samba-mirror

mirror of https://github.com/samba-team/samba.git synced 2025-01-08 21:18:16 +03:00

Author	SHA1	Message	Date
Andrew Bartlett	52b91cb33c	s4-rpc_server: Remove Heimdal-based BackupKey server We rely on a modern GnuTLS now. Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>	2019-08-21 09:57:31 +00:00
Andrew Bartlett	1e427f55d7	s4-rpc_server: Check NTSTATUS return value from netlogon_creds_aes_decrypt() Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>	2019-08-21 09:57:30 +00:00
Andreas Schneider	d73be972ea	Revert "s4:rpc_server: Use generate_secret_buffer() to create a session key" This reverts commit `4b2480518b`. Reviewed-by: Alexander Bokovoy <ab@samba.org>	2019-08-14 15:07:24 +00:00
Andreas Schneider	38b0695dda	Revert "s4:rpc_server: Use generate_secret_buffer() for backupkey wap_key" This reverts commit `5a62056b45`. Reviewed-by: Alexander Bokovoy <ab@samba.org>	2019-08-14 15:07:24 +00:00
Andreas Schneider	1c68085404	Revert "s4:rpc_server: Use generate_secret_buffer() for netlogon challange" This reverts commit `a21770cfdf`. Reviewed-by: Alexander Bokovoy <ab@samba.org>	2019-08-14 15:07:24 +00:00
Andreas Schneider	a21770cfdf	s4:rpc_server: Use generate_secret_buffer() for netlogon challange Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>	2019-08-12 09:23:40 +00:00
Andreas Schneider	5a62056b45	s4:rpc_server: Use generate_secret_buffer() for backupkey wap_key Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>	2019-08-12 09:23:40 +00:00
Andreas Schneider	4b2480518b	s4:rpc_server: Use generate_secret_buffer() to create a session key Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>	2019-08-12 09:23:40 +00:00
Andreas Schneider	4326e7de6b	s4:rpc_server: Use GnuTLS RC4 for samr password BUG: https://bugzilla.samba.org/show_bug.cgi?id=14031 Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>	2019-07-26 01:48:25 +00:00
Andrew Bartlett	9363abfb5f	s4:rpc_server: Use samba_gnutls_arcfour_confounded_md5() in samr_set_password_ex() This allows the use of GnuTLS for the underlying RC4 crypto operations. Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>	2019-07-26 01:48:24 +00:00
Swen Schillig	3bc973c602	source4: Update all consumers of strtoul_err(), strtoull_err() to new API Signed-off-by: Swen Schillig <swen@linux.ibm.com> Reviewed-by: Ralph Boehme <slow@samba.org> Reviewed-by: Christof Schmitt <cs@samba.org>	2019-06-30 11:32:18 +00:00
Andreas Schneider	6eb38daad4	s4:rpc_server: Use GnuTLS RC4 in lsa server Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>	2019-06-27 12:54:24 +00:00
Andreas Schneider	67e6a9af2c	libcli:auth: Return NTSTATUS for netlogon_creds_arcfour_crypt() Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>	2019-06-27 12:54:23 +00:00
Andreas Schneider	cad3adb0b4	libcli:auth: Return NTSTATUS for netlogon_creds_decrypt_samlogon_logon() Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>	2019-06-27 12:54:23 +00:00
Andreas Schneider	00dd1a8bf8	libcli:auth: Return NTSTATUS for netlogon_creds_encrypt_samlogon_validation() Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>	2019-06-27 12:54:23 +00:00
Andrew Bartlett	8f4c30f785	lib/crypto: move gnutls error wrapper to own subsystem Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>	2019-06-27 12:54:22 +00:00
Andreas Schneider	4bcf72aa3d	s4:rpc_server: Use gnutls_error_to_ntstatus() in samr_password Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>	2019-06-24 06:11:17 +00:00
Stefan Metzmacher	6d958af0b4	dnsp.idl: fix dnsp_ip4_array definition In future we should use ipv4address, but that would result in a much larger change. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13969 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Garming Sam <garming@catalyst.net.nz>	2019-06-21 08:49:19 +00:00
Douglas Bagnall	1cac79dd98	CVE-2019-12435 rpc/dns: avoid NULL deference if zone not found in DnssrvOperation2 We still want to return DOES_NOT_EXIST when request_filter is not 0. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13922 Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>	2019-06-19 07:01:12 +00:00
Douglas Bagnall	7ea74d55ad	CVE-2019-12435 rpc/dns: avoid NULL deference if zone not found in DnssrvOperation We still want to return DOES_NOT_EXIST when request_filter is not 0. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13922 Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>	2019-06-19 07:01:12 +00:00
Gary Lockyer	ae4461dce9	auth auth_log: csbuild unused parm unix_username Fixes csbuild errors Error: COMPILER_WARNING: auth/auth_log.c: scope_hint: In function ‘log_authentication_event_json’ auth/auth_log.c:146:14: warning: unused parameter ‘unix_username’ [-Wunused-parameter] Error: COMPILER_WARNING: auth/auth_log.c: scope_hint: In function ‘log_authentication_event_human_readable’ auth/auth_log.c:586:14: warning: unused parameter ‘unix_username’ [-Wunused-parameter] Signed-off-by: Gary Lockyer <gary@catalyst.net.nz> Reviewed-by: Andreas Schneider <asn@samba.org>	2019-06-13 07:16:22 +00:00
Noel Power	bcc6b8c249	s4/rpc_server/dnsserver: clang: fix Value stored to 'status' is never read Fix the following warnings source4/rpc_server/dnsserver/dcerpc_dnsserver.c:1021: error: uninitvar: Uninitialized variable: answer_integer <--[cppcheck] source4/rpc_server/dnsserver/dcerpc_dnsserver.c:1723:4: warning: Value stored to 'status' is never read <--[clang] status = dns_fill_records_array(tmp_ctx, NULL, DNS_TYPE_A, ^ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ source4/rpc_server/dnsserver/dcerpc_dnsserver.c:1881:4: warning: Value stored to 'status' is never read <--[clang] status = dns_fill_records_array(tmp_ctx, NULL, DNS_TYPE_A, Signed-off-by: Noel Power <noel.power@suse.com> Reviewed-by: Andreas Schneider <asn@samba.org>	2019-06-04 22:13:07 +00:00
Noel Power	2bed937e7f	s4/rpc_server/dnsserver: cppcheck: Fix Uninitialized variable error. source4/rpc_server/dnsserver/dcerpc_dnsserver.c:715: error: uninitvar: Uninitialized variable: answer_integer <--[cppcheck] This error is benign and somewhat false because the code pointed to does not run (due to a different check) if answer_integer is not actually initialsed. It is easy to squash it though by just initialising the var. Signed-off-by: Noel Power <noel.power@suse.com> Reviewed-by: Andreas Schneider <asn@samba.org>	2019-06-04 22:13:07 +00:00
Stefan Metzmacher	ead9b93ce5	s4:rpc_server:netlogon: don't require NEG_AUTHENTICATED_RPC in netr_ServerAuthenticate*() The domain join with VMWare Horizon Quickprep seems to use netr_ServerAuthenticate3() with just the NEG_STRONG_KEYS (and in addition the NEG_SUPPORTS_AES) just to verify a password. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13464 (maybe) BUG: https://bugzilla.samba.org/show_bug.cgi?id=13949 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>	2019-06-04 22:13:07 +00:00
Andrew Bartlett	a011e033d5	s4-rpc_server: Remove unused dnsserver_find_partition() This has been unused since it was introduced by `5673e2cec9` in 2011. Found by callcatcher Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>	2019-05-22 05:59:13 +00:00
Andreas Schneider	f02713c98b	s4:rpc_server: Use GnuTLS MD5 for samr password Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>	2019-05-21 00:03:22 +00:00
Douglas Bagnall	95d7e939c5	s4/rpc/drsuapi/writespn: check the actual error code (CID 1034691) Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>	2019-05-09 22:39:27 +00:00
Douglas Bagnall	01e2bdaf30	s4/rpc/dns: check for IP address errors at startup The silent failure might leave an indeterminate or zero address. CID: 1272838 Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>	2019-05-09 22:39:27 +00:00
Douglas Bagnall	51e4a1e454	rpc/dns: reduce the CID count on temporary variables CID 1363189 and others. Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>	2019-05-09 22:39:27 +00:00
