IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
We need to detach dcesrv_iface_state from dcesrv_assoc_group,
if dcesrv_assoc_group is free'ed first.
Typically this doesn't happen, but it does when
rpc_worker_connection_terminated explicitly calls
talloc_unlink(conn, conn->assoc_group)
and dcesrv_iface_state_store_conn() is used.
But we better do it in all assoc_group destructors.
==381007==ERROR: AddressSanitizer: heap-use-after-free on address 0x50d000004f80 at pc 0x7f15fc12e0ac bp 0x7ffe43267780 sp 0x7ffe43267778
READ of size 8 at 0x50d000004f80 thread T0
#0 0x7f15fc12e0ab in dcesrv_iface_state_destructor ../../librpc/rpc/dcesrv_handles.c:166
#1 0x7f15fc0f7d76 in _tc_free_internal ../../lib/talloc/talloc.c:1158
#2 0x7f15fc0f7acd in _tc_free_children_internal ../../lib/talloc/talloc.c:1669
#3 0x7f15fc0f7acd in _tc_free_internal ../../lib/talloc/talloc.c:1184
#4 0x7f15fc0f7acd in _tc_free_children_internal ../../lib/talloc/talloc.c:1669
#5 0x7f15fc0f7acd in _tc_free_internal ../../lib/talloc/talloc.c:1184
#6 0x7f15fc0f7acd in _tc_free_children_internal ../../lib/talloc/talloc.c:1669
#7 0x7f15fc0f7acd in _tc_free_internal ../../lib/talloc/talloc.c:1184
#8 0x7f15fc0f924c in _talloc_free_internal ../../lib/talloc/talloc.c:1248
#9 0x7f15fc0f924c in _talloc_free ../../lib/talloc/talloc.c:1792
#10 0x7f15fadac024 in ncacn_terminate_connection ../../source3/rpc_server/rpc_server.c:263
#11 0x7f15fadac024 in dcesrv_transport_terminate_connection ../../source3/rpc_server/rpc_server.c:251
#12 0x7f15fc11e5ef in dcesrv_terminate_connection ../../librpc/rpc/dcesrv_core.c:2968
#13 0x7f15fc125446 in dcesrv_read_fragment_done ../../librpc/rpc/dcesrv_core.c:3196
#14 0x7f15fb7dcae5 in _tevent_req_notify_callback ../../lib/tevent/tevent_req.c:177
#15 0x7f15fb7dcd1c in tevent_req_finish ../../lib/tevent/tevent_req.c:234
#16 0x7f15fb7dcdb7 in _tevent_req_error ../../lib/tevent/tevent_req.c:252
#17 0x7f15fb4f69a1 in _tevent_req_nterror ../../lib/util/tevent_ntstatus.c:46
#18 0x7f15fabda2f4 in dcerpc_read_ncacn_packet_done ../../librpc/rpc/dcerpc_util.c:612
#19 0x7f15fb7dcae5 in _tevent_req_notify_callback ../../lib/tevent/tevent_req.c:177
#20 0x7f15fb7dcd1c in tevent_req_finish ../../lib/tevent/tevent_req.c:234
#21 0x7f15fb7dcdb7 in _tevent_req_error ../../lib/tevent/tevent_req.c:252
#22 0x7f15fbff4228 in tstream_readv_pdu_readv_done ../../lib/tsocket/tsocket_helpers.c:313
#23 0x7f15fb7dcae5 in _tevent_req_notify_callback ../../lib/tevent/tevent_req.c:177
#24 0x7f15fb7dcd1c in tevent_req_finish ../../lib/tevent/tevent_req.c:234
#25 0x7f15fb7dcdb7 in _tevent_req_error ../../lib/tevent/tevent_req.c:252
#26 0x7f15fbff1800 in tstream_readv_done ../../lib/tsocket/tsocket.c:593
#27 0x7f15fb7dcae5 in _tevent_req_notify_callback ../../lib/tevent/tevent_req.c:177
#28 0x7f15fb7dcd1c in tevent_req_finish ../../lib/tevent/tevent_req.c:234
#29 0x7f15fb7dcdb7 in _tevent_req_error ../../lib/tevent/tevent_req.c:252
#30 0x7f15fadbc1a3 in tstream_npa_readv_msg_mode_handler ../../libcli/named_pipe_auth/npa_tstream.c:697
#31 0x7f15fb7dcae5 in _tevent_req_notify_callback ../../lib/tevent/tevent_req.c:177
#32 0x7f15fb7dcd1c in tevent_req_finish ../../lib/tevent/tevent_req.c:234
#33 0x7f15fb7dcdb7 in _tevent_req_error ../../lib/tevent/tevent_req.c:252
#34 0x7f15fbff4228 in tstream_readv_pdu_readv_done ../../lib/tsocket/tsocket_helpers.c:313
#35 0x7f15fb7dcae5 in _tevent_req_notify_callback ../../lib/tevent/tevent_req.c:177
#36 0x7f15fb7dcd1c in tevent_req_finish ../../lib/tevent/tevent_req.c:234
#37 0x7f15fb7dcdb7 in _tevent_req_error ../../lib/tevent/tevent_req.c:252
#38 0x7f15fbff1800 in tstream_readv_done ../../lib/tsocket/tsocket.c:593
