1
0
mirror of https://github.com/samba-team/samba.git synced 2024-12-25 23:21:54 +03:00
Commit Graph

4610 Commits

Author SHA1 Message Date
Stefan Metzmacher
14e5f9a25e CVE-2016-2118: s3:rpc_server/samr: allow _samr_ValidatePassword only with PRIVACY...
This requires transport encryption.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11616

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
2016-04-12 19:25:28 +02:00
Stefan Metzmacher
339e306672 CVE-2016-2118: s3:rpc_server/{epmapper,echo}: allow DCERPC_AUTH_LEVEL_CONNECT by default
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11616

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
2016-04-12 19:25:28 +02:00
Stefan Metzmacher
41bccb5ae5 CVE-2016-2118: s3:rpc_server/{samr,lsa,netlogon}: reject DCERPC_AUTH_LEVEL_CONNECT by default
This prevents man in the middle downgrade attacks.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11616

Pair-Programmed-With: Günther Deschner <gd@samba.org>

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Günther Deschner <gd@samba.org>
2016-04-12 19:25:28 +02:00
Stefan Metzmacher
7fab11e2eb CVE-2016-2118: s3:rpc_server: make use of "allow dcerpc auth level connect"
With this option turned off we only allow DCERPC_AUTH_LEVEL_{NONE,INTEGRITY,PRIVACY},
this means the reject any request with AUTH_LEVEL_CONNECT with ACCESS_DENIED.

We sadly need to keep this enabled by default for now.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11616

Pair-Programmed-With: Günther Deschner <gd@samba.org>

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Günther Deschner <gd@samba.org>
2016-04-12 19:25:27 +02:00
Stefan Metzmacher
93e3f25d42 CVE-2016-2111: s3:rpc_server/netlogon: check NTLMv2_RESPONSE values for SEC_CHAN_WKSTA
This prevents spoofing like Microsoft's CVE-2015-0005.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11749

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
2016-04-12 19:25:24 +02:00
Stefan Metzmacher
9ed11972d2 CVE-2016-2111: s3:rpc_server/netlogon: require DCERPC_AUTH_LEVEL_PRIVACY for validation level 6
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11749

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
2016-04-12 19:25:23 +02:00
Günther Deschner
d4a64baf91 CVE-2016-2111: s3:rpc_server/netlogon: always go through netr_creds_server_step_check()
The ensures we apply the "server schannel = yes" restrictions.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11749

Pair-Programmed-With: Stefan Metzmacher <metze@samba.org>

Signed-off-by: Guenther Deschner <gd@samba.org>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
2016-04-12 19:25:23 +02:00
Jeremy Allison
dc5dad4813 s3: Filenames: Add uint32_t flags parameter to synthetic_smb_fname().
Get it from parent/deriving smb_filename if present.
Use 0 (as usually this a Windows-style lookup) if
not.

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>
2016-03-24 22:57:16 +01:00
Douglas Bagnall
7b92b84415 mdssvc/sparql_parser.c: use HAVE___ATTRIBUTE__ instead of __GNUC__
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>
2016-03-24 15:13:15 +01:00
Stefan Metzmacher
0906d61bb2 s3:rpc_server/samr: correctly handle session_extract_session_key() failures
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2016-03-22 15:50:15 +01:00
Ralph Boehme
3563d79a8c s3:mdssvc: older glib2 versions require g_type_init()
Older glib2 versions will crash if g_type_init is not called:

(process:6712): GLib-GObject-CRITICAL **: ... ./gobject/gtype.c:2722:
You forgot to call g_type_init()

Bug: https://bugzilla.samba.org/show_bug.cgi?id=11801

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Fri Mar 18 03:52:55 CET 2016 on sn-devel-144
2016-03-18 03:52:55 +01:00
Aurelien Aptel
85e414aefc s3/rpc_server/srvsvc/srv_srvsvc_nt.c: change snum to signed int
snum is used to store the result of the find_service() call which
returns a signed int, with -1 being an error.

with an uint32_t the error check (< 0) is always false.

Signed-off-by: Aurelien Aptel <aaptel@suse.com>
Reviewed-by: Volker Lendecke <Volker.Lendecke@SerNet.DE>
Reviewed-by: Jeremy Allison <jra@samba.org>
2016-03-04 21:24:14 +01:00
Alberto Maria Fiaschi
5036a0922b access based share enum: handle permission set in configuration files
change function is_enumeration_allowed to check  permissions set by
fields: valid users, invalid users, only user.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=8093

Signed-off-by: Alberto Maria Fiaschi <alberto.fiaschi@estar.toscana.it>
Reviewed-by: Uri Simchoni <uri@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2016-03-02 20:39:24 +01:00
Volker Lendecke
8338fe6ac8 lib: Remove sys_waitpid
We have waitpid in libreplace

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
2016-02-23 22:03:16 +01:00
Ralph Boehme
6018a7756f s3:rpc_server: make it possible to build mdssvc as a shared module
Allow building mdssvc RPC service as shared module:

  --with-shared-modules=rpc_mdssvc_module

The default is to build it static.

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>

Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Sun Feb 21 22:28:41 CET 2016 on sn-devel-144
2016-02-21 22:28:41 +01:00
Ralph Boehme
593abe5f6b s3:rpc_server: allow building RPC services as shared modules
This is the general RPC subsystem change, existing modules must be
tweaked to support being loaded as a module.

The next commit shows how to do this for the Spotlight RPC service.

The general syntax is: --with-shared-modules=rpc_NAME_module

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2016-02-21 19:21:17 +01:00
Michael Adam
476672b647 dlist: remove unneeded type argument from DLIST_ADD_END()
Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2016-02-06 21:48:17 +01:00
Jeremy Allison
52bae7927c s3: smbd: Remove lp_posix_pathnames() checks on paths sent in via old Win9X RPC calls.
No unix client makes these.

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Volker Lendecke <Volker.Lendecke@SerNet.DE>
2015-12-23 18:23:17 +01:00
Jeremy Allison
4ce5de5fd9 s3: smbd: In srv_srvsvc_nt.c, add in UCF_POSIX_PATHNAMES to the ucf_flags if lp_posix_pathnames() requested.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <rb@sernet.de>
2015-12-23 03:31:10 +01:00
Jeremy Allison
5d03e7550b s3: smbd: In srv_srvsvc_nt.c Use ucf_flags variable instead of passing as parameter.
This will allow us to move lp_posix_pathnames() out of unix_convert()
later.

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <rb@sernet.de>
2015-12-23 03:31:10 +01:00
Mathieu Parent
c315fce17e Fix various spelling errors
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>

Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Fri Nov  6 13:43:45 CET 2015 on sn-devel-104
2015-11-06 13:43:45 +01:00
Volker Lendecke
bcc1521662 fssd: Remove reference to procid_self()
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
2015-10-19 12:09:10 +02:00
Volker Lendecke
258ce91f31 lib: Move sys_rw* to lib/util
genrand.c will require it soon

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2015-10-13 01:23:07 +02:00
Ralph Boehme
cd0c2a5eca s3:smbstatus: add stream name to share_entry_forall()
Add stream name argument to share_entry_forall machinery so smbstatus
can print the stream name of a file.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=11550

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2015-10-12 22:13:19 +02:00
Christof Schmitt
96c48b3c06 s3: Move call to prctl_set_comment to reinit_after_fork
This save a few lines of code.

Signed-off-by: Christof Schmitt <cs@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2015-09-24 08:00:16 +02:00
Garming Sam
88b27ebcc9 spoolss: handle SetPrinter for info level 4
BUG: https://bugzilla.samba.org/show_bug.cgi?id=10770

Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Jeremy Allison <jra@samba.org>

Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Tue Sep  1 03:33:13 CEST 2015 on sn-devel-104
2015-09-01 03:33:13 +02:00
Uri Simchoni
42468bcb40 fssd: include config.h before any glibc headers
config.h may have some flags which affect glibc behavior, e.g.
_FILE_OFFSET_BITS=64. To make sure these flags have the desired
effect, config.h must be included before any glibc header files.

This commit does not fix a specific known bug. It changes the code to
comply with coding conventions.

Signed-off-by: Uri Simchoni <urisimchoni@gmail.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: "Stefan Metzmacher" <metze@samba.org>
2015-07-17 01:38:16 +02:00
Volker Lendecke
fdea2febee rpc_server: Fix CID 1311342 Null pointer dereferences (REVERSE_INULL)
elem was dereferenced already a few lines above

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>

Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Fri Jul 10 01:01:36 CEST 2015 on sn-devel-104
2015-07-10 01:01:36 +02:00
Volker Lendecke
fc372110c2 rpc_server: Fix CID 1311341 Integer handling issues (OVERFLOW_BEFORE_WIDEN)
Quoting the full message:

Potentially overflowing expression "total_octets * 8U" with type "unsigned int"
(32 bits, unsigned) is evaluated using 32-bit arithmetic, and then used in a
context that expects an expression of type "uint64_t" (64 bits, unsigned).

