IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
As the spoolss code can run embedded or external relative to the
smbd file server process, it's very tricky to verify if a share
is still in use.
Checking the result of the "deleteprinter command" command should
be enough to check for success. We should not return WERR_ACCESS_DENIED
if the share is still in use, by the current client, as the primary
printer definition is already deleted.
metze
Ensure we correctly null out the referenced pointer when we decrease the ref. count.
Autobuild-User: Jeremy Allison <jra@samba.org>
Autobuild-Date: Fri Nov 4 21:12:13 CET 2011 on sn-devel-104
Ensure we don't access an undefined pointer.
Autobuild-User: Jeremy Allison <jra@samba.org>
Autobuild-Date: Fri Nov 4 00:09:46 CET 2011 on sn-devel-104
Don't just use the first entry in back_channels as a talloc context
to allocate a long-lived chan entry on - must be NULL. It's already
correctly deleted when the last reference goes away.
Autobuild-User: Jeremy Allison <jra@samba.org>
Autobuild-Date: Wed Oct 26 02:42:35 CEST 2011 on sn-devel-104
Remove the copy of the binding handle from struct notify_back_channel, use
the direct pointer in struct rpc_pipe_client instead. Ensure we can't call
the functions with a NULL binding handle.
Autobuild-User: Jeremy Allison <jra@samba.org>
Autobuild-Date: Mon Oct 24 22:56:40 CEST 2011 on sn-devel-104
Change some misleading variable names to reflect the actual function.
Add missing field name/types previously marked as unkown.
Signed-off-by: Günther Deschner <gd@samba.org>
Autobuild-User: Günther Deschner <gd@samba.org>
Autobuild-Date: Mon Oct 24 19:19:28 CEST 2011 on sn-devel-104
We always dereferenced auth_ntlmssp_state->gensec_security, so now we
do not bother passing around the whole auth_ntlmssp_state.
Andrew Bartlett
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Andreas Schneider <asn@samba.org>
Autobuild-User: Günther Deschner <gd@samba.org>
Autobuild-Date: Wed Oct 12 19:28:12 CEST 2011 on sn-devel-104
Not a security issue as we also check inside _samr_CreateUser2.
Thanks to Andreas Schneider <asn@samba.org> for finding and testing this.
Autobuild-User: Jeremy Allison <jra@samba.org>
Autobuild-Date: Fri Oct 7 21:51:27 CEST 2011 on sn-devel-104
We force using a MEMORY ccache though in the wkssvc server.
Guenther
Autobuild-User: Günther Deschner <gd@samba.org>
Autobuild-Date: Wed Sep 21 19:13:33 CEST 2011 on sn-devel-104
struct lsa_TrustDomainInfoAuthInfo and struct
trustAuthInOutBlob can store the same information for different usage. The added
routines can convert one struct into the other.
Signed-off-by: Günther Deschner <gd@samba.org>
Autobuild-User: Günther Deschner <gd@samba.org>
Autobuild-Date: Mon Sep 12 15:52:17 CEST 2011 on sn-devel-104
Signed-off-by: Andreas Schneider <asn@samba.org>
Autobuild-User: Jeremy Allison <jra@samba.org>
Autobuild-Date: Sat Sep 3 02:58:42 CEST 2011 on sn-devel-104
We need to raise an exception so we need to set the rng_fault_state for
epm_Insert and epm_Delete if someone connects over a transport other
than NCALRPC.
Autobuild-User: Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date: Thu Sep 1 15:59:50 CEST 2011 on sn-devel-104
We need more testing in the real world. We need to be sure that if a
Windows client can access port 135 it doesn't require that a service is
available via ncacn_ip_tcp. If possible please enable it using the
following smb.conf options for testing:
rpc_daemon:epmd = fork
rpc_server:epmapper = external
Autobuild-User: Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date: Wed Aug 31 16:29:20 CEST 2011 on sn-devel-104
The following LSA calls are added:
- _lsa_SetInformationTrustedDomain()
- _lsa_SetTrustedDomainInfo()
-_lsa_SetTrustedDomainInfoByName()
Signed-off-by: Günther Deschner <gd@samba.org>
We always have a valid session info and if it is a anonymous connection
we have a session info of the guest user. This means we should always
call become_authenticated_pipe_user() else and anonymous user could do
things as root.
Autobuild-User: Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date: Tue Aug 30 20:50:54 CEST 2011 on sn-devel-104
The create_pipe_sock() function should only create the socket as the
name states and not start to listen on it too. We should start to listen
on in the individual places as we need different backlog values.
