vlendec/samba-autobuild/.git
4 months agotevent: version 0.9.38 tevent-0.9.38
Stefan Metzmacher [Mon, 14 Jan 2019 22:40:36 +0000 (23:40 +0100)]
tevent: version 0.9.38

* Deprecate tevent wrapper api again
* Build fixes
* The build uses python3 by default:
* --extra-python would take python2 now
* To build with python2 only use:
  PYTHON=python2 ./configure
  PYTHON=python2 make
  PYTHON=python2 make install

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Karolin Seeger <kseeger@samba.org>
4 months agotalloc: version 2.1.15 talloc-2.1.15
Stefan Metzmacher [Mon, 14 Jan 2019 22:40:05 +0000 (23:40 +0100)]
talloc: version 2.1.15

* Deprecate talloc_set_memlimit() and talloc_autofree_context()
* Fix undefined behavior in talloc_memdup
* The build uses python3 by default:
* --extra-python would take python2 now
* To build with python2 only use:
  PYTHON=python2 ./configure
  PYTHON=python2 make
  PYTHON=python2 make install

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Karolin Seeger <kseeger@samba.org>
4 months agoMerge remote-tracking branch 'origin/v4-10-test' into HEAD
Stefan Metzmacher [Tue, 15 Jan 2019 10:23:20 +0000 (11:23 +0100)]
Merge remote-tracking branch 'origin/v4-10-test' into HEAD

This is a noop just to get the history of origin/v4-10-test
inline with master before the real 4.10.0rc1.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
4 months agoRevert "WHATSNEW: Add release note for Samba 4.10.0rc1."
Karolin Seeger [Tue, 15 Jan 2019 10:19:46 +0000 (11:19 +0100)]
Revert "WHATSNEW: Add release note for Samba 4.10.0rc1."

This reverts commit 3f4bd61b8408f8d97817023f07de20746ce54f90.

4 months agoRevert "VERSION: Bump version up to 4.10.0rc1..."
Karolin Seeger [Tue, 15 Jan 2019 10:19:43 +0000 (11:19 +0100)]
Revert "VERSION: Bump version up to 4.10.0rc1..."

This reverts commit 9537e5d2a14a35bcba659d679d2d156de6c678cc.

4 months agoRevert "VERSION: Bump version up to 4.10.0rc2..."
Karolin Seeger [Tue, 15 Jan 2019 10:19:40 +0000 (11:19 +0100)]
Revert "VERSION: Bump version up to 4.10.0rc2..."

This reverts commit 75106e05b42e5d4629aacfa941213745d9d6e819.

4 months agoaddns: Async ads_dns_lookup_ns
Volker Lendecke [Wed, 3 Jan 2018 15:22:24 +0000 (16:22 +0100)]
addns: Async ads_dns_lookup_ns

Use dns_lookup_send/recv to get NS records

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Tue Jan 15 11:16:00 CET 2019 on sn-devel-144

4 months agoVERSION: Bump version up to 4.10.0rc2...
Karolin Seeger [Tue, 15 Jan 2019 10:02:10 +0000 (11:02 +0100)]
VERSION: Bump version up to 4.10.0rc2...

and re-enable GIT_SNAPSHOT.

Signed-off-by: Karolin Seeger <kseeger@samba.org>
4 months agoVERSION: Bump version up to 4.10.0rc1...
Karolin Seeger [Tue, 15 Jan 2019 10:01:07 +0000 (11:01 +0100)]
VERSION: Bump version up to 4.10.0rc1...

and disable GIT_SNAPSHOT for the release.

Signed-off-by: Karolin Seeger <kseeger@samba.org>
4 months agoWHATSNEW: Add release note for Samba 4.10.0rc1.
Karolin Seeger [Tue, 15 Jan 2019 09:59:52 +0000 (10:59 +0100)]
WHATSNEW: Add release note for Samba 4.10.0rc1.

Signed-off-by: Karolin Seeger <kseeger@samba.org>
4 months agoaddns: Async ads_dns_lookup_srv
Volker Lendecke [Wed, 3 Jan 2018 12:26:54 +0000 (13:26 +0100)]
addns: Async ads_dns_lookup_srv

Use dns_lookup_send/recv to get SRV records. This avoids synchronous libresolv
calls and provides the infrastructure to get dsgetdcname async.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
4 months agosamba_dnsupdate: With dns_hub, we don't need resolv_wrap
Volker Lendecke [Thu, 3 Jan 2019 15:44:45 +0000 (16:44 +0100)]
samba_dnsupdate: With dns_hub, we don't need resolv_wrap

Best viewed with git show -b

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
4 months agoselftest: Use dns_hub's resolv.conf
Volker Lendecke [Wed, 2 Jan 2019 20:24:34 +0000 (21:24 +0100)]
selftest: Use dns_hub's resolv.conf

Pass it as RESOLV_CONF envvar everywhere

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
4 months agoselftest: Add dns_hub deps
Volker Lendecke [Wed, 2 Jan 2019 13:18:44 +0000 (14:18 +0100)]
selftest: Add dns_hub deps

