Age | Commit message (Collapse) | Author | Files | Lines | |
---|---|---|---|---|---|
2010-05-18 | s3: Remove use of iconv_convenience. | Jelmer Vernooij | 1 | -5/+4 | |
2010-03-24 | s3:ntlmssp: use client.netbios_name instead of workstation | Stefan Metzmacher | 1 | -1/+2 | |
metze Signed-off-by: Günther Deschner <gd@samba.org> | |||||
2010-03-04 | srv_pipe.c doesn't reference current_user anymore. Remove it. | Jeremy Allison | 1 | -2/+0 | |
Jeremy. | |||||
2010-02-23 | schannel_tdb: make code compilable in both trees | Simo Sorce | 1 | -1/+1 | |
2010-02-23 | s3:schannel streamline interface | Simo Sorce | 1 | -1/+1 | |
Make calling schannel much easier by removing the need to explicitly open the database. Let the abstraction do it instead. | |||||
2010-02-18 | More fixes for bug #7146 - Samba miss-parses authenticated RPC packets. | Jeremy Allison | 1 | -16/+31 | |
Alignment space calculations are tricky :-). Jeremy. | |||||
2010-02-18 | More fixes for bug #7146 - Samba miss-parses authenticated RPC packets. | Jeremy Allison | 1 | -14/+16 | |
Ensure we calculate the space correctly (including the ss_padding_len) when constructing reply packets. Jeremy. | |||||
2010-02-17 | Fix bug #7146 - Samba miss-parses authenticated RPC packets. | Jeremy Allison | 1 | -120/+311 | |
Parts of the Samba RPC client and server code misinterpret authenticated packets. DCE authenticated packets actually look like this : +--------------------------+ |header | | ... frag_len (packet len)| | ... auth_len | +--------------------------+ | | | Data payload | ... .... | | +--------------------------+ | | | auth_pad_len bytes | +--------------------------+ | | | Auth footer | | auth_pad_len value | +--------------------------+ | | | Auth payload | | (auth_len bytes long) | +--------------------------+ That's right. The pad bytes come *before* the footer specifying how many pad bytes there are. In order to read this you must seek to the end of the packet and subtract the auth_len (in the packet header) and the auth footer length (a known value). The client and server code gets this right (mostly) in 3.0.x -> 3.4.x so long as the pad alignment is on an 8 byte boundary (there are some special cases in the code for this). Tridge discovered there are some (DRS replication) cases where on 64-bit machines where the pad alignment is on a 16-byte boundary. This breaks the existing S3 hand-optimized rpc code. This patch removes all the special cases in client and server code, and allows the pad alignment for generated packets to be specified by changing a constant in include/local.h (this doesn't affect received packets, the new code always handles them correctly whatever pad alignment is used). This patch also works correctly with rpcclient using sign+seal from the 3.4.x and 3.3.x builds (testing with 3.0.x and 3.2.x to follow) so even as a server it should still work with older libsmbclient and winbindd code. Jeremy | |||||
2009-12-22 | s3:ntlmssp: only include ntlmssp.h where actually needed | Andrew Bartlett | 1 | -0/+1 | |
Andrew Bartlett | |||||
2009-11-26 | s3-rpc: running minimal_includes.pl on rpc_client and rpc_server. | Günther Deschner | 1 | -2/+0 | |
Guenther | |||||
2009-11-08 | Revert "s3: Consolidate getting the name out of a pipes_struct" | Volker Lendecke | 1 | -15/+29 | |
This reverts commit 9621306351cdb469ef393a6d8cbeea456bc4bd9f. | |||||
2009-11-08 | Revert "s3: Do not reference ndr_table when calling rpc_srv_register" | Volker Lendecke | 1 | -7/+2 | |
This reverts commit 494b2aff8826947e3bd556aecb175746163da485. | |||||
2009-11-08 | s3: Do not reference ndr_table when calling rpc_srv_register | Volker Lendecke | 1 | -2/+7 | |
2009-11-08 | s3: Consolidate getting the name out of a pipes_struct | Volker Lendecke | 1 | -29/+15 | |
2009-11-07 | s3: get_pipe_name_from_iface -> get_pipe_name_from_syntax | Volker Lendecke | 1 | -17/+27 | |
2009-10-13 | s3:rpc: Fix is_known_pipename for dynamically loaded pipes | Volker Lendecke | 1 | -1/+22 | |
2009-09-17 | spnego: share spnego_parse. | Günther Deschner | 1 | -0/+1 | |
Guenther | |||||
2009-09-16 | libcli/auth: rewrite schannel sign/seal code to be more generic | Stefan Metzmacher | 1 | -17/+27 | |
This prepares support for HMAC-SHA256/AES. metze | |||||
2009-09-16 | s3-dcerpc: remove more obsolete or duplicate headers. | Günther Deschner | 1 | -15/+15 | |
Guenther | |||||
2009-09-16 | s3-schannel: add dump_NL_AUTH_SIGNATURE. | Günther Deschner | 1 | -23/+3 | |
Guenther | |||||
2009-09-16 | schannel: fully share schannel sign/seal between s3 and 4. | Günther Deschner | 1 | -25/+60 | |
Guenther | |||||
2009-09-15 | s3-dcerpc: really fix remaining old auth level constants. sorry... | Günther Deschner | 1 | -2/+2 | |
Guenther | |||||
2009-09-15 | s3-dcerpc: fix remaining old auth level constants. | Günther Deschner | 1 | -13/+13 | |
Guenther | |||||
2009-09-15 | s3-dcerpc: remove duplicate RPC_AUTH_LEVEL flags. | Günther Deschner | 1 | -5/+5 | |
Guenther | |||||
