1
0
mirror of https://github.com/samba-team/samba.git synced 2024-12-23 17:34:34 +03:00
Commit Graph

151 Commits

Author SHA1 Message Date
Samuel Cabrero
e10028a050 librpc:core: Return NTSTATUS for dcesrv_find_endpoint
Signed-off-by: Samuel Cabrero <scabrero@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2019-10-18 16:07:38 +00:00
Samuel Cabrero
08c663828c librpc:core: Rename find_endpoint to dcesrv_find_endpoint
This function will be public and available for s3 and s4 implementations.

Signed-off-by: Samuel Cabrero <scabrero@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2019-10-18 16:07:38 +00:00
Samuel Cabrero
73948df2f1 librpc:core: Initialize static variable
Signed-off-by: Samuel Cabrero <scabrero@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2019-10-18 16:07:37 +00:00
Samuel Cabrero
6a6546b565 librpc:core: Allocate struct dcesrv_interface with talloc
The S3 implementation needs to reinit the dcesrv_context and free the
endpoints list with their registered interfaces.

Signed-off-by: Samuel Cabrero <scabrero@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2019-10-18 16:07:37 +00:00
Samuel Cabrero
52727543b0 librpc:core: Set debug class
Signed-off-by: Samuel Cabrero <scabrero@suse.de>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2019-10-18 16:07:37 +00:00
Samuel Cabrero
491102b5b2 s4:rpc_server: Move core functions to core library
Signed-off-by: Samuel Cabrero <scabrero@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2019-10-18 16:07:37 +00:00
Samuel Cabrero
076ec9173e s4:rpc_server: Move core structures and prototypes to core library
Signed-off-by: Samuel Cabrero <scabrero@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2019-10-18 16:07:37 +00:00
Samuel Cabrero
3f33fdf2e3 librpc: Add new dcerpc server core library
Next commits will move the core of s4 rpc server to this library.

Signed-off-by: Samuel Cabrero <scabrero@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2019-10-18 16:07:37 +00:00
Samuel Cabrero
63b7889461 librpc: Move dcerpc_log_packet from s4 librpc to common librpc
Signed-off-by: Samuel Cabrero <scabrero@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2019-10-18 16:07:36 +00:00
Samuel Cabrero
ae9956a65e librpc: Move dcerpc_ncacn_push_auth from s4 librpc to common librpc
Signed-off-by: Samuel Cabrero <scabrero@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2019-10-18 16:07:36 +00:00
Samuel Cabrero
83def9a945 s4:rpc_server: Split dcerpc_generic_session_key for server and client
Split the common bits of dcerpc_generic_session_key to librpc and rename
client the specific part to dcecli_generic_session_key.

Signed-off-by: Samuel Cabrero <scabrero@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2019-10-18 16:07:36 +00:00
Andreas Schneider
292dbbf133 librpc:rpc: Use C99 initializer for last element in dcerpc_faults
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2019-01-28 10:29:23 +01:00
Stefan Metzmacher
a94c4e55b7 librpc: add SMB_ASSERT(blob->length >= DCERPC_NCACN_PAYLOAD_OFFSET) protection
A lot of functions rely on having the 16 bytes dcerpc header to operate
on. This makes it more obvious and makes sure they can't be misused in
future.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=7113
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11892

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2019-01-12 03:13:31 +01:00
Stefan Metzmacher
c919514d2d librpc: add dcerpc_get_auth_{type,level,context_id}() helper functions
BUG: https://bugzilla.samba.org/show_bug.cgi?id=7113
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11892

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2019-01-12 03:13:31 +01:00
Stefan Metzmacher
7817e42d94 librpc: add dcerpc_get_auth_length() helper function
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2019-01-12 03:13:31 +01:00
Stefan Metzmacher
062b518cab librpc: add binding handle support for [smb1]
This will be used to force smb1.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13308

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
2018-07-24 06:55:23 +02:00
Andrew Bartlett
cbb3dcf2c6 librpc/dceprc_util.c: Move debug message to DBG_DEBUG()
This message shows up a lot (every packet) at level 6 for the succesful case

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2017-09-07 06:56:27 +02:00
Gary Lockyer
9444bbfe18 source4 rpc: binding.c enable DCERPC_SCHANNEL_AUTO for schannel connections
Enable the DCERPC_SCHANNEL_AUTO option in dceprc bindings. If not enabled
calls to netlogon.netlogon from python fail with NT_STATUS_DOWNGRADE_DETECTED
if schannel bindings are specified.

Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Pair-programmed-with: Garming Sam <garming@catalyst.net.nz>
2017-05-25 02:25:13 +02:00
Stefan Metzmacher
c97e39b34f librpc/rpc: fix regression in NT_STATUS_RPC_ENUM_VALUE_OUT_OF_RANGE error mapping
Commit 1eef708729 changed the mapping for
DCERPC_NCA_S_FAULT_INVALID_TAG from NT_STATUS_RPC_ENUM_VALUE_OUT_OF_RANGE
to NT_STATUS_RPC_PROCNUM_OUT_OF_RANGE.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12585

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
2017-02-21 16:09:21 +01:00
Stefan Metzmacher
47d89002a4 librpc/rpc: verify the passed table against the table on the handle
Now that all callers of dcerpc_binding_handle_create() are fixed.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2016-10-26 11:20:18 +02:00
Stefan Metzmacher
4dd06fb721 librpc/rpc: make sure we use the object from the handle in dcerpc_binding_handle_raw_call_send()
If there's an object set on the binding handle, we need to use that
and disallow per request passing of object.

The normal client code will always have the object on the binding handle.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2016-10-26 11:20:18 +02:00
Stefan Metzmacher
47221b2f95 librpc/rpc: no longer set FLAG_OBJECT_PRESENT and FLAG_BIGENDIAN for ndr_{pull,push}_ncacn_packet()
This is no longer required, it's done inside.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2016-10-26 11:20:18 +02:00
Günther Deschner
6f642eb306 librpc: support "packet" for packet level authentication in binding strings
Guenther

Signed-off-by: Guenther Deschner <gd@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2016-10-26 11:20:16 +02:00
Stefan Metzmacher
857b96cafc librpc: add dcerpc_ncacn_push_pkt_auth() helper function
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2016-10-26 11:20:15 +02:00
Stefan Metzmacher
875d0111b4 librpc: add dcerpc_ncacn_pull_pkt_auth() helper function
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2016-10-26 11:20:15 +02:00
Stefan Metzmacher
1c34351afc librpc/rpc: make use of dcerpc_pull_ncacn_packet() in dcerpc_read_ncacn_packet_done()
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2016-10-26 11:20:13 +02:00
Stefan Metzmacher
fc65e48cbe librpc/rpc: move dcerpc_pull_ncacn_packet() from source3/librpc/rpc/ to the toplevel
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2016-10-26 11:20:13 +02:00
Stefan Metzmacher
3c6781ee4e dcerpc.idl: add DCERPC_FAULT_SERVER_UNAVAILABLE
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2016-10-26 11:20:13 +02:00
Stefan Metzmacher
aef0323028 librpc/rpc: ignore invalid auth_pad_length values in BIND, ALTER and AUTH3 pdus
This is a workarround for a bug in old Samba releases.
For BIND_ACK <= 3.5.x and for ALTER_RESP <= 4.2.x (see bug #11061).

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11982

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
2016-06-24 14:09:02 +02:00
Stefan Metzmacher
3f7e3ed8a2 librpc/rpc: let dcerpc_pull_auth_trailer() check that auth_pad_length fits within the whole pdu.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11982

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
2016-06-24 14:09:02 +02:00
Stefan Metzmacher
f386e81b98 librpc/rpc: let dcerpc_pull_auth_trailer() only accept auth_length!=NULL or auth_data_only=true
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11982

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
2016-06-24 14:09:02 +02:00
Stefan Metzmacher
5108d26add CVE-2015-5370: librpc/rpc: don't allow pkt->auth_length == 0 in dcerpc_pull_auth_trailer()
All callers should have already checked that.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11344

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
2016-04-12 19:25:31 +02:00
Stefan Metzmacher
0fa8378fc5 CVE-2015-5370: librpc/rpc: add a dcerpc_verify_ncacn_packet_header() helper function
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11344

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
2016-04-12 19:25:29 +02:00
Stefan Metzmacher
8e19ce76da CVE-2015-5370: librpc/rpc: simplify and harden dcerpc_pull_auth_trailer()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11344

