1
0
mirror of https://github.com/samba-team/samba.git synced 2024-12-24 21:34:56 +03:00
Commit Graph

4984 Commits

Author SHA1 Message Date
Samuel Cabrero
82020a3f62 s3:rpc_server: Drop dcerpc_binding_vector usage in the server side
The endpoint mapper entry is built using the dcesrv_endpoint and the
interfaces registered into it instead of using the
dcerpc_binding_vector.

Signed-off-by: Samuel Cabrero <scabrero@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2020-03-20 15:36:34 +00:00
Samuel Cabrero
53ca9ad2a7 s3:rpc_server: Remove unused members from dcerpc_ncacn_listen_state
Signed-off-by: Samuel Cabrero <scabrero@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2020-03-20 15:36:34 +00:00
Samuel Cabrero
9a6a5a50f1 s3:rpc_server: Create ncacn_np sockets through endpoint initialization
Signed-off-by: Samuel Cabrero <scabrero@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2020-03-20 15:36:34 +00:00
Samuel Cabrero
64a70a9610 s3:rpc_server: Setup ncacn_np sockets through endpoint initialization
Signed-off-by: Samuel Cabrero <scabrero@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2020-03-20 15:36:34 +00:00
Samuel Cabrero
c0ff6da277 s3:rpc_server: Listen in different socket for ncalrpc when role is AD DC
If smbd and samba processes use DEFAULT as socket name they will race to
accept the NCALRPC connections.

Signed-off-by: Samuel Cabrero <scabrero@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2020-03-20 15:36:34 +00:00
Samuel Cabrero
f8eb0e3569 s3:rpc_server: Create ncalrpc socket through endpoint initialization
Signed-off-by: Samuel Cabrero <scabrero@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2020-03-20 15:36:34 +00:00
Samuel Cabrero
1d970fa83d s3:rpc_server: Setup ncalrpc sockets through endpoint initialization
Signed-off-by: Samuel Cabrero <scabrero@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2020-03-20 15:36:34 +00:00
Samuel Cabrero
a6b718b6ec s3:rpc_server: Create ncacn_ip_tcp sockets through enpoint init
Signed-off-by: Samuel Cabrero <scabrero@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2020-03-20 15:36:34 +00:00
Samuel Cabrero
a18163a147 s3:rpc_server: Setup ncacn_ip_tcp sockets through endpoint init
The listener is created in the endpoint memory context. If the endpoint
is freed, the listener will be freed too and the socket closed.

Signed-off-by: Samuel Cabrero <scabrero@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2020-03-20 15:36:34 +00:00
Samuel Cabrero
fd099ae16a s3:rpc_server: Initialize mdssd connection endpoints
Signed-off-by: Samuel Cabrero <scabrero@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2020-03-20 15:36:34 +00:00
Samuel Cabrero
04d3053663 s3:rpc_server: Initialize fssd connection endpoints
Signed-off-by: Samuel Cabrero <scabrero@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2020-03-20 15:36:34 +00:00
Samuel Cabrero
d0a2b0c769 s3:rpc_server: Initialize lsasd connection endpoints
Signed-off-by: Samuel Cabrero <scabrero@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2020-03-20 15:36:33 +00:00
Samuel Cabrero
0e6d138c8e s3:rpc_server: Initialize epmd connection endpoints
Signed-off-by: Samuel Cabrero <scabrero@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2020-03-20 15:36:33 +00:00
Samuel Cabrero
2d2c488121 s3:rpc_server: Initialize the embedded services endpoints
Signed-off-by: Samuel Cabrero <scabrero@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2020-03-20 15:36:33 +00:00
Samuel Cabrero
228f8b2c53 s3:rpc_server: Add a function to create the endpoints sockets
The pidl-generated initialization function for each endpoint server will
register the RPC interface in all endpoints defined in the idl file.

The interface registration code will create the endpoint if it does not
exists (as an endpoint can serve multiple interfaces) and will add it to
the endpoint list exiting in the dcesrv_context.

This commit adds a generic dcesrv_create_endpoint_sockets function which
will be preforking external daemons to create the sockets regardless the
endpoint transport. This function will only create the sockets, the
external preforking daemon is who will start listening.

Signed-off-by: Samuel Cabrero <scabrero@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2020-03-20 15:36:33 +00:00
Samuel Cabrero
c97a77297d s3:rpc_server: Add a function to setup the endpoints
The pidl-generated initialization function for each endpoint server will
register the RPC interface in all endpoints defined in the idl file.

The interface registration code will create the endpoint if it does not
exists (as an endpoint can serve multiple interfaces) and will add it to
the endpoint list exiting in the dcesrv_context.

This commit adds a generic dcesrv_setup_endpoint_sockets function which
will be used by embedded services and non-preforking external daemons to
setup the sockets regardless the transport.

Signed-off-by: Samuel Cabrero <scabrero@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2020-03-20 15:36:33 +00:00
Samuel Cabrero
4e7670ed12 s3:rpc_server: Implement association group find callback
Keep the s3 server behaviour for now and return always the same
association group ID, 0x53F0.

Signed-off-by: Samuel Cabrero <scabrero@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2020-03-20 15:36:33 +00:00
Samuel Cabrero
b9e5740a85 s3:rpc_server: Setup dcesrv_context callbacks
Signed-off-by: Samuel Cabrero <scabrero@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2020-03-20 15:36:33 +00:00
Samuel Cabrero
5174e469ae s3:rpc_server: Init registered ep servers in external mdssd daemon
Initialize and shutdown the endpoint servers registed by the mdssd
daemon. The pidl-generated init function will register the
api_struct for backward compatibility until completely removed.

The common server exit routine will shutdown all registered endpoint
servers, and the pidl-generated shutdown function will unregister the
api_struct.

Signed-off-by: Samuel Cabrero <scabrero@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2020-03-20 15:36:33 +00:00
Samuel Cabrero
99b5b9a9fb s3:rpc_server: Init registered ep servers in external fssd daemon
Initialize and shutdown the endpoint servers registed by the fssd
daemon. The pidl-generated init function will register the
api_struct for backward compatibility until completely removed.

The common server exit routine will shutdown all registered endpoint
servers, and the pidl-generated shutdown function will unregister the
api_struct.

Signed-off-by: Samuel Cabrero <scabrero@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2020-03-20 15:36:33 +00:00
Samuel Cabrero
a450f10374 s3:rpc_server: Init registered ep servers in external lsasd daemon
Initialize and shutdown the endpoint servers registed by the lsasd
daemon. The pidl-generated init function will register the
api_struct for backward compatibility until completely removed.

The common server exit routine will shutdown all registered endpoint
servers, and the pidl-generated shutdown function will unregister the
api_struct.

Signed-off-by: Samuel Cabrero <scabrero@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2020-03-20 15:36:33 +00:00
Samuel Cabrero
0e2839f9bc s3:rpc_server: Init registered ep servers in external epmd daemon
Initialize and shutdown the endpoint servers registed by the endpoint
mapper daemon. The pidl-generated init function will register the
api_struct for backward compatibility until completely removed.

The common server exit routine will shutdown all registered endpoint
servers, and the pidl-generated shutdown function will unregister the
api_struct.

