summaryrefslogtreecommitdiff
path: root/source3/rpc_server/srv_pipe.c
AgeCommit message (Collapse)AuthorFilesLines
2007-10-10r15129: Separate out mechanism and policy for NTLMSSP auth/sign/seal.Jeremy Allison1-1/+22
With this change (and setting lanman auth = no in smb.conf) we have *identical* NTLMSSP flags to W2K3 in SPNEGO auth. Jeremy (This used to be commit 93ca3eee55297eb7fdd38fca38103ce129987e2a)
2007-10-10r14597: Merge DCERPC_FAULT constants from Samba 4.Günther Deschner1-5/+5
Guenther (This used to be commit 3f195f8248c88ec8bf8ceb195575ce6bb49d7fc4)
2007-10-10r13915: Fixed a very interesting class of realloc() bugs found by Coverity.Jeremy Allison1-1/+4
realloc can return NULL in one of two cases - (1) the realloc failed, (2) realloc succeeded but the new size requested was zero, in which case this is identical to a free() call. The error paths dealing with these two cases should be different, but mostly weren't. Secondly the standard idiom for dealing with realloc when you know the new size is non-zero is the following : tmp = realloc(p, size); if (!tmp) { SAFE_FREE(p); return error; } else { p = tmp; } However, there were *many* *many* places in Samba where we were using the old (broken) idiom of : p = realloc(p, size) if (!p) { return error; } which will leak the memory pointed to by p on realloc fail. This commit (hopefully) fixes all these cases by moving to a standard idiom of : p = SMB_REALLOC(p, size) if (!p) { return error; } Where if the realloc returns null due to the realloc failing or size == 0 we *guarentee* that the storage pointed to by p has been freed. This allows me to remove a lot of code that was dealing with the standard (more verbose) method that required a tmp pointer. This is almost always what you want. When a realloc fails you never usually want the old memory, you want to free it and get into your error processing asap. For the 11 remaining cases where we really do need to keep the old pointer I have invented the new macro SMB_REALLOC_KEEP_OLD_ON_ERROR, which can be used as follows : tmp = SMB_REALLOC_KEEP_OLD_ON_ERROR(p, size); if (!tmp) { SAFE_FREE(p); return error; } else { p = tmp; } SMB_REALLOC_KEEP_OLD_ON_ERROR guarentees never to free the pointer p, even on size == 0 or realloc fail. All this is done by a hidden extra argument to Realloc(), BOOL free_old_on_error which is set appropriately by the SMB_REALLOC and SMB_REALLOC_KEEP_OLD_ON_ERROR macros (and their array counterparts). It remains to be seen what this will do to our Coverity bug count :-). Jeremy. (This used to be commit 1d710d06a214f3f1740e80e0bffd6aab44aac2b0)
2007-10-10r13571: Replace all calls to talloc_free() with thye TALLOC_FREE()Gerald Carter1-3/+3
macro which sets the freed pointer to NULL. (This used to be commit b65be8874a2efe5a4b167448960a4fcf6bd995e2)
2007-10-10r13557: (Hopefully) get the creds store/restore key right fromJeremy Allison1-1/+7
the correct part of the netlogon and schannel packets. Jeremy. (This used to be commit 4877f336b257e6f59833a6e0679959a2ec879974)
2007-10-10r13552: Make sure we're using the same name to load the storedJeremy Allison1-1/+1
creds under all circumstances. This may be wrong, but at least we're now consistent. Jeremy. (This used to be commit 09f0b3e1a366ba3eef4ab9a8e302daabd4f36936)
2007-10-10r13519: Fix the credentials chaining across netlogon pipe disconnects.Jeremy Allison1-15/+8
I mean it this time :-). Jeremy. (This used to be commit 80f4868944d349015d2b64c2414b06466a8194aa)
2007-10-10r13316: Let the carnage begin....Gerald Carter1-2/+3
Sync with trunk as off r13315 (This used to be commit 17e63ac4ed8325c0d44fe62b2442449f3298559f)
2007-10-10r13293: Rather a big patch I'm afraid, but this should fix bug #3347Jeremy Allison1-7/+8
