summaryrefslogtreecommitdiff
path: root/librpc
Commit message (Collapse)AuthorAgeFilesLines
* librpc: add SMB_ASSERT(blob->length >= DCERPC_NCACN_PAYLOAD_OFFSET) protectionStefan Metzmacher2019-01-121-0/+10
| | | | | | | | | | | | A lot of functions rely on having the 16 bytes dcerpc header to operate on. This makes it more obvious and makes sure they can't be misused in future. BUG: https://bugzilla.samba.org/show_bug.cgi?id=7113 BUG: https://bugzilla.samba.org/show_bug.cgi?id=11892 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* librpc: add dcerpc_get_auth_{type,level,context_id}() helper functionsStefan Metzmacher2019-01-122-0/+90
| | | | | | | | BUG: https://bugzilla.samba.org/show_bug.cgi?id=7113 BUG: https://bugzilla.samba.org/show_bug.cgi?id=11892 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* librpc: add dcerpc_get_auth_length() helper functionStefan Metzmacher2019-01-122-0/+10
| | | | | Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* libndr: Use dom_sid_str_bufVolker Lendecke2019-01-081-1/+2
| | | | | Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* s4 group_audit: Add Windows Event Id's to Group membership changesGary Lockyer2018-12-211-4/+17
| | | | | | | | | | | | | | | | | | | | | | | | | | | | Generate a GroupChange event when a user is created with a PrimaryGroup membership. Log the windows event id in the JSON GroupChange message. Event Id's supported are: 4728 A member was added to a security enabled global group 4729 A member was removed from a security enabled global group 4732 A member was added to a security enabled local group 4733 A member was removed from a security enabled local group 4746 A member was added to a security disabled local group 4747 A member was removed from a security disabled local group 4751 A member was added to a security disabled global group 4752 A member was removed from a security disabled global group 4756 A member was added to a security enabled universal group 4757 A member was removed from a security enabled universal group 4761 A member was added to a security disabled universal group 4762 A member was removed from a security disabled universal group Signed-off-by: Gary Lockyer <gary@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* s3 smbcontrol: Add sleep commandGary Lockyer2018-12-191-0/+1
| | | | | | | | | | Add a sleep command that pauses the target process for the specified number of seconds This command is only enabled on developer and self test builds. Signed-off-by: Gary Lockyer <gary@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* dsdb audit_log: Add windows event codes to password changesGary Lockyer2018-12-141-1/+3
| | | | | | | | | | Add a new "eventId" element to the PasswordChange JSON log messages. This contains a Windows Event Code Id either: 4723 Password changed 4724 Password reset Signed-off-by: Gary Lockyer <gary@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* idl: Add Windows event code idsGary Lockyer2018-12-142-0/+32
| | | | | | | | | | | | | | | | | | | | | | | | | | | Add idl definitions for Windows Event Code Ids, and Logon Types. This intial commit adds: Event Ids 4264 Successful logon 4625 Unsuccessful logon Logon Types 2 Interactive 3 Network 4 Batch 5 Service 7 Unlock 8 NetworkCleartext 9 NewCredentials 10 RemoteInteractive 11 CachedInteractive The intention is to add Windows Event Codes to the JSON log messages, to provide a common event identifier in mixed Windows and Samba networks. And to assist security personnel with a windows background. Signed-off-by: Gary Lockyer <gary@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* librpc:ndr: Give the optimizer hints for ndr_push_bytes()Andreas Schneider2018-12-071-6/+2
| | | | | | | | | | Also remove the redundant check in ndr_push_DATA_BLOB. Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org> Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org> Autobuild-Date(master): Fri Dec 7 15:33:38 CET 2018 on sn-devel-144
* librpc:ndr: Fix undefined behavior in ndr_basicAndreas Schneider2018-12-061-0/+10
