summaryrefslogtreecommitdiff
path: root/source3/rpc_parse/parse_rpc.c
AgeCommit message (Collapse)AuthorFilesLines
2003-07-14Jeremy requested that I get my NTLMSSP patch into CVS. He didn't requestAndrew Bartlett1-17/+9
the schannel code, but I've included that anyway. :-) This patch revives the client-side NTLMSSP support for RPC named pipes in Samba, and cleans up the client and server schannel code. The use of the new code is enabled by the 'sign', 'seal' and 'schannel' commands in rpcclient. The aim was to prove that our separate NTLMSSP client library actually implements NTLMSSP signing and sealing as per Microsoft's NTLMv1 implementation, in the hope that knowing this will assist us in correctly implementing NTLMSSP signing for SMB packets. (Still not yet functional) This patch replaces the NTLMSSP implementation in rpc_client/cli_pipe.c with calls to libsmb/ntlmssp.c. In the process, we have gained the ability to use the more secure NT password, and the ability to sign-only, instead of having to seal the pipe connection. (Previously we were limited to sealing, and could only use the LM-password derived key). Our new client-side NTLMSSP code also needed alteration to cope with our comparatively simple server-side implementation. A future step is to replace it with calls to the same NTLMSSP library. Also included in this patch is the schannel 'sign only' patch I submitted to the team earlier. While not enabled (and not functional, at this stage) the work in this patch makes the code paths *much* easier to follow. I have also included similar hooks in rpccleint to allow the use of schannel on *any* pipe. rpcclient now defaults to not using schannel (or any other extra per-pipe authenticiation) for any connection. The 'schannel' command enables schannel for all pipes until disabled. This code is also much more secure than the previous code, as changes to our cli_pipe routines ensure that the authentication footer cannot be removed by an attacker, and more error states are correctly handled. (The same needs to be done to our server) Andrew Bartlett (This used to be commit 5472ddc9eaf4e79c5b2e1c8ee8c7f190dc285f19)
2003-04-22parse_string is only used for the authentication negotiators.Volker Lendecke1-10/+6
It can itself determine the length of the string it has to transfer. Andrew B., could you take a look at the length calculation? Is that safe? Thanks, Volker (This used to be commit 0ef69b586a8f1fa11a41a3900180ea2090b60bfd)
2003-04-16Fixes to make SCHANNEL work in 3.0 against a W2K DC. Still need to fixJeremy Allison1-7/+7
multi-PDU encode/decode with SCHANNEL. Also need to test against WNT DC. Jeremy. (This used to be commit ff66d4097088409205b6bad5124a78ef9946010d)
2003-04-14Merge of rpcecho pipe for testing large dcerpc requests and responses.Tim Potter1-0/+10
Only compiled in when --enable-developer argument passed to configure. (This used to be commit 017da9393bab276543d0d5c50df8c760780f2450)
2003-04-09This is the netlogon schannel client code. Try aVolker Lendecke1-4/+16
rpcclient -S pdc -U% -c "samlogon user password" and it should work with the schannel. Needs testing against platforms different from NT4SP6. Volker (This used to be commit eaef0d8aeff1aa5a067679be3f17e08d7434e1e8)
2003-04-09A little clarification in the rpc auth header struct.Volker Lendecke1-8/+7
Volker (This used to be commit 36362c602ba03ae5e89956b16820d5dff580bee7)
2003-04-06Merge the TNG netlogon schannel from HEAD.Volker Lendecke1-0/+95
No more XP requiresignorseal anymore! Thanks again to Luke :-) Volker (This used to be commit 6b2b55901d66cab0c0c0c90bd0585c870be6e468)
