summaryrefslogtreecommitdiff
path: root/source4/rpc_server
AgeCommit message (Collapse)AuthorFilesLines
2015-01-12CVE-2014-8143:dsdb-samldb: Check for extended access rights before we allow ↵Andrew Bartlett1-1/+14
changes to userAccountControl This requires an additional control to be used in the LSA server to add domain trust account objects. Bug: https://bugzilla.samba.org/show_bug.cgi?id=10993 Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
2014-12-04s4-rpc: dnsserver: Fix enumeration of IPv4 and IPv6 addressesGuenter Kukkukk4-38/+151
In the initial implementation only IPv4 addresses were supported. Add IPv6 (and mixed IPv4/IPv6) support and all further needed conversion routines to support w2k, dotnet, longhorn clients. Signed-off-by: Guenter Kukkukk <linux@kukkukk.com> Reviewed-by: Amitay Isaacs <amitay@gmail.com> Autobuild-User(master): Amitay Isaacs <amitay@samba.org> Autobuild-Date(master): Wed Nov 26 03:44:07 CET 2014 on sn-devel-104 (cherry picked from commit 3ac4355f3e7f79bc0045c43bc818697dc6b08850) The last 3 patches address BUG: https://bugzilla.samba.org/show_bug.cgi?id=10952 samba-tool dns serverinfo <server> is broken for IPv6 - also in mixed IPv4/IPv6 environments.
2014-09-08s4-rpc: dnsserver: handle updates of tombstoned dnsNode objectsStefan Metzmacher1-2/+15
Bug: https://bugzilla.samba.org/show_bug.cgi?id=10749 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Amitay Isaacs <amitay@gmail.com> (cherry picked from commit 2c342e488dcd3cef465a1b376bb22bf495f6832b)
2014-09-08s4-rpc: dnsserver: Do not search for deleted DNS entriesAmitay Isaacs1-7/+11
Bug: https://bugzilla.samba.org/show_bug.cgi?id=10749 Signed-off-by: Amitay Isaacs <amitay@gmail.com> Reviewed-by: Stefan Metzmacher <metze@samba.org> (cherry picked from commit 6f2862e76608862bb4142a86f36c8506114bf6c7)
2014-09-08s4-rpc: dnsserver: return DNS_RANK_NS_GLUE recors when explicitly asked forStefan Metzmacher1-0/+9
NS records should be included in the query for sub-domains. NS records got dropped when the rank for NS records was correctly set to NS_GLUE from ZONE in commit 2036cbd9249c84d9b46370f0e8cd6a0264c737ba. samba-tool dns query 172.31.9.161 s4xdom.base @ ALL => Name=glue, Records=0, Children=0 samba-tool dns query 172.31.9.161 s4xdom.base glue ALL => Name=, Records=1, Children=0 NS: glue.dns.private. (flags=40000082, serial=21, ttl=900) Bug: https://bugzilla.samba.org/show_bug.cgi?id=10751 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Amitay Isaacs <amitay@gmail.com> Autobuild-User(master): Amitay Isaacs <amitay@samba.org> Autobuild-Date(master): Thu Sep 4 14:37:51 CEST 2014 on sn-devel-104 (cherry picked from commit 0b4a3b76111411e8969932a3da4ffab989e0da4c)
2014-09-08s4-rpc: dnsserver: Do not return NS_GLUE records with VIEW_GLUE_DATA filterAmitay Isaacs1-1/+1
Bug: https://bugzilla.samba.org/show_bug.cgi?id=10751 Signed-off-by: Amitay Isaacs <amitay@gmail.com> Reviewed-by: Stefan Metzmacher <metze@samba.org> Autobuild-User(master): Stefan Metzmacher <metze@samba.org> Autobuild-Date(master): Thu Aug 21 11:36:55 CEST 2014 on sn-devel-104 (cherry picked from commit c9169a5e987864473108d041513f1781740401ac)
