summaryrefslogtreecommitdiffstats
path: root/source4/rpc_server
Commit message (Collapse)AuthorAgeFilesLines
* Use GUID_equal in a few placesVolker Lendecke2014-06-101-3/+4
| | | | | Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* s3/s4: smbd, rpc, ldap, cldap, kdc services.Jeremy Allison2014-06-071-1/+7
| | | | | | | | | | | | | | Allow us to start if we bind to *either* :: or 0.0.0.0. Allows us to cope with systems configured as only IPv4 or only IPv6. Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-By: Amitay Isaacs <amitay@gmail.com> Reviewed-By: Alexander Bokovoy <ab@samba.org> Autobuild-User(master): Jeremy Allison <jra@samba.org> Autobuild-Date(master): Sat Jun 7 01:01:44 CEST 2014 on sn-devel-104
* s4:rpc_server/netlogon: explicitly use dcerpc_binding_handle_set_sync_ev() ↵Andrew Bartlett2014-05-131-0/+6
| | | | | | | | | | | | | | for irpc This indicates that we're using nested event loops... Andrew Bartlett Pair-Programmed-With: Stefan Metzmacher <metze@samba.org> Change-Id: I4dcc7bf3c624612980e53b6119a60989fc2ea3b6 Signed-off-by: Andrew Bartlett <abartlet@samba.org> Signed-off-by: Stefan Metzmacher <metze@samba.org>
* s4:samr: allow builtin groups for samr_OpenGroup.Michael Adam2014-05-031-7/+16
| | | | | | | This fixes nsswitch getgrgid for builtins. Signed-off-by: Michael Adam <obnox@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* kerberos: Remove un-used event context argument from smb_krb5_init_context()Andrew Bartlett2014-04-281-1/+0
| | | | | | | | | | | | | | | | | The event context here was only specified in the server or admin-tool context, which does not do network communication, so this only caused a talloc_reference() and never any useful result. The actual network communication code sets an event context directly before making the network call. Andrew Bartlett Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> Autobuild-User(master): Andrew Bartlett <abartlet@samba.org> Autobuild-Date(master): Mon Apr 28 02:24:57 CEST 2014 on sn-devel-104
* dsdb: Allow SAMR server to return the computed, not actual badPwdCountAndrew Bartlett2014-04-021-2/+9
| | | | | | | | | | | | This matters after the lockout observation period has expired. Note: that QueryUserInfo level 3 returns the raw badPwdCount value. Andrew Bartlett Change-Id: I7b304a50984072bc6cb1daf3315b4427443632a9 Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
* s4:rpc_server/samr: passdown unmodified acct_flags to the ldb layer.Stefan Metzmacher2014-04-021-15/+1
| | | | | | | | The samldb module will handle the verification and magic. Change-Id: If38e0ed229b98eac4db9b39988de4a25f9a352f2 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* s4-samr: Escape the username in the LDAP filterAndrew Bartlett2014-04-021-2/+2
| | | | | | Change-Id: I99945f0b86ea2862c88c00ad39c809ef1101ca9b Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
* s4:auth: Add password lockout support to the AD DCAndrew Bartlett2014-04-022-3/+15
| | | | | | | | Including a fix by Arvid Requate <requate@univention.de> Change-Id: I25d10da50dd6119801cd37349cce970599531c6b Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
* dsdb: Put password lockout support in samdb_result_passwords()Andrew Bartlett2014-04-022-9/+17
| | | | | | | | | | | | This seems to be the best choke point to check for locked out accounts, as aside from the KDC, all the password authentication and change callers use it. Andrew Bartlett Change-Id: I0f21a79697cb8b08ef639445bd05a896a2c9ee1b Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
* dsdb: Rework samdb_result_acct_flags to use either userAccountControl or ↵Andrew Bartlett2014-04-021-15/+13
