summaryrefslogtreecommitdiff
path: root/source4/librpc/rpc/dcerpc_auth.c
AgeCommit message (Collapse)AuthorFilesLines
2008-08-07librpc/rpc: add support DCERPC_PFC_FLAG_SUPPORT_HEADER_SIGNStefan Metzmacher1-0/+4
You can trigger it like this: ncacn_ip_tcp:172.31.9.234[sign,hdrsign] or ncacn_ip_tcp:172.31.9.234[seal,hdrsign] metze (This used to be commit 54f1fca582b1474693b5ee11b7b847086d27f75f)
2008-08-07librpc/rpc: pass struct dcerpc_pipe to dcerpc_auth3()Stefan Metzmacher1-1/+1
metze (This used to be commit 60b3523da485d845b1d930d990688d8434d39ef3)
2008-04-02Install public header files again and include required prototypes.Jelmer Vernooij1-2/+3
(This used to be commit 47ffbbf67435904754469544390b67d34c958343)
2007-12-21r26327: Explicit loadparm_context for RPC client functions.Jelmer Vernooij1-2/+4
(This used to be commit eeb2251d22b3d6e0379444a73af69d1014692b07)
2007-12-21r26260: Store loadparm context in gensec context.Jelmer Vernooij1-1/+3
(This used to be commit b9e3a4862e267be39d603fed8207a237c3d72081)
2007-12-21r26231: Spell check: credentails -> credentials.Jelmer Vernooij1-1/+1
(This used to be commit 4b46888bd0195ab12190f76868719fc018baafd6)
2007-10-10r25316: Remove last few instances of old BOOL type in librpc/.Jelmer Vernooij1-3/+3
(This used to be commit 80d1dd41d4b224c46ad545f0afd97a847b99860b)
2007-10-10r24551: rename dcerpc_interface_table -> ndr_interface_tableStefan Metzmacher1-5/+5
rename dcerpc_interface_list -> ndr_interface_list and move them to libndr.h metze (This used to be commit 4adbebef5df2f833d2d4bfcdda72a34179d52f5c)
2007-10-10r24532: rename struct dcerpc_syntax_id into struct ndr_syntax_idStefan Metzmacher1-5/+5
and move it into misc.idl The goal is to get rid a all dcerpc specific stuff in the generated ndr layer. metze (This used to be commit 2ed014cfb894cccab1654e3f7d5876393e2b52d7)
2007-10-10r23792: convert Samba4 to GPLv3Andrew Tridgell1-3/+2
There are still a few tidyups of old FSF addresses to come (in both s3 and s4). More commits soon. (This used to be commit fcf38a38ac691abd0fa51b89dc951a08e89fdafa)
2007-10-10r19479: Remove more unused functions. These are handled via authenticationAndrew Bartlett1-0/+15
abstractions now. Andrew Bartlett (This used to be commit df31237c0cac0213c4f32fc491bcec2ea9f885c3)
2007-10-10r17324: make better usage of the composite apiStefan Metzmacher1-20/+19
metze (This used to be commit 0fa97777107f5f65f8b48976b90f1ae52f1fe2a5)
2007-10-10r15021: Couple more comments and fixes in spirit of utility functionsRafal Szczesniak1-32/+49
for composite interface. rafal (This used to be commit 905ca5a3ecd1c4ed5b9f206cdc855d0ddb92a07a)
2007-10-10r14714: On DCE/RPC, we need the name of the remote server used on the socket,Andrew Bartlett1-1/+1
for Kerberos. It must be the full name contacted, not the 'called name' we might want to use for \\server things, so add another function. Andrew Bartlett (This used to be commit 6d57d1dbb76e7d1ca2fd4f1a6c0bacfa7a189e2b)
2007-10-10r14542: Remove librpc, libndr and libnbt from includes.hJelmer Vernooij1-0/+1
(This used to be commit 51b4270513752d2eafbe77f9de598de16ef84a1f)
2007-10-10r13334: Add comments describing what these functions do.Andrew Bartlett1-2/+21
We still need many more, but it is a start... Andrew Bartlett (This used to be commit b2bda127f681dc1e2003c86159a85fa613373f16)
2007-10-10r12865: Upgrade the librpc and libnet code.Andrew Bartlett1-6/+5
In librpc, always try SMB level authentication, even if trying schannel, but allow fallback to anonymous. This should better function with servers that set restrict anonymous. There are too many parts of Samba that get, parse and modify the binding parameters. Avoid the extra work, and add a binding element to the struct dcerpc_pipe The libnet vampire code has been refactored, to reduce extra layers and to better conform with the standard argument pattern. Also, take advantage of the new libnet_Lookup code, so we don't require the silly 'password server' smb.conf parameter. To better support forcing traffic to be sealed for the vampire operation, the dcerpc_bind_auth() function now takes an auth level parameter. Andrew Bartlett (This used to be commit d65b354959842326fdd4bd7eb7fbeea0390f4afa)
