1
0
mirror of https://github.com/samba-team/samba.git synced 2024-12-24 21:34:56 +03:00
Commit Graph

147 Commits

Author SHA1 Message Date
Stefan Metzmacher
4cda41677c CVE-2020-25717: s3:rpcclient: start with authoritative = 1
This is not strictly needed, but makes it easier to audit
that we don't miss important places.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14556

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2021-11-09 19:45:32 +00:00
Andreas Schneider
b549fdb6da s3:rpcclient: Add missing break in switch statement
error: unannotated fall-through between switch labels [-Werror,-Wimplicit-fallthrough]

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2021-02-01 21:50:32 +00:00
Günther Deschner
742d8ba9c4 s3-rpcclient: add logongetdomaininfo command
Guenther

Signed-off-by: Guenther Deschner <gd@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2019-09-20 01:14:43 +00:00
Gary Lockyer
0e2acf6cfb winbind: Generate and pass logon ID
Generate a random logon_id and pass it in the SamLogon calls.

Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2019-02-20 06:03:09 +01:00
Andreas Schneider
281c5107b0 s3:rpcclient: Use C99 initializer for cmd_set in cmd_netlogon
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2019-01-28 10:29:17 +01:00
Andreas Schneider
56ac8944eb s3:rpcclient: Initialize domain_name
This could be passed uninitialized to dcerpc_netr_DsRGetDCName()

Found by cppcheck.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13680

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2018-11-14 05:07:15 +01:00
Ralph Boehme
489e942aa9 s3/rpc_client: return validation from rpccli_netlogon functions
Return the validation info instead of the already mapped info3. Higher
layers need info6 if available, this is the first step in passing the
unmapped info up to callers.

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2018-01-13 08:24:08 +01:00
Volker Lendecke
82c17bc9fa rpcclient: Fix "capabilities" command
This used to not properly store the chained credentials back into the
netlogon_creds_cli tdb. This by the way is the bug that all the
routines for the NT4 style sam replication had that just disappeared.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Mon Sep 25 13:42:19 CEST 2017 on sn-devel-144
2017-09-25 13:42:19 +02:00
Volker Lendecke
fe736f246b rpcclient: Remove sam_sync related commands
These three commands don't use the netlogon credential chain
correctly. They are missing the netlogon_creds_store after the dcerpc
call, so they destroy the correct use of the netlogon creds.

The only valid server for these calls that I know of would be NT4, and
that should be gone long ago.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2017-09-20 22:48:15 +02:00
Stefan Metzmacher
1421abfc73 s3:trusts_util: pass dcname to trust_pw_change()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12782

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2017-06-27 16:57:45 +02:00
Volker Lendecke
00c25a5080 cli_netlogon: Add return parms to rpccli_netlogon_password_logon
Just for symmetry with rpccli_netlogon_network_logon()

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2017-03-07 09:15:17 +01:00
Günther Deschner
6179ab7738 werror: replace WERR_GENERAL_FAILURE with WERR_GEN_FAILURE in source3/rpcclient/
Guenther

Signed-off-by: Guenther Deschner <gd@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2016-09-28 00:04:21 +02:00
Günther Deschner
5cec72f36c werror: replace WERR_NOMEM with WERR_NOT_ENOUGH_MEMORY in source3/rpcclient/
Guenther

Signed-off-by: Guenther Deschner <gd@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2016-09-28 00:04:19 +02:00
Noel Power
89940f39c6 s3: rpcclient: Prevent null ptr access by returning error if no creds available
Prevent rpccli_netlogon_password_logon being called with 'NULL' credentials.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11569

Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2015-11-04 22:15:24 +01:00
Richard Sharpe
1ef68eb680 Convert all uint32/16/8 to _t in source3/rpcclient.
Signed-off-by: Richard Sharpe <rsharpe@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2015-05-12 01:32:12 +02:00
Stefan Metzmacher
337d86f87e s3:rpcclient: only require netlogon_creds for specified netlogon calls
A lot of calls on the netlogon pipe doesn't require netlogon credentials,
e.g. netr_LogonControl*() should work just with administrator credentials.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
2015-03-30 13:41:25 +02:00
Günther Deschner
b722167b2c s3-rpc_client: return info3 in rpccli_netlogon_password_logon().
Guenther

