1
0
mirror of https://github.com/samba-team/samba.git synced 2025-01-28 17:47:29 +03:00

2940 Commits

Author SHA1 Message Date
Alexander Bokovoy
0ed918ef52 Build py3 versions of other rpc modules
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12905

Signed-off-by: Alexander Bokovoy <ab@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

Autobuild-User(master): Alexander Bokovoy <ab@samba.org>
Autobuild-Date(master): Fri Jul 14 11:36:53 CEST 2017 on sn-devel-144
2017-07-14 11:36:53 +02:00
Gary Lockyer
7539595c48 lsa.String: add String constructor, str and repr
Add a String constructor, str and repr methods to the
samba.dcerpc.lsa.String python object

Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2017-06-22 08:56:22 +02:00
Stefan Metzmacher
50c7112b00 s4:librpc: restore inhibit_timeout_processing = true during gensec_update_send/recv()
As not all gensec backends are fully async yet, we need the
inhibit_timeout_processing workarround in order to protect
against nested event loops.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2017-05-30 08:06:07 +02:00
Stefan Metzmacher
27aacf9288 Revert "s4:librpc: simplify dcerpc_connect_timeout_handler() logic"
This reverts commit 2c3e99d1697b83f7dd498596a274fe2e8e96116d.

As the source4 backends for kerberos still use nested event loops,
we need to restore this for now.

We should reapply this once all backends are fully async.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2017-05-30 08:06:07 +02:00
Stefan Metzmacher
2c3e99d169 s4:librpc: simplify dcerpc_connect_timeout_handler() logic
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2017-05-21 21:05:13 +02:00
Stefan Metzmacher
2c4e21cd6e s4:librpc: make use of gensec_update_send() in bind_auth_next_step()
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2017-05-21 21:05:13 +02:00
Stefan Metzmacher
65655f2484 s4:librpc: use gensec_update_send() in dcerpc_bind_auth_send()
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2017-05-21 21:05:13 +02:00
Stefan Metzmacher
278f220c7e s4:librpc: ask for GENSEC_FEATURE_SIGN_PKT_HEADER after the gensec_update() dance
Most features should be added before the update() dance, while
GENSEC_FEATURE_SIGN_PKT_HEADER needs to be after the dance on the client
side.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2017-05-21 21:05:09 +02:00
Gary Lockyer
9342b3ebf7 pyrpc: Fix segfault in ClientConnection
Fix segfault when connecting over TCP, the endpoints list in dummy_table
was not initialised this caused a segfault when attempting to connect
over TCP.

Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlet <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>

Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Fri Apr 21 16:10:12 CEST 2017 on sn-devel-144
2017-04-21 16:10:12 +02:00
Jan Engelhardt
e5f2dfacae build: correct package dependencies
The wscript_build files convey what header files belong to which
logical package. For example,

    # lib/util/wscript_build:
    bld.SAMBA_LIBRARY('samba-util',
                      public_headers='... data_blob.h ...'

    # auth/credentials/wscript_build:
    bld.SAMBA_LIBRARY('samba-credentials',
                      public_headers='credentials.h',

Now, credentials.h #includes <util/data_blob.h> and therefore,
samba-credentials.pc must have a Requires: samba-util.

Similarly for other parts.

Signed-off-by: Jan Engelhardt <jengelh@inai.de>
Reviewed-by: David Disseldorp <ddiss@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2017-04-18 18:54:13 +02:00
Andrew Bartlett
493d886163 python: Add bindings for NTLMSSP
This is helpful for building NTLMv2 packets in python for testing against the SamLogon server

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
2017-03-29 02:37:29 +02:00
Andrew Bartlett
0837d0b9dc python: Provide Python bindings for messaging.idl
This will allow AUTH_EVENT_NAME and MSG_AUTH_LOG to be accessed from python

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>

Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Tue Mar 28 13:19:03 CEST 2017 on sn-devel-144
2017-03-28 13:19:03 +02:00
Ian Stakenvicius
7eeda992ac waf: disable-python - don't build pyrpc_util, dcerpc.py
Signed-off-by: Ian Stakenvicius <axs@gentoo.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2017-03-10 07:31:13 +01:00
Lumir Balhar
47b014899a python: wscript_build: Build some DCE/RPC modules with Python 3
Samba.auth Python module depends on a lot of DCE/RPC modules which
have to be built with Python 3 to make port of samba.auth to
Python 3 possible.

