idl/drsblobs: do not overwrite number of schedules == 1 If the struct has zero or two schedules, that is what it has, and we should let that be. Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Autobuild-User(master): Andrew Bartlett <abartlet@samba.org> Autobuild-Date(master): Sun Mar 22 06:19:51 UTC 2020 on sn-devel-184
idl: limit recurion on recursive elements Limit the max_recursion on self recursive definitions in the idl to 20,000. This value is hopefully large eneough to not impact normal operation, but small eneough to prevent stack over flow issues. Credit to OSS-Fuzz REF: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=19820 BUG: https://bugzilla.samba.org/show_bug.cgi?id=14254 Signed-off-by: Gary Lockyer <gary@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Autobuild-User(master): Andrew Bartlett <abartlet@samba.org> Autobuild-Date(master): Thu Feb 27 02:29:21 UTC 2020 on sn-devel-184
drsblobs.idl: remove decode functions Remove the decode_* functions as they are no longer needed, and this will reduce the amount of untested automatically generated code. Signed-off-by: Gary Lockyer <gary@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
dsdb encrypted secrets module Encrypt the samba secret attributes on disk. This is intended to mitigate the inadvertent disclosure of the sam.ldb file, and to mitigate memory read attacks. Currently the key file is stored in the same directory as sam.ldb but this could be changed at a later date to use an HSM or similar mechanism to protect the key. Data is encrypted with AES 128 GCM. The encryption uses gnutls where available and if it supports AES 128 GCM AEAD modes, otherwise nettle is used. Signed-off-by: Gary Lockyer <gary@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
idl drsblobs: add the blobs required for Primary:userPassword Add the blobs required to allow the storing of an sha256 or sha512 hash of the password in supplemental credentials Signed-off-by: Gary Lockyer <gary@catalyst.net.nz> Reviewed-by: Garming Sam <garming@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
drsblobs: Add decode for replPropertyMetaData1 Signed-off-by: Bob Campbell <bobcampbell@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Pair-programmed-with: Garming Sam <garming@catalyst.net.nz>
drsblobs.idl: add package_PrimarySambaGPGBlob This will be used to store the cleartext utf16 password GPG encrypted in the supplementalCredentials attribute. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Alexander Bokovoy <ab@samba.org>
drsblobs.idl: mark supplementalCredentialsSubBlob as nopull,nopush This commit moves the autogenerated ndr_{pull,push}_supplementalCredentialsSubBlob() function to the handwritten librpc/ndr/ndr_drsblobs.c BUG: https://bugzilla.samba.org/show_bug.cgi?id=11441 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Günther Deschner <gd@samba.org>
drsblobs.idl: improve idl for ForestTrustInfoRecord* Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Guenther Deschner <gd@samba.org>
drsblobs.idl: make replPropertyMetaData1 public This is used as binary data for the msDS-RevealedUsers attribute. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Guenther Deschner <gd@samba.org>
Add NTDSConnection schedule attr blob Add schedule blob to drsblobs to allow NDR unpacking into a python class. Signed-off-by: Andrew Tridgell <tridge@samba.org>
drsblobs.idl: remove nopython from package_PrimaryKerberosBlob related stuff This allows parsing and construction of the supplementatlCredentials attribute in python. metze Autobuild-User: Stefan Metzmacher <metze@samba.org> Autobuild-Date: Fri Dec 10 19:08:33 CET 2010 on sn-devel-104
s4-trusts: fix trustDomainPasswords drsblobs IDL and server side support. Also remove bogus trustCurrentPasswords struct which we just had because our IDL was incorrect. Guenther
Finish removal of iconv_convenience in public API's.
librpc/idl: Use [nopython] attr for types used in decode_PrimaryKerberos method C code generation for python module generates invalid code (i.e. can not be compiled). Another reason to 'hide' those types from Python is that those types are not used at the moment (and most probably won't be used in the future)
librpc/idl Use [nopython] on some drsblobs.idl 'functions' as an example It makes little sense to expose these 'functions' to anything other than ndrdump. Andrew Bartlett
s4/idl: Schema:schemaInfo attribute description
drsblobs: remove utf8string2 from ForestTrustData. Simo, it's not really worth to add a new idl type just for being able to omit the size field. The size field is part of the spec in MS-ADTS 7.1.6.9.3.1 so we should have it as well. Guenther
idl: fix comment and convert whitespaces to tabs
idl: fix forest trust information idl --validate now passes