summaryrefslogtreecommitdiff
path: root/librpc
Commit message (Collapse)AuthorAgeFilesLines
...
* librpc:rpc: Add SAMR encryption and mac key salt definitionsAndreas Schneider2022-07-281-0/+42
| | | | Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
* CVE-2022-2031 auth: Add ticket type field to auth_user_info_dc and ↵Joseph Sutton2022-07-271-0/+23
| | | | | | | | | | | | | | auth_session_info This field may be used to convey whether we were provided with a TGT or a non-TGT. We ensure both structures are zeroed out to avoid incorrect results being produced by an uninitialised field. BUG: https://bugzilla.samba.org/show_bug.cgi?id=15047 BUG: https://bugzilla.samba.org/show_bug.cgi?id=15049 Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andreas Schneider <asn@samba.org>
* librpc:ndr: Update ndr_print_debug() and add macro NDR_PRINT_DEBUG_LEVELPavel Filipenský2022-07-154-6/+300
| | | | | | | | | | | | Bumping the ABI to 3.0.0 This is enhancement of NDR_PRINT_DEBUG macro with following new features: * debug level can be specified (NDR_PRINT_DEBUG always uses level 1) * the trace header shows the location and function of the caller instead of function 'ndr_print_debug', which is not really useful. Signed-off-by: Pavel Filipenský <pfilipen@redhat.com> Reviewed-by: Andreas Schneider <asn@samba.org>
* security.idl: add missing BUILTIN SIDsBjörn Jacke2022-06-201-0/+2
| | | | | | | | | | | | | see: https://docs.microsoft.com/en-us/windows/win32/secauthz/well-known-sids https://docs.microsoft.com/en-us/windows/security/identity-protection/access-control/active-directory-security-groups https://docs.microsoft.com/en-us/troubleshoot/windows-server/identity/security-identifiers-in-windows Signed-off-by: Bjoern Jacke <bjacke@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> Autobuild-User(master): Jeremy Allison <jra@samba.org> Autobuild-Date(master): Mon Jun 20 18:18:15 UTC 2022 on sn-devel-184
* spelling: connnect encrytion exisit expection explicit invalide missmatch ↵Michael Tokarev2022-06-101-1/+1
| | | | | | | | | | | | | | | | | | paramater paramter partion privilige relase reponse seperate unkown verson authencication progagated Tree-wide spellcheck for some common misspellings. source3/utils/status.c has misspelled local variable (unkown_dialect). "missmatch" is a known historical misspelling, only the incorrect misspellings are fixed. source3/locale/net/de.po has the spelling error (unkown) in two msgids - it probably should be updated with current source. Signed-off-by: Michael Tokarev <mjt@tls.msk.ru> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* s3:winbind: Convert InitConnection from struct based to NDR basedSamuel Cabrero2022-05-191-0/+16
| | | | | Signed-off-by: Samuel Cabrero <scabrero@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* s3:winbind: Convert winbindd_dual_pam_chauthtok() from struct based to NDR basedSamuel Cabrero2022-05-192-2/+13
| | | | | Signed-off-by: Samuel Cabrero <scabrero@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* s3:winbind: Convert winbindd_dual_pam_chng_pswd_auth_crap() from struct ↵Samuel Cabrero2022-05-191-0/+11
| | | | | | | based to NDR based Signed-off-by: Samuel Cabrero <scabrero@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* s3:winbind: Convert PamLogOff from struct based to ndr basedSamuel Cabrero2022-05-191-0/+9
| | | | | Signed-off-by: Samuel Cabrero <scabrero@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* librpc:idl: Add NDR_SECRET flag for ntlm and challenge blobsSamuel Cabrero2022-05-191-3/+3
| | | | | Signed-off-by: Samuel Cabrero <scabrero@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* s3:winbind: Convert PAM_AUTH_CRAP from struct based to NDR basedSamuel Cabrero2022-04-301-0/+21
| | | | | Signed-off-by: Samuel Cabrero <scabrero@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* librpc:idl: Add comments to assert identity string in security.idlStefan Metzmacher2022-04-131-0/+11
| | | | | Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
* s3:winbind: Convert PamAuth from struct based to NDR basedSamuel Cabrero2022-04-081-0/+22
| | | | | Signed-off-by: Samuel Cabrero <scabrero@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* smbd: remove itime and file_id logic and codeRalph Boehme2022-03-311-0/+7
