summaryrefslogtreecommitdiff
path: root/source4/smbd/service_named_pipe.c
AgeCommit message (Collapse)AuthorFilesLines
2011-05-08ncalrpc: Force ncalrpc dir to be mode 755 in all usersAndrew Bartlett1-0/+7
This allows this directory to be shared between Samba3 and Samba4 in a Franky-style setup easily. Andrew Bartlett
2011-05-08Improve debug messages when creating socket directoriesAndrew Bartlett1-1/+1
This makes clear what the permissions error and directory name actually is Andrew Bartlett
2011-02-10libcli/named_pipe_auth Change from 'info3' to auth_session_info_transportAndrew Bartlett1-125/+13
This changes the structure being used to convey the current user state from the netlogon-derived 'netr_SamInfo3' structure to a purpose-built structure that matches the internals of the Samba auth subsystem and contains the final group list, as well as the final privilege set and session key. These previously had to be re-created on the server side of the pipe each time. Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org>
2011-02-09s4-auth Rework auth subsystem to remove struct auth_serversupplied_infoAndrew Bartlett1-6/+6
This changes auth_serversupplied_info into the IDL-defined struct auth_user_info_dc. This then in turn contains a struct auth_user_info, which is the only part of the structure that is mainted into the struct session_info. The idea here is to avoid keeping the incomplete results of the authentication (such as session keys, lists of SID memberships etc) in a namespace where it may be confused for the finalised results. Andrew Barltett
2011-01-20s4-auth Remove special case for account_sid from auth_serversupplied_infoAndrew Bartlett1-1/+1
This makes everything reference a server_info->sids list, which is now a struct dom_sid *, not a struct dom_sid **. This is in keeping with the other sid lists in the security_token etc. In the process, I also tidy up the talloc tree (move more structures under their logical parents) and check for some possible overflows in situations with a pathological number of sids. Andrew Bartlett
2010-11-15s4-server: make server sockets a child of the task contextAndrew Tridgell1-3/+5
We previously allocated sockets as direct children of the event context. That led to crashes if a service called task_server_terminate(), as it left the socket open and handling events for a dead protocol. Making them a child of the task allows the task to terminate and take all its sockets with it. Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-10-12libcli/security Use common security.hAndrew Bartlett1-1/+1
This includes dom_sid.h and security_token.h and will be moved to the top level shortly. Andrew Bartlett Autobuild-User: Andrew Bartlett <abartlet@samba.org> Autobuild-Date: Tue Oct 12 03:35:36 UTC 2010 on sn-devel-104
2010-10-11s4-credentials Add explicit event context handling to Kerberos calls (only)Andrew Bartlett1-1/+0
By setting the event context to use for this operation (only) onto the krb5_context just before we call that operation, we can try and emulate the specification of an event context to the actual send_to_kdc() This eliminates the specification of an event context to many other cli_credentials calls, and the last use of event_context_find() Special care is taken to restore the event context in the event of nesting in the send_to_kdc function. Andrew Bartlett
2010-07-16s4-loadparm: 2nd half of lp_ to lpcfg_ conversionAndrew Tridgell1-1/+1
this converts all callers that use the Samba4 loadparm lp_ calling convention to use the lpcfg_ prefix. Signed-off-by: Andrew Bartlett <abartlet@samba.org>
2010-05-26s4:smbd: Use tstream_npa_accept_existing to accept named pipe connectionsSimo Sorce1-532/+161
Pair-programmed-with: Stefan Metzmacher <metze@samba.org>
2010-05-20s4:auth Change auth_generate_session_info to take flagsAndrew Bartlett1-0/+41
This allows us to control what groups should be added in what use cases, and in particular to more carefully control the introduction of the 'authenticated' group. In particular, in the 'service_named_pipe' protocol, we do not have control over the addition of the authenticated users group, so we key of 'is this user the anonymous SID'. This also takes more care to allocate the right length ptoken->sids Andrew Bartlett
