The branch, master has been updated via 1fbf08e8120 CVE-2023-42670 s3-rpc_server: Remove cross-check with "samba" EPM lookup via 11ece30afa1 CVE-2023-42670 s3-rpc_server: Strictly refuse to start RPC servers in conflict with AD DC via 2e87c9d8658 s4-echo: Remove the "echo" server (port 7, RFC 862) in production builds via a9c32f929b7 CVE-2023-42669 s3-rpc_server: Disable rpcecho for consistency with the AD DC via 3cf1beed5df CVE-2023-42669 s4-rpc_server: Disable rpcecho server by default via cfeb9fe50e4 CVE-2023-4154: Unimplement the original DirSync behaviour without LDAP_DIRSYNC_OBJECT_SECURITY via d3d83a8f2e5 CVE-2023-4154 dsdb/tests: Extend attribute read DirSync tests via 0a79ed2c0b1 CVE-2023-4154 dsdb/tests: Add test for SEARCH_FLAG_RODC_ATTRIBUTE behaviour via d4a71fbece8 CVE-2023-4154 dsdb/tests: Speed up DirSync test by only checking positive matches once via 76b8d3edce1 CVE-2023-4154 dsdb/tests: Check that secret attributes are not visible with DirSync ever. via b644bb06650 CVE-2023-4154 dsdb/tests: Force the test attribute to be not-confidential at the start via 07d2b28fb35 CVE-2023-4154 dsdb/tests: Use self.addCleanup() and delete_force() via 6578a65ed7b CVE-2023-4154 dsdb/tests: Do not run SimpleDirsyncTests twice via b70f4f8681c CVE-2023-4091: smbd: use open_access_mask for access check in open_file() via b1fd6569418 CVE-2023-4091: smbtorture: test overwrite dispositions on read-only file via 5ed25efb073 CVE-2023-3961:s3: smbd: Remove the SMB_ASSERT() that crashes on bad pipenames. via c39f90a1249 CVE-2023-3961:s3:torture: Add test SMB2-INVALID-PIPENAME to show we allow bad pipenames with unix separators through to the UNIX domain socket code. via ae476e1c28b CVE-2023-3961:s3:smbd: Catch any incoming pipe path that could exit socket_dir. from a6b66661c75 ctdb: Add "home_nodes" file to deterministic IP allocation
https://git.samba.org/?p=samba.git;a=shortlog;h=master - Log ----------------------------------------------------------------- commit 1fbf08e8120b27783c32f599b64d3b2c5c70dce7 Author: Andrew Bartlett <abart...@samba.org> Date: Tue Sep 12 16:23:49 2023 +1200 CVE-2023-42670 s3-rpc_server: Remove cross-check with "samba" EPM lookup We now have ensured that no conflicting services attempt to start so we do not need the runtime lookup and so avoid the risk that the lookup may fail. This means that any duplicates will be noticed early not just in a race condition. BUG: https://bugzilla.samba.org/show_bug.cgi?id=15473 Signed-off-by: Andrew Bartlett <abart...@samba.org> Autobuild-User(master): Jule Anger <jan...@samba.org> Autobuild-Date(master): Tue Oct 10 15:47:04 UTC 2023 on atb-devel-224 commit 11ece30afa1a7204b93ab60a05f011d8fa24e5cd Author: Andrew Bartlett <abart...@samba.org> Date: Tue Sep 12 12:28:49 2023 +1200 CVE-2023-42670 s3-rpc_server: Strictly refuse to start RPC servers in conflict with AD DC Just as we refuse to start NETLOGON except on the DC, we must refuse to start all of the RPC services that are provided by the AD DC. Most critically of course this applies to netlogon, lsa and samr. This avoids the supression of these services being the result of a runtime epmapper lookup, as if that fails these services can disrupt service to end users by listening on the same socket as the AD DC servers. BUG: https://bugzilla.samba.org/show_bug.cgi?id=15473 Signed-off-by: Andrew Bartlett <abart...@samba.org> commit 2e87c9d865828079f0023ff59b71db8ca455ad25 Author: Andrew Bartlett <abart...@samba.org> Date: Tue Sep 12 19:03:10 2023 +1200 s4-echo: Remove the "echo" server (port 7, RFC 862) in production builds This demonstration should never be enabled in production, if echo service is required other software is far better positioned to provide it. Reflection attacks on echo are a known issue. This is removed for consistency with the removal of rpcecho, but was never enabled in the default smb.conf so is mostly harmless. Signed-off-by: Andrew Bartlett <abart...