summaryrefslogtreecommitdiff
path: root/librpc/idl
Commit message (Collapse)AuthorAgeFilesLines
* librpc/idl: Add dnsp_DnsProperty_shortAndrew Bartlett2020-05-251-0/+16
| | | | | | | | | | | | | | | | This will be used by a test and the DNS server code to parse short dnsProperty records which come from Windows servers. This example is from the value that caused Samba to fail as it can not be parsed as a normal dnsp_DnsProperty BUG: https://bugzilla.samba.org/show_bug.cgi?id=14310 Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> (backported to 4.12 from commit 87bf1d687fe7b48a7b6d511dfc7f5414db16119c) [abartlet@samba.org: resolve conflict due to less ndrdump tests in 4.12]
* librpc: fix IDL for svcctl_ChangeServiceConfigWGünther Deschner2020-03-181-5/+18
| | | | | | | | | | | | Found while trying to run winexe against Windows Server 2019. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14313 Guenther Signed-off-by: Guenther Deschner <gd@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org> (cherry picked from commit ebda529b59105e9b70cc74377fe4d54cc16b4f37)
* s4-torture: add ndr svcctl testsuiteGünther Deschner2020-03-181-1/+1
| | | | | | | | | | BUG: https://bugzilla.samba.org/show_bug.cgi?id=14313 Guenther Signed-off-by: Guenther Deschner <gd@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org> (cherry picked from commit c3fa0b2df9fc53dddcc3160b6a3dc751bbb389a4)
* librpc: add clusapi_GroupSetControlCode enumGünther Deschner2020-01-161-2/+12
| | | | | | | | | | Guenther Signed-off-by: Guenther Deschner <gd@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> Autobuild-User(master): Jeremy Allison <jra@samba.org> Autobuild-Date(master): Thu Jan 16 21:34:27 UTC 2020 on sn-devel-184
* librpc: add various new clusapi functions and typesGünther Deschner2020-01-161-0/+351
| | | | | | | Guenther Signed-off-by: Guenther Deschner <gd@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* smbd: Add close-denied-share messageVolker Lendecke2020-01-151-0/+3
| | | | | | | | This is like close-share, but kicks out only active users where share access controls are changed such that now access would be denied Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* librpc: pidlify spoolss_EnumPerMachineConnectionsGünther Deschner2020-01-081-1/+13
| | | | | | | Guenther Signed-off-by: Guenther Deschner <gd@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* librpc: add IDL for spoolss_EnumPerMachineConnectionsGünther Deschner2020-01-081-1/+7
| | | | | | | Guenther Signed-off-by: Guenther Deschner <gd@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* librpc: fix IDL for spoolss_GetCorePrinterDrivers()Günther Deschner2020-01-081-1/+1
| | | | | | | | | | The charset determination makes it more difficult to deal with the real REG_MULTI_SZ nature of that element. Guenther Signed-off-by: Guenther Deschner <gd@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* librpc: Move winstation.idl to the top level and exclude from fuzzingAndrew Bartlett2019-12-182-0/+14
| | | | | | | | Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Gary Lockyer <gary@catalyst.net.nz> Autobuild-User(master): Andrew Bartlett <abartlet@samba.org> Autobuild-Date(master): Wed Dec 18 08:05:05 UTC 2019 on sn-devel-184
* lib/fuzzing and librpc: Do not generate fuzzers for pointless targetsAndrew Bartlett2019-12-181-14/+8
| | | | | | | | | We need to focus the fuzzing effort on reachable code, and these IDL are just historical artifacts, many are entirely [todo] and have no samba client nor server. Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
* librpc/idl/dnsserver.idl: Ensure DnsProperty id matches what is pulled from ↵Andrew Bartlett2019-12-121-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | the stored buffer There are two concerns here, assuming the attacker can place arbitary values in a dnsProperty attribute over LDAP (eg is a DNS administrator). This comes from the fact that id is used as the switch value at the C layer but at the NDR layer the wDataLength value is considered first. One concern is that a pull/push round-trip could include server memory: The previous switch_is() behaviour could store the server memory back into the attribute. However this pattern of pull/push only happens in ndrdump and fuzzing tools, as dnsserver_db_do_reset_dword() operates only on the uint32/bitmap union arms, and fully initialises those. The other is that a pull of the attacker-supplied value could cause the server to expose memory. This would be over the network via DNS or