1
0
mirror of https://github.com/samba-team/samba.git synced 2024-12-23 17:34:34 +03:00
Commit Graph

5153 Commits

Author SHA1 Message Date
Stefan Metzmacher
7c8a7e8a15 librpc/dcesrv_core: move two rpcint_dispatch() copies into dcesrv_call_dispatch_local()
We only need this function once, so that we need to fix bugs only once...

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14551

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Samuel Cabrero <scabrero@samba.org>
2020-10-23 16:02:37 +00:00
Björn Jacke
38391ccc5d printing/spoolss: add ARM64 support
Signed-off-by: Bjoern Jacke <bjacke@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2020-10-17 09:22:31 +00:00
Björn Jacke
62c514c29c printing: move archi_table declarations into nt_printing.h
Signed-off-by: Bjoern Jacke <bjacke@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2020-10-17 09:22:31 +00:00
Gary Lockyer
b9b6abf18b CVE-2020-1472(ZeroLogon): rpc_server/netlogon: Fix confounder check
Add check for zero length confounder, to allow setting of passwords 512
bytes long. This does not need to be backported, as it is extremely
unlikely that anyone is using 512 byte passwords.

Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2020-10-16 04:45:40 +00:00
Volker Lendecke
dfc870b6cd mdssvc: Slightly simplify dalloc_size()
talloc_get_size() and thus talloc_array_length() deals fine with a
NULL pointer

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2020-10-02 21:30:33 +00:00
Ralph Boehme
322574834f vfs: remove dirfsp arg from SMB_VFS_CREATE_FILE()
This was supposed to be a shortcut to avoid passing dirfsp around as an explicit
function argument throughout the whole codebase when the new VFS design idea was
based on using *AT functions throughout the VFS.

Now that we've opted for basing the VFS on handles and *AT functions will only
be used in a much more limitted extent, it makes sense to remove this internal
dirfsp reference, otherwise the combination of internal fsp->dirfsp and
smb_fname->fsp is going to be a tough to wrap your head around.

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Fri Oct  2 21:00:05 UTC 2020 on sn-devel-184
2020-10-02 21:00:05 +00:00
Jeremy Allison
ff4e8b2c84 s3: smbd: All callers to filename_convert() pass in NULL for the 'bool *ppath_contains_wcard' parameter.
Remove it.

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
2020-09-30 20:46:42 +00:00
Volker Lendecke
2c04e9a6f2 spoolss: Align some integer types
SPOOLSS_NOTIFY_MSG_CTR->num_groups is defined as uint32_t

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2020-09-30 15:58:38 +00:00
Volker Lendecke
44fd74476d spoolss: Align some integer types
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2020-09-30 15:58:38 +00:00
Günther Deschner
b8e4b0f430 CVE-2020-1472(ZeroLogon): s3:rpc_server/netlogon: log warnings about unsecure configurations
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14497

Pair-Programmed-With: Stefan Metzmacher <metze@samba.org>

Signed-off-by: Günther Deschner <gd@samba.org>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
2020-09-18 12:48:39 +00:00
Günther Deschner
b74017d2dd CVE-2020-1472(ZeroLogon): s3:rpc_server/netlogon: support "server require schannel:WORKSTATION$ = no"
This allows to add expections for individual workstations, when using "server schannel = yes".
"server schannel = auto" is very insecure and will be removed soon.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14497

Pair-Programmed-With: Stefan Metzmacher <metze@samba.org>

Signed-off-by: Günther Deschner <gd@samba.org>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
2020-09-18 12:48:39 +00:00
Günther Deschner
9ef5b63e7a CVE-2020-1472(ZeroLogon): s3:rpc_server/netlogon: refactor dcesrv_netr_creds_server_step_check()
We should debug more details about the failing request.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14497

Pair-Programmed-With: Stefan Metzmacher <metze@samba.org>

Signed-off-by: Günther Deschner <gd@samba.org>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
2020-09-18 12:48:39 +00:00
Jeremy Allison
82d41977a8 CVE-2020-1472(ZeroLogon): s3:rpc_server/netlogon: protect netr_ServerPasswordSet2 against unencrypted passwords
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14497

Pair-Programmed-With: Stefan Metzmacher <metze@samba.org>

Signed-off-by: Jeremy Allison <jra@samba.org>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
2020-09-18 12:48:38 +00:00
Jeremy Allison
9ec8b59bde CVE-2020-1472(ZeroLogon): s3:rpc_server/netlogon: Fix mem leak onto p->mem_ctx in error path of _netr_ServerPasswordSet2().
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14497

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
2020-09-18 12:48:38 +00:00
Stefan Metzmacher
caba2d8082 CVE-2020-1472(ZeroLogon): s3:rpc_server:netlogon: make use of netlogon_creds_random_challenge()
This is not strictly needed, but makes things more clear.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14497

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
2020-09-18 12:48:38 +00:00
Björn Jacke
7651c02681 srv_spoolss_nt.c: fix wrong value in debug message
Signed-off-by: Bjoern Jacke <bjacke@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2020-09-18 00:35:40 +00:00
Matthew DeVore
c2ac923c6a s3: safe_string: do not include string_wrappers.h
Rather than have safe_string.h #include string_wrappers.h, make users of
string_wrappers.h include it explicitly.

includes.h now no longer includes string_wrappers.h transitively. Still
allow includes.h to #include safe_string.h for now so that as many
modules as possible get the safety checks in it.

Signed-off-by: Matthew DeVore <matvore@google.com>
Reviewed-by: David Mulder <dmulder@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2020-08-28 00:56:34 +00:00
Andreas Schneider
ba04151a01 s3:libsmb: Remove signing_state from cli_full_connection_creds()
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2020-08-19 16:22:42 +00:00
Andreas Schneider
c58a301c27 s3:libsmb: Introduce CLI_FULL_CONNECTION_IPC
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2020-08-19 16:22:41 +00:00
Andrew Bartlett
d4a9e882f6 Revert "build: fix the coverage build"
This reverts commit 3e072b3fb7.

This is no longer required now that --noline is set globally
and that is a much nicer solution.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2020-08-07 03:23:44 +00:00
Ralph Boehme
2327471756 lib: relicense smb_strtoul(l) under LGPLv3
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Swen Schillig <swen@linux.ibm.com>
Reviewed-by: Volker Lendecke <vl@samba.org>

Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Mon Aug  3 22:21:04 UTC 2020 on sn-devel-184
2020-08-03 22:21:02 +00:00
Andreas Schneider
9b34cee610 s3:rpc_server: Check return code of set_blocking()
Found by Coverity.

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Isaac Boukris <iboukris@samba.org>
2020-06-16 09:08:34 +00:00
Andreas Schneider
c57276cae6 s3:samr: Add missing NULL pointer check
Found by Coverity.

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Isaac Boukris <iboukris@samba.org>
2020-06-16 09:08:34 +00:00
Andreas Schneider
6114a4a59b s3:rpc_server: Pass a pointer to add_filemeta()
Review with: git show -U10

Found by cppcheck.

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Isaac Boukris <iboukris@samba.org>
2020-06-16 09:08:33 +00:00
David Disseldorp
1ded80ae6f s3/rpc_server: remove unnecessary srv_fss_agent.h header
The srv_fssa_start() / _cleanup() functions are called via the
DCESRV_INTERFACE_FILESERVERVSSAGENT_INIT / SHUTDOWN_SERVER hooks,
so needn't be public.

Signed-off-by: David Disseldorp <ddiss@samba.org>
Reviewed-by: Reviewed-by: Samuel Cabrero <scabrero@samba.org>

Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Wed Jun  3 03:57:12 UTC 2020 on sn-devel-184
2020-06-03 03:57:12 +00:00
Stefan Metzmacher
f563d0098b s3:rpc_server/spoolss: make use of cli_credentials_init_anon()
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2020-05-28 06:43:38 +00:00
Samuel Cabrero
6edcf6801d s3: rpc_server: Avoid casts calling to find_policy_by_hnd()
Signed-off-by: Samuel Cabrero <scabrero@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2020-05-24 23:55:37 +00:00
Samuel Cabrero
10cea64e4c s3: rpc_server: Remove dead code
Signed-off-by: Samuel Cabrero <scabrero@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2020-05-24 23:55:37 +00:00
Samuel Cabrero
70fa7e817e s3: rpc_server: Drop s3 rpc handles implementation
Signed-off-by: Samuel Cabrero <scabrero@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2020-05-24 23:55:37 +00:00
Samuel Cabrero
f98b3b6f10 pidl: Set dce_call in pipes_struct before dispatching call
Signed-off-by: Samuel Cabrero <scabrero@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2020-05-24 23:55:37 +00:00
Samuel Cabrero
be024932ef s3: rpc_server: Remove SAMR specific policy_handle_find() function
The generic function already checks the handle type.

Signed-off-by: Samuel Cabrero <scabrero@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2020-05-24 23:55:36 +00:00
Samuel Cabrero
7273b4bcc7 s3: rpc_server: Move SAMR handle based access check to a wrapper function
Now that the type associated to the handle is the same for all handle
types we can wrap the access check.

Signed-off-by: Samuel Cabrero <scabrero@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2020-05-24 23:55:36 +00:00
Samuel Cabrero
2bde40762a s3: rpc_server: Remove SAMR specific policy_handle_create() function
Now that we pass the handle type to the generic handle creation and find
functions we can drop the specific SAMR ones.

The policy_handle_create() function labeled the talloc chunk used to
allocate the handle's associated data, and the policy_handle_find() is
checking the name matches with the expected data. The check is performed
now by the generic functions based on the handle type so we can drop
these SAMR specific functions.

Signed-off-by: Samuel Cabrero <scabrero@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2020-05-24 23:55:36 +00:00
Samuel Cabrero
da9749acb3 s3: rpc_server: pass DCE/RPC handle type to find_policy_handle
Following changes in commit c7a4578d06
pass the handle type to the handle search functions. The handle type will
be verified unless passing DCESRV_HANDLE_ANY to find functions.

Signed-off-by: Samuel Cabrero <scabrero@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2020-05-24 23:55:36 +00:00
Samuel Cabrero
711ca4fab5 s3: rpc_server: Strip out access check field from s3 handles implementation
The handle based security model is a SAMR specific feature. The access
granted is stored in the handle's associated data after creating it and
the access is verified after searching the handle.

Signed-off-by: Samuel Cabrero <scabrero@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2020-05-24 23:55:36 +00:00
Ralph Boehme
44cd415921 smbd: add dirfsp arg to SMB_VFS_CREATE_FILE()
As create_file_default() still need to be updated in the future to replace the
SMB_VFS_STAT() calls with AT-based versions, it asserts (dirfsp ==
dirfsp->conn->cwd_fsp).

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2020-05-21 05:23:31 +00:00
Volker Lendecke
01db877c77 srvsvc: Move brl_get_locks() out of enum_file_fn()
With share_infos.tdb this is a locking order violation:
share_infos.tdb is level 4, brlock.tdb is level 2. Avoid this by first
walking the share_infos.tdb and then fetching all the brlock entries.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=14355

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>

Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Thu May 14 22:06:32 UTC 2020 on sn-devel-184
2020-05-14 22:06:32 +00:00
Volker Lendecke
46ab1d478d srvsvc: Collect file ids in enum_file_fn()
Will be used a few patches down

Bug: https://bugzilla.samba.org/show_bug.cgi?id=14355

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2020-05-14 20:29:38 +00:00
Volker Lendecke
bda0b3875d srvsvc: Use a struct initializer in net_enum_files()
Bug: https://bugzilla.samba.org/show_bug.cgi?id=14355

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2020-05-14 20:29:38 +00:00
Volker Lendecke
96d68bb9f2 srvsvc: Directly use "ctr3->count" instead of "i"
To me this was not very transparent, and now that we have "ctr3" a
single indirect looks okay

Bug: https://bugzilla.samba.org/show_bug.cgi?id=14355

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2020-05-14 20:29:38 +00:00
Volker Lendecke
ff80f68c30 srvsvc: Use a struct assignment in enum_file_fn()
Looks nicer than 5 complex array references...

