1
0
mirror of https://github.com/samba-team/samba.git synced 2024-12-23 17:34:34 +03:00
Commit Graph

5167 Commits

Author SHA1 Message Date
Volker Lendecke
9e3ee8c40c printing: Remove "start_daemons" from printing_subsystem_init()
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2021-12-10 14:02:30 +00:00
Volker Lendecke
a7c65958a1 s3:rpc_server: Activate samba-dcerpcd
This is the big switch to use samba-dcerpcd for the RPC services in
source3/. It is a pretty big and unordered patch, but I don't see a
good way to split this up into more manageable pieces without
sacrificing bisectability even more. Probably I could cut out a few
small ones, but a major architechtural switch like this will always be
messy.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Samuel Cabrero <scabrero@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2021-12-10 14:02:30 +00:00
Volker Lendecke
d522a8cce1 s3:rpc_server: Add samba-dcerpcd helper programs
These are rpcd_* binaries.

rpcd_classic collects everything that's not specific

Changes the epmapper to read the epmdb.tdb, which will make the
epmapper tests non-bisectable until the switch is done.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Samuel Cabrero <scabrero@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2021-12-10 14:02:30 +00:00
Volker Lendecke
a350a000f1 s3:rpc_server: Make npa_state_init() public
Will be used later in client tools.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Samuel Cabrero <scabrero@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2021-12-10 14:02:30 +00:00
Volker Lendecke
d3e1ece1a4 s3:rpc_server: Implement the rpcd_* helper-end of the samba-dcerpc protocol
This is the generic code that becomes the
template that all rpcd_* instances that
serve DCERPC can use to provide services to samba-dcerpcd.

The external entry point is:
rpc_worker_main() which takes an argc/argv list
and two functions:

get_interfaces() - List all interfaces that this server provides
get_servers() - Provide the RPC server implementations

Each rpcd_* service needs only to provide
the implementations of get_interfaces() and get_servers()
and call rpc_worker_main() from their main() function
to provide services that can be connected to from samba-dcerpcd.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Samuel Cabrero <scabrero@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2021-12-10 14:02:30 +00:00
Volker Lendecke
3ca7c640da s3:rpc_server: Add samba-dcerpcd
Central dispatcher for incoming RPC requests, supported by helpers
that implement RPC services.

Upon startup, it asks all helpers which interfaces and endpoints to
listen on so it doesn't interfere with the samba binary when we're
configured as an Active Directory Domain Controller, then samba-dcerpcd
opens the relevant sockets. Once clients connect, start required helpers
and tell them to shut down once idle for a while.

Can be started as a full standalone daemon without smbd involved or as
a helper daemon started on demand by smbd or winbind or other local
processes trying to connect to a named pipe based RPC service.

NB. To start as a standalone daemon the smb.conf [global] option
"rpc start on demand helpers = false" must be set.
By default "rpc start on demand helpers = true"
in order to allow upgrades without needing an smb.conf change.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Samuel Cabrero <scabrero@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2021-12-10 14:02:30 +00:00
Volker Lendecke
f83f7bd6bd s3:rpc_server: Remove direct registry access from svcctl_init_winreg
Once we do registry access via a pipe into a different process, a
registry client won't be able to directly do registry transactions
anymore. In this case, I argue that doing this in a transactioned way
is overkill anyway. svcctl_init_winreg() just sets up some registry
keys, and if that leaves behind some stale entries if it fails
somewhere in the middle, it does not really matter because the only
one looking at these registry keys is the svcctl service, and that
only starts up if the init function was successfully run.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Samuel Cabrero <scabrero@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2021-12-10 14:02:30 +00:00
Volker Lendecke
d5fa626394 rpc_server: Check info5->transport
Eventually, this new mechanism might replace the ncalrpc_as_system mechanism: I
think with this we're much more flexible and even more secure: We rely on the
direct permissions on "np/" and don't have to pretend that the local client
came from a file on /root. We are more flexible because with this mechanism we
can easily fake arbitrary tokens and play with session keys.

However, this would require that the source4 librpc code needs to learn about
this mechanism, which I was not able to complete.

The source3 rpc_server side of this will go away soon, so for now only
allow NCACN_NP there. The check in source4 will stay with us for a
while, so allow NCACN_NP and NCALRPC to be set remotely here. With
NCACN_NP (the case for a client to connect on a named pipe), protect
against accidentially connecting as system.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2021-12-10 14:02:30 +00:00
Volker Lendecke
00e41d198d librpc: Get transport out of tstream_npa_accept_existing_recv()
To be used by the RPC servers in the next commit

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2021-12-10 14:02:30 +00:00
Volker Lendecke
1bab76223c librpc: Add named_pipe_auth_req_info5->transport
This will serve as a check to make sure that in particular a SAMR
client is really root. This is for example used in get_user_info_18()
handing out a machine password.

The unix domain sockets for NCACN_NP can only be contacted by root,
the "np\" subdirectory for those sockets is root/root 0700.

Connecting to such a socket is done in two situations: First, local
real root processes connecting and smbd on behalf of SMB clients
connecting to \\pipe\name, smbd does become_root() there. Via the
named_pipe_auth_req_info4 smbd hands over the SMB session information
that the RPC server blindly trusts. The session information (i.e. the
NT token) is heavily influenced by external sources like the KDC. It
is highly unlikely that we get a system token via SMB, but who knows,
this is information not fully controlled by smbd.

This is where this additional field in named_pipe_auth_req_info5 makes
a difference: This field is set to NCACN_NP by smbd's code, not
directly controlled by the clients. Other clients directly connecting
to a socket in "np\" is root anyway (only smbd can do become_root())
and can set this field to NCALRPC.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2021-12-10 14:02:30 +00:00
Alexander Bokovoy
c69b66f649 IPA DC: add missing checks
When introducing FreeIPA support, two places were forgotten:

 - schannel gensec module needs to be aware of IPA DC
 - _lsa_QueryInfoPolicy should treat IPA DC as PDC

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14903

Signed-off-by: Alexander Bokovoy <ab@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>

Autobuild-User(master): Alexander Bokovoy <ab@samba.org>
Autobuild-Date(master): Sat Nov 13 07:01:26 UTC 2021 on sn-devel-184
2021-11-13 07:01:26 +00:00
Ralph Boehme
25043ebb2e source3: move lib/substitute.c functions out of proto.h
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14897

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2021-11-11 13:49:32 +00:00
Alexander Bokovoy
e2d5b4d709 CVE-2020-25717: Add FreeIPA domain controller role
As we want to reduce use of 'classic domain controller' role but FreeIPA
relies on it internally, add a separate role to mark FreeIPA domain
controller role.

It means that role won't result in ROLE_STANDALONE.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14801
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14556

Pair-Programmed-With: Stefan Metzmacher <metze@samba.org>

Signed-off-by: Alexander Bokovoy <ab@samba.org>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2021-11-09 19:45:33 +00:00
Ralph Boehme
8e3372ecea mdssvc: add options to allow ignoring attribute and type mapping errors
This adds two options that are used by the Spotlight query parser to optionally
ignore unknown attributes or types in a query.

    elasticsearch:ignore unknown attribute = yes | no (default: no)
    elasticsearch:ignore unknown type = yes | no (default: no)

Example Spotlight query with unknown attributes and type:

    kMDItemContentType=="public.calendar-event"||kMDItemSubject=="Kalender*"cdw||
    kMDItemTitle=="Kalender*"cdw||kMDItemTopic=="Kalender*"cdw||
    kMDItemTextContent=="Kalender*"cd||*=="Kalender*"cdw||
    kMDItemTextContent=="Kalender*"cdw

The unknown attributes are "kMDItemTopic" and "kMDItemSubject". The unkown type
is "public.calendar-event".

Currently the parser will outright fail to parse the query and the search will
enter an error state.

To give users some control over the mapping the above options can be used to
tell the parser to simply ignore such unknown attributes and types.

  (meta.title:Kalender* OR content:Kalender* OR Kalender* OR content:Kalender*)

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Noel Power <npower@samba.org>
2021-10-14 09:33:38 +00:00
Ralph Boehme
c674323789 mdssvc: prepare for ignore attribute and type mapping errors
Lower the debug levels to debug from error. No change in behaviour.

