summaryrefslogtreecommitdiffstats
path: root/source3/librpc
Commit message (Collapse)AuthorAgeFilesLines
...
* s3:smbXsrv.idl: add smbXsrv_tcon* structuresStefan Metzmacher2012-06-251-0/+63
| | | | | | | | | struct smbXsrv_tcon will represent a SMB 1 or SMB 2 tree connect. It will replace 'struct smbd_smb2_tcon' and 'connection_struct' will be changed to handle just the protocol independent glue for the SMB_VFS layer. metze
* s3:smbXsrv.idl: add smbXsrv_session* structuresStefan Metzmacher2012-06-251-0/+92
| | | | | | | | | struct smbXsrv_session will represent a SMB 1 or SMB 2 session. It will replace 'struct smbd_smb2_session' and 'user_struct' will be changed to handle just the protocol independent glue for the SMB_VFS layer. metze
* s3:librpc/idl/smbXsrv.idl: add smbXsrv_version_* structuresStefan Metzmacher2012-06-251-1/+65
| | | | metze
* s3:librpc: add smbXsrv.idlStefan Metzmacher2012-06-253-1/+20
| | | | metze
* s3-rpcclient: add fsrvp commandsDavid Disseldorp2012-06-081-0/+4
| | | | | | | | | | | | | | | | | | | | | | | | | fss_create_expose connects to an FSRVP server and negotiates the creation and exposure of a share shadow-copy. shadow-copies of multiple shares can be requested with a single fss_create_expose request. ddiss@plati:~> bin/rpcclient -k -U 'LURCH\administrator%password' \ ncacn_np:lutze[sign] rpcclient $> fss_create_expose backup ro hyper 381884f2-b578-45ea-b8d2-cf82491f4011: shadow-copy set created ... share hyper@{B6137E21-9CBB-4547-A21D-E7AD40D0874B} exposed as a snapshot of \\lutze\hyper fss_delete removes the shadow-copy share: rpcclient $> fss_delete hyper 381884f2-b578-45ea-b8d2-cf82491f4011 \ b6137e21-9cbb-4547-a21d-e7ad40d0874 Shadow-copies can be created read-write or read-only. Experimenting with Windows Server "8" beta, a recovery complete call is required after creating a read-write (ATTR_AUTO_RECOVERY) shadow copy. Otherwise subsequent creation requests fail with FSRVP_E_SHADOW_COPY_SET_IN_PROGRESS.
* gse: Use the smb_gss_oid_equal wrapper.Andreas Schneider2012-05-231-20/+3
| | | | Signed-off-by: Andreas Schneider <asn@samba.org>
* Introduce system MIT krb5 build with --with-system-mitkrb5 option.Alexander Bokovoy2012-05-231-1/+1
| | | | | | | | | | | | | | | | | System MIT krb5 build also enabled by specifying --without-ad-dc When --with-system-mitkrb5 (or --withou-ad-dc) option is passed to top level configure in WAF build we are trying to detect and use system-wide MIT krb5 libraries. As result, Samba 4 DC functionality will be disabled due to the fact that it is currently impossible to implement embedded KDC server with MIT krb5. Thus, --with-system-mitkrb5/--without-ad-dc build will only produce * Samba 4 client libraries and their Python bindings * Samba 3 server (smbd, nmbd, winbindd from source3/) * Samba 3 client libraries In addition, Samba 4 DC server-specific tests will not be compiled into smbtorture. This in particular affects spoolss_win, spoolss_notify, and remote_pac rpc tests.
* s3:gse: implement gensec_gse_expire_time()Stefan Metzmacher2012-05-171-0/+12
| | | | metze
* s3:gse: remember the expire timeStefan Metzmacher2012-05-171-2/+15
| | | | metze
* s3: Attempt to fix the build without kerberosVolker Lendecke2012-04-241-1/+1
| | | | | Autobuild-User: Volker Lendecke <vl@samba.org> Autobuild-Date: Tue Apr 24 15:04:14 CEST 2012 on sn-devel-104
* Make krb5 wrapper library common so they can be used all overSimo Sorce2012-04-231-3/+3
|
* s3:id_cache: do not use the in-memory idmap cache (it is going to be removed)Michael Adam2012-04-201-1/+1
| | | | This also removes the ID_CACHE_FLUSH message.