2003-01-03Merge from HEAD - make Samba compile with -Wwrite-strings without additionalAndrew Bartlett1-22/+22
warnings. (Adds a lot of const). Andrew Bartlett (This used to be commit 3a7458f9472432ef12c43008414925fd1ce8ea0c)
2002-11-12Removed global_myworkgroup, global_myname, global_myscope. Added liberalJeremy Allison1-2/+2
dashes of const. This is a rather large check-in, some things may break. It does compile though :-). Jeremy. (This used to be commit f755711df8f74f9b8e8c1a2b0d07d02a931eeb89)
2002-10-04merge of working dsrolegetprimdominfo() client code from APP_HEADGerald Carter1-2/+2
(This used to be commit 028477e35208e76fedbc7c743426fd9be94b7cf0)
2002-10-04merge of new client side support the Win2k LSARPC UUID in rpcbindGerald Carter1-10/+25
from APP_HEAD (This used to be commit 1cfd2ee433305e91e87804dd55d10e025d30a69e)
2002-07-15updated the 3.0 branch from the head branch - ready for alpha18Andrew Tridgell1-0/+3
(This used to be commit 03ac082dcb375b6f3ca3d810a6a6367542bc23ce)
2002-01-30Removed version number from file header.Tim Potter1-2/+1
Changed "SMB/Netbios" to "SMB/CIFS" in file header. (This used to be commit 6a58c9bd06d0d7502a24bf5ce5a2faf0a146edfa)
2001-10-02Removed 'extern int DEBUGLEVEL' as it is now in the smb.h header.Tim Potter1-5/+0
(This used to be commit 2d0922b0eabfdc0aaf1d0797482fef47ed7fde8e)
2001-09-04the next stage in the NTSTATUS/WERROR change. smbd and nmbd now compile, but ↵Andrew Tridgell1-1/+1
the client code still needs some work (This used to be commit dcd6e735f709a9231860ceb9682db40ff26c9a66)
2001-07-04The big character set handling changeover!Andrew Tridgell1-3/+4
This commit gets rid of all our old codepage handling and replaces it with iconv. All internal strings in Samba are now in "unix" charset, which may be multi-byte. See internals.doc and my posting to samba-technical for a more complete explanation. (This used to be commit debb471267960e56005a741817ebd227ecfc512a)
2001-03-12We copy the RPC header directly from the incoming client - remember toJeremy Allison1-1/+6
set little-endian flag on marshalling. AS/U now correctly tries to join our domain ! Jeremy. (This used to be commit 0185f8159dbd30820d1ec9ce2aec8eb1cddcfc0b)
2001-03-09Serious (and I *mean* serious) attempt to fix little/bigendian RPC issues.Jeremy Allison1-2/+2
We were reading the endainness in the RPC header and then never propagating it to the internal parse_structs used to parse the data. Also removed the "align" argument to prs_init as it was *always* set to 4, and if needed can be set differently on a case by case basis. Now ready for AS/U testing when Herb gets it set up :-). Jeremy. (This used to be commit 0cd37c831d79a12a10e479bf4fa89ffe64c1292a)
2000-08-01Tidyup removing many of the 0xC0000000 | NT_STATUS_XXX stuff (only need ↵Jeremy Allison1-3/+2
NT_STATUS_XXX). Removed IS_BITS_xxx macros as they were just reproducing "C" syntax in a more obscure way. Jeremy. (This used to be commit c55bcec817f47d6162466b193d533c877194124a)
2000-05-18Added the NETDFS pipe to allow remote administration of the msdfs symlinksShirish Kalele1-0/+10
on the samba server. (This used to be commit 15e7d8f6c5cddf6ce409ee2505744250d181ec34)
2000-04-13rpc_parse/parse_rpc.c: Changes from TNG (thanks Luke) for NTLMSSP parsing.Jeremy Allison1-10/+9
smbd/reply.c: Fixed typo in debug. Jeremy. (This used to be commit c2aa6d66b3ca2a1a6dde8e9a1f6e761d98be517a)
2000-03-06changed prs_unistr to parse empty and non-empty strings the same way.Jean-François Micouleau1-1/+1