Douglas Bagnall	5389df9b4d	rpc/dns: leak less on memory failure (CID 1363191) Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>	2019-05-09 22:39:27 +00:00
Douglas Bagnall	74cd11df83	rpc/dnsdata: avoid crash on missing attr (CID: 1414757) Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>	2019-05-09 22:39:27 +00:00
Douglas Bagnall	a9e6300a5d	rpc/dnsdata: do not crash if message attr missing (CID: 1414773) This should be hard to trigger, but goto fail is always nicer than sig 11. Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>	2019-05-09 22:39:27 +00:00
Andreas Schneider	1b9cd2acda	waf: Also check for gnutls_privkey_export_x509() Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>	2019-05-07 00:11:25 +00:00
Andreas Schneider	e35a8598c6	waf: Add check for gnutls_x509_crt_set_subject_unique_id() This is used by the GnuTLS backupkey implementation. Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>	2019-04-30 23:18:27 +00:00
Andreas Schneider	b63bf2956e	s4:rpc_server: Remove obsolete gcrypt init Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>	2019-04-30 23:18:27 +00:00
Björn Baumbach	3378a561ef	s4:rpc_server: add missing newline to error debug message Signed-off-by: Björn Baumbach <bb@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> Autobuild-User(master): Jeremy Allison <jra@samba.org> Autobuild-Date(master): Wed Apr 3 00:13:10 UTC 2019 on sn-devel-144	2019-04-03 00:13:10 +00:00
Swen Schillig	2b2ff12e70	source4: Use wrapper for string to integer conversion In order to detect an value overflow error during the string to integer conversion with strtoul/strtoull, the errno variable must be set to zero before the execution and checked after the conversion is performed. This is achieved by using the wrapper function strtoul_err and strtoull_err. Signed-off-by: Swen Schillig <swen@linux.ibm.com> Reviewed-by: Ralph Böhme <slow@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>	2019-03-01 00:32:11 +00:00
Volker Lendecke	a89b0f3f4c	rpc_server: Use dom_sid_str_buf Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>	2019-02-27 01:35:19 +01:00
Gary Lockyer	62e4f8f3b2	s4 rpc netlogon: Pass logon_id to auth logging Pass the logon_id passed in the netlogon identity information to auth_logging. Signed-off-by: Gary Lockyer <gary@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>	2019-02-20 06:03:09 +01:00
Gary Lockyer	7fc379ce86	s4 rpc_server_samr: DomGeneralInformation use dsdb_domain_count Use dsdb_domain_count instead of samdb_search_count to determine the number of users, groups and aliases. This gives a performance gain of around 10%, reduces the total memory allocated and fixes the incorrect count returned for aliases. Signed-off-by: Gary Lockyer <gary@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>	2019-02-14 05:03:23 +01:00
Douglas Bagnall	5b0a9818ff	dsdb: make get_parsed_dns_trusted() a common helper function We are already using it in two places, and are about to add a third. The version in repl_meta_data.c did more work in the case that the parsed_dns can't really be trusted to conform to the expected format; this is now a wrapper called get_parsed_dns_trusted_fallback(). Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>	2019-02-13 04:15:14 +01:00
Stefan Metzmacher	9f6ade21f5	s4:dsdb:util: export SAMBA_CPS_{ACCOUNT,USER_PRINCIPAL,FULL}_NAME for check password script This allows the check password script to reject the username and other things. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>	2019-02-11 07:43:32 +01:00
Garming Sam	835e156494	dnsserver: Return access denied to the caller if the user was not a DNS admin This is not a proper fix to match Windows, but at the very least, it should be more obvious to users (using samba-tool for instance), that the user needs to be given more access or that they should use the administrator. Windows seems to deny access altogether by returning a fault after they have bound to the pipe and actually sent an operation. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13771 Signed-off-by: Garming Sam <garming@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>	2019-02-11 07:43:31 +01:00
Stefan Metzmacher	7bc6ec81c8	s4:rpc_server: implement security context multiplexing There're some systems like Cisco ISE use security multiplexing without checking (via bind time feature negotiation) the server supports it. Others like VMWare View, fallback to NT4 style netlogon connections without using netlogon secure channel, which then triggers an error, with "server schannel = yes", see https://bugzilla.samba.org/show_bug.cgi?id=13464. BUG: https://bugzilla.samba.org/show_bug.cgi?id=7113 BUG: https://bugzilla.samba.org/show_bug.cgi?id=11892 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>	2019-01-12 03:13:41 +01:00
Stefan Metzmacher	4bb3a66ae1	s4:rpc_server/lsa: specify \\pipe\lsass as ncacn_np_secondary_endpoint BUG: https://bugzilla.samba.org/show_bug.cgi?id=7113 BUG: https://bugzilla.samba.org/show_bug.cgi?id=11892 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>	2019-01-12 03:13:41 +01:00
Stefan Metzmacher	98d5872293	s4:rpc_server: make it possible to specify ncacn_np_secondary_endpoint Even a connect to \\pipe\lsarpc should return a secondary_address of '\\pipe\\lsass'. But that will be implemented in a following commit. BUG: https://bugzilla.samba.org/show_bug.cgi?id=7113 BUG: https://bugzilla.samba.org/show_bug.cgi?id=11892 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>	2019-01-12 03:13:41 +01:00
Stefan Metzmacher	b3659fb52d	s4:rpc_server: only share assoc group ids on the same transport BUG: https://bugzilla.samba.org/show_bug.cgi?id=7113 BUG: https://bugzilla.samba.org/show_bug.cgi?id=11892 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>	2019-01-12 03:13:41 +01:00
Stefan Metzmacher	c192dc1c9d	s4:rpc_server: don't replace '\\pipe\\' with '\\PIPE\\' This is not what Windows returns (at least for \\pipe\lsass). BUG: https://bugzilla.samba.org/show_bug.cgi?id=7113 BUG: https://bugzilla.samba.org/show_bug.cgi?id=11892 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>	2019-01-12 03:13:40 +01:00
Stefan Metzmacher	975e8e1f25	s4:rpc_server: fix DCERPC_PFC_FLAG_SUPPORT_HEADER_SIGN negotiation to match Windows BUG: https://bugzilla.samba.org/show_bug.cgi?id=7113 BUG: https://bugzilla.samba.org/show_bug.cgi?id=11892 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>	2019-01-12 03:13:40 +01:00
Stefan Metzmacher	6f53c99372	s4:rpc_server: SMB_ASSERT(auth->auth_finished); in order to get auth details Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>	2019-01-12 03:13:39 +01:00
Stefan Metzmacher	e9eb8e6a44	s4:rpc_server: only pass context to op_bind() hooks BUG: https://bugzilla.samba.org/show_bug.cgi?id=7113 BUG: https://bugzilla.samba.org/show_bug.cgi?id=11892 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>	2019-01-12 03:13:39 +01:00
Stefan Metzmacher	70b00c7567	s4:rpc_server: only use context within op_bind() hooks and dcesrv_interface_bind_*() functions BUG: https://bugzilla.samba.org/show_bug.cgi?id=7113 BUG: https://bugzilla.samba.org/show_bug.cgi?id=11892 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>	2019-01-12 03:13:39 +01:00
Stefan Metzmacher	28f4cb442c	s4:rpc_server: remove unused dcesrv_connection_context->private_date dcesrv_iface_state_{create,find}_{assoc,conn}() should be used instead. BUG: https://bugzilla.samba.org/show_bug.cgi?id=7113 BUG: https://bugzilla.samba.org/show_bug.cgi?id=11892 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>	2019-01-12 03:13:39 +01:00
Stefan Metzmacher	792b6b9d69	s4:rpc_server: remove unused dcesrv_assoc_group->proxied_id BUG: https://bugzilla.samba.org/show_bug.cgi?id=7113 BUG: https://bugzilla.samba.org/show_bug.cgi?id=11892 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>	2019-01-12 03:13:39 +01:00
