summaryrefslogtreecommitdiff
path: root/libcli/named_pipe_auth
AgeCommit message (Collapse)AuthorFilesLines
2025-06-18libcli/named_pipe_auth: add tstream_npa_monitor_send/recvStefan Metzmacher1-0/+85
Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Volker Lendecke <vl@samba.org>
2023-10-24libcli/named_pipe_auth: let tstream_npa_existing_socket use ↵Stefan Metzmacher1-0/+2
tstream_bsd_fail_readv_first_error(true) This avoids doing useless work in case the client connection is already broken. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-09-11s3:rpc: bump named_pipe_auth_req_info version numberDouglas Bagnall2-63/+63
This is because commit f893cf85cc387b66c496661e11073b1215270022 changed the security token in secuirty.idl, and bumping the version was missed. Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-08-08libcli: Add missing newlines to logging messagesJoseph Sutton1-2/+2
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-05-16rpc: Remove named_pipe_auth_req_info6->need_idle_serverVolker Lendecke2-67/+81
Involves bumping up the version number Bug: https://bugzilla.samba.org/show_bug.cgi?id=15361 Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
2023-02-08named_pipe_auth: Bump info5 to info6Joseph Sutton2-59/+59
In the next commit, we shall replace the 'authenticated' field of named_pipe_auth_req_info.info5.session_info.session_info.info with a more general 'user_flags' field. Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2022-01-18lib: Remove unused tstream_npa_socketpair()Volker Lendecke2-93/+0
This was used in the pre samba-dcerpcd source3 rpc server. Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
2021-12-10librpc: Get transport out of tstream_npa_accept_existing_recv()Volker Lendecke2-0/+7
To be used by the RPC servers in the next commit Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
2021-12-10librpc: Add named_pipe_auth_req_info5->transportVolker Lendecke2-0/+8
This will serve as a check to make sure that in particular a SAMR client is really root. This is for example used in get_user_info_18() handing out a machine password. The unix domain sockets for NCACN_NP can only be contacted by root, the "np\" subdirectory for those sockets is root/root 0700. Connecting to such a socket is done in two situations: First, local real root processes connecting and smbd on behalf of SMB clients connecting to \\pipe\name, smbd does become_root() there. Via the named_pipe_auth_req_info4 smbd hands over the SMB session information that the RPC server blindly trusts. The session information (i.e. the NT token) is heavily influenced by external sources like the KDC. It is highly unlikely that we get a system token via SMB, but who knows, this is information not fully controlled by smbd. This is where this additional field in named_pipe_auth_req_info5 makes a difference: This field is set to NCACN_NP by smbd's code, not directly controlled by the clients. Other clients directly connecting to a socket in "np\" is root anyway (only smbd can do become_root()) and can set this field to NCALRPC. Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
2021-12-10named_pipe_auth: Bump info4 to info5Volker Lendecke2-56/+56
We'll add a field soon Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
2021-04-01tstream: Add tstream_npa_existing_stream()Volker Lendecke2-14/+32
Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> Autobuild-User(master): Jeremy Allison <jra@samba.org> Autobuild-Date(master): Thu Apr 1 20:36:19 UTC 2021 on sn-devel-184
2021-04-01tstream_npa: Allow NULL output parametersVolker Lendecke1-7/+19
When reading the info4, the substructs might not be interesting for you. Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
2021-04-01tstream_npa: Return named_pipe_auth_req_info4 from accept_existingVolker Lendecke2-20/+83
Callers might want the full picture. We need to make named_pipe_auth_req_info4 public for that. Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
2021-04-01tstream_npa: Keep "named_pipe_auth_req" around in ↵Volker Lendecke1-13/+9
tstream_npa_accept_existing_send()/recv() This will make it simpler to return a copy of the struct named_pipe_auth_req_info4 in the next commit. Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
2021-03-09libcli: Simplify tstream_npa_connect_readv_done()Volker Lendecke1-2/+1
tevent_req_error takes care of the ==0 case Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
2021-03-09libcli: Add a NULL check to tstream_npaVolker Lendecke1-0/+3
Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
2019-10-18tstream_npa: Set local server name in auth requestsSamuel Cabrero2-2/+3
Signed-off-by: Samuel Cabrero <scabrero@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
2019-04-05rpc: Convert npa_tstream.c to use tstream_u32_read_sendVolker Lendecke1-187/+42
This avoids a bit of code duplication. Overall the last two commits add a few lines, but that also contains the header file and another GPL header for tstream_u32_read.c. Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> Autobuild-User(master): Jeremy Allison <jra@samba.org> Autobuild-Date(master): Fri Apr 5 01:00:48 UTC 2019 on sn-devel-144
2019-04-05rpc: Add tstream_u32_readVolker Lendecke3-1/+197
In npa_tstream.c we have two next_vector functions reading a big endian uin32_t length and then the blob described by the length. This factors that next_vector out into a central routine. Why? I'll add another NPA protocol in the future, and this would add yet another two copies of that next_vector code Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
2019-04-03rpc: Fix a typoVolker Lendecke1-1/+1
Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> Autobuild-User(master): Jeremy Allison <jra@samba.org> Autobuild-Date(master): Wed Apr 3 17:53:30 UTC 2019 on sn-devel-144
2019-03-22tstream_npa: Avoid an unnecessary ZERO_STRUCTPVolker Lendecke1-2/+0
tevent_req_create already zeros out "state" Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
2019-03-18libcli: Add a comment explaining lack of overflow checksVolker Lendecke1-0/+3
Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
2018-05-12Fix spelling s/conection/connection/Mathieu Parent1-2/+2
Signed-off-by: Mathieu Parent <math.parent@gmail.com> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Garming Sam <garming@catalyst.net.nz>
2017-03-29named_pipe_auth: Rename client -> remote_client and server -> local_serverGary Lockyer2-58/+66
While these names may have been clear, much of Samba uses remote_address and local_address, and this difference has hidden bugs. Signed-off-by: Andrew Bartlett <abartlet@samba.org> Pair-Programmed-by: Gary Lockyer <gary@catalyst.net.nz> Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
2015-06-05libcli/named_pipe_auth: call smb_set_close_on_exec() in tstream_npa_socketpair()Stefan Metzmacher1-0/+11
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11312 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Volker Lendecke <vl@samba.org>
2015-06-04tstream: Make socketpair nonblockingVolker Lendecke1-5/+20
When we have a large RPC reply, we can't block in the RPC server. Test: Do rpcclient netshareenumall with a thousand shares defined Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
2014-01-17libcli: Fix the comment for the address.Andreas Schneider1-1/+1
Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Günther Deschner <gd@samba.org>
2013-10-29libcli: Add tstream_npa_socketpair() function.Andreas Schneider2-0/+67
Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
2011-07-06libcli/smb move FILE_TYPE constants in commonAndrew Bartlett1-3/+1
This allows us to remove another _SAMBA_BUILD_ conditional Andrew Bartlett
2011-05-02libcli/named_pipe_auth: add forward declaration in npa_tstream.h.Günther Deschner1-0/+1
Guenther
2011-04-06tstream: make npa_tstream a private libraryAndrew Tridgell1-4/+5
this prevents symbol duplication of the npa_tstream symbols Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2011-02-10libcli/named_pipe_auth Change from 'info3' to auth_session_info_transportAndrew Bartlett2-90/+62
This changes the structure being used to convey the current user state from the netlogon-derived 'netr_SamInfo3' structure to a purpose-built structure that matches the internals of the Samba auth subsystem and contains the final group list, as well as the final privilege set and session key. These previously had to be re-created on the server side of the pipe each time. Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org>
2011-02-10libcli/named_pipe_auth Remove support for unused levels 0-2.Andrew Bartlett1-160/+83
The only client and server for this code uses level 3 exclusively. Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-11-09raw.h is only needed in the S4 buildVolker Lendecke1-0/+2
Autobuild-User: Volker Lendecke <vlendec@samba.org> Autobuild-Date: Tue Nov 9 14:49:14 UTC 2010 on sn-devel-104
2010-10-31s4: Remove the old perl/m4/make/mk-based build system.Jelmer Vernooij1-4/+0
The new waf-based build system now has all the same functionality, and the old build system has been broken for quite some time. Autobuild-User: Jelmer Vernooij <jelmer@samba.org> Autobuild-Date: Sun Oct 31 02:01:44 UTC 2010 on sn-devel-104
2010-09-10s3/s4:libcli/tstream - add more "char *" casts in order to suppress Solaris ↵Matthias Dieter Wallnöfer1-12/+12
warnings
2010-06-21libcli/named_pipe_auth: fix error handling in _tstream_npa_connect_recv()Stefan Metzmacher1-0/+2
metze
2010-06-21libcli/named_pipe_auth: fix memory handling for temporary dataStefan Metzmacher1-5/+6
In a tevent_req based function tevent_req_create() should be the first function! If it fails it's the only reason, why the function could every return NULL. And all temporary data belongs to 'state' and gets free'ed by tevent_req_received() in the _recv function. metze
2010-06-21s3/s4 - remove "talloc_tos()" from common code since s4 doesn't support itMatthias Dieter Wallnöfer1-1/+1
Please don't use this in common code parts until we change the policy regarding it.
2010-06-14Fix warning messages about unused result of talloc_move. We're really ↵Jeremy Allison1-3/+3
talloc_steal'ing here.
2010-06-07named_pipe_auth Always lower case the incoming pipe nameAndrew Bartlett1-1/+7
Windows connects to an upper case NETLOGON pipe, and we can't find the socket to connect to until we lower case the name. Andrew Bartlett
2010-05-26named_pipe_auth: implement tstream_npa_accept_existing_send/recvSimo Sorce2-0/+521
Pair-programmed-with: Stefan Metzmacher <metze@samba.org>
2010-05-18Finish removal of iconv_convenience in public API's.Jelmer Vernooij2-6/+2
2010-04-28libcli/named_pipe_auth: we need to hide length of the message mode header ↵Stefan Metzmacher1-1/+12
from the caller metze
2010-04-06s4-waf: removed the AUTOGENERATED markersAndrew Tridgell1-3/+0
we won't be using the mk -> wscript generator again
2010-04-06s4-waf: mark the wscript files as python so vim/emacs knows how to highlight ↵Andrew Tridgell1-0/+2
them
2010-04-06build: commit all the waf build files in the treeAndrew Tridgell1-0/+9
2009-09-18libcli/named_pipe_auth: pass gssapi delegated credentials through the named pipeStefan Metzmacher2-22/+32
metze
2009-05-10Fix an unitialized variable warningVolker Lendecke1-0/+3
2009-05-04libcli: Fix shadowed name in header alsoTim Prouty1-1/+1
generated by cgit v1.2.3 (git 2.25.1) at 2026-05-06 23:39:33 +0000