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
2015-07-09 21:59:20 +02:00
Volker Lendecke
3387969a1f rpc_server: Fix CID 1311340 Null pointer dereferences (NULL_RETURNS)
In practice this might not be relevant, but better be safe.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
2015-07-09 21:59:20 +02:00
Volker Lendecke
a7c215548a rpc_server: Fix CID 1311339 Error handling issues (CHECKED_RETURN)
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
2015-07-09 21:59:20 +02:00
Volker Lendecke
ea55b1350b dalloc: Fix CID 1097369 API usage errors (VARARGS)
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
2015-07-09 21:59:20 +02:00
Volker Lendecke
784b6a79b8 dalloc: Fix a typo
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
2015-07-09 21:59:20 +02:00
Ralph Boehme
480cc511ff s3-mdssvc: add mdssd RPC service daemon for mdssvc
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2015-07-07 17:34:28 +02:00
Ralph Boehme
4b0ee5d209 s3-mdssvc: lexer and parser for Spotlight queries
Add a lexer and parser for translating Spotlight query strings to
SPARQL.

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2015-07-07 17:34:28 +02:00
Ralph Boehme
c2c5621380 s3-mdssvc: main Spotlight code
Implement all Spotlight RPC commands with the Tracker SPARQL async query
API.

Tracker uses glib for implemeting async tasks, we thus have to use a
glib mainloop for processing sheduled tasks in threads.

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2015-07-07 17:34:28 +02:00
Ralph Boehme
0de03ce4a4 s3-mdssvc: Spotlight attribute mappings
Add mappings for metadata attribute between Spotlight and NEPOMUK for
use with Tracker.

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2015-07-07 17:34:28 +02:00
Ralph Boehme
5d4eceae15 s3-mdssvc: (un)marshalling Spotlight RPC blob
Add code for marshalling and unmarshalling Spotlight RPC blobs
from/into a dalloc object store.

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2015-07-07 17:34:28 +02:00
Ralph Boehme
222e863d4e s3-mdssvc: dalloc: dynamic object store based on talloc
dalloc is a hack with a bizarre API, but it does its job: it's a
simple object store that allows for storing simple and complex data
types.

We'll use it for storing Spotlight query data.

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2015-07-07 17:34:28 +02:00
Ralph Boehme
63dd793cde s3-mdssvc: add Spotlight RPC stubs
'mdssvc' aka 'Metadata Search Service' is an RPC service used by Apple
for passing marshalled Spotlight search queries and results between
client to server.

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2015-07-07 17:34:28 +02:00
Stefan Metzmacher
a6a6795826 s3:rpc_server: remove pad handling from api_pipe_alter_context()
This is not needed and windows doesn't use it.
The padding is for the payload in request and response.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11061

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2015-06-23 14:38:53 +02:00
Stefan Metzmacher
b2e042ad96 s3:librpc/rpc: fix padding calculation in dcerpc_guess_sizes()
The padding needs to be relative to the payload start not to the pdu start.
We also need align the padding to DCERPC_AUTH_PAD_ALIGNMENT (16 bytes).

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11061

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2015-06-23 14:38:53 +02:00
Günther Deschner
4234cbb694 s3-rpc_server: Fix inteface typo.
Guenther

Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
Reviewed-by: Ira Cooper <ira@samba.org>

Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Thu Jun  4 03:51:29 CEST 2015 on sn-devel-104
2015-06-04 03:51:29 +02:00
Richard Sharpe
0dde2106bb Covert all uint32/16/8 to _t in source3/rpc_server.
This can be committed regardless of the state of the PIDL changes.

Signed-off-by: Richard Sharpe <rsharpe@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2015-05-15 19:31:24 +02:00
Richard Sharpe
a685404dce Convert all uses of uint32/16/8 to _t in source3/rpc_server.
Signed-off-by: Richard Sharpe <rsharpe@gmail.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
2015-05-12 01:32:12 +02:00
Volker Lendecke
e241b739fb Fix a few printf format errors
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2015-05-07 20:20:19 +02:00
Günther Deschner
316ace66d0 s3-rpc_server: fix rpc_create_tcpip_sockets() processing of interfaces.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11245

We were supplying an empty value for the "host" binding string option, causing
dcerpc_binding_vector_add_port() call to fail.

Guenther

Signed-off-by: Günther Deschner <gd@samba.org>
Pair-Programmed-With: Alexander Bokovoy <ab@samba.org>
Signed-off-by: Günther Deschner <gd@samba.org>

Autobuild-User(master): Günther Deschner <gd@samba.org>
Autobuild-Date(master): Thu Apr 30 15:14:27 CEST 2015 on sn-devel-104
2015-04-30 15:14:27 +02:00
Ralph Boehme
9e7cf87a30 s3:smbd: use smbd_reinit_after_fork
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2015-04-22 23:00:20 +02:00
Michael Adam
e197ddcfa6 s3:lsasd: use lp_load() wrapper lp_load_global()
Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Ira Cooper <ira@samba.org>
2015-04-22 13:57:29 +02:00
Anoop C S
76ba7f93b4 rpc_server/srvsvc: Fix CID 241162 Logically dead code
Signed-off-by: Anoop C S <achiraya@redhat.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Christof Schmitt <cs@samba.org>
2015-04-17 22:56:11 +02:00
David Disseldorp
a65e22c6bd spoolss: cache_key handle allocation failures early
On cache_key allocation failure, set_printer_hnd_name() currently
stumbles through the rest of the function, and includes extra logic to
handle a NULL key later on.
Handling the allocation failure early makes sense, and also allows for
the NULL key checks to be removed.

Signed-off-by: David Disseldorp <ddiss@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>

Autobuild-User(master): Günther Deschner <gd@samba.org>
Autobuild-Date(master): Wed Apr 15 18:55:50 CEST 2015 on sn-devel-104
2015-04-15 18:55:50 +02:00
David Disseldorp
a97507a9a7 spoolss: purge the printer name cache on name change
Currently the name cache is only cleared on printer deletion. This means
that if a printer undergoes a name change, the old name remains in the
cache and can be subsequently used incorrecly if another printer takes
the same name as the old.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=11210

Reported-by: Franz Pförtsch <franz.pfoertsch@brose.com>
Signed-off-by: David Disseldorp <ddiss@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Tue Apr 14 05:37:50 CEST 2015 on sn-devel-104
2015-04-14 05:37:50 +02:00
Volker Lendecke
e66e06b602 fss: Fix CID 1293354 Wrong operator used
Not used right now, but prevent future confusion.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: David Disseldorp <ddiss@samba.org>

Autobuild-User(master): David Disseldorp <ddiss@samba.org>
Autobuild-Date(master): Wed Apr  8 19:36:36 CEST 2015 on sn-devel-104
2015-04-08 19:36:36 +02:00
Noel Power
7a38f148ac fsrvp: prune shadow copies if associated path doesn't exist
This patch implements some simple FSRVP server housekeeping. On startup
the server scans the cached entries, any entries where the underlying
system paths associated with shadow copies no longer exist are removed
from the cache and from the registry.

This behaviour is disabled by default, but can be enabled via the new
"fss: prune stale" smb.conf parameter.

Signed-off-by: Noel Power <noel.power@suse.com>
Signed-off-by: David Disseldorp <ddiss@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2015-03-31 18:40:25 +02:00
David Disseldorp
b6e034069f fsrvp: add remote snapshot RPC server
The Samba fss_agent RPC server is an implementation of the File Server
Remote VSS (Volume Shadow Copy Service) Protocol, or FSRVP for short.

FSRVP is new with Windows Server 2012, and allows authenticated clients
to remotely request the creation, exposure and deletion of share
snapshots.

The fss_agent RPC server processes requests on the FssAgentRpc named
pipe, and dispatches relevant snapshot creation and deletion requests
through to the VFS.
The registry smb.conf back-end is used to expose snapshot shares, with
configuration parameters and share ACLs cloned from the base share.

There are three FSRVP client implementations that I'm aware of:
- Samba rpcclient includes fss_X commands.
- Windows Server 2012 includes diskshadow.exe.
- System Center 2012.

FSRVP operations are only processed for users with:
- Built-in Administrators group membership, or
- Built-in Backup Operators group membership, or
- Backup Operator privileges, or
- Security token matches the initial process UID

MS-FSRVP specifies that server state should be stored persistently
during operation and retrieved on startup. Use the existing fss_srv.tdb
FSRVP state storage back-end to satisfy this requirement.

Signed-off-by: David Disseldorp <ddiss@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2015-03-31 18:40:25 +02:00
David Disseldorp
9c8ae4454c fsrvp: add server state storage back-end
MS-FSRVP specifies:
  the server MUST persist all state information into an implementation-
  specific configuration store.

This change adds a fss_srv TDB database to preserve FSRVP server state,
with the following keys used to track shadow copy state and hierarchy:
- sc_set/<shadow copy set GUID>
  A shadow copy set tracks a collection of zero or more shadow copies,
  as initiated by a StartShadowCopySet FSRVP client request.
- sc_set/<shadow copy set GUID>/sc/<shadow copy GUID>
  A shadow copy defines information about a snapshot base volume, the
  snapshot path, and a collection of share maps. It is initiated by an
  AddToShadowCopySet client request.
- sc_set/<shadow copy set GUID>/sc/<shadow copy GUID>/smap/<smap GUID>
  A share map tracks new shares that are created to expose shadow
  copies.

All structures are marshalled into on-disk format using the previously
added fsrvp_state IDL library.

