The branch, v4-21-stable has been updated
via 5da3e988292 VERSION: Disable GIT_SNAPSHOT for the 4.21.7 release.
via 19f7837e498 WHATSNEW: Add release notes for Samba 4.21.7.
via 1967ce81998 s3-winbindd: Fix internal winbind dsgetdcname calls
w.r.t. domain name
via fc13e0918fd s3:winbindd: avoid using any netlogon call to get a dc
name
via 3490e76342a lib:util: Disable logging to syslog for startup messages
via ccb5e9694e3 python:lsa_utils: Fix fallback to OpenPolicy2
via b106c7d77ae python:lsa_utils: Don't use optional arguments for
OpenPolicyFallback()
via e8e6b68539b pidl: Update documentation for DCERPC interface
connections
via 0a0d87f4093 librpc:pyrpc: Allow new authenticated rpc connection on
the same transport as the basis_connection
via 30b077b6781 dcesrv_core: Make dcesrv_call_disconnect_after() public
via 1cbbe56266b s3:rpc_client: Use cli_rpc_pipe_reopen_np_noauth() for
OpenPolicy fallback
via 4ae32d6faa0 s3:rpc_cerver: Use dcerpc_lsa_open_policy3() for
internal RPC
via fe5b8928443 s3:rpc_client: Add cli_rpc_pipe_reopen_np_noauth()
via 1ba2acc9fc9 s3:cli_pipe: pass target_service to
cli_rpc_pipe_open_with_creds()
via 22900d278cb s3:rpc_client: remember the local/remote ipv4 or ipv6
addresses
via e568b119340 s3:rpc_client: add missing TALLOC_FREE(frame) in
cli_rpc_pipe_open()
via 4ead8424471 s3:rpc_client: split out
cli_rpc_pipe_client_auth_schannel()
via bf717ca5c4d s3:rpc_client: add cli_rpc_pipe_client_prepare_alter()
helper
via 75e1c18d912 s3:rpc_client: make real use of
rpc_client_{association,connection}
via cb3e074ec54 s3:rpc_client: let cli_rpc_pipe_open() use
rpc_client_connection_np()
via 4b1f27c3202 s3:rpc_client: convert rpc_pipe_open_np() to
rpc_client_{association,connection}
via f019fa98dbf s3:rpc_client: convert rpc_pipe_open_tcp_port() to
rpc_client_{association,connection}
via f81ee3b6d0f s3:rpc_client: convert rpc_pipe_open_local_np() to
rpc_client_{association,connection}
via 6f67e05fb70 s3:rpc_client: convert rpc_pipe_open_ncalrpc() to
rpc_client_{association,connection}
via 8dc83405eeb s3:rpc_client: add struct
rpc_client_{association,connection} and helpers
via e42835a2f5f s3:rpc_client: only pass the pipe_name to
rpc_transport_np_init_send()
via 7e02cf063ac s3:rpc_client: make most of rpc_pipe_client internal
struct members
via 6c43234a06b s3:librpc/rpc: split out dcerpc_internal.h for struct
pipe_auth_data
via 6af9f50396d s3:libsmb: make use of
dcerpc_binding_get_abstract_syntax()
via 33b0b4bfe5f s3:lib/netapi: make use of
dcerpc_binding_get_abstract_syntax()
via 61a5a72a3cd s3:rpcclient: make use of
dcerpc_binding_handle_get_transport()
via 523484d1882 s3:winbindd: make use of
dcerpc_binding_handle_get_transport()
via 86e27e94b2b s3:rpc_client: remove references to rpc_pipe_client
from wsp_cli.c
via 2f753ed81ce s3:rpc_client: remember rpc_pipe_client->print_username
via 91e8d63c638 s4:librpc: make all but dcerpc_pipe->binding_handle
internal struct members
via ba777ee0532 s4:torture/rpc: make use of
dcerpc_binding_handle_get_transport()
via a57ec7313cd s4:tortore/rpc: make use of
dcerpc_binding_get_abstract_syntax() and dcerpc_binding_get_flags()
via 087ccbdd863 s4:torture/rpc: make use of
dcerpc_binding_handle_get_binding() and dcerpc_binding_get_flags()
via 2ca22d00411 s4:libnet: make use of
dcerpc_binding_handle_get_transport()
via 5e2606c5ea3 s4:libnet: make use of
dcerpc_binding_handle_get_binding()
via 2edaf617e86 librpc/rpc: un-const dcerpc_default_transport_endpoint()
via 57d161d54f0 librpc/rpc: add dcerpc_binding_handle_get_transport()
helper function
via e94025e1a8e librpc/rpc: add dcerpc_binding_handle_get_binding()
via bac9282844a s3:rpc_client: implement rpccli_bh_get_binding()
via 1ed6f5c6692 s4:librpc/rpc: implement dcerpc_bh_get_binding()
via d2d951bddd4 s4:librpc/rpc: call dcerpc_binding_set_abstract_syntax
after bind or alter context
via a89c2664f68 s3:winbindd: implement wbint_bh_get_binding() in
winbindd_dual_ndr.c
via 296b5cd0665 s4:lib/messaging: implement irpc_bh_get_binding()
via 51dc661d261 libcli/tstream_binding_handle: implement get_binding()
via 20a42d2ca1b librpc/rpc: add get_binding() to
dcerpc_binding_handle_ops
via 3731bbfdc4a s3:rpc_client: header signing is negotiated per
transport connection
via daefb7b2436 s3:rpc_client: make use of struct samba_sockaddr in
rpc_pipe_open_ncalrpc()
via 3db4cfe8a33 s3:winbindd: cm_connect_lsa_tcp() doesn't need to check
for NCACN_IP_TCP or LEVEL_INTEGRITY
via 1ff49833b6e s3:rpcclient: make use of
dcerpc_binding_handle_auth_info()
via 277f9ff99a8 s3:rpc_client: the transport_session_key is per
connection!
