1
0
mirror of https://github.com/samba-team/samba.git synced 2024-12-25 23:21:54 +03:00
Commit Graph

1199 Commits

Author SHA1 Message Date
Jeremy Allison
ad77ae1d58 First part of fix for bug #7159 - client rpc_transport doesn't cope with bad server data returns.
Ensure that subreq is *always* talloc_free'd in the _done
function, as it has an event timeout attached. If the
read requests look longer than the cli->timeout, then
the timeout fn is called with already freed data.

Jeremy.
2010-02-19 14:26:12 -08:00
Jeremy Allison
7b4387f765 Fix bug #7146 - Samba miss-parses authenticated RPC packets.
Parts of the Samba RPC client and server code misinterpret authenticated
packets.

DCE authenticated packets actually look like this :

+--------------------------+
|header                    |
| ... frag_len (packet len)|
| ... auth_len             |
+--------------------------+
|                          |
| Data payload             |
...                     ....
|                          |
+--------------------------+
|                          |
| auth_pad_len bytes       |
+--------------------------+
|                          |
| Auth footer              |
| auth_pad_len value       |
+--------------------------+
|                          |
| Auth payload             |
| (auth_len bytes long)    |
+--------------------------+

That's right. The pad bytes come *before* the footer specifying how many pad
bytes there are. In order to read this you must seek to the end of the packet
and subtract the auth_len (in the packet header) and the auth footer length (a
known value).

The client and server code gets this right (mostly) in 3.0.x -> 3.4.x so long
as the pad alignment is on an 8 byte boundary (there are some special cases in
the code for this).

Tridge discovered there are some (DRS replication) cases where on 64-bit
machines where the pad alignment is on a 16-byte boundary. This breaks the
existing S3 hand-optimized rpc code.

This patch removes all the special cases in client and server code, and allows
the pad alignment for generated packets to be specified by changing a constant
in include/local.h (this doesn't affect received packets, the new code always
handles them correctly whatever pad alignment is used).

This patch also works correctly with rpcclient using sign+seal from
the 3.4.x and 3.3.x builds (testing with 3.0.x and 3.2.x to follow)
so even as a server it should still work with older libsmbclient and
winbindd code.

Jeremy
2010-02-17 15:27:59 -08:00
Volker Lendecke
81a848be6d s3: Remove some unused variables 2010-01-10 22:43:02 +01:00
Bo Yang
36493bf2f6 s3: Fix infinite loop in NCACN_IP_TCP asa there is no timeout. Assume lsa_pipe_tcp is ok but network is down, then send request is ok, but select() on writeable fds loops forever since there is no response.
Signed-off-by: Bo Yang <boyang@samba.org>
2010-01-06 19:19:35 +08:00
Andrew Bartlett
802e9328ed s3:ntlmssp: only include ntlmssp.h where actually needed
Andrew Bartlett
2009-12-22 21:07:53 +01:00
Andrew Bartlett
5b37cd23bf s3:ntlmssp: remove the typedef NTLMSSP_STATE
Andrew Bartlett
2009-12-22 21:07:53 +01:00
Günther Deschner
f20effc437 s3-spoolss: fix enumprinter key client and server.
Guenther
2009-12-10 17:48:50 +01:00
Günther Deschner
5f60855ba2 samba-spoolss: use spoolss_StringArray2 in spoolss_EnumPrinterKey.
This should finally resolve the endian issues we were seeing on sparc and is
much cleaner for spoolss clients and servers.

Guenther
2009-12-02 14:56:17 +01:00
Günther Deschner
04f8c229de s3-kerberos: only use krb5 headers where required.
This seems to be the only way to deal with mixed heimdal/MIT setups during
merged build.

