sin/samba-mirror
1
0
Fork 0
mirror of https://github.com/samba-team/samba.git synced 2025-01-12 09:18:10 +03:00
Code
57,349 Commits 60 Branches 1,145 Tags 452 MiB
47455b4d1a
Commit Graph

226 Commits

Author SHA1 Message Date
Volker Lendecke
82c35e460e Revert "s3: Do not reference ndr_table when calling rpc_srv_register" 
This reverts commit 494b2aff88.
 2009-11-08 19:43:46 +01:00
Volker Lendecke
494b2aff88 s3: Do not reference ndr_table when calling rpc_srv_register 2009-11-08 13:12:15 +01:00
Volker Lendecke
9621306351 s3: Consolidate getting the name out of a pipes_struct 2009-11-08 13:12:14 +01:00
Volker Lendecke
2aa0af9867 s3: get_pipe_name_from_iface -> get_pipe_name_from_syntax 2009-11-07 09:14:15 +01:00
Volker Lendecke
f3869f90f5 s3:rpc: Fix is_known_pipename for dynamically loaded pipes 2009-10-13 20:34:25 +02:00
Günther Deschner
503d035814 spnego: share spnego_parse. 
Guenther
 2009-09-17 01:12:20 +02:00
Stefan Metzmacher
033ced60ac libcli/auth: rewrite schannel sign/seal code to be more generic 
This prepares support for HMAC-SHA256/AES.

metze
 2009-09-16 12:29:06 +02:00
Günther Deschner
37bc806453 s3-dcerpc: remove more obsolete or duplicate headers. 
Guenther
 2009-09-16 08:55:51 +02:00
Günther Deschner
c5c04fcf90 s3-schannel: add dump_NL_AUTH_SIGNATURE. 
Guenther
 2009-09-16 07:54:02 +02:00
Günther Deschner
799f8d7e13 schannel: fully share schannel sign/seal between s3 and 4. 
Guenther
 2009-09-16 01:55:06 +02:00
Günther Deschner
231b2fa261 s3-dcerpc: really fix remaining old auth level constants. sorry... 
Guenther
 2009-09-15 19:34:18 +02:00
Günther Deschner
c2d7c7a9dd s3-dcerpc: fix remaining old auth level constants. 
Guenther
 2009-09-15 18:30:44 +02:00
Günther Deschner
7b36ea55ea s3-dcerpc: remove duplicate RPC_AUTH_LEVEL flags. 
Guenther
 2009-09-15 17:49:43 +02:00
Günther Deschner
d3af0346c8 s3-dcerpc: use dcerpc_AuthLevel and remove duplicate set of flags. 
Guenther
 2009-09-15 17:49:34 +02:00
Günther Deschner
f900e61cf8 s3-schannel: fix api_pipe_schannel_process(), was using incorrect buffer length. 
Found by RPC-SCHANNEL torture test.

Guenther
 2009-09-13 06:46:55 +02:00
Günther Deschner
d258fb4d0d s3-schannel: use NL_AUTH_SIGNATURE for schannel sign & seal (client & server). 
Guenther
 2009-09-11 03:00:35 +02:00
Günther Deschner
9ab5d9be8d s3-schannel: use NL_AUTH_MESSAGE for schannel bind reply. 
Guenther
 2009-09-11 02:57:27 +02:00
Günther Deschner
3984738646 s3-rpc_server: use NL_AUTH_MESSAGE in pipe_schannel_auth_bind(). 
Guenther
 2009-09-08 17:07:03 +02:00
Günther Deschner
21a93c2ddc s3-netlogon: use shared credential and schannel storage infrastructure for netlogon server. 
Guenther
 2009-08-27 15:55:19 +02:00
Volker Lendecke
880c286bc9 Use null_ndr_syntax_id instead of zeroing null_interface manually 2009-07-05 23:50:12 +02:00
Volker Lendecke
58fbf7420c Remove "typedef struct ndr_syntax_id RPC_IFACE;" 2009-07-05 23:50:12 +02:00
Volker Lendecke
30dd96e819 Make check_bind_req static to rpc_server/srv_pipe.c 2009-07-05 23:50:12 +02:00
Jeremy Allison
67d12e9c6b Get the sense of the integer wrap test the right way around. Sorry. 
Jeremy.
 2009-03-05 22:00:22 -08:00
Jeremy Allison
4e74d811aa Now we're allowing a lower bound for auth_len, ensure we 
also check for an upper one (integer wrap).
Jeremy.
 2009-03-05 21:06:48 -08:00
Volker Lendecke
2544ba6a0a Complete the fix for bug 6100 
According to [MS-RPCE].pdf, section 2.2.2.11:

----
A client or a server that (during composing of a PDU) has allocated more space
for the authentication token than the security provider fills in SHOULD fill in
the rest of the allocated space with zero octets. These zero octets are still
considered to belong to the authentication token part of the PDU.<36>
----

RPC implementations are allowed to send padding bytes at the end of an auth
footer. Windows 7 makes use of this.