by saving the UNIX token used to set a delete on close flag, and using it when doing the delete. libsmbsharemodes.so still needs updating to cope with this change. Samba4 torture tests to follow. Jeremy. (This used to be commit 23f16cbc2e8cde97c486831e26bcafd4ab4a9654)
2007-10-10r13176: Fix show-stopper bug for 3.0.21b where 4 leg NTLMSSP SPNEGOJeremy Allison1-1/+24
auth was not generating the correct auth header on the 4th packet. This may fix a lot of Windows client complaints and is essential for release. Jeremy. (This used to be commit 48dd8c732b890e3fd3d8e80ace765487601cfb26)
2007-10-10r11950: If we got a connection oriented cancel pdu we would spin processing it.Jeremy Allison1-0/+49
Fix that, and also add in comments for all possible CL and CO PDU types. Make sure we process them correctly. Jeremy. (This used to be commit 672113a627aa9060795871bc2ea3a02e696d7d7d)
2007-10-10r11137: Compile with only 2 warnings (I'm still working on that code) on a gcc4Jeremy Allison1-14/+14
x86_64 box. Jeremy. (This used to be commit d720867a788c735e56d53d63265255830ec21208)
2007-10-10r10792: Fix the "schannel not stored across client disconnects" problem.Jeremy Allison1-15/+14
Based on the Samba4 solution - stores data in $samba/private/schannel_store.tdb. This tdb is not left open but open and closed on demand. Jeremy. (This used to be commit a6d8a4b1ff31c5552075455dbd98cb58795958a9)
2007-10-10r10656: BIG merge from trunk. Features not copied overGerald Carter1-623/+1240
* \PIPE\unixinfo * winbindd's {group,alias}membership new functions * winbindd's lookupsids() functionality * swat (trunk changes to be reverted as per discussion with Deryck) (This used to be commit 939c3cb5d78e3a2236209b296aa8aba8bdce32d3)
2007-10-10r9080: If we don't understand the auth, bind nak not pdu fault.Jeremy Allison1-15/+13
Should fix usermgr on W2K3 SP1. Jeremy. (This used to be commit 592ec9fbffc704761c6b29cfc795cf3af7d5fe38)
2007-10-10r8805: Merge a duplicate struct. Get ready to support SPNEGO rpc binds.Jeremy Allison1-60/+65
Jeremy. (This used to be commit fd6e342746edfda2f25df1ae0067d359b756e0cd)
2007-10-10r7708: Hint from Luke Howard (thanks Luke). Ensure the schannel ↵Jeremy Allison1-1/+1
authenticator is 8 byte aligned, just like the NTLMSSP ones. Trying to fix 64-bit Windows domain logon. Jeremy. (This used to be commit 475d5a277db7709c1b0f851ce8ec4dd8de5e25fc)
2007-10-10r7385: Rewrite the RPC bind parsing functions to follow the spec. I haven't yetJeremy Allison1-3/+3
tested this so I may have screwed this up - however it now follows the DCE spec. valgrinded tests to follow.... Jeremy. (This used to be commit 877e0a61f5821c89149b1403d08675dd7db8039e)
2007-10-10r7217: Only allow schannel connections if a successful Auth2 has been doneVolker Lendecke1-0/+7
before. Things tested: Domain join and subsequent interactive and network logon to NT4, W2kSP and XPSP2 workstations and a NT4 domain trusting us. Right now I've got problems with my W2k3 domain trusts. So this needs testing, although I'm really confident that this does not break. Volker (This used to be commit c25b4afda2b657b73a6215d3ff36461a36496ba3)
2007-10-10r6225: get rid of warnings from my compiler about nested externsHerb Lewis1-2/+3
(This used to be commit efea76ac71412f8622cd233912309e91b9ea52da)
2007-10-10r6014: rather large change set....Gerald Carter1-0/+7
pulling back all recent rpc changes from trunk into 3.0. I've tested a compile and so don't think I've missed any files. But if so, just mail me and I'll clean backup in a couple of hours. Changes include \winreg, \eventlog, \svcctl, and general parse_misc.c updates. I am planning on bracketing the event code with an #ifdef ENABLE_EVENTLOG until I finish merging Marcin's changes (very soon). (This used to be commit 4e0ac63c36527cd8c52ef720cae17e84f67e7221)
2007-10-10r4088: Get medieval on our ass about malloc.... :-). Take control of all our ↵Jeremy Allison1-13/+8
