IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
Thanks to Alexander for providing the binary blobs.
Guenther
Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
The meaning of lsa_ForestTrustRecordFlags is based lsa_ForestTrustRecordType,
but the type is not always available so it's not possible to use an union.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
This is only a cosmetic change to make the idl more verbose,
the resulting C code will still use 'uint8_t'.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
These are not encryption types, but flags for specific kerberos features.
See [MS-KILE] 2.2.6 Supported Encryption Types Bit Flags.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
These are the same.
We keep the old defines arround in order to avoid a lot of changes
in the callers.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
This is used as binary data for the msDS-RevealedUsers attribute.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
As specified in the recent 20150129 revision of MS-FSCC.
Add a note regarding the FileHandle field, which was confirmed to
correspond to the volatile part of the fileid:
https://lists.samba.org/archive/samba-technical/2015-February/105454.html
Signed-off-by: David Disseldorp <ddiss@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
[MS-FSCC] specifies:
The number of FILE_ALLOCATED_RANGE_BUFFER elements returned is
computed by dividing the size of the returned output buffer (from
either SMB or SMB2, the lower-layer protocol that carries the FSCTL)
by the size of the FILE_ALLOCATED_RANGE_BUFFER element.
Ideally, this requirement could be defined in idl with the following:
[flag(NDR_REMAINING)] file_alloced_range_buf array[];
However, this is not currently supported by PIDL, so just use an opaque
data blob for now.
Signed-off-by: David Disseldorp <ddiss@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
During initial wire trace analysis, the DCE/RPC PDU verification trailer
was incorrectly identified and tagged in IDL as an FSRVP "magic" blob.
This change removes the incorrectly tagged FSRVP request fields and
corresponding test code - with 1e1b7b1021
verification trailer parsing is now tested separately.
Signed-off-by: David Disseldorp <ddiss@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Sat Mar 7 20:01:20 CET 2015 on sn-devel-104
This adds some IDL structs for the ServerWrap subprotocol, allowing
parsing of the incoming RPC calls and returning WERR_NOT_SUPPORTED
instead of WERR_INVALID_PARAM.
Signed-off-by: Arvid Requate <requate@univention.de>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
[MS-BKRP] 3.1.4.1 specifies for BACKUPKEY_RETRIEVE_BACKUP_KEY_GUID that
the server must ignore the input data. This patch fixes
ndr_pull_error(11): Pull bytes 4 (../librpc/ndr/ndr_basic.c:148)
Signed-off-by: Arvid Requate <requate@univention.de>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
ndr_print_bkrp_data_in_blob requires the level to be set in the
proper ndr->switch_list context.
Signed-off-by: Arvid Requate <requate@univention.de>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Pair-programmed-with: Garming Sam <garming@catalyst.net.nz>
Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Volker Lendecke <vl@samba.org>
Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Mon Feb 16 14:48:41 CET 2015 on sn-devel-104
Special Reanimate-Tombstone access right is required, as well as most of
the checks on a standard rename.
Change-Id: Idae5101a5df4cd0d54fe4ab2f7e5ad7fc1c23648
Signed-off-by: Nadezhda Ivanova <nivanova@symas.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
This structure is used by the netr_LogonGetDomainInfo call as the input.
Guenther
Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
This requires an additional control to be used in the
LSA server to add domain trust account objects.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=10993
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(master): Thu Jan 15 14:54:47 CET 2015 on sn-devel-104
"notify_event" only reports names relative to some path that is only
implicitly known via "private_data". Right now "private_data" is the fsp
of the directory holding this notify. I want to use inotify_watch in a
notify-daemon that does not have a fsp available and has more problems
getting the path right out of "private_data". notify_inotify has the
directory under which the event happened available, so make it known to
the callback. Right now no caller uses it yet.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
This flag indicates the DC runs Windows 2012 or above.
See MS-NRPC 2.2.1.2.1 for details.
Guenther
Signed-off-by: Guenther Deschner <gd@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
This is very helpful in the trusted domain situation, as we may not
have a two-way trust but we can use our domain trust account to set up
a connection to NETLOGON
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Wed Oct 8 12:48:15 CEST 2014 on sn-devel-104
A SMB server should only care about specific SECINFO flags
and ignore others e.g. SECINFO_PROTECTED_DACL.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=10773
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
This is in preparation for adding NETWORK_INTERFACE_INFO Ioctl smbtorture test
case. This data structure is described in MS-SMB2 Sec. 2.2.32.5
Pair-Programmed-With: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Anubhav Rakshit <anubhav.rakshit@gmail.com>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Signed-off-by: Samuel Cabrero <scabrero@zentyal.com>
Reviewed-by: Kamen Mazdrashki <kamenim@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Kamen Mazdrashki <kamenim@samba.org>
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
Autobuild-User(master): Michael Adam <obnox@samba.org>
Autobuild-Date(master): Thu Jun 26 17:30:00 CEST 2014 on sn-devel-104
Thanks to Noel Power <noel.power@suse.com> for finding this!
