sin/samba-mirror
1
0
Fork 0
mirror of https://github.com/samba-team/samba.git synced 2025-01-08 21:18:16 +03:00
Code
d2d5007936
samba-mirror/source3/rpc_server
History
Alexander Bokovoy c6d880a115 s3-rpcserver: fix security level check for DsRGetForestTrustInformation 
Harmonize _netr_DsRGetForestTrustInformation with source4/ logic which
didn't change since DCE RPC channel refactoring.

With the current code we return RPC faul as can be seen in the logs:

2019/12/11 17:12:55.463081,  1, pid=20939, effective(1284200000, 1284200000), real(1284200000, 0), class=rpc_parse] ../librpc/ndr/ndr.c:471(ndr_print_function_debug)
       netr_DsRGetForestTrustInformation: struct netr_DsRGetForestTrustInformation
          in: struct netr_DsRGetForestTrustInformation
              server_name              : *
                  server_name              : '\\some-dc.example.com'
              trusted_domain_name      : NULL
              flags                    : 0x00000000 (0)
[2019/12/11 17:12:55.463122,  4, pid=20939, effective(1284200000, 1284200000), real(1284200000, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1561(api_rpcTNP)
  api_rpcTNP: fault(5) return.

This is due to this check in processing a request:
        if (!(p->pipe_bound && (p->auth.auth_type != DCERPC_AUTH_TYPE_NONE)
                       && (p->auth.auth_level != DCERPC_AUTH_LEVEL_NONE))) {
                p->fault_state = DCERPC_FAULT_ACCESS_DENIED;
                return WERR_ACCESS_DENIED;
        }

and since we get AuthZ response,

  Successful AuthZ: [netlogon,ncacn_np] user [EXAMPLE]\[admin] [S-1-5-21-1234567-890123456-500] at [Wed, 11 Dec 2019 17:12:55.461164 UTC]
  Remote host [ipv4:Y.Y.Y.Y:59017] local host [ipv4:X.X.X.X:445]
[2019/12/11 17:12:55.461584,  4, pid=20939, effective(0, 0), real(0, 0)] ../lib/audit_logging/audit_logging.c:141(audit_log_json)
  JSON Authorization: {"timestamp": "2019-12-11T17:12:55.461491+0000",
   "type": "Authorization", "Authorization": {"version": {"major": 1, "minor": 1},
   "localAddress": "ipv4:X.X.X.X:445", "remoteAddress": "ipv4:Y.Y.Y.Y:59017",
   "serviceDescription": "netlogon", "authType": "ncacn_np",
   "domain": "EXAMPLE", "account": "admin", "sid": "S-1-5-21-1234567-890123456-500",
   "sessionId": "c5a2386f-f2cc-4241-9a9e-d104cf5859d5", "logonServer": "SOME-DC",
   "transportProtection": "SMB", "accountFlags": "0x00000010"}}

this means we are actually getting anonymous DCE/RPC access to netlogon
on top of authenticated SMB connection. In such case we have exactly
auth_type set to DCERPC_AUTH_TYPE_NONE and auth_level set to
DCERPC_AUTH_LEVEL_NONE in the pipe->auth. Thus, returning an error.

Update the code to follow the same security level check as in s4 variant
of the call.

Signed-off-by: Alexander Bokovoy <ab@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>