allocation functions so we can funnel through some well known functions. Should help greatly with malloc checking. HEAD patch to follow. Jeremy. (This used to be commit 620f2e608f70ba92f032720c031283d295c5c06a)
2007-10-10r1492: Rework our random number generation system.Andrew Bartlett1-1/+1
On systems with /dev/urandom, this avoids a change to secrets.tdb for every fork(). For other systems, we now only re-seed after a fork, and on startup. No need to do it per-operation. This removes the 'need_reseed' parameter from generate_random_buffer(). Andrew Bartlett (This used to be commit 36741d3cf53a7bd17d361251f2bb50851cdb035f)
2007-10-10r1415: One more memory leak, found by valgrind..Jeremy Allison1-0/+3
Jeremy. (This used to be commit 8cfaf575e5161e8307b0a53bd44e84c633e85aed)
2007-10-10r1414: Memory leak fixes found by valgrind whilst checking the password ↵Jeremy Allison1-17/+17
history code. Error code paths were not freeing up some memory. Jeremy. (This used to be commit 7c4666e56c2c281e023c6483459cb9e8d4787d36)
2007-10-10r1338: A netlogon schannel failure is a normal event with XP clients. They ↵Volker Lendecke1-1/+1
cache the netlogon session key and try to reconnect using that key. This fails with a restarted smbd, we expect another serverauth2. XP falls back immediately. Make the corresponding messages a debug level 3, not 0 to not flood log.smbd. Volker (This used to be commit 4fda68a62fec6c1e95d5176bc5d06bd49da6f358)
2007-10-10r704: BUG 1315: fix for schannel client connections to server's that don't ↵Gerald Carter1-6/+9
support 128 bit encryption (This used to be commit 316ba5ad89ddfa445d44d28141c5901fc64aec90)
2007-10-10r475: Don't add ss padding length to the sent length as this is comparedJeremy Allison1-1/+1
with the actual data to return. Jeremy. (This used to be commit 7f837db6e47af39b4a33e10e745823b19edb3715)
2007-10-10r473: Fix for Microsoft hotfix MS04-011 password change breakage.Jeremy Allison1-26/+52
Jeremy. (This used to be commit 038cae8a377b75d70a099f03cb1b8ae9b50e7613)
2007-10-10r196: merging struct uuid from trunkGerald Carter1-2/+2
(This used to be commit 911a28361b9d8dd50597627f245ebfb57c6294fb)
2007-10-10r115: finally checking in tridge's winbindd_schannel patch for connectionsGerald Carter1-2/+2
(This used to be commit 1fae60ab20c5cbe396dc8af1c8c9a98d5683fdf4)
2003-11-22Changes all over the shop, but all towards:Andrew Bartlett1-3/+9
- NTLM2 support in the server - KEY_EXCH support in the server - variable length session keys. In detail: - NTLM2 is an extension of NTLMv1, that is compatible with existing domain controllers (unlike NTLMv2, which requires a DC upgrade). * This is known as 'NTLMv2 session security' * (This is not yet implemented on the RPC pipes however, so there may well still be issues for PDC setups, particuarly around password changes. We do not fully understand the sign/seal implications of NTLM2 on RPC pipes.) This requires modifications to our authentication subsystem, as we must handle the 'challege' input into the challenge-response algorithm being changed. This also needs to be turned off for 'security=server', which does not support this. - KEY_EXCH is another 'security' mechanism, whereby the session key actually used by the server is sent by the client, rather than being the shared-secret directly or indirectly. - As both these methods change the session key, the auth subsystem needed to be changed, to 'override' session keys provided by the backend. - There has also been a major overhaul of the NTLMSSP subsystem, to merge the 'client' and 'server' functions, so they both operate on a single structure. This should help the SPNEGO implementation. - The 'names blob' in NTLMSSP is always in unicode - never in ascii. Don't make an ascii version ever. - The other big change is to allow variable length session keys. We have always assumed that session keys are 16 bytes