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Noel Power <noel.power@suse.com>
[ddiss@samba.org: changed Noel's address, as requested]
Reviewed-by: David Disseldorp <ddiss@samba.org>
Autobuild-User(master): David Disseldorp <ddiss@samba.org>
Autobuild-Date(master): Thu Jun 12 16:01:10 CEST 2014 on sn-devel-104
This will make it easier in the future to NDR_PRINT a lease and
a lease key
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ronnie Sahlberg <ronniesahlberg@gmail.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Thu Jun 12 03:34:41 CEST 2014 on sn-devel-104
Change-Id: Iba3913d5a1c7f851b93f37e9beb6dbb20fbf7e55
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
FSRVP can possibly return any HRESULT error in addition to it's own
specific errors. This change searches the HRESULT errors for a description
if the error doesn't match any of the known FSRVP ones.
Also removed some errors defined in fsrvp.idl (now that they are defined
in hresult.h)
Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: David Disseldorp <ddiss@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
This way we can alter the define depending on the generated code.
E.g python bindings won't have an 'ndr' struct available.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
This should not be mixed with the object guid! They are different things!
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
We should always go through just one code path to [re]set a value.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
The CHECK_SYNTAX macro is currently used to compare ndr_syntax_ids and
return false on mismatch. Macros affecting control flow are evil!
Signed-off-by: David Disseldorp <ddiss@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Mon Mar 24 21:46:39 CET 2014 on sn-devel-104
The CHECK macro is currently used to dump error and return false on
VT condition check failure. Macros affecting control flow are evil!
Signed-off-by: David Disseldorp <ddiss@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
For Python bindings PIDL wants the struct to be defined as public if we
want to use __ndr_print/pack/unpack.
Define the [public] attribute to ForestTrustCollisionInfo/Record to
allow easier debugging when there is collision in establishing a trust.
This change does not affect C code as NDR functions are always
generated, only not exposed in Python bindings.
https://bugzilla.samba.org/show_bug.cgi?id=10504
Signed-off-by: Alexander Bokovoy <ab@samba.org>
Reviewed-by: Jelmer Vernooij <jelmer@samba.org>
Autobuild-User(master): Alexander Bokovoy <ab@samba.org>
Autobuild-Date(master): Mon Mar 24 12:44:50 CET 2014 on sn-devel-104
domains with more then 10 subdomains are not so uncommon.
https://bugzilla.samba.org/show_bug.cgi?id=10439
Guenther
Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Günther Deschner <gd@samba.org>
Autobuild-Date(master): Thu Feb 13 16:30:50 CET 2014 on sn-devel-104
For now this is just an alternate wrapper to
access binding->object.
Currently callers are reusing binding->object to store the
abstract syntax id instead of just the object uuid.
Some services on Windows use the same GUID for the
'object' and the 'abstract syntax', but they are completely
different things!
Most services use a null object guid, some reuse the
guid of the abstract syntax and use it like a 'class' object.
But the object guid is only really used by DCOM,
in order to call functions relative to an object instance,
which a dynamically allocated object guid.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
We now make a copy of the given string, so that we can mark chunks
inline. Then we call dcerpc_binding_set_string_option() in order
to set the elements.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
This allows get value string of a [key=value] option
of the dcerpc_binding.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
dcerpc_floor_set_rhs_data() handles the special cases now
and we keep the 'host' part unmodified except
EPM_PROTOCOL_IP addresses. No special '\\' handling anymore.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
For EPM_PROTOCOL_IP we can only marshal ipv4 addresses,
everything else gets '0.0.0.0' (4 zero bytes on the wire).
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
We don't return any "const char *" values here, so give the caller
a chance to talloc_free() the result.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
See [MS-SWN] for the details.
Pair-Programmed-With: Gregor Beck <gbeck@sernet.de>
Signed-off-by: Gregor Beck <gbeck@sernet.de>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
They can be used to parse a fragmented NDR byte stream.
ndr_pull_append() appends more data that can be processed
and ndr_pull_pop() removed already processed data.