| | | | | | | | | | | | | | | | | | This bases File-Ids on the inode numbers again. The whole stuff was added because at that time Apple clients 1. would be upset by inode number reusage and 2. had a client side bug in their fallback implemetentation that assigns File-Ids on the client side in case the server provides File-Ids of 0. After discussion with folks at Apple it should be safe these days to rely on the Mac to generate its own File-Ids and let Samba return 0 File-Ids. Signed-off-by: Ralph Boehme <slow@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* s3:winbind: Return NTSTATUS from wbint_Ping() RPC functionSamuel Cabrero2022-03-251-1/+1
| | | | | | | | There are no users of this function but the next commit will convert the struct-based WINBINDD_PING call to a local RPC wbint_Ping() call. Signed-off-by: Samuel Cabrero <scabrero@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
* sddl: Add new SDDL SID stringsJoseph Sutton2022-03-171-0/+28
| | | | | Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Stefan Metzmacher <metze@samba.org>
* sddl: Fix incorrect SDDL SID stringsJoseph Sutton2022-03-171-0/+2
| | | | | | | | | | Change the values to match those used by Windows. Verified with PowerShell commands of the form: New-Object Security.Principal.SecurityIdentifier ER Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Stefan Metzmacher <metze@samba.org>
* s3:winbind: Convert ListTrustedDomains parent/child call to NDRSamuel Cabrero2022-03-062-2/+8
| | | | | | | | | By using NDR we avoid manual marshalling (netr_DomainTrust array to text string) and unmarshalling (parse the received text string back to a netr_DomainTrust array). Signed-off-by: Samuel Cabrero <scabrero@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* dns.idl/dnsp.idl: add missing DNS ressource record typesBjörn Jacke2022-02-162-1/+26
| | | | | | | | Signed-off-by: Bjoern Jacke <bjacke@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> Autobuild-User(master): Jeremy Allison <jra@samba.org> Autobuild-Date(master): Wed Feb 16 20:43:55 UTC 2022 on sn-devel-184
* dnsp.idl: add missing DNS_RPC_RECORD definesBjörn Jacke2022-02-161-0/+2
| | | | | | | | taken from MSDN 2.2.2.2.5: https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-dnsp/ac793981-1c60-43b8-be59-cdbb5c4ecb8a Signed-off-by: Bjoern Jacke <bjacke@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* ndrdump: Small simplificationVolker Lendecke2022-02-111-4/+3
| | | | | | | Remove the talloc_steal(), we can allocate on mem_ctx directly Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* librpc/ndr: let ndr_push_string() let s_len == 0 result in d_len = 0Stefan Metzmacher2022-01-241-1/+4
| | | | | | | | | | | | convert_string_talloc_handle() tries to play an the safe side and always returns a null terminated array. But for NDR we need to be correct on the wire... BUG: https://bugzilla.samba.org/show_bug.cgi?id=14956 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
* ndrdump: make use of dump_data_file_diff() in order to show differencesStefan Metzmacher2022-01-241-0/+10
| | | | | | | | | | This makes it much easier to detect differences in the given and generated buffers. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14956 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
* dcesrv_core: wrap gensec_*() calls in [un]become_root() callsStefan Metzmacher2022-01-243-0/+25
| | | | | | | | | | | | | | | | | | | | | This is important for the source3/rpc_server code as it might be called embedded in smbd and may not run as root with access to our private tdb/ldb files. Note this is only really needed for 4.15 and older, as we no longer run the rpc_server embedded in smbd, but we better be consistent for now. This should be able to fix the problem the printing no longer works on Windows 7 with 2021-10 monthly rollup patch (KB5006743). Windows uses NTLMSSP with privacy at the DCERPC layer on top of NCACN_NP (smb). BUG: https://bugzilla.samba.org/show_bug.cgi?id=14867 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
* netlogon.idl: Add FAST support bitsJoseph Sutton2022-01-191-0/+3
| | | | | Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Stefan Metzmacher <metze@samba.org>
* netlogon.idl: Add flags for indicating directory service versionsJoseph Sutton2021-12-241-4/+16
| | | | | | | Pair-Programmed-With: Stefan Metzmacher <metze@samba.org> Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Signed-off-by: Stefan Metzmacher <metze@samba.org>
