IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
They use talloc_tos() internally: hoist that up to the callers, some
of whom don't want to us talloc_tos().
A simple patch, but hits a lot of files.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
This does not check whether the given sid is in our domain, but
but whether it belongs to the local sam, which is a different
thing on a domain member server.
Autobuild-User(master): Michael Adam <obnox@samba.org>
Autobuild-Date(master): Thu Jul 12 18:36:02 CEST 2012 on sn-devel-104
This does not check whether the given sid is the domain sid,
but whether it is the sid of the local sam, which is different
for a domain member server.
This helps clarify the role of this structure and wrapper function.
The purpose here is to provide helper functions to the lib/param
loadparm_context that point back at the s3 lp_ functions. This allows
a struct loadparm_context to be passed to any point in the code, and
always refer to the correct loadparm system. If this has not been
set, the variables loaded in the lib/param code will be returned.
As requested by Michael Adam.
Andrew Bartlett
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Wed Jun 27 17:11:16 CEST 2012 on sn-devel-104
Print jobs maintain two job identifiers, the jobid allocated by the
spoolss layer (pj->jobid), and the job identifier defined by the
printing backend (pj->sysjob).
Printer job queues currently only contain a single job identifier
variable (queue->job), the variable is sometimes representative of the
spoolss layer job identifier, and more often representative of the
printing backend id.
This change renames the queue job identifier from queue->job to
queue->sysjob, in preparation for a change to only store the printing
backend identifier.
This removes the duplication on how to detect that a user is system in Samba
now that the smbd system account is also only SID_NT_SYSTEM we can use the same
check everywhere.
Andrew Bartlett
Signed-off-by: Andreas Schneider <asn@samba.org>
The callers have to check if they allow something else than
the raw pipe file name.
If we allow more than windows allows, we risks Samba specific
client behavior. E.g. winbindd only works against Samba servers.
metze
DCERPC code can't be smb2 specific!
I'm not sure if 'true' is the correct value here, but at least
it matches the old behavior and the tcp and smb1 cases.
metze
Autobuild-User: Stefan Metzmacher <metze@samba.org>
Autobuild-Date: Wed May 23 21:56:05 CEST 2012 on sn-devel-104
The performance of these is minimal (these days) and they can return
invalid results when used as part of applications that do not use
sys_fork().
Autobuild-User: Jelmer Vernooij <jelmer@samba.org>
Autobuild-Date: Sat Mar 24 21:55:41 CET 2012 on sn-devel-104
samba3.rpc.spoolss.printserver has become a flakey test recently, and this
papers over the real problem.
Andrew Bartlett
Signed-off-by: Günther Deschner <gd@samba.org>
Autobuild-User: Günther Deschner <gd@samba.org>
Autobuild-Date: Tue Mar 13 17:51:00 CET 2012 on sn-devel-104
On LSA and SAMR pipes session_key is truncated to 16 byte when doing encryption/decryption.
However, this was not done for trusted domain-related modifying operations.
As result, Samba 4 client libraries do not work against Samba 3 while working
against Windows 2008 r2.
Solved this by introducing "session_extract_session_key()" function that allows to specify
intent of use of the key.
Signed-off-by: Andreas Schneider <asn@samba.org>
Autobuild-User: Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date: Tue Mar 13 12:23:44 CET 2012 on sn-devel-104
The ->get_ntlm_challenge and ->check_ntlm_password elements of struct auth_context
were only ever initialised to a single value. Make it easier to follow by
just calling the function directly.
Andrew Bartlett
The end point mapper is primarily in support of lsasd, and the key
SAMR, LSA and NETLOGON services being accessed over TCP/IP. The end
point mapper does not appear to be used for the well-known mappings to
named pipes, and we have a problem with how to safely register the
embedded pipes. For now, disable this to avoid re-registration storms
in production, until we sort out a better way.
Andrew Bartlett
Autobuild-User: Andrew Bartlett <abartlet@samba.org>
Autobuild-Date: Wed Mar 7 14:27:38 CET 2012 on sn-devel-104
Embedded RPC services are those not launched in the preforked lsasd
and spoolssd children.
The reason that these child processes were created is that is is not
possible to correctly listen for ncalrpc and TCP connections without
creating a child process. Therefore, we should not have these
embedded RPC services to listen on these sockets just because the
endpoint mapper has been enabled.
Andrew Bartlett
Signed-off-by: Andreas Schneider <asn@samba.org>
Autobuild-User: Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date: Mon Mar 5 23:14:33 CET 2012 on sn-devel-104
This consults the two definitions for embedded, that is if the deamon is forking
or if the rpc_server:<interface> line is set to embedded.
Andrew Bartlett
Signed-off-by: Andreas Schneider <asn@samba.org>
Both read_from_internal_pipe and tstream_readv_pdu_queue_recv return
ssize_t.
Autobuild-User: Volker Lendecke <vl@samba.org>
Autobuild-Date: Mon Mar 5 17:38:16 CET 2012 on sn-devel-104
Signed-off-by: Andreas Schneider <asn@samba.org>
Autobuild-User: Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date: Sun Mar 4 13:31:25 CET 2012 on sn-devel-104
We now only close fds 0, 1, 2 when we are a forked daemon, and take
care not to close a file descriptor that we might need for foreground
stdin monitoring.
