1
0
mirror of https://github.com/samba-team/samba.git synced 2024-12-24 21:34:56 +03:00
Commit Graph

2390 Commits

Author SHA1 Message Date
Joseph Sutton
b6c35d03c1 ndr_string: Move string length calculation fallback into default case
We are about to add a new enumeration constant (NUM_CHARSETS) to
charset_t. To do that we must have a default case in this switch
statement, or the compiler will refuse to compile it, stating that we
haven’t handled all the cases.

The alternative, adding a case for NUM_CHARSETS, would just look silly.

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-08-08 04:39:37 +00:00
Joseph Sutton
ae9e56a1bc librpc/ndr: Fix code spelling
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-08-08 04:39:36 +00:00
Joseph Sutton
64834e2668 librpc/ndr: Format NDR pull sizes as ‘size_t’
The arguments to these macros are occasionally of type size_t.

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-08-08 04:39:36 +00:00
Joseph Sutton
ee6ef91f9c ndr/dns-utils: Make error message slightly more readable
max_length will always be greater than one, so we can use the plural.

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-08-08 04:39:36 +00:00
Joseph Sutton
872164137c ndr_string: Remove dodgy-looking casts
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-08-08 04:39:36 +00:00
Joseph Sutton
dd53e0524f ndr_string: Fix typo
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-08-08 04:39:36 +00:00
Joseph Sutton
2a2604bfb3 ndr_string: Add overflow check in ndr_pull_charset_to_null()
This matches ndr_pull_charset().

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-08-08 04:39:36 +00:00
Joseph Sutton
448ed84c36 librpc/ndr: Remove unneeded casts
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-08-08 04:39:36 +00:00
Joseph Sutton
e69968d248 librpc/rpc: Add missing newline to logging message
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-08-08 04:39:36 +00:00
Andrew Bartlett
e36a4149d8 librpc/idl: Remove DCOM and WMI IDL
As hinted in f2416493c0 the DCOM and WMI
IDL is now unused.  These generate code with PIDL, costing a small
amount of build time but more importantly are fuzzed, which costs an
ongoing amount of CPU time as oss-fuzz tries to find parsing issues.

We do not need to continue this waste, and these can be restored
if this effort is ever to start again.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2023-07-28 10:48:32 +00:00
Andrew Bartlett
abc3d58e1c dcom: Remove remainder of DCOM test client code
This follows f2416493c0, removing the remaining parts
of our DCOM effort.  This can be resumed at a later time, but for now this is untested
(as we have no server) and just uses build time.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2023-07-28 10:48:32 +00:00
Jule Anger
0c7cfb7a11 s4:ldap_server: reload tls certificates on smbcontrol reload-certs
Reload certificates with the command 'smbcontrol ldap_server reload-certs'.
The message is send to the master process, who forwards it to the workers
processes.
The master process reload and, if necessary, create the certificates first,
then the workers processes reload them.

Pair-Programmed-With: Stefan Metzmacher <metze@samba.org>

Signed-off-by: Jule Anger <janger@samba.org>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-07-25 20:04:29 +00:00
Ralph Boehme
566427c4f0 librpc/idl: mdssvc: unkn4 field is a fragment indicator
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Noel Power <noel.power@suse.com>
2023-07-24 15:18:32 +00:00
Joseph Sutton
0da6cc7105 claims.idl: Fix AD claims encoding
Up to now we have been absorbing the discriminant in the NDR padding,
and setting it to zero in the push. But if the discriminant is not set
correctly, Windows will refuse to regard any of the claims.

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Fri Jul 21 02:19:48 UTC 2023 on atb-devel-224
2023-07-21 02:19:48 +00:00
Douglas Bagnall
eb2bed3899 lib/fuzzing: add fuzzer for arbitrary token/sd access checks
The token and descriptor are stored in NDR format; for this purpose we
add a new IDL struct containing this pair (along with a desired access
mask).

An upcoming commit will show how to collect seeds for this fuzzer.

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-07-19 03:31:30 +00:00
Stefan Metzmacher
56ee153cae netlogon.idl: add some comments to netr_OsVersionInfoEx
[MS-RPRN] 7 Appendix B: Product Behavior contains information
about the products and their announced versions.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-07-19 03:31:30 +00:00
Stefan Metzmacher
5f87888ed5 netlogon.idl: add support for netr_LogonGetCapabilities response level 2
We don't have any documentation about this yet, but tests against
a Windows Server 2022 patched with KB5028166 revealed that
the response for query_level=2 is exactly the same as
for querey_level=1.

Until we know the reason for query_level=2 we won't
use it as client nor support it in the server, but
we want ndrdump to work.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15418

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-07-17 06:37:31 +00:00
Joseph Sutton
edad945339 librpc/nbt: Avoid reading invalid member of union
WACK packets use the ‘data’ member of the ‘nbt_rdata’ union, but they
claim to be a different type — NBT_QTYPE_NETBIOS — than would normally
be used with that union member. This means that if rr_type is equal to
NBT_QTYPE_NETBIOS, ndr_push_nbt_res_rec() has to guess which type the
structure really is by examining the data member. However, if the
structure is actually of a different type, that union member will not be
valid and accessing it will invoke undefined behaviour.

To fix this, eliminate all the guesswork and introduce a new type,
NBT_QTYPE_WACK, which can never appear on the wire, and which indicates
that although the ‘data’ union member should be used, the wire type is
actually NBT_QTYPE_NETBIOS.

This means that as far as NDR is concerned, the ‘netbios’ member of the
‘nbt_rdata’ union will consistently be used for all NBT_QTYPE_NETBIOS
structures; we shall no longer access the wrong member of the union.

Credit to OSS-Fuzz.

REF: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=38480

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15019

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>

Autobuild-User(master): Douglas Bagnall <dbagnall@samba.org>
Autobuild-Date(master): Fri Jul  7 01:14:06 UTC 2023 on atb-devel-224
2023-07-07 01:14:06 +00:00
Joseph Sutton
47b6696dcd librpc:ndr: Fix overflow in ndr_push_expand
If ‘size’ was equal to UINT32_MAX, the expression ‘size+1’ could
overflow to zero.

This could result in inadequate memory being allocated, which could
cause ndr_pull_compression_xpress_huff_raw_chunk() to overflow memory
with zero bytes.

Credit to OSS-Fuzz.

REF: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=57728

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15415

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2023-07-07 00:17:31 +00:00
Andreas Schneider
eba5b05a51 librpc:rpc: Fix code spelling
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-06-23 13:44:31 +00:00
Andreas Schneider
4ec8ecce07 librpc:ndr: Fix code spelling
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-06-23 13:44:31 +00:00
Andreas Schneider
ba02d89be1 librpc:idl: Fix code spelling
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-06-23 13:44:31 +00:00
Volker Lendecke
c4e27ae4f6 smbd: Don't set security_descriptor_hash_v4->time
This prevents de-duplication of xattrs in the backend file system
where otherwise ACLs are often very similar.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Wed Jun 21 07:11:56 UTC 2023 on atb-devel-224
2023-06-21 07:11:56 +00:00
Joseph Sutton
359e820404 librpc/idl: Add authentication policy event IDs
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-06-14 22:57:35 +00:00
Pavel Filipenský
38565ff2df s3:winbind: Add wbint_LookupAliasMembers to winbind interface
Signed-off-by: Pavel Filipenský <pfilipensky@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2023-06-13 12:15:32 +00:00
Andrew Bartlett
ff310caabd librpc: No longer consider the DS_DIRECTORY_SERVICE_{8,9,10}_REQUIRED bits as invalid
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2023-05-31 04:02:35 +00:00
Joseph Sutton
642079771b librpc/idl: Fix indentation
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-05-29 22:32:28 +00:00
Andrew Bartlett
a5235a9d05 librpc/idl: Alias the DS_ constants in netlogon.idl to the NBT_SERVER equivilants
Both the NBT_SERVER versions (in python scripts) and DS_ constants are
in use in freeIPA so we can not just drop one for the other without
discussion.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Joseph Sutton <josephsutton@catalyst.net.nz>

Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Wed May 24 01:52:28 UTC 2023 on atb-devel-224
2023-05-24 01:52:28 +00:00
Andrew Bartlett
4caab32f08 librpc/idl: Use nbt_server_type instead of netr_DsR_DcFlags netlogon.idl
We should not keep two idential bitfield tables in two nearby IDL files.

