sin/samba-mirror
1
0
Fork 0
mirror of https://github.com/samba-team/samba.git synced 2025-01-25 06:04:04 +03:00
Code
samba-mirror/librpc/rpc/dcesrv_handles.c

Ignoring revisions in .git-blame-ignore-revs. Click here to bypass and see the normal blame view.

373 lines
8.7 KiB
C
Raw Normal View History

librpc: core: Move the s4 handles implementation to the RPC server core Signed-off-by: Samuel Cabrero <scabrero@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2019-10-29 11:04:43 +01:00
/*
added a basic dcerpc endpoint mapper to Samba4. Currently only implements the epm_Lookup() call, I'll add the other important calls soon. I was rather pleased to find that epm_Lookup() worked first time, which is particularly surprising given its complexity. This required quite a bit of new infrastructure: * a generic way of handling dcerpc policy handles in the rpc server * added type checked varients of talloc. These are much less error prone. I'd like to move to using these for nearly all uses of talloc. * added more dcerpc fault handling code, and translation from NTSTATUS to a dcerpc fault code * added data_blob_talloc_zero() for allocating an initially zero blob * added a endpoint enumeration hook in the dcerpc endpoint server operations (This used to be commit 3f85f9b782dc17417baf1ca557fcae22f5b6a83a)
2003-12-13 02:20:40 +00:00
Unix SMB/CIFS implementation.
server side dcerpc handle code
Copyright (C) Andrew Tridgell 2003
librpc: core: Move the s4 handles implementation to the RPC server core Signed-off-by: Samuel Cabrero <scabrero@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2019-10-29 11:04:43 +01:00
added a basic dcerpc endpoint mapper to Samba4. Currently only implements the epm_Lookup() call, I'll add the other important calls soon. I was rather pleased to find that epm_Lookup() worked first time, which is particularly surprising given its complexity. This required quite a bit of new infrastructure: * a generic way of handling dcerpc policy handles in the rpc server * added type checked varients of talloc. These are much less error prone. I'd like to move to using these for nearly all uses of talloc. * added more dcerpc fault handling code, and translation from NTSTATUS to a dcerpc fault code * added data_blob_talloc_zero() for allocating an initially zero blob * added a endpoint enumeration hook in the dcerpc endpoint server operations (This used to be commit 3f85f9b782dc17417baf1ca557fcae22f5b6a83a)
2003-12-13 02:20:40 +00:00
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
r23792: convert Samba4 to GPLv3 There are still a few tidyups of old FSF addresses to come (in both s3 and s4). More commits soon. (This used to be commit fcf38a38ac691abd0fa51b89dc951a08e89fdafa)
2007-07-10 02:07:03 +00:00
the Free Software Foundation; either version 3 of the License, or
added a basic dcerpc endpoint mapper to Samba4. Currently only implements the epm_Lookup() call, I'll add the other important calls soon. I was rather pleased to find that epm_Lookup() worked first time, which is particularly surprising given its complexity. This required quite a bit of new infrastructure: * a generic way of handling dcerpc policy handles in the rpc server * added type checked varients of talloc. These are much less error prone. I'd like to move to using these for nearly all uses of talloc. * added more dcerpc fault handling code, and translation from NTSTATUS to a dcerpc fault code * added data_blob_talloc_zero() for allocating an initially zero blob * added a endpoint enumeration hook in the dcerpc endpoint server operations (This used to be commit 3f85f9b782dc17417baf1ca557fcae22f5b6a83a)
2003-12-13 02:20:40 +00:00
(at your option) any later version.
librpc: core: Move the s4 handles implementation to the RPC server core Signed-off-by: Samuel Cabrero <scabrero@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2019-10-29 11:04:43 +01:00
added a basic dcerpc endpoint mapper to Samba4. Currently only implements the epm_Lookup() call, I'll add the other important calls soon. I was rather pleased to find that epm_Lookup() worked first time, which is particularly surprising given its complexity. This required quite a bit of new infrastructure: * a generic way of handling dcerpc policy handles in the rpc server * added type checked varients of talloc. These are much less error prone. I'd like to move to using these for nearly all uses of talloc. * added more dcerpc fault handling code, and translation from NTSTATUS to a dcerpc fault code * added data_blob_talloc_zero() for allocating an initially zero blob * added a endpoint enumeration hook in the dcerpc endpoint server operations (This used to be commit 3f85f9b782dc17417baf1ca557fcae22f5b6a83a)
2003-12-13 02:20:40 +00:00
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
librpc: core: Move the s4 handles implementation to the RPC server core Signed-off-by: Samuel Cabrero <scabrero@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2019-10-29 11:04:43 +01:00
added a basic dcerpc endpoint mapper to Samba4. Currently only implements the epm_Lookup() call, I'll add the other important calls soon. I was rather pleased to find that epm_Lookup() worked first time, which is particularly surprising given its complexity. This required quite a bit of new infrastructure: * a generic way of handling dcerpc policy handles in the rpc server * added type checked varients of talloc. These are much less error prone. I'd like to move to using these for nearly all uses of talloc. * added more dcerpc fault handling code, and translation from NTSTATUS to a dcerpc fault code * added data_blob_talloc_zero() for allocating an initially zero blob * added a endpoint enumeration hook in the dcerpc endpoint server operations (This used to be commit 3f85f9b782dc17417baf1ca557fcae22f5b6a83a)
2003-12-13 02:20:40 +00:00
You should have received a copy of the GNU General Public License
r23792: convert Samba4 to GPLv3 There are still a few tidyups of old FSF addresses to come (in both s3 and s4). More commits soon. (This used to be commit fcf38a38ac691abd0fa51b89dc951a08e89fdafa)
2007-07-10 02:07:03 +00:00
along with this program. If not, see <http://www.gnu.org/licenses/>.