via b640002afd6 s3:rpc_client: remove unused cli_get_session_key()
via 95f7152911a s3:rpcclient/cli_drsuapi: make use of
dcerpc_binding_handle_auth_session_key()
via 3200bd21d4d s3:libnet_dssync: make use of
dcerpc_binding_handle_auth_session_key()
via 8c695f13b6b s3:rpc_client: make use of
dcerpc_binding_handle_transport_session_key()
via 5f1f651d0e5 s3:utils/net_rpc: make use of
dcerpc_binding_handle_transport_session_key()
via 505775ba876 s3:libnet_join: make use of
dcerpc_binding_handle_transport_session_key()
via 7092b9abf1d s3:lib/netapi: make use of
dcerpc_binding_handle_transport_session_key()
via c924b4420de s4:torture/drs: make use of
dcerpc_binding_handle_auth_session_key()
via c1875485f4b s4:pyrpc: make use of
dcerpc_binding_handle_auth_session_key()
via dd0c6b46880 s4:py_net: make use of
dcerpc_binding_handle_auth_session_key()
via 37768515a52 s4:libnet: make use of
dcerpc_binding_handle_auth_session_key() in libnet_become_dc.c
via 7fae08c9dcd s4:drepl: make use of
dcerpc_binding_handle_auth_session_key()
via 2b7ae6f61af s3:rpc_client: add rpccli_bh_auth_session_key()
via 0c0f83127cb s4:librpc/rpc: add dcerpc_bh_auth_session_key()
via ece818eb50c librpc/rpc: add dcerpc_binding_handle_auth_session_key()
via a835a9b2f58 s4:librpc/rpc: remove unused dcerpc_fetch_session_key()
via 21882daef2e s4:torture/rpc: make use of
dcerpc_binding_handle_transport_session_key()
via 1fe021a0c41 xss4:pyrpc: make use of
dcerpc_binding_handle_transport_session_key()
via 9aa2be36397 s4:libnet: make use of
dcerpc_binding_handle_transport_session_key() in libnet_passwd.c
via 0b5624e50d3 s4:libnet: add struct dcerpc_binding_handle helper
variables in libnet_passwd.c
via b1be2bb12d9 s4:librpc/rpc: remove unused
dcerpc_transport_encrypted()
via 7e5ac988114 s4:pyrpc: let py_iface_transport_encrypted() use
dcerpc_binding_handle_transport_encrypted()
via 30134801b6d s3:rpc_client: add rpccli_bh_transport_session_key()
via f596c49585f s4:librpc/rpc: add
dcerpc_bh_transport_{encrypted,session_key}()
via c4990ed56f7 librpc/rpc: add
dcerpc_binding_handle_transport_{encrypted,session_key}()
via b7cd9cf02aa s4:torture/rpc: avoid using DCERPC_NDR_REF_ALLOC in
fsrvp.c
via 5047e9863b9 s4:torture/rpc: remove useless usage of DCERPC_SIGN,
DCERPC_SEAL
via 59c5354117c s4:torture/rpc: avoid checking p->last_fault_code in
iremotewinspool*
via a91f4b27c18 librpc/rpc: map DCERPC_NCA_S_UNSUPPORTED_TYPE to
NT_STATUS_RPC_UNSUPPORTED_TYPE
via 27b0b2c2dde librpc/rpc: map DCERPC_NCA_S_SERVER_TOO_BUSY to
NT_STATUS_RPC_SERVER_TOO_BUSY
via a3e57f9df27 VERSION: Bump version up to Samba 4.21.7...
from b901f39a1d0 VERSION: Disable GIT_SNAPSHOT for the 4.21.6 release.
