delta/samba.git/libcli/named_pipe_auth, branch master git.samba.org: samba.git rpc: Remove named_pipe_auth_req_info6->need_idle_server 2023-05-16T10:53:40+00:00 Volker Lendecke vl@samba.org 2023-04-18T10:29:34+00:00 bdba027a33e35aab7bb322bc3167cdd7babfc059 Involves bumping up the version number Bug: https://bugzilla.samba.org/show_bug.cgi?id=15361 Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org> 
Involves bumping up the version number

Bug: https://bugzilla.samba.org/show_bug.cgi?id=15361
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
named_pipe_auth: Bump info5 to info6 2023-02-08T00:03:39+00:00 Joseph Sutton josephsutton@catalyst.net.nz 2022-12-22T04:48:26+00:00 8aef16bbbc1e55f0a9f5a8ec87e5348688d93785 In the next commit, we shall replace the 'authenticated' field of named_pipe_auth_req_info.info5.session_info.session_info.info with a more general 'user_flags' field. Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> 
In the next commit, we shall replace the 'authenticated' field of
named_pipe_auth_req_info.info5.session_info.session_info.info with a
more general 'user_flags' field.

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
lib: Remove unused tstream_npa_socketpair() 2022-01-18T20:22:38+00:00 Volker Lendecke vl@samba.org 2022-01-03T12:33:22+00:00 87325613962ced1d58249e37a0375f0a3e857098 This was used in the pre samba-dcerpcd source3 rpc server. Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> 
This was used in the pre samba-dcerpcd source3 rpc server.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
librpc: Get transport out of tstream_npa_accept_existing_recv() 2021-12-10T14:02:30+00:00 Volker Lendecke vl@samba.org 2021-11-28T07:48:58+00:00 00e41d198d2972dddf075f79747f257f81c8e3b8 To be used by the RPC servers in the next commit Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org> 
To be used by the RPC servers in the next commit

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
librpc: Add named_pipe_auth_req_info5->transport 2021-12-10T14:02:30+00:00 Volker Lendecke vl@samba.org 2021-11-27T15:38:38+00:00 1bab76223cd1b87a96909a66143d02b8b6b5d5f6 This will serve as a check to make sure that in particular a SAMR client is really root. This is for example used in get_user_info_18() handing out a machine password. The unix domain sockets for NCACN_NP can only be contacted by root, the "np\" subdirectory for those sockets is root/root 0700. Connecting to such a socket is done in two situations: First, local real root processes connecting and smbd on behalf of SMB clients connecting to \\pipe\name, smbd does become_root() there. Via the named_pipe_auth_req_info4 smbd hands over the SMB session information that the RPC server blindly trusts. The session information (i.e. the NT token) is heavily influenced by external sources like the KDC. It is highly unlikely that we get a system token via SMB, but who knows, this is information not fully controlled by smbd. This is where this additional field in named_pipe_auth_req_info5 makes a difference: This field is set to NCACN_NP by smbd's code, not directly controlled by the clients. Other clients directly connecting to a socket in "np\" is root anyway (only smbd can do become_root()) and can set this field to NCALRPC. Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org> 
This will serve as a check to make sure that in particular a SAMR
client is really root. This is for example used in get_user_info_18()
handing out a machine password.

The unix domain sockets for NCACN_NP can only be contacted by root,
the "np\" subdirectory for those sockets is root/root 0700.

Connecting to such a socket is done in two situations: First, local
real root processes connecting and smbd on behalf of SMB clients
connecting to \\pipe\name, smbd does become_root() there. Via the
named_pipe_auth_req_info4 smbd hands over the SMB session information
that the RPC server blindly trusts. The session information (i.e. the
NT token) is heavily influenced by external sources like the KDC. It
is highly unlikely that we get a system token via SMB, but who knows,
this is information not fully controlled by smbd.

This is where this additional field in named_pipe_auth_req_info5 makes
a difference: This field is set to NCACN_NP by smbd's code, not
directly controlled by the clients. Other clients directly connecting
to a socket in "np\" is root anyway (only smbd can do become_root())
and can set this field to NCALRPC.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
named_pipe_auth: Bump info4 to info5 2021-12-10T14:02:30+00:00 Volker Lendecke vl@samba.org 2021-11-12T18:24:33+00:00 d1934e2331f4e452dce8fa2ed2e32ea595dc5e97 We'll add a field soon Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org> 
We'll add a field soon

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
tstream: Add tstream_npa_existing_stream() 2021-04-01T20:36:19+00:00 Volker Lendecke vl@samba.org 2021-02-16T16:22:40+00:00 e742661bd2507d39dfa47e40531dc1dca636cbbe Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> Autobuild-User(master): Jeremy Allison <jra@samba.org> Autobuild-Date(master): Thu Apr 1 20:36:19 UTC 2021 on sn-devel-184 
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Thu Apr  1 20:36:19 UTC 2021 on sn-devel-184
tstream_npa: Allow NULL output parameters 2021-04-01T19:32:36+00:00 Volker Lendecke vl@samba.org 2021-01-18T20:28:30+00:00 1b47dd65a3815e38537af335792353fca6c40f03 When reading the info4, the substructs might not be interesting for you. Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> 
When reading the info4, the substructs might not be interesting for
you.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
tstream_npa: Return named_pipe_auth_req_info4 from accept_existing 2021-04-01T19:32:36+00:00 Volker Lendecke vl@samba.org 2021-01-18T16:30:42+00:00 bbfdf2708e8e85cee56aeff43c9216d2003ed310 Callers might want the full picture. We need to make named_pipe_auth_req_info4 public for that. Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> 
Callers might want the full picture. We need to make
named_pipe_auth_req_info4 public for that.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
tstream_npa: Keep "named_pipe_auth_req" around in tstream_npa_accept_existing_send()/recv() 2021-04-01T19:32:36+00:00 Volker Lendecke vl@samba.org 2021-01-18T15:54:07+00:00 3a03c0a1ad7ea81d9dcae88016c42a1f9e000b47 This will make it simpler to return a copy of the struct named_pipe_auth_req_info4 in the next commit. Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> 
This will make it simpler to return a copy of the struct
named_pipe_auth_req_info4 in the next commit.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>