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Noel Power <npower@samba.org>
2021-10-14 09:33:38 +00:00
Ralph Boehme
232146775b selftest: add a test ignored spotlight/elasticsearch mapping failures
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Noel Power <npower@samba.org>
2021-10-14 09:33:38 +00:00
Volker Lendecke
83ad7e01fc rpc_server3: Remove pipes_struct->private_data
netlogon3 was the only user

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2021-10-08 19:28:32 +00:00
Volker Lendecke
426a7b4805 rpc_server3: Use dcesrv_iface_state in netlogon3
Align with the source4/rpc_server/netlogon

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2021-10-08 19:28:32 +00:00
Volker Lendecke
246a5ceab1 netlogon: Move netlogon_server_pipe_state to netlogon.idl
Make this available as a shared structure for both source3 and source4

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2021-10-08 19:28:32 +00:00
Volker Lendecke
81a7b2e08d rpc_server3: Remove an outdated comment
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2021-10-08 19:28:32 +00:00
Volker Lendecke
ed9e2850bf rpc_server3: Remove "pipes_struct->opnum"
Also available via dce_call->pkt.u.request.opnum

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2021-10-08 19:28:32 +00:00
Volker Lendecke
2e3cea27fc rpc_server3: Remove "pipes_struct->call_id"
Unused.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2021-10-08 19:28:32 +00:00
Volker Lendecke
10ac08fc1d rpc_server3: Remove unused fields from struct dcerpc_ncacn_conn
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2021-10-08 19:28:31 +00:00
Volker Lendecke
9b260ff839 lsa_server3: Align integer types
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2021-10-08 19:28:31 +00:00
Volker Lendecke
81e27693c6 mdssvc: Use ndr_policy_handle_empty()
is_zero_policy_handle() was a duplicate.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Sat Sep 25 00:46:23 UTC 2021 on sn-devel-184
2021-09-25 00:46:23 +00:00
Samuel Cabrero
af06d73a75 s3:rpc_server: Do not use the default ncalrpc endpoint for external services
In samba3 it is possible to run some services externally, for example:

rpc_daemon:lsasd = fork
rpc_server:netlogon = disabled
rpc_server:samr = external
rpc_server:lsarpc = external

The external services running in separate processes have to use its own
dedicated ncalrpc endpoint, otherwise will race with main smbd serving the
embedded services to accept connections on ncalrpc default socket. If the
connection ends in an external process and the client tries to bind to an
interface not registered there (like winreg for example) the bind will fail.

Signed-off-by: Samuel Cabrero <scabrero@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>

Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Tue Sep 21 11:00:01 UTC 2021 on sn-devel-184
2021-09-21 11:00:01 +00:00
Samuel Cabrero
8a93ef625f s3: rpc_server: Avoid creating new handles when received an empty policy_handle
After merging s3 and s4 RPC handles implementations in commit
70fa7e817e a new empty handle is allocated
when find_policy_by_hnd() or close_policy_hnd() is called with an empty
policy_handle (see dcesrv_handle_lookup() implementation).

This new behavior was causing a crash when running samba3.rpc.mdssvc test
with log level >= 10, because a debug message in _mdssvc_close() was
dereferencing the handle's associated data when called from
test_mdssvc_close() with an empty policy_handle.

Signed-off-by: Samuel Cabrero <scabrero@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>

Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Mon Sep 20 14:31:33 UTC 2021 on sn-devel-184
2021-09-20 14:31:33 +00:00
Volker Lendecke
44566f59d8 rpc_server3: Include the right "dcerpc.h" from a SAMBA_SUBSYSTEM
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2021-09-07 18:26:33 +00:00
Jeremy Allison
b4d8c62c4e s3: mdssvc: Correctly disconnect the VFS connection inside the mds_ctx destructor.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14809

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
2021-08-25 16:22:37 +00:00
Volker Lendecke
7e810091fc rpc_server: Fix a comment
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2021-08-24 17:32:28 +00:00
Volker Lendecke
12942576b3 rpc_server: Simplify _samr_CreateUser2()
Use a variable that we just set a line before, don't duplicate the
priv name.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2021-08-24 17:32:28 +00:00
Volker Lendecke
95a2540d0b rpc_server: Align integer types
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2021-08-24 17:32:28 +00:00
Volker Lendecke
da74089533 rpc_server: Remove an unused function declaration
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2021-08-24 17:32:28 +00:00
Volker Lendecke
2154bb50f6 rpc_server: Slightly simplify set_user_info_18()
Instead of adding the NULL check to data_blob_talloc_zero() put "out"
on the stack.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2021-08-24 17:32:28 +00:00
Volker Lendecke
ebac118da5 rpc_server: Slightly simplify set_user_info_21()
Instead of adding the NULL check to data_blob_talloc_zero() put "out"
on the stack.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2021-08-24 17:32:28 +00:00
Ralph Boehme
45a33b25c4 s3/rpc_server: track the number of policy handles with a talloc destructor
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14783
RN: smbd "deadtime" parameter doesn't work anymore

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Samuel Cabrero <scabrero@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Tue Aug 10 18:41:43 UTC 2021 on sn-devel-184
2021-08-10 18:41:43 +00:00
Andreas Schneider
d6c7a2a700 netlogon:schannel: If weak crypto is disabled, do not announce RC4 support.
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2021-08-03 09:28:38 +00:00
Ralph Boehme
620b991443 mdssvc: avoid direct filesystem access, use the VFS
This ensures mdssvc uses the same FileIDs as the fileserver as well as Spotlight
can be used working on a virtual filesystem like GlusterFS.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14740

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Wed Jun 16 05:59:13 UTC 2021 on sn-devel-184
2021-06-16 05:59:12 +00:00
Ralph Boehme
6de3a88494 mdssvc: chdir() to the conn of the RPC request
In preperation of calling VFS functions.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14740

Reviewed-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2021-06-16 05:08:29 +00:00
Ralph Boehme
8b681cfb5d mdssvc: maintain a connection struct in the mds_ctx
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14740

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2021-06-16 05:08:29 +00:00
Ralph Boehme
1ef2828e10 mdssvc: pass messaging context to mds_init_ctx()
This is needed in a subsequent commit. Note that I prefer to do the event
context unwrapping in the caller and pass both the event and messaging context
explicitly to mds_init_ctx().

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14740

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2021-06-16 05:08:29 +00:00
Ralph Boehme
8847f46f75 mdssvc: don't fail mds_add_result() if result is not found in CNID set
Just skip adding the result to the pending results set, don't return an
error. Returning an error triggers an error at the MDSSVC RPC error which is NOT
what we want here.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14740

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2021-06-16 05:08:29 +00:00
Ralph Boehme
e2486d76b6 mdssvc: use a helper variable in mds_add_result()
No change in behaviour.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14740

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2021-06-16 05:08:29 +00:00
Volker Lendecke
35a43de18d rpc_server: Make get_domain_userlist() independent of errno
In the "num_users==0" case (previously just return NULL) we depended
on errno==0 implicitly. When list_sessions() above in this routine had
to open smbXsrv_session_global, it could however happen that errno was
set. If then there were no users, get_domain_userlist() returned NULL
with errno set, which the callers interpreted then as a real error.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2021-06-15 18:11:35 +00:00
Volker Lendecke
76c1b77e79 rpc_server: Make errno return of get_logged_on_userlist explicit
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2021-06-15 18:11:35 +00:00
Volker Lendecke
aa147153c1 rpc_server: Don't rely on TCP-bind() to return EADDRINUSE
socket_wrapper can't do EADDRINUSE because unix domain sockets don't
do it.

This currently works correctly because right now all RPC servers
either use explicit ports or all listen on the same socket.

The new code uses a static variable, so it only helps if a single
process listens for multiple RPC sockets. It won't work if multiple
processes start listening. But in case samba-dcerpcd goes in this will
be exactly the right thing to do.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2021-06-15 18:11:35 +00:00
Jeremy Allison
8723bec340 s3: eventlog: get_nt_acl_no_snum(), SMB_VFS_GET_NT_ACL_AT() -> SMB_VFS_FGET_NT_ACL().
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
2021-06-09 13:14:30 +00:00
Volker Lendecke
7f967589ea rpc_server: Use correct PRIu16 for printf of a uint16
Don't rely on correct casting

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2021-06-04 16:47:34 +00:00
Volker Lendecke
87a0a20417 rpc_server: Avoid a cast
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2021-06-04 16:47:34 +00:00
Andreas Schneider
f81fe73f53 s3:rpc_server: Migrate test_mdsparser_es to new cmdline option parser
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2021-05-20 02:58:36 +00:00
Samuel Cabrero
1efa9ffd7a s3-iremotewinspool: set the per-request memory context
The iremotewinspool service is not using the pidl autogenerated code.
Set the per-request memory context following the changes made is commit
5a7e9ade9a4cdfa68900c6a64b639f53c0da47ad.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14675
CI: https://gitlab.com/samba-team/samba/-/merge_requests/1890

Signed-off-by: Samuel Cabrero <scabrero@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>

Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Fri Apr  9 15:20:02 UTC 2021 on sn-devel-184
2021-04-09 15:20:02 +00:00
Samuel Cabrero
aac8be5419 s3: rpc_server: Store new association groups in the id tree
Right now a new association group is created for each connection
assigning the legacy 0x53F0 id, but it is not stored anywhere. When a
second client request to join an association group by its id it is not
found and a new one is created with the same ID.

