summaryrefslogtreecommitdiff
path: root/source4/librpc/rpc
Commit message (Collapse)AuthorAgeFilesLines
* s4:librpc: autonegotiate SMB1/2/3Stefan Metzmacher2018-08-131-139/+120
| | | | | | | | | | | | Windows Server 1709 defaults to SMB2 and does not have SMB1 enabled. When establishing trust, samba-tool does not specify SMB protocol version and fail by default. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13308 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Alexander Bokovoy <ab@samba.org> (cherry picked from commit 4422f7382aad3090cb959ade030a02bf4fef81ac)
* s4:libcli: add fallback_to_anonymous to smb2_connect_send()Stefan Metzmacher2018-08-131-0/+1
| | | | | | | | BUG: https://bugzilla.samba.org/show_bug.cgi?id=13308 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Alexander Bokovoy <ab@samba.org> (cherry picked from commit ca000d8901e6acb8a7c59d26d4f75c9d92bafece)
* s4:libcli: allow passing an already negotiated connection to smb2_connect_send()Stefan Metzmacher2018-08-131-0/+1
| | | | | | | | | | It will just do the session setup and tree connect steps. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13308 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Alexander Bokovoy <ab@samba.org> (cherry picked from commit f20e607c15b4c8ae56ade5d7e68d832542a2cd5e)
* lib: talloc: Use the system <talloc.h> include.Jeremy Allison2017-08-172-2/+2
| | | | | | | | Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org> Autobuild-User(master): Jeremy Allison <jra@samba.org> Autobuild-Date(master): Thu Aug 17 00:53:48 CEST 2017 on sn-devel-144
* lib: tevent: Use system <tevent.h>, not internal header path (except in ↵Jeremy Allison2017-08-162-2/+2
| | | | | | | self-test). Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
* s4:librpc/rpc: add support for HttpAuthOption=negotiateStefan Metzmacher2017-08-071-0/+2
| | | | | | | | Note that rpcproxy.dll on Windows doesn't support kerberos, it allways downgrades the connection to NTLMSSP. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
* s4:librpc/rpc: pass down HTTP_AUTH_* values directly to ↵Stefan Metzmacher2017-08-074-16/+15
| | | | | | | | | dcerpc_pipe_open_roh_send() They get passed to http_send_auth_request_send() unmodified. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
* s4:librpc/rpc: remember the target_hostname on ncacn_http connectionsStefan Metzmacher2017-08-071-0/+5
| | | | | Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
* s4:lib/http: let http_read_response_send/recv() also consume the body if it ↵Stefan Metzmacher2017-08-071-1/+2
| | | | | | | | | | | | | | | | | | | fits into a max value We need to consume full HTTP responses from the socket during the authentication exchanges, otherwise our HTTP parser gets out of sync for the next requests. This will be important for gensec mechs which use an even number for authentication packets. I guess this should be done just based on the Content-Length value and not based on the response code. So far I saw bodies with 200 and 401 codes. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
* s4:librpc: restore inhibit_timeout_processing = true during ↵Stefan Metzmacher2017-05-301-0/+10
| | | | | | | | | | | gensec_update_send/recv() As not all gensec backends are fully async yet, we need the inhibit_timeout_processing workarround in order to protect against nested event loops. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* Revert "s4:librpc: simplify dcerpc_connect_timeout_handler() logic"Stefan Metzmacher2017-05-302-1/+17
| | | | | | | | | | | | This reverts commit 2c3e99d1697b83f7dd498596a274fe2e8e96116d. As the source4 backends for kerberos still use nested event loops, we need to restore this for now. We should reapply this once all backends are fully async. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* s4:librpc: simplify dcerpc_connect_timeout_handler() logicStefan Metzmacher2017-05-212-17/+1
| | | | | Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* s4:librpc: make use of gensec_update_send() in bind_auth_next_step()Stefan Metzmacher2017-05-211-12/+23
| | | | | Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* s4:librpc: use gensec_update_send() in dcerpc_bind_auth_send()Stefan Metzmacher2017-05-211-19/+34
| | | | | Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* s4:librpc: ask for GENSEC_FEATURE_SIGN_PKT_HEADER after the gensec_update() ↵Stefan Metzmacher2017-05-211-4/+7
| | | | | | | | | | | dance Most features should be added before the update() dance, while GENSEC_FEATURE_SIGN_PKT_HEADER needs to be after the dance on the client side. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* pyrpc: Fix segfault in ClientConnectionGary Lockyer2017-04-211-0/+8