However a number of python files in Samba and in freeIPA use the nbt.NBT_SERVER_*
constants, so these are the better names to keep.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Joseph Sutton <josephsutton@catalyst.net.nz>
2023-05-24 00:50:31 +00:00
Andrew Bartlett
089f555eb7 librpc/idl: Merge missing bits into nbt_server_type in nbt.idl
These bits are defined in netr_DsR_DcFlags in netlogon.idl already.

We need these new bits to announce FL 2012R2 and 2016 support.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Joseph Sutton <josephsutton@catalyst.net.nz>
2023-05-24 00:50:31 +00:00
Stefan Metzmacher
e03e738dfc librpc/rpc: allow smb3_sid_parse() to accept modern encryption algorithms
We should not limit the possible encryption algorithms to the currently
known ones.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15374

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>

Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Wed May 17 07:34:28 UTC 2023 on atb-devel-224
2023-05-17 07:34:28 +00:00
Volker Lendecke
59694ad0a4 rpc_server3: Pass winbind_env_set() state through to rpcd_*
Winbind can ask rpcd_lsad for LookupNames etc. This can recurse back
into winbind for getpwnam. We have the "_NO_WINBINDD" environment
variable set in winbind itself for this case, but this is lost on the
way into rpcd_lsad. Use a flag in global_sid_Samba_NPA_Flags to pass
this information to dcerpc_core, where it sets the variable on every
call if requested.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=15361
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>

Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Tue May 16 11:54:32 UTC 2023 on atb-devel-224
2023-05-16 11:54:32 +00:00
Volker Lendecke
bdba027a33 rpc: Remove named_pipe_auth_req_info6->need_idle_server
Involves bumping up the version number

Bug: https://bugzilla.samba.org/show_bug.cgi?id=15361
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2023-05-16 10:53:40 +00:00
Volker Lendecke
1d11e0489b librpc: Simplify dcerpc_is_transport_encrypted()
Simplify logic by using security_token_count_flag_sids()

Bug: https://bugzilla.samba.org/show_bug.cgi?id=15361
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2023-05-16 10:53:40 +00:00
Andrew Bartlett
963688b3a5 librpc: Always call ndr_push_compression_state_init() for compression
This allows the push routine to cache the chosen compression algorithm in
the struct ndr_compression_state in ndr->cstate and so, in claims, avoid
calling ndr_size_CLAIMS_SET_NDR() three times per compression (more in the
overall push).

As claims is now the primary use of the libndr compression code, this is
a reasonable tradeoff compared to the other callers who have more static
algorithm selections.

By removing the struct ndr_compression_state **state argument from
ndr_push_compression_state_init() we make clear that the ndr->cstate
belongs to this NDR context, and this context alone.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Joseph Sutton <josephsutton@catalyst.net.nz>
2023-05-05 02:54:30 +00:00
Andrew Bartlett
ff2de50aa4 librpc: Fix talloc hierarchy for ndr_compression_state
The complexity of generic_mszip_free() is not needed, nor is a talloc
destructor required if the memory is correctly created in a tree.

Credit to OSS-Fuzz for showing the use-after-free

REF: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=57608

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15349

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Joseph Sutton <josephsutton@catalyst.net.nz>
2023-05-05 02:54:30 +00:00
Joseph Sutton
a1e64e5737 libndr: Handle allocation failure
If a talloc function returns NULL, indicating failure, the failure could
be masked by the next talloc call allocating on the NULL context.

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn@samba.org>
2023-04-12 13:52:31 +00:00
Joseph Sutton
fd159aaa80 librpc/ndr: Add missing newlines to error messages
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn@samba.org>
2023-04-12 13:52:31 +00:00
Joseph Sutton
f1174c6e0c librpc/ndr: Fix NULL pointer dereference
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15348

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-04-05 01:06:29 +00:00
Andrew Bartlett
2d2f68236e librpc/ndr: Use libndr compression for claims
This ensures our python layer and C layer (in the KDC, when implementated)
use the same compression logic and so allows us to test the production
compression via the IDL-generated interfaces.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2023-03-31 01:48:30 +00:00
Andrew Bartlett
c6981f6054 librpc/ndr: Make ndr_push_compression_state_free() a talloc destructor
This means that the generic_mszip_free() will still be called on failure.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2023-03-31 01:48:30 +00:00
Andrew Bartlett
327c84cf87 librpc/ndr: Implement lzxpress_huffman() compression in libndr for Kerberos Claims
Rather than just pick the next value we re-arrange compression values
in libndr to be memnonic to values in MS Windows ntifs.h

This helps avoid confusing developers who compare these
algorithms with local the MS Windows interface.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2023-03-31 01:48:30 +00:00
Andrew Bartlett
c85cadf195 librpc/ndr: Add a "NONE" compression format to libndr
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2023-03-31 01:48:30 +00:00
Andrew Bartlett
b95117dc56 libndr/ndr: Remove unused argument from ndr_push_compression_{start,end}()
Removing the unused arguments avoids thier value being calculated in the
PIDL generated code, which can be expensive.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2023-03-31 01:48:30 +00:00
Andrew Bartlett
8c58da347c libndr/ndr: Add NDR_COMPRESSION_INVALID
This will help make a mapping from wire-specified compression
algorithms to our available choices safer by allowing an invalid
choice to map to NDR_COMPRESSION_INVALID

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2023-03-31 01:48:30 +00:00
Andrew Bartlett
937bf4b836 librpc/ndr: Unimplement DRSUAPI_COMPRESSION_TYPE_XPRESS and rename
DRSUAPI_COMPRESSION_TYPE_XPRESS is not MS-XCA nor is it implemented by
lzexpress_compress(), so disconnect from that algorithm.

This avoids someone fixing lzxpress_compress() to work for DRSUAPI
and breaking claims support.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2023-03-31 01:48:30 +00:00
Andrew Bartlett
1dedffab8b librpc/ndr: Remove incorrect comment that ndr_compression.h is autogenerated
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2023-03-31 01:48:30 +00:00
Andrew Bartlett
4e32ea1519 librpc: Remove incorrect NDR_COMPRESSION dependency from NDR_KRB5CCACHE
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2023-03-31 01:48:30 +00:00
Andrew Bartlett
053aa51653 ndrdump: Allow a long string of hexidecimal digits as well as a hex dump for --hex-input
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2023-03-31 01:48:30 +00:00
Andrew Bartlett
03d9b7b8b6 librpc/idl: Explain why PAC_TYPE_CLIENT_CLAIMS_INFO is not directly decoded
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2023-03-31 01:48:30 +00:00
Joseph Sutton
2e8e93fdd1 s4:kdc: Refactor PAC handling
It's getting unwieldy adding new PAC buffer types when each one has to
have its own handling. It also makes the possibility of mistakes more
likely.