2007-10-10r12542: Move some more prototypes out to seperate headersJelmer Vernooij1-0/+1
(This used to be commit 0aca5fd5130d980d07398f3291d294202aefe3c2)
2007-10-10r12510: Change the DCE/RPC interfaces to take a pointer to aJelmer Vernooij1-9/+8
dcerpc_interface_table struct rather then a tuple of interface name, UUID and version. This removes the requirement for having a global list of DCE/RPC interfaces, except for these parts of the code that use that list explicitly (ndrdump and the scanner torture test). This should also allow us to remove the hack that put the authservice parameter in the dcerpc_binding struct as it can now be read directly from dcerpc_interface_table. I will now modify some of these functions to take a dcerpc_syntax_id structure rather then a full dcerpc_interface_table. (This used to be commit 8aae0f168e54c01d0866ad6e0da141dbd828574f)
2007-10-10r12116: got rid of composite_trigger_done() and composite_trigger_error(), andAndrew Tridgell1-3/+3
instead make the normal composite_done() and composite_error() functions automatically trigger a delayed callback if the caller has had no opportunity to setup a async callback this removes one of the common mistakes in writing a composite function (This used to be commit f9413ce792ded682e05134b66d433eeec293e6f1)
2007-10-10r11835: Restore commentsVolker Lendecke1-1/+28
(This used to be commit 94591bdb6542d4a3096074b672e19142c9236211)
2007-10-10r11817: fixed the problem with the RPC join tests. The problem was thatAndrew Tridgell1-0/+10
revision 11809 had removed the change to the session key function after authentication succeeds. (This used to be commit c04c78d617b0d8c9f8fa724d475fefbe9e478ef7)
2007-10-10r11812: Convert winbind to the async bind routines. Also remove tridge's ↵Volker Lendecke1-7/+7
hack for the winbind "bug" :-) Volker (This used to be commit fb9a3c7ef376f289288c71bc47d67f548ddb7194)
2007-10-10r11809: Make dcerpc_bind_auth async.Volker Lendecke1-139/+193
This also removes dcerpc_bind_auth_password, the only user of dcerpc_bind_auth. And this was not only passwords anyway. Andrew Bartlett, as usual: Please take a close look. Thanks, Volker (This used to be commit 2ff2dae3d035af6cb0c131573cfd983fc9a58eee)
2007-10-10r11806: Minor cleanupVolker Lendecke1-5/+2
(This used to be commit e75080b26d76199a6006fb076cf816ac023254ee)
2007-10-10r11805: dcerpc_bind_auth is only used in dcerpc_bind_auth_passwordVolker Lendecke1-2/+2
(This used to be commit 16bc6b64f9053df3d08a05e7b7cfe77be6580d2b)
2007-10-10r11804: Asyncify the anonymous bind, convert the calls in xplogin.c.Volker Lendecke1-7/+41
Tridge et al, please take a close look at this. It survives my basic rpc-login test as well as rpc-lsa, but this is critical I think. Volker (This used to be commit bf1a55f44c84d9bb8b2f83f5d25727550ca8fcf2)
2007-10-10r9505: Work on GENSEC and the code that calls it, for tighter interfaceAndrew Bartlett1-28/+31
requirements, and for better error reporting. In particular, the composite session setup (extended security/SPNEGO) code now returns errors, rather than NT_STATUS_NO_MEMORY. This is seen particularly when GENSEC fails to start. The tighter interface rules apply to NTLMSSP, which must be called exactly the right number of times. This is to match some of our other less-tested modules, where adding flexablity is harder. (and this is security code, so let's just get it right). As such, the DCE/RPC and LDAP clients have been updated. Andrew Bartlett (This used to be commit 134550cf752b9edad66c3368750bfb4bbd9d55d1)
2007-10-10r7633: this patch started as an attempt to make the dcerpc code use a givenAndrew Tridgell1-2/+4