Bug: https://bugzilla.samba.org/show_bug.cgi?id=14355

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2020-05-14 20:29:38 +00:00
Volker Lendecke
a9397f8788 srvsvc: Introduce ctx3 helper var in enum_file_fn()
Bug: https://bugzilla.samba.org/show_bug.cgi?id=14355

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2020-05-14 20:29:38 +00:00
Ralph Boehme
7215669d29 vfs: remove root_dir_fid arg from SMB_VFS_CREATE_FILE()
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Thu May 14 19:43:27 UTC 2020 on sn-devel-184
2020-05-14 19:43:27 +00:00
Jeremy Allison
88fbfe6a7c s3: smbd: Change SMB_VFS_GET_NT_ACL() -> SMB_VFS_GET_NT_ACL_AT() in get_nt_acl_no_snum().
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
2020-05-07 19:27:36 +00:00
Jeremy Allison
14df5d20a8 s3: RPC: Don't crash on trying to talloc_free(-1) if smb_iconv_open_ex() fails.
Assign output from smb_iconv_open_ex() to a temporary
handle. Only assign to mds_ctx->[handles] if correctly
opened otherwise we end up trying to call smb_iconv_close(-1).

MacOSX Catalina triggers this.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14372

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>

Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Thu May  7 18:03:16 UTC 2020 on sn-devel-184
2020-05-07 18:03:16 +00:00
Ralph Boehme
1e5164afaf smbd: pass twrp as NTTIME to filename_convert() and all the way down to canonicalize_snapshot_path()
Also pass by value rather then by reference.

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2020-05-05 19:18:40 +00:00
Ralph Boehme
b74653f2cd smbd: add twrp arg to synthetic_smb_fname()
Most places take twrp from a local struct smb_filename variable that the
function is working on. Some don't for various reasons:

o synthetic_smb_fname_split() is only called in very few places where we don't
  expect twrp paths

o implementations of SMB_VFS_GETWD(), SMB_VFS_FS_CAPABILITIES() and
  SMB_VFS_REALPATH() return the systems view of cwd and realpath without twrp info

o VFS modules implementing previous-versions support (vfs_ceph_snapshots,
  vfs_shadow_copy2, vfs_snapper) synthesize raw paths that are passed to VFS NEXT
  functions and therefor do not use twrp

o vfs_fruit: macOS doesn't support VSS

o vfs_recycle: in recycle_create_dir() we need a raw OS path to create a directory

o vfs_virusfilter: a few places where we need raw OS paths

o vfs_xattr_tdb: needs a raw OS path for SMB_VFS_NEXT_STAT()

o printing and rpc server: don't support VSS

o vfs_default_durable_reconnect: no Durable Handles on VSS handles, this might
  be enhances in the future. No idea if Windows supports this.

o get_real_filename_full_scan: hm.... FIXME??

o get_original_lcomp: working on a raw path

o msdfs: doesn't support VSS

o vfs_get_ntquota: synthesizes an smb_filename from ".", so doesn't support VSS
  even though VFS modules implement it

o fd_open: conn_rootdir_fname is a raw path

o msg_file_was_renamed: obvious

o open_np_file: pipes don't support VSS

o Python bindings: get's a raw path from the caller

o set_conn_connectpath: raw path

o set_conn_connectpath: raw path

o torture: gets raw paths from the caller

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2020-05-05 19:18:40 +00:00
Ralph Boehme
b9af0ecb3a s3/rpc_server: fss: realign synthetic_smb_fname() args in snap_path_exists()
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2020-05-05 19:18:39 +00:00
Volker Lendecke
abae5889d9 rpc_server3: Align integer types
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
2020-05-05 11:48:38 +00:00
Jeremy Allison
d7f4bb57f2 s3: smbd: Cleanup - move the function get_nt_acl_no_snum() to it's user module.
Make static. It was only called from one place.

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
2020-04-30 07:33:41 +00:00
Alexander Bokovoy
3be17c891b s3 rpc server: set on-wire handle type explicitly
Since wire_handle.handle_type is uint32_t, we can simply assign uint8_t
handle type to it without using SIVAL() macros. Further unify with s4
RPC server code flow.

Fixes CID 1462616
>>> CID 1462616:    (CONSTANT_EXPRESSION_RESULT)
>>> "(uint32_t)handle_type >> 16" is 0 regardless of the values of its operands. This occurs as a value.
284             SIVAL(&rpc_hnd->wire_handle.handle_type, 0 , handle_type);

Signed-off-by: Alexander Bokovoy <ab@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>

Autobuild-User(master): Alexander Bokovoy <ab@samba.org>
Autobuild-Date(master): Thu Apr 30 07:09:55 UTC 2020 on sn-devel-184
2020-04-30 07:09:55 +00:00
Alexander Bokovoy
c7a4578d06 s3: pass DCE RPC handle type to create_policy_hnd
Various RPC services expect policy handles of a specific type.

s3 RPC server did not allow to create policy handles with a specific
type while actually requiring that policy handle type itself in some
places.

Make sure we are able to specify the policy on-wire handle type when
creating the policy handle. The changes follow s4 DCE RPC server
implementation.

The original logic to always set on-wire handle type to 0 can be tracked
down to commit fdeea341ed when we didn't
really know about differences in on-wire handle types.

All but LSA trusted domain RPC calls do not check the on-wire handle
type in s3 RPC server.

Fixes trusted domain operations when Samba RPC client attempts to call
s3 RPC server to perform lsa_lsaRSetForestTrustInformation in FreeIPA.
This fix is a pre-requisite for FreeIPA-FreeIPA forest trust.

Signed-off-by: Alexander Bokovoy <ab@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Tue Apr 28 22:55:29 UTC 2020 on sn-devel-184
2020-04-28 22:55:29 +00:00
Samuel Cabrero
03f79a3bd7 s3:rpc_server: Improve local dispatching
Craft core structures to dispatch local calls in the same way as remote
ones, removing the special handling in the autogenerated code.

This is also necessary to drop s3 rpc handles implementation.

Signed-off-by: Samuel Cabrero <scabrero@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Wed Apr  8 22:23:05 UTC 2020 on sn-devel-184
2020-04-08 22:23:05 +00:00
Samuel Cabrero
2558c15beb s3:rpc_server: Fix talloc_free() with references error on server exit
Fixes talloc_free() with references when smbd exists and talloc_free the
global dcesrv context:

ERROR: talloc_free with references at ../../source3/rpc_server/rpc_config.c:73
	reference at ../../source3/rpc_server/rpc_server.c:193
	reference at ../../source3/rpc_server/rpc_server.c:592
	...

The talloc_reference to make the dcerpc_ncacn_listen_state a parent of
the dcesrv context is not necessary as the listen state is allocated
under the endpoint, which is allocated under the dcesrv context:

full talloc report on 'struct dcesrv_context' (total  12298 bytes in 188 blocks)
    ...
    struct dcesrv_endpoint         contains    691 bytes in  11 blocks (ref 0) 0x55ae964d79a0
        struct dcerpc_ncacn_listen_state contains    160 bytes in   2 blocks (ref 0) 0x55ae964fca60
            struct tevent_fd               contains    104 bytes in   1 blocks (ref 0) 0x55ae964f36f0
        struct dcesrv_if_list          contains    128 bytes in   2 blocks (ref 0) 0x55ae964e8a40
            ../../librpc/rpc/dcesrv_core.c:360 contains    104 bytes in   1 blocks (ref 0) 0x55ae964e8ac0
        struct dcesrv_if_list          contains    128 bytes in   2 blocks (ref 0) 0x55ae964e8870
            ../../librpc/rpc/dcesrv_core.c:327 contains    104 bytes in   1 blocks (ref 0) 0x55ae964e8970
        struct dcerpc_binding          contains    108 bytes in   2 blocks (ref 0) 0x55ae964e87a0
            \pipe\lsass                    contains     12 bytes in   1 blocks (ref 0) 0x55ae964e88f0
        struct dcerpc_binding          contains    111 bytes in   2 blocks (ref 0) 0x55ae964e86d0
            \pipe\netlogon                 contains     15 bytes in   1 blocks (ref 0) 0x55ae964e8650
    ...
    struct dcesrv_endpoint         contains   1728 bytes in  27 blocks (ref 0) 0x55ae964e0db0
        struct dcerpc_ncacn_listen_state contains    160 bytes in   2 blocks (ref 0) 0x55ae964fd540
            struct tevent_fd               contains    104 bytes in   1 blocks (ref 0) 0x55ae964f3890
        struct dcesrv_if_list          contains    128 bytes in   2 blocks (ref 0) 0x55ae964fbd70
            ../../librpc/rpc/dcesrv_core.c:360 contains    104 bytes in   1 blocks (ref 0) 0x55ae964f67a0
        struct dcesrv_if_list          contains    128 bytes in   2 blocks (ref 0) 0x55ae964fff60
            ../../librpc/rpc/dcesrv_core.c:360 contains    104 bytes in   1 blocks (ref 0) 0x55ae964f66c0
        struct dcesrv_if_list          contains    128 bytes in   2 blocks (ref 0) 0x55ae964eb8b0
            ../../librpc/rpc/dcesrv_core.c:360 contains    104 bytes in   1 blocks (ref 0) 0x55ae964eba00
        struct dcesrv_if_list          contains    128 bytes in   2 blocks (ref 0) 0x55ae964eb200
            ../../librpc/rpc/dcesrv_core.c:360 contains    104 bytes in   1 blocks (ref 0) 0x55ae964eb350
        struct dcesrv_if_list          contains    128 bytes in   2 blocks (ref 0) 0x55ae964eab70
            ../../librpc/rpc/dcesrv_core.c:360 contains    104 bytes in   1 blocks (ref 0) 0x55ae964eabf0
        struct dcesrv_if_list          contains    128 bytes in   2 blocks (ref 0) 0x55ae964ea360
            ../../librpc/rpc/dcesrv_core.c:360 contains    104 bytes in   1 blocks (ref 0) 0x55ae964ea4b0
        struct dcesrv_if_list          contains    128 bytes in   2 blocks (ref 0) 0x55ae964e9cb0
            ../../librpc/rpc/dcesrv_core.c:360 contains    104 bytes in   1 blocks (ref 0) 0x55ae964e9e00
        struct dcesrv_if_list          contains    128 bytes in   2 blocks (ref 0) 0x55ae964e96a0
            ../../librpc/rpc/dcesrv_core.c:360 contains    104 bytes in   1 blocks (ref 0) 0x55ae964e97f0
        struct dcesrv_if_list          contains    128 bytes in   2 blocks (ref 0) 0x55ae964e8430
            ../../librpc/rpc/dcesrv_core.c:360 contains    104 bytes in   1 blocks (ref 0) 0x55ae964e8580
        struct dcesrv_if_list          contains    128 bytes in   2 blocks (ref 0) 0x55ae964e6250
            ../../librpc/rpc/dcesrv_core.c:360 contains    104 bytes in   1 blocks (ref 0) 0x55ae964e8070
        struct dcesrv_if_list          contains    128 bytes in   2 blocks (ref 0) 0x55ae964e7e50
            ../../librpc/rpc/dcesrv_core.c:327 contains    104 bytes in   1 blocks (ref 0) 0x55ae964e7fa0
        struct dcerpc_binding          contains    104 bytes in   2 blocks (ref 0) 0x55ae964e7ed0
            DEFAULT                        contains      8 bytes in   1 blocks (ref 0) 0x55ae964eaa10
    ....

