samba-mirror

mirror of https://github.com/samba-team/samba.git synced 2025-01-25 06:04:04 +03:00

Author	SHA1	Message	Date
Stefan Metzmacher	a70f528949	s4:rpc_server: ignore CO_CANCEL and ORPHANED PDUs Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Günther Deschner <gd@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>	2016-10-26 11:20:17 +02:00
Stefan Metzmacher	b4345f232b	s4:rpc_server: list all connection oriented pdu types explicitly See DCE-RPC-1.1.pdf Section 12.6 Connection-oriented RPC PDUs Page 588. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>	2016-10-26 11:20:17 +02:00
Stefan Metzmacher	2e09c0fb1e	s4:selftest: run some tests with "packet" Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Günther Deschner <gd@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>	2016-10-26 11:20:17 +02:00
Günther Deschner	36f90c8f13	s4:librpc/rpc: add support for DCERPC_AUTH_LEVEL_PACKET Pair-Programmed-With: Stefan Metzmacher <metze@samba.org> Signed-off-by: Guenther Deschner <gd@samba.org> Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>	2016-10-26 11:20:16 +02:00
Günther Deschner	b72d3f0ba5	s4-torture: test support for [packet] binding string option. Guenther Signed-off-by: Guenther Deschner <gd@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>	2016-10-26 11:20:16 +02:00
Stefan Metzmacher	1a46ff2a0f	s4:rpc_server: convert dcesrv_auth_response() into a generic dcesrv_auth_pkt_push() Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>	2016-10-26 11:20:16 +02:00
Stefan Metzmacher	bc73cd97ee	s4:rpc_server: make use of dcerpc_ncacn_push_pkt_auth() in dcesrv_auth_response() Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>	2016-10-26 11:20:16 +02:00
Stefan Metzmacher	2e8c496ef5	s4:rpc_server: convert dcesrv_auth_request() into a generic dcesrv_auth_pkt_pull() Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>	2016-10-26 11:20:16 +02:00
Stefan Metzmacher	cb94ec8424	s4:rpc_server: make use of dcerpc_ncacn_pull_pkt_auth() in dcesrv_auth_request() Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>	2016-10-26 11:20:16 +02:00
Stefan Metzmacher	daf6b8c01b	s4:librpc/rpc: make use of dcerpc_ncacn_push_pkt_auth() in ncacn_push_request_sign() Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>	2016-10-26 11:20:15 +02:00
Stefan Metzmacher	4e3823ae04	s4:librpc/rpc: convert ncacn_pull_request_auth() into a generic ncacn_pull_pkt_auth() Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>	2016-10-26 11:20:15 +02:00
Stefan Metzmacher	791186d824	s4:librpc/rpc: make use of dcerpc_ncacn_pull_pkt_auth() in ncacn_pull_request_auth() Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>	2016-10-26 11:20:15 +02:00
Stefan Metzmacher	fe5b462a76	s4:rpc_server: implement bind time feature negotiation For now we don't really support any negotiated features. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>	2016-10-26 11:20:14 +02:00
Stefan Metzmacher	1edf3d89c4	s4:rpc_server: process all provided presentation contexts We should respond with an explicit result for each presentation context, while we also accept one new context per BIND/ALTER_CONTEXT. For now we still only support NDR32, but adding NDR64 should be fairly easy now. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>	2016-10-26 11:20:14 +02:00
Stefan Metzmacher	450e00a8a7	s4:rpc_server: it's not a protocol error to do an alter context with an unknown transfer syntax Windows 2012R2 only returns a protocol error if the client wants to change between supported transfer syntaxes, e.g. from NDR32 to NDR64. If the proposed transfer syntax is not known to the server, the request will be silently ignored. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>	2016-10-26 11:20:14 +02:00
Stefan Metzmacher	3d179d86fa	s4:rpc_server: split out a dcesrv_check_or_create_context() function Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>	2016-10-26 11:20:14 +02:00
Stefan Metzmacher	ae7e7bd1b7	s4:rpc_server: use call->conn instead of call->context->conn It's the same, but call->context might be NULL in future. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Günther Deschner <gd@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>	2016-10-26 11:20:14 +02:00
Stefan Metzmacher	0955218b57	s4:rpc_server: move dcesrv_alter_resp Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Günther Deschner <gd@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>	2016-10-26 11:20:14 +02:00
Stefan Metzmacher	2464325358	s4:rpc_server: add DCERPC_AUTH_LEVEL_PACKET support This is basically an alias for DCERPC_AUTH_LEVEL_INTEGRITY in the context of connection oriented DCERPC. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Günther Deschner <gd@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>	2016-10-26 11:20:14 +02:00