#39 0x7f15fb7dcae5 in _tevent_req_notify_callback ../../lib/tevent/tevent_req.c:177
#40 0x7f15fb7dcd1c in tevent_req_finish ../../lib/tevent/tevent_req.c:234
#41 0x7f15fb7dcdb7 in _tevent_req_error ../../lib/tevent/tevent_req.c:252
#42 0x7f15fbff9691 in tstream_bsd_readv_handler ../../lib/tsocket/tsocket_bsd.c:2080
#43 0x7f15fbff6f85 in tstream_bsd_fde_handler ../../lib/tsocket/tsocket_bsd.c:1764
#44 0x7f15fb7d9ac1 in tevent_common_invoke_fd_handler ../../lib/tevent/tevent_fd.c:174
#45 0x7f15fb7ef185 in epoll_event_loop ../../lib/tevent/tevent_epoll.c:696
#46 0x7f15fb7ef185 in epoll_event_loop_once ../../lib/tevent/tevent_epoll.c:926
#47 0x7f15fb7e77b8 in std_event_loop_once ../../lib/tevent/tevent_standard.c:110
#48 0x7f15fb7d7549 in _tevent_loop_once ../../lib/tevent/tevent.c:820
#49 0x7f15fc936b7c in rpc_worker_main ../../source3/rpc_server/rpc_worker.c:1249
#50 0x5632ae1e1ec3 in main ../../source3/rpc_server/rpcd_lsad.c:132
#51 0x7f15f7c2a2ad in __libc_start_call_main ../sysdeps/nptl/libc_start_call_main.h:58
#52 0x7f15f7c2a378 in __libc_start_main_impl ../csu/libc-start.c:360
#53 0x5632ae162e64 in _start ../sysdeps/x86_64/start.S:115
0x50d000004f80 is located 112 bytes inside of 136-byte region [0x50d000004f10,0x50d000004f98)
freed by thread T0 here:
#0 0x7f15fcefb418 in free ../../../../libsanitizer/asan/asan_malloc_linux.cpp:52
#1 0x7f15fc0f857d in _tc_free_internal ../../lib/talloc/talloc.c:1222
#2 0x7f15fc0f8d0f in _talloc_free_internal ../../lib/talloc/talloc.c:1248
#3 0x7f15fc0f8d0f in talloc_unlink ../../lib/talloc/talloc.c:1473
#4 0x7f15fc934580 in rpc_worker_connection_terminated ../../source3/rpc_server/rpc_worker.c:143
#5 0x7f15fc9310bd in dcesrv_connection_destructor ../../source3/rpc_server/rpc_worker.c:175
#6 0x7f15fc0f7d76 in _tc_free_internal ../../lib/talloc/talloc.c:1158
#7 0x7f15fc0f7acd in _tc_free_children_internal ../../lib/talloc/talloc.c:1669
#8 0x7f15fc0f7acd in _tc_free_internal ../../lib/talloc/talloc.c:1184
#9 0x7f15fc0f924c in _talloc_free_internal ../../lib/talloc/talloc.c:1248
#10 0x7f15fc0f924c in _talloc_free ../../lib/talloc/talloc.c:1792
#11 0x7f15fadac024 in ncacn_terminate_connection ../../source3/rpc_server/rpc_server.c:263
#12 0x7f15fadac024 in dcesrv_transport_terminate_connection ../../source3/rpc_server/rpc_server.c:251
#13 0x7f15fc11e5ef in dcesrv_terminate_connection ../../librpc/rpc/dcesrv_core.c:2968
#14 0x7f15fc125446 in dcesrv_read_fragment_done ../../librpc/rpc/dcesrv_core.c:3196
#15 0x7f15fb7dcae5 in _tevent_req_notify_callback ../../lib/tevent/tevent_req.c:177
#16 0x7f15fb7dcd1c in tevent_req_finish ../../lib/tevent/tevent_req.c:234
#17 0x7f15fb7dcdb7 in _tevent_req_error ../../lib/tevent/tevent_req.c:252
#18 0x7f15fb4f69a1 in _tevent_req_nterror ../../lib/util/tevent_ntstatus.c:46
#19 0x7f15fabda2f4 in dcerpc_read_ncacn_packet_done ../../librpc/rpc/dcerpc_util.c:612
#20 0x7f15fb7dcae5 in _tevent_req_notify_callback ../../lib/tevent/tevent_req.c:177
#21 0x7f15fb7dcd1c in tevent_req_finish ../../lib/tevent/tevent_req.c:234
#22 0x7f15fb7dcdb7 in _tevent_req_error ../../lib/tevent/tevent_req.c:252
#23 0x7f15fbff4228 in tstream_readv_pdu_readv_done ../../lib/tsocket/tsocket_helpers.c:313
#24 0x7f15fb7dcae5 in _tevent_req_notify_callback ../../lib/tevent/tevent_req.c:177
#25 0x7f15fb7dcd1c in tevent_req_finish ../../lib/tevent/tevent_req.c:234
#26 0x7f15fb7dcdb7 in _tevent_req_error ../../lib/tevent/tevent_req.c:252
#27 0x7f15fbff1800 in tstream_readv_done ../../lib/tsocket/tsocket.c:593
#28 0x7f15fb7dcae5 in _tevent_req_notify_callback ../../lib/tevent/tevent_req.c:177
#29 0x7f15fb7dcd1c in tevent_req_finish ../../lib/tevent/tevent_req.c:234
#30 0x7f15fb7dcdb7 in _tevent_req_error ../../lib/tevent/tevent_req.c:252