Add a new container, 'struct pac_blobs', containing the types of PAC
buffers in a given PAC, with an index for quick access to the types we
support specifically. We can add new blobs (overriding existing ones) by
calling pac_blobs_add_blob(), and override certain blobs that must be
present with pac_blobs_replace_existing().

This removes the need to have a complicated 'switch' statement with
different logic for each PAC buffer type, or a dozen index variables.

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-03-20 00:22:32 +00:00
Volker Lendecke
cc4a2d4edc librpc: Simplify dcerpc_default_transport_endpoint()
We don't need strcmp for just 1 byte

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2023-03-09 18:10:33 +00:00
Joseph Sutton
e20067c52d auth: Make more liberal use of SID index constants
Arrays of SIDs are handled not fully consistently throughout the
codebase. Sometimes SIDs in the first and second positions represent a
user and a primary group respectively; other times they don't mean
anything in particular. Using these index constants in situations of the
former sort can help to clarify our intent.

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-02-08 00:03:39 +00:00
Joseph Sutton
5147f011d9 auth: Shorten long SID flags combinations
The combination MANDATORY | ENABLED_BY_DEFAULT | ENABLED is very
commonly used, and introducing a shorter alias for it makes the code
clearer.

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-02-08 00:03:39 +00:00
Joseph Sutton
e3fdb2d001 s4:kdc: Add resource SID compression
The domain-local groups that are added to the PAC of a service ticket
are now, if the service doesn't disclaim support for SID compression,
placed into the resource groups structure in PAC_LOGON_INFO.

In a TGS exchange directed to a KDC, rather than to a service, the
resource groups structure is simply copied into the updated PAC without
any processing being done.

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-02-08 00:03:39 +00:00
Joseph Sutton
14d94460ca auth: Pass through entire PAC flags value in auth_user_info
Besides the NETLOGON_GUEST bit indicating whether the user has been
authenticated, we now carry all of the other bits as well. This lets us
match Windows' behaviour of simply passing these bits through to an
updated PAC when processing a TGS-REQ.

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-02-08 00:03:39 +00:00
Joseph Sutton
8aef16bbbc named_pipe_auth: Bump info5 to info6
In the next commit, we shall replace the 'authenticated' field of
named_pipe_auth_req_info.info5.session_info.session_info.info with a
more general 'user_flags' field.

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-02-08 00:03:39 +00:00
Joseph Sutton
94cda2dfd5 auth: Exclude resource groups from a TGT
Resource group SIDs should only be placed into a service ticket, but we
were including them in all tickets. Now that we have access to the group
attributes, we'll filter out any groups with SE_GROUP_RESOURCE set if
we're creating a TGT.

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-02-08 00:03:39 +00:00
Joseph Sutton
7050e05742 auth: Store group attributes in auth_user_info_dc
Group expansion, performed in dsdb_expand_nested_groups(), now
incorporates a check of the type of each group. Those that are resource
groups receive the SE_GROUP_RESOURCE bit in the attributes which are now
carried alongside each group SID.

Whereas before, in auth_convert_user_info_dc_sambaseinfo() and
auth_convert_user_info_dc_saminfo6(), we invariantly used the flag
combination SE_GROUP_MANDATORY | SE_GROUP_ENABLED_BY_DEFAULT |
SE_GROUP_ENABLED to set attributes in the PAC, we now take the correct
attributes from user_info_dc.

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-02-08 00:03:39 +00:00
Joseph Sutton
c0011bcdc8 auth.idl: Add auth_SidAttr type
This type incorporates, alongside a SID, a group attributes member,
through which attributes from a PAC or the AD database can be conveyed
into the completed PAC. A useful benefit this provides is the ability to
distinguish and exclude domain-local groups, which only belong in
service tickets, from the PAC of a TGT.

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-02-08 00:03:39 +00:00
Volker Lendecke
b73ecb28a7 lib: Remove idtree from samba_util.h
No need to recompile the world when only a few files need this.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2023-01-10 00:28:37 +00:00
Samuel Cabrero
25300d354c CVE-2022-38023 s3:rpc_server/netlogon: Use dcesrv_netr_creds_server_step_check()
After s3 and s4 rpc servers merge we can avoid duplicated code.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15240

Signed-off-by: Samuel Cabrero <scabrero@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2023-01-09 14:23:36 +00:00
Samuel Cabrero
121e7b0e39 CVE-2022-38023 s4:rpc_server/netlogon: Move schannel and credentials check functions to librpc
Will be used later by s3 netlogon server.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15240

Signed-off-by: Samuel Cabrero <scabrero@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2023-01-09 14:23:36 +00:00
Ralph Boehme
eb1d1f19a2 winbindd: add dcname arg to ChangeMachineAccount request
Existing callers will pass an empty string, later a new caller will pass an
explicit DC name taken from the wbinfo command line.

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2022-12-21 19:10:35 +00:00
Volker Lendecke
c12518a9b6 smbd: Remove source3/smbd/statcache.c
After I found that nobody calls stat_cache_add() anymore, there was no
reason to keep the rest of statcache.c.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2022-12-14 22:54:29 +00:00
Stefan Metzmacher
f1c5fa28c4 CVE-2022-37966 drsuapi.idl: add trustedDomain related ATTID values
For now this is only for debugging in order to see
DRSUAPI_ATTID_msDS_SupportedEncryptionTypes in the replication meta
data.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15219
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15237

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2022-12-13 13:07:30 +00:00
Andrew Bartlett
975e43fc45 CVE-2022-37966 kdc: Implement new Kerberos session key behaviour since ENC_HMAC_SHA1_96_AES256_SK was added
ENC_HMAC_SHA1_96_AES256_SK is a flag introduced for by Microsoft in this
CVE to indicate that additionally, AES session keys are available. We
set the etypes available for session keys depending on the encryption
types that are supported by the principal.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15219

Pair-Programmed-With: Joseph Sutton <josephsutton@catalyst.net.nz>

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2022-12-13 13:07:30 +00:00
Joseph Sutton
d861d4eb28 CVE-2022-37966 param: Add support for new option "kdc default domain supportedenctypes"
This matches the Windows registry key

HKEY_LOCAL_MACHINE\System\CurrentControlSet\services\KDC\DefaultDomainSupportedEncTypes

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15237

Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2022-12-13 13:07:29 +00:00
Joseph Sutton
a50a2be622 CVE-2022-37967 Add new PAC checksum
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15231

Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2022-12-13 13:07:29 +00:00
Volker Lendecke
cb6d9e7b81 idl: Fix whitespace
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2022-11-22 18:27:33 +00:00
Joseph Sutton
349c5794d3 librpc/ndr: Fix incorrect error string in SID parser
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2022-10-21 03:57:33 +00:00
Nadezhda Ivanova
5073d5997c CVE-2020-25720: s4-acl: Owner no longer has implicit Write DACL
The implicit right of an object's owner to modify its security
descriptor no longer exists, according to the new access rules. However,
we continue to grant this implicit right for fileserver access checks.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14810

Signed-off-by: Nadezhda Ivanova <nivanova@symas.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2022-09-16 02:32:36 +00:00
Joseph Sutton
88c9e2af20 krb5pac.idl: Add definitions for claims PAC buffers
The PAC device info definition comes from [MS-PAC] 2.12.

