Age | Commit message (Collapse) | Author | Files | Lines | |
---|---|---|---|---|---|
2010-07-08 | s3:dcerpc Use prs_parse_dcerpc_bind | Simo Sorce | 1 | -27/+36 | |
2010-07-08 | s3:rpc user idl define dcerpc_ctx_list instead of custom RPC_CONTEXT | Simo Sorce | 1 | -9/+13 | |
2010-07-07 | s3-dcerpc: use dcerpc_push_ncacn_packet() for setup_fault_pdu(). | Günther Deschner | 1 | -28/+18 | |
Guenther Signed-off-by: Simo Sorce <idra@samba.org> | |||||
2010-07-07 | s3-dcerpc: use dcerpc_push_ncacn_packet() for setup_bind_nak(). | Günther Deschner | 1 | -14/+16 | |
Guenther Signed-off-by: Simo Sorce <idra@samba.org> | |||||
2010-07-01 | s3:auth Fix switch statement referencing a uninitialized variable | Simo Sorce | 1 | -1/+1 | |
Looking at the original commit (9a747d500fad699038ecf75615c680a9fd9e4cc7) this seem the right solution. Andrew please check. | |||||
2010-06-16 | Remove an unused chunk of code (will make it easier to talloc'ize prs_XXX). | Jeremy Allison | 1 | -49/+0 | |
Jeremy. | |||||
2010-06-08 | Revert "s3:auth Change auth_ntlmssp_server_info API to return NTSTATUS" | Volker Lendecke | 1 | -4/+3 | |
This reverts commit edba46ce94c335411ab337eeb4ef6f88fb3aae80. Conflicts: source3/auth/auth_ntlmssp.c | |||||
2010-06-07 | s3:auth add hooks to indicate if signing or sealing is desired with NTLMSSP | Andrew Bartlett | 1 | -0/+21 | |
This allows the right hooks to be called in GENSEC when s3compat implements the auth_ntlmssp interface. Otherwise, we can't do the signing or sealing as we have not negoitated it's use. Andrew Bartlett | |||||
2010-06-07 | s3:auth Change auth_ntlmssp_server_info API to return NTSTATUS | Andrew Bartlett | 1 | -3/+4 | |
It's nicer to have an NTSTATUS return, and in s3compat there may be a reason other than 'no memory' why this can fail. Andrew Bartlett | |||||
2010-06-04 | s3-rpc: Seperate rpc_srv_register for plain connection. | Andreas Schneider | 1 | -125/+32 | |
This will make it possible to create plain rpc named pipe connnections. Reviewed-by: Simo Sorce <idra@samba.org> | |||||
2010-05-31 | s3:ntlmssp Use a TALLOC_CTX for ntlmssp_sign_packet() and ntlmssp_seal_packet() | Andrew Bartlett | 1 | -7/+9 | |
This ensures the results can't be easily left to leak. Andrew Bartlett Signed-off-by: Stefan Metzmacher <metze@samba.org> Signed-off-by: Günther Deschner <gd@samba.org> | |||||
2010-05-31 | ntlmssp: Make the ntlmssp.h from source3/ a common header | Andrew Bartlett | 1 | -1/+1 | |
The code is not yet in common, but I hope to fix that soon. Andrew Bartlett Signed-off-by: Stefan Metzmacher <metze@samba.org> Signed-off-by: Günther Deschner <gd@samba.org> | |||||
2010-05-31 | s3:auth Remove AUTH_NTLMSSP_STATE typedef. | Andrew Bartlett | 1 | -7/+7 | |
typedefs are no longer preferred Samba style. Andrew Bartlett Signed-off-by: Stefan Metzmacher <metze@samba.org> Signed-off-by: Günther Deschner <gd@samba.org> | |||||
2010-05-31 | s3:auth Make AUTH_NTLMSSP_STATE a private structure. | Andrew Bartlett | 1 | -26/+27 | |
This makes it a little easier for it to writen in terms of GENSEC in future. Andrew Bartlett Signed-off-by: Stefan Metzmacher <metze@samba.org> Signed-off-by: Günther Deschner <gd@samba.org> | |||||
2010-05-18 | s3: Remove use of iconv_convenience. | Jelmer Vernooij | 1 | -5/+4 | |
2010-03-24 | s3:ntlmssp: use client.netbios_name instead of workstation | Stefan Metzmacher | 1 | -1/+2 | |