added a basic dcerpc endpoint mapper to Samba4. Currently only implements the epm_Lookup() call, I'll add the other important calls soon. I was rather pleased to find that epm_Lookup() worked first time, which is particularly surprising given its complexity. This required quite a bit of new infrastructure: * a generic way of handling dcerpc policy handles in the rpc server * added type checked varients of talloc. These are much less error prone. I'd like to move to using these for nearly all uses of talloc. * added more dcerpc fault handling code, and translation from NTSTATUS to a dcerpc fault code * added data_blob_talloc_zero() for allocating an initially zero blob * added a endpoint enumeration hook in the dcerpc endpoint server operations (This used to be commit 3f85f9b782dc17417baf1ca557fcae22f5b6a83a)
2003-12-13 02:20:40 +00:00
*/
#include "includes.h"
s4:rpc_server: Cleanup includes Signed-off-by: Samuel Cabrero <scabrero@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
2019-09-30 23:35:55 +02:00
#include "lib/util/dlinklist.h"
r3468: split out dcerpc_server.h (This used to be commit 729e0026e4408f74f140375537d4fe48c1fc3242)
2004-11-02 07:42:47 +00:00
#include "rpc_server/dcerpc_server.h"
s4:security Remove use of user_sid and group_sid from struct security_token This makes the structure more like Samba3's NT_USER_TOKEN
2010-08-14 13:30:51 +10:00
#include "libcli/security/security.h"
s4:rpc_server: Cleanup includes Signed-off-by: Samuel Cabrero <scabrero@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
2019-09-30 23:35:55 +02:00
#include "librpc/gen_ndr/auth.h"
added a basic dcerpc endpoint mapper to Samba4. Currently only implements the epm_Lookup() call, I'll add the other important calls soon. I was rather pleased to find that epm_Lookup() worked first time, which is particularly surprising given its complexity. This required quite a bit of new infrastructure: * a generic way of handling dcerpc policy handles in the rpc server * added type checked varients of talloc. These are much less error prone. I'd like to move to using these for nearly all uses of talloc. * added more dcerpc fault handling code, and translation from NTSTATUS to a dcerpc fault code * added data_blob_talloc_zero() for allocating an initially zero blob * added a endpoint enumeration hook in the dcerpc endpoint server operations (This used to be commit 3f85f9b782dc17417baf1ca557fcae22f5b6a83a)
2003-12-13 02:20:40 +00:00
r4640: first stage in the server side support for multiple context_ids on one pipe this stage does the following: - simplifies the dcerpc_handle handling, and all the callers of it - split out the context_id depenent state into a linked list of established contexts - fixed some talloc handling in several rpc servers that i noticed while doing the above (This used to be commit fde042b3fc609c94e2c7eedcdd72ecdf489cf63b)
2005-01-10 12:15:26 +00:00
/*
destroy a rpc handle
*/
r15855: more talloc_set_destructor() typesafe fixes. nearly done ... (This used to be commit 396d82a231b6e3a91178db08b706626d4d4b420c)
2006-05-24 07:35:06 +00:00
static int dcesrv_handle_destructor(struct dcesrv_handle *h)
r4640: first stage in the server side support for multiple context_ids on one pipe this stage does the following: - simplifies the dcerpc_handle handling, and all the callers of it - split out the context_id depenent state into a linked list of established contexts - fixed some talloc handling in several rpc servers that i noticed while doing the above (This used to be commit fde042b3fc609c94e2c7eedcdd72ecdf489cf63b)
2005-01-10 12:15:26 +00:00
{
s4-rpcserver: added support for shared handles This supports shared RPC handles across connections on all RPC interfaces. It turns out that w2k3 and w2k8 don't actually support this on all pipes. We need to test which pipes we should enable this on.