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2022-09-09 00:14:38 +00:00
Joseph Sutton
e53455497c claims.idl: Add claim type definitions
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2022-09-09 00:14:38 +00:00
Volker Lendecke
9d432f3c1a librpc: Simplify ndr_size_dom_sid28()
Don't duplicate the calculation

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2022-09-07 18:40:28 +00:00
Volker Lendecke
2ae7ad97ab librpc: Simplify ndr_size_dom_sid28()
all_zero() treats a NULL pointer as true.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2022-09-07 18:40:28 +00:00
Stefan Metzmacher
8591d94243 smbXsrv_client: notify a different node to drop a connection by client guid.
If a client disconnected all its interfaces and reconnects when
the come back, it will likely start from any ip address returned
dns, which means it can try to connect to a different ctdb node.
The old node may not have noticed the disconnect and still holds
the client_guid based smbd.

Up unil now the new node returned NT_STATUS_NOT_SUPPORTED to
the SMB2 Negotiate request, as messaging_send_iov[_from]() will
return -1/ENOSYS if a file descriptor os passed to a process on
a different node.

Now we tell the other node to teardown all client connections
belonging to the client-guid.

Note that this is not authenticated, but if an attacker can
capture the client-guid, he can also inject TCP resets anyway,
to get the same effect.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15159

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Fri Sep  2 20:59:15 UTC 2022 on sn-devel-184
2022-09-02 20:59:15 +00:00
Andreas Schneider
2ecdbe17e8 samr.idl: Add samr_ChangePasswordUser4()
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2022-07-28 11:51:29 +00:00
Andreas Schneider
308f89ce6a samr:idl: add samr_SupportedFeatures for samr_Connect5()
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2022-07-28 11:51:28 +00:00
Andreas Schneider
e845afe11a samr.idl: Add support for new AES encrypted password buffer
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2022-07-28 11:51:28 +00:00
Andreas Schneider
e42ebd22e9 librpc:rpc: Add SAMR encryption and mac key salt definitions
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2022-07-28 11:51:28 +00:00
Joseph Sutton
6a10e890a0 CVE-2022-2031 auth: Add ticket type field to auth_user_info_dc and auth_session_info
This field may be used to convey whether we were provided with a TGT or
a non-TGT. We ensure both structures are zeroed out to avoid incorrect
results being produced by an uninitialised field.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15047
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15049

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn@samba.org>
2022-07-27 10:52:36 +00:00
Pavel Filipenský
7b9f87b877 librpc:ndr: Update ndr_print_debug() and add macro NDR_PRINT_DEBUG_LEVEL
Bumping the ABI to 3.0.0

This is enhancement of NDR_PRINT_DEBUG macro with following new features:

* debug level can be specified (NDR_PRINT_DEBUG always uses level 1)
* the trace header shows the location and function of the caller
  instead of function 'ndr_print_debug', which is not really useful.

Signed-off-by: Pavel Filipenský <pfilipen@redhat.com>
Reviewed-by: Andreas Schneider <asn@samba.org>
2022-07-15 14:25:37 +00:00
Björn Jacke
7897bc8c79 security.idl: add missing BUILTIN SIDs
see:
https://docs.microsoft.com/en-us/windows/win32/secauthz/well-known-sids
https://docs.microsoft.com/en-us/windows/security/identity-protection/access-control/active-directory-security-groups
https://docs.microsoft.com/en-us/troubleshoot/windows-server/identity/security-identifiers-in-windows

Signed-off-by: Bjoern Jacke <bjacke@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Mon Jun 20 18:18:15 UTC 2022 on sn-devel-184
2022-06-20 18:18:15 +00:00
Michael Tokarev
17c733d946 spelling: connnect encrytion exisit expection explicit invalide missmatch paramater paramter partion privilige relase reponse seperate unkown verson authencication progagated
Tree-wide spellcheck for some common misspellings.

source3/utils/status.c has misspelled local variable (unkown_dialect).

"missmatch" is a known historical misspelling, only the incorrect
misspellings are fixed.

source3/locale/net/de.po has the spelling error (unkown) in two msgids -
it probably should be updated with current source.

Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2022-06-10 18:12:33 +00:00
Samuel Cabrero
e9286b06cf s3:winbind: Convert InitConnection from struct based to NDR based
Signed-off-by: Samuel Cabrero <scabrero@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2022-05-19 17:51:33 +00:00
Samuel Cabrero
cc0ef447cd s3:winbind: Convert winbindd_dual_pam_chauthtok() from struct based to NDR based
Signed-off-by: Samuel Cabrero <scabrero@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2022-05-19 17:51:33 +00:00
Samuel Cabrero
0f3b1d5c1d s3:winbind: Convert winbindd_dual_pam_chng_pswd_auth_crap() from struct based to NDR based
Signed-off-by: Samuel Cabrero <scabrero@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2022-05-19 17:51:33 +00:00
Samuel Cabrero
ce0be638b4 s3:winbind: Convert PamLogOff from struct based to ndr based
Signed-off-by: Samuel Cabrero <scabrero@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2022-05-19 17:51:33 +00:00
Samuel Cabrero
c27135adc7 librpc:idl: Add NDR_SECRET flag for ntlm and challenge blobs
Signed-off-by: Samuel Cabrero <scabrero@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2022-05-19 17:51:33 +00:00
Samuel Cabrero
c68f21f26f s3:winbind: Convert PAM_AUTH_CRAP from struct based to NDR based
Signed-off-by: Samuel Cabrero <scabrero@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2022-04-30 00:10:34 +00:00
Stefan Metzmacher
21d1a9509a librpc:idl: Add comments to assert identity string in security.idl
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2022-04-13 12:59:30 +00:00
Samuel Cabrero
ddc551f447 s3:winbind: Convert PamAuth from struct based to NDR based
Signed-off-by: Samuel Cabrero <scabrero@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2022-04-08 20:13:37 +00:00
Ralph Boehme
643da37fd1 smbd: remove itime and file_id logic and code
This bases File-Ids on the inode numbers again. The whole stuff was
added because at that time Apple clients

1. would be upset by inode number reusage and

2. had a client side bug in their fallback implemetentation that
assigns File-Ids on the client side in case the server provides
File-Ids of 0.

After discussion with folks at Apple it should be safe these days to
rely on the Mac to generate its own File-Ids and let Samba return 0
File-Ids.

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2022-03-31 23:01:37 +00:00
Samuel Cabrero
0d668dfb75 s3:winbind: Return NTSTATUS from wbint_Ping() RPC function
There are no users of this function but the next commit will convert the
struct-based WINBINDD_PING call to a local RPC wbint_Ping() call.

Signed-off-by: Samuel Cabrero <scabrero@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2022-03-25 17:03:29 +00:00
Joseph Sutton
732d17a129 sddl: Add new SDDL SID strings
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2022-03-17 23:11:37 +00:00
Joseph Sutton
e61fa573fe sddl: Fix incorrect SDDL SID strings
Change the values to match those used by Windows.

Verified with PowerShell commands of the form:
New-Object Security.Principal.SecurityIdentifier ER

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2022-03-17 23:11:37 +00:00
Samuel Cabrero
e07f8901ec s3:winbind: Convert ListTrustedDomains parent/child call to NDR
By using NDR we avoid manual marshalling (netr_DomainTrust array
to text string) and unmarshalling (parse the received text string
back to a netr_DomainTrust array).

