IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
Before doing the (potentially) costly enumerations,
check if the user has necessary privileges first
Signed-off-by: Shekhar Amlekar <samlekar@in.ibm.com>
Reviewed-by: Christian Ambach <ambi@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Autobuild-User(master): Christian Ambach <ambi@samba.org>
Autobuild-Date(master): Tue May 14 16:22:24 CEST 2013 on sn-devel-104
those messages are not worth level 0 or 1 and potentially
clutter the system logs
Reviewed-by: Volker Lendecke <vl@samba.org>
Signed-off-by: Christian Ambach <ambi@samba.org>
Optionally append list of UPN suffixes if PDB module returns non-empty one.
Refactor fill_forest_trust_array() in source3 to allow reuse of the code between
_netr_DsRGetForestTrustInformation() and _netr_GetForestTrustInformation()
Implement a special case of _netr_DsRGetForestTrustInformation in smbd
when trusted_domain_name is NULL (covered by test_DsrEnumerateDomainTrusts()
in rpc.netlogon torture tests, see comment in source4/torture/rpc/netlogon.c).
Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Tue Apr 9 22:19:34 CEST 2013 on sn-devel-104
Reviewed-by: Alexander Bokovoy <ab@samba.org>
Autobuild-User(master): Alexander Bokovoy <ab@samba.org>
Autobuild-Date(master): Tue Apr 2 17:16:56 CEST 2013 on sn-devel-104
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
Autobuild-User(master): Michael Adam <obnox@samba.org>
Autobuild-Date(master): Mon Mar 18 11:39:27 CET 2013 on sn-devel-104
priviledge -> privilege
Signed-off-by: Karolin Seeger <kseeger@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Mon Feb 18 13:57:40 CET 2013 on sn-devel-104
Guenther
Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Mon Jan 21 16:11:02 CET 2013 on sn-devel-104
If the the client enumerates the printers and didn't specify a
servername we have a null pointer dereference, so the process serving
the connection crashes.
Reviewed-by: David Disseldorp <ddiss@samba.org>
Autobuild-User(master): David Disseldorp <ddiss@samba.org>
Autobuild-Date(master): Mon Jan 21 13:30:11 CET 2013 on sn-devel-104
Guenther
Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: David Disseldorp <ddiss@samba.org>
Autobuild-User(master): David Disseldorp <ddiss@samba.org>
Autobuild-Date(master): Thu Jan 17 18:53:47 CET 2013 on sn-devel-104
The python bindings do not want the current working directory changed
during operations, so we provide two functions, one providing the
original behaviour, and other providing the python bindings with just
the memory allocation and initilisation stuff.
Andrew Bartlett
Reviewed-by: Jeremy Allison <jra@samba.org>
Guenther
Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Mon Jan 7 19:06:25 CET 2013 on sn-devel-104
This variable can be set to NULL in an earlier function call.
Found by Coverity.
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
All crypto is dealt with within the netlogon samlogon server now.
Guenther
Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Still need to fix AES support for the returned validation info.
Guenther
Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Currently when "default devmode" is explicitly disabled, and a printer
is added with a null device mode, spoolssd crashes in copy_devicemode().
Both construct_printer_info2() and construct_printer_info8() code paths
currently unconditionally attempt to copy a printers device mode,
without checking whether one is present.
This change fixes this regression such that construct_printer_info*()
functions check for a null device mode before copying.
https://bugzilla.samba.org/show_bug.cgi?id=9433
Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Thu Nov 29 13:03:05 CET 2012 on sn-devel-104
Internally change the implementation to use SMB_VFS_GET_NT_ACL()
instead of SMB_VFS_FGET_NT_ACL() with a faked-up file struct.
Andrew Bartlett
Reviewed by: Jeremy Allison <jra@samba.org>
The goal is to have procid_self handling completely in the messaging_context.
Signed-off-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Fri Oct 19 20:39:56 CEST 2012 on sn-devel-104
The relevant records are not written to connections.tdb since commit
a781b78417
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Michael Adam <obnox@samba.org>
This fixes up an error introduced by c8ade07760.
Andrew Bartlett
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Thu Oct 11 07:53:36 CEST 2012 on sn-devel-104
This makes it clear which context the returned SD is allocated on, as
a number of callers do not want it on talloc_tos().
As the ACL transformation allocates and then no longer needs a great
deal of memory, a talloc_stackframe() call is used to contain the
memory that is not returned further up the stack.
Andrew Bartlett
enum dcerpc_transport_t is undeclared, include required headers.