metze Signed-off-by: Günther Deschner <gd@samba.org> | |||||
2010-03-04 | srv_pipe.c doesn't reference current_user anymore. Remove it. | Jeremy Allison | 1 | -2/+0 | |
Jeremy. | |||||
2010-02-23 | schannel_tdb: make code compilable in both trees | Simo Sorce | 1 | -1/+1 | |
2010-02-23 | s3:schannel streamline interface | Simo Sorce | 1 | -1/+1 | |
Make calling schannel much easier by removing the need to explicitly open the database. Let the abstraction do it instead. | |||||
2010-02-18 | More fixes for bug #7146 - Samba miss-parses authenticated RPC packets. | Jeremy Allison | 1 | -16/+31 | |
Alignment space calculations are tricky :-). Jeremy. | |||||
2010-02-18 | More fixes for bug #7146 - Samba miss-parses authenticated RPC packets. | Jeremy Allison | 1 | -14/+16 | |
Ensure we calculate the space correctly (including the ss_padding_len) when constructing reply packets. Jeremy. | |||||
2010-02-17 | Fix bug #7146 - Samba miss-parses authenticated RPC packets. | Jeremy Allison | 1 | -120/+311 | |
Parts of the Samba RPC client and server code misinterpret authenticated packets. DCE authenticated packets actually look like this : +--------------------------+ |header | | ... frag_len (packet len)| | ... auth_len | +--------------------------+ | | | Data payload | ... .... | | +--------------------------+ | | | auth_pad_len bytes | +--------------------------+ | | | Auth footer | | auth_pad_len value | +--------------------------+ | | | Auth payload | | (auth_len bytes long) | +--------------------------+ That's right. The pad bytes come *before* the footer specifying how many pad bytes there are. In order to read this you must seek to the end of the packet and subtract the auth_len (in the packet header) and the auth footer length (a known value). The client and server code gets this right (mostly) in 3.0.x -> 3.4.x so long as the pad alignment is on an 8 byte boundary (there are some special cases in the code for this). Tridge discovered there are some (DRS replication) cases where on 64-bit machines where the pad alignment is on a 16-byte boundary. This breaks the existing S3 hand-optimized rpc code. This patch removes all the special cases in client and server code, and allows the pad alignment for generated packets to be specified by changing a constant in include/local.h (this doesn't affect received packets, the new code always handles them correctly whatever pad alignment is used). This patch also works correctly with rpcclient using sign+seal from the 3.4.x and 3.3.x builds (testing with 3.0.x and 3.2.x to follow) so even as a server it should still work with older libsmbclient and winbindd code. Jeremy | |||||
2009-12-22 | s3:ntlmssp: only include ntlmssp.h where actually needed | Andrew Bartlett | 1 | -0/+1 | |
Andrew Bartlett | |||||
2009-11-26 | s3-rpc: running minimal_includes.pl on rpc_client and rpc_server. | Günther Deschner | 1 | -2/+0 | |
Guenther | |||||
2009-11-08 | Revert "s3: Consolidate getting the name out of a pipes_struct" | Volker Lendecke | 1 | -15/+29 | |
This reverts commit 9621306351cdb469ef393a6d8cbeea456bc4bd9f. | |||||
2009-11-08 | Revert "s3: Do not reference ndr_table when calling rpc_srv_register" | Volker Lendecke | 1 | -7/+2 | |
This reverts commit 494b2aff8826947e3bd556aecb175746163da485. | |||||
2009-11-08 | s3: Do not reference ndr_table when calling rpc_srv_register | Volker Lendecke | 1 | -2/+7 | |