Signed-off-by: Samuel Cabrero <scabrero@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2020-03-20 15:36:32 +00:00
Samuel Cabrero
36c2abbc16 s3:rpc_server: Init registered endpoint servers for embedded services
Signed-off-by: Samuel Cabrero <scabrero@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2020-03-20 15:36:32 +00:00
Samuel Cabrero
3b52f1543c s3:rpc_server: Reinitialize dcesrv_context in external lsasd daemon
Signed-off-by: Samuel Cabrero <scabrero@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2020-03-20 15:36:32 +00:00
Samuel Cabrero
80c57f238d s3:rpc_server: Reinitialize dcesrv_context in external mdssd daemon
Signed-off-by: Samuel Cabrero <scabrero@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2020-03-20 15:36:32 +00:00
Samuel Cabrero
eeb6888f42 s3:rpc_server: Reinitialize dcesrv_context in external fssd daemon
Signed-off-by: Samuel Cabrero <scabrero@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2020-03-20 15:36:32 +00:00
Samuel Cabrero
f1eec15c37 s3:rpc_server: Reinitialize dcesrv_context in external epmd daemon
Signed-off-by: Samuel Cabrero <scabrero@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2020-03-20 15:36:32 +00:00
Samuel Cabrero
3719de0107 s3:rpc_server: Initialize global dcesrv_context for embedded services
Signed-off-by: Samuel Cabrero <scabrero@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2020-03-20 15:36:32 +00:00
Samuel Cabrero
20542bcfa9 s3:rpc_server: Add global dcesrv_context init and shutdown functions
Signed-off-by: Samuel Cabrero <scabrero@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2020-03-20 15:36:32 +00:00
Samuel Cabrero
eea1c425a6 s3:rpc_server: Register endpoint servers in external mdssd daemon
The parent calls the setup function to register the endpoint server, as
it has to be registered to initialize the endpoints (create the sockets).

Delete the setup call from forker childs as it is already registered by
the parent.

Signed-off-by: Samuel Cabrero <scabrero@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2020-03-20 15:36:31 +00:00
Samuel Cabrero
612c7fa341 s3:rpc_server: Register endpoint servers in external fssd daemon
Signed-off-by: Samuel Cabrero <scabrero@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2020-03-20 15:36:31 +00:00
Samuel Cabrero
909cf570d4 s3:rpc_server: Register endpoint servers in external lsasd daemon
Signed-off-by: Samuel Cabrero <scabrero@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2020-03-20 15:36:31 +00:00
Samuel Cabrero
da5aabde57 s3:rpc_server: Register endpoint servers in external epmd daemon
Signed-off-by: Samuel Cabrero <scabrero@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2020-03-20 15:36:31 +00:00
Samuel Cabrero
d77a4e553d s3:rpc_server: Register endpoint servers for embedded services
Signed-off-by: Samuel Cabrero <scabrero@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2020-03-20 15:36:31 +00:00
Samuel Cabrero
06f1bad051 s3:rpc_server: Provide LSA ncacn_np secondary endpoint and LSA over Netlogon
Signed-off-by: Samuel Cabrero <scabrero@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2020-03-20 15:36:31 +00:00
Samuel Cabrero
dc1d34d388 s3:rpc_server: Include generated boilerplate code
Signed-off-by: Samuel Cabrero <scabrero@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2020-03-20 15:36:31 +00:00
Gary Lockyer
3e072b3fb7 build: fix the coverage build
"make lcov" was failing with:
   Processing file bin/default/<stdout>
   genhtml: ERROR: cannot read ... <stdout>

Flex adds "#line nnn <stdout>" to the generated source, which then causes
issues with lcov. This commit adds a SAMBA_GENERATOR for es_lexer.l and
sparql_lexer.l that strips out the offending lines.

Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2020-02-27 01:02:32 +00:00
Ralph Boehme
1484fb0c66 s3/rpc_server/netlogon: use set_current_user_info() in _netr_LogonSamLogon_base()
Note that we're now sanitizing the username we got from the client, as we do
everywhere else.

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2020-02-06 10:17:43 +00:00
Ralph Boehme
a6054e2b35 s3/rpc_server: use talloc_alpha_strcpy() in _winreg_InitiateSystemShutdownEx()
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2020-02-06 10:17:43 +00:00
Alexander Bokovoy
c6d880a115 s3-rpcserver: fix security level check for DsRGetForestTrustInformation
Harmonize _netr_DsRGetForestTrustInformation with source4/ logic which
didn't change since DCE RPC channel refactoring.

With the current code we return RPC faul as can be seen in the logs:

2019/12/11 17:12:55.463081,  1, pid=20939, effective(1284200000, 1284200000), real(1284200000, 0), class=rpc_parse] ../librpc/ndr/ndr.c:471(ndr_print_function_debug)
       netr_DsRGetForestTrustInformation: struct netr_DsRGetForestTrustInformation
          in: struct netr_DsRGetForestTrustInformation
              server_name              : *
                  server_name              : '\\some-dc.example.com'
              trusted_domain_name      : NULL
              flags                    : 0x00000000 (0)
[2019/12/11 17:12:55.463122,  4, pid=20939, effective(1284200000, 1284200000), real(1284200000, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1561(api_rpcTNP)
  api_rpcTNP: fault(5) return.

This is due to this check in processing a request:
        if (!(p->pipe_bound && (p->auth.auth_type != DCERPC_AUTH_TYPE_NONE)
                       && (p->auth.auth_level != DCERPC_AUTH_LEVEL_NONE))) {
                p->fault_state = DCERPC_FAULT_ACCESS_DENIED;
                return WERR_ACCESS_DENIED;
        }

and since we get AuthZ response,

  Successful AuthZ: [netlogon,ncacn_np] user [EXAMPLE]\[admin] [S-1-5-21-1234567-890123456-500] at [Wed, 11 Dec 2019 17:12:55.461164 UTC]
  Remote host [ipv4:Y.Y.Y.Y:59017] local host [ipv4:X.X.X.X:445]
[2019/12/11 17:12:55.461584,  4, pid=20939, effective(0, 0), real(0, 0)] ../lib/audit_logging/audit_logging.c:141(audit_log_json)
  JSON Authorization: {"timestamp": "2019-12-11T17:12:55.461491+0000",
   "type": "Authorization", "Authorization": {"version": {"major": 1, "minor": 1},
   "localAddress": "ipv4:X.X.X.X:445", "remoteAddress": "ipv4:Y.Y.Y.Y:59017",
   "serviceDescription": "netlogon", "authType": "ncacn_np",
   "domain": "EXAMPLE", "account": "admin", "sid": "S-1-5-21-1234567-890123456-500",
   "sessionId": "c5a2386f-f2cc-4241-9a9e-d104cf5859d5", "logonServer": "SOME-DC",
   "transportProtection": "SMB", "accountFlags": "0x00000010"}}

this means we are actually getting anonymous DCE/RPC access to netlogon
on top of authenticated SMB connection. In such case we have exactly
auth_type set to DCERPC_AUTH_TYPE_NONE and auth_level set to
DCERPC_AUTH_LEVEL_NONE in the pipe->auth. Thus, returning an error.

Update the code to follow the same security level check as in s4 variant
of the call.

