[SCM] Samba Shared Repository - branch master updated
Andrew Bartlett
abartlet at samba.org
Tue Oct 17 20:23:02 UTC 2023
The branch, master has been updated
via f392fdfd47f shadow_copy2: Add missing TALLOC_FREE
via c6d0df787a1 s4:torture: Increase multichannel timeout
via 5ec5496df40 s4:rpc_server/epmapper: use ndr_syntax_id_equal() in dcesrv_epm_Map() to match the request
via 53e4fe647ec s4:rpc_server/epmapper: check dcerpc_floor_get_uuid_full() result in dcesrv_epm_Map()
via dfdb8736c75 s4:rpc_server: simplify logic in dcesrv_epm_Map matching
via 7a7a38b870d librpc/rpc: also get the 2nd half of the ndr_syntax_id from a floor
via 1058382d048 librpc/rpc: add dcerpc_floor_pack_uuid_full() helper function
via ac392c35e49 s3:rpc_server: let create_policy_hnd() return a pointer
via 403bceef914 s4:rpc_server/remote: make use of dcesrv_async_reply()
via 06c12033b35 s4:rpc_server/netlogon: make use of dcesrv_async_reply()
via d880999480e s4:rpc_server/lsa: make use of dcesrv_async_reply()
via eaf3654dd1e s4:rpc_server/common: make use of dcesrv_async_reply()
via 27d11803a45 s4:rpc_server/echo: make use of dcesrv_async_reply()
via b8eae782251 librpc/rpc: add dcesrv_async_reply() helper that disconnects as needed
via 5a6978205ed librpc/rpc: allow dcesrv_context to propose the preferred ndr syntax
via f8b76235fe0 s3:rpc_server: distribute clients based on available association group slots
via 40e780ad162 dcesrv_core: maintain the number of allocated association groups per dce_ctx
via 2c2c2f43688 s3:rpc_server: improve debugging in rpc_host_distribute_clients()
via cd2cb49179c s3:rpc_server: simplify rpc_host_find_worker()
via eb8cf371b8d s3:rpc_server: correctly allow up to 65536 workers processes
via e4bdab659bb rpc_host.idl: change server_index from uint8 to uint32
via 94723b6732a s3:rpc_server: call reopen_logs before we print the copyright notice
via f35baa4eb2e s3:rpc_server: make use of dcesrv_register_default_auth_types[_machine_principal]()
via ae38cfe6da7 s3:rpc_server: let get_servers() callback of rpc_worker_main() return NTSTATUS
via 2d73b1e0618 s3:rpc_server: let register_ep_server() errors result in DBG_ERR()
via 2ba5016e4b4 librpc/rpc: add dcesrv_register_default_auth_types[_machine_principal]() helpers
via 1d0a5b3ac75 librpc/rpc: implement dcesrv_mgmt_inq_princ_name infrastructure
via 9f51379dd73 librpc/rpc: let dcesrv_mgmt_inq_if_ids() filter out the mgmt syntax_id
via 6cb12d3955d librpc/rpc: apply some code cleanup and error checks to dcesrv_mgmt.c
via a38f58ac85f s4:torture/rpc: let test_inq_princ_name_size also test for princ_name_size = 0 and BAD_STUB_DATA
via 2a290dcb945 s3:selftest: also run rpc.mgmt against the nt4_dc (and ad_dc)
via 09daeba6962 libcli/util: let win_errstr() fallback to hresult_errstr()
from 237b6fc3ad6 s3:tests: Plan test_smbspool_krb.sh for environment ad_member_fips
https://git.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit f392fdfd47f47e371fe75f5cd4647126922fda19
Author: MikeLiu <mikeliu at qnap.com>
Date: Fri Oct 13 11:55:52 2023 +0800
shadow_copy2: Add missing TALLOC_FREE
Signed-off-by: MikeLiu <mikeliu at qnap.com>
Reviewed-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet at samba.org>
Autobuild-Date(master): Tue Oct 17 20:22:18 UTC 2023 on atb-devel-224
commit c6d0df787a1f6007e1f4594f68ff1f75a46bd293
Author: Andreas Schneider <asn at samba.org>
Date: Tue Oct 17 14:29:03 2023 +0200
s4:torture: Increase multichannel timeout
This avoid running into timeouts on Gitlab CI.