Signed-off-by: Samuel Cabrero <scabrero@samba.org>
Reviewed-by: Andrew Bartlet <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>

Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Wed Apr  1 10:28:43 UTC 2020 on sn-devel-184
2020-04-01 10:28:43 +00:00
Samuel Cabrero
9496e0523e s3:rpc_server: Remove dead code
Signed-off-by: Samuel Cabrero <scabrero@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

Autobuild-User(master): Samuel Cabrero <scabrero@samba.org>
Autobuild-Date(master): Fri Mar 20 17:11:28 UTC 2020 on sn-devel-184
2020-03-20 17:11:28 +00:00
Samuel Cabrero
93224d4184 s3:rpc_server: Remove unused RPC module init and shutdown callbacks
The setup function registers the endpoint server and RPC core routines
initialize and shutdown it.

Signed-off-by: Samuel Cabrero <scabrero@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2020-03-20 15:36:36 +00:00
Samuel Cabrero
e8e4ecfb8b s3:rpc_server: Do not generate and build s3 RPC server code
Signed-off-by: Samuel Cabrero <scabrero@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2020-03-20 15:36:36 +00:00
Samuel Cabrero
4c09839ec9 s3:rpc_server: Do not include s3 autogenerated headers
Prototype is generated by the server compat parser.

Signed-off-by: Samuel Cabrero <scabrero@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2020-03-20 15:36:36 +00:00
Samuel Cabrero
f6d41e5b44 s3:rpc_server: Remove api_struct
Signed-off-by: Samuel Cabrero <scabrero@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2020-03-20 15:36:36 +00:00
Samuel Cabrero
d891c2d389 s3:rpc_server: Remove dead code and unused struct members
Signed-off-by: Samuel Cabrero <scabrero@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2020-03-20 15:36:36 +00:00
Samuel Cabrero
04172e966b s3:rpc_server: Remove s3 rpc server loop
Signed-off-by: Samuel Cabrero <scabrero@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2020-03-20 15:36:36 +00:00
Samuel Cabrero
9bdf3ccde6 s3:rpc_server: Switch to core dcerpc server loop
This commit finally switches the RPC server implementation.

At the same we have to do other related changes to keep code compiling
and test environments running.

First avoid moving the session_info into the allocated pipes_struct memory
context as it is owned now by the core RPC server, and the s3compat pidl
compiler will update the pipes_struct session_info before dispatching
the call with dcesrv_call->auth_state->session_info.

Also, fix a segfault in the endpoint mapper daemon when it tries to delete
the endpoints previously registered over a NCALRPC connection.

If we have:

rpc_server : epmapper = external
rpc_server : lsarpc = external
rpc_daemon : epmd = fork
rpc_daemon : lsasd = fork

The sequence is:

* The endpoint mapper starts (start_epmd in source3/smbd/server.c)
* The lsarpc daemon starts (start_lsasd in source3/smbd/server.c)
  * The lsarpc daemon creates the sockets and registers its endpoints
    (rpc_ep_register in source3/rpc_server/lsasd.c)
  * The endpoint registration code opens a NCALRPC connection to the
    endpoint mapper daemon (ep_register in source3/librpc/rpc/dcerpc_ep.c)
    and keeps it open to re-register if the endpoint mapper daemon dies
    (rpc_ep_register_loop in source3/rpc_server/rpc_ep_register.c)
* When the endpoint mapper daemon accepts a NCALRPC connection it sets a
  termination function (srv_epmapper_delete_endpoints)
* Suppose the lsarpc daemon exits. The NCALRPC connection termination
  function is called.
* The termination function tries to delete all endpoints registered by that
  connection by calling _epm_Delete
* _epm_Delete calls is_privileged_pipe which access to
  pipes_struct->session_info.

As the call to _epm_Delete occurs outside of the PIDL generated code,
the pipes_stuct->session_info is NULL. This commit also sets
pipes_struct->session_info from the dcerpc_connection before calling
_epm_Delete. As the core rpc server supports security context multiplexing we
need to pass the dcesrv_connection to the termination function and let the
implementation pick a auth context. In the case of the endpoint mapper
the termination function has to pick one of type NCALRPC_AS_SYSTEM to
check if the connection is privileged and delete the endpoints
registered by the connection being closed.

Finally, the samba.tests.dcerpc.raw_protocol testsuite passes against
the ad_member environment.

Signed-off-by: Samuel Cabrero <scabrero@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2020-03-20 15:36:35 +00:00
Samuel Cabrero
0c326e9688 s3:rpc_server: Update winspool generated server stub
Signed-off-by: Samuel Cabrero <scabrero@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2020-03-20 15:36:35 +00:00
Samuel Cabrero
60fa8e2552 s3:rpc_server: Dispatch local calls through interfaces local handler
Signed-off-by: Samuel Cabrero <scabrero@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2020-03-20 15:36:35 +00:00
Samuel Cabrero
d1afa40c3c pidl:NDR/ServerCompat: Retrieve and setup pipes struct before dispatch
Signed-off-by: Samuel Cabrero <scabrero@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2020-03-20 15:36:35 +00:00
Samuel Cabrero
d4e6764b22 s3:rpc_server: Store dcesrv context and endpoint in ncacn_conn
Signed-off-by: Samuel Cabrero <scabrero@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2020-03-20 15:36:35 +00:00
Samuel Cabrero
06a913a269 s3:rpc_server: Retrieve dcesrv_context from parent context to open NP
Get the dcesrv_context from parent context and use it to search the
endpoint serving the named pipe. Once we have the endpoint pass it to
the make_internal_rpc_pipe_socketpair function.

Signed-off-by: Samuel Cabrero <scabrero@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2020-03-20 15:36:35 +00:00
Samuel Cabrero
0d37a00be7 s3:rpc_server: Set a dcerpc_ncacn_conn termination function
Signed-off-by: Samuel Cabrero <scabrero@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2020-03-20 15:36:35 +00:00
Samuel Cabrero
7fef249d7a s3:rpc_server: Retrieve the dcesrv_endpoint from prefork listen data
Signed-off-by: Samuel Cabrero <scabrero@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2020-03-20 15:36:35 +00:00
Samuel Cabrero
82020a3f62 s3:rpc_server: Drop dcerpc_binding_vector usage in the server side
The endpoint mapper entry is built using the dcesrv_endpoint and the
interfaces registered into it instead of using the
dcerpc_binding_vector.

Signed-off-by: Samuel Cabrero <scabrero@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2020-03-20 15:36:34 +00:00
Samuel Cabrero
53ca9ad2a7 s3:rpc_server: Remove unused members from dcerpc_ncacn_listen_state
Signed-off-by: Samuel Cabrero <scabrero@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2020-03-20 15:36:34 +00:00
Samuel Cabrero
9a6a5a50f1 s3:rpc_server: Create ncacn_np sockets through endpoint initialization
Signed-off-by: Samuel Cabrero <scabrero@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2020-03-20 15:36:34 +00:00
Samuel Cabrero
64a70a9610 s3:rpc_server: Setup ncacn_np sockets through endpoint initialization
Signed-off-by: Samuel Cabrero <scabrero@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2020-03-20 15:36:34 +00:00
Samuel Cabrero
c0ff6da277 s3:rpc_server: Listen in different socket for ncalrpc when role is AD DC
If smbd and samba processes use DEFAULT as socket name they will race to
accept the NCALRPC connections.

Signed-off-by: Samuel Cabrero <scabrero@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2020-03-20 15:36:34 +00:00
Samuel Cabrero
f8eb0e3569 s3:rpc_server: Create ncalrpc socket through endpoint initialization
Signed-off-by: Samuel Cabrero <scabrero@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2020-03-20 15:36:34 +00:00
Samuel Cabrero
1d970fa83d s3:rpc_server: Setup ncalrpc sockets through endpoint initialization
Signed-off-by: Samuel Cabrero <scabrero@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2020-03-20 15:36:34 +00:00
Samuel Cabrero
a6b718b6ec s3:rpc_server: Create ncacn_ip_tcp sockets through enpoint init
Signed-off-by: Samuel Cabrero <scabrero@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2020-03-20 15:36:34 +00:00
Samuel Cabrero
a18163a147 s3:rpc_server: Setup ncacn_ip_tcp sockets through endpoint init
The listener is created in the endpoint memory context. If the endpoint
is freed, the listener will be freed too and the socket closed.

Signed-off-by: Samuel Cabrero <scabrero@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2020-03-20 15:36:34 +00:00
Samuel Cabrero
fd099ae16a s3:rpc_server: Initialize mdssd connection endpoints
Signed-off-by: Samuel Cabrero <scabrero@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2020-03-20 15:36:34 +00:00
Samuel Cabrero
04d3053663 s3:rpc_server: Initialize fssd connection endpoints
Signed-off-by: Samuel Cabrero <scabrero@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2020-03-20 15:36:34 +00:00
Samuel Cabrero
d0a2b0c769 s3:rpc_server: Initialize lsasd connection endpoints
Signed-off-by: Samuel Cabrero <scabrero@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2020-03-20 15:36:33 +00:00
Samuel Cabrero
0e6d138c8e s3:rpc_server: Initialize epmd connection endpoints
Signed-off-by: Samuel Cabrero <scabrero@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2020-03-20 15:36:33 +00:00
Samuel Cabrero
2d2c488121 s3:rpc_server: Initialize the embedded services endpoints
Signed-off-by: Samuel Cabrero <scabrero@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2020-03-20 15:36:33 +00:00
Samuel Cabrero
228f8b2c53 s3:rpc_server: Add a function to create the endpoints sockets
The pidl-generated initialization function for each endpoint server will
register the RPC interface in all endpoints defined in the idl file.

The interface registration code will create the endpoint if it does not
exists (as an endpoint can serve multiple interfaces) and will add it to
the endpoint list exiting in the dcesrv_context.

This commit adds a generic dcesrv_create_endpoint_sockets function which
will be preforking external daemons to create the sockets regardless the
endpoint transport. This function will only create the sockets, the
external preforking daemon is who will start listening.

Signed-off-by: Samuel Cabrero <scabrero@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2020-03-20 15:36:33 +00:00
Samuel Cabrero
c97a77297d s3:rpc_server: Add a function to setup the endpoints
The pidl-generated initialization function for each endpoint server will
register the RPC interface in all endpoints defined in the idl file.

The interface registration code will create the endpoint if it does not
exists (as an endpoint can serve multiple interfaces) and will add it to
the endpoint list exiting in the dcesrv_context.

This commit adds a generic dcesrv_setup_endpoint_sockets function which
will be used by embedded services and non-preforking external daemons to
setup the sockets regardless the transport.

Signed-off-by: Samuel Cabrero <scabrero@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2020-03-20 15:36:33 +00:00
Samuel Cabrero
4e7670ed12 s3:rpc_server: Implement association group find callback
Keep the s3 server behaviour for now and return always the same
association group ID, 0x53F0.

Signed-off-by: Samuel Cabrero <scabrero@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2020-03-20 15:36:33 +00:00
Samuel Cabrero
b9e5740a85 s3:rpc_server: Setup dcesrv_context callbacks
Signed-off-by: Samuel Cabrero <scabrero@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2020-03-20 15:36:33 +00:00
Samuel Cabrero
5174e469ae s3:rpc_server: Init registered ep servers in external mdssd daemon
Initialize and shutdown the endpoint servers registed by the mdssd
daemon. The pidl-generated init function will register the
api_struct for backward compatibility until completely removed.

The common server exit routine will shutdown all registered endpoint
servers, and the pidl-generated shutdown function will unregister the
api_struct.