Signed-off-by: Lumir Balhar <lbalhar@redhat.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2017-03-10 07:31:11 +01:00
Lumir Balhar
a40d7f18dd python: samba.dcerpc: Port security module to Python 3 comp. form
Signed-off-by: Lumir Balhar <lbalhar@redhat.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2017-03-10 07:31:11 +01:00
Lumir Balhar
3b1c0ba98a python: samba.dcerpc: Port RPC related stuff to Python 3
Port RPC related stuff like samba.dcerpc.misc and samba.dcerpc
Python modules and pyrpc_util to Python 3 compatible form.

Signed-off-by: Lumir Balhar <lbalhar@redhat.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Pair-programmed-by: Andrew Bartlett <abartlet@samba.org>
2017-03-10 07:31:11 +01:00
Stefan Metzmacher
2170f55629 pidl:Python: use of pytalloc_GenericObject_reference*() for pyrpc_{ex,im}port_union() wrapping
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12601

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Sat Feb 25 06:33:33 CET 2017 on sn-devel-144
2017-02-25 06:33:33 +01:00
Garming Sam
03c4cf5b10 tests/ndrdump: Add a test for --hex-input
Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Tue Feb 14 13:39:01 CET 2017 on sn-devel-144
2017-02-14 13:39:01 +01:00
Stefan Metzmacher
4b295b106c wscript: remove executable bits for all wscript* files
These files should not be executable.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>

Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Wed Jan 11 20:21:01 CET 2017 on sn-devel-144
2017-01-11 20:21:01 +01:00
Stefan Metzmacher
e838347105 s4:librpc/rpc: make sure we handle DCERPC_PACKET before DCERPC_CONNECT
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2017-01-02 18:04:13 +01:00
Stefan Metzmacher
94fc5c48b7 s4:librpc/rpc: don't do an anonymous bind over ncacn_np:server[packet]
DCERPC_AUTH_LEVEL_PACKET is basically the same as
DCERPC_AUTH_LEVEL_INTEGRITY.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2017-01-02 18:04:13 +01:00
Günther Deschner
88e1c4dc44 librpc: Introduce cab.idl
This allows processing of Windows Cabinet files (required for the MS-PAR
print protocol implementation)

Guenther

Signed-off-by: Guenther Deschner <gd@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2016-11-24 20:24:26 +01:00
Stefan Metzmacher
29e75e9876 s4:pyrpc: remove unused py_{import,export}_netr_* prototypes
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2016-10-26 11:20:19 +02:00
Stefan Metzmacher
596f917693 s4:pyrpc: add pyrpc_{im,ex}port_union() helper functions
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2016-10-26 11:20:19 +02:00
Stefan Metzmacher
b5abc7cadc s4:librpc/rpc: pass the object guid to the binding handle if required
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2016-10-26 11:20:18 +02:00
Stefan Metzmacher
db4da21aaa s4:librpc/rpc: no longer set FLAG_OBJECT_PRESENT and FLAG_BIGENDIAN for ndr_push_ncacn_packet()
This is no longer required, it's done inside.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2016-10-26 11:20:18 +02:00
Stefan Metzmacher
f44282ca07 s4:librpc/rpc: make sure the DCERPC_CONCURRENT_MULTIPLEX and DCERPC_PFC_FLAG_CONC_MPX are in sync
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2016-10-26 11:20:17 +02:00
Günther Deschner
36f90c8f13 s4:librpc/rpc: add support for DCERPC_AUTH_LEVEL_PACKET
Pair-Programmed-With: Stefan Metzmacher <metze@samba.org>

Signed-off-by: Guenther Deschner <gd@samba.org>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2016-10-26 11:20:16 +02:00
Günther Deschner
b72d3f0ba5 s4-torture: test support for [packet] binding string option.
Guenther