the RPC dnsserver protocols. However at all times the ndr_pull_struct_blob is passed zeroed memory. The final concern (which fuzz_ndr_X found) is that in the ndr_size_dnsPropertyData() the union descriminent is only id. This has no impact as only zeroed memory is used so there will be a zero value in all scalars, including data->d_ns_servers.AddrArray. Therefore the server will not crash processing the attacker-supplied blob [MS-DNSP] 2.3.2.1 dnsProperty has no mention of this special behaviour. https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-dnsp/445c7843-e4a1-4222-8c0f-630c230a4c80 This was known as CVE-2019-14908 before being triaged back to a normal bug. Found by Douglas Bagnall using Hongfuzz and the new fuzz_ndr_X fuzzer. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14206 Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Gary Lockyer <gary@samba.org>
* lib/fuzzing: add fuzz_ndr_XDouglas Bagnall2019-12-101-13/+59
| | | | | | | | | | | | | | | | | | This NDR fuzzer links with each "interface" in the IDL files to create avsingle binary. This tries to matches what the fuzzing engines desire. It started as a copy of ndrdump but very little of that remains in place. The fancy build rules try to avoid needing a lof of boilerplate in the wscript_build files and ensure new fuzzers are generated and run when new IDL is added automatically. Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Signed-off-by: Andrew Bartlett <abartlet@samba.org> Pair-programmed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* librpc: Make CFDATA private to cab.idl and remove pull and push functionsAndrew Bartlett2019-11-291-2/+2
| | | | | | | | | | | | | | | | | | | We can do this because ndr_{pull,push}_CFDATA is unused. The earlier commit 466d5e814727046dd630d5503b43874ec46a365e removed the link between "uint16 cbData" and the size of "DATA_BLOB ab" so when the new ndr_fuzz_X fusser pushed a new structure this allowed a read beyond the end of allocated memory. The ndr_push_cab_file() function is also manually written and does not rely on the value of cbData to calculate the checksum. Found by Douglas Bagnall using Hongfuzz and the new fuzz_ndr_X fuzzer, which like ndrdump's struct mode uses the public structure tables. (This is how it found the unused functions to test). Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
* librpc: Check for NULL pointer in value() in ntlmssp_AUTHENTICATEAndrew Bartlett2019-11-201-1/+1
| | | | | | | | | | | | | | | | | | | | This allows ndrdump --validate to avoid following a NULL pointer when re-pushing a valid but unusual input. It also avoids an issue if the Samba server code were to provide a response without an EncryptedRandomSessionKey. At this stage ntlmssp.idl is not used for this, instead the packets are generated with msrpc_gen(). Found by Douglas Bagnall using Hongfuzz and the new fuzz_ndr_X fuzzer. Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Autobuild-User(master): Andrew Bartlett <abartlet@samba.org> Autobuild-Date(master): Wed Nov 20 06:06:29 UTC 2019 on sn-devel-184
* witness.idl: Change array type in IDL for the print functionAndrew Bartlett2019-11-191-1/+1
| | | | | | | | | | | | | | | | | | It is important that the generated print function checks r->messages before de-referencing r->messages[num] as r->num can be non-zero while r->messages is NULL. There is not witness server in Samba and print functions are only used during debugging and ndrdump in any case. The change in the IDL does not change the header and the IDL function is already nopull,nopush so only the print function changes. Found by Douglas Bagnall using Honggfuzz and a new fuzzer for Samba's NDR layer. Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
* selftest: Test fix for ndrdump of structures by numberAndrew Bartlett2019-11-171-0/+6
| | | | | | | | | This requires that misc.GUID not move in the IDL, so a comment is added. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14191 Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
* librpc: Do not place the ndr_table for windows_event_ids.idl in the global listAndrew Bartlett2019-11-131-1/+8
| | | | | | | | | | This is just a list of event IDs, there are no structures to parse. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14191 Signed-off-by: Andrew Bartlett <abartlet@samba.org> Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Pair-progammed-with: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
* librpc: Match interface name and file name for bkupblobs.idlAndrew Bartlett2019-11-131-1/+1