Signed-off-by: Samuel Cabrero <scabrero@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2022-03-06 23:05:40 +00:00
Björn Jacke
30bf1cd9ea dns.idl/dnsp.idl: add missing DNS ressource record types
Signed-off-by: Bjoern Jacke <bjacke@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Wed Feb 16 20:43:55 UTC 2022 on sn-devel-184
2022-02-16 20:43:55 +00:00
Björn Jacke
984a426fd0 dnsp.idl: add missing DNS_RPC_RECORD defines
taken from MSDN 2.2.2.2.5:
https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-dnsp/ac793981-1c60-43b8-be59-cdbb5c4ecb8a

Signed-off-by: Bjoern Jacke <bjacke@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2022-02-16 19:49:31 +00:00
Volker Lendecke
b066dba462 ndrdump: Small simplification
Remove the talloc_steal(), we can allocate on mem_ctx directly

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2022-02-11 20:54:37 +00:00
Stefan Metzmacher
43648e95a5 librpc/ndr: let ndr_push_string() let s_len == 0 result in d_len = 0
convert_string_talloc_handle() tries to play an the safe side
and always returns a null terminated array.

But for NDR we need to be correct on the wire...

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14956

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2022-01-24 15:25:36 +00:00
Stefan Metzmacher
d1a7f392a8 ndrdump: make use of dump_data_file_diff() in order to show differences
This makes it much easier to detect differences in the given and
generated buffers.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14956

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2022-01-24 15:25:36 +00:00
Stefan Metzmacher
0651fa474c dcesrv_core: wrap gensec_*() calls in [un]become_root() calls
This is important for the source3/rpc_server code as it might
be called embedded in smbd and may not run as root with access
to our private tdb/ldb files.

Note this is only really needed for 4.15 and older, as
we no longer run the rpc_server embedded in smbd,
but we better be consistent for now.

This should be able to fix the problem the printing no longer works
on Windows 7 with 2021-10 monthly rollup patch (KB5006743).

Windows uses NTLMSSP with privacy at the DCERPC layer on top
of NCACN_NP (smb).

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14867

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2022-01-24 15:25:36 +00:00
Joseph Sutton
5636bfa9a2 netlogon.idl: Add FAST support bits
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2022-01-19 20:50:34 +00:00
Joseph Sutton
454e46c467 netlogon.idl: Add flags for indicating directory service versions
Pair-Programmed-With: Stefan Metzmacher <metze@samba.org>

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
2021-12-24 02:16:33 +00:00
Volker Lendecke
7b62fa967d dcesrv_core: Remove unused dcesrv_reinit_context()
This was only used in the prefork source3 rpc servers

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Samuel Cabrero <scabrero@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2021-12-10 14:02:30 +00:00
Volker Lendecke
a697814eba idl: Define messages sent between samba-dcerpcd and rpcd's
MSG_RPC_DUMP_STATUS will be like pool-usage carrying a file descriptor to
report status to, the other two are described in rpc_host.idl.

NOALIGN on rpc_worker_status: This makes it easier to count bytes to
push into a static buffer.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Samuel Cabrero <scabrero@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2021-12-10 14:02:30 +00:00
Volker Lendecke
da90c02b16 dcesrv_core: Add dcesrv_loop_next_packet()
This is used by the helpers of samba-dcerpcd: When accepting a DCERPC
client, normally the server engine would read the initial bind
packet. In case of samba-dcerpcd the bind packet will already be read
from the socket, so we need to inject it into the rpc server engine
externally.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Samuel Cabrero <scabrero@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2021-12-10 14:02:30 +00:00
Volker Lendecke
95659031e4 backupkey.idl: Don't listen on \\pipe\ntsvcs
[MS-BKRP] says it SHOULD listen here. In the ad dc, this conflicts
with smbd's srv_ntsvcs_nt.c listening also on nt ntsvcs unix domain
socket. Because "samba" starts smbd after itself, smbd takes over the
socket anyway, backupkey can't have been reached over this transport.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Samuel Cabrero <scabrero@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2021-12-10 14:02:30 +00:00
Volker Lendecke
3284ee9985 dcesrv_core: Add dcesrv_context_set_callbacks()
We'll need to set custom callbacks on source3's global_dcesrv_ctx,
which right now is deeply embedded. Once we have everything more
nicely layered, this can go again.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Samuel Cabrero <scabrero@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2021-12-10 14:02:30 +00:00
Volker Lendecke
1bab76223c librpc: Add named_pipe_auth_req_info5->transport
This will serve as a check to make sure that in particular a SAMR
client is really root. This is for example used in get_user_info_18()
handing out a machine password.

The unix domain sockets for NCACN_NP can only be contacted by root,
the "np\" subdirectory for those sockets is root/root 0700.

Connecting to such a socket is done in two situations: First, local
real root processes connecting and smbd on behalf of SMB clients
connecting to \\pipe\name, smbd does become_root() there. Via the
named_pipe_auth_req_info4 smbd hands over the SMB session information
that the RPC server blindly trusts. The session information (i.e. the
NT token) is heavily influenced by external sources like the KDC. It
is highly unlikely that we get a system token via SMB, but who knows,
this is information not fully controlled by smbd.

This is where this additional field in named_pipe_auth_req_info5 makes
a difference: This field is set to NCACN_NP by smbd's code, not
directly controlled by the clients. Other clients directly connecting
to a socket in "np\" is root anyway (only smbd can do become_root())
and can set this field to NCALRPC.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2021-12-10 14:02:30 +00:00
Volker Lendecke
530fb4fdfb named_pipe_auth.idl: Add "need_idle_server"
Once RPC services are done by individual processes, we need to avoid
recursion between processes:

Any RPC server process will be able to serve multiple client requests
simultaneously, but each request is served in a single-threaded
blocking manner.

For example the netlogon RPC service needs to ask samr for
something. The netlogon->samr connection will initially be handled by
a central dispatcher assigning clients to processes. This dispatcher
needs to know that this connection can't end up in the same process
that originated the request.

With this flag an RPC client can request a samr server process that
exclusively serves its own requests and that will not serve anybody
else while serving netlogon.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Samuel Cabrero <scabrero@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2021-12-10 14:02:30 +00:00
Volker Lendecke
d1934e2331 named_pipe_auth: Bump info4 to info5
We'll add a field soon

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2021-12-10 14:02:30 +00:00
Stefan Metzmacher
871d672f51 CVE-2021-23192: dcesrv_core: only the first fragment specifies the auth_contexts
All other fragments blindly inherit it.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14875

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Samuel Cabrero <scabrero@samba.org>
2021-11-09 19:45:34 +00:00
Stefan Metzmacher
2f0bc04afe CVE-2021-23192: dcesrv_core: add dcesrv_fault_disconnect0() that skips DCERPC_PFC_FLAG_DID_NOT_EXECUTE
That makes the callers much simpler and allow better debugging.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14875

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Samuel Cabrero <scabrero@samba.org>
2021-11-09 19:45:34 +00:00
Stefan Metzmacher
c00e5fc2c6 CVE-2021-23192: dcesrv_core: add better debugging to dcesrv_fault_disconnect()
It's better to see the location that triggered the fault.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14875

