summaryrefslogtreecommitdiff
path: root/source3/rpc_client
AgeCommit message (Collapse)AuthorFilesLines
2010-02-17Fix bug #7146 - Samba miss-parses authenticated RPC packets.Jeremy Allison1-15/+47
Parts of the Samba RPC client and server code misinterpret authenticated packets. DCE authenticated packets actually look like this : +--------------------------+ |header | | ... frag_len (packet len)| | ... auth_len | +--------------------------+ | | | Data payload | ... .... | | +--------------------------+ | | | auth_pad_len bytes | +--------------------------+ | | | Auth footer | | auth_pad_len value | +--------------------------+ | | | Auth payload | | (auth_len bytes long) | +--------------------------+ That's right. The pad bytes come *before* the footer specifying how many pad bytes there are. In order to read this you must seek to the end of the packet and subtract the auth_len (in the packet header) and the auth footer length (a known value). The client and server code gets this right (mostly) in 3.0.x -> 3.4.x so long as the pad alignment is on an 8 byte boundary (there are some special cases in the code for this). Tridge discovered there are some (DRS replication) cases where on 64-bit machines where the pad alignment is on a 16-byte boundary. This breaks the existing S3 hand-optimized rpc code. This patch removes all the special cases in client and server code, and allows the pad alignment for generated packets to be specified by changing a constant in include/local.h (this doesn't affect received packets, the new code always handles them correctly whatever pad alignment is used). This patch also works correctly with rpcclient using sign+seal from the 3.4.x and 3.3.x builds (testing with 3.0.x and 3.2.x to follow) so even as a server it should still work with older libsmbclient and winbindd code. Jeremy
2010-01-10s3: Remove some unused variablesVolker Lendecke1-7/+0
2010-01-06s3: Fix infinite loop in NCACN_IP_TCP asa there is no timeout. Assume ↵Bo Yang5-4/+112
lsa_pipe_tcp is ok but network is down, then send request is ok, but select() on writeable fds loops forever since there is no response. Signed-off-by: Bo Yang <boyang@samba.org>
2009-12-22s3:ntlmssp: only include ntlmssp.h where actually neededAndrew Bartlett1-0/+1
Andrew Bartlett
2009-12-22s3:ntlmssp: remove the typedef NTLMSSP_STATEAndrew Bartlett1-1/+1
Andrew Bartlett
2009-12-10s3-spoolss: fix enumprinter key client and server.Günther Deschner1-2/+5
Guenther
2009-12-02samba-spoolss: use spoolss_StringArray2 in spoolss_EnumPrinterKey.Günther Deschner1-20/+4
This should finally resolve the endian issues we were seeing on sparc and is much cleaner for spoolss clients and servers. Guenther
2009-11-27s3-kerberos: only use krb5 headers where required.Günther Deschner1-0/+1
This seems to be the only way to deal with mixed heimdal/MIT setups during merged build. Guenther
2009-11-26s3-rpc: running minimal_includes.pl on rpc_client and rpc_server.Günther Deschner1-2/+0
Guenther
2009-11-26s3-rpc: Avoid including every pipe's client and server stubs everywhere in ↵Günther Deschner4-1/+4
samba. Guenther
2009-11-24s3-spoolss: fixes for _spoolss_EnumPrinterKey client and server.Günther Deschner1-2/+2
Thanks Metze for review! Guenther
2009-11-23s3-spoolss: fix spoolss_EnumPrinterKey client and server code.Günther Deschner1-3/+21
Guenther
2009-11-14s3: Add min_setup, min_param and min_data to cli_trans_recvVolker Lendecke1-2/+2
Every caller that expects to receive something needs to check if enough was sent. Make this check mandatory for everyone. Yes, this makes the parameter list for cli_trans a bit silly, but that's just the way it is: A silly protocol request :-) While there, convert some _done functions to tevent_req_simple_finish_ntstatus.
2009-11-13fix bogus "out of memory" winbind msgVolker Lendecke1-1/+2
Signed-off-by: Michael Adam <obnox@samba.org>
2009-11-12Remove erroneous 'presult = NULL' changes. Now presult only gets setJeremy Allison1-9/+2
if NTSTATUS == OK. Jeremy.
2009-11-12Revert "Ensure every return path initializes presult as NULL."Jeremy Allison1-40/+0
Vl is correct, this is the wrong way to fix this. This reverts commit 83c2c177a5e86d04da37384f1f04230c8274e1e6.
2009-11-12Ensure all callers to the rpc_client/cli_pipe functions correctlyJeremy Allison1-2/+2
initialize return variables. Jeremy.
2009-11-12Ensure every return path initializes presult as NULL.Jeremy Allison1-0/+40
Ensures no crashes in calling code that forgets to init return as null. Jeremy.