long - and padded to this length if shorter. However, Kerberos session keys are 8 bytes long, when the krb5 login uses DES. * This fix allows SMB signging on machines not yet running MIT KRB5 1.3.1. * - Add better DEBUG() messages to ntlm_auth, warning administrators of misconfigurations that prevent access to the privileged pipe. This should help reduce some of the 'it just doesn't work' issues. - Fix data_blob_talloc() to behave the same way data_blob() does when passed a NULL data pointer. (just allocate) REMEMBER to make clean after this commit - I have changed plenty of data structures... (This used to be commit f3bbc87b0dac63426cda6fac7a295d3aad810ecc)
2003-10-01commit sign only patch from Andrew; bug 167; tested using 2k & XP ↵Gerald Carter1-11/+19
clientspreviously joined to the Samba domain (This used to be commit 3802f5895ee18507c6f467bd11db0b1147a6fdfd)
2003-08-15get rid of some sompiler warnings on IRIXHerb Lewis1-2/+2
(This used to be commit a6a39c61e8228c8b3b7552ab3c61ec3a6a639143)
2003-08-14fix buildGerald Carter1-0/+2
(This used to be commit dd9cb6f820c2acf658eb081fb6ffc7e9b6b3c8d6)
2003-08-14Attempt at fixing bug #283. There however is no solution.Gerald Carter1-60/+135
There is a workaround documented in the bug report. This patch does: * add server support for the LSA_DS UUID on the lsarpc pipe * store a list of context_ids/api_structs in the pipe_struct so that we don't have to lookup the function table for a pipe. We just match the context_id. Note that a dce/rpc alter_context does not destroy the previous context so it is possible to have multiple bindings active on the same pipe. Observed from standalone win2k sp4 client. * added server code for DsROleGetPrimaryDOmainInfo() but disabled it since it causes problems enumerating users and groups from a 2ksp4 domain member in a Samba domain. (This used to be commit 96bc2abfcb0dd0912696fad76e43cb217b33e061)
2003-08-08Format tidyup.Jeremy Allison1-4/+4
Jeremy. (This used to be commit 049e77d636c5abd0fdd8840c3c4c465708354ed7)
2003-08-01Update my copyrights according to my agreement with IBMJim McDonough1-1/+1
(This used to be commit a2bd8f0bfa12f2a1e33c96bc9dabcc0e2171700d)
2003-08-01Fix copyright statements for various pieces of Anthony Liguori's work.Jim McDonough1-1/+1
(This used to be commit 15d2bc47854df75f8b2644ccbc887d0357d9cd27)
2003-07-17In the presense of RPC fragments, schannel is not strictly request/reply,Andrew Bartlett1-5/+0
so the shared sequence number will not be strictly odd/even. Andrew Bartlett (This used to be commit 77c3e69aef545d3f9b7cec9efdc366cbeb0c745e)
2003-07-14Jeremy requested that I get my NTLMSSP patch into CVS. He didn't requestAndrew Bartlett1-14/+26
the schannel code, but I've included that anyway. :-) This patch revives the client-side NTLMSSP support for RPC named pipes in Samba, and cleans up the client and server schannel code. The use of the new code is enabled by the 'sign', 'seal' and 'schannel' commands in rpcclient. The aim was to prove that our separate NTLMSSP client library actually implements NTLMSSP signing and sealing as per Microsoft's NTLMv1 implementation, in the hope that knowing this will assist us in correctly implementing NTLMSSP signing for SMB packets. (Still not yet functional) This patch replaces the NTLMSSP implementation in rpc_client/cli_pipe.c with calls to libsmb/ntlmssp.c. In the process, we have gained the ability to use the more secure NT password, and the ability to sign-only, instead of having to seal the pipe connection. (Previously we were limited to sealing, and could only use the LM-password derived key). Our new client-side NTLMSSP code also needed alteration to cope with our comparatively simple server-side implementation. A future step is to replace it with calls to the same NTLMSSP library. Also included in this patch is the schannel 'sign