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Samuel Cabrero <scabrero@samba.org>
2021-11-09 19:45:34 +00:00
Joseph Sutton
f4ed37ad6a CVE-2020-25719 krb5pac.idl: Add PAC_REQUESTER_SID PAC buffer type
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14561

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2021-11-09 19:45:33 +00:00
Joseph Sutton
6ec80380dc CVE-2020-25719 krb5pac.idl: Add PAC_ATTRIBUTES_INFO PAC buffer type
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14561

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2021-11-09 19:45:33 +00:00
Andrew Bartlett
558f440f20 CVE-2020-25721 krb5pac: Add new buffers for samAccountName and objectSID
These appear when PAC_UPN_DNS_FLAG_HAS_SAM_NAME_AND_SID is set.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14835

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Joseph Sutton <josephsutton@catalyst.net.nz>
2021-11-09 19:45:32 +00:00
Joseph Sutton
aa2e583fde tests/krb5: Check buffer types in PAC with STRICT_CHECKING=1
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14642

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2021-10-14 18:59:31 +00:00
Ralph Boehme
3afd4bd610 idl: declare token array of storage_offload_token as in-line
This ensures the order of the struct element is the same as in the IDL
definition. For an conformant array using the [sizeis(n)] syntax the sizeis
member is stored as first element in the marshall buffer.

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2021-10-08 19:28:32 +00:00
Volker Lendecke
246a5ceab1 netlogon: Move netlogon_server_pipe_state to netlogon.idl
Make this available as a shared structure for both source3 and source4

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2021-10-08 19:28:32 +00:00
Volker Lendecke
18cbeab98b librpc: Use talloc_asprintf_addbuf() in dcerpc_binding_string()
Saves quite a few lines

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2021-10-08 19:28:31 +00:00
Volker Lendecke
a767eb55d8 rpc_server3: Avoid a literal number available as a constant
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2021-10-08 19:28:31 +00:00
Volker Lendecke
e2256c99a6 smbd: Make SID_SAMBA_SMB3 a static SID
No need to parse it

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2021-10-08 19:28:31 +00:00
Volker Lendecke
1e30fad7ee rpc_server: Simplify dcesrv_handle_lookup()
Reduce indentation with a "break;" from the loop, best reviewed with
git show -b

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2021-09-24 23:55:32 +00:00
Volker Lendecke
acaa89aac9 rpc_server: Move a type check in dcesrv_handle_lookup()
This check is independent of whether we found a handle or not, we can
do it before walking the handle list.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2021-09-24 23:55:32 +00:00
Samuel Cabrero
9c8521848b librpc:core: Add a function to register an interface passing the binding handle
Signed-off-by: Samuel Cabrero <scabrero@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
2021-09-21 10:15:34 +00:00
Joseph Sutton
0092b4a3ed security.idl: Add well-known SIDs for FAST
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Isaac Boukris <iboukris@samba.org>
2021-09-13 23:11:35 +00:00
Joseph Sutton
ff2f38fae7 krb5pac.idl: Add ticket checksum PAC buffer type
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Isaac Boukris <iboukris@samba.org>
2021-09-13 23:11:35 +00:00
Volker Lendecke
9857c56256 librpc: Simplify GUID_hexstring()
A temporary talloc context seems unnecessary to me.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2021-08-24 17:32:28 +00:00
Volker Lendecke
0cddd3f2d6 librpc: Simplify GUID_string2() by using GUID_buf_string()
Avoid unnecessary talloc

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2021-08-24 17:32:28 +00:00
Volker Lendecke
5e2ac224b7 librpc: Simplify GUID_zero() with a direct struct return
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2021-08-24 17:32:28 +00:00
Isaac Boukris
17c86a2c5a s3:winbind: Get rid of the winbind dc-connect child
The new code uses PING_DC to tell the child to try to go online.

Pair-Programmed-With: Andreas Schneider <asn@samba.org>
Pair-Programmed-With: Stefan Metzmacher <metze@samba.org>

Signed-off-by: Andreas Schneider <asn@samba.org>
Signed-off-by: Isaac Boukris <iboukris@samba.org>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
2021-07-14 21:06:36 +00:00
Günther Deschner
705f995458 librpc: make sure the 4 byte _pad in ODJ_WIN7BLOB is never 0
Guenther

Signed-off-by: Guenther Deschner <gd@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
2021-07-14 16:49:29 +00:00
Günther Deschner
9963da126b librpc: more work on ODJ IDL
A lot of nested use of serialization stream pointers
([MS-RPCE] 2.2.6 Type Serialization Version 1).

Guenther

Signed-off-by: Guenther Deschner <gd@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
2021-07-14 16:49:29 +00:00
Günther Deschner
91ff058420 librpc: add custom odj_switch_level_from_guid()
This function maintains an arbitrary mapping of GUID strings to
integers. This is required as only integers can be used as
discriminators for autogenerated ODJ unions.

Guenther

Signed-off-by: Guenther Deschner <gd@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
2021-07-14 16:49:29 +00:00
Günther Deschner
8ff687863d librpc: compile ODJ idl
Guenther

Signed-off-by: Guenther Deschner <gd@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
2021-07-14 16:49:29 +00:00
Günther Deschner
dc40f23acd librpc: add "Offline Domain Join" (ODJ) IDL
This IDL is based on

https://github.com/MicrosoftDocs/win32/blob/docs/desktop-src/NetMgmt/odj-idl.md

and has been licensed by Microsoft under the terms of the MIT License.

Guenther

Signed-off-by: Guenther Deschner <gd@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
2021-07-14 16:49:29 +00:00
Günther Deschner
9cc62b562c librpc/ndr: do not print strings when NDR_SECRET is used
Guenther

Signed-off-by: Guenther Deschner <gd@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
2021-07-14 16:49:29 +00:00
Stefan Metzmacher
8cce23acb9 witness.idl: fix length calculation for witness_IPaddrInfoList
If r->num is 0, we should not dereference r->addr.

Using ndr_size_witness_IPaddrInfoList() also make this much simpler
and avoids the magic 12.

Credit Oss-Fuzz

REF: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=22175
REF: https://oss-fuzz.com/testcase-detail/5686294157197312

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14452

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Samuel Cabrero <scabrero@samba.org>
2021-07-08 09:30:40 +00:00
Andreas Schneider
a8052d70cb librpc:tools: Migrate ndrdump to new cmdline option parser
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2021-06-20 23:26:32 +00:00
Andreas Schneider
70a09d2cee librpc:tools: Remove '-l' which conflicts with '-l|--log-basename'
The common cmdline parser already provides '-l'.

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2021-06-20 23:26:32 +00:00
Andreas Schneider
d6eff9c413 librpc: Make sure num_protocols is initialized
Found by covscan.

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Pavel Filipenský <pfilipen@redhat.com>
Reviewed-by: Noel Power <npower@samba.org>
2021-06-10 10:31:33 +00:00
Andrew Bartlett
3bc680c1e3 pidl: Avoid leaving array_size NDR tokens around
In many cases these can and should be consumed as soon as
they are used.

This is not a complete fix, we don't clean up the array_size
token after using it split between an NDR_SCALARS and
an NDR_BUFFERS pass, but it is much better than it was
and helps the winbind case with a large number of groups
(eg 100,000) as otherwise we hit the 65535 NDR token limit.

