1
0
mirror of https://github.com/samba-team/samba.git synced 2024-12-25 23:21:54 +03:00
Commit Graph

802 Commits

Author SHA1 Message Date
Andrew Tridgell
b0cc0d5698 s4-librpc: set error code to LOGON_FAILURE on RPC fault with access denied
this allows the client code to trigger a retry with a new password
callback for NTLM connections

Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2012-11-01 15:40:41 +11:00
Andrew Tridgell
5d6ae3498a s4-librpc: try a 2nd logon for more error cases
not all servers give LOGON_FAILURE on authentication failures, so we
need to do the retry with a new ticket on a wider range of error types

Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2012-11-01 15:40:41 +11:00
Andrew Tridgell
ed2e69fe91 s4-librpc: use cli_credentials_failed_kerberos_login to cope with stale tickets
This allows our RPC client code to cope with a kerberos server
changing password while we have a valid service ticket

Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2012-11-01 15:40:40 +11:00
Stefan Metzmacher
89a5a71654 s4:librpc/rpc: don't do async requests if gensec doesn't support async replies (bug #9097)
metze
2012-08-25 01:39:41 +02:00
Stefan Metzmacher
0bd0ad967d s4:librpc/rpc: also call dcerpc_schedule_io_trigger() after bind and alter_context responses
metze
2012-08-25 01:39:41 +02:00
Stefan Metzmacher
e44b5bdb2c s4:librpc/rpc: use dcerpc_req_dequeue() in dcerpc_request_recv_data()
metze
2012-08-25 01:39:41 +02:00
Stefan Metzmacher
81bc57d395 s4:librpc/rpc: use talloc_zero for 'struct rpc_request'
metze
2012-08-25 01:39:41 +02:00
Volker Lendecke
5251d07e62 s4: Fix returns in py_check_dcerpc_type
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
2012-08-17 00:57:19 +02:00
Stefan Metzmacher
7977d90f1e s4:librpc/dcerpc_smb2: sync smb2_session_key() with smb_session_key()
metze
2012-08-01 14:17:14 +02:00
Stefan Metzmacher
286e249737 s4:librpc/dcerpc_smb: make use of smbXcli_session_application_key()
metze
2012-08-01 14:17:13 +02:00
Stefan Metzmacher
803fb40449 s4:librpc/dcerpc_smb2: make use of smbXcli_session_application_key()
metze
2012-08-01 14:17:13 +02:00
Andrew Bartlett
fc6d7bfbe7 s4-librpc: Fix private context for dcerpc_connect_timeout_handler
This was incorrect in 02a356ea77.

Andrew Bartlett

Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Sun Jul 29 14:54:33 CEST 2012 on sn-devel-104
2012-07-29 14:54:32 +02:00
Andrew Bartlett
02a356ea77 s4-librpc: Ensure we do not call call the decrpc timeout handler during gensec_update()
This avoids a situation where we could destroy pointers on the stack due to
a nested event loop.

This is certainly not a final, generic solution, but it is a minimal change
while we work to make gensec and gensec_gssapi async.

Andrew Bartlett
2012-07-18 09:32:53 +02:00
Andreas Schneider
197781a651 s4-librpc: Add capabilities check for AES encrypted connections.
Signed-off-by: Günther Deschner <gd@samba.org>
2012-07-17 13:26:34 +02:00
Stefan Metzmacher
780006db9d s4:librpc/rpc: add DCERPC_SCHANNEL_AES support
metze

Signed-off-by: Günther Deschner <gd@samba.org>
2012-07-17 10:58:39 +02:00
Stefan Metzmacher
342a2e6181 s4:librpc/rpc/dcerpc_schannel: just append NETLOGON_NEG_RODC_PASSTHROUGH as rodc
The RODC stuff doesn't depend on the schannel algorithm.

metze

Signed-off-by: Günther Deschner <gd@samba.org>
2012-07-17 10:58:38 +02:00
Stefan Metzmacher
e7c7a91130 s4:librpc/rpc/dcerpc_schannel: rework downgrade logic
metze

Signed-off-by: Günther Deschner <gd@samba.org>
2012-07-17 10:58:38 +02:00
Stefan Metzmacher
5629eb7802 s4:librpc: create a binding on the pipe if necessary in dcerpc_pipe_open_smb2_send()
Pair-Programmed-With: Michael Adam <obnox@samba.org>
2012-04-27 17:44:06 +02:00
Stefan Metzmacher
df27ba3e8b s4:librpc/rpc: directly return after composite_error()
metze