Guenther
2009-11-27 16:36:00 +01:00
Günther Deschner
5d706a2fd4 s3-rpc: running minimal_includes.pl on rpc_client and rpc_server.
Guenther
2009-11-26 20:17:07 +01:00
Günther Deschner
3d679a3b5f s3-rpc: Avoid including every pipe's client and server stubs everywhere in samba.
Guenther
2009-11-26 20:03:17 +01:00
Günther Deschner
846aa18648 s3-spoolss: fixes for _spoolss_EnumPrinterKey client and server.
Thanks Metze for review!

Guenther
2009-11-24 15:49:35 +01:00
Günther Deschner
d464151f3b s3-spoolss: fix spoolss_EnumPrinterKey client and server code.
Guenther
2009-11-23 11:44:43 +01:00
Volker Lendecke
f4cf1c56a2 s3: Add min_setup, min_param and min_data to cli_trans_recv
Every caller that expects to receive something needs to check if enough was
sent. Make this check mandatory for everyone.

Yes, this makes the parameter list for cli_trans a bit silly, but that's just
the way it is: A silly protocol request :-)

While there, convert some _done functions to tevent_req_simple_finish_ntstatus.
2009-11-14 12:20:12 +01:00
Volker Lendecke
92a16b91e8 fix bogus "out of memory" winbind msg
Signed-off-by: Michael Adam <obnox@samba.org>
2009-11-13 11:36:06 +01:00
Jeremy Allison
0363713031 Remove erroneous 'presult = NULL' changes. Now presult only gets set
if NTSTATUS == OK.
Jeremy.
2009-11-12 13:59:25 -08:00
Jeremy Allison
496d147dc4 Revert "Ensure every return path initializes presult as NULL."
Vl is correct, this is the wrong way to fix this.

This reverts commit 83c2c177a5.
2009-11-12 13:57:13 -08:00
Jeremy Allison
5363d6e62c Ensure all callers to the rpc_client/cli_pipe functions correctly
initialize return variables.
Jeremy.
2009-11-12 13:56:33 -08:00
Jeremy Allison
83c2c177a5 Ensure every return path initializes presult as NULL.
Ensures no crashes in calling code that forgets to
init return as null.
Jeremy.
2009-11-12 11:49:54 -08:00
Günther Deschner
d241b9ae4c s3-rpc_client: make sure cli_rpc_pipe_open_schannel() does not always return NT_STATUS_OK.
Guenther
2009-11-10 13:10:12 +01:00
Volker Lendecke
bb283af16f Revert "s3: Do not directly reference the ndr_table_* in rpcclient"
This reverts commit 70c698fd54.
2009-11-08 19:43:47 +01:00
Volker Lendecke
e181b88978 Revert "s3: Do not reference ndr_table_<pipe> in the cli_ routines directly"
This reverts commit daa964013b.
2009-11-08 19:43:47 +01:00
Volker Lendecke
daa964013b s3: Do not reference ndr_table_<pipe> in the cli_ routines directly 2009-11-08 13:12:13 +01:00
Volker Lendecke
70c698fd54 s3: Do not directly reference the ndr_table_* in rpcclient 2009-11-08 00:28:36 +01:00
Volker Lendecke
5cdee7ae05 s3: Do the printing for DEBUGLEVEL>=10 centrally
12 insertions(+), 10651 deletions(-)

I think that says it all :-)
2009-11-07 11:07:37 +01:00
Volker Lendecke
cd16e38e32 s3: Register the ndr_interfaces dynamically 2009-11-07 09:14:16 +01:00
Volker Lendecke
268df12ab6 s3: Get rid of a NULL terminator 2009-11-07 09:14:16 +01:00
Volker Lendecke
a32c425f91 s3: Get rid of explicit pipe names 2009-11-07 09:14:16 +01:00
Volker Lendecke
2aa0af9867 s3: get_pipe_name_from_iface -> get_pipe_name_from_syntax 2009-11-07 09:14:15 +01:00
Günther Deschner
60bf0eb607 s3-kerberos: modify cli_krb5_get_ticket to take a new impersonate_princ_s arg.
Guenther
2009-11-06 13:31:17 +01:00
Volker Lendecke
b067a5e4e8 s3: Remove debug_ctx()
smbd just crashed on me: In a debug message I called a routine preparing a
string that itself used debug_ctx. The outer routine also used it after the
inner routine had returned. It was still referencing the talloc context
that the outer debug_ctx() had given us, which the inner DEBUG had already
freed.
2009-11-03 11:30:00 +01:00
Günther Deschner
64e8aa1b14 s3-netlogon: fix updating trust accout passwords with downlevel domains.
When choosing the netlogon password set function, make sure to look at the
*negotiated* flags in the cli->dc state, not the ones we start the negotiation
with.