2009-09-22 00:18:03 -07:00
DLIST_REMOVE(h->assoc_group->handles, h);
r4640: first stage in the server side support for multiple context_ids on one pipe this stage does the following: - simplifies the dcerpc_handle handling, and all the callers of it - split out the context_id depenent state into a linked list of established contexts - fixed some talloc handling in several rpc servers that i noticed while doing the above (This used to be commit fde042b3fc609c94e2c7eedcdd72ecdf489cf63b)
2005-01-10 12:15:26 +00:00
return 0;
}
added a basic dcerpc endpoint mapper to Samba4. Currently only implements the epm_Lookup() call, I'll add the other important calls soon. I was rather pleased to find that epm_Lookup() worked first time, which is particularly surprising given its complexity. This required quite a bit of new infrastructure: * a generic way of handling dcerpc policy handles in the rpc server * added type checked varients of talloc. These are much less error prone. I'd like to move to using these for nearly all uses of talloc. * added more dcerpc fault handling code, and translation from NTSTATUS to a dcerpc fault code * added data_blob_talloc_zero() for allocating an initially zero blob * added a endpoint enumeration hook in the dcerpc endpoint server operations (This used to be commit 3f85f9b782dc17417baf1ca557fcae22f5b6a83a)
2003-12-13 02:20:40 +00:00
/*
allocate a new rpc handle
*/
s4:rpc_server: remove the old dcesrv_handle_{new,fetch}() api BUG: https://bugzilla.samba.org/show_bug.cgi?id=7113 BUG: https://bugzilla.samba.org/show_bug.cgi?id=11892 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
2018-11-08 12:20:44 +01:00
_PUBLIC_
struct dcesrv_handle *dcesrv_handle_create(struct dcesrv_call_state *call,
uint8_t handle_type)
added a basic dcerpc endpoint mapper to Samba4. Currently only implements the epm_Lookup() call, I'll add the other important calls soon. I was rather pleased to find that epm_Lookup() worked first time, which is particularly surprising given its complexity. This required quite a bit of new infrastructure: * a generic way of handling dcerpc policy handles in the rpc server * added type checked varients of talloc. These are much less error prone. I'd like to move to using these for nearly all uses of talloc. * added more dcerpc fault handling code, and translation from NTSTATUS to a dcerpc fault code * added data_blob_talloc_zero() for allocating an initially zero blob * added a endpoint enumeration hook in the dcerpc endpoint server operations (This used to be commit 3f85f9b782dc17417baf1ca557fcae22f5b6a83a)
2003-12-13 02:20:40 +00:00
{
s4:rpc_server: remove the old dcesrv_handle_{new,fetch}() api BUG: https://bugzilla.samba.org/show_bug.cgi?id=7113 BUG: https://bugzilla.samba.org/show_bug.cgi?id=11892 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
2018-11-08 12:20:44 +01:00
struct dcesrv_connection_context *context = call->context;
s4:rpc_server/handles: make use dcesrv_call_session_info() BUG: https://bugzilla.samba.org/show_bug.cgi?id=7113 BUG: https://bugzilla.samba.org/show_bug.cgi?id=11892 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
2018-11-03 01:19:51 +01:00
struct auth_session_info *session_info =
dcesrv_call_session_info(call);
added a basic dcerpc endpoint mapper to Samba4. Currently only implements the epm_Lookup() call, I'll add the other important calls soon. I was rather pleased to find that epm_Lookup() worked first time, which is particularly surprising given its complexity. This required quite a bit of new infrastructure: * a generic way of handling dcerpc policy handles in the rpc server * added type checked varients of talloc. These are much less error prone. I'd like to move to using these for nearly all uses of talloc. * added more dcerpc fault handling code, and translation from NTSTATUS to a dcerpc fault code * added data_blob_talloc_zero() for allocating an initially zero blob * added a endpoint enumeration hook in the dcerpc endpoint server operations (This used to be commit 3f85f9b782dc17417baf1ca557fcae22f5b6a83a)
2003-12-13 02:20:40 +00:00
struct dcesrv_handle *h;
s4-rpcserver: added support for shared handles This supports shared RPC handles across connections on all RPC interfaces. It turns out that w2k3 and w2k8 don't actually support this on all pipes. We need to test which pipes we should enable this on.
2009-09-22 00:18:03 -07:00
struct dom_sid *sid;
added a basic dcerpc endpoint mapper to Samba4. Currently only implements the epm_Lookup() call, I'll add the other important calls soon. I was rather pleased to find that epm_Lookup() worked first time, which is particularly surprising given its complexity. This required quite a bit of new infrastructure: * a generic way of handling dcerpc policy handles in the rpc server * added type checked varients of talloc. These are much less error prone. I'd like to move to using these for nearly all uses of talloc. * added more dcerpc fault handling code, and translation from NTSTATUS to a dcerpc fault code * added data_blob_talloc_zero() for allocating an initially zero blob * added a endpoint enumeration hook in the dcerpc endpoint server operations (This used to be commit 3f85f9b782dc17417baf1ca557fcae22f5b6a83a)
2003-12-13 02:20:40 +00:00
s4-rpc_server: Allow each interface to declare if it uses handles This will allow the NETLOGON server in the AD DC to declare that it does not use handles, and so allow some more flexibility with association groups Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
2016-11-14 11:24:03 +13:00
/*
librpc: Fix a typo, while there linewrap the comment Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
2021-01-27 14:53:15 +01:00
* For simplicity, ensure we abort here for an interface that
* has no handles (programmer error)
s4-rpc_server: Allow each interface to declare if it uses handles This will allow the NETLOGON server in the AD DC to declare that it does not use handles, and so allow some more flexibility with association groups Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
2016-11-14 11:24:03 +13:00
*/
SMB_ASSERT((context->iface->flags & DCESRV_INTERFACE_FLAGS_HANDLES_NOT_USED) == 0);
s4:rpc_server/handles: make use dcesrv_call_session_info() BUG: https://bugzilla.samba.org/show_bug.cgi?id=7113 BUG: https://bugzilla.samba.org/show_bug.cgi?id=11892 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
2018-11-03 01:19:51 +01:00
sid = &session_info->security_token->sids[PRIMARY_USER_SID_INDEX];
s4-rpcserver: added support for shared handles This supports shared RPC handles across connections on all RPC interfaces. It turns out that w2k3 and w2k8 don't actually support this on all pipes. We need to test which pipes we should enable this on.
