1
0
mirror of https://github.com/samba-team/samba.git synced 2025-01-05 09:18:06 +03:00
Commit Graph

4290 Commits

Author SHA1 Message Date
Jeremy Allison
6f3e011f84 Fix bug #8873 - self granting privileges in security=ads.
Autobuild-User: Stefan Metzmacher <metze@samba.org>
Autobuild-Date: Tue May  1 01:04:46 CEST 2012 on sn-devel-104
2012-05-01 01:04:46 +02:00
Gregor Beck
cd2616cc16 s3:registry: remove usage of reg_objects from srv_spoolss_nt.c
Signed-off-by: Andreas Schneider <asn@samba.org>
2012-04-25 14:11:06 +02:00
Andrew Bartlett
0eacc47622 param: Change from _lp to lp__ as the prefix for internal parameter wrappers
This will make a merge with the lib/param param code easier, as we can then paste lp_ to the front of
all parameters unconditionally.

Andrew Bartlett
2012-04-16 14:32:38 +10:00
Andrew Bartlett
f6e0532024 build: Remove SMB_STRUCT_DIR define 2012-04-05 02:39:09 +02:00
Andrew Bartlett
3e8a6e5760 build: Remove sys_closedir wrapper 2012-04-05 02:39:09 +02:00
Andrew Bartlett
fe526bb32b build: Remove sys_opendir wrapper 2012-04-05 02:39:09 +02:00
Andrew Bartlett
d166b79852 build: Remove sys_open wrapper 2012-04-05 02:39:08 +02:00
Jelmer Vernooij
c9fb33697d use usleep rather than sys_usleep in various places, in anticipation of usleep moving to libreplace. 2012-03-24 22:41:05 +01:00
Jelmer Vernooij
c0288e0612 lib/util: Remove obsolete sys_getpid() and sys_fork().
The performance of these is minimal (these days) and they can return
invalid results when used as part of applications that do not use
sys_fork().

Autobuild-User: Jelmer Vernooij <jelmer@samba.org>
Autobuild-Date: Sat Mar 24 21:55:41 CET 2012 on sn-devel-104
2012-03-24 21:55:40 +01:00
Jelmer Vernooij
71d41a015a libreplace: Add getpeereid implementation. 2012-03-24 16:00:36 +01:00
Jelmer Vernooij
818e0722e1 lib/util: Remove dummy wrapper for getpwnam(). 2012-03-24 15:24:15 +01:00
Jelmer Vernooij
b4d35bee38 libndr: Rename policy_handle_empty to ndr_policy_handle_empty.
This makes the NDR namespace a bit clearer, in preparation of ABI checking.
2012-03-20 13:54:07 +01:00
Jelmer Vernooij
95ca5fbadd libndr: Rename ndr64_transfer_syntax and null_ndr_syntax_id so they have a ndr_ prefix.
This makes the NDR namespace a bit clearer, in preparation of ABI checking.
2012-03-20 13:54:07 +01:00
Andreas Schneider
db0ea16604 s3-spoolss: Check return type of update_dsspooler().
Autobuild-User: Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date: Wed Mar 14 19:38:45 CET 2012 on sn-devel-104
2012-03-14 19:38:45 +01:00
Andreas Schneider
c3c3d3ac3f s3-spoolss: Check return codes in update_dsspooler. 2012-03-14 17:56:14 +01:00
Andreas Schneider
4bccc911b8 s3-rpc_server: Increase debug level for policy handle. 2012-03-14 17:56:13 +01:00
Andrew Bartlett
6ff5854c4f s3-spoolss: Consistently fail OpenPrinterEx with "" printername
samba3.rpc.spoolss.printserver has become a flakey test recently, and this
papers over the real problem.

Andrew Bartlett

Signed-off-by: Günther Deschner <gd@samba.org>

Autobuild-User: Günther Deschner <gd@samba.org>
Autobuild-Date: Tue Mar 13 17:51:00 CET 2012 on sn-devel-104
2012-03-13 17:50:59 +01:00
Alexander Bokovoy
7d4ed89983 s3-rpc: Decrypt with the proper session key in CreateTrustedDomainEx2.
On LSA and SAMR pipes session_key is truncated to 16 byte when doing encryption/decryption.
However, this was not done for trusted domain-related modifying operations.

As result, Samba 4 client libraries do not work against Samba 3 while working
against Windows 2008 r2.

Solved this by introducing "session_extract_session_key()" function that allows to specify
intent of use of the key.

Signed-off-by: Andreas Schneider <asn@samba.org>

Autobuild-User: Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date: Tue Mar 13 12:23:44 CET 2012 on sn-devel-104
2012-03-13 12:23:44 +01:00
Andrew Bartlett
77602d877e s3-auth: Remove single-implementation plugin layer
The ->get_ntlm_challenge and ->check_ntlm_password elements of struct auth_context
were only ever initialised to a single value.  Make it easier to follow by
just calling the function directly.

Andrew Bartlett
2012-03-08 10:14:05 +01:00
Andrew Bartlett
54d36099ec s3-rpc_server: Do not register embedded ncacn_np endpoints by default
The end point mapper is primarily in support of lsasd, and the key
SAMR, LSA and NETLOGON services being accessed over TCP/IP.  The end
point mapper does not appear to be used for the well-known mappings to
named pipes, and we have a problem with how to safely register the
embedded pipes.  For now, disable this to avoid re-registration storms
in production, until we sort out a better way.

Andrew Bartlett

Autobuild-User: Andrew Bartlett <abartlet@samba.org>
Autobuild-Date: Wed Mar  7 14:27:38 CET 2012 on sn-devel-104
2012-03-07 14:27:38 +01:00
Andrew Bartlett
8466b3c85e s3-rpc_server: Do not setup ncalrpc pipes and TCP for embedded rpc servers
Embedded RPC services are those not launched in the preforked lsasd
and spoolssd children.

The reason that these child processes were created is that is is not
possible to correctly listen for ncalrpc and TCP connections without
creating a child process.  Therefore, we should not have these
embedded RPC services to listen on these sockets just because the
endpoint mapper has been enabled.

Andrew Bartlett
2012-03-07 12:46:13 +01:00
Andrew Bartlett
074ee6f34c s3-rpc_server: Remove remaining code for embedded endpoint mapper
Signed-off-by: Andreas Schneider <asn@samba.org>

Autobuild-User: Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date: Mon Mar  5 23:14:33 CET 2012 on sn-devel-104
2012-03-05 23:14:33 +01:00
Andrew Bartlett
be7bcf0e55 s3-rpc_server: Only init and register embedded RPC services in dcesrv_ep_setup()
This consults the two definitions for embedded, that is if the deamon is forking
or if the rpc_server:<interface> line is set to embedded.

Andrew Bartlett

Signed-off-by: Andreas Schneider <asn@samba.org>
2012-03-05 21:34:25 +01:00
Volker Lendecke
cae455f688 s3: Fix a "Invalid (state->nread >= 0)" warning
Both read_from_internal_pipe and tstream_readv_pdu_queue_recv return
ssize_t.

Autobuild-User: Volker Lendecke <vl@samba.org>
Autobuild-Date: Mon Mar  5 17:38:16 CET 2012 on sn-devel-104
2012-03-05 17:38:16 +01:00
Andrew Bartlett
14d31376aa s3-lsasd: Fix debug messages on registration failure
Autobuild-User: Andrew Bartlett <abartlet@samba.org>
Autobuild-Date: Mon Mar  5 09:50:17 CET 2012 on sn-devel-104
2012-03-05 09:50:17 +01:00
Andrew Bartlett
8b99c83d2f s3-rpc_server: consolidate rpc server init routines
This uses a helper function to reduce duplication.

Andrew Bartlett
2012-03-04 23:33:05 +01:00
Volker Lendecke
b6f4a5d0ee s3: Fix some && vs & warnings
Signed-off-by: Andreas Schneider <asn@samba.org>

Autobuild-User: Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date: Sun Mar  4 13:31:25 CET 2012 on sn-devel-104
2012-03-04 13:31:25 +01:00
Andrew Bartlett
b07d504ca4 change low FDs are handled in Samba
We now only close fds 0, 1, 2 when we are a forked daemon, and take
care not to close a file descriptor that we might need for foreground
stdin monitoring.

This should fix stdout logging in the lsa and epmapper deamons (ie in
make test).

Andrew Bartlett
2012-03-04 10:14:34 +01:00
Volker Lendecke
c887cb6852 s3: Fix a bogus if (client_len < 0)
On some platforms socklen_t might be unsigned, so comparing for <0
always returns true. Also, tsocket_address_bsd_sockaddr returns
ssize_t.

