1
0
mirror of https://github.com/samba-team/samba.git synced 2024-12-22 13:34:15 +03:00
Commit Graph

1763 Commits

Author SHA1 Message Date
Gary Lockyer
34acf5a992 dnsserver: Tighten DNS name checking
Add checks for the maximum permitted length, maximum number of labels
and the maximum label length.  These extra checks will be used by the
DNS wild card handling.

Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12952
2017-08-15 08:07:10 +02:00
Jeremy Allison
1c1fce7414 lib: rpc: The registered interfaces are a lists of singletons that are never removed.
Allocate them off the NULL context not the talloc_autofree_context().

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12932

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2017-07-26 21:35:21 +02:00
Volker Lendecke
b561028453 messaging: Add DLIST pointers to messaging_rec
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
2017-07-25 17:43:17 +02:00
Gary Lockyer
6ab9f789ff dcerpc.idl Add symbolic constant for /root/ncalrpc_as_system
This is string is used several places in the code and tests, so it
should be a constant.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12865

Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
2017-07-24 23:29:22 +02:00
Aurelien Aptel
c60ad394fa librpc/ndr: add MSZIP compression for cabinet files
Signed-off-by: Aurelien Aptel <aaptel@suse.com>
Reviewed-by: Guenther Deschner <gd@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2017-07-19 21:22:13 +02:00
Aurelien Aptel
43a1952b17 librpc/ndr: simplify cabinet file size calculation
Signed-off-by: Aurelien Aptel <aaptel@suse.com>
Reviewed-by: Guenther Deschner <gd@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2017-07-19 21:22:13 +02:00
Andreas Schneider
7c20a87097 librpc/ndr: Use correct value for max compression size
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2017-07-19 21:22:13 +02:00
Günther Deschner
a2816122f9 librpc/ndr: Use MAX_WBITS zlib define and change memLevel in MSZIP code
Guenther

Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2017-07-19 21:22:13 +02:00
Aurelien Aptel
9ec74a319f librpc/ndr: remove unused ndr_cab_get_compression() function
Signed-off-by: Aurelien Aptel <aaptel@suse.com>
Reviewed-by: Guenther Deschner <gd@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2017-07-19 21:22:13 +02:00
Aurelien Aptel
466d5e8147 librpc: use DATA_BLOB in CFDATA structure
Signed-off-by: Aurelien Aptel <aaptel@suse.com>
Reviewed-by: Guenther Deschner <gd@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2017-07-19 21:22:13 +02:00
Aurelien Aptel
1edf126693 librpc/ndr: add helper functions to setup and free compression states.
Signed-off-by: Aurelien Aptel <aaptel@suse.com>
Reviewed-by: Guenther Deschner <gd@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2017-07-19 21:22:13 +02:00
Günther Deschner
096efc93df librpc/ndr: add new MSZIP compression type for cabinet files
Guenther

Signed-off-by: Guenther Deschner <gd@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2017-07-19 21:22:13 +02:00
Aurelien Aptel
aa33aa6e64 librpc/ndr: add new ndr_compression_state
Signed-off-by: Aurelien Aptel <aaptel@suse.com>
Reviewed-by: Guenther Deschner <gd@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2017-07-19 21:22:13 +02:00
Günther Deschner
a44bce6dfa libndr/compression: pass down compressed length in ndr_pull_compression_start
Guenther

Signed-off-by: Guenther Deschner <gd@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2017-07-19 21:22:13 +02:00
Aurelien Aptel
3b5442e77b librpc/ndr: remove trailing whitespace from compression file.
Signed-off-by: Aurelien Aptel <aaptel@suse.com>
Reviewed-by: Guenther Deschner <gd@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2017-07-19 21:22:13 +02:00
Andreas Schneider
9a2180cd04 librpc:ndr_cab: Cast data pointer correctly
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2017-07-19 21:22:13 +02:00
Aurelien Aptel
e54adf516e ndr_compression: use MAX_WBITS constant
Signed-off-by: Aurelien Aptel <aaptel@suse.com>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2017-07-19 21:22:13 +02:00
Ralph Boehme
4be4f4b3a3 netlogon.idl: mark session keys with NDR_SECRET
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2017-07-03 19:59:08 +02:00
Ralph Boehme
d6a8a79fcb librpc/idl: make use storage_offload_token
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2017-07-03 19:59:07 +02:00
Ralph Boehme
e3cb6a936d librpc/idl: fix STORAGE_OFFLOAD_TOKEN_TYPE_ZERO_DATA definition
STORAGE_OFFLOAD_TOKEN_TYPE_ZERO_DATA is defined as 0xffff0001 in MS-FSCC
2.3.79.