Signed-off-by: Samuel Cabrero <scabrero@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2020-03-20 15:36:33 +00:00
Samuel Cabrero
99b5b9a9fb s3:rpc_server: Init registered ep servers in external fssd daemon
Initialize and shutdown the endpoint servers registed by the fssd
daemon. The pidl-generated init function will register the
api_struct for backward compatibility until completely removed.

The common server exit routine will shutdown all registered endpoint
servers, and the pidl-generated shutdown function will unregister the
api_struct.

Signed-off-by: Samuel Cabrero <scabrero@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2020-03-20 15:36:33 +00:00
Samuel Cabrero
a450f10374 s3:rpc_server: Init registered ep servers in external lsasd daemon
Initialize and shutdown the endpoint servers registed by the lsasd
daemon. The pidl-generated init function will register the
api_struct for backward compatibility until completely removed.

The common server exit routine will shutdown all registered endpoint
servers, and the pidl-generated shutdown function will unregister the
api_struct.

Signed-off-by: Samuel Cabrero <scabrero@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2020-03-20 15:36:33 +00:00
Samuel Cabrero
0e2839f9bc s3:rpc_server: Init registered ep servers in external epmd daemon
Initialize and shutdown the endpoint servers registed by the endpoint
mapper daemon. The pidl-generated init function will register the
api_struct for backward compatibility until completely removed.

The common server exit routine will shutdown all registered endpoint
servers, and the pidl-generated shutdown function will unregister the
api_struct.

Signed-off-by: Samuel Cabrero <scabrero@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2020-03-20 15:36:32 +00:00
Samuel Cabrero
36c2abbc16 s3:rpc_server: Init registered endpoint servers for embedded services
Signed-off-by: Samuel Cabrero <scabrero@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2020-03-20 15:36:32 +00:00
Samuel Cabrero
3b52f1543c s3:rpc_server: Reinitialize dcesrv_context in external lsasd daemon
Signed-off-by: Samuel Cabrero <scabrero@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2020-03-20 15:36:32 +00:00
Samuel Cabrero
80c57f238d s3:rpc_server: Reinitialize dcesrv_context in external mdssd daemon
Signed-off-by: Samuel Cabrero <scabrero@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2020-03-20 15:36:32 +00:00
Samuel Cabrero
eeb6888f42 s3:rpc_server: Reinitialize dcesrv_context in external fssd daemon
Signed-off-by: Samuel Cabrero <scabrero@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2020-03-20 15:36:32 +00:00
Samuel Cabrero
f1eec15c37 s3:rpc_server: Reinitialize dcesrv_context in external epmd daemon
Signed-off-by: Samuel Cabrero <scabrero@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2020-03-20 15:36:32 +00:00
Samuel Cabrero
3719de0107 s3:rpc_server: Initialize global dcesrv_context for embedded services
Signed-off-by: Samuel Cabrero <scabrero@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2020-03-20 15:36:32 +00:00
Samuel Cabrero
20542bcfa9 s3:rpc_server: Add global dcesrv_context init and shutdown functions
Signed-off-by: Samuel Cabrero <scabrero@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2020-03-20 15:36:32 +00:00
Samuel Cabrero
eea1c425a6 s3:rpc_server: Register endpoint servers in external mdssd daemon
The parent calls the setup function to register the endpoint server, as
it has to be registered to initialize the endpoints (create the sockets).

Delete the setup call from forker childs as it is already registered by
the parent.

Signed-off-by: Samuel Cabrero <scabrero@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2020-03-20 15:36:31 +00:00
Samuel Cabrero
612c7fa341 s3:rpc_server: Register endpoint servers in external fssd daemon
Signed-off-by: Samuel Cabrero <scabrero@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2020-03-20 15:36:31 +00:00
Samuel Cabrero
909cf570d4 s3:rpc_server: Register endpoint servers in external lsasd daemon
Signed-off-by: Samuel Cabrero <scabrero@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2020-03-20 15:36:31 +00:00
Samuel Cabrero
da5aabde57 s3:rpc_server: Register endpoint servers in external epmd daemon
Signed-off-by: Samuel Cabrero <scabrero@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2020-03-20 15:36:31 +00:00
Samuel Cabrero
d77a4e553d s3:rpc_server: Register endpoint servers for embedded services
Signed-off-by: Samuel Cabrero <scabrero@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2020-03-20 15:36:31 +00:00
Samuel Cabrero
06f1bad051 s3:rpc_server: Provide LSA ncacn_np secondary endpoint and LSA over Netlogon
Signed-off-by: Samuel Cabrero <scabrero@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2020-03-20 15:36:31 +00:00
Samuel Cabrero
dc1d34d388 s3:rpc_server: Include generated boilerplate code
Signed-off-by: Samuel Cabrero <scabrero@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2020-03-20 15:36:31 +00:00
Gary Lockyer
3e072b3fb7 build: fix the coverage build
"make lcov" was failing with:
   Processing file bin/default/<stdout>
   genhtml: ERROR: cannot read ... <stdout>

Flex adds "#line nnn <stdout>" to the generated source, which then causes
issues with lcov. This commit adds a SAMBA_GENERATOR for es_lexer.l and
sparql_lexer.l that strips out the offending lines.

Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2020-02-27 01:02:32 +00:00
Ralph Boehme
1484fb0c66 s3/rpc_server/netlogon: use set_current_user_info() in _netr_LogonSamLogon_base()
Note that we're now sanitizing the username we got from the client, as we do
everywhere else.

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2020-02-06 10:17:43 +00:00
Ralph Boehme
a6054e2b35 s3/rpc_server: use talloc_alpha_strcpy() in _winreg_InitiateSystemShutdownEx()
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2020-02-06 10:17:43 +00:00
Alexander Bokovoy
c6d880a115 s3-rpcserver: fix security level check for DsRGetForestTrustInformation
Harmonize _netr_DsRGetForestTrustInformation with source4/ logic which
didn't change since DCE RPC channel refactoring.

With the current code we return RPC faul as can be seen in the logs:

2019/12/11 17:12:55.463081,  1, pid=20939, effective(1284200000, 1284200000), real(1284200000, 0), class=rpc_parse] ../librpc/ndr/ndr.c:471(ndr_print_function_debug)
       netr_DsRGetForestTrustInformation: struct netr_DsRGetForestTrustInformation
          in: struct netr_DsRGetForestTrustInformation
              server_name              : *
                  server_name              : '\\some-dc.example.com'
              trusted_domain_name      : NULL
              flags                    : 0x00000000 (0)
[2019/12/11 17:12:55.463122,  4, pid=20939, effective(1284200000, 1284200000), real(1284200000, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1561(api_rpcTNP)
  api_rpcTNP: fault(5) return.

This is due to this check in processing a request:
        if (!(p->pipe_bound && (p->auth.auth_type != DCERPC_AUTH_TYPE_NONE)
                       && (p->auth.auth_level != DCERPC_AUTH_LEVEL_NONE))) {
                p->fault_state = DCERPC_FAULT_ACCESS_DENIED;
                return WERR_ACCESS_DENIED;
        }

and since we get AuthZ response,

  Successful AuthZ: [netlogon,ncacn_np] user [EXAMPLE]\[admin] [S-1-5-21-1234567-890123456-500] at [Wed, 11 Dec 2019 17:12:55.461164 UTC]
  Remote host [ipv4:Y.Y.Y.Y:59017] local host [ipv4:X.X.X.X:445]
[2019/12/11 17:12:55.461584,  4, pid=20939, effective(0, 0), real(0, 0)] ../lib/audit_logging/audit_logging.c:141(audit_log_json)
  JSON Authorization: {"timestamp": "2019-12-11T17:12:55.461491+0000",
   "type": "Authorization", "Authorization": {"version": {"major": 1, "minor": 1},
   "localAddress": "ipv4:X.X.X.X:445", "remoteAddress": "ipv4:Y.Y.Y.Y:59017",
   "serviceDescription": "netlogon", "authType": "ncacn_np",
   "domain": "EXAMPLE", "account": "admin", "sid": "S-1-5-21-1234567-890123456-500",
   "sessionId": "c5a2386f-f2cc-4241-9a9e-d104cf5859d5", "logonServer": "SOME-DC",
   "transportProtection": "SMB", "accountFlags": "0x00000010"}}

this means we are actually getting anonymous DCE/RPC access to netlogon
on top of authenticated SMB connection. In such case we have exactly
auth_type set to DCERPC_AUTH_TYPE_NONE and auth_level set to
DCERPC_AUTH_LEVEL_NONE in the pipe->auth. Thus, returning an error.

Update the code to follow the same security level check as in s4 variant
of the call.

Signed-off-by: Alexander Bokovoy <ab@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>

Autobuild-User(master): Günther Deschner <gd@samba.org>
Autobuild-Date(master): Mon Jan 13 15:05:28 UTC 2020 on sn-devel-184
2020-01-13 15:05:28 +00:00
Volker Lendecke
5954a0688a lsasd: Align integer types
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: David Disseldorp <ddiss@samba.org>
2020-01-03 00:04:43 +00:00
Ralph Boehme
d68d8c6538 s3:rpc_server: pass session_info to get_nt_acl_no_snum()
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2019-12-20 11:41:41 +00:00
Ralph Boehme
7fb188c119 s3:rpc_server: pass session_info to elog_check_access()
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2019-12-20 11:41:41 +00:00
Ralph Boehme
457c91406a s3: pass session_info to enum_msdfs_links()
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2019-12-20 11:41:40 +00:00
Ralph Boehme
e12a724f0d s3: pass session_info to remove_msdfs_link()
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2019-12-20 11:41:40 +00:00
Ralph Boehme
8a0ad072ac s3: pass session_info to create_msdfs_link()
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2019-12-20 11:41:40 +00:00
Ralph Boehme
8517bb109c s3: pass session info to get_referred_path()
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2019-12-20 11:41:40 +00:00
Günther Deschner
5d34c8874d s3-rpc_server: always print the full PDU.
Guenther

Signed-off-by: Guenther Deschner <gd@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2019-12-17 07:58:39 +00:00
Jeremy Allison
cc1ec0a9f1 s3: smbd: cleanup. Change 'int referral_count' -> 'size_t referral_count' in struct junction_map.
This is a non-negative count. Fix remaing code to not mix int and size_t.

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
2019-12-16 14:05:33 +00:00
Douglas Bagnall
e737988641 dcerpc: developer option to save ndr_fuzz_X seeds
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Pair-programmed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2019-12-10 07:50:28 +00:00
Isaac Boukris
a75ca8d5d5 session: convert sess_crypt_blob to use gnutls
Signed-off-by: Isaac Boukris <iboukris@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2019-12-10 00:30:31 +00:00
Isaac Boukris
dcc33103d5 smbdes: convert des_crypt112_16 to use gnutls
Signed-off-by: Isaac Boukris <iboukris@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2019-12-10 00:30:31 +00:00
Isaac Boukris
dce944e8a1 smbdes: convert E_old_pw_hash to use gnutls
Signed-off-by: Isaac Boukris <iboukris@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2019-12-10 00:30:31 +00:00
Isaac Boukris
0f855f1ab9 smbdes: add des_crypt56_gnutls() using DES-CBC with zeroed IV
Signed-off-by: Isaac Boukris <iboukris@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2019-12-10 00:30:30 +00:00
Andreas Schneider
94c3c12df1 s3:rpc_server: Fix string compare for utmp entries
The members of struct utmp are marked as nonstring. This means they
might not be nil-terminated.

Found by covscan.

