summaryrefslogtreecommitdiff
path: root/source3/rpc_server
AgeCommit message (Collapse)AuthorFilesLines
2012-12-09s3-rpc_server: support AES for interactive netlogon samlogon password ↵Günther Deschner1-2/+34
decryption. Still need to fix AES support for the returned validation info. Guenther Signed-off-by: Günther Deschner <gd@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
2012-12-09s3-rpc_server: we need to encrypt OWFs using DES in _netr_ServerGetTrustInfo().Günther Deschner1-2/+2
Sumit, please check. Guenther Signed-off-by: Günther Deschner <gd@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
2012-12-09s3-rpc_server: pass down netlogon cred state in _netr_ServerGetTrustInfo().Günther Deschner1-9/+5
Guenther Signed-off-by: Günther Deschner <gd@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
2012-12-09s3-rpc_server: support AES decryption in netr_ServerPasswordSet2 server.Günther Deschner1-1/+6
Guenther Signed-off-by: Günther Deschner <gd@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
2012-11-29spoolss: fix segfault when "default devmode" is disabledDavid Disseldorp1-18/+34
Currently when "default devmode" is explicitly disabled, and a printer is added with a null device mode, spoolssd crashes in copy_devicemode(). Both construct_printer_info2() and construct_printer_info8() code paths currently unconditionally attempt to copy a printers device mode, without checking whether one is present. This change fixes this regression such that construct_printer_info*() functions check for a null device mode before copying. https://bugzilla.samba.org/show_bug.cgi?id=9433 Reviewed-by: Andreas Schneider <asn@samba.org> Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org> Autobuild-Date(master): Thu Nov 29 13:03:05 CET 2012 on sn-devel-104
2012-11-13Change get_nt_acl_no_snum() to return an NTSTATUS, not a struct ↵Andrew Bartlett1-4/+7
security_descriptor *. Internally change the implementation to use SMB_VFS_GET_NT_ACL() instead of SMB_VFS_FGET_NT_ACL() with a faked-up file struct. Andrew Bartlett Reviewed by: Jeremy Allison <jra@samba.org>
2012-10-20s3:rpc_server: avoid a level 0 DEBUG if tstream_npa_connect_recv fails (bug ↵Stefan Metzmacher1-1/+5
#9309) metze Autobuild-User(master): Stefan Metzmacher <metze@samba.org> Autobuild-Date(master): Sat Oct 20 12:56:23 CEST 2012 on sn-devel-104
2012-10-19s3: Remove some calls to procid_selfVolker Lendecke2-6/+8
The goal is to have procid_self handling completely in the messaging_context. Signed-off-by: Andreas Schneider <asn@samba.org> Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org> Autobuild-Date(master): Fri Oct 19 20:39:56 CEST 2012 on sn-devel-104
2012-10-19s3:rpc_server/srvsvc: remove function net_enum_pipes()Gregor Beck1-97/+0
The relevant records are not written to connections.tdb since commit a781b78417b6d7b875230dd2edcb932445aa4197 Signed-off-by: Stefan Metzmacher <metze@samba.org> Signed-off-by: Michael Adam <obnox@samba.org>
2012-10-11rpc_server:srvsvc Remove psd variable that was no longer set by ↵Andrew Bartlett1-5/+3
SMB_VFS_FGET_NT_ACL This fixes up an error introduced by c8ade07760ae0ccfdf2d875c9f3027926e62321b. Andrew Bartlett Autobuild-User(master): Andrew Bartlett <abartlet@samba.org> Autobuild-Date(master): Thu Oct 11 07:53:36 CEST 2012 on sn-devel-104
2012-10-11smbd: Add mem_ctx to {f,}get_nt_acl VFS callAndrew Bartlett1-8/+8
This makes it clear which context the returned SD is allocated on, as a number of callers do not want it on talloc_tos(). As the ACL transformation allocates and then no longer needs a great deal of memory, a talloc_stackframe() call is used to contain the memory that is not returned further up the stack. Andrew Bartlett
2012-10-10s3-rpc_server: fix build warningDavid Disseldorp1-0/+2
enum dcerpc_transport_t is undeclared, include required headers. Autobuild-User(master): David Disseldorp <ddiss@samba.org> Autobuild-Date(master): Wed Oct 10 12:41:28 CEST 2012 on sn-devel-104
2012-10-09Make sure the returned sd is on the right context, and if not it's always freed.Jeremy Allison1-1/+3
Autobuild-User(master): Jeremy Allison <jra@samba.org> Autobuild-Date(master): Tue Oct 9 23:35:50 CEST 2012 on sn-devel-104
2012-10-09Move setting of psd->dacl->revision and protect against null SD's.Jeremy Allison1-2/+4
2012-09-28s3-lsa: Flesh out the returned info in _lsa_EnumTrustedDomainsEx().Günther Deschner1-0/+5
Guenther
2012-09-18Fix service control for non-internal services.Vladimir Marek1-4/+0
Signed-off-by: Jeremy Allison <jra@samba.org> Autobuild-User(master): Jeremy Allison <jra@samba.org> Autobuild-Date(master): Tue Sep 18 01:42:23 CEST 2012 on sn-devel-104
2012-09-07rpcserver: fix useless declaration warningBjörn Jacke1-1/+0
issues by irix compiler
2012-08-30Change the other two places where we set a security descriptor given by the ↵Jeremy Allison1-20/+1
client to got through set_sd(), the canonicalize sd function.
