summaryrefslogtreecommitdiff
path: root/librpc
Commit message (Collapse)AuthorAgeFilesLines
...
* netlogon: Implement SendToSam along with its winbind forwardingGarming Sam2017-05-302-1/+43
| | | | | | | | | | | This allows you to forward bad password count resets to 0. Currently, there is a missing access check for the RODC to ensure it only applies to cached users (msDS-Allowed-Password-Replication-Group). (further patches still need to address forcing a RWDC contact) Signed-off-by: Garming Sam <garming@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* source4 rpc: binding.c enable DCERPC_SCHANNEL_AUTO for schannel connectionsGary Lockyer2017-05-251-1/+1
| | | | | | | | | | Enable the DCERPC_SCHANNEL_AUTO option in dceprc bindings. If not enabled calls to netlogon.netlogon from python fail with NT_STATUS_DOWNGRADE_DETECTED if schannel bindings are specified. Signed-off-by: Gary Lockyer <gary@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Pair-programmed-with: Garming Sam <garming@catalyst.net.nz>
* idl drsblobs: add the blobs required for Primary:userPasswordGary Lockyer2017-05-251-0/+44
| | | | | | | | | Add the blobs required to allow the storing of an sha256 or sha512 hash of the password in supplemental credentials Signed-off-by: Gary Lockyer <gary@catalyst.net.nz> Reviewed-by: Garming Sam <garming@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* librpc:ndr: Set the length to 1 if we assign and empty stringAndreas Schneider2017-05-161-0/+1
| | | | | | | CID #1399648 Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Volker Lendecke <vl@samba.org>
* build: correct package dependenciesJan Engelhardt2017-04-181-1/+1
| | | | | | | | | | | | | | | | | | | | | | The wscript_build files convey what header files belong to which logical package. For example, # lib/util/wscript_build: bld.SAMBA_LIBRARY('samba-util', public_headers='... data_blob.h ...' # auth/credentials/wscript_build: bld.SAMBA_LIBRARY('samba-credentials', public_headers='credentials.h', Now, credentials.h #includes <util/data_blob.h> and therefore, samba-credentials.pc must have a Requires: samba-util. Similarly for other parts. Signed-off-by: Jan Engelhardt <jengelh@inai.de> Reviewed-by: David Disseldorp <ddiss@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
* drsuapi.idl: Expose GetNCChanges req8 like req10Garming Sam2017-04-131-1/+1
| | | | | Signed-off-by: Garming Sam <garming@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* python: Add bindings for NTLMSSPAndrew Bartlett2017-03-292-6/+11
| | | | | | This is helpful for building NTLMv2 packets in python for testing against the SamLogon server Signed-off-by: Andrew Bartlett <abartlet@samba.org>
* named_pipe_auth: Rename client -> remote_client and server -> local_serverGary Lockyer2017-03-291-6/+6
| | | | | | | | | While these names may have been clear, much of Samba uses remote_address and local_address, and this difference has hidden bugs. Signed-off-by: Andrew Bartlett <abartlet@samba.org> Pair-Programmed-by: Gary Lockyer <gary@catalyst.net.nz> Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
* s3/smbd: move copychunk ioctl limits to IDLRalph Boehme2017-03-281-0/+4
| | | | | | | This will be needed in the next commit in vfs_default. Signed-off-by: Ralph Boehme <slow@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* python: Provide Python bindings for messaging.idlAndrew Bartlett2017-03-281-6/+1
| | | | | | | | | | This will allow AUTH_EVENT_NAME and MSG_AUTH_LOG to be accessed from python Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Garming Sam <garming@catalyst.net.nz> Autobuild-User(master): Andrew Bartlett <abartlet@samba.org> Autobuild-Date(master): Tue Mar 28 13:19:03 CEST 2017 on sn-devel-144
* messaging: Declare well known server name auth_events as AUTH_EVENT_NAME in IDLAndrew Bartlett2017-03-281-0/+3
| | | | | | | This makes it easy to ensure we use the same name in the python and the C Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Garming Sam <garming@catalyst.net.nz>
* messaging.idl: Register a message type for authentication log messagesAndrew Bartlett2017-03-281-0/+3
| | | | | | | Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Garming Sam <garming@catalyst.net.nz> Pair-Programmed-by: Gary Lockyer <gary@catalyst.net.nz> Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
* lsa.idl: add SID_NAME_LABELStefan Metzmacher2017-03-231-1/+2
| | | | | Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* netlogon.idl: make netr_LogonInfoClass publicStefan Metzmacher2017-03-231-1/+1
| | | | | Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* drsblobs: Add decode for replPropertyMetaData1Bob Campbell2017-03-131-0/+7
| | | | | | Signed-off-by: Bob Campbell <bobcampbell@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Pair-programmed-with: Garming Sam <garming@catalyst.net.nz>
* Revert "winbind: Remove wbint_LookupUserGroups"Volker Lendecke2017-03-061-0/+5
| | | | | | | | | | This reverts commit 256632ed3cc724bab0fc22132ca6b52faf680ab2. BUG: https://bugzilla.samba.org/show_bug.cgi?id=12612 Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org>
* ndr: Use resizing array instead of linked lists (breaking ABI)Douglas Bagnall2017-03-024-53/+356
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The ndr token code keeps a temporary store of tokens which are referred to a small number of times (often once) before being discarded. The access patterns are somewhat stack-like, with recently placed tokens being accessed most often. The old code kept these tokens in a linked list, which we replace with a self-resizing array. This keeps everything roughly the same in big-O terms, but makes it all faster in practice by vastly reducing the amount of tallocing and pointer-chasing. The peak memory use is strictly reduced. On a 64 bit machine each core token struct fits in 16 bytes (after padding) while the two pointers used by the DLIST add another 16 bytes, so the overall list allocation is the same as the peak 2n array allocation -- except in the list case it is dwarfed by the talloc and malloc metadata overhead. Before settling on the resized arrays, we tried red-black trees, which are bound to be better for large ndr structures. As it happens, we don't deal with large structures (the size of replication clumps is limited to 400 objects) and the asymptotic benefits of the trees are not realised in practice. With luck you should find graphs comparing the performance of these various techniques at: https://www.samba.org/~dbagnall/perf-tests/ndr-token/ This necessarily breaks the ABI because the linked list implementation was publicly exposed. Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Autobuild-User(master): Andrew Bartlett <abartlet@samba.org> Autobuild-Date(master): Thu Mar 2 08:38:22 CET 2017 on sn-devel-144
* ndr: fix whitespace in libndr.h, ndr.cDouglas Bagnall2017-03-022-37/+37
| | | | | Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* ndrdump: Fix a possible NULL pointer dereferenceAndreas Schneider2017-02-231-0/+4
| | | | | | | | | Found by covscan. BUG: https://bugzilla.samba.org/show_bug.cgi?id=12592 Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* librpc/rpc: fix regression in NT_STATUS_RPC_ENUM_VALUE_OUT_OF_RANGE error ↵Stefan Metzmacher2017-02-211-5/+3
| | | | | | | | | | | | | mapping Commit 1eef70872930fa4f9d3dedd23476b34cae638428 changed the mapping for DCERPC_NCA_S_FAULT_INVALID_TAG from NT_STATUS_RPC_ENUM_VALUE_OUT_OF_RANGE to NT_STATUS_RPC_PROCNUM_OUT_OF_RANGE. BUG: https://bugzilla.samba.org/show_bug.cgi?id=12585 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org>
* ndrdump: Add the option --hex-input for hexdump parsingCody Harrington2017-02-141-7/+15
| | | | | | | | This allows the user to input a hexdump that has been generated by the dump option. Signed-off-by: Cody Harrington <cody@harringtonca.com> Reviewed-by: Garming Sam <garming@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* drsuapi.idl: make drsuapi_DsGetNCChangesRequest10 [public]Stefan Metzmacher2017-02-081-1/+1
| | | | | | | This allows ndr_print to work. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* drsuapi.idl: add drsuapi_DrsMoreOptions with DRSUAPI_DRS_GET_TGTStefan Metzmacher2017-02-081-1/+5
| | | | | Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* librpc/ndr: add [to_null] keyword to szPackageId in spoolss_CorePrinterDriver.Günther Deschner2017-01-241-1/+1
| | | | | | | Guenther Signed-off-by: Guenther Deschner <gd@samba.org Reviewed-by: Stefan Metzmacher <metze@samba.org>
* librpc/ndr: add ndr_push_charset_to_null and increase library version (abi ↵Günther Deschner2017-01-244-1/+277
