samba-mirror

mirror of https://github.com/samba-team/samba.git synced 2025-01-14 19:24:43 +03:00

Author	SHA1	Message	Date
Stefan Metzmacher	7d8edcc241	s4:rpc_server: generate the correct error when we got an invalid auth_pad_length on BIND,ALTER,AUTH3 BUG: https://bugzilla.samba.org/show_bug.cgi?id=11982 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org>	2016-06-24 14:09:02 +02:00
Stefan Metzmacher	f360f47363	s4:rpc_server: remove unused dcesrv_connection_context->assoc_group Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Günther Deschner <gd@samba.org>	2016-06-24 14:09:01 +02:00
Stefan Metzmacher	9f3bdc8cca	s4:rpc_server: context_id fields of presentation contexts are just 16bit Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Günther Deschner <gd@samba.org>	2016-06-24 14:09:01 +02:00
Stefan Metzmacher	3f36d31c84	s4:rpc_server: use a variable for the max total reassembled request payload We still use the same limit of 4 MByte (DCERPC_NCACN_REQUEST_DEFAULT_MAX_SIZE) by default. BUG: https://bugzilla.samba.org/show_bug.cgi?id=11948 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Autobuild-User(master): Andrew Bartlett <abartlet@samba.org> Autobuild-Date(master): Thu Jun 23 04:51:16 CEST 2016 on sn-devel-144	2016-06-23 04:51:16 +02:00
Volker Lendecke	f5e95af59b	rpc_server: Fix CID 1362565 Improper use of negative value Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Michael Adam <obnox@samba.org>	2016-06-07 14:34:11 +02:00
Stefan Metzmacher	c0f3f308da	CVE-2015-5370: s4:rpc_server: reject DCERPC_PFC_FLAG_PENDING_CANCEL with DCERPC_FAULT_NO_CALL_ACTIVE BUG: https://bugzilla.samba.org/show_bug.cgi?id=11344 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Günther Deschner <gd@samba.org>	2016-04-12 19:25:31 +02:00
Stefan Metzmacher	0b1656199a	CVE-2015-5370: s4:rpc_server: the assoc_group is relative to the connection (association) All presentation contexts of a connection use the same association group. BUG: https://bugzilla.samba.org/show_bug.cgi?id=11344 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Günther Deschner <gd@samba.org>	2016-04-12 19:25:31 +02:00
Stefan Metzmacher	ad6a5cfd2d	CVE-2015-5370: s4:rpc_server: only allow one fragmented call_id at a time It's a protocol error if the client doesn't send all fragments of a request in one go. BUG: https://bugzilla.samba.org/show_bug.cgi?id=11344 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Günther Deschner <gd@samba.org>	2016-04-12 19:25:31 +02:00
Stefan Metzmacher	4b6197f08c	CVE-2015-5370: s4:rpc_server: limit allocation and alloc_hint to 4 MByte BUG: https://bugzilla.samba.org/show_bug.cgi?id=11344 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Günther Deschner <gd@samba.org>	2016-04-12 19:25:30 +02:00
Stefan Metzmacher	6b5144c204	CVE-2015-5370: s4:rpc_server: check frag_length for requests Note this is not the negotiated fragment size, but a hardcoded maximum. BUG: https://bugzilla.samba.org/show_bug.cgi?id=11344 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Günther Deschner <gd@samba.org>	2016-04-12 19:25:30 +02:00
Stefan Metzmacher	aef225aaca	CVE-2015-5370: s4:rpc_server: give the correct reject reasons for invalid auth_level values BUG: https://bugzilla.samba.org/show_bug.cgi?id=11344 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Günther Deschner <gd@samba.org>	2016-04-12 19:25:30 +02:00
Stefan Metzmacher	818e09fff2	CVE-2015-5370: s4:rpc_server: disconnect after a failing dcesrv_auth_request() BUG: https://bugzilla.samba.org/show_bug.cgi?id=11344 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Günther Deschner <gd@samba.org>	2016-04-12 19:25:30 +02:00
Stefan Metzmacher	a30eee5745	CVE-2015-5370: s4:rpc_server: let a failing auth3 mark the authentication as invalid Following requests will generate a fault with ACCESS_DENIED. BUG: https://bugzilla.samba.org/show_bug.cgi?id=11344 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Günther Deschner <gd@samba.org>	2016-04-12 19:25:30 +02:00