2009-09-15 | s3-dcerpc: use dcerpc_AuthLevel and remove duplicate set of flags. | Günther Deschner | 1 | -15/+15 | |
Guenther | |||||
2009-09-13 | s3-schannel: fix api_pipe_schannel_process(), was using incorrect buffer length. | Günther Deschner | 1 | -1/+3 | |
Found by RPC-SCHANNEL torture test. Guenther | |||||
2009-09-11 | s3-schannel: use NL_AUTH_SIGNATURE for schannel sign & seal (client & server). | Günther Deschner | 1 | -8/+31 | |
Guenther | |||||
2009-09-11 | s3-schannel: use NL_AUTH_MESSAGE for schannel bind reply. | Günther Deschner | 1 | -10/+17 | |
Guenther | |||||
2009-09-08 | s3-rpc_server: use NL_AUTH_MESSAGE in pipe_schannel_auth_bind(). | Günther Deschner | 1 | -6/+23 | |
Guenther | |||||
2009-08-27 | s3-netlogon: use shared credential and schannel storage infrastructure for ↵ | Günther Deschner | 1 | -7/+11 | |
netlogon server. Guenther | |||||
2009-07-05 | Use null_ndr_syntax_id instead of zeroing null_interface manually | Volker Lendecke | 1 | -6/+2 | |
2009-07-05 | Remove "typedef struct ndr_syntax_id RPC_IFACE;" | Volker Lendecke | 1 | -4/+6 | |
2009-07-05 | Make check_bind_req static to rpc_server/srv_pipe.c | Volker Lendecke | 1 | -2/+2 | |
2009-03-05 | Get the sense of the integer wrap test the right way around. Sorry. | Jeremy Allison | 1 | -1/+1 | |
Jeremy. | |||||
2009-03-05 | Now we're allowing a lower bound for auth_len, ensure we | Jeremy Allison | 1 | -1/+5 | |
also check for an upper one (integer wrap). Jeremy. | |||||
2009-03-05 | Complete the fix for bug 6100 | Volker Lendecke | 1 | -1/+1 | |
According to [MS-RPCE].pdf, section 2.2.2.11: ---- A client or a server that (during composing of a PDU) has allocated more space for the authentication token than the security provider fills in SHOULD fill in the rest of the allocated space with zero octets. These zero octets are still considered to belong to the authentication token part of the PDU.<36> ---- RPC implementations are allowed to send padding bytes at the end of an auth footer. Windows 7 makes use of this. Thanks to Nick Meier <nmeier@microsoft.com> Volker | |||||
2009-02-08 | Make prs_struct->out_data.current_pdu dynamically allocated | Volker Lendecke | 1 | -113/+98 | |
Another 4k per open pipe | |||||
2009-02-01 | Add two new parameters to control how we verify kerberos tickets. Removes ↵ | Dan Sledz | 1 | -1/+1 | |
lp_use_kerberos_keytab parameter. The first is "kerberos method" and replaces the "use kerberos keytab" with an enum. Valid options are: secrets only - use only the secrets for ticket verification (default) system keytab - use only the system keytab for ticket verification dedicated keytab - use a dedicated keytab for ticket verification. secrets and keytab - use the secrets.tdb first, then the system keytab For existing installs: "use kerberos keytab = yes" corresponds to secrets and keytab "use kerberos keytab = no" corresponds to secrets only The major difference between "system keytab" and "dedicated keytab" is that the latter method relies on kerberos to find the correct keytab entry instead of filtering based on expected principals. The second parameter is "dedicated keytab file", which is the keytab to use when in "dedicated keytab" mode. This keytab is only used in ads_verify_ticket. | |||||
2009-02-01 | Replace pipe names in pipes_struct by ndr_syntax_id | Volker Lendecke | 1 | -29/+52 | |
This was mainly used for debugging output | |||||
2009-01-21 | Memory leaks and other fixes found by Coverity | todd stecher | 1 | -1/+3 | |
2009-01-09 | Remove the rpc_srv_register wrapper around rpc_pipe_register_commands | Volker Lendecke | 1 | -15/+4 | |
2009-01-09 | Pass the full ndr_interface_table into the s3 rpcserver when registering | Volker Lendecke | 1 | -0/+10 | |
2009-01-09 | Simplify find_pipe_fns_by_context slightly | Volker Lendecke | 1 | -8/+4 | |
2009-01-09 | Fix some nonempty blank lines | Volker Lendecke | 1 | -17/+17 | |
2008-11-24 | Get rid of pipes_struct->pipe_user, we have server_info now --- YESSS! | Volker Lendecke | 1 | -49/+1 | |
2008-10-22 | s3: use shared asn1 code. | Günther Deschner | 1 | -1/+1 | |
Guenther | |||||
2008-07-26 | Make api_rpcTNP static to srv_pipe.c | Volker Lendecke | 1 | -2/+5 | |
(This used to be commit 256c93a8b3d4d9a4e52a656c91b89a043a087066) | |||||
2008-07-19 | Introduce is_known_pipename | Volker Lendecke | 1 | -0/+33 | |
This scans the list of pipes registered via rpc_pipe_register_commands instead of using static tables. (This used to be commit 283e6039989adea1c8921b3600b410cb67b6492a) | |||||
2008-07-18 | Simplify the RPC servers: remove get_pipe_fns | Volker Lendecke | 1 | -97/+25 | |
The per-server xxx_get_pipe_fns functions can go once all the RPC servers are converted (This used to be commit 6aa2391cbe1cbda8269ded767117f53d83b243e1) | |||||
2008-07-16 | In api_pipe_bind_req(), check for the iface id, not the pipe name | Volker Lendecke | 1 | -3/+14 | |
This requires to store the rpc_interface in "struct rpc_table" (This used to be commit 654f8de8497aff29f9b1f1822b6a8e734ff329e0) |