IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
In preparation to remove the named_pipe_client struct split the function
if two parts and build the tstream context as soon as possible, as it
will take care of closing the socket when the tstream_context is freed.
Signed-off-by: Samuel Cabrero <scabrero@suse.de>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
In preparation to remove the named_pipe_client structure, this function
will be called from ncacn_conn destructor passing the private data pointer
as argument. It is mainly used by preforked childs in "process model" to
attend the next client as soon as the previous client ends the connection.
Signed-off-by: Samuel Cabrero <scabrero@suse.de>
Reviewed-by: Andreas Schneider <asn@samba.org>
Next commits will remove named_pipe_client and dcerpc_ncacn_connection
will be used in its place. It has to be moved to a header file as it
will be used by functions in rpc_server.c and rpc_ncacn_np.c.
Signed-off-by: Samuel Cabrero <scabrero@suse.de>
Reviewed-by: Andreas Schneider <asn@samba.org>
And call disconnection callback from there if it is set.
Additionally change named_pipe_termination_fn to have * in typedef.
Signed-off-by: Samuel Cabrero <scabrero@suse.de>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
This matchs what lsasd and mdssd does.
Signed-off-by: Samuel Cabrero <scabrero@suse.de>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Additionally to the fd number, check the port number has been correctly
assigned. This check was performed by the callers of this function.
Signed-off-by: Samuel Cabrero <scabrero@suse.de>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Additionally move function declaration from proto.h to rpc_server.h
Signed-off-by: Samuel Cabrero <scabrero@suse.de>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
The 'fd' state struct member is initialized after allocation because it
is checked in the error path.
Signed-off-by: Samuel Cabrero <scabrero@suse.de>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Additionally new debug messages are added and the existing ones improved.
Signed-off-by: Samuel Cabrero <scabrero@suse.de>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
We can only rely on session_info_transport to be filled correctly upon
success of the accept_existing_recv function
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Make it clear that we talloc_steal by NULLing out the caller's
session_info
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
For unauthenticated connections we should default to a
session info with an anonymous nt token.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13328
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Set SOCKET_CLOEXEC on the sockets returned by accept. This ensures that
the socket is unavailable to any child process created by system().
Making it harder for malicious code to set up a command channel,
as seen in the exploit for CVE-2015-0240
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Modified to use constant AS_SYSTEM_MAGIC_PATH_TOKEN instead of string literal
"/root/ncalrpc_as_system"
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12865
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
This changes struct dcerpc_ncacn_conn
While these names may have been clear, much of Samba uses
remote_address and local_address, and this difference has hidden bugs.
By using both names we avoid a little of this.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Pair-Programmed-by: Gary Lockyer <gary@catalyst.net.nz>
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
The rest of the code uses remote before local, and this
often causes bugs
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Pair-Programmed-by: Gary Lockyer <gary@catalyst.net.nz>
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
This brings the callers of named_pipe_auth in line with that subsystem.
Much of Samba uses remote_address and local_address, and this difference
has hidden bugs
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Pair-Programmed-by: Gary Lockyer <gary@catalyst.net.nz>
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
This ensures that gensec, and then the NTLM auth subsystem under it, always gets the
remote and local address pointers for potential logging.
The local address allows us to know which interface an authentication is on
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Pair-Programmed-by: Gary Lockyer <gary@catalyst.net.nz>
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Signed-off-by: Chris Lamb <chris@chris-lamb.co.uk>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12521
Pair-Programmed-With: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Andreas Schneider <asn@samba.org>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Since Windows Server 2008 Microsoft uses a different port range for RPC
services. Before it was 1024-65535 and they changed it to 49152-65535.
We should use the same range as these are the ports the firewall in AD
networks normally allow.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12521
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Thu Apr 24 13:39:10 CEST 2014 on sn-devel-104
This removes the useless static auth_anonymous_session_info() wrapper.
auth_anonymous_session_info() is also a public function in source4.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
DCE/RPC PDUs are currently unmarshalled firstly by the generic librpc
dcerpc_read_ncacn_packet_[send/recv] functions, and subsequently a
second time by the source3 rpc_server, which ignores the unmarshalled
packet and re-parses the receive buffer.