2014-09-08s4-rpc: dnsserver: Correctly set rank for glue NS recordsAmitay Isaacs1-3/+6
Bug: https://bugzilla.samba.org/show_bug.cgi?id=10751 Signed-off-by: Amitay Isaacs <amitay@gmail.com> Reviewed-by: Stefan Metzmacher <metze@samba.org> (cherry picked from commit 2036cbd9249c84d9b46370f0e8cd6a0264c737ba)
2014-08-07s4-rpc: dnsserver: Allow . to be specified for @ recordAmitay Isaacs1-1/+3
Windows allow both . and @ to be specified with modifying @ record. Bug: https://bugzilla.samba.org/show_bug.cgi?id=10742 Signed-off-by: Amitay Isaacs <amitay@gmail.com> Reviewed-by: Stefan Metzmacher <metze@samba.org> (cherry picked from commit 4b4e30b780345c74f9983ba77f04c616b3d034b7)
2014-08-07s4:rpc_server/netlogon: keep a global challenge tableStefan Metzmacher1-4/+87
Some clients call netr_ServerReqChallenge() and netr_ServerAuthenticate3() on different connections. This works against Windows DCs as they have a global challenge table. A VMware provisioning task for Windows VMs seemy to rely on this behavior. As a fallback we're storing the challenge in a global memcache with a fixed size. This should allow these strange clients to work against a Samba AD DC. Bug: https://bugzilla.samba.org/show_bug.cgi?id=10723 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> (similar to commit 321ebc99b5a00f82265aee741a48aa84b214d6e8)
2014-07-15dsdb: Always store and return the userParameters as a array of LE 16-bit valuesAndrew Bartlett1-4/+13
This is not allowed to be odd length, as otherwise we can not send it over the SAMR transport correctly. Allocating one byte less memory than required causes malloc() heap corruption and then a crash or lockup of the SAMR server. Andrew Bartlett Bug: https://bugzilla.samba.org/show_bug.cgi?id=10130 Change-Id: I5c0c531c1d660141e07f884a4789ebe11c1716f6 Pair-Programmed-With: Stefan Metzmacher <metze@samba.org> Signed-off-by: Andrew Bartlett <abartlet@samba.org> Signed-off-by: Stefan Metzmacher <metze@samba.org> (cherry picked from commit d7b4d10aba90f4a1acf01d1d5ab62161862f62f7)
2014-07-15kerberos: Remove un-used event context argument from smb_krb5_init_context()Andrew Bartlett1-1/+0
The event context here was only specified in the server or admin-tool context, which does not do network communication, so this only caused a talloc_reference() and never any useful result. The actual network communication code sets an event context directly before making the network call. Andrew Bartlett Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> Autobuild-User(master): Andrew Bartlett <abartlet@samba.org> Autobuild-Date(master): Mon Apr 28 02:24:57 CEST 2014 on sn-devel-104 (cherry picked from commit 086c06e361962e1c118d8eed2316e9df7834ae8b)
2014-07-15s4-rpc_server/drsuapi: Print ldb error showing why we failed to perform the ↵Andrew Bartlett1-1/+1
access check Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org> (cherry picked from commit f75dc8f4a54581ed207e7caa2e52211ea24e3554) The lat 6 patches address bug #10700 - backport access check related fixes from master.
