summaryrefslogtreecommitdiffstats
path: root/source3/rpc_server
Commit message (Collapse)AuthorAgeFilesLines
* s3-rpc_server: Use C99 types in rpc_pipes.hAndrew Bartlett2014-06-041-4/+4
| | | | | | | | | Change-Id: Ic282f02f421870ff8a8623005979f8a034902d88 Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org> Autobuild-User(master): Andrew Bartlett <abartlet@samba.org> Autobuild-Date(master): Wed Jun 4 05:48:29 CEST 2014 on sn-devel-104
* s3-rpc_server: Give log messages on failureAndrew Bartlett2014-06-041-0/+2
| | | | | | Change-Id: I240d58fdf71bbab42d1ffb63bb52b9650fd4bd85 Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
* s3/rpc_server/lsa: replace dup_sec_desc() usageDavid Disseldorp2014-05-281-3/+3
| | | | | | | | | Use security_descriptor_copy() instead, which is also provided by libcli. Signed-off-by: David Disseldorp <ddiss@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> Reviewed-by: Volker Lendecke <vl@samba.org>
* s3/rpc_server/spoolss: replace dup_sec_desc() usageDavid Disseldorp2014-05-281-4/+14
| | | | | | | | | Use security_descriptor_copy() instead, which is also provided by libcli. Signed-off-by: David Disseldorp <ddiss@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> Reviewed-by: Volker Lendecke <vl@samba.org>
* s3/rpc_server/spoolss: remove SETUP_SPOOLSS_NOTIFY_DATA_SECDESCDavid Disseldorp2014-05-281-9/+3
| | | | | | | | | | The macro is only used once, and is broken in two ways: - it relies on an externally defined mem_ctx - _data->data.sd.sd_size is set zero twice for a NULL sd Signed-off-by: David Disseldorp <ddiss@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> Reviewed-by: Volker Lendecke <vl@samba.org>
* s3-rpc_server: Remove ncalrpc_as_system from make_server_pipes_struct().Andreas Schneider2014-04-242-9/+4
| | | | | | | | Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org> Autobuild-User(master): Stefan Metzmacher <metze@samba.org> Autobuild-Date(master): Thu Apr 24 13:39:10 CEST 2014 on sn-devel-104
* s3-rpc_server: Remove ncalrpc_as_system from pipes_struct.Andreas Schneider2014-04-243-7/+3
| | | | | Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
* s3-rpc_server: Use gensec for NCALRPC_AS_SYSTEM.Andreas Schneider2014-04-241-21/+0
| | | | | Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
* s3-rpc_server: Add special tsocket address for ncalrpc_as_system.Andreas Schneider2014-04-241-0/+22
| | | | | Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
* s3:rpc_server: pass everything but AUTH_TYPE_{NONE,NCALRPC_AS_SYSTEM} to gensecStefan Metzmacher2014-04-241-31/+6
| | | | | Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
* s3-rpc_server: Call pipe_auth_verify_final() if needed.Andreas Schneider2014-04-241-0/+13
| | | | | Signed-off-by: Andreas Schneider <asn@samba.org> Signed-off-by: Stefan Metzmacher <metze@samba.org>
* s3-rpc_server: Return the status code from gensec.Andreas Schneider2014-04-242-4/+6
| | | | | | | | We need to know the difference between NT_STATUS_OK and NT_STATUS_MORE_PROCESSING_REQUIRED. Signed-off-by: Andreas Schneider <asn@samba.org> Signed-off-by: Stefan Metzmacher <metze@samba.org>
* s3:rpc_server: let auth_generic_server_step() handle gensec_security == NULLStefan Metzmacher2014-04-242-35/+16
| | | | | | | This simplifies the caller, we don't need to look at the auth_type anymore. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
* s3:rpc_server: make sure we have a unix tokenStefan Metzmacher2014-04-241-0/+5
| | | | | Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
* s3:rpc_server: handle everything but AUTH_TYPE_NONE as gensec in verify_finalStefan Metzmacher2014-04-241-15/+16
| | | | | | | | The NCALRPC_AS_SYSTEM doesn't use pipe_auth_verify_final() yet, so it's fine for now. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
* s3: srvsvc pipe - We should return WERR_BADFILE in _srvsvc_NetShareAdd if ↵Jeremy Allison2014-04-221-0/+11
| | | | | | | | | | | the path does not exist. Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Richard Sharpe <realrichardsharpe@gmail.com> Reviewed-by: David Disseldorp <ddiss@suse.de> Autobuild-User(master): Jeremy Allison <jra@samba.org> Autobuild-Date(master): Tue Apr 22 22:19:18 CEST 2014 on sn-devel-104
