summaryrefslogtreecommitdiffstats
path: root/source3/rpc_client
Commit message (Collapse)AuthorAgeFilesLines
* s3:rpc_client: add cli_rpc_pipe_open_schannel_with_creds() helper functionStefan Metzmacher2014-12-192-0/+93
| | | | | | | | | This will simplify the callers and add potential support for SEC_CHAN_DNS_DOMAIN as cli_credentials_get_realm() will return the correct value compared to cli_credentials_get_domain(). Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* s3:cli_netlogon: add rpccli_{create,setup}_netlogon_creds_with_creds() ↵Stefan Metzmacher2014-12-192-0/+65
| | | | | | | | | helper functions This simplifies the callers, then can just pass in a cli_credentials structure. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* s3-librpc: Add cli_rpc_pipe_open_with_creds()Andrew Bartlett2014-10-172-0/+131
| | | | | | | | | | | This provides a credentials-based interface. In the long term, we will want to change this not to reference the credentials, but for now this suits the caller in winbindd_cm.c Andrew Bartlett Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
* s3-winbindd: Attempt to connect to NETLOGON over NCACN_IP_TCP if we canAndrew Bartlett2014-10-083-4/+8
| | | | | | | | | | | | This is very helpful in the trusted domain situation, as we may not have a two-way trust but we can use our domain trust account to set up a connection to NETLOGON Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org> Autobuild-User(master): Andrew Bartlett <abartlet@samba.org> Autobuild-Date(master): Wed Oct 8 12:48:15 CEST 2014 on sn-devel-104
* s3-rpc_client: Migrate to cli_rpc_pipe_open_generic_auth and remove ↵Andrew Bartlett2014-10-082-65/+0
| | | | | | | | | | cli_rpc_pipe_open_spnego Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org> Autobuild-User(master): Andrew Bartlett <abartlet@samba.org> Autobuild-Date(master): Wed Oct 8 03:36:52 CEST 2014 on sn-devel-104
* s3-rpc_client: Adapt cli_rpc_pipe_open_generic_auth to use enum ↵Andrew Bartlett2014-10-082-0/+2
| | | | | | | | | | | credentials_kerberos_state This allows us to pass this value in directly from the cli_credentials structure in winbindd, once we merge this with cli_rpc_pipe_open_spnego(). Andrew Bartlett Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
* s3-rpc_client: Adapt cli_rpc_pipe_open_spnego to use enum ↵Andrew Bartlett2014-10-082-11/+3
| | | | | | | | | | | | credentials_kerberos_state This allows us to pass this value in directly from the cli_credentials structure in winbindd. Andrew Bartlett Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
* librpc: gensec is our security provider abstraction, remove a void *Andrew Bartlett2014-09-271-6/+3
| | | | | | | Andrew Bartlett Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
* librpc: Remove user/domain from struct pipe_auth_dataAndrew Bartlett2014-09-272-26/+38
| | | | | | | | This does require that we always fill in the gensec pointer, but the simplification is worth the extra allocations. Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
* s3-rpc_client: Do not give NT_STATUS_NO_MEMORY when the source string was NULLAndrew Bartlett2014-09-011-5/+6
| | | | | | | Change-Id: I25a4dcc2239267ee7c219e965693027ca2981983 Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org> Reviewed-By: Jelmer Vernooij <jelmer@samba.org>
* s3-rpc_client: return info3 in rpccli_netlogon_password_logon().Günther Deschner2014-07-152-47/+60
| | | | | | | | Guenther Signed-off-by: Günther Deschner <gd@samba.org> Pair-Programmed-With: Andreas Schneider <asn@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
* s3:rpc_client: Use gensec for NCALRPC_AS_SYSTEM.Stefan Metzmacher2014-04-241-33/+16
| | | | | Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
* s3:rpc_client: pass everything to gensec by defaultStefan Metzmacher2014-04-241-47/+19
| | | | | Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
* auth/gensec: remove tevent_context argument from gensec_update()Stefan Metzmacher2014-03-271-2/+2
| | | | | Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* rpc_client: retry open on STATUS_PIPE_NOT_AVAILABLEDavid Disseldorp2014-03-041-17/+68