2009-09-22 00:18:03 -07:00
CVE-2015-5370: s4:rpc_server: the assoc_group is relative to the connection (association) All presentation contexts of a connection use the same association group. BUG: https://bugzilla.samba.org/show_bug.cgi?id=11344 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Günther Deschner <gd@samba.org>
2015-07-15 10:18:13 +02:00
h = talloc_zero(context->conn->assoc_group, struct dcesrv_handle);
added a basic dcerpc endpoint mapper to Samba4. Currently only implements the epm_Lookup() call, I'll add the other important calls soon. I was rather pleased to find that epm_Lookup() worked first time, which is particularly surprising given its complexity. This required quite a bit of new infrastructure: * a generic way of handling dcerpc policy handles in the rpc server * added type checked varients of talloc. These are much less error prone. I'd like to move to using these for nearly all uses of talloc. * added more dcerpc fault handling code, and translation from NTSTATUS to a dcerpc fault code * added data_blob_talloc_zero() for allocating an initially zero blob * added a endpoint enumeration hook in the dcerpc endpoint server operations (This used to be commit 3f85f9b782dc17417baf1ca557fcae22f5b6a83a)
2003-12-13 02:20:40 +00:00
if (!h) {
return NULL;
}
h->data = NULL;
librpc: Simplify struct dcesrv_handle This saves a tiny bit of memory: dom_sid_dup() allocates a full struct dom_sid, although it might not have to. Save the additional talloc object and the pointer, be more cache-friendly Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
2021-01-27 14:59:16 +01:00
sid_copy(&h->sid, sid);
s4:rpc_server: add a min_auth_level to context handles BUG: https://bugzilla.samba.org/show_bug.cgi?id=7113 BUG: https://bugzilla.samba.org/show_bug.cgi?id=11892 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
2018-11-21 23:27:50 +01:00
h->min_auth_level = call->auth_state->auth_level;
CVE-2015-5370: s4:rpc_server: the assoc_group is relative to the connection (association) All presentation contexts of a connection use the same association group. BUG: https://bugzilla.samba.org/show_bug.cgi?id=11344 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Günther Deschner <gd@samba.org>
2015-07-15 10:18:13 +02:00
h->assoc_group = context->conn->assoc_group;
s4-rpcserver: added support for shared handles This supports shared RPC handles across connections on all RPC interfaces. It turns out that w2k3 and w2k8 don't actually support this on all pipes. We need to test which pipes we should enable this on.
2009-09-22 00:18:03 -07:00
h->iface = context->iface;
it turns out that a wire policy handle isn't a blob either, its a uint32 followed by a GUID. I needed to fix this to support running in mixed-mode rpc (where smbtorture is bigendian and w2k3 is little-endian). Otherwise when you send back a policy handle the server doesn't recognise it. (This used to be commit 9b1c76a8e9e953e051072441f8938ee17a674d35)
2003-12-16 09:50:49 +00:00
h->wire_handle.handle_type = handle_type;
r3972: use GUID_* naming context and move GUID_* functions to one place metze (This used to be commit 523e6acf4fec5d4946fa7c0c89f40d7d712c9f3a)
2004-11-25 20:03:46 +00:00
h->wire_handle.uuid = GUID_random();
librpc: core: Move the s4 handles implementation to the RPC server core Signed-off-by: Samuel Cabrero <scabrero@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2019-10-29 11:04:43 +01:00
CVE-2015-5370: s4:rpc_server: the assoc_group is relative to the connection (association) All presentation contexts of a connection use the same association group. BUG: https://bugzilla.samba.org/show_bug.cgi?id=11344 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Günther Deschner <gd@samba.org>
2015-07-15 10:18:13 +02:00
DLIST_ADD(context->conn->assoc_group->handles, h);
added a basic dcerpc endpoint mapper to Samba4. Currently only implements the epm_Lookup() call, I'll add the other important calls soon. I was rather pleased to find that epm_Lookup() worked first time, which is particularly surprising given its complexity. This required quite a bit of new infrastructure: * a generic way of handling dcerpc policy handles in the rpc server * added type checked varients of talloc. These are much less error prone. I'd like to move to using these for nearly all uses of talloc. * added more dcerpc fault handling code, and translation from NTSTATUS to a dcerpc fault code * added data_blob_talloc_zero() for allocating an initially zero blob * added a endpoint enumeration hook in the dcerpc endpoint server operations (This used to be commit 3f85f9b782dc17417baf1ca557fcae22f5b6a83a)
2003-12-13 02:20:40 +00:00
r4640: first stage in the server side support for multiple context_ids on one pipe this stage does the following: - simplifies the dcerpc_handle handling, and all the callers of it - split out the context_id depenent state into a linked list of established contexts - fixed some talloc handling in several rpc servers that i noticed while doing the above (This used to be commit fde042b3fc609c94e2c7eedcdd72ecdf489cf63b)
2005-01-10 12:15:26 +00:00
talloc_set_destructor(h, dcesrv_handle_destructor);
added a basic dcerpc endpoint mapper to Samba4. Currently only implements the epm_Lookup() call, I'll add the other important calls soon. I was rather pleased to find that epm_Lookup() worked first time, which is particularly surprising given its complexity. This required quite a bit of new infrastructure: * a generic way of handling dcerpc policy handles in the rpc server * added type checked varients of talloc. These are much less error prone. I'd like to move to using these for nearly all uses of talloc. * added more dcerpc fault handling code, and translation from NTSTATUS to a dcerpc fault code * added data_blob_talloc_zero() for allocating an initially zero blob * added a endpoint enumeration hook in the dcerpc endpoint server operations (This used to be commit 3f85f9b782dc17417baf1ca557fcae22f5b6a83a)
2003-12-13 02:20:40 +00:00
r4640: first stage in the server side support for multiple context_ids on one pipe this stage does the following: - simplifies the dcerpc_handle handling, and all the callers of it - split out the context_id depenent state into a linked list of established contexts - fixed some talloc handling in several rpc servers that i noticed while doing the above (This used to be commit fde042b3fc609c94e2c7eedcdd72ecdf489cf63b)