Autobuild-User: Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date: Mon Aug 29 13:21:43 CEST 2011 on sn-devel-104
When deleting a user send a message to all interested parties so they can
purge their caches. Otherwise some processes may positively respond with a
cached getpwnam, when the user have actully been removed.
Without this some tests that remove and then immediately create users are
flakey.
Signed-off-by: Simo Sorce <idra@samba.org>
If we *really* are a bout to exit (PF_WORKER_EXITING) then the event will not
be called as the loop will exit. Otherwise PF_SRV_MSG_EXIT may not be honoured
for a long time if we have cients connected, therefore keep handling SIGHUP
properly in those cases.
Signed-off-by: Andreas Schneider <asn@samba.org>
Signed-off-by: Simo Sorce <idra@samba.org>
We can't have a clear idea of wether the worker is IDLE or BUSY.
The only things we can tell is if it is Alive, whether it is currently
Accepting connections or wether it is Exiting soon.
Remove PF_WORKER_IDLE, PF_WORKER_BUSY and replace their use with
PF_WORKER_ALIVE. Also properly assign PF_WORKER_ACCEPTING so that
users of the API can rely on the flag.
Signed-off-by: Andreas Schneider <asn@samba.org>
Signed-off-by: Simo Sorce <idra@samba.org>
We used a lock mimicking what apache does for preforked children.
But it doesn't work properly in our case because we do not stop once a request
has been served. Clients are allowed to perform multiple requests and keep the
connection open.
This means that if we allow multiple clients per children, then a child could
take the lock and then be asked to do a long or even locking operation by a
client it already is serving. This woulkd cause the whole server to deadlock,
as the child is now busy and also holding on the lock.
Using a race on accept() by having a tevent_fd on the listening socket wait
for read events we never deadlock. At most we cause a bit of contention among
children. But in the generic case connections are much less frequent for us as
clients tend to be long lived. So the little contention we may have is not a
big deal.
Signed-off-by: Andreas Schneider <asn@samba.org>
Signed-off-by: Simo Sorce <idra@samba.org>
Properly rotate log files in children by using a gloabl lsasd_child_id
variable.
Simplify code by using a global lsasd_pool variable, we can never use
more than one prefork pool in the same process anyway.
Signed-off-by: Andreas Schneider <asn@samba.org>
Signed-off-by: Simo Sorce <idra@samba.org>
Wtith this set of helper functions we make it easy to configure if we want to
use an embedded rpc server, or if we want to fork one. Or even just disable it
and let a third party server be used when the service is configured as
"external".
Signed-off-by: Andreas Schneider <asn@samba.org>
Signed-off-by: Simo Sorce <idra@samba.org>
Signed-off-by: Andreas Schneider <asn@samba.org>
Autobuild-User: Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date: Thu Aug 11 17:09:30 CEST 2011 on sn-devel-104
The FLAG_MSG_PRINT_NOTIFY class is actually obsolete and never used, as the
only message belonging to it is not used either.
Signed-off-by: Andreas Schneider <asn@samba.org>
We need for named pipes we need to send each fragment on its own to be a
message.
Signed-off-by: Simo Sorce <idra@samba.org>
Autobuild-User: Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date: Tue Aug 9 11:55:18 CEST 2011 on sn-devel-104
There is no longer any theft of memory as the underlying routines now
produce a new auth_session_info for this caller, allocating it
on the supplied memory context.
Andrew Bartlett
Rather than passing this value around the callers, and eventually
setting it in register_existing_vuid(), we simply pass it to
create_local_token(). This also removes the need for
auth_ntlmssp_get_username().
Andrew Bartlett
Signed-off-by: Andrew Tridgell <tridge@samba.org>
This helps map on to the GENSEC semantics better, and ensures that the
full set of desired features are set before the mechanism starts.
Andrew Bartlett
Signed-off-by: Andrew Tridgell <tridge@samba.org>
This is changed so that the callers ask for the additional flags
that they need, starting with no additional flags.
This helps to create a proper abstraction layer in
ntlmssp_wrap/auth_ntlmssp.
Andrew Bartlett
Signed-off-by: Andrew Tridgell <tridge@samba.org>
This is the authoritative source for what the user was actually
authenticated as.
The previous message printed only what they claimed, and the DC might
map this.
The workstation is no longer printed in the logs, as it allows
auth_ntlmssp_get_client() to be removed.
Andrew Bartlett
Signed-off-by: Andrew Tridgell <tridge@samba.org>
Everything uses talloc in the rpc server nowadays, remove this ancient use of
malloc. This also allows us to remove the free fucntion and let talloc handle
it properly.
