1
0
mirror of https://github.com/samba-team/samba.git synced 2025-01-11 05:18:09 +03:00
Commit Graph

2168 Commits

Author SHA1 Message Date
Andrew Bartlett
82aff583b7 libndr: Return enum ndr_err_code from ndr_{pull,push}_steal_switch_value()
This breaks the ABI so we merge this into the unreleased libndr-1.0.0.

The advantage of the new functions is there (except for print, which
is unchanged) is an error raised when the token is not found, so
we can be confident in the changes to the token behaviour.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13876

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>

Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Thu Dec 12 03:56:23 UTC 2019 on sn-devel-184
2019-12-12 03:56:23 +00:00
Andrew Bartlett
d30c377d8c librpc/ndr: Remove ndr_{push,pull}_get_switch_value()
By removing this we know we do not need to worry about this list
growing without bounds.  We merge this into the recently created but
not yet released ABI 1.0.0

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13876

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
2019-12-12 02:30:41 +00:00
Andrew Bartlett
a44717394d librpc: Remove last callers of ndr_push_get_switch_value()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13876

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
2019-12-12 02:30:40 +00:00
Andrew Bartlett
b880bda589 librpc: Remove last callers of ndr_pull_get_switch_value()
By removing this we know we do not need to worry about this list
growing without bounds.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13876

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
2019-12-12 02:30:40 +00:00
Andrew Bartlett
92a7c5a726 librpc: Do not follow a NULL pointer when calculating the size of a union
Found by Douglas Bagnall using Hongfuzz and the new fuzz_ndr_X
fuzzer.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13876

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
2019-12-12 02:30:40 +00:00
Andrew Bartlett
362d70ff2f librpc: Do not follow a NULL pointer when calculating the size of a structure
Found by Douglas Bagnall using Hongfuzz and the new fuzz_ndr_X
fuzzer.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13876

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
2019-12-12 02:30:40 +00:00
Andrew Bartlett
e08461b284 pidl: Add and use ndr_print_steal_switch_value(), removing ndr_print_get_switch_value()
This avoids really long token lists for switch values
that will not be needed past this point.

The function name is changed to clarify what exactly is being
done here, and the old function is removed to ensure it is
not being used anywhere else.

Merge the removal of ndr_print_get_switch_value into
just-tagged librpc/ABI/ndr-1.0.0.sigs as this
has not been put into any release yet.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13876

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
2019-12-12 02:30:40 +00:00
Andrew Bartlett
e1a15710a4 librpc/ndr: Add ndr_push_steal_switch_value()
This will allow generated code to instead push and pop union values onto the
switch_list stack, which is more memory efficient than creating a single large
list to be scannned and eventually discarded.

Merge into unreleased ABI 1.0.0

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13876

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
2019-12-12 02:30:40 +00:00
Andrew Bartlett
f7bcf227f7 librpc: Set the switch_value before NDR_BUFFERS to prepare for new libndr behaviour
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13876

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
2019-12-12 02:30:40 +00:00
Andrew Bartlett
a22a22e4a8 negoex: Set the switch_value before NDR_BUFFERS to prepare for new libndr behaviour
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13876

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
2019-12-12 02:30:40 +00:00
Andrew Bartlett
7a0ed44b0e ndr: Restrict size of ndr_token lists to avoid memory abuse by malicious clients
This is designed to stop a very large number of tokens from being stored for
arrays of structures containing relative pointers in particular.

This was one part of the minimum patch for CVE-2019-14908 before
being downgraded as not a security-release worthy issue.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13876

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
2019-12-12 02:30:39 +00:00
Andrew Bartlett
4501663f6e libndr: Do not overwrite token list with NULL on allocation failure
This was one part of the minimum patch for CVE-2019-14908 before
being downgraded as not a security-release worthy issue.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13876

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
2019-12-12 02:30:39 +00:00
Samuel Cabrero
e24ce0023f pidl:NDR/Server: Allow to define endpoint server shutdown functions
The next commits will register legacy api_struct when the endpoint server
is initialized. This commit adds a shutdown function which will be used
to unregister the legacy api_struct.

The shutdown function will be also used to replace the rpc_srv_callbacks
struct shutdown member used, for example, by the spoolss service to
cleanup before exiting.

Signed-off-by: Samuel Cabrero <scabrero@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2019-12-12 00:35:31 +00:00
Samuel Cabrero
79af978c81 librpc:core: Add a function to reinitialize the dcesrv_context
Clears all registered endpoints and interfaces, association groups and
broken connections.

To be used by S3 forked daemons.

Signed-off-by: Samuel Cabrero <scabrero@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2019-12-12 00:35:30 +00:00
Samuel Cabrero
90eb485cf9 librpc:core: Add public functions to initialize endpoint servers
The dcesrv_init_registered_ep_servers() will be used by the S3 server to
initialize all registered endpoint servers (for embedded services), and
the dcesrv_init_ep_server() function will be used by the external
daemons to initialize the required ones.

As serveral S3 services may require to initialize another one before
itself (svcctl and eventlog for example require winreg) a boolean flag is
added to track the initialization status.

Signed-off-by: Samuel Cabrero <scabrero@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2019-12-12 00:35:30 +00:00
Samuel Cabrero
39dfc5c82b librpc:core: Split dcesrv context init and endpoint servers init
The S4 server will initialize the endpoint servers specified in smb.conf,
but the S3 server need to initialize all registered endpoint servers (the
embedded ones).

Signed-off-by: Samuel Cabrero <scabrero@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2019-12-12 00:35:30 +00:00
Andrew Bartlett
fee5c6a424 librpc/idl/dnsserver.idl: Ensure DnsProperty id matches what is pulled from the stored buffer
There are two concerns here, assuming the attacker can place arbitary values
in a dnsProperty attribute over LDAP (eg is a DNS administrator).

This comes from the fact that id is used as the switch value at the C layer
but at the NDR layer the wDataLength value is considered first.

One concern is that a pull/push round-trip could include server memory:

 The previous switch_is() behaviour could store the server memory back
 into the attribute.

 However this pattern of pull/push only happens in ndrdump and fuzzing tools, as
 dnsserver_db_do_reset_dword() operates only on the uint32/bitmap union
 arms, and fully initialises those.

The other is that a pull of the attacker-supplied value could
cause the server to expose memory.

 This would be over the network via DNS or the RPC dnsserver protocols.
 However at all times the ndr_pull_struct_blob is passed zeroed memory.

The final concern (which fuzz_ndr_X found) is that in the ndr_size_dnsPropertyData()
the union descriminent is only id.

 This has no impact as only zeroed memory is used so there will be a
 zero value in all scalars, including data->d_ns_servers.AddrArray.

 Therefore the server will not crash processing the attacker-supplied blob

[MS-DNSP] 2.3.2.1 dnsProperty has no mention of this special behaviour.
https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-dnsp/445c7843-e4a1-4222-8c0f-630c230a4c80

This was known as CVE-2019-14908 before being triaged back to a normal bug.

Found by Douglas Bagnall using Hongfuzz and the new fuzz_ndr_X fuzzer.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14206
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Gary Lockyer <gary@samba.org>
2019-12-12 00:35:30 +00:00
Andrew Bartlett
3ca76f5907 librpc: Fill in full deps for NDR_* subsystems
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2019-12-10 07:50:28 +00:00
Douglas Bagnall
e737988641 dcerpc: developer option to save ndr_fuzz_X seeds
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Pair-programmed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2019-12-10 07:50:28 +00:00
Douglas Bagnall
7b265830ad lib/fuzzing: add fuzz_ndr_X
This NDR fuzzer links with each "interface" in the IDL files to
create avsingle binary.  This tries to matches what the fuzzing
engines desire.

It started as a copy of ndrdump but very little of that remains
in place.

The fancy build rules try to avoid needing a lof of boilerplate
in the wscript_build files and ensure new fuzzers are generated
and run when new IDL is added automatically.

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Pair-programmed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2019-12-10 07:50:28 +00:00
Andrew Bartlett
b6913830bf librpc/ndr: Do not follow a client-supplied NULL pointer in _print_drsuapi_DsAttributeValue_attid()
This is not a security issue as it only happens when printing the structure
during debugging, not normal production.

