sin/samba-mirror
1
0
Fork 0
mirror of https://github.com/samba-team/samba.git synced 2025-01-12 09:18:10 +03:00
Code
0ecb5e3e3f
samba-mirror/source4
History
Volker Lendecke d5fa626394 rpc_server: Check info5->transport 
Eventually, this new mechanism might replace the ncalrpc_as_system mechanism: I
think with this we're much more flexible and even more secure: We rely on the
direct permissions on "np/" and don't have to pretend that the local client
came from a file on /root. We are more flexible because with this mechanism we
can easily fake arbitrary tokens and play with session keys.

However, this would require that the source4 librpc code needs to learn about
this mechanism, which I was not able to complete.

The source3 rpc_server side of this will go away soon, so for now only
allow NCACN_NP there. The check in source4 will stay with us for a
while, so allow NCACN_NP and NCALRPC to be set remotely here. With
NCACN_NP (the case for a client to connect on a named pipe), protect
against accidentially connecting as system.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2021-12-10 14:02:30 +00:00
..
auth s4-auth: Remove unused headers 2021-12-09 14:14:12 +00:00
build/pasn1
cldap_server s4: rename source4/smbd/ to source4/samba/ 2020-11-27 10:07:18 +00:00
client s4/cifsdd: don't ignore unknown options 2021-09-10 15:10:30 +00:00
cluster dbwrap: Remove calls to loadparm 2018-04-24 01:53:19 +02:00
dns_server s4/dnsserver: Fix NULL check 2021-09-04 00:10:37 +00:00
dsdb dsdb: Use DSDB_SEARCH_SHOW_EXTENDED_DN when searching for the local replicated object 2021-12-03 12:05:42 +00:00
echo_server s4: rename source4/smbd/ to source4/samba/ 2020-11-27 10:07:18 +00:00
heimdal heimdal:kdc: Do not generate extra PAC buffers for S4U2Self service ticket 2021-11-30 02:42:31 +00:00
heimdal_build heimdal_build: Do not build samba4kinit unless building embedded Heimdal 2021-12-07 04:05:34 +00:00
include
kdc hdb: Initialise HDB structure 2021-12-09 02:47:27 +00:00
ldap_server CVE-2021-3670 ldap_server: Clearly log LDAP queries and timeouts 2021-11-25 02:30:42 +00:00
lib s4/regtree: don't ignore unknown options 2021-09-10 15:10:30 +00:00
libcli s4: libcli: smbcli_unlink() is no longer used with wildcard patterns. 2021-12-09 18:06:35 +00:00
libnet s4:libnet: Allow libnet_SetPassword() for encrypted SMB connections 2021-08-03 09:28:38 +00:00
librpc CVE-2021-23192: dcesrv_core: only the first fragment specifies the auth_contexts 2021-11-09 19:45:34 +00:00
nbt_server s4: rename source4/smbd/ to source4/samba/ 2020-11-27 10:07:18 +00:00
ntp_signd s4: rename source4/smbd/ to source4/samba/ 2020-11-27 10:07:18 +00:00
ntvfs librpc: Add named_pipe_auth_req_info5->transport 2021-12-10 14:02:30 +00:00
param libcli/smb: actually make use of "client/server smb3 signing algorithms" 2021-07-15 00:06:31 +00:00
rpc_server CVE-2021-3738 s4:rpc_server/samr: make use of dcesrv_samdb_connect_as_*() helper 2021-11-09 20:37:30 +00:00
samba rpc_server: Check info5->transport 2021-12-10 14:02:30 +00:00
script python: remove all 'from __future__ import print_function' 2021-04-28 03:43:34 +00:00
scripting gp: Apply Firewalld Policy 2021-11-01 21:16:43 +00:00
selftest tests/krb5: Check ticket cname for Heimdal 2021-12-06 22:08:32 +00:00
setup CVE-2020-25722 blackbox/upgrades tests: ignore SPN for ldapcmp 2021-11-09 19:45:33 +00:00
smb_server CVE-2020-25717: s4:smb_server: start with authoritative = 1 2021-11-09 19:45:32 +00:00
torture s4: torture: Remove the wildcard rename test code. 2021-12-09 18:06:35 +00:00
utils s4:utils: Migrate oLschema2ldif to new cmdline option parser 2021-06-20 23:26:32 +00:00
winbind s3: Remove --log-stdout from daemons 2021-04-29 03:58:37 +00:00
wrepl_server s4: rename source4/smbd/ to source4/samba/ 2020-11-27 10:07:18 +00:00
.clang_complete
.valgrind_suppressions
wscript_build s4:client: Migrate cifsdd to new cmdline option parser 2021-06-16 00:34:38 +00:00