Signed-off-by: David Disseldorp <ddiss@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Wed Dec 11 22:24:31 CET 2013 on sn-devel-104
We would leak a socket 0 here
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Mon Aug 19 03:10:51 CEST 2013 on sn-devel-104
This codepath would only be executed if we provided a partial session_info token
across the named pipe forwarding code.
The smbd file server always fills this in, and if the ntvfs file server ever
wants to use an smbd hosted pipe, it can do the same. Calling create_local_token
is always the wrong thing to do.
Andrew Bartlett
Change some misleading variable names to reflect the actual function.
Add missing field name/types previously marked as unkown.
Signed-off-by: Günther Deschner <gd@samba.org>
Autobuild-User: Günther Deschner <gd@samba.org>
Autobuild-Date: Mon Oct 24 19:19:28 CEST 2011 on sn-devel-104
The create_pipe_sock() function should only create the socket as the
name states and not start to listen on it too. We should start to listen
on in the individual places as we need different backlog values.
Autobuild-User: Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date: Mon Aug 29 13:21:43 CEST 2011 on sn-devel-104
Wtith this set of helper functions we make it easy to configure if we want to
use an embedded rpc server, or if we want to fork one. Or even just disable it
and let a third party server be used when the service is configured as
"external".
Signed-off-by: Andreas Schneider <asn@samba.org>
Signed-off-by: Simo Sorce <idra@samba.org>
We need for named pipes we need to send each fragment on its own to be a
message.
Signed-off-by: Simo Sorce <idra@samba.org>
Autobuild-User: Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date: Tue Aug 9 11:55:18 CEST 2011 on sn-devel-104
Rather than passing this value around the callers, and eventually
setting it in register_existing_vuid(), we simply pass it to
create_local_token(). This also removes the need for
auth_ntlmssp_get_username().
Andrew Bartlett
Signed-off-by: Andrew Tridgell <tridge@samba.org>
msg_ctx was already passed to make_base_pipes_struct,
no need to set it again.
Autobuild-User: Simo Sorce <idra@samba.org>
Autobuild-Date: Fri Jul 22 00:47:28 CEST 2011 on sn-devel-104
Avoid code duplication and fix bug where a new pipe was not added to
InternalPipes upon creation in make_server_pipes_struct()
Signed-off-by: Andreas Schneider <asn@samba.org>
Autobuild-User: Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date: Thu Jul 21 19:50:02 CEST 2011 on sn-devel-104
This is not required any more now that they are the same structure,
and shows the value in having a common structure across the codebase.
In particular, now any additional state that needs to be added to the
auth_session_info will be transparently available across the named
pipe proxy, without a need to modify the mapping layer.
Andrew Bartlett
Signed-off-by: Andrew Tridgell <tridge@samba.org>
This patch finally has the same structure being used to describe the
authorization data of a user across the whole codebase.
This will allow of our session handling to be accomplished with common code.
Andrew Bartlett
Signed-off-by: Andrew Tridgell <tridge@samba.org>
This makes auth3_session_info identical to auth_session_info
The logic to convert the info3 to a struct auth_user_info is
essentially moved up the stack from the named pipe proxy in
source3/rpc_server to create_local_token().
Andrew Bartlett
Signed-off-by: Andrew Tridgell <tridge@samba.org>
This ensures that the exact same token is used on both sides of the
pipe, when a full token is passed (ie, source3 to source3, but not yet
source4 to to source3 as the unix info isn't calculated there yet).
If we do not have unix_token, we fall back to the old behaviour and go
via create_local_token(). (However, in this case the security_token
is now overwritten, as it is better to have it match the rest of the
session_info create_local_token() builds).
Andrew Bartlett
Signed-off-by: Andrew Tridgell <tridge@samba.org>
This seperation between the structure used inside the auth modules and
in the wider codebase allows for a gradual migration from struct
auth_serversupplied_info -> struct auth_session_info (from auth.idl)
The idea here is that we keep a clear seperation between the structure
before and after the local groups, local user lookup and the session
key modifications have been processed, as the lack of this seperation
has caused issues in the past.
Andrew Bartlett
Signed-off-by: Andrew Tridgell <tridge@samba.org>