(This is an arbitary Samba-only limit to avoid DoS conditions)

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14710

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2021-06-02 03:56:36 +00:00
Andrew Bartlett
a7d4f93cfd pidl: Avoid leaving array_length NDR tokens around
In many cases these can and should be consumed as soon as
they are used.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14710

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2021-06-02 03:56:36 +00:00
Andrew Bartlett
139cca7c20 librpc: Use helper function ndr_get_array_size() in ndr_check_array_size()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14710

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2021-06-02 03:56:36 +00:00
Andrew Bartlett
40aabcb5cf librpc: Add const to cookie pointer in ndr_check_array_{size,length}
This pointer is only used to find the right token in the list
so can be declared const.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14710

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2021-06-02 03:56:36 +00:00
Andrew Bartlett
c35f4180a4 libndr: Return error code from ndr_token_peek()
This makes it safer to change our code to remove tokens after use
if failing to obtain a token would result in an error.

This means changing ndr_get_array_size() and ndr_get_array_length()
to also return an error code.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14710

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2021-06-02 03:56:36 +00:00
Andrew Bartlett
0cc4478070 selftest: Add test of NDR marshalling from python, starting with wbint
These patches are to address an issue unpacking a very large
winbind.wbint_Principals array (100,000).

We need the NDR_TOKEN_MAX_LIST_SIZE value exposed as
otherwise a well-meaning incrase of this value would
invalidate the test.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14710

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2021-06-02 03:56:36 +00:00
Andrew Bartlett
e583140e81 spoolss: Avoid indirection via ndr_get_array_size()
This is set in the call just above and otherwise we will (in the next commit)
need an intermediate variable once we need to check error codes from
ndr_get_array_size().

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14710

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2021-06-02 03:56:36 +00:00
Joseph Sutton
74fb2cc473 krb5ccache.idl: Add definition for a Kerberos credentials cache
Based on specifications found at
https://web.mit.edu/kerberos/krb5-devel/doc/formats/ccache_file_format.html

This is primarily designed for parsing and storing a single Kerberos
ticket, due to the limitations of PIDL.

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2021-05-19 01:32:34 +00:00
Volker Lendecke
bad19e208c printing: Introduce samba-bgqd
This is a separate binary executed from start_background_queue(). As
such it does not really gain much, but the idea is to move all the
code this runs out of the smbd and spoolssd binaries to just link
here.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2021-05-11 22:56:37 +00:00
Volker Lendecke
117f00158a auth: Fix a typo
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2021-04-27 13:24:35 +00:00
Bernd Kuhls
4d5fb7d279 dcesrv_core: fix build
Move include of system/network.h to avoid a build error:

In file included from ../../lib/replace/system/network.h:35,
                 from ../../librpc/rpc/dcesrv_core.c:2658:
usr/include/unistd.h: At top level:
usr/include/unistd.h:675:16: error: conflicting types for ‘geteuid’
  675 | extern __uid_t geteuid (void) __THROW;

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2021-04-07 09:18:30 +00:00
Volker Lendecke
4d3b6506d3 librpc: Remove the gensec dependency from library dcerpc-binding
This means yet another library, but having to depend on gensec just
for dcerpc_parse_binding() and basic packet parsing seems like a bit
overkill to me.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Tue Apr  6 23:33:14 UTC 2021 on sn-devel-184
2021-04-06 23:33:14 +00:00
Volker Lendecke
8945d99758 rpc: Give dcerpc_util.c its own header
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2021-04-06 22:29:34 +00:00
Volker Lendecke
bbfdf2708e tstream_npa: Return named_pipe_auth_req_info4 from accept_existing
Callers might want the full picture. We need to make
named_pipe_auth_req_info4 public for that.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2021-04-01 19:32:36 +00:00
Douglas Bagnall
d1c47d0c83 rpc/idl dnsserver s/DNS_RPC_DATA/DNS_RPC_RECORD_DATA/
Following MS-DNSP.

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Jeremy Allison <jra@samba.org>

Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Tue Mar 30 00:20:53 UTC 2021 on sn-devel-184
2021-03-30 00:20:53 +00:00
Douglas Bagnall
162e6fb25a librpc/idl: dnsp tombstone timestamp name matches MS-DNSP
MS-DNSP uses the term "EntombedTime" in e.g. "2.2.2.2.4.23 DNS_RPC_RECORD_TS"
which is more descriptive than the generic "timestamp", and less likely to be
confused with dwTimestamp, which has been our curse. Let's make it grep-able,
google-able, and evocative.

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Jeremy Allison <jra@samba.org>
2021-03-29 23:20:37 +00:00
Volker Lendecke
55dba99895 librpc: Simplify dcerpc_binding_dup() with common nomem handling
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2021-03-19 07:09:37 +00:00
Volker Lendecke
9614273aa3 librpc: Make "dcesrv_context->callbacks" a pointer
This structure just grew from 3 to 6 pointers, avoid making a copy of
this. All callers of dcesrv_init_context() have this as a static
struct in the C object, so a pointer to that won't change.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2021-03-16 17:09:32 +00:00
Volker Lendecke
403eabe4fc librpc: Add "private_data" to struct dcesrv_context_callbacks
Not used right now, but we should never have callbacks without a
"private_data" pointer. Some of the callbacks could even today benefit
from this.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2021-03-16 17:09:31 +00:00
Volker Lendecke
c74213830d librpc: Simplify struct dcesrv_handle
This saves a tiny bit of memory: dom_sid_dup() allocates a full struct
dom_sid, although it might not have to. Save the additional talloc
object and the pointer, be more cache-friendly

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2021-03-09 22:36:28 +00:00
Volker Lendecke
dead4d05ab librpc: Fix typos
While there, wrap the long comment lines

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2021-03-09 22:36:28 +00:00
Volker Lendecke
b1ba5d5872 librpc: Fix a typo, while there linewrap the comment
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2021-03-09 22:36:28 +00:00
Volker Lendecke
6d1049796f rpc_server: Fix a typo
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2021-03-09 22:36:28 +00:00
Stefan Metzmacher
b145434f24 smbXsrv_client: move the connection passing to smb2srv_client_mc_negprot_send/recv
We need a full request/response pair in order to avoid races in
the multichannel connection passing.

smb2srv_client_mc_negprot_send/recv locks the
db record for the given client_guid.

If there's no entry found, we add ourself and
return NT_STATUS_OK.

If there's an existing process for that client guid
we start messaging_filtered_read_send()
dbwrap_watched_watch_send() before calling
smb2srv_client_connection_pass().

Then we release the lock and wait for either
MSG_SMBXSRV_CONNECTION_PASSED to arrive or
retry if dbwrap_watched_watch_recv signaled
a change in the database.

If we got MSG_SMBXSRV_CONNECTION_PASSED we'll
return NT_STATUS_MESSAGE_RETRIEVED in order to
signal that the other process will take care of
the connection and we terminate the current process.

All that is done completely async, which means that
the IDLE_CLOSED_TIMEOUT (60 seconds) may trigger
deadtime_fn(), which will send itself a MSG_SHUTDOWN.
So the process that accepted the tcp connection
exists if there was no MSG_SMBXSRV_CONNECTION_PASSED
within 60 seconds.

However the fd may still exists in the kernel (and
the new connection may still be handed to the other
process. If that process somehow exists before
there's no way to prevent a connection termination
for the client.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14433

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Sat Mar  6 03:30:06 UTC 2021 on sn-devel-184
2021-03-06 03:30:06 +00:00
Samuel Cabrero
7d2faa2714 librpc: Lower dcesrv_call_dispatch_local() errors from DBG_ERR to DBG_INFO
Before merging the s3 and s4 RPC servers the rpcint_dispatch function
was not logging any error.