| | | | | | | | | | | | | | change) We were crashing earlier when calculating the length of NULL strings in fixed size arrays (noticed while replying with an empty spoolss_CorePrinterDriver struct within the spoolss_GetCorePrinterDrivers call). Guenther Signed-off-by: Guenther Deschner <gd@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
* messaging.idl: add ringbuf message typesRalph Boehme2017-01-201-0/+3
| | | | | Signed-off-by: Ralph Boehme <slow@samba.org> Reviewed-by: Volker Lendecke <vl@samba.org>
* spoolss: Fix PROCESSOR_AMD_X8664 value in IDLGünther Deschner2017-01-121-5/+5
| | | | | | | | | | | | | Microsoft got their docs wrong in MS-RPRN Section 2.2.1.10.1 (footnote 65): PROCESSOR_AMD_X8664 must be 0x000021D8 and not 0x000022A0. This is what recent windows versions report back from a spoolss getprinter level 0 RPC call. Guenther Signed-off-by: Guenther Deschner <gd@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
* winbind: Remove wbint_QueryUserListVolker Lendecke2017-01-041-4/+0
| | | | | | Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Uri Simchoni <uri@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
* winbind: Remove wbint_LookupUserGroupsVolker Lendecke2017-01-041-5/+0
| | | | | | Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Uri Simchoni <uri@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
* winbind: Remove wbint_QueryUserVolker Lendecke2017-01-041-5/+0
| | | | | | Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Uri Simchoni <uri@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
* librpc: Use "all_zero" where appropriateVolker Lendecke2017-01-031-10/+2
| | | | | | | ... Saves a few bytes of footprint Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org>
* winbind: Add wbint_QueryUserRidListVolker Lendecke2017-01-021-0/+4
| | | | | | | | | | | This is an equivalent of QueryUserList with simpler output. The next commit will use it to go through wb_getpwsid for getent passwd, to make sure we get the same results. Eventually, this might get a simpler backend. Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Uri Simchoni <uri@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
* winbind: Add a GetNssInfo parent/child callVolker Lendecke2017-01-021-0/+7
| | | | | | | | | | | | | | | | | | | | | | | | This call will be done in the idmap child. It is not 100% the right place, but there is no better one available to me. It will become a replacement for the "winbind nss info" parameter: This global parameter is good for just one domain. It might be possible to have idmap backend AD for different domains, and the NSS info like primary gid, homedir and shell might be done with different policies per domain. As we already have a domain-specific idmap configuration, doing the NSS info configuration there also is the closest way to do it. The alternative, if we did not want to put this call into the idmap child would be to establish an equivalent engine like the whole "idmap config *" just for the nss info. But as I believe this is closely related, I'll just keep it in the idmap child. This also extends the wbint_userinfo structure with pretty much all user related fields. The idea is that the GetNssInfo call can do whatever it wants with it. Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Uri Simchoni <uri@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
* idmap: Pass up the xid2sids unix-ids from the idmap childVolker Lendecke2016-12-271-1/+1
| | | | | | | | | | | | | When asking for gid2sid with an idmap backend that does ID_TYPE_BOTH and the sid in question is actually a user, the parent winbind needs to know about it. The next commit will prime the gencache also after xid2sid calls, and if we filled it with a ID_TYPE_GID entry, a later sid2uid call would fail. BUG: https://bugzilla.samba.org/show_bug.cgi?id=12484 Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Uri Simchoni <uri@samba.org>
* idl: Fix a comment typoVolker Lendecke2016-12-271-1/+1
| | | | | Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: David Disseldorp <ddiss@samba.org>
* CVE-2016-2123: Fix DNS vuln ZDI-CAN-3995Volker Lendecke2016-12-201-0/+9
| | | | | | | | Thanks to Trend Micro's Zero Day Initiative and Frederic Besler for finding this vulnerability with a PoC and a good analysis. Signed-off-by: Volker Lendecke <vl@samba.org> Bug: https://bugzilla.samba.org/show_bug.cgi?id=12409
* idl: Do not listen for lsarpc on \\pipe\netlogonAndrew Bartlett2016-12-151-1/+1