| | | | | | | | | | | | | Fix segfault when connecting over TCP, the endpoints list in dummy_table was not initialised this caused a segfault when attempting to connect over TCP. Signed-off-by: Gary Lockyer <gary@catalyst.net.nz> Reviewed-by: Andrew Bartlet <abartlet@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org> Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org> Autobuild-Date(master): Fri Apr 21 16:10:12 CEST 2017 on sn-devel-144
* python: samba.dcerpc: Port RPC related stuff to Python 3Lumir Balhar2017-03-103-22/+32
| | | | | | | | | | Port RPC related stuff like samba.dcerpc.misc and samba.dcerpc Python modules and pyrpc_util to Python 3 compatible form. Signed-off-by: Lumir Balhar <lbalhar@redhat.com> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Pair-programmed-by: Andrew Bartlett <abartlet@samba.org>
* pidl:Python: use of pytalloc_GenericObject_reference*() for ↵Stefan Metzmacher2017-02-251-40/+4
| | | | | | | | | | | | pyrpc_{ex,im}port_union() wrapping BUG: https://bugzilla.samba.org/show_bug.cgi?id=12601 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Autobuild-User(master): Andrew Bartlett <abartlet@samba.org> Autobuild-Date(master): Sat Feb 25 06:33:33 CET 2017 on sn-devel-144
* s4:librpc/rpc: make sure we handle DCERPC_PACKET before DCERPC_CONNECTStefan Metzmacher2017-01-021-2/+2
| | | | | Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
* s4:librpc/rpc: don't do an anonymous bind over ncacn_np:server[packet]Stefan Metzmacher2017-01-021-1/+1
| | | | | | | | DCERPC_AUTH_LEVEL_PACKET is basically the same as DCERPC_AUTH_LEVEL_INTEGRITY. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
* s4:pyrpc: remove unused py_{import,export}_netr_* prototypesStefan Metzmacher2016-10-261-13/+0
| | | | | Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
* s4:pyrpc: add pyrpc_{im,ex}port_union() helper functionsStefan Metzmacher2016-10-262-0/+98
| | | | | Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
* s4:librpc/rpc: pass the object guid to the binding handle if requiredStefan Metzmacher2016-10-264-21/+30
| | | | | Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
* s4:librpc/rpc: no longer set FLAG_OBJECT_PRESENT and FLAG_BIGENDIAN for ↵Stefan Metzmacher2016-10-261-8/+0
| | | | | | | | | ndr_push_ncacn_packet() This is no longer required, it's done inside. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
* s4:librpc/rpc: make sure the DCERPC_CONCURRENT_MULTIPLEX and ↵Stefan Metzmacher2016-10-261-3/+18
| | | | | | | DCERPC_PFC_FLAG_CONC_MPX are in sync Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
* s4:librpc/rpc: add support for DCERPC_AUTH_LEVEL_PACKETGünther Deschner2016-10-263-5/+7
| | | | | | | | Pair-Programmed-With: Stefan Metzmacher <metze@samba.org> Signed-off-by: Guenther Deschner <gd@samba.org> Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
* s4:librpc/rpc: make use of dcerpc_ncacn_push_pkt_auth() in ↵Stefan Metzmacher2016-10-261-128/+13
| | | | | | | ncacn_push_request_sign() Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
* s4:librpc/rpc: convert ncacn_pull_request_auth() into a generic ↵Stefan Metzmacher2016-10-261-11/+27
| | | | | | | ncacn_pull_pkt_auth() Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
* s4:librpc/rpc: make use of dcerpc_ncacn_pull_pkt_auth() in ↵Stefan Metzmacher2016-10-261-94/+20
| | | | | | | ncacn_pull_request_auth() Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
* s4:librpc/rpc: implement bind_time_feature negotiationStefan Metzmacher2016-10-262-4/+30
| | | | | | Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Günther Deschner <gd@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
* s4:librpc/rpc: force printing in dcerpc_bh_do_ndr_print() log level >= 11Stefan Metzmacher2016-10-261-2/+17
| | | | | | Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Günther Deschner <gd@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
* s4:librpc/rpc: make use of dcerpc_pull_ncacn_packet()Stefan Metzmacher2016-10-261-37/+1
| | | | | | Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Günther Deschner <gd@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
* s4:librpc/rpc: do not use stack allocated variables for async requestsMatthieu Patou2016-10-261-3/+3
| | | | | | Signed-off-by: Matthieu Patou <mat@matws.net> Reviewed-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
* pyrpc: Fix CID 1364169 Explicit null dereferencedVolker Lendecke2016-08-051-1/+1
| | | | | Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* s4:pyrpc: correctly implement .request_timeoutStefan Metzmacher2016-07-281-7/+26
| | | | | Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Garming Sam <garming@samba.org>
* pyrpc: Allow control of RPC timeout for IRPCAndrew Bartlett2016-07-121-2/+9
| | | | | Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Garming Sam <garming@catalyst.net.nz>
* s4:librpc/rpc: don't ask for auth_length if we ask for auth data onlyStefan Metzmacher2016-06-241-6/+2