Found by Michael Hanselmann using an NDR fuzzer and Hongfuzz.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2019-12-10 02:53:34 +00:00
Andrew Bartlett
d15a3797c7 librpc: Avoid spinning on string_array elements with a short input
Without this protection we will spin during decode of a string_array or nstring_array
that is terminated by only a single NUL byte, not two as required by UTF-16.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13874

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2019-12-04 05:10:31 +00:00
Gary Lockyer
bf8063e369 librpc ndr: Tests for ndr_pull_string
Tests to ensure that ndr_pull_string handles zero and one byte length
data correctly for both character strings and UTF-16 strings.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=13874

Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2019-12-04 05:10:31 +00:00
Volker Lendecke
4cd6c87a3d libndr: Fix a talloc context leak
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2019-12-02 21:23:35 +00:00
Andrew Bartlett
b866018c2c ndrdump: Do not run the validate step after a failure
This avoids ending a failed parse with 'dump OK'

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2019-11-29 00:44:41 +00:00
Andrew Bartlett
ef0257b105 ndrdump: Improve error message when the pipes fail to dump
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2019-11-29 00:44:40 +00:00
Andrew Bartlett
bbae56411c ndrdump: Show the actual struct/function name in the print, not just what it was called
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2019-11-29 00:44:40 +00:00
Andrew Bartlett
674d2cfd04 librpc/ndr: Remove unused ndr_cab_generate_checksum()
This function is not just unused, it is a problem because there is no
enforced connection between r->ab.length and r->cbData.

The last caller was removed in the previous commit.

Found by Douglas Bagnall using Hongfuzz and the new fuzz_ndr_X
fuzzer.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2019-11-29 00:44:40 +00:00
Andrew Bartlett
bd81733bb7 librpc: Make CFDATA private to cab.idl and remove pull and push functions
We can do this because ndr_{pull,push}_CFDATA is unused.

The earlier commit 466d5e8147 removed
the link between "uint16 cbData" and the size of "DATA_BLOB ab" so
when the new ndr_fuzz_X fusser pushed a new structure this allowed
a read beyond the end of allocated memory.

The ndr_push_cab_file() function is also manually written and
does not rely on the value of cbData to calculate the checksum.

Found by Douglas Bagnall using Hongfuzz and the new fuzz_ndr_X
fuzzer, which like ndrdump's struct mode uses the public structure
tables.  (This is how it found the unused functions to test).

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2019-11-29 00:44:40 +00:00
Andrew Bartlett
f7f92803f6 librpc: Check for NULL pointer in value() in ntlmssp_AUTHENTICATE
This allows ndrdump --validate to avoid following a NULL pointer when re-pushing
a valid but unusual input.

It also avoids an issue if the Samba server code were to provide a response
without an EncryptedRandomSessionKey.

At this stage ntlmssp.idl is not used for this, instead the packets are
generated with msrpc_gen().

Found by Douglas Bagnall using Hongfuzz and the new fuzz_ndr_X
fuzzer.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>

Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Wed Nov 20 06:06:29 UTC 2019 on sn-devel-184
2019-11-20 06:06:29 +00:00
Douglas Bagnall
536a84935c ndr_orpc: properly allocate empty DUALSTRINGARRAY
When there is no data we still need to allocate for the terminating NULL.

Found by Michael Hanselmann using Honggfuzz and an fuzzer for Samba's
NDR layer.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13875

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2019-11-20 04:41:28 +00:00
Andrew Bartlett
2da54d11f1 ndrdump: Still print --dump bytes after parse failure
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2019-11-20 04:41:28 +00:00
Andrew Bartlett
0491f17275 ndrdump: Invert sense of --stop-on-parse-failure into --print-after-parse-failure
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2019-11-20 04:41:28 +00:00
Andrew Bartlett
c83ad13e58 ndrdump: Return a different error code for ndr_pull() failures
This may assist in distinguishing between "runner" and "pull" failures.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2019-11-20 04:41:28 +00:00
Andrew Bartlett
6f0d30fd5c ndrdump: Allow for base64-encoded input in a file and on the command line
It has become customary to provide reproduction steps for fuzzing failures
in terms of an ndrdump command line.  This allows the input to be provided
as a argument or in a file rather than via base64 -d.  This makes reproducing
the issue easier as everything can be put in a plaintext bug report.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2019-11-20 04:41:28 +00:00
Andrew Bartlett
d4eabfb763 ndrdump: Check for input decode failures
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2019-11-20 04:41:28 +00:00
Andrew Bartlett
3194baaf88 ndrdump: Add const
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2019-11-20 04:41:27 +00:00
Andrew Bartlett
c90bc75df8 ndrdump: TALLOC_FREE() on each exit path to allow running with leak detection
This allows us to learn if there are other memory leaks not on the mem_ctx
during the processing of the packet.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2019-11-20 04:41:27 +00:00
Andrew Bartlett
8a6f1de67b ndrdump: print structure name when failing to setup
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2019-11-20 04:41:27 +00:00
Andrew Bartlett
db6c12f158 ndrdump: Fix one more NTSTATUS rather than friendly ndr message
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2019-11-20 04:41:27 +00:00
Andrew Bartlett
1af1ebe54a librpc: Unify packet dumping on ndr_pull() failure
There were two duplicate implementations of packet dumping just for the s4 RPC server!

This unifies them and makes them easier to find because they are not triggered
from the generated server stub any more.

The behaviour have unified on setting "dcesrv:stubs directory" and
being compiled with --enable-developer.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Samuel Cabrero <scabrero@samba.org>

Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Wed Nov 20 02:14:56 UTC 2019 on sn-devel-184
2019-11-20 02:14:56 +00:00
Volker Lendecke
51f16ec578 librpc: Fix CID 1455913 Use after free
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2019-11-19 16:13:36 +00:00
Andrew Bartlett
42ac80fb46 ndr: Include the caller location in ndr_{pull,push}_error() messages
This should aid in debugging NDR parse failures.

Use the ABI bump to again exclude ndr_table_misc incorrectly
added in ABI 0.2.1.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>

Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Tue Nov 19 14:47:46 UTC 2019 on sn-devel-184
2019-11-19 14:47:46 +00:00
Andrew Bartlett
183da1f9fd witness.idl: Change array type in IDL for the print function
It is important that the generated print function checks r->messages
before de-referencing r->messages[num] as r->num can be non-zero
while r->messages is NULL.

There is not witness server in Samba and print functions are only
used during debugging and ndrdump in any case.

The change in the IDL does not change the header and the IDL
function is already nopull,nopush so only the print function changes.

Found by Douglas Bagnall using Honggfuzz and a new fuzzer for
Samba's NDR layer.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2019-11-19 13:21:29 +00:00
Douglas Bagnall
e856877ef8 ndrdump: avoid use after free
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

Autobuild-User(master): Douglas Bagnall <dbagnall@samba.org>
Autobuild-Date(master): Sun Nov 17 23:54:11 UTC 2019 on sn-devel-184
2019-11-17 23:54:11 +00:00
Andrew Bartlett
816869ecea ndrdump: Use human-readable strings for NDR decode errors
These make much more sense than the NTSTATUS values they can be forced
to map to.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2019-11-17 22:28:41 +00:00
Andrew Bartlett
b3bdb17a35 selftest: Test fix for ndrdump of structures by number
This requires that misc.GUID not move in the IDL, so a comment is added.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14191

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2019-11-17 22:28:41 +00:00
Douglas Bagnall
2bb642d98e ndrdump: correctly find the public strict by number
We were finding a function that happened to have the same ordinal
number.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14191

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2019-11-17 22:28:41 +00:00
Andrew Bartlett
f1fa0d3b9d librpc: Use the fact that file_save() now uses O_EXCL in dcerpc_log_packet()
This avoids a race with file_exist() and demostrates a better
way to use this function.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>

Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Fri Nov 15 18:48:27 UTC 2019 on sn-devel-184
2019-11-15 18:48:27 +00:00
Andrew Bartlett
83b1c21dd0 librpc: Do not return an NDR table for a zero GUID
The source3 RPC server will do a lookup by GUID and should
not be returned a table for a zero GUID.

