summaryrefslogtreecommitdiff
path: root/source4
Commit message (Collapse)AuthorAgeFilesLines
* samba_dnsupdate: With dns_hub, we don't need resolv_wrapVolker Lendecke2019-01-151-25/+12
| | | | | | | Best viewed with git show -b Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* dns_update: samba_dnsupdate's exit code is not an errnoVolker Lendecke2019-01-151-2/+2
| | | | | | | | This avoids confusing messages, samba_dnsupdate returns the number of failed updates Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* s4/libnet: use 'et' as format for ParseTuple with python2Noel Power2019-01-131-1/+2
| | | | | Signed-off-by: Noel Power <noel.power@suse.com> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
* selftest:Samba4: run the raw_protocol test with a limit of 8 auth contextsStefan Metzmacher2019-01-121-1/+3
| | | | | | | | | | This is much faster than exploring the limit of 2049 during autobuild. BUG: https://bugzilla.samba.org/show_bug.cgi?id=7113 BUG: https://bugzilla.samba.org/show_bug.cgi?id=11892 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* s4:rpc_server: implement security context multiplexingStefan Metzmacher2019-01-123-13/+199
| | | | | | | | | | | | | | | | | There're some systems like Cisco ISE use security multiplexing without checking (via bind time feature negotiation) the server supports it. Others like VMWare View, fallback to NT4 style netlogon connections without using netlogon secure channel, which then triggers an error, with "server schannel = yes", see https://bugzilla.samba.org/show_bug.cgi?id=13464. BUG: https://bugzilla.samba.org/show_bug.cgi?id=7113 BUG: https://bugzilla.samba.org/show_bug.cgi?id=11892 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* s4:pyrpc: add py_dcerpc_ndr_pointer_deref/wrap() infrastructureStefan Metzmacher2019-01-123-0/+133
| | | | | | | | | | | | | | | | | | | | Some idl files use more than one layer of unique pointers. e.g. NTSTATUS lsa_GetUserName( [in,unique] [string,charset(UTF16)] uint16 *system_name, [in,out,ref] lsa_String **account_name, [in,out,unique] lsa_String **authority_name ); In order to specify *io.in.authority_name = NULL, we need to wrap the pointer value (lsa_String or None) into an base.ndr_pointer() object. BUG: https://bugzilla.samba.org/show_bug.cgi?id=7113 BUG: https://bugzilla.samba.org/show_bug.cgi?id=11892 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* s4:pyrpc: make use of pytalloc_get_type() in py_dcerpc_syntax_init_helper()Stefan Metzmacher2019-01-121-1/+1
| | | | | | | | BUG: https://bugzilla.samba.org/show_bug.cgi?id=7113 BUG: https://bugzilla.samba.org/show_bug.cgi?id=11892 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* s4:rpc_server/lsa: specify \\pipe\lsass as ncacn_np_secondary_endpointStefan Metzmacher2019-01-121-2/+6
| | | | | | | | BUG: https://bugzilla.samba.org/show_bug.cgi?id=7113 BUG: https://bugzilla.samba.org/show_bug.cgi?id=11892 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* s4:rpc_server: make it possible to specify ncacn_np_secondary_endpointStefan Metzmacher2019-01-125-3/+36
| | | | | | | | | | | Even a connect to \\pipe\lsarpc should return a secondary_address of '\\pipe\\lsass'. But that will be implemented in a following commit. BUG: https://bugzilla.samba.org/show_bug.cgi?id=7113 BUG: https://bugzilla.samba.org/show_bug.cgi?id=11892 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* s4:rpc_server: only share assoc group ids on the same transportStefan Metzmacher2019-01-122-14/+34
| | | | | | | | BUG: https://bugzilla.samba.org/show_bug.cgi?id=7113 BUG: https://bugzilla.samba.org/show_bug.cgi?id=11892 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* s4:rpc_server: don't replace '\\pipe\\' with '\\PIPE\\'Stefan Metzmacher2019-01-121-17/+1
| | | | | | | | | | This is not what Windows returns (at least for \\pipe\lsass). BUG: https://bugzilla.samba.org/show_bug.cgi?id=7113 BUG: https://bugzilla.samba.org/show_bug.cgi?id=11892 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* s4:rpc_server: fix DCERPC_PFC_FLAG_SUPPORT_HEADER_SIGN negotiation to match ↵Stefan Metzmacher2019-01-123-29/+61