In practise, it means the association groups are not working even in the
same server process.

This commit stores the created association group in the idtree, but to
make use of it assigns a random id instead of the historical 0x53F0.

The test assoc_group_ok2 was wrongly passing before this change because
the same id 0x53F0 was assigned to all association groups.

Signed-off-by: Samuel Cabrero <scabrero@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2021-04-07 09:18:30 +00:00
Samuel Cabrero
f5178ef11e s3: rpc_server: Search for already created association groups
If the client requests to join to an association group in the bind operation
try to find it and do not create a new one.

Signed-off-by: Samuel Cabrero <scabrero@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2021-04-07 09:18:30 +00:00
Volker Lendecke
8945d99758 rpc: Give dcerpc_util.c its own header
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2021-04-06 22:29:34 +00:00
Volker Lendecke
30e0cac46b rpc_server: tstream_npa_connect_recv() returns errno into sys_errno
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2021-04-06 22:29:33 +00:00
Volker Lendecke
bbfdf2708e tstream_npa: Return named_pipe_auth_req_info4 from accept_existing
Callers might want the full picture. We need to make
named_pipe_auth_req_info4 public for that.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2021-04-01 19:32:36 +00:00
Volker Lendecke
206c99f6e5 srv_winreg: Align integer types
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2021-04-01 19:32:36 +00:00
Volker Lendecke
12f516e468 rpc_server3: Fix a memleak for internal pipes
state->call should not be talloc'ed off a long-lived context

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14675
CI: https://gitlab.com/samba-team/samba/-/merge_requests/1861

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Samuel Cabrero <scabrero@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>

Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Wed Mar 31 12:14:01 UTC 2021 on sn-devel-184
2021-03-31 12:14:01 +00:00
Ralph Boehme
481176ec74 spools: avoid leaking memory into the callers mem_ctx
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14675
CI: https://gitlab.com/samba-team/samba/-/merge_requests/1861

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
2021-03-31 11:11:31 +00:00
Ralph Boehme
4c3fb2a591 pidl: set the per-request memory context in the pidl generator
The talloc memory context referenced by the pipe_struct mem_ctx member is used
as talloc parent for RPC response data by the RPC service implementations.

In Samba versions up to 4.10 all talloc children of p->mem_ctx were freed after
a RPC response was delivered by calling talloc_free_children(p->mem_ctx). Commit
60fa8e2552 removed this call which resulted in all
memory allocations on this context not getting released, which can consume
significant memory in long running RPC connections.

Instead of putting the talloc_free_children(p->mem_ctx) back, just use the
mem_ctx argument of the ${pipename}_op_dispatch_internal() function which is a
dcesrv_call_state object created by dcesrv_process_ncacn_packet() and released
by the RPC server when the RPC request processing is finished.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14675
CI: https://gitlab.com/samba-team/samba/-/merge_requests/1861

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
2021-03-31 11:11:31 +00:00
Volker Lendecke
ebd5322e63 printing: Fix typos
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2021-03-24 20:31:30 +00:00
Volker Lendecke
72540222c2 lib: Properly return errno from open_socket_in()
Before this patch, open_socket_in() relied on quite a bit of code to
not touch errno after for example socket() returned -1. Change this to
explicitly save errno in "ret", such that a later DEBUG() with all its
formatting code can mess it up.

While there, remove the debuglevel parameter. I don't think this
actually useful.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2021-03-19 07:09:37 +00:00
Volker Lendecke
9e3f0fa34b rpc_server: Fix a -Werror=format-truncation error
gcc gets this wrong, it believes %u can write up to
"2147483647" (2^31-1). Silence this with an easy patch.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2021-03-16 17:09:32 +00:00
Volker Lendecke
386f62fb57 rpc_server: Initialize variables in get_md4pw()
My gcc complained at one point about uninitialized vars

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2021-03-16 17:09:32 +00:00
Volker Lendecke
35ecbb3221 rpc_server: Save roundtrips into samr for machine pwd changes
We already have the machine SID, no need to look it up again.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2021-03-16 17:09:32 +00:00
Volker Lendecke
9614273aa3 librpc: Make "dcesrv_context->callbacks" a pointer
This structure just grew from 3 to 6 pointers, avoid making a copy of
this. All callers of dcesrv_init_context() have this as a static
struct in the C object, so a pointer to that won't change.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2021-03-16 17:09:32 +00:00
Volker Lendecke
403eabe4fc librpc: Add "private_data" to struct dcesrv_context_callbacks
Not used right now, but we should never have callbacks without a
"private_data" pointer. Some of the callbacks could even today benefit
from this.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2021-03-16 17:09:31 +00:00
Volker Lendecke
b5705cc70c srvsrvc: Reload conf after changing a share
The call to messaging_send_all() skips ourselves. This is tested in
source3/script/tests/test_rpcclientsrvsvc.sh, which right now we only
survive because the rpcclient call spawns a new smbd, which reloads
smb.conf. Once you start running srvsvcd in a long-running daemon,
this fails.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2021-03-09 22:36:28 +00:00
Volker Lendecke
559b4df143 rpc_server: Use any_nt_status_not_ok() in srv_netlog_nt.c
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2021-03-09 22:36:28 +00:00
Volker Lendecke
3e58a4d9d7 rpc_server: Use direct struct initialization instead of ZERO_STRUCT
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2021-03-09 22:36:28 +00:00
Volker Lendecke
a53cc3adc6 epmapper: talloc_stackframe() panics on failure
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2021-03-09 22:36:28 +00:00
Volker Lendecke
3a7f099b6b rpc_server: talloc_stackframe() panics on failure
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2021-03-09 22:36:28 +00:00
Volker Lendecke
dd56d415b1 rpc_server: Fix a typo
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2021-03-09 22:36:28 +00:00
Volker Lendecke
ca1f67406f rpc_server: Align integer types
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2021-03-09 22:36:28 +00:00
Volker Lendecke
9c1d7632e3 librpc: Convert find_interface_by_uuid to search by syntax_id
All callers manually dissected the syntax id for this API.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Samuel Cabrero <scabrero@samba.org>
2021-01-28 16:58:35 +00:00
Volker Lendecke
38ebfe2e1f epmapper: Simplify endpoints_match()
strequal() deals fine with either string being NULL. We only have to
take of the case where both are NULL.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Samuel Cabrero <scabrero@samba.org>
2021-01-28 16:58:35 +00:00
Volker Lendecke
895f459b4b epmapper: Simplify _epm_Map()
We have a routine to compare ndr_syntax_id, don't do it manually.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Samuel Cabrero <scabrero@samba.org>
2021-01-28 16:58:35 +00:00
Volker Lendecke
17a8fa6d24 rpc_server: Add CLOEXEC to the listening sockets
We don't want to leak them into exec'ed processes.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Tue Jan 26 01:13:53 UTC 2021 on sn-devel-184
2021-01-26 01:13:53 +00:00
Volker Lendecke
d4e46cae4c rpc_server: Consolidate transport-specific socket creation
We had the transport switch in two places, put them together into
dcesrv_create_binding_sockets(). This makes the transport-specific
socket creation functions static to rpc_sock_helper.c.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2021-01-26 00:10:31 +00:00
Volker Lendecke
125c605ea5 rpc_server: Move socket creation to rpc_sock_helper.[ch]
dcesrv_create_ncacn_ip_tcp_sockets() already was there, move the rest
as well. This makes dcesrv_create_ncacn_np_socket() static to
rpc_sock_helper.c.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2021-01-26 00:10:31 +00:00
Volker Lendecke
27987e313f rpc_server: Factor out e->ep_description in dcesrv_create_endpoint_sockets()
e->ep_description is used a lot in this function.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2021-01-26 00:10:31 +00:00
Volker Lendecke
1c889f4475 rpc_server: Pass dcerpc_binding to dcesrv_create_ncacn_np_socket()
It does not need a dcesrv_endpoint.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2021-01-26 00:10:31 +00:00
Volker Lendecke
e74d520855 rpc_server: Pass dcerpc_binding to dcesrv_create_ncacn_ip_tcp_sockets()
It does not need a dcesrv_endpoint.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2021-01-26 00:10:31 +00:00
Volker Lendecke
cc456ac882 rpc_server: Pass dcerpc_binding to dcesrv_create_ncalrpc_socket()
It does not need a dcesrv_endpoint.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2021-01-26 00:10:31 +00:00
Volker Lendecke
f0aa39017b rpc_server: Remove an unused function parameter
dcesrv_create_endpoint_sockets() doesn't need dce_ctx.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2021-01-26 00:10:31 +00:00
Ralph Boehme
6c421f523b s3/rpc_server: add deps of rpc_mdssvc_module
This allows removing allow_undefined_symbols=True.