Stefan Metzmacher	2ed7db445b	s4:rpc_server/winreg: don't cache an ldb connection per presentation context We should do this per context handle, as these are available on all connections of the association group. BUG: https://bugzilla.samba.org/show_bug.cgi?id=7113 BUG: https://bugzilla.samba.org/show_bug.cgi?id=11892 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>	2019-01-12 03:13:39 +01:00
Stefan Metzmacher	9616f6b8bc	s4:rpc_server/remote: make use dcesrv_iface_state_{store,find}_{assoc,conn}() helpers BUG: https://bugzilla.samba.org/show_bug.cgi?id=7113 BUG: https://bugzilla.samba.org/show_bug.cgi?id=11892 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>	2019-01-12 03:13:39 +01:00
Stefan Metzmacher	9d387919f6	s4:rpc_server/remote: introduce struct dcesrv_remote_call This holds the state for async requests. BUG: https://bugzilla.samba.org/show_bug.cgi?id=7113 BUG: https://bugzilla.samba.org/show_bug.cgi?id=11892 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>	2019-01-12 03:13:39 +01:00
Stefan Metzmacher	a8134191ec	s4:rpc_server/remote: defer the connect to the first client request This means we have a chance to use delegated credentials from the client if available, as the authentication is already completed. Before we only ever used the transport inherited credentials via SMB or anonymous. Note: most times we still fallback to anonymous... BUG: https://bugzilla.samba.org/show_bug.cgi?id=7113 BUG: https://bugzilla.samba.org/show_bug.cgi?id=11892 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>	2019-01-12 03:13:39 +01:00
Stefan Metzmacher	199d4ba7ac	s4:rpc_server/remote: fail the connection if the remote server don't support MPX If we already negotiated with our client to support concurent multiplexing (MPX), we need a remote connection that also supports it. BUG: https://bugzilla.samba.org/show_bug.cgi?id=7113 BUG: https://bugzilla.samba.org/show_bug.cgi?id=11892 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>	2019-01-12 03:13:39 +01:00
Stefan Metzmacher	3a17389e1b	s4:rpc_server/remote: add dcerpc_remote:allow_anonymous_fallback option BUG: https://bugzilla.samba.org/show_bug.cgi?id=7113 BUG: https://bugzilla.samba.org/show_bug.cgi?id=11892 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>	2019-01-12 03:13:38 +01:00
Stefan Metzmacher	23d1393a5f	s4:rpc_server/remote: reformat code to get "dcerpc_remote:use_machine_account" BUG: https://bugzilla.samba.org/show_bug.cgi?id=7113 BUG: https://bugzilla.samba.org/show_bug.cgi?id=11892 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>	2019-01-12 03:13:38 +01:00
Stefan Metzmacher	d9b88ccd81	s4:rpc_server/remote: reformat code to get "dcerpc_remote:binding" BUG: https://bugzilla.samba.org/show_bug.cgi?id=7113 BUG: https://bugzilla.samba.org/show_bug.cgi?id=11892 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>	2019-01-12 03:13:38 +01:00
Stefan Metzmacher	1f348d077b	s4:rpc_server/remote: remote_op_bind already has the table available BUG: https://bugzilla.samba.org/show_bug.cgi?id=7113 BUG: https://bugzilla.samba.org/show_bug.cgi?id=11892 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>	2019-01-12 03:13:38 +01:00
Stefan Metzmacher	965abe8e1a	s4:rpc_server/remote: introduce remote_get_private() BUG: https://bugzilla.samba.org/show_bug.cgi?id=7113 BUG: https://bugzilla.samba.org/show_bug.cgi?id=11892 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>	2019-01-12 03:13:38 +01:00
Stefan Metzmacher	245a0ef73f	s4:rpc_server/dnsserver: make use of dcesrv_iface_state_{create,find}_conn() BUG: https://bugzilla.samba.org/show_bug.cgi?id=7113 BUG: https://bugzilla.samba.org/show_bug.cgi?id=11892 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>	2019-01-12 03:13:38 +01:00
Stefan Metzmacher	5cbcc78a40	s4:rpc_server/netlogon: make use of dcesrv_iface_state_{create,find}_conn() BUG: https://bugzilla.samba.org/show_bug.cgi?id=7113 BUG: https://bugzilla.samba.org/show_bug.cgi?id=11892 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>	2019-01-12 03:13:38 +01:00
Stefan Metzmacher	c76a5be87b	s4:rpc_server: add dcesrv_iface_state_{store,find}_{assoc,conn}() helpers They can be used instead of dcesrv_connection_context->private_data and dcesrv_assoc_group->proxied_id. This is the first step to hide internal details of the core dcerpc server from the interface implementations. BUG: https://bugzilla.samba.org/show_bug.cgi?id=7113 BUG: https://bugzilla.samba.org/show_bug.cgi?id=11892 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>	2019-01-12 03:13:38 +01:00
Stefan Metzmacher	38e0c06abc	s4:rpc_server: move bind_time_features to dcesrv_assoc_group BUG: https://bugzilla.samba.org/show_bug.cgi?id=7113 BUG: https://bugzilla.samba.org/show_bug.cgi?id=11892 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>	2019-01-12 03:13:37 +01:00
Stefan Metzmacher	6b02b94d03	s4:rpc_server: add a min_auth_level to context handles BUG: https://bugzilla.samba.org/show_bug.cgi?id=7113 BUG: https://bugzilla.samba.org/show_bug.cgi?id=11892 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>	2019-01-12 03:13:37 +01:00
Stefan Metzmacher	d8293acdb4	s4:rpc_server: replace dce_conn->allow_request with auth->auth_finished They both had the same lifetime and the disconnect case is now caught by auth->auth_invalid = true. BUG: https://bugzilla.samba.org/show_bug.cgi?id=7113 BUG: https://bugzilla.samba.org/show_bug.cgi?id=11892 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>	2019-01-12 03:13:37 +01:00
Stefan Metzmacher	13e52cc929	s4:rpc_server: replace dce_conn->allow_auth3 with auth->auth_started auth3 is allowed if auth_started is true and auth_finished is false. BUG: https://bugzilla.samba.org/show_bug.cgi?id=7113 BUG: https://bugzilla.samba.org/show_bug.cgi?id=11892 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>	2019-01-12 03:13:37 +01:00
Stefan Metzmacher	0191516efc	s4:rpc_server: set auth_invalid = true on disconnect BUG: https://bugzilla.samba.org/show_bug.cgi?id=7113 BUG: https://bugzilla.samba.org/show_bug.cgi?id=11892 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>	2019-01-12 03:13:37 +01:00
Stefan Metzmacher	b46df3a85c	s4:rpc_server: split out log_successful_dcesrv_authz_event() BUG: https://bugzilla.samba.org/show_bug.cgi?id=7113 BUG: https://bugzilla.samba.org/show_bug.cgi?id=11892 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>	2019-01-12 03:13:37 +01:00
Stefan Metzmacher	76976eab01	s4:rpc_server: add some protection checks to dcesrv_auth_prepare_gensec() BUG: https://bugzilla.samba.org/show_bug.cgi?id=7113 BUG: https://bugzilla.samba.org/show_bug.cgi?id=11892 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>	2019-01-12 03:13:37 +01:00
Stefan Metzmacher	2640f60e88	s4:rpc_server: split out dcesrv_auth_prepare_gensec() BUG: https://bugzilla.samba.org/show_bug.cgi?id=7113 BUG: https://bugzilla.samba.org/show_bug.cgi?id=11892 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>	2019-01-12 03:13:37 +01:00
Stefan Metzmacher	e2a05c3ad8	s4:rpc_server: allocate struct dcesrv_auth with talloc BUG: https://bugzilla.samba.org/show_bug.cgi?id=7113 BUG: https://bugzilla.samba.org/show_bug.cgi?id=11892 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>	2019-01-12 03:13:37 +01:00
Stefan Metzmacher	5802161258	s4:rpc_server: make use of dcesrv_call_state->auth_state in dcerpc_server.c BUG: https://bugzilla.samba.org/show_bug.cgi?id=7113 BUG: https://bugzilla.samba.org/show_bug.cgi?id=11892 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>	2019-01-12 03:13:36 +01:00
Stefan Metzmacher	097299ae7a	s4:rpc_server: make use of dcesrv_call_state->auth_state in common/reply.c BUG: https://bugzilla.samba.org/show_bug.cgi?id=7113 BUG: https://bugzilla.samba.org/show_bug.cgi?id=11892 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>	2019-01-12 03:13:36 +01:00