Autobuild-User: Volker Lendecke <vl@samba.org>
Autobuild-Date: Sat Mar  3 23:38:31 CET 2012 on sn-devel-104
2012-03-03 23:38:31 +01:00
Stefan Metzmacher
89b413895b s3:rpc_server: initialize struct schannel_state to zero
metze

Autobuild-User: Stefan Metzmacher <metze@samba.org>
Autobuild-Date: Fri Mar  2 08:48:23 CET 2012 on sn-devel-104
2012-03-02 08:48:23 +01:00
Andrew Bartlett
757c9b79ea s3-rpc_server Remove unused function auth_generic_server_start() 2012-02-23 16:14:18 +11:00
Andrew Bartlett
2b511f0e92 s3-librpc: Use gensec_spnego for DCE/RPC authentication
This ensures that we use the same SPNEGO code on session setup and on
DCE/RPC binds, and simplfies the calling code as spnego is no longer
a special case in cli_pipe.c

A special case wrapper function remains to avoid changing the
application layer callers in this patch.

Andrew Bartlett

Signed-off-by: Stefan Metzmacher <metze@samba.org>
2012-02-16 15:18:42 +01:00
Matthieu Patou
474c02acac s3-waf: add dependency on talloc or it won't build if talloc.h is not in the default include path
The problem occurs only if talloc, tdb and ldb are used as system
libraries and talloc is not installed in a default.

Autobuild-User: Matthieu Patou <mat@samba.org>
Autobuild-Date: Fri Feb 10 23:27:29 CET 2012 on sn-devel-104
2012-02-10 23:27:29 +01:00
Andreas Schneider
6d06a310f3 s3-waf: Fix cups dependency in PRINTING. 2012-01-25 11:58:30 +01:00
Andreas Schneider
a5b4a47b7c s3-waf: Add missing dependency to RPC_WINREG. 2012-01-25 11:58:30 +01:00
David Disseldorp
c3a7573a84 s3-spoolss: fix incorrect error check type
NT_STATUS_IS_OK used to check WERROR type.

Autobuild-User: David Disseldorp <ddiss@samba.org>
Autobuild-Date: Sun Jan 22 05:03:36 CET 2012 on sn-devel-104
2012-01-22 05:03:36 +01:00
David Disseldorp
7123b592fe s3-spoolss: fix printer_driver_files_in_use() call ordering
printer_driver_files_in_use() performs two tasks: it returns whether any
of the files in the to-be-deleted driver overlap with other drivers, it
also trims such files from the info structure passed in.

In processing a DeletePrinterDataEx request with DPD_DELETE_UNUSED_FILES
set, printer_driver_files_in_use() must be called to ensure files in
use by other drivers are not removed.

https://bugzilla.samba.org/show_bug.cgi?id=4942

Signed-off-by: Andreas Schneider <asn@samba.org>
2012-01-20 17:44:06 +01:00
David Disseldorp
b5f780c418 s3-spoolss: fix printer driver version deletion
Spoolss delete printer driver code currently makes invalid version
assumptions based on the architecture requested by the client.

Ugly hacks are in place to cover removal of other versions (2 and 3).
This change wraps multi version deletion in a simple for loop.

Signed-off-by: Andreas Schneider <asn@samba.org>
2012-01-20 17:43:50 +01:00
Andrew Bartlett
1b5870a6d1 s3-librpc Remove unused dcesrv_gssapi.[ch] functions
The code from dcesrv_gssapi.c is now
in source3/auth/auth_generic.c as an auth callback.

Andrew Bartlett

Signed-off-by: Stefan Metzmacher <metze@samba.org>
2012-01-18 16:23:22 +01:00
Andrew Bartlett
f70c9fb76c s3-librpc Remove layer around struct gensec_security
Signed-off-by: Stefan Metzmacher <metze@samba.org>
2012-01-18 16:23:22 +01:00
Andrew Bartlett
5ddec1182e s3-librpc: Simplify SPNEGO code now that all mechs use a struct gensec_security
Signed-off-by: Stefan Metzmacher <metze@samba.org>
2012-01-18 16:23:22 +01:00
Andrew Bartlett
0c1b4c2321 s3-librpc Call SPENGO/GSSAPI via the auth_generic layer and gensec
This simplifies a lot of code, as we know we are always dealing
with a struct gensec_security, and allows the gensec module being
used to implement GSSAPI to be swapped for AD-server operation.

Andrew Bartlett

Signed-off-by: Stefan Metzmacher <metze@samba.org>
2012-01-18 16:23:22 +01:00
Andrew Bartlett
e012ad9d8b s3-librpc Call GSSAPI via the auth_generic layer and gensec
This simplifies a lot of code, as we know we are always dealing with a
struct gensec_security, and allows the gensec module being used to
implement GSSAPI to be swapped when required for AD-server operation.

Andrew Bartlett

Signed-off-by: Stefan Metzmacher <metze@samba.org>
2012-01-18 16:23:22 +01:00
David Disseldorp
8dc9fbd3af spoolss: fix DPD_DELETE_ALL_FILES error return
If DeletePrinterDriverEx is called with DPD_DELETE_ALL_FILES and files
assigned to the to-be-deleted driver overlap with other drivers then an
error is returned. Change the error code here to match Windows 2k8r2.

Signed-off-by: David Disseldorp <ddiss@samba.org>
Signed-off-by: Andreas Schneider <asn@samba.org>
2012-01-11 13:56:44 +01:00
Andrew Bartlett
16e463e169 s3-auth Remove ntlmssp_wrap.h which is no longer required
Signed-off-by: Stefan Metzmacher <metze@samba.org>
2012-01-05 17:17:28 +01:00
Andrew Bartlett
3042e38d51 s3-auth use gensec directly rather than via auth_generic_state
This is possible because the s3 gensec modules are started as
normal gensec modules, so we do not need a wrapper any more.

Andrew Bartlett

Signed-off-by: Stefan Metzmacher <metze@samba.org>
2012-01-05 17:17:28 +01:00
Andrew Bartlett
1075efabc7 s3-auth Add TALLOC_CTX * to auth_generic_prepare()
This makes the long term owner of this memory more clear.  So far only the
clear cases have been moved from NULL however.

Andrew Bartlett

Signed-off-by: Stefan Metzmacher <metze@samba.org>
2012-01-05 17:17:28 +01:00
Andrew Bartlett
06498637bb s3-rpc_server: Rework pipe_ntlmssp_auth_bind() to be generic
Signed-off-by: Stefan Metzmacher <metze@samba.org>
2011-12-22 19:25:11 +01:00
Andrew Bartlett
d52e5473ef s3-rpc_server: Allow gensec mechanisms to return NT_STATUS_OK
If a kerberos mechanism is added, then it can return OK after just one packet.

Andrew Bartlett

Signed-off-by: Stefan Metzmacher <metze@samba.org>
2011-12-22 19:25:11 +01:00
Andrew Bartlett
83f0ca3aad s3-rpc_server: rename pipe_ntlmssp_verify_final() to pipe_auth_generic_verify_final()
Signed-off-by: Stefan Metzmacher <metze@samba.org>
2011-12-22 19:25:11 +01:00
Andrew Bartlett
43f35f1826 s3-rpc_server: Rename dcesrv_ntlmssp.[ch] to dcesrv_auth_generic.[ch]
Signed-off-by: Stefan Metzmacher <metze@samba.org>
2011-12-22 19:25:11 +01:00
Andrew Bartlett
db8bbf92ad s3-rpc_server rename NTLMSSP functions to auth_generic..()
Signed-off-by: Stefan Metzmacher <metze@samba.org>
2011-12-22 19:25:11 +01:00
Andrew Bartlett
815490d3e8 s3-rpc_server rename ntlmssp_server_auth_start() -> auth_generic_server_start()
By adding an OID parameter we can make this routine generic to any
gensec module that may be made available.

Andrew Bartlett

Signed-off-by: Stefan Metzmacher <metze@samba.org>
2011-12-22 19:25:11 +01:00
Andrew Bartlett
2dd23e900a s3-rpc_server remove unused header
Signed-off-by: Stefan Metzmacher <metze@samba.org>
2011-12-22 19:25:11 +01:00
Andrew Bartlett
b85bcd7a24 s3-rpc_server request both sign and seal for clarity
Signed-off-by: Stefan Metzmacher <metze@samba.org>
2011-12-22 19:25:11 +01:00
Andrew Bartlett
c17131685c s3-auth remove auth_ntlmssp_start(), call auth_generic_start() directly
This makes it clear that this can support more than just NTLMSSP.

Andrew Bartlett

Signed-off-by: Stefan Metzmacher <metze@samba.org>
2011-12-22 19:25:10 +01:00
Andrew Bartlett
1100f6eca5 s3-auth rename auth_ntlmssp_prepare() -> auth_generic_prepare()
This function handles more than NTLMSSP now, at least when we are an AD DC
and so changing the name may avoid some confusion in the future.