* s3: Use root_mode() to get uid_wrapper working correctly.Andreas Schneider2014-04-173-4/+4
| | | | | Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
* s3: rpc_server/srvsvc: count open files in NetConnEnumShekhar Amlekar2014-04-031-11/+47
| | | | | | | | | Signed-off-by: Shekhar Amlekar <samlekar@in.ibm.com> Reviewed-by: Jeremy Allison <jra@samba.org> Reviewed-by: Christof Schmitt <cs@samba.org> Autobuild-User(master): Jeremy Allison <jra@samba.org> Autobuild-Date(master): Thu Apr 3 21:19:43 CEST 2014 on sn-devel-104
* s3: rpc_server/srvsvc: count share connections in NetConnEnumShekhar Amlekar2014-04-031-9/+45
| | | | | | Signed-off-by: Shekhar Amlekar <samlekar@in.ibm.com> Reviewed-by: Jeremy Allison <jra@samba.org> Reviewed-by: Christof Schmitt <cs@samba.org>
* s3: rpc_server/srvsvc: added routines to compute opens on share connections.Shekhar Amlekar2014-04-031-0/+49
| | | | | | | | | Added routines count_share_opens() and share_file_fn() to count opens on share connections. Signed-off-by: Shekhar Amlekar <samlekar@in.ibm.com> Reviewed-by: Jeremy Allison <jra@samba.org> Reviewed-by: Christof Schmitt <cs@samba.org>
* s3: rpc_server/srvsvc: Added routines to count share connections.Shekhar Amlekar2014-04-031-0/+64
| | | | | | | | | Added routines count_share_conns() and share_conn_fn() to count connections to a share. Signed-off-by: Shekhar Amlekar <samlekar@in.ibm.com> Reviewed-by: Jeremy Allison <jra@samba.org> Reviewed-by: Christof Schmitt <cs@samba.org>
* s3-samr: Refuse to set lockout_duration < lockout_window per ↵Andrew Bartlett2014-04-021-0/+17
| | | | | | | | | | | | rpc.samr.passwords.lockout This was not noticed previously because the test was not run. Andrew Bartlett Change-Id: I88701b6c3057ec26f44b3ccab4134ac9aabe552a Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
* s3-auth: Finally change make_user_info_*() use a parent talloc contextAndrew Bartlett2014-04-021-3/+5
| | | | | | Change-Id: Iedf516e8c24e0d18064aeedd8e287ed692d3c5b4 Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: David Disseldorp <ddiss@samba.org>
* s3:rpc_server: explicitly use allow_warnings=True for RPC_SPOOLSSStefan Metzmacher2014-04-021-0/+1
| | | | | Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* auth/gensec: remove tevent_context argument from gensec_update()Stefan Metzmacher2014-03-271-2/+2
| | | | | Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* s3-rpc_server: Fix handling of fragmented rpc requests.Andreas Schneider2014-03-201-12/+8
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | We need to call pipe_init_outgoing_data() as the first thing in process_complete_pdu(). Otherwise the caller may use uninitialized memory and tries to write a response into the socket. The problem happens only if a real socket is used, which means in all cases for master and only with external rpc daemons in v4-0 and v4-1. The problem looks like this in the logs. [2014/03/20 14:49:35.531663, 10, pid=7309, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1627(process_complete_pdu) Processing packet type 0 [2014/03/20 14:49:35.531695, 10, pid=7309, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1472(dcesrv_auth_request) Checking request auth. [2014/03/20 14:49:35.531738, 10, pid=7309, effective(0, 0), real(0, 0)] ../source3/rpc_server/rpc_server.c:521(named_pipe_packet_process) Sending 1 fragments in a total of 0 bytes [2014/03/20 14:49:35.531769, 10, pid=7309, effective(0, 0), real(0, 0)] ../source3/rpc_server/rpc_server.c:526(named_pipe_packet_process) Sending PDU number: 0, PDU Length: 4294967228 [2014/03/20 14:49:35.531801, 2, pid=7309, effective(0, 0), real(0, 0)] ../source3/rpc_server/rpc_server.c:565(named_pipe_packet_done) Writev failed! [2014/03/20 14:49:35.531845, 2, pid=7309, effective(0, 0), real(0, 0)] ../source3/rpc_server/rpc_server.c:595(named_pipe_packet_done) Fatal error(Message too long). Terminating client(127.0.0.1) connection! BUG: https://bugzilla.samba.org/show_bug.cgi?id=10481 Pair-Programmed-With: Stefan Metzmacher <metze@samba.org> Signed-off-by: Andreas Schneider <asn@cryptomilk.org> Reviewed-by: Guenther Deschner <gd@samba.org Autobuild-User(master): Günther Deschner <gd@samba.org> Autobuild-Date(master): Thu Mar 20 18:30:17 CET 2014 on sn-devel-104
