1
0
mirror of https://github.com/samba-team/samba.git synced 2024-12-22 13:34:15 +03:00
Commit Graph

404 Commits

Author SHA1 Message Date
Stefan Metzmacher
7e6f830d9d s4:rpc_server: make use of tstream_bsd_fail_readv_first_error(true)
This avoids doing useless work in case the client connection
is already broken.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-10-24 09:36:38 +00:00
Stefan Metzmacher
40e780ad16 dcesrv_core: maintain the number of allocated association groups per dce_ctx
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-10-17 19:20:38 +00:00
Joseph Sutton
d175550162 s4:rpc_server: Fix code spelling
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-08-14 04:57:34 +00:00
Joseph Sutton
68bf480b9c s4:rpc_server: Add missing newlines to logging messages
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-08-08 04:39:38 +00:00
Joseph Sutton
ca9d27ae99 auth: Add functionality to log client and server policy information
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-06-25 23:29:32 +00:00
Volker Lendecke
b73ecb28a7 lib: Remove idtree from samba_util.h
No need to recompile the world when only a few files need this.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2023-01-10 00:28:37 +00:00
Volker Lendecke
43f041de65 lib: Add "starting_id" to idr_get_new_random()
To be used in smbXsrv_open.c, for this we need a lower bound.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2023-01-10 00:28:37 +00:00
Samuel Cabrero
68096b5615 s4:rpc_server: Fix duplicated function name between s3 and s4
It can lead to link errors:

/usr/lib64/gcc/x86_64-suse-linux/11/../../../../x86_64-suse-linux/bin/ld: source3/rpc_server/rpc_server.c.24.o: in function `dcesrv_transport_terminate_connection':
/home/scabrero/workspace/samba/samba/bin/default/../../source3/rpc_server/rpc_server.c:242: multiple definition of `dcesrv_transport_terminate_connection'; source4/rpc_server/dcerpc_server.c.5.o:/home/scabrero/workspace/samba/samba/bin/default/../../source4/rpc_server/dcerpc_server.c:710: first defined here

Signed-off-by: Samuel Cabrero <scabrero@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2022-04-08 20:13:37 +00:00
Samuel Cabrero
e0fadfd0d8 s4:rpc_server: Fix duplicated function name between s3 and s4
It can lead to link errors:

/usr/lib64/gcc/x86_64-suse-linux/11/../../../../x86_64-suse-linux/bin/ld: source3/rpc_server/rpc_server.c.24.o: in function `dcesrv_assoc_group_find':
/home/scabrero/workspace/samba/samba/bin/default/../../source3/rpc_server/rpc_server.c:229: multiple definition of `dcesrv_assoc_group_find'; source4/rpc_server/dcerpc_server.c.5.o:/home/scabrero/workspace/samba/samba/bin/default/../../source4/rpc_server/dcerpc_server.c:121: first defined here

Signed-off-by: Samuel Cabrero <scabrero@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2022-04-08 20:13:37 +00:00
Andreas Schneider
a00726593c s4:rpc_server: Set Kerberos to desired
This is required for ncalrpc_as_system to work. In FIPS enabled mode,
'client use kerberos' is forced to required. We need to allow
non-kerberos use for ncalrpc_as_system here.

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2021-04-28 03:43:34 +00:00
Volker Lendecke
403eabe4fc librpc: Add "private_data" to struct dcesrv_context_callbacks
Not used right now, but we should never have callbacks without a
"private_data" pointer. Some of the callbacks could even today benefit
from this.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2021-03-16 17:09:31 +00:00
Volker Lendecke
d6c3faa188 rpc_server: Fix a typo
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2021-01-22 19:54:37 +00:00
Ralph Boehme
4142bde7e5 s4: rename source4/smbd/ to source4/samba/
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Fri Nov 27 10:07:18 UTC 2020 on sn-devel-184
2020-11-27 10:07:18 +00:00
Andreas Schneider
6c94ebf77f s4:rpc_server: Use cli_credentials_init_server()
Signed-off-by: Andreas Schneider <asn@samba.org>
2020-09-07 12:02:15 +00:00
Samuel Cabrero
6a6546b565 librpc:core: Allocate struct dcesrv_interface with talloc
The S3 implementation needs to reinit the dcesrv_context and free the
endpoints list with their registered interfaces.

Signed-off-by: Samuel Cabrero <scabrero@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2019-10-18 16:07:37 +00:00
Samuel Cabrero
491102b5b2 s4:rpc_server: Move core functions to core library
Signed-off-by: Samuel Cabrero <scabrero@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2019-10-18 16:07:37 +00:00
Samuel Cabrero
480dd6163b s4:rpc_server: Make functions public
These functions will be moved to core dcerpc library and called from
s4 and s3 implementations.