Guenther
2009-10-16 18:03:32 +02:00
Günther Deschner
ebe0e64ba9 s3: use enum netr_SchannelType all over the place.
Guenther
2009-10-13 10:21:46 +02:00
Günther Deschner
4a1b50afd5 s3-netlogon: pass down account name to remote password set functions.
Guenther
2009-10-13 00:07:45 +02:00
Matthias Dieter Wallnöfer
607ceff234 s3/s4 - Adapt the IDL changes on various locations 2009-10-08 09:50:19 +02:00
Günther Deschner
0c2fc9eedf s3-netlogon: setup NETLOGON credential chain in rpccli_netlogon_set_trust_password() only when needed.
Guenther
2009-10-06 16:50:23 +02:00
Volker Lendecke
872f9c4f91 Revert "s3: Attempt to fix machine password change"
This reverts commit 20a8ea91e1.

Ooops, this should not have been committed.
2009-10-05 22:14:06 +02:00
Volker Lendecke
20a8ea91e1 s3: Attempt to fix machine password change 2009-10-05 22:12:20 +02:00
Volker Lendecke
84de81b478 s3: Remove a scary error message -- talloc_move can not fail :-)
Signed-off-by: Günther Deschner <gd@samba.org>
2009-10-05 12:14:08 +02:00
Günther Deschner
c6a7ecf28b s3-registry: move rpccli_winreg_Connect to the only file it belongs.
Guenther
2009-10-01 11:40:31 +02:00
Stefan Metzmacher
68b8149d1f s3:rpc_client: don't randomly fragment rpc pdu's in developer mode
This is really confusing and also breaks against windows,
as it doesn't accept fragmented bind requests.

metze
2009-09-25 05:20:16 +02:00
Günther Deschner
a4b5c792c5 s3-rpc_client: fix non initialized structure in rpccli_lsa_lookup_sids_noalloc.
Guenther
2009-09-18 21:32:45 +02:00
Günther Deschner
503d035814 spnego: share spnego_parse.
Guenther
2009-09-17 01:12:20 +02:00
Stefan Metzmacher
033ced60ac libcli/auth: rewrite schannel sign/seal code to be more generic
This prepares support for HMAC-SHA256/AES.

metze
2009-09-16 12:29:06 +02:00
Günther Deschner
37bc806453 s3-dcerpc: remove more obsolete or duplicate headers.
Guenther
2009-09-16 08:55:51 +02:00
Günther Deschner
c5c04fcf90 s3-schannel: add dump_NL_AUTH_SIGNATURE.
Guenther
2009-09-16 07:54:02 +02:00
Günther Deschner
799f8d7e13 schannel: fully share schannel sign/seal between s3 and 4.
Guenther
2009-09-16 01:55:06 +02:00
Günther Deschner
f8014d30e7 s3-schannel: fix blob length when pulling off a NL_AUTH_SIGNATURE in
cli_pipe_verify_schannel().

Guenther
2009-09-16 00:11:23 +02:00
Günther Deschner
c2d7c7a9dd s3-dcerpc: fix remaining old auth level constants.
Guenther
2009-09-15 18:30:44 +02:00
Günther Deschner
fdf3bd6203 s3-dcerpc: remove unsed auth type defines as seen on the wire.
Guenther
2009-09-15 17:50:00 +02:00