summaryrefslogtreecommitdiff
path: root/source3/rpc_server
AgeCommit message (Collapse)AuthorFilesLines
2012-03-08s3-auth: Remove single-implementation plugin layerAndrew Bartlett1-2/+2
The ->get_ntlm_challenge and ->check_ntlm_password elements of struct auth_context were only ever initialised to a single value. Make it easier to follow by just calling the function directly. Andrew Bartlett
2012-03-07s3-rpc_server: Do not register embedded ncacn_np endpoints by defaultAndrew Bartlett1-1/+8
The end point mapper is primarily in support of lsasd, and the key SAMR, LSA and NETLOGON services being accessed over TCP/IP. The end point mapper does not appear to be used for the well-known mappings to named pipes, and we have a problem with how to safely register the embedded pipes. For now, disable this to avoid re-registration storms in production, until we sort out a better way. Andrew Bartlett Autobuild-User: Andrew Bartlett <abartlet@samba.org> Autobuild-Date: Wed Mar 7 14:27:38 CET 2012 on sn-devel-104
2012-03-07s3-rpc_server: Do not setup ncalrpc pipes and TCP for embedded rpc serversAndrew Bartlett1-108/+38
Embedded RPC services are those not launched in the preforked lsasd and spoolssd children. The reason that these child processes were created is that is is not possible to correctly listen for ncalrpc and TCP connections without creating a child process. Therefore, we should not have these embedded RPC services to listen on these sockets just because the endpoint mapper has been enabled. Andrew Bartlett
2012-03-05s3-rpc_server: Remove remaining code for embedded endpoint mapperAndrew Bartlett1-23/+0
Signed-off-by: Andreas Schneider <asn@samba.org> Autobuild-User: Andreas Schneider <asn@cryptomilk.org> Autobuild-Date: Mon Mar 5 23:14:33 CET 2012 on sn-devel-104
2012-03-05s3-rpc_server: Only init and register embedded RPC services in dcesrv_ep_setup()Andrew Bartlett1-37/+66
This consults the two definitions for embedded, that is if the deamon is forking or if the rpc_server:<interface> line is set to embedded. Andrew Bartlett Signed-off-by: Andreas Schneider <asn@samba.org>
2012-03-05s3: Fix a "Invalid (state->nread >= 0)" warningVolker Lendecke1-1/+1
Both read_from_internal_pipe and tstream_readv_pdu_queue_recv return ssize_t. Autobuild-User: Volker Lendecke <vl@samba.org> Autobuild-Date: Mon Mar 5 17:38:16 CET 2012 on sn-devel-104
2012-03-05s3-lsasd: Fix debug messages on registration failureAndrew Bartlett1-3/+3
Autobuild-User: Andrew Bartlett <abartlet@samba.org> Autobuild-Date: Mon Mar 5 09:50:17 CET 2012 on sn-devel-104
2012-03-04s3-rpc_server: consolidate rpc server init routinesAndrew Bartlett1-484/+64
This uses a helper function to reduce duplication. Andrew Bartlett
2012-03-04s3: Fix some && vs & warningsVolker Lendecke1-3/+3
Signed-off-by: Andreas Schneider <asn@samba.org> Autobuild-User: Andreas Schneider <asn@cryptomilk.org> Autobuild-Date: Sun Mar 4 13:31:25 CET 2012 on sn-devel-104
2012-03-04change low FDs are handled in SambaAndrew Bartlett2-6/+0
We now only close fds 0, 1, 2 when we are a forked daemon, and take care not to close a file descriptor that we might need for foreground stdin monitoring. This should fix stdout logging in the lsa and epmapper deamons (ie in make test). Andrew Bartlett
2012-03-03s3: Fix a bogus if (client_len < 0)Volker Lendecke1-1/+1
On some platforms socklen_t might be unsigned, so comparing for <0 always returns true. Also, tsocket_address_bsd_sockaddr returns ssize_t. Autobuild-User: Volker Lendecke <vl@samba.org> Autobuild-Date: Sat Mar 3 23:38:31 CET 2012 on sn-devel-104
2012-03-02s3:rpc_server: initialize struct schannel_state to zeroStefan Metzmacher1-2/+1
metze Autobuild-User: Stefan Metzmacher <metze@samba.org> Autobuild-Date: Fri Mar 2 08:48:23 CET 2012 on sn-devel-104
2012-02-23s3-rpc_server Remove unused function auth_generic_server_start()Andrew Bartlett2-63/+0
2012-02-16s3-librpc: Use gensec_spnego for DCE/RPC authenticationAndrew Bartlett4-416/+3
This ensures that we use the same SPNEGO code on session setup and on DCE/RPC binds, and simplfies the calling code as spnego is no longer a special case in cli_pipe.c A special case wrapper function remains to avoid changing the application layer callers in this patch. Andrew Bartlett Signed-off-by: Stefan Metzmacher <metze@samba.org>