| | | | | | | | | | | | | | | | | | | | | | | | | | | | librpc/ndr/ndr_basic.c:723:2: runtime error: null pointer passed as argument 2, which is declared to never be null The following triggered the undefined behavior: (gdb) bt at librpc/gen_ndr/ndr_drsuapi.c:2318 fn=0x7ffff6e72983 <ndr_push_drsuapi_DsReplicaObjectIdentifier3Binary>) at ../../librpc/ndr/ndr.c:1337 at ../../source4/dsdb/schema/schema_syntax.c:2136 drs_str=<optimized out>) at ../../source4/dsdb/schema/tests/schema_syntax.c:122 already_setup=<optimized out>, restricted=restricted@entry=0x0) at ../../lib/torture/torture.c:442 at ../../lib/torture/torture.c:507 suite=0x5555563d9490, matched=0x7fffffffcef7) at ../../source4/torture/smbtorture.c:93 matched=0x7fffffffcef7) at ../../source4/torture/smbtorture.c:95 at ../../source4/torture/smbtorture.c:143 (gdb) f 1 1335 NDR_CHECK(ndr_push_bytes(ndr, blob.data, blob.length)); (gdb) p blob $2 = {data = 0x0, length = 0} Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Gary Lockyer <gary@catalyst.net.nz> Autobuild-User(master): Gary Lockyer <gary@samba.org> Autobuild-Date(master): Thu Dec 6 08:48:28 CET 2018 on sn-devel-144
* winbind: Fix "wbint_Principals" definitionVolker Lendecke2018-11-271-1/+1
| | | | | | | A signed integer does not make any sense for an IDL array length Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* librpc:ndr: Fix undefined behavior in ndr.cAndreas Schneider2018-11-231-33/+33
| | | | | | | | | | | librpc/ndr/ndr.c:1430 runtime error: left shift of 1 by 31 places cannot be represented in type 'int' Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Gary Lockyer <gary@catalyst.net.nz> Autobuild-User(master): Gary Lockyer <gary@samba.org> Autobuild-Date(master): Fri Nov 23 01:23:09 CET 2018 on sn-devel-144
* librpc/tables.pl: remove unused $opt_output optionStefan Metzmacher2018-11-201-2/+0
| | | | | Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* librpc:ndr: Initialize inblobAndreas Schneider2018-11-141-1/+3
| | | | | | | | | Found by cppcheck. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13680 Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* ndr: Init variables of GUID_from_data_blob()Andreas Schneider2018-10-191-5/+6
| | | | | | | Found by covscan. Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* preg: Use gensize to allow modification of winreg data to be repackedGarming Sam2018-08-164-3/+266
| | | | | Signed-off-by: Garming Sam <garming@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* preg: Using winreg_Data_GPO instead of DATA_BLOBGarming Sam2018-08-164-2/+286
| | | | | | | We need to make a duplicate in order to have reasonable python bindings. Signed-off-by: Garming Sam <garming@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* preg: Unpack winreg_Data for parsingGarming Sam2018-08-161-1/+1
| | | | | | | It seems that there might be pre-existing endianness issues which would be fixed by the ndr_push. Signed-off-by: Garming Sam <garming@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* preg: Build python preg bindingsGarming Sam2018-08-162-5/+6
| | | | | | | These will be used in the GPO import/export. Signed-off-by: Garming Sam <garming@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* winreg: Add hyper REG_QWORD to parsing routinesGarming Sam2018-08-161-0/+1
| | | | | | | This will be useful when exporting registry.pol files. Signed-off-by: Garming Sam <garming@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* librpc/idl Add some query [getset]info quota related structuresNoel Power2018-07-313-0/+60
| | | | | | | BUG: https://bugzilla.samba.org/show_bug.cgi?id=13553 Signed-off-by: Noel Power <noel.power@suse.com> Reviewed-by: Jeremy Allison <jra@samba.org>
* librpc: add binding handle support for [smb1]Stefan Metzmacher2018-07-242-0/+3
| | | | | | | | | This will be used to force smb1. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13308 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Alexander Bokovoy <ab@samba.org>
* ndr_misc: read syntax_id using strict util_str_hex functionsDouglas Bagnall2018-05-311-10/+23
| | | | | Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* messaging idl add group membersip eventsGary Lockyer2018-05-161-0/+2
| | | | | Signed-off-by: Gary Lockyer <gary@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* idl messaging: Add DSDB and Password events and message typesGary Lockyer2018-05-161-2/+9
| | | | | Signed-off-by: Gary Lockyer <gary@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* Fix spelling s/ouput/output/Mathieu Parent2018-05-121-1/+1
| | | | | | Signed-off-by: Mathieu Parent <math.parent@gmail.com> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Garming Sam <garming@catalyst.net.nz>
* auth: Add unique session GUID identifierGary Lockyer2018-05-101-0/+7
| | | | | | | | Generate a GUID for each successful authorization, this will allow the tying of events in the logs back to a specific session. Signed-off-by: Gary Lockyer <gary@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* ndr_string: Do overflow checks in ndr_push/pull_charsetVolker Lendecke2018-03-281-0/+6
| | | | | | | | Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org> Autobuild-User(master): Volker Lendecke <vl@samba.org> Autobuild-Date(master): Wed Mar 28 16:08:16 CEST 2018 on sn-devel-144
* ndr_string: Fix a signed/unsigned glitchVolker Lendecke2018-03-281-1/+1
| | | | | Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
* drsuapi.idl: add DN/fpo-enabled attributes as DRSUAPI_ATTID_* valuesStefan Metzmacher2018-03-191-0/+6
| | | | | | | BUG: https://bugzilla.samba.org/show_bug.cgi?id=13307 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
* winbind: Add smbcontrol disconnect-dcVolker Lendecke2018-03-151-0/+1
| | | | | | | | | Make a winbind child drop all DC connections Bug: https://bugzilla.samba.org/show_bug.cgi?id=13332 Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org>
* librpc:ndr: Add FALL_THROUGH statements in ndr_cab.cAndreas Schneider2018-03-011-0/+3
| | | | | Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* s4:lib:com: Fix function declartionsAndreas Schneider2018-03-011-1/+1
| | | | | Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* winbindd: Remove "DUMP_EVENT_LIST" messageVolker Lendecke2018-02-261-1/+1
| | | | | | | This was no longer implemented, remove it completely Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org>
* shift read_hex_bytes() and parse_guid_string() into lib/utilDouglas Bagnall2018-02-222-98/+2
| | | | | | | | | | | | | | read_hex_bytes() is going to be used in lib/util/rfc1738.c. parse_guid_string() is shifted for two reasons: Firstly, it is called very often in some operations, sometimes constituting a few percent of the CPU load, and it makes several calls to read_hex_bytes(). We want the compiler to be able to inline those calls if it thinks that is wise. Secondly, there are other places that could do with fast GUID parsing. Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* winbindd: rename MSG_WINBIND_NEW_TRUSTED_DOMAIN to ↵Ralph Boehme2018-02-101-1/+1
| | | | | | | | | | | MSG_WINBIND_RELOAD_TRUSTED_DOMAINS This reflects the new implementation in winbindd. Bug: https://bugzilla.samba.org/show_bug.cgi?id=13237 Signed-off-by: Ralph Boehme <slow@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
* docs: Remove prog_guide4.txtVolker Lendecke2018-01-211-0/+55
| | | | | | | | | | Move the still relevant parts elsewhere Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> Autobuild-User(master): Martin Schwenke <martins@samba.org> Autobuild-Date(master): Sun Jan 21 11:48:01 CET 2018 on sn-devel-144
* ndr_dns: fix pushing unknown resource recordsVolker Lendecke2018-01-041-1/+10
| | | | | | | | | When pulling for example an RRSIG record, we end up with length!=0 *and* unexpected.length != 0, but with an unknown rrec. We should be able to marshall what we retrieved from the wire. Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* dsdb encrypted secrets moduleGary Lockyer2017-12-181-0/+30