Andrew Bartlett

Signed-off-by: Stefan Metzmacher <metze@samba.org>
2011-12-22 19:25:10 +01:00
Andrew Bartlett
6391fff9da s3-auth rename auth_ntlmssp_state -> auth_generic_state
This structure handles more than NTLMSSP now, at least when we are an AD DC
and so changing the name may avoid some confusion in the future.

Andrew Bartlett

Signed-off-by: Stefan Metzmacher <metze@samba.org>
2011-12-22 19:25:10 +01:00
Andrew Bartlett
0b7bc1c45c s3-rpc_server request the DCE_STYLE feature in ntlmssp_server_auth_start
This is not used or honoured by NTLMSSP, but I hope to make this routine
more generic in the future.

Andrew Bartlett

Signed-off-by: Stefan Metzmacher <metze@samba.org>
2011-12-22 19:25:10 +01:00
Sumit Bose
6765e7c2a6 s3-netlogon: use dsgetdcname() instead of get_dc_name()
Sometimes the domain parameter might not contain the NetBIOS name of the remote
domain but the DNS name.

Autobuild-User: Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date: Thu Dec 22 19:21:21 CET 2011 on sn-devel-104
2011-12-22 19:21:21 +01:00
Sumit Bose
1c8f326dc6 s3-netlogon: Add support to authenticate trusted domains. 2011-12-22 17:48:24 +01:00
Stefan Metzmacher
00d0b4d6d0 s3-rpc_server: Pass in our flags to netlogon_creds_server_init().
metze
2011-12-22 17:48:24 +01:00
Stefan Metzmacher
9c00d04ac1 s3-netlogon: Add support for LogonGetCapabilities.
This is also needed to support AES.

metze
2011-12-22 17:48:24 +01:00
Andrew Bartlett
8115c99a97 s3-rpc_server: Add my copyright for my previous work here
Autobuild-User: Andrew Bartlett <abartlet@samba.org>
Autobuild-Date: Thu Dec 22 09:02:57 CET 2011 on sn-devel-104
2011-12-22 09:02:56 +01:00
Andrew Bartlett
7e6908502b s3-rpc_server: Remove old comment 2011-12-22 07:27:07 +01:00
Andrew Tridgell
454aff6115 s3-rpc: added "rpc_server:default" config option
this allows the config to specify a default behaviour (embedded,
external or disabled) for unknown pipes. This is needed to allow the
s3 smbd server to redirect unknown pipes to the s4 RPC server when
using s3 smbd as a file server for a s4 DC. If rpc_server:default is
not specified then this change preserves the old behaviour
2011-12-22 07:27:07 +01:00
Stefan Metzmacher
03455519e7 s3:smbd: pass smbd_server_connection and a snumused function pointer to reload_services()
metze
2011-12-15 11:11:24 +01:00
Stefan Metzmacher
06c1c338e3 s3:rpc_server/spoolss: remove reload_services check from delete_printer_hook()
As the spoolss code can run embedded or external relative to the
smbd file server process, it's very tricky to verify if a share
is still in use.

Checking the result of the "deleteprinter command" command should
be enough to check for success. We should not return WERR_ACCESS_DENIED
if the share is still in use, by the current client, as the primary
printer definition is already deleted.

metze
2011-12-15 11:03:29 +01:00
Stefan Metzmacher
3cf275cd75 s3:smbd/msdfs: enum_msdfs_links() doesn't need a smbd_server_connection anymore
metze

Autobuild-User: Stefan Metzmacher <metze@samba.org>
Autobuild-Date: Tue Dec 13 17:26:20 CET 2011 on sn-devel-104
2011-12-13 17:26:20 +01:00
Stefan Metzmacher
ae7d877841 s3:smbd: use connections_snum_used() instead of conn_snum_used() for load_usershare_shares()
Before removing the share security descriptor, we should make sure there're
really no active users anymore.

metze
2011-12-13 15:45:36 +01:00
Stefan Metzmacher
1399e6bdf5 s3:param: don't reference conn_snum_used directly in load_usershare_shares()
This uses the same logic as lp_killunused().

metze
2011-12-13 15:45:36 +01:00
Stefan Metzmacher
7dc1de73d3 s3:rpc_server/netlogon: remove unused send_sync_message()
metze
2011-12-13 12:36:36 +01:00
Volker Lendecke
0f9d14820e s3: Remove a bunch of calls to procid_self()
All callers to messaging_[re]init only used procid_self()
2011-12-12 21:50:25 +01:00
Andrew Bartlett
c9d929af8b s4-lsarpc handle more info levels in SetInfoTrustedDomain calls
This uses the very helpful conversion functions written for the s3 lsa server
and places these in common.

Andrew Bartlett
2011-12-12 12:57:07 +01:00
Volker Lendecke
1c46fb5c3e s3: Use autogenerated open_files.idl 2011-12-02 22:43:05 +01:00
Jeremy Allison
3ede4ffe96 Fix bug #8561 - Password change settings not fully observed.
Autobuild-User: Jeremy Allison <jra@samba.org>
Autobuild-Date: Wed Nov 16 00:22:41 CET 2011 on sn-devel-104
2011-11-16 00:22:41 +01:00
Volker Lendecke
26d736f1ff s3: Remove two unused variables
Autobuild-User: Volker Lendecke <vlendec@samba.org>
Autobuild-Date: Tue Nov  8 10:14:36 CET 2011 on sn-devel-104
2011-11-08 10:14:36 +01:00
Henry Wong
51c86c8e67 Properly fix bug #8384 - Windows XP clients seem to crash smbd process every once in a while.
Ensure we correctly null out the referenced pointer when we decrease the ref. count.

Autobuild-User: Jeremy Allison <jra@samba.org>
Autobuild-Date: Fri Nov  4 21:12:13 CET 2011 on sn-devel-104
2011-11-04 21:12:13 +01:00
Jeremy Allison
767c54d8dd Fix bug #8562 - talloc: double free error.
Ensure we don't access an undefined pointer.

Autobuild-User: Jeremy Allison <jra@samba.org>
Autobuild-Date: Fri Nov  4 00:09:46 CET 2011 on sn-devel-104
2011-11-04 00:09:45 +01:00
Sumit Bose
f143c24fd0 s3-lsa: Let passdb backend handle the DOMAIN$ user
Signed-off-by: Günther Deschner <gd@samba.org>
2011-11-02 16:59:33 +01:00
Andreas Schneider
2f65ae25df s3: Include uid_wrapper where it is missing. 2011-10-27 13:32:02 +02:00
Andreas Schneider
7cb08171ce Include uid_wrapper correctly. 2011-10-27 13:32:02 +02:00
Andreas Schneider
bda9752b10 s3-netlogon: Fix setting the machinge account password.
This bug has been found with uid wrapper.
2011-10-27 13:32:00 +02:00
Jeremy Allison
0f746fcad8 Second attempt to fix bug #8384 - Windows XP clients seem to crash smbd process every once in a while.
Don't just use the first entry in back_channels as a talloc context
to allocate a long-lived chan entry on - must be NULL. It's already
correctly deleted when the last reference goes away.

Autobuild-User: Jeremy Allison <jra@samba.org>
Autobuild-Date: Wed Oct 26 02:42:35 CEST 2011 on sn-devel-104
2011-10-26 02:42:35 +02:00
Jeremy Allison
4ba00ab57b Try and fix bug #8384 - Windows XP clients seem to crash smbd process every once in a while.
Remove the copy of the binding handle from struct notify_back_channel, use
the direct pointer in struct rpc_pipe_client instead. Ensure we can't call
the functions with a NULL binding handle.

Autobuild-User: Jeremy Allison <jra@samba.org>
Autobuild-Date: Mon Oct 24 22:56:40 CEST 2011 on sn-devel-104
2011-10-24 22:56:40 +02:00
Simo Sorce
8870daeb8d idl: Improve MS-PAC IDL
Change some misleading variable names to reflect the actual function.
Add missing field name/types previously marked as unkown.

Signed-off-by: Günther Deschner <gd@samba.org>

Autobuild-User: Günther Deschner <gd@samba.org>
Autobuild-Date: Mon Oct 24 19:19:28 CEST 2011 on sn-devel-104
2011-10-24 19:19:28 +02:00
Andrew Bartlett
321204eaeb s3-ntlmssp Remove references to auth_ntlmssp_context from the rpc code
We always dereferenced auth_ntlmssp_state->gensec_security, so now we
do not bother passing around the whole auth_ntlmssp_state.

