IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
This is a big patch, but all it does is replace all "p->session_info"
with "session_info" after introducing a local variable from
dcesrv_call_session_info(p->dce_call).
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Only used in pipe_access_check(), superseded by dcesrv_call_auth_info()
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
This is the only user, and in winbind_dual_ndr.c's
make_internal_ncacn_conn we have another creator of pipes_struct. So
it seems not necessary to keep this public.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
After merging s3 and s4 RPC handles implementations in commit
70fa7e817e a new empty handle is allocated
when find_policy_by_hnd() or close_policy_hnd() is called with an empty
policy_handle (see dcesrv_handle_lookup() implementation).
This new behavior was causing a crash when running samba3.rpc.mdssvc test
with log level >= 10, because a debug message in _mdssvc_close() was
dereferencing the handle's associated data when called from
test_mdssvc_close() with an empty policy_handle.
Signed-off-by: Samuel Cabrero <scabrero@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Mon Sep 20 14:31:33 UTC 2021 on sn-devel-184
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14783
RN: smbd "deadtime" parameter doesn't work anymore
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Samuel Cabrero <scabrero@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Tue Aug 10 18:41:43 UTC 2021 on sn-devel-184
The talloc memory context referenced by the pipe_struct mem_ctx member is used
as talloc parent for RPC response data by the RPC service implementations.
In Samba versions up to 4.10 all talloc children of p->mem_ctx were freed after
a RPC response was delivered by calling talloc_free_children(p->mem_ctx). Commit
60fa8e2552 removed this call which resulted in all
memory allocations on this context not getting released, which can consume
significant memory in long running RPC connections.
Instead of putting the talloc_free_children(p->mem_ctx) back, just use the
mem_ctx argument of the ${pipename}_op_dispatch_internal() function which is a
dcesrv_call_state object created by dcesrv_process_ncacn_packet() and released
by the RPC server when the RPC request processing is finished.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14675
CI: https://gitlab.com/samba-team/samba/-/merge_requests/1861
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Best viewed with "git show -b". Use the typical pattern of an early
error return.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Samuel Cabrero <scabrero@samba.org>
The generic function already checks the handle type.
Signed-off-by: Samuel Cabrero <scabrero@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Now that we pass the handle type to the generic handle creation and find
functions we can drop the specific SAMR ones.
The policy_handle_create() function labeled the talloc chunk used to
allocate the handle's associated data, and the policy_handle_find() is
checking the name matches with the expected data. The check is performed
now by the generic functions based on the handle type so we can drop
these SAMR specific functions.
Signed-off-by: Samuel Cabrero <scabrero@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Following changes in commit c7a4578d06
pass the handle type to the handle search functions. The handle type will
be verified unless passing DCESRV_HANDLE_ANY to find functions.
Signed-off-by: Samuel Cabrero <scabrero@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
The handle based security model is a SAMR specific feature. The access
granted is stored in the handle's associated data after creating it and
the access is verified after searching the handle.
Signed-off-by: Samuel Cabrero <scabrero@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Since wire_handle.handle_type is uint32_t, we can simply assign uint8_t
handle type to it without using SIVAL() macros. Further unify with s4
RPC server code flow.
Fixes CID 1462616
>>> CID 1462616: (CONSTANT_EXPRESSION_RESULT)
>>> "(uint32_t)handle_type >> 16" is 0 regardless of the values of its operands. This occurs as a value.
284 SIVAL(&rpc_hnd->wire_handle.handle_type, 0 , handle_type);
Signed-off-by: Alexander Bokovoy <ab@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Alexander Bokovoy <ab@samba.org>
Autobuild-Date(master): Thu Apr 30 07:09:55 UTC 2020 on sn-devel-184
Various RPC services expect policy handles of a specific type.
s3 RPC server did not allow to create policy handles with a specific
type while actually requiring that policy handle type itself in some
places.