Stefan Metzmacher	8ec932923b	s4:rpc_server: make use of dcesrv_call_state->auth_state in dcesrv_auth.c BUG: https://bugzilla.samba.org/show_bug.cgi?id=7113 BUG: https://bugzilla.samba.org/show_bug.cgi?id=11892 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>	2019-01-12 03:13:36 +01:00
Stefan Metzmacher	9a3ea90cc5	s4:rpc_server: introduce dcesrv_call_state->auth_state BUG: https://bugzilla.samba.org/show_bug.cgi?id=7113 BUG: https://bugzilla.samba.org/show_bug.cgi?id=11892 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>	2019-01-12 03:13:36 +01:00
Stefan Metzmacher	93ae817a02	s4:rpc_server: use helper variables to access 'struct dcesrv_auth' in dcerpc_server.c BUG: https://bugzilla.samba.org/show_bug.cgi?id=7113 BUG: https://bugzilla.samba.org/show_bug.cgi?id=11892 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>	2019-01-12 03:13:36 +01:00
Stefan Metzmacher	b8d384177c	s4:rpc_server: use helper variables to access 'struct dcesrv_auth' in common/reply.c BUG: https://bugzilla.samba.org/show_bug.cgi?id=7113 BUG: https://bugzilla.samba.org/show_bug.cgi?id=11892 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>	2019-01-12 03:13:36 +01:00
Stefan Metzmacher	72643248d9	s4:rpc_server: use helper variables to access 'struct dcesrv_auth' in dcesrv_auth.c BUG: https://bugzilla.samba.org/show_bug.cgi?id=7113 BUG: https://bugzilla.samba.org/show_bug.cgi?id=11892 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>	2019-01-12 03:13:36 +01:00
Stefan Metzmacher	c621a87322	s4:rpc_server/remote: make use of dcesrv_call_credentials() BUG: https://bugzilla.samba.org/show_bug.cgi?id=7113 BUG: https://bugzilla.samba.org/show_bug.cgi?id=11892 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>	2019-01-12 03:13:36 +01:00
Stefan Metzmacher	6b49e325f1	s4:rpc_server/netlogon: make use of dcesrv_call_auth_info() BUG: https://bugzilla.samba.org/show_bug.cgi?id=7113 BUG: https://bugzilla.samba.org/show_bug.cgi?id=11892 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>	2019-01-12 03:13:36 +01:00
Stefan Metzmacher	cd380d8ada	s4:rpc_server/netlogon: simplify logic of dcesrv_netr_creds_server_step_check() It's enough to check the auth_type for DCERPC_AUTH_TYPE_SCHANNEL, there's no need to also check the auth_level for integrity or privacy. The gensec layer already required at least DCERPC_AUTH_LEVEL_INTEGRITY, see schannel_update_internal(). BUG: https://bugzilla.samba.org/show_bug.cgi?id=7113 BUG: https://bugzilla.samba.org/show_bug.cgi?id=11892 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>	2019-01-12 03:13:35 +01:00
Stefan Metzmacher	fc596ef1c7	s4:rpc_server/lsa: make use of dcesrv_call_auth_info() It's enough to check the auth_type for DCERPC_AUTH_TYPE_SCHANNEL, there's no need to also check the auth_level for integrity or privacy. The gensec layer already required at least DCERPC_AUTH_LEVEL_INTEGRITY, see schannel_update_internal(). BUG: https://bugzilla.samba.org/show_bug.cgi?id=7113 BUG: https://bugzilla.samba.org/show_bug.cgi?id=11892 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>	2019-01-12 03:13:35 +01:00
Stefan Metzmacher	10816794c0	s4:rpc_server/samr: make use of dcesrv_call_auth_info() BUG: https://bugzilla.samba.org/show_bug.cgi?id=7113 BUG: https://bugzilla.samba.org/show_bug.cgi?id=11892 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>	2019-01-12 03:13:35 +01:00
Stefan Metzmacher	62d45e16e0	s4:rpc_server: add dcesrv_call_auth_info() BUG: https://bugzilla.samba.org/show_bug.cgi?id=7113 BUG: https://bugzilla.samba.org/show_bug.cgi?id=11892 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>	2019-01-12 03:13:35 +01:00
Stefan Metzmacher	f6a296863f	s4:rpc_server/handles: make use dcesrv_call_session_info() BUG: https://bugzilla.samba.org/show_bug.cgi?id=7113 BUG: https://bugzilla.samba.org/show_bug.cgi?id=11892 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>	2019-01-12 03:13:35 +01:00
Stefan Metzmacher	8639d73025	s4:rpc_server: remove the old dcesrv_handle_{new,fetch}() api BUG: https://bugzilla.samba.org/show_bug.cgi?id=7113 BUG: https://bugzilla.samba.org/show_bug.cgi?id=11892 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>	2019-01-12 03:13:35 +01:00
Stefan Metzmacher	237ae037f4	s4:rpc_server: only use the new dcesrv_handle_{create,lookup}() api BUG: https://bugzilla.samba.org/show_bug.cgi?id=7113 BUG: https://bugzilla.samba.org/show_bug.cgi?id=11892 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>	2019-01-12 03:13:35 +01:00
Stefan Metzmacher	86661abacf	s4:rpc_server/winreg: make use of dcesrv_handle_create() BUG: https://bugzilla.samba.org/show_bug.cgi?id=7113 BUG: https://bugzilla.samba.org/show_bug.cgi?id=11892 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>	2019-01-12 03:13:35 +01:00
Stefan Metzmacher	70a5d21d74	s4:rpc_server/samr: make use of dcesrv_handle_create() BUG: https://bugzilla.samba.org/show_bug.cgi?id=7113 BUG: https://bugzilla.samba.org/show_bug.cgi?id=11892 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>	2019-01-12 03:13:35 +01:00
Stefan Metzmacher	884a18fa39	s4:rpc_server/lsa: make use of dcesrv_handle_create() BUG: https://bugzilla.samba.org/show_bug.cgi?id=7113 BUG: https://bugzilla.samba.org/show_bug.cgi?id=11892 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>	2019-01-12 03:13:35 +01:00
Stefan Metzmacher	89a42fc011	s4:rpc_server/eventlog: make use of dcesrv_handle_create() BUG: https://bugzilla.samba.org/show_bug.cgi?id=7113 BUG: https://bugzilla.samba.org/show_bug.cgi?id=11892 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>	2019-01-12 03:13:34 +01:00
Stefan Metzmacher	ec3e404a80	s4:rpc_server/drsuapi: make use of dcesrv_handle_create() BUG: https://bugzilla.samba.org/show_bug.cgi?id=7113 BUG: https://bugzilla.samba.org/show_bug.cgi?id=11892 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>	2019-01-12 03:13:34 +01:00
Stefan Metzmacher	47a941cafb	s4:rpc_server: add dcesrv_handle_{create,lookup}() functions They take struct dcesrv_call_state as argument and will replace dcesrv_handle_{new,fetch}() which take dcesrv_connection_context as argument. BUG: https://bugzilla.samba.org/show_bug.cgi?id=7113 BUG: https://bugzilla.samba.org/show_bug.cgi?id=11892 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>	2019-01-12 03:13:34 +01:00
Stefan Metzmacher	d1f5e5d5b4	s4:rpc_server: add some const to dcesrv_handle_fetch() BUG: https://bugzilla.samba.org/show_bug.cgi?id=7113 BUG: https://bugzilla.samba.org/show_bug.cgi?id=11892 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>	2019-01-12 03:13:34 +01:00
Stefan Metzmacher	ace0672968	s4:rpc_server: merge dcesrv_fetch_session_key() into dcesrv_transport_session_key() BUG: https://bugzilla.samba.org/show_bug.cgi?id=7113 BUG: https://bugzilla.samba.org/show_bug.cgi?id=11892 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>	2019-01-12 03:13:34 +01:00
Stefan Metzmacher	b8eae043dd	s4:rpc_server: remove unused dcesrv_inherited_session_key() BUG: https://bugzilla.samba.org/show_bug.cgi?id=7113 BUG: https://bugzilla.samba.org/show_bug.cgi?id=11892 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>	2019-01-12 03:13:34 +01:00
Stefan Metzmacher	57edc9a0d5	s4:rpc_server: only pass dcesrv_auth to auth_state.session_key_fn() BUG: https://bugzilla.samba.org/show_bug.cgi?id=7113 BUG: https://bugzilla.samba.org/show_bug.cgi?id=11892 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>	2019-01-12 03:13:34 +01:00
Stefan Metzmacher	e0a963a7ce	s4:rpc_server: only setup the auth_state.session_key fn in dcesrv_endpoint_connect() BUG: https://bugzilla.samba.org/show_bug.cgi?id=7113 BUG: https://bugzilla.samba.org/show_bug.cgi?id=11892 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>	2019-01-12 03:13:34 +01:00