2005-01-10 12:15:26 +00:00
return h;
added a basic dcerpc endpoint mapper to Samba4. Currently only implements the epm_Lookup() call, I'll add the other important calls soon. I was rather pleased to find that epm_Lookup() worked first time, which is particularly surprising given its complexity. This required quite a bit of new infrastructure: * a generic way of handling dcerpc policy handles in the rpc server * added type checked varients of talloc. These are much less error prone. I'd like to move to using these for nearly all uses of talloc. * added more dcerpc fault handling code, and translation from NTSTATUS to a dcerpc fault code * added data_blob_talloc_zero() for allocating an initially zero blob * added a endpoint enumeration hook in the dcerpc endpoint server operations (This used to be commit 3f85f9b782dc17417baf1ca557fcae22f5b6a83a)
2003-12-13 02:20:40 +00:00
}
r24667: Finally merge the registry improvements that Wilco Baan Hofman and I have been working on for at least half a year now. Contains the following improvements: * proper layering (finally!) for the registry library. Distinction is now made between 'real' backends (local, remote, wine, etc) and the low-level hive backends (regf, creg, ldb, ...) that are only used by the local registry backend * tests for all important hive and registry operations * re-enable RPC-WINREG tests (still needs more work though, as some return values aren't checked yet) * write support for REGF files * dir backend now supports setting/reading values, creating keys * support for storing security descriptors * remove CREG backend as it was incomplete, didn't match the data model and wasn't used at all anyway * support for parsing ADM files as used by the policy editor (see lib/policy) * support for parsing PREG files (format used by .POL files) * new streaming interface for registry diffs (improves speed and memory usage for regdiff/regpatch significantly) ... and fixes a large number of bugs in the registry code (This used to be commit 7a1eec6358bc863dfc671c542b7185d3e39d7b5a)
2007-08-26 15:16:40 +00:00
/**
added a basic dcerpc endpoint mapper to Samba4. Currently only implements the epm_Lookup() call, I'll add the other important calls soon. I was rather pleased to find that epm_Lookup() worked first time, which is particularly surprising given its complexity. This required quite a bit of new infrastructure: * a generic way of handling dcerpc policy handles in the rpc server * added type checked varients of talloc. These are much less error prone. I'd like to move to using these for nearly all uses of talloc. * added more dcerpc fault handling code, and translation from NTSTATUS to a dcerpc fault code * added data_blob_talloc_zero() for allocating an initially zero blob * added a endpoint enumeration hook in the dcerpc endpoint server operations (This used to be commit 3f85f9b782dc17417baf1ca557fcae22f5b6a83a)
2003-12-13 02:20:40 +00:00
find an internal handle given a wire handle. If the wire handle is NULL then
allocate a new handle
*/
s4:rpc_server: remove the old dcesrv_handle_{new,fetch}() api BUG: https://bugzilla.samba.org/show_bug.cgi?id=7113 BUG: https://bugzilla.samba.org/show_bug.cgi?id=11892 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
2018-11-08 12:20:44 +01:00
_PUBLIC_
struct dcesrv_handle *dcesrv_handle_lookup(struct dcesrv_call_state *call,
const struct policy_handle *p,
uint8_t handle_type)
added a basic dcerpc endpoint mapper to Samba4. Currently only implements the epm_Lookup() call, I'll add the other important calls soon. I was rather pleased to find that epm_Lookup() worked first time, which is particularly surprising given its complexity. This required quite a bit of new infrastructure: * a generic way of handling dcerpc policy handles in the rpc server * added type checked varients of talloc. These are much less error prone. I'd like to move to using these for nearly all uses of talloc. * added more dcerpc fault handling code, and translation from NTSTATUS to a dcerpc fault code * added data_blob_talloc_zero() for allocating an initially zero blob * added a endpoint enumeration hook in the dcerpc endpoint server operations (This used to be commit 3f85f9b782dc17417baf1ca557fcae22f5b6a83a)
2003-12-13 02:20:40 +00:00
{
s4:rpc_server: remove the old dcesrv_handle_{new,fetch}() api BUG: https://bugzilla.samba.org/show_bug.cgi?id=7113 BUG: https://bugzilla.samba.org/show_bug.cgi?id=11892 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
2018-11-08 12:20:44 +01:00
struct dcesrv_connection_context *context = call->context;
s4:rpc_server/handles: make use dcesrv_call_session_info() BUG: https://bugzilla.samba.org/show_bug.cgi?id=7113 BUG: https://bugzilla.samba.org/show_bug.cgi?id=11892 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
2018-11-03 01:19:51 +01:00
struct auth_session_info *session_info =
dcesrv_call_session_info(call);
added a basic dcerpc endpoint mapper to Samba4. Currently only implements the epm_Lookup() call, I'll add the other important calls soon. I was rather pleased to find that epm_Lookup() worked first time, which is particularly surprising given its complexity. This required quite a bit of new infrastructure: * a generic way of handling dcerpc policy handles in the rpc server * added type checked varients of talloc. These are much less error prone. I'd like to move to using these for nearly all uses of talloc. * added more dcerpc fault handling code, and translation from NTSTATUS to a dcerpc fault code * added data_blob_talloc_zero() for allocating an initially zero blob * added a endpoint enumeration hook in the dcerpc endpoint server operations (This used to be commit 3f85f9b782dc17417baf1ca557fcae22f5b6a83a)
2003-12-13 02:20:40 +00:00
struct dcesrv_handle *h;
s4-rpcserver: added support for shared handles This supports shared RPC handles across connections on all RPC interfaces. It turns out that w2k3 and w2k8 don't actually support this on all pipes. We need to test which pipes we should enable this on.