@samba.org> commit a9c32f929b7901b4ca230cc7a725b42c8916540d Author: Andrew Bartlett <abart...@samba.org> Date: Tue Sep 12 19:01:03 2023 +1200 CVE-2023-42669 s3-rpc_server: Disable rpcecho for consistency with the AD DC The rpcecho server in source3 does have samba the sleep() feature that the s4 version has, but the task architecture is different, so there is not the same impact. Hoever equally this is not something that should be enabled on production builds of Samba, so restrict to selftest builds. BUG: https://bugzilla.samba.org/show_bug.cgi?id=15474 Signed-off-by: Andrew Bartlett <abart...@samba.org> commit 3cf1beed5df7d8b5d854517de7de322c6a5bc7fa Author: Andrew Bartlett <abart...@samba.org> Date: Tue Sep 12 18:59:44 2023 +1200 CVE-2023-42669 s4-rpc_server: Disable rpcecho server by default The rpcecho server is useful in development and testing, but should never have been allowed into production, as it includes the facility to do a blocking sleep() in the single-threaded rpc worker. BUG: https://bugzilla.samba.org/show_bug.cgi?id=15474 Signed-off-by: Andrew Bartlett <abart...@samba.org> commit cfeb9fe50e4b76063a3cddebd4190f420f1c4aca Author: Andrew Bartlett <abart...@samba.org> Date: Tue Aug 8 17:58:27 2023 +1200 CVE-2023-4154: Unimplement the original DirSync behaviour without LDAP_DIRSYNC_OBJECT_SECURITY This makes LDAP_DIRSYNC_OBJECT_SECURITY the only behaviour provided by Samba. Having a second access control system withing the LDAP stack is unsafe and this layer is incomplete. The current system gives all accounts that have been given the GUID_DRS_GET_CHANGES extended right SYSTEM access. Currently in Samba this equates to full access to passwords as well as "RODC Filtered attributes" (often used with confidential attributes). Rather than attempting to correctly filter for secrets (passwords) and these filtered attributes, as well as preventing search expressions for both, we leave this complexity to the acl_read module which has this facility already well tested. The implication is that callers will only see and filter by attribute in DirSync that they could without DirSync. BUG: https://bugzilla.samba.org/show_bug.cgi?id=15424 Signed-off-by: Andrew Bartlett <abart...@samba.org> commit d3d83a8f2e5367c7cb6cbb0c04ccd6e6e6d24236 Author: Andrew Bartlett <abart...@samba.org> Date: Tue Aug 22 15:08:17 2023 +1200 CVE-2023-4154 dsdb/tests: Extend attribute read DirSync tests The aim here is to document the expected (even if not implemented) SEARCH_FLAG_RODC_ATTRIBUTE vs SEARCH_FLAG_CONFIDENTIAL, behaviour, so that any change once CVE-2023-4154 is fixed can be noted. BUG: https://bugzilla.samba.org/show_bug.cgi?id=15424 Signed-off-by: Andrew Bartlett <abart...@samba.org> commit 0a79ed2c0b1315986b33cf3dac81f9206d4b6e1e Author: Andrew Bartlett <abart...@samba.org> Date: Tue Aug 8 14:30:19 2023 +1200 CVE-2023-4154 dsdb/tests: Add test for SEARCH_FLAG_RODC_ATTRIBUTE behaviour SEARCH_FLAG_RODC_ATTRIBUTE should be like SEARCH_FLAG_CONFIDENTIAL, but for DirSync and DRS replication. Accounts with GUID_DRS_GET_CHANGES rights should not be able to read this attribute. BUG: https://bugzilla.samba.org/show_bug.cgi?id=15424 Signed-off-by: Andrew Bartlett <abart...@samba.org> commit d4a71fbece8693c8522c429f462cecfb18b607a4 Author: Andrew Bartlett <abart...@samba.org> Date: Tue Aug 8 11:18:46 2023 +1200 CVE-2023-4154 dsdb/tests: Speed up DirSync test by only checking positive matches once When we (expect to) get back a result, do not waste time against a potentially slow server confirming we also get back results for all the other attribute combinations. BUG: https://bugzilla.samba.org/show_bug.cgi?id=15424 Signed-off-by: Andrew Bartlett <abart...