sin/samba-mirror
1
0
Fork 0
mirror of https://github.com/samba-team/samba.git synced 2025-01-13 13:18:06 +03:00
Code
104,981 Commits 60 Branches 1,145 Tags 452 MiB
4198327897
Commit Graph

4462 Commits

Author SHA1 Message Date
Günther Deschner
4198327897 werror: replace WERR_BADFID with WERR_INVALID_HANDLE in source3/rpc_server/spoolss/ 
Guenther

Signed-off-by: Guenther Deschner <gd@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
 2016-09-28 00:04:18 +02:00
Günther Deschner
3af16e4abd werror: replace WERR_BADFILE with WERR_FILE_NOT_FOUND in source3/rpc_client/ 
Guenther

Signed-off-by: Guenther Deschner <gd@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
 2016-09-28 00:04:17 +02:00
Günther Deschner
46eace2f9f werror: replace WERR_BADFUNC with WERR_INVALID_FUNCTION in source3/rpc_server/spoolss/srv_spoolss_nt.c 
Guenther

Signed-off-by: Guenther Deschner <gd@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
 2016-09-28 00:04:16 +02:00
Andreas Schneider
631e063f6b s3-lib: Do not set an empty string in split_domain_user() 
The function should also return if it failed or not.

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>

Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Sun Sep 25 12:56:17 CEST 2016 on sn-devel-144
 2016-09-25 12:56:17 +02:00
Jeremy Allison
fbfea52e1c s3: server: s3_tevent_context_init() -> samba_tevent_context_init() 
We can now remove source3/lib/events.c

Bug: https://bugzilla.samba.org/show_bug.cgi?id=12283
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
 2016-09-24 19:52:08 +02:00
Günther Deschner
4ca831d09c s3-spoolss: in _spoolss_OpenPrinterEx map max_allowed for the print server 
TODO: do real access checks against the security descriptor.

Pair-Programmed-With: Stefan Metzmacher <metze@samba.org>

Signed-off-by: Guenther Deschner <gd@samba.org>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
 2016-09-22 12:29:27 +02:00
Günther Deschner
52b8b592c2 s3-spoolss: allow SetPrinter level 3 for server handles as well. 
Guenther

Signed-off-by: Guenther Deschner <gd@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
 2016-09-22 12:29:27 +02:00
Günther Deschner
b9475e88de s3-spoolss: use server sd stored in the backend in _spoolss_GetPrinter level 3 
Guenther

Signed-off-by: Guenther Deschner <gd@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
 2016-09-22 12:29:27 +02:00
Günther Deschner
e207febf15 s3-spoolss: Fix _spoolss_GetPrinter behaviour for server handles. 
Without this the security tab of the print server properties will be obviously
empty and only display a warning.

Guenther

Signed-off-by: Guenther Deschner <gd@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
 2016-09-22 12:29:27 +02:00
Günther Deschner
1e4ea50a4c spoolss: rename spoolss_RpcSendRecvBidiData to spoolss_SendRecvBidiData 
Guenther

Signed-off-by: Guenther Deschner <gd@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
 2016-09-22 12:29:27 +02:00
Günther Deschner
6476153069 spoolss: rename spoolss_RpcEnumJobNamedProperties to spoolss_EnumJobNamedProperties 
Guenther

Signed-off-by: Guenther Deschner <gd@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
 2016-09-22 12:29:27 +02:00
Günther Deschner
cdf958824e spoolss: rename spoolss_RpcDeleteJobNamedProperty to spoolss_DeleteJobNamedProperty 
Guenther

Signed-off-by: Guenther Deschner <gd@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
 2016-09-22 12:29:27 +02:00
Günther Deschner
17d94d0531 spoolss: rename spoolss_RpcSetJobNamedProperty to spoolss_SetJobNamedProperty 
Guenther

Signed-off-by: Guenther Deschner <gd@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
 2016-09-22 12:29:26 +02:00
Günther Deschner
d64b316fed spoolss: rename spoolss_RpcGetJobNamedPropertyValue to spoolss_GetJobNamedPropertyValue 
Guenther

Signed-off-by: Guenther Deschner <gd@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
 2016-09-22 12:29:26 +02:00
Günther Deschner
23f404b7f5 spoolss: rename spoolss_EnumPrintProcDataTypes to spoolss_EnumPrintProcessorDataTypes 
This change makes automatic mapping for PAR->RPRN opcodes easier.

Guenther

Signed-off-by: Guenther Deschner <gd@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
 2016-09-22 12:29:26 +02:00
Günther Deschner
d6d7871bde s3-spoolss: avoid referencing p->opnum in _spoolss_AddPrinterDriverEx 
When called by another protocol, this call would fail when called with an
unexpected opnum... This change is in preparation for supporting MS-PAR.