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 5ec5496df40e6015ec8de6133a406bb50efebe35
Author: Stefan Metzmacher <metze at samba.org>
Date: Fri Oct 13 09:18:25 2023 +0200
s4:rpc_server/epmapper: use ndr_syntax_id_equal() in dcesrv_epm_Map() to match the request
This matches it much easier to understand.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 53e4fe647ec3f840836340cf9eac4f79b8794aad
Author: Stefan Metzmacher <metze at samba.org>
Date: Fri Oct 13 09:11:51 2023 +0200
s4:rpc_server/epmapper: check dcerpc_floor_get_uuid_full() result in dcesrv_epm_Map()
This already checks for EPM_PROTOCOL_UUID and simplifies the logic.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit dfdb8736c750079bc42d274a416c9f7ea3f820dc
Author: Stefan Metzmacher <metze at samba.org>
Date: Thu Oct 12 17:19:21 2023 +0200
s4:rpc_server: simplify logic in dcesrv_epm_Map matching
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 7a7a38b870dd8f0b384e290b8e9e18305bf54f90
Author: Stefan Metzmacher <metze at samba.org>
Date: Wed Aug 9 19:39:21 2023 +0200
librpc/rpc: also get the 2nd half of the ndr_syntax_id from a floor
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 1058382d048bc368a3825cb295d9aeabf0ef9b10
Author: Stefan Metzmacher <metze at samba.org>
Date: Wed Aug 9 19:23:59 2023 +0200
librpc/rpc: add dcerpc_floor_pack_uuid_full() helper function
This handles the full syntax with split major and minor version,
from lhs and rhs.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit ac392c35e4993e1f4bd25519c607a00508e57de4
Author: Stefan Metzmacher <metze at samba.org>
Date: Sun Aug 13 13:34:30 2023 +0200
s3:rpc_server: let create_policy_hnd() return a pointer
This allows a TALLOC_FREE() on it to unregister and destroy the
handle easily.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 403bceef914d6793a7f5ec4432445f043919c277
Author: Stefan Metzmacher <metze at samba.org>
Date: Thu Oct 12 11:05:46 2023 +0200
s4:rpc_server/remote: make use of dcesrv_async_reply()
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 06c12033b355d234d561ad11b5f4b1bad1c79417
Author: Stefan Metzmacher <metze at samba.org>
Date: Thu Oct 12 11:05:46 2023 +0200
s4:rpc_server/netlogon: make use of dcesrv_async_reply()
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit d880999480ed62cd0249f3bd67d5f7830d396b57
Author: Stefan Metzmacher <metze at samba.org>
Date: Thu Oct 12 11:05:46 2023 +0200
s4:rpc_server/lsa: make use of dcesrv_async_reply()
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit eaf3654dd1e6f8d0557148e673a574e57ce7a71c
Author: Stefan Metzmacher <metze at samba.org>
Date: Thu Oct 12 11:05:46 2023 +0200
s4:rpc_server/common: make use of dcesrv_async_reply()
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 27d11803a45d7cb7c2d4b422cc2ec6a02fb04616
Author: Stefan Metzmacher <metze at samba.org>
Date: Thu Oct 12 11:05:46 2023 +0200
s4:rpc_server/echo: make use of dcesrv_async_reply()
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit b8eae782251d89b11e86c19f3cd8dbd58fa506ca
Author: Stefan Metzmacher <metze at samba.org>
Date: Mon Aug 14 12:58:14 2023 +0200
librpc/rpc: add dcesrv_async_reply() helper that disconnects as needed
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 5a6978205edc2217006762bfe540e8f62caad74b
Author: Stefan Metzmacher <metze at samba.org>
Date: Mon Aug 14 12:48:28 2023 +0200
librpc/rpc: allow dcesrv_context to propose the preferred ndr syntax
This allows specific services to use ndr64.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit f8b76235fe0fda5a58fed8a527bbeba196560ca1
Author: Stefan Metzmacher <metze at samba.org>
Date: Thu Oct 12 15:39:38 2023 +0200
s3:rpc_server: distribute clients based on available association group slots
The important factor to distribute connection to workers
should be the number of used association group slots instead
of the raw number of connections. If one worker has a lot of
association groups with just one connection each, but another
with few association groups, but multiple connections per
association group. The one with less association groups should
get the connection. Note each worker is only able to allocate
UINT16_MAX allocation groups, but the number of connections
is only limited by RAM.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 40e780ad162c8c561822d6284f8e6227fca69c8a
Author: Stefan Metzmacher <metze at samba.org>
Date: Thu Oct 12 12:49:42 2023 +0200
dcesrv_core: maintain the number of allocated association groups per dce_ctx
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 2c2c2f43688748de4687c12bef46a4c2c3fd140d
Author: Stefan Metzmacher <metze at samba.org>
Date: Thu Oct 12 14:21:44 2023 +0200
s3:rpc_server: improve debugging in rpc_host_distribute_clients()
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit cd2cb49179cebb63ca04bd35670d10af9ed55f67
Author: Stefan Metzmacher <metze at samba.org>
Date: Thu Oct 12 14:16:48 2023 +0200
s3:rpc_server: simplify rpc_host_find_worker()
This will help me in the next commits.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit eb8cf371b8dc9575e2b838ac8e4f03518eb092da
Author: Stefan Metzmacher <metze at samba.org>
Date: Thu Jan 19 12:27:20 2023 +0100
s3:rpc_server: correctly allow up to 65536 workers processes
We already limit the per worker portion of the association
group id to UINT16_MAX, so we can also use 16-bit instead
of just 8-bit to encode the worker index.