Signed-off-by: David Disseldorp <ddiss@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2015-03-31 18:40:24 +02:00
Stefan Metzmacher
df13bf7b05 s3:rpc_server/lsa: we need to normalize the trustAuth* blobs before storing them
The number of current and previous elements need to match and we have to
fill TRUST_AUTH_TYPE_NONE if needed.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
2015-03-30 13:41:25 +02:00
Stefan Metzmacher
038659dcbb s3:rpc_server/netlogon: improve the netr_LogonControl*() error returns
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
2015-03-27 01:26:15 +01:00
Stefan Metzmacher
ea2ff2c7ff s3:rpc_server/wscript_build: remove allow_warnings=True from RPC_SPOOLSS
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2015-03-20 20:43:11 +01:00
Stefan Metzmacher
821f2c77b8 s3:rpc_server/spoolss: make use of SPOOLSS_JOB_CONTROL_NOOP
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2015-03-20 20:43:11 +01:00
Stefan Metzmacher
f0a6935b1e s3:rpc_server/lsa: only return collision_info if filled in lsaRSetForestTrustInformation()
If there're no collisions we should not fill the collision_info pointer.

Otherwise Windows fails to create a forest trust.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>

Autobuild-User(master): Günther Deschner <gd@samba.org>
Autobuild-Date(master): Thu Mar 12 19:49:33 CET 2015 on sn-devel-104
2015-03-12 19:49:33 +01:00
Stefan Metzmacher
080db5f60a lsa.idl: improve idl for lsa_ForestTrust*Record*
The meaning of lsa_ForestTrustRecordFlags is based lsa_ForestTrustRecordType,
but the type is not always available so it's not possible to use an union.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
2015-03-12 17:13:44 +01:00
Günther Deschner
a0700dd275 netlogon.idl: netr_ServerPasswordGet returns NTSTATUS not WERROR.
Guenther

Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
2015-03-12 17:13:43 +01:00
Volker Lendecke
15a702accf rpc_server: Fix CID 1273433 Unused value
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Wed Mar  4 23:29:01 CET 2015 on sn-devel-104
2015-03-04 23:29:01 +01:00
Volker Lendecke
40a317f092 rpc_server: Fix CID 1035535 Uninitialized scalar variable
I believe this can't happen, but better be safe than sorry

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: David Disseldorp <ddiss@samba.org>

Autobuild-User(master): David Disseldorp <ddiss@samba.org>
Autobuild-Date(master): Wed Mar  4 17:14:53 CET 2015 on sn-devel-104
2015-03-04 17:14:53 +01:00
Volker Lendecke
8f7bdc8194 rpc_server: Fix CID 1035534 Uninitialized scalar variable
I believe this can't happen, but better be safe than sorry

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: David Disseldorp <ddiss@samba.org>
2015-03-04 14:46:08 +01:00
Andreas Schneider
bb41484509 s3-netlogon: Make sure we do not deference a NULL pointer.
This is an additional patch for CVE-2015-0240.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11077#c32

Pair-Programmed-With: Michael Adam <obnox@samba.org>
Pair-Programmed-With: Andreas Schneider <asn@samba.org>
Signed-off-by: Michael Adam <obnox@samba.org>
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
2015-02-23 17:33:07 +01:00
Jeremy Allison
28f10a89e6 CVE-2015-0240: s3: netlogon: Ensure we don't call talloc_free on an uninitialized pointer.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=11077

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2015-02-23 17:33:07 +01:00
Andreas Schneider
a4157e7c5d spoolss: retrieve published printer GUID if not in registry
When a printer is published, the GUID for the published DN is retrieved
from the domain controller and stored in the registry.
When handling a spoolss GetPrinter(level=7) request, the same GUID is
obtained from the registry and returned to the client.

This change sees the spoolss server query the DC for the published
printer GUID if it is not present in the registry when handling a
spoolss GetPrinter(level=7) request.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11018

Pair-Programmed-With: David Disseldorp <ddiss@samba.org>
Signed-off-by: Andreas Schneider <asn@samba.org>
Signed-off-by: David Disseldorp <ddiss@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>

Autobuild-User(master): Günther Deschner <gd@samba.org>
Autobuild-Date(master): Wed Feb 18 12:43:44 CET 2015 on sn-devel-104
2015-02-18 12:43:44 +01:00
Andrew Bartlett
c8c2c850d4 Update mailing list references to point at lists.samba.org
The mailing lists are on lists.samba.org, but there are many references that use the shorthand of samba.org

Some references to samba@ have been changed to samba-technical@ where this make more sense.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>

Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Tue Feb 10 07:08:28 CET 2015 on sn-devel-104
2015-02-10 07:08:28 +01:00
David Disseldorp
a11e97b796 spoolss: clear PrinterInfo on GetPrinter error
If an error is returned without zeroing a pre-allocated @info pointer,
then marshalling of the response will fail.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=10984

Signed-off-by: David Disseldorp <ddiss@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2014-12-19 15:40:43 +01:00
David Disseldorp
c9fccb5018 spoolss: clear info on GetPrinterDriverDirectory error
If an error is returned without zeroing a pre-allocated @info pointer,
then marshalling of the response will fail.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=10984

Signed-off-by: David Disseldorp <ddiss@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2014-12-19 15:40:43 +01:00
David Disseldorp
679c781112 spoolss: clear info on GetPrintProcessorDirectory error
If an error is returned without zeroing a pre-allocated @info pointer,
then marshalling of the response will fail.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=10984

Signed-off-by: David Disseldorp <ddiss@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2014-12-19 15:40:43 +01:00
David Disseldorp
b113ed6043 spoolss: clear FormInfo on GetForm error
In handling a spoolss GetForm request, the handler may return an
immediate error if one of the input parameters is invalid.  If this is
done without zeroing the pre-allocated @info pointer, then marshalling
of the response will fail.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=10984

Signed-off-by: David Disseldorp <ddiss@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2014-12-19 15:40:43 +01:00
David Disseldorp
fb9ecb044e spoolss: clear DriverInfo on GetPrinterDriver2 error
In handling a spoolss GetPrinterDriver2 request, the handler may
return an immediate error if one of the input parameters is invalid.
If this is done without zeroing the pre-allocated @info pointer, then
marshalling of the response will fail.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=10984

Signed-off-by: David Disseldorp <ddiss@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2014-12-19 15:40:42 +01:00
David Disseldorp
89869e090c spoolss: clear JobInfo on GetJob error
In handling a spoolss GetJob request, the _spoolss_GetJob() handler may
return an immediate error if one of the input parameters is invalid. If
this is done without zeroing the pre-allocated @info pointer, then
api_spoolss_GetJob() will attempt to marshall @info, which in the case
of an @offered value of zero results in a marshalling error:

ndr_push_error(7): Bad subcontext (PUSH) content_size 64 is larger
than size_is(0)

Bug: https://bugzilla.samba.org/show_bug.cgi?id=10984

Signed-off-by: David Disseldorp <ddiss@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2014-12-19 15:40:42 +01:00
Volker Lendecke
97b2570a5e lib: Split out sys_[read|write] & friends
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2014-12-07 00:12:07 +01:00
Ralph Boehme
142db4048f s3:vfs: add create tags to SMB_VFS_CREATEFILE
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2014-12-04 22:11:07 +01:00
David Disseldorp
2d755a4e2a srv_srvsvc_nt: remove unneeded get_share_params() call
The snum and share name are already determined via the prior
find_service() call.

Signed-off-by: David Disseldorp <ddiss@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2014-11-26 19:05:37 +01:00
Günther Deschner
a62cc2ce44 samba: pass down size_t instead of int to add_string_to_array().
Guenther

Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>

Autobuild-User(master): Günther Deschner <gd@samba.org>
Autobuild-Date(master): Mon Nov 17 19:53:22 CET 2014 on sn-devel-104
2014-11-17 19:53:22 +01:00
Volker Lendecke
9010bbeb00 s3:locking: allow early return for share_entry_forall()
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2014-10-31 03:47:40 +01:00
Volker Lendecke
0d4f7bfdb9 s3:locking: Rename share_mode_forall->share_entry_forall
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2014-10-31 03:47:40 +01:00
David Disseldorp
d772b98283 spoolss: remove unused fill_job_info3()
This logic has been moved into the previous EnumJobs(level=3) caller.
The info3 structure only contains two fields that are used, so it
doesn't make sense to have a separate helper for it.