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>

Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Thu Jan 14 16:05:10 UTC 2021 on sn-devel-184
2021-01-14 16:05:10 +00:00
Volker Lendecke
9bb5b32621 rpc_server: Remove protocol-specific dcerpc_setup_ routines
These are all just stream sockets, being taken care of by
dcesrv_setup_ncacn_listener()

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Samuel Cabrero <scabrero@samba.org>

Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Thu Jan 14 14:35:58 UTC 2021 on sn-devel-184
2021-01-14 14:35:58 +00:00
Volker Lendecke
8004fb4a5b rpc_server: Use dcesrv_setup_ncacn_listener() in dcesrv_setup_endpoint_sockets()
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Samuel Cabrero <scabrero@samba.org>
2021-01-14 13:29:35 +00:00
Volker Lendecke
94f48f34f1 rpc_server: Add dcesrv_setup_ncacn_listener()
This is supposed to replace the protocol-specific dcerpc_setup_*
functions. They are all very similar except the way to create the
socket file descriptor. By handing out the anonymous structure
"listen_state" for an error path the listener tevent_fd structs can be
cancelled individually or handed over to other talloc parents.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Samuel Cabrero <scabrero@samba.org>
2021-01-14 13:29:35 +00:00
Volker Lendecke
6482bee22f rpc_server: Move setting ip-based socket options
All ncacn_ip_tcp listener sockets are created via
dcesrv_create_ncacn_ip_tcp_socket(). Moving setting the socket options
out of dcesrv_setup_ncacn_ip_tcp_socket() to remove a special case for
TCP from the dcesrv_setup_* family of routines.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Samuel Cabrero <scabrero@samba.org>
2021-01-14 13:29:35 +00:00
Volker Lendecke
50dada72ad rpc_server: Direct pointer initialization in dcesrv_ncacn_np_accept_done()
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Samuel Cabrero <scabrero@samba.org>
2021-01-14 13:29:35 +00:00
Volker Lendecke
33f7aac871 rpc_server: Make dcerpc_ncacn_accept() take tsocket_address **
dcerpc_ncacn_accept() talloc_move's the addresses away from the
caller's talloc hierarchy. Don't leave pointers around in the caller.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Samuel Cabrero <scabrero@samba.org>
2021-01-14 13:29:35 +00:00
Volker Lendecke
a21867bc48 rpc_server: Remove unused make_server_pipes_struct()
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Samuel Cabrero <scabrero@samba.org>
2021-01-14 13:29:35 +00:00
Volker Lendecke
562e48655c rpc_server: Use make_base_pipes_struct() in make_internal_rpc_pipe_socketpair()
make_server_pipes_struct() is just a simple wrapper.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Samuel Cabrero <scabrero@samba.org>
2021-01-14 13:29:35 +00:00
Volker Lendecke
8488b16f56 rpc_server: Use make_base_pipes_struct() in dcesrv_ncacn_accept_step2()
make_server_pipes_struct() is just a simple wrapper.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Samuel Cabrero <scabrero@samba.org>
2021-01-14 13:29:35 +00:00
Volker Lendecke
dcc8f37af1 rpc_server: Simplify find_policy_by_hnd_internal()
Best viewed with "git show -b". Use the typical pattern of an early
error return.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Samuel Cabrero <scabrero@samba.org>
2021-01-14 13:29:35 +00:00
Volker Lendecke
eecd5e8783 epmapper3: Fix a DEBUG message
This is not function dcesrv_interface_register()

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2021-01-12 00:10:30 +00:00
Volker Lendecke
457afe052f epmapper3: Fix a typo
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2021-01-12 00:10:30 +00:00
Volker Lendecke
912196f430 rpc_servers: Remove unused variables
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Samuel Cabrero <scabrero@samba.org>
2021-01-11 13:19:32 +00:00
Volker Lendecke
79a73b4484 rpc_servers: Fix crash with many interfaces
Previously, the lowlevel routines wrote into the pf_listen_fd arrays
without checking its size.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Samuel Cabrero <scabrero@samba.org>
2021-01-11 13:19:32 +00:00
Volker Lendecke
ca96748552 rpc_server: Add dcesrv_create_endpoint_list_fd_listen_fds()
This encapsulates the loop in the three standalone rpc daemons walking
the endpoints in a dcesrv_context.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Samuel Cabrero <scabrero@samba.org>
2021-01-11 13:19:32 +00:00
Volker Lendecke
9c9b0fd616 rpc_server: Lift ph_listen_fd logic one level
Push filling in struct pf_listen_fd into the daemons using
dcesrv_create_endpoint_sockets().

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Samuel Cabrero <scabrero@samba.org>
2021-01-11 13:19:32 +00:00
Volker Lendecke
a00e3e8af3 rpc_server: Lift logic to fill in pf_listen_fd one level
dcesrv_create_ncacn_ip_tcp_sockets() now returns a struct of fd's
instead of filling a preallocated array: Its only function beyond
dcesrv_open_ncacn_ip_tcp_sockets() is thus gone.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Samuel Cabrero <scabrero@samba.org>
2021-01-11 13:19:32 +00:00
Volker Lendecke
666fc24a90 rpc_server: Use dcesrv_open_ncacn_ip_tcp_sockets() in dcesrv_setup_ncacn_ip_tcp_sockets()
Avoid duplication of logic with "lp_interfaces_only()"

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Samuel Cabrero <scabrero@samba.org>
2021-01-11 13:19:32 +00:00
Volker Lendecke
276b9bc20a rpc_server: Factor out dcesrv_open_ncacn_ip_tcp_sockets()
The main change is to return an allocated array of file descriptors in
dcesrv_open_ncacn_ip_tcp_sockets() instead of filling a preallocated
array of pf_listen_fd structures.

Signed-off-by: Volker Lendecke <vl@samba.org>
2021-01-11 13:19:32 +00:00
Volker Lendecke
7ed99ad1cd rpc_server: Make default prefork configs const
Move 24 bytes from modifyable data to .text segment

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2021-01-08 20:31:33 +00:00
Volker Lendecke
d82acf7685 lib: give global_contexts.c its own header file
It's a bit shocking how many references we have to global
contexts. Make this a bit more obvious.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2021-01-08 20:31:33 +00:00
Andreas Schneider
6d021d64c6 s3:mdssd: Fix creating binding string for error message
Found by covscan.

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2020-11-26 09:44:42 +00:00
Andreas Schneider
b20da08d41 s3:lsasd: Fix creating binding string for error message
Found by covscan.

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2020-11-26 09:44:42 +00:00
Volker Lendecke
15e9e2945c smbd: Give locking/share_mode_lock.c its own header file
To me this is then easier to figure out what is defined there, and
where it's exactly used.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2020-11-10 19:49:34 +00:00
Andreas Schneider
4425f2c113 s3:rpc_server: Allow to use RC4 for creating trusts
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2020-11-09 08:58:35 +00:00
Andreas Schneider
6c11e5f42b s3:rpc_server: Use gnutls_cipher_decrypt() in get_trustdom_auth_blob()
It doesn't matter for RC4, but just to be correct.

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
2020-11-09 08:58:35 +00:00
Jeremy Allison
e5e1759057 s3: spoolss: Make parameters in call to user_ok_token() match all other uses.
We already have p->session_info->unix_info->unix_name, we don't
need to go through a legacy call to uidtoname(p->session_info->unix_token->uid).

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14568

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Mon Nov  9 04:10:45 UTC 2020 on sn-devel-184
2020-11-09 04:10:45 +00:00
Andreas Schneider
c6a21e1897 s3:rpc_server: Allow to use RC4 for setting passwords
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
2020-10-29 14:19:36 +00:00
Stefan Metzmacher
7c8a7e8a15 librpc/dcesrv_core: move two rpcint_dispatch() copies into dcesrv_call_dispatch_local()
We only need this function once, so that we need to fix bugs only once...