2009-11-08 | s3: Consolidate getting the name out of a pipes_struct | Volker Lendecke | 1 | -29/+15 | |
2009-11-07 | s3: get_pipe_name_from_iface -> get_pipe_name_from_syntax | Volker Lendecke | 1 | -17/+27 | |
2009-10-13 | s3:rpc: Fix is_known_pipename for dynamically loaded pipes | Volker Lendecke | 1 | -1/+22 | |
2009-09-17 | spnego: share spnego_parse. | Günther Deschner | 1 | -0/+1 | |
Guenther | |||||
2009-09-16 | libcli/auth: rewrite schannel sign/seal code to be more generic | Stefan Metzmacher | 1 | -17/+27 | |
This prepares support for HMAC-SHA256/AES. metze | |||||
2009-09-16 | s3-dcerpc: remove more obsolete or duplicate headers. | Günther Deschner | 1 | -15/+15 | |
Guenther | |||||
2009-09-16 | s3-schannel: add dump_NL_AUTH_SIGNATURE. | Günther Deschner | 1 | -23/+3 | |
Guenther | |||||
2009-09-16 | schannel: fully share schannel sign/seal between s3 and 4. | Günther Deschner | 1 | -25/+60 | |
Guenther | |||||
2009-09-15 | s3-dcerpc: really fix remaining old auth level constants. sorry... | Günther Deschner | 1 | -2/+2 | |
Guenther | |||||
2009-09-15 | s3-dcerpc: fix remaining old auth level constants. | Günther Deschner | 1 | -13/+13 | |
Guenther | |||||
2009-09-15 | s3-dcerpc: remove duplicate RPC_AUTH_LEVEL flags. | Günther Deschner | 1 | -5/+5 | |
Guenther | |||||
2009-09-15 | s3-dcerpc: use dcerpc_AuthLevel and remove duplicate set of flags. | Günther Deschner | 1 | -15/+15 | |
Guenther | |||||
2009-09-13 | s3-schannel: fix api_pipe_schannel_process(), was using incorrect buffer length. | Günther Deschner | 1 | -1/+3 | |
Found by RPC-SCHANNEL torture test. Guenther | |||||
2009-09-11 | s3-schannel: use NL_AUTH_SIGNATURE for schannel sign & seal (client & server). | Günther Deschner | 1 | -8/+31 | |
Guenther | |||||
2009-09-11 | s3-schannel: use NL_AUTH_MESSAGE for schannel bind reply. | Günther Deschner | 1 | -10/+17 | |
Guenther | |||||
2009-09-08 | s3-rpc_server: use NL_AUTH_MESSAGE in pipe_schannel_auth_bind(). | Günther Deschner | 1 | -6/+23 | |
Guenther | |||||
2009-08-27 | s3-netlogon: use shared credential and schannel storage infrastructure for ↵ | Günther Deschner | 1 | -7/+11 | |
netlogon server. Guenther | |||||
2009-07-05 | Use null_ndr_syntax_id instead of zeroing null_interface manually | Volker Lendecke | 1 | -6/+2 | |
2009-07-05 | Remove "typedef struct ndr_syntax_id RPC_IFACE;" | Volker Lendecke | 1 | -4/+6 | |
2009-07-05 | Make check_bind_req static to rpc_server/srv_pipe.c | Volker Lendecke | 1 | -2/+2 | |
2009-03-05 | Get the sense of the integer wrap test the right way around. Sorry. | Jeremy Allison | 1 | -1/+1 | |
Jeremy. | |||||
2009-03-05 | Now we're allowing a lower bound for auth_len, ensure we | Jeremy Allison | 1 | -1/+5 | |
also check for an upper one (integer wrap). Jeremy. | |||||
2009-03-05 | Complete the fix for bug 6100 | Volker Lendecke | 1 | -1/+1 | |
According to [MS-RPCE].pdf, section 2.2.2.11: ---- A client or a server that (during composing of a PDU) has allocated more space for the authentication token than the security provider fills in SHOULD fill in the rest of the allocated space with zero octets. These zero octets are still considered to belong to the authentication token part of the PDU.<36> ---- RPC implementations are allowed to send padding bytes at the end of an auth footer. Windows 7 makes use of this. Thanks to Nick Meier <nmeier@microsoft.com> Volker |