2009-09-22 00:18:03 -07:00
struct dom_sid *sid;
s4-rpc_server: Allow each interface to declare if it uses handles This will allow the NETLOGON server in the AD DC to declare that it does not use handles, and so allow some more flexibility with association groups Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
2016-11-14 11:24:03 +13:00
/*
librpc: Fix typos While there, wrap the long comment lines Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
2021-01-29 10:13:13 +01:00
* For simplicity, ensure we abort here for an interface that
* has no handles (programmer error)
s4-rpc_server: Allow each interface to declare if it uses handles This will allow the NETLOGON server in the AD DC to declare that it does not use handles, and so allow some more flexibility with association groups Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
2016-11-14 11:24:03 +13:00
*/
SMB_ASSERT((context->iface->flags & DCESRV_INTERFACE_FLAGS_HANDLES_NOT_USED) == 0);
s4:rpc_server/handles: make use dcesrv_call_session_info() BUG: https://bugzilla.samba.org/show_bug.cgi?id=7113 BUG: https://bugzilla.samba.org/show_bug.cgi?id=11892 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
2018-11-03 01:19:51 +01:00
sid = &session_info->security_token->sids[PRIMARY_USER_SID_INDEX];
added a basic dcerpc endpoint mapper to Samba4. Currently only implements the epm_Lookup() call, I'll add the other important calls soon. I was rather pleased to find that epm_Lookup() worked first time, which is particularly surprising given its complexity. This required quite a bit of new infrastructure: * a generic way of handling dcerpc policy handles in the rpc server * added type checked varients of talloc. These are much less error prone. I'd like to move to using these for nearly all uses of talloc. * added more dcerpc fault handling code, and translation from NTSTATUS to a dcerpc fault code * added data_blob_talloc_zero() for allocating an initially zero blob * added a endpoint enumeration hook in the dcerpc endpoint server operations (This used to be commit 3f85f9b782dc17417baf1ca557fcae22f5b6a83a)
2003-12-13 02:20:40 +00:00
libndr: Rename policy_handle_empty to ndr_policy_handle_empty. This makes the NDR namespace a bit clearer, in preparation of ABI checking.
2012-03-18 17:44:24 +01:00
if (ndr_policy_handle_empty(p)) {
s4-rpcserver: added shared association groups This patch allows us to share association groups and their rpc handles between connections. This is needed for some DRSUAPI behaviour when recent windows clients connect.
2009-09-21 21:36:54 -07:00
/* TODO: we should probably return a NULL handle here */
s4:rpc_server: remove the old dcesrv_handle_{new,fetch}() api BUG: https://bugzilla.samba.org/show_bug.cgi?id=7113 BUG: https://bugzilla.samba.org/show_bug.cgi?id=11892 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
2018-11-08 12:20:44 +01:00
return dcesrv_handle_create(call, handle_type);
added a basic dcerpc endpoint mapper to Samba4. Currently only implements the epm_Lookup() call, I'll add the other important calls soon. I was rather pleased to find that epm_Lookup() worked first time, which is particularly surprising given its complexity. This required quite a bit of new infrastructure: * a generic way of handling dcerpc policy handles in the rpc server * added type checked varients of talloc. These are much less error prone. I'd like to move to using these for nearly all uses of talloc. * added more dcerpc fault handling code, and translation from NTSTATUS to a dcerpc fault code * added data_blob_talloc_zero() for allocating an initially zero blob * added a endpoint enumeration hook in the dcerpc endpoint server operations (This used to be commit 3f85f9b782dc17417baf1ca557fcae22f5b6a83a)
2003-12-13 02:20:40 +00:00
}
rpc_server: Move a type check in dcesrv_handle_lookup() This check is independent of whether we found a handle or not, we can do it before walking the handle list. Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
2021-09-20 16:36:15 +02:00
if (handle_type != DCESRV_HANDLE_ANY &&
p->handle_type != handle_type) {
DBG_WARNING("client gave us the wrong handle type "
"(%"PRIu32" should be %"PRIu8")\n",
p->handle_type,
handle_type);
return NULL;
}
CVE-2015-5370: s4:rpc_server: the assoc_group is relative to the connection (association) All presentation contexts of a connection use the same association group. BUG: https://bugzilla.samba.org/show_bug.cgi?id=11344 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Günther Deschner <gd@samba.org>
2015-07-15 10:18:13 +02:00
for (h=context->conn->assoc_group->handles; h; h=h->next) {
it turns out that a wire policy handle isn't a blob either, its a uint32 followed by a GUID. I needed to fix this to support running in mixed-mode rpc (where smbtorture is bigendian and w2k3 is little-endian). Otherwise when you send back a policy handle the server doesn't recognise it. (This used to be commit 9b1c76a8e9e953e051072441f8938ee17a674d35)
2003-12-16 09:50:49 +00:00
if (h->wire_handle.handle_type == p->handle_type &&
r3972: use GUID_* naming context and move GUID_* functions to one place metze (This used to be commit 523e6acf4fec5d4946fa7c0c89f40d7d712c9f3a)
2004-11-25 20:03:46 +00:00
GUID_equal(&p->uuid, &h->wire_handle.uuid)) {
rpc_server: Simplify dcesrv_handle_lookup() Reduce indentation with a "break;" from the loop, best reviewed with git show -b Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
2021-09-20 16:42:08 +02:00