Signed-off-by: David Disseldorp <ddiss@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2014-10-30 06:52:04 +01:00
David Disseldorp
5e7ab3d2f4 spoolss: fix jobid in level 3 EnumJobs response
Until now, these responses have incorrectly carried the printing backend
job identifier (sysjob), rather than the one allocated and returned by
Samba on job submission.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=10905

Reported-by: Franz Pförtsch <franz.pfoertsch@brose.com>
Signed-off-by: David Disseldorp <ddiss@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2014-10-30 06:52:04 +01:00
David Disseldorp
45abaf81c6 spoolss: fix jobid in level 2 GetJob and EnumJobs responses
Until now, these responses have incorrectly carried the printing backend
job identifier (sysjob), rather than the one allocated and returned by
Samba on job submission.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=10905

Reported-by: Franz Pförtsch <franz.pfoertsch@brose.com>
Signed-off-by: David Disseldorp <ddiss@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2014-10-30 06:52:04 +01:00
David Disseldorp
4d7f5d2af6 spoolss: fix jobid in level 1 GetJob and EnumJobs responses
Until now, these responses have incorrectly carried the printing backend
job identifier (sysjob), rather than the one allocated and returned by
Samba on job submission.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=10905

Reported-by: Franz Pförtsch <franz.pfoertsch@brose.com>
Signed-off-by: David Disseldorp <ddiss@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2014-10-30 06:52:04 +01:00
David Disseldorp
3a28ae5697 spoolss: fix GetJob jobid lookups
Clients issue GetJob requests using the jobid assigned by the spoolss
server. The corresponding printing backend (sysjob) identifier needs to
be resolved to locate the correct print queue entry.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=10905

Reported-by: Franz Pförtsch <franz.pfoertsch@brose.com>
Signed-off-by: David Disseldorp <ddiss@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2014-10-30 06:52:04 +01:00
David Disseldorp
d4f233a746 spoolss: fix handling of bad EnumJobs levels
Currently Samba is inconsistent when returning WERR_UNKNOWN_LEVEL
errors for spoolss EnumJobs requests - if no print jobs are present,
then WERR_OK will be returned, regardless of whether the EnumJobs level
is supported or not.
This change fixes this behaviour, by catching invalid or unsupported
levels prior to the no-jobs response fast-path.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=10898

Signed-off-by: David Disseldorp <ddiss@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Tue Oct 28 03:05:35 CET 2014 on sn-devel-104
2014-10-28 03:05:35 +01:00
Jeremy Allison
93e81d423d s3: lib: Signal handling - ensure smbrun and change password code save and restore existing SIGCHLD handlers.
Bug #10831 - SIGCLD Signal handler not correctly reinstalled on old library code use - smbrun etc.

https://bugzilla.samba.org/show_bug.cgi?id=10831

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Martin Schwenke <martin@meltin.net>
2014-09-30 20:40:16 +02:00
Christof Schmitt
16594e7fc0 s3: Move init_lsa_ref_domain_list to lib
This will be used in the next patch in winbind.

Signed-off-by: Christof Schmitt <cs@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
2014-09-29 10:52:47 +02:00
Andrew Bartlett
d0a0af3550 librpc: gensec is our security provider abstraction, remove a void *
Andrew Bartlett

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2014-09-27 01:35:36 +02:00
Volker Lendecke
446de4f680 vfs3: Pass "lease" through SMB_VFS_CREATE_FILE
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2014-08-11 21:11:16 +02:00
David Disseldorp
1ad71f79eb printing: reload printer shares on OpenPrinter
The printer share inventory should be reloaded on open _and_
enumeration, as there are some clients, such as cupsaddsmb, that do not
perform an enumeration prior to access.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=10652

Signed-off-by: David Disseldorp <ddiss@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>

Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Fri Aug  8 16:33:50 CEST 2014 on sn-devel-104
2014-08-08 16:33:50 +02:00
David Disseldorp
2685df1177 server: remove duplicate snum_is_shared_printer()
Only keep a single definition in server_reload.c

Bug: https://bugzilla.samba.org/show_bug.cgi?id=10652

Signed-off-by: David Disseldorp <ddiss@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2014-08-08 14:10:39 +02:00
David Disseldorp
4f4501ac1f printing: only reload printer shares on client enum
Currently, automatic printer share updates are handled in the following
way:
- Background printer process (BPP) forked on startup
- Parent smbd and per-client children await MSG_PRINTER_PCAP messages
- BPP periodically polls the printing backend for printcap data
	- printcap data written to printer_list.tdb
	- MSG_PRINTER_PCAP sent to all smbd processes following update
- smbd processes all read the latest printer_list.tdb data, and update
  their share listings

This procedure is not scalable, as all smbd processes hit
printer_list.tdb in parallel, resulting in a large spike in CPU usage.

This change sees smbd processes only update their printer share lists
only when a client asks for this information, e.g. via NetShareEnum or
EnumPrinters.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=10652

Suggested-by: Volker Lendecke <vl@samba.org>
Signed-off-by: David Disseldorp <ddiss@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2014-08-08 14:10:38 +02:00
Volker Lendecke
f5efddb9ae lib: directory_create_or_exist() does not use "uid" parameter
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2014-07-28 22:04:13 +02:00
Andrew Bartlett
23848f3547 s3-rpc_server: Use C99 types in rpc_pipes.h
Change-Id: Ic282f02f421870ff8a8623005979f8a034902d88
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>

Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Wed Jun  4 05:48:29 CEST 2014 on sn-devel-104
2014-06-04 05:48:29 +02:00
Andrew Bartlett
902f14c084 s3-rpc_server: Give log messages on failure
Change-Id: I240d58fdf71bbab42d1ffb63bb52b9650fd4bd85
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2014-06-04 03:22:26 +02:00
David Disseldorp
b82d436586 s3/rpc_server/lsa: replace dup_sec_desc() usage
Use security_descriptor_copy() instead, which is also provided by
libcli.

Signed-off-by: David Disseldorp <ddiss@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
2014-05-28 17:52:13 +02:00
David Disseldorp
4be7800801 s3/rpc_server/spoolss: replace dup_sec_desc() usage
Use security_descriptor_copy() instead, which is also provided by
libcli.

Signed-off-by: David Disseldorp <ddiss@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
2014-05-28 17:52:13 +02:00
David Disseldorp
21b03f4e62 s3/rpc_server/spoolss: remove SETUP_SPOOLSS_NOTIFY_DATA_SECDESC
The macro is only used once, and is broken in two ways:
- it relies on an externally defined mem_ctx
- _data->data.sd.sd_size is set zero twice for a NULL sd

Signed-off-by: David Disseldorp <ddiss@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
2014-05-28 17:52:13 +02:00
Andreas Schneider
d50c0077de s3-rpc_server: Remove ncalrpc_as_system from make_server_pipes_struct().
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>

Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Thu Apr 24 13:39:10 CEST 2014 on sn-devel-104
2014-04-24 13:39:10 +02:00
Andreas Schneider
76a89a38fe s3-rpc_server: Remove ncalrpc_as_system from pipes_struct.
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2014-04-24 11:21:05 +02:00
Andreas Schneider
6ede575fc4 s3-rpc_server: Use gensec for NCALRPC_AS_SYSTEM.
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2014-04-24 11:21:05 +02:00
Andreas Schneider
000168b002 s3-rpc_server: Add special tsocket address for ncalrpc_as_system.
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2014-04-24 11:21:05 +02:00
Stefan Metzmacher
1f4c20f2c3 s3:rpc_server: pass everything but AUTH_TYPE_{NONE,NCALRPC_AS_SYSTEM} to gensec
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2014-04-24 11:21:05 +02:00
Andreas Schneider
06922f92e4 s3-rpc_server: Call pipe_auth_verify_final() if needed.
Signed-off-by: Andreas Schneider <asn@samba.org>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
2014-04-24 11:21:05 +02:00
Andreas Schneider
bfdd22b316 s3-rpc_server: Return the status code from gensec.
We need to know the difference between NT_STATUS_OK
and NT_STATUS_MORE_PROCESSING_REQUIRED.

Signed-off-by: Andreas Schneider <asn@samba.org>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
2014-04-24 11:21:05 +02:00
Stefan Metzmacher
2c5ed102b7 s3:rpc_server: let auth_generic_server_step() handle gensec_security == NULL
This simplifies the caller, we don't need to look at the auth_type anymore.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2014-04-24 11:21:05 +02:00
Stefan Metzmacher
5d3bb5671e s3:rpc_server: make sure we have a unix token
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2014-04-24 11:21:05 +02:00
Stefan Metzmacher
054ef133af s3:rpc_server: handle everything but AUTH_TYPE_NONE as gensec in verify_final
The NCALRPC_AS_SYSTEM doesn't use pipe_auth_verify_final() yet,
so it's fine for now.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2014-04-24 11:21:05 +02:00
Jeremy Allison
6549716cc1 s3: srvsvc pipe - We should return WERR_BADFILE in _srvsvc_NetShareAdd if the path does not exist.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Richard Sharpe <realrichardsharpe@gmail.com>
Reviewed-by: David Disseldorp <ddiss@suse.de>

Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Tue Apr 22 22:19:18 CEST 2014 on sn-devel-104
2014-04-22 22:19:18 +02:00
Andreas Schneider
6118c2ec2c s3: Use root_mode() to get uid_wrapper working correctly.
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2014-04-17 14:56:06 +02:00
Shekhar Amlekar
fc4845f481 s3: rpc_server/srvsvc: count open files in NetConnEnum
Signed-off-by: Shekhar Amlekar <samlekar@in.ibm.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Christof Schmitt <cs@samba.org>

Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Thu Apr  3 21:19:43 CEST 2014 on sn-devel-104
2014-04-03 21:19:43 +02:00
Shekhar Amlekar
fe6ec8c111 s3: rpc_server/srvsvc: count share connections in NetConnEnum
Signed-off-by: Shekhar Amlekar <samlekar@in.ibm.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Christof Schmitt <cs@samba.org>
2014-04-03 19:01:12 +02:00
Shekhar Amlekar
e68547204f s3: rpc_server/srvsvc: added routines to compute opens on share connections.
Added routines count_share_opens() and share_file_fn() to count
opens on share connections.

Signed-off-by: Shekhar Amlekar <samlekar@in.ibm.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Christof Schmitt <cs@samba.org>
2014-04-03 19:01:12 +02:00
Shekhar Amlekar
992c86d715 s3: rpc_server/srvsvc: Added routines to count share connections.
Added routines count_share_conns() and share_conn_fn() to count
connections to a share.