Andrew Bartlett

Signed-off-by: Stefan Metzmacher <metze@samba.org>
2011-10-21 08:50:55 +02:00
Andrew Bartlett
3f079885b2 s3-ntlmssp Remove auth_ntlmssp_want_feature()
We now just call the gensec_want_feature() directly.

Andrew Bartlett

Signed-off-by: Stefan Metzmacher <metze@samba.org>
2011-10-21 08:43:33 +02:00
Andrew Bartlett
487545d48f s3-ntlmssp Remove auth_ntlmssp_negotiated_sign() and auth_ntlmssp_negotiated_seal()
We now just call the gensec_have_feature() directly.

Andrew Bartlett

Signed-off-by: Stefan Metzmacher <metze@samba.org>
2011-10-21 08:43:18 +02:00
Andrew Bartlett
083025ccd5 s3-ntlmssp Remove auth_ntlmssp_update wrapper
We now just call gensec_update directly.

Andrew Bartlett

Signed-off-by: Stefan Metzmacher <metze@samba.org>
2011-10-21 08:43:10 +02:00
Andrew Bartlett
915fe7981b s3-auth remove auth_ntlmssp_session_info()
Instead, call gensec_session_info() directly.

Andrew Bartlett

Signed-off-by: Stefan Metzmacher <metze@samba.org>
2011-10-21 08:43:02 +02:00
Andrew Bartlett
0c6e4adcb2 ntlmssp: Move ntlmssp code to auth/ntlmssp
This brings in the code from both libcli/auth and
source4/auth/ntlmssp.

Andrew Bartlett

Signed-off-by: Stefan Metzmacher <metze@samba.org>
2011-10-18 13:13:31 +11:00
Andrew Bartlett
5603dab647 libcli/auth: Provide a struct loadparm_context to schannel calls
This will allow us to pass this down to the tdb_wrap layer.

Andrew Bartlett
2011-10-13 14:06:07 +02:00
Simo Sorce
995d156726 s3-group-mapping: Remove fstrings from GROUP_MAP.
Signed-off-by: Andreas Schneider <asn@samba.org>

Autobuild-User: Günther Deschner <gd@samba.org>
Autobuild-Date: Wed Oct 12 19:28:12 CEST 2011 on sn-devel-104
2011-10-12 19:28:12 +02:00
Michael Adam
33405972b2 s3:rpc_server: convert srvsvc to only use dbwrap wrapper functions
Avoid direct use of the db_record and db_context structs.
2011-10-11 14:17:57 +02:00
Jeremy Allison
c80ba57169 Fix bug #8509 - Read-only handles on SAMR allow SAMR_DOMAIN_ACCESS_CREATE_USER.
Not a security issue as we also check inside _samr_CreateUser2.
Thanks to Andreas Schneider <asn@samba.org> for finding and testing this.

Autobuild-User: Jeremy Allison <jra@samba.org>
Autobuild-Date: Fri Oct  7 21:51:27 CEST 2011 on sn-devel-104
2011-10-07 21:51:27 +02:00
Andreas Schneider
b93eae2064 s3-samr: Remove fstring in samr.
Autobuild-User: Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date: Mon Sep 26 19:56:04 CEST 2011 on sn-devel-104
2011-09-26 19:56:04 +02:00
Simo Sorce
f7419172f0 s3-passdb: Cleanup use of fstring and move to talloc.
Signed-off-by: Andreas Schneider <asn@samba.org>
2011-09-26 18:25:26 +02:00
Volker Lendecke
b35d80aa38 s3: Remove the smbd_server_conn ref from create_junction
Autobuild-User: Volker Lendecke <vlendec@samba.org>
Autobuild-Date: Mon Sep 26 16:33:30 CEST 2011 on sn-devel-104
2011-09-26 16:33:29 +02:00
Volker Lendecke
fba833d055 s3: Remove the smbd_server_conn ref from get_referred_path 2011-09-26 14:59:12 +02:00
Volker Lendecke
425b93ef69 s3: Remove the smbd_server_conn ref from create_conn_struct 2011-09-26 14:59:12 +02:00
Günther Deschner
60d91f2c56 s3-libnet: allow to use default krb5 ccache in libnet_Join/libnet_Unjoin.
We force using a MEMORY ccache though in the wkssvc server.

Guenther

Autobuild-User: Günther Deschner <gd@samba.org>
Autobuild-Date: Wed Sep 21 19:13:33 CEST 2011 on sn-devel-104
2011-09-21 19:13:33 +02:00
Andreas Schneider
a7d2437bc0 rpc_server: Improve debug message for sys_getpeereid().
Autobuild-User: Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date: Thu Sep 15 19:23:43 CEST 2011 on sn-devel-104
2011-09-15 19:23:43 +02:00
Stefan Metzmacher
8602e8a536 s3:rpc_server: let rpcint handles return NT_STATUS_CONNECTION_DISCONNECTED
We should return the same in all places.

metze
2011-09-14 18:03:17 +02:00
Sumit Bose
456aee80f5 s3-lsa: Add conversion for auth info structs
struct lsa_TrustDomainInfoAuthInfo and struct
trustAuthInOutBlob can store the same information for different usage. The added
routines can convert one struct into the other.

Signed-off-by: Günther Deschner <gd@samba.org>

Autobuild-User: Günther Deschner <gd@samba.org>
Autobuild-Date: Mon Sep 12 15:52:17 CEST 2011 on sn-devel-104
2011-09-12 15:52:17 +02:00
Andreas Schneider
b73426595c s3-spoolss: Fix bug #8236 empty notify servername.
Signed-off-by: Andreas Schneider <asn@samba.org>

Autobuild-User: Jeremy Allison <jra@samba.org>
Autobuild-Date: Sat Sep  3 02:58:42 CEST 2011 on sn-devel-104
2011-09-03 02:58:42 +02:00
Andreas Schneider
6d8b4f59e4 s3-rpc_server: Add missing rng_fault_state in epmapper.
We need to raise an exception so we need to set the rng_fault_state for
epm_Insert and epm_Delete if someone connects over a transport other
than NCALRPC.

Autobuild-User: Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date: Thu Sep  1 15:59:50 CEST 2011 on sn-devel-104
2011-09-01 15:59:50 +02:00
Andreas Schneider
ae292ed180 s3-rpc_server: Handle services with multiple pipe names.
The configuration should only use the default pipe name to configure all
of them correctly.
2011-09-01 14:28:03 +02:00
Andreas Schneider
da2347379e s3-rpc_server: Disable epmapper by default.
We need more testing in the real world. We need to be sure that if a
Windows client can access port 135 it doesn't require that a service is
available via ncacn_ip_tcp. If possible please enable it using the
following smb.conf options for testing:

  rpc_daemon:epmd = fork
  rpc_server:epmapper = external

Autobuild-User: Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date: Wed Aug 31 16:29:20 CEST 2011 on sn-devel-104
2011-08-31 16:29:20 +02:00
Sumit Bose
1473e64c7f s3-lsa: Add _lsa_SetInformationTrustedDomain() and related calls
The following LSA calls are added:
 - _lsa_SetInformationTrustedDomain()
 - _lsa_SetTrustedDomainInfo()
 -_lsa_SetTrustedDomainInfoByName()

Signed-off-by: Günther Deschner <gd@samba.org>
2011-08-31 12:55:23 +02:00
Sumit Bose
579cb3dd33 s3-lsa: Update _lsa_QueryTrustedDomainInfo()
Signed-off-by: Günther Deschner <gd@samba.org>
2011-08-31 12:53:57 +02:00
Sumit Bose
3e2711c7e0 s3-lsa: Fix access mapping in_lsa_OpenTrustedDomain_base()
Signed-off-by: Günther Deschner <gd@samba.org>
2011-08-31 11:34:25 +02:00
Sumit Bose
15c7a873c2 s3-lsa: Fix typo and use right pdb interface
Signed-off-by: Günther Deschner <gd@samba.org>
2011-08-31 11:34:25 +02:00
Andreas Schneider
a38ff63fcd s3-rpc_server: Make sure we switch always the connecting user.
We always have a valid session info and if it is a anonymous connection
we have a session info of the guest user. This means we should always
call become_authenticated_pipe_user() else and anonymous user could do
things as root.

Autobuild-User: Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date: Tue Aug 30 20:50:54 CEST 2011 on sn-devel-104
2011-08-30 20:50:54 +02:00
Michael Adam
498e32bbac s3:rpc_server: fix two debug messages in svcctl_add_service()
(copy and paste from eventlog?)

Autobuild-User: Michael Adam <obnox@samba.org>
Autobuild-Date: Mon Aug 29 15:30:33 CEST 2011 on sn-devel-104
2011-08-29 15:30:33 +02:00
Andreas Schneider
b8c3bfa55b s3-lib: If we create a pipe socket, don't start to listen.
The create_pipe_sock() function should only create the socket as the
name states and not start to listen on it too. We should start to listen
on in the individual places as we need different backlog values.