| | | | | | | | | dcerpc_pull_auth_trailer() handles auth_length=NULL just fine. BUG: https://bugzilla.samba.org/show_bug.cgi?id=11982 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org>
* s4:librpc/rpc: allow a total reassembled response payload of 240 MBytesStefan Metzmacher2016-06-232-2/+6
| | | | | | | | | | | This will replace DCERPC_NCACN_PAYLOAD_MAX_SIZE (4 MByte), The limit of DCERPC_NCACN_PAYLOAD_MAX_SIZE (4 MByte) was too strict for some workloads, e.g. DRSUAPI replication with large objects. BUG: https://bugzilla.samba.org/show_bug.cgi?id=11948 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* librpc: Check for negative return value of socket_get_fd()Andreas Schneider2016-06-221-0/+5
| | | | | | | Found by Coverity. Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* CVE-2015-5370: s4:librpc/rpc: call dcerpc_connection_dead() on protocol errorsStefan Metzmacher2016-04-121-8/+15
| | | | | | | BUG: https://bugzilla.samba.org/show_bug.cgi?id=11344 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Günther Deschner <gd@samba.org>
* CVE-2015-5370: s4:librpc/rpc: protect dcerpc_request_recv_data() against too ↵Stefan Metzmacher2016-04-121-0/+9
| | | | | | | | | | | large payloads We should only allow a combined payload of a response of at max 4 MBytes. BUG: https://bugzilla.samba.org/show_bug.cgi?id=11344 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Günther Deschner <gd@samba.org>
* CVE-2015-5370: s4:librpc/rpc: use dcerpc_verify_ncacn_packet_header() to ↵Stefan Metzmacher2016-04-121-13/+43
| | | | | | | | | verify BIND_ACK,ALTER_RESP,RESPONSE pdus BUG: https://bugzilla.samba.org/show_bug.cgi?id=11344 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Günther Deschner <gd@samba.org>
* CVE-2015-5370: s4:librpc/rpc: handle DCERPC_PKT_FAULT before anything else ↵Stefan Metzmacher2016-04-121-11/+11
| | | | | | | | | in dcerpc_alter_context_recv_handler() BUG: https://bugzilla.samba.org/show_bug.cgi?id=11344 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Günther Deschner <gd@samba.org>
* CVE-2015-5370: s4:librpc/rpc: make use of dcerpc_map_ack_reason() in ↵Stefan Metzmacher2016-04-121-2/+10
| | | | | | | | | | | | dcerpc_bind_recv_handler() This should give better error messages if the server doesn't support a specific abstract/transfer syntax. BUG: https://bugzilla.samba.org/show_bug.cgi?id=11344 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Günther Deschner <gd@samba.org>
* CVE-2015-5370: s4:librpc/rpc: finally verify the server uses the expected ↵Stefan Metzmacher2016-04-122-0/+27
| | | | | | | | | auth_{type,level,context_id} values BUG: https://bugzilla.samba.org/show_bug.cgi?id=11344 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Günther Deschner <gd@samba.org>
* CVE-2015-5370: s4:librpc/rpc: avoid using dcecli_security->auth_info and use ↵Stefan Metzmacher2016-04-123-44/+62
| | | | | | | | | | | | | | | | | | | | per request values We now avoid reusing the same auth_info structure for incoming and outgoing values. We need to make sure that the remote server doesn't overwrite our own values. This will trigger some failures with our currently broken server, which will be fixed in the next commits. The broken server requires an dcerpc_auth structure with no credentials in order to do an alter_context request that just creates a presentation context without doing authentication. BUG: https://bugzilla.samba.org/show_bug.cgi?id=11344 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Günther Deschner <gd@samba.org>
* CVE-2015-5370: s4:librpc/rpc: simplify checks if gensec is used in ↵Stefan Metzmacher2016-04-121-20/+3
| | | | | | | | | dcerpc_ship_next_request() BUG: https://bugzilla.samba.org/show_bug.cgi?id=11344 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Günther Deschner <gd@samba.org>
* CVE-2015-5370: s4:librpc/rpc: avoid dereferencing sec->auth_info in ↵Stefan Metzmacher2016-04-121-5/+1
| | | | | | | | | dcerpc_request_prepare_vt() BUG: https://bugzilla.samba.org/show_bug.cgi?id=11344 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Günther Deschner <gd@samba.org>
* CVE-2015-5370: s4:librpc/rpc: always use ncacn_pull_request_auth() for ↵Stefan Metzmacher2016-04-121-2/+1
| | | | | | | | | | | | DCERPC_PKT_RESPONSE pdus It handles the case of DCERPC_AUTH_TYPE_NONE just fine and it makes it possible to do some verification in future. BUG: https://bugzilla.samba.org/show_bug.cgi?id=11344 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Günther Deschner <gd@samba.org>
* CVE-2015-5370: s4:librpc/rpc: avoid using c->security_state.auth_info in ↵Stefan Metzmacher2016-04-121-7/+10
| | | | | | | | | ncacn_pull_request_auth() BUG: https://bugzilla.samba.org/show_bug.cgi?id=11344 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Günther Deschner <gd@samba.org>
View Lorry Controller Status