This commit lowers from DBG_ERR to DBG_INFO the importance of error
messages when dispatching local RPC calls. There are some situations
where RPC functions return RPC faults and this is not a fatal condition.
One example is _lsa_QueryInfoPolicy2.

This change prevents a noisy error logged when winbindd tries to connect to
its primary domain in the nt4_member and ad_member test environments:

[2021/03/01 16:49:38.486111,  0, pid=12456] ../../librpc/rpc/dcesrv_core.c:2990(dcesrv_call_dispatch_local)
  dcesrv_call_dispatch_local: DCE/RPC fault in call lsarpc:2E - DCERPC_NCA_S_OP_RNG_ERROR

Signed-off-by: Samuel Cabrero <scabrero@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2021-03-06 02:20:05 +00:00
Andreas Schneider
a47fdd9ebb libndr: Use better and more clear check for empty flags
warning: converting the result of '<<' to a boolean always evaluates to true [-Wtautological-constant-compare]

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2021-02-01 21:50:32 +00:00
Volker Lendecke
e14fc159a2 librpc: Simplify find_interface_by_binding()
Use find_interface_by_syntax_id() instead of duplicating the loop.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Samuel Cabrero <scabrero@samba.org>

Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Thu Jan 28 18:03:53 UTC 2021 on sn-devel-184
2021-01-28 18:03:53 +00:00
Volker Lendecke
ecd95fc55e librpc: Simplify find_interface_by_syntax_id()
Directly use ndr_syntax_id_equal() instead of duplicating it with
interface_match_by_uuid().

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Samuel Cabrero <scabrero@samba.org>
2021-01-28 16:58:35 +00:00
Volker Lendecke
9c1d7632e3 librpc: Convert find_interface_by_uuid to search by syntax_id
All callers manually dissected the syntax id for this API.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Samuel Cabrero <scabrero@samba.org>
2021-01-28 16:58:35 +00:00
Volker Lendecke
7528b7886b librpc: Fix a typo
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Samuel Cabrero <scabrero@samba.org>
2021-01-28 16:58:35 +00:00
Volker Lendecke
9d512a099a librpc: Simplify dcesrv_check_or_create_context()
Use ndr_syntax_id_buf_string(), avoid a talloc/talloc_free

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Samuel Cabrero <scabrero@samba.org>
2021-01-28 16:58:35 +00:00
Volker Lendecke
ce91a899a6 librpc: Simplify dcerpc_binding_string()
Make it follow a more conventional memory handling style for reallocs.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Samuel Cabrero <scabrero@samba.org>
2021-01-28 16:58:35 +00:00
Volker Lendecke
4df6c594c6 librpc: Simplify dcerpc_binding_string()
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Samuel Cabrero <scabrero@samba.org>
2021-01-28 16:58:35 +00:00
Volker Lendecke
08757d213e rpc_server: Introduce "goto nomem;" to dcesrv_endpoint_connect()
Avoid the control-flow changing NT_STATUS_HAVE_NO_MEMORY macro.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Samuel Cabrero <scabrero@samba.org>
2021-01-28 16:58:35 +00:00
Volker Lendecke
2b9ba992b6 lib: Simplify parse_guid_string() and ndr_syntax_id_from_string()
Return "bool" instead of NTSTATUS, use hex_byte() instead of
read_hex_bytes(). And parse directly into a struct GUID instead of the
components. 99 lines less code.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Samuel Cabrero <scabrero@samba.org>
2021-01-28 16:58:35 +00:00
Volker Lendecke
fcf60f155a librpc: Simplify dcerpc_binding_set_abstract_syntax()
It might be a question of style, but I find it simpler this way.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Samuel Cabrero <scabrero@samba.org>
2021-01-28 16:58:35 +00:00
Volker Lendecke
eed1257268 librpc: Use ndr_syntax_id_buf_string() in dcerpc_binding_set_abstract_syntax()
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Samuel Cabrero <scabrero@samba.org>
2021-01-28 16:58:35 +00:00
Volker Lendecke
243ce60212 librpc: Use ndr_syntax_id_buf_string() in dcerpc_sec_vt_pctx_check()
"mem_ctx" is no longer needed

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Samuel Cabrero <scabrero@samba.org>
2021-01-28 16:58:35 +00:00
Volker Lendecke
a35c8a0ec2 librpc: Add ndr_syntax_id_buf_string()
Same pattern as GUID_buf_string()

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Samuel Cabrero <scabrero@samba.org>
2021-01-28 16:58:35 +00:00
Volker Lendecke
2e3e297b25 librpc: Add a NULL check to dcerpc_binding_build_tower()
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Samuel Cabrero <scabrero@samba.org>
2021-01-28 16:58:35 +00:00
Volker Lendecke
9374313f03 libndr: Simplify ndr_print_GUID()
Fix a small memleak of the tmp GUID_string

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Samuel Cabrero <scabrero@samba.org>
2021-01-28 16:58:35 +00:00
Volker Lendecke
10d3a1c068 rpc_server: Fix a typo
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2021-01-22 19:54:38 +00:00
Volker Lendecke
b4077f7911 librpc: Fix a small memleak in epm_floor_string()
Use GUID_buf_string(), don't leak the output of GUID_string()

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2021-01-22 19:54:38 +00:00
Volker Lendecke
b417fd1967 rpc_server: Slightly simplify dcesrv_bind()
Factor out dereferencing conn->dce_ctx

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2021-01-22 19:54:37 +00:00
Volker Lendecke
ec4850d520 rpc_server: Slightly simplify dcesrv_bind()
We have already dereferenced call->conn in a variable, use that.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2021-01-22 19:54:37 +00:00
Volker Lendecke
922b8d18c3 librpc: gen_ndr/dcerpc.h references DATA_BLOB
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2021-01-12 00:10:30 +00:00
Volker Lendecke
cc01ba1b0e librpc: Align a few integer types
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2021-01-12 00:10:30 +00:00
Volker Lendecke
ca0104d451 rpc_server: Fix an error path memleak
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2021-01-12 00:10:30 +00:00
Volker Lendecke
93d387fb6d rpc_server: Avoid a pointless ZERO_STRUCTP
We've done talloc_zero() 4 lines above.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2021-01-12 00:10:30 +00:00
Volker Lendecke
f9f7aafaeb rpc_server: Move a variable closer to its use
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2021-01-12 00:10:30 +00:00
Volker Lendecke
83d85833bb rpc_server: Fix a typo
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2021-01-12 00:10:30 +00:00
Volker Lendecke
08da3439ed librpc: Use GUID_buf_string in dcerpc_binding_string()
Avoid a (small) memleak

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Samuel Cabrero <scabrero@samba.org>

Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Mon Jan 11 14:25:04 UTC 2021 on sn-devel-184
2021-01-11 14:25:04 +00:00
Volker Lendecke
de9b7312f1 librpc: Fix an error path memleak
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2021-01-08 20:31:33 +00:00
Andreas Schneider
8bbe5c8c94 librpc: Add dcerpc helper dcerpc_is_transport_encrypted()
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
2020-10-29 14:19:36 +00:00
Andreas Schneider
56879ec587 idl: Add SID_SAMBA_SMB3
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
2020-10-29 14:19:36 +00:00