break;
added a basic dcerpc endpoint mapper to Samba4. Currently only implements the epm_Lookup() call, I'll add the other important calls soon. I was rather pleased to find that epm_Lookup() worked first time, which is particularly surprising given its complexity. This required quite a bit of new infrastructure: * a generic way of handling dcerpc policy handles in the rpc server * added type checked varients of talloc. These are much less error prone. I'd like to move to using these for nearly all uses of talloc. * added more dcerpc fault handling code, and translation from NTSTATUS to a dcerpc fault code * added data_blob_talloc_zero() for allocating an initially zero blob * added a endpoint enumeration hook in the dcerpc endpoint server operations (This used to be commit 3f85f9b782dc17417baf1ca557fcae22f5b6a83a)
2003-12-13 02:20:40 +00:00
}
}
rpc_server: Simplify dcesrv_handle_lookup() Reduce indentation with a "break;" from the loop, best reviewed with git show -b Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
2021-09-20 16:42:08 +02:00
if (h == NULL) {
/* not found */
return NULL;
}
if (!dom_sid_equal(&h->sid, sid)) {
struct dom_sid_buf buf1, buf2;
DBG_ERR("Attempt to use invalid sid %s - %s\n",
dom_sid_str_buf(&h->sid, &buf1),
dom_sid_str_buf(sid, &buf2));
return NULL;
}
if (call->auth_state->auth_level < h->min_auth_level) {
DBG_ERR("Attempt to use invalid auth_level %u < %u\n",
call->auth_state->auth_level,
h->min_auth_level);
return NULL;
}
if (h->iface != context->iface) {
DBG_ERR("Attempt to use invalid iface\n");
return NULL;
}
return h;
added a basic dcerpc endpoint mapper to Samba4. Currently only implements the epm_Lookup() call, I'll add the other important calls soon. I was rather pleased to find that epm_Lookup() worked first time, which is particularly surprising given its complexity. This required quite a bit of new infrastructure: * a generic way of handling dcerpc policy handles in the rpc server * added type checked varients of talloc. These are much less error prone. I'd like to move to using these for nearly all uses of talloc. * added more dcerpc fault handling code, and translation from NTSTATUS to a dcerpc fault code * added data_blob_talloc_zero() for allocating an initially zero blob * added a endpoint enumeration hook in the dcerpc endpoint server operations (This used to be commit 3f85f9b782dc17417baf1ca557fcae22f5b6a83a)
2003-12-13 02:20:40 +00:00
}
s4:rpc_server: add dcesrv_iface_state_{store,find}_{assoc,conn}() helpers They can be used instead of dcesrv_connection_context->private_data and dcesrv_assoc_group->proxied_id. This is the first step to hide internal details of the core dcerpc server from the interface implementations. BUG: https://bugzilla.samba.org/show_bug.cgi?id=7113 BUG: https://bugzilla.samba.org/show_bug.cgi?id=11892 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
2018-12-10 22:41:31 +01:00
struct dcesrv_iface_state {
struct dcesrv_iface_state *prev, *next;
struct dcesrv_assoc_group *assoc;
const struct dcesrv_interface *iface;
struct dom_sid owner;
const struct dcesrv_connection *conn;
const struct dcesrv_auth *auth;
const struct dcesrv_connection_context *pres;
uint64_t magic;
void *ptr;
const char *location;
};
static int dcesrv_iface_state_destructor(struct dcesrv_iface_state *istate)
{
DLIST_REMOVE(istate->assoc->iface_states, istate);
return 0;
}
static void *dcesrv_iface_state_find(struct dcesrv_assoc_group *assoc,
const struct dcesrv_interface *iface,
const struct dom_sid *owner,
const struct dcesrv_connection *conn,
const struct dcesrv_auth *auth,
const struct dcesrv_connection_context *pres,
uint64_t magic,
const void *ptr)
{
struct dcesrv_iface_state *cur = NULL;
for (cur = assoc->iface_states; cur != NULL; cur = cur->next) {
bool match;
SMB_ASSERT(cur->assoc == assoc);
if (cur->ptr == ptr) {
return cur->ptr;
}
if (cur->iface != iface) {
continue;
}
match = dom_sid_equal(&cur->owner, owner);
if (!match) {
continue;
}
if (cur->conn != conn) {
continue;
}
if (cur->auth != auth) {
continue;
}
if (cur->pres != pres) {
continue;
}
if (cur->magic != magic) {
continue;
}
return cur->ptr;
}
return NULL;
}
static NTSTATUS dcesrv_iface_state_store(struct dcesrv_assoc_group *assoc,
const struct dcesrv_interface *iface,
const struct dom_sid *owner,
const struct dcesrv_connection *conn,
const struct dcesrv_auth *auth,
const struct dcesrv_connection_context *pres,
uint64_t magic,
TALLOC_CTX *mem_ctx,
void *ptr,
const char *location)
{
struct dcesrv_iface_state *istate = NULL;
void *optr = NULL;
optr = dcesrv_iface_state_find(assoc,
iface,
owner,
conn,
auth,
pres,
magic,
ptr);
if (optr != NULL) {
return NT_STATUS_OBJECTID_EXISTS;
}
istate = talloc_zero(ptr, struct dcesrv_iface_state);
if (istate == NULL) {
return NT_STATUS_NO_MEMORY;
}
*istate = (struct dcesrv_iface_state) {
.assoc = assoc,
.iface = iface,
.owner = *owner,
.conn = conn,
.auth = auth,
.pres = pres,
.magic = magic,
.location = location,
};
istate->ptr = talloc_steal(mem_ctx, ptr);
talloc_set_destructor(istate, dcesrv_iface_state_destructor);
DLIST_ADD_END(assoc->iface_states, istate);
return NT_STATUS_OK;
}
NTSTATUS _dcesrv_iface_state_store_assoc(struct dcesrv_call_state *call,
uint64_t magic,
void *ptr,
const char *location)
{
struct auth_session_info *session_info =
dcesrv_call_session_info(call);
const struct dom_sid *owner =