| | | | | | | This helps generate fuzzers for this IDL. Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
* librpc: Fix typo in "quota" name in IDLDouglas Bagnall2019-11-131-1/+1
| | | | | Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* librpc: Remove server build of oxidresolver.idlAndrew Bartlett2019-10-101-2/+2
| | | | | | | | We do not have a server for this DCOM component so do not generate the code for it. Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org>
* librpc: Remove client and server build of w32time.idlAndrew Bartlett2019-10-101-1/+2
| | | | | | | | We do not have a server for the Win32 Time Server so do not generate the code for it. Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org>
* librpc: Remove client and server build of rot.idlAndrew Bartlett2019-10-101-1/+2
| | | | | | | | We do not have a client or server for this DCOM component so do not generate the code for it. Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org>
* librpc: Remove s4 server build of dfsAndrew Bartlett2019-10-101-2/+2
| | | | | | | | | | | We do not have a source4 varient of the dfs server, so do not generate the code for it. DFS is very closely tied to SMB so we use the DFS server in smbd. Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org>
* librpc: Remove s3 server build of unixinfoAndrew Bartlett2019-10-101-1/+6
| | | | | | | | We do not have a source3 varient of the unixinfo server, so do not generate the code for it. Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org>
* librpc: Add commnets on the split out of IDL filesAndrew Bartlett2019-10-101-0/+3
| | | | | Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org>
* librpc: Remove server build of remact.idlAndrew Bartlett2019-10-101-1/+6
| | | | | | | | We do not have a server for the DCOM Remote activation service, so do not generate the code for it. Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org>
* librpc: Remove s4 server build of ntsvcsAndrew Bartlett2019-10-101-2/+2
| | | | | | | | We do not have a source4 varient of the ntsvcs server, so do not generate the code for it. Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org>
* librpc: Remove s4 server build of initshutdownAndrew Bartlett2019-10-101-1/+6
| | | | | | | | We do not have a source4 varient of the initshutdown server, so do not generate the code for it. Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org>
* librpc: Remove unused build of atsvc serverAndrew Bartlett2019-10-101-1/+6
| | | | | | | | This avoids building server-side code we do not use and so makes the build smaller and code auditing easier. Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org>
* mdssvc.idl: pass policy_handle as pointerRalph Boehme2019-10-091-3/+3
| | | | | | | | | | | | No change in behaviour, this just changes all functions to take the policy_handle argument as pointer instead of passing it by value. This is how all other IDLs pass it. Signed-off-by: Ralph Boehme <slow@samba.org> Reviewed-by: Noel Power <noel.power@suse.com> Autobuild-User(master): Ralph Böhme <slow@samba.org> Autobuild-Date(master): Wed Oct 9 15:52:55 UTC 2019 on sn-devel-184
* spoolss: Add PRINTER_DRIVER_CATEGORY_3D driver defineGünther Deschner2019-09-201-1/+2
| | | | | | | | | | Guenther Signed-off-by: Guenther Deschner <gd@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org> Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org> Autobuild-Date(master): Fri Sep 20 12:58:49 UTC 2019 on sn-devel-184
* s4-torture: add netr_LogonGetDomainInfo NDR(64) testsGünther Deschner2019-09-201-1/+1
| | | | | | | | | | Guenther Signed-off-by: Guenther Deschner <gd@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org> Autobuild-User(master): Günther Deschner <gd@samba.org> Autobuild-Date(master): Fri Sep 20 02:32:44 UTC 2019 on sn-devel-184
* netlogon.idl: fix the marshalling of netr_trust_extension_container for NDR64Stefan Metzmacher2019-09-201-8/+14
| | | | | Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Guenther Deschner <gd@samba.org>
* netlogon.idl: fix the marshalling of netr_OsVersion for NDR64Stefan Metzmacher2019-09-201-3/+4
| | | | | Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Guenther Deschner <gd@samba.org>
* security.idl: add SE_GROUP_INTEGRITY[_ENABLED] to security_GroupAttrsStefan Metzmacher2019-09-201-0/+2
| | | | | Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Guenther Deschner <gd@samba.org>
* librpc/idl: change from samr_GroupAttrs in samr.idl to security_GroupAttrs ↵Stefan Metzmacher2019-09-204-20/+21