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Richard Sharpe <realrichardsharpe@gmail.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2019-12-10 00:30:29 +00:00
Ralph Boehme
b5c6964a50 s3:param: make "servicename" a substituted option
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2019-11-27 10:25:37 +00:00
Ralph Boehme
a0185c7efb smbdotconf: mark "shutdown script" with substitution="1"
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2019-11-27 10:25:36 +00:00
Ralph Boehme
7dc7b9e554 smbdotconf: mark "server string" with substitution="1"
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2019-11-27 10:25:36 +00:00
Ralph Boehme
1743ff48ba smbdotconf: mark "passwd program" with substitution="1"
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2019-11-27 10:25:35 +00:00
Ralph Boehme
4551dd2784 smbdotconf: mark "passwd chat" with substitution="1"
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2019-11-27 10:25:35 +00:00
Ralph Boehme
fa5033cfb7 smbdotconf: mark "logfile" with substitution="1"
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2019-11-27 10:25:35 +00:00
Ralph Boehme
6e678cba77 smbdotconf: mark "enumports command" with substitution="1"
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2019-11-27 10:25:34 +00:00
Ralph Boehme
28391f0b61 smbdotconf: mark "delete share command" with substitution="1"
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2019-11-27 10:25:34 +00:00
Ralph Boehme
d035f850de smbdotconf: mark "deleteprinter command" with substitution="1"
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2019-11-27 10:25:34 +00:00
Ralph Boehme
12e97ee3e8 smbdotconf: mark "check password script" with substitution="1"
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2019-11-27 10:25:34 +00:00
Ralph Boehme
bf9c63a280 smbdotconf: mark "change share command" with substitution="1"
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2019-11-27 10:25:34 +00:00
Ralph Boehme
390f53cb03 smbdotconf: mark "add share command" with substitution="1"
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2019-11-27 10:25:33 +00:00
Ralph Boehme
39f8014275 smbdotconf: mark "addprinter command" with substitution="1"
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2019-11-27 10:25:33 +00:00
Ralph Boehme
a5db3443a2 smbdotconf: mark "addport command" with substitution="1"
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2019-11-27 10:25:33 +00:00
Ralph Boehme
db75b5d6fc smbdotconf: mark "abort shutdown script" with substitution="1"
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2019-11-27 10:25:33 +00:00
Ralph Boehme
f7619ac22b smbdotconf: mark "path" with substitution="1"
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2019-11-27 10:25:33 +00:00
Stefan Metzmacher
8e86ac18e7 smbdotconf: mark "comment" with substitution="1"
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
2019-11-27 10:25:32 +00:00
Stefan Metzmacher
564049fbc9 s3:mdssvc: make use of lp_parm_const_string()
We don't need any substitution for elasticsearch options.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
2019-11-27 10:25:31 +00:00
Christof Schmitt
1f304fc16c sharesec: Return NTSTATUS from set_share_security
Signed-off-by: Christof Schmitt <cs@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2019-11-26 21:28:31 +00:00
Andreas Schneider
a377214dce s3:rpc_server: Replace E_md5hash() with GnuTLS calls
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14195

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2019-11-19 04:48:29 +00:00
Ralph Boehme
4736623c24 s3: rename talloc_sub_advanced() to talloc_sub_full()
We currently have the following substitution functions:

  talloc_sub_basic()
  talloc_sub_advanced()

talloc_sub_basic() currently substitutes a subset of talloc_sub_advanced().

We'll need a function X that only substitutes what talloc_sub_advanced()
substitutes *without* what talloc_sub_basic() does.

To get there rename talloc_sub_advanced() to talloc_sub_full(). A subsequent
commit will then bring back talloc_sub_advanced() as described above.

Examples with fictional replacement letters A and B. Currently:

  talloc_sub_basic:    A
  talloc_sub_advanced: AB

New:

  talloc_sub_basic:    A
  talloc_sub_advanced:  B
  talloc_sub_full:     AB

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13745

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2019-11-07 14:16:41 +00:00
Volker Lendecke
54d673742f lib: Remove #define serverid_equal server_id_equal
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2019-11-06 20:36:34 +00:00
Ralph Boehme
c9b6298249 mdssvc.idl: pass policy_handle as pointer
No change in behaviour, this just changes all functions to take the
policy_handle argument as pointer instead of passing it by value.
This is how all other IDLs pass it.

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Noel Power <noel.power@suse.com>

Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Wed Oct  9 15:52:55 UTC 2019 on sn-devel-184
2019-10-09 15:52:55 +00:00
Ralph Boehme
63cbeaf0e7 s3:mdssvc: fix service startup in deamon mode
Changes:

* Don't initialize the RPC service by calling setup_rpc_module() in the parent
  mdssd. This is not needed in the parent, only in the worker childs.

* In the worker childs call setup_rpc_module() instead of init_rpc_module()
  which ensures rpc_mdssvc_init() is called with the mdssvc callback which is
  needed to initialize mdssvc via mdssvc_init_cb() -> init_service_mdssvc()

* Finally rpc_setup_mdssvc() is adjusted to be a noop if mdssvc is configured to
  as external and when called by the main parent smbd via dcesrv_ep_setup() ->
  setup_rpc_modules()

I've manually tested all 4 combinations of external=yes|no X module=yes|no with
the new mdfind command.

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Noel Power <noel.power@suse.com>
2019-10-09 14:35:29 +00:00
Ralph Boehme
78a2d95511 s3:mdssvc: use a helper variable for the service type
No change in behaviour. Simplifies a subsequent logical change.

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Noel Power <noel.power@suse.com>
2019-10-09 14:35:29 +00:00
Ralph Boehme
91f397bec0 mdssd: fix a debug message
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Noel Power <noel.power@suse.com>
2019-10-09 14:35:29 +00:00
Ralph Boehme
bf02a93508 s3: rpc_server: enable mdssvc by default
Now that mdssvc is built by default and also tested in CI, enable it by default,
running as embedded service.

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Noel Power <noel.power@suse.com>
2019-10-09 14:35:29 +00:00
Ralph Boehme
f479e01096 s3:mdssvc: add unit tests for the Spotlight to Elasticsearch parser
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Noel Power <noel.power@suse.com>
2019-10-09 14:35:29 +00:00
Ralph Boehme
f5510d7db3 s3:mdssvc: add Elasticsearch backend
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Noel Power <noel.power@suse.com>
2019-10-09 14:35:29 +00:00
Ralph Boehme
c338bdf5a4 s3:mdssvc: add missing mds_ctx deallocation
The mds_ctx object was created in _mdssvc_open() as a talloc child of the pipe
which means as long as the pipe is connected it's not freed.

To ensure we do proper rundown of all resources including backend connections
and pending queries, we must free the mds_ctx object.

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Noel Power <noel.power@suse.com>
2019-10-09 14:35:29 +00:00
Ralph Boehme
eb740b571d s3:mdssvc: fix a long line
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Noel Power <noel.power@suse.com>
2019-10-09 14:35:29 +00:00
Ralph Boehme
ba899694e4 s3:mdssvc: modernize a few DEBUG macros
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Noel Power <noel.power@suse.com>
2019-10-09 14:35:29 +00:00
Ralph Boehme
08cb82d26f s3:mdssvc: remove unused snum from struct sl_query
Looks like this was never used, it's also available via mds_ctx->snum.

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Noel Power <noel.power@suse.com>
2019-10-09 14:35:28 +00:00
Volker Lendecke
86672659c6 epmapper: Fix printf specifiers
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
2019-10-02 08:01:40 +00:00
Stefan Metzmacher
5da24aa18e smbd: rename [un]become_user*() to [un]become_user_without_service*()
We should make the behavior change (that gives up some protection)
more obvious, by changing the function names.

At least some OEMs have patches relying on the 4.9/4.10 behaviour
and we want them to detect that they have to do more work when they
need to change directories.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2019-09-11 19:59:34 +00:00
Mathieu Parent
fbecbe4d9b Spelling fixes s/negotatie/negotiate/
Signed-off-by: Mathieu Parent <math.parent@gmail.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
2019-09-01 22:21:25 +00:00
Andrew Bartlett
2f827bec8c s3-rpc_server: Check NTSTATUS return value from netlogon_creds_aes_decrypt()
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2019-08-21 09:57:30 +00:00
Volker Lendecke
2dd7ebe072 smbd: Fix CID 1452293 Incorrect expression (NO_EFFECT)
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>

Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Wed Aug 14 11:48:42 UTC 2019 on sn-devel-184
2019-08-14 11:48:42 +00:00
Volker Lendecke
76bf8a1ac4 mdssvc: Fix the clang build
clang complains about "%lu" not to match size_t on 32-bit FreeBSD

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>

Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Fri Aug  9 07:34:05 UTC 2019 on sn-devel-184
2019-08-09 07:34:04 +00:00
Ralph Boehme
64f182412a s3:mdssvc: fix slrpc_fetch_attributes() when CNID is not known
Samba currenlty fails the whole RPC request, macOS returns returns a nil entry
for the requested CNID:

DALLOC_CTX(#1): {
	sl_array_t(#3): {
		uint64_t: 0x0000
		CNIDs: unkn1: 0xfec, unkn2: 0x6b000020
			DALLOC_CTX(#1): {
				uint64_t: 0xe4bbf314c03b1e
			}
		sl_filemeta_t(#1): {
			sl_array_t(#2): {
				nil
				nil
			}
		}
	}
}

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Thu Aug  8 21:43:14 UTC 2019 on sn-devel-184
2019-08-08 21:43:14 +00:00
Ralph Boehme
b2bf13ecf7 s3:mdssvc: close mdssvc rpc command must return in handle
Checked against macOS mdssvc.

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2019-08-08 20:24:33 +00:00
Ralph Boehme
a5e705504b s3:mdssvc: failing the RPC request if the mdssvc policy handle is not found
Turns out macOS mdssvc doesn't fail the RPC request if the policy handle is all
zero. Also, if it fails with a non-all-zero handle, it returns a different RPC
error, namely DCERPC_NCA_S_PROTO_ERROR, not DCERPC_FAULT_CONTEXT_MISMATCH (or
rather their mapped NT_STATUS codes).

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2019-08-08 20:24:33 +00:00
Ralph Boehme
6336699687 s3:mdssvc: the open command must work on shares with Spotlight disabled
Move the implementation of this setting down to the actual search query
processing. macOS has no notion of "spotlight = false" at the DCERPC layer and
the open request will always succeed even on all shares.

When later the client issues search requests on such shares, we ensure we use
the noindex backend.

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2019-08-08 20:24:33 +00:00
Ralph Boehme
520175e227 s3:mdssvc: use an early return if spotlight is not enabled.
No change in behaviour, best viewed with git show -w.

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2019-08-08 20:24:33 +00:00
Ralph Boehme
68a9d1205e s3:mdssvc: update a few debug macros to modern style
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2019-08-08 20:24:33 +00:00
Ralph Boehme
940c3b31dd s3:mdssvv: don't fail the RPC request if the share name is unknown
Taken from macOS. We have to return an empty share_path and an empty policy
handle, but not fail the RPC request.

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2019-08-08 20:24:33 +00:00
Ralph Boehme
fef3a4c75f s3:mdssvc: initialize the returned share_path with the empty string
macOS returns the empty path for an unknown share. This paves the way for that
change. Currently we still fail the RPC request if the share is not known with
DCERPC_FAULT_CANT_PERFORM, but this is wrong and is going to be changed in the
next commit.

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2019-08-08 20:24:33 +00:00
Ralph Boehme
c4b2dc95d5 s3:mdssvc: macOS returns the client values in the open command
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2019-08-08 20:24:33 +00:00
Ralph Boehme
a3cb4fca86 s3:mdssvc: macOS returns UINT64_MAX, not 0 for closeQueryForContext mdscmd
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2019-08-08 20:24:33 +00:00
Ralph Boehme
5750f38ca7 s3:mdssvc: fix error handling of mdssvc RPC requests
It seems for certain error cases macOS just sends an empty response
blob. So if our mdssvc request processing fails, we should just return an empty
response blob, but not fail the mdssvc request at the DCERPC layer.