While there we should actually ensure that the max worker
index is UINT16_MAX.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit e4bdab659bbe88f8687cefea9ef80850b585a37d
Author: Stefan Metzmacher <metze at samba.org>
Date: Thu Oct 12 12:30:00 2023 +0200
rpc_host.idl: change server_index from uint8 to uint32
This reflects what we're using in the C code already...
Note this is an incompatible change, but we also changed
from named_pipe_auth_req_info7 to named_pipe_auth_req_info8
in master...
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 94723b6732a67482eb7792e82b01e26a807e8265
Author: Stefan Metzmacher <metze at samba.org>
Date: Wed Aug 16 16:47:24 2023 +0200
s3:rpc_server: call reopen_logs before we print the copyright notice
This matches what we do in smbd, winbindd and nmbd.
For the workers it's important to call it at all, otherwise
things like 'debug pid = yes' or 'debug class = yes' have no effect
in the workers.
We could argue if we want the copyright notice on the start
of each worker at all, but that's a different discussion...
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit f35baa4eb2e68a4253f90f85052306471d61bd04
Author: Stefan Metzmacher <metze at samba.org>
Date: Wed Aug 9 16:41:33 2023 +0200
s3:rpc_server: make use of dcesrv_register_default_auth_types[_machine_principal]()
This mostly matches windows now...
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit ae38cfe6da728ea565d02e010d77360447b6007f
Author: Stefan Metzmacher <metze at samba.org>
Date: Wed Aug 9 16:06:06 2023 +0200
s3:rpc_server: let get_servers() callback of rpc_worker_main() return NTSTATUS
This means the rpc_worker_main() logic is the only layer that
needs to call exit() and its able to do some cleanup before.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 2d73b1e06188f3570bf88598a3b01f09f6ff633c
Author: Stefan Metzmacher <metze at samba.org>
Date: Wed Aug 9 15:37:12 2023 +0200
s3:rpc_server: let register_ep_server() errors result in DBG_ERR()
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 2ba5016e4b496a8f123fe91403cf178f7930d43e
Author: Stefan Metzmacher <metze at samba.org>
Date: Wed Aug 9 15:29:29 2023 +0200
librpc/rpc: add dcesrv_register_default_auth_types[_machine_principal]() helpers
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 1d0a5b3ac751d4162b8414453303e28cc1b87c21
Author: Stefan Metzmacher <metze at samba.org>
Date: Wed Aug 9 13:26:31 2023 +0200
librpc/rpc: implement dcesrv_mgmt_inq_princ_name infrastructure
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 9f51379dd731f5c5b19a41ced4fd4ef1e2f4d2aa
Author: Stefan Metzmacher <metze at samba.org>
Date: Wed Aug 9 17:05:56 2023 +0200
librpc/rpc: let dcesrv_mgmt_inq_if_ids() filter out the mgmt syntax_id
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 6cb12d3955d3c7f216c79b081f5431ec9f4c14ce
Author: Stefan Metzmacher <metze at samba.org>
Date: Wed Aug 9 12:42:43 2023 +0200
librpc/rpc: apply some code cleanup and error checks to dcesrv_mgmt.c
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit a38f58ac85fbba7a6f1076516117acc6eae44358
Author: Stefan Metzmacher <metze at samba.org>
Date: Wed Aug 9 17:24:07 2023 +0200
s4:torture/rpc: let test_inq_princ_name_size also test for princ_name_size = 0 and BAD_STUB_DATA
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 2a290dcb9456ce1b855fe426e197f0edad27a747