* CVE-2013-4496:samr: Remove ChangePasswordUserAndrew Bartlett2014-03-131-161/+8
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This old password change mechanism does not provide the plaintext to validate against password complexity, and it is not used by modern clients. It also has quite difficult semantics to handle regarding password lockout. The missing features in both implementations (by design) were: - the password complexity checks (no plaintext) - the minimum password length (no plaintext) Additionally, the source3 version did not check: - the minimum password age - pdb_get_pass_can_change() which checks the security descriptor for the 'user cannot change password' setting. - the password history - the output of the 'passwd program' if 'unix passwd sync = yes'. Finally, the mechanism was almost useless, as it was incorrectly only made available to administrative users with permission to reset the password. It is removed here so that it is not mistakenly reinstated in the future. Andrew Bartlett Bug: https://bugzilla.samba.org/show_bug.cgi?id=10245 Change-Id: If2edd3183c177e5ff37c9511b0d0ad0dd9038c66 Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org> Reviewed-on: https://gerrit.samba.org/37
* CVE-2013-4496:s3-samr: Block attempts to crack passwords via repeated ↵Andrew Bartlett2014-03-132-16/+129
| | | | | | | | | | | | | | password changes Bug: https://bugzilla.samba.org/show_bug.cgi?id=10245 Change-Id: Ic31774275f07e003e7c2682a856ccb2d5a7939de Signed-off-by: Andrew Bartlett <abartlet@samba.org> Signed-off-by: Stefan Metzmacher <metze@samba.org> Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> Reviewed-on: https://gerrit.samba.org/162
* rpc_server: change unsupported pipe errorDavid Disseldorp2014-03-051-3/+2
| | | | | | | | | | | | | | | smbd currently prints the following level 0 error when a client attempts to connect to an unsupported named pipe (e.g. browser): ERROR! 'browser' is not a registred pipe This change reduces the severity of the error (0->2) and fixes a couple of typos. Signed-off-by: David Disseldorp <ddiss@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org> Autobuild-User(master): David Disseldorp <ddiss@samba.org> Autobuild-Date(master): Wed Mar 5 16:31:42 CET 2014 on sn-devel-104
* s3-auth: Pass mem_ctx to auth_check_ntlm_password().Andreas Schneider2014-02-191-2/+4
| | | | | | | | | | Coverity-Id: 1168009 BUG: https://bugzilla.samba.org/show_bug.cgi?id=8598 Signed-off-by: Andreas Schneider <asn@samba.org> Change-Id: Ie01674561a6a75239a13918d3190c2f21c3efc7a Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* s3: printing: Fix problem with server taking too long to respond to a ↵Jeremy Allison2014-02-181-0/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | MSG_PRINTER_DRVUPGRADE message. Receiving a MSG_PRINTER_DRVUPGRADE causes smbd to iterate over all printers looking for ones that uses the driver. This is a very expensive operation requiring a read of all registry printer parameters. On a system with a large number of printers, this causes the clients to timeout (smbd can take longer than 60 seconds to respond). This patch fixes the problem by forwarding the MSG_PRINTER_DRVUPGRADE to the background lpq queue updater process and allowing it to take care of the updating of the changeid in the registry, allowing the smbd connected to the client to return to processing requests immediately. https://bugzilla.samba.org/show_bug.cgi?id=9942 Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org> Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org> Autobuild-Date(master): Tue Feb 18 17:48:30 CET 2014 on sn-devel-104
* s3:srv_epmapper: make use of dcerpc_binding_get_abstract_syntax()Stefan Metzmacher2014-02-131-1/+1
| | | | | Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Guenther Deschner <gd@samba.org>
* s3:srv_epmapper: make use of dcerpc_binding_*() functions in build_ep_list()Stefan Metzmacher2014-02-131-6/+34
| | | | | Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Guenther Deschner <gd@samba.org>
* s3:srv_epmapper: use dcerpc_binding_get_abstract_syntax() in _epm_Insert()Stefan Metzmacher2014-02-131-1/+1
| | | | | Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Guenther Deschner <gd@samba.org>
* s3:srv_epmapper: use dcerpc_binding_get_transport() in _epm_Insert() and ↵Stefan Metzmacher2014-02-131-2/+7
| | | | | | | _epm_Delete() Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Guenther Deschner <gd@samba.org>
* s3:srv_epmapper: make use of dcerpc_binding_*() functions in endpoints_match()Stefan Metzmacher2014-02-131-11/+26
| | | | | Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Guenther Deschner <gd@samba.org>
* s3:rpc_server: make use of dcerpc_binding_set_abstract_syntax()Stefan Metzmacher2014-02-131-1/+7
| | | | | | | This is better than accessing the dcerpc_binding internals. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Guenther Deschner <gd@samba.org>
* s3:rpc_server: make use of dcerpc_parse_binding() to create a binding.Stefan Metzmacher2014-02-131-7/+10
| | | | | | | This makes sure binding is talloc'ed. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Guenther Deschner <gd@samba.org>
* param: change fstype to use a constant stringGarming Sam2014-02-121-1/+1
| | | | | | | | Substitution isn't really necessary for this parameter. Signed-off-by: Garming Sam <garming@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Michael Adam <obnox@samba.org>
* s3:srv_epmapper: only replace ipv4 addresses in _epm_Lookup() and _epm_Map()Stefan Metzmacher2014-02-111-2/+6
| | | | | | | | The floor data for EPM_PROTOCOL_IP only handles a 4 byte ipv4 address. "0.0.0.0" is used for ipv6 and hostnames. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Guenther Deschner <gd@samba.org>
* s3:srv_epmapper: fix logic in endpoints_match()Stefan Metzmacher2014-02-111-6/+18
| | | | | Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Guenther Deschner <gd@samba.org>
* s3:rpc_server: initialize struct dcerpc_binding completelyStefan Metzmacher2014-02-111-0/+1
| | | | | Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Guenther Deschner <gd@samba.org>
* s3:rpc_server: check verification trailerGregor Beck2014-02-111-0/+44
| | | | | | Signed-off-by: Gregor Beck <gbeck@sernet.de> Reviewed-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Guenther Deschner <gd@samba.org>
* s3:rpc_server: check header of each packet fragmentGregor Beck2014-02-112-0/+14
| | | | | | Signed-off-by: Gregor Beck <gbeck@sernet.de> Reviewed-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Guenther Deschner <gd@samba.org>
* s3:rpc_server: only become the user if we have a valid context_idStefan Metzmacher2014-02-111-21/+20
| | | | | | | | Pair-Programmed-With: Gregor Beck <gbeck@sernet.de> Signed-off-by: Gregor Beck <gbeck@sernet.de> Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Guenther Deschner <gd@samba.org>
* s3:rpc_server: minor refactoring of process_request_pdu()Gregor Beck2014-02-111-15/+10
| | | | | | Signed-off-by: Gregor Beck <gbeck@sernet.de> Reviewed-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Guenther Deschner <gd@samba.org>
* param: rename lp function and variable from "ms_add_printer_wizard" to ↵Garming Sam2014-02-071-1/+1
| | | | | | | | "show_add_printer_wizard" Signed-off-by: Garming Sam <garming@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* param: rename lp function and variable from "enumports_cmd" to ↵Garming Sam2014-02-071-1/+1
| | | | | | | | "enumports_command" Signed-off-by: Garming Sam <garming@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* param: rename lp function and variable from "deleteprinter_cmd" to ↵Garming Sam2014-02-071-1/+1
| | | | | | | | "deleteprinter_command" Signed-off-by: Garming Sam <garming@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* param: rename lp function and variable from "addprinter_cmd" to ↵Garming Sam2014-02-071-3/+3
| | | | | | | | "addprinter_command" Signed-off-by: Garming Sam <garming@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
generated by cgit (git 2.34.1) at 2024-06-06 21:28:24 +0000