send request is ok, but select() on writeable fds loops forever since there is no response. Signed-off-by: Bo Yang <boyang@samba.org> | |||||
2009-12-22 | s3:ntlmssp: only include ntlmssp.h where actually needed | Andrew Bartlett | 1 | -0/+1 | |
Andrew Bartlett | |||||
2009-12-22 | s3:ntlmssp: remove the typedef NTLMSSP_STATE | Andrew Bartlett | 1 | -1/+1 | |
Andrew Bartlett | |||||
2009-12-10 | s3-spoolss: fix enumprinter key client and server. | Günther Deschner | 1 | -2/+5 | |
Guenther | |||||
2009-12-02 | samba-spoolss: use spoolss_StringArray2 in spoolss_EnumPrinterKey. | Günther Deschner | 1 | -20/+4 | |
This should finally resolve the endian issues we were seeing on sparc and is much cleaner for spoolss clients and servers. Guenther | |||||
2009-11-27 | s3-kerberos: only use krb5 headers where required. | Günther Deschner | 1 | -0/+1 | |
This seems to be the only way to deal with mixed heimdal/MIT setups during merged build. Guenther | |||||
2009-11-26 | s3-rpc: running minimal_includes.pl on rpc_client and rpc_server. | Günther Deschner | 1 | -2/+0 | |
Guenther | |||||
2009-11-26 | s3-rpc: Avoid including every pipe's client and server stubs everywhere in ↵ | Günther Deschner | 4 | -1/+4 | |
samba. Guenther | |||||
2009-11-24 | s3-spoolss: fixes for _spoolss_EnumPrinterKey client and server. | Günther Deschner | 1 | -2/+2 | |
Thanks Metze for review! Guenther | |||||
2009-11-23 | s3-spoolss: fix spoolss_EnumPrinterKey client and server code. | Günther Deschner | 1 | -3/+21 | |
Guenther | |||||
2009-11-14 | s3: Add min_setup, min_param and min_data to cli_trans_recv | Volker Lendecke | 1 | -2/+2 | |
Every caller that expects to receive something needs to check if enough was sent. Make this check mandatory for everyone. Yes, this makes the parameter list for cli_trans a bit silly, but that's just the way it is: A silly protocol request :-) While there, convert some _done functions to tevent_req_simple_finish_ntstatus. | |||||
2009-11-13 | fix bogus "out of memory" winbind msg | Volker Lendecke | 1 | -1/+2 | |
Signed-off-by: Michael Adam <obnox@samba.org> | |||||
2009-11-12 | Remove erroneous 'presult = NULL' changes. Now presult only gets set | Jeremy Allison | 1 | -9/+2 | |
if NTSTATUS == OK. Jeremy. | |||||
2009-11-12 | Revert "Ensure every return path initializes presult as NULL." | Jeremy Allison | 1 | -40/+0 | |
Vl is correct, this is the wrong way to fix this. This reverts commit 83c2c177a5e86d04da37384f1f04230c8274e1e6. | |||||
2009-11-12 | Ensure all callers to the rpc_client/cli_pipe functions correctly | Jeremy Allison | 1 | -2/+2 | |
initialize return variables. Jeremy. | |||||
2009-11-12 | Ensure every return path initializes presult as NULL. | Jeremy Allison | 1 | -0/+40 | |
Ensures no crashes in calling code that forgets to init return as null. Jeremy. | |||||
2009-11-10 | s3-rpc_client: make sure cli_rpc_pipe_open_schannel() does not always return ↵ | Günther Deschner | 1 | -1/+3 | |
NT_STATUS_OK. Guenther | |||||
2009-11-08 | Revert "s3: Do not directly reference the ndr_table_* in rpcclient" | Volker Lendecke | 1 | -14/+0 | |
This reverts commit 70c698fd547c4bc19cf77693608bbb34acac40b5. | |||||
2009-11-08 | Revert "s3: Do not reference ndr_table_<pipe> in the cli_ routines directly" | Volker Lendecke | 1 | -18/+3 | |
This reverts commit daa964013bc5d036f4da571ce22c0052ef40943a. | |||||
2009-11-08 | s3: Do not reference ndr_table_<pipe> in the cli_ routines directly | Volker Lendecke | 1 | -3/+18 | |
2009-11-08 | s3: Do not directly reference the ndr_table_* in rpcclient | Volker Lendecke | 1 | -0/+14 | |
2009-11-07 | s3: Do the printing for DEBUGLEVEL>=10 centrally | Volker Lendecke | 1 | -1/+12 | |
12 insertions(+), 10651 deletions(-) I think that says it all :-) | |||||
2009-11-07 | s3: Register the ndr_interfaces dynamically | Volker Lendecke | 1 | -37/+110 | |