| | | | | | | | | This prevents making the netlogon process multi-threaded. This works on Windows becuase NETLOGON is part of lsad Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
* rpc_server:netlogon Move from memcache to a tdb cacheDouglas Bagnall2016-12-141-0/+7
| | | | | | | | | | | | | | | | This allows the netlogon server to be moved into a multi-process model while still supporting clients that use a challenge from a different network connection. Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org> Pair-Programmed-With: Stefan Metzmacher <metze@samba.org> Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Signed-off-by: Andrew Bartlett <abartlet@samba.org> Signed-off-by: Stefan Metzmacher <metze@samba.org> Autobuild-User(master): Stefan Metzmacher <metze@samba.org> Autobuild-Date(master): Wed Dec 14 20:12:14 CET 2016 on sn-devel-144
* librpc/ndr/uuid.c: improve speed and accuracy of GUID string parsingDouglas Bagnall2016-12-141-21/+111
| | | | | | | | | | | | | | GUID_from_data_blob() was relying on sscanf to parse strings, which was slow and quite accepting of invalid GUIDs. Instead we directly read a fixed number of hex bytes for each field. This now passes the samba4.local.ndr.*.guid_from_string_invalid tests. Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Autobuild-User(master): Douglas Bagnall <dbagnall@samba.org> Autobuild-Date(master): Wed Dec 14 08:55:42 CET 2016 on sn-devel-144
* librpc: cab: Fix ndr_size_cab_file() to detect integer wrap.Jeremy Allison2016-12-011-5/+28
| | | | | | | | Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org> Autobuild-User(master): Jeremy Allison <jra@samba.org> Autobuild-Date(master): Thu Dec 1 05:53:43 CET 2016 on sn-devel-144
* librpc: cab: Integer wrap protection for ndr_count_cfdata().Jeremy Allison2016-12-011-0/+4
| | | | | Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
* librpc: Add ndr_cab_get_compression() for Cabinet compression evaluationGünther Deschner2016-11-242-0/+10
| | | | | | | Guenther Signed-off-by: Guenther Deschner <gd@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
* librpc: Add autogenerated file offset calculation for Cabinet filesGünther Deschner2016-11-241-0/+6
| | | | | | | Guenther Signed-off-by: Guenther Deschner <gd@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
* librpc: Add autogenerated total cabinet size for Cabinet filesGünther Deschner2016-11-241-0/+29
| | | | | | | Guenther Signed-off-by: Guenther Deschner <gd@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
* librpc: Add autogenerated checksum calculation for Cabinet filesGünther Deschner2016-11-243-1/+51
| | | | | | | Guenther Signed-off-by: Guenther Deschner <gd@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
* librpc: Introduce cab.idlGünther Deschner2016-11-245-2/+326
| | | | | | | | | | This allows processing of Windows Cabinet files (required for the MS-PAR print protocol implementation) Guenther Signed-off-by: Guenther Deschner <gd@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
* spoolss: Use correct values for secdesc and devmode pointersGünther Deschner2016-11-111-10/+10
| | | | | | | | | | | | | | ULONG_PTR needs to be decoded as a uint3264 and not as a 'uint32 *'. BUG: https://bugzilla.samba.org/show_bug.cgi?id=11197 Guenther Pair-Programmed-With: Andreas Schneider <asn@samba.org> Signed-off-by: Guenther Deschner <gd@samba.org> Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* idl: Remove unused DCERPC_FAULT_UNK_IFAndreas Schneider2016-10-261-1/+0
| | | | | | | | Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org> Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org> Autobuild-Date(master): Wed Oct 26 15:06:44 CEST 2016 on sn-devel-144
* librpc/rpc: verify the passed table against the table on the handleStefan Metzmacher2016-10-261-2/+0
| | | | | | | Now that all callers of dcerpc_binding_handle_create() are fixed. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
* librpc/rpc: make sure we use the object from the handle in ↵Stefan Metzmacher2016-10-261-0/+16
| | | | | | | | | | | | dcerpc_binding_handle_raw_call_send() If there's an object set on the binding handle, we need to use that and disallow per request passing of object. The normal client code will always have the object on the binding handle. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
View Lorry Controller Status