All the DCs want the dns forwarder

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
4 months agoselftest: setup_dns_hub
Stefan Metzmacher [Tue, 6 Feb 2018 08:46:41 +0000 (09:46 +0100)]
selftest: setup_dns_hub

Start the central dns forwarder on interface 64

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
4 months agoselftest: add central dns forwarder
Volker Lendecke [Fri, 12 Jan 2018 14:53:03 +0000 (15:53 +0100)]
selftest: add central dns forwarder

This is a small DNS server that has hard redirects to the different domain
controllers based on domain names. This is required because future commits will
avoid calling into libresolv's code which resolv_wrapper takes care of.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
4 months agolibcli/dns: Add dns_res_rec_get_sockaddr
Volker Lendecke [Thu, 10 Jan 2019 15:54:41 +0000 (16:54 +0100)]
libcli/dns: Add dns_res_rec_get_sockaddr

Pull the address from a res_rec if it's there

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
4 months agolibcli/dns: clidns must depend on ndr_standard, not on NDR_DNS
Volker Lendecke [Thu, 4 Jan 2018 15:05:35 +0000 (16:05 +0100)]
libcli/dns: clidns must depend on ndr_standard, not on NDR_DNS

Otherwise we can't link this into other libraries

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
4 months agolibcli/dns: Make "clidns" a library
Volker Lendecke [Thu, 4 Jan 2018 16:06:53 +0000 (17:06 +0100)]
libcli/dns: Make "clidns" a library

This will be linked into the SAMBA_LIBRARY "addns" in the next step. Because
the other user, "dnsserver_common", is also a library, we can't link this as a
subsystem anymore.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
4 months agodns_lookup: Let make test override the resolv.conf location
Volker Lendecke [Thu, 4 Jan 2018 19:58:05 +0000 (20:58 +0100)]
dns_lookup: Let make test override the resolv.conf location

Make this a separate commit: That is the feature that libc unfortunately does
not give us.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
4 months agolibcli/dns: Add dns_lookup
Volker Lendecke [Tue, 2 Jan 2018 12:56:56 +0000 (13:56 +0100)]
libcli/dns: Add dns_lookup

Wrapper function to parse resolv.conf and talk to multiple nameservers. This is
the code where we might want to add a "working nameserver" cache. glibc always
looks at the first configured nameserver. If that's dead, glibc runs into a
timeout and only then asks the second one that might succeed. When more than
one dns query is to be performed, these timeouts add up.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
4 months agolibcli/dns: Add resolv.conf parsing
Volker Lendecke [Mon, 1 Jan 2018 18:35:46 +0000 (19:35 +0100)]
libcli/dns: Add resolv.conf parsing

Right now this only looks at the nameserver setting. It is initally made for
asynchronous AD DC lookup routines, where we don't need the "search", "domain"
and other settings. When we convert general "net", "smbclient" and others to
use this, we might either add "domain" handling to this code or look at
something like c-ares which already does it.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
4 months agodns_update: samba_dnsupdate's exit code is not an errno
Volker Lendecke [Wed, 19 Dec 2018 13:16:38 +0000 (14:16 +0100)]
dns_update: samba_dnsupdate's exit code is not an errno

This avoids confusing messages, samba_dnsupdate returns the number of
failed updates

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
4 months agoaddns: Centralize siteless lookup fallback
Volker Lendecke [Fri, 11 Jan 2019 13:18:53 +0000 (14:18 +0100)]
addns: Centralize siteless lookup fallback

We had the same logic 3 times, coalesce into one

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
4 months agovfs_fileid: fix get_connectpath_ino
Ralph Wuerthner [Thu, 10 Jan 2019 13:28:14 +0000 (14:28 +0100)]
vfs_fileid: fix get_connectpath_ino

Bug: https://bugzilla.samba.org/show_bug.cgi?id=13741

Signed-off-by: Ralph Wuerthner <ralph.wuerthner@de.ibm.com>
Reviewed-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Tue Jan 15 04:13:15 CET 2019 on sn-devel-144

4 months agos3:smbd: perform impersonation in smb2_query_directory_fetch_write_time_done()
Ralph Boehme [Mon, 14 Jan 2019 12:51:23 +0000 (13:51 +0100)]
s3:smbd: perform impersonation in smb2_query_directory_fetch_write_time_done()

This is not strictly required, as we ne never trigger additional VFS
requests via this codepath. But for safety reasons ensure we're running
in the correct impersonation state.

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Mon Jan 14 22:30:24 CET 2019 on sn-devel-144

4 months agos3:smbd: perform impersonation in smb2_query_directory_dos_mode_done()
Ralph Boehme [Mon, 14 Jan 2019 12:51:23 +0000 (13:51 +0100)]
s3:smbd: perform impersonation in smb2_query_directory_dos_mode_done()

This is needed as the callback might be called in an arbitrary
impersonation state.