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2017-07-03 19:59:07 +02:00
Ralph Boehme
ebee4589fb librpc/idl: convert offload flags to a bitmap
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2017-07-03 19:59:07 +02:00
Stefan Metzmacher
28ac105034 netlogon.idl: use lsa_TrustType and lsa_TrustAttributes in netr_trust_extension
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12782

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2017-06-27 16:57:46 +02:00
Stefan Metzmacher
6027447533 netlogon.idl: make netr_TrustFlags [public]
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12782

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2017-06-27 16:57:46 +02:00
Stefan Metzmacher
ea0798881a lsa.idl: make lsa_DnsDomainInfo [public]
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12782

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2017-06-27 16:57:46 +02:00
Stefan Metzmacher
969ab12c56 idl_types.h: add NDR_SECRET shortcut
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12782

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2017-06-27 16:57:43 +02:00
Stefan Metzmacher
32aa3a199d librpc/ndr: add LIBNDR_FLAG_IS_SECRET handling
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12782

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2017-06-27 16:57:43 +02:00
Stefan Metzmacher
91d8272e86 librpc/ndr: align the definition of LIBNDR_STRING_FLAGS with currently defined flags
The range included the unused (1<<14) before.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12782

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2017-06-27 16:57:43 +02:00
Stefan Metzmacher
5a08c9887c ntprinting.idl: make use of [skip_noinit] for string_flags
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
2017-06-26 08:47:14 +02:00
Gary Lockyer
7539595c48 lsa.String: add String constructor, str and repr
Add a String constructor, str and repr methods to the
samba.dcerpc.lsa.String python object

Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2017-06-22 08:56:22 +02:00
Stefan Metzmacher
76fe65b67e netlogon.idl: Add netr_LogonSamLogon_flags bitmap
See [MS-NRPC] 3.5.4.5.1 NetrLogonSamLogonEx (Opnum 39).

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2017-06-09 13:00:12 +02:00
Garming Sam
fd29e28d52 netlogon: Implement SendToSam along with its winbind forwarding
This allows you to forward bad password count resets to 0. Currently,
there is a missing access check for the RODC to ensure it only applies
to cached users (msDS-Allowed-Password-Replication-Group).

(further patches still need to address forcing a RWDC contact)

Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2017-05-30 08:06:07 +02:00
Gary Lockyer
9444bbfe18 source4 rpc: binding.c enable DCERPC_SCHANNEL_AUTO for schannel connections
Enable the DCERPC_SCHANNEL_AUTO option in dceprc bindings. If not enabled
calls to netlogon.netlogon from python fail with NT_STATUS_DOWNGRADE_DETECTED
if schannel bindings are specified.

Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Pair-programmed-with: Garming Sam <garming@catalyst.net.nz>
2017-05-25 02:25:13 +02:00
Gary Lockyer
826e50a5f6 idl drsblobs: add the blobs required for Primary:userPassword
Add the blobs required to allow the storing of an sha256 or sha512 hash of
the password in supplemental credentials

Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2017-05-25 02:25:12 +02:00
Andreas Schneider
ef109f86c7 librpc:ndr: Set the length to 1 if we assign and empty string
CID #1399648

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
2017-05-16 12:38:20 +02:00
Jan Engelhardt
e5f2dfacae build: correct package dependencies
The wscript_build files convey what header files belong to which
logical package. For example,

    # lib/util/wscript_build:
    bld.SAMBA_LIBRARY('samba-util',
                      public_headers='... data_blob.h ...'

    # auth/credentials/wscript_build:
    bld.SAMBA_LIBRARY('samba-credentials',
                      public_headers='credentials.h',

Now, credentials.h #includes <util/data_blob.h> and therefore,
samba-credentials.pc must have a Requires: samba-util.

Similarly for other parts.

