Stefan Metzmacher
3f41b58384
s3:rpc_client: remove unused rpccli_netlogon_sam_network_logon()
...
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2014-01-07 12:47:16 +01:00
Stefan Metzmacher
e4fea80693
s3:rpc_client: remove unused rpccli_netlogon_sam_logon()
...
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2014-01-07 12:47:16 +01:00
Stefan Metzmacher
a4faf57b47
s3:rpc_client: remove unused rpccli_netlogon_setup_creds()
...
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2014-01-07 12:47:15 +01:00
Stefan Metzmacher
6d457ad9c1
s3:rpc_client: remove unused rpccli_netlogon_set_trust_password()
...
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2014-01-07 12:47:15 +01:00
Stefan Metzmacher
660150b12a
s3:rpc_client: make cli_rpc_pipe_open_schannel() more flexible
...
It expects a messaging_context now
and returns a netlogon_creds_cli_context.
This way we can finally avoid having a rpc_pipe_client->netlogon_creds.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2014-01-07 12:47:15 +01:00
Stefan Metzmacher
94caf7e190
s3:rpc_client: use rpccli_{create,setup}_netlogon_creds() in cli_rpc_pipe_open_schannel()
...
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2014-01-07 12:47:10 +01:00
Stefan Metzmacher
b7dc3fb204
s3:rpc_client: add rpccli_netlogon_password_logon()
...
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2014-01-07 12:47:08 +01:00
Stefan Metzmacher
5196493c9e
s3:rpc_client: add rpccli_netlogon_network_logon()
...
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2014-01-07 12:47:08 +01:00
Stefan Metzmacher
a07cc9a1c6
s3:rpc_client: remove unused rpccli_netlogon_sam_network_logon_ex()
...
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2014-01-07 12:47:08 +01:00
Stefan Metzmacher
3c025af657
s3:rpc_client: add rpccli_pre_open_netlogon_creds()
...
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2014-01-07 12:47:07 +01:00
Stefan Metzmacher
14ceb7b501
s3:rpc_client: add rpccli_{create,setup}_netlogon_creds()
...
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2014-01-07 12:47:07 +01:00
Stefan Metzmacher
5adfc5f9f7
s3:rpc_client: use netlogon_creds_cli_auth_level() in cli_rpc_pipe_open_schannel_with_key()
...
This means the auth level is now based on the "winbindd sealed pipes" option,
defaulting to "yes" and DCERPC_AUTH_LEVEL_PRIVACY.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2014-01-07 12:47:07 +01:00
Stefan Metzmacher
38d4dba374
s3:rpc_client: make use of the new netlogon_creds_cli_context
...
This exchanges rpc_pipe_client->dc with rpc_pipe_client->netlogon_creds
and lets the secure channel session state be stored in node local database.
This is the proper fix for a large number of bugs:
https://bugzilla.samba.org/show_bug.cgi?id=6563
https://bugzilla.samba.org/show_bug.cgi?id=7944
https://bugzilla.samba.org/show_bug.cgi?id=7945
https://bugzilla.samba.org/show_bug.cgi?id=7568
https://bugzilla.samba.org/show_bug.cgi?id=8599
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2014-01-07 12:47:06 +01:00
Stefan Metzmacher
0059929601
libcli/smb: s/tstream_cli_np/tstream_smbXcli_np
...
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2014-01-07 08:37:42 +01:00
Stefan Metzmacher
024fc73047
libcli/smb: move source3/libsmb/cli_np_tstream.c to tstream_smbXcli_np.c
...
This code is generic enough to have it in the top level now.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2014-01-07 08:37:42 +01:00
Gregor Beck
46d29d46bc
s3:libsmb: do not use cli_state internally within cli_np_tstream
...
Signed-off-by: Gregor Beck <gbeck@sernet.de>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2014-01-07 08:37:41 +01:00
Stefan Metzmacher
6ab9164c74
s3:rpc_client: send a dcerpc_sec_verification_trailer if needed
...
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Tue Jan 7 02:24:42 CET 2014 on sn-devel-104
2014-01-07 02:24:41 +01:00
Stefan Metzmacher
f0532fe0cd
s3:rpc_client: fill alloc_hint with the remaining data not the total data.
...
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2014-01-07 00:27:12 +01:00
Stefan Metzmacher
61bdbc23cd
s3:rpc_client: implement DCERPC_PFC_FLAG_SUPPORT_HEADER_SIGN
...
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2014-01-07 00:27:11 +01:00
Stefan Metzmacher
f7bf7e705e
s3:rpc_client: handle DCERPC_AUTH_TYPE_SCHANNEL as any other gensec backend
...
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2014-01-07 00:27:11 +01:00
Stefan Metzmacher
4d3376e919
s3:rpc_client: add some const to rpc_api_pipe_req_send()
...
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2014-01-07 00:27:11 +01:00
Stefan Metzmacher
946e29dbc1
s3:rpc_client: make rpc_api_pipe_req_send/recv static
...
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2014-01-07 00:27:11 +01:00
Stefan Metzmacher
5b39a351a8
s3:rpc_client: talloc_zero pipe_auth_data
...
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2014-01-07 00:27:11 +01:00
Jeremy Allison
0dc6181894
CVE-2013-4408:s3:Ensure LookupNames replies arrays are range checked.
...
Bug: https://bugzilla.samba.org/show_bug.cgi?id=10185
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Jeremy Allison <jra@samba.org>
2013-12-09 07:05:46 +01:00
Jeremy Allison
b0ba4a5621
CVE-2013-4408:s3:Ensure LookupSids replies arrays are range checked.