This will be used to implement dcerpc pipes, where we can get
a verify large amount of pipe chunks, once we processed a chunk
we can forget about the related data, but we may need to keep some
bytes in order to get the alignment right.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
This will be usefull to try parsing DCERPC pipe chunks for
LIBNDR_FLAG_INCOMPLETE_BUFFER.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
If we pull a pipe chunk we need a way to check if we
have enough bytes to parse the complete chunk.
Setting ndr_pull->flags |= LIBNDR_FLAG_INCOMPLETE_BUFFER
would change NDR_ERR_BUFSIZE (and later maybe others)
into NDR_ERR_INCOMPLETE_BUFFER.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
This IDL code:
typedef [nodiscriminant] union {
[default] dcerpc_empty empty;
[case(LIBNDR_FLAG_OBJECT_PRESENT)] GUID object;
} dcerpc_object;
Compiles into the following default-before-case marshalling code:
switch (level) {
default: {
NDR_CHECK(ndr_push_dcerpc_empty(ndr, NDR_SCALARS, &r->empty));
break; }
case LIBNDR_FLAG_OBJECT_PRESENT: {
NDR_CHECK(ndr_push_GUID(ndr, NDR_SCALARS, &r->object));
break; }
}
The default entry before case does not change the flow of execution but
is more logical when present at the end of the switch statement.
Signed-off-by: David Disseldorp <ddiss@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Pair-Programmed-With: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Gregor Beck <gbeck@sernet.de>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
This extracts the dcerpc_sec_verification_trailer from the end
of an ndr_pull structure, it found it reduces ndr->data_size.
NDR_ERR_ALLOC is the only possible error, all other errors
are ignored and a trailer with command count = 0 is returned.
Pair-Programmed-With: Gregor Beck <gbeck@sernet.de>
Signed-off-by: Gregor Beck <gbeck@sernet.de>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
This helps wireshark reassamble the PDUs generated by socket_wrapper.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
See [MS-RPCE] 2.2.2.13 Verification Trailer for details.
Pair-Programmed-With: Gregor Beck <gbeck@sernet.de>
Signed-off-by: Gregor Beck <gbeck@sernet.de>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
To [C706 - DCE 1.1: Remote Procedure Call] and [MS-RPCE].
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
This lets ndr_pull_subcontext_end() make sure that all
subcontext bytes are consumed otherwise it returns NDR_ERR_UNREAD_BYTES.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
If the gensec backend supports it there's no reason not sign the header.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
We should do this explicit instead of relying on
tstream_readv_pdu_ask_for_next_vector() to catch the overflow.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=10185
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Previous implementation had a problem with NDR64 with uint32 and
uint3264 being in the wrong order
Signed-off-by: Matthieu Patou <mat@matws.net>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Wed Oct 30 10:16:02 CET 2013 on sn-devel-104
In 816e68f94f the display of unset bits has been
effectively disabled while only the check for 0 bits was supposed to be avoided
(because it creates the infite loop).
Guenther
Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Autobuild-User(master): Günther Deschner <gd@samba.org>
Autobuild-Date(master): Wed Oct 9 19:56:39 CEST 2013 on sn-devel-104
This reverts commit a6be8a97f7.
We fail (often) to parse a krb5pac type 12 buffer due to the incomplete change
which came in via a6be8a97f7. This change came
into master and has only been released in RCs so no regression to published
4.0.x releases. We should revert this for 4.1 for now until we can make it work
in all cases (see work on this in
https://git.samba.org/?p=gd/samba/.git;a=shortlog;h=refs/heads/master-krb5pac_type12).
Without this revert the entire PAC parsing may fail which can effect serious
implications (krb5 smb session setup not working).
Bug: https://bugzilla.samba.org/show_bug.cgi?id=10178
Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Thu Oct 3 17:08:46 CEST 2013 on sn-devel-104
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Wed Oct 2 15:02:07 CEST 2013 on sn-devel-104
That way we get hexdump -C style output for the content of the pipe chunks.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Matthieu Patou <mat@matws.net>
It's much easier to look at hexdump -C style output than
a few thousand lines with 1 byte each.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Matthieu Patou <mat@matws.net>
We control version numbers via 'vnum' from the wscript_build files for all other
libraries. In case of libndr we already reported a wrong 0.0.1 version via
pkgconfig while in fact the library is versioned as 0.0.2.