Thankfully such a pipe would also need to have been registered
but regardless this is not a determinsitic result so should
be avoided.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2019-11-14 08:01:43 +00:00
Andrew Bartlett
01bb7cff02 ndrdump: check bounds when passed functions/structs by integer
The function or struct number should be >= 0 ans the underlying
number it is compared to is uint32_t.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14191

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Pair-programmed-with: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>

Autobuild-User(master): Douglas Bagnall <dbagnall@samba.org>
Autobuild-Date(master): Wed Nov 13 01:55:33 UTC 2019 on sn-devel-184
2019-11-13 01:55:33 +00:00
Andrew Bartlett
3b9e983b64 ndrdump: Fix new "struct" feature
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14191

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Pair-progammed-with: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2019-11-13 00:32:37 +00:00
Andrew Bartlett
1bd1ae0593 pidl: Generate the trailing ndr_table even if the UUID is not set
This allows ndrdump to dump many more public structures because most
of these are not in files with a UUID as they are not RPC protocols.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14191

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Pair-progammed-with: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2019-11-13 00:32:37 +00:00
Andrew Bartlett
7299b9ba90 librpc: Allow registration of ndr tables with a zero UUID
This helps ndrdump find public structures to dump

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14191

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2019-11-13 00:32:37 +00:00
Andrew Bartlett
88c8cd7a1e librpc: Do not place the ndr_table for windows_event_ids.idl in the global list
This is just a list of event IDs, there are no structures to parse.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14191

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Pair-progammed-with: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2019-11-13 00:32:36 +00:00
Douglas Bagnall
dfbb304958 ndrdump: add --stop-on-parse-failure
If a data stream fails to parse as an NDR object, the default ndrdump
action is to try to print those structures anyway, resulting perhaps in
a NULL dereference. Sometimes you don't want to see that because it isn't
very interesting and makes it harder to distinguish a crash in the parse
routines. So --stop-on-parse-failure will skip the print and validate
stages altogether if the parse failed.

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Pair-programmed-with: Andrew Bartlett <abartlet@samba.org>
2019-11-13 00:32:36 +00:00
Andrew Bartlett
a106ceb7bf librpc: Match interface name and file name for bkupblobs.idl
This helps generate fuzzers for this IDL.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2019-11-13 00:32:36 +00:00
Douglas Bagnall
8a627b5d65 librpc: Fix typo in "quota" name in IDL
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2019-11-13 00:32:36 +00:00
Björn Jacke
5915a40b25 librpc/ndr/ndr_compression.c: typo fixes
Signed-off-by: Bjoern Jacke <bjacke@samba.org>
Reviewed-by: Martin Schwenke <martin@meltin.net>
2019-10-31 00:43:36 +00:00
Samuel Cabrero
50f69b6054 librpc:core: Make dcesrv_find_endpoint public
Will be used from s3 implementation when a connection is passed to other
process where a particular association group was created.

Signed-off-by: Samuel Cabrero <scabrero@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>

Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Fri Oct 18 17:30:39 UTC 2019 on sn-devel-184
2019-10-18 17:30:39 +00:00
Samuel Cabrero
e10028a050 librpc:core: Return NTSTATUS for dcesrv_find_endpoint
Signed-off-by: Samuel Cabrero <scabrero@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2019-10-18 16:07:38 +00:00
Samuel Cabrero
08c663828c librpc:core: Rename find_endpoint to dcesrv_find_endpoint
This function will be public and available for s3 and s4 implementations.

Signed-off-by: Samuel Cabrero <scabrero@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2019-10-18 16:07:38 +00:00
Samuel Cabrero
73948df2f1 librpc:core: Initialize static variable
Signed-off-by: Samuel Cabrero <scabrero@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2019-10-18 16:07:37 +00:00
Samuel Cabrero
6a6546b565 librpc:core: Allocate struct dcesrv_interface with talloc
The S3 implementation needs to reinit the dcesrv_context and free the
endpoints list with their registered interfaces.

Signed-off-by: Samuel Cabrero <scabrero@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2019-10-18 16:07:37 +00:00
Samuel Cabrero
52727543b0 librpc:core: Set debug class
Signed-off-by: Samuel Cabrero <scabrero@suse.de>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2019-10-18 16:07:37 +00:00
Samuel Cabrero
491102b5b2 s4:rpc_server: Move core functions to core library
Signed-off-by: Samuel Cabrero <scabrero@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2019-10-18 16:07:37 +00:00
Samuel Cabrero
076ec9173e s4:rpc_server: Move core structures and prototypes to core library
Signed-off-by: Samuel Cabrero <scabrero@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2019-10-18 16:07:37 +00:00
Samuel Cabrero
3f33fdf2e3 librpc: Add new dcerpc server core library
Next commits will move the core of s4 rpc server to this library.

Signed-off-by: Samuel Cabrero <scabrero@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2019-10-18 16:07:37 +00:00
Samuel Cabrero
63b7889461 librpc: Move dcerpc_log_packet from s4 librpc to common librpc
Signed-off-by: Samuel Cabrero <scabrero@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2019-10-18 16:07:36 +00:00
Samuel Cabrero
ae9956a65e librpc: Move dcerpc_ncacn_push_auth from s4 librpc to common librpc
Signed-off-by: Samuel Cabrero <scabrero@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2019-10-18 16:07:36 +00:00
Samuel Cabrero
83def9a945 s4:rpc_server: Split dcerpc_generic_session_key for server and client
Split the common bits of dcerpc_generic_session_key to librpc and rename
client the specific part to dcecli_generic_session_key.

Signed-off-by: Samuel Cabrero <scabrero@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2019-10-18 16:07:36 +00:00
Andrew Bartlett
d7bb9f5425 librpc: Remove server build of oxidresolver.idl
We do not have a server for this DCOM component so do not generate
the code for it.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
2019-10-10 08:08:45 +00:00
Andrew Bartlett
b273924b8a librpc: Remove client and server build of w32time.idl
We do not have a server for the Win32 Time Server so do not generate
the code for it.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
2019-10-10 08:08:45 +00:00
Andrew Bartlett
c46191b878 librpc: Remove client and server build of rot.idl
We do not have a client or server for this DCOM component so do not generate
the code for it.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
2019-10-10 08:08:45 +00:00
Andrew Bartlett
091e8fe14b librpc: Remove s4 server build of dfs
We do not have a source4 varient of the dfs server, so do not generate
the code for it.

DFS is very closely tied to SMB so we use the DFS server in
smbd.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
2019-10-10 08:08:45 +00:00
Andrew Bartlett
718f9da0a7 librpc: Remove s3 server build of unixinfo
We do not have a source3 varient of the unixinfo server, so do not generate
the code for it.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
2019-10-10 08:08:45 +00:00
Andrew Bartlett
83fae58486 librpc: Add commnets on the split out of IDL files
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
2019-10-10 08:08:45 +00:00
Andrew Bartlett
759660b16a librpc: Remove server build of remact.idl
We do not have a server for the DCOM Remote activation service, so do not generate
the code for it.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
2019-10-10 08:08:45 +00:00
Andrew Bartlett
6250fe29dd librpc: Remove s4 server build of ntsvcs
We do not have a source4 varient of the ntsvcs server, so do not generate
the code for it.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
2019-10-10 08:08:45 +00:00
Andrew Bartlett
8216c2187f librpc: Remove s4 server build of initshutdown
We do not have a source4 varient of the initshutdown server, so do not generate
the code for it.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
2019-10-10 08:08:45 +00:00
Andrew Bartlett
f45ceb0df9 librpc: Remove unused build of atsvc server
This avoids building server-side code we do not use and so makes the build
smaller and code auditing easier.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
2019-10-10 08:08:45 +00:00
Ralph Boehme
c9b6298249 mdssvc.idl: pass policy_handle as pointer
No change in behaviour, this just changes all functions to take the
policy_handle argument as pointer instead of passing it by value.
This is how all other IDLs pass it.