Signed-off-by: Alexander Bokovoy <ab@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>

Autobuild-User(master): Günther Deschner <gd@samba.org>
Autobuild-Date(master): Mon Jan 13 15:05:28 UTC 2020 on sn-devel-184
2020-01-13 15:05:28 +00:00
Volker Lendecke
5954a0688a lsasd: Align integer types
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: David Disseldorp <ddiss@samba.org>
2020-01-03 00:04:43 +00:00
Ralph Boehme
d68d8c6538 s3:rpc_server: pass session_info to get_nt_acl_no_snum()
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2019-12-20 11:41:41 +00:00
Ralph Boehme
7fb188c119 s3:rpc_server: pass session_info to elog_check_access()
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2019-12-20 11:41:41 +00:00
Ralph Boehme
457c91406a s3: pass session_info to enum_msdfs_links()
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2019-12-20 11:41:40 +00:00
Ralph Boehme
e12a724f0d s3: pass session_info to remove_msdfs_link()
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2019-12-20 11:41:40 +00:00
Ralph Boehme
8a0ad072ac s3: pass session_info to create_msdfs_link()
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2019-12-20 11:41:40 +00:00
Ralph Boehme
8517bb109c s3: pass session info to get_referred_path()
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2019-12-20 11:41:40 +00:00
Günther Deschner
5d34c8874d s3-rpc_server: always print the full PDU.
Guenther

Signed-off-by: Guenther Deschner <gd@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2019-12-17 07:58:39 +00:00
Jeremy Allison
cc1ec0a9f1 s3: smbd: cleanup. Change 'int referral_count' -> 'size_t referral_count' in struct junction_map.
This is a non-negative count. Fix remaing code to not mix int and size_t.

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
2019-12-16 14:05:33 +00:00
Douglas Bagnall
e737988641 dcerpc: developer option to save ndr_fuzz_X seeds
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Pair-programmed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2019-12-10 07:50:28 +00:00
Isaac Boukris
a75ca8d5d5 session: convert sess_crypt_blob to use gnutls
Signed-off-by: Isaac Boukris <iboukris@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2019-12-10 00:30:31 +00:00
Isaac Boukris
dcc33103d5 smbdes: convert des_crypt112_16 to use gnutls
Signed-off-by: Isaac Boukris <iboukris@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2019-12-10 00:30:31 +00:00
Isaac Boukris
dce944e8a1 smbdes: convert E_old_pw_hash to use gnutls
Signed-off-by: Isaac Boukris <iboukris@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2019-12-10 00:30:31 +00:00
Isaac Boukris
0f855f1ab9 smbdes: add des_crypt56_gnutls() using DES-CBC with zeroed IV
Signed-off-by: Isaac Boukris <iboukris@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2019-12-10 00:30:30 +00:00
Andreas Schneider
94c3c12df1 s3:rpc_server: Fix string compare for utmp entries
The members of struct utmp are marked as nonstring. This means they
might not be nil-terminated.

Found by covscan.

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Richard Sharpe <realrichardsharpe@gmail.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2019-12-10 00:30:29 +00:00
Ralph Boehme
b5c6964a50 s3:param: make "servicename" a substituted option
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2019-11-27 10:25:37 +00:00
Ralph Boehme
a0185c7efb smbdotconf: mark "shutdown script" with substitution="1"
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2019-11-27 10:25:36 +00:00
Ralph Boehme
7dc7b9e554 smbdotconf: mark "server string" with substitution="1"
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2019-11-27 10:25:36 +00:00
Ralph Boehme
1743ff48ba smbdotconf: mark "passwd program" with substitution="1"
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2019-11-27 10:25:35 +00:00
Ralph Boehme
4551dd2784 smbdotconf: mark "passwd chat" with substitution="1"
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2019-11-27 10:25:35 +00:00
Ralph Boehme
fa5033cfb7 smbdotconf: mark "logfile" with substitution="1"
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2019-11-27 10:25:35 +00:00
Ralph Boehme
6e678cba77 smbdotconf: mark "enumports command" with substitution="1"
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2019-11-27 10:25:34 +00:00
Ralph Boehme
28391f0b61 smbdotconf: mark "delete share command" with substitution="1"
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2019-11-27 10:25:34 +00:00
Ralph Boehme
d035f850de smbdotconf: mark "deleteprinter command" with substitution="1"
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2019-11-27 10:25:34 +00:00
Ralph Boehme
12e97ee3e8 smbdotconf: mark "check password script" with substitution="1"
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2019-11-27 10:25:34 +00:00
Ralph Boehme
bf9c63a280 smbdotconf: mark "change share command" with substitution="1"
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2019-11-27 10:25:34 +00:00
Ralph Boehme
390f53cb03 smbdotconf: mark "add share command" with substitution="1"
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2019-11-27 10:25:33 +00:00
Ralph Boehme
39f8014275 smbdotconf: mark "addprinter command" with substitution="1"
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2019-11-27 10:25:33 +00:00
Ralph Boehme
a5db3443a2 smbdotconf: mark "addport command" with substitution="1"
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2019-11-27 10:25:33 +00:00
Ralph Boehme
db75b5d6fc smbdotconf: mark "abort shutdown script" with substitution="1"
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2019-11-27 10:25:33 +00:00
Ralph Boehme
f7619ac22b smbdotconf: mark "path" with substitution="1"
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2019-11-27 10:25:33 +00:00
Stefan Metzmacher
8e86ac18e7 smbdotconf: mark "comment" with substitution="1"
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
2019-11-27 10:25:32 +00:00
Stefan Metzmacher
564049fbc9 s3:mdssvc: make use of lp_parm_const_string()
We don't need any substitution for elasticsearch options.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
2019-11-27 10:25:31 +00:00
Christof Schmitt
1f304fc16c sharesec: Return NTSTATUS from set_share_security
Signed-off-by: Christof Schmitt <cs@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2019-11-26 21:28:31 +00:00
Andreas Schneider
a377214dce s3:rpc_server: Replace E_md5hash() with GnuTLS calls
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14195

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2019-11-19 04:48:29 +00:00
Ralph Boehme
4736623c24 s3: rename talloc_sub_advanced() to talloc_sub_full()
We currently have the following substitution functions:

  talloc_sub_basic()
  talloc_sub_advanced()

talloc_sub_basic() currently substitutes a subset of talloc_sub_advanced().

We'll need a function X that only substitutes what talloc_sub_advanced()
substitutes *without* what talloc_sub_basic() does.

To get there rename talloc_sub_advanced() to talloc_sub_full(). A subsequent
commit will then bring back talloc_sub_advanced() as described above.

Examples with fictional replacement letters A and B. Currently:

  talloc_sub_basic:    A
  talloc_sub_advanced: AB

New:

  talloc_sub_basic:    A
  talloc_sub_advanced:  B
  talloc_sub_full:     AB

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13745

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2019-11-07 14:16:41 +00:00
Volker Lendecke
54d673742f lib: Remove #define serverid_equal server_id_equal
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2019-11-06 20:36:34 +00:00
Ralph Boehme
c9b6298249 mdssvc.idl: pass policy_handle as pointer
No change in behaviour, this just changes all functions to take the
policy_handle argument as pointer instead of passing it by value.
This is how all other IDLs pass it.

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Noel Power <noel.power@suse.com>

Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Wed Oct  9 15:52:55 UTC 2019 on sn-devel-184
2019-10-09 15:52:55 +00:00
Ralph Boehme
63cbeaf0e7 s3:mdssvc: fix service startup in deamon mode
Changes:

* Don't initialize the RPC service by calling setup_rpc_module() in the parent
  mdssd. This is not needed in the parent, only in the worker childs.