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
4 months agos3:smbd: perform impersonation in dos_mode_at_vfs_get_dosmode_done()
Ralph Boehme [Mon, 14 Jan 2019 12:51:23 +0000 (13:51 +0100)]
s3:smbd: perform impersonation in dos_mode_at_vfs_get_dosmode_done()

This is needed as the callback might be called in an arbitrary
impersonation state.

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
4 months agovfs_default: use change_to_user_by_fsp() instead of change_to_user()
Ralph Boehme [Mon, 14 Jan 2019 12:54:29 +0000 (13:54 +0100)]
vfs_default: use change_to_user_by_fsp() instead of change_to_user()

Cosmetic change.

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
4 months agovfs: perform impersonation in smb_vfs_call_getxattrat_done()
Ralph Boehme [Mon, 14 Jan 2019 12:51:23 +0000 (13:51 +0100)]
vfs: perform impersonation in smb_vfs_call_getxattrat_done()

This is needed as the callback might be called in an arbitrary
impersonation state.

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
4 months agovfs: use struct initializer in smb_vfs_call_getxattrat_send()
Ralph Boehme [Mon, 14 Jan 2019 12:52:51 +0000 (13:52 +0100)]
vfs: use struct initializer in smb_vfs_call_getxattrat_send()

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
4 months agovfs: perform impersonation in smb_vfs_call_get_dos_attributes_done()
Ralph Boehme [Mon, 14 Jan 2019 12:51:23 +0000 (13:51 +0100)]
vfs: perform impersonation in smb_vfs_call_get_dos_attributes_done()

This is needed as the callback might be called in an arbitrary
impersonation state.

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
4 months agovfs: use struct initializer in smb_vfs_call_get_dos_attributes_send
Ralph Boehme [Mon, 14 Jan 2019 12:50:31 +0000 (13:50 +0100)]
vfs: use struct initializer in smb_vfs_call_get_dos_attributes_send

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
4 months agonetcmd: Change domain backup commands to use s3 SMB Py bindings
Tim Beale [Thu, 13 Dec 2018 04:31:23 +0000 (17:31 +1300)]
netcmd: Change domain backup commands to use s3 SMB Py bindings

This means we can now backup a DC that has SMBv1 disabled.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13676

Signed-off-by: Tim Beale <timbeale@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Autobuild-User(master): Tim Beale <timbeale@samba.org>
Autobuild-Date(master): Mon Jan 14 06:49:09 CET 2019 on sn-devel-144

4 months agotests: Change ntaclsbackup tests over to use s3 Py bindings
Tim Beale [Thu, 13 Dec 2018 03:05:36 +0000 (16:05 +1300)]
tests: Change ntaclsbackup tests over to use s3 Py bindings

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13676

Signed-off-by: Tim Beale <timbeale@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
4 months agos3:pylibsmb: Add .get_acl() API to SMB py bindings
Tim Beale [Wed, 12 Dec 2018 03:14:43 +0000 (16:14 +1300)]
s3:pylibsmb: Add .get_acl() API to SMB py bindings

There is no obvious async-equivalent of cli_query_security_descriptor(),
so it will throw an error if anyone tries to use it in multi-threaded
mode. Currently only samba-tool and tests use the (s4) .get_acl() API,
both of which will be fine using the synchronous API.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13676

Signed-off-by: Tim Beale <timbeale@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
4 months agolib/ldb: Use new PYARG_ES format for parseTuple
Noel Power [Mon, 12 Nov 2018 16:06:10 +0000 (16:06 +0000)]
lib/ldb: Use new PYARG_ES format for parseTuple

While 'es' format works great for unicode (in python2) and
str (in python3) The behaviour with str (in python2) is unexpected.
In python2 the str type is (re-encoded) with the specified encoding.
In python2 the 'et' type would be a better match, that ensures 'str'
type is treated like it was with 's' (no reencoding) and unicode is
encoded with the specified encoding. However in python3 'et' allows
byte (or bytearray) params to be accepted (with no reencoding), we
don't want this. This patch adds a new PYARG_STR_UNI format code which
is a hybrid, in python2 it evaluates to 'et' and in python3 'es' and
so gives the desired behaviour for each python version.

Additionally remove the associated known fail.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13616
Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Autobuild-User(master): Douglas Bagnall <dbagnall@samba.org>
Autobuild-Date(master): Sun Jan 13 03:53:00 CET 2019 on sn-devel-144

4 months agoselftest: Enable ldb.python for PY3
Noel Power [Mon, 12 Nov 2018 17:56:46 +0000 (17:56 +0000)]
selftest: Enable ldb.python for PY3

Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
4 months agolib/ldb/tests/python: Add test to pass utf8 encoded bytes to ldb.Dn
Noel Power [Mon, 12 Nov 2018 17:42:51 +0000 (17:42 +0000)]
lib/ldb/tests/python: Add test to pass utf8 encoded bytes to ldb.Dn

This test should demonstrate an error with the 'es' format in python
where a 'str' byte-string is passed (containing utf8 encoded bytes)
with some characters that cannot be decoded as ascii. The same
code if run in python3 should generate an error (needs string not
bytes)