2009-11-10s3-rpc_client: make sure cli_rpc_pipe_open_schannel() does not always return ↵Günther Deschner1-1/+3
NT_STATUS_OK. Guenther
2009-11-08Revert "s3: Do not directly reference the ndr_table_* in rpcclient"Volker Lendecke1-14/+0
This reverts commit 70c698fd547c4bc19cf77693608bbb34acac40b5.
2009-11-08Revert "s3: Do not reference ndr_table_<pipe> in the cli_ routines directly"Volker Lendecke1-18/+3
This reverts commit daa964013bc5d036f4da571ce22c0052ef40943a.
2009-11-08s3: Do not reference ndr_table_<pipe> in the cli_ routines directlyVolker Lendecke1-3/+18
2009-11-08s3: Do not directly reference the ndr_table_* in rpcclientVolker Lendecke1-0/+14
2009-11-07s3: Do the printing for DEBUGLEVEL>=10 centrallyVolker Lendecke1-1/+12
12 insertions(+), 10651 deletions(-) I think that says it all :-)
2009-11-07s3: Register the ndr_interfaces dynamicallyVolker Lendecke1-37/+110
2009-11-07s3: Get rid of a NULL terminatorVolker Lendecke1-2/+1
2009-11-07s3: Get rid of explicit pipe namesVolker Lendecke1-49/+54
2009-11-07s3: get_pipe_name_from_iface -> get_pipe_name_from_syntaxVolker Lendecke2-9/+11
2009-11-06s3-kerberos: modify cli_krb5_get_ticket to take a new impersonate_princ_s arg.Günther Deschner1-1/+1
Guenther
2009-11-03s3: Remove debug_ctx()Volker Lendecke1-17/+17
smbd just crashed on me: In a debug message I called a routine preparing a string that itself used debug_ctx. The outer routine also used it after the inner routine had returned. It was still referencing the talloc context that the outer debug_ctx() had given us, which the inner DEBUG had already freed.
2009-10-16s3-netlogon: fix updating trust accout passwords with downlevel domains.Günther Deschner1-2/+2
When choosing the netlogon password set function, make sure to look at the *negotiated* flags in the cli->dc state, not the ones we start the negotiation with. Guenther
2009-10-13s3: use enum netr_SchannelType all over the place.Günther Deschner2-2/+2
Guenther
2009-10-13s3-netlogon: pass down account name to remote password set functions.Günther Deschner1-1/+2
Guenther
2009-10-08s3/s4 - Adapt the IDL changes on various locationsMatthias Dieter Wallnöfer1-1/+1
2009-10-06s3-netlogon: setup NETLOGON credential chain in ↵Günther Deschner1-13/+14
rpccli_netlogon_set_trust_password() only when needed. Guenther
2009-10-05Revert "s3: Attempt to fix machine password change"Volker Lendecke1-34/+17
This reverts commit 20a8ea91e10af167067cc794a251265aaf489e75. Ooops, this should not have been committed.
2009-10-05s3: Attempt to fix machine password changeVolker Lendecke1-17/+34
2009-10-05s3: Remove a scary error message -- talloc_move can not fail :-)Volker Lendecke1-5/+0
Signed-off-by: Günther Deschner <gd@samba.org>
2009-10-01s3-registry: move rpccli_winreg_Connect to the only file it belongs.Günther Deschner1-62/+0
Guenther
2009-09-25s3:rpc_client: don't randomly fragment rpc pdu's in developer modeStefan Metzmacher1-2/+2
This is really confusing and also breaks against windows, as it doesn't accept fragmented bind requests. metze
2009-09-18s3-rpc_client: fix non initialized structure in rpccli_lsa_lookup_sids_noalloc.Günther Deschner1-0/+2
Guenther
2009-09-17spnego: share spnego_parse.Günther Deschner1-0/+1
Guenther
2009-09-16libcli/auth: rewrite schannel sign/seal code to be more genericStefan Metzmacher1-17/+24
This prepares support for HMAC-SHA256/AES. metze
2009-09-16s3-dcerpc: remove more obsolete or duplicate headers.Günther Deschner1-22/+22
Guenther
2009-09-16s3-schannel: add dump_NL_AUTH_SIGNATURE.Günther Deschner1-20/+3
Guenther
2009-09-16schannel: fully share schannel sign/seal between s3 and 4.Günther Deschner1-41/+64
Guenther
2009-09-16s3-schannel: fix blob length when pulling off a NL_AUTH_SIGNATURE inGünther Deschner1-1/+1
cli_pipe_verify_schannel(). Guenther
2009-09-15s3-dcerpc: fix remaining old auth level constants.Günther Deschner1-6/+6
Guenther
2009-09-15s3-dcerpc: remove unsed auth type defines as seen on the wire.Günther Deschner1-5/+5
Guenther
2009-09-15s3-dcerpc: use dcerpc_AuthLevel and remove duplicate set of flags.Günther Deschner1-35/+35
Guenther