This should fix stdout logging in the lsa and epmapper deamons (ie in
make test).
Andrew Bartlett
On some platforms socklen_t might be unsigned, so comparing for <0
always returns true. Also, tsocket_address_bsd_sockaddr returns
ssize_t.
Autobuild-User: Volker Lendecke <vl@samba.org>
Autobuild-Date: Sat Mar 3 23:38:31 CET 2012 on sn-devel-104
This ensures that we use the same SPNEGO code on session setup and on
DCE/RPC binds, and simplfies the calling code as spnego is no longer
a special case in cli_pipe.c
A special case wrapper function remains to avoid changing the
application layer callers in this patch.
Andrew Bartlett
Signed-off-by: Stefan Metzmacher <metze@samba.org>
The problem occurs only if talloc, tdb and ldb are used as system
libraries and talloc is not installed in a default.
Autobuild-User: Matthieu Patou <mat@samba.org>
Autobuild-Date: Fri Feb 10 23:27:29 CET 2012 on sn-devel-104
NT_STATUS_IS_OK used to check WERROR type.
Autobuild-User: David Disseldorp <ddiss@samba.org>
Autobuild-Date: Sun Jan 22 05:03:36 CET 2012 on sn-devel-104
printer_driver_files_in_use() performs two tasks: it returns whether any
of the files in the to-be-deleted driver overlap with other drivers, it
also trims such files from the info structure passed in.
In processing a DeletePrinterDataEx request with DPD_DELETE_UNUSED_FILES
set, printer_driver_files_in_use() must be called to ensure files in
use by other drivers are not removed.
https://bugzilla.samba.org/show_bug.cgi?id=4942
Signed-off-by: Andreas Schneider <asn@samba.org>
Spoolss delete printer driver code currently makes invalid version
assumptions based on the architecture requested by the client.
Ugly hacks are in place to cover removal of other versions (2 and 3).
This change wraps multi version deletion in a simple for loop.
Signed-off-by: Andreas Schneider <asn@samba.org>
The code from dcesrv_gssapi.c is now
in source3/auth/auth_generic.c as an auth callback.
Andrew Bartlett
Signed-off-by: Stefan Metzmacher <metze@samba.org>
This simplifies a lot of code, as we know we are always dealing
with a struct gensec_security, and allows the gensec module being
used to implement GSSAPI to be swapped for AD-server operation.
Andrew Bartlett
Signed-off-by: Stefan Metzmacher <metze@samba.org>
This simplifies a lot of code, as we know we are always dealing with a
struct gensec_security, and allows the gensec module being used to
implement GSSAPI to be swapped when required for AD-server operation.
Andrew Bartlett
Signed-off-by: Stefan Metzmacher <metze@samba.org>
If DeletePrinterDriverEx is called with DPD_DELETE_ALL_FILES and files
assigned to the to-be-deleted driver overlap with other drivers then an
error is returned. Change the error code here to match Windows 2k8r2.
Signed-off-by: David Disseldorp <ddiss@samba.org>
Signed-off-by: Andreas Schneider <asn@samba.org>
This is possible because the s3 gensec modules are started as
normal gensec modules, so we do not need a wrapper any more.
Andrew Bartlett
Signed-off-by: Stefan Metzmacher <metze@samba.org>
This makes the long term owner of this memory more clear. So far only the
clear cases have been moved from NULL however.
Andrew Bartlett
Signed-off-by: Stefan Metzmacher <metze@samba.org>
By adding an OID parameter we can make this routine generic to any
gensec module that may be made available.
Andrew Bartlett
Signed-off-by: Stefan Metzmacher <metze@samba.org>
This function handles more than NTLMSSP now, at least when we are an AD DC
and so changing the name may avoid some confusion in the future.
Andrew Bartlett
Signed-off-by: Stefan Metzmacher <metze@samba.org>
This structure handles more than NTLMSSP now, at least when we are an AD DC
and so changing the name may avoid some confusion in the future.
Andrew Bartlett
Signed-off-by: Stefan Metzmacher <metze@samba.org>
This is not used or honoured by NTLMSSP, but I hope to make this routine
more generic in the future.
Andrew Bartlett
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Sometimes the domain parameter might not contain the NetBIOS name of the remote
domain but the DNS name.
Autobuild-User: Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date: Thu Dec 22 19:21:21 CET 2011 on sn-devel-104
this allows the config to specify a default behaviour (embedded,
external or disabled) for unknown pipes. This is needed to allow the
s3 smbd server to redirect unknown pipes to the s4 RPC server when
using s3 smbd as a file server for a s4 DC. If rpc_server:default is
not specified then this change preserves the old behaviour
As the spoolss code can run embedded or external relative to the
smbd file server process, it's very tricky to verify if a share
is still in use.
Checking the result of the "deleteprinter command" command should
be enough to check for success. We should not return WERR_ACCESS_DENIED
if the share is still in use, by the current client, as the primary
printer definition is already deleted.
metze
