IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
We were crashing earlier when calculating the length of NULL strings in
fixed size arrays (noticed while replying with an empty
spoolss_CorePrinterDriver struct within the spoolss_GetCorePrinterDrivers
call).
Guenther
Signed-off-by: Guenther Deschner <gd@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Microsoft got their docs wrong in MS-RPRN Section 2.2.1.10.1 (footnote
65): PROCESSOR_AMD_X8664 must be 0x000021D8 and not 0x000022A0.
This is what recent windows versions report back from a spoolss
getprinter level 0 RPC call.
Guenther
Signed-off-by: Guenther Deschner <gd@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
This is an equivalent of QueryUserList with simpler output. The next
commit will use it to go through wb_getpwsid for getent passwd, to
make sure we get the same results. Eventually, this might get a simpler
backend.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
This call will be done in the idmap child. It is not 100% the right place,
but there is no better one available to me. It will become a replacement
for the "winbind nss info" parameter: This global parameter is good
for just one domain. It might be possible to have idmap backend AD for
different domains, and the NSS info like primary gid, homedir and shell
might be done with different policies per domain. As we already have a
domain-specific idmap configuration, doing the NSS info configuration
there also is the closest way to do it.
The alternative, if we did not want to put this call into the idmap child
would be to establish an equivalent engine like the whole "idmap config
*" just for the nss info. But as I believe this is closely related,
I'll just keep it in the idmap child.
This also extends the wbint_userinfo structure with pretty much all user
related fields. The idea is that the GetNssInfo call can do whatever it
wants with it.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
When asking for gid2sid with an idmap backend that does ID_TYPE_BOTH
and the sid in question is actually a user, the parent winbind needs
to know about it. The next commit will prime the gencache also after
xid2sid calls, and if we filled it with a ID_TYPE_GID entry, a later
sid2uid call would fail.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12484
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>
Thanks to Trend Micro's Zero Day Initiative and Frederic Besler for finding
this vulnerability with a PoC and a good analysis.
Signed-off-by: Volker Lendecke <vl@samba.org>
Bug: https://bugzilla.samba.org/show_bug.cgi?id=12409
This prevents making the netlogon process multi-threaded.
This works on Windows becuase NETLOGON is part of lsad
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
This allows the netlogon server to be moved into a multi-process model
while still supporting clients that use a challenge from a different
network connection.
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
Pair-Programmed-With: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Wed Dec 14 20:12:14 CET 2016 on sn-devel-144
GUID_from_data_blob() was relying on sscanf to parse strings, which was
slow and quite accepting of invalid GUIDs. Instead we directly read a
fixed number of hex bytes for each field.
This now passes the samba4.local.ndr.*.guid_from_string_invalid tests.
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Douglas Bagnall <dbagnall@samba.org>
Autobuild-Date(master): Wed Dec 14 08:55:42 CET 2016 on sn-devel-144
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Thu Dec 1 05:53:43 CET 2016 on sn-devel-144
This allows processing of Windows Cabinet files (required for the MS-PAR
print protocol implementation)
Guenther
Signed-off-by: Guenther Deschner <gd@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
ULONG_PTR needs to be decoded as a uint3264 and not as a 'uint32 *'.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11197
Guenther
Pair-Programmed-With: Andreas Schneider <asn@samba.org>
Signed-off-by: Guenther Deschner <gd@samba.org>
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Wed Oct 26 15:06:44 CEST 2016 on sn-devel-144
Now that all callers of dcerpc_binding_handle_create() are fixed.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
If there's an object set on the binding handle, we need to use that
and disallow per request passing of object.
The normal client code will always have the object on the binding handle.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
typedef struct {
uint32 alloc_hint;
uint16 context_id;
uint16 opnum;
/*
* NDR_DCERPC_REQUEST_OBJECT_PRESENT
* is defined differently for ndr_dcerpc.c and py_dcerpc.c
*/
[switch_is(NDR_DCERPC_REQUEST_OBJECT_PRESENT)] dcerpc_object object;
[flag(NDR_REMAINING)] DATA_BLOB stub_and_verifier;
} dcerpc_request;
- the generic dcerpc header has a size of 16 bytes.
- alloc_hint, context_id and opnum are 8 bytes together.
- dcerpc_object is 0 or 16 bytes.
That means stub_and_verifier is always aligned to 8 bytes
(either at offset 24 or 40).
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
typedef struct {
uint32 alloc_hint;
uint16 context_id;
uint8 cancel_count;
[value(0)] uint8 reserved;
[flag(NDR_REMAINING)] DATA_BLOB stub_and_verifier;
} dcerpc_response;
- the generic dcerpc header has a size of 16 bytes
- alloc_hint, context_id, cancel_count and reserved are 8 bytes together
So stub_and_verifier is 8 byte aligned at offset 24.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
The 4 bytes of padding are always present and part of the header.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Also the default should not be DCERPC_AUTH_LEVEL_CONNECT
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
ntlmssp_NTLM_RESPONSE and NTLM_RESPONSE will both result in
"ntlmssp.NTLM_RESPONSE".
The same applies to ntlmssp_LM_RESPONSE and LM_RESPONSE.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Thu Oct 13 21:56:27 CEST 2016 on sn-devel-144
Add Samba specific well known SIDs for
Unix UID and GID owner.
Signed-off-by: Steve French <smfrench@gmail.com>
Reviewed-by: Guenther Deschner <gd@samba.org>
This idl was based on an earlier draft documentation version. The
current documentation now shows:
"SourceFileID (16 bytes): An SMB2_FILEID structure, as specified in
[MS-SMB2] section 2.2.14.1, that is an identifier of the open to the
source file.".
Signed-off-by: David Disseldorp <ddiss@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