Autobuild-User: Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date: Mon Aug 29 13:21:43 CEST 2011 on sn-devel-104
2011-08-29 13:21:43 +02:00
Volker Lendecke
6d2f65ba7f s3: Fix an uninitialized variable
Autobuild-User: Volker Lendecke <vlendec@samba.org>
Autobuild-Date: Wed Aug 24 00:34:04 CEST 2011 on sn-devel-104
2011-08-24 00:34:04 +02:00
Volker Lendecke
0d3dc8e2d1 s3: Fix the build on FreeBSD
lsasd.c uses basename(3), which according to susv3
requires libgen.h and without which the FreeBSD build breaks.
2011-08-23 23:01:07 +02:00
Andreas Schneider
1152aa8e03 s3-passdb: Keep caches coherent
When deleting a user send a message to all interested parties so they can
purge their caches. Otherwise some processes may positively respond with a
cached getpwnam, when the user have actully been removed.

Without this some tests that remove and then immediately create users are
flakey.

Signed-off-by: Simo Sorce <idra@samba.org>
2011-08-21 09:08:25 -04:00
Andreas Schneider
0f4ee5d1b7 s3-lsasd: Listen on \PIPE\lsass.
Signed-off-by: Simo Sorce <idra@samba.org>
2011-08-21 09:08:24 -04:00
Andreas Schneider
8efdac83ff s3-lsasd: Add missing ncalrpc listeners.
Signed-off-by: Andreas Schneider <asn@samba.org>
Signed-off-by: Simo Sorce <idra@samba.org>
2011-08-21 09:05:07 -04:00
Andreas Schneider
b501f6f758 s3-rpc_server: Add create_dcerpc_ncalrpc_socket().
Signed-off-by: Andreas Schneider <asn@samba.org>
Signed-off-by: Simo Sorce <idra@samba.org>
2011-08-21 09:05:07 -04:00
Andreas Schneider
8a1572fe1b s3-rpc_server: Increase epm monitor wait time.
Signed-off-by: Andreas Schneider <asn@samba.org>
Signed-off-by: Simo Sorce <idra@samba.org>
2011-08-21 09:05:07 -04:00
Simo Sorce
2c45954622 s3-lsasd: Remove useless check
If we *really* are a bout to exit (PF_WORKER_EXITING) then the event will not
be called as the loop will exit. Otherwise PF_SRV_MSG_EXIT may not  be honoured
for a long time if we have cients connected, therefore keep handling SIGHUP
properly in those cases.

Signed-off-by: Andreas Schneider <asn@samba.org>
Signed-off-by: Simo Sorce <idra@samba.org>
2011-08-21 09:05:06 -04:00
Simo Sorce
cce8c72eb1 s3-lsasd: Listen on parent messages
Signed-off-by: Andreas Schneider <asn@samba.org>
Signed-off-by: Simo Sorce <idra@samba.org>
2011-08-21 09:05:06 -04:00
Simo Sorce
98d2bf052e s3-lsasd: Send a message to the parent when we accept a connection
Signed-off-by: Andreas Schneider <asn@samba.org>
Signed-off-by: Simo Sorce <idra@samba.org>
2011-08-21 09:05:06 -04:00
Simo Sorce
89dde6b7fc s3-lsasd: User new prefork helpers to simplify code.
Signed-off-by: Andreas Schneider <asn@samba.org>
Signed-off-by: Simo Sorce <idra@samba.org>
2011-08-21 09:05:05 -04:00
Simo Sorce
e3736f826b s3-prefork: Fix worker flags handling.
We can't have a clear idea of wether the worker is IDLE or BUSY.
The only things we can tell is if it is Alive, whether it is currently
Accepting connections or wether it is Exiting soon.

Remove PF_WORKER_IDLE, PF_WORKER_BUSY and replace their use with
PF_WORKER_ALIVE. Also properly assign PF_WORKER_ACCEPTING so that
users of the API can rely on the flag.

Signed-off-by: Andreas Schneider <asn@samba.org>
Signed-off-by: Simo Sorce <idra@samba.org>
2011-08-21 09:05:05 -04:00
Simo Sorce
ee0c69a25e s3-prefork: do not use a lock_fd, just race on accept()
We used a lock mimicking what apache does for preforked children.
But it doesn't work properly in our case because we do not stop once a request
has been served. Clients are allowed to perform multiple requests and keep the
connection open.
This means that if we allow multiple clients per children, then a child could
take the lock and then be asked to do a long or even locking operation by a
client it already is serving. This woulkd cause the whole server to deadlock,
as the child is now busy and also holding on the lock.
Using a race on accept() by having a tevent_fd on the listening socket wait
for read events we never deadlock. At most we cause a bit of contention among
children. But in the generic case connections are much less frequent for us as
clients tend to be long lived. So the little contention we may have is not a
big deal.

Signed-off-by: Andreas Schneider <asn@samba.org>
Signed-off-by: Simo Sorce <idra@samba.org>
2011-08-21 09:05:05 -04:00
Andreas Schneider
0723871372 rpc_server: Add forward declaration for dcerpc_transport_t.
Signed-off-by: Andreas Schneider <asn@samba.org>
Signed-off-by: Simo Sorce <idra@samba.org>
2011-08-21 09:05:05 -04:00
Andreas Schneider
5de61e655c s3-waf: Fix build with lsasd.
Signed-off-by: Andreas Schneider <asn@samba.org>
Signed-off-by: Simo Sorce <idra@samba.org>
2011-08-21 09:05:04 -04:00
Simo Sorce
c538b01225 s3-lsasd: Use prefrok utils to manage children
Signed-off-by: Andreas Schneider <asn@samba.org>
Signed-off-by: Simo Sorce <idra@samba.org>
2011-08-21 09:05:04 -04:00
Andreas Schneider
eb8a0c7672 s3-winbind: We need to use internal rpc connections in winbind.
Signed-off-by: Andreas Schneider <asn@samba.org>
Signed-off-by: Simo Sorce <idra@samba.org>
2011-08-21 09:05:04 -04:00
Simo Sorce
5b3eb835f6 s3-lsasd: Import fixes from spoolssd
Properly rotate log files in children by using a gloabl lsasd_child_id
variable.
Simplify code by using a global lsasd_pool variable, we can never use
more than one prefork pool in the same process anyway.

Signed-off-by: Andreas Schneider <asn@samba.org>
Signed-off-by: Simo Sorce <idra@samba.org>
2011-08-21 09:05:03 -04:00
Simo Sorce
32a53be1a4 s3-rpc_server: Use rpc_service_mode() in np_open()
Signed-off-by: Andreas Schneider <asn@samba.org>
Signed-off-by: Simo Sorce <idra@samba.org>
2011-08-21 09:05:03 -04:00
Simo Sorce
ef24917b5a s3-rpc_server: Use rpc_service_mode() in rpc_pipe_open_interface()
Signed-off-by: Andreas Schneider <asn@samba.org>
Signed-off-by: Simo Sorce <idra@samba.org>
2011-08-21 09:05:03 -04:00
Simo Sorce
23e7e1c158 s3-rpc_server: Replace RPC_SERVICE_MODE_DAEMON checks
Use rpc_daemon_type() macros where appropriate instead.

Signed-off-by: Andreas Schneider <asn@samba.org>
Signed-off-by: Simo Sorce <idra@samba.org>
2011-08-21 09:05:03 -04:00
Simo Sorce
11cbe24ac8 s3-rpc_server: Move config helpers in one place.
Signed-off-by: Andreas Schneider <asn@samba.org>
Signed-off-by: Simo Sorce <idra@samba.org>
2011-08-21 09:05:03 -04:00
Simo Sorce
5a4e0dd853 s3-rpc_server: Add helper to define/retrieve daemons configuration
Wtith this set of helper functions we make it easy to configure if we want to
use an embedded rpc server, or if we want to fork one. Or even just disable it
and let a third party server be used when the service is configured as
"external".

