1
0
mirror of https://github.com/samba-team/samba.git synced 2025-01-27 14:04:05 +03:00

4251 Commits

Author SHA1 Message Date
Andrew Bartlett
e49656e2ee auth: Use only security_token_is_system to determine that a user is SYSTEM
This removes the duplication on how to detect that a user is system in Samba
now that the smbd system account is also only SID_NT_SYSTEM we can use the same
check everywhere.

Andrew Bartlett

Signed-off-by: Andreas Schneider <asn@samba.org>
2012-06-19 10:38:13 +02:00
Andreas Schneider
faf24ed6ce s3-spoolss: delete_drivers should be called as the connecting user.
Signed-off-by: Andreas Schneider <asn@samba.org>
2012-06-19 10:38:13 +02:00
Stefan Metzmacher
8693a4fff9 s3:lib: split things into a conn_tdb.h
metze

Autobuild-User: Stefan Metzmacher <metze@samba.org>
Autobuild-Date: Tue Jun  5 19:28:35 CEST 2012 on sn-devel-104
2012-06-05 19:28:35 +02:00
Stefan Metzmacher
69fd1bb66e s3:rpc_server: don't do any magic in is_known_pipename() anymore
The callers have to check if they allow something else than
the raw pipe file name.

If we allow more than windows allows, we risks Samba specific
client behavior. E.g. winbindd only works against Samba servers.

metze
2012-05-28 19:52:00 +02:00
Stefan Metzmacher
6777e345b1 s3:rpc_server: return OBJECT_NAME_NOT_FOUND instead of PIPE_NOT_AVAILABLE
metze
2012-05-28 19:51:57 +02:00
Luk Claes
d8c0646a5d s3:libsmb: get rid of cli_state_protocol
Signed-off-by: Luk Claes <luk@debian.org>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
2012-05-28 14:49:45 +02:00
Stefan Metzmacher
758d61201f s3:smbd/msdfs: pass 'allow_broken_path' to get_referred_path()
Note the DCERPC code should not be smb2 specific!

I wonder why this is at all smb2 specific...

metze
2012-05-24 14:12:32 +02:00
Stefan Metzmacher
a92f7176bd s3:smbd/msdfs: let create_conn_struct() also fake the 'smbd_server_connection'
metze
2012-05-24 14:12:32 +02:00
Stefan Metzmacher
b21176875a s3:rpc_server/dfs: pass allow_broken_path=true to create_junction()
DCERPC code can't be smb2 specific!

I'm not sure if 'true' is the correct value here, but at least
it matches the old behavior and the tcp and smb1 cases.

metze

Autobuild-User: Stefan Metzmacher <metze@samba.org>
Autobuild-Date: Wed May 23 21:56:05 CEST 2012 on sn-devel-104
2012-05-23 21:56:05 +02:00
Volker Lendecke
815eb53b33 s3: Fix Coverity ID 242714 Uninitialized scalar variable
In an error path we are closing domain_handle without opening it
2012-05-10 09:11:58 +02:00
Andreas Schneider
0d87c0fe97 s3-spoolss: Set DWORD values correctly.
Autobuild-User: Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date: Wed May  9 11:13:00 CEST 2012 on sn-devel-104
2012-05-09 11:12:59 +02:00
Jeremy Allison
6f3e011f84 Fix bug - self granting privileges in security=ads.
Autobuild-User: Stefan Metzmacher <metze@samba.org>
Autobuild-Date: Tue May  1 01:04:46 CEST 2012 on sn-devel-104
2012-05-01 01:04:46 +02:00
Gregor Beck
cd2616cc16 s3:registry: remove usage of reg_objects from srv_spoolss_nt.c
Signed-off-by: Andreas Schneider <asn@samba.org>
2012-04-25 14:11:06 +02:00
Andrew Bartlett
0eacc47622 param: Change from _lp to lp__ as the prefix for internal parameter wrappers
This will make a merge with the lib/param param code easier, as we can then paste lp_ to the front of
all parameters unconditionally.

Andrew Bartlett
2012-04-16 14:32:38 +10:00
Andrew Bartlett
f6e0532024 build: Remove SMB_STRUCT_DIR define 2012-04-05 02:39:09 +02:00
Andrew Bartlett
3e8a6e5760 build: Remove sys_closedir wrapper 2012-04-05 02:39:09 +02:00
Andrew Bartlett
fe526bb32b build: Remove sys_opendir wrapper 2012-04-05 02:39:09 +02:00
Andrew Bartlett
d166b79852 build: Remove sys_open wrapper 2012-04-05 02:39:08 +02:00
Jelmer Vernooij
c9fb33697d use usleep rather than sys_usleep in various places, in anticipation of usleep moving to libreplace. 2012-03-24 22:41:05 +01:00
Jelmer Vernooij
c0288e0612 lib/util: Remove obsolete sys_getpid() and sys_fork().
The performance of these is minimal (these days) and they can return
invalid results when used as part of applications that do not use
sys_fork().