* In the worker childs call setup_rpc_module() instead of init_rpc_module()
  which ensures rpc_mdssvc_init() is called with the mdssvc callback which is
  needed to initialize mdssvc via mdssvc_init_cb() -> init_service_mdssvc()

* Finally rpc_setup_mdssvc() is adjusted to be a noop if mdssvc is configured to
  as external and when called by the main parent smbd via dcesrv_ep_setup() ->
  setup_rpc_modules()

I've manually tested all 4 combinations of external=yes|no X module=yes|no with
the new mdfind command.

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Noel Power <noel.power@suse.com>
2019-10-09 14:35:29 +00:00
Ralph Boehme
78a2d95511 s3:mdssvc: use a helper variable for the service type
No change in behaviour. Simplifies a subsequent logical change.

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Noel Power <noel.power@suse.com>
2019-10-09 14:35:29 +00:00
Ralph Boehme
91f397bec0 mdssd: fix a debug message
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Noel Power <noel.power@suse.com>
2019-10-09 14:35:29 +00:00
Ralph Boehme
bf02a93508 s3: rpc_server: enable mdssvc by default
Now that mdssvc is built by default and also tested in CI, enable it by default,
running as embedded service.

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Noel Power <noel.power@suse.com>
2019-10-09 14:35:29 +00:00
Ralph Boehme
f479e01096 s3:mdssvc: add unit tests for the Spotlight to Elasticsearch parser
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Noel Power <noel.power@suse.com>
2019-10-09 14:35:29 +00:00
Ralph Boehme
f5510d7db3 s3:mdssvc: add Elasticsearch backend
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Noel Power <noel.power@suse.com>
2019-10-09 14:35:29 +00:00
Ralph Boehme
c338bdf5a4 s3:mdssvc: add missing mds_ctx deallocation
The mds_ctx object was created in _mdssvc_open() as a talloc child of the pipe
which means as long as the pipe is connected it's not freed.

To ensure we do proper rundown of all resources including backend connections
and pending queries, we must free the mds_ctx object.

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Noel Power <noel.power@suse.com>
2019-10-09 14:35:29 +00:00
Ralph Boehme
eb740b571d s3:mdssvc: fix a long line
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Noel Power <noel.power@suse.com>
2019-10-09 14:35:29 +00:00
Ralph Boehme
ba899694e4 s3:mdssvc: modernize a few DEBUG macros
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Noel Power <noel.power@suse.com>
2019-10-09 14:35:29 +00:00
Ralph Boehme
08cb82d26f s3:mdssvc: remove unused snum from struct sl_query
Looks like this was never used, it's also available via mds_ctx->snum.

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Noel Power <noel.power@suse.com>
2019-10-09 14:35:28 +00:00
Volker Lendecke
86672659c6 epmapper: Fix printf specifiers
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
2019-10-02 08:01:40 +00:00
Stefan Metzmacher
5da24aa18e smbd: rename [un]become_user*() to [un]become_user_without_service*()
We should make the behavior change (that gives up some protection)
more obvious, by changing the function names.

At least some OEMs have patches relying on the 4.9/4.10 behaviour
and we want them to detect that they have to do more work when they
need to change directories.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2019-09-11 19:59:34 +00:00
Mathieu Parent
fbecbe4d9b Spelling fixes s/negotatie/negotiate/
Signed-off-by: Mathieu Parent <math.parent@gmail.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
2019-09-01 22:21:25 +00:00
Andrew Bartlett
2f827bec8c s3-rpc_server: Check NTSTATUS return value from netlogon_creds_aes_decrypt()
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2019-08-21 09:57:30 +00:00
Volker Lendecke
2dd7ebe072 smbd: Fix CID 1452293 Incorrect expression (NO_EFFECT)
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>

Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Wed Aug 14 11:48:42 UTC 2019 on sn-devel-184
2019-08-14 11:48:42 +00:00
Volker Lendecke
76bf8a1ac4 mdssvc: Fix the clang build
clang complains about "%lu" not to match size_t on 32-bit FreeBSD

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>

Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Fri Aug  9 07:34:05 UTC 2019 on sn-devel-184
2019-08-09 07:34:04 +00:00
Ralph Boehme
64f182412a s3:mdssvc: fix slrpc_fetch_attributes() when CNID is not known
Samba currenlty fails the whole RPC request, macOS returns returns a nil entry
for the requested CNID:

DALLOC_CTX(#1): {
	sl_array_t(#3): {
		uint64_t: 0x0000
		CNIDs: unkn1: 0xfec, unkn2: 0x6b000020
			DALLOC_CTX(#1): {
				uint64_t: 0xe4bbf314c03b1e
			}
		sl_filemeta_t(#1): {
			sl_array_t(#2): {
				nil
				nil
			}
		}
	}
}

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Thu Aug  8 21:43:14 UTC 2019 on sn-devel-184
2019-08-08 21:43:14 +00:00
Ralph Boehme
b2bf13ecf7 s3:mdssvc: close mdssvc rpc command must return in handle
Checked against macOS mdssvc.

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2019-08-08 20:24:33 +00:00
Ralph Boehme
a5e705504b s3:mdssvc: failing the RPC request if the mdssvc policy handle is not found
Turns out macOS mdssvc doesn't fail the RPC request if the policy handle is all
zero. Also, if it fails with a non-all-zero handle, it returns a different RPC
error, namely DCERPC_NCA_S_PROTO_ERROR, not DCERPC_FAULT_CONTEXT_MISMATCH (or
rather their mapped NT_STATUS codes).

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2019-08-08 20:24:33 +00:00
Ralph Boehme
6336699687 s3:mdssvc: the open command must work on shares with Spotlight disabled
Move the implementation of this setting down to the actual search query
processing. macOS has no notion of "spotlight = false" at the DCERPC layer and
the open request will always succeed even on all shares.

When later the client issues search requests on such shares, we ensure we use
the noindex backend.

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2019-08-08 20:24:33 +00:00
Ralph Boehme
520175e227 s3:mdssvc: use an early return if spotlight is not enabled.
No change in behaviour, best viewed with git show -w.

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2019-08-08 20:24:33 +00:00
Ralph Boehme
68a9d1205e s3:mdssvc: update a few debug macros to modern style
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2019-08-08 20:24:33 +00:00
Ralph Boehme
940c3b31dd s3:mdssvv: don't fail the RPC request if the share name is unknown
Taken from macOS. We have to return an empty share_path and an empty policy
handle, but not fail the RPC request.

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2019-08-08 20:24:33 +00:00
Ralph Boehme
fef3a4c75f s3:mdssvc: initialize the returned share_path with the empty string
macOS returns the empty path for an unknown share. This paves the way for that
change. Currently we still fail the RPC request if the share is not known with
DCERPC_FAULT_CANT_PERFORM, but this is wrong and is going to be changed in the
next commit.

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2019-08-08 20:24:33 +00:00
Ralph Boehme
c4b2dc95d5 s3:mdssvc: macOS returns the client values in the open command
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2019-08-08 20:24:33 +00:00
Ralph Boehme
a3cb4fca86 s3:mdssvc: macOS returns UINT64_MAX, not 0 for closeQueryForContext mdscmd
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2019-08-08 20:24:33 +00:00
Ralph Boehme
5750f38ca7 s3:mdssvc: fix error handling of mdssvc RPC requests
It seems for certain error cases macOS just sends an empty response
blob. So if our mdssvc request processing fails, we should just return an empty
response blob, but not fail the mdssvc request at the DCERPC layer.