* s3-dbwrap: Add dbwrap_record_watch_send/recvVolker Lendecke2012-04-191-1/+2
| | | | With this API you can asynchronously wait for a record to be modified
* s3: New notify implementationVolker Lendecke2012-04-171-0/+3
| | | | | | | | | | | | From notify_internal.c: /* * The notify database is split up into two databases: One * relatively static index db and the real notify db with the * volatile entries. */ This change is necessary to make notify scale better in a cluster
* gse: Remove unnecessary header.Simo Sorce2012-04-121-1/+0
| | | | Signed-off-by: Andreas Schneider <asn@samba.org>
* auth-krb: Nove oid packet check to gensec_util.Simo Sorce2012-04-121-21/+1
| | | | | | | | This is clearly a utiliy function generic to gensec. Also the 3 callers had identical implementations. Provide a generic implementation for all of them and avoid duplicating the code everywhere. Signed-off-by: Andreas Schneider <asn@samba.org>
* Second part of bugfix for bug #8837 - smbd crashes when deleting directory ↵Jeremy Allison2012-04-041-0/+1
| | | | | | | and veto files are enabled. Store the 'struct security_token' as well as the 'struct security_unix_token' inside the locking db when setting a delete on close.
* s3:gse: fix debug message in gse_get_server_auth_token()Stefan Metzmacher2012-03-171-1/+1
| | | | | | | metze Autobuild-User: Stefan Metzmacher <metze@samba.org> Autobuild-Date: Sat Mar 17 03:21:06 CET 2012 on sn-devel-104
* s3-krb5: Remove GSS_WRAP_IOV conditionalAndrew Bartlett2012-03-151-2/+2
| | | | | | | We already confirm that we have this functionality before we set HAVE_KRB5 at configure time. Andrew Bartlett
* Fix a bunch of "unused variable" warnings.Jeremy Allison2012-02-181-6/+6
| | | | | Autobuild-User: Jeremy Allison <jra@samba.org> Autobuild-Date: Sat Feb 18 06:22:40 CET 2012 on sn-devel-104
* auth/kerberos: Move gse_get_session_key() to common code and use in ↵Andrew Bartlett2012-02-171-113/+3
| | | | | | | | | gensec_gssapi Thie ensures that both code bases use the same logic to determine the use of NEW_SPNEGO. Andrew Bartlett
* s3-gse: Allow kerberos key type OID to be optionalAndrew Bartlett2012-02-171-4/+11
|
* s3-gse: Fix OID to read for kerberos key typeAndrew Bartlett2012-02-171-2/+2
|
* s3-librpc: Remove backup declaration of GSS_C_DCE_STYLEAndrew Bartlett2012-02-171-4/+0
| | | | | | All our supported krb5 libs provide this. Andrew Bartlett
* s3-gse: Remove unused OID declarationAndrew Bartlett2012-02-171-9/+0
|
* s3-librpc: Remove gse_verify_server_auth_flagsAndrew Bartlett2012-02-161-50/+0
| | | | | | | | | | | | | | | | gensec_update() ensures that DCE-style and sign/seal are negotiated correctly for DCE/RPC pipes. Also, the smb sealing client/server already check for the gensec_have_feature(). This additional check just keeps causing trouble, and is 'protecting' an already secure negoitated exchange. Andrew Bartlett Signed-off-by: Stefan Metzmacher <metze@samba.org> Autobuild-User: Stefan Metzmacher <metze@samba.org> Autobuild-Date: Thu Feb 16 21:19:44 CET 2012 on sn-devel-104
* s3-librpc: Use gensec_spnego for DCE/RPC authenticationAndrew Bartlett2012-02-163-468/+0
| | | | | | | | | | | | | This ensures that we use the same SPNEGO code on session setup and on DCE/RPC binds, and simplfies the calling code as spnego is no longer a special case in cli_pipe.c A special case wrapper function remains to avoid changing the application layer callers in this patch. Andrew Bartlett Signed-off-by: Stefan Metzmacher <metze@samba.org>
* s3-gse: Use the session key type, not the lucid context to set NEW_SPNEGOAndrew Bartlett2012-02-161-67/+69
| | | | | | | | | | | | | | Using gss_krb5_export_lucid_sec_context() is a problem with MIT krb5, as it (reasonably, I suppose) invalidates the gssapi context on which it is called. Instead, we look to the type of session key which is negotiated, and see if it not AES (or newer). If we negotiated AES or newer, then we set GENSEC_FEATURE_NEW_SPENGO so that we know to generate valid mechListMic values in SPNEGO. Andrew Bartlett Signed-off-by: Stefan Metzmacher <metze@samba.org>
