summaryrefslogtreecommitdiffstats
path: root/source3/rpc_server
Commit message (Collapse)AuthorAgeFilesLines
* samba: pass down size_t instead of int to add_string_to_array().Günther Deschner2014-11-173-3/+4
| | | | | | | | | | Guenther Signed-off-by: Günther Deschner <gd@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org> Autobuild-User(master): Günther Deschner <gd@samba.org> Autobuild-Date(master): Mon Nov 17 19:53:22 CET 2014 on sn-devel-104
* s3:locking: allow early return for share_entry_forall()Volker Lendecke2014-10-311-20/+26
| | | | | | Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
* s3:locking: Rename share_mode_forall->share_entry_forallVolker Lendecke2014-10-311-4/+4
| | | | | | Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
* spoolss: remove unused fill_job_info3()David Disseldorp2014-10-301-21/+0
| | | | | | | | | This logic has been moved into the previous EnumJobs(level=3) caller. The info3 structure only contains two fields that are used, so it doesn't make sense to have a separate helper for it. Signed-off-by: David Disseldorp <ddiss@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* spoolss: fix jobid in level 3 EnumJobs responseDavid Disseldorp2014-10-301-23/+33
| | | | | | | | | | | | Until now, these responses have incorrectly carried the printing backend job identifier (sysjob), rather than the one allocated and returned by Samba on job submission. Bug: https://bugzilla.samba.org/show_bug.cgi?id=10905 Reported-by: Franz Pförtsch <franz.pfoertsch@brose.com> Signed-off-by: David Disseldorp <ddiss@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* spoolss: fix jobid in level 2 GetJob and EnumJobs responsesDavid Disseldorp2014-10-301-14/+36
| | | | | | | | | | | | Until now, these responses have incorrectly carried the printing backend job identifier (sysjob), rather than the one allocated and returned by Samba on job submission. Bug: https://bugzilla.samba.org/show_bug.cgi?id=10905 Reported-by: Franz Pförtsch <franz.pfoertsch@brose.com> Signed-off-by: David Disseldorp <ddiss@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* spoolss: fix jobid in level 1 GetJob and EnumJobs responsesDavid Disseldorp2014-10-301-12/+36
| | | | | | | | | | | | Until now, these responses have incorrectly carried the printing backend job identifier (sysjob), rather than the one allocated and returned by Samba on job submission. Bug: https://bugzilla.samba.org/show_bug.cgi?id=10905 Reported-by: Franz Pförtsch <franz.pfoertsch@brose.com> Signed-off-by: David Disseldorp <ddiss@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* spoolss: fix GetJob jobid lookupsDavid Disseldorp2014-10-301-5/+32
| | | | | | | | | | | | Clients issue GetJob requests using the jobid assigned by the spoolss server. The corresponding printing backend (sysjob) identifier needs to be resolved to locate the correct print queue entry. Bug: https://bugzilla.samba.org/show_bug.cgi?id=10905 Reported-by: Franz Pförtsch <franz.pfoertsch@brose.com> Signed-off-by: David Disseldorp <ddiss@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* spoolss: fix handling of bad EnumJobs levelsDavid Disseldorp2014-10-281-1/+6
| | | | | | | | | | | | | | | | | Currently Samba is inconsistent when returning WERR_UNKNOWN_LEVEL errors for spoolss EnumJobs requests - if no print jobs are present, then WERR_OK will be returned, regardless of whether the EnumJobs level is supported or not. This change fixes this behaviour, by catching invalid or unsupported levels prior to the no-jobs response fast-path. Bug: https://bugzilla.samba.org/show_bug.cgi?id=10898 Signed-off-by: David Disseldorp <ddiss@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> Autobuild-User(master): Jeremy Allison <jra@samba.org> Autobuild-Date(master): Tue Oct 28 03:05:35 CET 2014 on sn-devel-104