https://git.samba.org/?p=samba.git;a=shortlog;h=v4-21-stable
- Log -----------------------------------------------------------------
-----------------------------------------------------------------------
Summary of changes:
VERSION | 2 +-
WHATSNEW.txt | 85 +-
lib/util/debug.c | 15 +
lib/util/debug.h | 9 +
.../tstream_binding_handle.c | 19 +
librpc/rpc/binding_handle.c | 44 +
librpc/rpc/dcerpc_error.c | 4 +-
librpc/rpc/dcerpc_util.c | 8 +-
librpc/rpc/dcerpc_util.h | 6 +-
librpc/rpc/dcesrv_core.c | 4 +-
librpc/rpc/dcesrv_core.h | 3 +
librpc/rpc/rpc_common.h | 26 +
pidl/lib/Parse/Pidl/Samba4/Python.pm | 29 +-
python/samba/lsa_utils.py | 67 +-
python/samba/netcmd/domain/trust.py | 93 +-
python/samba/tests/dcerpc/lsa_utils.py | 51 +-
source3/lib/netapi/cm.c | 15 +-
source3/lib/netapi/joindomain.c | 12 +-
source3/lib/netapi/localgroup.c | 2 +-
source3/lib/netapi/user.c | 6 +-
source3/libnet/libnet_dssync.c | 17 +-
source3/libnet/libnet_join.c | 3 +-
source3/librpc/rpc/dcerpc.h | 17 +-
source3/librpc/rpc/dcerpc_helpers.c | 1 +
.../librpc/rpc/dcerpc_internal.h | 22 +-
source3/libsmb/libsmb_xattr.c | 10 +-
source3/libsmb/passchange.c | 1 +
source3/rpc_client/cli_lsarpc.c | 15 +-
source3/rpc_client/cli_lsarpc.h | 4 +-
source3/rpc_client/cli_pipe.c | 1781 +++++++++++++++-----
source3/rpc_client/cli_pipe.h | 21 +-
source3/rpc_client/cli_spoolss.c | 6 +-
source3/rpc_client/rpc_client.h | 39 +-
source3/rpc_client/rpc_transport.h | 2 +-
source3/rpc_client/rpc_transport_np.c | 5 +-
source3/rpc_client/wsp_cli.c | 71 +-
source3/rpc_server/netlogon/srv_netlog_nt.c | 2 +-
source3/rpcclient/cmd_drsuapi.c | 15 +-
source3/rpcclient/cmd_iremotewinspool.c | 3 +-
source3/rpcclient/cmd_lsarpc.c | 75 +-
source3/rpcclient/cmd_samr.c | 3 +-
source3/rpcclient/rpcclient.c | 26 +-
source3/utils/net_rpc.c | 13 +-
source3/utils/net_rpc_printer.c | 3 +-
source3/utils/net_rpc_rights.c | 4 +-
source3/utils/net_rpc_trust.c | 5 +-
source3/winbindd/wb_queryuser.c | 17 +-
source3/winbindd/wb_sids2xids.c | 17 +-
source3/winbindd/wb_xids2sids.c | 12 +-
source3/winbindd/winbindd_cm.c | 158 +-
source3/winbindd/winbindd_dual.c | 6 +-
source3/winbindd/winbindd_dual_ndr.c | 47 +-
source3/winbindd/winbindd_dual_srv.c | 105 +-
source3/winbindd/winbindd_msrpc.c | 4 +-
source3/winbindd/winbindd_proto.h | 1 +
source3/winbindd/winbindd_rpc.c | 7 +-
source3/winbindd/winbindd_util.c | 19 +
source3/wscript_build | 2 +-
source4/dsdb/repl/drepl_out_helpers.c | 7 +-
source4/lib/messaging/messaging.c | 44 +-
source4/libnet/libnet_become_dc.c | 29 +-
source4/libnet/libnet_join.c | 3 +-
source4/libnet/libnet_passwd.c | 55 +-
source4/libnet/libnet_rpc.c | 27 +-
source4/libnet/py_net.c | 12 +-
source4/librpc/rpc/dcerpc.c | 121 ++
source4/librpc/rpc/dcerpc.h | 22 +-
source4/librpc/rpc/dcerpc_auth.c | 2 +
source4/librpc/rpc/dcerpc_connect.c | 1 +
source4/librpc/rpc/dcerpc_roh.c | 2 +
source4/librpc/rpc/dcerpc_schannel.c | 2 +
source4/librpc/rpc/dcerpc_secondary.c | 1 +
source4/librpc/rpc/dcerpc_smb.c | 2 +
source4/librpc/rpc/dcerpc_sock.c | 2 +
source4/librpc/rpc/dcerpc_util.c | 34 +-
source4/librpc/rpc/pyrpc.c | 50 +-
source4/librpc/rpc/pyrpc_util.c | 80 +-
source4/rpc_server/remote/dcesrv_remote.c | 2 +
source4/torture/drs/rpc/dssync.c | 5 +-
source4/torture/drs/rpc/msds_intid.c | 5 +-
source4/torture/rpc/alter_context.c | 36 +-
source4/torture/rpc/backupkey.c | 9 +-
source4/torture/rpc/bind.c | 4 +-
source4/torture/rpc/drsuapi.c | 5 +-
source4/torture/rpc/dsgetinfo.c | 4 +-
source4/torture/rpc/echo.c | 17 +-
source4/torture/rpc/forest_trust.c | 5 +-
source4/torture/rpc/fsrvp.c | 72 +-
source4/torture/rpc/handles.c | 28 +-
source4/torture/rpc/iremotewinspool.c | 22 +-
source4/torture/rpc/iremotewinspool_common.c | 4 -
source4/torture/rpc/iremotewinspool_common.h | 1 -
source4/torture/rpc/lsa.c | 22 +-
source4/torture/rpc/lsa_lookup.c | 5 +-
source4/torture/rpc/netlogon.c | 30 +-