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14551

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Samuel Cabrero <scabrero@samba.org>
2020-10-23 16:02:37 +00:00
Björn Jacke
38391ccc5d printing/spoolss: add ARM64 support
Signed-off-by: Bjoern Jacke <bjacke@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2020-10-17 09:22:31 +00:00
Björn Jacke
62c514c29c printing: move archi_table declarations into nt_printing.h
Signed-off-by: Bjoern Jacke <bjacke@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2020-10-17 09:22:31 +00:00
Gary Lockyer
b9b6abf18b CVE-2020-1472(ZeroLogon): rpc_server/netlogon: Fix confounder check
Add check for zero length confounder, to allow setting of passwords 512
bytes long. This does not need to be backported, as it is extremely
unlikely that anyone is using 512 byte passwords.

Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2020-10-16 04:45:40 +00:00
Volker Lendecke
dfc870b6cd mdssvc: Slightly simplify dalloc_size()
talloc_get_size() and thus talloc_array_length() deals fine with a
NULL pointer

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2020-10-02 21:30:33 +00:00
Ralph Boehme
322574834f vfs: remove dirfsp arg from SMB_VFS_CREATE_FILE()
This was supposed to be a shortcut to avoid passing dirfsp around as an explicit
function argument throughout the whole codebase when the new VFS design idea was
based on using *AT functions throughout the VFS.

Now that we've opted for basing the VFS on handles and *AT functions will only
be used in a much more limitted extent, it makes sense to remove this internal
dirfsp reference, otherwise the combination of internal fsp->dirfsp and
smb_fname->fsp is going to be a tough to wrap your head around.

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Fri Oct  2 21:00:05 UTC 2020 on sn-devel-184
2020-10-02 21:00:05 +00:00
Jeremy Allison
ff4e8b2c84 s3: smbd: All callers to filename_convert() pass in NULL for the 'bool *ppath_contains_wcard' parameter.
Remove it.

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
2020-09-30 20:46:42 +00:00
Volker Lendecke
2c04e9a6f2 spoolss: Align some integer types
SPOOLSS_NOTIFY_MSG_CTR->num_groups is defined as uint32_t

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2020-09-30 15:58:38 +00:00
Volker Lendecke
44fd74476d spoolss: Align some integer types
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2020-09-30 15:58:38 +00:00
Günther Deschner
b8e4b0f430 CVE-2020-1472(ZeroLogon): s3:rpc_server/netlogon: log warnings about unsecure configurations
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14497

Pair-Programmed-With: Stefan Metzmacher <metze@samba.org>

Signed-off-by: Günther Deschner <gd@samba.org>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
2020-09-18 12:48:39 +00:00
Günther Deschner
b74017d2dd CVE-2020-1472(ZeroLogon): s3:rpc_server/netlogon: support "server require schannel:WORKSTATION$ = no"
This allows to add expections for individual workstations, when using "server schannel = yes".
"server schannel = auto" is very insecure and will be removed soon.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14497

Pair-Programmed-With: Stefan Metzmacher <metze@samba.org>

Signed-off-by: Günther Deschner <gd@samba.org>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
2020-09-18 12:48:39 +00:00
Günther Deschner
9ef5b63e7a CVE-2020-1472(ZeroLogon): s3:rpc_server/netlogon: refactor dcesrv_netr_creds_server_step_check()
We should debug more details about the failing request.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14497

Pair-Programmed-With: Stefan Metzmacher <metze@samba.org>

Signed-off-by: Günther Deschner <gd@samba.org>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
2020-09-18 12:48:39 +00:00
Jeremy Allison
82d41977a8 CVE-2020-1472(ZeroLogon): s3:rpc_server/netlogon: protect netr_ServerPasswordSet2 against unencrypted passwords
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14497

Pair-Programmed-With: Stefan Metzmacher <metze@samba.org>

Signed-off-by: Jeremy Allison <jra@samba.org>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
2020-09-18 12:48:38 +00:00
Jeremy Allison
9ec8b59bde CVE-2020-1472(ZeroLogon): s3:rpc_server/netlogon: Fix mem leak onto p->mem_ctx in error path of _netr_ServerPasswordSet2().
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14497

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
2020-09-18 12:48:38 +00:00
Stefan Metzmacher
caba2d8082 CVE-2020-1472(ZeroLogon): s3:rpc_server:netlogon: make use of netlogon_creds_random_challenge()
This is not strictly needed, but makes things more clear.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14497

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
2020-09-18 12:48:38 +00:00
Björn Jacke
7651c02681 srv_spoolss_nt.c: fix wrong value in debug message
Signed-off-by: Bjoern Jacke <bjacke@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2020-09-18 00:35:40 +00:00
Matthew DeVore
c2ac923c6a s3: safe_string: do not include string_wrappers.h
Rather than have safe_string.h #include string_wrappers.h, make users of
string_wrappers.h include it explicitly.

includes.h now no longer includes string_wrappers.h transitively. Still
allow includes.h to #include safe_string.h for now so that as many
modules as possible get the safety checks in it.

Signed-off-by: Matthew DeVore <matvore@google.com>
Reviewed-by: David Mulder <dmulder@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2020-08-28 00:56:34 +00:00
Andreas Schneider
ba04151a01 s3:libsmb: Remove signing_state from cli_full_connection_creds()
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2020-08-19 16:22:42 +00:00
Andreas Schneider
c58a301c27 s3:libsmb: Introduce CLI_FULL_CONNECTION_IPC
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2020-08-19 16:22:41 +00:00
Andrew Bartlett
d4a9e882f6 Revert "build: fix the coverage build"
This reverts commit 3e072b3fb7.

This is no longer required now that --noline is set globally
and that is a much nicer solution.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2020-08-07 03:23:44 +00:00
Ralph Boehme
2327471756 lib: relicense smb_strtoul(l) under LGPLv3
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Swen Schillig <swen@linux.ibm.com>
Reviewed-by: Volker Lendecke <vl@samba.org>

Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Mon Aug  3 22:21:04 UTC 2020 on sn-devel-184
2020-08-03 22:21:02 +00:00
Andreas Schneider
9b34cee610 s3:rpc_server: Check return code of set_blocking()
Found by Coverity.

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Isaac Boukris <iboukris@samba.org>
2020-06-16 09:08:34 +00:00
Andreas Schneider
c57276cae6 s3:samr: Add missing NULL pointer check
Found by Coverity.

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Isaac Boukris <iboukris@samba.org>
2020-06-16 09:08:34 +00:00
Andreas Schneider
6114a4a59b s3:rpc_server: Pass a pointer to add_filemeta()
Review with: git show -U10

Found by cppcheck.

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Isaac Boukris <iboukris@samba.org>
2020-06-16 09:08:33 +00:00
David Disseldorp
1ded80ae6f s3/rpc_server: remove unnecessary srv_fss_agent.h header
The srv_fssa_start() / _cleanup() functions are called via the
DCESRV_INTERFACE_FILESERVERVSSAGENT_INIT / SHUTDOWN_SERVER hooks,
so needn't be public.

Signed-off-by: David Disseldorp <ddiss@samba.org>
Reviewed-by: Reviewed-by: Samuel Cabrero <scabrero@samba.org>

Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Wed Jun  3 03:57:12 UTC 2020 on sn-devel-184
2020-06-03 03:57:12 +00:00
Stefan Metzmacher
f563d0098b s3:rpc_server/spoolss: make use of cli_credentials_init_anon()
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2020-05-28 06:43:38 +00:00
Samuel Cabrero
6edcf6801d s3: rpc_server: Avoid casts calling to find_policy_by_hnd()
Signed-off-by: Samuel Cabrero <scabrero@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2020-05-24 23:55:37 +00:00
Samuel Cabrero
10cea64e4c s3: rpc_server: Remove dead code
Signed-off-by: Samuel Cabrero <scabrero@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2020-05-24 23:55:37 +00:00
Samuel Cabrero
70fa7e817e s3: rpc_server: Drop s3 rpc handles implementation
Signed-off-by: Samuel Cabrero <scabrero@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2020-05-24 23:55:37 +00:00
Samuel Cabrero
f98b3b6f10 pidl: Set dce_call in pipes_struct before dispatching call
Signed-off-by: Samuel Cabrero <scabrero@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2020-05-24 23:55:37 +00:00
Samuel Cabrero
be024932ef s3: rpc_server: Remove SAMR specific policy_handle_find() function
The generic function already checks the handle type.

Signed-off-by: Samuel Cabrero <scabrero@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2020-05-24 23:55:36 +00:00
Samuel Cabrero
7273b4bcc7 s3: rpc_server: Move SAMR handle based access check to a wrapper function
Now that the type associated to the handle is the same for all handle
types we can wrap the access check.