event_context for the socket_connect() call, so that when things that use dcerpc are running alongside anything else it doesn't block the whole process during a connect. Then of course I needed to change any code that created a dcerpc connection (such as the auth code) to also take an event context, and anything that called that and so on .... thus the size of the patch. There were 3 places where I punted: - abartlet wanted me to add a gensec_set_event_context() call instead of adding it to the gensec init calls. Andrew, my apologies for not doing this. I didn't do it as adding a new parameter allowed me to catch all the callers with the compiler. Now that its done, we could go back and use gensec_set_event_context() - the ejs code calls auth initialisation, which means it should pass in the event context from the web server. I punted on that. Needs fixing. - I used a NULL event context in dcom_get_pipe(). This is equivalent to what we did already, but should be fixed to use a callers event context. Jelmer, can you think of a clean way to do that? I also cleaned up a couple of things: - libnet_context_destroy() makes no sense. I removed it. - removed some unused vars in various places (This used to be commit 3a3025485bdb8f600ab528c0b4b4eef0c65e3fc9)
2007-10-10r6028: A MAJOR update to intergrate the new credentails system fully withAndrew Bartlett1-28/+4
GENSEC, and to pull SCHANNEL into GENSEC, by making it less 'special'. GENSEC now no longer has it's own handling of 'set username' etc, instead it uses cli_credentials calls. In order to link the credentails code right though Samba, a lot of interfaces have changed to remove 'username, domain, password' arguments, and these have been replaced with a single 'struct cli_credentials'. In the session setup code, a new parameter 'workgroup' contains the client/server current workgroup, which seems unrelated to the authentication exchange (it was being filled in from the auth info). This allows in particular kerberos to only call back for passwords when it actually needs to perform the kinit. The kerberos code has been modified not to use the SPNEGO provided 'principal name' (in the mechListMIC), but to instead use the name the host was connected to as. This better matches Microsoft behaviour, is more secure and allows better use of standard kerberos functions. To achieve this, I made changes to our socket code so that the hostname (before name resolution) is now recorded on the socket. In schannel, most of the code from librpc/rpc/dcerpc_schannel.c is now in libcli/auth/schannel.c, and it looks much more like a standard GENSEC module. The actual sign/seal code moved to libcli/auth/schannel_sign.c in a previous commit. The schannel credentails structure is now merged with the rest of the credentails, as many of the values (username, workstation, domain) where already present there. This makes handling this in a generic manner much easier, as there is no longer a custom entry-point. The auth_domain module continues to be developed, but is now just as functional as auth_winbind. The changes here are consequential to the schannel changes. The only removed function at this point is the RPC-LOGIN test (simulating the load of a WinXP login), which needs much more work to clean it up (it contains copies of too much code from all over the torture suite, and I havn't been able to penetrate its 'structure'). Andrew Bartlett (This used to be commit 2301a4b38a21aa60917973451687063d83d18d66)
2007-10-10r5928: Use cli_credentials in:Jelmer Vernooij1-11/+12
- gtk+ (returned by GtkHostBindingDialog as well now) - torture/ - librpc/ - lib/com/dcom/ (This used to be commit ccefd782335e01e8e6ecb2bcd28a4f999c53b1a6)
2007-10-10r5902: A rather large change...Andrew Bartlett1-0/+8
I wanted to add a simple 'workstation' argument to the DCERPC authenticated binding calls, but this patch kind of grew from there. With SCHANNEL, the 'workstation' name (the netbios name of the client) matters, as this is what ties the session between the NETLOGON ops and the SCHANNEL bind. This changes a lot of files, and these will again be changed when jelmer does the credentials work. I also correct some schannel IDL to distinguish between workstation names and account names. The distinction matters for domain trust accounts. Issues in handling this (issues with lifetime of talloc pointers) caused me to change the 'creds_CredentialsState' and 'struct dcerpc_binding' pointers to always be talloc()ed pointers. In the schannel DB, we now store both the domain and computername, and query on