1
0
mirror of https://github.com/samba-team/samba.git synced 2024-12-28 07:21:54 +03:00
Commit Graph

77 Commits

Author SHA1 Message Date
Günther Deschner
c5e85a4987 s3-dcerpc: rename SCHANNEL_SIG_SIZE to NL_AUTH_SIGNATURE_SIZE and move to IDL.
Guenther
2010-07-16 23:09:54 +02:00
Simo Sorce
f4c6c7e7b8 Move the remnants of rpc_parse code under registry/
The registry code is the only last user of this code.
Move everything under registry/ and hope someone will get rid od
it completely from there in the future.

Signed-off-by: Günther Deschner <gd@samba.org>
2010-07-16 01:51:18 +02:00
Simo Sorce
79c207ed62 s3-dceprc: Use IDL defined constants for length calculations
Signed-off-by: Günther Deschner <gd@samba.org>
2010-07-16 01:51:17 +02:00
Simo Sorce
2452a7a4c1 s3-dcerpc: consolidate respones packet creation code
Signed-off-by: Günther Deschner <gd@samba.org>
2010-07-16 01:51:16 +02:00
Simo Sorce
8246214e7e s3-dcerpc: Remove unused functions and headers
parse_rpc.c is dead, long live parse_rpc.c !

Signed-off-by: Günther Deschner <gd@samba.org>
2010-07-16 01:51:16 +02:00
Simo Sorce
0c93b7dff7 s3-dcerpc: Remove unused functions and headers
Signed-off-by: Günther Deschner <gd@samba.org>
2010-07-13 14:44:12 +02:00
Simo Sorce
43064a74a3 s3-dcerpc: Remove unused headers
Signed-off-by: Günther Deschner <gd@samba.org>
2010-07-13 14:44:10 +02:00
Simo Sorce
7571c15af9 s3:dcerpc Remove unused structure and functions 2010-07-08 01:48:05 -04:00
Simo Sorce
ae526514a9 s3:rpc user idl define dcerpc_ctx_list instead of custom RPC_CONTEXT 2010-07-08 01:08:05 -04:00
Günther Deschner
5aabd9af8e s3-dcerpc: use dcerpc_push_ncacn_packet() for create_bind_or_alt_ctx_internal().
Guenther

Signed-off-by: Simo Sorce <idra@samba.org>
2010-07-07 23:45:51 -04:00
Günther Deschner
37bc806453 s3-dcerpc: remove more obsolete or duplicate headers.
Guenther
2009-09-16 08:55:51 +02:00
Günther Deschner
fdf3bd6203 s3-dcerpc: remove unsed auth type defines as seen on the wire.
Guenther
2009-09-15 17:50:00 +02:00
Günther Deschner
e1ecb807e3 s3-dcerpc: remove more unused structs.
Guenther
2009-09-15 17:49:52 +02:00
Günther Deschner
7b36ea55ea s3-dcerpc: remove duplicate RPC_AUTH_LEVEL flags.
Guenther
2009-09-15 17:49:43 +02:00
Günther Deschner
a155f3f9a9 s3-schannel: remove unused code.
Guenther
2009-09-11 02:57:35 +02:00
Günther Deschner
a48f884f70 s3: remove unused RPC_AUTH_SCHANNEL_NEG struct and parsing functions.
Guenther
2009-09-08 17:07:03 +02:00
Günther Deschner
5b2b5abf4f s3-schannel: Fix Bug #6697. Interdomain trusts with Windows 2008 R2 DCs.
The Schannel verifier (aka NL_AUTH_SIGNATURE) structure (32 byte) sent from a
W2k8r2 DC is passed in a buffer with the size of a NL_AUTH_SHA2_SIGNATURE (56
byte). We should just ignore the remaining 12 zeroed bytes and proceed.

Guenther
2009-09-08 12:34:10 +02:00
Günther Deschner
25d6c0a518 s3-ntlmssp: use NTLMSSP headers from IDL and remove duplicate constants.
Guenther
2009-08-28 10:08:52 +02:00
Volker Lendecke
58fbf7420c Remove "typedef struct ndr_syntax_id RPC_IFACE;" 2009-07-05 23:50:12 +02:00
Andrew Bartlett
f28f113d8e Rework Samba3 to use new libcli/auth code (partial)
This commit is mostly to cope with the removal of SamOemHash (replaced
by arcfour_crypt()) and other collisions (such as changed function
arguments compared to Samba3).