fixed typo in SPOOLSS_SYNT some cleanup of unused functions wrote make_spoolss_enumprinter and make_spoolss_openprinterex for rpcclient as I'm trying to keep in sync the parsing code between HEAD and TNG. Will commit changes to TNG after lunch. J.F. (This used to be commit 025cdb345f6de287a41d4449b2662dbc5e762bf2)
2000-02-29Fixes from Luke, back-ported from TNG to Win2k. Correctly return FAULT_PDU onJeremy Allison1-0/+20
unknown rpc calls. Win2k now correctly shows the owners of files. Jeremy. (This used to be commit 066898689f496dc655c3f0a553ac5e884e078022)
2000-02-07spoolss definitions.Jean-François Micouleau1-11/+10
also added some prs_struct functions, 'cause I'm handling buffers as prs_struct. J.F. (This used to be commit 81e375bbbe0fb022a44a2aaaa3729a9518b7a854)
1999-12-13first pass at updating head branch to be to be the same as the SAMBA_2_0 branchAndrew Tridgell1-519/+565
(This used to be commit 453a822a76780063dff23526c35408866d0c0154)
1999-12-12delineation between smb and msrpc more marked. smbd now constructsLuke Leighton1-2/+2
pdus, and then feeds them over either a "local" function call or a "remote" function call to an msrpc service. the "remote" msrpc daemon, on the other side of a unix socket, then calls the same "local" function that smbd would, if the msrpc service were being run from inside smbd. this allows a transition from local msrpc services (inside the same smbd process) to remote (over a unix socket). removed reference to pipes_struct in msrpc services. all msrpc processing functions take rpcsrv_struct which is a structure containing state info for the msrpc functions to decode and create pdus. created become_vuser() which does everything not related to connection_struct that become_user() does. removed, as best i could, connection_struct dependencies from the nt spoolss printing code. todo: remove dcinfo from rpcsrv_struct because this stores NETLOGON-specific info on a per-connection basis, and if the connection dies then so does the info, and that's a fairly serious problem. had to put pretty much everything that is in user_struct into parse_creds.c to feed unix user info over to the msrpc daemons. why? because it's expensive to do unix password/group database lookups, and it's definitely expensive to do nt user profile lookups, not to mention pretty difficult and if you did either of these it would introduce a complication / unnecessary interdependency. so, send uid/gid/num_groups/gid_t* + SID+num_rids+domain_group_rids* + unix username + nt username + nt domain + user session key etc. this is the MINIMUM info identified so far that's actually implemented. missing bits include the called and calling netbios names etc. (basically, anything that can be loaded into standard_sub() and standard_sub_basic()...) (This used to be commit aa3c659a8dba0437c17c60055a6ed30fdfecdb6d)
1999-11-19added \PIPE\browser plus experimental brsinfo command. you wouldn'tLuke Leighton1-0/+11
believe the XXXX that MIGHT be involved in getting nt5rc2 to join a samba domain... (This used to be commit 569babb3935950c1b64396955541abf276cc1d92)
1999-11-15- added DCE/RPC "fault" PDU support.Luke Leighton1-0/+16
- disabled (AGAIN) the GETDC "if (MAILSLOT\NTLOGON)" code that will get NT5rc2 to work but WILL break win95 (AGAIN). this needs _not_ to be re-enabled but to be replaced with a better mechanism. - added SMBwrite support (note: SMBwriteX already existed) as NT5rc2 is sending DCE/RPC over SMBwrite not SMBwriteX. (This used to be commit 25c70e3c984c4fed19763ed405741e83fe14f87e)
1999-10-15return results on prs_xxxxx() and all xxx_io_xxx() routines.Luke Leighton1-63/+129