Autobuild-User(master): Günther Deschner <gd@samba.org>
Autobuild-Date(master): Mon Jan 13 15:05:28 UTC 2020 on sn-devel-184
2020-01-13 15:05:28 +00:00
..
dfs s3: pass session_info to enum_msdfs_links() 2019-12-20 11:41:40 +00:00
dssetup werror: replace WERR_UNKNOWN_LEVEL with WERR_INVALID_LEVEL in source3/rpc_server/ 2016-09-28 00:04:34 +02:00
echo
epmapper epmapper: Fix printf specifiers 2019-10-02 08:01:40 +00:00
eventlog s3:rpc_server: pass session_info to get_nt_acl_no_snum() 2019-12-20 11:41:41 +00:00
fss smbdotconf: mark "path" with substitution="1" 2019-11-27 10:25:33 +00:00
initshutdown
lsa s4:rpc_server: Use GnuTLS RC4 in lsa endpoint 2019-06-27 12:54:24 +00:00
mdssvc smbdotconf: mark "path" with substitution="1" 2019-11-27 10:25:33 +00:00
netlogon s3-rpcserver: fix security level check for DsRGetForestTrustInformation 2020-01-13 15:05:28 +00:00
ntsvcs werror: replace WERR_GENERAL_FAILURE with WERR_GEN_FAILURE in source3/rpc_server/ 2016-09-28 00:04:21 +02:00
samr session: convert sess_crypt_blob to use gnutls 2019-12-10 00:30:31 +00:00
spoolss s3:param: make "servicename" a substituted option 2019-11-27 10:25:37 +00:00
srvsvc s3:param: make "servicename" a substituted option 2019-11-27 10:25:37 +00:00
svcctl make some auth functions return an NTSTATUS like other similar functions for better diagnostics. 2019-04-02 02:12:48 +00:00
winreg smbdotconf: mark "shutdown script" with substitution="1" 2019-11-27 10:25:36 +00:00
wkssvc s3:rpc_server: Fix string compare for utmp entries 2019-12-10 00:30:29 +00:00
dcesrv_auth_generic.c s3:rpc_server: Set debug class in all rpc server related files 2019-07-22 16:49:15 +00:00
dcesrv_auth_generic.h s3:rpc_server: move gensec_update() out of auth_generic_server_authtype_start*() 2017-05-21 21:05:09 +02:00
epmd.c smbdotconf: mark "logfile" with substitution="1" 2019-11-27 10:25:35 +00:00
epmd.h rpc_server: Give epmd its header file 2019-03-18 19:21:22 +00:00
fssd.c smbdotconf: mark "logfile" with substitution="1" 2019-11-27 10:25:35 +00:00
fssd.h rpc_server: Give fssd its header file 2019-03-18 19:21:22 +00:00
lsasd.c lsasd: Align integer types 2020-01-03 00:04:43 +00:00
lsasd.h rpc_server: Give lsasd its header file 2019-03-18 19:21:22 +00:00
mdssd.c s3:mdssvc: fix service startup in deamon mode 2019-10-09 14:35:29 +00:00
mdssd.h rpc_server: Give mdssd its header file 2019-03-18 19:21:22 +00:00
rpc_config.c s3: rpc_server: enable mdssvc by default 2019-10-09 14:35:29 +00:00
rpc_config.h
rpc_contexts.c s3:rpc_server: Set debug class in all rpc server related files 2019-07-22 16:49:15 +00:00
rpc_contexts.h
rpc_ep_register.c s3:rpc_server: Set debug class in all rpc server related files 2019-07-22 16:49:15 +00:00
rpc_ep_register.h
rpc_handles.c s3:rpc_server: Check pointer before dereference 2019-07-22 16:49:15 +00:00
rpc_modules.c s3:rpc_server: Set debug class in all rpc server related files 2019-07-22 16:49:15 +00:00
rpc_modules.h s3:rpc_server: allow building RPC services as shared modules 2016-02-21 19:21:17 +01:00
rpc_ncacn_np.c s3:rpc_server: Make make_external_rpc_pipe_p and np_proxy_state private 2019-07-22 16:49:15 +00:00
rpc_ncacn_np.h s3:rpc_server: Make make_external_rpc_pipe_p and np_proxy_state private 2019-07-22 16:49:15 +00:00
rpc_pipes.h s3-rpc_server: allow to set minimal auth level for a DCE/RPC service 2017-01-06 12:28:18 +01:00
rpc_server.c s3-rpc_server: always print the full PDU. 2019-12-17 07:58:39 +00:00
rpc_server.h s3:rpc_server: Unify RPC client disconnect and termination functions 2019-07-22 16:49:15 +00:00
rpc_service_setup.c s3:rpc_server: Improve debug messages 2019-07-22 16:49:16 +00:00
rpc_service_setup.h s3:rpc_server: Return NTSTATUS in rpc_ep_setup and setup functions 2019-07-22 16:49:14 +00:00
rpc_sock_helper.c s3:rpc_server: Set debug class in all rpc server related files 2019-07-22 16:49:15 +00:00
rpc_sock_helper.h s3:prefork: Allow to associate private data with listening socket 2019-07-22 16:49:15 +00:00
srv_access_check.c s3:rpc_server: Set debug class in all rpc server related files 2019-07-22 16:49:15 +00:00
srv_access_check.h
srv_pipe_hnd.c s3:rpc_server: Return NTSTATUS in is_known_pipename function 2019-07-22 16:49:16 +00:00
srv_pipe_hnd.h rpc_server: Re-order and rename remote and local address in np_open() 2017-03-29 02:37:29 +02:00
srv_pipe_internal.h
srv_pipe_register.c
srv_pipe_register.h
srv_pipe.c dcerpc: developer option to save ndr_fuzz_X seeds 2019-12-10 07:50:28 +00:00
srv_pipe.h s3:rpc_server: Return NTSTATUS in is_known_pipename function 2019-07-22 16:49:16 +00:00
wscript_build smbdes: add des_crypt56_gnutls() using DES-CBC with zeroed IV 2019-12-10 00:30:30 +00:00