source4/torture/rpc/samba3rpc.c | 19 +-
source4/torture/rpc/samr.c | 24 +-
source4/torture/rpc/samsync.c | 6 +-
source4/torture/rpc/session_key.c | 4 +-
source4/torture/rpc/spoolss.c | 4 +-
source4/torture/rpc/testjoin.c | 2 +-
source4/torture/rpc/winreg.c | 8 +-
source4/torture/rpc/wkssvc.c | 4 +-
103 files changed, 2649 insertions(+), 1253 deletions(-)
copy source4/echo_server/echo_server.h => source3/librpc/rpc/dcerpc_internal.h
(64%)
Changeset truncated at 500 lines:
diff --git a/VERSION b/VERSION
index 68f898ae004..4fff7d5eb09 100644
--- a/VERSION
+++ b/VERSION
@@ -27,7 +27,7 @@ SAMBA_COPYRIGHT_STRING="Copyright Andrew Tridgell and the
Samba Team 1992-2024"
########################################################
SAMBA_VERSION_MAJOR=4
SAMBA_VERSION_MINOR=21
-SAMBA_VERSION_RELEASE=6
+SAMBA_VERSION_RELEASE=7
########################################################
# If a official release has a serious bug #
diff --git a/WHATSNEW.txt b/WHATSNEW.txt
index b8967d54c82..127fd8a3811 100644
--- a/WHATSNEW.txt
+++ b/WHATSNEW.txt
@@ -1,3 +1,85 @@
+ ==============================
+ Release Notes for Samba 4.21.7
+ July 07, 2025
+ ==============================
+
+
+This is the latest stable release of the Samba 4.21 release series.
+
+
+Important Change in Upcoming Microsoft Update
+---------------------------------------------
+
+On 8th of July, Microsoft will release an important security update for
+Active Directory Domain Controllers for Windows Server versions prior to
+2025.
+
+This update includes a change to the Microsoft RPC Netlogon protocol,
+which improves security by tightening access checks for a set of RPC
+requests. Samba running as domain members in these environments will be
+impacted by this change if a specific configuration is used, see below
+for which configuration is affected.
+
+Windows Server version 2025 is already equipped with these specific
+security hardenings, and Microsoft is now planning to deploy them to all
+supported Windows Server versions down to Windows Server 2008.
+
+
+Who is affected?
+
+Samba installations acting as member servers in Windows AD domains will
+be affected if they are configured to use the 'ad' idmapping backend.
+Samba servers not using this configuration will not be affected by the
+change – at least to our current knowledge and understanding of the
+change – and no further action is required.
+
+Current versions of Samba with the affected configuration will no longer
+function correctly once the Microsoft update has been applied. Users
+will not be able to connect to the SMB service provided by Samba for any
+domain configured to use the 'ad' idmapping backend.
+
+See https://bugzilla.samba.org/show_bug.cgi?id=15876.
+
+Changes since 4.21.6
+--------------------
+
+o Günther Deschner <g...@samba.org>
+ * BUG 15876: Windows security hardening locks out schannel'ed netlogon dc
+ calls like netr_DsRGetDCName.
+
+o Stefan Metzmacher <me...@samba.org>
+ * BUG 15680: Trust domains are not created.
+ * BUG 15876: Windows security hardening locks out schannel'ed netlogon dc
+ calls like netr_DsRGetDCName.
+
+o Andreas Schneider <a...@samba.org>
+ * BUG 15680: Trust domains are not created.
+ * BUG 15869: Startup messages of rpc deamons fills /var/log/messages.
+
+
+#######################################
+Reporting bugs & Development Discussion
+#######################################
+
+Please discuss this release on the samba-technical mailing list or by
+joining the #samba-technical:matrix.org matrix room, or
+#samba-technical IRC channel on irc.libera.chat.
+
+If you do report problems then please try to send high quality
+feedback. If you don't provide vital information to help us track down
+the problem then you will probably be ignored. All bug reports should
+be filed under the Samba 4.1 and newer product in the project's Bugzilla
+database (https://bugzilla.samba.org/).