Stefan Metzmacher	00e9204567	s4:rpc_server: make dcesrv_endpoint_connect() static BUG: https://bugzilla.samba.org/show_bug.cgi?id=7113 BUG: https://bugzilla.samba.org/show_bug.cgi?id=11892 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>	2019-01-12 03:13:34 +01:00
Stefan Metzmacher	d2aecd8755	s4:rpc_server: only AUTH_TYPE_NONE should get a transport session key There's only a logic change for NCALRPC and NCACN_UNIX_STREAM. dcesrv_generic_session_key() already returned NT_STATUS_NO_USER_SESSION_KEY for all other cases. BUG: https://bugzilla.samba.org/show_bug.cgi?id=7113 BUG: https://bugzilla.samba.org/show_bug.cgi?id=11892 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>	2019-01-12 03:13:34 +01:00
Stefan Metzmacher	6df7143606	s4:rpc_server: split out a dcesrv_session_info_session_key() helper function BUG: https://bugzilla.samba.org/show_bug.cgi?id=7113 BUG: https://bugzilla.samba.org/show_bug.cgi?id=11892 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>	2019-01-12 03:13:33 +01:00
Stefan Metzmacher	851c06f40b	s4:rpc_server: allow a NULL function pointer in dcesrv_fetch_session_key() BUG: https://bugzilla.samba.org/show_bug.cgi?id=7113 BUG: https://bugzilla.samba.org/show_bug.cgi?id=11892 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>	2019-01-12 03:13:33 +01:00
Stefan Metzmacher	2f5c344bfc	s4:rpc_server/drsuapi: make use of dcesrv_auth_session_key() BUG: https://bugzilla.samba.org/show_bug.cgi?id=7113 BUG: https://bugzilla.samba.org/show_bug.cgi?id=11892 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>	2019-01-12 03:13:33 +01:00
Stefan Metzmacher	dbb381ad37	s4:rpc_server/samr: make use of dcesrv_transport_session_key() BUG: https://bugzilla.samba.org/show_bug.cgi?id=7113 BUG: https://bugzilla.samba.org/show_bug.cgi?id=11892 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>	2019-01-12 03:13:33 +01:00
Stefan Metzmacher	8a171c692f	s4:rpc_server/lsa: make use of dcesrv_transport_session_key() BUG: https://bugzilla.samba.org/show_bug.cgi?id=7113 BUG: https://bugzilla.samba.org/show_bug.cgi?id=11892 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>	2019-01-12 03:13:33 +01:00
Stefan Metzmacher	13c534bd93	s4:rpc_server: add dcesrv_{auth,transport}_session_key() functions They take struct dcesrv_call_state as argument and will replace dcesrv_{inherited,fetch}_session_key() which take dcesrv_connection as argument. BUG: https://bugzilla.samba.org/show_bug.cgi?id=7113 BUG: https://bugzilla.samba.org/show_bug.cgi?id=11892 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>	2019-01-12 03:13:33 +01:00
Stefan Metzmacher	905417c2a7	s4:rpc_server/common: make use dcesrv_call_session_info() BUG: https://bugzilla.samba.org/show_bug.cgi?id=7113 BUG: https://bugzilla.samba.org/show_bug.cgi?id=11892 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>	2019-01-12 03:13:33 +01:00
Stefan Metzmacher	014e55b8e9	s4:rpc_server/winreq: make use dcesrv_call_session_info() BUG: https://bugzilla.samba.org/show_bug.cgi?id=7113 BUG: https://bugzilla.samba.org/show_bug.cgi?id=11892 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>	2019-01-12 03:13:33 +01:00
Stefan Metzmacher	ba127cab2c	s4:rpc_server/srvsvc: make use dcesrv_call_session_info() BUG: https://bugzilla.samba.org/show_bug.cgi?id=7113 BUG: https://bugzilla.samba.org/show_bug.cgi?id=11892 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>	2019-01-12 03:13:33 +01:00
Stefan Metzmacher	89c8870c6a	s4:rpc_server/samr: make use dcesrv_call_session_info() BUG: https://bugzilla.samba.org/show_bug.cgi?id=7113 BUG: https://bugzilla.samba.org/show_bug.cgi?id=11892 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>	2019-01-12 03:13:33 +01:00
Stefan Metzmacher	aa6d9e49bb	s4:rpc_server/netlogon: make use dcesrv_call_session_info() BUG: https://bugzilla.samba.org/show_bug.cgi?id=7113 BUG: https://bugzilla.samba.org/show_bug.cgi?id=11892 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>	2019-01-12 03:13:32 +01:00
Stefan Metzmacher	73bda4b6d6	s4:rpc_server/lsa: make use dcesrv_call_session_info() BUG: https://bugzilla.samba.org/show_bug.cgi?id=7113 BUG: https://bugzilla.samba.org/show_bug.cgi?id=11892 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>	2019-01-12 03:13:32 +01:00
Stefan Metzmacher	e1caa51146	s4:rpc_server/drsuapi: make use dcesrv_call_session_info() BUG: https://bugzilla.samba.org/show_bug.cgi?id=7113 BUG: https://bugzilla.samba.org/show_bug.cgi?id=11892 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>	2019-01-12 03:13:32 +01:00
Stefan Metzmacher	c989e35c63	s4:rpc_server/dnsserver: make use dcesrv_call_session_info() BUG: https://bugzilla.samba.org/show_bug.cgi?id=7113 BUG: https://bugzilla.samba.org/show_bug.cgi?id=11892 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>	2019-01-12 03:13:32 +01:00
Stefan Metzmacher	707105d0de	s4:rpc_server/backupkey: make use dcesrv_call_session_info() BUG: https://bugzilla.samba.org/show_bug.cgi?id=7113 BUG: https://bugzilla.samba.org/show_bug.cgi?id=11892 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>	2019-01-12 03:13:32 +01:00
Stefan Metzmacher	961ebf229a	s4:rpc_server: add dcesrv_call_session_info() BUG: https://bugzilla.samba.org/show_bug.cgi?id=7113 BUG: https://bugzilla.samba.org/show_bug.cgi?id=11892 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>	2019-01-12 03:13:32 +01:00
Stefan Metzmacher	5f33379ee8	s4:rpc_server: remove unused dcesrv_connection->transport_session_key BUG: https://bugzilla.samba.org/show_bug.cgi?id=7113 BUG: https://bugzilla.samba.org/show_bug.cgi?id=11892 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>	2019-01-12 03:13:32 +01:00
Stefan Metzmacher	a71558cf8f	s4:rpc_server: move dcesrv_auth.c and common/reply.c to dcerpc_server They belong to the core dcerpc server. BUG: https://bugzilla.samba.org/show_bug.cgi?id=7113 BUG: https://bugzilla.samba.org/show_bug.cgi?id=11892 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>	2019-01-12 03:13:32 +01:00
Stefan Metzmacher	6739d1b8e4	s4:rpc_server: let test_rpc_dns_server_dnsutils depend on dcerpc_server The core dcerpc server is required here, which also implies DCERPC_COMMON. This is required to move common/reply.c dcesrv_auth.c from DCERPC_COMMON to dcerpc_server in the next commit. BUG: https://bugzilla.samba.org/show_bug.cgi?id=7113 BUG: https://bugzilla.samba.org/show_bug.cgi?id=11892 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>	2019-01-12 03:13:32 +01:00
Stefan Metzmacher	f17cd47802	s4:rpc_server: remove dcerpc_remote dependency from dcerpc_server dcerpc_remote is just an implementation and does not belong to the core dcerpc server. BUG: https://bugzilla.samba.org/show_bug.cgi?id=7113 BUG: https://bugzilla.samba.org/show_bug.cgi?id=11892 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>	2019-01-12 03:13:32 +01:00
Stefan Metzmacher	0b972ec694	s4:rpc_server/samr: Fix the O3 developer build Different gcc versions complain at different places. I recently got these: ../source4/rpc_server/samr/dcesrv_samr.c: In function ‘dcesrv_samr_QueryDisplayInfo2’: ../source4/rpc_server/samr/dcesrv_samr.c:4117:2: error: ‘q.out.result.v’ may be used uninitialized in this function [-Werror=maybe-uninitialized] return result; ^ ../source4/rpc_server/samr/dcesrv_samr.c: In function ‘dcesrv_samr_QueryDisplayInfo3’: ../source4/rpc_server/samr/dcesrv_samr.c:4151:2: error: ‘q.out.result.v’ may be used uninitialized in this function [-Werror=maybe-uninitialized] return result; ^ cc1: all warnings being treated as errors ../source4/rpc_server/samr/dcesrv_samr.c: In function ‘dcesrv_samr_QueryDisplayInfo3’: ../source4/rpc_server/samr/dcesrv_samr.c:4151:2: error: ‘q.out.result.v’ may be used uninitialized in this function [-Werror=maybe-uninitialized] return result; ^ In file included from ../source4/rpc_server/samr/dcesrv_samr.c:4447:0: default/librpc/gen_ndr/ndr_samr_s.c: In function ‘samr__op_dispatch’: default/librpc/gen_ndr/ndr_samr_s.c:597:18: error: ‘q.out.result.v’ may be used uninitialized in this function [-Werror=maybe-uninitialized] r2->out.result = dcesrv_samr_QueryDisplayInfo2(dce_call, mem_ctx, r2); ^ cc1: all warnings being treated as errors BUG: https://bugzilla.samba.org/show_bug.cgi?id=7113 BUG: https://bugzilla.samba.org/show_bug.cgi?id=11892 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>	2019-01-12 03:13:32 +01:00
