summaryrefslogtreecommitdiffstats
path: root/source3/rpc_client
Commit message (Collapse)AuthorAgeFilesLines
* s3:rpc_client: Use gensec for NCALRPC_AS_SYSTEM.Stefan Metzmacher2014-04-241-33/+16
| | | | | Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
* s3:rpc_client: pass everything to gensec by defaultStefan Metzmacher2014-04-241-47/+19
| | | | | Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
* auth/gensec: remove tevent_context argument from gensec_update()Stefan Metzmacher2014-03-271-2/+2
| | | | | Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* rpc_client: retry open on STATUS_PIPE_NOT_AVAILABLEDavid Disseldorp2014-03-041-17/+68
| | | | | | | | | | | | | | Windows Server starts some named pipe services on demand, and responds to initial open requests with STATUS_PIPE_NOT_AVAILABLE. The FssagentRpc named pipe on Windows Server 2012 exhibits this behaviour. This change sees rpcclient retry named pipe open requests when the server responds with STATUS_PIPE_NOT_AVAILABLE. The retry logic is contained in an asynchronous tevent_timer callback, to allow for non-blocking callers. Signed-off-by: David Disseldorp <ddiss@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* s3:rpc_client: avoid using dcerpc_binding internals in rpc_pipe_get_tcp_port()Stefan Metzmacher2014-02-131-10/+21
| | | | | Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Guenther Deschner <gd@samba.org>
* s3:rpc_client: use address "0.0.0.0" and port "135" for epmapper requestsStefan Metzmacher2014-02-111-2/+2
| | | | | | | | | | Note: binding->host = NULL lets dcerpc_binding_build_tower() use "0.0.0.0". This matches Windows clients. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Guenther Deschner <gd@samba.org>
* s3:librpc/rpc: only propose header signing if we use sign or sealStefan Metzmacher2014-02-111-3/+10
| | | | | Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Guenther Deschner <gd@samba.org>
* s3:rpc_client: optimize the netlogon_creds_cli.tdb for read-only accessMichael Adam2014-02-071-1/+1
| | | | | | | | | | | | Usually a record in this DB will be written once and then read many times by winbindd processes on multiple nodes (when run in a cluster). In order not to introduce a big performance penalty with the increased correctness achieved by storing the netlogon creds, in a cluster setup, we should activate ctdb's read only record copies on this db. Signed-off-by: Michael Adam <obnox@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
* dbwrap: add a dbwrap_flags argument to db_open()Michael Adam2014-02-071-1/+2
| | | | | | | | | | This is in preparation to support handing flags to backends, in particular activating read only record support for ctdb databases. For a start, this does nothing but adding the parameter, and all databases use DBWRAP_FLAG_NONE. Signed-off-by: Michael Adam <obnox@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
* s3:rpc_client: use db_open() to open "netlogon_creds_cli.tdb"Stefan Metzmacher2014-01-221-2/+36
| | | | | | | This uses dbwrap_ctdb if running in a cluster. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* dcerpc.idl: make use of union dcerpc_bind_ack_reason and fix all callers.Stefan Metzmacher2014-01-161-1/+1
| | | | | | | | Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Guenther Deschner <gd@samba.org> Autobuild-User(master): Günther Deschner <gd@samba.org> Autobuild-Date(master): Thu Jan 16 18:21:40 CET 2014 on sn-devel-104
* s3:rpc_client: finally remove unused rpc_pipe_client->netlogon_credsStefan Metzmacher2014-01-072-12/+0
| | | | | Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* s3:rpc_client: remove unused rpccli_netlogon_sam_network_logon()Stefan Metzmacher2014-01-072-106/+0
| | | | | Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* s3:rpc_client: remove unused rpccli_netlogon_sam_logon()Stefan Metzmacher2014-01-072-133/+0
| | | | | Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* s3:rpc_client: remove unused rpccli_netlogon_setup_creds()Stefan Metzmacher2014-01-072-100/+0
| | | | | Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* s3:rpc_client: remove unused rpccli_netlogon_set_trust_password()Stefan Metzmacher2014-01-072-58/+0
| | | | | Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* s3:rpc_client: make cli_rpc_pipe_open_schannel() more flexibleStefan Metzmacher2014-01-072-3/+11
| | | | | | | | | | It expects a messaging_context now and returns a netlogon_creds_cli_context. This way we can finally avoid having a rpc_pipe_client->netlogon_creds. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* s3:rpc_client: use rpccli_{create,setup}_netlogon_creds() in ↵Stefan Metzmacher2014-01-072-103/+66
| | | | | | | cli_rpc_pipe_open_schannel() Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* s3:rpc_client: add rpccli_netlogon_password_logon()Stefan Metzmacher2014-01-072-0/+141
| | | | | Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* s3:rpc_client: add rpccli_netlogon_network_logon()Stefan Metzmacher2014-01-072-0/+117
| | | | | Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* s3:rpc_client: remove unused rpccli_netlogon_sam_network_logon_ex()Stefan Metzmacher2014-01-072-39/+0
| | | | | Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* s3:rpc_client: add rpccli_pre_open_netlogon_creds()Stefan Metzmacher2014-01-072-0/+22
| | | | | Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* s3:rpc_client: add rpccli_{create,setup}_netlogon_creds()Stefan Metzmacher2014-01-072-0/+121
| | | | | Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* s3:rpc_client: use netlogon_creds_cli_auth_level() in ↵Stefan Metzmacher2014-01-073-3/+4
| | | | | | | | | | cli_rpc_pipe_open_schannel_with_key() This means the auth level is now based on the "winbindd sealed pipes" option, defaulting to "yes" and DCERPC_AUTH_LEVEL_PRIVACY. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* s3:rpc_client: make use of the new netlogon_creds_cli_contextStefan Metzmacher2014-01-075-439/+143
| | | | | | | | | | | | | | | This exchanges rpc_pipe_client->dc with rpc_pipe_client->netlogon_creds and lets the secure channel session state be stored in node local database. This is the proper fix for a large number of bugs: https://bugzilla.samba.org/show_bug.cgi?id=6563 https://bugzilla.samba.org/show_bug.cgi?id=7944 https://bugzilla.samba.org/show_bug.cgi?id=7945 https://bugzilla.samba.org/show_bug.cgi?id=7568 https://bugzilla.samba.org/show_bug.cgi?id=8599 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* libcli/smb: s/tstream_cli_np/tstream_smbXcli_npStefan Metzmacher2014-01-072-12/+13
| | | | | Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
* libcli/smb: move source3/libsmb/cli_np_tstream.c to tstream_smbXcli_np.cStefan Metzmacher2014-01-072-2/+2
| | | | | | | This code is generic enough to have it in the top level now. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
* s3:libsmb: do not use cli_state internally within cli_np_tstreamGregor Beck2014-01-071-1/+16
| | | | | | Signed-off-by: Gregor Beck <gbeck@sernet.de> Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
* s3:rpc_client: send a dcerpc_sec_verification_trailer if neededStefan Metzmacher2014-01-072-10/+193
| | | | | | | | Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Autobuild-User(master): Stefan Metzmacher <metze@samba.org> Autobuild-Date(master): Tue Jan 7 02:24:42 CET 2014 on sn-devel-104
* s3:rpc_client: fill alloc_hint with the remaining data not the total data.Stefan Metzmacher2014-01-071-1/+1
| | | | | Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* s3:rpc_client: implement DCERPC_PFC_FLAG_SUPPORT_HEADER_SIGNStefan Metzmacher2014-01-071-6/+38
| | | | | Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* s3:rpc_client: handle DCERPC_AUTH_TYPE_SCHANNEL as any other gensec backendStefan Metzmacher2014-01-071-2/+2
| | | | | Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* s3:rpc_client: add some const to rpc_api_pipe_req_send()Stefan Metzmacher2014-01-071-2/+2
| | | | | Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* s3:rpc_client: make rpc_api_pipe_req_send/recv staticStefan Metzmacher2014-01-072-12/+2
| | | | | Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* s3:rpc_client: talloc_zero pipe_auth_dataStefan Metzmacher2014-01-071-3/+3
| | | | | Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* CVE-2013-4408:s3:Ensure LookupNames replies arrays are range checked.Jeremy Allison2013-12-091-0/+18
| | | | | | | Bug: https://bugzilla.samba.org/show_bug.cgi?id=10185 Signed-off-by: Stefan Metzmacher <metze@samba.org> Signed-off-by: Jeremy Allison <jra@samba.org>
* CVE-2013-4408:s3:Ensure LookupSids replies arrays are range checked.Jeremy Allison2013-12-091-1/+16
| | | | | | | Bug: https://bugzilla.samba.org/show_bug.cgi?id=10185 Signed-off-by: Stefan Metzmacher <metze@samba.org> Signed-off-by: Jeremy Allison <jra@samba.org>
* CVE-2013-4408:s3:Ensure we always check call_id when validating an RPC reply.Jeremy Allison2013-12-091-8/+25
| | | | | | | Bug: https://bugzilla.samba.org/show_bug.cgi?id=10185 Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
* CVE-2013-4408:s3:rpc_client: verify frag_len at least contains the header sizeStefan Metzmacher2013-12-091-0/+8
| | | | | | | Bug: https://bugzilla.samba.org/show_bug.cgi?id=10185 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* s3:rpc_client: fix a leaked talloc_stackframeGregor Beck2013-11-041-1/+2
| | | | | | | BUG: https://bugzilla.samba.org/show_bug.cgi?id=10241 Signed-off-by: Gregor Beck <gbeck@sernet.de> Reviewed-by: Andreas Schneider <asn@samba.org>
* s3-rpc_client: Make data pointer const in trans_send().Andreas Schneider2013-10-302-2/+2
| | | | | | | | Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org> Autobuild-User(master): Stefan Metzmacher <metze@samba.org> Autobuild-Date(master): Wed Oct 30 01:32:08 CET 2013 on sn-devel-104
* s3:rpc_client: remove unused rpc_pipe_np_smb_conn()Gregor Beck2013-10-172-20/+0
| | | | | | | Signed-off-by: Gregor Beck <gbeck@sernet.de> Reviewed-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* s3:rpc_client: pass object and table to rpccli_bh_create()Stefan Metzmacher2013-10-172-7/+11
| | | | | | Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* s3:rpc_client: implement dcerpc_binding_handle_auth_info()Stefan Metzmacher2013-10-171-0/+20
| | | | | | Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* s3-rpc: use dcerpc_default_transport_endpoint function.Günther Deschner2013-09-201-1/+2
| | | | | | | Guenther Signed-off-by: Günther Deschner <gd@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
* s3-rpc: use table->name directly in DEBUG contexts.Günther Deschner2013-09-201-4/+3
| | | | | | | Guenther Signed-off-by: Günther Deschner <gd@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
* s3-rpc_cli: remove unused schannel calls from cli_pipe.cGünther Deschner2013-09-191-76/+0
| | | | | | | Guenther Signed-off-by: Günther Deschner <gd@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
* s3-rpc_cli: use gensec for schannel bind.Günther Deschner2013-09-191-9/+13
| | | | | | | | Guenther Signed-off-by: Günther Deschner <gd@samba.org> Pair-Programmed-With: Andreas Schneider <asn@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
* s3-rpc_cli: allow to pass down a netlogon CredentialState struct to gensec.Günther Deschner2013-09-191-1/+4
| | | | | | | | Guenther Signed-off-by: Günther Deschner <gd@samba.org> Pair-Programmed-With: Andreas Schneider <asn@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
* s3:cli_pipe.c: return NO_USER_SESSION_KEY in cli_get_session_key() for schannelStefan Metzmacher2013-08-101-7/+0
| | | | | | | | | SCHANNEL connections don't have a user session key, they're like anonymous connections. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
generated by cgit (git 2.34.1) at 2024-05-29 04:12:04 +0000