Stefan Metzmacher	04e92459a4	CVE-2015-5370: s4:rpc_server: failing authentication should generate a SEC_PKG_ERROR BUG: https://bugzilla.samba.org/show_bug.cgi?id=11344 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Günther Deschner <gd@samba.org>	2016-04-12 19:25:30 +02:00
Stefan Metzmacher	ed066b6ca4	CVE-2015-5370: s4:rpc_server: fix the order of error checking in dcesrv_alter() The basically matches Windows 2012R2, it's not 100% but it's enough for our raw protocol tests to pass. BUG: https://bugzilla.samba.org/show_bug.cgi?id=11344 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Günther Deschner <gd@samba.org>	2016-04-12 19:25:30 +02:00
Stefan Metzmacher	1f7dc721e7	CVE-2015-5370: s4:rpc_server: changing an existing presentation context via alter_context is a protocol error BUG: https://bugzilla.samba.org/show_bug.cgi?id=11344 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Günther Deschner <gd@samba.org>	2016-04-12 19:25:30 +02:00
Stefan Metzmacher	f2dbb1c8b6	CVE-2015-5370: s4:rpc_server: don't derefence an empty ctx_list array in dcesrv_alter() BUG: https://bugzilla.samba.org/show_bug.cgi?id=11344 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Günther Deschner <gd@samba.org>	2016-04-12 19:25:30 +02:00
Stefan Metzmacher	909538c885	CVE-2015-5370: s4:rpc_server: remove pointless dcesrv_find_context() from dcesrv_bind() BIND is the first pdu, which means the list of contexts is always empty. BUG: https://bugzilla.samba.org/show_bug.cgi?id=11344 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Günther Deschner <gd@samba.org>	2016-04-12 19:25:30 +02:00
Stefan Metzmacher	57afdaa79b	CVE-2015-5370: s4:rpc_server: let invalid request fragments disconnect the connection with a protocol error BUG: https://bugzilla.samba.org/show_bug.cgi?id=11344 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Günther Deschner <gd@samba.org>	2016-04-12 19:25:30 +02:00
Stefan Metzmacher	cb8e2abe52	CVE-2015-5370: s4:rpc_server: maintain in and out struct dcerpc_auth per dcesrv_call_state We should not use one "global" per connection variable to hold the incoming and outgoing auth_info. BUG: https://bugzilla.samba.org/show_bug.cgi?id=11344 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Günther Deschner <gd@samba.org>	2016-04-12 19:25:30 +02:00
Stefan Metzmacher	0ba1b1867c	CVE-2015-5370: s4:rpc_server: ensure that the message ordering doesn't violate the spec The first pdu is always a BIND. REQUEST pdus are only allowed once the authentication is finished. A simple anonymous authentication is finished after the BIND. Real authentication may need additional ALTER or AUTH3 exchanges. BUG: https://bugzilla.samba.org/show_bug.cgi?id=11344 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Günther Deschner <gd@samba.org>	2016-04-12 19:25:30 +02:00
Stefan Metzmacher	c0d74ca7af	CVE-2015-5370: s4:rpc_server: verify the protocol headers before processing pdus On protocol errors we should send BIND_NAK or FAULT and mark the connection as to be terminated. BUG: https://bugzilla.samba.org/show_bug.cgi?id=11344 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Günther Deschner <gd@samba.org>	2016-04-12 19:25:30 +02:00
Stefan Metzmacher	caa1e75661	CVE-2015-5370: s4:rpc_server: add infrastructure to terminate a connection after a response BIND_NAK or FAULT may mark a connection as to be terminated. BUG: https://bugzilla.samba.org/show_bug.cgi?id=11344 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Günther Deschner <gd@samba.org>	2016-04-12 19:25:30 +02:00
Stefan Metzmacher	57b07589e7	CVE-2015-5370: s4:rpc_server: make dcesrv_process_ncacn_packet() static BUG: https://bugzilla.samba.org/show_bug.cgi?id=11344 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Günther Deschner <gd@samba.org>	2016-04-12 19:25:30 +02:00