Autobuild-User: Jelmer Vernooij <jelmer@samba.org>
Autobuild-Date: Sat Mar 24 21:55:41 CET 2012 on sn-devel-104
2012-03-24 21:55:40 +01:00
Jelmer Vernooij
71d41a015a libreplace: Add getpeereid implementation. 2012-03-24 16:00:36 +01:00
Jelmer Vernooij
818e0722e1 lib/util: Remove dummy wrapper for getpwnam(). 2012-03-24 15:24:15 +01:00
Jelmer Vernooij
b4d35bee38 libndr: Rename policy_handle_empty to ndr_policy_handle_empty.
This makes the NDR namespace a bit clearer, in preparation of ABI checking.
2012-03-20 13:54:07 +01:00
Jelmer Vernooij
95ca5fbadd libndr: Rename ndr64_transfer_syntax and null_ndr_syntax_id so they have a ndr_ prefix.
This makes the NDR namespace a bit clearer, in preparation of ABI checking.
2012-03-20 13:54:07 +01:00
Andreas Schneider
db0ea16604 s3-spoolss: Check return type of update_dsspooler().
Autobuild-User: Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date: Wed Mar 14 19:38:45 CET 2012 on sn-devel-104
2012-03-14 19:38:45 +01:00
Andreas Schneider
c3c3d3ac3f s3-spoolss: Check return codes in update_dsspooler. 2012-03-14 17:56:14 +01:00
Andreas Schneider
4bccc911b8 s3-rpc_server: Increase debug level for policy handle. 2012-03-14 17:56:13 +01:00
Andrew Bartlett
6ff5854c4f s3-spoolss: Consistently fail OpenPrinterEx with "" printername
samba3.rpc.spoolss.printserver has become a flakey test recently, and this
papers over the real problem.

Andrew Bartlett

Signed-off-by: Günther Deschner <gd@samba.org>

Autobuild-User: Günther Deschner <gd@samba.org>
Autobuild-Date: Tue Mar 13 17:51:00 CET 2012 on sn-devel-104
2012-03-13 17:50:59 +01:00
Alexander Bokovoy
7d4ed89983 s3-rpc: Decrypt with the proper session key in CreateTrustedDomainEx2.
On LSA and SAMR pipes session_key is truncated to 16 byte when doing encryption/decryption.
However, this was not done for trusted domain-related modifying operations.

As result, Samba 4 client libraries do not work against Samba 3 while working
against Windows 2008 r2.

Solved this by introducing "session_extract_session_key()" function that allows to specify
intent of use of the key.

Signed-off-by: Andreas Schneider <asn@samba.org>

Autobuild-User: Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date: Tue Mar 13 12:23:44 CET 2012 on sn-devel-104
2012-03-13 12:23:44 +01:00
Andrew Bartlett
77602d877e s3-auth: Remove single-implementation plugin layer
The ->get_ntlm_challenge and ->check_ntlm_password elements of struct auth_context
were only ever initialised to a single value.  Make it easier to follow by
just calling the function directly.

Andrew Bartlett
2012-03-08 10:14:05 +01:00
Andrew Bartlett
54d36099ec s3-rpc_server: Do not register embedded ncacn_np endpoints by default
The end point mapper is primarily in support of lsasd, and the key
SAMR, LSA and NETLOGON services being accessed over TCP/IP.  The end
point mapper does not appear to be used for the well-known mappings to
named pipes, and we have a problem with how to safely register the
embedded pipes.  For now, disable this to avoid re-registration storms
in production, until we sort out a better way.

Andrew Bartlett

Autobuild-User: Andrew Bartlett <abartlet@samba.org>
Autobuild-Date: Wed Mar  7 14:27:38 CET 2012 on sn-devel-104
2012-03-07 14:27:38 +01:00
Andrew Bartlett
8466b3c85e s3-rpc_server: Do not setup ncalrpc pipes and TCP for embedded rpc servers
Embedded RPC services are those not launched in the preforked lsasd
and spoolssd children.

The reason that these child processes were created is that is is not
possible to correctly listen for ncalrpc and TCP connections without
creating a child process.  Therefore, we should not have these
embedded RPC services to listen on these sockets just because the
endpoint mapper has been enabled.

Andrew Bartlett
2012-03-07 12:46:13 +01:00
Andrew Bartlett
074ee6f34c s3-rpc_server: Remove remaining code for embedded endpoint mapper
Signed-off-by: Andreas Schneider <asn@samba.org>

Autobuild-User: Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date: Mon Mar  5 23:14:33 CET 2012 on sn-devel-104
2012-03-05 23:14:33 +01:00
Andrew Bartlett
be7bcf0e55 s3-rpc_server: Only init and register embedded RPC services in dcesrv_ep_setup()
This consults the two definitions for embedded, that is if the deamon is forking
or if the rpc_server:<interface> line is set to embedded.

Andrew Bartlett

Signed-off-by: Andreas Schneider <asn@samba.org>
2012-03-05 21:34:25 +01:00
Volker Lendecke
cae455f688 s3: Fix a "Invalid (state->nread >= 0)" warning
Both read_from_internal_pipe and tstream_readv_pdu_queue_recv return
ssize_t.