Stefan Metzmacher	05fd543a78	s4:rpc_server: check the auth_pad_length overflow before calling gensec_[check,unseal]_packet() Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Günther Deschner <gd@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>	2016-10-26 11:20:14 +02:00
Stefan Metzmacher	c5dec0e41c	s4:rpc_server: let dcesrv_auth_request() set a fault_code gensec_check_packet() and gensec_unseal_packet() failures should generate DCERPC_FAULT_SEC_PKG_ERROR. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Günther Deschner <gd@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>	2016-10-26 11:20:14 +02:00
Stefan Metzmacher	f33e4a70d7	s4:rpc_server: set the full DCERPC_BIND_NAK_REASON_* in dcesrv_bind() This is required in order to support DCERPC_BIND_NAK_REASON_INVALID_AUTH_TYPE vs. DCERPC_BIND_NAK_REASON_INVALID_CHECKSUM. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Günther Deschner <gd@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>	2016-10-26 11:20:14 +02:00
Stefan Metzmacher	0ef4911d95	s4:rpc_server: set DCERPC_PFC_FLAG_DID_NOT_EXECUTE for DCERPC_FAULT_OP_RNG_ERROR Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Günther Deschner <gd@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>	2016-10-26 11:20:14 +02:00
Stefan Metzmacher	0271fdaabe	s4:rpc_server: a fault with UNKNOWN_IF should have DID_NOT_EXECUTE set Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Günther Deschner <gd@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>	2016-10-26 11:20:13 +02:00
Stefan Metzmacher	6917a1c28f	s4:librpc/rpc: implement bind_time_feature negotiation Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Günther Deschner <gd@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>	2016-10-26 11:20:13 +02:00
Stefan Metzmacher	3d51359c86	s4:librpc/rpc: force printing in dcerpc_bh_do_ndr_print() log level >= 11 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Günther Deschner <gd@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>	2016-10-26 11:20:13 +02:00
Stefan Metzmacher	10e97240ef	s4:librpc/rpc: make use of dcerpc_pull_ncacn_packet() Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Günther Deschner <gd@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>	2016-10-26 11:20:13 +02:00
Stefan Metzmacher	071fe8d50f	s4:rpc_server: skip setting of dcerpc_request._pad This is marked as [flag(NDR_ALIGN8)] DATA_BLOB _pad; and ndr_push_dcerpc_request() will just ignore the content and align to 8 bytes with zero padding. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>	2016-10-26 11:20:13 +02:00
Stefan Metzmacher	4464896167	dcerpc.idl: split the padding from a possible fault buffer in dcerpc_fault The 4 bytes of padding are always present and part of the header. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Günther Deschner <gd@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>	2016-10-26 11:20:12 +02:00
Stefan Metzmacher	3a0b835408	s4:ldap_server: don't use gensec_want_feature(gensec_security, GENSEC_FEATURE_{SIGN,SEAL}) as server They're always supported and using gensec_want_feature() on them would require them in future. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Günther Deschner <gd@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>	2016-10-26 11:20:12 +02:00
Stefan Metzmacher	f0afefefe4	s4:gensec_gssapi: pass gss_got_flags to gssapi_get_sig_size() We need to calculate the signature length based on the negotiated flags. This is most important on the server side where, gss_accept_sec_context() doesn't get gss_want_flags, but fills gss_got_flags. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Günther Deschner <gd@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>	2016-10-26 11:20:12 +02:00
Stefan Metzmacher	cca980eb51	s4:gensec_krb5: also report support for GENSEC_FEATURE_SIGN as krb5_mk_priv() provides sign and seal Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Günther Deschner <gd@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>	2016-10-26 11:20:12 +02:00
Matthieu Patou	754672ce76	s4:librpc/rpc: do not use stack allocated variables for async requests Signed-off-by: Matthieu Patou <mat@matws.net> Reviewed-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>	2016-10-26 11:20:12 +02:00
Volker Lendecke	beda6d3d48	torture: Fix uninitialized variables Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> Autobuild-User(master): Jeremy Allison <jra@samba.org> Autobuild-Date(master): Thu Oct 20 02:48:30 CEST 2016 on sn-devel-144	2016-10-20 02:48:30 +02:00
Volker Lendecke	7d9f18f3f3	torture: Fix clang errors h1.data is an array and as such always is != NULL, so it's always true Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org> Autobuild-User(master): Jeremy Allison <jra@samba.org> Autobuild-Date(master): Wed Oct 19 05:11:25 CEST 2016 on sn-devel-144	2016-10-19 05:11:25 +02:00
