summaryrefslogtreecommitdiff
path: root/source3/rpc_server/srv_pipe.c
AgeCommit message (Collapse)AuthorFilesLines
2010-06-08Revert "s3:auth Change auth_ntlmssp_server_info API to return NTSTATUS"Volker Lendecke1-4/+3
This reverts commit edba46ce94c335411ab337eeb4ef6f88fb3aae80. Conflicts: source3/auth/auth_ntlmssp.c
2010-06-07s3:auth add hooks to indicate if signing or sealing is desired with NTLMSSPAndrew Bartlett1-0/+21
This allows the right hooks to be called in GENSEC when s3compat implements the auth_ntlmssp interface. Otherwise, we can't do the signing or sealing as we have not negoitated it's use. Andrew Bartlett
2010-06-07s3:auth Change auth_ntlmssp_server_info API to return NTSTATUSAndrew Bartlett1-3/+4
It's nicer to have an NTSTATUS return, and in s3compat there may be a reason other than 'no memory' why this can fail. Andrew Bartlett
2010-06-04s3-rpc: Seperate rpc_srv_register for plain connection.Andreas Schneider1-125/+32
This will make it possible to create plain rpc named pipe connnections. Reviewed-by: Simo Sorce <idra@samba.org>
2010-05-31s3:ntlmssp Use a TALLOC_CTX for ntlmssp_sign_packet() and ntlmssp_seal_packet()Andrew Bartlett1-7/+9
This ensures the results can't be easily left to leak. Andrew Bartlett Signed-off-by: Stefan Metzmacher <metze@samba.org> Signed-off-by: Günther Deschner <gd@samba.org>
2010-05-31ntlmssp: Make the ntlmssp.h from source3/ a common headerAndrew Bartlett1-1/+1
The code is not yet in common, but I hope to fix that soon. Andrew Bartlett Signed-off-by: Stefan Metzmacher <metze@samba.org> Signed-off-by: Günther Deschner <gd@samba.org>
2010-05-31s3:auth Remove AUTH_NTLMSSP_STATE typedef.Andrew Bartlett1-7/+7
typedefs are no longer preferred Samba style. Andrew Bartlett Signed-off-by: Stefan Metzmacher <metze@samba.org> Signed-off-by: Günther Deschner <gd@samba.org>
2010-05-31s3:auth Make AUTH_NTLMSSP_STATE a private structure.Andrew Bartlett1-26/+27
This makes it a little easier for it to writen in terms of GENSEC in future. Andrew Bartlett Signed-off-by: Stefan Metzmacher <metze@samba.org> Signed-off-by: Günther Deschner <gd@samba.org>
2010-05-18s3: Remove use of iconv_convenience.Jelmer Vernooij1-5/+4
2010-03-24s3:ntlmssp: use client.netbios_name instead of workstationStefan Metzmacher1-1/+2
metze Signed-off-by: Günther Deschner <gd@samba.org>
2010-03-04srv_pipe.c doesn't reference current_user anymore. Remove it.Jeremy Allison1-2/+0
Jeremy.
2010-02-23schannel_tdb: make code compilable in both treesSimo Sorce1-1/+1
2010-02-23s3:schannel streamline interfaceSimo Sorce1-1/+1
Make calling schannel much easier by removing the need to explicitly open the database. Let the abstraction do it instead.
2010-02-18More fixes for bug #7146 - Samba miss-parses authenticated RPC packets.Jeremy Allison1-16/+31
Alignment space calculations are tricky :-). Jeremy.
2010-02-18More fixes for bug #7146 - Samba miss-parses authenticated RPC packets.Jeremy Allison1-14/+16
Ensure we calculate the space correctly (including the ss_padding_len) when constructing reply packets. Jeremy.
2010-02-17Fix bug #7146 - Samba miss-parses authenticated RPC packets.Jeremy Allison1-120/+311
Parts of the Samba RPC client and server code misinterpret authenticated packets. DCE authenticated packets actually look like this : +--------------------------+ |header | | ... frag_len (packet len)| | ... auth_len | +--------------------------+ | | | Data payload | ... .... | | +--------------------------+ | | | auth_pad_len bytes | +--------------------------+ | | | Auth footer | | auth_pad_len value | +--------------------------+ | | | Auth payload | | (auth_len bytes long) | +--------------------------+ That's right. The pad bytes come *before* the footer specifying how many pad bytes there are. In order to read this you must seek to the end of the packet and subtract the auth_len (in the packet header) and the auth footer length (a known value). The client and server code gets this right (mostly) in 3.0.x -> 3.4.x so long as the pad alignment is on an 8 byte boundary (there are some special cases in the code for this). Tridge discovered there are some (DRS replication) cases where on 64-bit machines where the pad alignment is on a 16-byte boundary. This breaks the existing S3 hand-optimized rpc code. This patch removes all the special cases in client and server code, and allows the pad alignment for generated packets to be specified by changing a constant in include/local.h (this doesn't affect received packets, the new code always handles them correctly whatever pad alignment is used). This patch also works correctly with rpcclient using sign+seal from the 3.4.x and 3.3.x builds (testing with 3.0.x and 3.2.x to follow) so even as a server it should still work with older libsmbclient and winbindd code. Jeremy
2009-12-22s3:ntlmssp: only include ntlmssp.h where actually neededAndrew Bartlett1-0/+1
Andrew Bartlett
2009-11-26s3-rpc: running minimal_includes.pl on rpc_client and rpc_server.Günther Deschner1-2/+0
Guenther
2009-11-08Revert "s3: Consolidate getting the name out of a pipes_struct"Volker Lendecke1-15/+29
This reverts commit 9621306351cdb469ef393a6d8cbeea456bc4bd9f.
