summaryrefslogtreecommitdiff
AgeCommit message (Collapse)AuthorFilesLines
2010-02-18security: make two bitmaps public.Günther Deschner1-2/+2
Guenther
2010-02-18spoolss: make two bitmaps public.Günther Deschner1-2/+2
Guenther
2010-02-18spoolss: make all security descriptors and devicemodes 4 byte aligned and ↵Stefan Metzmacher1-8/+8
add missing subcontexts. Guenther
2010-02-18spoolss: set NDR_RELATIVE_REVERSE flag for various unions that have relative ↵Günther Deschner1-10/+10
pointers. Guenther
2010-02-18ndr_spoolss_buf: use LIBNDR_FLAG_NO_NDR_SIZE in NDR_SPOOLSS_SIZE_*Stefan Metzmacher1-2/+2
metze
2010-02-18spoolss: use subcontext in NDR_SPOOLSS_PUSH_ENUM_OUT macro.Stefan Metzmacher1-1/+4
metze
2010-02-18libndr: fix ndr_size_* calculation with relative reverse buffersStefan Metzmacher1-0/+6
metze
2010-02-18libndr: for now align reverse relative pointers to 2 bytes by default.Stefan Metzmacher1-0/+3
This is just a hack and we should let the callers use FLAG_ALIGN2 explicit in future. metze
2010-02-18libndr: implement LIBNDR_RELATIVE_REVERSE handlingStefan Metzmacher2-3/+87
This is based on Guenther's initial code. metze
2010-02-18libndr: store a subcontext buffer size in ndr_push_subcontext_start.Günther Deschner2-0/+2
Guenther
2010-02-18libndr: give an error when ndr_push_relative_ptr2_start()/_end() is used ↵Stefan Metzmacher1-1/+6
with the RELATIVE_REVERSE flag metze
2010-02-18libndr: add LIBNDR_FLAG_NO_RELATIVE_REVERSE so that relative reverse processingGünther Deschner3-0/+7
can be disabled for single structure elements. Guenther
2010-02-18libndr: add LIBNDR_FLAG_RELATIVE_REVERSE flag.Günther Deschner2-0/+4
Guenther
2010-02-18libndr: change subcontext buffer allocation to allocate on subcontext_start.Günther Deschner1-3/+7
Guenther
2010-02-18librpc/ndr: make ndr_push_relative_ptr2() staticStefan Metzmacher2-2/+1
metze
2010-02-18librpc/ndr_krb5pac: use ndr_push_relative_ptr2_start()/_end()Stefan Metzmacher1-1/+2
metze
2010-02-18librpc/ndr_drsblobs: use ndr_push_relative_ptr2_start()/_end()Stefan Metzmacher1-2/+4
metze
2010-02-18spoolss: fix relative pointers in ndr_push_spoolss_DriverInfo101.Günther Deschner1-10/+20
Guenther
2010-02-18s3: re-run make full_idl.Günther Deschner6-172/+344
Guenther
2010-02-18pidl: use ndr_push_relative_ptr2_start and ndr_push_relative_ptr2_end.Günther Deschner1-1/+5
Guenther
2010-02-18libndr: add ndr_push_relative_ptr2_start and ndr_push_relative_ptr2_end.Günther Deschner2-0/+26
Guenther
2010-02-18s3-docs: Remove trailing whitespaces and fix a typo.Karolin Seeger1-3/+3
Karolin
2010-02-18s3:docs: add some advice for usage of strict allocateBjörn Jacke1-6/+18
2010-02-18s3-spoolss: Fix _spoolss_EnumPrinters servername handling.Günther Deschner1-1/+1
Guenther
2010-02-18s3-selftest: fix return code for modprinter.pl -a.Günther Deschner1-1/+2
Background is: the SetPrinter level 2 calls "addprinter command" an fails if a share already existed (and the addprinter command returned a non-0 return code). Removing the non-0 return code is fine, as in AddPrinter{Ex}, we have checks to see if a share already exists before calling out the addprinter command. Maybe one day, we need to have a "changeprinter command"... Guenther
2010-02-18tsocket/bsd: fix comment in tdgram_bsd_recvfrom_handler()Stefan Metzmacher1-2/+4
metze
2010-02-17Revert "Got back to 16-byte padding on auth RPC. S3 clients and servers now ↵Jeremy Allison1-6/+4
cope with this. Jeremy" This reverts commit 38c50c7027d2a2a9a3df060b74b2a2efce4d9e6f. As tridge requested, we need this to work with older S3 servers, not just for smbtorture4. Jeremy.