Autobuild-User: Stefan Metzmacher <metze@samba.org>
Autobuild-Date: Mon Apr 23 12:17:08 CEST 2012 on sn-devel-104
2012-04-23 12:17:08 +02:00
Stefan Metzmacher
0971a4ee6c s4:librpc/rpc: also parse ncacn_packet pdus with LIBNDR_FLAG_OBJECT_PRESENT
metze

Autobuild-User: Stefan Metzmacher <metze@samba.org>
Autobuild-Date: Tue Apr  3 23:06:31 CEST 2012 on sn-devel-104
2012-04-03 23:06:30 +02:00
Stefan Metzmacher
05ceb53dda s4:librpc/rpc: don't mix up paylod ndr flags with the dcerpc layer
If the transfer syntax is NDR64, it's only for the payload not
for the dcerpc pdus.

metze
2012-04-03 20:02:10 +02:00
Jelmer Vernooij
95ca5fbadd libndr: Rename ndr64_transfer_syntax and null_ndr_syntax_id so they have a ndr_ prefix.
This makes the NDR namespace a bit clearer, in preparation of ABI checking.
2012-03-20 13:54:07 +01:00
Jelmer Vernooij
0affe19304 Remove more unnecessary shebang lines in python files.
Autobuild-User: Jelmer Vernooij <jelmer@samba.org>
Autobuild-Date: Fri Mar 16 02:48:52 CET 2012 on sn-devel-104
2012-03-16 02:48:52 +01:00
Stefan Metzmacher
ebcfa61d9f s4:librpc/rpc: avoid an unused talloc_reference() from dcerpc_request_send()
metze
2012-03-15 07:35:28 +01:00
Stefan Metzmacher
bb75905b6a s4:librpc/rpc: pass a mem_ctx to dcerpc_request_send()
metze
2012-03-15 07:35:28 +01:00
Stefan Metzmacher
cd1d5a29d4 s4:librpc/rpc: use tevent_req_defer_callback() in dcerpc_alter_context_*
metze
2012-03-15 07:35:28 +01:00
Stefan Metzmacher
6d631e52cf s4:librpc/rpc: use tevent_req_defer_callback() in dcerpc_bind_*
metze
2012-03-15 07:35:28 +01:00
Stefan Metzmacher
198c5ace6f s4:librpc/rpc: convert dcerpc_alter_context_send/recv to tevent_req
Many thanks to Andrew Bartlett <abartlet@samba.org> for the
debugging, which lead to the following line:

       talloc_steal(state, raw_packet->data);

metze
2012-03-15 07:35:28 +01:00
Stefan Metzmacher
6b81d71f3e s4:librpc/rpc: convert dcerpc_bind_send/recv to tevent_req
Many thanks to Andrew Bartlett <abartlet@samba.org> for the
debugging, which lead to the following line:

       talloc_steal(state, raw_packet->data);

metze
2012-03-15 07:35:28 +01:00
Stefan Metzmacher
946eca438d s4:librpc/rpc: also notify requests which are not shipped about a dead connection
metze
2012-03-15 07:35:28 +01:00
Stefan Metzmacher
080549f467 s4:librpc/rpc: ship requests via an immediate event
Deep inside dcerpc_ship_next_request() some code path
could trigger dcerpc_connection_dead(), which means
it's not safe to do any processing after calling dcerpc_ship_next_request().

metze
2012-03-15 07:35:28 +01:00
Stefan Metzmacher
553a8921a4 s4:librpc/rpc: if the connecion is dead we're done
There's no point in doing anymore processing,
it can just lead to crashes.

metze
2012-03-15 07:35:28 +01:00
Stefan Metzmacher
6949a79087 s4:librpc/rpc: if the connection is dead we don't want to be called recursivly.
metze
2012-03-15 07:35:28 +01:00
Andrew Bartlett
193078117d s4-librpc: Remove unused new_ev
Autobuild-User: Andrew Bartlett <abartlet@samba.org>
Autobuild-Date: Fri Mar  9 07:18:45 CET 2012 on sn-devel-104
2012-03-09 07:18:45 +01:00
Stefan Metzmacher
7b1fb08842 s4:librpc/rpc: make dcerpc_bh_raw_call_* more robust against disconnects and timeouts
Using tevent_req_defer_callback() should make the situation a bit better,
until we have a common robust low level dcerpc library.