#31 0x7f15fadbc1a3 in tstream_npa_readv_msg_mode_handler ../../libcli/named_pipe_auth/npa_tstream.c:697
#32 0x7f15fb7dcae5 in _tevent_req_notify_callback ../../lib/tevent/tevent_req.c:177
#33 0x7f15fb7dcd1c in tevent_req_finish ../../lib/tevent/tevent_req.c:234
previously allocated by thread T0 here:
#0 0x7f15fcefc777 in malloc ../../../../libsanitizer/asan/asan_malloc_linux.cpp:69
#1 0x7f15fc0fbc57 in __talloc_with_prefix ../../lib/talloc/talloc.c:783
#2 0x7f15fc0fd8cf in __talloc ../../lib/talloc/talloc.c:825
#3 0x7f15fc0fd8cf in _talloc_named_const ../../lib/talloc/talloc.c:982
#4 0x7f15fc0fd8cf in _talloc_zero ../../lib/talloc/talloc.c:2421
#5 0x7f15fc93156e in rpc_worker_assoc_group_new ../../source3/rpc_server/rpc_worker.c:681
#6 0x7f15fc93156e in rpc_worker_assoc_group_find ../../source3/rpc_server/rpc_worker.c:730
#7 0x7f15fc120a18 in dcesrv_bind ../../librpc/rpc/dcesrv_core.c:1158
#8 0x7f15fc120a18 in dcesrv_process_ncacn_packet ../../librpc/rpc/dcesrv_core.c:2324
#9 0x7f15fc120a18 in dcesrv_loop_next_packet ../../librpc/rpc/dcesrv_core.c:3222
#10 0x7f15fc933722 in rpc_worker_new_client ../../source3/rpc_server/rpc_worker.c:489
#11 0x7f15fc933722 in rpc_worker_new_client_filter ../../source3/rpc_server/rpc_worker.c:558
#12 0x7f15fbef95ca in messaging_dispatch_waiters ../../source3/lib/messages.c:1343
#13 0x7f15fbefb589 in messaging_dispatch_rec ../../source3/lib/messages.c:1371
#14 0x7f15fbefb589 in messaging_recv_cb ../../source3/lib/messages.c:431
#15 0x7f15faddba9e in msg_dgm_ref_recv ../../lib/messaging/messages_dgm_ref.c:144
#16 0x7f15fadd6cc3 in messaging_dgm_recv ../../lib/messaging/messages_dgm.c:1426
#17 0x7f15fadd7618 in messaging_dgm_read_handler ../../lib/messaging/messages_dgm.c:1316
#18 0x7f15fb7d9ac1 in tevent_common_invoke_fd_handler ../../lib/tevent/tevent_fd.c:174
#19 0x7f15fb7ef185 in epoll_event_loop ../../lib/tevent/tevent_epoll.c:696
#20 0x7f15fb7ef185 in epoll_event_loop_once ../../lib/tevent/tevent_epoll.c:926
#21 0x7f15fb7e77b8 in std_event_loop_once ../../lib/tevent/tevent_standard.c:110
#22 0x7f15fb7d7549 in _tevent_loop_once ../../lib/tevent/tevent.c:820
#23 0x7f15fc936b7c in rpc_worker_main ../../source3/rpc_server/rpc_worker.c:1249
#24 0x5632ae1e1ec3 in main ../../source3/rpc_server/rpcd_lsad.c:132
#25 0x7f15f7c2a2ad in __libc_start_call_main ../sysdeps/nptl/libc_start_call_main.h:58
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15765
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
No need to recompile the world when only a few files need this.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
To be used in smbXsrv_open.c, for this we need a lower bound.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
This makes it clear that our internal representation of a rpc client
connection in the source3/ server is struct dcerpc_ncacn_conn and that
struct pipes_struct is only around for API compatibility with the
existing server stubs.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
This was the only user, and as we have another custom version in
winbind with make_internal_ncacn_conn(), I think this is not really
required to keep around as a separate function.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
This is the big switch to use samba-dcerpcd for the RPC services in
source3/. It is a pretty big and unordered patch, but I don't see a
good way to split this up into more manageable pieces without
sacrificing bisectability even more. Probably I could cut out a few
small ones, but a major architechtural switch like this will always be