Thanks to Nick Meier <nmeier@microsoft.com>

Volker
 2009-03-05 22:28:07 +01:00
Volker Lendecke
3a4c8cd492 Make prs_struct->out_data.current_pdu dynamically allocated 
Another 4k per open pipe
 2009-02-08 13:53:50 +01:00
Dan Sledz
d96248a9b4 Add two new parameters to control how we verify kerberos tickets. Removes lp_use_kerberos_keytab parameter. 
The first is "kerberos method" and replaces the "use kerberos keytab"
with an enum.  Valid options are:
secrets only - use only the secrets for ticket verification (default)
system keytab - use only the system keytab for ticket verification
dedicated keytab - use a dedicated keytab for ticket verification.
secrets and keytab - use the secrets.tdb first, then the system keytab

For existing installs:
"use kerberos keytab = yes" corresponds to secrets and keytab
"use kerberos keytab = no" corresponds to secrets only

The major difference between "system keytab" and "dedicated keytab" is
that the latter method relies on kerberos to find the correct keytab
entry instead of filtering based on expected principals.

The second parameter is "dedicated keytab file", which is the keytab
to use when in "dedicated keytab" mode.  This keytab is only used in
ads_verify_ticket.
 2009-02-01 20:23:31 -08:00
Volker Lendecke
53394980ad Replace pipe names in pipes_struct by ndr_syntax_id 
This was mainly used for debugging output
 2009-02-01 14:34:23 +01:00
todd stecher
989ad44d32 Memory leaks and other fixes found by Coverity 2009-01-21 17:13:03 -08:00
Volker Lendecke
964acde86e Remove the rpc_srv_register wrapper around rpc_pipe_register_commands 2009-01-09 23:17:57 +01:00
Volker Lendecke
125696b73d Pass the full ndr_interface_table into the s3 rpcserver when registering 2009-01-09 23:17:57 +01:00
Volker Lendecke
c1a8e8adac Simplify find_pipe_fns_by_context slightly 2009-01-09 22:48:09 +01:00
Volker Lendecke
2714ac4d3a Fix some nonempty blank lines 2009-01-09 22:30:56 +01:00
Volker Lendecke
907f126d3e Get rid of pipes_struct->pipe_user, we have server_info now --- YESSS! 2008-11-24 11:39:03 +01:00
Günther Deschner
d9f1fff5b3 s3: use shared asn1 code. 
Guenther
 2008-10-22 21:37:36 +02:00
Volker Lendecke
042600cbac Make api_rpcTNP static to srv_pipe.c 
(This used to be commit 256c93a8b3)
 2008-07-26 11:25:24 +02:00
Volker Lendecke
2e7cb1a5cc Introduce is_known_pipename 
This scans the list of pipes registered via rpc_pipe_register_commands instead
of using static tables.
(This used to be commit 283e603998)
 2008-07-19 20:27:56 +02:00
Volker Lendecke
bcb652451b Simplify the RPC servers: remove get_pipe_fns 
The per-server xxx_get_pipe_fns functions can go once all the RPC servers are
converted
(This used to be commit 6aa2391cbe)
 2008-07-18 15:04:05 +02:00
Volker Lendecke
e0f3ea2cbe In api_pipe_bind_req(), check for the iface id, not the pipe name 
This requires to store the rpc_interface in "struct rpc_table"
(This used to be commit 654f8de849)
 2008-07-16 23:19:48 +02:00
Volker Lendecke
1bd7293817 In api_pipe_bind_req(), decode the bind request before checking the pipe 
(This used to be commit 8be41382ed)
 2008-07-16 23:19:47 +02:00
Volker Lendecke
747a580952 Now that we have p->server_info, use p->server_info->user_session_key 
(This used to be commit aefad64e3a)
 2008-06-26 13:13:23 +02:00
Volker Lendecke
cebbb2d84a Fix typo 
(This used to be commit 41d2daeaa5)
 2008-06-26 13:13:22 +02:00
Volker Lendecke
d331624fdf Add server_info to pipes_struct 
(This used to be commit d621867bb8)
 2008-06-26 13:13:22 +02:00
Volker Lendecke
df905a5d77 Make pipes_struct its own talloc ctx 
(This used to be commit 829b1ad469)
 2008-06-21 10:34:34 +02:00
Volker Lendecke
40f5eab5eb Wrap the unix token info in a unix_user_token in auth_serversupplied_info 
No functional change, this is a preparation for more current_user ref removal
(This used to be commit dcaedf345e)
 2008-06-19 18:51:37 +02:00
Jelmer Vernooij
a4c60b2696 rpc_parse: Use UUIDs from librpc/gen_ndr/ when possible to reduce 
duplication.
(This used to be commit 428654b473)
 2008-04-17 17:54:32 +02:00
Jelmer Vernooij
28fd4f6fcb Reconcile ndr_syntax_id used by pidl-generated code and Samba3's RFC_IFACE. 
(This used to be commit 7bea00dca1)
 2008-04-15 20:26:52 +02:00
Volker Lendecke
c751386bb8 Remove some write-only fstrings 
(This used to be commit aacb07b1b0)
 2008-04-11 22:21:04 +02:00
Volker Lendecke
e9ba13bc67 Fix Coverity ID 514 
Not exactly an uninitialized variable, but having Coverity figure out that
we're only UNMARSHALLING here is probably asking for a bit too much.
(This used to be commit 07a9f7daa8)
 2008-03-23 19:44:55 +01:00
Günther Deschner
5fdf4b8f4a Remove remaining old srvsvc client and server rpc code entirely. 
Guenther
(This used to be commit a5f0186f70)
 2008-03-21 04:16:22 +01:00