Also Add knownfail for ldb.Dn passed utf8 encoded byte string
Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
4 months agos4/libnet: use 'et' as format for ParseTuple with python2
Noel Power [Tue, 11 Dec 2018 15:58:44 +0000 (15:58 +0000)]
s4/libnet: use 'et' as format for ParseTuple with python2

Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
4 months agopython: use 'et' as format for ParseTuple with python2
Noel Power [Tue, 11 Dec 2018 15:58:07 +0000 (15:58 +0000)]
python: use 'et' as format for ParseTuple with python2

Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
4 months agoauth/credentials: use 'et' as format for ParseTuple with python2
Noel Power [Tue, 11 Dec 2018 15:32:11 +0000 (15:32 +0000)]
auth/credentials: use 'et' as format for ParseTuple with python2

Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
4 months agopython: Add new compat PYARG_STR_UNI format
Noel Power [Tue, 11 Dec 2018 15:18:10 +0000 (15:18 +0000)]
python: Add new compat PYARG_STR_UNI format

In python2 PYARG_STR_UNI evaluates to et which allows str type
(e.g bytes) pass through unencoded and accepts unicode objects
encoded as utf8
In python3 PYARG_STR_UNI evaluates to es which allows str type
encoded as named/specified encoding

Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
4 months agopython: Fix memory leak with ParseTuple (using 'es' format)
Noel Power [Fri, 9 Nov 2018 16:47:00 +0000 (16:47 +0000)]
python: Fix memory leak with ParseTuple (using 'es' format)

Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
4 months agoselftest:Samba4: run fl2003dc without security context multiplexing
Stefan Metzmacher [Fri, 14 Dec 2018 12:36:39 +0000 (13:36 +0100)]
selftest:Samba4: run fl2003dc without security context multiplexing

BUG: https://bugzilla.samba.org/show_bug.cgi?id=7113
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11892

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Sat Jan 12 06:25:37 CET 2019 on sn-devel-144

4 months agoselftest:Samba4: run the raw_protocol test with a limit of 8 auth contexts
Stefan Metzmacher [Fri, 14 Dec 2018 12:51:27 +0000 (13:51 +0100)]
selftest:Samba4: run the raw_protocol test with a limit of 8 auth contexts

This is much faster than exploring the limit of 2049 during autobuild.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=7113
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11892

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
4 months agos4:rpc_server: implement security context multiplexing
Stefan Metzmacher [Thu, 8 Nov 2018 13:59:58 +0000 (14:59 +0100)]
s4:rpc_server: implement security context multiplexing

There're some systems like Cisco ISE use security multiplexing
without checking (via bind time feature negotiation)
the server supports it.

Others like VMWare View, fallback to NT4 style netlogon
connections without using netlogon secure channel,
which then triggers an error, with "server schannel = yes",
see https://bugzilla.samba.org/show_bug.cgi?id=13464.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=7113
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11892

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
4 months agopy:dcerpc/raw_protocol: add tests to demonstrate how security context multiplexing...
Stefan Metzmacher [Wed, 21 Nov 2018 10:01:55 +0000 (11:01 +0100)]
py:dcerpc/raw_protocol: add tests to demonstrate how security context multiplexing works

Important things are this:
- It's not required to use the bind time feature negotiation in order
  to use it, it's only a hint for the client, but nothing is really
  negotiated, unlike the request multiplexing with the
  DCERPC_PFC_FLAG_CONC_MPX.
- There's special handling related to AUTH_LEVEL_CONNECT
  and requests without auth trailer
- An security context is identified by the unique
  tuple of auth_type, auth_level and auth_context_id (all together!),
  not just the auth_context_id.
- There's a limit of 2049 explicit authentication contexts.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=7113
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11892

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
4 months agopy:dcerpc/raw_testcase: add assertEqualsStrLower()
Stefan Metzmacher [Mon, 26 Nov 2018 10:49:22 +0000 (11:49 +0100)]
py:dcerpc/raw_testcase: add assertEqualsStrLower()

BUG: https://bugzilla.samba.org/show_bug.cgi?id=7113
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11892

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
4 months agopidl/Python: use py_dcerpc_ndr_pointer_wrap/deref if multiple pointer levels are...
Stefan Metzmacher [Thu, 29 Nov 2018 12:25:21 +0000 (13:25 +0100)]
pidl/Python: use py_dcerpc_ndr_pointer_wrap/deref if multiple pointer levels are used

This will help the raw_protocol test to explore lsa_GetUserName.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=7113
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11892

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
4 months agos4:pyrpc: add py_dcerpc_ndr_pointer_deref/wrap() infrastructure
Stefan Metzmacher [Thu, 29 Nov 2018 11:41:34 +0000 (12:41 +0100)]
s4:pyrpc: add py_dcerpc_ndr_pointer_deref/wrap() infrastructure

Some idl files use more than one layer of unique pointers. e.g.