| | | | | | | | | | Windows BUG: https://bugzilla.samba.org/show_bug.cgi?id=7113 BUG: https://bugzilla.samba.org/show_bug.cgi?id=11892 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* s4:rpc_server: SMB_ASSERT(auth->auth_finished); in order to get auth detailsStefan Metzmacher2019-01-121-1/+9
| | | | | Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* s4:rpc_server: only pass context to op_bind() hooksStefan Metzmacher2019-01-1214-46/+36
| | | | | | | | BUG: https://bugzilla.samba.org/show_bug.cgi?id=7113 BUG: https://bugzilla.samba.org/show_bug.cgi?id=11892 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* s4:rpc_server: only use context within op_bind() hooks and ↵Stefan Metzmacher2019-01-1212-42/+34
| | | | | | | | | | dcesrv_interface_bind_*() functions BUG: https://bugzilla.samba.org/show_bug.cgi?id=7113 BUG: https://bugzilla.samba.org/show_bug.cgi?id=11892 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* s4:rpc_server: remove unused dcesrv_connection_context->private_dateStefan Metzmacher2019-01-122-4/+0
| | | | | | | | | | dcesrv_iface_state_{create,find}_{assoc,conn}() should be used instead. BUG: https://bugzilla.samba.org/show_bug.cgi?id=7113 BUG: https://bugzilla.samba.org/show_bug.cgi?id=11892 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* s4:rpc_server: remove unused dcesrv_assoc_group->proxied_idStefan Metzmacher2019-01-121-3/+0
| | | | | | | | BUG: https://bugzilla.samba.org/show_bug.cgi?id=7113 BUG: https://bugzilla.samba.org/show_bug.cgi?id=11892 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* s4:rpc_server/winreg: don't cache an ldb connection per presentation contextStefan Metzmacher2019-01-121-26/+13
| | | | | | | | | | | We should do this per context handle, as these are available on all connections of the association group. BUG: https://bugzilla.samba.org/show_bug.cgi?id=7113 BUG: https://bugzilla.samba.org/show_bug.cgi?id=11892 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* s4:rpc_server/remote: make use ↵Stefan Metzmacher2019-01-121-13/+38
| | | | | | | | | | dcesrv_iface_state_{store,find}_{assoc,conn}() helpers BUG: https://bugzilla.samba.org/show_bug.cgi?id=7113 BUG: https://bugzilla.samba.org/show_bug.cgi?id=11892 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* s4:rpc_server/remote: introduce struct dcesrv_remote_callStefan Metzmacher2019-01-121-6/+20
| | | | | | | | | | This holds the state for async requests. BUG: https://bugzilla.samba.org/show_bug.cgi?id=7113 BUG: https://bugzilla.samba.org/show_bug.cgi?id=11892 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* s4:rpc_server/remote: defer the connect to the first client requestStefan Metzmacher2019-01-121-27/+32
| | | | | | | | | | | | | | | | This means we have a chance to use delegated credentials from the client if available, as the authentication is already completed. Before we only ever used the transport inherited credentials via SMB or anonymous. Note: most times we still fallback to anonymous... BUG: https://bugzilla.samba.org/show_bug.cgi?id=7113 BUG: https://bugzilla.samba.org/show_bug.cgi?id=11892 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* s4:rpc_server/remote: fail the connection if the remote server don't support MPXStefan Metzmacher2019-01-121-3/+7
| | | | | | | | | | | If we already negotiated with our client to support concurent multiplexing (MPX), we need a remote connection that also supports it. BUG: https://bugzilla.samba.org/show_bug.cgi?id=7113 BUG: https://bugzilla.samba.org/show_bug.cgi?id=11892 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* s4:rpc_server/remote: add dcerpc_remote:allow_anonymous_fallback optionStefan Metzmacher2019-01-121-0/+13
| | | | | | | | BUG: https://bugzilla.samba.org/show_bug.cgi?id=7113 BUG: https://bugzilla.samba.org/show_bug.cgi?id=11892 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* s4:rpc_server/remote: reformat code to get "dcerpc_remote:use_machine_account"Stefan Metzmacher2019-01-121-2/+6
| | | | | | | | BUG: https://bugzilla.samba.org/show_bug.cgi?id=7113 BUG: https://bugzilla.samba.org/show_bug.cgi?id=11892 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* s4:rpc_server/remote: reformat code to get "dcerpc_remote:binding"Stefan Metzmacher2019-01-121-2/+6