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
2016-04-12 19:25:28 +02:00
Stefan Metzmacher
d1c2ad4e16 CVE-2016-2118: librpc: change the default auth level from DCERPC_AUTH_LEVEL_CONNECT to DCERPC_AUTH_LEVEL_INTEGRITY
ncacn_ip_tcp:server should get the same protection as ncacn_np:server
if authentication and smb signing is used.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11616

Signed-off-by: Stefan Metzmacher <metze@samba.org>
2016-04-12 19:25:27 +02:00
Stefan Metzmacher
e9e9ba7eae librpc/rpc: add error mappings for NO_CALL_ACTIVE, OUT_OF_RESOURCES and BAD_STUB_DATA
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
2016-03-10 06:52:26 +01:00
Jelmer Vernooij
ffbd9c4584 Add a new header file for functions in lib/util/util.c.
This allows public headers to not include samba_util.h, but rather
specific header files under lib/util.

Signed-Off-By: Jelmer Vernooij <jelmer@samba.org>
Reviewed-By: Andrew Bartlett <abartlet@samba.org>
Reviewed-By: Stefan Metzmacher <metze@samba.org>
2016-01-13 04:43:23 +01:00
Andreas Schneider
b3a9b88702 librpc: Fix a possible array out of bounds access
Reported by gcc 5.1.1.

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2015-12-01 00:38:23 +01:00
Stefan Metzmacher
e1498ac674 librpc/rpc: add dcerpc_[extract|construct]_bind_time_features()
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
2015-07-03 02:00:28 +02:00
Stefan Metzmacher
18dce19ef9 librpc/rpc: add dcerpc_fault_from_nt_status()
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
2015-07-03 02:00:28 +02:00
Stefan Metzmacher
1eef708729 librpc/rpc: add faultcode to nt_status mappings
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
2015-07-03 02:00:28 +02:00
Günther Deschner
ddc4c6767a librpc: prevent invalid NULL pointer derref in dcerpc_binding_get_auth_info().
Guenther

Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Thu Jul  2 02:05:38 CEST 2015 on sn-devel-104
2015-07-02 02:05:37 +02:00
Stefan Metzmacher
f1e3ad269c librpc/rpc: add DCERPC_AUTH_PAD_LENGTH(stub_length) helper macro
This calculates the required padding DCERPC_AUTH_PAD_ALIGNMENT
and the stub_length.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11061

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2015-06-23 14:38:53 +02:00
Volker Lendecke
f89e9bd47b rpc: Simplify dcerpc_binding_handle_raw_call()
Align it with dcerpc_binding_handle_call()

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jose A. Rivera <jarrpa@samba.org>

Autobuild-User(master): José A. Rivera <jarrpa@samba.org>
Autobuild-Date(master): Fri Jun 19 20:17:24 CEST 2015 on sn-devel-104
2015-06-19 20:17:23 +02:00
Volker Lendecke
d5de29b860 rpc: Use tevent_req_poll_ntstatus
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2015-02-24 17:52:08 +01:00
Andrew Bartlett
ae72733874 s3-winbindd: Attempt to connect to NETLOGON over NCACN_IP_TCP if we can
This is very helpful in the trusted domain situation, as we may not
have a two-way trust but we can use our domain trust account to set up
a connection to NETLOGON

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>

Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Wed Oct  8 12:48:15 CEST 2014 on sn-devel-104
2014-10-08 12:48:15 +02:00
Stefan Metzmacher
34d45a3a51 librpc/rpc: try to use DCERPC_NCA_S_* constants for error mappings
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2014-03-28 08:34:24 +01:00
Stefan Metzmacher
c25b5b3579 librpc/rpc: finally maintain only the object guid
This has nothing to do with ndr_syntax_id...

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2014-03-25 00:45:29 +01:00
Stefan Metzmacher
5f402dcdf7 librpc/rpc: maintain "abstract_syntax" as string option of dcerpc_binding
This should not be mixed with the object guid! They are different things!

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2014-03-25 00:45:29 +01:00
Stefan Metzmacher
4c98f1651d librpc/rpc: handle ipv6 addresses without transport in dcerpc_parse_binding()
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2014-03-25 00:45:28 +01:00