Signed-off-by: Samuel Cabrero <scabrero@suse.de>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2019-10-18 16:07:37 +00:00
Samuel Cabrero
0523f0b4d2 s4:rpc_server: Add public function dcesrv_connection_loop_start
This function starts the server loop and will be called from s3 and s4
implementations.

Signed-off-by: Samuel Cabrero <scabrero@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2019-10-18 16:07:37 +00:00
Samuel Cabrero
85de73354d s4:rpc_server: Add transport termination function pointer
As the dcesrv_terminate_connection function will be moved to the shared
rpc server core library, hide the stream_terminate_connection call behind
a function pointer.

The s3 implementation will define its own termination function.

Signed-off-by: Samuel Cabrero <scabrero@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2019-10-18 16:07:37 +00:00
Samuel Cabrero
55ad4ae7ff s4:rpc_server: Find association groups through context callbacks
Split the association group management from the server code, the s3 and
s4 implementation will handle differently.

Signed-off-by: Samuel Cabrero <scabrero@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2019-10-18 16:07:37 +00:00
Samuel Cabrero
b0ecc8ef55 s4:rpc_server: inline the dcesrv_assoc_group_find function
Signed-off-by: Samuel Cabrero <scabrero@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2019-10-18 16:07:37 +00:00
Samuel Cabrero
6fe23fa071 s4:rpc_server: Hide gensec prepare behind function pointer
This function will be different for s3 and s4

Signed-off-by: Samuel Cabrero <scabrero@suse.de>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2019-10-18 16:07:36 +00:00
Samuel Cabrero
bf09771953 s4:rpc_server: Add dcesrv_context_callbacks to dcesrv_context
Add a new struct dcesrv_context_callbacks in dcesrv_context to hold pointers
to functions whose implementation will differ between S3 and S4.

The log_successful_dcesrv_authz_event implementation will differ as it
requires an imessaging_context.

Signed-off-by: Samuel Cabrero <scabrero@suse.de>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2019-10-18 16:07:36 +00:00
Samuel Cabrero
6fcf8038e4 s4:rpc_server: Do not include s4 librpc headers in dcerpc core
Signed-off-by: Samuel Cabrero <scabrero@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2019-10-18 16:07:36 +00:00
Samuel Cabrero
b6c8afa98c s4:librpc: Rename ncacn_push_auth to dcerpc_ncacn_push_auth
Next commit will move this function to common librpc

Signed-off-by: Samuel Cabrero <scabrero@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2019-10-18 16:07:36 +00:00
Samuel Cabrero
83def9a945 s4:rpc_server: Split dcerpc_generic_session_key for server and client
Split the common bits of dcerpc_generic_session_key to librpc and rename
client the specific part to dcecli_generic_session_key.

Signed-off-by: Samuel Cabrero <scabrero@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2019-10-18 16:07:36 +00:00
Samuel Cabrero
f402b937f4 s4:rpc_server: Remove server_id from dcerpc core structs
Add a helper function to retrieve it from the stream connection.

Signed-off-by: Samuel Cabrero <scabrero@suse.de>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2019-10-18 16:07:36 +00:00
Samuel Cabrero
3d7167f4f4 s4:rpc_server: Remove imessaging_context from dcerpc core structs
Add a helper function to retrieve the imessaging_context from the
stream connection.

Signed-off-by: Samuel Cabrero <scabrero@suse.de>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2019-10-18 16:07:36 +00:00
Samuel Cabrero
4d7a916189 s4:rpc_server: Cleanup includes
Signed-off-by: Samuel Cabrero <scabrero@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2019-10-18 16:07:36 +00:00
Samuel Cabrero
d572219e1b s4:rpc_server: Fix debug string printing duplicated function name
Signed-off-by: Samuel Cabrero <scabrero@suse.de>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2019-10-18 16:07:35 +00:00
Björn Baumbach
3378a561ef s4:rpc_server: add missing newline to error debug message
Signed-off-by: Björn Baumbach <bb@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Wed Apr  3 00:13:10 UTC 2019 on sn-devel-144
2019-04-03 00:13:10 +00:00
Stefan Metzmacher
7bc6ec81c8 s4:rpc_server: implement security context multiplexing
There're some systems like Cisco ISE use security multiplexing
without checking (via bind time feature negotiation)
the server supports it.