Signed-off-by: Samuel Cabrero <scabrero@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2020-05-24 23:55:36 +00:00
Samuel Cabrero
2bde40762a s3: rpc_server: Remove SAMR specific policy_handle_create() function
Now that we pass the handle type to the generic handle creation and find
functions we can drop the specific SAMR ones.

The policy_handle_create() function labeled the talloc chunk used to
allocate the handle's associated data, and the policy_handle_find() is
checking the name matches with the expected data. The check is performed
now by the generic functions based on the handle type so we can drop
these SAMR specific functions.

Signed-off-by: Samuel Cabrero <scabrero@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2020-05-24 23:55:36 +00:00
Samuel Cabrero
da9749acb3 s3: rpc_server: pass DCE/RPC handle type to find_policy_handle
Following changes in commit c7a4578d06
pass the handle type to the handle search functions. The handle type will
be verified unless passing DCESRV_HANDLE_ANY to find functions.

Signed-off-by: Samuel Cabrero <scabrero@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2020-05-24 23:55:36 +00:00
Samuel Cabrero
711ca4fab5 s3: rpc_server: Strip out access check field from s3 handles implementation
The handle based security model is a SAMR specific feature. The access
granted is stored in the handle's associated data after creating it and
the access is verified after searching the handle.

Signed-off-by: Samuel Cabrero <scabrero@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2020-05-24 23:55:36 +00:00
Ralph Boehme
44cd415921 smbd: add dirfsp arg to SMB_VFS_CREATE_FILE()
As create_file_default() still need to be updated in the future to replace the
SMB_VFS_STAT() calls with AT-based versions, it asserts (dirfsp ==
dirfsp->conn->cwd_fsp).

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2020-05-21 05:23:31 +00:00
Volker Lendecke
01db877c77 srvsvc: Move brl_get_locks() out of enum_file_fn()
With share_infos.tdb this is a locking order violation:
share_infos.tdb is level 4, brlock.tdb is level 2. Avoid this by first
walking the share_infos.tdb and then fetching all the brlock entries.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=14355

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>

Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Thu May 14 22:06:32 UTC 2020 on sn-devel-184
2020-05-14 22:06:32 +00:00
Volker Lendecke
46ab1d478d srvsvc: Collect file ids in enum_file_fn()
Will be used a few patches down

Bug: https://bugzilla.samba.org/show_bug.cgi?id=14355

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2020-05-14 20:29:38 +00:00
Volker Lendecke
bda0b3875d srvsvc: Use a struct initializer in net_enum_files()
Bug: https://bugzilla.samba.org/show_bug.cgi?id=14355

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2020-05-14 20:29:38 +00:00
Volker Lendecke
96d68bb9f2 srvsvc: Directly use "ctr3->count" instead of "i"
To me this was not very transparent, and now that we have "ctr3" a
single indirect looks okay

Bug: https://bugzilla.samba.org/show_bug.cgi?id=14355

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2020-05-14 20:29:38 +00:00
Volker Lendecke
ff80f68c30 srvsvc: Use a struct assignment in enum_file_fn()
Looks nicer than 5 complex array references...

Bug: https://bugzilla.samba.org/show_bug.cgi?id=14355

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2020-05-14 20:29:38 +00:00
Volker Lendecke
a9397f8788 srvsvc: Introduce ctx3 helper var in enum_file_fn()
Bug: https://bugzilla.samba.org/show_bug.cgi?id=14355

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2020-05-14 20:29:38 +00:00
Ralph Boehme
7215669d29 vfs: remove root_dir_fid arg from SMB_VFS_CREATE_FILE()
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Thu May 14 19:43:27 UTC 2020 on sn-devel-184
2020-05-14 19:43:27 +00:00
Jeremy Allison
88fbfe6a7c s3: smbd: Change SMB_VFS_GET_NT_ACL() -> SMB_VFS_GET_NT_ACL_AT() in get_nt_acl_no_snum().
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
2020-05-07 19:27:36 +00:00
Jeremy Allison
14df5d20a8 s3: RPC: Don't crash on trying to talloc_free(-1) if smb_iconv_open_ex() fails.
Assign output from smb_iconv_open_ex() to a temporary
handle. Only assign to mds_ctx->[handles] if correctly
opened otherwise we end up trying to call smb_iconv_close(-1).

MacOSX Catalina triggers this.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14372

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>

Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Thu May  7 18:03:16 UTC 2020 on sn-devel-184
2020-05-07 18:03:16 +00:00
Ralph Boehme
1e5164afaf smbd: pass twrp as NTTIME to filename_convert() and all the way down to canonicalize_snapshot_path()
Also pass by value rather then by reference.

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2020-05-05 19:18:40 +00:00
Ralph Boehme
b74653f2cd smbd: add twrp arg to synthetic_smb_fname()
Most places take twrp from a local struct smb_filename variable that the
function is working on. Some don't for various reasons:

o synthetic_smb_fname_split() is only called in very few places where we don't
  expect twrp paths

o implementations of SMB_VFS_GETWD(), SMB_VFS_FS_CAPABILITIES() and
  SMB_VFS_REALPATH() return the systems view of cwd and realpath without twrp info

o VFS modules implementing previous-versions support (vfs_ceph_snapshots,
  vfs_shadow_copy2, vfs_snapper) synthesize raw paths that are passed to VFS NEXT
  functions and therefor do not use twrp

o vfs_fruit: macOS doesn't support VSS

o vfs_recycle: in recycle_create_dir() we need a raw OS path to create a directory

o vfs_virusfilter: a few places where we need raw OS paths

o vfs_xattr_tdb: needs a raw OS path for SMB_VFS_NEXT_STAT()

o printing and rpc server: don't support VSS

o vfs_default_durable_reconnect: no Durable Handles on VSS handles, this might
  be enhances in the future. No idea if Windows supports this.

o get_real_filename_full_scan: hm.... FIXME??

o get_original_lcomp: working on a raw path

o msdfs: doesn't support VSS

o vfs_get_ntquota: synthesizes an smb_filename from ".", so doesn't support VSS
  even though VFS modules implement it

o fd_open: conn_rootdir_fname is a raw path

o msg_file_was_renamed: obvious

o open_np_file: pipes don't support VSS

o Python bindings: get's a raw path from the caller

o set_conn_connectpath: raw path

o set_conn_connectpath: raw path

o torture: gets raw paths from the caller

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2020-05-05 19:18:40 +00:00
Ralph Boehme
b9af0ecb3a s3/rpc_server: fss: realign synthetic_smb_fname() args in snap_path_exists()
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2020-05-05 19:18:39 +00:00
Volker Lendecke
abae5889d9 rpc_server3: Align integer types
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
2020-05-05 11:48:38 +00:00
Jeremy Allison
d7f4bb57f2 s3: smbd: Cleanup - move the function get_nt_acl_no_snum() to it's user module.
Make static. It was only called from one place.

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
2020-04-30 07:33:41 +00:00
Alexander Bokovoy
3be17c891b s3 rpc server: set on-wire handle type explicitly
Since wire_handle.handle_type is uint32_t, we can simply assign uint8_t
handle type to it without using SIVAL() macros. Further unify with s4
RPC server code flow.

Fixes CID 1462616
>>> CID 1462616:    (CONSTANT_EXPRESSION_RESULT)
>>> "(uint32_t)handle_type >> 16" is 0 regardless of the values of its operands. This occurs as a value.
284             SIVAL(&rpc_hnd->wire_handle.handle_type, 0 , handle_type);

Signed-off-by: Alexander Bokovoy <ab@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>

Autobuild-User(master): Alexander Bokovoy <ab@samba.org>
Autobuild-Date(master): Thu Apr 30 07:09:55 UTC 2020 on sn-devel-184
2020-04-30 07:09:55 +00:00
Alexander Bokovoy
c7a4578d06 s3: pass DCE RPC handle type to create_policy_hnd
Various RPC services expect policy handles of a specific type.

s3 RPC server did not allow to create policy handles with a specific
type while actually requiring that policy handle type itself in some
places.

Make sure we are able to specify the policy on-wire handle type when
creating the policy handle. The changes follow s4 DCE RPC server
implementation.

The original logic to always set on-wire handle type to 0 can be tracked
down to commit fdeea341ed when we didn't
really know about differences in on-wire handle types.

All but LSA trusted domain RPC calls do not check the on-wire handle
type in s3 RPC server.

Fixes trusted domain operations when Samba RPC client attempts to call
s3 RPC server to perform lsa_lsaRSetForestTrustInformation in FreeIPA.
This fix is a pre-requisite for FreeIPA-FreeIPA forest trust.