+
+
+======================================================================
+== Our Code, Our Bugs, Our Responsibility.
+== The Samba Team
+======================================================================
+
+
+Release notes for older releases follow:
+----------------------------------------
==============================
Release Notes for Samba 4.21.6
June 03, 2025
@@ -92,8 +174,7 @@ database (https://bugzilla.samba.org/).
======================================================================
-Release notes for older releases follow:
-----------------------------------------
+----------------------------------------------------------------------
==============================
Release Notes for Samba 4.21.5
March 31, 2025
diff --git a/lib/util/debug.c b/lib/util/debug.c
index 86f13f181cf..f79b8811a4b 100644
--- a/lib/util/debug.c
+++ b/lib/util/debug.c
@@ -95,6 +95,7 @@ static struct {
bool reopening_logs;
bool schedule_reopen_logs;
int forced_log_priority;
+ bool disable_syslog;
struct debug_settings settings;
debug_callback_fn callback;
@@ -302,6 +303,10 @@ static void debug_syslog_log(int msg_level, const char
*msg, size_t msg_len)
{
int priority;
+ if (state.disable_syslog) {
+ return;
+ }
+
priority = debug_level_to_priority(msg_level);
/*
@@ -1124,6 +1129,16 @@ void debug_set_forced_log_priority(int
forced_log_priority)
state.forced_log_priority = forced_log_priority;
}
+void debug_disable_syslog(void)
+{
+ state.disable_syslog = true;
+}
+
+void debug_enable_syslog(void)
+{
+ state.disable_syslog = false;
+}
+
/**
* Ensure debug logs are initialised.
*
diff --git a/lib/util/debug.h b/lib/util/debug.h
index a4ad56048ff..5dc36369558 100644
--- a/lib/util/debug.h
+++ b/lib/util/debug.h
@@ -276,9 +276,16 @@ void debuglevel_set_class(size_t idx, int level);
#define DBGLVL_INFO 5 /* informational message */
#define DBGLVL_DEBUG 10 /* debug-level message */
+/*
+ * Logging to syslog will be disabled as messages on debug level 0 are always
+ * reported to syslog too. We don't want to clutter the syslog with startup
+ * messages from rpc on demand daemons.
+ */
#define DBG_STARTUP_NOTICE(...) do { \
debug_set_forced_log_priority(DBGLVL_NOTICE); \
+ debug_disable_syslog(); \
D_ERR(__VA_ARGS__); \
+ debug_enable_syslog(); \
debug_set_forced_log_priority(-1); \
} while(0)
@@ -362,6 +369,8 @@ void debug_set_settings(struct debug_settings *settings,
int syslog_level, bool syslog_only);
void debug_set_hostname(const char *name);
void debug_set_forced_log_priority(int forced_log_priority);
+void debug_disable_syslog(void);
+void debug_enable_syslog(void);
bool reopen_logs_internal( void );
void force_check_log_size( void );
bool need_to_check_log_size( void );
diff --git a/libcli/tstream_binding_handle/tstream_binding_handle.c
b/libcli/tstream_binding_handle/tstream_binding_handle.c
index 76f54a7f338..672fd3b89c6 100644
--- a/libcli/tstream_binding_handle/tstream_binding_handle.c
+++ b/libcli/tstream_binding_handle/tstream_binding_handle.c
@@ -35,8 +35,17 @@ struct tstream_bh_state {
size_t call_initial_read_size;
tstream_read_pdu_blob_full_fn_t *complete_pdu_fn;
void *complete_pdu_fn_private;
+ const struct dcerpc_binding *binding;
};
+static const struct dcerpc_binding *tstream_bh_get_binding(struct
dcerpc_binding_handle *h)
+{
+ struct tstream_bh_state *hs = dcerpc_binding_handle_data(
+ h, struct tstream_bh_state);
+
+ return hs->binding;
+}
+
static bool tstream_bh_is_connected(struct dcerpc_binding_handle *h)
{
struct tstream_bh_state *hs = dcerpc_binding_handle_data(