auth: Make more liberal use of SID index constants Arrays of SIDs are handled not fully consistently throughout the codebase. Sometimes SIDs in the first and second positions represent a user and a primary group respectively; other times they don't mean anything in particular. Using these index constants in situations of the former sort can help to clarify our intent. Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2022-12-16 12:08:41 +13:00
&session_info->security_token->sids[PRIMARY_USER_SID_INDEX];
s4:rpc_server: add dcesrv_iface_state_{store,find}_{assoc,conn}() helpers They can be used instead of dcesrv_connection_context->private_data and dcesrv_assoc_group->proxied_id. This is the first step to hide internal details of the core dcerpc server from the interface implementations. BUG: https://bugzilla.samba.org/show_bug.cgi?id=7113 BUG: https://bugzilla.samba.org/show_bug.cgi?id=11892 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
2018-12-10 22:41:31 +01:00
NTSTATUS status;
status = dcesrv_iface_state_store(call->conn->assoc_group,
call->context->iface,
owner,
NULL, /* conn */
NULL, /* auth */
NULL, /* pres */
magic,
call->conn->assoc_group, /* mem_ctx */
ptr,
location);
if (!NT_STATUS_IS_OK(status)) {
return status;
}
return NT_STATUS_OK;
}
void *_dcesrv_iface_state_find_assoc(struct dcesrv_call_state *call, uint64_t magic)
{
struct auth_session_info *session_info =
dcesrv_call_session_info(call);
const struct dom_sid *owner =
auth: Make more liberal use of SID index constants Arrays of SIDs are handled not fully consistently throughout the codebase. Sometimes SIDs in the first and second positions represent a user and a primary group respectively; other times they don't mean anything in particular. Using these index constants in situations of the former sort can help to clarify our intent. Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2022-12-16 12:08:41 +13:00
&session_info->security_token->sids[PRIMARY_USER_SID_INDEX];
s4:rpc_server: add dcesrv_iface_state_{store,find}_{assoc,conn}() helpers They can be used instead of dcesrv_connection_context->private_data and dcesrv_assoc_group->proxied_id. This is the first step to hide internal details of the core dcerpc server from the interface implementations. BUG: https://bugzilla.samba.org/show_bug.cgi?id=7113 BUG: https://bugzilla.samba.org/show_bug.cgi?id=11892 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
2018-12-10 22:41:31 +01:00
void *ptr = NULL;
ptr = dcesrv_iface_state_find(call->conn->assoc_group,
call->context->iface,
owner,
NULL, /* conn */
NULL, /* auth */
NULL, /* pres */
magic,
NULL); /* ptr */
if (ptr == NULL) {
return NULL;
}
return ptr;
}
NTSTATUS _dcesrv_iface_state_store_conn(struct dcesrv_call_state *call,
uint64_t magic,
void *ptr,
const char *location)
{
struct auth_session_info *session_info =
dcesrv_call_session_info(call);
const struct dom_sid *owner =
auth: Make more liberal use of SID index constants Arrays of SIDs are handled not fully consistently throughout the codebase. Sometimes SIDs in the first and second positions represent a user and a primary group respectively; other times they don't mean anything in particular. Using these index constants in situations of the former sort can help to clarify our intent. Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2022-12-16 12:08:41 +13:00
&session_info->security_token->sids[PRIMARY_USER_SID_INDEX];
s4:rpc_server: add dcesrv_iface_state_{store,find}_{assoc,conn}() helpers They can be used instead of dcesrv_connection_context->private_data and dcesrv_assoc_group->proxied_id. This is the first step to hide internal details of the core dcerpc server from the interface implementations. BUG: https://bugzilla.samba.org/show_bug.cgi?id=7113 BUG: https://bugzilla.samba.org/show_bug.cgi?id=11892 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
2018-12-10 22:41:31 +01:00
NTSTATUS status;
status = dcesrv_iface_state_store(call->conn->assoc_group,
call->context->iface,
owner,
call->conn,
call->auth_state,
call->context,
magic,
call->conn, /* mem_ctx */
ptr,
location);
if (!NT_STATUS_IS_OK(status)) {
return status;
}
return NT_STATUS_OK;
}
void *_dcesrv_iface_state_find_conn(struct dcesrv_call_state *call, uint64_t magic)
{
struct auth_session_info *session_info =
dcesrv_call_session_info(call);
const struct dom_sid *owner =
auth: Make more liberal use of SID index constants Arrays of SIDs are handled not fully consistently throughout the codebase. Sometimes SIDs in the first and second positions represent a user and a primary group respectively; other times they don't mean anything in particular. Using these index constants in situations of the former sort can help to clarify our intent. Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2022-12-16 12:08:41 +13:00
&session_info->security_token->sids[PRIMARY_USER_SID_INDEX];
s4:rpc_server: add dcesrv_iface_state_{store,find}_{assoc,conn}() helpers They can be used instead of dcesrv_connection_context->private_data and dcesrv_assoc_group->proxied_id. This is the first step to hide internal details of the core dcerpc server from the interface implementations. BUG: https://bugzilla.samba.org/show_bug.cgi?id=7113 BUG: https://bugzilla.samba.org/show_bug.cgi?id=11892 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
2018-12-10 22:41:31 +01:00
void *ptr = NULL;
ptr = dcesrv_iface_state_find(call->conn->assoc_group,
call->context->iface,
owner,
call->conn,
call->auth_state,
call->context,
magic,
NULL); /* ptr */
if (ptr == NULL) {
return NULL;
}
return ptr;
}
Copy Permalink