Example, passing "xxx" as sharename which does not exist at the server:

  $ bin/rpcclient -U slow%pass macmini -c "fetch_attributes xxx /foo/bar 123" -d 10
  ....
  Got pdu len 56, data_len 32
  rpc_api_pipe: got frag len of 56 at offset 0: NT_STATUS_OK
  rpc_api_pipe: host macmini returned 32 bytes.
  mdssvc_cmd: struct mdssvc_cmd
     out: struct mdssvc_cmd
         fragment                 : *
             fragment                 : 0x00000000 (0)
         response_blob            : *
             response_blob: struct mdssvc_blob
                 length                   : 0x00000000 (0)
                 size                     : 0x00010000 (65536)
                 spotlight_blob           : *
                     spotlight_blob: ARRAY(0)
         unkn9                    : *
             unkn9                    : 0x00000000 (0)
  ...

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2019-08-08 20:24:33 +00:00
Ralph Boehme
b34fd5b997 s3:mdssvc: fix unmarshalling of empty CNID array
len=0 is invalid, len=8 is an empty array, len>8 is an array with members, so
for the len=8 case we must add the empty cnid array.

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2019-08-08 20:24:32 +00:00
Ralph Boehme
29ef030624 s3:mdssvc: marshalling: fix unpacking empty CNID structure
Pass the correct tag member tag.size to sl_unpack_CNID(), not
tag.length. tag.size is the size actually used in a buffer of size tag.length.

Cf other users of tag.size that already do this correctly, this was only wrong
in this place.

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2019-08-08 20:24:32 +00:00
Ralph Boehme
d67c98184a s3:mdssvc: marshalling: fix unpacking empty filemeta structure
This is how a correct dump of an empty sl_filemeta_t container should look like:

DALLOC_CTX(#1): {
	sl_array_t(#3): {
		uint64_t: 0x0023
		CNIDs: unkn1: 0x0, unkn2: 0x0
			DALLOC_CTX(#0): {
			}
		sl_filemeta_t(#0): {
		}
	}
}

This is basically the response from macOS mdssvc for a query that yields no
results: sl_filemeta_t is empty, the CNIDs array as well.

Looking at the raw packet data, the empty sl_filemeta_t container as a size of 8
bytes which fails the following check in sl_unpack_cpx():

        case SQ_CPX_TYPE_FILEMETA:
                ...
		if (tag.size < 16) {
		        *boom*
                }

Only tag.size=0 is invalid, tag.size=8 denotes an empty container and tag.size>=16
denotes a sl_filemeta_t container with actual content must be unpacked by
calling sl_unpack(). Note that size is always a muliple of 8.

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2019-08-08 20:24:32 +00:00
Ralph Boehme
ed37f2d3c4 s3:mdssvc: marshalling: add a newline to a DEBUG message
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2019-08-08 20:24:32 +00:00
Ralph Boehme
25c5012c53 s3:mdssvc: avoid strncpy when marshalling strings
Avoids failure when at O3 level:

  [2082/4232] Compiling source3/rpc_server/mdssvc/marshalling.c

  ==> /builds/samba-team/devel/samba/samba-o3.stderr <==
  In file included from /usr/include/string.h:494,
                   from /usr/include/bsd/string.h:30,
                   from ../../lib/tevent/../replace/replace.h:164,
                   from ../../source3/include/includes.h:23,
                   from ../../source3/rpc_server/mdssvc/marshalling.c:21:
  In function ‘strncpy’,
      inlined from ‘sl_pack_string’ at ../../source3/rpc_server/mdssvc/marshalling.c:493:2,
      inlined from ‘sl_pack_loop’ at ../../source3/rpc_server/mdssvc/marshalling.c:607:13:
  /usr/include/bits/string_fortified.h:106:10: error: ‘__builtin_strncpy’ output
  truncated before terminating nul copying as many bytes from a string as its
  length [-Werror=stringop-truncation]
    106 |   return __builtin___strncpy_chk (__dest, __src, __len, __bos (__dest));
        |          ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  ../../source3/rpc_server/mdssvc/marshalling.c: In function ‘sl_pack_loop’:
  ../../source3/rpc_server/mdssvc/marshalling.c:458:8: note: length computed here
    458 |  len = strlen(s);
        |        ^~~~~~~~~
  cc1: all warnings being treated as errors

Marshalled strings are not 0 terminated.

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2019-08-08 20:24:32 +00:00
Ralph Boehme
0b1d9d40c2 s3:mdssvc: supposed status field is in fact a fragment indicator
Spotted this in mdssvc response that containied many results for a search
request: if the mdssvc response blob is larger then ~32k, the server fragments
the response in 32k fragments and sets the "fragment" field to 1.

Note that mdssvc implemenets result set "fragmentation" at the result set layer,
not at the marshalled response buffer layer. Therefor mdssvc always sets this
field to 0.

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2019-08-08 20:24:32 +00:00
Ralph Boehme
c742ab7a4c s3:mdssvc: add noindex backend
Add a new default backend that, while allowing mdsvc RPC and search queries from
clients, always returns no results.

Shares using this backend will behave the same way as shares on a macOS SMB
server where indexing is disabled.

This change will later also allow us to compile the Spotlight RPC service by
default which is a big step in the direction of adding tests to CI.

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2019-08-08 20:24:32 +00:00
Ralph Boehme
e5a4114bb5 s3:mdssvc: log inode number in ino_path_map_destr_cb()
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2019-08-08 20:24:31 +00:00
Ralph Boehme
2d98fb57e0 s3:mdssvc: move some code to a subsystem
We need this in a later patchset when adding a mdssvc client library and for
unit tests.

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2019-08-08 20:24:31 +00:00
Ralph Boehme
f58026b30b s3:mdssvc: mds_dalloc_dump() -> dalloc_dump()
Move mds_dalloc_dump() to dalloc and rename it to dalloc_dump().

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2019-08-08 20:24:31 +00:00
Ralph Boehme
b5731a94bb s3:mdssvc: add Unicode normalisation
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2019-08-08 20:24:31 +00:00
Ralph Boehme
1b897df4f7 s3:mdssvc: new option "spotlight backend"
Currently there's only the tracker backend, but subsequent commits will add
other backends.

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2019-08-08 20:24:31 +00:00
Ralph Boehme
66b8d86d71 s3:mdssvc: pass down sharename and SNUM
Not used for now, will be needed in the upcoming Elasticsearch backend.

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2019-08-08 20:24:31 +00:00
Ralph Boehme
1ef96e0907 s3-mdssvc: factor out Tracker backend logic
This moves all Tracker backend logic into a modularized component.

This should not result in any change in behaviour, it just paves the way
for adding additional backends. Currently the only available backend is
Gnome Tracker.

slq_destroy_send/recv is not needed anymore as the problem is solved now by
correctly checking if an async Tracker request was cancelled and we got
G_IO_ERROR_CANCELLED in tracker_con_cb() or tracker_query_cb() and avoid using
user_data in that the case.

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2019-08-08 20:24:31 +00:00
Ralph Boehme
f80f8c5f99 s3:mdssvc: move debug macro to header file
This is going to be used from other parts of the code soon.

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2019-08-08 20:24:31 +00:00
Ralph Boehme
17f29fa867 s3:mdssvc: README.Coding fixes, long lines, modernize debug macros
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2019-08-08 20:24:31 +00:00
Ralph Boehme
9e0b6f667f s3:rpc_server: factor out rpc_mdssvc_sources
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2019-08-08 20:24:31 +00:00
Andreas Schneider
1f923e067d s3:rpc_server: Only dump passwords in developer builds
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Fri Jul 26 03:05:01 UTC 2019 on sn-devel-184
2019-07-26 03:05:01 +00:00
David Disseldorp
93d424528f netlogon: Fix potential use of uninitialized variable
The _netr_NetrEnumerateTrustedDomains()->dcerpc_lsa_open_policy2() error
path checks the policy handle and closes it if non-empty. The policy
handle may be uninitialized in this code-path - fix this.

Signed-off-by: David Disseldorp <ddiss@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2019-07-26 01:48:27 +00:00
Andreas Schneider
1c84bda361 s3:rpc_server: Use a stackframe for temporary memory
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2019-07-26 01:48:27 +00:00
Andreas Schneider
cd0b5e5d93 s3:rpc_server: Use GnuTLS RC4 to decrypt samr password buffers
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14031

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2019-07-26 01:48:24 +00:00
Andreas Schneider
d31f6a6803 s3:rpc_server: Use GnuTLS RC4 in samr password check
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14031

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2019-07-26 01:48:24 +00:00
Andreas Schneider
79ca72ec3d libcli:auth: Pass samr_CryptPasswordEx to decode_rc4_passwd_buffer()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14031

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2019-07-26 01:48:23 +00:00
Andreas Schneider
89f8b028e2 libcli:auth: Rename encode_or_decode_arc4_passwd_buffer()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14031

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2019-07-26 01:48:23 +00:00
Andreas Schneider
57dd415ba4 libcli:auth: Return NTSTATUS for encode_or_decode_arc4_passwd_buffer()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14031

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2019-07-26 01:48:22 +00:00
Andreas Schneider
7915a48e53 s3:rpc_client: Return NTSTATUS for init_samr_CryptPasswordEx()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14031

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2019-07-26 01:48:22 +00:00
Samuel Cabrero
c1e649fd47 s3:rpc_server: Call server exit routines in sigterm handler
Signed-off-by: Samuel Cabrero <scabrero@suse.de>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>

Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Mon Jul 22 18:04:53 UTC 2019 on sn-devel-184
2019-07-22 18:04:53 +00:00
Samuel Cabrero
ee6fb27c59 s3:rpc_server: Call epmapper RPC shutdown function from server exit routines
Signed-off-by: Samuel Cabrero <scabrero@suse.de>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2019-07-22 16:49:16 +00:00
Samuel Cabrero
63a39ef605 s3:rpc_server: Call fsrvp RPC shutdown function from server exit routines
Signed-off-by: Samuel Cabrero <scabrero@suse.de>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2019-07-22 16:49:16 +00:00
Samuel Cabrero
7a167b3751 s3:rpc_server: Call server exit routines in sigterm handler
The exit server routines already call rpc shutdown functions

Signed-off-by: Samuel Cabrero <scabrero@suse.de>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2019-07-22 16:49:16 +00:00
Samuel Cabrero
6be10e6d43 s3:rpc_server: Improve debug messages
Signed-off-by: Samuel Cabrero <scabrero@suse.de>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2019-07-22 16:49:16 +00:00
Samuel Cabrero
dde08e8f26 s3:rpc_server: Return NTSTATUS in is_known_pipename function
Signed-off-by: Samuel Cabrero <scabrero@suse.de>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2019-07-22 16:49:16 +00:00
Samuel Cabrero
f7529fffce s3:rpc_server: Make make_external_rpc_pipe_p and np_proxy_state private
This function and struct is not used outside rpc_ncacn_np.c

Signed-off-by: Samuel Cabrero <scabrero@suse.de>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2019-07-22 16:49:15 +00:00
Samuel Cabrero
4d42b7cde2 s3:rpc_server: Check pointer before dereference
The debug message dereference the pointer, but as close_policy_by_pipe
is called from pipes_struct destructor it may be not initialized yet if
an error occur in the initialization code.

Signed-off-by: Samuel Cabrero <scabrero@suse.de>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2019-07-22 16:49:15 +00:00
Samuel Cabrero
0c04daf523 s3:rpc_server: Rename dcesrv_handle struct
The name conflicts with the S4 name.