@@ -290,6 +299,7 @@ static NTSTATUS tstream_bh_call_recv(struct tevent_req *req,
static const struct dcerpc_binding_handle_ops tstream_bh_ops = {
.name = "tstream_binding_handle",
+ .get_binding = tstream_bh_get_binding,
.is_connected = tstream_bh_is_connected,
.set_timeout = tstream_bh_set_timeout,
.raw_call_send = tstream_bh_call_send,
@@ -309,6 +319,8 @@ struct dcerpc_binding_handle *tstream_binding_handle_create(
{
struct dcerpc_binding_handle *h = NULL;
struct tstream_bh_state *hs = NULL;
+ struct dcerpc_binding *b = NULL;
+ NTSTATUS status;
h = dcerpc_binding_handle_create(mem_ctx,
&tstream_bh_ops,
@@ -333,6 +345,13 @@ struct dcerpc_binding_handle
*tstream_binding_handle_create(
return NULL;
}
+ status = dcerpc_parse_binding(hs, "", &b);
+ if (!NT_STATUS_IS_OK(status)) {
+ TALLOC_FREE(h);
+ return NULL;
+ }
+ hs->binding = b;
+
if (max_data > 0) {
tstream_smbXcli_np_set_max_data(hs->stream, max_data);
}
diff --git a/librpc/rpc/binding_handle.c b/librpc/rpc/binding_handle.c
index 41675e10360..8ace6722a43 100644
--- a/librpc/rpc/binding_handle.c
+++ b/librpc/rpc/binding_handle.c
@@ -87,6 +87,17 @@ void dcerpc_binding_handle_set_sync_ev(struct
dcerpc_binding_handle *h,
h->sync_ev = ev;
}
+const struct dcerpc_binding *dcerpc_binding_handle_get_binding(struct
dcerpc_binding_handle *h)
+{
+ return h->ops->get_binding(h);
+}
+
+enum dcerpc_transport_t dcerpc_binding_handle_get_transport(struct
dcerpc_binding_handle *h)
+{
+ const struct dcerpc_binding *b = dcerpc_binding_handle_get_binding(h);
+ return dcerpc_binding_get_transport(b);
+}
+
bool dcerpc_binding_handle_is_connected(struct dcerpc_binding_handle *h)
{
return h->ops->is_connected(h);
@@ -98,6 +109,27 @@ uint32_t dcerpc_binding_handle_set_timeout(struct
dcerpc_binding_handle *h,
return h->ops->set_timeout(h, timeout);
}
+bool dcerpc_binding_handle_transport_encrypted(struct dcerpc_binding_handle *h)
+{
+ if (h->ops->transport_encrypted == NULL) {
+ return false;
+ }
+
+ return h->ops->transport_encrypted(h);
+}
+
+NTSTATUS dcerpc_binding_handle_transport_session_key(
+ struct dcerpc_binding_handle *h,
+ TALLOC_CTX *mem_ctx,
+ DATA_BLOB *session_key)
+{
+ if (h->ops->transport_session_key == NULL) {
+ return NT_STATUS_NO_USER_SESSION_KEY;
+ }
+
+ return h->ops->transport_session_key(h, mem_ctx, session_key);
+}
+
void dcerpc_binding_handle_auth_info(struct dcerpc_binding_handle *h,
enum dcerpc_AuthType *auth_type,
enum dcerpc_AuthLevel *auth_level)
@@ -123,6 +155,18 @@ void dcerpc_binding_handle_auth_info(struct
dcerpc_binding_handle *h,
h->ops->auth_info(h, auth_type, auth_level);
}
+NTSTATUS dcerpc_binding_handle_auth_session_key(
+ struct dcerpc_binding_handle *h,
+ TALLOC_CTX *mem_ctx,
+ DATA_BLOB *session_key)
+{
+ if (h->ops->auth_session_key == NULL) {
+ return NT_STATUS_NO_USER_SESSION_KEY;
+ }
+
+ return h->ops->auth_session_key(h, mem_ctx, session_key);
+}
+
struct dcerpc_binding_handle_raw_call_state {
const struct dcerpc_binding_handle_ops *ops;
uint8_t *out_data;
diff --git a/librpc/rpc/dcerpc_error.c b/librpc/rpc/dcerpc_error.c
index d5b5b66ab6a..26c96336615 100644
--- a/librpc/rpc/dcerpc_error.c
+++ b/librpc/rpc/dcerpc_error.c
@@ -40,9 +40,9 @@ static const struct dcerpc_fault_table dcerpc_faults[] =
_FAULT_STR_NO_NT_MAPPING(DCERPC_NCA_S_YOU_CRASHED),
_FAULT_STR(DCERPC_NCA_S_PROTO_ERROR, NT_STATUS_RPC_PROTOCOL_ERROR),
_FAULT_STR_NO_NT_MAPPING(DCERPC_NCA_S_OUT_ARGS_TOO_BIG),
- _FAULT_STR_NO_NT_MAPPING(DCERPC_NCA_S_SERVER_TOO_BUSY),
+ _FAULT_STR(DCERPC_NCA_S_SERVER_TOO_BUSY, NT_STATUS_RPC_SERVER_TOO_BUSY),
