sin/samba-mirror
1
0
Fork 0
mirror of https://github.com/samba-team/samba.git synced 2025-01-17 02:05:21 +03:00
Code
56,463 Commits 60 Branches 1,145 Tags
Commit Graph

221 Commits

Author SHA1 Message Date
Günther Deschner
503d035814 spnego: share spnego_parse. 
Guenther
 2009-09-17 01:12:20 +02:00
Stefan Metzmacher
033ced60ac libcli/auth: rewrite schannel sign/seal code to be more generic 
This prepares support for HMAC-SHA256/AES.

metze
 2009-09-16 12:29:06 +02:00
Günther Deschner
37bc806453 s3-dcerpc: remove more obsolete or duplicate headers. 
Guenther
 2009-09-16 08:55:51 +02:00
Günther Deschner
c5c04fcf90 s3-schannel: add dump_NL_AUTH_SIGNATURE. 
Guenther
 2009-09-16 07:54:02 +02:00
Günther Deschner
799f8d7e13 schannel: fully share schannel sign/seal between s3 and 4. 
Guenther
 2009-09-16 01:55:06 +02:00
Günther Deschner
231b2fa261 s3-dcerpc: really fix remaining old auth level constants. sorry... 
Guenther
 2009-09-15 19:34:18 +02:00
Günther Deschner
c2d7c7a9dd s3-dcerpc: fix remaining old auth level constants. 
Guenther
 2009-09-15 18:30:44 +02:00
Günther Deschner
7b36ea55ea s3-dcerpc: remove duplicate RPC_AUTH_LEVEL flags. 
Guenther
 2009-09-15 17:49:43 +02:00
Günther Deschner
d3af0346c8 s3-dcerpc: use dcerpc_AuthLevel and remove duplicate set of flags. 
Guenther
 2009-09-15 17:49:34 +02:00
Günther Deschner
f900e61cf8 s3-schannel: fix api_pipe_schannel_process(), was using incorrect buffer length. 
Found by RPC-SCHANNEL torture test.

Guenther
 2009-09-13 06:46:55 +02:00
Günther Deschner
d258fb4d0d s3-schannel: use NL_AUTH_SIGNATURE for schannel sign & seal (client & server). 
Guenther
 2009-09-11 03:00:35 +02:00
Günther Deschner
9ab5d9be8d s3-schannel: use NL_AUTH_MESSAGE for schannel bind reply. 
Guenther
 2009-09-11 02:57:27 +02:00
Günther Deschner
3984738646 s3-rpc_server: use NL_AUTH_MESSAGE in pipe_schannel_auth_bind(). 
Guenther
 2009-09-08 17:07:03 +02:00
Günther Deschner
21a93c2ddc s3-netlogon: use shared credential and schannel storage infrastructure for netlogon server. 
Guenther
 2009-08-27 15:55:19 +02:00
Volker Lendecke
880c286bc9 Use null_ndr_syntax_id instead of zeroing null_interface manually 2009-07-05 23:50:12 +02:00
Volker Lendecke
58fbf7420c Remove "typedef struct ndr_syntax_id RPC_IFACE;" 2009-07-05 23:50:12 +02:00
Volker Lendecke
30dd96e819 Make check_bind_req static to rpc_server/srv_pipe.c 2009-07-05 23:50:12 +02:00
Jeremy Allison
67d12e9c6b Get the sense of the integer wrap test the right way around. Sorry. 
Jeremy.
 2009-03-05 22:00:22 -08:00
Jeremy Allison
4e74d811aa Now we're allowing a lower bound for auth_len, ensure we 
also check for an upper one (integer wrap).
Jeremy.
 2009-03-05 21:06:48 -08:00
Volker Lendecke
2544ba6a0a Complete the fix for bug 6100 
According to [MS-RPCE].pdf, section 2.2.2.11:

----
A client or a server that (during composing of a PDU) has allocated more space
for the authentication token than the security provider fills in SHOULD fill in
the rest of the allocated space with zero octets. These zero octets are still
considered to belong to the authentication token part of the PDU.<36>
----

RPC implementations are allowed to send padding bytes at the end of an auth
footer. Windows 7 makes use of this.