@samba.org> commit 76b8d3edce1f4e1a3da725b72ebc5b9508d9a120 Author: Andrew Bartlett <abart...@samba.org> Date: Mon Aug 7 11:56:56 2023 +1200 CVE-2023-4154 dsdb/tests: Check that secret attributes are not visible with DirSync ever. BUG: https://bugzilla.samba.org/show_bug.cgi?id=15424 Signed-off-by: Andrew Bartlett <abart...@samba.org> commit b644bb066509b4890b6e1db48160960835f53bac Author: Andrew Bartlett <abart...@samba.org> Date: Mon Aug 7 14:44:28 2023 +1200 CVE-2023-4154 dsdb/tests: Force the test attribute to be not-confidential at the start Rather than fail, if the last run failed to reset things, just force the DC into the required state. BUG: https://bugzilla.samba.org/show_bug.cgi?id=15424 Signed-off-by: Andrew Bartlett <abart...@samba.org> commit 07d2b28fb3585c4d5366b0a8ddac9cd299aadf92 Author: Andrew Bartlett <abart...@samba.org> Date: Mon Aug 7 13:15:40 2023 +1200 CVE-2023-4154 dsdb/tests: Use self.addCleanup() and delete_force() Thie helps ensure this test is reliable even in spite of errors while running. BUG: https://bugzilla.samba.org/show_bug.cgi?id=15424 Signed-off-by: Andrew Bartlett <abart...@samba.org> commit 6578a65ed7bb8740671a10e2fcf36c48fd524c07 Author: Andrew Bartlett <abart...@samba.org> Date: Mon Aug 7 11:55:55 2023 +1200 CVE-2023-4154 dsdb/tests: Do not run SimpleDirsyncTests twice To re-use setup code, the super-class must have no test_*() methods otherwise these will be run as well as the class-local tests. We rename tests that would otherwise have duplicate names BUG: https://bugzilla.samba.org/show_bug.cgi?id=15424 Signed-off-by: Andrew Bartlett <abart...@samba.org> commit b70f4f8681ca1b0818d42f600fd8bbdd74c29346 Author: Ralph Boehme <s...@samba.org> Date: Tue Aug 1 13:04:36 2023 +0200 CVE-2023-4091: smbd: use open_access_mask for access check in open_file() If the client requested FILE_OVERWRITE[_IF], we're implicitly adding FILE_WRITE_DATA to the open_access_mask in open_file_ntcreate(), but for the access check we're using access_mask which doesn't contain the additional right, which means we can end up truncating a file for which the user has only read-only access via an SD. BUG: https://bugzilla.samba.org/show_bug.cgi?id=15439 Signed-off-by: Ralph Boehme <s...@samba.org> commit b1fd65694185c26f1e196d84ee8756300e631bd5 Author: Ralph Boehme <s...@samba.org> Date: Tue Aug 1 12:30:00 2023 +0200 CVE-2023-4091: smbtorture: test overwrite dispositions on read-only file BUG: https://bugzilla.samba.org/show_bug.cgi?id=15439 Signed-off-by: Ralph Boehme <s...@samba.org> commit 5ed25efb0731de2062cd1d9e109dcf9e3eb5c356 Author: Jeremy Allison <j...@samba.org> Date: Tue Jul 25 17:54:41 2023 -0700 CVE-2023-3961:s3: smbd: Remove the SMB_ASSERT() that crashes on bad pipenames. We correctly handle this and just return ENOENT (NT_STATUS_OBJECT_NAME_NOT_FOUND). Remove knowfail. BUG: https://bugzilla.samba.org/show_bug.cgi?id=15422 Signed-off-by: Jeremy Allison <j...@samba.org> commit c39f90a12496fea74a11cbd8b34ad4074d2529db Author: Jeremy Allison <j...@samba.org> Date: Tue Jul 25 17:49:21 2023 -0700 CVE-2023-3961:s3:torture: Add test SMB2-INVALID-PIPENAME to show we allow bad pipenames with unix separators through to the UNIX domain socket code. The raw SMB2-INVALID-PIPENAME test passes against Windows 2022, as it just returns NT_STATUS_OBJECT_NAME_NOT_FOUND. Add the knownfail. BUG:https://bugzilla.samba.org/show_bug.cgi?id=15422 Signed-off-by: Jeremy Allison <j...@samba.org> commit ae476e1c28b797fe221172ed1066bf8efa476d8d Author: Jeremy Allison <j...