...
Bug: https://bugzilla.samba.org/show_bug.cgi?id=10185
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Jeremy Allison <jra@samba.org>
2013-12-09 07:05:46 +01:00
Jeremy Allison
a516ae6868
CVE-2013-4408:s3:Ensure we always check call_id when validating an RPC reply.
...
Bug: https://bugzilla.samba.org/show_bug.cgi?id=10185
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2013-12-09 07:05:46 +01:00
Stefan Metzmacher
8b7c862bab
CVE-2013-4408:s3:rpc_client: verify frag_len at least contains the header size
...
Bug: https://bugzilla.samba.org/show_bug.cgi?id=10185
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2013-12-09 07:05:45 +01:00
Gregor Beck
412af28e1e
s3:rpc_client: fix a leaked talloc_stackframe
...
BUG: https://bugzilla.samba.org/show_bug.cgi?id=10241
Signed-off-by: Gregor Beck <gbeck@sernet.de>
Reviewed-by: Andreas Schneider <asn@samba.org>
2013-11-04 10:38:50 +01:00
Andreas Schneider
5990de5d89
s3-rpc_client: Make data pointer const in trans_send().
...
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Wed Oct 30 01:32:08 CET 2013 on sn-devel-104
2013-10-30 01:32:08 +01:00
Gregor Beck
1974dbe30c
s3:rpc_client: remove unused rpc_pipe_np_smb_conn()
...
Signed-off-by: Gregor Beck <gbeck@sernet.de>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2013-10-17 08:48:50 +13:00
Stefan Metzmacher
872486bbd0
s3:rpc_client: pass object and table to rpccli_bh_create()
...
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2013-10-17 08:48:45 +13:00
Stefan Metzmacher
f773ed2cf7
s3:rpc_client: implement dcerpc_binding_handle_auth_info()
...
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2013-10-17 08:48:44 +13:00
Günther Deschner
b73e2d927b
s3-rpc: use dcerpc_default_transport_endpoint function.
...
Guenther
Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2013-09-20 13:07:30 +02:00
Günther Deschner
a94e278883
s3-rpc: use table->name directly in DEBUG contexts.
...
Guenther
Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2013-09-20 13:07:10 +02:00
Günther Deschner
45949d7218
s3-rpc_cli: remove unused schannel calls from cli_pipe.c
...
Guenther
Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2013-09-19 11:09:55 +02:00
Günther Deschner
89d0b89b5d
s3-rpc_cli: use gensec for schannel bind.
...
Guenther
Signed-off-by: Günther Deschner <gd@samba.org>
Pair-Programmed-With: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2013-09-19 11:09:36 +02:00
Günther Deschner
7b570b4128
s3-rpc_cli: allow to pass down a netlogon CredentialState struct to gensec.
...
Guenther
Signed-off-by: Günther Deschner <gd@samba.org>
Pair-Programmed-With: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2013-09-19 11:09:27 +02:00
Stefan Metzmacher
af4dc30684
s3:cli_pipe.c: return NO_USER_SESSION_KEY in cli_get_session_key() for schannel
...
SCHANNEL connections don't have a user session key,
they're like anonymous connections.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2013-08-10 09:18:58 +02:00
Stefan Metzmacher
838cb53962
s3:cli_pipe: pass down creds->computer_name to NL_AUTH_MESSAGE
...
We need to use the same computer_name value as in the netr_Authenticate3()
request.
We abuse cli->auth->user_name to pass the value down.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2013-08-10 09:18:57 +02:00
Stefan Metzmacher
e96142fc43
s3:cli_pipe: make use of netsec_create_state()
...
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2013-08-10 09:18:57 +02:00
Stefan Metzmacher
04938cbeec
s3:rpc_client: remove unused cli_rpc_pipe_open_ntlmssp_auth_schannel()
...
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2013-08-10 09:18:55 +02:00
Stefan Metzmacher
3302356226
s3:rpc_client: remove netr_LogonGetCapabilities check from rpc_pipe_bind*
...
It's done in the caller now.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2013-08-10 09:18:55 +02:00
Stefan Metzmacher
eecb5bafba
s3:rpc_client: add netr_LogonGetCapabilities to cli_rpc_pipe_open_schannel_with_key()
...
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2013-08-10 09:18:54 +02:00
Stefan Metzmacher
e9c8e3fb92
s3:rpc_client: use netlogon_creds_copy before rpc_pipe_bind
...
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2013-08-10 09:18:54 +02:00
Stefan Metzmacher
90e28c1825
s3:rpc_client: fix/add AES downgrade detection to rpc_pipe_bind_step_two_done()
...
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2013-08-10 09:18:54 +02:00
Stefan Metzmacher
04600634b3
s3:rpc_client: try to use NETLOGON_NEG_SUPPORTS_AES
...
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2013-08-10 09:18:53 +02:00
Stefan Metzmacher
94be8d63cd
s3:rpc_client: rename same variables in cli_rpc_pipe_open_schannel_with_key()
...
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2013-08-05 10:30:02 +02:00
Stefan Metzmacher
8a302fc353
s3:rpc_client: use the correct context for netlogon_creds_copy() in rpccli_schannel_bind_data()
...
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2013-08-05 10:30:02 +02:00
Stefan Metzmacher
6ce645e03c
s3:rpc_client: make rpccli_schannel_bind_data() static
...
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2013-08-05 10:30:02 +02:00
Günther Deschner
a9d5b2fdf0
libcli/auth: also set secure channel type in netlogon_creds_client_init().
...
Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2013-08-05 10:30:00 +02:00