Example, passing "xxx" as sharename which does not exist at the server:

  $ bin/rpcclient -U slow%pass macmini -c "fetch_attributes xxx /foo/bar 123" -d 10
  ....
  Got pdu len 56, data_len 32
  rpc_api_pipe: got frag len of 56 at offset 0: NT_STATUS_OK
  rpc_api_pipe: host macmini returned 32 bytes.
  mdssvc_cmd: struct mdssvc_cmd
     out: struct mdssvc_cmd
         fragment                 : *
             fragment                 : 0x00000000 (0)
         response_blob            : *
             response_blob: struct mdssvc_blob
                 length                   : 0x00000000 (0)
                 size                     : 0x00010000 (65536)
                 spotlight_blob           : *
                     spotlight_blob: ARRAY(0)
         unkn9                    : *
             unkn9                    : 0x00000000 (0)
  ...

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2019-08-08 20:24:33 +00:00
Ralph Boehme
b34fd5b997 s3:mdssvc: fix unmarshalling of empty CNID array
len=0 is invalid, len=8 is an empty array, len>8 is an array with members, so
for the len=8 case we must add the empty cnid array.

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2019-08-08 20:24:32 +00:00
Ralph Boehme
29ef030624 s3:mdssvc: marshalling: fix unpacking empty CNID structure
Pass the correct tag member tag.size to sl_unpack_CNID(), not
tag.length. tag.size is the size actually used in a buffer of size tag.length.

Cf other users of tag.size that already do this correctly, this was only wrong
in this place.

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2019-08-08 20:24:32 +00:00
Ralph Boehme
d67c98184a s3:mdssvc: marshalling: fix unpacking empty filemeta structure
This is how a correct dump of an empty sl_filemeta_t container should look like:

DALLOC_CTX(#1): {
	sl_array_t(#3): {
		uint64_t: 0x0023
		CNIDs: unkn1: 0x0, unkn2: 0x0
			DALLOC_CTX(#0): {
			}
		sl_filemeta_t(#0): {
		}
	}
}

This is basically the response from macOS mdssvc for a query that yields no
results: sl_filemeta_t is empty, the CNIDs array as well.

Looking at the raw packet data, the empty sl_filemeta_t container as a size of 8
bytes which fails the following check in sl_unpack_cpx():

        case SQ_CPX_TYPE_FILEMETA:
                ...
		if (tag.size < 16) {
		        *boom*
                }

Only tag.size=0 is invalid, tag.size=8 denotes an empty container and tag.size>=16
denotes a sl_filemeta_t container with actual content must be unpacked by
calling sl_unpack(). Note that size is always a muliple of 8.

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2019-08-08 20:24:32 +00:00
Ralph Boehme
ed37f2d3c4 s3:mdssvc: marshalling: add a newline to a DEBUG message
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2019-08-08 20:24:32 +00:00
Ralph Boehme
25c5012c53 s3:mdssvc: avoid strncpy when marshalling strings
Avoids failure when at O3 level:

  [2082/4232] Compiling source3/rpc_server/mdssvc/marshalling.c

  ==> /builds/samba-team/devel/samba/samba-o3.stderr <==
  In file included from /usr/include/string.h:494,
                   from /usr/include/bsd/string.h:30,
                   from ../../lib/tevent/../replace/replace.h:164,
                   from ../../source3/include/includes.h:23,
                   from ../../source3/rpc_server/mdssvc/marshalling.c:21:
  In function ‘strncpy’,
      inlined from ‘sl_pack_string’ at ../../source3/rpc_server/mdssvc/marshalling.c:493:2,
      inlined from ‘sl_pack_loop’ at ../../source3/rpc_server/mdssvc/marshalling.c:607:13:
  /usr/include/bits/string_fortified.h:106:10: error: ‘__builtin_strncpy’ output
  truncated before terminating nul copying as many bytes from a string as its
  length [-Werror=stringop-truncation]
    106 |   return __builtin___strncpy_chk (__dest, __src, __len, __bos (__dest));
        |          ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  ../../source3/rpc_server/mdssvc/marshalling.c: In function ‘sl_pack_loop’:
  ../../source3/rpc_server/mdssvc/marshalling.c:458:8: note: length computed here
    458 |  len = strlen(s);
        |        ^~~~~~~~~
  cc1: all warnings being treated as errors

Marshalled strings are not 0 terminated.

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2019-08-08 20:24:32 +00:00
Ralph Boehme
0b1d9d40c2 s3:mdssvc: supposed status field is in fact a fragment indicator
Spotted this in mdssvc response that containied many results for a search
request: if the mdssvc response blob is larger then ~32k, the server fragments
the response in 32k fragments and sets the "fragment" field to 1.

Note that mdssvc implemenets result set "fragmentation" at the result set layer,
not at the marshalled response buffer layer. Therefor mdssvc always sets this
field to 0.

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2019-08-08 20:24:32 +00:00
Ralph Boehme
c742ab7a4c s3:mdssvc: add noindex backend
Add a new default backend that, while allowing mdsvc RPC and search queries from
clients, always returns no results.

Shares using this backend will behave the same way as shares on a macOS SMB
server where indexing is disabled.

This change will later also allow us to compile the Spotlight RPC service by
default which is a big step in the direction of adding tests to CI.

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2019-08-08 20:24:32 +00:00
Ralph Boehme
e5a4114bb5 s3:mdssvc: log inode number in ino_path_map_destr_cb()
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2019-08-08 20:24:31 +00:00
Ralph Boehme
2d98fb57e0 s3:mdssvc: move some code to a subsystem
We need this in a later patchset when adding a mdssvc client library and for
unit tests.

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2019-08-08 20:24:31 +00:00
Ralph Boehme
f58026b30b s3:mdssvc: mds_dalloc_dump() -> dalloc_dump()
Move mds_dalloc_dump() to dalloc and rename it to dalloc_dump().

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2019-08-08 20:24:31 +00:00
Ralph Boehme
b5731a94bb s3:mdssvc: add Unicode normalisation
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2019-08-08 20:24:31 +00:00
Ralph Boehme
1b897df4f7 s3:mdssvc: new option "spotlight backend"
Currently there's only the tracker backend, but subsequent commits will add
other backends.

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2019-08-08 20:24:31 +00:00
Ralph Boehme
66b8d86d71 s3:mdssvc: pass down sharename and SNUM
Not used for now, will be needed in the upcoming Elasticsearch backend.

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2019-08-08 20:24:31 +00:00
Ralph Boehme
1ef96e0907 s3-mdssvc: factor out Tracker backend logic
This moves all Tracker backend logic into a modularized component.

This should not result in any change in behaviour, it just paves the way
for adding additional backends. Currently the only available backend is
Gnome Tracker.

slq_destroy_send/recv is not needed anymore as the problem is solved now by
correctly checking if an async Tracker request was cancelled and we got
G_IO_ERROR_CANCELLED in tracker_con_cb() or tracker_query_cb() and avoid using
user_data in that the case.

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2019-08-08 20:24:31 +00:00
Ralph Boehme
f80f8c5f99 s3:mdssvc: move debug macro to header file
This is going to be used from other parts of the code soon.