the whole task is not complete, yet. xxx_io_xxx() routines that _call_ xxx_io_xxx() routines not done. prs_xxxx() covered by macros. considering doing xxx_io_xxxx in the same way. (This used to be commit 3b583f7be51434af98bc52b48dfa42c4602a3094)
1999-10-07- added rudimentary CAP_UNICODE support because i thought it was part ofLuke Leighton1-5/+25
a problem i was having. - added rudimentary CAP_STATUS32 support for same reason. - added hard-coded, copy-the-same-data-from-over-the-wire version of CAP_EXTENDED_SECURITY, which is a security-blob to encapsulate GSSAPI which encodes SPNEGO which is used to negotiate Kerberos or NTLMSSP. i have implemented NTLMSSP which negotiates NTLMv1 or NTLMv2 and 40-bit or 128-bit etc. i have implemented NTLMv1 / 40-bit. *whew*. (This used to be commit e5b80bd2f76fda70e41e4a9007eb035dab92ed8e)
1999-07-26renaming AUTH VERIFIER to AUTH NTLMSSP VERIFIER. ready for addingLuke Leighton1-7/+8
another RPC authentication system. (This used to be commit 1a211bafebad8c63d98b5ef275a6272013527c65)
1999-06-29improving authentication code (tidyup).Luke Leighton1-6/+6
(This used to be commit ab1a6aa42db5217f025941fb5107436556bc23b7)
1999-05-03last part of RPC api change.Jean-François Micouleau1-0/+11
and of rpcclient eventlog funtion Jean Francois (This used to be commit 7fc8659e83bf0269df297016beac6793ff0bdf32)
1999-04-27rpc_parse/parse_misc.c : defined a new BUFFER5 structJean-François Micouleau1-5/+26
include/ntdomain.h : added rpc_spoolss.h include statement include/proto.h include/rpc_dce.h : added definition of RPC_ALTER_CONTEXT request & reply param/loadparm.c : 2 new options for NT printing support and some changes to initial values in the LPRNG case. rpc_parse/parse_prs.c : added prs_uint16s() rpc_parse/parse_rpc.c : added SYNT_SPOOLSS_V1 and code for the alter-context support. rpc_server/srv_pipe.c : alter-context support smbd/nttrans.c smbd/server.c include/rpc_misc.h Makefile.in include/smb.h Jean Francois (This used to be commit 4c515804b70254248e378a3f90f47e4c32639d29)
1999-04-23Adding scheduler control pipe (\atsvc), client-side routines, and rpcclientMatthew Chapman1-0/+11
command "at" (compatible with NT's "at" command - see rpcclient commit) - useful for remote NT administration. (This used to be commit cf30a472f702d7b50c3a85e2cf2f55b46a2bd452)
1999-02-15Always null-terminate strings.Matthew Chapman1-3/+3
Also some string length and sizeof(pointer) corrections. (This used to be commit ce24191939b82985d09eabe945199f38b0fea486)
1999-02-12UNICODE cleanup (see lib/util_unistr.c).Matthew Chapman1-3/+3
No more ugly static library buffers and all functions take a destination string length (especially unistrcpy was rather dangerous; we were only saved by the fact that datagrams are limited in size). (This used to be commit a1d39af1ce1d451b811dbd7c2ba391214851b87e)
1999-02-11the UNICODE issue...Luke Leighton1-3/+3
(This used to be commit 73db80f34183324845407b00f58462ff2d7b47ea)
1999-02-08UNICODE byte ordering issue: typecast to uint16* replaced with SSVAL()Luke Leighton1-3/+3
(This used to be commit 9084b7e33dfe717bd8d5604ee71d137e3baef0f5)
1998-12-08adding srvsvc pipe.Luke Leighton1-0/+11
(This used to be commit d06d6369942828ec89e90f99bd0d0d3f91d61d13)
1998-11-17- group database API. oops and oh dear, the threat has been carried out:Luke Leighton1-11/+0