* dcesrv_core: Remove unused dcesrv_reinit_context()Volker Lendecke2021-12-102-30/+0
| | | | | | | | | This was only used in the prefork source3 rpc servers Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Samuel Cabrero <scabrero@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
* idl: Define messages sent between samba-dcerpcd and rpcd'sVolker Lendecke2021-12-101-0/+4
| | | | | | | | | | | | | MSG_RPC_DUMP_STATUS will be like pool-usage carrying a file descriptor to report status to, the other two are described in rpc_host.idl. NOALIGN on rpc_worker_status: This makes it easier to count bytes to push into a static buffer. Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Samuel Cabrero <scabrero@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
* dcesrv_core: Add dcesrv_loop_next_packet()Volker Lendecke2021-12-102-0/+27
| | | | | | | | | | | | | This is used by the helpers of samba-dcerpcd: When accepting a DCERPC client, normally the server engine would read the initial bind packet. In case of samba-dcerpcd the bind packet will already be read from the socket, so we need to inject it into the rpc server engine externally. Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Samuel Cabrero <scabrero@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
* backupkey.idl: Don't listen on \\pipe\ntsvcsVolker Lendecke2021-12-101-1/+1
| | | | | | | | | | | | [MS-BKRP] says it SHOULD listen here. In the ad dc, this conflicts with smbd's srv_ntsvcs_nt.c listening also on nt ntsvcs unix domain socket. Because "samba" starts smbd after itself, smbd takes over the socket anyway, backupkey can't have been reached over this transport. Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Samuel Cabrero <scabrero@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
* dcesrv_core: Add dcesrv_context_set_callbacks()Volker Lendecke2021-12-102-0/+23
| | | | | | | | | | | We'll need to set custom callbacks on source3's global_dcesrv_ctx, which right now is deeply embedded. Once we have everything more nicely layered, this can go again. Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Samuel Cabrero <scabrero@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
* librpc: Add named_pipe_auth_req_info5->transportVolker Lendecke2021-12-101-0/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | This will serve as a check to make sure that in particular a SAMR client is really root. This is for example used in get_user_info_18() handing out a machine password. The unix domain sockets for NCACN_NP can only be contacted by root, the "np\" subdirectory for those sockets is root/root 0700. Connecting to such a socket is done in two situations: First, local real root processes connecting and smbd on behalf of SMB clients connecting to \\pipe\name, smbd does become_root() there. Via the named_pipe_auth_req_info4 smbd hands over the SMB session information that the RPC server blindly trusts. The session information (i.e. the NT token) is heavily influenced by external sources like the KDC. It is highly unlikely that we get a system token via SMB, but who knows, this is information not fully controlled by smbd. This is where this additional field in named_pipe_auth_req_info5 makes a difference: This field is set to NCACN_NP by smbd's code, not directly controlled by the clients. Other clients directly connecting to a socket in "np\" is root anyway (only smbd can do become_root()) and can set this field to NCALRPC. Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
* named_pipe_auth.idl: Add "need_idle_server"Volker Lendecke2021-12-101-0/+1
| | | | | | | | | | | | | | | | | | | | | | | | Once RPC services are done by individual processes, we need to avoid recursion between processes: Any RPC server process will be able to serve multiple client requests simultaneously, but each request is served in a single-threaded blocking manner. For example the netlogon RPC service needs to ask samr for something. The netlogon->samr connection will initially be handled by a central dispatcher assigning clients to processes. This dispatcher needs to know that this connection can't end up in the same process that originated the request. With this flag an RPC client can request a samr server process that exclusively serves its own requests and that will not serve anybody else while serving netlogon. Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Samuel Cabrero <scabrero@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