Guenther
Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Kai Blin <kai@samba.org>
Autobuild-User(master): Kai Blin <kai@samba.org>
Autobuild-Date(master): Thu Aug 22 20:48:44 CEST 2013 on sn-devel-104
[MS-DTYP].pdf 2.4.7
Signed-off-by: Gregor Beck <gbeck@sernet.de>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
... saves 200 bytes on 64 bit Linux with -O3
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Fri Jun 14 22:27:43 CEST 2013 on sn-devel-104
Issue description: I was trying to add maximum number of aces on Microsoft
share, where I was able to add nearly 1800 aces on a file/folder SD. But Samba
does not support adding 1800 aces to SD instead it limited to 1000.
Expected behavior: Ideally SAMBA should also support as like Windows to compare
with Windows standard. Set to 2000 until we add EA limits in the server.
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Wed Jun 12 02:52:36 CEST 2013 on sn-devel-104
Not sure if we need this, bug samba.org specifies it, so this can cause ANY queries
against samba.org to fail.
Signed-off-by: Kai Blin <kai@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
Autobuild-User(master): Michael Adam <obnox@samba.org>
Autobuild-Date(master): Sun May 26 20:05:38 CEST 2013 on sn-devel-104
Not sure if we need this, but samba.org specifies it, so this could cause ANY
queries against samba.org to fail.
Signed-off-by: Kai Blin <kai@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
Normally we would activate [ms_union] for the entire interface but given the
fact we use this IDL file also for custom-marshalled structures we would
generate union arm alignment also for the custom-marshalled unions where they
are inappropriate. Thus, only enable [ms_union] only for unions that are part of
the MS-RPRN IDL.
Guenther
Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: David Disseldorp <ddiss@samba.org>
This is to create IDL-stored NFSv4 ACLs, just as we use for posix ACLs
to permit better testing.
Andrew Bartlett
Reviewed-by: Jeremy Allison <jra@samba.org>
The level5 driver does return only one of these flags with a different value,
will get fixed later.
Guenther
Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Guenther
Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Mon Jan 7 19:06:25 CET 2013 on sn-devel-104
This in turn causes an include of <net/if.h> to hang on some systems, as
/net/ means to run the automounter!
Andrew Bartlett
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Mon Oct 29 01:23:39 CET 2012 on sn-devel-104
This will isolate the hash of the ACL from any intermediate mapping that
the POSIX -> NT mapping subsystem might need to do, and which might
change if we need to correct that mapping.
Andrew Bartlett
Previously marked as UNKNOWN_12 the UPN_DNS_INFO is defined in MS-PAC
Autobuild-User(master): Simo Sorce <idra@samba.org>
Autobuild-Date(master): Fri Sep 28 01:13:44 CEST 2012 on sn-devel-104
I've pushed the wrong branch for this, sorry about that.
Autobuild-User(master): Kai Blin <kai@samba.org>
Autobuild-Date(master): Wed Sep 5 14:10:54 CEST 2012 on sn-devel-104
Ensure the privilege rights are always specific rights, not generic.
By the time the privilege rights are examined, we've already mapped
from generic to specific in the access_mask.
This will allow us to marshall this into and from an NDR blob on disk, which will
allow us to fake up ACL support during make test, and to test the NT ACL emulation
using python bindings via the VFS.
Andrew Bartlett
there is a libsecurity on OSF1 which clasheѕ with our security lib. see bug #9023.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Björn Jacke <bj@sernet.de>
Autobuild-Date(master): Fri Aug 10 14:22:21 CEST 2012 on sn-devel-104
This change addresses bug 9026.
There are 3 use cases for DATA_BLOB marshalling/unmarshalling:
1)
ndr_push_DATA_BLOB and ndr_pull_DATA_BLOB when called with
LIBNDR_FLAG_ALIGN* alignment flags set, are used to push/pull padding
bytes _only_. The length is determined by the alignment required and
the current ndr offset.
e.g. dcerpc.idl:
typedef struct {
...
[flag(NDR_ALIGN8)] DATA_BLOB _pad;
} dcerpc_request;
2)
When called with the LIBNDR_FLAG_REMAINING flag, all remaining bytes in
the ndr buffer are pushed/pulled.
e.g. dcerpc.idl:
typedef struct {
...
[flag(NDR_REMAINING)] DATA_BLOB stub_and_verifier;
} dcerpc_request;
3)
When called without alignment flags, push/pull a uint32 length _and_ a
corresponding byte array to/from the ndr buffer.
e.g. drsblobs.idl
typedef [public] struct {
...