@samba.org> Date: Tue Jul 25 17:41:04 2023 -0700 CVE-2023-3961:s3:smbd: Catch any incoming pipe path that could exit socket_dir. For now, SMB_ASSERT() to exit the server. We will remove this once the test code is in place. BUG: https://bugzilla.samba.org/show_bug.cgi?id=15422 Signed-off-by: Jeremy Allison <j...@samba.org> ----------------------------------------------------------------------- Summary of changes: .../smbdotconf/protocol/dcerpcendpointservers.xml | 2 +- lib/param/loadparm.c | 2 +- selftest/knownfail | 2 +- selftest/knownfail.d/dirsync | 13 + selftest/target/Samba4.pm | 2 +- source3/param/loadparm.c | 2 +- source3/rpc_client/local_np.c | 13 + source3/rpc_server/rpc_host.c | 154 +------ source3/rpc_server/rpcd_classic.c | 45 +- source3/rpc_server/rpcd_epmapper.c | 33 +- source3/rpc_server/rpcd_lsad.c | 21 + source3/rpc_server/rpcd_rpcecho.c | 33 +- source3/rpc_server/wscript_build | 1 + source3/selftest/tests.py | 14 + source3/smbd/open.c | 4 +- source3/torture/proto.h | 1 + source3/torture/test_smb2.c | 110 +++++ source3/torture/torture.c | 4 + source4/dsdb/samdb/ldb_modules/dirsync.c | 22 +- source4/dsdb/tests/python/confidential_attr.py | 61 ++- source4/dsdb/tests/python/dirsync.py | 465 ++++++++++++++++++--- source4/echo_server/wscript_build | 2 +- source4/rpc_server/wscript_build | 3 +- source4/torture/smb2/acls.c | 143 +++++++ 24 files changed, 904 insertions(+), 248 deletions(-) create mode 100644 selftest/knownfail.d/dirsync Changeset truncated at 500 lines: diff --git a/docs-xml/smbdotconf/protocol/dcerpcendpointservers.xml b/docs-xml/smbdotconf/protocol/dcerpcendpointservers.xml index 8a217cc7f11..c6642b795fd 100644 --- a/docs-xml/smbdotconf/protocol/dcerpcendpointservers.xml +++ b/docs-xml/smbdotconf/protocol/dcerpcendpointservers.xml @@ -6,6 +6,6 @@ <para>Specifies which DCE/RPC endpoint servers should be run.</para> </description> -<value type="default">epmapper, wkssvc, rpcecho, samr, netlogon, lsarpc, drsuapi, dssetup, unixinfo, browser, eventlog6, backupkey, dnsserver</value> +<value type="default">epmapper, wkssvc, samr, netlogon, lsarpc, drsuapi, dssetup, unixinfo, browser, eventlog6, backupkey, dnsserver</value> <value type="example">rpcecho</value> </samba:parameter> diff --git a/lib/param/loadparm.c b/lib/param/loadparm.c index 9a7ae4f95fe..673b913e6e5 100644 --- a/lib/param/loadparm.c +++ b/lib/param/loadparm.c @@ -2730,7 +2730,7 @@ struct loadparm_context *loadparm_init(TALLOC_CTX *mem_ctx) lpcfg_do_global_parameter(lp_ctx, "ntvfs handler", "unixuid default"); lpcfg_do_global_parameter(lp_ctx, "max connections", "0"); - lpcfg_do_global_parameter(lp_ctx, "dcerpc endpoint servers", "epmapper wkssvc rpcecho samr netlogon lsarpc drsuapi dssetup unixinfo browser eventlog6 backupkey dnsserver"); + lpcfg_do_global_parameter(lp_ctx, "dcerpc endpoint servers", "epmapper wkssvc samr netlogon lsarpc drsuapi dssetup unixinfo browser eventlog6 backupkey dnsserver"); lpcfg_do_global_parameter(lp_ctx, "server services", "s3fs rpc nbt wrepl ldap cldap kdc drepl winbindd ntp_signd kcc dnsupdate dns"); lpcfg_do_global_parameter(lp_ctx, "kccsrv:samba_kcc", "true"); /* the winbind method for domain controllers is for both RODC diff --git a/selftest/knownfail b/selftest/knownfail index 37c75d7ca33..4e34effbbd1 100644 --- a/selftest/knownfail +++ b/selftest/knownfail @@ -151,7 +151,7 @@ ^samba4.smb2.acls.*.inheritflags ^samba4.smb2.acls.*.owner ^samba4.smb2.acls.*.ACCESSBASED -^samba4.ldap.dirsync.python.ad_dc_ntvfs..__main__.ExtendedDirsyncTests.test_dirsync_deleted_items +^samba4.ldap.dirsync.python.ad_dc_ntvfs..__main__.SimpleDirsyncTests.test_dirsync_deleted_items_OBJECT_SECURITY #^samba4.ldap.dirsync.python.ad_dc_ntvfs..__main__.ExtendedDirsyncTests.* ^samba4.libsmbclient.opendir.