* named_pipe_auth: Bump info4 to info5Volker Lendecke2021-12-101-4/+4
| | | | | | | We'll add a field soon Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
* CVE-2021-23192: dcesrv_core: only the first fragment specifies the auth_contextsStefan Metzmacher2021-11-094-26/+108
| | | | | | | | | All other fragments blindly inherit it. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14875 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Samuel Cabrero <scabrero@samba.org>
* CVE-2021-23192: dcesrv_core: add dcesrv_fault_disconnect0() that skips ↵Stefan Metzmacher2021-11-091-31/+16
| | | | | | | | | | | DCERPC_PFC_FLAG_DID_NOT_EXECUTE That makes the callers much simpler and allow better debugging. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14875 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Samuel Cabrero <scabrero@samba.org>
* CVE-2021-23192: dcesrv_core: add better debugging to dcesrv_fault_disconnect()Stefan Metzmacher2021-11-091-5/+24
| | | | | | | | | It's better to see the location that triggered the fault. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14875 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Samuel Cabrero <scabrero@samba.org>
* CVE-2020-25719 krb5pac.idl: Add PAC_REQUESTER_SID PAC buffer typeJoseph Sutton2021-11-091-1/+7
| | | | | | | BUG: https://bugzilla.samba.org/show_bug.cgi?id=14561 Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* CVE-2020-25719 krb5pac.idl: Add PAC_ATTRIBUTES_INFO PAC buffer typeJoseph Sutton2021-11-091-1/+13
| | | | | | | BUG: https://bugzilla.samba.org/show_bug.cgi?id=14561 Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* CVE-2020-25721 krb5pac: Add new buffers for samAccountName and objectSIDAndrew Bartlett2021-11-092-4/+18
| | | | | | | | | These appear when PAC_UPN_DNS_FLAG_HAS_SAM_NAME_AND_SID is set. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14835 Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Joseph Sutton <josephsutton@catalyst.net.nz>
* tests/krb5: Check buffer types in PAC with STRICT_CHECKING=1Joseph Sutton2021-10-141-0/+3
| | | | | | | BUG: https://bugzilla.samba.org/show_bug.cgi?id=14642 Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* idl: declare token array of storage_offload_token as in-lineRalph Boehme2021-10-081-1/+1
| | | | | | | | | This ensures the order of the struct element is the same as in the IDL definition. For an conformant array using the [sizeis(n)] syntax the sizeis member is stored as first element in the marshall buffer. Signed-off-by: Ralph Boehme <slow@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* netlogon: Move netlogon_server_pipe_state to netlogon.idlVolker Lendecke2021-10-081-0/+6
| | | | | | | Make this available as a shared structure for both source3 and source4 Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* librpc: Use talloc_asprintf_addbuf() in dcerpc_binding_string()Volker Lendecke2021-10-081-71/+18
| | | | | | | Saves quite a few lines Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* rpc_server3: Avoid a literal number available as a constantVolker Lendecke2021-10-081-1/+1
| | | | | Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* smbd: Make SID_SAMBA_SMB3 a static SIDVolker Lendecke2021-10-082-9/+1
| | | | | | | No need to parse it Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* rpc_server: Simplify dcesrv_handle_lookup()Volker Lendecke2021-09-241-19/+27
| | | | | | | | Reduce indentation with a "break;" from the loop, best reviewed with git show -b Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* rpc_server: Move a type check in dcesrv_handle_lookup()Volker Lendecke2021-09-241-6/+9
| | | | | | | | This check is independent of whether we found a handle or not, we can do it before walking the handle list. Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* librpc:core: Add a function to register an interface passing the binding handleSamuel Cabrero2021-09-212-26/+59
| | | | | Signed-off-by: Samuel Cabrero <scabrero@samba.org> Reviewed-by: Volker Lendecke <vl@samba.org>
* security.idl: Add well-known SIDs for FASTJoseph Sutton2021-09-131-0/+3
| | | | | | Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Isaac Boukris <iboukris@samba.org>
View Lorry Controller Status