the pre-alpha "domain group" etc parameters have disappeared. - interactive debug detection - re-added mem_man (andrew's memory management, detects memory corruption) - american spellings of "initialise" replaced with english spelling of "initialise". - started on "lookup_name()" and "lookup_sid()" functions. proper ones. - moved lots of functions around. created some modules of commonly used code. e.g the password file locking code, which is used in groupfile.c and aliasfile.c and smbpass.c - moved RID_TYPE_MASK up another bit. this is really unfortunate, but there is no other "fast" way to identify users from groups from aliases. i do not believe that this code saves us anything (the multipliers) and puts us at a disadvantage (reduces the useable rid space). the designers of NT aren't silly: if they can get away with a user- interface-speed LsaLookupNames / LsaLookupSids, then so can we. i spoke with isaac at the cifs conference, the only time for example that they do a security context check is on file create. certainly not on individual file reads / writes, which would drastically hit their performance and ours, too. - renamed myworkgroup to global_sam_name, amongst other things, when used in the rpc code. there is also a global_member_name, as we are always responsible for a SAM database, the scope of which is limited by the role of the machine (e.g if a member of a workgroup, your SAM is for _local_ logins only, and its name is the name of your server. you even still have a SID. see LsaQueryInfoPolicy, levels 3 and 5). - updated functionality of groupname.c to be able to cope with names like DOMAIN\group and SERVER\alias. used this code to be able to do aliases as well as groups. this code may actually be better off being used in username mapping, too. - created a connect to serverlist function in clientgen.c and used it in password.c - initialisation in server.c depends on the role of the server. well, it does now. - rpctorture. smbtorture. EXERCISE EXTREME CAUTION. (This used to be commit 0d21e1e6090b933f396c764af535ca3388a562db)
1998-11-13fixes for OSF1 compilationAndrew Tridgell1-2/+2
(This used to be commit 5be3c37f50eac35cad3eadf0d24e7a4ee04c075e)
1998-10-21fixing smbd encrypted rpcs (data lens, alloc hints, sequence nums argh).Luke Leighton1-7/+9
put unicode strings after SAMLOGON query regardless of whether it's an NT mailslot or a non-NT mailslot, after having observed this behaviour out of NT machines. (This used to be commit c101113ec20ed0ba633e78e4ee45596cdccaf1b5)
1998-10-19- dce/rpc codeLuke Leighton1-0/+41
- removed debug info in struni2 and unistr2 (security risk) - rpc_pipe function was getting pointer to data then calling realloc *dur* - password check function, the start of "credential checking", user, wks, domain, pass as the credentials (not just user,pass which is incorrect in a domain context) - cli_write needs to return ssize_t not size_t, because total can be -1 if the write fails. - fixed signed / unsigned warnings (how come i don't get those any more when i compile with gcc???) - nt password change added in smbd. yes, jeremy, i verified that the SMBtrans2 version still works. (This used to be commit fcfb40d2b0fc565ee4f66b3a3761c246366a2ef3)
1998-10-14dce/rpcLuke Leighton1-8/+36
(This used to be commit 69f5f9f88935de1f63ffc9aa19c0629b395e66e6)
1998-10-09signed / unsigned issues spotted by herbLuke Leighton1-6/+6
(This used to be commit 0b90442021aa3adb5ae7f09c53c9e54c7655d8c5)
1998-10-09dce/rpc.Luke Leighton1-4/+4
(This used to be commit e0445419b2d50ae6efef36f4f295ebcfdbf1ad82)
1998-10-09dce/rpcLuke Leighton1-17/+17
(This used to be commit 32d0f5e4a564686ad6b270dd24423ee49a81f223)
1998-10-08dce/rpcLuke Leighton1-66/+112
(This used to be commit 62fdeef1b79c5c4c9bf0e860881651711bb80b9a)
1998-10-07dce/rpcLuke Leighton1-41/+169
(This used to be commit 6677b888bdb45df00646eb7cc13005b9465ff971)