Signed-off-by: Andreas Schneider <asn@samba.org>
Signed-off-by: Simo Sorce <idra@samba.org>
2011-08-21 09:05:03 -04:00
Simo Sorce
9738ee4015 s3-rpc_server: Reduce code duplication
Signed-off-by: Andreas Schneider <asn@samba.org>
Signed-off-by: Simo Sorce <idra@samba.org>
2011-08-21 09:05:02 -04:00
Andreas Schneider
7abdf6e57f s3-rpc_server: Correctly register lsa, samr and netlogon.
Signed-off-by: Andreas Schneider <asn@samba.org>
Signed-off-by: Simo Sorce <idra@samba.org>
2011-08-21 09:05:02 -04:00
Andreas Schneider
0364bf025c s3-lsasd: Create a lsa service daemon.
Signed-off-by: Andreas Schneider <asn@samba.org>
Signed-off-by: Simo Sorce <idra@samba.org>
2011-08-21 09:05:02 -04:00
Andreas Schneider
e4b566d6cf s3-rpc_server: Make dcerpc_ncacn_accept() public.
Signed-off-by: Andreas Schneider <asn@samba.org>
Signed-off-by: Simo Sorce <idra@samba.org>
2011-08-21 09:05:02 -04:00
Andreas Schneider
312c519c5c s3-rpc_server: Check explicit for external and daemon server type.
Signed-off-by: Andreas Schneider <asn@samba.org>
Signed-off-by: Simo Sorce <idra@samba.org>
2011-08-21 09:05:02 -04:00
Andreas Schneider
ea3fa586e7 s3-rpc_server: Fix include order in srv_pipe_hnd.c.
Signed-off-by: Andreas Schneider <asn@samba.org>
Signed-off-by: Simo Sorce <idra@samba.org>
2011-08-21 09:05:02 -04:00
Simo Sorce
d52343a967 s3-messaging: Do not register to classes we are not going to use.
Signed-off-by: Andreas Schneider <asn@samba.org>

Autobuild-User: Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date: Thu Aug 11 17:09:30 CEST 2011 on sn-devel-104
2011-08-11 17:09:30 +02:00
Simo Sorce
cb1af61cb1 s3-messaging: Remove obsolete class.
The FLAG_MSG_PRINT_NOTIFY class is actually obsolete and never used, as the
only message belonging to it is not used either.

Signed-off-by: Andreas Schneider <asn@samba.org>
2011-08-11 14:57:55 +02:00
Simo Sorce
a1394fc934 s3-rpc_server: add termination function
This way we can act when a client disconnects.

Signed-off-by: Andreas Schneider <asn@samba.org>
2011-08-10 18:14:03 +02:00
Simo Sorce
d67fc9c1eb s3-rpc: Expose some internal functions
This will allow to hook the prefork socket handlers to the rpc service.

Signed-off-by: Andreas Schneider <asn@samba.org>
2011-08-10 18:14:03 +02:00
Andreas Schneider
68d79eb6ef s3-rpc_server: Fix sending of packets over named pipe proxy.
We need for named pipes we need to send each fragment on its own to be a
message.

Signed-off-by: Simo Sorce <idra@samba.org>

Autobuild-User: Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date: Tue Aug  9 11:55:18 CEST 2011 on sn-devel-104
2011-08-09 11:55:18 +02:00
Andreas Schneider
bc3fae70a2 s3-rpc_server: Free the children of p->mem_ctx.
Free the children of p->mem_ctx after processing a complete incoming and
outgoing request.

Signed-off-by: Simo Sorce <idra@samba.org>
2011-08-09 10:41:47 +02:00
Andrew Bartlett
8fca9741fe s3-auth rename auth_ntlmssp_steal_session_info()
There is no longer any theft of memory as the underlying routines now
produce a new auth_session_info for this caller, allocating it
on the supplied memory context.

Andrew Bartlett
2011-08-03 18:48:05 +10:00
Andrew Bartlett
9a45bf3952 s3-auth set session_info->sanitized_username in create_local_token()
Rather than passing this value around the callers, and eventually
setting it in register_existing_vuid(), we simply pass it to
create_local_token().  This also removes the need for
auth_ntlmssp_get_username().

Andrew Bartlett

Signed-off-by: Andrew Tridgell <tridge@samba.org>
2011-08-03 18:48:04 +10:00
Andrew Bartlett
8b983d2326 s3-ntlmssp Split auth_ntlmssp_start into two functions
This helps map on to the GENSEC semantics better, and ensures that the
full set of desired features are set before the mechanism starts.

Andrew Bartlett

Signed-off-by: Andrew Tridgell <tridge@samba.org>
2011-08-03 18:48:04 +10:00
Andrew Bartlett
778bf87d8d s3-ntlmssp Remove calls to auth_ntlmssp_and_flags from the server
This is changed so that the callers ask for the additional flags
that they need, starting with no additional flags.

This helps to create a proper abstraction layer in
ntlmssp_wrap/auth_ntlmssp.

Andrew Bartlett

Signed-off-by: Andrew Tridgell <tridge@samba.org>
2011-08-03 18:48:03 +10:00
Andrew Bartlett
6d7ac4f1ad s3-ntlmssp Add mem_ctx argument to auth_ntlmssp_update
This clarifies the lifetime of the returned token.

Andrew Bartlett

Signed-off-by: Andrew Tridgell <tridge@samba.org>
2011-08-03 18:48:03 +10:00
Andrew Bartlett
8e50c69626 s3-rpc_server use session_info to print user details
This is the authoritative source for what the user was actually
authenticated as.

The previous message printed only what they claimed, and the DC might
map this.

The workstation is no longer printed in the logs, as it allows
auth_ntlmssp_get_client() to be removed.

Andrew Bartlett

Signed-off-by: Andrew Tridgell <tridge@samba.org>
2011-08-03 18:48:02 +10:00
Stefan Metzmacher
da53434391 s3:spoolss: make use of cli_state_protocol()
metze
2011-08-02 04:54:29 +02:00
Andreas Schneider
f72d56de50 s3-rpc_server: Only setup tcpip ports if epmapper is enabled.
Autobuild-User: Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date: Mon Aug  1 12:31:59 CEST 2011 on sn-devel-104
2011-08-01 12:31:59 +02:00
Andreas Schneider
aca4dbe000 s3-rpc_server: Use rpc_spoolss_mode(). 2011-08-01 11:08:37 +02:00
Andreas Schneider
538bd1eca6 s3-rpc_server: Add rpc_spoolss_mode(). 2011-08-01 11:08:37 +02:00
Andreas Schneider
b11878d5a5 s3-rpc_server: Enable endpoint mapper as daemon by default. 2011-08-01 11:08:36 +02:00
Andreas Schneider
d189d2bf32 s3-rpc_server: Use rpc_epmapper_mode().
Remove embedded mode cause this will not work. It was only there for
testing.
2011-08-01 11:08:36 +02:00
Andreas Schneider
176ce4b42f s3-rpc_server: Add rpc_epmapper_mode(). 2011-08-01 11:08:36 +02:00
Andreas Schneider
9c5f2ec121 s3-rpc_server: Disable listening on tcpip ports by default. 2011-08-01 11:08:36 +02:00
Andreas Schneider
48542728b1 s3-epmd: Use rpc_setup_tcpip_sockets(). 2011-08-01 08:50:35 +02:00
Andreas Schneider
0fef6766b9 s3-rpc_server: Use binding vector in rpc_ep_try_register(). 2011-08-01 08:50:35 +02:00
Andreas Schneider
498e53c220 s3-rpc_server: Add RPC socket helper functions. 2011-08-01 08:50:35 +02:00
Andreas Schneider
d597bf4dad s3-rpc_server: Rename to rpc service setup. 2011-08-01 08:50:34 +02:00
Andreas Schneider
e25b34ab0c s3-rpc_server: Move the endpoint registration to own file. 2011-08-01 08:50:34 +02:00
Andreas Schneider
cca96e4726 s3-rpc_server: Added common function to create tcpip socket. 2011-08-01 08:50:34 +02:00
Günther Deschner
95e8f09f6e s3-lsa: Fix crypto prototypes.
Guenther

Autobuild-User: Günther Deschner <gd@samba.org>
Autobuild-Date: Mon Aug  1 00:18:34 CEST 2011 on sn-devel-104
2011-08-01 00:18:34 +02:00
Günther Deschner
70192f034c s3-build: remove some unused/duplicate headers.
Guenther
2011-07-31 22:37:28 +02:00
Günther Deschner
6544bde277 s3-lsa: support secret objects in _lsa_QuerySecurity().
Guenther
2011-07-31 22:37:28 +02:00
Günther Deschner
1387095990 s3-lsa: support secret objects in _lsa_DeleteObject().
Guenther
2011-07-31 22:37:27 +02:00
Günther Deschner
caa0cc76b0 s3-lsa: implement _lsa_QuerySecret().
Guenther
2011-07-31 22:37:27 +02:00
Günther Deschner
eb88c7e61e s3-lsa: implement _lsa_SetSecret().
Guenther
2011-07-31 22:37:27 +02:00
Günther Deschner
d2d59ff3ee s3-lsa: implement _lsa_CreateSecret().
Guenther
2011-07-31 22:37:27 +02:00
Günther Deschner
7158e27724 s3-lsa: implement _lsa_OpenSecret().
Guenther
2011-07-31 22:37:27 +02:00
Günther Deschner
b0d9f620aa s3-lsa: add LSA_HANDLE_SECRET_TYPE.
Guenther
2011-07-31 22:37:26 +02:00
Günther Deschner
b98145edc9 s3-lsa: Fix _lsa_DeleteObject to handle trusted domain objects.
Guenther
2011-07-31 22:37:26 +02:00
Michael Adam
0b5c4a601a s3:dbwrap: move all .c and .h files of dbwrap to lib/dbwrap/
Autobuild-User: Michael Adam <obnox@samba.org>
Autobuild-Date: Fri Jul 29 13:34:22 CEST 2011 on sn-devel-104
2011-07-29 13:34:22 +02:00
Simo Sorce
e84c7a2e26 s3-rpc_server: Use talloc for pipe_rpc_fns
Everything uses talloc in the rpc server nowadays, remove this ancient use of
malloc. This also allows us to remove the free fucntion and let talloc handle
it properly.