Signed-off-by: Günther Deschner <gd@samba.org>
Pair-Programmed-With: Andreas Schneider <asn@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2014-07-15 16:00:40 +02:00
Stefan Metzmacher
c6bb47f2f1 s3:rpcclient: make use of rpccli_netlogon_password_logon() in the 'samlogon' cmd
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2014-01-07 12:47:14 +01:00
Stefan Metzmacher
4c99e49898 s3:rpcclient: remove optional auth_level parameter of the 'samlogon' cmd
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2014-01-07 12:47:14 +01:00
Stefan Metzmacher
a9281e6570 s3:rpcclient: make use of trust_pw_change()
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2014-01-07 12:47:12 +01:00
Stefan Metzmacher
3bf77812e8 s3:rpcclient: make use of rpcclient_netlogon_creds instead of cli->netlogon_creds
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2014-01-07 12:47:11 +01:00
Stefan Metzmacher
fb13b002d5 s3:rpcclient: remove unused rpccli_netlogon_setup_creds() from cmd_netlogon_database_redo()
rpccli_netlogon_setup_creds() is already called in the main do_cmd()

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2014-01-07 12:47:11 +01:00
Stefan Metzmacher
38d4dba374 s3:rpc_client: make use of the new netlogon_creds_cli_context
This exchanges rpc_pipe_client->dc with rpc_pipe_client->netlogon_creds
and lets the secure channel session state be stored in node local database.

This is the proper fix for a large number of bugs:
https://bugzilla.samba.org/show_bug.cgi?id=6563
https://bugzilla.samba.org/show_bug.cgi?id=7944
https://bugzilla.samba.org/show_bug.cgi?id=7945
https://bugzilla.samba.org/show_bug.cgi?id=7568
https://bugzilla.samba.org/show_bug.cgi?id=8599

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2014-01-07 12:47:06 +01:00
Stefan Metzmacher
e77a64f505 s3:rpcclient: try to use NETLOGON_NEG_SUPPORTS_AES
Signed-off-by: Stefan Metzmacher <metze@samba.org>

Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2013-08-10 09:18:53 +02:00
Alexander Bokovoy
9e116e8a5e s3-rpcclient: support all known netr_LogonControl2 variants properly
logonctrl2 function in rpcclient did not allow to specify arguments
to most of netr_LogonControl2 function code points.

In addition, make descriptive help to show what is expected at each
function code point.

Autobuild-User(master): Alexander Bokovoy <ab@samba.org>
Autobuild-Date(master): Thu Jun 21 12:11:19 CEST 2012 on sn-devel-104
2012-06-21 12:11:19 +02:00
Andreas Schneider
2d0d2b570f s3-rpcclient: Remove debug_dsdcinfo_flags() call.
This gets rid of the DCUTIL dependency.
2012-01-25 11:58:28 +01:00
Andrew Bartlett
34d52532b5 s3-rpcclient: pass struct ndr_interface_table down
This will allow the target service (as determined from the IDL) to be
passed to GSSAPI (rather than the current, incorrect, "cifs").

Andrew Bartlett

Signed-off-by: Stefan Metzmacher <metze@samba.org>
2012-01-18 16:23:24 +01:00
Andrew Bartlett
74eed8f3ed s3-param Remove special case for global_myname(), rename to lp_netbios_name()
There is no reason this can't be a normal constant string in the
loadparm system, now that we have lp_set_cmdline() to handle overrides
correctly.

