IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
Get the dcesrv_context from parent context and use it to search the
endpoint serving the named pipe. Once we have the endpoint pass it to
the make_internal_rpc_pipe_socketpair function.
Signed-off-by: Samuel Cabrero <scabrero@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
The endpoint mapper entry is built using the dcesrv_endpoint and the
interfaces registered into it instead of using the
dcerpc_binding_vector.
Signed-off-by: Samuel Cabrero <scabrero@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
If smbd and samba processes use DEFAULT as socket name they will race to
accept the NCALRPC connections.
Signed-off-by: Samuel Cabrero <scabrero@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
The listener is created in the endpoint memory context. If the endpoint
is freed, the listener will be freed too and the socket closed.
Signed-off-by: Samuel Cabrero <scabrero@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
The pidl-generated initialization function for each endpoint server will
register the RPC interface in all endpoints defined in the idl file.
The interface registration code will create the endpoint if it does not
exists (as an endpoint can serve multiple interfaces) and will add it to
the endpoint list exiting in the dcesrv_context.
This commit adds a generic dcesrv_create_endpoint_sockets function which
will be preforking external daemons to create the sockets regardless the
endpoint transport. This function will only create the sockets, the
external preforking daemon is who will start listening.
Signed-off-by: Samuel Cabrero <scabrero@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
The pidl-generated initialization function for each endpoint server will
register the RPC interface in all endpoints defined in the idl file.
The interface registration code will create the endpoint if it does not
exists (as an endpoint can serve multiple interfaces) and will add it to
the endpoint list exiting in the dcesrv_context.
This commit adds a generic dcesrv_setup_endpoint_sockets function which
will be used by embedded services and non-preforking external daemons to
setup the sockets regardless the transport.
Signed-off-by: Samuel Cabrero <scabrero@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Keep the s3 server behaviour for now and return always the same
association group ID, 0x53F0.
Signed-off-by: Samuel Cabrero <scabrero@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Initialize and shutdown the endpoint servers registed by the mdssd
daemon. The pidl-generated init function will register the
api_struct for backward compatibility until completely removed.
The common server exit routine will shutdown all registered endpoint
servers, and the pidl-generated shutdown function will unregister the
api_struct.
Signed-off-by: Samuel Cabrero <scabrero@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Initialize and shutdown the endpoint servers registed by the fssd
daemon. The pidl-generated init function will register the
api_struct for backward compatibility until completely removed.
The common server exit routine will shutdown all registered endpoint
servers, and the pidl-generated shutdown function will unregister the
api_struct.
Signed-off-by: Samuel Cabrero <scabrero@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Initialize and shutdown the endpoint servers registed by the lsasd
daemon. The pidl-generated init function will register the
api_struct for backward compatibility until completely removed.
The common server exit routine will shutdown all registered endpoint
servers, and the pidl-generated shutdown function will unregister the
api_struct.
Signed-off-by: Samuel Cabrero <scabrero@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Initialize and shutdown the endpoint servers registed by the endpoint
mapper daemon. The pidl-generated init function will register the
api_struct for backward compatibility until completely removed.
The common server exit routine will shutdown all registered endpoint
servers, and the pidl-generated shutdown function will unregister the
api_struct.
Signed-off-by: Samuel Cabrero <scabrero@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
The parent calls the setup function to register the endpoint server, as
it has to be registered to initialize the endpoints (create the sockets).
Delete the setup call from forker childs as it is already registered by
the parent.
Signed-off-by: Samuel Cabrero <scabrero@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
"make lcov" was failing with:
Processing file bin/default/<stdout>
genhtml: ERROR: cannot read ... <stdout>
Flex adds "#line nnn <stdout>" to the generated source, which then causes
issues with lcov. This commit adds a SAMBA_GENERATOR for es_lexer.l and
sparql_lexer.l that strips out the offending lines.
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Note that we're now sanitizing the username we got from the client, as we do
everywhere else.
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Harmonize _netr_DsRGetForestTrustInformation with source4/ logic which
didn't change since DCE RPC channel refactoring.
With the current code we return RPC faul as can be seen in the logs:
2019/12/11 17:12:55.463081, 1, pid=20939, effective(1284200000, 1284200000), real(1284200000, 0), class=rpc_parse] ../librpc/ndr/ndr.c:471(ndr_print_function_debug)
netr_DsRGetForestTrustInformation: struct netr_DsRGetForestTrustInformation
in: struct netr_DsRGetForestTrustInformation
server_name : *
server_name : '\\some-dc.example.com'
trusted_domain_name : NULL
flags : 0x00000000 (0)
[2019/12/11 17:12:55.463122, 4, pid=20939, effective(1284200000, 1284200000), real(1284200000, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1561(api_rpcTNP)
api_rpcTNP: fault(5) return.
This is due to this check in processing a request:
if (!(p->pipe_bound && (p->auth.auth_type != DCERPC_AUTH_TYPE_NONE)
&& (p->auth.auth_level != DCERPC_AUTH_LEVEL_NONE))) {
p->fault_state = DCERPC_FAULT_ACCESS_DENIED;
return WERR_ACCESS_DENIED;
}
and since we get AuthZ response,
Successful AuthZ: [netlogon,ncacn_np] user [EXAMPLE]\[admin] [S-1-5-21-1234567-890123456-500] at [Wed, 11 Dec 2019 17:12:55.461164 UTC]
Remote host [ipv4:Y.Y.Y.Y:59017] local host [ipv4:X.X.X.X:445]
[2019/12/11 17:12:55.461584, 4, pid=20939, effective(0, 0), real(0, 0)] ../lib/audit_logging/audit_logging.c:141(audit_log_json)
JSON Authorization: {"timestamp": "2019-12-11T17:12:55.461491+0000",
"type": "Authorization", "Authorization": {"version": {"major": 1, "minor": 1},
"localAddress": "ipv4:X.X.X.X:445", "remoteAddress": "ipv4:Y.Y.Y.Y:59017",
"serviceDescription": "netlogon", "authType": "ncacn_np",
"domain": "EXAMPLE", "account": "admin", "sid": "S-1-5-21-1234567-890123456-500",
"sessionId": "c5a2386f-f2cc-4241-9a9e-d104cf5859d5", "logonServer": "SOME-DC",
"transportProtection": "SMB", "accountFlags": "0x00000010"}}
this means we are actually getting anonymous DCE/RPC access to netlogon
on top of authenticated SMB connection. In such case we have exactly
auth_type set to DCERPC_AUTH_TYPE_NONE and auth_level set to
DCERPC_AUTH_LEVEL_NONE in the pipe->auth. Thus, returning an error.
Update the code to follow the same security level check as in s4 variant
of the call.
Signed-off-by: Alexander Bokovoy <ab@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
Autobuild-User(master): Günther Deschner <gd@samba.org>
Autobuild-Date(master): Mon Jan 13 15:05:28 UTC 2020 on sn-devel-184
