summaryrefslogtreecommitdiff
path: root/source3/rpc_server
AgeCommit message (Collapse)AuthorFilesLines
2010-09-11s3-privs Overhaul PRIVILEGE_SET handling, avoid dealing with the bitmapAndrew Bartlett1-56/+18
This avoids us dealing with the privilege bitmap in the LSA server, and overhauls much of the rest of the handling to be currnet with the modern world of talloc. Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-09-11s3-privs Hide the bitmap-based grant_privilege and revoke_privilegeAndrew Bartlett1-12/+3
The new wrappers avoid anything but the core privileges code dealing with the bitmap values directly. Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-09-11s3-privs Make privilege_enum_sids() take an LUID, not a bitmapAndrew Bartlett1-3/+4
This moves one more privileges call away from direct bitmap manipuation. Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-09-11libcli/security make sec_privilege_id() return SEC_PRIV_INVALID on failure.Andrew Bartlett1-1/+1
Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-09-11s3-privs Rework access_check_object() to take two privilegesAndrew Bartlett2-65/+56
This allows the privileges bitmap to be used only when setting privileges, and uses an the LUID constant for all 'does this user have this privilege' operations. The advantage is that we now only need one API to determine if a token has a privilege, and much less code needs to know what type is used for the underlying bitmap. Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-09-11libcli/security Remove luid_to_se_priv() and luid_to_privilege_name()Andrew Bartlett1-3/+9
These functions duplicate other functions in the merged code. Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-09-11s3-privs Convert from user_has_privileges() -> security_token_has_privilege()Andrew Bartlett5-38/+22
This new call is available in the merged privileges code, and takes an enum as the parameter, rather than a bitmask. Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-09-11s3-privs Remove a pointer from grant_privilege()Andrew Bartlett1-1/+1
Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-09-11s3-privs Remove pointer indirection from se_priv_to_privilege_set()Andrew Bartlett1-2/+2
Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-09-11s3-privs Remove a pointer indirection from revoke_privilege()Andrew Bartlett1-1/+1
Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-09-11libcli/security Don't export privs[] as a global variableAndrew Bartlett1-5/+2
Instead, provide access functions for the LSA and net sam callers for the information they need. They still only enumerate the first 8 privileges that have traditionally been exposed. Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-09-11s3-lsa Use sec_privilege_id() to lookup name to LUIDAndrew Bartlett1-9/+4
Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-09-11libcli/security Return number of entries in the old source3 listAndrew Bartlett1-1/+1
This ensures there isn't a behaviour change when the source3 list is combined with the longer source4 list. Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-09-11libcli/privileges Simplify get_privilege_luid() to return just the enumAndrew Bartlett1-4/+2
As Samba only deals with the lower 32 bits of the LUID, just return those and let the LSA layer deal with the upper 0 bits. Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-09-11s3-privs Inline dump_se_priv into callers now that it's just a uint64_tAndrew Bartlett1-4/+2
The previous 128 bit structure needed this helper function. Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-09-11s3-privs Rename structure elements for greater clarityAndrew Bartlett1-1/+1
It is important to make clear which is the LUID and which is the Samba-only bitmap mask. Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-09-11s3:auth Remove NT_USER_TOKENAndrew Bartlett4-16/+16
The all UPPER case typedef is no longer the preferred Samba style and this makes it easier to see that this is the IDL-derivied structure Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-09-11s3-auth Change struct nt_user_token -> struct security_tokenAndrew Bartlett1-2/+2
This common structure is defined in security.idl Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-09-11s3-privs Further changes to remove SE_PRIVAndrew Bartlett4-25/+25
Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-09-10s3-spoolss: Fix _spoolss_GetPrinter().Günther Deschner1-1/+2
In the error case, we need to TALLOC_FREE(r->out.info), don't ask :-) Guenther
2010-09-10s3-spoolss: Don't leak memory on the session counter list.Andreas Schneider1-0/+12
Thanks Günther, please check.