Author: Stefan Metzmacher <metze at samba.org>
Date: Wed Aug 9 17:32:11 2023 +0200
s3:selftest: also run rpc.mgmt against the nt4_dc (and ad_dc)
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 09daeba6962d9f2534762250eb3b172154aa4aaf
Author: Stefan Metzmacher <metze at samba.org>
Date: Fri Aug 18 10:59:00 2023 +0200
libcli/util: let win_errstr() fallback to hresult_errstr()
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
-----------------------------------------------------------------------
Summary of changes:
libcli/util/doserr.c | 14 +++
librpc/rpc/binding.c | 81 +++++++++++++----
librpc/rpc/dcesrv_core.c | 122 +++++++++++++++++++++++++-
librpc/rpc/dcesrv_core.h | 34 +++++++
librpc/rpc/dcesrv_mgmt.c | 56 ++++++++++--
librpc/rpc/dcesrv_reply.c | 19 ++++
librpc/rpc/rpc_common.h | 2 +-
python/samba/tests/blackbox/ndrdump.py | 2 +-
source3/librpc/idl/rpc_host.idl | 23 ++++-
source3/modules/vfs_shadow_copy2.c | 4 +
source3/rpc_server/epmapper/srv_epmapper.c | 8 +-
source3/rpc_server/rpc_handles.c | 14 +--
source3/rpc_server/rpc_host.c | 114 ++++++++++++++++++------
source3/rpc_server/rpc_pipes.h | 2 +-
source3/rpc_server/rpc_worker.c | 71 +++++++++++----
source3/rpc_server/rpc_worker.h | 3 +-
source3/rpc_server/rpcd_classic.c | 12 ++-
source3/rpc_server/rpcd_epmapper.c | 26 +++++-
source3/rpc_server/rpcd_fsrvp.c | 9 +-
source3/rpc_server/rpcd_lsad.c | 22 ++++-
source3/rpc_server/rpcd_mdssvc.c | 8 +-
source3/rpc_server/rpcd_rpcecho.c | 6 +-
source3/rpc_server/rpcd_spoolss.c | 14 +--
source3/rpc_server/rpcd_winreg.c | 8 +-
source3/selftest/tests.py | 1 +
source4/rpc_server/common/forward.c | 6 +-
source4/rpc_server/dcerpc_server.c | 5 ++
source4/rpc_server/echo/rpc_echo.c | 7 +-
source4/rpc_server/epmapper/rpc_epmapper.c | 37 ++++++--
source4/rpc_server/lsa/lsa_lookup.c | 10 +--
source4/rpc_server/netlogon/dcerpc_netlogon.c | 27 ++----
source4/rpc_server/remote/dcesrv_remote.c | 6 +-
source4/torture/rpc/epmapper.c | 6 +-
source4/torture/rpc/mgmt.c | 6 ++
source4/torture/smb2/multichannel.c | 2 +-
35 files changed, 615 insertions(+), 172 deletions(-)
Changeset truncated at 500 lines:
diff --git a/libcli/util/doserr.c b/libcli/util/doserr.c
index b9553dfac5e..c30abc8df36 100644
--- a/libcli/util/doserr.c
+++ b/libcli/util/doserr.c
@@ -21,6 +21,7 @@
#include "replace.h"
#include "libcli/util/werror.h"
+#include "libcli/util/hresult.h"
struct werror_code_struct {
const char *dos_errstr;
@@ -112,6 +113,19 @@ const char *win_errstr(WERROR werror)
break;
}
+ /*
+ * WERROR codes are 16-bit only, if the
+ * upper 16-bit are not 0, it's likely
+ * an HRESULT.
+ *
+ * E.g. we should display HRES_SEC_E_WRONG_PRINCIPAL instead of
+ * 'DOS code 0x80090322'
+ */
+ if ((W_ERROR_V(werror) & 0xFFFF0000) != 0) {
+ HRESULT hres = HRES_ERROR(W_ERROR_V(werror));
+ return hresult_errstr(hres);
+ }
+
slprintf(msg, sizeof(msg), "DOS code 0x%08x", W_ERROR_V(werror));
return msg;
diff --git a/librpc/rpc/binding.c b/librpc/rpc/binding.c
index 8cb42d67914..eaf3430c9d3 100644
--- a/librpc/rpc/binding.c
+++ b/librpc/rpc/binding.c
@@ -134,7 +134,7 @@ const char *epm_floor_string(TALLOC_CTX *mem_ctx, struct epm_floor *epm_floor)
switch(epm_floor->lhs.protocol) {
case EPM_PROTOCOL_UUID:
- status = dcerpc_floor_get_lhs_data(epm_floor, &syntax);
+ status = dcerpc_floor_get_uuid_full(epm_floor, &syntax);
if (NT_STATUS_IS_OK(status)) {
/* lhs is used: UUID */