2012-02-10s3-waf: add dependency on talloc or it won't build if talloc.h is not in the ↵Matthieu Patou1-1/+2
default include path The problem occurs only if talloc, tdb and ldb are used as system libraries and talloc is not installed in a default. Autobuild-User: Matthieu Patou <mat@samba.org> Autobuild-Date: Fri Feb 10 23:27:29 CET 2012 on sn-devel-104
2012-01-25s3-waf: Fix cups dependency in PRINTING.Andreas Schneider1-1/+1
2012-01-25s3-waf: Add missing dependency to RPC_WINREG.Andreas Schneider1-1/+1
2012-01-22s3-spoolss: fix incorrect error check typeDavid Disseldorp1-1/+1
NT_STATUS_IS_OK used to check WERROR type. Autobuild-User: David Disseldorp <ddiss@samba.org> Autobuild-Date: Sun Jan 22 05:03:36 CET 2012 on sn-devel-104
2012-01-20s3-spoolss: fix printer_driver_files_in_use() call orderingDavid Disseldorp1-8/+10
printer_driver_files_in_use() performs two tasks: it returns whether any of the files in the to-be-deleted driver overlap with other drivers, it also trims such files from the info structure passed in. In processing a DeletePrinterDataEx request with DPD_DELETE_UNUSED_FILES set, printer_driver_files_in_use() must be called to ensure files in use by other drivers are not removed. https://bugzilla.samba.org/show_bug.cgi?id=4942 Signed-off-by: Andreas Schneider <asn@samba.org>
2012-01-20s3-spoolss: fix printer driver version deletionDavid Disseldorp1-167/+111
Spoolss delete printer driver code currently makes invalid version assumptions based on the architecture requested by the client. Ugly hacks are in place to cover removal of other versions (2 and 3). This change wraps multi version deletion in a simple for loop. Signed-off-by: Andreas Schneider <asn@samba.org>
2012-01-18s3-librpc Remove unused dcesrv_gssapi.[ch] functionsAndrew Bartlett5-268/+1
The code from dcesrv_gssapi.c is now in source3/auth/auth_generic.c as an auth callback. Andrew Bartlett Signed-off-by: Stefan Metzmacher <metze@samba.org>
2012-01-18s3-librpc Remove layer around struct gensec_securityAndrew Bartlett1-2/+2
Signed-off-by: Stefan Metzmacher <metze@samba.org>
2012-01-18s3-librpc: Simplify SPNEGO code now that all mechs use a struct gensec_securityAndrew Bartlett2-16/+4
Signed-off-by: Stefan Metzmacher <metze@samba.org>
2012-01-18s3-librpc Call SPENGO/GSSAPI via the auth_generic layer and gensecAndrew Bartlett2-104/+25
This simplifies a lot of code, as we know we are always dealing with a struct gensec_security, and allows the gensec module being used to implement GSSAPI to be swapped for AD-server operation. Andrew Bartlett Signed-off-by: Stefan Metzmacher <metze@samba.org>
2012-01-18s3-librpc Call GSSAPI via the auth_generic layer and gensecAndrew Bartlett1-72/+4
This simplifies a lot of code, as we know we are always dealing with a struct gensec_security, and allows the gensec module being used to implement GSSAPI to be swapped when required for AD-server operation. Andrew Bartlett Signed-off-by: Stefan Metzmacher <metze@samba.org>
2012-01-11spoolss: fix DPD_DELETE_ALL_FILES error returnDavid Disseldorp1-2/+1
If DeletePrinterDriverEx is called with DPD_DELETE_ALL_FILES and files assigned to the to-be-deleted driver overlap with other drivers then an error is returned. Change the error code here to match Windows 2k8r2. Signed-off-by: David Disseldorp <ddiss@samba.org> Signed-off-by: Andreas Schneider <asn@samba.org>
2012-01-05s3-auth Remove ntlmssp_wrap.h which is no longer requiredAndrew Bartlett1-1/+0
Signed-off-by: Stefan Metzmacher <metze@samba.org>
2012-01-05s3-auth use gensec directly rather than via auth_generic_stateAndrew Bartlett1-32/+24
This is possible because the s3 gensec modules are started as normal gensec modules, so we do not need a wrapper any more. Andrew Bartlett Signed-off-by: Stefan Metzmacher <metze@samba.org>
2012-01-05s3-auth Add TALLOC_CTX * to auth_generic_prepare()Andrew Bartlett1-2/+2
This makes the long term owner of this memory more clear. So far only the clear cases have been moved from NULL however. Andrew Bartlett Signed-off-by: Stefan Metzmacher <metze@samba.org>
2011-12-22s3-rpc_server: Rework pipe_ntlmssp_auth_bind() to be genericAndrew Bartlett3-25/+63
Signed-off-by: Stefan Metzmacher <metze@samba.org>