both. This should ensure we fault correctly when the domain is specified incorrectly in the SCHANNEL bind. In the RPC-SCHANNEL test, I finally fixed a bug that vl pointed out, where the comment claimed we re-used a connection, but in fact we made a new connection. This was achived by breaking apart some of the dcerpc_secondary_connection() logic. The addition of workstation handling was also propogated to NTLMSSP and GENSEC, for completeness. The RPC-SAMSYNC test has been cleaned up a little, using a loop over usernames/passwords rather than manually expanded tests. This will be expanded further (the code in #if 0 in this patch) to use a newly created user account for testing. In making this test pass test_rpc.sh, I found a bug in the RPC-ECHO server, caused by the removal of [ref] and the assoicated pointer from the IDL. This has been re-added, until the underlying pidl issues are solved. (This used to be commit 824289dcc20908ddec957a4a892a103eec2da9b9)
2007-10-10r5603: add "authservice()" property to the interface property listStefan Metzmacher1-1/+11
so we can specify allowed target service names in the idl file the default is "host" metze (This used to be commit bf40d5321f3257bf9354a42d31265f1a9b0d53ad)
2007-10-10r4691: Make the DCE-RPC bind code compleatly generic to the number of passesAndrew Bartlett1-6/+14
that the GENSEC mechanism wishes to select. It is of course up to the GENSEC mech and the remote server to actually support this however... Andrew Bartlett (This used to be commit 7200a01545e14a8b0c90fadf3c27933dd1f4359f)
2007-10-10r4636: Per tridge's wish (and probably correct behaviour), don't key off aAndrew Bartlett1-1/+3
specific GENSEC mech type, but on the behaviour of the mech. Andrew Bartlett (This used to be commit f2bd7a5a699b91d99d7dc2a0b3b6c7006274a59c)
2007-10-10r4635: Fix NTLMSSP to return NT_STATUS_OK when it has constructed the authAndrew Bartlett1-14/+91
token in the client (the final token in the negotiation). Consequential fixes in the SPNEGO code, which now uses the out.length as the indicator of 'I need to send something to the other side'. Merge the NTLM and SPNEGO DCE-RPC authentication routines in the client. Fix the RPC-MULTIBIND test consequent to this merge. Andrew Bartlett (This used to be commit 43e3516fc03008e97ebb4ad1a0cde464303f43c6)
2007-10-10r4627: - simplified the dcerpc auth code using a common functionAndrew Tridgell1-31/+30
- added support for "spnego" in binding strings. This enables SPNEGO auth in the dcerpc client code, using as many allter_context calls as are needed To try SPNEGO do this: smbtorture ncacn_ip_tcp:SERVER[spnego,seal] -Uadministrator%password RPC-SAMR (This used to be commit 9c0a3423f03111c110d21c0d3910e16aa1a8bf87)
2007-10-10r4618: - tidied up the alter_context client code a bitAndrew Tridgell1-89/+0
- there is no alter_nak or alter_ack packet, its all done in an alter_response - auto-allocated the contex_ids - tried to fix up the dcom code to work again with alter_context. Jelmer, please take a look :) (This used to be commit dd1c54add8884376601f2f8a56c01bfb8add030c)
2007-10-10r4616: the first phase in the addition of proper support forAndrew Tridgell1-40/+44
dcerpc_alter_context and multiple context_ids in the dcerpc client library. This stage does the following: - split "struct dcerpc_pipe" into two parts, the main part being "struct dcerpc_connection", which contains all the parts not dependent on the context, and "struct dcerpc_pipe" which has the context dependent part. This is similar to the layering in libcli_*() for SMB - disable the current dcerpc_alter code. I've used a #warning until i get the 2nd phase finished. I don't know how portable #warning is, but it won't be long before I add full alter context support anyway, so it won't last long - cleanup the allocation of dcerpc_pipe structures. The previous code was quite awkward. (This used to be commit 4004c69937be7e5dae56f9567ca607f982d395d3)
2007-10-10r4360: destroy the gensec contextStefan Metzmacher1-0/+1
metze (This used to be commit a25770983b34bac5bd7dcce69241716386dc8509)
2007-10-10r4358: At metze's request, the Christmas elves have removed gensec_end inAndrew Bartlett1-1/+1