struct GUID_txt_buf buf;
@@ -894,14 +894,21 @@ _PUBLIC_ NTSTATUS dcerpc_binding_set_flags(struct dcerpc_binding *b,
return NT_STATUS_OK;
}
-_PUBLIC_ NTSTATUS dcerpc_floor_get_lhs_data(const struct epm_floor *epm_floor,
- struct ndr_syntax_id *syntax)
+_PUBLIC_ NTSTATUS dcerpc_floor_get_uuid_full(const struct epm_floor *epm_floor,
+ struct ndr_syntax_id *syntax)
{
TALLOC_CTX *mem_ctx = talloc_init("floor_get_lhs_data");
struct ndr_pull *ndr;
enum ndr_err_code ndr_err;
uint16_t if_version=0;
+ *syntax = (struct ndr_syntax_id) { .if_version = 0, };
+
+ if (epm_floor->lhs.protocol != EPM_PROTOCOL_UUID) {
+ talloc_free(mem_ctx);
+ return NT_STATUS_INVALID_PARAMETER;
+ }
+
ndr = ndr_pull_init_blob(&epm_floor->lhs.lhs_data, mem_ctx);
if (ndr == NULL) {
talloc_free(mem_ctx);
@@ -923,6 +930,23 @@ _PUBLIC_ NTSTATUS dcerpc_floor_get_lhs_data(const struct epm_floor *epm_floor,
syntax->if_version = if_version;
+ TALLOC_FREE(ndr);
+
+ ndr = ndr_pull_init_blob(&epm_floor->rhs.uuid.unknown, mem_ctx);
+ if (ndr == NULL) {
+ talloc_free(mem_ctx);
+ return NT_STATUS_NO_MEMORY;
+ }
+ ndr->flags |= LIBNDR_FLAG_NOALIGN;
+
+ ndr_err = ndr_pull_uint16(ndr, NDR_SCALARS, &if_version);
+ if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+ talloc_free(mem_ctx);
+ return ndr_map_error2ntstatus(ndr_err);
+ }
+
+ syntax->if_version |= (((uint32_t)if_version) << 16) & 0xffff0000;
+
talloc_free(mem_ctx);
return NT_STATUS_OK;
@@ -982,6 +1006,29 @@ static bool dcerpc_floor_pack_rhs_if_version_data(
return true;
}
+static NTSTATUS dcerpc_floor_pack_uuid_full(TALLOC_CTX *mem_ctx,
+ struct epm_floor *floor,
+ const struct ndr_syntax_id *syntax)
+{
+ bool ok;
+
+ floor->lhs.protocol = EPM_PROTOCOL_UUID;
+
+ floor->lhs.lhs_data = dcerpc_floor_pack_lhs_data(mem_ctx, syntax);
+ if (floor->lhs.lhs_data.data == NULL) {
+ return NT_STATUS_NO_MEMORY;
+ }
+
+ ok = dcerpc_floor_pack_rhs_if_version_data(mem_ctx, syntax,
+ &floor->rhs.uuid.unknown);
+ if (!ok) {
+ data_blob_free(&floor->lhs.lhs_data);
+ return NT_STATUS_NO_MEMORY;
+ }
+
+ return NT_STATUS_OK;
+}
+
char *dcerpc_floor_get_rhs_data(TALLOC_CTX *mem_ctx, struct epm_floor *epm_floor)
{
switch (epm_floor->lhs.protocol) {
@@ -1238,7 +1285,7 @@ _PUBLIC_ NTSTATUS dcerpc_binding_from_tower(TALLOC_CTX *mem_ctx,
}
/* Set abstract syntax */
- status = dcerpc_floor_get_lhs_data(&tower->floors[0], &abstract_syntax);
+ status = dcerpc_floor_get_uuid_full(&tower->floors[0], &abstract_syntax);
if (!NT_STATUS_IS_OK(status)) {
talloc_free(b);
return status;
@@ -1402,25 +1449,21 @@ _PUBLIC_ NTSTATUS dcerpc_binding_build_tower(TALLOC_CTX *mem_ctx,
}
/* Floor 0 */
- tower->floors[0].lhs.protocol = EPM_PROTOCOL_UUID;
-
abstract_syntax = dcerpc_binding_get_abstract_syntax(binding);
- tower->floors[0].lhs.lhs_data = dcerpc_floor_pack_lhs_data(tower->floors,
- &abstract_syntax);
-
- if (!dcerpc_floor_pack_rhs_if_version_data(
- tower->floors, &abstract_syntax,
- &tower->floors[0].rhs.uuid.unknown)) {
- return NT_STATUS_NO_MEMORY;
+ status = dcerpc_floor_pack_uuid_full(tower->floors,
+ &tower->floors[0],
+ &abstract_syntax);
+ if (!NT_STATUS_IS_OK(status)) {
+ return status;
}
/* Floor 1 */
- tower->floors[1].lhs.protocol = EPM_PROTOCOL_UUID;
-
- tower->floors[1].lhs.lhs_data = dcerpc_floor_pack_lhs_data(tower->floors,
- &ndr_transfer_syntax_ndr);
-
- tower->floors[1].rhs.uuid.unknown = data_blob_talloc_zero(tower->floors, 2);