Volker Lendecke	978c3792b5	messaging: Fix CID 1373625 Unused value Hmm. I wonder how that cut&paste happened... Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>	2016-10-14 21:45:08 +02:00
Volker Lendecke	2a245512b8	messaging: add an overflow check Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>	2016-10-13 00:40:26 +02:00
Stefan Metzmacher	2abc3710a8	HEIMDAL:lib/krb5: destroy a memory ccache on reinit BUG: https://bugzilla.samba.org/show_bug.cgi?id=12369 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Günther Deschner <gd@samba.org> Reviewed-by: Uri Simchoni <uri@samba.org>	2016-10-12 20:54:08 +02:00
David Disseldorp	f6f6263f1f	torture/ioctl: test compression responses when unsupported Confirm that Samba matches Windows Server 2016 ReFS behaviour here. Bug: https://bugzilla.samba.org/show_bug.cgi?id=12144 Reported-by: Nick Barrett Signed-off-by: David Disseldorp <ddiss@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> Autobuild-User(master): Jeremy Allison <jra@samba.org> Autobuild-Date(master): Thu Oct 6 06:14:34 CEST 2016 on sn-devel-144	2016-10-06 06:14:34 +02:00
Volker Lendecke	fdc52abbf4	messaging4: Postpone messages to the right tevent context Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>	2016-10-05 00:06:23 +02:00
Volker Lendecke	85c41375fd	messages_dgm_ref: Pass receiving "ev" to recv_cb Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>	2016-10-05 00:06:22 +02:00
Volker Lendecke	f9a84411e8	messaging: add an overflow test Send 1000 messages without picking them up. Then destroy the sending messaging context. Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>	2016-10-05 00:06:22 +02:00
Volker Lendecke	85221cd882	messaging4: Fix signed/unsigned hickups Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>	2016-10-05 00:06:21 +02:00
Noel Power	ebfe3c85d0	Add a blackbox tests for id & getent to test domain@realm type credentials Using domain@realm credentials has been problematic when global conf setting "winbind use default domain" is enabled, this patch creates a new s4member_dflt_domain environment (where "winbind use default domain" is enabled) and runs getent & id against the normal s4member & and new s4member_dflt_domain environments BUG: https://bugzilla.samba.org/show_bug.cgi?id=12298 Signed-off-by: Noel Power <noel.power@suse.com> Reviewed-by: Jeremy Allison <jra@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>	2016-10-03 19:49:19 +02:00
Uri Simchoni	3f1f6e03cd	heimdal: revert 1f90983324b9f5804dc57f87c5f7695b0e53db8d A different version has gone upstream, fixing the problem elsewhere. Signed-off-by: Uri Simchoni <uri@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Autobuild-User(master): Uri Simchoni <uri@samba.org> Autobuild-Date(master): Mon Oct 3 11:12:29 CEST 2016 on sn-devel-144	2016-10-03 11:12:29 +02:00
Uri Simchoni	0b61d9e02e	heimdal-lib/krb5: keep a copy of config etypes in the context When reading configuration file, keep an extra copy of the encryption types, and use this when resetting the encryption types to default. GSSAPI always resets the enctypes to default before obtaining a TGS, because the enctypes might have previously altered, so this prevents changing the etypes from the configured ones to the full set of supported etypes. The same patch has gone into upstream heimdal as commit a3bece1. It is a different solution to the problem fixed here by commit 1f90983, so this commit will be reverted next to keep compatibility with uptream. Signed-off-by: Uri Simchoni <uri@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>	2016-10-03 07:27:13 +02:00
Günther Deschner	f85b233a3e	s4-kdc: Fix Coverity ID #1373385 (OVERRUN) Guenther Pair-Programmed-With: Volker Lendecke <vl@samba.org> Pair-Programmed-With: Andreas Schneider <asn@samba.org> Signed-off-by: Guenther Deschner <gd@samba.org> Signed-off-by: Andreas Schneider <asn@samba.org> Signed-off-by: Volker Lendecke <vl@samba.org> Autobuild-User(master): Günther Deschner <gd@samba.org> Autobuild-Date(master): Thu Sep 29 22:16:52 CEST 2016 on sn-devel-144	2016-09-29 22:16:52 +02:00
Günther Deschner	9ad014ea4f	s4-kdc: Fix Coverity ID #1373386 (Resource Leak) Guenther Pair-Programmed-With: Volker Lendecke <vl@samba.org> Signed-off-by: Guenther Deschner <gd@samba.org>	2016-09-29 18:30:18 +02:00
Andreas Schneider	28eae08ef7	gensec_krb5: Implement smb_krb5_rd_req_decoded() with MIT Kerberos Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Guenther Deschner <gd@samba.org> Autobuild-User(master): Günther Deschner <gd@samba.org> Autobuild-Date(master): Thu Sep 29 11:56:41 CEST 2016 on sn-devel-144	2016-09-29 11:56:41 +02:00
Andreas Schneider	64b2b0dacd	gensec_krb5: Create a MIT Kerberos gensec_krb5_session_info() Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Guenther Deschner <gd@samba.org>	2016-09-29 08:02:18 +02:00

1 2 3 4 5 ...

33317 Commits