Guenther

Signed-off-by: Guenther Deschner <gd@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
 2016-09-11 19:57:26 +02:00
Günther Deschner
24b5a44c7d s3-spoolss: add missing newline in debug message of _spoolss_OpenPrinterEx. 
Guenther

Signed-off-by: Guenther Deschner <gd@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
 2016-09-11 19:57:25 +02:00
Günther Deschner
0d2dd7eb9b spoolss: add IDL for spoolss_LogJobInfoForBranchOffice. 
Guenther

Signed-off-by: Guenther Deschner <gd@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
 2016-09-11 19:57:25 +02:00
Günther Deschner
d8b57e3828 s3-spoolss: fix _spoolss_GetPrinterDataEx by moving the keyname lengthcheck. 
Guenther

Signed-off-by: Guenther Deschner <gd@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>

Autobuild-User(master): Günther Deschner <gd@samba.org>
Autobuild-Date(master): Wed Sep  7 03:00:14 CEST 2016 on sn-devel-144
 2016-09-07 03:00:14 +02:00
Ralph Boehme
58889e04bd s3/rpc_server: shared rpc modules directory may not exist 
A shared rpc modules directory may not exist if all RPC modules are built
static.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=12184

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
 2016-08-30 05:27:12 +02:00
Volker Lendecke
f9da0dda3f rpc_server: Fix a typo 
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
 2016-08-24 18:01:14 +02:00
Andreas Schneider
4a2d911a0b s3-spoolss: Support for adding printer drivers with info level 8 
We already supported getting driver info level 8 but not adding it. This
allows adding printer drivers with level. So several fields where emtpy.

Microsoft released a security update for Windows print spooler
components which requires support for driver info level 8 now. This is
needed to find out if a driver is PACKAGE_AWARE or not.

Pair-Programmed-With: Guenther Deschner <gd@samba.org>
Signed-off-by: Andreas Schneider <asn@samba.org>
Signed-off-by: Guenther Deschner <gd@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
 2016-08-23 01:06:25 +02:00
Günther Deschner
2d4107f9e1 librpc: fix IDL for spoolss_GetPrinterDriverPackagePath() 
Signed-off-by: Guenther Deschner <gd@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
 2016-08-23 01:06:24 +02:00
Günther Deschner
bb8267ce49 librpc: fix spoolss_GetCorePrinterDrivers IDL. 
Signed-off-by: Guenther Deschner <gd@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
 2016-08-23 01:06:24 +02:00
Volker Lendecke
eb6e32046d fss_agent: Fix a signed/unsigned mixup 
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
 2016-07-28 05:00:19 +02:00
Volker Lendecke
f396449e7a lib: Move "message_send_all" to serverid.c 
Trying to trim down messages.c a bit: Sending to all processes that are
registered in serverid.tdb and filtering to me is not really logic of general
messaging but more of the serverid code.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
 2016-07-28 05:00:19 +02:00
Michael Adam
84992e31e1 rpc_server: add mssing '#pragma GCC diagnostic push' 
for completeness for later pop.

Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Ira Cooper <ira@samba.org>

Autobuild-User(master): Michael Adam <obnox@samba.org>
Autobuild-Date(master): Thu Jul 14 02:02:33 CEST 2016 on sn-devel-144
 2016-07-14 02:02:33 +02:00
Ralph Boehme
6efd0af5e8 s3-rpc_server/mdssd: use smbd_reinit_after_fork() 
Using smbd_reinit_after_fork() rather then reinit_after_fork() ensures
am_parent is reset to NULL. Otherwise, when exiting for some reason, the
inherited atexit handler killkids() calls kill(0,SIGTERM) terminating
our whole process group including the main smbd.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=12016

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>

Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Mon Jul 11 02:02:33 CEST 2016 on sn-devel-144
 2016-07-11 02:02:31 +02:00
Stefan Metzmacher
d491c6c496 s3:rpc_client: remove unused rpc_pipe_client->max_recv_frag 
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
 2016-06-24 14:09:01 +02:00
Stefan Metzmacher
86dbdce378 s3:rpc_server/samr: simplify the logic in get_user_info_18() 
We only allow SetUserInformation(level=18) via NCALRPC.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Thu May 12 14:02:27 CEST 2016 on sn-devel-144
 2016-05-12 14:02:27 +02:00
Volker Lendecke
93b982faad lib: Give base64.c its own .h 
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
 2016-05-04 01:28:23 +02:00
Volker Lendecke
cf5a81013d lib: Make callers of base64_encode_data_blob check for success 
Quite a few callers already did check for !=NULL. With the current code this is
pointless due to a SMB_ASSERT in base64_encode_data_blob() itself. Make the
callers consistently check, so that we can remove SMB_ASSERT from base64.c.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
 2016-05-04 01:28:23 +02:00
Ralph Boehme
3e3e72ff9b s3/rpc_server: mdssvc: suppress compiler warnings from glib headers 
Several glib headers produce cast-qual warnings, eg:

/usr/include/glib-2.0/gio/gliststore.h: In function ‘G_LIST_STORE’:
/usr/include/glib-2.0/gio/gliststore.h:36:382: error: cast discards
‘const’ qualifier from pointer target type [-Werror=cast-qual]
/usr/include/glib-2.0/gio/gliststore.h: In function ‘G_IS_LIST_STORE’:
/usr/include/glib-2.0/gio/gliststore.h:36:550: error: cast discards
‘const’ qualifier from pointer target type [-Werror=cast-qual]
cc1: all warnings being treated as errors

This break compiling with --picky-developer, so lets suppress the
warning for glibs in order to see our own --picky-developer compiler
diagnostics.