messy.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Samuel Cabrero <scabrero@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Eventually, this new mechanism might replace the ncalrpc_as_system mechanism: I
think with this we're much more flexible and even more secure: We rely on the
direct permissions on "np/" and don't have to pretend that the local client
came from a file on /root. We are more flexible because with this mechanism we
can easily fake arbitrary tokens and play with session keys.
However, this would require that the source4 librpc code needs to learn about
this mechanism, which I was not able to complete.
The source3 rpc_server side of this will go away soon, so for now only
allow NCACN_NP there. The check in source4 will stay with us for a
while, so allow NCACN_NP and NCALRPC to be set remotely here. With
NCACN_NP (the case for a client to connect on a named pipe), protect
against accidentially connecting as system.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Right now a new association group is created for each connection
assigning the legacy 0x53F0 id, but it is not stored anywhere. When a
second client request to join an association group by its id it is not
found and a new one is created with the same ID.
In practise, it means the association groups are not working even in the
same server process.
This commit stores the created association group in the idtree, but to
make use of it assigns a random id instead of the historical 0x53F0.
The test assoc_group_ok2 was wrongly passing before this change because
the same id 0x53F0 was assigned to all association groups.
Signed-off-by: Samuel Cabrero <scabrero@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
If the client requests to join to an association group in the bind operation
try to find it and do not create a new one.
Signed-off-by: Samuel Cabrero <scabrero@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Callers might want the full picture. We need to make
named_pipe_auth_req_info4 public for that.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Not used right now, but we should never have callbacks without a
"private_data" pointer. Some of the callbacks could even today benefit
from this.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
dcesrv_create_ncacn_ip_tcp_sockets() already was there, move the rest
as well. This makes dcesrv_create_ncacn_np_socket() static to
rpc_sock_helper.c.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
These are all just stream sockets, being taken care of by
dcesrv_setup_ncacn_listener()
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Samuel Cabrero <scabrero@samba.org>
Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Thu Jan 14 14:35:58 UTC 2021 on sn-devel-184
This is supposed to replace the protocol-specific dcerpc_setup_*
functions. They are all very similar except the way to create the
socket file descriptor. By handing out the anonymous structure
"listen_state" for an error path the listener tevent_fd structs can be
cancelled individually or handed over to other talloc parents.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Samuel Cabrero <scabrero@samba.org>
All ncacn_ip_tcp listener sockets are created via
dcesrv_create_ncacn_ip_tcp_socket(). Moving setting the socket options
out of dcesrv_setup_ncacn_ip_tcp_socket() to remove a special case for
TCP from the dcesrv_setup_* family of routines.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Samuel Cabrero <scabrero@samba.org>
dcerpc_ncacn_accept() talloc_move's the addresses away from the
caller's talloc hierarchy. Don't leave pointers around in the caller.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Samuel Cabrero <scabrero@samba.org>
This commit finally switches the RPC server implementation.