Signed-off-by: Alexander Bokovoy <ab@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Tue Apr 28 22:55:29 UTC 2020 on sn-devel-184
2020-04-28 22:55:29 +00:00
Samuel Cabrero
03f79a3bd7 s3:rpc_server: Improve local dispatching
Craft core structures to dispatch local calls in the same way as remote
ones, removing the special handling in the autogenerated code.

This is also necessary to drop s3 rpc handles implementation.

Signed-off-by: Samuel Cabrero <scabrero@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Wed Apr  8 22:23:05 UTC 2020 on sn-devel-184
2020-04-08 22:23:05 +00:00
Samuel Cabrero
2558c15beb s3:rpc_server: Fix talloc_free() with references error on server exit
Fixes talloc_free() with references when smbd exists and talloc_free the
global dcesrv context:

ERROR: talloc_free with references at ../../source3/rpc_server/rpc_config.c:73
	reference at ../../source3/rpc_server/rpc_server.c:193
	reference at ../../source3/rpc_server/rpc_server.c:592
	...

The talloc_reference to make the dcerpc_ncacn_listen_state a parent of
the dcesrv context is not necessary as the listen state is allocated
under the endpoint, which is allocated under the dcesrv context:

full talloc report on 'struct dcesrv_context' (total  12298 bytes in 188 blocks)
    ...
    struct dcesrv_endpoint         contains    691 bytes in  11 blocks (ref 0) 0x55ae964d79a0
        struct dcerpc_ncacn_listen_state contains    160 bytes in   2 blocks (ref 0) 0x55ae964fca60
            struct tevent_fd               contains    104 bytes in   1 blocks (ref 0) 0x55ae964f36f0
        struct dcesrv_if_list          contains    128 bytes in   2 blocks (ref 0) 0x55ae964e8a40
            ../../librpc/rpc/dcesrv_core.c:360 contains    104 bytes in   1 blocks (ref 0) 0x55ae964e8ac0
        struct dcesrv_if_list          contains    128 bytes in   2 blocks (ref 0) 0x55ae964e8870
            ../../librpc/rpc/dcesrv_core.c:327 contains    104 bytes in   1 blocks (ref 0) 0x55ae964e8970
        struct dcerpc_binding          contains    108 bytes in   2 blocks (ref 0) 0x55ae964e87a0
            \pipe\lsass                    contains     12 bytes in   1 blocks (ref 0) 0x55ae964e88f0
        struct dcerpc_binding          contains    111 bytes in   2 blocks (ref 0) 0x55ae964e86d0
            \pipe\netlogon                 contains     15 bytes in   1 blocks (ref 0) 0x55ae964e8650
    ...
    struct dcesrv_endpoint         contains   1728 bytes in  27 blocks (ref 0) 0x55ae964e0db0
        struct dcerpc_ncacn_listen_state contains    160 bytes in   2 blocks (ref 0) 0x55ae964fd540
            struct tevent_fd               contains    104 bytes in   1 blocks (ref 0) 0x55ae964f3890
        struct dcesrv_if_list          contains    128 bytes in   2 blocks (ref 0) 0x55ae964fbd70
            ../../librpc/rpc/dcesrv_core.c:360 contains    104 bytes in   1 blocks (ref 0) 0x55ae964f67a0
        struct dcesrv_if_list          contains    128 bytes in   2 blocks (ref 0) 0x55ae964fff60
            ../../librpc/rpc/dcesrv_core.c:360 contains    104 bytes in   1 blocks (ref 0) 0x55ae964f66c0
        struct dcesrv_if_list          contains    128 bytes in   2 blocks (ref 0) 0x55ae964eb8b0
            ../../librpc/rpc/dcesrv_core.c:360 contains    104 bytes in   1 blocks (ref 0) 0x55ae964eba00
        struct dcesrv_if_list          contains    128 bytes in   2 blocks (ref 0) 0x55ae964eb200
            ../../librpc/rpc/dcesrv_core.c:360 contains    104 bytes in   1 blocks (ref 0) 0x55ae964eb350
        struct dcesrv_if_list          contains    128 bytes in   2 blocks (ref 0) 0x55ae964eab70
            ../../librpc/rpc/dcesrv_core.c:360 contains    104 bytes in   1 blocks (ref 0) 0x55ae964eabf0
        struct dcesrv_if_list          contains    128 bytes in   2 blocks (ref 0) 0x55ae964ea360
            ../../librpc/rpc/dcesrv_core.c:360 contains    104 bytes in   1 blocks (ref 0) 0x55ae964ea4b0
        struct dcesrv_if_list          contains    128 bytes in   2 blocks (ref 0) 0x55ae964e9cb0
            ../../librpc/rpc/dcesrv_core.c:360 contains    104 bytes in   1 blocks (ref 0) 0x55ae964e9e00
        struct dcesrv_if_list          contains    128 bytes in   2 blocks (ref 0) 0x55ae964e96a0
            ../../librpc/rpc/dcesrv_core.c:360 contains    104 bytes in   1 blocks (ref 0) 0x55ae964e97f0
        struct dcesrv_if_list          contains    128 bytes in   2 blocks (ref 0) 0x55ae964e8430
            ../../librpc/rpc/dcesrv_core.c:360 contains    104 bytes in   1 blocks (ref 0) 0x55ae964e8580
        struct dcesrv_if_list          contains    128 bytes in   2 blocks (ref 0) 0x55ae964e6250
            ../../librpc/rpc/dcesrv_core.c:360 contains    104 bytes in   1 blocks (ref 0) 0x55ae964e8070
        struct dcesrv_if_list          contains    128 bytes in   2 blocks (ref 0) 0x55ae964e7e50
            ../../librpc/rpc/dcesrv_core.c:327 contains    104 bytes in   1 blocks (ref 0) 0x55ae964e7fa0
        struct dcerpc_binding          contains    104 bytes in   2 blocks (ref 0) 0x55ae964e7ed0
            DEFAULT                        contains      8 bytes in   1 blocks (ref 0) 0x55ae964eaa10
    ....

Signed-off-by: Samuel Cabrero <scabrero@samba.org>
Reviewed-by: Andrew Bartlet <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>

Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Wed Apr  1 10:28:43 UTC 2020 on sn-devel-184
2020-04-01 10:28:43 +00:00
Samuel Cabrero
9496e0523e s3:rpc_server: Remove dead code
Signed-off-by: Samuel Cabrero <scabrero@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

Autobuild-User(master): Samuel Cabrero <scabrero@samba.org>
Autobuild-Date(master): Fri Mar 20 17:11:28 UTC 2020 on sn-devel-184
2020-03-20 17:11:28 +00:00
Samuel Cabrero
93224d4184 s3:rpc_server: Remove unused RPC module init and shutdown callbacks
The setup function registers the endpoint server and RPC core routines
initialize and shutdown it.

Signed-off-by: Samuel Cabrero <scabrero@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2020-03-20 15:36:36 +00:00
Samuel Cabrero
e8e4ecfb8b s3:rpc_server: Do not generate and build s3 RPC server code
Signed-off-by: Samuel Cabrero <scabrero@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2020-03-20 15:36:36 +00:00
Samuel Cabrero
4c09839ec9 s3:rpc_server: Do not include s3 autogenerated headers
Prototype is generated by the server compat parser.

Signed-off-by: Samuel Cabrero <scabrero@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2020-03-20 15:36:36 +00:00
Samuel Cabrero
f6d41e5b44 s3:rpc_server: Remove api_struct
Signed-off-by: Samuel Cabrero <scabrero@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2020-03-20 15:36:36 +00:00
Samuel Cabrero
d891c2d389 s3:rpc_server: Remove dead code and unused struct members
Signed-off-by: Samuel Cabrero <scabrero@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2020-03-20 15:36:36 +00:00
Samuel Cabrero
04172e966b s3:rpc_server: Remove s3 rpc server loop
Signed-off-by: Samuel Cabrero <scabrero@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2020-03-20 15:36:36 +00:00
Samuel Cabrero
9bdf3ccde6 s3:rpc_server: Switch to core dcerpc server loop
This commit finally switches the RPC server implementation.

At the same we have to do other related changes to keep code compiling
and test environments running.

First avoid moving the session_info into the allocated pipes_struct memory
context as it is owned now by the core RPC server, and the s3compat pidl
compiler will update the pipes_struct session_info before dispatching
the call with dcesrv_call->auth_state->session_info.

Also, fix a segfault in the endpoint mapper daemon when it tries to delete
the endpoints previously registered over a NCALRPC connection.