| | | | | | | | | | | | | | | | msDS-User-Account-Control-Computed This allows us to avoid the domain lookup in the constructed attribute when not required. By using msDS-User-Account-Control-Computed the lockout and password expiry checks are now handled in the operational ldb module. Andrew Bartlett Change-Id: I6eb94933e4602e2e50c2126062e9dfa83a46191b Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
* s4:rpc_server: explicitly use allow_warnings=True where neededStefan Metzmacher2014-04-021-0/+3
| | | | | Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* dcerpc.idl: fix dcerpc_bind_nack definitionStefan Metzmacher2014-03-281-3/+6
| | | | | | | The version array is always present. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* s4:rpc_server: make use of gensec_update_ev()Stefan Metzmacher2014-03-271-3/+3
| | | | | Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* CVE-2013-4496:Revert remainder of ce895609b04380bfc41e4f8fddc84bd2f9324340Andrew Bartlett2014-03-131-34/+35
| | | | | | | | | | | | | | | | | | | | | Part of this was removed when ChangePasswordUser was unimplemented, but remove the remainder of this flawed commit. Fully check the password first, as extract_pw_from_buffer() already does a partial check of the password because it needs a correct old password to correctly decrypt the length. Andrew Bartlett Bug: https://bugzilla.samba.org/show_bug.cgi?id=10245 Change-Id: Ibccc4ada400b5f89a942d79c1a269b493e0adda6 Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org> Reviewed-on: https://gerrit.samba.org/38 Autobuild-User(master): Stefan Metzmacher <metze@samba.org> Autobuild-Date(master): Thu Mar 13 15:06:35 CET 2014 on sn-devel-104
* CVE-2013-4496:samr: Remove ChangePasswordUserAndrew Bartlett2014-03-131-139/+6
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This old password change mechanism does not provide the plaintext to validate against password complexity, and it is not used by modern clients. It also has quite difficult semantics to handle regarding password lockout. The missing features in both implementations (by design) were: - the password complexity checks (no plaintext) - the minimum password length (no plaintext) Additionally, the source3 version did not check: - the minimum password age - pdb_get_pass_can_change() which checks the security descriptor for the 'user cannot change password' setting. - the password history - the output of the 'passwd program' if 'unix passwd sync = yes'. Finally, the mechanism was almost useless, as it was incorrectly only made available to administrative users with permission to reset the password. It is removed here so that it is not mistakenly reinstated in the future. Andrew Bartlett Bug: https://bugzilla.samba.org/show_bug.cgi?id=10245 Change-Id: If2edd3183c177e5ff37c9511b0d0ad0dd9038c66 Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org> Reviewed-on: https://gerrit.samba.org/37
* s4:lib/socket: simplify iface_list_wildcard() and its callersStefan Metzmacher2014-03-071-2/+2
| | | | | | | | | | | Bug: https://bugzilla.samba.org/show_bug.cgi?id=10464 Signed-off-by: Stefan Metzmacher <metze@samba.org> Change-Id: Ib317d71dea01fc8ef6b6a26455f15a8a175d59f6 Reviewed-by: Andrew Bartlett <abartlet@samba.org> Autobuild-User(master): Andrew Bartlett <abartlet@samba.org> Autobuild-Date(master): Fri Mar 7 02:18:17 CET 2014 on sn-devel-104
* Remove all uses of the NT_STATUS_NOT_OK_RETURN_AND_FREE macro from the codebase.Garming Sam2014-03-051-1/+4
| | | | | | | | | | Following the current coding guidelines, it is considered bad practice to return from within a macro and change control flow as they look like normal function calls. Change-Id: I421e169275fe323e2b019c6cc5d386289aec07f7 Signed-off-by: Garming Sam <garming@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
* Remove a number of NT_STATUS_HAVE_NO_MEMORY_AND_FREE macros from the codebase.Garming Sam2014-03-051-7/+28