2010-09-10s3-spoolss: Allow multiple client backchannels.Simo Sorce1-77/+116
When we run spoolssd we need to support multiple clients connecting. Signed-off-by: Andreas Schneider <asn@samba.org>
2010-09-10s3-spoolss: Split function to send notification.Simo Sorce1-127/+162
More digestible this way. Signed-off-by: Andreas Schneider <asn@samba.org>
2010-09-10s3-spoolss: Use a single structure for all the back channel data.Simo Sorce1-14/+18
Signed-off-by: Andreas Schneider <asn@samba.org>
2010-09-10s3-spoolss: Rename Printer_entry to struct printer_handle.Simo Sorce1-53/+53
Signed-off-by: Andreas Schneider <asn@samba.org>
2010-09-10s3-spoolss: Move Printer_entry to srv_spoolss_nt.cSimo Sorce1-0/+44
It is used only there, and it is a good idea to make this one private and opaque to the rest of the code. Signed-off-by: Andreas Schneider <asn@samba.org>
2010-09-10s3-spoolss: Allocate printer entries on the pipe struct.Simo Sorce1-1/+2
Signed-off-by: Andreas Schneider <asn@samba.org>
2010-09-10s3-spoolss: Rename session counter structure and use talloc.Simo Sorce1-8/+7
Signed-off-by: Andreas Schneider <asn@samba.org>
2010-09-10s3-spoolss: allow a short printername w/o servername.Günther Deschner1-6/+1
Verified with RPC-SPOOLSS-PRINTSERVER-enumprinters_old test. Guenther
2010-09-09s3-spoolss: Use systerm server_info for winreg connection.Andreas Schneider1-88/+162
This will ensure that we have the rights we need to access the regsitry.
2010-09-09s3-spoolss: Make auth_serversupplied_info const.Andreas Schneider3-63/+63
2010-09-09s3-rpcint: Make auth_serversupplied_info const.Andreas Schneider1-3/+3
2010-09-09s3-spoolss: Fixed some build warnings.Andreas Schneider1-7/+11
2010-09-08s3-spoolss: Move spoolss winreg to new dcerpc client funtions.Andreas Schneider1-347/+389
2010-09-08s3-spoolss: Fixed a possible crash bug.Andreas Schneider1-1/+15
2010-09-07s3: Prune the printername cache when a printer is deletedVolker Lendecke1-2/+20
Signed-off-by: Andreas Schneider <asn@samba.org>
2010-09-04s3:rpc_server: implement rpcint_bh_set_timeout() as dummyStefan Metzmacher1-0/+8
metze
2010-09-04s3:rpc_server: make it possible to use rpcint_binding_handle() directlyStefan Metzmacher1-18/+76
metze
2010-09-03s3-spoolss: fix some debug statements.Günther Deschner1-1/+1
Guenther
2010-08-30s3-dcerpc: Implement DCERPC_AUTH_TYPE_KRB5 server sideSimo Sorce1-29/+364
Signed-off-by: Günther Deschner <gd@samba.org>
2010-08-29s3: Remove smbd_server_fd() from srv_netlog_ntVolker Lendecke1-3/+2
This is not actually used. If it was to be activated, we'd have to pass in a pipes_struct.
2010-08-29s3: Remove some uses of smbd_server_fd()Volker Lendecke1-2/+2
The change in behaviour is that we don't detect "socket option" changes anymore when printers are added or removed.
2010-08-27s3: Cache results of finding printer namesVolker Lendecke1-0/+39
With hundreds of printers or on a slow machine, this can become expensive. Problem reported and patch sponsored by DESY, Hamburg (www.desy.de)
2010-08-27s3: Pass rhost through to smb_pam_passchangeVolker Lendecke3-16/+37
2010-08-26s3-build: only include rpc_misc.h where needed.Günther Deschner2-0/+2
Guenther
2010-08-26s3-build: use dbwrap.h only where needed.Günther Deschner1-0/+1
Guenther
2010-08-26s3-dcerpc: only include rpc_dce.h where needed.Günther Deschner3-0/+3
Guenther
2010-08-26s3-build: only include "fake_file.h" where needed.Günther Deschner1-0/+1
Guenther
2010-08-25s3-lsa: separate out init_lsa headers.Günther Deschner3-0/+3
Guenther
2010-08-22s3: Replace calls to check_access by allow_accessVolker Lendecke1-2/+2
We already have both the name and address of the client stored now