Signed-off-by: Samuel Cabrero <scabrero@suse.de>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2019-07-22 16:49:15 +00:00
Samuel Cabrero
cdaf06abad s3:rpc_server: Unify RPC client disconnect and termination functions
These functions are used by endpoint mapper to delete the endpoints
when a NCALRPC connection from an external daemon is lost and by
preforked childs to accept the next client as soon as the current
connection terminates. We can use the same function for both purposes.

Signed-off-by: Samuel Cabrero <scabrero@suse.de>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2019-07-22 16:49:15 +00:00
Samuel Cabrero
5d8e13413c s3:rpc_server: Return NTSTATUS in make_internal_rpc_pipe_p
Also make it static as it is not used outside rpc_ncacn_np.c

Signed-off-by: Samuel Cabrero <scabrero@suse.de>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2019-07-22 16:49:15 +00:00
Samuel Cabrero
6f07f46771 s3:rpc_server: Set debug class in all rpc server related files
Signed-off-by: Samuel Cabrero <scabrero@suse.de>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2019-07-22 16:49:15 +00:00
Samuel Cabrero
01c6602dd2 s3:rpc_server: Initialize auxiliary variable checked in error path
The auxiliary variable is checked in the function's exit code so reset
it after each usage.

Signed-off-by: Samuel Cabrero <scabrero@suse.de>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2019-07-22 16:49:15 +00:00
Samuel Cabrero
6964348bbf s3:prefork: Allow to associate private data with listening socket
Prepare for merger RPC server codebase, where it will be necessary to
stablish an association between the listening socket and the
dcesrv_endpoint that the socket is serving.

Signed-off-by: Samuel Cabrero <scabrero@suse.de>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2019-07-22 16:49:15 +00:00
Samuel Cabrero
85201cc76b s3:rpc_server: Remove named_pipe_client struct and use dcerpc_ncacn_conn
Now NCACN_NP connections run the same loop as NCACN_IP_TCP and NCALRPC
connections.

Signed-off-by: Samuel Cabrero <scabrero@suse.de>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2019-07-22 16:49:15 +00:00
Samuel Cabrero
82759189d1 s3:rpc_server: Check remote address supplied to dcerpc_ncacn_accept
Check if the supplied tsocket_address is valid before changing the
talloc chunk parent to the ncacn_conn struct.

Signed-off-by: Samuel Cabrero <scabrero@suse.de>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2019-07-22 16:49:15 +00:00
Samuel Cabrero
c976d456d2 s3:rpc_server: Make dcerpc_ncacn_packet_process public
In preparation to remove the named_pipe_client struct, this function
will be set as tevent callback from rpc_ncacn_np.c

Signed-off-by: Samuel Cabrero <scabrero@suse.de>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2019-07-22 16:49:15 +00:00
Samuel Cabrero
2e938e22ac s3:rpc_server: Add a function to initialize the dcerpc_ncacn_conn struct
Signed-off-by: Samuel Cabrero <scabrero@suse.de>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2019-07-22 16:49:15 +00:00
Samuel Cabrero
52c3bebd23 s3:rpc_server: Split dcerpc_ncacn_accept to deal with tstream_npa
In preparation to remove the named_pipe_client struct split the function
if two parts and build the tstream context as soon as possible, as it
will take care of closing the socket when the tstream_context is freed.

Signed-off-by: Samuel Cabrero <scabrero@suse.de>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2019-07-22 16:49:15 +00:00
Samuel Cabrero
61fb17f85b s3:rpc_server: Add termination function and data to dcerpc_ncacn_conn
In preparation to remove the named_pipe_client structure, this function
will be called from ncacn_conn destructor passing the private data pointer
as argument. It is mainly used by preforked childs in "process model" to
attend the next client as soon as the previous client ends the connection.

Signed-off-by: Samuel Cabrero <scabrero@suse.de>
Reviewed-by: Andreas Schneider <asn@samba.org>
2019-07-22 16:49:14 +00:00
Samuel Cabrero
cc6342e7a5 s3:rpc_server: Move dcerpc_ncanc_conn to header file
Next commits will remove named_pipe_client and dcerpc_ncacn_connection
will be used in its place. It has to be moved to a header file as it
will be used by functions in rpc_server.c and rpc_ncacn_np.c.

Signed-off-by: Samuel Cabrero <scabrero@suse.de>
Reviewed-by: Andreas Schneider <asn@samba.org>
2019-07-22 16:49:14 +00:00
Samuel Cabrero
d8d7c98121 s3:rpc_server: Set dcerpc_ncacn_connection destructor
And call disconnection callback from there if it is set.
Additionally change named_pipe_termination_fn to have * in typedef.

Signed-off-by: Samuel Cabrero <scabrero@suse.de>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2019-07-22 16:49:14 +00:00
Samuel Cabrero
fdfa0e0a01 s3:epmapper: Rename conflicting struct
Rename an epmapper internal struct which will conflict when merging s3
and s4 rpc servers.

Signed-off-by: Samuel Cabrero <scabrero@suse.de>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2019-07-22 16:49:14 +00:00
Samuel Cabrero
d1d37a0a6e s3:rpc_server: Return NTSTATUS in rpc_ep_setup and setup functions
Signed-off-by: Samuel Cabrero <scabrero@suse.de>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2019-07-22 16:49:14 +00:00
Samuel Cabrero
7ee4dff9da s3:rpc_server: Fix hidden strict aliasing issues
Signed-off-by: Samuel Cabrero <scabrero@suse.de>
Reviewed-by: Andreas Schneider <asn@samba.org>
2019-07-22 16:49:14 +00:00
Samuel Cabrero
60b7b79187 s3:rpc_server: Fix code formatting and improve debug messages
Signed-off-by: Samuel Cabrero <scabrero@suse.de>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2019-07-22 16:49:14 +00:00
Samuel Cabrero
f527964f72 s3:rpc_server: Set the endpoint name to "IP" on ncacn_ip_tcp listener
This matchs what lsasd and mdssd does.

Signed-off-by: Samuel Cabrero <scabrero@suse.de>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2019-07-22 16:49:14 +00:00
Samuel Cabrero
2cb4a9c6e8 s3:rpc_server: Use talloc_zero for dcerpc_ncacn_listen_state
Signed-off-by: Samuel Cabrero <scabrero@suse.de>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2019-07-22 16:49:14 +00:00
Samuel Cabrero
1f2caa4101 s3:rpc_server: Use new debug macros in dcesrv_setup_ncalrpc_socket
Signed-off-by: Samuel Cabrero <scabrero@suse.de>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2019-07-22 16:49:14 +00:00
Samuel Cabrero
5a54486424 s3:rpc_server: Return NTSTATUS for dcesrv_setup_ncalrpc_socket
Signed-off-by: Samuel Cabrero <scabrero@suse.de>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2019-07-22 16:49:13 +00:00
Samuel Cabrero
1a1f31e082 s3:rpc_server: Rename setup_dcerpc_ncalrpc_socket
Signed-off-by: Samuel Cabrero <scabrero@suse.de>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2019-07-22 16:49:13 +00:00
Samuel Cabrero
cbf497dc09 s3:rpc_server: Use new debug macros in dcesrv_setup_ncacn_ip_tcp_socket
Signed-off-by: Samuel Cabrero <scabrero@suse.de>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2019-07-22 16:49:13 +00:00
Samuel Cabrero
ae14c51080 s3:rpc_server: Return NTSTATUS for dcesrv_setup_ncacn_ip_tcp_socket
Signed-off-by: Samuel Cabrero <scabrero@suse.de>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2019-07-22 16:49:13 +00:00
Samuel Cabrero
a6b5899853 s3:rpc_server: Rename setup_dcerpc_ncacn_tcpip_socket
Signed-off-by: Samuel Cabrero <scabrero@suse.de>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2019-07-22 16:49:13 +00:00
Samuel Cabrero
3f4be0b9db s3:rpc_server: Rename rpc_create_tcpip_sockets
Signed-off-by: Samuel Cabrero <scabrero@suse.de>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2019-07-22 16:49:13 +00:00
Samuel Cabrero
edc8ef722c s3:rpc_server: Rename dcerpc_ncacn_tcpip_listener
Signed-off-by: Samuel Cabrero <scabrero@suse.de>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2019-07-22 16:49:13 +00:00
Samuel Cabrero
6b2aefc579 s3:rpc_server: Use new debug macros for dcesrv_create_ncacn_ip_tcp_socket
Signed-off-by: Samuel Cabrero <scabrero@suse.de>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2019-07-22 16:49:13 +00:00
Samuel Cabrero
e3999a14da s3:rpc_server: Return NTSTATUS for dcesrv_create_ncacn_ip_tcp_socket
Additionally to the fd number, check the port number has been correctly
assigned. This check was performed by the callers of this function.

Signed-off-by: Samuel Cabrero <scabrero@suse.de>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2019-07-22 16:49:13 +00:00
Samuel Cabrero
b7817eaf3d s3:rpc_server: Rename create_tcpip_socket
Additionally move function declaration from proto.h to rpc_server.h

Signed-off-by: Samuel Cabrero <scabrero@suse.de>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2019-07-22 16:49:13 +00:00
Stefan Metzmacher
5ed7ee7279 s3:rpc_server: simplify the error checking of create_tcpip_socket() callers
create_tcpip_socket() never returns a valid fd and left port as 0.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2019-07-22 16:49:13 +00:00
Samuel Cabrero
b52d58d6e1 s3:rpc_server: Rename named_pipe_listener
Signed-off-by: Samuel Cabrero <scabrero@suse.de>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2019-07-22 16:49:13 +00:00
Samuel Cabrero
fc3d582cca s3:rpc_server: Switch to new debug macros for dcesrv_setup_ncacn_np_socket
Signed-off-by: Samuel Cabrero <scabrero@suse.de>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2019-07-22 16:49:13 +00:00
Samuel Cabrero
e05ce7b9e7 s3:rpc_server: Return NTSTATUS for dcesrv_setup_ncacn_np_socket
Signed-off-by: Samuel Cabrero <scabrero@suse.de>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2019-07-22 16:49:12 +00:00
Samuel Cabrero
b6537c15c1 s3:rpc_server: Rename setup_named_pipe_socket
Signed-off-by: Samuel Cabrero <scabrero@suse.de>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2019-07-22 16:49:12 +00:00
Samuel Cabrero
3fdd4dc03a s3:rpc_server: Switch to new debug macros for dcesrv_create_ncacn_np_socket
Additionally messages are improved.

Signed-off-by: Samuel Cabrero <scabrero@suse.de>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2019-07-22 16:49:12 +00:00
Samuel Cabrero
4a5c440b08 s3:rpc_server: Return NTSTATUS for dcesrv_create_ncacn_np_socket
The 'fd' state struct member is initialized after allocation because it
is checked in the error path.

Signed-off-by: Samuel Cabrero <scabrero@suse.de>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2019-07-22 16:49:12 +00:00
Samuel Cabrero
7f8f857dfe s3:rpc_server: Rename create_named_pipe_socket
Signed-off-by: Samuel Cabrero <scabrero@suse.de>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2019-07-22 16:49:12 +00:00
Samuel Cabrero
af576d335a s3:rpc_server: Rename dcerpc_ncalrpc_listener
Signed-off-by: Samuel Cabrero <scabrero@suse.de>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2019-07-22 16:49:12 +00:00
Samuel Cabrero
05507d4d19 s3:rpc_server: Switch to new debug macros for dcesrv_create_ncalrpc_socket
Additionally new debug messages are added and the existing ones improved.