favor of talloc_free(). Andrew Bartlett (This used to be commit 1933cd12fbaed56e13f2386b19de6ade99bf9478)
2007-10-10r4052: fixed a bunch of code to use the type safe _p allocation macrosAndrew Tridgell1-2/+2
(This used to be commit 80d15fa3402a9d1183467463f6b21c0b674bc442)
2007-10-10r4001: fix segfault fix auth failedStefan Metzmacher1-0/+1
metze (This used to be commit 6a7eee1d9917e0884072354dddae568645798da5)
2007-10-10r2629: convert gensec to the new talloc modelAndrew Tridgell1-2/+2
by making our gensec structures a talloc child of the open connection we can be sure that it will be destroyed when the connection is dropped. (This used to be commit f12ee2f241aab1549bc1d9ca4c35a35a1ca0d09d)
2007-10-10r2284: Thanks to some great detective work by tridge, NTLM2 signing now works.Andrew Bartlett1-1/+7
This means that 'require NTLMv2 session security' now works for RPC pipe signing. We don't yet have sealing, but it can't be much further. This is almost all tridge's code, munged into a form that can work with the GENSEC API. This commit also includes more lsakey fixes - that key is used for all DCE-RPC level authenticated connections, even over CIFS/ncacn_np. No doubt I missed something, but I'm going to get some sleep :-) Andrew Bartlett (This used to be commit a1fe175eec884280fb7e9ca8f528134cf4600beb)
2007-10-10r2100: rework the dcerpc client side library so that it is async. We nowAndrew Tridgell1-2/+2
generate a separate *_send() async function for every RPC call, and there is a single dcerpc_ndr_request_recv() call that processes the receive side of any rpc call. The caller can use dcerpc_event_context() to get a pointer to the event context for the pipe so that events can be waited for asynchronously. The only part that remains synchronous is the initial bind calls. These could also be made async if necessary, although I suspect most applications won't need them to be. (This used to be commit f5d004d8eb8c76c03342cace1976b27266cfa1f0)
2007-10-10r2041: Fix NTLMSSP RPC sealing, client -> win2k3 server.Andrew Bartlett1-20/+7
The bug (found by tridge) is that Win2k3 is being tighter about the NTLMSSP flags. If we don't negotiate sealing, we can't use it. We now have a way to indicate to the GENSEC implementation mechanisms what things we want for a connection. Andrew Bartlett (This used to be commit 86f61568ea44c5719f9b583beeeefb12e0c26f4c)
2007-10-10r1419: spnego inside of dcerpc using alter_context/alter_context_respStefan Metzmacher1-1/+87
instead of auth3 metze (This used to be commit 19b0567ee533744a0f2778bf8549636a25d96526)
2007-10-10r1354: Make it clear that the first gensec_update takes a NULL data_blob.Andrew Bartlett1-2/+3
Andrew Bartlett (This used to be commit 842a5dfc1f313b771fef14a484be6eea8c6eedf8)
2007-10-10r1294: A nice, large, commit...Andrew Bartlett1-14/+13
This implements gensec for Samba's server side, and brings gensec up to the standards of a full subsystem. This means that use of the subsystem is by gensec_* functions, not function pointers in structures (this is internal). This causes changes in all the existing gensec users. Our RPC server no longer contains it's own generalised security scheme, and now calls gensec directly. Gensec has also taken over the role of auth/auth_ntlmssp.c An important part of gensec, is the output of the 'session_info' struct. This is now reference counted, so that we can correctly free it when a pipe is closed, no matter if it was inherited, or created by per-pipe authentication. The schannel code is reworked, to be in the same file for client and server. ntlm_auth is reworked to use gensec. The major problem with this code is the way it relies on subsystem auto-initialisation. The primary reason for this commit now.is to allow these problems to be looked at, and fixed. There are problems with the new code: - I've tested it with smbtorture, but currently don't have VMware and valgrind working (this I'll fix soon). - The SPNEGO code is client-only at this point. - We still do not do kerberos. Andrew Bartlett (This used to be commit 07fd885fd488fd1051eacc905a2d4962f8a018ec)