_FAULT_STR_NO_NT_MAPPING(DCERPC_NCA_S_FAULT_STRING_TOO_LARGE),
- _FAULT_STR_NO_NT_MAPPING(DCERPC_NCA_S_UNSUPPORTED_TYPE),
+ _FAULT_STR(DCERPC_NCA_S_UNSUPPORTED_TYPE,
NT_STATUS_RPC_UNSUPPORTED_TYPE),
_FAULT_STR_NO_NT_MAPPING(DCERPC_NCA_S_FAULT_ADDR_ERROR),
_FAULT_STR(DCERPC_NCA_S_FAULT_FP_DIV_BY_ZERO,
NT_STATUS_RPC_FP_DIV_ZERO),
_FAULT_STR(DCERPC_NCA_S_FAULT_FP_UNDERFLOW, NT_STATUS_RPC_FP_UNDERFLOW),
diff --git a/librpc/rpc/dcerpc_util.c b/librpc/rpc/dcerpc_util.c
index 51a8a11ac4a..e01391e6dcd 100644
--- a/librpc/rpc/dcerpc_util.c
+++ b/librpc/rpc/dcerpc_util.c
@@ -647,13 +647,13 @@ NTSTATUS dcerpc_read_ncacn_packet_recv(struct tevent_req
*req,
return NT_STATUS_OK;
}
-const char *dcerpc_default_transport_endpoint(TALLOC_CTX *mem_ctx,
- enum dcerpc_transport_t transport,
- const struct ndr_interface_table
*table)
+char *dcerpc_default_transport_endpoint(TALLOC_CTX *mem_ctx,
+ enum dcerpc_transport_t transport,
+ const struct ndr_interface_table *table)
{
NTSTATUS status;
const char *p = NULL;
- const char *endpoint = NULL;
+ char *endpoint = NULL;
uint32_t i;
struct dcerpc_binding *default_binding = NULL;
TALLOC_CTX *frame = talloc_stackframe();
diff --git a/librpc/rpc/dcerpc_util.h b/librpc/rpc/dcerpc_util.h
index 4e49e3e8572..86c254e539c 100644
--- a/librpc/rpc/dcerpc_util.h
+++ b/librpc/rpc/dcerpc_util.h
@@ -36,9 +36,9 @@ uint8_t dcerpc_get_endian_flag(DATA_BLOB *blob);
uint8_t dcerpc_get_auth_type(const DATA_BLOB *blob);
uint8_t dcerpc_get_auth_level(const DATA_BLOB *blob);
uint32_t dcerpc_get_auth_context_id(const DATA_BLOB *blob);
-const char *dcerpc_default_transport_endpoint(TALLOC_CTX *mem_ctx,
- enum dcerpc_transport_t transport,
- const struct ndr_interface_table
*table);
+char *dcerpc_default_transport_endpoint(TALLOC_CTX *mem_ctx,
+ enum dcerpc_transport_t transport,
+ const struct ndr_interface_table
*table);
NTSTATUS dcerpc_pull_ncacn_packet(TALLOC_CTX *mem_ctx,
const DATA_BLOB *blob,
diff --git a/librpc/rpc/dcesrv_core.c b/librpc/rpc/dcesrv_core.c
index 66478001640..7fb23d49d61 100644
--- a/librpc/rpc/dcesrv_core.c
+++ b/librpc/rpc/dcesrv_core.c
@@ -783,8 +783,8 @@ static void dcesrv_call_set_list(struct dcesrv_call_state
*call,
}
}
-static void dcesrv_call_disconnect_after(struct dcesrv_call_state *call,
- const char *reason)
+void dcesrv_call_disconnect_after(struct dcesrv_call_state *call,
+ const char *reason)
{
struct dcesrv_auth *a = NULL;
diff --git a/librpc/rpc/dcesrv_core.h b/librpc/rpc/dcesrv_core.h
index 90f5bd21d64..0b69af575b2 100644
--- a/librpc/rpc/dcesrv_core.h
+++ b/librpc/rpc/dcesrv_core.h
@@ -566,6 +566,9 @@ NTSTATUS dcesrv_auth_session_key(struct dcesrv_call_state
*call,
NTSTATUS dcesrv_transport_session_key(struct dcesrv_call_state *call,
DATA_BLOB *session_key);
+void dcesrv_call_disconnect_after(struct dcesrv_call_state *call,
+ const char *reason);
+
/* a useful macro for generating a RPC fault in the backend code */
#define DCESRV_FAULT(code) do { \
dce_call->fault_code = code; \
diff --git a/librpc/rpc/rpc_common.h b/librpc/rpc/rpc_common.h
index 76557101dcd..493c3137126 100644
--- a/librpc/rpc/rpc_common.h
+++ b/librpc/rpc/rpc_common.h
@@ -172,13 +172,23 @@ enum dcerpc_transport_t dcerpc_transport_by_tower(const
struct epm_tower *tower)
struct dcerpc_binding_handle_ops {
const char *name;
+ const struct dcerpc_binding *(*get_binding)(struct
dcerpc_binding_handle *h);
+
bool (*is_connected)(struct dcerpc_binding_handle *h);
uint32_t (*set_timeout)(struct dcerpc_binding_handle *h,
uint32_t timeout);
+ bool (*transport_encrypted)(struct dcerpc_binding_handle *h);