Autobuild-User: Simo Sorce <idra@samba.org>
Autobuild-Date: Thu Jul 28 17:41:08 CEST 2011 on sn-devel-104
2011-07-28 17:41:08 +02:00
Simo Sorce
48a71664f2 s3-rpc_server: remove useless code
We do not reuse pies_struct so there is no reason to SERO_STRUCT() it when we
are freeing it as we are done using it anyways.
2011-07-28 10:27:58 -04:00
Simo Sorce
262af4713e s3-rpc_server: remove unnecessary talloc_free
The auth_ctx is a child of pipes_struct, and this function is a used only as a
destructor on pipes_struct. So it is not really necessary to free this struct
in the destructor as it will be freed soon enough anyway.
2011-07-28 10:27:52 -04:00
Simo Sorce
0a72744dd2 s3-rpc_server: Remove dead code
srv_str and cli_str are not used anymore.
2011-07-28 10:27:45 -04:00
Andreas Schneider
a97fef36bc s3-spoolss: Use existing handle in printer_driver_files_in_use().
Autobuild-User: Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date: Thu Jul 28 16:20:11 CEST 2011 on sn-devel-104
2011-07-28 16:20:11 +02:00
Andreas Schneider
5fa9fe39ea s3-spoolss: Use existing handle in printer_driver_in_use(). 2011-07-28 15:08:42 +02:00
Andreas Schneider
133fb0ebcc s3-spoolss: Use get_session_info_system().
Autobuild-User: Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date: Wed Jul 27 10:38:34 CEST 2011 on sn-devel-104
2011-07-27 10:38:34 +02:00
Andreas Schneider
b77f626def s3-spoolss: Free the info2 structure in _spoolss_GetPrinter. 2011-07-27 08:50:01 +02:00
Andreas Schneider
f26441d8ba s3-spoolss: Use tmp_ctx everywhere in _spoolss_DeletePrinterDriverEx. 2011-07-27 08:50:01 +02:00
Andreas Schneider
fea4a3111b s3-spoolss: Use tmp_ctx in winreg_enum_printer_key_internal. 2011-07-27 08:50:01 +02:00
Andreas Schneider
c58c0ba0bd s3-spoolss: Use tmp_ctx in winreg_printer_deleteform1_internal. 2011-07-27 08:50:01 +02:00
Andreas Schneider
80c1a8e04e s3-spoolss: Use tmp_ctx in winreg_printer_setform1_internal. 2011-07-27 08:50:00 +02:00
Andreas Schneider
baccb06658 s3-spoolss: Use tmp_ctx in winreg_printer_addform1_internal. 2011-07-27 08:50:00 +02:00
Andreas Schneider
a6ea1542c5 s3-spoolss: Use tmp_ctx in winreg_printer_getform1_internal. 2011-07-27 08:50:00 +02:00
Andreas Schneider
f49917ade0 s3-spoolss: Use tmp_ctx in winreg_printer_enumforms1_internal. 2011-07-27 08:50:00 +02:00
Andreas Schneider
81eae6ebd4 s3-spoolss: Use tmp_ctx in winreg_set_printer_secdesc_internal. 2011-07-27 08:50:00 +02:00
Andreas Schneider
41c2e711bd s3-spoolss: Use tmp_ctx in winreg_get_printer_secdesc_internal. 2011-07-27 08:50:00 +02:00
Andreas Schneider
022a13f1e0 s3-spoolss: Use tmp_ctx in winreg_add_driver_internal. 2011-07-27 08:50:00 +02:00
Andreas Schneider
ff6294ef0f s3-spoolss: Use tmp_ctx in winreg_del_driver_internal. 2011-07-27 08:50:00 +02:00
Andreas Schneider
72ac68e746 s3-spoolss: Use tmp_ctx in winreg_get_driver_list_internal. 2011-07-27 08:50:00 +02:00
Andreas Schneider
2e2631f554 s3-spoolss: Use tmp_ctx in winreg_get_driver_internal. 2011-07-27 08:50:00 +02:00
Andreas Schneider
106829545c s3-spoolss: Use tmp_ctx in winreg_delete_printer_dataex_internal. 2011-07-27 08:49:59 +02:00
Andreas Schneider
e6e80ea137 s3-spoolss: Use tmp_ctx in winreg_get_printer_dataex_internal. 2011-07-27 08:49:59 +02:00
Andreas Schneider
7aef2f6308 s3-spoolss: Use tmp_ctx in winreg_enum_printer_dataex_internal. 2011-07-27 08:49:59 +02:00
Andreas Schneider
311d6dbeb7 s3-spoolss: Use tmp_ctx in winreg_set_printer_dataex_internal. 2011-07-27 08:49:59 +02:00
Andreas Schneider
2b0adab76e s3-spoolss: Use tmp_ctx in winreg_update_printer_internal. 2011-07-27 08:49:59 +02:00
Andreas Schneider
34dc5a57f9 s3-spoolss: Use tmp_ctx in winreg_create_printer_internal. 2011-07-27 08:49:59 +02:00
Andreas Schneider
f9359a2dc9 s3-spoolss: Use tmp_ctx in winreg_get_printer_internal. 2011-07-27 08:49:59 +02:00
Andreas Schneider
20afdeec3c s3-spoolss: Use tmp_ctx in winreg_printer_get_changeid_internal. 2011-07-27 08:49:59 +02:00
Andreas Schneider
ba74c5df2d s3-spoolss: Use tmp_ctx in winreg_printer_update_changeid_internal. 2011-07-27 08:49:59 +02:00
Andreas Schneider
43604dd321 s3-spoolss: Use tmp_ctx in winreg_delete_printer_key_internal. 2011-07-27 08:49:59 +02:00
Andreas Schneider
bed0672b03 s3-spoolss: Free local in winreg_printer_binding_handle. 2011-07-27 08:49:58 +02:00
Simo Sorce
99e03bee7a s3-spoolss: Improve memory efficiency.
p->mem_ctx is a relatively long lived context as it will not be freed until
a full request is served. In spoolss we do a lot of operations including
opening new pipes to connect to winreg.
Use more shortlived temporary contexts to avoid leaking a lot of memory on
p->mem_ctx and carrying it around untill all the operations in the current call
are done.

Signed-off-by: Andreas Schneider <asn@samba.org>
2011-07-27 08:49:58 +02:00
Andreas Schneider
fe7e4ac462 s3-rpc_server: Copy correct local tsocket address. 2011-07-27 08:49:58 +02:00
Simo Sorce
b19b05cd0a s3-rpc_server: Do not set msg_ctx twice
msg_ctx was already passed to make_base_pipes_struct,
no need to set it again.

Autobuild-User: Simo Sorce <idra@samba.org>
Autobuild-Date: Fri Jul 22 00:47:28 CEST 2011 on sn-devel-104
2011-07-22 00:47:28 +02:00
Andreas Schneider
fb2ee304a8 s3-rpc_server: Pass msg_ctx to make_base_pipes_struct().
Autobuild-User: Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date: Thu Jul 21 21:08:32 CEST 2011 on sn-devel-104
2011-07-21 21:08:31 +02:00
Simo Sorce
156a0ffe54 s3-rpc_server: Create common function to allocate pipes_struct
Avoid code duplication and fix bug where a new pipe was not added to
InternalPipes upon creation in make_server_pipes_struct()

Signed-off-by: Andreas Schneider <asn@samba.org>

Autobuild-User: Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date: Thu Jul 21 19:50:02 CEST 2011 on sn-devel-104
2011-07-21 19:50:02 +02:00
Simo Sorce
759a04e58a s3-rpc_server: Move pipe/handles functions
Put InternalPipes related functions in rpc_handles.c and out of rpc_ncacn_np.c
rpc_handles.c is the only file that really uses them after all and ncacn_np.c
is the wrong place for that stuff.
While ther remove unnecessary wrapper functions now that the InternalPipes
static variable is directly accessible.