Andrew Bartlett
2011-06-09 12:40:09 +02:00
Günther Deschner
2352e7cb7f s3-rpcclient: include rpc_client/cli_pipe.h globally in rpcclient.h
Guenther
2011-03-31 00:14:01 +02:00
Andreas Schneider
bf18403c81 s3-rpc_client: Move client pipe functions to own header. 2011-02-28 18:15:04 +01:00
Stefan Metzmacher
5e4691e70e s3:rpcclient/cmd_netlogon: fix netr_DELTA_* display
metze
2011-02-01 18:35:22 +01:00
Günther Deschner
99437614fa s3-rpcclient: allow to define validation level for samlogon.
Guenther
2011-01-24 16:56:00 +01:00
Günther Deschner
5e4b327c4f s3-rpcclient: prefer dcerpc_netr_X functions.
Guenther

Signed-off-by: Andreas Schneider <asn@samba.org>
2011-01-13 14:09:18 +01:00
Stefan Metzmacher
d6eb42cc61 s3:rpcclient: we also need some ndr_pull functions
metze
2010-08-08 11:05:18 +02:00
Günther Deschner
c136b84f0d s3-secrets: only include secrets.h when needed.
Guenther
2010-08-05 10:12:25 +02:00
Matthias Dieter Wallnöfer
11e2608ba9 s3/s4:netrEnumerateTrustedDomains - this call returns a "NTSTATUS" result
See MS-NRPC 3.5.5.6.3.
2010-05-31 12:08:59 +02:00
Günther Deschner
5ed3654112 s3-rpc_client: move protos to cli_netlogon.h
Guenther
2010-05-18 21:42:37 +02:00
Günther Deschner
3d679a3b5f s3-rpc: Avoid including every pipe's client and server stubs everywhere in samba.
Guenther
2009-11-26 20:03:17 +01:00
Volker Lendecke
bb283af16f Revert "s3: Do not directly reference the ndr_table_* in rpcclient"
This reverts commit 70c698fd54.
2009-11-08 19:43:47 +01:00
Volker Lendecke
70c698fd54 s3: Do not directly reference the ndr_table_* in rpcclient 2009-11-08 00:28:36 +01:00
Günther Deschner
ebe0e64ba9 s3: use enum netr_SchannelType all over the place.
Guenther
2009-10-13 10:21:46 +02:00
Günther Deschner
42e393af28 s3-rpcclient: fix netr_LogonGetCapabilities command.
Guenther
2009-09-16 17:59:38 +02:00
Andrew Bartlett
baf7274fed Make Samba3 use the new common libcli/auth code
This is particuarly in the netlogon client (but not server at this
stage)
2009-04-14 16:23:44 +10:00
Andrew Bartlett
f28f113d8e Rework Samba3 to use new libcli/auth code (partial)
This commit is mostly to cope with the removal of SamOemHash (replaced
by arcfour_crypt()) and other collisions (such as changed function
arguments compared to Samba3).

We still provide creds_hash3 until Samba3 uses the credentials code in
netlogon server

Andrew Bartlett
2009-04-14 16:23:35 +10:00
Günther Deschner
a4e570e3ce s3-rpcclient: add test command to call netr_LogonGetCapabilities (for bug #6100).
Guenther
2009-02-25 22:17:39 +01:00
Günther Deschner
008ac81b31 s3-rpcclient: add database_redo command.
Guenther
2008-11-06 18:51:38 +01:00
Jelmer Vernooij
ddcab787c4 Rename dos_errstr() to win_errstr() for consistency with Samba 4. 2008-11-01 17:19:26 +01:00
Günther Deschner
68aa9bd67f s3-rpcclient: add getdcsitecoverage call.
Guenther
2008-10-27 14:29:04 +01:00
Günther Deschner
3b9a03a7c3 s3: fix samlogon client and server calls.
Guenther
2008-10-15 16:14:20 +02:00
Volker Lendecke
82b5f54f96 Refactoring: rpcclient uses ndr_syntax_id instead of pipe_idx
(This used to be commit 85db87c451)
2008-07-21 14:36:27 +02:00