(NT1|SMB3).opendir # This requires netbios browsing ^samba4.rpc.drsuapi.*.drsuapi.DsGetDomainControllerInfo\(.*\)$ diff --git a/selftest/knownfail.d/dirsync b/selftest/knownfail.d/dirsync new file mode 100644 index 00000000000..fcf4d469d6e --- /dev/null +++ b/selftest/knownfail.d/dirsync @@ -0,0 +1,13 @@ +^samba4.ldap.dirsync.python\(.*\).__main__.ConfidentialDirsyncTests.test_dirsync_OBJECT_SECURITY_insist_on_empty_element\(.*\) +^samba4.ldap.dirsync.python\(.*\).__main__.ConfidentialDirsyncTests.test_dirsync_unicodePwd_OBJ_SEC_insist_on_empty_element\(.*\) +^samba4.ldap.dirsync.python\(.*\).__main__.ConfidentialDirsyncTests.test_dirsync_unicodePwd_with_GET_CHANGES_OBJ_SEC_insist_on_empty_element\(.*\) +^samba4.ldap.dirsync.python\(.*\).__main__.ConfidentialDirsyncTests.test_dirsync_unicodePwd_with_GET_CHANGES_insist_on_empty_element\(.*\) +^samba4.ldap.dirsync.python\(.*\).__main__.ConfidentialDirsyncTests.test_dirsync_with_GET_CHANGES_OBJECT_SECURITY_insist_on_empty_element\(.*\) +^samba4.ldap.dirsync.python\(.*\).__main__.ConfidentialDirsyncTests.test_dirsync_with_GET_CHANGES\(.*\) +^samba4.ldap.dirsync.python\(.*\).__main__.ConfidentialFilteredDirsyncTests.test_dirsync_OBJECT_SECURITY_insist_on_empty_element\(.*\) +^samba4.ldap.dirsync.python\(.*\).__main__.ConfidentialFilteredDirsyncTests.test_dirsync_OBJECT_SECURITY_with_GET_CHANGES_insist_on_empty_element\(.*\) +^samba4.ldap.dirsync.python\(.*\).__main__.ConfidentialFilteredDirsyncTests.test_dirsync_with_GET_CHANGES_attr\(.*\) +^samba4.ldap.dirsync.python\(.*\).__main__.ConfidentialFilteredDirsyncTests.test_dirsync_with_GET_CHANGES_insist_on_empty_element\(.*\) +^samba4.ldap.dirsync.python\(.*\).__main__.FilteredDirsyncTests.test_dirsync_with_GET_CHANGES\(.*\) +^samba4.ldap.dirsync.python\(.*\).__main__.FilteredDirsyncTests.test_dirsync_with_GET_CHANGES_attr\(.*\) +^samba4.ldap.dirsync.python\(.*\).__main__.FilteredDirsyncTests.test_dirsync_with_GET_CHANGES_insist_on_empty_element\(.*\) diff --git a/selftest/target/Samba4.pm b/selftest/target/Samba4.pm index 49e3c174b07..5f1f1bfffad 100755 --- a/selftest/target/Samba4.pm +++ b/selftest/target/Samba4.pm @@ -783,7 +783,7 @@ sub provision_raw_step1($$) wins support = yes server role = $ctx->{server_role} server services = +echo $services - dcerpc endpoint servers = +winreg +srvsvc + dcerpc endpoint servers = +winreg +srvsvc +rpcecho notify:inotify = false ldb:nosync = true ldap server require strong auth = yes diff --git a/source3/param/loadparm.c b/source3/param/loadparm.c index 1c364458912..e7f4bbe3995 100644 --- a/source3/param/loadparm.c +++ b/source3/param/loadparm.c @@ -883,7 +883,7 @@ static void init_globals(struct loadparm_context *lp_ctx, bool reinit_globals) Globals.server_services = str_list_make_v3_const(NULL, "s3fs rpc nbt wrepl ldap cldap kdc drepl winbindd ntp_signd kcc dnsupdate dns", NULL); - Globals.dcerpc_endpoint_servers = str_list_make_v3_const(NULL, "epmapper wkssvc rpcecho samr netlogon lsarpc drsuapi dssetup unixinfo browser eventlog6 backupkey dnsserver", NULL); + Globals.dcerpc_endpoint_servers = str_list_make_v3_const(NULL, "epmapper wkssvc samr netlogon lsarpc drsuapi dssetup unixinfo browser eventlog6 backupkey dnsserver", NULL); Globals.tls_enabled = true; Globals.tls_verify_peer = TLS_VERIFY_PEER_AS_STRICT_AS_POSSIBLE; diff --git a/source3/rpc_client/local_np.c b/source3/rpc_client/local_np.c index 0e912d0e35a..2e9d1b4febe 100644 --- a/source3/rpc_client/local_np.c +++ b/source3/rpc_client/local_np.c @@ -542,6 +542,19 @@ struct tevent_req *local_np_connect_send( return tevent_req_post(req, ev); } + /* + * Ensure we cannot process a path that exits + * the socket_dir. + */ + if (ISDOTDOT(lower_case_pipename) || + (strchr(lower_case_pipename, '/')!