2010-05-18Finish removal of iconv_convenience in public API's.Jelmer Vernooij1-2/+0
2010-04-27s4:service_named_pipe: use the passed client and server addressesStefan Metzmacher1-1/+38
This gives the rpc server code the correct client and server ip addresses for ncacn_np. metze
2010-04-14s4:auth Change auth_generate_session_info to take an auth contextAndrew Bartlett1-14/+48
The auth context was in the past only for NTLM authentication, but we need a SAM, an event context and and loadparm context for calculating the local groups too, so re-use that infrustructure we already have in place. However, to avoid problems where we may not have an auth_context (in torture tests, for example), allow a simpler 'session_info' to be generated, by passing this via an indirection in gensec and an generate_session_info() function pointer in the struct auth_context. In the smb_server (for old-style session setups) we need to change the async context to a new 'struct sesssetup_context'. This allows us to use the auth_context in processing the authentication reply . Andrew Bartlett
2010-02-26s4-smb: Migrate named_pipe_server to tsocket.Andreas Schneider1-208/+311
This is an improved version of commit 69d5cea2e59162f19460e7ce4b6382fc5fdd6ca0, which was reverted by commit 71c20f703b0c603d6aada63ed5634070a26df052. Signed-off-by: Stefan Metzmacher <metze@samba.org>
2010-02-26s4-krb5: propogate errors from a lot more kerberos functionsAndrew Tridgell1-1/+3
We need to be able to give sensible error messages when a kerberos calls fails. This propogates the kerberos error up the stack to the caller. Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-02-24Revert "s4-smb: Migrate named_pipe_server to tsocket."Simo Sorce1-278/+210
This reverts commit 69d5cea2e59162f19460e7ce4b6382fc5fdd6ca0. This commit causes issues with the RPC server, revert it until we find the exact issue and possibly have a torture test to avoid it happening again. Found playing with w2k8r2 and forest trusts.
2010-02-23s4-smb: Migrate named_pipe_server to tsocket.Andreas Schneider1-210/+278
2010-02-22More spelling fixes across source4/Brad Hards1-1/+1
Signed-off-by: Matthias Dieter Wallnöfer <mwallnoefer@yahoo.de>
2009-09-19s4-smbd: removed unnecessary includesAndrew Tridgell1-2/+0
2009-09-18s4-server: kill main daemon if a task fails to initialiseAndrew Tridgell1-0/+2
When one of our core tasks fails to initialise it can now ask for the server as a whole to die, rather than limping along in a degraded state.
2009-09-18s4:service_named_pipe: accept delegated credentialsStefan Metzmacher1-2/+98
metze
2009-05-01s4:smbd: add support for named_pipe_auth level 2 in service_named_pipe...Stefan Metzmacher1-4/+55
metze
2009-02-02s4:service_stream: s/private/private_dataStefan Metzmacher1-6/+6
metze
2009-02-02s4:smbd: s/private/private_dataStefan Metzmacher1-1/+1
metze
2009-01-21s4:auth: move make_server_info_netlogon_validation() function arroundStefan Metzmacher1-0/+1
metze
2009-01-03s4:smbd: convert to tevent_* apiStefan Metzmacher1-3/+3
metze
2008-12-29s4:lib/tevent: rename structsStefan Metzmacher1-1/+1
list="" list="$list event_context:tevent_context" list="$list fd_event:tevent_fd" list="$list timed_event:tevent_timer" for s in $list; do o=`echo $s | cut -d ':' -f1` n=`echo $s | cut -d ':' -f2` r=`git grep "struct $o" |cut -d ':' -f1 |sort -u` files=`echo "$r" | grep -v source3 | grep -v nsswitch | grep -v packaging4` for f in $files; do cat $f | sed -e "s/struct $o/struct $n/g" > $f.tmp mv $f.tmp $f done done metze
2008-12-17s4: fix LIBEVENTS dependencies and use more forward declarationsStefan Metzmacher1-0/+1
We should only include events.h where we really need it and prefer forward declarations of 'struct event_context' metze
2008-11-06s4: smbd: implement stream_socket_named_pipe()Stefan Metzmacher1-0/+366
For now implement just a very simple protocol to negotiate the transport session info. We may need to pass more info later, e.g. client ip or name... metze