2014-07-15s3/s4: smbd, rpc, ldap, cldap, kdc services.Jeremy Allison1-1/+7
Allow us to start if we bind to *either* :: or 0.0.0.0. Allows us to cope with systems configured as only IPv4 or only IPv6. Bug #10653 - Samba won't start on a machine configured with only IPv4. https://bugzilla.samba.org/show_bug.cgi?id=10653 Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-By: Amitay Isaacs <amitay@gmail.com> Reviewed-By: Alexander Bokovoy <ab@samba.org> Autobuild-User(master): Jeremy Allison <jra@samba.org> Autobuild-Date(master): Sat Jun 7 01:01:44 CEST 2014 on sn-devel-104 (cherry picked from commit 463311422ca1caad2e228deb630e9d12e212fae1)
2014-04-29s4:dsdb: Move cldap netlogon functions into samdb/ldb_modulesBenjamin Franzke2-2/+2
As netlogon is handled by the samdb now, the corresponding functions should live there as well. Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Nadezhda Ivanova <nivanova@symas.com> (cherry picked from commit 68ebb09193e73cff4389ccb9e3b190b12ee0a84a)
2014-04-01s4:lib/socket: simplify iface_list_wildcard() and its callersStefan Metzmacher1-2/+2
Bug: https://bugzilla.samba.org/show_bug.cgi?id=10464 Signed-off-by: Stefan Metzmacher <metze@samba.org> Change-Id: Ib317d71dea01fc8ef6b6a26455f15a8a175d59f6 Reviewed-by: Andrew Bartlett <abartlet@samba.org> Autobuild-User(master): Andrew Bartlett <abartlet@samba.org> Autobuild-Date(master): Fri Mar 7 02:18:17 CET 2014 on sn-devel-104 (cherry picked from commit f7883ae02a4e8935a44396f776712cebfd411e52)
2014-03-11CVE-2013-4496:Revert remainder of ce895609b04380bfc41e4f8fddc84bd2f9324340Andrew Bartlett1-34/+35
Part of this was removed when ChangePasswordUser was unimplemented, but remove the remainder of this flawed commit. Fully check the password first, as extract_pw_from_buffer() already does a partial check of the password because it needs a correct old password to correctly decrypt the length. Andrew Bartlett Bug: https://bugzilla.samba.org/show_bug.cgi?id=10245 Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
2014-03-11CVE-2013-4496:samr: Remove ChangePasswordUserAndrew Bartlett1-139/+6
This old password change mechanism does not provide the plaintext to validate against password complexity, and it is not used by modern clients. The missing features in both implementations (by design) were: - the password complexity checks (no plaintext) - the minimum password length (no plaintext) Additionally, the source3 version did not check: - the minimum password age - pdb_get_pass_can_change() which checks the security descriptor for the 'user cannot change password' setting. - the password history - the output of the 'passwd program' if 'unix passwd sync = yes'. Finally, the mechanism was almost useless, as it was incorrectly only made available to administrative users with permission to reset the password. It is removed here so that it is not mistakenly reinstated in the future. Andrew Bartlett Bug: https://bugzilla.samba.org/show_bug.cgi?id=10245 Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
2013-08-05s4:rpc_server: make sure we don't terminate a connection with pending ↵Stefan Metzmacher2-3/+60
requests (bug #9820) Sadly we may have nested event loops, which won't work correctly with broken connections, that's why we have to do this... Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Autobuild-User(master): Stefan Metzmacher <metze@samba.org> Autobuild-Date(master): Wed Jul 10 08:47:38 CEST 2013 on sn-devel-104 (cherry picked from commit e6a58d370403e818bc2cfb8389751b78adcc14fd)
2013-08-05rpc_server-drsuapi: Improve comments and DEBUG linesAndrew Bartlett1-4/+3
Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org> (cherry picked from commit 5e1f2795f28b0a213b4529e046edec68caa3bd41)
2013-06-30Fix a missing parenthesis in the LDAP search requestMatthieu Patou1-1/+1
Signed-off-by: Matthieu Patou <mat@matws.net> Reviewed-by: Volker Lendecke <vl@samba.org> Autobuild-User(master): Volker Lendecke <vl@samba.org> Autobuild-Date(master): Sun Jun 30 13:34:13 CEST 2013 on sn-devel-104
2013-06-24lsa4: Fix a set but unused variable warningSimo Sorce1-2/+12