Others like VMWare View, fallback to NT4 style netlogon
connections without using netlogon secure channel,
which then triggers an error, with "server schannel = yes",
see https://bugzilla.samba.org/show_bug.cgi?id=13464.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=7113
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11892

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2019-01-12 03:13:41 +01:00
Stefan Metzmacher
98d5872293 s4:rpc_server: make it possible to specify ncacn_np_secondary_endpoint
Even a connect to \\pipe\lsarpc should return a secondary_address
of '\\pipe\\lsass'. But that will be implemented in a following commit.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=7113
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11892

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2019-01-12 03:13:41 +01:00
Stefan Metzmacher
b3659fb52d s4:rpc_server: only share assoc group ids on the same transport
BUG: https://bugzilla.samba.org/show_bug.cgi?id=7113
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11892

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2019-01-12 03:13:41 +01:00
Stefan Metzmacher
c192dc1c9d s4:rpc_server: don't replace '\\pipe\\' with '\\PIPE\\'
This is not what Windows returns (at least for \\pipe\lsass).

BUG: https://bugzilla.samba.org/show_bug.cgi?id=7113
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11892

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2019-01-12 03:13:40 +01:00
Stefan Metzmacher
975e8e1f25 s4:rpc_server: fix DCERPC_PFC_FLAG_SUPPORT_HEADER_SIGN negotiation to match Windows
BUG: https://bugzilla.samba.org/show_bug.cgi?id=7113
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11892

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2019-01-12 03:13:40 +01:00
Stefan Metzmacher
6f53c99372 s4:rpc_server: SMB_ASSERT(auth->auth_finished); in order to get auth details
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2019-01-12 03:13:39 +01:00
Stefan Metzmacher
e9eb8e6a44 s4:rpc_server: only pass context to op_bind() hooks
BUG: https://bugzilla.samba.org/show_bug.cgi?id=7113
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11892

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2019-01-12 03:13:39 +01:00
Stefan Metzmacher
70b00c7567 s4:rpc_server: only use context within op_bind() hooks and dcesrv_interface_bind_*() functions
BUG: https://bugzilla.samba.org/show_bug.cgi?id=7113
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11892

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2019-01-12 03:13:39 +01:00
Stefan Metzmacher
28f4cb442c s4:rpc_server: remove unused dcesrv_connection_context->private_date
dcesrv_iface_state_{create,find}_{assoc,conn}() should be used instead.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=7113
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11892

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2019-01-12 03:13:39 +01:00
Stefan Metzmacher
38e0c06abc s4:rpc_server: move bind_time_features to dcesrv_assoc_group
BUG: https://bugzilla.samba.org/show_bug.cgi?id=7113
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11892

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2019-01-12 03:13:37 +01:00
Stefan Metzmacher
d8293acdb4 s4:rpc_server: replace dce_conn->allow_request with auth->auth_finished
They both had the same lifetime and the disconnect case is now
caught by auth->auth_invalid = true.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=7113
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11892

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2019-01-12 03:13:37 +01:00
Stefan Metzmacher
13e52cc929 s4:rpc_server: replace dce_conn->allow_auth3 with auth->auth_started
auth3 is allowed if auth_started is true and auth_finished is false.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=7113
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11892

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2019-01-12 03:13:37 +01:00
Stefan Metzmacher
0191516efc s4:rpc_server: set auth_invalid = true on disconnect
BUG: https://bugzilla.samba.org/show_bug.cgi?id=7113
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11892

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2019-01-12 03:13:37 +01:00
Stefan Metzmacher
e2a05c3ad8 s4:rpc_server: allocate struct dcesrv_auth with talloc
BUG: https://bugzilla.samba.org/show_bug.cgi?id=7113
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11892

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2019-01-12 03:13:37 +01:00
Stefan Metzmacher
5802161258 s4:rpc_server: make use of dcesrv_call_state->auth_state in dcerpc_server.c
BUG: https://bugzilla.samba.org/show_bug.cgi?id=7113
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11892

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2019-01-12 03:13:36 +01:00
Stefan Metzmacher
9a3ea90cc5 s4:rpc_server: introduce dcesrv_call_state->auth_state
BUG: https://bugzilla.samba.org/show_bug.cgi?id=7113
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11892

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2019-01-12 03:13:36 +01:00
Stefan Metzmacher
93ae817a02 s4:rpc_server: use helper variables to access 'struct dcesrv_auth' in dcerpc_server.c
BUG: https://bugzilla.samba.org/show_bug.cgi?id=7113
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11892

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2019-01-12 03:13:36 +01:00
Stefan Metzmacher
62d45e16e0 s4:rpc_server: add dcesrv_call_auth_info()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=7113
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11892

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2019-01-12 03:13:35 +01:00
Stefan Metzmacher
ace0672968 s4:rpc_server: merge dcesrv_fetch_session_key() into dcesrv_transport_session_key()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=7113
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11892

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2019-01-12 03:13:34 +01:00