| | | | | | | in security.idl Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Guenther Deschner <gd@samba.org>
* security.idl: add GUID_DRS_ALLOWED_TO_AUTHENTICATEStefan Metzmacher2019-09-201-1/+1
| | | | | Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Guenther Deschner <gd@samba.org>
* lsa: document new LSA trust attributesGünther Deschner2019-09-201-8/+11
| | | | | | | Guenther Signed-off-by: Guenther Deschner <gd@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
* s3:mdssvc: supposed status field is in fact a fragment indicatorRalph Boehme2019-08-081-1/+1
| | | | | | | | | | | | | Spotted this in mdssvc response that containied many results for a search request: if the mdssvc response blob is larger then ~32k, the server fragments the response in 32k fragments and sets the "fragment" field to 1. Note that mdssvc implemenets result set "fragmentation" at the result set layer, not at the marshalled response buffer layer. Therefor mdssvc always sets this field to 0. Signed-off-by: Ralph Boehme <slow@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* librpc/idl: fix build with --enable-spotlightVolker Lendecke2019-07-021-1/+1
| | | | | | | | | | | Fix regression introduced by 88bb8fe43ad30247a78d088fad9c840a7a63bd97. Pair-programmed-with: Volker Lendecke <vl@samba.org> Signed-off-by: Ralph Boehme <slow@samba.org> Reviewed-by: Volker Lendecke <vl@samba.org> Autobuild-User(master): Ralph Böhme <slow@samba.org> Autobuild-Date(master): Tue Jul 2 14:52:17 UTC 2019 on sn-devel-184
* idl: add xattr_DosInfo4 to xattr_DosInfo in xattr.idlRalph Boehme2019-07-011-1/+10
| | | | | | | Adding itime, removing unused ea_size, size, alloc_size and change_time. Signed-off-by: Ralph Boehme <slow@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* pidl: Remove the need to always specify --client with --pythonAndrew Bartlett2019-06-261-1/+1
| | | | | | | | This allows us to avoid generating client code for NDR-only protocols that do not go over DCE/RPC Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
* librpc: No longer generate or build unused client bindings for frsrpcAndrew Bartlett2019-06-261-1/+2
| | | | | | | We retain the IDL and NDR parsers for ndrdump. Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
* librpc: Do not generate extra unused client or python bindings with PIDLAndrew Bartlett2019-06-261-32/+69
| | | | | | | | This sorts out the idl list into the parts that actually need --python and --client specified and so speeds up the compile and clarifies the code behaviour. Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
* librpc: Remove frsblobs.idlAndrew Bartlett2019-06-262-32/+1
| | | | | | | | We can now dump public structures using ndrdump, so helper dump functions are not required any more. Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
* librpc: Do not generate client code for dbgidl.idlAndrew Bartlett2019-06-261-1/+2
| | | | | | | | We only want to record the GUID and function table names, we do not need to generate uncalled stubs. Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
* dnsp.idl: fix payload for DSPROPERTY_ZONE_DELETED_FROM_HOSTNAMEStefan Metzmacher2019-06-211-1/+1
| | | | | | | | | | BUG: https://bugzilla.samba.org/show_bug.cgi?id=13969 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Garming Sam <garming@catalyst.net.nz> Autobuild-User(master): Andrew Bartlett <abartlet@samba.org> Autobuild-Date(master): Fri Jun 21 11:02:21 UTC 2019 on sn-devel-184
* dnsp.idl: fix the dnsp_dns_addr_array definitionStefan Metzmacher2019-06-211-2/+3
| | | | | | | | | | | | | | | | | | | | The endian changes are needed in order to get the following result from the blobs Windows generated (see the torture test): AddrArray: ARRAY(3) AddrArray: struct dnsp_dns_addr family : 0x0002 (2) port : 0x0035 (53) ipv4 : 172.31.99.33 ipv6 : 0000:0000:0000:0000:0000:0000:0000:0000 [MS-DNSP] states that the port is supposed to be ignored, but it's still good to decode it as port '53' (0x0035) instead of '13568' (0x3500). BUG: https://bugzilla.samba.org/show_bug.cgi?id=13969 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Garming Sam <garming@catalyst.net.nz>
* dnsp.idl: fix dnsp_ip4_array definitionStefan Metzmacher2019-06-211-1/+1
| | | | | | | | | | In future we should use ipv4address, but that would result in a much larger change. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13969 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Garming Sam <garming@catalyst.net.nz>
View Lorry Controller Status