Stefan Metzmacher	3c6fef3aa5	CVE-2015-5370: s4:rpc_server: return the correct secondary_address in dcesrv_bind() For now we still force \\PIPE\\ in upper case, we may be able to remove this and change it in our idl files later. But for now we better behave like a windows server without changing too much. BUG: https://bugzilla.samba.org/show_bug.cgi?id=11344 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Günther Deschner <gd@samba.org>	2016-04-12 19:25:30 +02:00
Stefan Metzmacher	7bde997594	CVE-2015-5370: s4:rpc_server: add some padding to dcesrv_bind_nak() responses This matches Windows 2012R2. BUG: https://bugzilla.samba.org/show_bug.cgi?id=11344 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Günther Deschner <gd@samba.org>	2016-04-12 19:25:30 +02:00
Stefan Metzmacher	e6f6b4be9a	CVE-2015-5370: s4:rpc_server: correctly maintain dcesrv_connection->max_{recv,xmit}_frag These values are controlled by the client but only in a range between 2048 and 5840 (including these values in 8 byte steps). recv and xmit result always in same min value. BUG: https://bugzilla.samba.org/show_bug.cgi?id=11344 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Günther Deschner <gd@samba.org>	2016-04-12 19:25:29 +02:00
Stefan Metzmacher	06b9c93d39	CVE-2015-5370: s4:rpc_server: make use of dce_call->conn->auth_state.auth_* in dcesrv_request() BUG: https://bugzilla.samba.org/show_bug.cgi?id=11344 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Günther Deschner <gd@samba.org>	2016-04-12 19:25:29 +02:00
Stefan Metzmacher	2396086678	CVE-2015-5370: s4:rpc_server: make use of talloc_zero() BUG: https://bugzilla.samba.org/show_bug.cgi?id=11344 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Günther Deschner <gd@samba.org>	2016-04-12 19:25:29 +02:00
Stefan Metzmacher	991dddd06d	CVE-2016-2118: s4:rpc_server: make use of "allow dcerpc auth level connect" With this option turned off we only allow DCERPC_AUTH_LEVEL_{NONE,INTEGRITY,PRIVACY}, this means the reject any request with AUTH_LEVEL_CONNECT with ACCESS_DENIED. We sadly need to keep this enabled by default for now. BUG: https://bugzilla.samba.org/show_bug.cgi?id=11616 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Günther Deschner <gd@samba.org>	2016-04-12 19:25:27 +02:00
Stefan Metzmacher	51aa7bd311	CVE-2016-2118: s4:rpc_server: make it possible to define a min_auth_level on a presentation context BUG: https://bugzilla.samba.org/show_bug.cgi?id=11616 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Günther Deschner <gd@samba.org>	2016-04-12 19:25:27 +02:00
Michael Adam	476672b647	dlist: remove unneeded type argument from DLIST_ADD_END() Signed-off-by: Michael Adam <obnox@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>	2016-02-06 21:48:17 +01:00
Andreas Schneider	3b7cbc2eeb	s4-rpc_server: Get the real initial uid for selftest Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>	2015-11-05 09:23:15 +01:00
Jeremy Allison	49030649db	s4: rpc: Refactor dcesrv_alter() function into setup and send steps. Fixes bug: https://bugzilla.samba.org/show_bug.cgi?id=11236 Based on code from Julien Kerihuel <j.kerihuel@openchange.org> Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org> Autobuild-User(master): Jeremy Allison <jra@samba.org> Autobuild-Date(master): Sat Apr 25 02:43:22 CEST 2015 on sn-devel-104	2015-04-25 02:43:22 +02:00
Julien Kerihuel	fd90d270c7	Add DCERPC flag to call unbind hooks without destroying the connection itself upon termination of a connection with outstanding pending calls. Reviewed-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Jelmer Vernooij <jelmer@samba.org> Autobuild-User(master): Jeremy Allison <jra@samba.org> Autobuild-Date(master): Tue Apr 14 20:39:34 CEST 2015 on sn-devel-104	2015-04-14 20:39:34 +02:00
Julien Kerihuel	caaf89e899	Add multiplex state to dcerpc flags and control over multiplex PFC flag in bind_ack and and dcesrv_alter replies Signed-off-by: Julien Kerihuel <j.kerihuel@openchange.org> Reviewed-by: "Stefan (metze) Metzmacher" <metze@samba.org> Reviewed-by: Jelmer Vernooij <jelmer@samba.org>	2015-03-25 22:21:13 +01:00