2009-11-08Revert "s3: Do not reference ndr_table when calling rpc_srv_register"Volker Lendecke1-7/+2
This reverts commit 494b2aff8826947e3bd556aecb175746163da485.
2009-11-08s3: Do not reference ndr_table when calling rpc_srv_registerVolker Lendecke1-2/+7
2009-11-08s3: Consolidate getting the name out of a pipes_structVolker Lendecke1-29/+15
2009-11-07s3: get_pipe_name_from_iface -> get_pipe_name_from_syntaxVolker Lendecke1-17/+27
2009-10-13s3:rpc: Fix is_known_pipename for dynamically loaded pipesVolker Lendecke1-1/+22
2009-09-17spnego: share spnego_parse.Günther Deschner1-0/+1
Guenther
2009-09-16libcli/auth: rewrite schannel sign/seal code to be more genericStefan Metzmacher1-17/+27
This prepares support for HMAC-SHA256/AES. metze
2009-09-16s3-dcerpc: remove more obsolete or duplicate headers.Günther Deschner1-15/+15
Guenther
2009-09-16s3-schannel: add dump_NL_AUTH_SIGNATURE.Günther Deschner1-23/+3
Guenther
2009-09-16schannel: fully share schannel sign/seal between s3 and 4.Günther Deschner1-25/+60
Guenther
2009-09-15s3-dcerpc: really fix remaining old auth level constants. sorry...Günther Deschner1-2/+2
Guenther
2009-09-15s3-dcerpc: fix remaining old auth level constants.Günther Deschner1-13/+13
Guenther
2009-09-15s3-dcerpc: remove duplicate RPC_AUTH_LEVEL flags.Günther Deschner1-5/+5
Guenther
2009-09-15s3-dcerpc: use dcerpc_AuthLevel and remove duplicate set of flags.Günther Deschner1-15/+15
Guenther
2009-09-13s3-schannel: fix api_pipe_schannel_process(), was using incorrect buffer length.Günther Deschner1-1/+3
Found by RPC-SCHANNEL torture test. Guenther
2009-09-11s3-schannel: use NL_AUTH_SIGNATURE for schannel sign & seal (client & server).Günther Deschner1-8/+31
Guenther
2009-09-11s3-schannel: use NL_AUTH_MESSAGE for schannel bind reply.Günther Deschner1-10/+17
Guenther
2009-09-08s3-rpc_server: use NL_AUTH_MESSAGE in pipe_schannel_auth_bind().Günther Deschner1-6/+23
Guenther
2009-08-27s3-netlogon: use shared credential and schannel storage infrastructure for ↵Günther Deschner1-7/+11
netlogon server. Guenther
2009-07-05Use null_ndr_syntax_id instead of zeroing null_interface manuallyVolker Lendecke1-6/+2
2009-07-05Remove "typedef struct ndr_syntax_id RPC_IFACE;"Volker Lendecke1-4/+6
2009-07-05Make check_bind_req static to rpc_server/srv_pipe.cVolker Lendecke1-2/+2
2009-03-05Get the sense of the integer wrap test the right way around. Sorry.Jeremy Allison1-1/+1
Jeremy.
2009-03-05Now we're allowing a lower bound for auth_len, ensure weJeremy Allison1-1/+5
also check for an upper one (integer wrap). Jeremy.
2009-03-05Complete the fix for bug 6100Volker Lendecke1-1/+1
According to [MS-RPCE].pdf, section 2.2.2.11: ---- A client or a server that (during composing of a PDU) has allocated more space for the authentication token than the security provider fills in SHOULD fill in the rest of the allocated space with zero octets. These zero octets are still considered to belong to the authentication token part of the PDU.<36> ---- RPC implementations are allowed to send padding bytes at the end of an auth footer. Windows 7 makes use of this. Thanks to Nick Meier <nmeier@microsoft.com> Volker
2009-02-08Make prs_struct->out_data.current_pdu dynamically allocatedVolker Lendecke1-113/+98
Another 4k per open pipe
2009-02-01Add two new parameters to control how we verify kerberos tickets. Removes ↵Dan Sledz1-1/+1
lp_use_kerberos_keytab parameter. The first is "kerberos method" and replaces the "use kerberos keytab" with an enum. Valid options are: secrets only - use only the secrets for ticket verification (default) system keytab - use only the system keytab for ticket verification dedicated keytab - use a dedicated keytab for ticket verification. secrets and keytab - use the secrets.tdb first, then the system keytab For existing installs: "use kerberos keytab = yes" corresponds to secrets and keytab "use kerberos keytab = no" corresponds to secrets only The major difference between "system keytab" and "dedicated keytab" is that the latter method relies on kerberos to find the correct keytab entry instead of filtering based on expected principals. The second parameter is "dedicated keytab file", which is the keytab to use when in "dedicated keytab" mode. This keytab is only used in ads_verify_ticket.
2009-02-01Replace pipe names in pipes_struct by ndr_syntax_idVolker Lendecke1-29/+52
This was mainly used for debugging output
2009-01-21Memory leaks and other fixes found by Coveritytodd stecher1-1/+3
2009-01-09Remove the rpc_srv_register wrapper around rpc_pipe_register_commandsVolker Lendecke1-15/+4
2009-01-09Pass the full ndr_interface_table into the s3 rpcserver when registeringVolker Lendecke1-0/+10