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Noel Power <noel.power@suse.com>

Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Wed Oct  9 15:52:55 UTC 2019 on sn-devel-184
2019-10-09 15:52:55 +00:00
Günther Deschner
86a0e4850e librpc/ndr: add ndr_print_netlogon_samlogon_response()
Guenther

Signed-off-by: Guenther Deschner <gd@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2019-09-26 18:41:26 +00:00
Günther Deschner
01b0e5aadf spoolss: Add PRINTER_DRIVER_CATEGORY_3D driver define
Guenther

Signed-off-by: Guenther Deschner <gd@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>

Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Fri Sep 20 12:58:49 UTC 2019 on sn-devel-184
2019-09-20 12:58:49 +00:00
Günther Deschner
2d5facc954 s4-torture: add netr_LogonGetDomainInfo NDR(64) tests
Guenther

Signed-off-by: Guenther Deschner <gd@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>

Autobuild-User(master): Günther Deschner <gd@samba.org>
Autobuild-Date(master): Fri Sep 20 02:32:44 UTC 2019 on sn-devel-184
2019-09-20 02:32:44 +00:00
Stefan Metzmacher
8f0751b8b7 netlogon.idl: fix the marshalling of netr_trust_extension_container for NDR64
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
2019-09-20 01:14:43 +00:00
Stefan Metzmacher
0fea2707fb netlogon.idl: fix the marshalling of netr_OsVersion for NDR64
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
2019-09-20 01:14:43 +00:00
Stefan Metzmacher
c87cf54684 security.idl: add SE_GROUP_INTEGRITY[_ENABLED] to security_GroupAttrs
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
2019-09-20 01:14:42 +00:00
Stefan Metzmacher
09de6f0618 librpc/idl: change from samr_GroupAttrs in samr.idl to security_GroupAttrs in security.idl
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
2019-09-20 01:14:42 +00:00
Stefan Metzmacher
73b93e1a70 security.idl: add GUID_DRS_ALLOWED_TO_AUTHENTICATE
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
2019-09-20 01:14:42 +00:00
Günther Deschner
7ba90c1734 lsa: document new LSA trust attributes
Guenther

Signed-off-by: Guenther Deschner <gd@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2019-09-20 01:14:42 +00:00
Mathieu Parent
619e8f46d8 Spelling fixes s/ upto / up to /
Signed-off-by: Mathieu Parent <math.parent@gmail.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
2019-09-01 22:21:27 +00:00
Ralph Boehme
9d6794df72 librpc: add RPC_NDR_MDSSVC
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2019-08-08 20:24:32 +00:00
Ralph Boehme
0b1d9d40c2 s3:mdssvc: supposed status field is in fact a fragment indicator
Spotted this in mdssvc response that containied many results for a search
request: if the mdssvc response blob is larger then ~32k, the server fragments
the response in 32k fragments and sets the "fragment" field to 1.

Note that mdssvc implemenets result set "fragmentation" at the result set layer,
not at the marshalled response buffer layer. Therefor mdssvc always sets this
field to 0.

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2019-08-08 20:24:32 +00:00
Volker Lendecke
ee9527f5c3 librpc/idl: fix build with --enable-spotlight
Fix regression introduced by 88bb8fe43a.

Pair-programmed-with: Volker Lendecke <vl@samba.org>
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>

Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Tue Jul  2 14:52:17 UTC 2019 on sn-devel-184
2019-07-02 14:52:17 +00:00
Ralph Boehme
3e005fb8f4 idl: add xattr_DosInfo4 to xattr_DosInfo in xattr.idl
Adding itime, removing unused ea_size, size, alloc_size and change_time.

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2019-07-01 21:43:23 +00:00
Noel Power
9c58684566 librpc/ndr: clang: Fix warning 'Value stored to 'towernum' is never read'
Fixes:

librpc/ndr/ndr_orpc.c:140:2: warning: Value stored to 'towernum' is never read <--[clang]
        towernum = 0;
        ^          ~
1 warning generated.

Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
2019-06-26 10:30:23 +00:00
Andrew Bartlett
5df815cfd2 pidl: Remove the need to always specify --client with --python
This allows us to avoid generating client code for NDR-only protocols that do
not go over DCE/RPC

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2019-06-26 04:12:33 +00:00
Andrew Bartlett
46bf62dd0c librpc: No longer generate or build unused client bindings for frsrpc
We retain the IDL and NDR parsers for ndrdump.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2019-06-26 04:12:33 +00:00
Andrew Bartlett
88bb8fe43a librpc: Do not generate extra unused client or python bindings with PIDL
This sorts out the idl list into the parts that actually need --python and --client specified
and so speeds up the compile and clarifies the code behaviour.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2019-06-26 04:12:33 +00:00
Andrew Bartlett
6f9176e649 librpc: Remove frsblobs.idl
We can now dump public structures using ndrdump, so helper dump functions
are not required any more.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2019-06-26 04:12:33 +00:00
Andrew Bartlett
9c7e8f3a35 librpc: Remove unused RPC_NDR_MDSSVC
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2019-06-26 04:12:33 +00:00
Andrew Bartlett
ba222585ca librpc: Remove unused RPC_NDR_KEYSVC
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2019-06-26 04:12:33 +00:00
Andrew Bartlett
2555692f48 librpc: Remove unused RPC_NDR_TRKWKS
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2019-06-26 04:12:33 +00:00
Andrew Bartlett
634b44c25e librpc: Remove unused RPC_NDR_SCERPC
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2019-06-26 04:12:33 +00:00
Andrew Bartlett
bee87eecb8 librpc: Remove unused RPC_NDR_WZCSVC
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2019-06-26 04:12:33 +00:00
Andrew Bartlett
a162d68f58 librpc: Remove unused RPC_NDR_MSGSVC
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2019-06-26 04:12:33 +00:00
Andrew Bartlett
21eec4cf3c librpc: Remove unused RPC_NDR_SERVER_ID
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2019-06-26 04:12:33 +00:00
Andrew Bartlett
34206deb35 librpc: Remove unused RPC_NDR_NBT
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2019-06-26 04:12:33 +00:00
Andrew Bartlett
57ed8db7a2 librpc: Remove unused RPC_NDR_DSBACKUP
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2019-06-26 04:12:33 +00:00
Andrew Bartlett
c6f9ff9cce librpc: Remove unused RPC_NDR_POLICYAGENT
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2019-06-26 04:12:33 +00:00
Andrew Bartlett
0531893451 librpc: Remove unused RPC_NDR_EFS
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2019-06-26 04:12:33 +00:00
Andrew Bartlett
4bfd001d79 librpc: Remove unused RPC_NDR_AUDIOSRV
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2019-06-26 04:12:33 +00:00
Andrew Bartlett
48f65c851a librpc: Remove unused RPC_NDR_SMB_ACL
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2019-06-26 04:12:33 +00:00
Andrew Bartlett
0af3a6139d librpc: Remove unused RPC_NDR_IDMAP
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2019-06-26 04:12:33 +00:00
Andrew Bartlett
8e83667fe4 librpc: Remove unused RPC_NDR_XATTR
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2019-06-26 04:12:32 +00:00
Andrew Bartlett
27ad784bfb librpc: Remove unused RPC_NDR_DRSBLOBS
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2019-06-26 04:12:32 +00:00
Andrew Bartlett
518227b674 librpc: Remove unused RPC_NDR_NTLMSSP
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2019-06-26 04:12:32 +00:00
Andrew Bartlett
dbff6cac31 librpc: Do not generate client code for dbgidl.idl
We only want to record the GUID and function table names, we do not need
to generate uncalled stubs.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2019-06-26 04:12:32 +00:00
Stefan Metzmacher
aa2a3d9509 dnsp.idl: fix payload for DSPROPERTY_ZONE_DELETED_FROM_HOSTNAME
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13969

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>

Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Fri Jun 21 11:02:21 UTC 2019 on sn-devel-184
2019-06-21 11:02:21 +00:00
Stefan Metzmacher
6fc7cc1504 dnsp.idl: fix the dnsp_dns_addr_array definition
The endian changes are needed in order to get the following result
from the blobs Windows generated (see the torture test):

  AddrArray: ARRAY(3)
      AddrArray: struct dnsp_dns_addr
          family                   : 0x0002 (2)
          port                     : 0x0035 (53)
          ipv4                     : 172.31.99.33
          ipv6                     : 0000:0000:0000:0000:0000:0000:0000:0000

[MS-DNSP] states that the port is supposed to be ignored, but it's still
good to decode it as port '53' (0x0035) instead of '13568' (0x3500).

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13969

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
2019-06-21 08:49:19 +00:00
Stefan Metzmacher
6d958af0b4 dnsp.idl: fix dnsp_ip4_array definition
In future we should use ipv4address, but that would result in a much
larger change.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13969

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
2019-06-21 08:49:19 +00:00
Volker Lendecke
871bb7562c smbd: Remove unused brlock code
No PENDING locks in brlock.tdb anymore.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2019-06-20 17:18:19 +00:00
Noel Power
0152925879 librpc/ndr: clang: Fix Assigned value is garbage or undefined warning
Fixes:

librpc/ndr/ndr_basic.c:170:5: warning: Assigned value is garbage or undefined <--[clang]

Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Gary Lockyer gary@catalyst.net.nz
2019-06-11 12:10:17 +00:00
Gary Lockyer
532ba5a069 ntprinting.idl: remove decode functions
Remove the decode_* functions as they are no longer needed, and this
will reduce the amount of untested automatically generated code.

Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2019-06-06 03:30:18 +00:00
Gary Lockyer
dc78689425 security.idl: remove unused decode functions
Remove the decode_* functions as they are no longer needed, and this
will reduce the amount of untested automatically generated code.

Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2019-06-06 03:30:18 +00:00
Gary Lockyer
c89cfbd15d preg.idl: remove unused decode functions
Remove the decode_* functions as they are no longer needed, and this
will reduce the amount of untested automatically generated code.

Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2019-06-06 03:30:18 +00:00
Gary Lockyer
939d72df4b negoex.idl: remove unused decode functions
Remove the decode_* functions as they are no longer needed, and this
will reduce the amount of untested automatically generated code.

Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2019-06-06 03:30:18 +00:00
Gary Lockyer
f5cf33fa39 nbt.idl: remove unused decode functions
Remove the decode_* functions as they are no longer needed, and this
will reduce the amount of untested automatically generated code.

Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2019-06-06 03:30:18 +00:00
Gary Lockyer
66218cf1fb krb5pac.idl: remove unused decode functions
Remove the decode_* functions as they are no longer needed, and this
will reduce the amount of untested automatically generated code.

Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2019-06-06 03:30:18 +00:00
Gary Lockyer
1d89808dfb cab.idl: remove unused decode functions
Remove the decode_* functions as they are no longer needed, and this
will reduce the amount of untested automatically generated code.

Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2019-06-06 03:30:18 +00:00
Gary Lockyer
52cb4f11dd dnsp.idl: remove unused decode functions
Remove the decode_* functions as they are no longer needed, and this
will reduce the amount of untested automatically generated code.

Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2019-06-06 03:30:18 +00:00
Gary Lockyer
0195e8d464 ntlmssp.idl: remove unused decode functions
Remove the decode_* functions as they are no longer needed, and this
will reduce the amount of untested automatically generated code.

Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2019-06-06 03:30:18 +00:00
Gary Lockyer
41afed1189 drsblobs.idl: remove decode functions
Remove the decode_* functions as they are no longer needed, and this
will reduce the amount of untested automatically generated code.

Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2019-06-06 03:30:18 +00:00
Gary Lockyer
3bf05fbfd7 ndrdump: print public structures
Add a struct option to ndrdump that will allow it to print public
structures.
  i.e. binn/ndrdump dns dns_name_packet struct data.file

Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
2019-06-06 03:30:18 +00:00
Gary Lockyer
5d67e87d1c pidl: Allow ndrdump to print public structures
Generate code to allow ndrdump to operate on public structures.

Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2019-06-06 03:30:18 +00:00
Douglas Bagnall
c737b61cb4 librpc/ndr: make push_charset_to_null UTF-16 safe (CID 1399648)
The length is in test units, not bytes, and includes terminating
nulls. For 16-bit character sets, the terminating null must be two
bytes.

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
2019-05-09 22:39:27 +00:00
Andrew Bartlett
c9e6331afc ndrdump: change behaviour of flags to operate as flags
These are called flags because that is what they become to the ndr_pull function,
but to avoid total confusion treat them as flags generally even if the values are
always exclusive (at the moment).

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2019-04-12 04:38:14 +00:00
Michael Hanselmann
10dd15010b ndrdump: Remove local variables for pipes
There's no need for the local variables as the NDR call structure
pointer is kept around anyway.

Signed-off-by: Michael Hanselmann <public@hansmi.ch>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2019-04-12 04:38:14 +00:00
Stefan Metzmacher
140a6733a4 drsuapi.idl: add DRSUAPI_ATTID_schemaInfo
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13799

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
2019-04-11 04:17:09 +00:00
Volker Lendecke
d5877ec49e idl: Remove a trailing empty line
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2019-03-18 19:21:23 +00:00
Volker Lendecke
6625d35643 idl: Fix a typo
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2019-03-18 19:21:22 +00:00
Stefan Metzmacher
6da3664f8a ndr_spoolss_buf: fix out of scope use of stack variable in NDR_SPOOLSS_PUSH_ENUM_OUT()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13818

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: David Disseldorp <ddiss@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Björn Jacke <bjacke@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
2019-03-06 03:16:14 +00:00
Gary Lockyer
96e6adedcd librpc idl: netlogon netr_identity_info logon_id to 64 bit
Fold the two 32 bit values logon_id_high and logon_id_low into a single
64 bit logon_id in netr_identity_info.  This will be used to tie
together winbind and SamLogon requests in audit logging.

Summary of the of the Query and Response from Microsoft on it's usage.

[REG:119013019612095] [MS-NRPC]: NETLOGON_LOGON_IDENTITY_INFO: Does
the Reserved field have LogonId meaning?

Questions:
  In NetrLogonSamLogonEx does the Reserved field
  (of NETLOGON_LOGON_IDENTITY_INFO) have LogonId meaning?

  What is a valid LogonID, and does have any audit usage?

  Samba is sending a constant "deadbeef" in hex and would like to
  understand any usage of this field.

Response:
  The NRPC spec is accurate in defining the field as Reserved, and without
  protocol significance. In the header file in our source code, it is
  defined as LogonId and commented as such, but it’s effectively not used.
  This is probably why the API structure has that field name. It may have
  been intended as such but it’s not used.

Samba will send a random value in this field.

Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2019-02-20 06:03:09 +01:00
Andreas Schneider
96df6878ed lib:util: Move discard_const(_p) to own header for libndr.h
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13778

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2019-02-14 15:59:26 +01:00
Andreas Schneider
666802a3db librpc:ndr: Add NDR_ZERO_STRUCT(P) macros
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13778

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2019-02-14 15:59:26 +01:00
Andreas Schneider
2a7086f1ac librpc:ndr: Implement ndr_zero_memory()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13778

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2019-02-14 15:59:25 +01:00
Aliaksei Karaliou
51bc92d8c8 build: Get rid of hardcoded 'bin/default' in includes
Removed occurrences of bin/default used in #include directive for
auto-generated headers residing in build directory.
Build system is capable of resolving path to such headers by itself
without extra hardcoded path to build directory.

Signed-off-by: Aliaksei Karaliou <akaraliou@panasas.com>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
Reviewed-by: David Mulder <dmulder@suse.com>
Reviewed-by: Andreas Schneider <asn@samba.org>
2019-02-08 08:51:19 +01:00
Andreas Schneider
cca48c1a10 docs: Document DCEPRC binding string for rpcclient
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Mon Feb  4 02:03:56 CET 2019 on sn-devel-144
2019-02-04 02:03:56 +01:00
Volker Lendecke
64e05bc8c1 librpc: Solaris cc does not like unnamed struct members
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2019-02-03 13:52:29 +01:00
Stefan Metzmacher
29f9618e38 dns.idl: fix DNS_RCODE from 0xF to 0x1F
commit 74206984da introduced
TSIG related error codes up to DNS_RCODE_BADALG   = 0x15

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2019-01-29 22:09:07 +01:00
Justin Stephenson
5c1514e677 librpc:idl: Fix pszDestInfPath winspool parameter type
The in/out type of pszDestInfPath needs to be a string type for
RPC call UploadPrinterDriverPackage.

Per the Spec:

[in, out, unique, size_is(*pcchDestInfPath)] wchar_t* pszDestInfPath,

 pszDestInfPath: A pointer to a buffer that receives a string that
 specifies the full path of the directory to which the driver
 installation control file was copied.

Signed-off-by: Justin Stephenson <jstephen@redhat.com>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Bjoern Jacke <bjacke@samba.org>
2019-01-28 15:44:18 +01:00
Andreas Schneider
292dbbf133 librpc:rpc: Use C99 initializer for last element in dcerpc_faults
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2019-01-28 10:29:23 +01:00
Stefan Metzmacher
a94c4e55b7 librpc: add SMB_ASSERT(blob->length >= DCERPC_NCACN_PAYLOAD_OFFSET) protection
A lot of functions rely on having the 16 bytes dcerpc header to operate
on. This makes it more obvious and makes sure they can't be misused in
future.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=7113
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11892

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2019-01-12 03:13:31 +01:00
Stefan Metzmacher
c919514d2d librpc: add dcerpc_get_auth_{type,level,context_id}() helper functions
BUG: https://bugzilla.samba.org/show_bug.cgi?id=7113
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11892

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2019-01-12 03:13:31 +01:00
Stefan Metzmacher
7817e42d94 librpc: add dcerpc_get_auth_length() helper function
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2019-01-12 03:13:31 +01:00
Volker Lendecke
c9036f2597 libndr: Use dom_sid_str_buf
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2019-01-08 03:40:27 +01:00
Gary Lockyer
87a8325a0d s4 group_audit: Add Windows Event Id's to Group membership changes
Generate a GroupChange event when a user is created with a PrimaryGroup
membership.  Log the windows event id in the JSON GroupChange message.