Signed-off-by: Shekhar Amlekar <samlekar@in.ibm.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Christof Schmitt <cs@samba.org>
2014-04-03 19:01:12 +02:00
Andrew Bartlett
44a624d6ce s3-samr: Refuse to set lockout_duration < lockout_window per rpc.samr.passwords.lockout
This was not noticed previously because the test was not run.

Andrew Bartlett

Change-Id: I88701b6c3057ec26f44b3ccab4134ac9aabe552a
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2014-04-02 17:12:45 +02:00
Andrew Bartlett
4d50c75159 s3-auth: Finally change make_user_info_*() use a parent talloc context
Change-Id: Iedf516e8c24e0d18064aeedd8e287ed692d3c5b4
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: David Disseldorp <ddiss@samba.org>
2014-04-02 11:05:46 +02:00
Stefan Metzmacher
f42046692a s3:rpc_server: explicitly use allow_warnings=True for RPC_SPOOLSS
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2014-04-02 09:03:46 +02:00
Stefan Metzmacher
2103c373b4 auth/gensec: remove tevent_context argument from gensec_update()
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2014-03-27 00:36:32 +01:00
Andreas Schneider
5277fc4d03 s3-rpc_server: Fix handling of fragmented rpc requests.
We need to call pipe_init_outgoing_data() as the first thing in
process_complete_pdu(). Otherwise the caller may use uninitialized
memory and tries to write a response into the socket.

The problem happens only if a real socket is used, which means
in all cases for master and only with external rpc daemons in v4-0
and v4-1.

The problem looks like this in the logs.

    [2014/03/20 14:49:35.531663, 10, pid=7309, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1627(process_complete_pdu)
      Processing packet type 0
    [2014/03/20 14:49:35.531695, 10, pid=7309, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1472(dcesrv_auth_request)
      Checking request auth.
    [2014/03/20 14:49:35.531738, 10, pid=7309, effective(0, 0), real(0, 0)] ../source3/rpc_server/rpc_server.c:521(named_pipe_packet_process)
      Sending 1 fragments in a total of 0 bytes
    [2014/03/20 14:49:35.531769, 10, pid=7309, effective(0, 0), real(0, 0)] ../source3/rpc_server/rpc_server.c:526(named_pipe_packet_process)
      Sending PDU number: 0, PDU Length: 4294967228
    [2014/03/20 14:49:35.531801,  2, pid=7309, effective(0, 0), real(0, 0)] ../source3/rpc_server/rpc_server.c:565(named_pipe_packet_done)
      Writev failed!
    [2014/03/20 14:49:35.531845,  2, pid=7309, effective(0, 0), real(0, 0)] ../source3/rpc_server/rpc_server.c:595(named_pipe_packet_done)
      Fatal error(Message too long). Terminating client(127.0.0.1) connection!

BUG: https://bugzilla.samba.org/show_bug.cgi?id=10481

Pair-Programmed-With: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
Reviewed-by: Guenther Deschner <gd@samba.org

Autobuild-User(master): Günther Deschner <gd@samba.org>
Autobuild-Date(master): Thu Mar 20 18:30:17 CET 2014 on sn-devel-104
2014-03-20 18:30:17 +01:00
Andrew Bartlett
9f53b61f06 CVE-2013-4496:samr: Remove ChangePasswordUser
This old password change mechanism does not provide the plaintext to
validate against password complexity, and it is not used by modern
clients.  It also has quite difficult semantics to handle regarding
password lockout.

The missing features in both implementations (by design) were:

 - the password complexity checks (no plaintext)
 - the minimum password length (no plaintext)

Additionally, the source3 version did not check:

 - the minimum password age
 - pdb_get_pass_can_change() which checks the security
   descriptor for the 'user cannot change password' setting.
 - the password history
 - the output of the 'passwd program' if 'unix passwd sync = yes'.

Finally, the mechanism was almost useless, as it was incorrectly
only made available to administrative users with permission
to reset the password.  It is removed here so that it is not
mistakenly reinstated in the future.

Andrew Bartlett

Bug: https://bugzilla.samba.org/show_bug.cgi?id=10245

Change-Id: If2edd3183c177e5ff37c9511b0d0ad0dd9038c66
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-on: https://gerrit.samba.org/37
2014-03-13 10:26:03 +01:00
Andrew Bartlett
824add8aaf CVE-2013-4496:s3-samr: Block attempts to crack passwords via repeated password changes
Bug: https://bugzilla.samba.org/show_bug.cgi?id=10245

Change-Id: Ic31774275f07e003e7c2682a856ccb2d5a7939de
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-on: https://gerrit.samba.org/162
2014-03-13 10:21:16 +01:00
David Disseldorp
7a53bb9641 rpc_server: change unsupported pipe error
smbd currently prints the following level 0 error when a client attempts
to connect to an unsupported named pipe (e.g. browser):
  ERROR! 'browser' is not a registred pipe

This change reduces the severity of the error (0->2) and fixes a couple
of typos.

Signed-off-by: David Disseldorp <ddiss@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>

Autobuild-User(master): David Disseldorp <ddiss@samba.org>
Autobuild-Date(master): Wed Mar  5 16:31:42 CET 2014 on sn-devel-104
2014-03-05 16:31:42 +01:00
Andreas Schneider
4d792db03f s3-auth: Pass mem_ctx to auth_check_ntlm_password().
Coverity-Id: 1168009
BUG: https://bugzilla.samba.org/show_bug.cgi?id=8598

Signed-off-by: Andreas Schneider <asn@samba.org>

Change-Id: Ie01674561a6a75239a13918d3190c2f21c3efc7a
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2014-02-19 11:29:29 +13:00
Jeremy Allison
cd655715b8 s3: printing: Fix problem with server taking too long to respond to a MSG_PRINTER_DRVUPGRADE message.
Receiving a MSG_PRINTER_DRVUPGRADE causes
smbd to iterate over all printers looking
for ones that uses the driver. This is a very
expensive operation requiring a read of all
registry printer parameters.

On a system with a large number of printers,
this causes the clients to timeout (smbd
can take longer than 60 seconds to respond).

This patch fixes the problem by forwarding
the MSG_PRINTER_DRVUPGRADE to the background
lpq queue updater process and allowing it to
take care of the updating of the changeid
in the registry, allowing the smbd connected
to the client to return to processing requests
immediately.

https://bugzilla.samba.org/show_bug.cgi?id=9942

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>

Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Tue Feb 18 17:48:30 CET 2014 on sn-devel-104
2014-02-18 17:48:30 +01:00
Stefan Metzmacher
37849f5ec7 s3:srv_epmapper: make use of dcerpc_binding_get_abstract_syntax()
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
2014-02-13 11:54:16 +01:00
Stefan Metzmacher
516b9d6dea s3:srv_epmapper: make use of dcerpc_binding_*() functions in build_ep_list()
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
2014-02-13 11:54:16 +01:00
Stefan Metzmacher
022abd49c0 s3:srv_epmapper: use dcerpc_binding_get_abstract_syntax() in _epm_Insert()
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
2014-02-13 11:54:16 +01:00
Stefan Metzmacher
149cf1cf75 s3:srv_epmapper: use dcerpc_binding_get_transport() in _epm_Insert() and _epm_Delete()
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
2014-02-13 11:54:16 +01:00
Stefan Metzmacher
7f5badb36b s3:srv_epmapper: make use of dcerpc_binding_*() functions in endpoints_match()
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
2014-02-13 11:54:16 +01:00
Stefan Metzmacher
03f7c31326 s3:rpc_server: make use of dcerpc_binding_set_abstract_syntax()
This is better than accessing the dcerpc_binding internals.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
2014-02-13 11:54:16 +01:00
Stefan Metzmacher
352d096390 s3:rpc_server: make use of dcerpc_parse_binding() to create a binding.
This makes sure binding is talloc'ed.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
2014-02-13 11:54:14 +01:00
Garming Sam
f38b1dbbe5 param: change fstype to use a constant string
Substitution isn't really necessary for this parameter.

Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
2014-02-12 13:17:14 +13:00
Stefan Metzmacher
ab32b67bbb s3:srv_epmapper: only replace ipv4 addresses in _epm_Lookup() and _epm_Map()
The floor data for EPM_PROTOCOL_IP only handles a 4 byte ipv4 address.
"0.0.0.0" is used for ipv6 and hostnames.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
2014-02-11 16:20:30 +01:00
Stefan Metzmacher
4f344f3b80 s3:srv_epmapper: fix logic in endpoints_match()
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
2014-02-11 16:20:30 +01:00
Stefan Metzmacher
a22cc6b53c s3:rpc_server: initialize struct dcerpc_binding completely
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
2014-02-11 16:20:29 +01:00
Gregor Beck
34e6d79352 s3:rpc_server: check verification trailer
Signed-off-by: Gregor Beck <gbeck@sernet.de>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
2014-02-11 16:02:14 +01:00
Gregor Beck
1eef03aa93 s3:rpc_server: check header of each packet fragment
Signed-off-by: Gregor Beck <gbeck@sernet.de>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
2014-02-11 16:02:14 +01:00
Stefan Metzmacher
6836ffc9fc s3:rpc_server: only become the user if we have a valid context_id
Pair-Programmed-With: Gregor Beck <gbeck@sernet.de>

Signed-off-by: Gregor Beck <gbeck@sernet.de>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
2014-02-11 16:02:14 +01:00
Gregor Beck
b5f3020593 s3:rpc_server: minor refactoring of process_request_pdu()
Signed-off-by: Gregor Beck <gbeck@sernet.de>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
2014-02-11 16:02:14 +01:00
Garming Sam
4e4dbc9aea param: rename lp function and variable from "ms_add_printer_wizard" to "show_add_printer_wizard"
Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2014-02-07 16:19:15 -08:00
Garming Sam
cd17020e66 param: rename lp function and variable from "enumports_cmd" to "enumports_command"
Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2014-02-07 16:19:14 -08:00
Garming Sam
df507a1a13 param: rename lp function and variable from "deleteprinter_cmd" to "deleteprinter_command"
Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2014-02-07 16:19:14 -08:00
Garming Sam
f8e7ea278d param: rename lp function and variable from "addprinter_cmd" to "addprinter_command"
Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2014-02-07 16:19:14 -08:00
Garming Sam
35dd3a7499 param: rename lp function and variable from "addport_cmd" to "addport_command"
Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2014-02-07 16:19:13 -08:00
Garming Sam
63e8b414c2 param: rename lp function and variable from "delete_share_cmd" to "delete_share_command"
Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2014-02-07 16:19:12 -08:00
Garming Sam
619ddaff05 param: rename lp function and variable from "change_share_cmd" to "change_share_command"
Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2014-02-07 16:19:12 -08:00
Garming Sam
317d287be8 param: rename lp function and variable from "add_share_cmd" to "add_share_command"
Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2014-02-07 16:19:12 -08:00
Garming Sam
2ca2ab3550 param: rename lp function and variable from "serverstring" to "server_string"
Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2014-02-07 16:19:11 -08:00
Garming Sam
8b8ebb4798 param: rename lp function and variable from 'passwordserver' to 'password_server'
Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2014-02-07 16:19:10 -08:00
Garming Sam
e23c7adb1a param: rename lp function and variable from 'guestaccount' to 'guest_account'
Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2014-02-07 16:19:10 -08:00
Shekhar Amlekar
4cda0bf24b s3: rpc_server/srvsvc: NetShareSetInfo - let CSC policy be settable.
The current code simply denies changing the csc policy through RPC
calls. Change that to allow changing the csc policy and call the 'change
share command' when a SetInfo RPC call changes the setting.

Signed-off-by: Shekhar Amlekar <samlekar@in.ibm.com>
Reviewed-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Christof Schmitt <cs@samba.org>
2014-02-06 09:43:05 -07:00
Shekhar Amlekar
cc84aa48f0 s3: rpc_server/srvsvc: NetShareSetInfo - Correctly initialize max_connections for info levels != 2 before calling the change share script.
Signed-off-by: Shekhar Amlekar <samlekar@in.ibm.com>
Reviewed-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Christof Schmitt <cs@samba.org>
2014-02-06 09:42:29 -07:00
Michael Adam
4286e147a6 loadparm: rename lp[cfg]_print_ok to lp[cfg]_printable for consistency with docs
Signed-off-by: Michael Adam <obnox@samba.org>

Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
2014-02-03 13:27:15 +13:00
Michael Adam
cdb6af95dd loadparm: rename lp[cfg]_hostsdeny to lp[cfg]_hosts_deny for consistency with docs
Signed-off-by: Michael Adam <obnox@samba.org>

Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
2014-02-03 13:26:51 +13:00
Michael Adam
4670c43b32 loadparm: rename lp[cfg]_hostsallow to lp[cfg]_hosts_allow for consistency with docs
Signed-off-by: Michael Adam <obnox@samba.org>

Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
2014-02-03 13:26:40 +13:00
Michael Adam
d85bab275a loadparm: rename lp[cfg]_pathname to lp[cfg]_path for consistency with docs
Signed-off-by: Michael Adam <obnox@samba.org>

Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
2014-02-03 13:26:13 +13:00
Stefan Metzmacher
dcc2c8362d s3:rpc_server/netlogon: return a zero return_authenticator on error
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2014-01-22 17:12:21 +01:00
Shekhar Amlekar
dad72a3b7a s3: rpc_server/srvsvc: Avoiding the loop around locking tdb traversal.
The current code for determining the number of open files iterates
over the session list and for each session it traverses the locking
tdb to get the open files. This scales badly for a large server
with many sessions and open files. Instead, get the list of
sessions first, and then determine the number of open files on all
sessions in a single traversal of locking tdb.

Signed-off-by: Shekhar Amlekar <samlekar@in.ibm.com>
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>

Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Sat Jan 18 01:11:32 CET 2014 on sn-devel-104
2014-01-18 01:11:32 +01:00
Shekhar Amlekar
de899754ac s3: rpc_server/srvsvc: Adding functions to determine open files on all sessions.
Introduce helper functions for counting the number of open files on an
array of sessions.

Signed-off-by: Shekhar Amlekar <samlekar@in.ibm.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2014-01-17 14:12:58 -08:00
Jeremy Allison
090f010006 s3: rpc_server/srvsvc: Ensure we don't continually realloc inside init_srv_sess_info_1().
Just allocate the return value directly. Makes iteration of open files much easier.

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2014-01-17 14:12:48 -08:00
Stefan Metzmacher
dc561b7e2d dcerpc.idl: make use of union dcerpc_bind_ack_reason and fix all callers.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>

Autobuild-User(master): Günther Deschner <gd@samba.org>
Autobuild-Date(master): Thu Jan 16 18:21:40 CET 2014 on sn-devel-104
2014-01-16 18:21:40 +01:00
Stefan Metzmacher
523d616268 s3:rpc_server: add support for DCERPC_PFC_FLAG_SUPPORT_HEADER_SIGN
If the backend supports it there's no reason to avoid it.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2014-01-07 00:27:11 +01:00
Stefan Metzmacher
ae6720117a s3:rpc_server: use make_session_info_guest() directly
This removes the useless static auth_anonymous_session_info() wrapper.

auth_anonymous_session_info() is also a public function in source4.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2013-12-23 09:18:15 +01:00
David Disseldorp
646d8c26f8 s3/rpc_server: don't unmarshall PDUs twice
DCE/RPC PDUs are currently unmarshalled firstly by the generic librpc
dcerpc_read_ncacn_packet_[send/recv] functions, and subsequently a
second time by the source3 rpc_server, which ignores the unmarshalled
packet and re-parses the receive buffer.

Signed-off-by: David Disseldorp <ddiss@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>

Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Wed Dec 11 22:24:31 CET 2013 on sn-devel-104
2013-12-11 22:24:31 +01:00
Jeremy Allison
0dc6181894 CVE-2013-4408:s3:Ensure LookupNames replies arrays are range checked.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=10185

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Jeremy Allison <jra@samba.org>
2013-12-09 07:05:46 +01:00
Arvid Requate
b2815b4c8c spoolss: accept XPS_PASS datatype used by Windows 8
The new v4 driver model used in Windows 8 declares print jobs
intended to bypass the XPS processing layer by setting datatype to
"XPS_PASS" instead of "RAW".

BUG: https://bugzilla.samba.org/show_bug.cgi?id=10267

Reviewed-by: David Disseldorp <ddiss@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2013-11-21 12:35:20 +01:00
David Disseldorp
956a4552f2 printing: return WERROR from print_access_check
print_access_check() currently returns a bool based on whether access is
granted or denied. Errno is set on failure, but none of the callers use
it.
This change converts print_access_check() to return a WERROR.

Signed-off-by: David Disseldorp <ddiss@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
2013-11-20 08:16:25 +01:00
David Disseldorp
24d025f85d spoolss: return the spoolss job ID in notifications
Print job notifications currently carry the system print job identifier
from the queue structure. Instead, the spoolss job identifier should be
resolved and returned.

Print clients can use notification job-ids in subsequent spoolss SetJob
requests. Returning an incorrect identifier can result in the failure of
such requests, e.g. spoolss_SetJob(SPOOLSS_JOB_CONTROL_DELETE).