+ status = dcerpc_floor_pack_uuid_full(tower->floors,
+ &tower->floors[1],
+ &ndr_transfer_syntax_ndr);
+ if (!NT_STATUS_IS_OK(status)) {
+ return status;
+ }
/* Floor 2 to num_protocols */
for (i = 0; i < num_protocols; i++) {
diff --git a/librpc/rpc/dcesrv_core.c b/librpc/rpc/dcesrv_core.c
index 35fb7aa853d..00ac8e421e3 100644
--- a/librpc/rpc/dcesrv_core.c
+++ b/librpc/rpc/dcesrv_core.c
@@ -165,6 +165,112 @@ static struct dcesrv_call_state *dcesrv_find_fragmented_call(struct dcesrv_conne
return NULL;
}
+/*
+ * register a principal for an auth_type
+ *
+ * In order to get used in dcesrv_mgmt_inq_princ_name()
+ */
+_PUBLIC_ NTSTATUS dcesrv_auth_type_principal_register(struct dcesrv_context *dce_ctx,
+ enum dcerpc_AuthType auth_type,
+ const char *principal_name)
+{
+ const char *existing = NULL;
+ struct dcesrv_ctx_principal *p = NULL;
+
+ existing = dcesrv_auth_type_principal_find(dce_ctx, auth_type);
+ if (existing != NULL) {
+ DBG_ERR("auth_type[%u] already registered with principal_name[%s]\n",
+ auth_type, existing);
+ return NT_STATUS_ALREADY_REGISTERED;
+ }
+
+ p = talloc_zero(dce_ctx, struct dcesrv_ctx_principal);
+ if (p == NULL) {
+ return NT_STATUS_NO_MEMORY;
+ }
+ p->auth_type = auth_type;
+ p->principal_name = talloc_strdup(p, principal_name);
+ if (p->principal_name == NULL) {
+ TALLOC_FREE(p);
+ return NT_STATUS_NO_MEMORY;
+ }
+
+ DLIST_ADD_END(dce_ctx->principal_list, p);
+ return NT_STATUS_OK;
+}
+
+_PUBLIC_ const char *dcesrv_auth_type_principal_find(struct dcesrv_context *dce_ctx,
+ enum dcerpc_AuthType auth_type)
+{
+ struct dcesrv_ctx_principal *p = NULL;
+
+ for (p = dce_ctx->principal_list; p != NULL; p = p->next) {
+ if (p->auth_type == auth_type) {
+ return p->principal_name;
+ }
+ }
+
+ return NULL;
+}
+
+_PUBLIC_ NTSTATUS dcesrv_register_default_auth_types(struct dcesrv_context *dce_ctx,
+ const char *principal)
+{
+ const char *realm = lpcfg_realm(dce_ctx->lp_ctx);
+ NTSTATUS status;
+
+ status = dcesrv_auth_type_principal_register(dce_ctx,
+ DCERPC_AUTH_TYPE_NTLMSSP,
+ principal);
+ if (!NT_STATUS_IS_OK(status)) {
+ return status;
+ }
+ status = dcesrv_auth_type_principal_register(dce_ctx,
+ DCERPC_AUTH_TYPE_SPNEGO,
+ principal);
+ if (!NT_STATUS_IS_OK(status)) {
+ return status;
+ }
+
+ if (realm == NULL || realm[0] == '\0') {
+ return NT_STATUS_OK;
+ }
+
+ status = dcesrv_auth_type_principal_register(dce_ctx,
+ DCERPC_AUTH_TYPE_KRB5,
+ principal);
+ if (!NT_STATUS_IS_OK(status)) {
+ return status;
+ }
+
+ return NT_STATUS_OK;
+}
+
+_PUBLIC_ NTSTATUS dcesrv_register_default_auth_types_machine_principal(struct dcesrv_context *dce_ctx)
+{
+ const char *realm = lpcfg_realm(dce_ctx->lp_ctx);
+ const char *nb = lpcfg_netbios_name(dce_ctx->lp_ctx);
+ char *principal = NULL;
+ NTSTATUS status;
+
+ if (realm == NULL || realm[0] == '\0') {
+ return dcesrv_register_default_auth_types(dce_ctx, "");
+ }
+
+ principal = talloc_asprintf(talloc_tos(), "%s$@%s", nb, realm);
+ if (principal == NULL) {
+ return NT_STATUS_NO_MEMORY;
+ }
+
+ status = dcesrv_register_default_auth_types(dce_ctx, principal);
+ TALLOC_FREE(principal);
+ if (!NT_STATUS_IS_OK(status)) {
+ return status;
+ }
+
+ return NT_STATUS_OK;
+}
+
/*
register an interface on an endpoint
@@ -598,10 +704,7 @@ _PUBLIC_ NTSTATUS dcesrv_endpoint_connect(struct dcesrv_context *dce_ctx,
p->default_auth_state = auth;
- /*
- * For now we only support NDR32.