Aaron Haslett	ebc42cb140	dns: treating fully qualified and unqualified zone as identical. "zone.com." and "zone.com" should be treated as the same zone. This patch picks the unqualified representation as standard and enforces it, in order to match BIND9 behaviour. Note: This fixes the failing test added previously, but that test still fails on the rodc test target so we modify the expected failure but don't remove it. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13442 Signed-off-by: Aaron Haslett <aaronhaslett@catalyst.net.nz> Reviewed-by: Gary Lockyer <gary@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>	2018-12-20 23:40:26 +01:00
Gary Lockyer	9a12a00146	CVE-2018-16852 dcerpc dnsserver: refactor common properties handling dnsserver_common.c and dnsutils.c both share similar code to process zone properties. This patch extracts the common code and moves it to dnsserver_common.c. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13669 Signed-off-by: Gary Lockyer <gary@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>	2018-11-28 08:22:24 +01:00
Gary Lockyer	2b00f8fa9f	CVE-2018-16852 dcerpc dnsserver: Ensure properties are handled correctly Fixes for Bug 13669 - (CVE-2018-16852) NULL pointer de-reference in Samba AD DC DNS management The presence of the ZONE_MASTER_SERVERS property or the ZONE_SCAVENGING_SERVERS property in a zone record causes the server to follow a null pointer and terminate. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13669 Signed-off-by: Gary Lockyer <gary@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>	2018-11-28 08:22:24 +01:00
Gary Lockyer	c1d4033e09	CVE-2018-16852 dcerpc dnsserver: Verification tests Tests to verify Bug 13669 - (CVE-2018-16852) NULL pointer de-reference in Samba AD DC DNS management The presence of the ZONE_MASTER_SERVERS property or the ZONE_SCAVENGING_SERVERS property in a zone record causes the server to follow a null pointer and terminate. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13669 Signed-off-by: Gary Lockyer <gary@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>	2018-11-28 08:22:24 +01:00
Aaron Haslett	c3f6085991	dns: prevent self-referencing CNAME Stops the user from adding a self-referencing CNAME over RPC, which is an easy mistake to make with samba-tool. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13600 Signed-off-by: Aaron Haslett <aaronhaslett@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Garming Sam <garming@catalyst.net.nz>	2018-11-28 08:22:23 +01:00
Gary Lockyer	0c10c0e17a	source4 dcerpc_server: remove irpc_add_name Remove the irpc_add_name from dcesrv_sock_accept, as it results in two identical names being registered for a process. Signed-off-by: Gary Lockyer <gary@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>	2018-11-23 08:25:20 +01:00
Gary Lockyer	ad57cac7db	source4 samr: Tidy DBG_WARNING calls Move the calls to GUID_buf_string and dom_sid_str_buf into the coresponding DBG_WARNING call, instead of using an intermediate variable. While this violates the coding guidelines, doing this makes the code less cluttred and means the functions are only called if the debug message is printed. Signed-off-by: Gary Lockyer <gary@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Autobuild-User(master): Andrew Bartlett <abartlet@samba.org> Autobuild-Date(master): Wed Nov 21 01:50:11 CET 2018 on sn-devel-144	2018-11-21 01:50:11 +01:00
Andrew Bartlett	1719f8b9cd	s4-samr: Use GUID_buf_string() in dcesrv_samr_EnumDomainUsers() This avoids memory allocation. Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>	2018-11-20 22:14:18 +01:00
Andrew Bartlett	53c20e1096	s4-samr: Use dom_sid_split_rid() to get the RID in dcesrv_samr_EnumDomainUsers Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>	2018-11-20 22:14:18 +01:00
Gary Lockyer	64007aa382	source4 samr: cache samr_EnumDomainUsers results Add a cache of GUID's that matched the last samr_EnunDomainUsers made on a domain handle. The cache is cleared if resume_handle is zero, and when the final results are returned to the caller. The existing code repeated the database query for each chunk requested. Signed-off-by: Gary Lockyer <gary@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>	2018-11-20 22:14:17 +01:00
Andrew Bartlett	8d8303b0ae	s4-samr: Use GUID_buf_string() in dcesrv_samr_EnumDomainGroups() This avoids memory allocation Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>	2018-11-20 22:14:17 +01:00
Gary Lockyer	b624185293	s4-samr: Use dom_sid_split_rid() to get the RID in dcesrv_samr_EnumDomainGroups Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>	2018-11-20 22:14:17 +01:00
Gary Lockyer	564813b588	source4 samr: cache samr_EnumDomainGroups results Add a cache of GUID's that matched the last samr_EnunDomainGroups made on a domain handle. The cache is cleared if resume_handle is zero, and when the final results are returned to the caller. Signed-off-by: Gary Lockyer <gary@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>	2018-11-20 22:14:17 +01:00
Andrew Bartlett	fc1a16ff61	s4-samr: Use dom_sid_split_rid() to get the RID in dcesrv_samr_QueryDisplayInfo Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>	2018-11-20 22:14:17 +01:00
Gary Lockyer	10efdac356	source4 samr: cache samr_QueryDisplayInfo results Add a cache of GUID's that matched the last samr_QueryDisplayInfo made on a domain handle. The cache is cleared if the requested start index is zero, or if the level does not match that in the cache. The cache is maintained in the guid_caches array of the dcesrv_handle. Note: that currently this cache exists for the lifetime of the RPC handle. Signed-off-by: Gary Lockyer <gary@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>	2018-11-20 22:14:17 +01:00
Gary Lockyer	58c4490e24	source4 smdb rpc_server: Support prefork process model. Allow the rpc_server to run in the prefork process model. Due to the use of shared handles and resources all of the rpc end points are serviced in the first worker process. Those end points that can be run in multiple processes (currently only Netlogon and management) are serviced in the first and any subsequent workers. Signed-off-by: Gary Lockyer <gary@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>	2018-11-07 17:55:09 +01:00
Volker Lendecke	b9c590a68e	rpc_server4: Use dom_sid_str_buf Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>	2018-11-02 21:21:14 +01:00
Gary Lockyer	99aea42520	source4 smdb: Add a post fork hook to the service API Add a post fork hook to the service API this will be called: - standard process model immediately after the task_init. - single process model immediately after the task_init - prefork process model, inhibit_pre_fork = true immediately after the task_init - prefork process model, inhibit_pre_fork = false after each service worker has forked. It is not run on the service master process. The post fork hook is not called in the standard model if a new process is forked on a new connection. It is instead called immediately after the task_init. The task_init hook has been changed to return an error code. This ensures the post_fork code is only run if the task_init code completed successfully. Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>	2018-11-01 23:49:24 +01:00
Gary Lockyer	d6777a66c0	source4 smbd: Make the service_details structure constant. Make the service_details structure a static const. Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>	2018-11-01 23:49:24 +01:00