| | | | | | | | BUG: https://bugzilla.samba.org/show_bug.cgi?id=7113 BUG: https://bugzilla.samba.org/show_bug.cgi?id=11892 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* s4:rpc_server/remote: remote_op_bind already has the table availableStefan Metzmacher2019-01-121-8/+3
| | | | | | | | BUG: https://bugzilla.samba.org/show_bug.cgi?id=7113 BUG: https://bugzilla.samba.org/show_bug.cgi?id=11892 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* s4:rpc_server/remote: introduce remote_get_private()Stefan Metzmacher2019-01-121-2/+20
| | | | | | | | BUG: https://bugzilla.samba.org/show_bug.cgi?id=7113 BUG: https://bugzilla.samba.org/show_bug.cgi?id=11892 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* s4:rpc_server/dnsserver: make use of dcesrv_iface_state_{create,find}_conn()Stefan Metzmacher2019-01-121-3/+12
| | | | | | | | BUG: https://bugzilla.samba.org/show_bug.cgi?id=7113 BUG: https://bugzilla.samba.org/show_bug.cgi?id=11892 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* s4:rpc_server/netlogon: make use of dcesrv_iface_state_{create,find}_conn()Stefan Metzmacher2019-01-121-13/+22
| | | | | | | | BUG: https://bugzilla.samba.org/show_bug.cgi?id=7113 BUG: https://bugzilla.samba.org/show_bug.cgi?id=11892 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* s4:rpc_server: add dcesrv_iface_state_{store,find}_{assoc,conn}() helpersStefan Metzmacher2019-01-122-0/+261
| | | | | | | | | | | | | | | They can be used instead of dcesrv_connection_context->private_data and dcesrv_assoc_group->proxied_id. This is the first step to hide internal details of the core dcerpc server from the interface implementations. BUG: https://bugzilla.samba.org/show_bug.cgi?id=7113 BUG: https://bugzilla.samba.org/show_bug.cgi?id=11892 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* s4:rpc_server: move bind_time_features to dcesrv_assoc_groupStefan Metzmacher2019-01-122-4/+4
| | | | | | | | BUG: https://bugzilla.samba.org/show_bug.cgi?id=7113 BUG: https://bugzilla.samba.org/show_bug.cgi?id=11892 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* s4:rpc_server: add a min_auth_level to context handlesStefan Metzmacher2019-01-122-0/+8
| | | | | | | | BUG: https://bugzilla.samba.org/show_bug.cgi?id=7113 BUG: https://bugzilla.samba.org/show_bug.cgi?id=11892 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* s4:rpc_server: replace dce_conn->allow_request with auth->auth_finishedStefan Metzmacher2019-01-123-10/+3
| | | | | | | | | | | They both had the same lifetime and the disconnect case is now caught by auth->auth_invalid = true. BUG: https://bugzilla.samba.org/show_bug.cgi?id=7113 BUG: https://bugzilla.samba.org/show_bug.cgi?id=11892 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* s4:rpc_server: replace dce_conn->allow_auth3 with auth->auth_startedStefan Metzmacher2019-01-123-5/+9
| | | | | | | | | | auth3 is allowed if auth_started is true and auth_finished is false. BUG: https://bugzilla.samba.org/show_bug.cgi?id=7113 BUG: https://bugzilla.samba.org/show_bug.cgi?id=11892 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* s4:rpc_server: set auth_invalid = true on disconnectStefan Metzmacher2019-01-121-0/+4
| | | | | | | | BUG: https://bugzilla.samba.org/show_bug.cgi?id=7113 BUG: https://bugzilla.samba.org/show_bug.cgi?id=11892 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* s4:rpc_server: split out log_successful_dcesrv_authz_event()Stefan Metzmacher2019-01-121-20/+28
| | | | | | | | BUG: https://bugzilla.samba.org/show_bug.cgi?id=7113 BUG: https://bugzilla.samba.org/show_bug.cgi?id=11892 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* s4:rpc_server: add some protection checks to dcesrv_auth_prepare_gensec()Stefan Metzmacher2019-01-121-0/+12
| | | | | | | | BUG: https://bugzilla.samba.org/show_bug.cgi?id=7113 BUG: https://bugzilla.samba.org/show_bug.cgi?id=11892 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* s4:rpc_server: split out dcesrv_auth_prepare_gensec()Stefan Metzmacher2019-01-121-54/+62