Autobuild-User(master): David Disseldorp <ddiss@samba.org>
Autobuild-Date(master): Wed Oct 10 12:41:28 CEST 2012 on sn-devel-104
Signed-off-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Tue Sep 18 01:42:23 CEST 2012 on sn-devel-104
This codepath would only be executed if we provided a partial session_info token
across the named pipe forwarding code.
The smbd file server always fills this in, and if the ntvfs file server ever
wants to use an smbd hosted pipe, it can do the same. Calling create_local_token
is always the wrong thing to do.
Andrew Bartlett
They use talloc_tos() internally: hoist that up to the callers, some
of whom don't want to us talloc_tos().
A simple patch, but hits a lot of files.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
This does not check whether the given sid is in our domain, but
but whether it belongs to the local sam, which is a different
thing on a domain member server.
Autobuild-User(master): Michael Adam <obnox@samba.org>
Autobuild-Date(master): Thu Jul 12 18:36:02 CEST 2012 on sn-devel-104
This does not check whether the given sid is the domain sid,
but whether it is the sid of the local sam, which is different
for a domain member server.
This helps clarify the role of this structure and wrapper function.
The purpose here is to provide helper functions to the lib/param
loadparm_context that point back at the s3 lp_ functions. This allows
a struct loadparm_context to be passed to any point in the code, and
always refer to the correct loadparm system. If this has not been
set, the variables loaded in the lib/param code will be returned.
As requested by Michael Adam.
Andrew Bartlett
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Wed Jun 27 17:11:16 CEST 2012 on sn-devel-104
Print jobs maintain two job identifiers, the jobid allocated by the
spoolss layer (pj->jobid), and the job identifier defined by the
printing backend (pj->sysjob).
Printer job queues currently only contain a single job identifier
variable (queue->job), the variable is sometimes representative of the
spoolss layer job identifier, and more often representative of the
printing backend id.
This change renames the queue job identifier from queue->job to
queue->sysjob, in preparation for a change to only store the printing
backend identifier.
This removes the duplication on how to detect that a user is system in Samba
now that the smbd system account is also only SID_NT_SYSTEM we can use the same
check everywhere.
Andrew Bartlett
Signed-off-by: Andreas Schneider <asn@samba.org>
The callers have to check if they allow something else than
the raw pipe file name.
If we allow more than windows allows, we risks Samba specific
client behavior. E.g. winbindd only works against Samba servers.
metze
DCERPC code can't be smb2 specific!
I'm not sure if 'true' is the correct value here, but at least
it matches the old behavior and the tcp and smb1 cases.
metze
Autobuild-User: Stefan Metzmacher <metze@samba.org>
Autobuild-Date: Wed May 23 21:56:05 CEST 2012 on sn-devel-104
The performance of these is minimal (these days) and they can return
invalid results when used as part of applications that do not use
sys_fork().
Autobuild-User: Jelmer Vernooij <jelmer@samba.org>
Autobuild-Date: Sat Mar 24 21:55:41 CET 2012 on sn-devel-104
samba3.rpc.spoolss.printserver has become a flakey test recently, and this
papers over the real problem.
Andrew Bartlett
Signed-off-by: Günther Deschner <gd@samba.org>
Autobuild-User: Günther Deschner <gd@samba.org>
Autobuild-Date: Tue Mar 13 17:51:00 CET 2012 on sn-devel-104
On LSA and SAMR pipes session_key is truncated to 16 byte when doing encryption/decryption.
However, this was not done for trusted domain-related modifying operations.
As result, Samba 4 client libraries do not work against Samba 3 while working
against Windows 2008 r2.
Solved this by introducing "session_extract_session_key()" function that allows to specify
intent of use of the key.
Signed-off-by: Andreas Schneider <asn@samba.org>
Autobuild-User: Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date: Tue Mar 13 12:23:44 CET 2012 on sn-devel-104
The ->get_ntlm_challenge and ->check_ntlm_password elements of struct auth_context
were only ever initialised to a single value. Make it easier to follow by
just calling the function directly.
Andrew Bartlett
The end point mapper is primarily in support of lsasd, and the key
SAMR, LSA and NETLOGON services being accessed over TCP/IP. The end
point mapper does not appear to be used for the well-known mappings to
named pipes, and we have a problem with how to safely register the
embedded pipes. For now, disable this to avoid re-registration storms
in production, until we sort out a better way.
Andrew Bartlett
Autobuild-User: Andrew Bartlett <abartlet@samba.org>
Autobuild-Date: Wed Mar 7 14:27:38 CET 2012 on sn-devel-104
Embedded RPC services are those not launched in the preforked lsasd
and spoolssd children.