    NTSTATUS lsa_GetUserName(
            [in,unique] [string,charset(UTF16)] uint16 *system_name,
            [in,out,ref] lsa_String **account_name,
            [in,out,unique] lsa_String **authority_name
            );

In order to specify *io.in.authority_name = NULL,
we need to wrap the pointer value (lsa_String or None)
into an base.ndr_pointer() object.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=7113
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11892

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
4 months agos4:pyrpc: make use of pytalloc_get_type() in py_dcerpc_syntax_init_helper()
Stefan Metzmacher [Thu, 29 Nov 2018 15:47:15 +0000 (16:47 +0100)]
s4:pyrpc: make use of pytalloc_get_type() in py_dcerpc_syntax_init_helper()

BUG: https://bugzilla.samba.org/show_bug.cgi?id=7113
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11892

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
4 months agos4:rpc_server/lsa: specify \\pipe\lsass as ncacn_np_secondary_endpoint
Stefan Metzmacher [Wed, 12 Dec 2018 21:41:56 +0000 (22:41 +0100)]
s4:rpc_server/lsa: specify \\pipe\lsass as ncacn_np_secondary_endpoint

BUG: https://bugzilla.samba.org/show_bug.cgi?id=7113
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11892

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
4 months agos4:rpc_server: make it possible to specify ncacn_np_secondary_endpoint
Stefan Metzmacher [Wed, 12 Dec 2018 21:41:56 +0000 (22:41 +0100)]
s4:rpc_server: make it possible to specify ncacn_np_secondary_endpoint

Even a connect to \\pipe\lsarpc should return a secondary_address
of '\\pipe\\lsass'. But that will be implemented in a following commit.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=7113
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11892

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
4 months agopy:dcerpc/raw_protocol: demonstrate that \\pipe\lsarpc returns \\pipe\lsass as second...
Stefan Metzmacher [Thu, 13 Dec 2018 09:13:03 +0000 (10:13 +0100)]
py:dcerpc/raw_protocol: demonstrate that \\pipe\lsarpc returns \\pipe\lsass as secondary_address

BUG: https://bugzilla.samba.org/show_bug.cgi?id=7113
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11892

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
4 months agos4:rpc_server: only share assoc group ids on the same transport
Stefan Metzmacher [Wed, 12 Dec 2018 12:49:35 +0000 (13:49 +0100)]
s4:rpc_server: only share assoc group ids on the same transport

BUG: https://bugzilla.samba.org/show_bug.cgi?id=7113
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11892

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
4 months agopy:dcerpc/raw_protocol: add test_assoc_group_fail3()
Stefan Metzmacher [Wed, 12 Dec 2018 12:43:45 +0000 (13:43 +0100)]
py:dcerpc/raw_protocol: add test_assoc_group_fail3()

This demonstrates that assoc groups are only shared on the
same transport (endpoint).

BUG: https://bugzilla.samba.org/show_bug.cgi?id=7113
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11892

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
4 months agos4:rpc_server: don't replace '\\pipe\\' with '\\PIPE\\'
Stefan Metzmacher [Wed, 12 Dec 2018 12:48:05 +0000 (13:48 +0100)]
s4:rpc_server: don't replace '\\pipe\\' with '\\PIPE\\'

This is not what Windows returns (at least for \\pipe\lsass).

BUG: https://bugzilla.samba.org/show_bug.cgi?id=7113
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11892

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
4 months agopy:dcerpc/raw_protocol: add test_assoc_group_ok2 to check assoc groups over ncacn_np
Stefan Metzmacher [Wed, 12 Dec 2018 11:35:09 +0000 (12:35 +0100)]
py:dcerpc/raw_protocol: add test_assoc_group_ok2 to check assoc groups over ncacn_np

BUG: https://bugzilla.samba.org/show_bug.cgi?id=7113
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11892

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
4 months agoselftest:Samba4: allow dcerpc auth level connect:lsarpc = yes in chgdcpass
Stefan Metzmacher [Thu, 22 Nov 2018 23:23:23 +0000 (00:23 +0100)]
selftest:Samba4: allow dcerpc auth level connect:lsarpc = yes in chgdcpass

This is required to explore the details of security context multiplexing
using lsa_GetUserName().

BUG: https://bugzilla.samba.org/show_bug.cgi?id=7113
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11892

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
4 months agopy:dcerpc/raw_protocol: enable tests with the DCERPC_PFC_FLAG_SUPPORT_HEADER_SIGN bit
Stefan Metzmacher [Wed, 21 Nov 2018 08:38:46 +0000 (09:38 +0100)]
py:dcerpc/raw_protocol: enable tests with the DCERPC_PFC_FLAG_SUPPORT_HEADER_SIGN bit

BUG: https://bugzilla.samba.org/show_bug.cgi?id=7113
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11892

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
4 months agos4:rpc_server: fix DCERPC_PFC_FLAG_SUPPORT_HEADER_SIGN negotiation to match Windows
Stefan Metzmacher [Wed, 21 Nov 2018 08:39:36 +0000 (09:39 +0100)]
s4:rpc_server: fix DCERPC_PFC_FLAG_SUPPORT_HEADER_SIGN negotiation to match Windows