2011-12-22s3-rpc_server: Allow gensec mechanisms to return NT_STATUS_OKAndrew Bartlett1-2/+2
If a kerberos mechanism is added, then it can return OK after just one packet. Andrew Bartlett Signed-off-by: Stefan Metzmacher <metze@samba.org>
2011-12-22s3-rpc_server: rename pipe_ntlmssp_verify_final() to ↵Andrew Bartlett1-3/+3
pipe_auth_generic_verify_final() Signed-off-by: Stefan Metzmacher <metze@samba.org>
2011-12-22s3-rpc_server: Rename dcesrv_ntlmssp.[ch] to dcesrv_auth_generic.[ch]Andrew Bartlett5-4/+4
Signed-off-by: Stefan Metzmacher <metze@samba.org>
2011-12-22s3-rpc_server rename NTLMSSP functions to auth_generic..()Andrew Bartlett4-11/+11
Signed-off-by: Stefan Metzmacher <metze@samba.org>
2011-12-22s3-rpc_server rename ntlmssp_server_auth_start() -> auth_generic_server_start()Andrew Bartlett4-5/+9
By adding an OID parameter we can make this routine generic to any gensec module that may be made available. Andrew Bartlett Signed-off-by: Stefan Metzmacher <metze@samba.org>
2011-12-22s3-rpc_server remove unused headerAndrew Bartlett1-1/+0
Signed-off-by: Stefan Metzmacher <metze@samba.org>
2011-12-22s3-rpc_server request both sign and seal for clarityAndrew Bartlett1-1/+1
Signed-off-by: Stefan Metzmacher <metze@samba.org>
2011-12-22s3-auth remove auth_ntlmssp_start(), call auth_generic_start() directlyAndrew Bartlett1-2/+2
This makes it clear that this can support more than just NTLMSSP. Andrew Bartlett Signed-off-by: Stefan Metzmacher <metze@samba.org>
2011-12-22s3-auth rename auth_ntlmssp_prepare() -> auth_generic_prepare()Andrew Bartlett1-2/+2
This function handles more than NTLMSSP now, at least when we are an AD DC and so changing the name may avoid some confusion in the future. Andrew Bartlett Signed-off-by: Stefan Metzmacher <metze@samba.org>
2011-12-22s3-auth rename auth_ntlmssp_state -> auth_generic_stateAndrew Bartlett1-1/+1
This structure handles more than NTLMSSP now, at least when we are an AD DC and so changing the name may avoid some confusion in the future. Andrew Bartlett Signed-off-by: Stefan Metzmacher <metze@samba.org>
2011-12-22s3-rpc_server request the DCE_STYLE feature in ntlmssp_server_auth_startAndrew Bartlett1-0/+4
This is not used or honoured by NTLMSSP, but I hope to make this routine more generic in the future. Andrew Bartlett Signed-off-by: Stefan Metzmacher <metze@samba.org>
2011-12-22s3-netlogon: use dsgetdcname() instead of get_dc_name()Sumit Bose1-2/+7
Sometimes the domain parameter might not contain the NetBIOS name of the remote domain but the DNS name. Autobuild-User: Andreas Schneider <asn@cryptomilk.org> Autobuild-Date: Thu Dec 22 19:21:21 CET 2011 on sn-devel-104
2011-12-22s3-netlogon: Add support to authenticate trusted domains.Sumit Bose1-0/+13
2011-12-22s3-rpc_server: Pass in our flags to netlogon_creds_server_init().Stefan Metzmacher1-1/+1
metze
2011-12-22s3-netlogon: Add support for LogonGetCapabilities.Stefan Metzmacher1-1/+21
This is also needed to support AES. metze
2011-12-22s3-rpc_server: Add my copyright for my previous work hereAndrew Bartlett1-0/+1
Autobuild-User: Andrew Bartlett <abartlet@samba.org> Autobuild-Date: Thu Dec 22 09:02:57 CET 2011 on sn-devel-104
2011-12-22s3-rpc_server: Remove old commentAndrew Bartlett1-5/+0
2011-12-22s3-rpc: added "rpc_server:default" config optionAndrew Tridgell1-4/+12
this allows the config to specify a default behaviour (embedded, external or disabled) for unknown pipes. This is needed to allow the s3 smbd server to redirect unknown pipes to the s4 RPC server when using s3 smbd as a file server for a s4 DC. If rpc_server:default is not specified then this change preserves the old behaviour
2011-12-15s3:smbd: pass smbd_server_connection and a snumused function pointer to ↵Stefan Metzmacher1-1/+11
reload_services() metze
2011-12-15s3:rpc_server/spoolss: remove reload_services check from delete_printer_hook()Stefan Metzmacher1-8/+0
As the spoolss code can run embedded or external relative to the smbd file server process, it's very tricky to verify if a share is still in use. Checking the result of the "deleteprinter command" command should be enough to check for success. We should not return WERR_ACCESS_DENIED if the share is still in use, by the current client, as the primary printer definition is already deleted. metze