| | | | | | | | | | | | | | | | | Encrypt the samba secret attributes on disk. This is intended to mitigate the inadvertent disclosure of the sam.ldb file, and to mitigate memory read attacks. Currently the key file is stored in the same directory as sam.ldb but this could be changed at a later date to use an HSM or similar mechanism to protect the key. Data is encrypted with AES 128 GCM. The encryption uses gnutls where available and if it supports AES 128 GCM AEAD modes, otherwise nettle is used. Signed-off-by: Gary Lockyer <gary@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* nfs4acls: update default NFS4 ACL version to 4.1Ralph Boehme2017-11-081-1/+1
| | | | | Signed-off-by: Ralph Boehme <slow@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* librpc/idl: add NFS 4.1 ACL flagsRalph Boehme2017-11-081-0/+5
| | | | | Signed-off-by: Ralph Boehme <slow@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* librpc/idl: add versions consts to nfs4acl.idlRalph Boehme2017-11-081-0/+4
| | | | | Signed-off-by: Ralph Boehme <slow@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* librpc/idl: rename NFS4 ACL xattr nameRalph Boehme2017-11-081-1/+1
| | | | | | | | | | | | | | | | | | The "system" xattr namespace is reserved for the kernel. Any attempt to use xattrs in that namesspace will fail with EOPNOTSUPP, regardless of priveleges. In autobuild we're using the xattr_tdb VFS module, so it works there. Using the "security" namespace instead makes this module generally usable with Linux filesystem xattrs as storage backend. Additionally prefix the xattr name with "_ndr". This is in preperation of later commits that add a ACL blob marshalling format based on XDR. To avoid xattr name collision, both format will use distinct xattr names by default. Signed-off-by: Ralph Boehme <slow@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* librpc/idl: rename NFS4 ACL xattr name defineRalph Boehme2017-11-081-1/+1
| | | | | | | No change in behaviour. Signed-off-by: Ralph Boehme <slow@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* xattr.idl: Don't generate an interface tableVolker Lendecke2017-10-222-7/+2
| | | | | | | | Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org> Autobuild-User(master): Volker Lendecke <vl@samba.org> Autobuild-Date(master): Sun Oct 22 21:40:16 CEST 2017 on sn-devel-144
* nfs4acls: Don't generate an interface table for nfs4acls.idlVolker Lendecke2017-10-222-6/+3
| | | | | | | | | | | | | Nobody uses the function nfs4acl_test. It took a while to figure out how to get this to build. The "uuid" line in the idl file triggers pidl to generate the function table entry, which in turn then triggers tables.pl to register this interface ./bin/default/source4/librpc/gen_ndr/tables.c. We could for example do the same with xattr_parse_DOSATTRIB. Nobody uses this. Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org>
* winbindd: pass domain SID to wbint_UnixIDs2SidsRalph Boehme2017-10-101-0/+1
| | | | | | | | | | | This makes the domain SID available to the idmap child for wbint_UnixIDs2Sids mapping request. It's not used yet anywhere, this comes in the next commit. Bug: https://bugzilla.samba.org/show_bug.cgi?id=13052 Signed-off-by: Ralph Boehme <slow@samba.org> Reviewed-by: Volker Lendecke <vl@samba.org>
* librpc/dceprc_util.c: Move debug message to DBG_DEBUG()Andrew Bartlett2017-09-071-2/+2
| | | | | | | This message shows up a lot (every packet) at level 6 for the succesful case Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
* Use the rpc_parse debug class for PIDL genrated codeAndrew Bartlett2017-09-071-0/+3
| | | | | | | | | | This means that the default print binding string qualifier will now go via this debug class as will explicit calls to ndr_print_debug() and ndr_print_union_debug(). Calls to ndr_print_debugc() are not changed. Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
* schannel.idl: Fix a typoVolker Lendecke2017-08-251-1/+1
| | | | | | | | Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> Autobuild-User(master): Jeremy Allison <jra@samba.org> Autobuild-Date(master): Fri Aug 25 04:10:25 CEST 2017 on sn-devel-144
View Lorry Controller Status