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2019-08-08 20:24:31 +00:00
Ralph Boehme
17f29fa867 s3:mdssvc: README.Coding fixes, long lines, modernize debug macros
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2019-08-08 20:24:31 +00:00
Ralph Boehme
9e0b6f667f s3:rpc_server: factor out rpc_mdssvc_sources
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2019-08-08 20:24:31 +00:00
Andreas Schneider
1f923e067d s3:rpc_server: Only dump passwords in developer builds
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Fri Jul 26 03:05:01 UTC 2019 on sn-devel-184
2019-07-26 03:05:01 +00:00
David Disseldorp
93d424528f netlogon: Fix potential use of uninitialized variable
The _netr_NetrEnumerateTrustedDomains()->dcerpc_lsa_open_policy2() error
path checks the policy handle and closes it if non-empty. The policy
handle may be uninitialized in this code-path - fix this.

Signed-off-by: David Disseldorp <ddiss@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2019-07-26 01:48:27 +00:00
Andreas Schneider
1c84bda361 s3:rpc_server: Use a stackframe for temporary memory
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2019-07-26 01:48:27 +00:00
Andreas Schneider
cd0b5e5d93 s3:rpc_server: Use GnuTLS RC4 to decrypt samr password buffers
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14031

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2019-07-26 01:48:24 +00:00
Andreas Schneider
d31f6a6803 s3:rpc_server: Use GnuTLS RC4 in samr password check
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14031

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2019-07-26 01:48:24 +00:00
Andreas Schneider
79ca72ec3d libcli:auth: Pass samr_CryptPasswordEx to decode_rc4_passwd_buffer()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14031

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2019-07-26 01:48:23 +00:00
Andreas Schneider
89f8b028e2 libcli:auth: Rename encode_or_decode_arc4_passwd_buffer()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14031

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2019-07-26 01:48:23 +00:00
Andreas Schneider
57dd415ba4 libcli:auth: Return NTSTATUS for encode_or_decode_arc4_passwd_buffer()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14031

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2019-07-26 01:48:22 +00:00
Andreas Schneider
7915a48e53 s3:rpc_client: Return NTSTATUS for init_samr_CryptPasswordEx()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14031

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2019-07-26 01:48:22 +00:00
Samuel Cabrero
c1e649fd47 s3:rpc_server: Call server exit routines in sigterm handler
Signed-off-by: Samuel Cabrero <scabrero@suse.de>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>

Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Mon Jul 22 18:04:53 UTC 2019 on sn-devel-184
2019-07-22 18:04:53 +00:00
Samuel Cabrero
ee6fb27c59 s3:rpc_server: Call epmapper RPC shutdown function from server exit routines
Signed-off-by: Samuel Cabrero <scabrero@suse.de>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2019-07-22 16:49:16 +00:00
Samuel Cabrero
63a39ef605 s3:rpc_server: Call fsrvp RPC shutdown function from server exit routines
Signed-off-by: Samuel Cabrero <scabrero@suse.de>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2019-07-22 16:49:16 +00:00
Samuel Cabrero
7a167b3751 s3:rpc_server: Call server exit routines in sigterm handler
The exit server routines already call rpc shutdown functions

Signed-off-by: Samuel Cabrero <scabrero@suse.de>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2019-07-22 16:49:16 +00:00
Samuel Cabrero
6be10e6d43 s3:rpc_server: Improve debug messages
Signed-off-by: Samuel Cabrero <scabrero@suse.de>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2019-07-22 16:49:16 +00:00
Samuel Cabrero
dde08e8f26 s3:rpc_server: Return NTSTATUS in is_known_pipename function
Signed-off-by: Samuel Cabrero <scabrero@suse.de>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2019-07-22 16:49:16 +00:00
Samuel Cabrero
f7529fffce s3:rpc_server: Make make_external_rpc_pipe_p and np_proxy_state private
This function and struct is not used outside rpc_ncacn_np.c

Signed-off-by: Samuel Cabrero <scabrero@suse.de>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2019-07-22 16:49:15 +00:00
Samuel Cabrero
4d42b7cde2 s3:rpc_server: Check pointer before dereference
The debug message dereference the pointer, but as close_policy_by_pipe
is called from pipes_struct destructor it may be not initialized yet if
an error occur in the initialization code.

Signed-off-by: Samuel Cabrero <scabrero@suse.de>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2019-07-22 16:49:15 +00:00
Samuel Cabrero
0c04daf523 s3:rpc_server: Rename dcesrv_handle struct
The name conflicts with the S4 name.

Signed-off-by: Samuel Cabrero <scabrero@suse.de>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2019-07-22 16:49:15 +00:00
Samuel Cabrero
cdaf06abad s3:rpc_server: Unify RPC client disconnect and termination functions
These functions are used by endpoint mapper to delete the endpoints
when a NCALRPC connection from an external daemon is lost and by
preforked childs to accept the next client as soon as the current
connection terminates. We can use the same function for both purposes.

Signed-off-by: Samuel Cabrero <scabrero@suse.de>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2019-07-22 16:49:15 +00:00
Samuel Cabrero
5d8e13413c s3:rpc_server: Return NTSTATUS in make_internal_rpc_pipe_p
Also make it static as it is not used outside rpc_ncacn_np.c

Signed-off-by: Samuel Cabrero <scabrero@suse.de>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2019-07-22 16:49:15 +00:00
Samuel Cabrero
6f07f46771 s3:rpc_server: Set debug class in all rpc server related files
Signed-off-by: Samuel Cabrero <scabrero@suse.de>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2019-07-22 16:49:15 +00:00
Samuel Cabrero
01c6602dd2 s3:rpc_server: Initialize auxiliary variable checked in error path
The auxiliary variable is checked in the function's exit code so reset
it after each usage.

Signed-off-by: Samuel Cabrero <scabrero@suse.de>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2019-07-22 16:49:15 +00:00
Samuel Cabrero
6964348bbf s3:prefork: Allow to associate private data with listening socket
Prepare for merger RPC server codebase, where it will be necessary to
stablish an association between the listening socket and the
dcesrv_endpoint that the socket is serving.

Signed-off-by: Samuel Cabrero <scabrero@suse.de>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2019-07-22 16:49:15 +00:00
Samuel Cabrero
85201cc76b s3:rpc_server: Remove named_pipe_client struct and use dcerpc_ncacn_conn
Now NCACN_NP connections run the same loop as NCACN_IP_TCP and NCALRPC
connections.

Signed-off-by: Samuel Cabrero <scabrero@suse.de>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2019-07-22 16:49:15 +00:00
Samuel Cabrero
82759189d1 s3:rpc_server: Check remote address supplied to dcerpc_ncacn_accept
Check if the supplied tsocket_address is valid before changing the
talloc chunk parent to the ncacn_conn struct.

Signed-off-by: Samuel Cabrero <scabrero@suse.de>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2019-07-22 16:49:15 +00:00
Samuel Cabrero
c976d456d2 s3:rpc_server: Make dcerpc_ncacn_packet_process public
In preparation to remove the named_pipe_client struct, this function
will be set as tevent callback from rpc_ncacn_np.c

Signed-off-by: Samuel Cabrero <scabrero@suse.de>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2019-07-22 16:49:15 +00:00
Samuel Cabrero
2e938e22ac s3:rpc_server: Add a function to initialize the dcerpc_ncacn_conn struct
Signed-off-by: Samuel Cabrero <scabrero@suse.de>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2019-07-22 16:49:15 +00:00
Samuel Cabrero
52c3bebd23 s3:rpc_server: Split dcerpc_ncacn_accept to deal with tstream_npa
In preparation to remove the named_pipe_client struct split the function
if two parts and build the tstream context as soon as possible, as it
will take care of closing the socket when the tstream_context is freed.