| | | | | | | | BUG: https://bugzilla.samba.org/show_bug.cgi?id=7113 BUG: https://bugzilla.samba.org/show_bug.cgi?id=11892 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* s4:rpc_server: allocate struct dcesrv_auth with tallocStefan Metzmacher2019-01-123-27/+50
| | | | | | | | BUG: https://bugzilla.samba.org/show_bug.cgi?id=7113 BUG: https://bugzilla.samba.org/show_bug.cgi?id=11892 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* s4:rpc_server: make use of dcesrv_call_state->auth_state in dcerpc_server.cStefan Metzmacher2019-01-121-13/+13
| | | | | | | | BUG: https://bugzilla.samba.org/show_bug.cgi?id=7113 BUG: https://bugzilla.samba.org/show_bug.cgi?id=11892 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* s4:rpc_server: make use of dcesrv_call_state->auth_state in common/reply.cStefan Metzmacher2019-01-121-1/+1
| | | | | | | | BUG: https://bugzilla.samba.org/show_bug.cgi?id=7113 BUG: https://bugzilla.samba.org/show_bug.cgi?id=11892 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* s4:rpc_server: make use of dcesrv_call_state->auth_state in dcesrv_auth.cStefan Metzmacher2019-01-121-9/+9
| | | | | | | | BUG: https://bugzilla.samba.org/show_bug.cgi?id=7113 BUG: https://bugzilla.samba.org/show_bug.cgi?id=11892 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* s4:rpc_server: introduce dcesrv_call_state->auth_stateStefan Metzmacher2019-01-122-0/+3
| | | | | | | | BUG: https://bugzilla.samba.org/show_bug.cgi?id=7113 BUG: https://bugzilla.samba.org/show_bug.cgi?id=11892 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* s4:rpc_server: use helper variables to access 'struct dcesrv_auth' in ↵Stefan Metzmacher2019-01-121-19/+24
| | | | | | | | | | dcerpc_server.c BUG: https://bugzilla.samba.org/show_bug.cgi?id=7113 BUG: https://bugzilla.samba.org/show_bug.cgi?id=11892 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* s4:rpc_server: use helper variables to access 'struct dcesrv_auth' in ↵Stefan Metzmacher2019-01-121-3/+3
| | | | | | | | | | common/reply.c BUG: https://bugzilla.samba.org/show_bug.cgi?id=7113 BUG: https://bugzilla.samba.org/show_bug.cgi?id=11892 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* s4:rpc_server: use helper variables to access 'struct dcesrv_auth' in ↵Stefan Metzmacher2019-01-121-42/+45
| | | | | | | | | | dcesrv_auth.c BUG: https://bugzilla.samba.org/show_bug.cgi?id=7113 BUG: https://bugzilla.samba.org/show_bug.cgi?id=11892 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* s4:rpc_server/remote: make use of dcesrv_call_credentials()Stefan Metzmacher2019-01-121-4/+9
| | | | | | | | BUG: https://bugzilla.samba.org/show_bug.cgi?id=7113 BUG: https://bugzilla.samba.org/show_bug.cgi?id=11892 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* s4:rpc_server/netlogon: make use of dcesrv_call_auth_info()Stefan Metzmacher2019-01-121-3/+14
| | | | | | | | BUG: https://bugzilla.samba.org/show_bug.cgi?id=7113 BUG: https://bugzilla.samba.org/show_bug.cgi?id=11892 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* s4:rpc_server/netlogon: simplify logic of dcesrv_netr_creds_server_step_check()Stefan Metzmacher2019-01-121-37/+4
| | | | | | | | | | | | | | It's enough to check the auth_type for DCERPC_AUTH_TYPE_SCHANNEL, there's no need to also check the auth_level for integrity or privacy. The gensec layer already required at least DCERPC_AUTH_LEVEL_INTEGRITY, see schannel_update_internal(). BUG: https://bugzilla.samba.org/show_bug.cgi?id=7113 BUG: https://bugzilla.samba.org/show_bug.cgi?id=11892 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* s4:rpc_server/lsa: make use of dcesrv_call_auth_info()Stefan Metzmacher2019-01-121-6/+9
| | | | | | | | | | | | | | It's enough to check the auth_type for DCERPC_AUTH_TYPE_SCHANNEL, there's no need to also check the auth_level for integrity or privacy. The gensec layer already required at least DCERPC_AUTH_LEVEL_INTEGRITY, see schannel_update_internal(). BUG: https://bugzilla.samba.org/show_bug.cgi?id=7113 BUG: https://bugzilla.samba.org/show_bug.cgi?id=11892 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
View Lorry Controller Status