BUG: https://bugzilla.samba.org/show_bug.cgi?id=10271

Signed-off-by: David Disseldorp <ddiss@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
2013-11-18 16:03:59 +01:00
Gregor Beck
e2d6431cd4 s3:rpc_server: rpc_create_tcpip_sockets() may leak talloc_stackframe on failure
BUG: https://bugzilla.samba.org/show_bug.cgi?id=10241

Signed-off-by: Gregor Beck <gbeck@sernet.de>
Reviewed-by: Andreas Schneider <asn@samba.org>

Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Mon Nov  4 12:30:27 CET 2013 on sn-devel-104
2013-11-04 12:30:26 +01:00
Volker Lendecke
d35ce088fe rpc_server: Fix a typo
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: David Disseldorp <ddiss@samba.org>
2013-10-30 18:44:38 +01:00
Andreas Schneider
cd8f811247 s3-rpc_server: Remove obsolete make_internal_rpc_pipe().
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2013-10-29 16:29:16 +01:00
Andreas Schneider
f69a490a87 s3-rpc_server: Remove obsolete FAKE_FILE_TYPE_NAMED_PIPE handling.
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2013-10-29 16:28:58 +01:00
Andreas Schneider
b8e07323c9 s3-rpc_server: Use make_internal_rpc_pipe_socketpair().
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2013-10-29 16:27:35 +01:00
Andreas Schneider
4498d07e73 s3-rpc_server: Pass the server event context to np_open().
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2013-10-29 16:27:18 +01:00
Andreas Schneider
7daa4b94fa s3-rpc_server: Add make_internal_rpc_pipe_socketpair().
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2013-10-29 16:17:03 +01:00
Andreas Schneider
9e723f9d69 s3-rpc_server: Add named_pipe_client_init() function.
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2013-10-29 15:51:47 +01:00
Andreas Schneider
921ef8f9eb s3-rpc_server: Make named_pipe_packet_process a shared functiion.
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2013-10-29 15:51:08 +01:00
Andreas Schneider
1c069b1777 s3-rpc_server: Make make_server_pipes_struct a shared function.
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2013-10-29 15:50:50 +01:00
Andreas Schneider
01524063cc s3-waf: Create a target for RPC_SOCK_HELPER.
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2013-10-29 15:46:06 +01:00
Andreas Schneider
710ddf82ed s3-waf: Seperate rpc_server and rpc_service.
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2013-10-29 15:45:39 +01:00
Andreas Schneider
df4c2df53b s3-waf: Reorder rpc_server wscript_build file.
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2013-10-29 15:44:45 +01:00
Andreas Schneider
0733836b0e s3-rpc_server: Use new rpc named pipe functions.
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2013-10-29 15:36:56 +01:00
Andreas Schneider
1e66a8e674 s3-rpc_server: Add make_internal_rpc_pipe().
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2013-10-29 15:35:49 +01:00
Andreas Schneider
155a794e74 s3-rpc_server: Add make_external_rpc_pipe() function.
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2013-10-29 15:34:48 +01:00
Andreas Schneider
b86b4d0db1 s3-rpc_server: Add npa_state_init() function.
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2013-10-29 15:33:26 +01:00
Volker Lendecke
30e5a5c5bf rpc_server: Fix a memleak on error exit
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>

Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Mon Oct 28 10:20:35 CET 2013 on sn-devel-104
2013-10-28 10:20:35 +01:00
Volker Lendecke
21803653bb rpc_server: Remove rpc_ep_register_state->mem_ctx
We can use the state directly as a parent

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2013-10-28 08:26:42 +01:00
Volker Lendecke
871e60297f rpc_server: Fix some uses of tevent_req_nomem
tevent_req_nomem is to be used in a sequence of async actions where we
have one main request. This is a completely independent loop without one
central tevent_req. tevent_req_nomem is used as a simple way to signal
an out of memory condition to the main request representing the async
sequence. If we don't have such a tevent_req, we need to directly check
for NULL.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2013-10-28 08:26:42 +01:00
Volker Lendecke
00132ab65c rpc_server: fix a typo
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2013-10-28 08:26:42 +01:00
Andreas Schneider
5ea154bf25 s3-rpc_server: Refactor lsasd_create_sockets().
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>

Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Mon Oct 21 12:49:44 CEST 2013 on sn-devel-104
2013-10-21 12:49:44 +02:00
Volker Lendecke
b58df3d2bc lsasd: Fix CID 1107233 Double close
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2013-10-21 08:55:31 +00:00
Gregor Beck
bd678cdd3b s3-spoolss: do not use rpc_pipe_np_smb_conn()
Signed-off-by: Gregor Beck <gbeck@sernet.de>
Reviewed-by: Stefan Metzmacher <metze@samba.org>

Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2013-10-17 08:48:49 +13:00
Stefan Metzmacher
872486bbd0 s3:rpc_client: pass object and table to rpccli_bh_create()
Signed-off-by: Stefan Metzmacher <metze@samba.org>

Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2013-10-17 08:48:45 +13:00
Michael Adam
7e966397ec build: get rid of source variables and vars=locals() in source3/rpc_server/wscript_build
Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
2013-09-24 23:00:44 +02:00
Günther Deschner
b73e2d927b s3-rpc: use dcerpc_default_transport_endpoint function.
Guenther

Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2013-09-20 13:07:30 +02:00
Günther Deschner
3135533710 s3-rpc: use ndr_interface_name() instead of get_pipe_name_from_syntax() in DEBUG.
Guenther

Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2013-09-20 13:07:16 +02:00
Günther Deschner
6965f918c0 s3-rpc_srv: remove unused schannel calls from srv_pipe.c
Guenther

Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>

Autobuild-User(master): Günther Deschner <gd@samba.org>
Autobuild-Date(master): Thu Sep 19 12:59:04 CEST 2013 on sn-devel-104
2013-09-19 12:59:04 +02:00
Günther Deschner
a32a83ba9d s3-rpc_srv: use gensec for schannel bind.
Guenther

Signed-off-by: Günther Deschner <gd@samba.org>
Pair-Programmed-With: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2013-09-19 11:09:40 +02:00
Günther Deschner
eaf1b8e2e3 s3-rpc_server: fix typo in DEBUG statement.
Guenther

Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>

Autobuild-User(master): Günther Deschner <gd@samba.org>
Autobuild-Date(master): Tue Sep 17 18:24:26 CEST 2013 on sn-devel-104
2013-09-17 18:24:26 +02:00
Volker Lendecke
6bcfc1a9da smbd: Add brl_num_locks access function 2013-09-11 08:27:11 +02:00
Korobkin
d809cf653b Raise the level of a debug.
Bug #10118 - Samba is chatty about being unable to open a printer

Reviewed-by: Guenther Deschner <gd@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Wed Sep 11 03:10:08 CEST 2013 on sn-devel-104
2013-09-11 03:10:08 +02:00
Shekhar Amlekar
2d14ab32bf s3: rpc_server/srvsvc: use find_sessions() in NetSessDel
instead of using list_sessions(), use find_sessions() that
builds the list of only the sessions of interest.

Reviewed-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2013-09-10 11:32:50 -07:00
Volker Lendecke
5c9e10b4b9 smbd: Slightly simplify enum_file_close_fn
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>

Autobuild-User(master): Michael Adam <obnox@samba.org>
Autobuild-Date(master): Fri Sep  6 15:29:55 CEST 2013 on sn-devel-104
2013-09-06 15:29:55 +02:00
Volker Lendecke
d3c689fc5c lib: Use "mem_ctx" arg in gencache_get
Signed-off-by: Volker Lendecke <vl@samba.org>
Signed-off-by: Jeremy Allison <jra@samba.org>

Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Thu Sep  5 20:09:21 CEST 2013 on sn-devel-104
2013-09-05 20:09:21 +02:00
Volker Lendecke
8a7246ac2c lib: Add a "mem_ctx" arg to gencache_get (unused so far)
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2013-09-05 09:16:23 -07:00
Volker Lendecke
02618cc58a rpc_server: Fix CID 1063255 Resource leak
We would leak a socket 0 here

Signed-off-by: Volker Lendecke <vl@samba.org>

Reviewed-by: Andrew Bartlett <abartlet@samba.org>

Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Mon Aug 19 03:10:51 CEST 2013 on sn-devel-104
2013-08-19 03:10:51 +02:00
Shekhar Amlekar
0260601b19 s3: smbd/connection: added routines to compute share connections
Added routines to compute share connections and used it
in srvsvc NetShareEnum call.

Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Richard Sharpe <realrichardsharpe@gmail.com>

Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Tue Aug 13 07:42:23 CEST 2013 on sn-devel-104
2013-08-13 07:42:23 +02:00
Volker Lendecke
c909c0131a rpc_server3: Fix two const warnings
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2013-08-12 14:00:10 -07:00
Stefan Metzmacher
a964309bf7 s3:rpc_server: make use of netsec_create_state()
Signed-off-by: Stefan Metzmacher <metze@samba.org>

Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2013-08-10 09:18:58 +02:00
Andreas Schneider
8b1a2144fe s3-netlogon: Connecting with the system token should be sufficient.
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>

Autobuild-User(master): Günther Deschner <gd@samba.org>
Autobuild-Date(master): Tue Aug  6 18:22:06 CEST 2013 on sn-devel-104
2013-08-06 18:22:06 +02:00
Andreas Schneider
4520787080 s3-rpc_server: Grant the system token full access.
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
2013-08-06 14:42:14 +02:00
Stefan Metzmacher
7b3ddd1a0b s3:netlogon: make use of netlogon_creds_decrypt_samlogon_logon()
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2013-08-05 10:30:01 +02:00
Günther Deschner
9813fe2b04 s3-rpc_cli: pass down ndr_interface_table to cli_rpc_pipe_open_noauth().
Guenther

Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2013-08-05 10:30:00 +02:00
Günther Deschner
6886cff0a7 s3-rpc_cli: pass down ndr_interface_table to rpc_pipe_open_interface().
Guenther

Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2013-08-05 10:29:59 +02:00
Volker Lendecke
02ff6ab5e7 srvsvc: Use a symbolic constant where we have one
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2013-07-11 10:02:36 -07:00
Volker Lendecke
61f59d84ae winreg3: Fix a const warning
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2013-06-11 10:54:30 -07:00
David Disseldorp
002d1a4467 Fix bug 9900: is_printer_published GUID retrieval
Samba currently always responds to GetPrinter(level = 7) requests with
DSPRINT_UNPUBLISH, regardless of the AD publish status tracked via the
PRINTER_ATTRIBUTE_PUBLISHED flag. This is due to erroneous "objectGUID"
unmarshalling in is_printer_published().