2010-02-18s3-selftest: finally enable RPC-SPOOLSS-PRINTER against Samba 3.Günther Deschner1-1/+2
Guenther
2010-02-18s3-selftest: include addprinter/deleteprinter command.Günther Deschner3-0/+136
Guenther
2010-02-18s3-spoolss: fix return code of spoolss_DeletePrinter.Günther Deschner1-1/+1
When the printer has been removed by the "deleteprinter command", we need to check if it is still there and then fail, not fail if we successfully removed it (found by RPC-SPOOLSS-PRINTER). Guenther
2010-02-18s3-spoolss: in spoolss_EnumPrinters r->in.server is a *unique* pointer!Günther Deschner1-3/+5
Guenther
2010-02-18s3-spoolss: more AddPrinter{Ex} checks.Günther Deschner1-0/+18
Windows will allow to add a non-shared printer that is returned by EnumPrinters. Samba has no notion of non-shared local printers yet, so just make sure to behave like we do elsewhere: a printer autoloaded by samba or added to samba is shared. Guenther
2010-02-18s3-spoolss: add some printer info validation for AddPrinter calls.Günther Deschner1-0/+22
Guenther
2010-02-18testprogs: print SDDL string of printer security descriptorsGünther Deschner1-1/+11
2010-02-18s3-modules: fix get_acl_blob in the acl_tdb VFS module.Günther Deschner1-1/+1
Shuttle-reviewed by jra :) Guenther
2010-02-18s4-smbtorture: skip printer info cross tests against samba 3 for now.Günther Deschner1-0/+4
Not even w2k8r2 passes them atm. Guenther
2010-02-18s4-smbtorture: try more combinations to find printers in ↵Günther Deschner1-0/+14
test_EnumPrinters_findname(). Also take a note of servers returning full UNC printer paths although we did not set the servername. Guenther
2010-02-18s4-smbtorture: simplify test_PrinterInfo_DevMode a bit.Günther Deschner1-17/+4
Guenther
2010-02-18s4-smbtorture: avoid potential loop while adding a new printer in ↵Günther Deschner1-0/+7
RPC-SPOOLSS-PRINTER. Guenther
2010-02-18s3-rpcclient: fix uninitialized variable in wkssvc_enumerateusers.Günther Deschner1-2/+2
Guenther
2010-02-17Got back to 16-byte padding on auth RPC. S3 clients and servers now cope ↵Jeremy Allison1-4/+6
with this. Jeremy
2010-02-18s4:param Modify secrets_get_domain_sid to give more useful errorsAndrew Bartlett5-87/+55
This also moves the calls to secrets_get_domain_sid back into winbind_task_init(), so that we can terminate with a much more detailed error message. (The previous message was simply NT_STATUS_CANT_ACCESS_DOMAIN_INFO). Andrew Bartlett
2010-02-17Fix bug #7146 - Samba miss-parses authenticated RPC packets.Jeremy Allison4-138/+363
Parts of the Samba RPC client and server code misinterpret authenticated packets. DCE authenticated packets actually look like this : +--------------------------+ |header | | ... frag_len (packet len)| | ... auth_len | +--------------------------+ | | | Data payload | ... .... | | +--------------------------+ | | | auth_pad_len bytes | +--------------------------+ | | | Auth footer | | auth_pad_len value | +--------------------------+ | | | Auth payload | | (auth_len bytes long) | +--------------------------+ That's right. The pad bytes come *before* the footer specifying how many pad bytes there are. In order to read this you must seek to the end of the packet and subtract the auth_len (in the packet header) and the auth footer length (a known value). The client and server code gets this right (mostly) in 3.0.x -> 3.4.x so long as the pad alignment is on an 8 byte boundary (there are some special cases in the code for this). Tridge discovered there are some (DRS replication) cases where on 64-bit machines where the pad alignment is on a 16-byte boundary. This breaks the existing S3 hand-optimized rpc code. This patch removes all the special cases in client and server code, and allows the pad alignment for generated packets to be specified by changing a constant in include/local.h (this doesn't affect received packets, the new code always handles them correctly whatever pad alignment is used). This patch also works correctly with rpcclient using sign+seal from the 3.4.x and 3.3.x builds (testing with 3.0.x and 3.2.x to follow) so even as a server it should still work with older libsmbclient and winbindd code. Jeremy
2010-02-17Fix bug #6557 - Do not work VFS full_auditJeremy Allison1-51/+34
Re-arrange the operations order so SMB_VFS_CONNECT is done first as root (to allow modules to correctly initialize themselves). Reviewed modules to check if they needed CONNECT invoked as a user (which we previously did) and it turns out any of them that cared needed root permissions anyway. Jeremy.
2010-02-17s3: go straight to winbindd_dual_pam_auth() in case of !NT_STATUS_OKLars Müller1-1/+1
At the formerly used process_result statement we have alone one NT_STATUS_IS_OK() which never could be hit in our case as we only go here if NT_STATUS_EQUAL is not ok.
2010-02-17s3: let the pam_winbind po files reference the correct locationLars Müller20-644/+644
2010-02-17Fix commit d07cd37b993d3c9beded20323174633b806196b5Jeremy Allison1-1/+4
Which was: tsocket/bsd: fix bug #7115 FreeBSD includes the UDP header in FIONREAD Metze, this has to have been wrong - you are throwing away the talloc_realloc pointer returned. Also no error checking. Please review. Thank goodness for gcc warnings :-). Jeremy.
2010-02-17s4/rodc: change the libnet_become_dc code to do RODC joinAnatoliy Atanasov3-6/+59
2010-02-17s4/drs: add DRSUAPI_ATTRIBUTE_options attributeAnatoliy Atanasov3-1/+5
2010-02-17s4/drs:kccdrs_replica_get_info_obj_metadata implementationAnatoliy Atanasov6-132/+208
Fix the names of the drsuapi_DsReplicaInfoType enum and rebuild the .idl The get_info_obj_metadata implementation is ported from implementation i developed and tested at the samba io lab 2009