Stefan Metzmacher	9ee5887a36	s4:rpc_server: add support for DCERPC_AUTH_TYPE_NCALRPC_AS_SYSTEM Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org> Reviewed-by: Günther Deschner <gd@samba.org> Autobuild-User(master): Stefan Metzmacher <metze@samba.org> Autobuild-Date(master): Mon Jan 26 14:23:50 CET 2015 on sn-devel-104	2015-01-26 14:23:49 +01:00
Jeremy Allison	463311422c	s3/s4: smbd, rpc, ldap, cldap, kdc services. Allow us to start if we bind to either :: or 0.0.0.0. Allows us to cope with systems configured as only IPv4 or only IPv6. Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-By: Amitay Isaacs <amitay@gmail.com> Reviewed-By: Alexander Bokovoy <ab@samba.org> Autobuild-User(master): Jeremy Allison <jra@samba.org> Autobuild-Date(master): Sat Jun 7 01:01:44 CEST 2014 on sn-devel-104	2014-06-07 01:01:43 +02:00
Stefan Metzmacher	f73ef3028c	dcerpc.idl: fix dcerpc_bind_nack definition The version array is always present. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>	2014-03-28 08:34:25 +01:00
Stefan Metzmacher	f7883ae02a	s4:lib/socket: simplify iface_list_wildcard() and its callers Bug: https://bugzilla.samba.org/show_bug.cgi?id=10464 Signed-off-by: Stefan Metzmacher <metze@samba.org> Change-Id: Ib317d71dea01fc8ef6b6a26455f15a8a175d59f6 Reviewed-by: Andrew Bartlett <abartlet@samba.org> Autobuild-User(master): Andrew Bartlett <abartlet@samba.org> Autobuild-Date(master): Fri Mar 7 02:18:17 CET 2014 on sn-devel-104	2014-03-07 02:18:17 +01:00
Stefan Metzmacher	bc4c7d4c1e	s4:rpc_server: make use of dcerpc_binding_get_transport() Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Guenther Deschner <gd@samba.org>	2014-02-13 11:54:17 +01:00
Stefan Metzmacher	e300c76e75	s4:rpc_server: make use of dcerpc_binding_get_string_option("endpoint") Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Guenther Deschner <gd@samba.org>	2014-02-13 11:54:17 +01:00
Stefan Metzmacher	efcae33cb5	s4:rpc_server: use dcerpc_binding_get_*() in endpoints_match() Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Guenther Deschner <gd@samba.org>	2014-02-13 11:54:17 +01:00
Stefan Metzmacher	ca6da61a52	s4:rpc_server: fix talloc hierachie dcesrv_context => dcesrv_endpoint => dcesrv_if_list Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Guenther Deschner <gd@samba.org>	2014-02-11 16:20:31 +01:00
Gregor Beck	0856c639f9	s4:rpc_server: check verification trailer Signed-off-by: Gregor Beck <gbeck@sernet.de> Reviewed-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Guenther Deschner <gd@samba.org>	2014-02-11 16:02:14 +01:00
Gregor Beck	b58f06c17b	s4:rpc_server: check header of each packet fragment Signed-off-by: Gregor Beck <gbeck@sernet.de> Reviewed-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Guenther Deschner <gd@samba.org>	2014-02-11 16:02:14 +01:00
Garming Sam	63c24977ba	param: rename lp function and variable from 'lockdir' to 'lock_directory' Signed-off-by: Garming Sam <garming@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>	2014-02-07 16:19:10 -08:00
Stefan Metzmacher	dc561b7e2d	dcerpc.idl: make use of union dcerpc_bind_ack_reason and fix all callers. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Guenther Deschner <gd@samba.org> Autobuild-User(master): Günther Deschner <gd@samba.org> Autobuild-Date(master): Thu Jan 16 18:21:40 CET 2014 on sn-devel-104	2014-01-16 18:21:40 +01:00
Stefan Metzmacher	c4726e414d	s4:rpc_server: use talloc_zero for struct dcesrv_connection Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>	2014-01-08 14:35:29 +01:00
Stefan Metzmacher	661fe3cf89	s4:rpc_server: support DCERPC_PFC_FLAG_SUPPORT_HEADER_SIGN by default If the gensec backend supports it there's no reason to disable it. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>	2014-01-07 00:27:11 +01:00

1 2 3 4 5 ...

298 Commits