Signed-off-by: Samuel Cabrero <scabrero@suse.de>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2019-07-22 16:49:12 +00:00
Samuel Cabrero
3153814db4 s3:rpc_server: Return NTSTATUS for dcesrv_create_ncalrpc_socket
Signed-off-by: Samuel Cabrero <scabrero@suse.de>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2019-07-22 16:49:12 +00:00
Samuel Cabrero
c0b1884c99 s3:rpc_server: Rename create_dcerpc_ncalrpc_socket
Signed-off-by: Samuel Cabrero <scabrero@suse.de>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2019-07-22 16:49:12 +00:00
Andreas Schneider
acf605f595 s4:rpc_server: Use GnuTLS RC4 in lsa endpoint
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2019-06-27 12:54:24 +00:00
Andreas Schneider
67e6a9af2c libcli:auth: Return NTSTATUS for netlogon_creds_arcfour_crypt()
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2019-06-27 12:54:23 +00:00
Andreas Schneider
cad3adb0b4 libcli:auth: Return NTSTATUS for netlogon_creds_decrypt_samlogon_logon()
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2019-06-27 12:54:23 +00:00
Andreas Schneider
00dd1a8bf8 libcli:auth: Return NTSTATUS for netlogon_creds_encrypt_samlogon_validation()
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2019-06-27 12:54:23 +00:00
Stefan Metzmacher
0b6e37c9e8 s3:rpc_server:netlogon: simplify AUTH_TYPE_SCHANNEL check in netr_creds_server_step_check()
The gensec schannel module already asserts that at least
AUTH_LEVEL_INTEGRITY is used.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13949

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2019-06-04 22:13:07 +00:00
Stefan Metzmacher
fa5215ce5b s3:rpc_server:netlogon: don't require NEG_AUTHENTICATED_RPC in netr_ServerAuthenticate*()
The domain join with VMWare Horizon Quickprep seems to use
netr_ServerAuthenticate3() with just the NEG_STRONG_KEYS
(and in addition the NEG_SUPPORTS_AES) just to verify a password.

Note: NETLOGON_NEG_SCHANNEL is an alias to NEG_AUTHENTICATED_RPC.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13464 (maybe)
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13949

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2019-06-04 22:13:07 +00:00
Ralph Boehme
9053391f86 s3:mdssvc: fix flex compilation error
[4440/4495] Compiling bin/default/source3/rpc_server/mdssvc/sparql_lexer.lex.c
../../source3/rpc_server/mdssvc/sparql_lexer.l:26: error: "yyalloc" redefined [-Werror]
26 | #define yyalloc SMB_MALLOC

Looks like the dirty redefine trick doesn't work anymore with newer flex
versions. According to the flex manual the right thing to do is to provide own
functions for yyalloc and yyrealloc when passing the options "noyyalloc
noyyrealloc".

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>

Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Tue May 28 11:49:06 UTC 2019 on sn-devel-184
2019-05-28 11:49:06 +00:00
Andreas Schneider
790d7e34cb s3:rpc_server: Do not free the tdbname before we printed it
Found by GCC 9.

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2019-05-08 16:33:24 +00:00
Ralph Boehme
613acd3ddd s3-mdssvc: add a comment to mds_init()
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Noel Power <npower@samba.org>

Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Wed Apr 24 19:32:12 UTC 2019 on sn-devel-184
2019-04-24 19:32:12 +00:00
Ralph Boehme
003b5d3ee4 s3-mdssvc: make mds_ctx_destructor_cb static
This is only used in this compilation unit.

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Noel Power <npower@samba.org>
2019-04-24 18:32:15 +00:00
Ralph Boehme
91c9c03435 s3-mdssvc: add missing call to g_cancellable_new()
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Noel Power <npower@samba.org>
2019-04-24 18:32:15 +00:00
Ralph Boehme
984c890cd0 s3-mdssvc: use default g_main context
Way back when the module was developed it seemed to be necessary the use
a private context with push/pop as thread default. Maybe there was a bug
in libtracker-sparql dispatching callback in the wrong (global)
context. It's not necessary anymore with a recent libtracker-sparql
version.

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Noel Power <npower@samba.org>
2019-04-24 18:32:15 +00:00
Ralph Boehme
55b2cca14a s3-mdssvc: use tevent_glib_glue in mdssvc RPC service
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Noel Power <npower@samba.org>
2019-04-24 18:32:15 +00:00
Ralph Boehme
bc053abdd1 s3-mdssvc: call [un]become_authenticated_pipe_user()
This ensures we're running as the authenticated user int the tevent
callback which might be running in an arbitrary impersonation context.

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Noel Power <npower@samba.org>
2019-04-24 18:32:15 +00:00
Ralph Boehme
675902f800 s3-mdssvc: add tevent context arg to mds_init_ctx
This is needed later when adding tevent_glib_glue support, not used for now.

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Noel Power <npower@samba.org>
2019-04-24 18:32:15 +00:00
Volker Lendecke
e8ce1c6483 smbd: Remove some unused includes
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2019-04-11 23:35:15 +00:00
Jeremy Allison
b1582a4d09 CVE-2019-3880 s3: rpc: winreg: Remove implementations of SaveKey/RestoreKey.
Remove the now unused code implementations of
registry file io.

As reported by Michael Hanselmann.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13851

Signed-off-by: Jeremy Allison <jra@samba.org>

Autobuild-User(master): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(master): Mon Apr  8 11:43:31 UTC 2019 on sn-devel-144
2019-04-08 11:43:31 +00:00
Jeremy Allison
c79f719a84 CVE-2019-3880 s3: rpc: winreg: Remove implementations of SaveKey/RestoreKey.
The were not using VFS backend calls and could only work
locally, and were unsafe against symlink races and other
security issues.

If the incoming handle is valid, return WERR_BAD_PATHNAME.

[MS-RRP] states "The format of the file name is implementation-specific"
so ensure we don't allow this.

As reported by Michael Hanselmann.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13851

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2019-04-08 10:27:34 +00:00
Volker Lendecke
2a926231ab rpc: Don't crash if npa_accept fails
We can only rely on session_info_transport to be filled correctly upon
success of the accept_existing_recv function

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2019-04-03 16:55:27 +00:00
Kristján Valur
92c726dc7a make some auth functions return an NTSTATUS like other similar functions for better diagnostics.
Signed-off-by: Kristján Valur <kristjan@rvx.is>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Tue Apr  2 02:12:48 UTC 2019 on sn-devel-144
2019-04-02 02:12:48 +00:00
Volker Lendecke
7841c62ae4 rpc_server3: Add a \n to a DEBUG message
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Fri Mar 22 19:02:32 UTC 2019 on sn-devel-144
2019-03-22 19:02:32 +00:00
Volker Lendecke
13b66508a0 librpc: Add a required #include
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2019-03-22 18:02:17 +00:00
Volker Lendecke
bd51c7d3ef rpc_server: Avoid casts in DBG statements
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2019-03-22 18:02:17 +00:00
Volker Lendecke
02d884ed8a rpc_server: Simplify named_pipe_accept_function
Make use of named_pipe_client_init

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2019-03-22 18:02:17 +00:00
Volker Lendecke
46a3436734 rpc_server: Favor talloc_move over talloc_steal
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2019-03-22 18:02:16 +00:00
Volker Lendecke
9bebe5c7db rpc_server: Make make_server_pipes_struct API safer
Make it clear that we talloc_steal by NULLing out the caller's
session_info

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2019-03-22 18:02:16 +00:00
Volker Lendecke
a6c653a978 rpc_server: Fix an error path memleak in make_server_pipes_struct
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2019-03-22 18:02:16 +00:00
Volker Lendecke
1220f69cab rpc_server: Simplify make_server_pipes_struct
Do an early return on error

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2019-03-22 18:02:16 +00:00
Volker Lendecke
10c70e2311 rpc_server: Give mdssd its header file
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2019-03-18 19:21:22 +00:00
Volker Lendecke
311d86818c rpc_server: Give fssd its header file
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2019-03-18 19:21:22 +00:00
Volker Lendecke
2f47163a0e rpc_server: Give lsasd its header file
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2019-03-18 19:21:22 +00:00
Volker Lendecke
38f780aedf rpc_server: Give epmd its header file
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2019-03-18 19:21:22 +00:00
Andreas Schneider
e50315379c s3:rpc_server: Remove unused arcfour.h from netlogon
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2019-02-22 21:48:11 +01:00
Stefan Metzmacher
cef1d2ab8c s3:srv_samr_chgpasswd: export SAMBA_CPS_{ACCOUNT,USER_PRINCIPAL,FULL}_NAME for check password script
This is keep compatibility with the AD DC usage.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2019-02-11 07:43:32 +01:00
Aliaksei Karaliou
51bc92d8c8 build: Get rid of hardcoded 'bin/default' in includes
Removed occurrences of bin/default used in #include directive for
auto-generated headers residing in build directory.
Build system is capable of resolving path to such headers by itself
without extra hardcoded path to build directory.

Signed-off-by: Aliaksei Karaliou <akaraliou@panasas.com>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
Reviewed-by: David Mulder <dmulder@suse.com>
Reviewed-by: Andreas Schneider <asn@samba.org>
2019-02-08 08:51:19 +01:00
Volker Lendecke
fc51f82407 samr: Use dom_sid_str_buf
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
2018-12-20 23:40:26 +01:00
Volker Lendecke
fa6690e90c lsasrv: Use dom_sid_str_buf
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
2018-12-20 23:40:25 +01:00
Volker Lendecke
31da287b1c spoolss: Use dom_sid_str_buf
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
2018-12-20 23:40:25 +01:00
Volker Lendecke
d425cd5b68 wkssvc: Use dom_sid_str_buf
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
2018-12-20 23:40:25 +01:00
Volker Lendecke
b0077bb059 rpc_server3: Use dom_sid_str_buf
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2018-12-11 00:40:31 +01:00
Andreas Schneider
a7e10f7853 s3:rpc_server: Use #ifdef instead of #if for config.h definitions
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
2018-11-28 23:19:23 +01:00
Ralph Boehme
14b6e6842b s3:smbd: add twrp args to filename_convert()
All existing callers pass NULL, no change in behaviour.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=13455

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2018-11-27 07:13:13 +01:00
Volker Lendecke
5b2c3f2f42 lib: Remove gencache.h from proto.h
It's a pain to recompile the world if gencache.h changes

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>

Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Fri Oct 19 18:52:50 CEST 2018 on sn-devel-144
2018-10-19 18:52:50 +02:00
Björn Baumbach
96b5bf1370 auth: move copy_session_info() from source3 into the global auth context
Signed-off-by: Björn Baumbach <bb@sernet.de>
Reviewed-by: Volker Lendecke <vl@samba.org>
2018-10-11 10:28:17 +02:00
Volker Lendecke
f8df3f3499 mdssvc: Move a variable declaration closer to its use
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>

Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Fri Sep 14 10:48:47 CEST 2018 on sn-devel-144
2018-09-14 10:48:47 +02:00
Volker Lendecke
98cf04c7d1 mdssvc: Move a variable declaration closer to its use
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
2018-09-14 07:49:14 +02:00
Volker Lendecke
71c7060798 mdssvc: Move a variable declaration closer to its use
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
2018-09-14 07:49:14 +02:00
Volker Lendecke
92d3e3a810 mdssvc: Simplify sl_unpack_loop
Move a variable declaration closer to its use, avoid a redundant
?true:false;

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
2018-09-14 07:49:14 +02:00
Christof Schmitt
cc76aaeb62 s3: Rename server_messaging_context() to global_messaging_context()
This reflects that the messaging context is also used outside of the
server processes.

The command used for the rename:
find . -name '*.[hc]' -print0 | xargs -0 sed -i 's/server_messaging_context/global_messaging_context/'

Signed-off-by: Christof Schmitt <cs@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
2018-09-07 17:26:17 +02:00