| | | | | | | | | | | | | | Windows Server starts some named pipe services on demand, and responds to initial open requests with STATUS_PIPE_NOT_AVAILABLE. The FssagentRpc named pipe on Windows Server 2012 exhibits this behaviour. This change sees rpcclient retry named pipe open requests when the server responds with STATUS_PIPE_NOT_AVAILABLE. The retry logic is contained in an asynchronous tevent_timer callback, to allow for non-blocking callers. Signed-off-by: David Disseldorp <ddiss@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* s3:rpc_client: avoid using dcerpc_binding internals in rpc_pipe_get_tcp_port()Stefan Metzmacher2014-02-131-10/+21
| | | | | Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Guenther Deschner <gd@samba.org>
* s3:rpc_client: use address "0.0.0.0" and port "135" for epmapper requestsStefan Metzmacher2014-02-111-2/+2
| | | | | | | | | | Note: binding->host = NULL lets dcerpc_binding_build_tower() use "0.0.0.0". This matches Windows clients. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Guenther Deschner <gd@samba.org>
* s3:librpc/rpc: only propose header signing if we use sign or sealStefan Metzmacher2014-02-111-3/+10
| | | | | Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Guenther Deschner <gd@samba.org>
* s3:rpc_client: optimize the netlogon_creds_cli.tdb for read-only accessMichael Adam2014-02-071-1/+1
| | | | | | | | | | | | Usually a record in this DB will be written once and then read many times by winbindd processes on multiple nodes (when run in a cluster). In order not to introduce a big performance penalty with the increased correctness achieved by storing the netlogon creds, in a cluster setup, we should activate ctdb's read only record copies on this db. Signed-off-by: Michael Adam <obnox@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
* dbwrap: add a dbwrap_flags argument to db_open()Michael Adam2014-02-071-1/+2
| | | | | | | | | | This is in preparation to support handing flags to backends, in particular activating read only record support for ctdb databases. For a start, this does nothing but adding the parameter, and all databases use DBWRAP_FLAG_NONE. Signed-off-by: Michael Adam <obnox@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
* s3:rpc_client: use db_open() to open "netlogon_creds_cli.tdb"Stefan Metzmacher2014-01-221-2/+36
| | | | | | | This uses dbwrap_ctdb if running in a cluster. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* dcerpc.idl: make use of union dcerpc_bind_ack_reason and fix all callers.Stefan Metzmacher2014-01-161-1/+1
| | | | | | | | Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Guenther Deschner <gd@samba.org> Autobuild-User(master): Günther Deschner <gd@samba.org> Autobuild-Date(master): Thu Jan 16 18:21:40 CET 2014 on sn-devel-104
* s3:rpc_client: finally remove unused rpc_pipe_client->netlogon_credsStefan Metzmacher2014-01-072-12/+0
| | | | | Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* s3:rpc_client: remove unused rpccli_netlogon_sam_network_logon()Stefan Metzmacher2014-01-072-106/+0
| | | | | Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* s3:rpc_client: remove unused rpccli_netlogon_sam_logon()Stefan Metzmacher2014-01-072-133/+0
| | | | | Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* s3:rpc_client: remove unused rpccli_netlogon_setup_creds()Stefan Metzmacher2014-01-072-100/+0
| | | | | Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* s3:rpc_client: remove unused rpccli_netlogon_set_trust_password()Stefan Metzmacher2014-01-072-58/+0
| | | | | Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* s3:rpc_client: make cli_rpc_pipe_open_schannel() more flexibleStefan Metzmacher2014-01-072-3/+11
| | | | | | | | | | It expects a messaging_context now and returns a netlogon_creds_cli_context. This way we can finally avoid having a rpc_pipe_client->netlogon_creds. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* s3:rpc_client: use rpccli_{create,setup}_netlogon_creds() in ↵Stefan Metzmacher2014-01-072-103/+66
| | | | | | | cli_rpc_pipe_open_schannel() Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* s3:rpc_client: add rpccli_netlogon_password_logon()Stefan Metzmacher2014-01-072-0/+141
| | | | | Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* s3:rpc_client: add rpccli_netlogon_network_logon()Stefan Metzmacher2014-01-072-0/+117
| | | | | Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* s3:rpc_client: remove unused rpccli_netlogon_sam_network_logon_ex()Stefan Metzmacher2014-01-072-39/+0
| | | | | Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* s3:rpc_client: add rpccli_pre_open_netlogon_creds()Stefan Metzmacher2014-01-072-0/+22
| | | | | Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* s3:rpc_client: add rpccli_{create,setup}_netlogon_creds()Stefan Metzmacher2014-01-072-0/+121
| | | | | Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* s3:rpc_client: use netlogon_creds_cli_auth_level() in ↵Stefan Metzmacher2014-01-073-3/+4
| | | | | | | | | | cli_rpc_pipe_open_schannel_with_key() This means the auth level is now based on the "winbindd sealed pipes" option, defaulting to "yes" and DCERPC_AUTH_LEVEL_PRIVACY. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* s3:rpc_client: make use of the new netlogon_creds_cli_contextStefan Metzmacher2014-01-075-439/+143
| | | | | | | | | | | | | | | This exchanges rpc_pipe_client->dc with rpc_pipe_client->netlogon_creds and lets the secure channel session state be stored in node local database. This is the proper fix for a large number of bugs: https://bugzilla.samba.org/show_bug.cgi?id=6563 https://bugzilla.samba.org/show_bug.cgi?id=7944 https://bugzilla.samba.org/show_bug.cgi?id=7945 https://bugzilla.samba.org/show_bug.cgi?id=7568 https://bugzilla.samba.org/show_bug.cgi?id=8599 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* libcli/smb: s/tstream_cli_np/tstream_smbXcli_npStefan Metzmacher2014-01-072-12/+13
| | | | | Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
* libcli/smb: move source3/libsmb/cli_np_tstream.c to tstream_smbXcli_np.cStefan Metzmacher2014-01-072-2/+2
| | | | | | | This code is generic enough to have it in the top level now. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
* s3:libsmb: do not use cli_state internally within cli_np_tstreamGregor Beck2014-01-071-1/+16
| | | | | | Signed-off-by: Gregor Beck <gbeck@sernet.de> Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
* s3:rpc_client: send a dcerpc_sec_verification_trailer if neededStefan Metzmacher2014-01-072-10/+193
| | | | | | | | Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Autobuild-User(master): Stefan Metzmacher <metze@samba.org> Autobuild-Date(master): Tue Jan 7 02:24:42 CET 2014 on sn-devel-104
* s3:rpc_client: fill alloc_hint with the remaining data not the total data.Stefan Metzmacher2014-01-071-1/+1
| | | | | Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* s3:rpc_client: implement DCERPC_PFC_FLAG_SUPPORT_HEADER_SIGNStefan Metzmacher2014-01-071-6/+38
| | | | | Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* s3:rpc_client: handle DCERPC_AUTH_TYPE_SCHANNEL as any other gensec backendStefan Metzmacher2014-01-071-2/+2
| | | | | Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* s3:rpc_client: add some const to rpc_api_pipe_req_send()Stefan Metzmacher2014-01-071-2/+2
| | | | | Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* s3:rpc_client: make rpc_api_pipe_req_send/recv staticStefan Metzmacher2014-01-072-12/+2
| | | | | Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* s3:rpc_client: talloc_zero pipe_auth_dataStefan Metzmacher2014-01-071-3/+3
| | | | | Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* CVE-2013-4408:s3:Ensure LookupNames replies arrays are range checked.Jeremy Allison2013-12-091-0/+18
| | | | | | | Bug: https://bugzilla.samba.org/show_bug.cgi?id=10185 Signed-off-by: Stefan Metzmacher <metze@samba.org> Signed-off-by: Jeremy Allison <jra@samba.org>
* CVE-2013-4408:s3:Ensure LookupSids replies arrays are range checked.Jeremy Allison2013-12-091-1/+16
| | | | | | | Bug: https://bugzilla.samba.org/show_bug.cgi?id=10185 Signed-off-by: Stefan Metzmacher <metze@samba.org> Signed-off-by: Jeremy Allison <jra@samba.org>
* CVE-2013-4408:s3:Ensure we always check call_id when validating an RPC reply.Jeremy Allison2013-12-091-8/+25
| | | | | | | Bug: https://bugzilla.samba.org/show_bug.cgi?id=10185 Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
* CVE-2013-4408:s3:rpc_client: verify frag_len at least contains the header sizeStefan Metzmacher2013-12-091-0/+8
| | | | | | | Bug: https://bugzilla.samba.org/show_bug.cgi?id=10185 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
generated by cgit (git 2.34.1) at 2025-09-01 13:40:54 +0000