- */
- p->preferred_transfer = &ndr_transfer_syntax_ndr;
+ p->preferred_transfer = dce_ctx->preferred_transfer;
*_p = p;
return NT_STATUS_OK;
@@ -1488,6 +1591,8 @@ static NTSTATUS dcesrv_check_or_create_context(struct dcesrv_call_state *call,
context->context_id = ctx->context_id;
context->iface = iface;
context->transfer_syntax = *selected_transfer;
+ context->ndr64 = ndr_syntax_id_equal(&context->transfer_syntax,
+ &ndr_transfer_syntax_ndr64);
DLIST_ADD(call->conn->contexts, context);
call->context = context;
talloc_set_destructor(context, dcesrv_connection_context_destructor);
@@ -1928,6 +2033,10 @@ static NTSTATUS dcesrv_request(struct dcesrv_call_state *call)
return dcesrv_fault(call, faultcode);
}
+ if (call->context->ndr64) {
+ call->ndr_pull->flags |= LIBNDR_FLAG_NDR64;
+ }
+
/* unravel the NDR for the packet */
status = call->context->iface->ndr_pull(call, call, pull, &call->r);
if (!NT_STATUS_IS_OK(status)) {
@@ -2460,6 +2569,11 @@ _PUBLIC_ NTSTATUS dcesrv_init_context(TALLOC_CTX *mem_ctx,
dce_ctx->broken_connections = NULL;
dce_ctx->callbacks = cb;
+ /*
+ * For now we only support NDR32.
+ */
+ dce_ctx->preferred_transfer = &ndr_transfer_syntax_ndr;
+
*_dce_ctx = dce_ctx;
return NT_STATUS_OK;
}
diff --git a/librpc/rpc/dcesrv_core.h b/librpc/rpc/dcesrv_core.h
index aefb3f12732..b03376dad48 100644
--- a/librpc/rpc/dcesrv_core.h
+++ b/librpc/rpc/dcesrv_core.h
@@ -232,6 +232,7 @@ struct dcesrv_connection_context {
/* the negotiated transfer syntax */
struct ndr_syntax_id transfer_syntax;
+ bool ndr64;
};
@@ -436,13 +437,29 @@ struct dcesrv_context {
bool use_single_process;
} *endpoint_list;
+ /*
+ * registered auth_type/principals
+ * for dcesrv_mgmt_inq_princ_name()
+ */
+ struct dcesrv_ctx_principal {
+ struct dcesrv_ctx_principal *next, *prev;
+ enum dcerpc_AuthType auth_type;
+ const char *principal_name;
+ } *principal_list;
+
/* loadparm context to use for this connection */
struct loadparm_context *lp_ctx;
struct idr_context *assoc_groups_idr;
+ uint32_t assoc_groups_num;
struct dcesrv_connection *broken_connections;
+ /*
+ * Our preferred transfer syntax.
+ */
+ const struct ndr_syntax_id *preferred_transfer;
+
struct dcesrv_context_callbacks *callbacks;
};
@@ -460,6 +477,14 @@ struct dcesrv_critical_sizes {
int sizeof_dcesrv_handle;
};
+NTSTATUS dcesrv_auth_type_principal_register(struct dcesrv_context *dce_ctx,
+ enum dcerpc_AuthType auth_type,
+ const char *principal_name);
+const char *dcesrv_auth_type_principal_find(struct dcesrv_context *dce_ctx,
+ enum dcerpc_AuthType auth_type);
+NTSTATUS dcesrv_register_default_auth_types(struct dcesrv_context *dce_ctx,
+ const char *principal);
+NTSTATUS dcesrv_register_default_auth_types_machine_principal(struct dcesrv_context *dce_ctx);
NTSTATUS dcesrv_interface_register(struct dcesrv_context *dce_ctx,
const char *ep_name,
const char *ncacn_np_secondary_endpoint,
@@ -489,7 +514,16 @@ void dcesrv_context_set_callbacks(
struct dcesrv_context *dce_ctx,
struct dcesrv_context_callbacks *cb);
+/*
+ * Use dcesrv_async_reply() in async code
+ */
NTSTATUS dcesrv_reply(struct dcesrv_call_state *call);
+void _dcesrv_async_reply(struct dcesrv_call_state *call,
+ const char *func,
+ const char *location);
+#define dcesrv_async_reply(__call) \
