summaryrefslogtreecommitdiff
path: root/source3/rpc_server/srv_pipe.c
AgeCommit message (Collapse)AuthorFilesLines
2012-02-16s3-librpc: Use gensec_spnego for DCE/RPC authenticationAndrew Bartlett1-80/+2
This ensures that we use the same SPNEGO code on session setup and on DCE/RPC binds, and simplfies the calling code as spnego is no longer a special case in cli_pipe.c A special case wrapper function remains to avoid changing the application layer callers in this patch. Andrew Bartlett Signed-off-by: Stefan Metzmacher <metze@samba.org>
2012-01-18s3-librpc Remove unused dcesrv_gssapi.[ch] functionsAndrew Bartlett1-1/+0
The code from dcesrv_gssapi.c is now in source3/auth/auth_generic.c as an auth callback. Andrew Bartlett Signed-off-by: Stefan Metzmacher <metze@samba.org>
2012-01-18s3-librpc: Simplify SPNEGO code now that all mechs use a struct gensec_securityAndrew Bartlett1-4/+1
Signed-off-by: Stefan Metzmacher <metze@samba.org>
2012-01-18s3-librpc Call SPENGO/GSSAPI via the auth_generic layer and gensecAndrew Bartlett1-67/+4
This simplifies a lot of code, as we know we are always dealing with a struct gensec_security, and allows the gensec module being used to implement GSSAPI to be swapped for AD-server operation. Andrew Bartlett Signed-off-by: Stefan Metzmacher <metze@samba.org>
2012-01-18s3-librpc Call GSSAPI via the auth_generic layer and gensecAndrew Bartlett1-72/+4
This simplifies a lot of code, as we know we are always dealing with a struct gensec_security, and allows the gensec module being used to implement GSSAPI to be swapped when required for AD-server operation. Andrew Bartlett Signed-off-by: Stefan Metzmacher <metze@samba.org>
2011-12-22s3-rpc_server: Rework pipe_ntlmssp_auth_bind() to be genericAndrew Bartlett1-24/+12
Signed-off-by: Stefan Metzmacher <metze@samba.org>
2011-12-22s3-rpc_server: rename pipe_ntlmssp_verify_final() to ↵Andrew Bartlett1-3/+3
pipe_auth_generic_verify_final() Signed-off-by: Stefan Metzmacher <metze@samba.org>
2011-12-22s3-rpc_server: Rename dcesrv_ntlmssp.[ch] to dcesrv_auth_generic.[ch]Andrew Bartlett1-1/+1
Signed-off-by: Stefan Metzmacher <metze@samba.org>
2011-12-22s3-rpc_server rename NTLMSSP functions to auth_generic..()Andrew Bartlett1-4/+4
Signed-off-by: Stefan Metzmacher <metze@samba.org>
2011-12-22s3-rpc_server rename ntlmssp_server_auth_start() -> auth_generic_server_start()Andrew Bartlett1-1/+2
By adding an OID parameter we can make this routine generic to any gensec module that may be made available. Andrew Bartlett Signed-off-by: Stefan Metzmacher <metze@samba.org>
2011-10-21s3-ntlmssp Remove references to auth_ntlmssp_context from the rpc codeAndrew Bartlett1-21/+21
We always dereferenced auth_ntlmssp_state->gensec_security, so now we do not bother passing around the whole auth_ntlmssp_state. Andrew Bartlett Signed-off-by: Stefan Metzmacher <metze@samba.org>
2011-10-13libcli/auth: Provide a struct loadparm_context to schannel callsAndrew Bartlett1-2/+11
This will allow us to pass this down to the tdb_wrap layer. Andrew Bartlett
2011-08-30s3-rpc_server: Make sure we switch always the connecting user.Andreas Schneider1-13/+11
We always have a valid session info and if it is a anonymous connection we have a session info of the guest user. This means we should always call become_authenticated_pipe_user() else and anonymous user could do things as root. Autobuild-User: Andreas Schneider <asn@cryptomilk.org> Autobuild-Date: Tue Aug 30 20:50:54 CEST 2011 on sn-devel-104