2012-08-23s3-smbd: Add security_info_wanted argument to get_nt_acl_no_snumAndrew Bartlett1-1/+1
I need to get at the owner, group, DACL and SACL when testing correct ACL storage. Andrew Bartlett
2012-08-09Correctly check for errors in strlower_m() returns.Jeremy Allison2-2/+6
2012-08-04s3:rpc_server/wkssvc: make usage of session_extract_session_key()Stefan Metzmacher1-2/+24
This makes sure we return NO_USER_SESSION_KEY if there's no session key. metze
2012-08-04s3:rpc_server/netlogon: make usage of session_extract_session_key()Stefan Metzmacher1-1/+9
This makes sure we return NO_USER_SESSION_KEY if there's no session key. metze
2012-07-27lib/param: Remove use of lp{cfg,}_socket_address outside the NBT client and ↵Andrew Bartlett1-12/+6
server In these other cases, control of the sockets to bind to can be obtained using "bind interfaces only = yes" and "interfaces = ". Andrew Bartlett
2012-07-24Remove unused variable.Jeremy Allison1-1/+0
Autobuild-User(master): Jeremy Allison <jra@samba.org> Autobuild-Date(master): Tue Jul 24 02:01:00 CEST 2012 on sn-devel-104
2012-07-19s3-rpc_server: Remove make_server_info_info3() call from ↵Andrew Bartlett1-52/+3
make_server_pipes_struct() This codepath would only be executed if we provided a partial session_info token across the named pipe forwarding code. The smbd file server always fills this in, and if the ntvfs file server ever wants to use an smbd hosted pipe, it can do the same. Calling create_local_token is always the wrong thing to do. Andrew Bartlett
2012-07-18loadparm: make the source3/ lp_ functions take an explicit TALLOC_CTX *.Rusty Russell7-89/+93
They use talloc_tos() internally: hoist that up to the callers, some of whom don't want to us talloc_tos(). A simple patch, but hits a lot of files. Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2012-07-18source3/rpc_server/svcctl/srv_svcctl_reg.c: fix stackframe leakRusty Russell1-0/+1
svcctl_init_winreg() doesn't free its stackframe. Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2012-07-17s3:rpc_server: add support for AES bases netlogon schannelStefan Metzmacher1-0/+4
metze Signed-off-by: Günther Deschner <gd@samba.org>
2012-07-12s3: rename sid_check_is_in_our_domain() to sid_check_is_in_our_sam()Michael Adam1-7/+7
This does not check whether the given sid is in our domain, but but whether it belongs to the local sam, which is a different thing on a domain member server. Autobuild-User(master): Michael Adam <obnox@samba.org> Autobuild-Date(master): Thu Jul 12 18:36:02 CEST 2012 on sn-devel-104
2012-07-12s3: rename sid_check_is_domain() to sid_check_is_our_sam()Michael Adam1-6/+6
This does not check whether the given sid is the domain sid, but whether it is the sid of the local sam, which is different for a domain member server.