Also insure that we exit immediately on any error. Signed-off-by: Volker Lendecke <vl@samba.org> Signed-off-by: Simo Sorce <idra@samba.org> Autobuild-User(master): Volker Lendecke <vl@samba.org> Autobuild-Date(master): Mon Jun 24 12:17:52 CEST 2013 on sn-devel-104
2013-06-21lsa4: Fix a set but unused variable warningVolker Lendecke1-2/+0
Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
2013-06-21lsa4: Remove an unused variableVolker Lendecke1-3/+0
Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
2013-06-21lsa4: Remove an unused variableVolker Lendecke1-3/+0
Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
2013-06-21lsa4: Remove an unused variableVolker Lendecke1-3/+0
Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
2013-06-21Fix some blank line endingsVolker Lendecke1-292/+287
Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Michael Adam <obnox@samba.org> Autobuild-User(master): Volker Lendecke <vl@samba.org> Autobuild-Date(master): Fri Jun 21 19:57:06 CEST 2013 on sn-devel-104
2013-06-21dns: Fix CID 1034969 Uninitialized scalar variableVolker Lendecke1-1/+1
Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-By: Amitay Isaacs <amitay@gmail.com> Autobuild-User(master): Amitay Isaacs <amitay@samba.org> Autobuild-Date(master): Fri Jun 21 17:32:16 CEST 2013 on sn-devel-104
2013-06-19build: Build with system md5.h on OpenIndianaAndrew Bartlett1-1/+1
This changes (again...) our system md5 detection to cope with how OpenIndiana does md5. I'm becoming increasingly convinced this isn't worth our while (we should have just done samba_md5...), but for now this change seems to work on FreeBSD, OpenIndiana and Linux with libbsd. This needs us to rename struct MD5Context -> MD5_CTX, but we provide a config.h define to rename the type bad if MD5_CTX does not exist (it does however exist in the md5.h from libbsd). Andrew Bartlett Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> Autobuild-User(master): Jeremy Allison <jra@samba.org> Autobuild-Date(master): Wed Jun 19 21:32:36 CEST 2013 on sn-devel-104
2013-06-13s4:rpc_server: call irpc_add_name() at startup (bug #9905)Stefan Metzmacher1-0/+1
We should call irpc_add_name() when we start the rpc_server task. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2013-06-12dsdb: Allow dsdb_find_dn_by_guid to show deleted DNsAndrew Bartlett1-2/+2
This helps us in the KCC as we need to return the deleted DN for the GUID in DsReplicaGetInfo calls (tested for deleted servers against Windows 2008R2). Andrew Bartlett Reviewed-by: Stefan Metzmacher <metze@samba.org>
2013-06-10s4:samr RPC server - dcesrv_samr_SetUserInfo() - password expirationMatthias Dieter Wallnöfer1-1/+7
Also on level 26 this has to be handled the same as on levels 21, 23, 25. Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2013-05-30s4-dns: set TTL value in the NS server part of the SOA recordGuenter Kukkukk1-0/+1
noticed this when using samba-tool to create a new zone Signed-off-by: Guenter Kukkukk <kukks@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Amitay Isaacs <amitay@gmail.com> Autobuild-User(master): Andrew Bartlett <abartlet@samba.org> Autobuild-Date(master): Thu May 30 09:41:20 CEST 2013 on sn-devel-104
2013-05-30s4-rpc: dnsserver: When updating SOA record, use the specified serialAmitay Isaacs1-6/+9
This makes sure that when updating SOA record, the serial is set to the value sent by client. For all other records, serial is incremented. Signed-off-by: Amitay Isaacs <amitay@gmail.com>
2013-05-30s4-rpc: dnsserver: dns_name_equal() returns booleanAmitay Isaacs1-2/+2
Remove the remaining check for return value after strcmp() was changed to dns_name_equal(). Signed-off-by: Amitay Isaacs <amitay@gmail.com> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2013-05-30s4-rpc: dnsserver: Fix removal of trailing '.' in soa mnameAmitay Isaacs1-2/+2
Signed-off-by: Amitay Isaacs <amitay@gmail.com> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2013-05-20spoolss: add idl for spoolss_RpcSendRecvBidiData.Günther Deschner1-3/+3