+ _dcesrv_async_reply(__call, __func__, __location__)
+
struct dcesrv_handle *dcesrv_handle_create(struct dcesrv_call_state *call,
uint8_t handle_type);
diff --git a/librpc/rpc/dcesrv_mgmt.c b/librpc/rpc/dcesrv_mgmt.c
index d75f08b56e6..8f00e919301 100644
--- a/librpc/rpc/dcesrv_mgmt.c
+++ b/librpc/rpc/dcesrv_mgmt.c
@@ -49,17 +49,37 @@ static WERROR dcesrv_mgmt_inq_if_ids(struct dcesrv_call_state *dce_call, TALLOC_
struct mgmt_inq_if_ids *r)
{
const struct dcesrv_endpoint *ep = dce_call->conn->endpoint;
- struct dcesrv_if_list *l;
- struct rpc_if_id_vector_t *vector;
+ struct dcesrv_if_list *l = NULL;
+ struct rpc_if_id_vector_t *vector = NULL;
+
+ vector = talloc(mem_ctx, struct rpc_if_id_vector_t);
+ if (vector == NULL) {
+ return WERR_NOT_ENOUGH_MEMORY;
+ }
- vector = *r->out.if_id_vector = talloc(mem_ctx, struct rpc_if_id_vector_t);
vector->count = 0;
vector->if_id = NULL;
+
for (l = ep->interface_list; l; l = l->next) {
+ bool filter;
+
+ filter = ndr_syntax_id_equal(&l->iface->syntax_id, &ndr_table_mgmt.syntax_id);
+ if (filter) {
+ /*
+ * We should not return the mgmt syntax itself here
+ */
+ continue;
+ }
+
vector->count++;
- vector->if_id = talloc_realloc(mem_ctx, vector->if_id, struct ndr_syntax_id_p, vector->count);
+ vector->if_id = talloc_realloc(vector, vector->if_id, struct ndr_syntax_id_p, vector->count);
+ if (vector->if_id == NULL) {
+ return WERR_NOT_ENOUGH_MEMORY;
+ }
vector->if_id[vector->count-1].id = &l->iface->syntax_id;
}
+
+ *r->out.if_id_vector = vector;
return WERR_OK;
}
@@ -73,8 +93,13 @@ static WERROR dcesrv_mgmt_inq_stats(struct dcesrv_call_state *dce_call, TALLOC_C
if (r->in.max_count != MGMT_STATS_ARRAY_MAX_SIZE)
return WERR_NOT_SUPPORTED;
+ r->out.statistics->statistics = talloc_zero_array(mem_ctx,
+ uint32_t,
+ r->in.max_count);
+ if (r->out.statistics->statistics == NULL) {
+ return WERR_NOT_ENOUGH_MEMORY;
+ }
r->out.statistics->count = r->in.max_count;
- r->out.statistics->statistics = talloc_array(mem_ctx, uint32_t, r->in.max_count);
/* FIXME */
r->out.statistics->statistics[MGMT_STATS_CALLS_IN] = 0;
r->out.statistics->statistics[MGMT_STATS_CALLS_OUT] = 0;
@@ -112,7 +137,26 @@ static WERROR dcesrv_mgmt_stop_server_listening(struct dcesrv_call_state *dce_ca
static WERROR dcesrv_mgmt_inq_princ_name(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
struct mgmt_inq_princ_name *r)
{
- DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
+ const char *principal = NULL;
+
+ if (r->in.princ_name_size < 1) {
+ DCESRV_FAULT(DCERPC_FAULT_BAD_STUB_DATA);
+ }
+
+ r->out.princ_name = "";
+
+ principal = dcesrv_auth_type_principal_find(dce_call->conn->dce_ctx,
+ r->in.authn_proto);
+ if (principal == NULL) {
+ return WERR_RPC_S_UNKNOWN_AUTHN_SERVICE;
+ }
+
+ if (strlen(principal) + 1 > r->in.princ_name_size) {
+ return WERR_INSUFFICIENT_BUFFER;
+ }
+
+ r->out.princ_name = principal;
+ return WERR_OK;
}
diff --git a/librpc/rpc/dcesrv_reply.c b/librpc/rpc/dcesrv_reply.c
index 5b4429956e7..94a616c7f59 100644
--- a/librpc/rpc/dcesrv_reply.c
+++ b/librpc/rpc/dcesrv_reply.c
@@ -168,6 +168,10 @@ _PUBLIC_ NTSTATUS dcesrv_reply(struct dcesrv_call_state *call)
push->flags |= LIBNDR_FLAG_BIGENDIAN;
}
--
Samba Shared Repository
More information about the samba-cvs
mailing list