At the same we have to do other related changes to keep code compiling
and test environments running.
First avoid moving the session_info into the allocated pipes_struct memory
context as it is owned now by the core RPC server, and the s3compat pidl
compiler will update the pipes_struct session_info before dispatching
the call with dcesrv_call->auth_state->session_info.
Also, fix a segfault in the endpoint mapper daemon when it tries to delete
the endpoints previously registered over a NCALRPC connection.
If we have:
rpc_server : epmapper = external
rpc_server : lsarpc = external
rpc_daemon : epmd = fork
rpc_daemon : lsasd = fork
The sequence is:
* The endpoint mapper starts (start_epmd in source3/smbd/server.c)
* The lsarpc daemon starts (start_lsasd in source3/smbd/server.c)
* The lsarpc daemon creates the sockets and registers its endpoints
(rpc_ep_register in source3/rpc_server/lsasd.c)
* The endpoint registration code opens a NCALRPC connection to the
endpoint mapper daemon (ep_register in source3/librpc/rpc/dcerpc_ep.c)
and keeps it open to re-register if the endpoint mapper daemon dies
(rpc_ep_register_loop in source3/rpc_server/rpc_ep_register.c)
* When the endpoint mapper daemon accepts a NCALRPC connection it sets a
termination function (srv_epmapper_delete_endpoints)
* Suppose the lsarpc daemon exits. The NCALRPC connection termination
function is called.
* The termination function tries to delete all endpoints registered by that
connection by calling _epm_Delete
* _epm_Delete calls is_privileged_pipe which access to
pipes_struct->session_info.
As the call to _epm_Delete occurs outside of the PIDL generated code,
the pipes_stuct->session_info is NULL. This commit also sets
pipes_struct->session_info from the dcerpc_connection before calling
_epm_Delete. As the core rpc server supports security context multiplexing we
need to pass the dcesrv_connection to the termination function and let the
implementation pick a auth context. In the case of the endpoint mapper
the termination function has to pick one of type NCALRPC_AS_SYSTEM to
check if the connection is privileged and delete the endpoints
registered by the connection being closed.
Finally, the samba.tests.dcerpc.raw_protocol testsuite passes against
the ad_member environment.
Signed-off-by: Samuel Cabrero <scabrero@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Get the dcesrv_context from parent context and use it to search the
endpoint serving the named pipe. Once we have the endpoint pass it to
the make_internal_rpc_pipe_socketpair function.
Signed-off-by: Samuel Cabrero <scabrero@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
If smbd and samba processes use DEFAULT as socket name they will race to
accept the NCALRPC connections.
Signed-off-by: Samuel Cabrero <scabrero@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
The listener is created in the endpoint memory context. If the endpoint
is freed, the listener will be freed too and the socket closed.
Signed-off-by: Samuel Cabrero <scabrero@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Keep the s3 server behaviour for now and return always the same
association group ID, 0x53F0.
Signed-off-by: Samuel Cabrero <scabrero@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
These functions are used by endpoint mapper to delete the endpoints
when a NCALRPC connection from an external daemon is lost and by
preforked childs to accept the next client as soon as the current
connection terminates. We can use the same function for both purposes.
Signed-off-by: Samuel Cabrero <scabrero@suse.de>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Now NCACN_NP connections run the same loop as NCACN_IP_TCP and NCALRPC
connections.
Signed-off-by: Samuel Cabrero <scabrero@suse.de>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Check if the supplied tsocket_address is valid before changing the
talloc chunk parent to the ncacn_conn struct.
Signed-off-by: Samuel Cabrero <scabrero@suse.de>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