| | | | | | | | | | | Following the current coding guidelines, it is considered bad practice to return from within a macro and change control flow as they look like normal function calls. Change-Id: I133eb5a699757ae57b87d3bd3ebbcf5b556b0268 Signed-off-by: Garming Sam <garming@catalyst.net.nz> Reviewed-by: Jeremy Allison <jra@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
* dcesrv_unixinfo: No wbc_context requiredVolker Lendecke2014-03-051-32/+4
| | | | | | | | Signed-off-by: Volker Lendecke <vl@samba.org> Change-Id: I58f01cf754e6f9a7715c0319a43ec87d8e5df194 Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
* source4: Use wbc_xids_to_sidsVolker Lendecke2014-03-051-10/+2
| | | | | | | | Signed-off-by: Volker Lendecke <vl@samba.org> Change-Id: Ib1b1a7fcd881510e3fb4e5da29391e3d9392fa17 Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
* source4: Use wbc_sids_to_xidsVolker Lendecke2014-03-051-10/+2
| | | | | | | | Signed-off-by: Volker Lendecke <vl@samba.org> Change-Id: I86ea6587c436247ce66207c517f9c8d567ecac1d Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
* lib/param: handle non-constant strings properly by passing in a memory contextGarming Sam2014-02-201-2/+2
| | | | | | | Signed-off-by: Garming Sam <garming@catalyst.net.nz> Change-Id: Ic6bb1c709defd2b0f35fc7b877da0badca385776 Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Nadezhda Ivanova <nivanova@samba.org>
* s4: pass down a memory context when performing share_string_option, to allow ↵Garming Sam2014-02-203-18/+29
| | | | | | | | | substitutions Signed-off-by: Garming Sam <garming@catalyst.net.nz> Change-Id: I24b36db3ac11834c3268b2da929e214c10268b16 Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Nadezhda Ivanova <nivanova@samba.org>
* Revert "source4: Use wbc_sids_to_xids"Volker Lendecke2014-02-181-2/+10
| | | | | | | This reverts commit de7122ddc356697777cce95d22b3fab7697b30db. Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
* Revert "source4: Use wbc_xids_to_sids"Volker Lendecke2014-02-181-2/+10
| | | | | | | This reverts commit d0932a1ae089fda0d41be21a9916caeca7c0c233. Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
* Revert "dcesrv_unixinfo: No wbc_context required"Volker Lendecke2014-02-181-4/+32
| | | | | | | This reverts commit 5a4252789b54b6b270b3083f6e0732ba1fdd774b. Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
* s4:rpc_server/remote: use dcerpc_binding_set_*() in remote_op_bind()Stefan Metzmacher2014-02-131-5/+16
| | | | | Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Guenther Deschner <gd@samba.org>
* s4:rpc_server/remote: use ndr_table_by_syntax() in remote_op_bind()Stefan Metzmacher2014-02-131-1/+1
| | | | | Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Guenther Deschner <gd@samba.org>
* s4:rpc_server/epmapper: make use of dcerpc_binding_set_abstract_syntax() in ↵Stefan Metzmacher2014-02-131-1/+5
| | | | | | | build_ep_list() Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Guenther Deschner <gd@samba.org>
* s4:rpc_server: make use of dcerpc_binding_get_transport()Stefan Metzmacher2014-02-135-14/+31
| | | | | Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Guenther Deschner <gd@samba.org>
* s4:rpc_server: make use of dcerpc_binding_get_string_option("endpoint")Stefan Metzmacher2014-02-131-19/+48
| | | | | Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Guenther Deschner <gd@samba.org>
* s4:rpc_server: use dcerpc_binding_get_*() in endpoints_match()Stefan Metzmacher2014-02-131-4/+16
| | | | | Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Guenther Deschner <gd@samba.org>
* s4:rpc_server/remote: make use of dcerpc_binding_get_assoc_group_id()Stefan Metzmacher2014-02-131-1/+2
| | | | | Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Guenther Deschner <gd@samba.org>