BUG: https://bugzilla.samba.org/show_bug.cgi?id=7113
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11892

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
4 months agopy:dcerpc/raw_protocol: consistently call self.recv_pdu(timeout=0.01) after auth3
Stefan Metzmacher [Wed, 21 Nov 2018 10:49:40 +0000 (11:49 +0100)]
py:dcerpc/raw_protocol: consistently call self.recv_pdu(timeout=0.01) after auth3

When we don't expect a FAULT, we should wait a little bit to check
there's no response to auth3 request. This reduces the raw_procol
test from 45s down to 35s total runtime against Windows.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=7113
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11892

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
4 months agopy:dcerpc/raw_protocol: add tests for delayed header signing activation
Stefan Metzmacher [Wed, 21 Nov 2018 10:49:40 +0000 (11:49 +0100)]
py:dcerpc/raw_protocol: add tests for delayed header signing activation

BUG: https://bugzilla.samba.org/show_bug.cgi?id=7113
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11892

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
4 months agopy:dcerpc/raw_testcase: add pfc_flags_2nd and use_auth3 options to do_generic_bind()
Stefan Metzmacher [Wed, 21 Nov 2018 10:49:40 +0000 (11:49 +0100)]
py:dcerpc/raw_testcase: add pfc_flags_2nd and use_auth3 options to do_generic_bind()

This makes it more flexible and allows to write complex tests in an
easier fashion.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=7113
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11892

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
4 months agos4:rpc_server: SMB_ASSERT(auth->auth_finished); in order to get auth details
Stefan Metzmacher [Fri, 23 Nov 2018 12:24:05 +0000 (13:24 +0100)]
s4:rpc_server: SMB_ASSERT(auth->auth_finished); in order to get auth details

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
4 months agos4:rpc_server: only pass context to op_bind() hooks
Stefan Metzmacher [Wed, 21 Nov 2018 19:06:21 +0000 (20:06 +0100)]
s4:rpc_server: only pass context to op_bind() hooks

BUG: https://bugzilla.samba.org/show_bug.cgi?id=7113
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11892

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
4 months agos4:rpc_server: only use context within op_bind() hooks and dcesrv_interface_bind_...
Stefan Metzmacher [Wed, 21 Nov 2018 19:06:21 +0000 (20:06 +0100)]
s4:rpc_server: only use context within op_bind() hooks and dcesrv_interface_bind_*() functions

BUG: https://bugzilla.samba.org/show_bug.cgi?id=7113
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11892

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
4 months agos4:rpc_server: remove unused dcesrv_connection_context->private_date
Stefan Metzmacher [Mon, 10 Dec 2018 22:51:09 +0000 (23:51 +0100)]
s4:rpc_server: remove unused dcesrv_connection_context->private_date

dcesrv_iface_state_{create,find}_{assoc,conn}() should be used instead.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=7113
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11892

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
4 months agos4:rpc_server: remove unused dcesrv_assoc_group->proxied_id
Stefan Metzmacher [Wed, 21 Nov 2018 22:38:25 +0000 (23:38 +0100)]
s4:rpc_server: remove unused dcesrv_assoc_group->proxied_id

BUG: https://bugzilla.samba.org/show_bug.cgi?id=7113
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11892

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
4 months agos4:rpc_server/winreg: don't cache an ldb connection per presentation context
Stefan Metzmacher [Wed, 21 Nov 2018 19:05:01 +0000 (20:05 +0100)]
s4:rpc_server/winreg: don't cache an ldb connection per presentation context

We should do this per context handle, as these are available on all
connections of the association group.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=7113
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11892

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
4 months agos4:rpc_server/remote: make use dcesrv_iface_state_{store,find}_{assoc,conn}() helpers
Stefan Metzmacher [Wed, 21 Nov 2018 18:28:30 +0000 (19:28 +0100)]
s4:rpc_server/remote: make use dcesrv_iface_state_{store,find}_{assoc,conn}() helpers

BUG: https://bugzilla.samba.org/show_bug.cgi?id=7113
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11892

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
4 months agos4:rpc_server/remote: introduce struct dcesrv_remote_call
Stefan Metzmacher [Fri, 23 Nov 2018 13:28:56 +0000 (14:28 +0100)]
s4:rpc_server/remote: introduce struct dcesrv_remote_call

This holds the state for async requests.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=7113
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11892

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
4 months agos4:rpc_server/remote: defer the connect to the first client request
Stefan Metzmacher [Wed, 21 Nov 2018 18:19:15 +0000 (19:19 +0100)]
s4:rpc_server/remote: defer the connect to the first client request

This means we have a chance to use delegated credentials from the client
if available, as the authentication is already completed.

Before we only ever used the transport inherited credentials
via SMB or anonymous.

Note: most times we still fallback to anonymous...