Also move all pipes_struct related header stuff in its own rpc_pipes.h header.

Signed-off-by: Andreas Schneider <asn@samba.org>
2011-07-21 18:40:23 +02:00
Andreas Schneider
0d8f65b346 s3-rpc_server: Fixed header define. 2011-07-21 18:40:23 +02:00
Andreas Schneider
6a4a6efdc9 s3-rpc_server: Remove unused endpoint information. 2011-07-21 18:40:23 +02:00
Andreas Schneider
4a6a588e44 s3-rpc_server: We need to copy the session_info for external pipes.
Andrew please check!
2011-07-21 18:40:23 +02:00
Andreas Schneider
19288f9784 s3-rpc_server: Duplicate the pipe name. 2011-07-21 18:40:23 +02:00
Andreas Schneider
3a43ef52db s3-rpc_server: Free the np dir. 2011-07-21 18:40:22 +02:00
Andreas Schneider
304e8116a9 s3-rpc_server: Fix messaging context in the pipes struct. 2011-07-21 18:40:22 +02:00
Andreas Schneider
f5da8ed889 s3-rpc_server: Add my copyright. 2011-07-21 18:40:22 +02:00
Andrew Bartlett
6622821063 s3-auth Remove seperate guest boolean
Instead, we base our guest calculations on the presence or absense of the
authenticated users group in the token, ensuring that we have only
one canonical source of this important piece of authorization data

Andrew Bartlett

Signed-off-by: Andrew Tridgell <tridge@samba.org>
2011-07-20 09:17:14 +10:00
Andrew Bartlett
03b153ce54 s3-rpc_server remove per-element copies of auth_session_info
This is not required any more now that they are the same structure,
and shows the value in having a common structure across the codebase.

In particular, now any additional state that needs to be added to the
auth_session_info will be transparently available across the named
pipe proxy, without a need to modify the mapping layer.

Andrew Bartlett

Signed-off-by: Andrew Tridgell <tridge@samba.org>
2011-07-20 09:17:13 +10:00
Andrew Bartlett
9fcc617ff5 s3-auth Use the common auth_session_info
This patch finally has the same structure being used to describe the
authorization data of a user across the whole codebase.

This will allow of our session handling to be accomplished with common code.

Andrew Bartlett

Signed-off-by: Andrew Tridgell <tridge@samba.org>
2011-07-20 09:17:13 +10:00
Andrew Bartlett
128ae06a61 s3-auth use auth_user_info not netr_SamInfo3 in auth3_session_info
This makes auth3_session_info identical to auth_session_info

The logic to convert the info3 to a struct auth_user_info is
essentially moved up the stack from the named pipe proxy in
source3/rpc_server to create_local_token().

Andrew Bartlett

Signed-off-by: Andrew Tridgell <tridge@samba.org>
2011-07-20 09:17:13 +10:00
Andrew Bartlett
8d72e612ac s3-rpc_server read and write the unix_token and unix_info across named_pipe_auth
This ensures that the exact same token is used on both sides of the
pipe, when a full token is passed (ie, source3 to source3, but not yet
source4 to to source3 as the unix info isn't calculated there yet).

If we do not have unix_token, we fall back to the old behaviour and go
via create_local_token().  (However, in this case the security_token
is now overwritten, as it is better to have it match the rest of the
session_info create_local_token() builds).

Andrew Bartlett

Signed-off-by: Andrew Tridgell <tridge@samba.org>
2011-07-20 09:17:13 +10:00
Andrew Bartlett
ec5f1b78af s3-auth Use system boolean in auth_user_info_unix
Signed-off-by: Andrew Tridgell <tridge@samba.org>
2011-07-20 09:17:11 +10:00
Andrew Bartlett
e2049e77e4 s3-auth Use guest boolean in auth_user_info_unix
Signed-off-by: Andrew Tridgell <tridge@samba.org>
2011-07-20 09:17:11 +10:00
Andrew Bartlett
9289537993 s3-auth Use struct auth_user_info_unix for unix_name and sanitized_username
This is closer to the layout of struct auth_session_info in auth.idl

Andrew Bartlett

Signed-off-by: Andrew Tridgell <tridge@samba.org>
2011-07-20 09:17:11 +10:00
Andrew Bartlett
6d741e918f s3-auth Use *unix_token rather than utok in struct auth3_session_info
This brings this structure one step closer to the struct auth_session_info.

A few SMB_ASSERT calls are added in some key places to ensure that
this pointer is initialised, to make tracing any bugs here easier in
future.

NOTE: Many of the users of this structure should be reviewed, as unix
and NT access checks are mixed in a way that should just be done using
the NT ACL.  This patch has not changed this behaviour however.

Andrew Bartlett

Signed-off-by: Andrew Tridgell <tridge@samba.org>
2011-07-20 09:17:10 +10:00
Andrew Bartlett
f16d8f4eb8 s3-auth Use struct auth3_session_info outside the auth subsystem
This seperation between the structure used inside the auth modules and
in the wider codebase allows for a gradual migration from struct
auth_serversupplied_info -> struct auth_session_info (from auth.idl)

The idea here is that we keep a clear seperation between the structure
before and after the local groups, local user lookup and the session
key modifications have been processed, as the lack of this seperation
has caused issues in the past.

Andrew Bartlett

Signed-off-by: Andrew Tridgell <tridge@samba.org>
2011-07-20 09:17:10 +10:00
Andrew Bartlett
55ad1da888 Add my copyright
Signed-off-by: Andrew Tridgell <tridge@samba.org>
2011-07-20 09:17:09 +10:00
Andreas Schneider
df09511cf2 s3-rpc_server: Fixed segfaults in rpc daemons.
Autobuild-User: Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date: Mon Jul 18 14:01:02 CEST 2011 on sn-devel-104
2011-07-18 14:01:02 +02:00
Günther Deschner
ee1f25dc2a lsa: lsa_CreateTrustedDomainEx takes lsa_TrustDomainInfoAuthInfo, not
lsa_TrustDomainInfoAuthInfoInternal.

Guenther
2011-07-15 17:56:39 +02:00
Günther Deschner
3af3e4843f lsa: rename auth info argument in lsa_CreateTrustedDomainEx2
Guenther
2011-07-15 17:55:20 +02:00
Andreas Schneider
8faee7bd9b s3-rpc_server: Pass event and messaging context to accept function.
Autobuild-User: Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date: Thu Jul 14 17:22:16 CEST 2011 on sn-devel-104
2011-07-14 17:22:16 +02:00
Andreas Schneider
c69f2c4de9 s3-librpc: Pass messaging context to dcerpc register functions. 2011-07-14 16:10:47 +02:00
Andreas Schneider
5e0ff955ad s3-epmapper: Fix adding tcpip endpoints.
Autobuild-User: Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date: Wed Jul 13 15:22:11 CEST 2011 on sn-devel-104
2011-07-13 15:22:11 +02:00
Günther Deschner
f4add4fbf5 s3-waf: split out LIBCLI_WINREG_INTERNAL as LIBCLI_WINREG was pulling in rpc server code in undesired places.
Andreas, please check.

Guenther

Autobuild-User: Günther Deschner <gd@samba.org>
Autobuild-Date: Fri Jul  8 18:34:44 CEST 2011 on sn-devel-104
2011-07-08 18:34:43 +02:00
Günther Deschner
72b1f8be56 s3-printing: safe a ton of roundtrips by reusing existing winreg binding_handles.
Guenther

Pair-Programmed-With: David Disseldorp <ddiss@suse.de>
2011-07-07 18:06:02 +02:00
Günther Deschner
0a1ec73b96 s3-printing: use winreg_internal functions.
Guenther

Pair-Programmed-With: David Disseldorp <ddiss@suse.de>
2011-07-07 18:06:01 +02:00
Günther Deschner
ada5380d20 s3-printing: add winreg_internal functions.
Guenther

Pair-Programmed-With: David Disseldorp <ddiss@suse.de>
2011-07-07 18:06:01 +02:00
Günther Deschner
a762eda519 s3-printing: add winreg_printer_binding_handle and remove most of srv_spoolss_util.c.
Guenther

Pair-Programmed-With: David Disseldorp <ddiss@suse.de>
2011-07-07 18:06:01 +02:00
Günther Deschner
74e416031b s3-printing: move driver_info_ctr_to_info8 to init_spoolss.h
Guenther

Pair-Programmed-With: David Disseldorp <ddiss@suse.de>
2011-07-07 18:06:01 +02:00