Signed-off-by: Guenther Deschner <gd@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2016-10-26 11:20:16 +02:00
Stefan Metzmacher
daf6b8c01b s4:librpc/rpc: make use of dcerpc_ncacn_push_pkt_auth() in ncacn_push_request_sign()
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2016-10-26 11:20:15 +02:00
Stefan Metzmacher
4e3823ae04 s4:librpc/rpc: convert ncacn_pull_request_auth() into a generic ncacn_pull_pkt_auth()
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2016-10-26 11:20:15 +02:00
Stefan Metzmacher
791186d824 s4:librpc/rpc: make use of dcerpc_ncacn_pull_pkt_auth() in ncacn_pull_request_auth()
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2016-10-26 11:20:15 +02:00
Stefan Metzmacher
6917a1c28f s4:librpc/rpc: implement bind_time_feature negotiation
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2016-10-26 11:20:13 +02:00
Stefan Metzmacher
3d51359c86 s4:librpc/rpc: force printing in dcerpc_bh_do_ndr_print() log level >= 11
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2016-10-26 11:20:13 +02:00
Stefan Metzmacher
10e97240ef s4:librpc/rpc: make use of dcerpc_pull_ncacn_packet()
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2016-10-26 11:20:13 +02:00
Matthieu Patou
754672ce76 s4:librpc/rpc: do not use stack allocated variables for async requests
Signed-off-by: Matthieu Patou <mat@matws.net>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2016-10-26 11:20:12 +02:00
Günther Deschner
ac5e69b868 idl: compile iremotewinspool.idl.
Guenther

Signed-off-by: Guenther Deschner <gd@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2016-09-22 12:29:28 +02:00
Volker Lendecke
63b88a7275 pyrpc: Fix CID 1364169 Explicit null dereferenced
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2016-08-05 22:20:05 +02:00
Stefan Metzmacher
caa231ac76 s4:pyrpc: correctly implement .request_timeout
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Garming Sam <garming@samba.org>
2016-07-28 10:06:10 +02:00
Andrew Bartlett
2d3fdc0a45 pyrpc: Allow control of RPC timeout for IRPC
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
2016-07-12 23:24:13 +02:00
Stefan Metzmacher
e05c732c60 s4:librpc/rpc: don't ask for auth_length if we ask for auth data only
dcerpc_pull_auth_trailer() handles auth_length=NULL just fine.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11982

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
2016-06-24 14:09:02 +02:00
Stefan Metzmacher
7413e73c53 s4:librpc/rpc: allow a total reassembled response payload of 240 MBytes
This will replace DCERPC_NCACN_PAYLOAD_MAX_SIZE (4 MByte),
The limit of DCERPC_NCACN_PAYLOAD_MAX_SIZE (4 MByte) was too
strict for some workloads, e.g. DRSUAPI replication with large objects.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11948

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2016-06-23 00:50:17 +02:00
Andreas Schneider
7bac35e7fd librpc: Check for negative return value of socket_get_fd()
Found by Coverity.

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2016-06-22 19:25:20 +02:00
Stefan Metzmacher
3b359d0a8d CVE-2015-5370: s4:librpc/rpc: call dcerpc_connection_dead() on protocol errors
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11344

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
2016-04-12 19:25:32 +02:00
Stefan Metzmacher
def00193c5 CVE-2015-5370: s4:librpc/rpc: protect dcerpc_request_recv_data() against too large payloads
We should only allow a combined payload of a response of at max 4 MBytes.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11344

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
2016-04-12 19:25:29 +02:00
Stefan Metzmacher
3bf476345f CVE-2015-5370: s4:librpc/rpc: use dcerpc_verify_ncacn_packet_header() to verify BIND_ACK,ALTER_RESP,RESPONSE pdus
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11344

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
2016-04-12 19:25:29 +02:00
Stefan Metzmacher
9f4d962206 CVE-2015-5370: s4:librpc/rpc: handle DCERPC_PKT_FAULT before anything else in dcerpc_alter_context_recv_handler()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11344

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
2016-04-12 19:25:29 +02:00
Stefan Metzmacher
02a74ddc60 CVE-2015-5370: s4:librpc/rpc: make use of dcerpc_map_ack_reason() in dcerpc_bind_recv_handler()
This should give better error messages if the server doesn't support
a specific abstract/transfer syntax.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11344

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
2016-04-12 19:25:29 +02:00
Stefan Metzmacher
cdba091867 CVE-2015-5370: s4:librpc/rpc: finally verify the server uses the expected auth_{type,level,context_id} values
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11344

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
2016-04-12 19:25:29 +02:00
Stefan Metzmacher
ace23643d1 CVE-2015-5370: s4:librpc/rpc: avoid using dcecli_security->auth_info and use per request values
We now avoid reusing the same auth_info structure for incoming and outgoing
values. We need to make sure that the remote server doesn't overwrite our own
values.

This will trigger some failures with our currently broken server,
which will be fixed in the next commits.

The broken server requires an dcerpc_auth structure with no credentials
in order to do an alter_context request that just creates a presentation
context without doing authentication.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11344

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
2016-04-12 19:25:28 +02:00