We still provide creds_hash3 until Samba3 uses the credentials code in
netlogon server

Andrew Bartlett
2009-04-14 16:23:35 +10:00
Günther Deschner
de2a7c8e4c s3: use generated dcerpc code.
Guenther
2009-03-24 11:14:06 +01:00
Günther Deschner
9fdeb7f7b3 s3-spoolss: remove custom syntax_spoolss and use the syntax defined in IDL.
Guenther
2009-03-18 14:18:42 +01:00
Volker Lendecke
1335da2a7c Refactoring: Change calling conventions for cli_rpc_pipe_open_noauth
Pass in ndr_syntax_id instead of pipe_idx, return NTSTATUS
(This used to be commit 9abc9dc4dc)
2008-07-20 17:37:11 +02:00
Volker Lendecke
66669bad43 Simplify pipe_names: we only do ndr_transfer_syntax anyway
(This used to be commit b808403af5)
2008-07-20 17:06:21 +02:00
Jelmer Vernooij
a4c60b2696 rpc_parse: Use UUIDs from librpc/gen_ndr/ when possible to reduce
duplication.
(This used to be commit 428654b473)
2008-04-17 17:54:32 +02:00
Jelmer Vernooij
28fd4f6fcb Reconcile ndr_syntax_id used by pidl-generated code and Samba3's RFC_IFACE.
(This used to be commit 7bea00dca1)
2008-04-15 20:26:52 +02:00
Günther Deschner
99d3590455 Fix NETLOGON credential chain with Windows 2008 all over the place.
In order to avoid receiving NT_STATUS_DOWNGRADE_DETECTED from a w2k8
netr_ServerAuthenticate2 reply, we need to start with the AD netlogon negotiate
flags everywhere (not only when running in security=ads). Only for NT4 we need
to do a downgrade to the returned negotiate flags.

Tested with w2k8, w2ksp4, w2k3r2 and nt4sp6.

Guenther
(This used to be commit 0970369ca0)
2008-04-02 11:12:47 +02:00
Andreas Schneider
691c4b1a41 Windows 2008 (Longhorn) auth2 flag fixes.
Interop fixes for AD specific flags. Original patch from Todd Stetcher.
(This used to be commit 5aadfcdaac)
2008-01-23 14:55:22 -08:00
Günther Deschner
a92eb76688 Finally enable pidl generated SAMR & NETLOGON headers and clients.
Guenther
(This used to be commit f7100156a7)
2008-01-17 16:54:46 +01:00
Gerald Carter
5221ebb299 r25407: Revert Longhorn join patch as it is not correct for the 3.2 tree.
The translate_name() used by cli_session_setup_spnego() cann rely
Winbindd since it is needed by the join process (and hence before
Winbind can be run).
(This used to be commit 00a93ed336)
2007-10-10 12:31:03 -05:00
Gerald Carter
3529156971 r25400: Windows 2008 (Longhorn) Interop fixes for AD specific auth2 flags,
and client fixes.  Patch from Todd Stetcher <todd.stetcher@isilon.com>.
(This used to be commit 8304ccba73)
2007-10-10 12:31:02 -05:00
Andrew Tridgell
5e54558c6d r23784: use the GPLv3 boilerplate as recommended by the FSF and the license text
(This used to be commit b0132e94fc)
2007-10-10 12:28:22 -05:00
Jeremy Allison
d824b98f80 r23779: Change from v2 or later to v3 or later.
Jeremy.
(This used to be commit 407e6e695b)
2007-10-10 12:28:20 -05:00
Jelmer Vernooij
4e7d11449a r18654: Rename "struct uuid" => "struct GUID" for consistency.
(This used to be commit 5de76767e8)
2007-10-10 11:52:19 -05:00
Günther Deschner
1d5ab8fd05 r14597: Merge DCERPC_FAULT constants from Samba 4.
Guenther
(This used to be commit 3f195f8248)
2007-10-10 11:15:38 -05:00
Günther Deschner
81e4340fd4 r14368: Remove redundant set of logon flags (now in rpc_netlogon.h).
Guenther
(This used to be commit 8d4290cb8e)
2007-10-10 11:15:27 -05:00
Jeremy Allison
ad8b47a2ba r13407: Change the credentials code to be more like the Samba4 structure,
makes fixes much easier to port. Fix the size of dc->sess_key to
be 16 bytes, not 8 bytes - only store 8 bytes in the inter-smbd
store in secrets.tdb though. Should fix some uses of the dc->sess_key
where we where assuming we could read 16 bytes.
Jeremy.
(This used to be commit 5b3c2e63c7)
2007-10-10 11:09:59 -05:00
Jeremy Allison
05fafb8396 r11950: If we got a connection oriented cancel pdu we would spin processing it.
Fix that, and also add in comments for all possible CL and CO PDU
types. Make sure we process them correctly.
Jeremy.
(This used to be commit 672113a627)
2007-10-10 11:05:39 -05:00
Gerald Carter
54abd2aa66 r10656: BIG merge from trunk. Features not copied over
* \PIPE\unixinfo
* winbindd's {group,alias}membership new functions
* winbindd's lookupsids() functionality
* swat (trunk changes to be reverted as per discussion with Deryck)
(This used to be commit 939c3cb5d7)
2007-10-10 11:04:48 -05:00
Jeremy Allison
8b2b177a8e r8805: Merge a duplicate struct. Get ready to support SPNEGO rpc binds.
Jeremy.
(This used to be commit fd6e342746)
2007-10-10 11:00:18 -05:00
Jeremy Allison
5c9963c287 r7696: Don't try and be clever and read an 8 byte int and 3 pad bytes
as a uint32 - you'll just get it wrong (as I did :-).
Second attempt to fix the Apple client issues.
Jeremy.
(This used to be commit d2aa5bc7aa)
2007-10-10 10:57:19 -05:00
Jeremy Allison
04e07e8cc9 r7385: Rewrite the RPC bind parsing functions to follow the spec. I haven't yet
tested this so I may have screwed this up - however it now follows the
DCE spec. valgrinded tests to follow....
Jeremy.
(This used to be commit 877e0a61f5)
2007-10-10 10:57:07 -05:00
Gerald Carter
9dbf2e2419 r991: Allow winbindd to use the domain trust account password
for setting up an schannel connection.  This solves the problem
of a Samba DC running winbind, trusting a native mode AD domain,
and needing to enumerate AD users via wbinfo -u.
(This used to be commit e9f109d1b3)
2007-10-10 10:51:53 -05:00
Gerald Carter
41db2016ad r704: BUG 1315: fix for schannel client connections to server's that don't support 128 bit encryption
(This used to be commit 316ba5ad89)
2007-10-10 10:51:34 -05:00
Gerald Carter
8ad3d8c9b0 r196: merging struct uuid from trunk
(This used to be commit 911a28361b)
2007-10-10 10:51:13 -05:00
Gerald Carter
cbe69f65f6 commit sign only patch from Andrew; bug 167; tested using 2k & XP clientspreviously joined to the Samba domain
(This used to be commit 3802f5895e)
2003-10-01 21:18:32 +00:00
Gerald Carter
11777e6a30 Attempt at fixing bug #283. There however is no solution.
There is a workaround documented in the bug report.