Make sure we are able to specify the policy on-wire handle type when
creating the policy handle. The changes follow s4 DCE RPC server
implementation.
The original logic to always set on-wire handle type to 0 can be tracked
down to commit fdeea341ed when we didn't
really know about differences in on-wire handle types.
All but LSA trusted domain RPC calls do not check the on-wire handle
type in s3 RPC server.
Fixes trusted domain operations when Samba RPC client attempts to call
s3 RPC server to perform lsa_lsaRSetForestTrustInformation in FreeIPA.
This fix is a pre-requisite for FreeIPA-FreeIPA forest trust.
Signed-off-by: Alexander Bokovoy <ab@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Tue Apr 28 22:55:29 UTC 2020 on sn-devel-184
The debug message dereference the pointer, but as close_policy_by_pipe
is called from pipes_struct destructor it may be not initialized yet if
an error occur in the initialization code.
Signed-off-by: Samuel Cabrero <scabrero@suse.de>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
The name conflicts with the S4 name.
Signed-off-by: Samuel Cabrero <scabrero@suse.de>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
The first pdu is always a BIND.
REQUEST pdus are only allowed once the authentication
is finished.
A simple anonymous authentication is finished after the BIND.
Real authentication may need additional ALTER or AUTH3 exchanges.
Pair-Programmed-With: Stefan Metzmacher <metze@samba.org>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11344
Signed-off-by: Jeremy Allison <jra@samba.org>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
The performance of these is minimal (these days) and they can return
invalid results when used as part of applications that do not use
sys_fork().
Autobuild-User: Jelmer Vernooij <jelmer@samba.org>
Autobuild-Date: Sat Mar 24 21:55:41 CET 2012 on sn-devel-104
Everything uses talloc in the rpc server nowadays, remove this ancient use of
malloc. This also allows us to remove the free fucntion and let talloc handle
it properly.
Autobuild-User: Simo Sorce <idra@samba.org>
Autobuild-Date: Thu Jul 28 17:41:08 CEST 2011 on sn-devel-104
The auth_ctx is a child of pipes_struct, and this function is a used only as a
destructor on pipes_struct. So it is not really necessary to free this struct
in the destructor as it will be freed soon enough anyway.
Avoid code duplication and fix bug where a new pipe was not added to
InternalPipes upon creation in make_server_pipes_struct()
Signed-off-by: Andreas Schneider <asn@samba.org>
Autobuild-User: Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date: Thu Jul 21 19:50:02 CEST 2011 on sn-devel-104
Put InternalPipes related functions in rpc_handles.c and out of rpc_ncacn_np.c
rpc_handles.c is the only file that really uses them after all and ncacn_np.c
is the wrong place for that stuff.
While ther remove unnecessary wrapper functions now that the InternalPipes
static variable is directly accessible.
Also move all pipes_struct related header stuff in its own rpc_pipes.h header.
Signed-off-by: Andreas Schneider <asn@samba.org>
Instead, we base our guest calculations on the presence or absense of the
authenticated users group in the token, ensuring that we have only
one canonical source of this important piece of authorization data
Andrew Bartlett
Signed-off-by: Andrew Tridgell <tridge@samba.org>
These variables, of type struct auth_serversupplied_info were poorly
named when added into 2001, and in good consistant practice, this has
extended all over the codebase in the years since.
The structure is also not ideal for it's current purpose. Originally
intended to convey the results of the authentication modules, it
really describes all the essential attributes of a session. This
rename will reduce the volume of a future patch to replaced these with
a struct auth_session_info, with auth_serversupplied_info confined to
the lower levels of the auth subsystem, and then eliminated.
(The new structure will be the output of create_local_token(), and the
change in struct definition will ensure that this is always run, populating
local groups and privileges).
Andrew Bartlett
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Handles are shared among multiple pipes_struct. We cannot allocate
them on any specific pipes_struct or it will vanish for all others
as soon as that pipes_struct is freed, leaving back dangling
pointers.