Stefan Metzmacher	2099add065	s4:rpc_server/netlogon: don't treet trusted domains as primary in LogonGetDomainInfo() We need to handle trusted domains differently than our primary domain. The most important part is that we don't return NETR_TRUST_FLAG_PRIMARY for them. NETR_TRUST_FLAG_{INBOUND,OUTBOUND,IN_FOREST} are the relavant flags for trusts. This is an example of what Windows returns in a complex trust environment: netr_LogonGetDomainInfo: struct netr_LogonGetDomainInfo out: struct netr_LogonGetDomainInfo return_authenticator : * return_authenticator: struct netr_Authenticator cred: struct netr_Credential data : f48b51ff12ff8c6c timestamp : Tue Aug 28 22:59:03 2018 CEST info : * info : union netr_DomainInfo(case 1) domain_info : * domain_info: struct netr_DomainInformation primary_domain: struct netr_OneDomainInfo domainname: struct lsa_StringLarge length : 0x0014 (20) size : 0x0016 (22) string : * string : 'W2012R2-L4' dns_domainname: struct lsa_StringLarge length : 0x0020 (32) size : 0x0022 (34) string : * string : 'w2012r2-l4.base.' dns_forestname: struct lsa_StringLarge length : 0x0020 (32) size : 0x0022 (34) string : * string : 'w2012r2-l4.base.' domain_guid : 0a133c91-8eac-4df0-96ac-ede69044a38b domain_sid : * domain_sid : S-1-5-21-2930975464-1937418634-1288008815 trust_extension: struct netr_trust_extension_container length : 0x0000 (0) size : 0x0000 (0) info : NULL dummy_string2: struct lsa_StringLarge length : 0x0000 (0) size : 0x0000 (0) string : NULL dummy_string3: struct lsa_StringLarge length : 0x0000 (0) size : 0x0000 (0) string : NULL dummy_string4: struct lsa_StringLarge length : 0x0000 (0) size : 0x0000 (0) string : NULL dummy_long1 : 0x00000000 (0) dummy_long2 : 0x00000000 (0) dummy_long3 : 0x00000000 (0) dummy_long4 : 0x00000000 (0) trusted_domain_count : 0x00000006 (6) trusted_domains : * trusted_domains: ARRAY(6) trusted_domains: struct netr_OneDomainInfo domainname: struct lsa_StringLarge length : 0x000e (14) size : 0x0010 (16) string : * string : 'FREEIPA' dns_domainname: struct lsa_StringLarge length : 0x0018 (24) size : 0x001a (26) string : * string : 'freeipa.base' dns_forestname: struct lsa_StringLarge length : 0x0000 (0) size : 0x0000 (0) string : NULL domain_guid : 00000000-0000-0000-0000-000000000000 domain_sid : * domain_sid : S-1-5-21-429948374-2562621466-335716826 trust_extension: struct netr_trust_extension_container length : 0x0010 (16) size : 0x0010 (16) info : * info: struct netr_trust_extension length : 0x00000008 (8) dummy : 0x00000000 (0) size : 0x00000008 (8) flags : 0x00000022 (34) 0: NETR_TRUST_FLAG_IN_FOREST 1: NETR_TRUST_FLAG_OUTBOUND 0: NETR_TRUST_FLAG_TREEROOT 0: NETR_TRUST_FLAG_PRIMARY 0: NETR_TRUST_FLAG_NATIVE 1: NETR_TRUST_FLAG_INBOUND 0: NETR_TRUST_FLAG_MIT_KRB5 0: NETR_TRUST_FLAG_AES parent_index : 0x00000000 (0) trust_type : LSA_TRUST_TYPE_UPLEVEL (2) trust_attributes : 0x00000008 (8) 0: LSA_TRUST_ATTRIBUTE_NON_TRANSITIVE 0: LSA_TRUST_ATTRIBUTE_UPLEVEL_ONLY 0: LSA_TRUST_ATTRIBUTE_QUARANTINED_DOMAIN 1: LSA_TRUST_ATTRIBUTE_FOREST_TRANSITIVE 0: LSA_TRUST_ATTRIBUTE_CROSS_ORGANIZATION 0: LSA_TRUST_ATTRIBUTE_WITHIN_FOREST 0: LSA_TRUST_ATTRIBUTE_TREAT_AS_EXTERNAL 0: LSA_TRUST_ATTRIBUTE_USES_RC4_ENCRYPTION dummy_string2: struct lsa_StringLarge length : 0x0000 (0) size : 0x0000 (0) string : NULL dummy_string3: struct lsa_StringLarge length : 0x0000 (0) size : 0x0000 (0) string : NULL dummy_string4: struct lsa_StringLarge length : 0x0000 (0) size : 0x0000 (0) string : NULL dummy_long1 : 0x00000000 (0) dummy_long2 : 0x00000000 (0) dummy_long3 : 0x00000000 (0) dummy_long4 : 0x00000000 (0) trusted_domains: struct netr_OneDomainInfo domainname: struct lsa_StringLarge length : 0x0016 (22) size : 0x0018 (24) string : * string : 'S1-W2012-L4' dns_domainname: struct lsa_StringLarge length : 0x0036 (54) size : 0x0038 (56) string : * string : 's1-w2012-l4.w2012r2-l4.base' dns_forestname: struct lsa_StringLarge length : 0x0000 (0) size : 0x0000 (0) string : NULL domain_guid : afe7fbde-af82-46cf-88a2-2df6920fc33e domain_sid : * domain_sid : S-1-5-21-1368093395-3821428921-3924672915 trust_extension: struct netr_trust_extension_container length : 0x0010 (16) size : 0x0010 (16) info : * info: struct netr_trust_extension length : 0x00000008 (8) dummy : 0x00000000 (0) size : 0x00000008 (8) flags : 0x00000023 (35) 1: NETR_TRUST_FLAG_IN_FOREST 1: NETR_TRUST_FLAG_OUTBOUND 0: NETR_TRUST_FLAG_TREEROOT 0: NETR_TRUST_FLAG_PRIMARY 0: NETR_TRUST_FLAG_NATIVE 1: NETR_TRUST_FLAG_INBOUND 0: NETR_TRUST_FLAG_MIT_KRB5 0: NETR_TRUST_FLAG_AES parent_index : 0x00000004 (4) trust_type : LSA_TRUST_TYPE_UPLEVEL (2) trust_attributes : 0x00000020 (32) 0: LSA_TRUST_ATTRIBUTE_NON_TRANSITIVE 0: LSA_TRUST_ATTRIBUTE_UPLEVEL_ONLY 0: LSA_TRUST_ATTRIBUTE_QUARANTINED_DOMAIN 0: LSA_TRUST_ATTRIBUTE_FOREST_TRANSITIVE 0: LSA_TRUST_ATTRIBUTE_CROSS_ORGANIZATION 1: LSA_TRUST_ATTRIBUTE_WITHIN_FOREST 0: LSA_TRUST_ATTRIBUTE_TREAT_AS_EXTERNAL 0: LSA_TRUST_ATTRIBUTE_USES_RC4_ENCRYPTION dummy_string2: struct lsa_StringLarge length : 0x0000 (0) size : 0x0000 (0) string : NULL dummy_string3: struct lsa_StringLarge length : 0x0000 (0) size : 0x0000 (0) string : NULL dummy_string4: struct lsa_StringLarge length : 0x0000 (0) size : 0x0000 (0) string : NULL dummy_long1 : 0x00000000 (0) dummy_long2 : 0x00000000 (0) dummy_long3 : 0x00000000 (0) dummy_long4 : 0x00000000 (0) trusted_domains: struct netr_OneDomainInfo domainname: struct lsa_StringLarge length : 0x0006 (6) size : 0x0008 (8) string : * string : 'BLA' dns_domainname: struct lsa_StringLarge length : 0x0010 (16) size : 0x0012 (18) string : * string : 'bla.base' dns_forestname: struct lsa_StringLarge length : 0x0000 (0) size : 0x0000 (0) string : NULL domain_guid : 00000000-0000-0000-0000-000000000000 domain_sid : * domain_sid : S-1-5-21-4053568372-2049667917-3384589010 trust_extension: struct netr_trust_extension_container length : 0x0010 (16) size : 0x0010 (16) info : * info: struct netr_trust_extension length : 0x00000008 (8) dummy : 0x00000000 (0) size : 0x00000008 (8) flags : 0x00000022 (34) 0: NETR_TRUST_FLAG_IN_FOREST 1: NETR_TRUST_FLAG_OUTBOUND 0: NETR_TRUST_FLAG_TREEROOT 0: NETR_TRUST_FLAG_PRIMARY 0: NETR_TRUST_FLAG_NATIVE 1: NETR_TRUST_FLAG_INBOUND 0: NETR_TRUST_FLAG_MIT_KRB5 0: NETR_TRUST_FLAG_AES parent_index : 0x00000000 (0) trust_type : LSA_TRUST_TYPE_UPLEVEL (2) trust_attributes : 0x00000008 (8) 0: LSA_TRUST_ATTRIBUTE_NON_TRANSITIVE 0: LSA_TRUST_ATTRIBUTE_UPLEVEL_ONLY 0: LSA_TRUST_ATTRIBUTE_QUARANTINED_DOMAIN 1: LSA_TRUST_ATTRIBUTE_FOREST_TRANSITIVE 0: LSA_TRUST_ATTRIBUTE_CROSS_ORGANIZATION 0: LSA_TRUST_ATTRIBUTE_WITHIN_FOREST 0: LSA_TRUST_ATTRIBUTE_TREAT_AS_EXTERNAL 0: LSA_TRUST_ATTRIBUTE_USES_RC4_ENCRYPTION dummy_string2: struct lsa_StringLarge length : 0x0000 (0) size : 0x0000 (0) string : NULL dummy_string3: struct lsa_StringLarge length : 0x0000 (0) size : 0x0000 (0) string : NULL dummy_string4: struct lsa_StringLarge length : 0x0000 (0) size : 0x0000 (0) string : NULL dummy_long1 : 0x00000000 (0) dummy_long2 : 0x00000000 (0) dummy_long3 : 0x00000000 (0) dummy_long4 : 0x00000000 (0) trusted_domains: struct netr_OneDomainInfo domainname: struct lsa_StringLarge length : 0x000c (12) size : 0x000e (14) string : * string : 'S4XDOM' dns_domainname: struct lsa_StringLarge length : 0x0016 (22) size : 0x0018 (24) string : * string : 's4xdom.base' dns_forestname: struct lsa_StringLarge length : 0x0000 (0) size : 0x0000 (0) string : NULL domain_guid : 00000000-0000-0000-0000-000000000000 domain_sid : * domain_sid : S-1-5-21-313966788-4060240134-2249344781 trust_extension: struct netr_trust_extension_container length : 0x0010 (16) size : 0x0010 (16) info : * info: struct netr_trust_extension length : 0x00000008 (8) dummy : 0x00000000 (0) size : 