* s3: lib: Signal handling - ensure smbrun and change password code save and ↵Jeremy Allison2014-09-301-4/+5
| | | | | | | | | | | restore existing SIGCHLD handlers. Bug #10831 - SIGCLD Signal handler not correctly reinstalled on old library code use - smbrun etc. https://bugzilla.samba.org/show_bug.cgi?id=10831 Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Martin Schwenke <martin@meltin.net>
* s3: Move init_lsa_ref_domain_list to libChristof Schmitt2014-09-292-48/+2
| | | | | | | This will be used in the next patch in winbind. Signed-off-by: Christof Schmitt <cs@samba.org> Reviewed-by: Volker Lendecke <vl@samba.org>
* librpc: gensec is our security provider abstraction, remove a void *Andrew Bartlett2014-09-271-9/+3
| | | | | | | Andrew Bartlett Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
* vfs3: Pass "lease" through SMB_VFS_CREATE_FILEVolker Lendecke2014-08-111-0/+2
| | | | | Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* printing: reload printer shares on OpenPrinterDavid Disseldorp2014-08-081-1/+11
| | | | | | | | | | | | | | The printer share inventory should be reloaded on open _and_ enumeration, as there are some clients, such as cupsaddsmb, that do not perform an enumeration prior to access. Bug: https://bugzilla.samba.org/show_bug.cgi?id=10652 Signed-off-by: David Disseldorp <ddiss@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org> Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org> Autobuild-Date(master): Fri Aug 8 16:33:50 CEST 2014 on sn-devel-104
* server: remove duplicate snum_is_shared_printer()David Disseldorp2014-08-081-9/+0
| | | | | | | | | Only keep a single definition in server_reload.c Bug: https://bugzilla.samba.org/show_bug.cgi?id=10652 Signed-off-by: David Disseldorp <ddiss@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
* printing: only reload printer shares on client enumDavid Disseldorp2014-08-082-1/+11
| | | | | | | | | | | | | | | | | | | | | | | | | Currently, automatic printer share updates are handled in the following way: - Background printer process (BPP) forked on startup - Parent smbd and per-client children await MSG_PRINTER_PCAP messages - BPP periodically polls the printing backend for printcap data - printcap data written to printer_list.tdb - MSG_PRINTER_PCAP sent to all smbd processes following update - smbd processes all read the latest printer_list.tdb data, and update their share listings This procedure is not scalable, as all smbd processes hit printer_list.tdb in parallel, resulting in a large spike in CPU usage. This change sees smbd processes only update their printer share lists only when a client asks for this information, e.g. via NetShareEnum or EnumPrinters. Bug: https://bugzilla.samba.org/show_bug.cgi?id=10652 Suggested-by: Volker Lendecke <vl@samba.org> Signed-off-by: David Disseldorp <ddiss@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
* lib: directory_create_or_exist() does not use "uid" parameterVolker Lendecke2014-07-281-2/+2
| | | | | Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* s3-rpc_server: Use C99 types in rpc_pipes.hAndrew Bartlett2014-06-041-4/+4
| | | | | | | | | Change-Id: Ic282f02f421870ff8a8623005979f8a034902d88 Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org> Autobuild-User(master): Andrew Bartlett <abartlet@samba.org> Autobuild-Date(master): Wed Jun 4 05:48:29 CEST 2014 on sn-devel-104
* s3-rpc_server: Give log messages on failureAndrew Bartlett2014-06-041-0/+2
| | | | | | Change-Id: I240d58fdf71bbab42d1ffb63bb52b9650fd4bd85 Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
* s3/rpc_server/lsa: replace dup_sec_desc() usageDavid Disseldorp2014-05-281-3/+3
| | | | | | | | | Use security_descriptor_copy() instead, which is also provided by libcli. Signed-off-by: David Disseldorp <ddiss@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> Reviewed-by: Volker Lendecke <vl@samba.org>