Autobuild-User: Simo Sorce <idra@samba.org>
Autobuild-Date: Thu Jul 28 17:41:08 CEST 2011 on sn-devel-104
The auth_ctx is a child of pipes_struct, and this function is a used only as a
destructor on pipes_struct. So it is not really necessary to free this struct
in the destructor as it will be freed soon enough anyway.
p->mem_ctx is a relatively long lived context as it will not be freed until
a full request is served. In spoolss we do a lot of operations including
opening new pipes to connect to winreg.
Use more shortlived temporary contexts to avoid leaking a lot of memory on
p->mem_ctx and carrying it around untill all the operations in the current call
are done.
Signed-off-by: Andreas Schneider <asn@samba.org>
msg_ctx was already passed to make_base_pipes_struct,
no need to set it again.
Autobuild-User: Simo Sorce <idra@samba.org>
Autobuild-Date: Fri Jul 22 00:47:28 CEST 2011 on sn-devel-104
Avoid code duplication and fix bug where a new pipe was not added to
InternalPipes upon creation in make_server_pipes_struct()
Signed-off-by: Andreas Schneider <asn@samba.org>
Autobuild-User: Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date: Thu Jul 21 19:50:02 CEST 2011 on sn-devel-104
Put InternalPipes related functions in rpc_handles.c and out of rpc_ncacn_np.c
rpc_handles.c is the only file that really uses them after all and ncacn_np.c
is the wrong place for that stuff.
While ther remove unnecessary wrapper functions now that the InternalPipes
static variable is directly accessible.
Also move all pipes_struct related header stuff in its own rpc_pipes.h header.
Signed-off-by: Andreas Schneider <asn@samba.org>
Instead, we base our guest calculations on the presence or absense of the
authenticated users group in the token, ensuring that we have only
one canonical source of this important piece of authorization data
Andrew Bartlett
Signed-off-by: Andrew Tridgell <tridge@samba.org>
This is not required any more now that they are the same structure,
and shows the value in having a common structure across the codebase.
In particular, now any additional state that needs to be added to the
auth_session_info will be transparently available across the named
pipe proxy, without a need to modify the mapping layer.
Andrew Bartlett
Signed-off-by: Andrew Tridgell <tridge@samba.org>
This patch finally has the same structure being used to describe the
authorization data of a user across the whole codebase.
This will allow of our session handling to be accomplished with common code.
Andrew Bartlett
Signed-off-by: Andrew Tridgell <tridge@samba.org>
This makes auth3_session_info identical to auth_session_info
The logic to convert the info3 to a struct auth_user_info is
essentially moved up the stack from the named pipe proxy in
source3/rpc_server to create_local_token().
Andrew Bartlett
Signed-off-by: Andrew Tridgell <tridge@samba.org>
This ensures that the exact same token is used on both sides of the
pipe, when a full token is passed (ie, source3 to source3, but not yet
source4 to to source3 as the unix info isn't calculated there yet).
If we do not have unix_token, we fall back to the old behaviour and go
via create_local_token(). (However, in this case the security_token
is now overwritten, as it is better to have it match the rest of the
session_info create_local_token() builds).
Andrew Bartlett
Signed-off-by: Andrew Tridgell <tridge@samba.org>
This brings this structure one step closer to the struct auth_session_info.
A few SMB_ASSERT calls are added in some key places to ensure that
this pointer is initialised, to make tracing any bugs here easier in
future.
NOTE: Many of the users of this structure should be reviewed, as unix
and NT access checks are mixed in a way that should just be done using
the NT ACL. This patch has not changed this behaviour however.
Andrew Bartlett
Signed-off-by: Andrew Tridgell <tridge@samba.org>
This seperation between the structure used inside the auth modules and
in the wider codebase allows for a gradual migration from struct
auth_serversupplied_info -> struct auth_session_info (from auth.idl)
The idea here is that we keep a clear seperation between the structure
before and after the local groups, local user lookup and the session
key modifications have been processed, as the lack of this seperation
has caused issues in the past.
Andrew Bartlett
Signed-off-by: Andrew Tridgell <tridge@samba.org>
As auth_util.c is linked several times the static variables have
different address on different calls. This leads to segfaults.
Autobuild-User: Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date: Thu Jul 7 16:50:05 CEST 2011 on sn-devel-104
The previous behaviour was to attempt to do a reverse hostname lookup,
where enabled. This new behaviour matches the new behaviour in the
modules called by auth stack.
Andrew Bartlett