Autobuild-User: Volker Lendecke <vl@samba.org>
Autobuild-Date: Mon Mar  5 17:38:16 CET 2012 on sn-devel-104
2012-03-05 17:38:16 +01:00
Andrew Bartlett
14d31376aa s3-lsasd: Fix debug messages on registration failure
Autobuild-User: Andrew Bartlett <abartlet@samba.org>
Autobuild-Date: Mon Mar  5 09:50:17 CET 2012 on sn-devel-104
2012-03-05 09:50:17 +01:00
Andrew Bartlett
8b99c83d2f s3-rpc_server: consolidate rpc server init routines
This uses a helper function to reduce duplication.

Andrew Bartlett
2012-03-04 23:33:05 +01:00
Volker Lendecke
b6f4a5d0ee s3: Fix some && vs & warnings
Signed-off-by: Andreas Schneider <asn@samba.org>

Autobuild-User: Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date: Sun Mar  4 13:31:25 CET 2012 on sn-devel-104
2012-03-04 13:31:25 +01:00
Andrew Bartlett
b07d504ca4 change low FDs are handled in Samba
We now only close fds 0, 1, 2 when we are a forked daemon, and take
care not to close a file descriptor that we might need for foreground
stdin monitoring.

This should fix stdout logging in the lsa and epmapper deamons (ie in
make test).

Andrew Bartlett
2012-03-04 10:14:34 +01:00
Volker Lendecke
c887cb6852 s3: Fix a bogus if (client_len < 0)
On some platforms socklen_t might be unsigned, so comparing for <0
always returns true. Also, tsocket_address_bsd_sockaddr returns
ssize_t.

Autobuild-User: Volker Lendecke <vl@samba.org>
Autobuild-Date: Sat Mar  3 23:38:31 CET 2012 on sn-devel-104
2012-03-03 23:38:31 +01:00
Stefan Metzmacher
89b413895b s3:rpc_server: initialize struct schannel_state to zero
metze

Autobuild-User: Stefan Metzmacher <metze@samba.org>
Autobuild-Date: Fri Mar  2 08:48:23 CET 2012 on sn-devel-104
2012-03-02 08:48:23 +01:00
Andrew Bartlett
757c9b79ea s3-rpc_server Remove unused function auth_generic_server_start() 2012-02-23 16:14:18 +11:00
Andrew Bartlett
2b511f0e92 s3-librpc: Use gensec_spnego for DCE/RPC authentication
This ensures that we use the same SPNEGO code on session setup and on
DCE/RPC binds, and simplfies the calling code as spnego is no longer
a special case in cli_pipe.c

A special case wrapper function remains to avoid changing the
application layer callers in this patch.

Andrew Bartlett

Signed-off-by: Stefan Metzmacher <metze@samba.org>
2012-02-16 15:18:42 +01:00
Matthieu Patou
474c02acac s3-waf: add dependency on talloc or it won't build if talloc.h is not in the default include path
The problem occurs only if talloc, tdb and ldb are used as system
libraries and talloc is not installed in a default.

Autobuild-User: Matthieu Patou <mat@samba.org>
Autobuild-Date: Fri Feb 10 23:27:29 CET 2012 on sn-devel-104
2012-02-10 23:27:29 +01:00
Andreas Schneider
6d06a310f3 s3-waf: Fix cups dependency in PRINTING. 2012-01-25 11:58:30 +01:00
Andreas Schneider
a5b4a47b7c s3-waf: Add missing dependency to RPC_WINREG. 2012-01-25 11:58:30 +01:00
David Disseldorp
c3a7573a84 s3-spoolss: fix incorrect error check type
NT_STATUS_IS_OK used to check WERROR type.

Autobuild-User: David Disseldorp <ddiss@samba.org>
Autobuild-Date: Sun Jan 22 05:03:36 CET 2012 on sn-devel-104
2012-01-22 05:03:36 +01:00
David Disseldorp
7123b592fe s3-spoolss: fix printer_driver_files_in_use() call ordering
printer_driver_files_in_use() performs two tasks: it returns whether any
of the files in the to-be-deleted driver overlap with other drivers, it
also trims such files from the info structure passed in.

In processing a DeletePrinterDataEx request with DPD_DELETE_UNUSED_FILES
set, printer_driver_files_in_use() must be called to ensure files in
use by other drivers are not removed.

https://bugzilla.samba.org/show_bug.cgi?id=4942

Signed-off-by: Andreas Schneider <asn@samba.org>
2012-01-20 17:44:06 +01:00
David Disseldorp
b5f780c418 s3-spoolss: fix printer driver version deletion
Spoolss delete printer driver code currently makes invalid version
assumptions based on the architecture requested by the client.

Ugly hacks are in place to cover removal of other versions (2 and 3).
This change wraps multi version deletion in a simple for loop.

Signed-off-by: Andreas Schneider <asn@samba.org>
2012-01-20 17:43:50 +01:00
Andrew Bartlett
1b5870a6d1 s3-librpc Remove unused dcesrv_gssapi.[ch] functions
The code from dcesrv_gssapi.c is now
in source3/auth/auth_generic.c as an auth callback.

Andrew Bartlett

Signed-off-by: Stefan Metzmacher <metze@samba.org>
2012-01-18 16:23:22 +01:00