0x00000008 (8) flags : 0x00000022 (34) 0: NETR_TRUST_FLAG_IN_FOREST 1: NETR_TRUST_FLAG_OUTBOUND 0: NETR_TRUST_FLAG_TREEROOT 0: NETR_TRUST_FLAG_PRIMARY 0: NETR_TRUST_FLAG_NATIVE 1: NETR_TRUST_FLAG_INBOUND 0: NETR_TRUST_FLAG_MIT_KRB5 0: NETR_TRUST_FLAG_AES parent_index : 0x00000000 (0) trust_type : LSA_TRUST_TYPE_UPLEVEL (2) trust_attributes : 0x00000008 (8) 0: LSA_TRUST_ATTRIBUTE_NON_TRANSITIVE 0: LSA_TRUST_ATTRIBUTE_UPLEVEL_ONLY 0: LSA_TRUST_ATTRIBUTE_QUARANTINED_DOMAIN 1: LSA_TRUST_ATTRIBUTE_FOREST_TRANSITIVE 0: LSA_TRUST_ATTRIBUTE_CROSS_ORGANIZATION 0: LSA_TRUST_ATTRIBUTE_WITHIN_FOREST 0: LSA_TRUST_ATTRIBUTE_TREAT_AS_EXTERNAL 0: LSA_TRUST_ATTRIBUTE_USES_RC4_ENCRYPTION dummy_string2: struct lsa_StringLarge length : 0x0000 (0) size : 0x0000 (0) string : NULL dummy_string3: struct lsa_StringLarge length : 0x0000 (0) size : 0x0000 (0) string : NULL dummy_string4: struct lsa_StringLarge length : 0x0000 (0) size : 0x0000 (0) string : NULL dummy_long1 : 0x00000000 (0) dummy_long2 : 0x00000000 (0) dummy_long3 : 0x00000000 (0) dummy_long4 : 0x00000000 (0) trusted_domains: struct netr_OneDomainInfo domainname: struct lsa_StringLarge length : 0x0014 (20) size : 0x0016 (22) string : * string : 'W2012R2-L4' dns_domainname: struct lsa_StringLarge length : 0x001e (30) size : 0x0020 (32) string : * string : 'w2012r2-l4.base' dns_forestname: struct lsa_StringLarge length : 0x0000 (0) size : 0x0000 (0) string : NULL domain_guid : 0a133c91-8eac-4df0-96ac-ede69044a38b domain_sid : * domain_sid : S-1-5-21-2930975464-1937418634-1288008815 trust_extension: struct netr_trust_extension_container length : 0x0010 (16) size : 0x0010 (16) info : * info: struct netr_trust_extension length : 0x00000008 (8) dummy : 0x00000000 (0) size : 0x00000008 (8) flags : 0x0000001d (29) 1: NETR_TRUST_FLAG_IN_FOREST 0: NETR_TRUST_FLAG_OUTBOUND 1: NETR_TRUST_FLAG_TREEROOT 1: NETR_TRUST_FLAG_PRIMARY 1: NETR_TRUST_FLAG_NATIVE 0: NETR_TRUST_FLAG_INBOUND 0: NETR_TRUST_FLAG_MIT_KRB5 0: NETR_TRUST_FLAG_AES parent_index : 0x00000000 (0) trust_type : LSA_TRUST_TYPE_UPLEVEL (2) trust_attributes : 0x00000000 (0) 0: LSA_TRUST_ATTRIBUTE_NON_TRANSITIVE 0: LSA_TRUST_ATTRIBUTE_UPLEVEL_ONLY 0: LSA_TRUST_ATTRIBUTE_QUARANTINED_DOMAIN 0: LSA_TRUST_ATTRIBUTE_FOREST_TRANSITIVE 0: LSA_TRUST_ATTRIBUTE_CROSS_ORGANIZATION 0: LSA_TRUST_ATTRIBUTE_WITHIN_FOREST 0: LSA_TRUST_ATTRIBUTE_TREAT_AS_EXTERNAL 0: LSA_TRUST_ATTRIBUTE_USES_RC4_ENCRYPTION dummy_string2: struct lsa_StringLarge length : 0x0000 (0) size : 0x0000 (0) string : NULL dummy_string3: struct lsa_StringLarge length : 0x0000 (0) size : 0x0000 (0) string : NULL dummy_string4: struct lsa_StringLarge length : 0x0000 (0) size : 0x0000 (0) string : NULL dummy_long1 : 0x00000000 (0) dummy_long2 : 0x00000000 (0) dummy_long3 : 0x00000000 (0) dummy_long4 : 0x00000000 (0) trusted_domains: struct netr_OneDomainInfo domainname: struct lsa_StringLarge length : 0x0016 (22) size : 0x0018 (24) string : * string : 'S2-W2012-L4' dns_domainname: struct lsa_StringLarge length : 0x004e (78) size : 0x0050 (80) string : * string : 's2-w2012-l4.s1-w2012-l4.w2012r2-l4.base' dns_forestname: struct lsa_StringLarge length : 0x0000 (0) size : 0x0000 (0) string : NULL domain_guid : 29daace6-cded-4ce3-a754-7482a4d9127c domain_sid : * domain_sid : S-1-5-21-167342819-981449877-2130266853 trust_extension: struct netr_trust_extension_container length : 0x0010 (16) size : 0x0010 (16) info : * info: struct netr_trust_extension length : 0x00000008 (8) dummy : 0x00000000 (0) size : 0x00000008 (8) flags : 0x00000001 (1) 1: NETR_TRUST_FLAG_IN_FOREST 0: NETR_TRUST_FLAG_OUTBOUND 0: NETR_TRUST_FLAG_TREEROOT 0: NETR_TRUST_FLAG_PRIMARY 0: NETR_TRUST_FLAG_NATIVE 0: NETR_TRUST_FLAG_INBOUND 0: NETR_TRUST_FLAG_MIT_KRB5 0: NETR_TRUST_FLAG_AES parent_index : 0x00000001 (1) trust_type : LSA_TRUST_TYPE_UPLEVEL (2) trust_attributes : 0x00000000 (0) 0: LSA_TRUST_ATTRIBUTE_NON_TRANSITIVE 0: LSA_TRUST_ATTRIBUTE_UPLEVEL_ONLY 0: LSA_TRUST_ATTRIBUTE_QUARANTINED_DOMAIN 0: LSA_TRUST_ATTRIBUTE_FOREST_TRANSITIVE 0: LSA_TRUST_ATTRIBUTE_CROSS_ORGANIZATION 0: LSA_TRUST_ATTRIBUTE_WITHIN_FOREST 0: LSA_TRUST_ATTRIBUTE_TREAT_AS_EXTERNAL 0: LSA_TRUST_ATTRIBUTE_USES_RC4_ENCRYPTION dummy_string2: struct lsa_StringLarge length : 0x0000 (0) size : 0x0000 (0) string : NULL dummy_string3: struct lsa_StringLarge length : 0x0000 (0) size : 0x0000 (0) string : NULL dummy_string4: struct lsa_StringLarge length : 0x0000 (0) size : 0x0000 (0) string : NULL dummy_long1 : 0x00000000 (0) dummy_long2 : 0x00000000 (0) dummy_long3 : 0x00000000 (0) dummy_long4 : 0x00000000 (0) lsa_policy: struct netr_LsaPolicyInformation policy_size : 0x00000000 (0) policy : NULL dns_hostname: struct lsa_StringLarge length : 0x0036 (54) size : 0x0038 (56) string : * string : 'torturetest.w2012r2-l4.base' dummy_string2: struct lsa_StringLarge length : 0x0000 (0) size : 0x0000 (0) string : NULL dummy_string3: struct lsa_StringLarge length : 0x0000 (0) size : 0x0000 (0) string : NULL dummy_string4: struct lsa_StringLarge length : 0x0000 (0) size : 0x0000 (0) string : NULL workstation_flags : 0x00000003 (3) 1: NETR_WS_FLAG_HANDLES_INBOUND_TRUSTS 1: NETR_WS_FLAG_HANDLES_SPN_UPDATE supported_enc_types : 0x0000001f (31) 1: KERB_ENCTYPE_DES_CBC_CRC 1: KERB_ENCTYPE_DES_CBC_MD5 1: KERB_ENCTYPE_RC4_HMAC_MD5 1: KERB_ENCTYPE_AES128_CTS_HMAC_SHA1_96 1: KERB_ENCTYPE_AES256_CTS_HMAC_SHA1_96 0: KERB_ENCTYPE_FAST_SUPPORTED 0: KERB_ENCTYPE_COMPOUND_IDENTITY_SUPPORTED 0: KERB_ENCTYPE_CLAIMS_SUPPORTED 0: KERB_ENCTYPE_RESOURCE_SID_COMPRESSION_DISABLED dummy_long3 : 0x00000000 (0) dummy_long4 : 0x00000000 (0) result : NT_STATUS_OK Best viewed with: git show --histogram -w BUG: https://bugzilla.samba.org/show_bug.cgi?id=11517 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>	2018-09-04 02:31:27 +02:00
Stefan Metzmacher	ef0b489ad0	s4:rpc_server/netlogon: make use of talloc_zero_array() for the netr_OneDomainInfo array It's much safer than having uninitialized memory when we hit an error case. BUG: https://bugzilla.samba.org/show_bug.cgi?id=11517 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>	2018-09-04 02:31:27 +02:00
Stefan Metzmacher	61333f7787	s4:rpc_server/netlogon: use samdb_domain_guid()/dsdb_trust_local_tdo_info() to build our netr_OneDomainInfo values The logic for constructing the values for our own primary domain differs from the values of trusted domains. In order to make the code easier to understand we have a new fill_our_one_domain_info() helper that only takes care of our primary domain. The cleanup for the trust case will follow in a separate commit. BUG: https://bugzilla.samba.org/show_bug.cgi?id=11517 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>	2018-09-04 02:31:27 +02:00
Andrew Bartlett	28e2a518ff	dns_server: Avoid ldb_dn_add_child_fmt() on untrusted input By using the new ldb_dn_add_child_val() we ensure that the user-controlled values are not parsed as DN seperators. Additionally, the casefold DN is obtained before the search to trigger a full parse of the DN before being handled to the LDB search. This is not normally required but is done here due to the nature of the untrusted input. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13466 Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>	2018-08-15 07:08:24 +02:00
Aaron Haslett	50d961c1a2	dns: dns record scavenging function (without task) DNS record scavenging function with testing. The logic of the custom match rule in previous commit is inverted so that calculations using zone properties can be taken out of the function's inner loop. Periodic task to come. BUG: https://bugzilla.samba.org/show_bug.cgi?id=10812 Signed-off-by: Aaron Haslett <aaronhaslett@catalyst.net.nz> Reviewed-by: Gary Lockyer <gary@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>	2018-07-12 04:31:55 +02:00

1 2 3 4 5 ...

2676 Commits