Thanks to Nick Meier <nmeier@microsoft.com>

Volker
 2009-03-05 22:28:07 +01:00
Volker Lendecke
3a4c8cd492 Make prs_struct->out_data.current_pdu dynamically allocated 
Another 4k per open pipe
 2009-02-08 13:53:50 +01:00
Dan Sledz
d96248a9b4 Add two new parameters to control how we verify kerberos tickets. Removes lp_use_kerberos_keytab parameter. 
The first is "kerberos method" and replaces the "use kerberos keytab"
with an enum.  Valid options are:
secrets only - use only the secrets for ticket verification (default)
system keytab - use only the system keytab for ticket verification
dedicated keytab - use a dedicated keytab for ticket verification.
secrets and keytab - use the secrets.tdb first, then the system keytab

For existing installs:
"use kerberos keytab = yes" corresponds to secrets and keytab
"use kerberos keytab = no" corresponds to secrets only

The major difference between "system keytab" and "dedicated keytab" is
that the latter method relies on kerberos to find the correct keytab
entry instead of filtering based on expected principals.

The second parameter is "dedicated keytab file", which is the keytab
to use when in "dedicated keytab" mode.  This keytab is only used in
ads_verify_ticket.
 2009-02-01 20:23:31 -08:00
Volker Lendecke
53394980ad Replace pipe names in pipes_struct by ndr_syntax_id 
This was mainly used for debugging output
 2009-02-01 14:34:23 +01:00
todd stecher
989ad44d32 Memory leaks and other fixes found by Coverity 2009-01-21 17:13:03 -08:00
Volker Lendecke
964acde86e Remove the rpc_srv_register wrapper around rpc_pipe_register_commands 2009-01-09 23:17:57 +01:00
Volker Lendecke
125696b73d Pass the full ndr_interface_table into the s3 rpcserver when registering 2009-01-09 23:17:57 +01:00
Volker Lendecke
c1a8e8adac Simplify find_pipe_fns_by_context slightly 2009-01-09 22:48:09 +01:00
Volker Lendecke
2714ac4d3a Fix some nonempty blank lines 2009-01-09 22:30:56 +01:00
Volker Lendecke
907f126d3e Get rid of pipes_struct->pipe_user, we have server_info now --- YESSS! 2008-11-24 11:39:03 +01:00
Günther Deschner
d9f1fff5b3 s3: use shared asn1 code. 
Guenther
 2008-10-22 21:37:36 +02:00
Volker Lendecke
042600cbac Make api_rpcTNP static to srv_pipe.c 
(This used to be commit 256c93a8b3d4d9a4e52a656c91b89a043a087066)
 2008-07-26 11:25:24 +02:00
Volker Lendecke
2e7cb1a5cc Introduce is_known_pipename 
This scans the list of pipes registered via rpc_pipe_register_commands instead
of using static tables.
(This used to be commit 283e6039989adea1c8921b3600b410cb67b6492a)
 2008-07-19 20:27:56 +02:00
Volker Lendecke
bcb652451b Simplify the RPC servers: remove get_pipe_fns 
The per-server xxx_get_pipe_fns functions can go once all the RPC servers are
converted
(This used to be commit 6aa2391cbe1cbda8269ded767117f53d83b243e1)
 2008-07-18 15:04:05 +02:00
Volker Lendecke
e0f3ea2cbe In api_pipe_bind_req(), check for the iface id, not the pipe name 
This requires to store the rpc_interface in "struct rpc_table"
(This used to be commit 654f8de8497aff29f9b1f1822b6a8e734ff329e0)
 2008-07-16 23:19:48 +02:00