Event Id's supported are:
	4728	A member was added to a security enabled global group
	4729	A member was removed from a security enabled global
		group
	4732	A member was added to a security enabled local group
	4733	A member was removed from a security enabled local group
	4746	A member was added to a security disabled local group
	4747	A member was removed from a security disabled local group
	4751	A member was added to a security disabled global group
	4752	A member was removed from a security disabled global
		group
	4756	A member was added to a security enabled universal
		group
	4757	A member was removed from a security enabled universal
		group
	4761	A member was added to a security disabled universal
		group
	4762	A member was removed from a security disabled universal
		group

Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2018-12-21 22:16:09 +01:00
Gary Lockyer
ff9052c923 s3 smbcontrol: Add sleep command
Add a sleep command that pauses the target process for the specified
number of seconds

This command is only enabled on developer and self test builds.

Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2018-12-19 04:52:59 +01:00
Gary Lockyer
e97acc714d dsdb audit_log: Add windows event codes to password changes
Add a new "eventId" element to the PasswordChange JSON log messages.
This contains a Windows Event Code Id either:
	4723	Password changed
	4724	Password reset

Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2018-12-14 18:57:52 +01:00
Gary Lockyer
cb23a0345f idl: Add Windows event code ids
Add idl definitions for Windows Event Code Ids, and Logon Types. This
intial commit adds:

Event Ids
	4264	Successful logon
	4625	Unsuccessful logon

Logon Types
	 2	Interactive
	 3	Network
	 4	Batch
	 5	Service
	 7	Unlock
	 8	NetworkCleartext
	 9	NewCredentials
	10	RemoteInteractive
	11	CachedInteractive

The intention is to add Windows Event Codes to the JSON log messages, to
provide a common event identifier in mixed Windows and Samba networks.
And to assist security personnel with a windows background.

Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2018-12-14 18:57:52 +01:00
Andreas Schneider
7b60d72f67 librpc:ndr: Give the optimizer hints for ndr_push_bytes()
Also remove the redundant check in ndr_push_DATA_BLOB.

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>

Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Fri Dec  7 15:33:38 CET 2018 on sn-devel-144
2018-12-07 15:33:38 +01:00
Andreas Schneider
d9e95849e3 librpc:ndr: Fix undefined behavior in ndr_basic
librpc/ndr/ndr_basic.c:723:2: runtime error: null pointer passed as
argument 2, which is declared to never be null

The following triggered the undefined behavior:

(gdb) bt
    at librpc/gen_ndr/ndr_drsuapi.c:2318
    fn=0x7ffff6e72983 <ndr_push_drsuapi_DsReplicaObjectIdentifier3Binary>) at ../../librpc/ndr/ndr.c:1337
    at ../../source4/dsdb/schema/schema_syntax.c:2136
    drs_str=<optimized out>) at ../../source4/dsdb/schema/tests/schema_syntax.c:122
    already_setup=<optimized out>, restricted=restricted@entry=0x0) at ../../lib/torture/torture.c:442
    at ../../lib/torture/torture.c:507
    suite=0x5555563d9490, matched=0x7fffffffcef7) at ../../source4/torture/smbtorture.c:93
    matched=0x7fffffffcef7) at ../../source4/torture/smbtorture.c:95
    at ../../source4/torture/smbtorture.c:143
(gdb) f 1
1335            NDR_CHECK(ndr_push_bytes(ndr, blob.data, blob.length));
(gdb) p blob
$2 = {data = 0x0, length = 0}

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>

Autobuild-User(master): Gary Lockyer <gary@samba.org>
Autobuild-Date(master): Thu Dec  6 08:48:28 CET 2018 on sn-devel-144
2018-12-06 08:48:27 +01:00
Volker Lendecke
e168a6738b winbind: Fix "wbint_Principals" definition
A signed integer does not make any sense for an IDL array length

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2018-11-27 07:13:14 +01:00
Andreas Schneider
6f48bc840c librpc:ndr: Fix undefined behavior in ndr.c
librpc/ndr/ndr.c:1430 runtime error: left shift of 1 by 31 places cannot
be represented in type 'int'

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>

Autobuild-User(master): Gary Lockyer <gary@samba.org>
Autobuild-Date(master): Fri Nov 23 01:23:09 CET 2018 on sn-devel-144
2018-11-23 01:23:09 +01:00
Stefan Metzmacher
aafc15c3c3 librpc/tables.pl: remove unused $opt_output option
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2018-11-20 01:33:35 +01:00
Andreas Schneider
9c37ed26f0 librpc:ndr: Initialize inblob
Found by cppcheck.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13680

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2018-11-14 05:07:15 +01:00
Andreas Schneider
f040d660c0 ndr: Init variables of GUID_from_data_blob()
Found by covscan.

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2018-10-19 23:11:26 +02:00
Garming Sam
8140a7bb76 preg: Use gensize to allow modification of winreg data to be repacked
Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2018-08-16 23:42:20 +02:00
Garming Sam
c71ba94cb1 preg: Using winreg_Data_GPO instead of DATA_BLOB
We need to make a duplicate in order to have reasonable python bindings.

Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2018-08-16 23:42:20 +02:00
Garming Sam
463dcc9094 preg: Unpack winreg_Data for parsing
It seems that there might be pre-existing endianness issues which would be fixed by the ndr_push.

Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2018-08-16 23:42:19 +02:00
Garming Sam
572fd6319f preg: Build python preg bindings
These will be used in the GPO import/export.

Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2018-08-16 23:42:19 +02:00
Garming Sam
ea297d0ce3 winreg: Add hyper REG_QWORD to parsing routines
This will be useful when exporting registry.pol files.

Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2018-08-16 23:42:19 +02:00
Noel Power
fd7c6f9bc7 librpc/idl Add some query [getset]info quota related structures
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13553

Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
2018-07-31 16:56:25 +02:00
Stefan Metzmacher
062b518cab librpc: add binding handle support for [smb1]
This will be used to force smb1.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13308

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
2018-07-24 06:55:23 +02:00
Douglas Bagnall
cd2365175f ndr_misc: read syntax_id using strict util_str_hex functions
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2018-05-31 01:57:16 +02:00
Gary Lockyer
0c6cb4639a messaging idl add group membersip events
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2018-05-16 04:07:16 +02:00
Gary Lockyer
36800d0903 idl messaging: Add DSDB and Password events and message types
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2018-05-16 04:07:16 +02:00
Mathieu Parent
e8a3a43649 Fix spelling s/ouput/output/
Signed-off-by: Mathieu Parent <math.parent@gmail.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
2018-05-12 02:09:27 +02:00
Gary Lockyer
1488723a11 auth: Add unique session GUID identifier
Generate a GUID for each successful authorization, this will allow the
tying of events in the logs back to a specific session.

Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2018-05-10 20:02:22 +02:00
Volker Lendecke
1cd0fe90cf ndr_string: Do overflow checks in ndr_push/pull_charset
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>

Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Wed Mar 28 16:08:16 CEST 2018 on sn-devel-144
2018-03-28 16:08:16 +02:00
Volker Lendecke
360804ed4f ndr_string: Fix a signed/unsigned glitch
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2018-03-28 13:03:25 +02:00
Stefan Metzmacher
2f1ba314df drsuapi.idl: add DN/fpo-enabled attributes as DRSUAPI_ATTID_* values
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13307

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2018-03-19 20:30:49 +01:00
Volker Lendecke
0af88b98e7 winbind: Add smbcontrol disconnect-dc
Make a winbind child drop all DC connections

Bug: https://bugzilla.samba.org/show_bug.cgi?id=13332

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
2018-03-15 15:46:09 +01:00
Andreas Schneider
64c9ca3a3d librpc:ndr: Add FALL_THROUGH statements in ndr_cab.c
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2018-03-01 04:37:42 +01:00
Andreas Schneider
d31a8cd800 s4:lib:com: Fix function declartions
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2018-03-01 04:37:40 +01:00
Volker Lendecke
5f4b71d21d winbindd: Remove "DUMP_EVENT_LIST" message
This was no longer implemented, remove it completely

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
2018-02-26 22:30:14 +01:00
Douglas Bagnall
6ef6ddce5a shift read_hex_bytes() and parse_guid_string() into lib/util
read_hex_bytes() is going to be used in lib/util/rfc1738.c.

parse_guid_string() is shifted for two reasons: Firstly, it is called
very often in some operations, sometimes constituting a few percent of
the CPU load, and it makes several calls to read_hex_bytes(). We want
the compiler to be able to inline those calls if it thinks that is
wise. Secondly, there are other places that could do with fast GUID
parsing.