* s3/rpc_server/spoolss: replace dup_sec_desc() usageDavid Disseldorp2014-05-281-4/+14
| | | | | | | | | Use security_descriptor_copy() instead, which is also provided by libcli. Signed-off-by: David Disseldorp <ddiss@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> Reviewed-by: Volker Lendecke <vl@samba.org>
* s3/rpc_server/spoolss: remove SETUP_SPOOLSS_NOTIFY_DATA_SECDESCDavid Disseldorp2014-05-281-9/+3
| | | | | | | | | | The macro is only used once, and is broken in two ways: - it relies on an externally defined mem_ctx - _data->data.sd.sd_size is set zero twice for a NULL sd Signed-off-by: David Disseldorp <ddiss@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> Reviewed-by: Volker Lendecke <vl@samba.org>
* s3-rpc_server: Remove ncalrpc_as_system from make_server_pipes_struct().Andreas Schneider2014-04-242-9/+4
| | | | | | | | Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org> Autobuild-User(master): Stefan Metzmacher <metze@samba.org> Autobuild-Date(master): Thu Apr 24 13:39:10 CEST 2014 on sn-devel-104
* s3-rpc_server: Remove ncalrpc_as_system from pipes_struct.Andreas Schneider2014-04-243-7/+3
| | | | | Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
* s3-rpc_server: Use gensec for NCALRPC_AS_SYSTEM.Andreas Schneider2014-04-241-21/+0
| | | | | Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
* s3-rpc_server: Add special tsocket address for ncalrpc_as_system.Andreas Schneider2014-04-241-0/+22
| | | | | Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
* s3:rpc_server: pass everything but AUTH_TYPE_{NONE,NCALRPC_AS_SYSTEM} to gensecStefan Metzmacher2014-04-241-31/+6
| | | | | Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
* s3-rpc_server: Call pipe_auth_verify_final() if needed.Andreas Schneider2014-04-241-0/+13
| | | | | Signed-off-by: Andreas Schneider <asn@samba.org> Signed-off-by: Stefan Metzmacher <metze@samba.org>
* s3-rpc_server: Return the status code from gensec.Andreas Schneider2014-04-242-4/+6
| | | | | | | | We need to know the difference between NT_STATUS_OK and NT_STATUS_MORE_PROCESSING_REQUIRED. Signed-off-by: Andreas Schneider <asn@samba.org> Signed-off-by: Stefan Metzmacher <metze@samba.org>
* s3:rpc_server: let auth_generic_server_step() handle gensec_security == NULLStefan Metzmacher2014-04-242-35/+16
| | | | | | | This simplifies the caller, we don't need to look at the auth_type anymore. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
* s3:rpc_server: make sure we have a unix tokenStefan Metzmacher2014-04-241-0/+5
| | | | | Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
* s3:rpc_server: handle everything but AUTH_TYPE_NONE as gensec in verify_finalStefan Metzmacher2014-04-241-15/+16
| | | | | | | | The NCALRPC_AS_SYSTEM doesn't use pipe_auth_verify_final() yet, so it's fine for now. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
* s3: srvsvc pipe - We should return WERR_BADFILE in _srvsvc_NetShareAdd if ↵Jeremy Allison2014-04-221-0/+11
| | | | | | | | | | | the path does not exist. Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Richard Sharpe <realrichardsharpe@gmail.com> Reviewed-by: David Disseldorp <ddiss@suse.de> Autobuild-User(master): Jeremy Allison <jra@samba.org> Autobuild-Date(master): Tue Apr 22 22:19:18 CEST 2014 on sn-devel-104
* s3: Use root_mode() to get uid_wrapper working correctly.Andreas Schneider2014-04-173-4/+4
| | | | | Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
* s3: rpc_server/srvsvc: count open files in NetConnEnumShekhar Amlekar2014-04-031-11/+47
| | | | | | | | | Signed-off-by: Shekhar Amlekar <samlekar@in.ibm.com> Reviewed-by: Jeremy Allison <jra@samba.org> Reviewed-by: Christof Schmitt <cs@samba.org> Autobuild-User(master): Jeremy Allison <jra@samba.org> Autobuild-Date(master): Thu Apr 3 21:19:43 CEST 2014 on sn-devel-104
* s3: rpc_server/srvsvc: count share connections in NetConnEnumShekhar Amlekar2014-04-031-9/+45