Signed-off-by: Jan Engelhardt <jengelh@inai.de>
Reviewed-by: David Disseldorp <ddiss@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2017-04-18 18:54:13 +02:00
Garming Sam
acc66d91b2 drsuapi.idl: Expose GetNCChanges req8 like req10
Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2017-04-13 07:29:16 +02:00
Andrew Bartlett
493d886163 python: Add bindings for NTLMSSP
This is helpful for building NTLMv2 packets in python for testing against the SamLogon server

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
2017-03-29 02:37:29 +02:00
Gary Lockyer
68200d0d88 named_pipe_auth: Rename client -> remote_client and server -> local_server
While these names may have been clear, much of Samba uses
remote_address and local_address, and this difference has hidden bugs.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Pair-Programmed-by: Gary Lockyer <gary@catalyst.net.nz>
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
2017-03-29 02:37:28 +02:00
Ralph Boehme
dc4bd3f751 s3/smbd: move copychunk ioctl limits to IDL
This will be needed in the next commit in vfs_default.

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2017-03-28 17:45:20 +02:00
Andrew Bartlett
0837d0b9dc python: Provide Python bindings for messaging.idl
This will allow AUTH_EVENT_NAME and MSG_AUTH_LOG to be accessed from python

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>

Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Tue Mar 28 13:19:03 CEST 2017 on sn-devel-144
2017-03-28 13:19:03 +02:00
Andrew Bartlett
a3c9ad53a2 messaging: Declare well known server name auth_events as AUTH_EVENT_NAME in IDL
This makes it easy to ensure we use the same name in the python and the C

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
2017-03-28 09:23:11 +02:00
Andrew Bartlett
6e87aa38c4 messaging.idl: Register a message type for authentication log messages
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Pair-Programmed-by: Gary Lockyer <gary@catalyst.net.nz>
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
2017-03-28 09:23:11 +02:00
Stefan Metzmacher
1161e11d48 lsa.idl: add SID_NAME_LABEL
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2017-03-23 09:01:21 +01:00
Stefan Metzmacher
3a5d76f092 netlogon.idl: make netr_LogonInfoClass public
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2017-03-23 09:01:21 +01:00
Bob Campbell
380b56e38a drsblobs: Add decode for replPropertyMetaData1
Signed-off-by: Bob Campbell <bobcampbell@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Pair-programmed-with: Garming Sam <garming@catalyst.net.nz>
2017-03-13 05:10:11 +01:00
Volker Lendecke
a34c0a8638 Revert "winbind: Remove wbint_LookupUserGroups"
This reverts commit 256632ed3c.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12612

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
2017-03-06 15:09:17 +01:00
Douglas Bagnall
70923b7521 ndr: Use resizing array instead of linked lists (breaking ABI)
The ndr token code keeps a temporary store of tokens which are
referred to a small number of times (often once) before being
discarded. The access patterns are somewhat stack-like, with recently
placed tokens being accessed most often.

The old code kept these tokens in a linked list, which we replace with
a self-resizing array.

This keeps everything roughly the same in big-O terms, but makes it
all faster in practice by vastly reducing the amount of tallocing and
pointer-chasing.

The peak memory use is strictly reduced. On a 64 bit machine each core
token struct fits in 16 bytes (after padding) while the two pointers
used by the DLIST add another 16 bytes, so the overall list allocation
is the same as the peak 2n array allocation -- except in the list case
it is dwarfed by the talloc and malloc metadata overhead.

Before settling on the resized arrays, we tried red-black trees, which
are bound to be better for large ndr structures. As it happens, we
don't deal with large structures (the size of replication clumps is
limited to 400 objects) and the asymptotic benefits of the trees are
not realised in practice.

With luck you should find graphs comparing the performance of these
various techniques at:

https://www.samba.org/~dbagnall/perf-tests/ndr-token/

This necessarily breaks the ABI because the linked list implementation
was publicly exposed.

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Thu Mar  2 08:38:22 CET 2017 on sn-devel-144
2017-03-02 08:38:21 +01:00
Douglas Bagnall
4bd8e63165 ndr: fix whitespace in libndr.h, ndr.c
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2017-03-02 04:35:14 +01:00
Andreas Schneider
79a49dc19a ndrdump: Fix a possible NULL pointer dereference
Found by covscan.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12592

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2017-02-23 03:18:10 +01:00
Stefan Metzmacher
c97e39b34f librpc/rpc: fix regression in NT_STATUS_RPC_ENUM_VALUE_OUT_OF_RANGE error mapping
Commit 1eef708729 changed the mapping for
DCERPC_NCA_S_FAULT_INVALID_TAG from NT_STATUS_RPC_ENUM_VALUE_OUT_OF_RANGE
to NT_STATUS_RPC_PROCNUM_OUT_OF_RANGE.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12585

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
2017-02-21 16:09:21 +01:00