only' patch I submitted to the team earlier. While not enabled (and not functional, at this stage) the work in this patch makes the code paths *much* easier to follow. I have also included similar hooks in rpccleint to allow the use of schannel on *any* pipe. rpcclient now defaults to not using schannel (or any other extra per-pipe authenticiation) for any connection. The 'schannel' command enables schannel for all pipes until disabled. This code is also much more secure than the previous code, as changes to our cli_pipe routines ensure that the authentication footer cannot be removed by an attacker, and more error states are correctly handled. (The same needs to be done to our server) Andrew Bartlett (This used to be commit 5472ddc9eaf4e79c5b2e1c8ee8c7f190dc285f19)
2003-07-03This patch takes the work the jerry did for beta2, and generalises it:Andrew Bartlett1-1/+1
- The 'not implmented' checks are now done by all auth modules - the ntdomain/trustdomain/winbind modules are more presise as to what domain names they can and cannot handle - The become_root() calls are now around the winbind pipe opening only, not the entire auth call - The unix username is kept seperate from the NT username, removing the need for 'clean off the domain\' in parse_net.c - All sid->uid translations are now validated with getpwuid() to put a very basic stop to logins with 'half deleted' accounts. Andrew Bartlett (This used to be commit 85f88191b9927cc434645ef4c1eaf5ec0e8af2ec)
2003-05-12And finally IDMAP in 3_0Simo Sorce1-8/+2
We really need idmap_ldap to have a good solution with ldapsam, porting it from the prvious code is beeing made, the code is really simple to do so I am confident it is not a problem to commit this code in. Not committing it would have been worst. I really would have been able to finish also the group code, maybe we can put it into a followin release after 3.0.0 even if it may be an upgrade problem. The code has been tested and seem to work right, more testing is needed for corner cases. Currently winbind pdc (working only for users and not for groups) is disabled as I was not able to make a complete group code replacement that works somewhat in a week (I have a complete patch, but there are bugs) Simo. (This used to be commit 0e58085978f984436815114a2ec347cf7899a89d)
2003-04-28Use NTSTATUS as return value for smb_register_*() functions and init_module()Jelmer Vernooij1-4/+22
function. Patch by metze with some minor modifications. (This used to be commit bc4b51bcb2daa7271c884cb83bf8bdba6d3a9b6d)
2003-04-22Setting the credentials for the netsec netlogon pipe connect upon eachVolker Lendecke1-0/+5
samlogon call certainly breaks the credential chain. Do it once during the bind response. Volker (This used to be commit d4262c37f13642e034d3e207bfbb563c17a8a176)
2003-04-16Fixes to make SCHANNEL work in 3.0 against a W2K DC. Still need to fixJeremy Allison1-2/+10
multi-PDU encode/decode with SCHANNEL. Also need to test against WNT DC. Jeremy. (This used to be commit ff66d4097088409205b6bad5124a78ef9946010d)
2003-04-15use the new modules system for the rpc modules (backport from HEAD)Jelmer Vernooij1-99/+7
(This used to be commit aca7319e8d45eb604f28b8bd490413b08e2c98f2)
2003-04-14Merge of rpcecho pipe for testing large dcerpc requests and responses.Tim Potter1-0/+5
Only compiled in when --enable-developer argument passed to configure. (This used to be commit 017da9393bab276543d0d5c50df8c760780f2450)
2003-04-09Put the core schannel functions to parse_prs.c. They are also used byVolker Lendecke1-187/+2
schannel clients. Volker (This used to be commit 0f348a35d09ff020837119157ef7f4b9e6f07643)
2003-04-06Merge the TNG netlogon schannel from HEAD.Volker Lendecke1-28/+394
No more XP requiresignorseal anymore! Thanks again to Luke :-) Volker (This used to be commit 6b2b55901d66cab0c0c0c90bd0585c870be6e468)