+ NTSTATUS (*transport_session_key)(struct dcerpc_binding_handle *h,
+ TALLOC_CTX *mem_ctx,
+ DATA_BLOB *session_key);
+
void (*auth_info)(struct dcerpc_binding_handle *h,
enum dcerpc_AuthType *auth_type,
enum dcerpc_AuthLevel *auth_level);
+ NTSTATUS (*auth_session_key)(struct dcerpc_binding_handle *h,
+ TALLOC_CTX *mem_ctx,
+ DATA_BLOB *session_key);
struct tevent_req *(*raw_call_send)(TALLOC_CTX *mem_ctx,
struct tevent_context *ev,
@@ -245,15 +255,31 @@ void *_dcerpc_binding_handle_data(struct
dcerpc_binding_handle *h);
_DEPRECATED_ void dcerpc_binding_handle_set_sync_ev(struct
dcerpc_binding_handle *h,
struct tevent_context *ev);
+const struct dcerpc_binding *dcerpc_binding_handle_get_binding(struct
dcerpc_binding_handle *h);
+
+enum dcerpc_transport_t dcerpc_binding_handle_get_transport(struct
dcerpc_binding_handle *h);
+
bool dcerpc_binding_handle_is_connected(struct dcerpc_binding_handle *h);
uint32_t dcerpc_binding_handle_set_timeout(struct dcerpc_binding_handle *h,
uint32_t timeout);
+bool dcerpc_binding_handle_transport_encrypted(struct dcerpc_binding_handle
*h);
+
+NTSTATUS dcerpc_binding_handle_transport_session_key(
+ struct dcerpc_binding_handle *h,
+ TALLOC_CTX *mem_ctx,
+ DATA_BLOB *session_key);
+
void dcerpc_binding_handle_auth_info(struct dcerpc_binding_handle *h,
enum dcerpc_AuthType *auth_type,
enum dcerpc_AuthLevel *auth_level);
+NTSTATUS dcerpc_binding_handle_auth_session_key(
+ struct dcerpc_binding_handle *h,
+ TALLOC_CTX *mem_ctx,
+ DATA_BLOB *session_key);
+
struct tevent_req *dcerpc_binding_handle_raw_call_send(TALLOC_CTX *mem_ctx,
struct tevent_context *ev,
struct dcerpc_binding_handle *h,
diff --git a/pidl/lib/Parse/Pidl/Samba4/Python.pm
b/pidl/lib/Parse/Pidl/Samba4/Python.pm
index 63f0f72605d..9bcdea3b15b 100644
--- a/pidl/lib/Parse/Pidl/Samba4/Python.pm
+++ b/pidl/lib/Parse/Pidl/Samba4/Python.pm
@@ -1547,11 +1547,30 @@ sub Interface($$$)
$self->pidl("");
my $signature =
-"\"$interface->{NAME}(binding, lp_ctx=None, credentials=None) ->
connection\\n\"
-\"\\n\"
-\"binding should be a DCE/RPC binding string (for example:
ncacn_ip_tcp:127.0.0.1)\\n\"
-\"lp_ctx should be a path to a smb.conf file or a param.LoadParm object\\n\"
-\"credentials should be a credentials.Credentials object.\\n\\n\"";
+"\"$interface->{NAME}(binding, lp_ctx=None, credentials=None,
basis_connection=None) -> connection\\n\"
+\"\\n\\n\"
+\"Parameters\\n\"
+\"----------\\n\"
+\"binding : str\\n\"
+\" A DCE/RPC binding string (for example: ncacn_ip_tcp:127.0.0.1)\\n\"
+\"lp_ctx : param.LoadParm\\n\"
+\" Should be a path to a smb.conf file or a param.LoadParm object\\n\"
+\"credentials : credentials.Credentials, optional\\n\"
+\" A credentials.Credentials object (default is None).\\n\"
+\"basis_connection : samba.dcerpc.ClientConnection, optional\\n\"
+\" A $interface->{NAME} client connection object (default is None).\\n\"
+\"\\n\\n\"
+\"Returns\\n\"
+\"-------\\n\"
+\"samba.dcerpc.ClientConnection\\n\"
+\" A ClientConnection object\\n\"
+\"\\n\\n\"
+\"Raises\\n\"
+\"------\\n\"
+\"samba.NTSTATUSError\\n\"
+\" An NTSTATUS error\\n\"
+\"\\n\"";
+
my $docstring = $self->DocString($interface,
$interface->{NAME});
diff --git a/python/samba/lsa_utils.py b/python/samba/lsa_utils.py
index 043e65f3341..506dc399c93 100644
--- a/python/samba/lsa_utils.py
+++ b/python/samba/lsa_utils.py
@@ -20,24 +20,27 @@ from samba.dcerpc import lsa, drsblobs, misc
from samba.ndr import ndr_pack
from samba import (
NTSTATUSError,
+ ntstatus,
aead_aes_256_cbc_hmac_sha512,
arcfour_encrypt,
--
Samba Shared Repository