2012-07-06s3-lsarpc: Enforce a secure connection for LookupSids3 and LookupNames4.Andreas Schneider1-8/+14
http://thread.gmane.org/gmane.network.protocol.cifs.general/291
2012-07-06s3-lsarpc: Restrict lsa_LookupNames4 to ncacn_ip_tcp connections.Andreas Schneider1-12/+23
See MS-LAT, Section 2.1 Transport.
2012-07-06s3-lsarpc: Restrict lsa_LookupSids3 to ncacn_ip_tcp connections.Andreas Schneider1-12/+23
See MS-LAT, Section 2.1 Transport.
2012-07-06s3-lsarpc: Restrict the transport for ncacn_np functions.Andreas Schneider1-0/+42
See MS-LAT, section 2.1 Transport.
2012-07-06s3-rpc_server: Make it possible to use more rpc exceptions.Andreas Schneider18-376/+348
2012-07-03s3-printing: Remove deprecated lp_printer_admin().Andreas Schneider1-42/+14
2012-06-27s3-param: Rename loadparm_s3_context -> loadparm_s3_helpersAndrew Bartlett2-6/+6
This helps clarify the role of this structure and wrapper function. The purpose here is to provide helper functions to the lib/param loadparm_context that point back at the s3 lp_ functions. This allows a struct loadparm_context to be passed to any point in the code, and always refer to the correct loadparm system. If this has not been set, the variables loaded in the lib/param code will be returned. As requested by Michael Adam. Andrew Bartlett Autobuild-User(master): Andrew Bartlett <abartlet@samba.org> Autobuild-Date(master): Wed Jun 27 17:11:16 CEST 2012 on sn-devel-104
2012-06-26s3-printing: pass a talloc ctx to unpack_pjobDavid Disseldorp1-1/+1
Rather than allocating the devicemode on a null context.
2012-06-26s3-printing: clean up print_job_pause/resume interfaceDavid Disseldorp1-8/+4
Currently both return a bool and sometimes set a werr pointer argument, always return werror instead.
2012-06-26s3-printing: rename queue->job sysjobDavid Disseldorp1-8/+8
Print jobs maintain two job identifiers, the jobid allocated by the spoolss layer (pj->jobid), and the job identifier defined by the printing backend (pj->sysjob). Printer job queues currently only contain a single job identifier variable (queue->job), the variable is sometimes representative of the spoolss layer job identifier, and more often representative of the printing backend id. This change renames the queue job identifier from queue->job to queue->sysjob, in preparation for a change to only store the printing backend identifier.
2012-06-21s3:util: rename procid_equal() to serverid_equal()Michael Adam1-1/+1
Signed-off-by: Stefan Metzmacher <metze@samba.org>
2012-06-19Remove unused variables and code.Jeremy Allison1-9/+0
2012-06-19Fix more "set but not used" warnings.Jeremy Allison1-6/+3
2012-06-19Fix a bunch of "set but not used" warnings.Jeremy Allison1-14/+7
2012-06-19s3:rpc_server/lsasd: remove dependency to libgen.h and basename()Stefan Metzmacher1-8/+11
metze
2012-06-19auth: Use only security_token_is_system to determine that a user is SYSTEMAndrew Bartlett1-1/+1
This removes the duplication on how to detect that a user is system in Samba now that the smbd system account is also only SID_NT_SYSTEM we can use the same check everywhere. Andrew Bartlett Signed-off-by: Andreas Schneider <asn@samba.org>
2012-06-19s3-spoolss: delete_drivers should be called as the connecting user.Andreas Schneider1-1/+1
Signed-off-by: Andreas Schneider <asn@samba.org>
2012-06-05s3:lib: split things into a conn_tdb.hStefan Metzmacher1-0/+1
metze Autobuild-User: Stefan Metzmacher <metze@samba.org> Autobuild-Date: Tue Jun 5 19:28:35 CEST 2012 on sn-devel-104
2012-05-28s3:rpc_server: don't do any magic in is_known_pipename() anymoreStefan Metzmacher1-12/+3
The callers have to check if they allow something else than the raw pipe file name. If we allow more than windows allows, we risks Samba specific client behavior. E.g. winbindd only works against Samba servers. metze
2012-05-28s3:rpc_server: return OBJECT_NAME_NOT_FOUND instead of PIPE_NOT_AVAILABLEStefan Metzmacher1-1/+1
metze