2011-07-28s3-rpc_server: Use talloc for pipe_rpc_fnsSimo Sorce1-3/+3
Everything uses talloc in the rpc server nowadays, remove this ancient use of malloc. This also allows us to remove the free fucntion and let talloc handle it properly. Autobuild-User: Simo Sorce <idra@samba.org> Autobuild-Date: Thu Jul 28 17:41:08 CEST 2011 on sn-devel-104
2011-07-21s3-rpc_server: Move pipe/handles functionsSimo Sorce1-1/+1
Put InternalPipes related functions in rpc_handles.c and out of rpc_ncacn_np.c rpc_handles.c is the only file that really uses them after all and ncacn_np.c is the wrong place for that stuff. While ther remove unnecessary wrapper functions now that the InternalPipes static variable is directly accessible. Also move all pipes_struct related header stuff in its own rpc_pipes.h header. Signed-off-by: Andreas Schneider <asn@samba.org>
2011-07-20s3-auth Use the common auth_session_infoAndrew Bartlett1-2/+2
This patch finally has the same structure being used to describe the authorization data of a user across the whole codebase. This will allow of our session handling to be accomplished with common code. Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org>
2011-07-20s3-auth Use struct auth3_session_info outside the auth subsystemAndrew Bartlett1-2/+2
This seperation between the structure used inside the auth modules and in the wider codebase allows for a gradual migration from struct auth_serversupplied_info -> struct auth_session_info (from auth.idl) The idea here is that we keep a clear seperation between the structure before and after the local groups, local user lookup and the session key modifications have been processed, as the lack of this seperation has caused issues in the past. Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org>
2011-07-04s3-rpc_server: Replace client_id in dcerpc gssapi server.Andreas Schneider1-4/+4
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
2011-07-04s3-rpc_server: Remove unused client_id in srv_pipe.c.Andreas Schneider1-3/+0
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
2011-07-04s3-auth: Added remote_address to ntlmssp server.Andreas Schneider1-0/+2
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
2011-06-01s3-rpc_server: Fix debug messages.Andreas Schneider1-46/+20
2011-06-01s3-rpc_server: Remove guessing of the syntax id.Andreas Schneider1-0/+7
This is only a wild guess. We don't know to which rpc service the client wants to talk until we read the the rpc bind packet.
2011-06-01s3-rpc_server: Use the correct syntax id for debugging.Andreas Schneider1-8/+11
2011-06-01s3-rpc_server: Use the context syntax id in api_pipe_request().Andreas Schneider1-7/+7
2011-06-01s3-rpc_server: Use the correct syntax id in api_pipe_bind_req().Andreas Schneider1-19/+14
2011-06-01s3-rpc_server: Move the context functions to own file.Andreas Schneider1-20/+1
2011-06-01s3-rpc_server: Store the ndr syntax id in the pipe context.Andreas Schneider1-5/+6
The client tell us in the rpc bind to which rpc service it wants to connect. We did set the p->syntax earlier by guessing to which pipe name it connects, but we don't know to which rpc service it wants to bind until we read the first packet.