This patch does:

  * add server support for the LSA_DS UUID on the lsarpc pipe
  * store a list of context_ids/api_structs in the pipe_struct
    so that we don't have to lookup the function table for a pipe.
    We just match the context_id.  Note that a dce/rpc alter_context
    does not destroy the previous context so it is possible to
    have multiple bindings active on the same pipe. Observed from
    standalone win2k sp4 client.
  * added server code for DsROleGetPrimaryDOmainInfo() but disabled it
    since it causes problems enumerating users and groups from a 2ksp4
    domain member in a Samba domain.
(This used to be commit 96bc2abfcb)
2003-08-14 21:14:28 +00:00
Jeremy Allison
38b3ee6467 RPC fix from Ronan Waide <waider@waider.ie>. Tested with rpcecho.
Jeremy.
(This used to be commit 68590b9e22)
2003-08-08 17:08:35 +00:00
Andrew Bartlett
456f51bcbe Jeremy requested that I get my NTLMSSP patch into CVS. He didn't request
the schannel code, but I've included that anyway. :-)

This patch revives the client-side NTLMSSP support for RPC named pipes
in Samba, and cleans up the client and server schannel code.  The use of the
new code is enabled by the 'sign', 'seal' and 'schannel' commands in
rpcclient.

The aim was to prove that our separate NTLMSSP client library actually
implements NTLMSSP signing and sealing as per Microsoft's NTLMv1 implementation,
in the hope that knowing this will assist us in correctly implementing
NTLMSSP signing for SMB packets.  (Still not yet functional)

This patch replaces the NTLMSSP implementation in rpc_client/cli_pipe.c with
calls to libsmb/ntlmssp.c.  In the process, we have gained the ability to
use the more secure NT password, and the ability to sign-only, instead of
having to seal the pipe connection.  (Previously we were limited to sealing,
and could only use the LM-password derived key).

Our new client-side NTLMSSP code also needed alteration to cope with our
comparatively simple server-side implementation.  A future step is to replace
it with calls to the same NTLMSSP library.

Also included in this patch is the schannel 'sign only' patch I submitted to
the team earlier.  While not enabled (and not functional, at this stage) the
work in this patch makes the code paths *much* easier to follow.  I have also
included similar hooks in rpccleint to allow the use of schannel on *any* pipe.

rpcclient now defaults to not using schannel (or any other extra per-pipe
authenticiation) for any connection.  The 'schannel' command enables schannel
for all pipes until disabled.

This code is also much more secure than the previous code, as changes to our
cli_pipe routines ensure that the authentication footer cannot be removed
by an attacker, and more error states are correctly handled.

(The same needs to be done to our server)

Andrew Bartlett
(This used to be commit 5472ddc9ea)
2003-07-14 08:46:32 +00:00
Jeremy Allison
09a50497d1 Fixes to make SCHANNEL work in 3.0 against a W2K DC. Still need to fix
multi-PDU encode/decode with SCHANNEL. Also need to test against WNT DC.
Jeremy.
(This used to be commit ff66d40970)
2003-04-16 15:39:57 +00:00