* s3-librpc: Remove unused bool gensec_hookAndrew Bartlett2012-02-161-2/+0
| | | | Signed-off-by: Stefan Metzmacher <metze@samba.org>
* s3:gse: return NT_STATUS_LOGON_FAILURE instead of NT_STATUS_INTERNAL_ERRORStefan Metzmacher2012-01-261-2/+2
| | | | | | | | | | | | | This matches the behavior of ads_verify_ticket(). Note that ads_verify_ticket() calls krb5_to_nt_status(), but as a server it's likely to always returns NT_STATUS_UNSUCCESSFUL. ads_verify_ticket() maps NT_STATUS_UNSUCCESSFUL to NT_STATUS_LOGON_FAILURE. metze Autobuild-User: Stefan Metzmacher <metze@samba.org> Autobuild-Date: Thu Jan 26 10:48:36 CET 2012 on sn-devel-104
* s3-gse: add GENSEC_FEATURE_NEW_SPNEGO detection in gensec_gse_have_feature()Stefan Metzmacher2012-01-251-0/+55
| | | | metze
* s3-gse: make sure GSS_C_CONF_FLAG implies GSS_C_INTEG_FLAGStefan Metzmacher2012-01-201-0/+6
| | | | metze
* s3-gse: implement fill_mem_keytab_from_[system|dedicated]_keytabStefan Metzmacher2012-01-201-6/+234
| | | | metze
* s3-gse: create memory keytab in gse_krb5_get_server_keytab()Stefan Metzmacher2012-01-201-27/+25
| | | | | | The other functions just add entries to it. metze
* s3-gse: fix SECRETS_AND_KEYTAB fallback in gse_krb5_get_server_keytab()Stefan Metzmacher2012-01-201-6/+13
| | | | metze
* s3-gse: align common elements between gse_context and gensec_gssapi_stateAndrew Bartlett2012-01-181-7/+8
| | | | Signed-off-by: Stefan Metzmacher <metze@samba.org>
* s3-gse: Make gensec_gse cope with non-DCE GSSAPIAndrew Bartlett2012-01-181-5/+8
| | | | | | | | | The validation of the mutual authentication reply produces no further data to send to the server. Andrew Bartlett Signed-off-by: Stefan Metzmacher <metze@samba.org>
* s3-gse: the server should not check for GSS_C_MUTUAL_FLAGStefan Metzmacher2012-01-181-6/+0
| | | | | | | It up to the client to ask for GSS_C_MUTUAL_FLAG, except for the dcerpc case, where the server is stricter. metze
* s3-gse: verify that we got GSS_C_DCE_STYLE when expectedStefan Metzmacher2012-01-181-0/+11
| | | | | | GSS_C_DCE_STYLE implies GSS_C_MUTUAL_FLAG, so also check for it. metze
* s3-gse Remove authenticated flag from gseAndrew Bartlett2012-01-181-7/+0
| | | | | | | | The only user for this flag is called only directly after it was set. Andrew Bartlett Signed-off-by: Stefan Metzmacher <metze@samba.org>
* s3-gse remove special more_processing hook from gseAndrew Bartlett2012-01-181-12/+2
| | | | | | | | | The NT_STATUS_MORE_PROCESSING_REQUIRED status code is what gensec is expecting in any case. Andrew Bartlett Signed-off-by: Stefan Metzmacher <metze@samba.org>
* s3-gse Rename gss_c_flags and ret_flags in gseAndrew Bartlett2012-01-181-18/+18
| | | | | | | | | This make it clearer what type of flags these are and matches gensec_gssapi Andrew Bartlett Signed-off-by: Stefan Metzmacher <metze@samba.org>
* s3-gse Rename gss_ctx to match gensec_gssapi_contextAndrew Bartlett2012-01-181-17/+17
| | | | Signed-off-by: Stefan Metzmacher <metze@samba.org>
* s3-gse Rename delegated_creds to match gensec_gssapi_contextAndrew Bartlett2012-01-181-4/+4
| | | | Signed-off-by: Stefan Metzmacher <metze@samba.org>
* s3-gse gss_wrap_iov_length() only needs the type and lengthStefan Metzmacher2012-01-181-2/+4
| | | | metze
* s3-gse Make seal parameter a boolean for clarityAndrew Bartlett2012-01-181-2/+2
| | | | Signed-off-by: Stefan Metzmacher <metze@samba.org>
* s3-librpc Remove special case for spnego session keyAndrew Bartlett2012-01-182-15/+0
| | | | | | | | SPNEGO is implemented only in terms of gensec mechanisms now. Andrew Bartlett Signed-off-by: Stefan Metzmacher <metze@samba.org>
* s3-librpc Remove special case for spnego dcerpc sign/sealAndrew Bartlett2012-01-181-92/+18
| | | | | | | | SPNEGO is implemented only in terms of gensec mechanisms now. Andrew Bartlett Signed-off-by: Stefan Metzmacher <metze@samba.org>
* s3-gse Move GSS_C_DCE_STYLE backup definition to gse.cAndrew Bartlett2012-01-182-4/+4
| | | | Signed-off-by: Stefan Metzmacher <metze@samba.org>
* s3-gse Add constAndrew Bartlett2012-01-181-4/+4
| | | | Signed-off-by: Stefan Metzmacher <metze@samba.org>
generated by cgit (git 2.34.1) at 2024-10-01 07:12:30 +0000