BUG: https://bugzilla.samba.org/show_bug.cgi?id=7113
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11892

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
4 months agos4:rpc_server/remote: fail the connection if the remote server don't support MPX
Stefan Metzmacher [Fri, 23 Nov 2018 13:21:45 +0000 (14:21 +0100)]
s4:rpc_server/remote: fail the connection if the remote server don't support MPX

If we already negotiated with our client to support concurent multiplexing (MPX),
we need a remote connection that also supports it.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=7113
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11892

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
4 months agoselftest: use "dcerpc_remote:allow_anonymous_fallback = yes" for rpc_proxy
Stefan Metzmacher [Fri, 23 Nov 2018 12:15:10 +0000 (13:15 +0100)]
selftest: use "dcerpc_remote:allow_anonymous_fallback = yes" for rpc_proxy

This already uses anonymous credentials as the remote connection is done
during the bind before the realm authentication has started.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=7113
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11892

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
4 months agos4:rpc_server/remote: add dcerpc_remote:allow_anonymous_fallback option
Stefan Metzmacher [Fri, 23 Nov 2018 12:13:53 +0000 (13:13 +0100)]
s4:rpc_server/remote: add dcerpc_remote:allow_anonymous_fallback option

BUG: https://bugzilla.samba.org/show_bug.cgi?id=7113
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11892

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
4 months agos4:rpc_server/remote: reformat code to get "dcerpc_remote:use_machine_account"
Stefan Metzmacher [Wed, 21 Nov 2018 18:14:59 +0000 (19:14 +0100)]
s4:rpc_server/remote: reformat code to get "dcerpc_remote:use_machine_account"

BUG: https://bugzilla.samba.org/show_bug.cgi?id=7113
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11892

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
4 months agos4:rpc_server/remote: reformat code to get "dcerpc_remote:binding"
Stefan Metzmacher [Wed, 21 Nov 2018 18:13:50 +0000 (19:13 +0100)]
s4:rpc_server/remote: reformat code to get "dcerpc_remote:binding"

BUG: https://bugzilla.samba.org/show_bug.cgi?id=7113
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11892

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
4 months agos4:rpc_server/remote: remote_op_bind already has the table available
Stefan Metzmacher [Wed, 21 Nov 2018 18:08:59 +0000 (19:08 +0100)]
s4:rpc_server/remote: remote_op_bind already has the table available

BUG: https://bugzilla.samba.org/show_bug.cgi?id=7113
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11892

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
4 months agos4:rpc_server/remote: introduce remote_get_private()
Stefan Metzmacher [Wed, 21 Nov 2018 17:00:29 +0000 (18:00 +0100)]
s4:rpc_server/remote: introduce remote_get_private()

BUG: https://bugzilla.samba.org/show_bug.cgi?id=7113
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11892

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
4 months agos4:rpc_server/dnsserver: make use of dcesrv_iface_state_{create,find}_conn()
Stefan Metzmacher [Mon, 10 Dec 2018 21:42:51 +0000 (22:42 +0100)]
s4:rpc_server/dnsserver: make use of dcesrv_iface_state_{create,find}_conn()

BUG: https://bugzilla.samba.org/show_bug.cgi?id=7113
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11892

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
4 months agos4:rpc_server/netlogon: make use of dcesrv_iface_state_{create,find}_conn()
Stefan Metzmacher [Mon, 10 Dec 2018 21:42:51 +0000 (22:42 +0100)]
s4:rpc_server/netlogon: make use of dcesrv_iface_state_{create,find}_conn()

BUG: https://bugzilla.samba.org/show_bug.cgi?id=7113
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11892

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
4 months agos4:rpc_server: add dcesrv_iface_state_{store,find}_{assoc,conn}() helpers
Stefan Metzmacher [Mon, 10 Dec 2018 21:41:31 +0000 (22:41 +0100)]
s4:rpc_server: add dcesrv_iface_state_{store,find}_{assoc,conn}() helpers

They can be used instead of
dcesrv_connection_context->private_data and
dcesrv_assoc_group->proxied_id.

This is the first step to hide internal details of
the core dcerpc server from the interface implementations.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=7113
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11892

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
4 months agos4:rpc_server: move bind_time_features to dcesrv_assoc_group
Stefan Metzmacher [Wed, 21 Nov 2018 22:39:11 +0000 (23:39 +0100)]
s4:rpc_server: move bind_time_features to dcesrv_assoc_group

BUG: https://bugzilla.samba.org/show_bug.cgi?id=7113
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11892

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
4 months agos4:rpc_server: add a min_auth_level to context handles
Stefan Metzmacher [Wed, 21 Nov 2018 22:27:50 +0000 (23:27 +0100)]
s4:rpc_server: add a min_auth_level to context handles

BUG: https://bugzilla.samba.org/show_bug.cgi?id=7113
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11892

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
4 months agos4:rpc_server: replace dce_conn->allow_request with auth->auth_finished
Stefan Metzmacher [Thu, 22 Nov 2018 09:30:47 +0000 (10:30 +0100)]
s4:rpc_server: replace dce_conn->allow_request with auth->auth_finished

They both had the same lifetime and the disconnect case is now
caught by auth->auth_invalid = true.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=7113
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11892