Signed-off-by: Samuel Cabrero <scabrero@suse.de>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2019-07-22 16:49:15 +00:00
Samuel Cabrero
61fb17f85b s3:rpc_server: Add termination function and data to dcerpc_ncacn_conn
In preparation to remove the named_pipe_client structure, this function
will be called from ncacn_conn destructor passing the private data pointer
as argument. It is mainly used by preforked childs in "process model" to
attend the next client as soon as the previous client ends the connection.

Signed-off-by: Samuel Cabrero <scabrero@suse.de>
Reviewed-by: Andreas Schneider <asn@samba.org>
2019-07-22 16:49:14 +00:00
Samuel Cabrero
cc6342e7a5 s3:rpc_server: Move dcerpc_ncanc_conn to header file
Next commits will remove named_pipe_client and dcerpc_ncacn_connection
will be used in its place. It has to be moved to a header file as it
will be used by functions in rpc_server.c and rpc_ncacn_np.c.

Signed-off-by: Samuel Cabrero <scabrero@suse.de>
Reviewed-by: Andreas Schneider <asn@samba.org>
2019-07-22 16:49:14 +00:00
Samuel Cabrero
d8d7c98121 s3:rpc_server: Set dcerpc_ncacn_connection destructor
And call disconnection callback from there if it is set.
Additionally change named_pipe_termination_fn to have * in typedef.

Signed-off-by: Samuel Cabrero <scabrero@suse.de>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2019-07-22 16:49:14 +00:00
Samuel Cabrero
fdfa0e0a01 s3:epmapper: Rename conflicting struct
Rename an epmapper internal struct which will conflict when merging s3
and s4 rpc servers.

Signed-off-by: Samuel Cabrero <scabrero@suse.de>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2019-07-22 16:49:14 +00:00
Samuel Cabrero
d1d37a0a6e s3:rpc_server: Return NTSTATUS in rpc_ep_setup and setup functions
Signed-off-by: Samuel Cabrero <scabrero@suse.de>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2019-07-22 16:49:14 +00:00
Samuel Cabrero
7ee4dff9da s3:rpc_server: Fix hidden strict aliasing issues
Signed-off-by: Samuel Cabrero <scabrero@suse.de>
Reviewed-by: Andreas Schneider <asn@samba.org>
2019-07-22 16:49:14 +00:00
Samuel Cabrero
60b7b79187 s3:rpc_server: Fix code formatting and improve debug messages
Signed-off-by: Samuel Cabrero <scabrero@suse.de>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2019-07-22 16:49:14 +00:00
Samuel Cabrero
f527964f72 s3:rpc_server: Set the endpoint name to "IP" on ncacn_ip_tcp listener
This matchs what lsasd and mdssd does.

Signed-off-by: Samuel Cabrero <scabrero@suse.de>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2019-07-22 16:49:14 +00:00
Samuel Cabrero
2cb4a9c6e8 s3:rpc_server: Use talloc_zero for dcerpc_ncacn_listen_state
Signed-off-by: Samuel Cabrero <scabrero@suse.de>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2019-07-22 16:49:14 +00:00
Samuel Cabrero
1f2caa4101 s3:rpc_server: Use new debug macros in dcesrv_setup_ncalrpc_socket
Signed-off-by: Samuel Cabrero <scabrero@suse.de>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2019-07-22 16:49:14 +00:00
Samuel Cabrero
5a54486424 s3:rpc_server: Return NTSTATUS for dcesrv_setup_ncalrpc_socket
Signed-off-by: Samuel Cabrero <scabrero@suse.de>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2019-07-22 16:49:13 +00:00
Samuel Cabrero
1a1f31e082 s3:rpc_server: Rename setup_dcerpc_ncalrpc_socket
Signed-off-by: Samuel Cabrero <scabrero@suse.de>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2019-07-22 16:49:13 +00:00
Samuel Cabrero
cbf497dc09 s3:rpc_server: Use new debug macros in dcesrv_setup_ncacn_ip_tcp_socket
Signed-off-by: Samuel Cabrero <scabrero@suse.de>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2019-07-22 16:49:13 +00:00
Samuel Cabrero
ae14c51080 s3:rpc_server: Return NTSTATUS for dcesrv_setup_ncacn_ip_tcp_socket
Signed-off-by: Samuel Cabrero <scabrero@suse.de>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2019-07-22 16:49:13 +00:00
Samuel Cabrero
a6b5899853 s3:rpc_server: Rename setup_dcerpc_ncacn_tcpip_socket
Signed-off-by: Samuel Cabrero <scabrero@suse.de>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2019-07-22 16:49:13 +00:00
Samuel Cabrero
3f4be0b9db s3:rpc_server: Rename rpc_create_tcpip_sockets
Signed-off-by: Samuel Cabrero <scabrero@suse.de>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2019-07-22 16:49:13 +00:00
Samuel Cabrero
edc8ef722c s3:rpc_server: Rename dcerpc_ncacn_tcpip_listener
Signed-off-by: Samuel Cabrero <scabrero@suse.de>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2019-07-22 16:49:13 +00:00
Samuel Cabrero
6b2aefc579 s3:rpc_server: Use new debug macros for dcesrv_create_ncacn_ip_tcp_socket
Signed-off-by: Samuel Cabrero <scabrero@suse.de>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2019-07-22 16:49:13 +00:00
Samuel Cabrero
e3999a14da s3:rpc_server: Return NTSTATUS for dcesrv_create_ncacn_ip_tcp_socket
Additionally to the fd number, check the port number has been correctly
assigned. This check was performed by the callers of this function.

Signed-off-by: Samuel Cabrero <scabrero@suse.de>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2019-07-22 16:49:13 +00:00
Samuel Cabrero
b7817eaf3d s3:rpc_server: Rename create_tcpip_socket
Additionally move function declaration from proto.h to rpc_server.h

Signed-off-by: Samuel Cabrero <scabrero@suse.de>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2019-07-22 16:49:13 +00:00
Stefan Metzmacher
5ed7ee7279 s3:rpc_server: simplify the error checking of create_tcpip_socket() callers
create_tcpip_socket() never returns a valid fd and left port as 0.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2019-07-22 16:49:13 +00:00
Samuel Cabrero
b52d58d6e1 s3:rpc_server: Rename named_pipe_listener
Signed-off-by: Samuel Cabrero <scabrero@suse.de>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2019-07-22 16:49:13 +00:00
Samuel Cabrero
fc3d582cca s3:rpc_server: Switch to new debug macros for dcesrv_setup_ncacn_np_socket
Signed-off-by: Samuel Cabrero <scabrero@suse.de>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2019-07-22 16:49:13 +00:00
Samuel Cabrero
e05ce7b9e7 s3:rpc_server: Return NTSTATUS for dcesrv_setup_ncacn_np_socket
Signed-off-by: Samuel Cabrero <scabrero@suse.de>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2019-07-22 16:49:12 +00:00
Samuel Cabrero
b6537c15c1 s3:rpc_server: Rename setup_named_pipe_socket
Signed-off-by: Samuel Cabrero <scabrero@suse.de>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2019-07-22 16:49:12 +00:00
Samuel Cabrero
3fdd4dc03a s3:rpc_server: Switch to new debug macros for dcesrv_create_ncacn_np_socket
Additionally messages are improved.