metze

Autobuild-User: Stefan Metzmacher <metze@samba.org>
Autobuild-Date: Wed Mar  7 18:44:24 CET 2012 on sn-devel-104
2012-03-07 18:44:24 +01:00
Stefan Metzmacher
01c404a67c s4:librpc/rpc: make dcerpc_bh_is_connected() more robust
metze
2012-03-07 17:01:17 +01:00
Michael Adam
e9210987c6 s4:libcli:smb2: add a previous session argument to smb2_connect_send() 2012-02-28 00:08:53 +01:00
Stefan Metzmacher
07b1de98cd s4:librpc/dcerpc_smb2: make use of smb2cli_session_application_key()
metze
2012-02-27 12:51:34 +01:00
Stefan Metzmacher
1b45f2aed8 s4:pyrpc: add 'user_session_key' getter to the connection object
This gets the session key from gensec for usage in DRSUAPI.

metze

Autobuild-User: Stefan Metzmacher <metze@samba.org>
Autobuild-Date: Wed Jan  4 22:31:52 CET 2012 on sn-devel-104
2012-01-04 22:31:52 +01:00
Andreas Schneider
a7541fc27e s4-librpc: Fix netlogon schannel client connect.
As a client we request as much flags as possible. The server checks
which flags it supports and returns the same negotiation flags or less.
So we need to store the negotiate flags from the server. We need them
later if we have to call netr_LogonGetCapabilities.
2011-12-22 17:48:24 +01:00
Andreas Schneider
17d124490b s4-librpc: Fix NETLOGON credential chain with Windows 2008.
Windows Server 2008 returns NT_STATUS_DOWNGRADE_DETECTED if you call
netrServerAuthenticate2 during a domain join without setting the strong
keys flag (128bit crypto).

Only for NT4 we need to do a downgrade to the returned negotiate flags.

See also 0970369ca0.
2011-12-14 13:41:28 +01:00
Stefan Metzmacher
4afbda221c s4:libcli/raw: implement on top of smbXcli_conn/req
metze

Autobuild-User: Stefan Metzmacher <metze@samba.org>
Autobuild-Date: Wed Nov 30 15:13:36 CET 2011 on sn-devel-104
2011-11-30 15:13:36 +01:00
Stefan Metzmacher
300343d16c s4:libcli/smb2: implement on top of smbXcli_conn/req
metze
2011-11-24 19:02:33 +01:00
Matthieu Patou
7c9b3cdcf7 s4-librpc: do not limit to the first IP when trying to do a rpc connection
The function continue_ip_resolve_name was calling resolve_name_recv which returns
only the first IP for a given hostname.
Instead we use resolve_name_multiple_recv which returns all the IP for a given
hostname. This kind of problem can occur if a host has more than 1 IP but is listenning
only on 1.
2011-11-11 20:28:11 +01:00
Stefan Metzmacher
6c07505b15 s4:librpc/dcerpc_smb2: fix smb2_write_callback()
The should use smb2_write_recv() to get the result.

metze

Autobuild-User: Stefan Metzmacher <metze@samba.org>
Autobuild-Date: Fri Oct 28 09:55:48 CEST 2011 on sn-devel-104
2011-10-28 09:55:48 +02:00
Stefan Metzmacher
926b3394b6 s4:librpc/dcerpc_smb: fix smb_write_callback()
The should use smb_raw_write_recv() to get the result.

metze
2011-10-28 08:11:00 +02:00
David Disseldorp
281fc93c6b libcli: move ioctl function field defs to smb_constants
Currently there are a lot of duplicate ioctl function field definitions
between source3 and source4.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
2011-10-19 15:44:29 +02:00
Andrew Bartlett
e7d5f0a357 gensec: move event context from gensec_*_init() to gensec_update()
This avoids keeping the event context around on a the gensec_security
context structure long term.

In the Samba3 server, the event context we either supply is a NULL
pointer as no server-side modules currently use the event context.

Andrew Bartlett

Signed-off-by: Stefan Metzmacher <metze@samba.org>
2011-10-18 13:13:33 +11:00
Andrew Bartlett
3cdb1fe440 s4-messaging: Pass the loadparm context, not just the messaging path
This will allow the TDB layer to get at the lp_ctx for tdb options.

Andrew Bartlett
2011-10-13 14:06:07 +02:00
Andrew Tridgell
3e685f5995 s4-rpc: show binding string in failed rpc binds
this makes debugging some RPC auth issues easier
2011-09-22 10:00:49 +10:00