=NULL)) + { + DBG_DEBUG("attempt to connect to invalid pipe pathname %s\n", + lower_case_pipename); + tevent_req_error(req, ENOENT); + return tevent_req_post(req, ev); + } + state->socketpath = talloc_asprintf( state, "%s/np/%s", socket_dir, lower_case_pipename); if (tevent_req_nomem(state->socketpath, req)) { diff --git a/source3/rpc_server/rpc_host.c b/source3/rpc_server/rpc_host.c index f29658a87de..1a1c31cf7fa 100644 --- a/source3/rpc_server/rpc_host.c +++ b/source3/rpc_server/rpc_host.c @@ -214,7 +214,6 @@ struct rpc_server_get_endpoints_state { char **argl; char *ncalrpc_endpoint; enum dcerpc_transport_t only_transport; - struct dcerpc_binding **existing_bindings; struct rpc_host_iface_name *iface_names; struct rpc_host_endpoint **endpoints; @@ -235,7 +234,6 @@ static void rpc_server_get_endpoints_done(struct tevent_req *subreq); * @param[in] ev Event context to run this on * @param[in] rpc_server_exe Binary to ask with --list-interfaces * @param[in] only_transport Filter out anything but this - * @param[in] existing_bindings Filter out endpoints served by "samba" * @return The tevent_req representing this process */ @@ -243,8 +241,7 @@ static struct tevent_req *rpc_server_get_endpoints_send( TALLOC_CTX *mem_ctx, struct tevent_context *ev, const char *rpc_server_exe, - enum dcerpc_transport_t only_transport, - struct dcerpc_binding **existing_bindings) + enum dcerpc_transport_t only_transport) { struct tevent_req *req = NULL, *subreq = NULL; struct rpc_server_get_endpoints_state *state = NULL; @@ -256,7 +253,6 @@ static struct tevent_req *rpc_server_get_endpoints_send( return NULL; } state->only_transport = only_transport; - state->existing_bindings = existing_bindings; progname = strrchr(rpc_server_exe, '/'); if (progname != NULL) { @@ -417,37 +413,17 @@ static bool dcerpc_binding_same_endpoint( * In member mode, we only serve named pipes. Indicated by NCACN_NP * passed in via "only_transport". * - * In AD mode, the "samba" process already serves many endpoints, - * passed in via "existing_binding". Don't serve those from - * samba-dcerpcd. - * * @param[in] binding Which binding is in question? * @param[in] only_transport Exclusive transport to serve - * @param[in] existing_bindings Endpoints served by "samba" already * @return Do we want to serve "binding" from samba-dcerpcd? */ static bool rpc_host_serve_endpoint( struct dcerpc_binding *binding, - enum dcerpc_transport_t only_transport, - struct dcerpc_binding **existing_bindings) + enum dcerpc_transport_t only_transport) { enum dcerpc_transport_t transport = dcerpc_binding_get_transport(binding); - size_t i, num_existing_bindings; - - num_existing_bindings = talloc_array_length(existing_bindings); - - for (i=0; i<num_existing_bindings; i++) { - bool same = dcerpc_binding_same_endpoint( - binding, existing_bindings[i]); - if (same) { - DBG_DEBUG("%s served by samba\n", - dcerpc_binding_get_string_option( - binding, "endpoint")); - return false; - } - } if (only_transport == NCA_UNKNOWN) { /* no filter around */ @@ -486,7 +462,7 @@ static struct rpc_host_endpoint *rpc_host_endpoint_find( } serve_this = rpc_host_serve_endpoint( - ep->binding, state->only_transport, state->existing_bindings); + ep->binding, state->only_transport); if (!serve_this) { goto fail; } @@ -1607,7 +1583,6 @@ static struct tevent_req *rpc_server_setup_send( TALLOC_CTX *mem_ctx, struct tevent_context *ev, struct rpc_host *host, - struct dcerpc_binding **existing_bindings, const char *rpc_server_exe) { struct tevent_req *req = NULL, *subreq = NULL; @@ -1639,8 +1614,7 @@ static struct tevent_req *rpc_server_setup_send( state, ev, rpc_server_exe, - host->np_helper ? NCACN_NP : NCA_UNKNOWN, - existing_bindings); + host->np_helper ? NCACN_NP : NCA_UNKNOWN); if (tevent_req_nomem(subreq, req)) { return tevent_req_post(req, ev); } @@ -2344,7 +2318,6 @@ static struct tevent_req *rpc_host_send( TALLOC_CTX *mem_ctx, struct tevent_context *ev, struct messaging_context *msg_ctx, - struct dcerpc_binding **existing_bindings, char *servers, int ready_signal_fd, const char *daemon_ready_progname, @@ -2465,7 +2438,6 @@ static struct tevent_req *rpc_host_send( state, ev, host, - existing_bindings, exe); if (tevent_req_nomem(subreq, req)) { return tevent_req_post(req, ev); @@ -2648,117 +2620,6 @@ static int rpc_host_pidfile_create( return EAGAIN; } -/* - * Find which interfaces are already being served by the samba AD - * DC so we know not to serve them. Some interfaces like netlogon - * are served by "samba", some like srvsvc will be served by the - * source3 based RPC servers. - */ -static NTSTATUS rpc_host_epm_lookup( - TALLOC_CTX *mem_ctx, - struct dcerpc_binding ***pbindings) -{ - struct rpc_pipe_client *cli = NULL; - struct pipe_auth_data *auth = NULL; - struct policy_handle entry_handle = { .handle_type = 0 }; - struct dcerpc_binding **bindings = NULL; - NTSTATUS status = NT_STATUS_UNSUCCESSFUL; - - status = rpc_pipe_open_ncalrpc(mem_ctx, &ndr_table_epmapper, &cli); - if (!NT_STATUS_IS_OK(status)) { - DBG_DEBUG("rpc_pipe_open_ncalrpc failed: %s\n", - nt_errstr(status)); - goto fail; - } - status = rpccli_ncalrpc_bind_data(cli, &auth); - if (!NT_STATUS_IS_OK(status)) { - DBG_DEBUG("rpccli_ncalrpc_bind_data failed: %s\n", - nt_errstr(status)); - goto fail; - } - status = rpc_pipe_bind(cli, auth); - if (!NT_STATUS_IS_OK(status)) { - DBG_DEBUG("rpc_pipe_bind failed: %s\n", nt_errstr(status)); - goto fail; - } - - for (;;) { - size_t num_bindings = talloc_array_length(bindings); - struct dcerpc_binding **tmp = NULL; - uint32_t num_entries = 0; - struct epm_entry_t *entry = NULL; - struct dcerpc_binding *binding = NULL; - uint32_t result; - - entry = talloc(cli, struct epm_entry_t); - if (entry == NULL) { - goto fail; - } - - status = dcerpc_epm_Lookup( - cli->binding_handle, /* binding_handle */ - cli, /* mem_ctx */ - 0, /* rpc_c_ep_all */ - NULL, /* object */ - NULL, /* interface id */ - 0, /* rpc_c_vers_all */ - &entry_handle, /* entry_handle */ - 1, /* max_ents */ - &num_entries, /* num_ents */ - entry, /* entries */ - &result); /* result */ - if (!NT_STATUS_IS_OK(status)) { - DBG_DEBUG("dcerpc_epm_Lookup failed: %s\n", - nt_errstr(status)); - goto fail; - } - - if (result == EPMAPPER_STATUS_NO_MORE_ENTRIES) { - break; - } - - if (result != EPMAPPER_STATUS_OK) { - DBG_DEBUG("dcerpc_epm_Lookup returned %"PRIu32"\n", - result); - break; - } - - if (num_entries != 1) { - DBG_DEBUG("epm_Lookup returned %"PRIu32" " - "entries, expected one\n", - num_entries); - break; - } - - status = dcerpc_binding_from_tower( - mem_ctx, &entry->tower->tower, &binding); - if (!NT_STATUS_IS_OK(status)) { - break; - } - - tmp = talloc_realloc( - mem_ctx, - bindings, - struct dcerpc_binding *, - num_bindings+1); - if (tmp == NULL) { - status = NT_STATUS_NO_MEMORY; - goto fail; - } - bindings = tmp; - - bindings[num_bindings] = talloc_move(bindings, &binding); - - TALLOC_FREE(entry); - } - - *pbindings = bindings; - status = NT_STATUS_OK; -fail: - TALLOC_FREE(cli); - return status; -} - static void samba_dcerpcd_stdin_handler( struct tevent_context *ev, struct tevent_fd *fde, @@ -2788,7 +2649,6 @@ int main(int argc, const char *argv[]) struct tevent_context *ev_ctx = NULL; struct messaging_context *msg_ctx = NULL; struct tevent_req *req = NULL; - struct dcerpc_binding **existing_bindings = NULL; char *servers = NULL; const char *arg = NULL; size_t num_servers; @@ -2995,11 +2855,6 @@ int main(int argc, const char *argv[]) exit(1); } - status = rpc_host_epm_lookup(frame, &existing_bindings); - DBG_DEBUG("rpc_host_epm_lookup returned %s, %zu bindings\n", - nt_errstr(status), - talloc_array_length(existing_bindings)); - ret = rpc_host_pidfile_create(msg_ctx, progname, ready_signal_fd); if (ret != 0) { DBG_DEBUG("rpc_host_pidfile_create failed: %s\n", @@ -3013,7 +2868,6 @@ int main(int argc, const char *argv[]) ev_ctx, ev_ctx, msg_ctx, - existing_bindings, servers, ready_signal_fd, cmdline_daemon_cfg->fork ? NULL : progname, diff --git a/source3/rpc_server/rpcd_classic.c b/source3/rpc_server/rpcd_classic.c index 4f6164c814c..8494af575ec 100644 --- a/source3/rpc_server/rpcd_classic.c +++ b/source3/rpc_server/rpcd_classic.c @@ -42,14 +42,34 @@ static size_t classic_interfaces( static const struct ndr_interface_table *ifaces[] = { &ndr_table_srvsvc, &ndr_table_netdfs, - &ndr_table_wkssvc, + &ndr_table_initshutdown, &ndr_table_svcctl, &ndr_table_ntsvcs, &ndr_table_eventlog, - &ndr_table_initshutdown, + /* + * This last item is truncated from the list by the + * num_ifaces -= 1 below. Take care when adding new + * services. + */ + &ndr_table_wkssvc, }; + size_t num_ifaces = ARRAY_SIZE(ifaces); + + switch(lp_server_role()) { + case ROLE_ACTIVE_DIRECTORY_DC: + /* + * On the AD DC wkssvc is provided by the 'samba' + * binary from source4/ + */ + num_ifaces -= 1; + break; + default: + break; + } + *pifaces = ifaces; - return ARRAY_SIZE(ifaces); + return num_ifaces; + } static size_t classic_servers( @@ -58,15 +78,28 @@ static size_t classic_servers( void *private_data) { static const struct dcesrv_endpoint_server *ep_servers[7] = { NULL }; + size_t num_servers = ARRAY_SIZE(ep_servers); bool ok; ep_servers[0] = srvsvc_get_ep_server(); ep_servers[1] = netdfs_get_ep_server(); - ep_servers[2] = wkssvc_get_ep_server(); + ep_servers[2] = initshutdown_get_ep_server(); ep_servers[3] = svcctl_get_ep_server(); ep_servers[4] = ntsvcs_get_ep_server(); ep_servers[5] = eventlog_get_ep_server(); - ep_servers[6] = initshutdown_get_ep_server(); + ep_servers[6] = wkssvc_get_ep_server(); + + switch(lp_server_role()) { + case ROLE_ACTIVE_DIRECTORY_DC: + /* + * On the AD DC wkssvc is provided by the 'samba' + * binary from source4/ + */ + num_servers -= 1; + break; + default: + break; + } ok = secrets_init(); if (!ok) { @@ -85,7 +118,7 @@ static size_t classic_servers( mangle_reset_cache(); *_ep_servers = ep_servers; - return ARRAY_SIZE(ep_servers); + return num_servers; } int main(int argc, const char *argv[]) diff --git a/source3/rpc_server/rpcd_epmapper.c b/source3/rpc_server/rpcd_epmapper.c index 950ba7ec12a..455179ccfba 100644 --- a/source3/rpc_server/rpcd_epmapper.c +++ b/source3/rpc_server/rpcd_epmapper.c @@ -19,6 +19,8 @@ #include "rpc_worker.h" #include "librpc/gen_ndr/ndr_epmapper.h" #include "librpc/gen_ndr/ndr_epmapper_scompat.h" +#include "param/loadparm.h" +#include "libds/common/roles.h" static size_t epmapper_interfaces( const struct ndr_interface_table ***pifaces, @@ -27,8 +29,22 @@ static size_t epmapper_interfaces( static const struct ndr_interface_table *ifaces[] = { &ndr_table_epmapper, }; + size_t num_ifaces = ARRAY_SIZE(ifaces); + + switch(lp_server_role()) { + case ROLE_ACTIVE_DIRECTORY_DC: + /* + * On the AD DC epmapper is provided by the 'samba' + * binary from source4/ + */ + num_ifaces = 0; + break; + default: + break; + } + *pifaces = ifaces; - return ARRAY_SIZE(ifaces); + return num_ifaces; } static size_t epmapper_servers( @@ -37,11 +53,24 @@ static size_t epmapper_servers( void *private_data) { static const struct dcesrv_endpoint_server *ep_servers[] = { NULL }; + size_t num_servers = ARRAY_SIZE(ep_servers); ep_servers[0] = epmapper_get_ep_server(); -- Samba Shared Repository