This change splits "objectGUID" retrieval into a separate function, and
adds a pull_reg_sz() call to correctly unmarshall the GUID.

Signed-off-by: David Disseldorp <ddiss@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2013-06-03 14:10:07 +02:00
Günther Deschner
5a5ed68d0a spoolss: add idl for spoolss_RpcSendRecvBidiData.
Guenther

Signed-off-by: Günther Deschner <gd@samba.org>

Reviewed-by: David Disseldorp <ddiss@samba.org>
2013-05-20 18:50:00 +02:00
Andrew Bartlett
10f6926aaa s3-rpc_server: Ensure we are root when starting and usiing gensec
This fixes bug 9465.

Andrew Bartlett

Reviewed-by: Stefan Metzmacher <metze@samba.org>
2013-05-16 19:02:00 +02:00
Shekhar Amlekar
6c5158e3de s3:rpc_server/srvsvc check access before doing work
Before doing the (potentially) costly enumerations,
check if the user has necessary privileges first

Signed-off-by: Shekhar Amlekar <samlekar@in.ibm.com>
Reviewed-by: Christian Ambach <ambi@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>

Autobuild-User(master): Christian Ambach <ambi@samba.org>
Autobuild-Date(master): Tue May 14 16:22:24 CEST 2013 on sn-devel-104
2013-05-14 16:22:24 +02:00
Christian Ambach
63f78c36b4 s3:rpc_server increase a debug level
those messages are not worth level 0 or 1 and potentially
clutter the system logs

Reviewed-by: Volker Lendecke <vl@samba.org>
Signed-off-by: Christian Ambach <ambi@samba.org>
2013-04-19 13:16:38 +02:00
Alexander Bokovoy
a308db6587 s3-netlogon: enumerate UPN suffixes from PASSDB when available
Optionally append list of UPN suffixes if PDB module returns non-empty one.

Refactor fill_forest_trust_array() in source3 to allow reuse of the code between
_netr_DsRGetForestTrustInformation() and _netr_GetForestTrustInformation()

Implement a special case of _netr_DsRGetForestTrustInformation in smbd
when trusted_domain_name is NULL (covered by test_DsrEnumerateDomainTrusts()
in rpc.netlogon torture tests, see comment in source4/torture/rpc/netlogon.c).

Reviewed-by: Andreas Schneider <asn@samba.org>

Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Tue Apr  9 22:19:34 CEST 2013 on sn-devel-104
2013-04-09 22:19:34 +02:00
Andreas Schneider
5e9195756e BUG 9758: Don't leak the epm_Map policy handle.
Reviewed-by: Alexander Bokovoy <ab@samba.org>

Autobuild-User(master): Alexander Bokovoy <ab@samba.org>
Autobuild-Date(master): Tue Apr  2 17:16:56 CEST 2013 on sn-devel-104
2013-04-02 17:16:56 +02:00
Andreas Schneider
257d2ef527 epm: Increase debug level for already registered endpoints.
Reviewed-by: Alexander Bokovoy <ab@samba.org>
2013-04-02 14:38:17 +03:00
Volker Lendecke
05a7a10c88 wkssvc: Fix bug 9727, NULL pointer dereference
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>

Autobuild-User(master): Michael Adam <obnox@samba.org>
Autobuild-Date(master): Mon Mar 18 11:39:27 CET 2013 on sn-devel-104
2013-03-18 11:39:27 +01:00
Andrew Bartlett
88e6342936 s3-lsad: Cast getpid() result to unsigned int for GNU/Solaris build
Reviewed-by: Jeremy Allison <jra@samba.org>
2013-03-15 10:39:05 -07:00
Andrew Bartlett
6a5cae9678 s3-epmd: Cast getpid() result to unsigned int for GNU/Solaris build
Reviewed-by: Jeremy Allison <jra@samba.org>
2013-03-15 10:39:02 -07:00
Andreas Schneider
f06a0352e5 s3-daemons: Set the comment field of the daemons.
PR_SET_NAME sets the comm field of a process. This way we can give
processes a name and they are easier to identify.

$ ps afx -o pid,comm
29447 smbd
29452  \_ epmd
29453  \_ lsasd-master
29455  |   \_ lsasd-child
29457  |   \_ lsasd-child
29459  |   \_ lsasd-child
29461  |   \_ lsasd-child
29463  |   \_ lsasd-child
29454  \_ spoolssd-master
29456      \_ lpqd
29458      \_ spoolssd-child
29460      \_ spoolssd-child
29462      \_ spoolssd-child
29465      \_ spoolssd-child
29466      \_ spoolssd-child
29467      \_ spoolssd-child
29468      \_ spoolssd-child
29469      \_ spoolssd-child
29470      \_ spoolssd-child
29471      \_ spoolssd-child

Reviewed-by: David Disseldorp <ddiss@samba.org>
2013-03-05 23:29:48 +01:00
Andreas Schneider
92b087182c s3-rpc_server: Make sure that fd is really closed on error.
Reviewed-by: Alexander Bokovoy <ab@samba.org>
2013-02-22 16:36:14 +01:00
Andreas Schneider
f573826f18 s3-lsasd: Don't leak file descriptors.
Reviewed-by: Alexander Bokovoy <ab@samba.org>
2013-02-22 16:36:13 +01:00
Andreas Schneider
c013df3ae5 s3-spoolss: Don't leak memory.
Reviewed-by: Alexander Bokovoy <ab@samba.org>
2013-02-22 16:36:13 +01:00
Stefan Metzmacher
98660d54a8 s3:rpc_server: s/event_add_timed/tevent_add_timer
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
2013-02-19 23:48:02 +01:00
Stefan Metzmacher
7f41a62e75 s3:rpc_server: s/struct timed_event/struct tevent_timer
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
2013-02-19 23:47:57 +01:00
Stefan Metzmacher
cf1f993c05 s3:rpc_server: s/struct event_context/struct tevent_context
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
2013-02-19 23:47:52 +01:00
Karolin Seeger
8adbd1cf75 srv_epmapper.c: Fix typo.
priviledge -> privilege

Signed-off-by: Karolin Seeger <kseeger@samba.org>

Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Mon Feb 18 13:57:40 CET 2013 on sn-devel-104
2013-02-18 13:57:39 +01:00
Karolin Seeger
75ca814f1e srv_netlog_nt.c: Fix typo in comment.
redundent -> redundant

Signed-off-by: Karolin Seeger <kseeger@samba.org>
2013-02-18 22:07:39 +11:00
Sumit Bose
62e6ea408a s3-rpc_server: Fix password encoding in _netr_ServerGetTrustInfo().
Reviewed-by: Günther Deschner <gd@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2013-02-07 14:07:50 +01:00
Günther Deschner
823a25f6a4 s3-rpc_server: Dont wipe out ref pointers in _netr_ServerGetTrustInfo().
Guenther

Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2013-02-07 14:07:15 +01:00
Günther Deschner
ce1a9ae8ab s3-spoolss: Make it easier to manipulate the returned OSVersion at runtime.
Guenther

Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2013-01-24 17:42:25 +01:00
Günther Deschner
11fba10208 spoolss: make spoolss deal with ndr64 StartDocPrinter by using proper container object.
Guenther

Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2013-01-24 17:42:25 +01:00
Günther Deschner
58fadf2f48 BUG 9474: Downgrade v4 printer driver requests to v3.
Guenther

Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>

Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Mon Jan 21 16:11:02 CET 2013 on sn-devel-104
2013-01-21 16:11:02 +01:00
Andreas Schneider
c38fb0b106 BUG 9574: Fix a possible null pointer dereference in spoolss.
If the the client enumerates the printers and didn't specify a
servername we have a null pointer dereference, so the process serving
the connection crashes.

Reviewed-by: David Disseldorp <ddiss@samba.org>

Autobuild-User(master): David Disseldorp <ddiss@samba.org>
Autobuild-Date(master): Mon Jan 21 13:30:11 CET 2013 on sn-devel-104
2013-01-21 13:30:11 +01:00
Günther Deschner
79fa78e285 s3-spoolss: use configurable spoolss architecture in compose_spoolss_server_path().
Guenther

Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: David Disseldorp <ddiss@samba.org>

Autobuild-User(master): David Disseldorp <ddiss@samba.org>
Autobuild-Date(master): Thu Jan 17 18:53:47 CET 2013 on sn-devel-104
2013-01-17 18:53:47 +01:00
Günther Deschner
3b94b64481 spoolss: make spoolss deal with ndr64 SetForm by using proper container object.
Guenther

Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: David Disseldorp <ddiss@samba.org>
2013-01-17 17:11:37 +01:00
Günther Deschner
8304fe73f6 spoolss: make spoolss deal with ndr64 AddForm by using proper container object.
Guenther

Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: David Disseldorp <ddiss@samba.org>
2013-01-17 17:11:37 +01:00
Günther Deschner
a4dcf7b94d spoolss: Make OpenPrinterEx work with NDR64 by using UserInfo Container.
Guenther

Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2013-01-16 11:42:13 +01:00
Volker Lendecke
d87ad906df samr: Make use of posix_openpt
Reviewed by: Jeremy Allison <jra@samba.org>
2013-01-14 09:01:37 -08:00