The reason that these child processes were created is that is is not
possible to correctly listen for ncalrpc and TCP connections without
creating a child process. Therefore, we should not have these
embedded RPC services to listen on these sockets just because the
endpoint mapper has been enabled.
Andrew Bartlett
Signed-off-by: Andreas Schneider <asn@samba.org>
Autobuild-User: Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date: Mon Mar 5 23:14:33 CET 2012 on sn-devel-104
This consults the two definitions for embedded, that is if the deamon is forking
or if the rpc_server:<interface> line is set to embedded.
Andrew Bartlett
Signed-off-by: Andreas Schneider <asn@samba.org>
Both read_from_internal_pipe and tstream_readv_pdu_queue_recv return
ssize_t.
Autobuild-User: Volker Lendecke <vl@samba.org>
Autobuild-Date: Mon Mar 5 17:38:16 CET 2012 on sn-devel-104
Signed-off-by: Andreas Schneider <asn@samba.org>
Autobuild-User: Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date: Sun Mar 4 13:31:25 CET 2012 on sn-devel-104
We now only close fds 0, 1, 2 when we are a forked daemon, and take
care not to close a file descriptor that we might need for foreground
stdin monitoring.
This should fix stdout logging in the lsa and epmapper deamons (ie in
make test).
Andrew Bartlett
On some platforms socklen_t might be unsigned, so comparing for <0
always returns true. Also, tsocket_address_bsd_sockaddr returns
ssize_t.
Autobuild-User: Volker Lendecke <vl@samba.org>
Autobuild-Date: Sat Mar 3 23:38:31 CET 2012 on sn-devel-104
This ensures that we use the same SPNEGO code on session setup and on
DCE/RPC binds, and simplfies the calling code as spnego is no longer
a special case in cli_pipe.c
A special case wrapper function remains to avoid changing the
application layer callers in this patch.
Andrew Bartlett
Signed-off-by: Stefan Metzmacher <metze@samba.org>
The problem occurs only if talloc, tdb and ldb are used as system
libraries and talloc is not installed in a default.
Autobuild-User: Matthieu Patou <mat@samba.org>
Autobuild-Date: Fri Feb 10 23:27:29 CET 2012 on sn-devel-104
NT_STATUS_IS_OK used to check WERROR type.
Autobuild-User: David Disseldorp <ddiss@samba.org>
Autobuild-Date: Sun Jan 22 05:03:36 CET 2012 on sn-devel-104
printer_driver_files_in_use() performs two tasks: it returns whether any
of the files in the to-be-deleted driver overlap with other drivers, it
also trims such files from the info structure passed in.
In processing a DeletePrinterDataEx request with DPD_DELETE_UNUSED_FILES
set, printer_driver_files_in_use() must be called to ensure files in
use by other drivers are not removed.
https://bugzilla.samba.org/show_bug.cgi?id=4942
Signed-off-by: Andreas Schneider <asn@samba.org>
Spoolss delete printer driver code currently makes invalid version
assumptions based on the architecture requested by the client.
Ugly hacks are in place to cover removal of other versions (2 and 3).
This change wraps multi version deletion in a simple for loop.
Signed-off-by: Andreas Schneider <asn@samba.org>
The code from dcesrv_gssapi.c is now
in source3/auth/auth_generic.c as an auth callback.
Andrew Bartlett
Signed-off-by: Stefan Metzmacher <metze@samba.org>
This simplifies a lot of code, as we know we are always dealing
with a struct gensec_security, and allows the gensec module being
used to implement GSSAPI to be swapped for AD-server operation.
Andrew Bartlett
Signed-off-by: Stefan Metzmacher <metze@samba.org>
This simplifies a lot of code, as we know we are always dealing with a
struct gensec_security, and allows the gensec module being used to
implement GSSAPI to be swapped when required for AD-server operation.
Andrew Bartlett
Signed-off-by: Stefan Metzmacher <metze@samba.org>
If DeletePrinterDriverEx is called with DPD_DELETE_ALL_FILES and files
assigned to the to-be-deleted driver overlap with other drivers then an
error is returned. Change the error code here to match Windows 2k8r2.
Signed-off-by: David Disseldorp <ddiss@samba.org>
Signed-off-by: Andreas Schneider <asn@samba.org>
This is possible because the s3 gensec modules are started as
normal gensec modules, so we do not need a wrapper any more.
Andrew Bartlett
Signed-off-by: Stefan Metzmacher <metze@samba.org>
This makes the long term owner of this memory more clear. So far only the
clear cases have been moved from NULL however.
Andrew Bartlett
Signed-off-by: Stefan Metzmacher <metze@samba.org>