Guenther Signed-off-by: Günther Deschner <gd@samba.org> Reviewed-by: David Disseldorp <ddiss@samba.org>
2013-05-17drsuapi: Debug more clearly why NC is bad in updateRefsMatthieu Patou1-0/+2
Reviewed-by: Andrew Bartlett <abartlet@samba.org> Autobuild-User(master): Andrew Bartlett <abartlet@samba.org> Autobuild-Date(master): Fri May 17 04:17:14 CEST 2013 on sn-devel-104
2013-05-16rpc_server-drsuapi: Include the failing DN when unable to convert DB objects ↵Andrew Bartlett1-4/+6
to DRS This is a very serious situation (it should not happen) so getting information on the objects that this happens for would be very helpful. Andrew Bartlett Reviewed-by: Stefan Metzmacher <metze@samba.org>
2013-04-14samba-tool - MX records cannot be deleted (part2)Guenter Kukkukk1-1/+1
I missed this one, also a wrong compare of MX vs. SRV record Signed-off-by: Guenter Kukkukk <kukks@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Autobuild-User(master): Andrew Bartlett <abartlet@samba.org> Autobuild-Date(master): Sun Apr 14 22:43:07 CEST 2013 on sn-devel-104
2013-04-14samba-tool - MX records cannot be deleted (error in called C-program)Guenter Kukkukk1-1/+1
Only matching UNION-members should be compared. MX vs. SRV record Signed-off-by: Guenter Kukkukk <kukks@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Autobuild-User(master): Andrew Bartlett <abartlet@samba.org> Autobuild-Date(master): Sun Apr 14 08:46:07 CEST 2013 on sn-devel-104
2013-01-22drsuapi: Add documentationMatthieu Patou1-3/+18
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2013-01-17drs-fsmo: Improve handling of FSMO role takeover.Andrew Bartlett1-1/+2
This needs to be more async, and give less scary errors. Andrew Bartlett Reviewed-by: Stefan Metzmacher <metze@samba.org>
2013-01-16spoolss: Make OpenPrinterEx work with NDR64 by using UserInfo Container.Günther Deschner1-3/+2
Guenther Signed-off-by: Günther Deschner <gd@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
2013-01-07spoolss: add stubs for new JobNamedProperty dcerpc calls.Günther Deschner1-0/+37
Guenther Signed-off-by: Günther Deschner <gd@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org> Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org> Autobuild-Date(master): Mon Jan 7 19:06:25 CET 2013 on sn-devel-104
2013-01-01s4:drsuapi: try to behave more like windows for usn order (bug #9508)Stefan Metzmacher1-11/+18
We don't behave completely like a Windows server, but it's much more identical than before. The partition head is always the first object followed by the rest sorted by uSNChanged. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Autobuild-User(master): Stefan Metzmacher <metze@samba.org> Autobuild-Date(master): Tue Jan 1 21:09:42 CET 2013 on sn-devel-104
2013-01-01s4:drsuapi: make use of LDB_TYPESAFE_QSORT() and pass getnc_stateStefan Metzmacher1-10/+14
Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2013-01-01s4:drsuapi: make sure we report the meta data from the cycle start (bug #9508)Stefan Metzmacher1-9/+38
We should build the final highwatermark and uptodatevector of a replication cycle at the start of the cycle. Before we search for the currently missing objects. Otherwise we risk that some objects get lost. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2013-01-01s4:drsuapi: check the source_dsa_invocation_id (bug #9508)Stefan Metzmacher1-0/+15
The given highwatermark is only valid relative to the specified source_dsa_invocation_id. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2013-01-01s4:drsuapi: make sure we never return the same highwatermark twice in a ↵Stefan Metzmacher1-0/+36
replication cycle (bug #9508) If the highwatermark given by the client is not the one we expect, we need to start a new replication cycle. Otherwise the destination dsa skips objects and linked attribute values. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2013-01-01s4:drsuapi: add drsuapi_DsReplicaHighWaterMark_cmp()Stefan Metzmacher1-0/+20
Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
generated by cgit v1.2.3 (git 2.39.1) at 2025-08-02 00:53:37 +0000