DATA_BLOB data;
} DsCompressedChunk;
The fix for bug 8373 changed the definition of "alignment flags", such
that when called with LIBNDR_FLAG_NOALIGN ndr_push/pull_DATA_BLOB
behaves as (1: padding bytes) rather than (3: uint32 length + byte
array).
This breaks marshalling/unmarshalling for the following structures.
eventlog.idl:
typedef [flag(NDR_NOALIGN|NDR_PAHEX),public] struct {
...
DATA_BLOB sid;
...
} eventlog_Record_tdb;
ntprinting.idl:
typedef [flag(NDR_NOALIGN),public] struct {
...
DATA_BLOB *nt_dev_private;
} ntprinting_devicemode;
typedef [flag(NDR_NOALIGN),public] struct {
...
DATA_BLOB data;
} ntprinting_printer_data;
Signed-off-by: Günther Deschner <gd@samba.org>
This copes with the fact that r->sub_auths is a fixed-size array, not
an allocated pointer, and so will still have some bytes no filled in
if the sid did not have a MAX_SUB_AUTHS sub-authorities.
Andrew Bartlett
This removes the duplication on how to detect that a user is system in Samba
now that the smbd system account is also only SID_NT_SYSTEM we can use the same
check everywhere.
Andrew Bartlett
Signed-off-by: Andreas Schneider <asn@samba.org>
This reverts commit 2642f38588.
This is not needed anymore, as 035342c117
"Fix bug #8373 - Can't join XP Pro workstations to 3.6.1 DC." is
the more generic fix for the problem.
metze
Treat LIBNDR_FLAG_NOALIGN and LIBNDR_FLAG_REMAINING the same as the
other align flags - make them mutually exclusive.
Combined work from Metze, Günther and Jeremy.
This started per https://bugzilla.samba.org/show_bug.cgi?id=8872#c4
and avoids any possible collision with a different process.
We also need to ensure that across a Samba installation on a single
node that id.vnn is the same. Samba4 previously used 0, while Samba3
used NONCLUSTER_VNN. When a message is sent between these 'different'
nodes, the error NT_STATUS_INVALID_DEVICE_REQUEST is raised.
Andrew Bartlett
From notify_internal.c:
/*
* The notify database is split up into two databases: One
* relatively static index db and the real notify db with the
* volatile entries.
*/
This change is necessary to make notify scale better in a cluster
In determining whether to compile a given .idl source file, build_idl.sh
currently checks:
a) that all build output files exist
b) build output files are newer than their corresponding .idl source
The .idl is rebuilt if either of the above conditions is false.
This logic does not catch the case where the pidl compiler itself is
changed. An IDL rebuild should occur in such a case.
https://bugzilla.samba.org/show_bug.cgi?id=8865
Autobuild-User: David Disseldorp <ddiss@samba.org>
Autobuild-Date: Mon Apr 16 16:29:45 CEST 2012 on sn-devel-104
There is no need to return the PAC signatures via the special-purpose
torture element. Instead, use a private pointer on the auth_context
in conjunction with the private PAC processing method.
Andrew Bartlett
Autobuild-User: Andrew Bartlett <abartlet@samba.org>
Autobuild-Date: Sun Jan 29 23:52:50 CET 2012 on sn-devel-104
OpenPrinterEx requests have also been observed in the wild carrying
non-utf16 garbage after the device mode devicename field null
terminator.
Signed-off-by: Jeremy Allison <jra@samba.org>
OpenPrinterEx requests have been observed in the wild carrying a device
mode formname "A4" followed by non-utf16 garbage after the null
terminator. Such requests currently fail during unmarshalling in the
ndr_pull_charset() codepath, causing intermittent print job failures.
This change ensures that garbage after the device mode formname null
terminator is not processed in unmarshalling.
https://bugzilla.samba.org/show_bug.cgi?id=8606
Signed-off-by: Jeremy Allison <jra@samba.org>
The same as ndr_pull_charset(), however only perform character
conversion on bytes prior to and including the null terminator.
Signed-off-by: Jeremy Allison <jra@samba.org>
Windows Server 2008 returns NT_STATUS_DOWNGRADE_DETECTED if you call
netrServerAuthenticate2 during a domain join without setting the strong
keys flag (128bit crypto).
Only for NT4 we need to do a downgrade to the returned negotiate flags.
See also 0970369ca0.
DRSUAPI_DRS_UPDATE flags are used in
DRS_MSG_REPMOD_V1 message structure when repsFrom
is modified via RPC. The RPCs are currently uncoded but
samba_kcc maintains the flags (and uses them to identify
what repsFrom changes are to be executed). These are currently
helpful to samba_kcc and are intended to ultimately be used in
RPCs.