Volker Lendecke
1bd7293817 In api_pipe_bind_req(), decode the bind request before checking the pipe 
(This used to be commit 8be41382ed9bb4fb44a1846fff2c7652388e4f28)
 2008-07-16 23:19:47 +02:00
Volker Lendecke
747a580952 Now that we have p->server_info, use p->server_info->user_session_key 
(This used to be commit aefad64e3a5c86d2f988d47e6215ed2085b8fc47)
 2008-06-26 13:13:23 +02:00
Volker Lendecke
cebbb2d84a Fix typo 
(This used to be commit 41d2daeaa5a87da82a0debc4c9cfe14976215bd8)
 2008-06-26 13:13:22 +02:00
Volker Lendecke
d331624fdf Add server_info to pipes_struct 
(This used to be commit d621867bb8767e1c4236d28dd9294a61db6cbb10)
 2008-06-26 13:13:22 +02:00
Volker Lendecke
df905a5d77 Make pipes_struct its own talloc ctx 
(This used to be commit 829b1ad4697f2f1ea008377d591456722dccd025)
 2008-06-21 10:34:34 +02:00
Volker Lendecke
40f5eab5eb Wrap the unix token info in a unix_user_token in auth_serversupplied_info 
No functional change, this is a preparation for more current_user ref removal
(This used to be commit dcaedf345e62ab74ea87f0a3fa1e3199c75c5445)
 2008-06-19 18:51:37 +02:00
Jelmer Vernooij
a4c60b2696 rpc_parse: Use UUIDs from librpc/gen_ndr/ when possible to reduce 
duplication.
(This used to be commit 428654b473ba44b2f5340eefef0d4fcd51aff558)
 2008-04-17 17:54:32 +02:00
Jelmer Vernooij
28fd4f6fcb Reconcile ndr_syntax_id used by pidl-generated code and Samba3's RFC_IFACE. 
(This used to be commit 7bea00dca1ee08ef731dfa73110ef9c190a29919)
 2008-04-15 20:26:52 +02:00
Volker Lendecke
c751386bb8 Remove some write-only fstrings 
(This used to be commit aacb07b1b0f674b8cb92347ef4b4dd1e7808dde8)
 2008-04-11 22:21:04 +02:00
Volker Lendecke
e9ba13bc67 Fix Coverity ID 514 
Not exactly an uninitialized variable, but having Coverity figure out that
we're only UNMARSHALLING here is probably asking for a bit too much.
(This used to be commit 07a9f7daa83c94afefe0d81db4812135121862c2)
 2008-03-23 19:44:55 +01:00
Günther Deschner
5fdf4b8f4a Remove remaining old srvsvc client and server rpc code entirely. 
Guenther
(This used to be commit a5f0186f70abe8dba650265219e69ce5ca2fb642)
 2008-03-21 04:16:22 +01:00
Marc VanHeyningen
e06aa46b9f Coverity fixes 
(This used to be commit 3fc85d22590550f0539215d020e4411bf5b14363)
 2008-03-17 20:52:25 +01:00
Günther Deschner
583aa074a9 Cosmetics: make check_bind_req() debug statements a little nicer. 
Guenther
(This used to be commit 997a0a4a12d97595ff4df963601cf2c24d612972)
 2008-02-27 19:08:59 +01:00
Günther Deschner
8db780ac8f Yippie! LSARPC server-side migration to pidl finished. 
Guenther
(This used to be commit aa7023b88d3161897b9616d950c2a99624d81931)
 2008-02-19 01:23:05 +01:00
Günther Deschner
d8fcfb1615 Build the generated ntsvcs server (not at all useable yet). 
Guenther
(This used to be commit acce1092d90db1f90265de44fd340d7df73e4e0e)
 2008-02-17 23:03:22 +01:00
Günther Deschner
b4989afbab YES! NETLOGON rpc server side migration to pidl finished. 
Guenther
(This used to be commit 7845a0d9a8f938c1be888ab2d9aa6c35d6f1dbad)
 2008-02-16 14:53:45 +01:00