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
4 months agos4:rpc_server: replace dce_conn->allow_auth3 with auth->auth_started
Stefan Metzmacher [Thu, 22 Nov 2018 09:30:47 +0000 (10:30 +0100)]
s4:rpc_server: replace dce_conn->allow_auth3 with auth->auth_started

auth3 is allowed if auth_started is true and auth_finished is false.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=7113
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11892

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
4 months agos4:rpc_server: set auth_invalid = true on disconnect
Stefan Metzmacher [Thu, 6 Dec 2018 16:03:25 +0000 (17:03 +0100)]
s4:rpc_server: set auth_invalid = true on disconnect

BUG: https://bugzilla.samba.org/show_bug.cgi?id=7113
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11892

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
4 months agos4:rpc_server: split out log_successful_dcesrv_authz_event()
Stefan Metzmacher [Thu, 22 Nov 2018 12:26:21 +0000 (13:26 +0100)]
s4:rpc_server: split out log_successful_dcesrv_authz_event()

BUG: https://bugzilla.samba.org/show_bug.cgi?id=7113
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11892

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
4 months agos4:rpc_server: add some protection checks to dcesrv_auth_prepare_gensec()
Stefan Metzmacher [Thu, 8 Nov 2018 15:36:52 +0000 (16:36 +0100)]
s4:rpc_server: add some protection checks to dcesrv_auth_prepare_gensec()

BUG: https://bugzilla.samba.org/show_bug.cgi?id=7113
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11892

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
4 months agos4:rpc_server: split out dcesrv_auth_prepare_gensec()
Stefan Metzmacher [Thu, 8 Nov 2018 15:36:13 +0000 (16:36 +0100)]
s4:rpc_server: split out dcesrv_auth_prepare_gensec()

BUG: https://bugzilla.samba.org/show_bug.cgi?id=7113
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11892

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
4 months agos4:rpc_server: allocate struct dcesrv_auth with talloc
Stefan Metzmacher [Thu, 8 Nov 2018 12:28:07 +0000 (13:28 +0100)]
s4:rpc_server: allocate struct dcesrv_auth with talloc

BUG: https://bugzilla.samba.org/show_bug.cgi?id=7113
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11892

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
4 months agos4:rpc_server: make use of dcesrv_call_state->auth_state in dcerpc_server.c
Stefan Metzmacher [Wed, 31 Oct 2018 13:44:33 +0000 (14:44 +0100)]
s4:rpc_server: make use of dcesrv_call_state->auth_state in dcerpc_server.c

BUG: https://bugzilla.samba.org/show_bug.cgi?id=7113
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11892

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
4 months agos4:rpc_server: make use of dcesrv_call_state->auth_state in common/reply.c
Stefan Metzmacher [Wed, 31 Oct 2018 13:44:33 +0000 (14:44 +0100)]
s4:rpc_server: make use of dcesrv_call_state->auth_state in common/reply.c

BUG: https://bugzilla.samba.org/show_bug.cgi?id=7113
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11892

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
4 months agos4:rpc_server: make use of dcesrv_call_state->auth_state in dcesrv_auth.c
Stefan Metzmacher [Wed, 31 Oct 2018 13:44:33 +0000 (14:44 +0100)]
s4:rpc_server: make use of dcesrv_call_state->auth_state in dcesrv_auth.c

BUG: https://bugzilla.samba.org/show_bug.cgi?id=7113
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11892

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
4 months agos4:rpc_server: introduce dcesrv_call_state->auth_state
Stefan Metzmacher [Wed, 31 Oct 2018 13:44:33 +0000 (14:44 +0100)]
s4:rpc_server: introduce dcesrv_call_state->auth_state

BUG: https://bugzilla.samba.org/show_bug.cgi?id=7113
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11892

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
4 months agos4:rpc_server: use helper variables to access 'struct dcesrv_auth' in dcerpc_server.c
Stefan Metzmacher [Wed, 31 Oct 2018 16:12:02 +0000 (17:12 +0100)]
s4:rpc_server: use helper variables to access 'struct dcesrv_auth' in dcerpc_server.c

BUG: https://bugzilla.samba.org/show_bug.cgi?id=7113
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11892

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
4 months agos4:rpc_server: use helper variables to access 'struct dcesrv_auth' in common/reply.c
Stefan Metzmacher [Wed, 31 Oct 2018 16:12:02 +0000 (17:12 +0100)]
s4:rpc_server: use helper variables to access 'struct dcesrv_auth' in common/reply.c

BUG: https://bugzilla.samba.org/show_bug.cgi?id=7113
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11892

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
4 months agos4:rpc_server: use helper variables to access 'struct dcesrv_auth' in dcesrv_auth.c
Stefan Metzmacher [Wed, 31 Oct 2018 16:12:02 +0000 (17:12 +0100)]
s4:rpc_server: use helper variables to access 'struct dcesrv_auth' in dcesrv_auth.c

BUG: https://bugzilla.samba.org/show_bug.cgi?id=7113
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11892

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>