IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
Pair-Programmed-With: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
This was only used in the prefork source3 rpc servers
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Samuel Cabrero <scabrero@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
MSG_RPC_DUMP_STATUS will be like pool-usage carrying a file descriptor to
report status to, the other two are described in rpc_host.idl.
NOALIGN on rpc_worker_status: This makes it easier to count bytes to
push into a static buffer.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Samuel Cabrero <scabrero@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
This is used by the helpers of samba-dcerpcd: When accepting a DCERPC
client, normally the server engine would read the initial bind
packet. In case of samba-dcerpcd the bind packet will already be read
from the socket, so we need to inject it into the rpc server engine
externally.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Samuel Cabrero <scabrero@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
[MS-BKRP] says it SHOULD listen here. In the ad dc, this conflicts
with smbd's srv_ntsvcs_nt.c listening also on nt ntsvcs unix domain
socket. Because "samba" starts smbd after itself, smbd takes over the
socket anyway, backupkey can't have been reached over this transport.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Samuel Cabrero <scabrero@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
We'll need to set custom callbacks on source3's global_dcesrv_ctx,
which right now is deeply embedded. Once we have everything more
nicely layered, this can go again.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Samuel Cabrero <scabrero@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
This will serve as a check to make sure that in particular a SAMR
client is really root. This is for example used in get_user_info_18()
handing out a machine password.
The unix domain sockets for NCACN_NP can only be contacted by root,
the "np\" subdirectory for those sockets is root/root 0700.
Connecting to such a socket is done in two situations: First, local
real root processes connecting and smbd on behalf of SMB clients
connecting to \\pipe\name, smbd does become_root() there. Via the
named_pipe_auth_req_info4 smbd hands over the SMB session information
that the RPC server blindly trusts. The session information (i.e. the
NT token) is heavily influenced by external sources like the KDC. It
is highly unlikely that we get a system token via SMB, but who knows,
this is information not fully controlled by smbd.
This is where this additional field in named_pipe_auth_req_info5 makes
a difference: This field is set to NCACN_NP by smbd's code, not
directly controlled by the clients. Other clients directly connecting
to a socket in "np\" is root anyway (only smbd can do become_root())
and can set this field to NCALRPC.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Once RPC services are done by individual processes, we need to avoid
recursion between processes:
Any RPC server process will be able to serve multiple client requests
simultaneously, but each request is served in a single-threaded
blocking manner.
For example the netlogon RPC service needs to ask samr for
something. The netlogon->samr connection will initially be handled by
a central dispatcher assigning clients to processes. This dispatcher
needs to know that this connection can't end up in the same process
that originated the request.
With this flag an RPC client can request a samr server process that
exclusively serves its own requests and that will not serve anybody
else while serving netlogon.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Samuel Cabrero <scabrero@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
All other fragments blindly inherit it.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14875
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Samuel Cabrero <scabrero@samba.org>
That makes the callers much simpler and allow better debugging.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14875
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Samuel Cabrero <scabrero@samba.org>
It's better to see the location that triggered the fault.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14875
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Samuel Cabrero <scabrero@samba.org>
These appear when PAC_UPN_DNS_FLAG_HAS_SAM_NAME_AND_SID is set.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14835
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Joseph Sutton <josephsutton@catalyst.net.nz>
This ensures the order of the struct element is the same as in the IDL
definition. For an conformant array using the [sizeis(n)] syntax the sizeis
member is stored as first element in the marshall buffer.
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Make this available as a shared structure for both source3 and source4
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reduce indentation with a "break;" from the loop, best reviewed with
git show -b
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
This check is independent of whether we found a handle or not, we can
do it before walking the handle list.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Isaac Boukris <iboukris@samba.org>
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Isaac Boukris <iboukris@samba.org>
The new code uses PING_DC to tell the child to try to go online.
Pair-Programmed-With: Andreas Schneider <asn@samba.org>
Pair-Programmed-With: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Andreas Schneider <asn@samba.org>
Signed-off-by: Isaac Boukris <iboukris@samba.org>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
A lot of nested use of serialization stream pointers
([MS-RPCE] 2.2.6 Type Serialization Version 1).
Guenther
Signed-off-by: Guenther Deschner <gd@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
This function maintains an arbitrary mapping of GUID strings to
integers. This is required as only integers can be used as
discriminators for autogenerated ODJ unions.
Guenther
Signed-off-by: Guenther Deschner <gd@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
Found by covscan.
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Pavel Filipenský <pfilipen@redhat.com>
Reviewed-by: Noel Power <npower@samba.org>
In many cases these can and should be consumed as soon as
they are used.
This is not a complete fix, we don't clean up the array_size
token after using it split between an NDR_SCALARS and
an NDR_BUFFERS pass, but it is much better than it was
and helps the winbind case with a large number of groups
(eg 100,000) as otherwise we hit the 65535 NDR token limit.
(This is an arbitary Samba-only limit to avoid DoS conditions)
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14710
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
In many cases these can and should be consumed as soon as
they are used.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14710
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
This pointer is only used to find the right token in the list
so can be declared const.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14710
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
This makes it safer to change our code to remove tokens after use
if failing to obtain a token would result in an error.
This means changing ndr_get_array_size() and ndr_get_array_length()
to also return an error code.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14710
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
These patches are to address an issue unpacking a very large
winbind.wbint_Principals array (100,000).
We need the NDR_TOKEN_MAX_LIST_SIZE value exposed as
otherwise a well-meaning incrase of this value would
invalidate the test.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14710
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
This is set in the call just above and otherwise we will (in the next commit)
need an intermediate variable once we need to check error codes from
ndr_get_array_size().
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14710
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Based on specifications found at
https://web.mit.edu/kerberos/krb5-devel/doc/formats/ccache_file_format.html
This is primarily designed for parsing and storing a single Kerberos
ticket, due to the limitations of PIDL.
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
This is a separate binary executed from start_background_queue(). As
such it does not really gain much, but the idea is to move all the
code this runs out of the smbd and spoolssd binaries to just link
here.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