If we have:

rpc_server : epmapper = external
rpc_server : lsarpc = external
rpc_daemon : epmd = fork
rpc_daemon : lsasd = fork

The sequence is:

* The endpoint mapper starts (start_epmd in source3/smbd/server.c)
* The lsarpc daemon starts (start_lsasd in source3/smbd/server.c)
  * The lsarpc daemon creates the sockets and registers its endpoints
    (rpc_ep_register in source3/rpc_server/lsasd.c)
  * The endpoint registration code opens a NCALRPC connection to the
    endpoint mapper daemon (ep_register in source3/librpc/rpc/dcerpc_ep.c)
    and keeps it open to re-register if the endpoint mapper daemon dies
    (rpc_ep_register_loop in source3/rpc_server/rpc_ep_register.c)
* When the endpoint mapper daemon accepts a NCALRPC connection it sets a
  termination function (srv_epmapper_delete_endpoints)
* Suppose the lsarpc daemon exits. The NCALRPC connection termination
  function is called.
* The termination function tries to delete all endpoints registered by that
  connection by calling _epm_Delete
* _epm_Delete calls is_privileged_pipe which access to
  pipes_struct->session_info.

As the call to _epm_Delete occurs outside of the PIDL generated code,
the pipes_stuct->session_info is NULL. This commit also sets
pipes_struct->session_info from the dcerpc_connection before calling
_epm_Delete. As the core rpc server supports security context multiplexing we
need to pass the dcesrv_connection to the termination function and let the
implementation pick a auth context. In the case of the endpoint mapper
the termination function has to pick one of type NCALRPC_AS_SYSTEM to
check if the connection is privileged and delete the endpoints
registered by the connection being closed.

Finally, the samba.tests.dcerpc.raw_protocol testsuite passes against
the ad_member environment.

Signed-off-by: Samuel Cabrero <scabrero@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2020-03-20 15:36:35 +00:00
Samuel Cabrero
0c326e9688 s3:rpc_server: Update winspool generated server stub
Signed-off-by: Samuel Cabrero <scabrero@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2020-03-20 15:36:35 +00:00
Samuel Cabrero
60fa8e2552 s3:rpc_server: Dispatch local calls through interfaces local handler
Signed-off-by: Samuel Cabrero <scabrero@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2020-03-20 15:36:35 +00:00
Samuel Cabrero
d1afa40c3c pidl:NDR/ServerCompat: Retrieve and setup pipes struct before dispatch
Signed-off-by: Samuel Cabrero <scabrero@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2020-03-20 15:36:35 +00:00
Samuel Cabrero
d4e6764b22 s3:rpc_server: Store dcesrv context and endpoint in ncacn_conn
Signed-off-by: Samuel Cabrero <scabrero@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2020-03-20 15:36:35 +00:00
Samuel Cabrero
06a913a269 s3:rpc_server: Retrieve dcesrv_context from parent context to open NP
Get the dcesrv_context from parent context and use it to search the
endpoint serving the named pipe. Once we have the endpoint pass it to
the make_internal_rpc_pipe_socketpair function.

Signed-off-by: Samuel Cabrero <scabrero@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2020-03-20 15:36:35 +00:00
Samuel Cabrero
0d37a00be7 s3:rpc_server: Set a dcerpc_ncacn_conn termination function
Signed-off-by: Samuel Cabrero <scabrero@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2020-03-20 15:36:35 +00:00
Samuel Cabrero
7fef249d7a s3:rpc_server: Retrieve the dcesrv_endpoint from prefork listen data
Signed-off-by: Samuel Cabrero <scabrero@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2020-03-20 15:36:35 +00:00
Samuel Cabrero
82020a3f62 s3:rpc_server: Drop dcerpc_binding_vector usage in the server side
The endpoint mapper entry is built using the dcesrv_endpoint and the
interfaces registered into it instead of using the
dcerpc_binding_vector.

Signed-off-by: Samuel Cabrero <scabrero@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2020-03-20 15:36:34 +00:00
Samuel Cabrero
53ca9ad2a7 s3:rpc_server: Remove unused members from dcerpc_ncacn_listen_state
Signed-off-by: Samuel Cabrero <scabrero@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2020-03-20 15:36:34 +00:00
Samuel Cabrero
9a6a5a50f1 s3:rpc_server: Create ncacn_np sockets through endpoint initialization
Signed-off-by: Samuel Cabrero <scabrero@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2020-03-20 15:36:34 +00:00
Samuel Cabrero
64a70a9610 s3:rpc_server: Setup ncacn_np sockets through endpoint initialization
Signed-off-by: Samuel Cabrero <scabrero@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2020-03-20 15:36:34 +00:00
Samuel Cabrero
c0ff6da277 s3:rpc_server: Listen in different socket for ncalrpc when role is AD DC
If smbd and samba processes use DEFAULT as socket name they will race to
accept the NCALRPC connections.

Signed-off-by: Samuel Cabrero <scabrero@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2020-03-20 15:36:34 +00:00
Samuel Cabrero
f8eb0e3569 s3:rpc_server: Create ncalrpc socket through endpoint initialization
Signed-off-by: Samuel Cabrero <scabrero@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2020-03-20 15:36:34 +00:00
Samuel Cabrero
1d970fa83d s3:rpc_server: Setup ncalrpc sockets through endpoint initialization
Signed-off-by: Samuel Cabrero <scabrero@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2020-03-20 15:36:34 +00:00
Samuel Cabrero
a6b718b6ec s3:rpc_server: Create ncacn_ip_tcp sockets through enpoint init
Signed-off-by: Samuel Cabrero <scabrero@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2020-03-20 15:36:34 +00:00
Samuel Cabrero
a18163a147 s3:rpc_server: Setup ncacn_ip_tcp sockets through endpoint init
The listener is created in the endpoint memory context. If the endpoint
is freed, the listener will be freed too and the socket closed.

Signed-off-by: Samuel Cabrero <scabrero@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2020-03-20 15:36:34 +00:00
Samuel Cabrero
fd099ae16a s3:rpc_server: Initialize mdssd connection endpoints
Signed-off-by: Samuel Cabrero <scabrero@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2020-03-20 15:36:34 +00:00
Samuel Cabrero
04d3053663 s3:rpc_server: Initialize fssd connection endpoints
Signed-off-by: Samuel Cabrero <scabrero@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2020-03-20 15:36:34 +00:00
Samuel Cabrero
d0a2b0c769 s3:rpc_server: Initialize lsasd connection endpoints
Signed-off-by: Samuel Cabrero <scabrero@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2020-03-20 15:36:33 +00:00
Samuel Cabrero
0e6d138c8e s3:rpc_server: Initialize epmd connection endpoints
Signed-off-by: Samuel Cabrero <scabrero@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2020-03-20 15:36:33 +00:00
Samuel Cabrero
2d2c488121 s3:rpc_server: Initialize the embedded services endpoints
Signed-off-by: Samuel Cabrero <scabrero@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2020-03-20 15:36:33 +00:00
Samuel Cabrero
228f8b2c53 s3:rpc_server: Add a function to create the endpoints sockets
The pidl-generated initialization function for each endpoint server will
register the RPC interface in all endpoints defined in the idl file.

The interface registration code will create the endpoint if it does not
exists (as an endpoint can serve multiple interfaces) and will add it to
the endpoint list exiting in the dcesrv_context.

This commit adds a generic dcesrv_create_endpoint_sockets function which
will be preforking external daemons to create the sockets regardless the
endpoint transport. This function will only create the sockets, the
external preforking daemon is who will start listening.

Signed-off-by: Samuel Cabrero <scabrero@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2020-03-20 15:36:33 +00:00
Samuel Cabrero
c97a77297d s3:rpc_server: Add a function to setup the endpoints
The pidl-generated initialization function for each endpoint server will
register the RPC interface in all endpoints defined in the idl file.

The interface registration code will create the endpoint if it does not
exists (as an endpoint can serve multiple interfaces) and will add it to
the endpoint list exiting in the dcesrv_context.

This commit adds a generic dcesrv_setup_endpoint_sockets function which
will be used by embedded services and non-preforking external daemons to
setup the sockets regardless the transport.

Signed-off-by: Samuel Cabrero <scabrero@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2020-03-20 15:36:33 +00:00
Samuel Cabrero
4e7670ed12 s3:rpc_server: Implement association group find callback
Keep the s3 server behaviour for now and return always the same
association group ID, 0x53F0.

Signed-off-by: Samuel Cabrero <scabrero@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2020-03-20 15:36:33 +00:00