Signed-off-by: Andrew Tridgell <tridge@samba.org>
ndr_set_flag or's in the given flag (ALIGN4). At this point, ndr->flags
contains NOALIGN, which will persist. In ndr_push_DATA_BLOB NOALIGN overrides
everything else, so that the ALIGN4 is not respected.
Autobuild-User: Volker Lendecke <vlendec@samba.org>
Autobuild-Date: Fri Nov 18 09:33:37 CET 2011 on sn-devel-104
The entire marshalling of samr_ChangePasswordUser3 broke with c2685cdedb.
Matthias, the bad effect of this change was that actually all failed password
change attempts will always return NT_STATUS_OK because the last 4 bytes (the
resulting status code) were not marshalled anymore.
Guenther
Autobuild-User: Günther Deschner <gd@samba.org>
Autobuild-Date: Wed Nov 9 00:41:13 CET 2011 on sn-devel-104
Change some misleading variable names to reflect the actual function.
Add missing field name/types previously marked as unkown.
Signed-off-by: Günther Deschner <gd@samba.org>
Autobuild-User: Günther Deschner <gd@samba.org>
Autobuild-Date: Mon Oct 24 19:19:28 CEST 2011 on sn-devel-104
Windows returns multiple DNS_RPC_RECORDS structures, but there is
no well defined structure in [MS-DNSP] doc. Added hand-written
code to parse ndr.
Pair-Programmed-With: Andrew Tridgell <tridge@samba.org>
Signed-off-by: Andrew Tridgell <tridge@samba.org>
this fills in the functions and structures for the dnsserver RPC
protocol. This protocol is used during a subdomain join to add the NS
glue record to the parent domain
We have 3 different types of flags values in our NDR layer. We've
recently found bugs where these types of flags have been mixed up,
especially by people adding hand written ndr code for tricky
structures. We previously got away with this because (for example)
NDR_SCALARS and NDR_IN had the same value, so mixing up the two
concepts sometimes worked. Unfortunately it also led to bugs where we
didn't do what was expected, such as in our smbtorture ndr test suite,
where passing a ndr_flags value of zero led to only checking that two
empty structures were equal.
This changes the values of the NDR_IN|NDR_OUT and
NDR_SCALARS|NDR_BUFFERS values to be in different bit ranges, and adds
macros for checking the validity of passed in flags. A followup patch
modifies the ndr calls to use these macros, and pidl to generate
them. This should catch misuse of the APIs.
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
the two types of ndr flags were being mixed up, so NDR_BUFFERS was
being interpreted as LIBNDR_FLAG_NOALIGN
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
This fixes WinXP joining a Samba3 domain, which was broken on hosts
with an even number of characters in the host name. The alignment
requested in the structure was ignored because of the overall
NDR_NOALIGN set on the packet.
Andrew Bartlett
Autobuild-User: Jeremy Allison <jra@samba.org>
Autobuild-Date: Thu Jul 28 00:30:26 CEST 2011 on sn-devel-104
Instead, we base our guest calculations on the presence or absense of the
authenticated users group in the token, ensuring that we have only
one canonical source of this important piece of authorization data
Andrew Bartlett
Signed-off-by: Andrew Tridgell <tridge@samba.org>
This makes auth3_session_info identical to auth_session_info
The logic to convert the info3 to a struct auth_user_info is
essentially moved up the stack from the named pipe proxy in
source3/rpc_server to create_local_token().
Andrew Bartlett
Signed-off-by: Andrew Tridgell <tridge@samba.org>
We need to use this, and not utf8string because we need to
transport NULL pointers correctly.
Andrew Bartlett
Signed-off-by: Andrew Tridgell <tridge@samba.org>
This will allow a transformation of auth3_session_info into
auth_session_info by substitution.
Andrew Bartlett
Signed-off-by: Andrew Tridgell <tridge@samba.org>
As discussed in 'CH_DISPLAY and gettext' on the samba-technical list:
http://lists.samba.org/archive/samba-technical/2011-June/078190.html
Setting this to a value other than 'unix charset' does not make sense,
as any system where the filesytem charset does not equal the terminal
charset will already have problems with programs as simple as 'ls'.
It also means that our output could not be pasted as our input in
interactive programs or onto our command line, as we never did
translate in the DISPLAY -> UNIX direction.
The d_printf() calls are retained in case we need to revisit this, and
to support display_set_stderr().
Andrew Bartlett