2011-05-02s3-rpc_server: (re)move last globally included rpc_server prototypes.Günther Deschner1-0/+1
Guenther Autobuild-User: Günther Deschner <gd@samba.org> Autobuild-Date: Mon May 2 16:05:31 CEST 2011 on sn-devel-104
2011-05-02s3-smbd: avoid using pipes_struct when only session_info is needed.Günther Deschner1-1/+1
Guenther
2011-04-04s3-rpc_server Remove comment, yes the key is correct.Andrew Bartlett1-2/+0
Autobuild-User: Andrew Bartlett <abartlet@samba.org> Autobuild-Date: Mon Apr 4 13:31:52 CEST 2011 on sn-devel-104
2011-04-04s3-auth consolidate create_local_token() into make_server_info_krb5()Andrew Bartlett1-10/+0
This ensures that all callers don't need to each add builtin groups and privileges to the user's token Andrew Bartlett
2011-03-30s3-includes: only include ntdomain.h where needed.Günther Deschner1-0/+1
Guenther
2011-03-30s3-auth: rpc_server needs auth.hGünther Deschner1-0/+1
Guenther
2011-03-30s3: rpc_server needs parts of smbd.Günther Deschner1-0/+1
Guenther
2011-03-30s3-includes: only include system/filesys.h when needed.Günther Deschner1-0/+1
Guenther
2011-03-23s3-epmapper: Use DCERPC_AUTH_LEVEL_CONNECT for ep ncalrpc.Andreas Schneider1-3/+0
2011-03-23s3-rpc_server: Rename system_user to ncalrpc_as_system.Andreas Schneider1-1/+1
2011-03-09s3-rpc_server: handle DCERPC_AUTH_LEVEL_CONNECT in api_pipe_bind_req().Günther Deschner1-0/+3
Guenther
2011-03-08s3-rpc_server: Free unused memory.Andreas Schneider1-0/+2
Signed-off-by: Günther Deschner <gd@samba.org>
2011-03-08s3-rpc_server: Add server support for NCALRPC system user pipe.Andreas Schneider1-0/+22
Signed-off-by: Günther Deschner <gd@samba.org>
2011-03-01s3-rpc_server Handle session key as a constant bufferAndrew Bartlett1-28/+4
This way, we don't have to check for memory allocation failures. Andrew Bartlett
2011-02-22s3-auth Rename auth_serversupplied_info varaiables: server_info -> session_infoAndrew Bartlett1-16/+16
These variables, of type struct auth_serversupplied_info were poorly named when added into 2001, and in good consistant practice, this has extended all over the codebase in the years since. The structure is also not ideal for it's current purpose. Originally intended to convey the results of the authentication modules, it really describes all the essential attributes of a session. This rename will reduce the volume of a future patch to replaced these with a struct auth_session_info, with auth_serversupplied_info confined to the lower levels of the auth subsystem, and then eliminated. (The new structure will be the output of create_local_token(), and the change in struct definition will ensure that this is always run, populating local groups and privileges). Andrew Bartlett Signed-off-by: Stefan Metzmacher <metze@samba.org>
2011-02-10s3-auth Rename cryptic 'ptok' to security_tokenAndrew Bartlett1-2/+2
This will allow the auth_serversupplied_info struct to be migrated to auth_session_info easier. Adnrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-09-23s3-dcerps: check auth_typeSimo Sorce1-0/+15
make sure the auth type used throught the auth operation is consistent. Signed-off-by: Günther Deschner <gd@samba.org>
2010-09-23s3-dcerpc: remove auth_data_free_funcSimo Sorce1-11/+2
Everything is using a talloc pointer now, no need to have an accessor function to free data anymore. Signed-off-by: Günther Deschner <gd@samba.org>
2010-09-23s3-dcerpc: make auth context opaqueSimo Sorce1-53/+57
This way we always double check in advance that the context is of the right type with talloc_get_type_abort instead of potentially accessing random memory by addressing the wrong structure in the union. Signed-off-by: Günther Deschner <gd@samba.org>
2010-09-23srv_pipe: reorganize code so that related functions are close to each otherSimo Sorce1-253/+252
Signed-off-by: Günther Deschner <gd@samba.org>
2010-09-23s3-dcerpc: finally remove the legaqcy spnego_type variable from pipe_auth_dataSimo Sorce1-4/+2
Signed-off-by: Günther Deschner <gd@samba.org>
2010-09-23s3-dcerpc: use new spnego server codeSimo Sorce1-200/+122
Signed-off-by: Günther Deschner <gd@samba.org>
2010-09-23s3-dcesrv: use gssapi helper in srv_pipe.cSimo Sorce1-223/+46
Signed-off-by: Günther Deschner <gd@samba.org>