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>

Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Tue Apr 26 04:44:44 CEST 2016 on sn-devel-144
 2016-04-26 04:44:44 +02:00
Stefan Metzmacher
65d9ab0540 CVE-2015-5370: s3:rpc_server: verify auth_context_id in api_pipe_{bind_auth3,alter_context} 
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11344

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
 2016-04-12 19:25:32 +02:00
Stefan Metzmacher
1c0f927a4e CVE-2015-5370: s3:rpc_server: make use of pipe_auth_data->auth_context_id 
This is better than using hardcoded values.
We need to use the value the client used in the BIND request.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11344

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
 2016-04-12 19:25:32 +02:00
Stefan Metzmacher
dc91d35257 CVE-2015-5370: s3:rpc_server: don't allow an existing context to be changed in check_bind_req() 
An alter context can't change the syntax of an existing context,
a new context_id will be used for that.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11344

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
 2016-04-12 19:25:32 +02:00
Stefan Metzmacher
3fdc4de983 CVE-2015-5370: s3:rpc_server: check the transfer syntax in check_bind_req() first 
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11344

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
 2016-04-12 19:25:32 +02:00
Stefan Metzmacher
28661caa9f CVE-2015-5370: s3:rpc_server: use DCERPC_NCA_S_PROTO_ERROR FAULTs for protocol errors 
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11344

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
 2016-04-12 19:25:32 +02:00
Stefan Metzmacher
6c9a2d3894 CVE-2015-5370: s3:rpc_server: let a failing BIND mark the connection as broken 
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11344

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
 2016-04-12 19:25:32 +02:00
Stefan Metzmacher
cd1c7d227f CVE-2015-5370: s3:rpc_server: disconnect the connection after a fatal FAULT pdu 
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11344

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
 2016-04-12 19:25:32 +02:00
Stefan Metzmacher
a18a811ce4 CVE-2015-5370: s3:rpc_server: make use of dcerpc_verify_ncacn_packet_header() to verify incoming pdus 
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11344

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
 2016-04-12 19:25:32 +02:00
Stefan Metzmacher
ab29002ddc CVE-2015-5370: s3:rpc_server: verify presentation context arrays 
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11344

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
 2016-04-12 19:25:31 +02:00
Stefan Metzmacher
e4fa243aa3 CVE-2015-5370: s3:rpc_server: use 'alter' instead of 'bind' for variables in api_pipe_alter_context() 
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11344

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
 2016-04-12 19:25:31 +02:00
Jeremy Allison
f74c4c8335 CVE-2015-5370: s3:rpc_server: ensure that the message ordering doesn't violate the spec 
The first pdu is always a BIND.

REQUEST pdus are only allowed once the authentication
is finished.

A simple anonymous authentication is finished after the BIND.
Real authentication may need additional ALTER or AUTH3 exchanges.

Pair-Programmed-With: Stefan Metzmacher <metze@samba.org>

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11344

Signed-off-by: Jeremy Allison <jra@samba.org>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
 2016-04-12 19:25:31 +02:00
Stefan Metzmacher
302d927ac2 CVE-2015-5370: s3:rpc_server: make sure auth_level isn't changed by alter_context or auth3 
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11344

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
 2016-04-12 19:25:31 +02:00
Stefan Metzmacher
46436d01da CVE-2015-5370: s3:rpc_server: let a failing auth3 mark the authentication as invalid 
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11344

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
 2016-04-12 19:25:31 +02:00
Stefan Metzmacher
f8aa62d697 CVE-2015-5370: s3:rpc_server: don't allow auth3 if the authentication was already finished 
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11344

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
 2016-04-12 19:25:31 +02:00
Stefan Metzmacher
b4e38e29e8 CVE-2015-5370: s3:rpc_server: don't ignore failures of dcerpc_push_ncacn_packet() 
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11344

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
 2016-04-12 19:25:31 +02:00
Stefan Metzmacher
84027af3ab CVE-2015-5370: s3:rpc_server: just call pipe_auth_generic_bind() in api_pipe_bind_req() 
pipe_auth_generic_bind() does all the required checks already
and an explicit DCERPC_AUTH_TYPE_NONE is not supported.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11344

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
 2016-04-12 19:25:31 +02:00
Stefan Metzmacher
ca96d57816 CVE-2015-5370: s3:rpc_server: let a failing sec_verification_trailer mark the connection as broken 
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11344

Signed-off-by: Stefan Metzmacher <metze@samba.org>
 2016-04-12 19:25:31 +02:00