Signed-off-by: Samuel Cabrero <scabrero@suse.de>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2019-07-22 16:49:12 +00:00
Samuel Cabrero
4a5c440b08 s3:rpc_server: Return NTSTATUS for dcesrv_create_ncacn_np_socket
The 'fd' state struct member is initialized after allocation because it
is checked in the error path.

Signed-off-by: Samuel Cabrero <scabrero@suse.de>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2019-07-22 16:49:12 +00:00
Samuel Cabrero
7f8f857dfe s3:rpc_server: Rename create_named_pipe_socket
Signed-off-by: Samuel Cabrero <scabrero@suse.de>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2019-07-22 16:49:12 +00:00
Samuel Cabrero
af576d335a s3:rpc_server: Rename dcerpc_ncalrpc_listener
Signed-off-by: Samuel Cabrero <scabrero@suse.de>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2019-07-22 16:49:12 +00:00
Samuel Cabrero
05507d4d19 s3:rpc_server: Switch to new debug macros for dcesrv_create_ncalrpc_socket
Additionally new debug messages are added and the existing ones improved.

Signed-off-by: Samuel Cabrero <scabrero@suse.de>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2019-07-22 16:49:12 +00:00
Samuel Cabrero
3153814db4 s3:rpc_server: Return NTSTATUS for dcesrv_create_ncalrpc_socket
Signed-off-by: Samuel Cabrero <scabrero@suse.de>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2019-07-22 16:49:12 +00:00
Samuel Cabrero
c0b1884c99 s3:rpc_server: Rename create_dcerpc_ncalrpc_socket
Signed-off-by: Samuel Cabrero <scabrero@suse.de>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2019-07-22 16:49:12 +00:00
Andreas Schneider
acf605f595 s4:rpc_server: Use GnuTLS RC4 in lsa endpoint
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2019-06-27 12:54:24 +00:00
Andreas Schneider
67e6a9af2c libcli:auth: Return NTSTATUS for netlogon_creds_arcfour_crypt()
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2019-06-27 12:54:23 +00:00
Andreas Schneider
cad3adb0b4 libcli:auth: Return NTSTATUS for netlogon_creds_decrypt_samlogon_logon()
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2019-06-27 12:54:23 +00:00
Andreas Schneider
00dd1a8bf8 libcli:auth: Return NTSTATUS for netlogon_creds_encrypt_samlogon_validation()
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2019-06-27 12:54:23 +00:00
Stefan Metzmacher
0b6e37c9e8 s3:rpc_server:netlogon: simplify AUTH_TYPE_SCHANNEL check in netr_creds_server_step_check()
The gensec schannel module already asserts that at least
AUTH_LEVEL_INTEGRITY is used.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13949

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2019-06-04 22:13:07 +00:00
Stefan Metzmacher
fa5215ce5b s3:rpc_server:netlogon: don't require NEG_AUTHENTICATED_RPC in netr_ServerAuthenticate*()
The domain join with VMWare Horizon Quickprep seems to use
netr_ServerAuthenticate3() with just the NEG_STRONG_KEYS
(and in addition the NEG_SUPPORTS_AES) just to verify a password.

Note: NETLOGON_NEG_SCHANNEL is an alias to NEG_AUTHENTICATED_RPC.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13464 (maybe)
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13949

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2019-06-04 22:13:07 +00:00
Ralph Boehme
9053391f86 s3:mdssvc: fix flex compilation error
[4440/4495] Compiling bin/default/source3/rpc_server/mdssvc/sparql_lexer.lex.c
../../source3/rpc_server/mdssvc/sparql_lexer.l:26: error: "yyalloc" redefined [-Werror]
26 | #define yyalloc SMB_MALLOC

Looks like the dirty redefine trick doesn't work anymore with newer flex
versions. According to the flex manual the right thing to do is to provide own
functions for yyalloc and yyrealloc when passing the options "noyyalloc
noyyrealloc".

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>

Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Tue May 28 11:49:06 UTC 2019 on sn-devel-184
2019-05-28 11:49:06 +00:00
Andreas Schneider
790d7e34cb s3:rpc_server: Do not free the tdbname before we printed it
Found by GCC 9.

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2019-05-08 16:33:24 +00:00
Ralph Boehme
613acd3ddd s3-mdssvc: add a comment to mds_init()
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Noel Power <npower@samba.org>

Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Wed Apr 24 19:32:12 UTC 2019 on sn-devel-184
2019-04-24 19:32:12 +00:00
Ralph Boehme
003b5d3ee4 s3-mdssvc: make mds_ctx_destructor_cb static
This is only used in this compilation unit.

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Noel Power <npower@samba.org>
2019-04-24 18:32:15 +00:00
Ralph Boehme
91c9c03435 s3-mdssvc: add missing call to g_cancellable_new()
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Noel Power <npower@samba.org>
2019-04-24 18:32:15 +00:00
Ralph Boehme
984c890cd0 s3-mdssvc: use default g_main context
Way back when the module was developed it seemed to be necessary the use
a private context with push/pop as thread default. Maybe there was a bug
in libtracker-sparql dispatching callback in the wrong (global)
context. It's not necessary anymore with a recent libtracker-sparql
version.

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Noel Power <npower@samba.org>
2019-04-24 18:32:15 +00:00
Ralph Boehme
55b2cca14a s3-mdssvc: use tevent_glib_glue in mdssvc RPC service
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Noel Power <npower@samba.org>
2019-04-24 18:32:15 +00:00
Ralph Boehme
bc053abdd1 s3-mdssvc: call [un]become_authenticated_pipe_user()
This ensures we're running as the authenticated user int the tevent
callback which might be running in an arbitrary impersonation context.

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Noel Power <npower@samba.org>
2019-04-24 18:32:15 +00:00
Ralph Boehme
675902f800 s3-mdssvc: add tevent context arg to mds_init_ctx
This is needed later when adding tevent_glib_glue support, not used for now.

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Noel Power <npower@samba.org>
2019-04-24 18:32:15 +00:00
Volker Lendecke
e8ce1c6483 smbd: Remove some unused includes
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2019-04-11 23:35:15 +00:00
Jeremy Allison
b1582a4d09 CVE-2019-3880 s3: rpc: winreg: Remove implementations of SaveKey/RestoreKey.
Remove the now unused code implementations of
registry file io.

As reported by Michael Hanselmann.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13851

Signed-off-by: Jeremy Allison <jra@samba.org>

Autobuild-User(master): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(master): Mon Apr  8 11:43:31 UTC 2019 on sn-devel-144
2019-04-08 11:43:31 +00:00
Jeremy Allison
c79f719a84 CVE-2019-3880 s3: rpc: winreg: Remove implementations of SaveKey/RestoreKey.
The were not using VFS backend calls and could only work
locally, and were unsafe against symlink races and other
security issues.

If the incoming handle is valid, return WERR_BAD_PATHNAME.

[MS-RRP] states "The format of the file name is implementation-specific"
so ensure we don't allow this.

As reported by Michael Hanselmann.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13851

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2019-04-08 10:27:34 +00:00