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2018-02-22 01:04:18 +01:00
Ralph Boehme
9f96ede6f5 winbindd: rename MSG_WINBIND_NEW_TRUSTED_DOMAIN to MSG_WINBIND_RELOAD_TRUSTED_DOMAINS
This reflects the new implementation in winbindd.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=13237

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2018-02-10 08:35:16 +01:00
Volker Lendecke
ac9d528b82 docs: Remove prog_guide4.txt
Move the still relevant parts elsewhere

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

Autobuild-User(master): Martin Schwenke <martins@samba.org>
Autobuild-Date(master): Sun Jan 21 11:48:01 CET 2018 on sn-devel-144
2018-01-21 11:48:01 +01:00
Volker Lendecke
15748c325c ndr_dns: fix pushing unknown resource records
When pulling for example an RRSIG record, we end up with length!=0 *and*
unexpected.length != 0, but with an unknown rrec. We should be able to
marshall what we retrieved from the wire.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2018-01-04 00:37:21 +01:00
Gary Lockyer
1d3ae2d92f dsdb encrypted secrets module
Encrypt the samba secret attributes on disk.  This is intended to
mitigate the inadvertent disclosure of the sam.ldb file, and to mitigate
memory read attacks.

Currently the key file is stored in the same directory as sam.ldb but
this could be changed at a later date to use an HSM or similar mechanism
to protect the key.

Data is encrypted with AES 128 GCM. The encryption uses gnutls where
available and if it supports AES 128 GCM AEAD modes, otherwise nettle is
used.

Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2017-12-18 00:10:16 +01:00
Ralph Boehme
60c8090631 nfs4acls: update default NFS4 ACL version to 4.1
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2017-11-08 00:20:08 +01:00
Ralph Boehme
e2950327ff librpc/idl: add NFS 4.1 ACL flags
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2017-11-08 00:20:08 +01:00
Ralph Boehme
5890c74f82 librpc/idl: add versions consts to nfs4acl.idl
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2017-11-08 00:20:08 +01:00
Ralph Boehme
df99ac2710 librpc/idl: rename NFS4 ACL xattr name
The "system" xattr namespace is reserved for the kernel. Any attempt to
use xattrs in that namesspace will fail with EOPNOTSUPP, regardless of
priveleges. In autobuild we're using the xattr_tdb VFS module, so it
works there.

Using the "security" namespace instead makes this module generally
usable with Linux filesystem xattrs as storage backend.

Additionally prefix the xattr name with "_ndr". This is in preperation
of later commits that add a ACL blob marshalling format based on XDR. To
avoid xattr name collision, both format will use distinct xattr names by
default.

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2017-11-08 00:20:08 +01:00
Ralph Boehme
20d3ae6a45 librpc/idl: rename NFS4 ACL xattr name define
No change in behaviour.

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2017-11-08 00:20:08 +01:00
Volker Lendecke
c3a1348371 xattr.idl: Don't generate an interface table
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>

Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Sun Oct 22 21:40:16 CEST 2017 on sn-devel-144
2017-10-22 21:40:16 +02:00
Volker Lendecke
0bd5d7bcbe nfs4acls: Don't generate an interface table for nfs4acls.idl
Nobody uses the function nfs4acl_test.

It took a while to figure out how to get this to build. The "uuid" line in the
idl file triggers pidl to generate the function table entry, which in turn then
triggers tables.pl to register this interface
./bin/default/source4/librpc/gen_ndr/tables.c. We could for example do the same
with xattr_parse_DOSATTRIB. Nobody uses this.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
2017-10-22 17:46:15 +02:00
Ralph Boehme
71f99cb132 winbindd: pass domain SID to wbint_UnixIDs2Sids
This makes the domain SID available to the idmap child for
wbint_UnixIDs2Sids mapping request. It's not used yet anywhere, this
comes in the next commit.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=13052

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
2017-10-10 15:51:27 +02:00
Andrew Bartlett
cbb3dcf2c6 librpc/dceprc_util.c: Move debug message to DBG_DEBUG()
This message shows up a lot (every packet) at level 6 for the succesful case

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2017-09-07 06:56:27 +02:00
Andrew Bartlett
4a5c2bfec1 Use the rpc_parse debug class for PIDL genrated code
This means that the default print binding string qualifier will now go via this debug class
as will explicit calls to ndr_print_debug() and ndr_print_union_debug().

Calls to ndr_print_debugc() are not changed.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2017-09-07 06:56:27 +02:00
Volker Lendecke
27fae4cea3 schannel.idl: Fix a typo
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Fri Aug 25 04:10:25 CEST 2017 on sn-devel-144
2017-08-25 04:10:25 +02:00
Volker Lendecke
79cfa2e55b xattr.id: Fix a typo
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>

Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Fri Aug 18 20:49:42 CEST 2017 on sn-devel-144
2017-08-18 20:49:42 +02:00
Tim Beale
cc201c2c4f drepl: Support GET_TGT on periodic replication client
- Update IDL comments to include Microsoft reference doc
- Add support for sending v10 GetNCChanges request (needed for the
  GET_TGT flag, which is in the new 'more_flags' field)
- Update to also set the GET_TGT flag in the same place we were setting
  GET_ANC (I split this logic out into a separate function).
- The state struct now needs to hold a 'more_flags' field as well (this
  flag is different to the GET_ANC replica flag)

Note that using the GET_TGT when replicating from a Windows DC could be
highly inefficient. Because Samba keeps the GET_TGT flag set throughout
the replication cycle, it will basically receive a repeated object from
Windows for every single linked attribute that it receives.

I believe Windows behaviour only expects the client to set the GET_TGT
flag when it actually needs to (i.e. when it receives a target object it
doesn't know about), rather than throughout the replication cycle.
However, this approach won't work with Samba-to-Samba replication,
because when the server receives the GET_TGT flag it restarts the
replication cycle from scratch. So if we only set the GET_TGT flag when
the client encountered an unknown target then Samba-to-Samba could
potentially get into an endless replication loop.

Signed-off-by: Tim Beale <timbeale@catalyst.net.nz>
Reviewed-by: Garming Sam <garming@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12972
2017-08-18 06:07:12 +02:00
Gary Lockyer
34acf5a992 dnsserver: Tighten DNS name checking
Add checks for the maximum permitted length, maximum number of labels
and the maximum label length.  These extra checks will be used by the
DNS wild card handling.

Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12952
2017-08-15 08:07:10 +02:00
Jeremy Allison
1c1fce7414 lib: rpc: The registered interfaces are a lists of singletons that are never removed.
Allocate them off the NULL context not the talloc_autofree_context().

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12932

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2017-07-26 21:35:21 +02:00
Volker Lendecke
b561028453 messaging: Add DLIST pointers to messaging_rec
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
2017-07-25 17:43:17 +02:00
Gary Lockyer
6ab9f789ff dcerpc.idl Add symbolic constant for /root/ncalrpc_as_system
This is string is used several places in the code and tests, so it
should be a constant.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12865

Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
2017-07-24 23:29:22 +02:00
Aurelien Aptel
c60ad394fa librpc/ndr: add MSZIP compression for cabinet files
Signed-off-by: Aurelien Aptel <aaptel@suse.com>
Reviewed-by: Guenther Deschner <gd@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2017-07-19 21:22:13 +02:00
Aurelien Aptel
43a1952b17 librpc/ndr: simplify cabinet file size calculation
Signed-off-by: Aurelien Aptel <aaptel@suse.com>
Reviewed-by: Guenther Deschner <gd@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2017-07-19 21:22:13 +02:00
Andreas Schneider
7c20a87097 librpc/ndr: Use correct value for max compression size
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2017-07-19 21:22:13 +02:00
Günther Deschner
a2816122f9 librpc/ndr: Use MAX_WBITS zlib define and change memLevel in MSZIP code
Guenther

Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2017-07-19 21:22:13 +02:00
Aurelien Aptel
9ec74a319f librpc/ndr: remove unused ndr_cab_get_compression() function
Signed-off-by: Aurelien Aptel <aaptel@suse.com>
Reviewed-by: Guenther Deschner <gd@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2017-07-19 21:22:13 +02:00
Aurelien Aptel
466d5e8147 librpc: use DATA_BLOB in CFDATA structure
Signed-off-by: Aurelien Aptel <aaptel@suse.com>
Reviewed-by: Guenther Deschner <gd@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2017-07-19 21:22:13 +02:00
Aurelien Aptel
1edf126693 librpc/ndr: add helper functions to setup and free compression states.
Signed-off-by: Aurelien Aptel <aaptel@suse.com>
Reviewed-by: Guenther Deschner <gd@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2017-07-19 21:22:13 +02:00
Günther Deschner
096efc93df librpc/ndr: add new MSZIP compression type for cabinet files
Guenther

Signed-off-by: Guenther Deschner <gd@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2017-07-19 21:22:13 +02:00
Aurelien Aptel
aa33aa6e64 librpc/ndr: add new ndr_compression_state
Signed-off-by: Aurelien Aptel <aaptel@suse.com>
Reviewed-by: Guenther Deschner <gd@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2017-07-19 21:22:13 +02:00
Günther Deschner
a44bce6dfa libndr/compression: pass down compressed length in ndr_pull_compression_start
Guenther

Signed-off-by: Guenther Deschner <gd@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2017-07-19 21:22:13 +02:00
Aurelien Aptel
3b5442e77b librpc/ndr: remove trailing whitespace from compression file.
Signed-off-by: Aurelien Aptel <aaptel@suse.com>
Reviewed-by: Guenther Deschner <gd@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2017-07-19 21:22:13 +02:00
Andreas Schneider
9a2180cd04 librpc:ndr_cab: Cast data pointer correctly
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2017-07-19 21:22:13 +02:00
Aurelien Aptel
e54adf516e ndr_compression: use MAX_WBITS constant
Signed-off-by: Aurelien Aptel <aaptel@suse.com>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2017-07-19 21:22:13 +02:00
Ralph Boehme
4be4f4b3a3 netlogon.idl: mark session keys with NDR_SECRET
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2017-07-03 19:59:08 +02:00
Ralph Boehme
d6a8a79fcb librpc/idl: make use storage_offload_token
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2017-07-03 19:59:07 +02:00
Ralph Boehme
e3cb6a936d librpc/idl: fix STORAGE_OFFLOAD_TOKEN_TYPE_ZERO_DATA definition
STORAGE_OFFLOAD_TOKEN_TYPE_ZERO_DATA is defined as 0xffff0001 in MS-FSCC
2.3.79.

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2017-07-03 19:59:07 +02:00
Ralph Boehme
ebee4589fb librpc/idl: convert offload flags to a bitmap
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2017-07-03 19:59:07 +02:00
Stefan Metzmacher
28ac105034 netlogon.idl: use lsa_TrustType and lsa_TrustAttributes in netr_trust_extension
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12782

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2017-06-27 16:57:46 +02:00
Stefan Metzmacher
6027447533 netlogon.idl: make netr_TrustFlags [public]
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12782

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2017-06-27 16:57:46 +02:00
Stefan Metzmacher
ea0798881a lsa.idl: make lsa_DnsDomainInfo [public]
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12782

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2017-06-27 16:57:46 +02:00
Stefan Metzmacher
969ab12c56 idl_types.h: add NDR_SECRET shortcut
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12782

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2017-06-27 16:57:43 +02:00
Stefan Metzmacher
32aa3a199d librpc/ndr: add LIBNDR_FLAG_IS_SECRET handling
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12782

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2017-06-27 16:57:43 +02:00
Stefan Metzmacher
91d8272e86 librpc/ndr: align the definition of LIBNDR_STRING_FLAGS with currently defined flags
The range included the unused (1<<14) before.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12782

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2017-06-27 16:57:43 +02:00
Stefan Metzmacher
5a08c9887c ntprinting.idl: make use of [skip_noinit] for string_flags
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
2017-06-26 08:47:14 +02:00
Gary Lockyer
7539595c48 lsa.String: add String constructor, str and repr
Add a String constructor, str and repr methods to the
samba.dcerpc.lsa.String python object

Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2017-06-22 08:56:22 +02:00
Stefan Metzmacher
76fe65b67e netlogon.idl: Add netr_LogonSamLogon_flags bitmap
See [MS-NRPC] 3.5.4.5.1 NetrLogonSamLogonEx (Opnum 39).

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2017-06-09 13:00:12 +02:00
Garming Sam
fd29e28d52 netlogon: Implement SendToSam along with its winbind forwarding
This allows you to forward bad password count resets to 0. Currently,
there is a missing access check for the RODC to ensure it only applies
to cached users (msDS-Allowed-Password-Replication-Group).

(further patches still need to address forcing a RWDC contact)

Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2017-05-30 08:06:07 +02:00
Gary Lockyer
9444bbfe18 source4 rpc: binding.c enable DCERPC_SCHANNEL_AUTO for schannel connections
Enable the DCERPC_SCHANNEL_AUTO option in dceprc bindings. If not enabled
calls to netlogon.netlogon from python fail with NT_STATUS_DOWNGRADE_DETECTED
if schannel bindings are specified.

Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Pair-programmed-with: Garming Sam <garming@catalyst.net.nz>
2017-05-25 02:25:13 +02:00
Gary Lockyer
826e50a5f6 idl drsblobs: add the blobs required for Primary:userPassword
Add the blobs required to allow the storing of an sha256 or sha512 hash of
the password in supplemental credentials

Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2017-05-25 02:25:12 +02:00
Andreas Schneider
ef109f86c7 librpc:ndr: Set the length to 1 if we assign and empty string
CID #1399648

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
2017-05-16 12:38:20 +02:00
Jan Engelhardt
e5f2dfacae build: correct package dependencies
The wscript_build files convey what header files belong to which
logical package. For example,

    # lib/util/wscript_build:
    bld.SAMBA_LIBRARY('samba-util',
                      public_headers='... data_blob.h ...'

    # auth/credentials/wscript_build:
    bld.SAMBA_LIBRARY('samba-credentials',
                      public_headers='credentials.h',

Now, credentials.h #includes <util/data_blob.h> and therefore,
samba-credentials.pc must have a Requires: samba-util.

Similarly for other parts.

Signed-off-by: Jan Engelhardt <jengelh@inai.de>
Reviewed-by: David Disseldorp <ddiss@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2017-04-18 18:54:13 +02:00
Garming Sam
acc66d91b2 drsuapi.idl: Expose GetNCChanges req8 like req10
Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2017-04-13 07:29:16 +02:00
Andrew Bartlett
493d886163 python: Add bindings for NTLMSSP
This is helpful for building NTLMv2 packets in python for testing against the SamLogon server

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
2017-03-29 02:37:29 +02:00
Gary Lockyer
68200d0d88 named_pipe_auth: Rename client -> remote_client and server -> local_server
While these names may have been clear, much of Samba uses
remote_address and local_address, and this difference has hidden bugs.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Pair-Programmed-by: Gary Lockyer <gary@catalyst.net.nz>
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
2017-03-29 02:37:28 +02:00
Ralph Boehme
dc4bd3f751 s3/smbd: move copychunk ioctl limits to IDL
This will be needed in the next commit in vfs_default.

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2017-03-28 17:45:20 +02:00
Andrew Bartlett
0837d0b9dc python: Provide Python bindings for messaging.idl
This will allow AUTH_EVENT_NAME and MSG_AUTH_LOG to be accessed from python

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>

Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Tue Mar 28 13:19:03 CEST 2017 on sn-devel-144
2017-03-28 13:19:03 +02:00
Andrew Bartlett
a3c9ad53a2 messaging: Declare well known server name auth_events as AUTH_EVENT_NAME in IDL
This makes it easy to ensure we use the same name in the python and the C

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
2017-03-28 09:23:11 +02:00
Andrew Bartlett
6e87aa38c4 messaging.idl: Register a message type for authentication log messages
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Pair-Programmed-by: Gary Lockyer <gary@catalyst.net.nz>
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
2017-03-28 09:23:11 +02:00
Stefan Metzmacher
1161e11d48 lsa.idl: add SID_NAME_LABEL
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2017-03-23 09:01:21 +01:00
Stefan Metzmacher
3a5d76f092 netlogon.idl: make netr_LogonInfoClass public
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2017-03-23 09:01:21 +01:00
Bob Campbell
380b56e38a drsblobs: Add decode for replPropertyMetaData1
Signed-off-by: Bob Campbell <bobcampbell@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Pair-programmed-with: Garming Sam <garming@catalyst.net.nz>
2017-03-13 05:10:11 +01:00