| | | | | | Signed-off-by: Shekhar Amlekar <samlekar@in.ibm.com> Reviewed-by: Jeremy Allison <jra@samba.org> Reviewed-by: Christof Schmitt <cs@samba.org>
* s3: rpc_server/srvsvc: added routines to compute opens on share connections.Shekhar Amlekar2014-04-031-0/+49
| | | | | | | | | Added routines count_share_opens() and share_file_fn() to count opens on share connections. Signed-off-by: Shekhar Amlekar <samlekar@in.ibm.com> Reviewed-by: Jeremy Allison <jra@samba.org> Reviewed-by: Christof Schmitt <cs@samba.org>
* s3: rpc_server/srvsvc: Added routines to count share connections.Shekhar Amlekar2014-04-031-0/+64
| | | | | | | | | Added routines count_share_conns() and share_conn_fn() to count connections to a share. Signed-off-by: Shekhar Amlekar <samlekar@in.ibm.com> Reviewed-by: Jeremy Allison <jra@samba.org> Reviewed-by: Christof Schmitt <cs@samba.org>
* s3-samr: Refuse to set lockout_duration < lockout_window per ↵Andrew Bartlett2014-04-021-0/+17
| | | | | | | | | | | | rpc.samr.passwords.lockout This was not noticed previously because the test was not run. Andrew Bartlett Change-Id: I88701b6c3057ec26f44b3ccab4134ac9aabe552a Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
* s3-auth: Finally change make_user_info_*() use a parent talloc contextAndrew Bartlett2014-04-021-3/+5
| | | | | | Change-Id: Iedf516e8c24e0d18064aeedd8e287ed692d3c5b4 Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: David Disseldorp <ddiss@samba.org>
* s3:rpc_server: explicitly use allow_warnings=True for RPC_SPOOLSSStefan Metzmacher2014-04-021-0/+1
| | | | | Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* auth/gensec: remove tevent_context argument from gensec_update()Stefan Metzmacher2014-03-271-2/+2
| | | | | Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* s3-rpc_server: Fix handling of fragmented rpc requests.Andreas Schneider2014-03-201-12/+8
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | We need to call pipe_init_outgoing_data() as the first thing in process_complete_pdu(). Otherwise the caller may use uninitialized memory and tries to write a response into the socket. The problem happens only if a real socket is used, which means in all cases for master and only with external rpc daemons in v4-0 and v4-1. The problem looks like this in the logs. [2014/03/20 14:49:35.531663, 10, pid=7309, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1627(process_complete_pdu) Processing packet type 0 [2014/03/20 14:49:35.531695, 10, pid=7309, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1472(dcesrv_auth_request) Checking request auth. [2014/03/20 14:49:35.531738, 10, pid=7309, effective(0, 0), real(0, 0)] ../source3/rpc_server/rpc_server.c:521(named_pipe_packet_process) Sending 1 fragments in a total of 0 bytes [2014/03/20 14:49:35.531769, 10, pid=7309, effective(0, 0), real(0, 0)] ../source3/rpc_server/rpc_server.c:526(named_pipe_packet_process) Sending PDU number: 0, PDU Length: 4294967228 [2014/03/20 14:49:35.531801, 2, pid=7309, effective(0, 0), real(0, 0)] ../source3/rpc_server/rpc_server.c:565(named_pipe_packet_done) Writev failed! [2014/03/20 14:49:35.531845, 2, pid=7309, effective(0, 0), real(0, 0)] ../source3/rpc_server/rpc_server.c:595(named_pipe_packet_done) Fatal error(Message too long). Terminating client(127.0.0.1) connection! BUG: https://bugzilla.samba.org/show_bug.cgi?id=10481 Pair-Programmed-With: Stefan Metzmacher <metze@samba.org> Signed-off-by: Andreas Schneider <asn@cryptomilk.org> Reviewed-by: Guenther Deschner <gd@samba.org Autobuild-User(master): Günther Deschner <gd@samba.org> Autobuild-Date(master): Thu Mar 20 18:30:17 CET 2014 on sn-devel-104
* CVE-2013-4496:samr: Remove ChangePasswordUserAndrew Bartlett2014-03-131-161/+8