2009-11-07 | s3: Get rid of a NULL terminator | Volker Lendecke | 1 | -2/+1 | |
2009-11-07 | s3: Get rid of explicit pipe names | Volker Lendecke | 1 | -49/+54 | |
2009-11-07 | s3: get_pipe_name_from_iface -> get_pipe_name_from_syntax | Volker Lendecke | 2 | -9/+11 | |
2009-11-06 | s3-kerberos: modify cli_krb5_get_ticket to take a new impersonate_princ_s arg. | Günther Deschner | 1 | -1/+1 | |
Guenther | |||||
2009-11-03 | s3: Remove debug_ctx() | Volker Lendecke | 1 | -17/+17 | |
smbd just crashed on me: In a debug message I called a routine preparing a string that itself used debug_ctx. The outer routine also used it after the inner routine had returned. It was still referencing the talloc context that the outer debug_ctx() had given us, which the inner DEBUG had already freed. | |||||
2009-10-16 | s3-netlogon: fix updating trust accout passwords with downlevel domains. | Günther Deschner | 1 | -2/+2 | |
When choosing the netlogon password set function, make sure to look at the *negotiated* flags in the cli->dc state, not the ones we start the negotiation with. Guenther | |||||
2009-10-13 | s3: use enum netr_SchannelType all over the place. | Günther Deschner | 2 | -2/+2 | |
Guenther | |||||
2009-10-13 | s3-netlogon: pass down account name to remote password set functions. | Günther Deschner | 1 | -1/+2 | |
Guenther | |||||
2009-10-08 | s3/s4 - Adapt the IDL changes on various locations | Matthias Dieter Wallnöfer | 1 | -1/+1 | |
2009-10-06 | s3-netlogon: setup NETLOGON credential chain in ↵ | Günther Deschner | 1 | -13/+14 | |
rpccli_netlogon_set_trust_password() only when needed. Guenther | |||||
2009-10-05 | Revert "s3: Attempt to fix machine password change" | Volker Lendecke | 1 | -34/+17 | |
This reverts commit 20a8ea91e10af167067cc794a251265aaf489e75. Ooops, this should not have been committed. | |||||
2009-10-05 | s3: Attempt to fix machine password change | Volker Lendecke | 1 | -17/+34 | |
2009-10-05 | s3: Remove a scary error message -- talloc_move can not fail :-) | Volker Lendecke | 1 | -5/+0 | |
Signed-off-by: Günther Deschner <gd@samba.org> | |||||
2009-10-01 | s3-registry: move rpccli_winreg_Connect to the only file it belongs. | Günther Deschner | 1 | -62/+0 | |
Guenther | |||||
2009-09-25 | s3:rpc_client: don't randomly fragment rpc pdu's in developer mode | Stefan Metzmacher | 1 | -2/+2 | |
This is really confusing and also breaks against windows, as it doesn't accept fragmented bind requests. metze | |||||
2009-09-18 | s3-rpc_client: fix non initialized structure in rpccli_lsa_lookup_sids_noalloc. | Günther Deschner | 1 | -0/+2 | |
Guenther | |||||
2009-09-17 | spnego: share spnego_parse. | Günther Deschner | 1 | -0/+1 | |
Guenther | |||||
2009-09-16 | libcli/auth: rewrite schannel sign/seal code to be more generic | Stefan Metzmacher | 1 | -17/+24 | |
This prepares support for HMAC-SHA256/AES. metze | |||||
2009-09-16 | s3-dcerpc: remove more obsolete or duplicate headers. | Günther Deschner | 1 | -22/+22 | |
Guenther | |||||
2009-09-16 | s3-schannel: add dump_NL_AUTH_SIGNATURE. | Günther Deschner | 1 | -20/+3 | |
Guenther | |||||
2009-09-16 | schannel: fully share schannel sign/seal between s3 and 4. | Günther Deschner | 1 | -41/+64 | |
Guenther | |||||
2009-09-16 | s3-schannel: fix blob length when pulling off a NL_AUTH_SIGNATURE in | Günther Deschner | 1 | -1/+1 | |
cli_pipe_verify_schannel(). Guenther | |||||
2009-09-15 | s3-dcerpc: fix remaining old auth level constants. | Günther Deschner | 1 | -6/+6 | |
Guenther | |||||
2009-09-15 | s3-dcerpc: remove unsed auth type defines as seen on the wire. | Günther Deschner | 1 | -5/+5 | |
Guenther | |||||
2009-09-15 | s3-dcerpc: use dcerpc_AuthLevel and remove duplicate set of flags. | Günther Deschner | 1 | -35/+35 | |
Guenther |