* s4:rpc_server/spoolss: use dcerpc_parse_binding() to create the notify bindingStefan Metzmacher2014-02-131-5/+14
| | | | | | | This is much better than creating the binding by hand. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Guenther Deschner <gd@samba.org>
* s4:rpc_server/remote: avoid compiler a compiler warningStefan Metzmacher2014-02-131-1/+1
| | | | | Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Guenther Deschner <gd@samba.org>
* s4:rpc_server/epmapper: make use of dcerpc_binding_dup() in build_ep_list()Stefan Metzmacher2014-02-111-4/+11
| | | | | | | | | | We should not alter the callers binding. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Guenther Deschner <gd@samba.org> Autobuild-User(master): Günther Deschner <gd@samba.org> Autobuild-Date(master): Tue Feb 11 18:30:55 CET 2014 on sn-devel-104
* s4:rpc_server: fix talloc hierachie dcesrv_context => dcesrv_endpoint => ↵Stefan Metzmacher2014-02-111-4/+4
| | | | | | | dcesrv_if_list Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Guenther Deschner <gd@samba.org>
* s4:rpc_server: check verification trailerGregor Beck2014-02-111-0/+48
| | | | | | Signed-off-by: Gregor Beck <gbeck@sernet.de> Reviewed-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Guenther Deschner <gd@samba.org>
* s4:rpc_server: check header of each packet fragmentGregor Beck2014-02-111-1/+13
| | | | | | Signed-off-by: Gregor Beck <gbeck@sernet.de> Reviewed-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Guenther Deschner <gd@samba.org>
* s4:rpc_server: verifiy the auth_info against the per connection valuesStefan Metzmacher2014-02-111-0/+15
| | | | | | | | Pair-Programmed-With: Gregor Beck <gbeck@sernet.de> Signed-off-by: Gregor Beck <gbeck@sernet.de> Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Guenther Deschner <gd@samba.org>
* dcesrv_unixinfo: No wbc_context requiredVolker Lendecke2014-02-101-32/+4
| | | | | Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Kai Blin <kai@samba.org>
* source4: Use wbc_xids_to_sidsVolker Lendecke2014-02-101-10/+2
| | | | | Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Kai Blin <kai@samba.org>
* source4: Use wbc_sids_to_xidsVolker Lendecke2014-02-101-10/+2
| | | | | Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Kai Blin <kai@samba.org>
* param: rename lp function and variable from "serverstring" to "server_string"Garming Sam2014-02-071-2/+2
| | | | | | Signed-off-by: Garming Sam <garming@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* param: rename lp function and variable from 'lockdir' to 'lock_directory'Garming Sam2014-02-071-1/+1
| | | | | | Signed-off-by: Garming Sam <garming@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* s4:rpc_server/netlogon: return a zero return_authenticator and rid on errorStefan Metzmacher2014-01-221-4/+8
| | | | | Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* dcerpc.idl: make use of union dcerpc_bind_ack_reason and fix all callers.Stefan Metzmacher2014-01-161-2/+2
| | | | | | | | Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Guenther Deschner <gd@samba.org> Autobuild-User(master): Günther Deschner <gd@samba.org> Autobuild-Date(master): Thu Jan 16 18:21:40 CET 2014 on sn-devel-104
* s4:rpc_server: remember the hdr_signing negotiation result in dcesrv_authStefan Metzmacher2014-01-082-0/+5
| | | | | | | | Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org> Autobuild-User(master): Stefan Metzmacher <metze@samba.org> Autobuild-Date(master): Wed Jan 8 18:37:22 CET 2014 on sn-devel-104
* s4:rpc_server: use talloc_zero for struct dcesrv_connectionStefan Metzmacher2014-01-081-13/+1
| | | | | Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
generated by cgit (git 2.34.1) at 2024-05-28 00:19:04 +0000