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This old password change mechanism does not provide the plaintext to validate against password complexity, and it is not used by modern clients. It also has quite difficult semantics to handle regarding password lockout. The missing features in both implementations (by design) were: - the password complexity checks (no plaintext) - the minimum password length (no plaintext) Additionally, the source3 version did not check: - the minimum password age - pdb_get_pass_can_change() which checks the security descriptor for the 'user cannot change password' setting. - the password history - the output of the 'passwd program' if 'unix passwd sync = yes'. Finally, the mechanism was almost useless, as it was incorrectly only made available to administrative users with permission to reset the password. It is removed here so that it is not mistakenly reinstated in the future. Andrew Bartlett Bug: https://bugzilla.samba.org/show_bug.cgi?id=10245 Change-Id: If2edd3183c177e5ff37c9511b0d0ad0dd9038c66 Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org> Reviewed-on: https://gerrit.samba.org/37
* CVE-2013-4496:s3-samr: Block attempts to crack passwords via repeated ↵Andrew Bartlett2014-03-132-16/+129
| | | | | | | | | | | | | | password changes Bug: https://bugzilla.samba.org/show_bug.cgi?id=10245 Change-Id: Ic31774275f07e003e7c2682a856ccb2d5a7939de Signed-off-by: Andrew Bartlett <abartlet@samba.org> Signed-off-by: Stefan Metzmacher <metze@samba.org> Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> Reviewed-on: https://gerrit.samba.org/162
* rpc_server: change unsupported pipe errorDavid Disseldorp2014-03-051-3/+2
| | | | | | | | | | | | | | | smbd currently prints the following level 0 error when a client attempts to connect to an unsupported named pipe (e.g. browser): ERROR! 'browser' is not a registred pipe This change reduces the severity of the error (0->2) and fixes a couple of typos. Signed-off-by: David Disseldorp <ddiss@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org> Autobuild-User(master): David Disseldorp <ddiss@samba.org> Autobuild-Date(master): Wed Mar 5 16:31:42 CET 2014 on sn-devel-104
* s3-auth: Pass mem_ctx to auth_check_ntlm_password().Andreas Schneider2014-02-191-2/+4
| | | | | | | | | | Coverity-Id: 1168009 BUG: https://bugzilla.samba.org/show_bug.cgi?id=8598 Signed-off-by: Andreas Schneider <asn@samba.org> Change-Id: Ie01674561a6a75239a13918d3190c2f21c3efc7a Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* s3: printing: Fix problem with server taking too long to respond to a ↵Jeremy Allison2014-02-181-0/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | MSG_PRINTER_DRVUPGRADE message. Receiving a MSG_PRINTER_DRVUPGRADE causes smbd to iterate over all printers looking for ones that uses the driver. This is a very expensive operation requiring a read of all registry printer parameters. On a system with a large number of printers, this causes the clients to timeout (smbd can take longer than 60 seconds to respond). This patch fixes the problem by forwarding the MSG_PRINTER_DRVUPGRADE to the background lpq queue updater process and allowing it to take care of the updating of the changeid in the registry, allowing the smbd connected to the client to return to processing requests immediately. https://bugzilla.samba.org/show_bug.cgi?id=9942 Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org> Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org> Autobuild-Date(master): Tue Feb 18 17:48:30 CET 2014 on sn-devel-104
* s3:srv_epmapper: make use of dcerpc_binding_get_abstract_syntax()Stefan Metzmacher2014-02-131-1/+1
| | | | | Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Guenther Deschner <gd@samba.org>
* s3:srv_epmapper: make use of dcerpc_binding_*() functions in build_ep_list()Stefan Metzmacher2014-02-131-6/+34
| | | | | Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Guenther Deschner <gd@samba.org>
generated by cgit (git 2.34.1) at 2025-09-26 23:35:43 +0000