The branch, master has been updated
via f3ce6b4 s3:net_rpc_printer: make use of
cli_credentials_get_username()
via ceb2625 lib/util: Do not duplicate the protocol list, use
smb_constants.h
via 8280bc5 lib/param: set the kccsrv:samba_kcc option to false by
default
from a59b00d s3-winbindd: Require SMB signing by default to disrupt MITM
attacks with our DC
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit f3ce6b4d35f6e24fdbc6b6231e6d845eac87657c
Author: Stefan Metzmacher <me...@samba.org>
Date: Fri Sep 26 03:12:14 2014 +0200
s3:net_rpc_printer: make use of cli_credentials_get_username()
Signed-off-by: Stefan Metzmacher <me...@samba.org>
Reviewed-by: Andrew Bartlett <abart...@samba.org>
Reviewed-by: Günther Deschner <g...@samba.org>
Autobuild-User(master): Stefan Metzmacher <me...@samba.org>
Autobuild-Date(master): Mon Sep 29 10:51:37 CEST 2014 on sn-devel-104
commit ceb26257dd02dc5d4aad06be01e913feade35dac
Author: Andrew Bartlett <abart...@samba.org>
Date: Tue Sep 23 14:05:43 2014 -0700
lib/util: Do not duplicate the protocol list, use smb_constants.h
This avoids the two lists getting out of sync, and only applies to a Samba
build due to the surrounding #ifdef
Andrew Bartlett
Signed-off-by: Andrew Bartlett <abart...@samba.org>
Reviewed-by: Stefan Metzmacher <me...@samba.org>
commit 8280bc5092242d222e3b169bacd901478d196408
Author: Stefan Metzmacher <me...@samba.org>
Date: Fri Sep 26 00:49:37 2014 +0200
lib/param: set the kccsrv:samba_kcc option to false by default
Bug: https://bugzilla.samba.org/show_bug.cgi?id=10697
Signed-off-by: Stefan Metzmacher <me...@samba.org>
Reviewed-by: Andrew Bartlett <abart...@samba.org>
-----------------------------------------------------------------------
Summary of changes:
ctdb/lib/util/util.h | 12 +-----------
lib/param/loadparm.c | 2 +-
source3/utils/net_rpc_printer.c | 32 +++++++++++++-------------------
3 files changed, 15 insertions(+), 31 deletions(-)
Changeset truncated at 500 lines:
diff --git a/ctdb/lib/util/util.h b/ctdb/lib/util/util.h
index 33f46bd..c7734d1 100644
--- a/ctdb/lib/util/util.h
+++ b/ctdb/lib/util/util.h
@@ -485,17 +485,7 @@ _PUBLIC_ int sys_fsusage(const char *path, uint64_t
*dfree, uint64_t *dsize);
*/
#if _SAMBA_BUILD_ == 4
-/* protocol types. It assumes that higher protocols include lower protocols
- as subsets. FIXME: Move to one of the smb-specific headers */
-enum protocol_types {
- PROTOCOL_NONE,
- PROTOCOL_CORE,
- PROTOCOL_COREPLUS,
- PROTOCOL_LANMAN1,
- PROTOCOL_LANMAN2,
- PROTOCOL_NT1,
- PROTOCOL_SMB2
-};
+#include "libcli/smb/smb_constants.h"
int ms_fnmatch(const char *pattern, const char *string, enum protocol_types
protocol);
diff --git a/lib/param/loadparm.c b/lib/param/loadparm.c
index 4154260..7b86a1e 100644
--- a/lib/param/loadparm.c
+++ b/lib/param/loadparm.c
@@ -2432,7 +2432,7 @@ struct loadparm_context *loadparm_init(TALLOC_CTX
*mem_ctx)
lpcfg_do_global_parameter(lp_ctx, "dcerpc endpoint servers", "epmapper
wkssvc rpcecho samr netlogon lsarpc spoolss drsuapi dssetup unixinfo browser
eventlog6 backupkey dnsserver");
lpcfg_do_global_parameter(lp_ctx, "server services", "s3fs rpc nbt
wrepl ldap cldap kdc drepl winbindd ntp_signd kcc dnsupdate dns");
- lpcfg_do_global_parameter(lp_ctx, "kccsrv:samba_kcc", "true");
+ lpcfg_do_global_parameter(lp_ctx, "kccsrv:samba_kcc", "false");
/* the winbind method for domain controllers is for both RODC
auth forwarding and for trusted domains */
lpcfg_do_global_parameter(lp_ctx, "private dir", dyn_PRIVATE_DIR);
diff --git a/source3/utils/net_rpc_printer.c b/source3/utils/net_rpc_printer.c
index 8b5ea61..242235b 100644
--- a/source3/utils/net_rpc_printer.c
+++ b/source3/utils/net_rpc_printer.c
@@ -706,9 +706,10 @@ static bool net_spoolss_open_printer_ex(struct
rpc_pipe_client *pipe_hnd,
TALLOC_CTX *mem_ctx,
const char *printername,
uint32_t access_required,
- const char *username,
struct policy_handle *hnd)
{
+ struct cli_credentials *creds =
gensec_get_credentials(pipe_hnd->auth->auth_ctx);
+ const char *username = cli_credentials_get_username(creds);
WERROR result;
fstring printername2;
@@ -1122,7 +1123,6 @@ static bool get_printer_info(struct rpc_pipe_client
*pipe_hnd,
{
struct dcerpc_binding_handle *b = pipe_hnd->binding_handle;
struct policy_handle hnd;
- struct cli_credentials *creds =
gensec_get_credentials(pipe_hnd->auth->auth_ctx);
WERROR werr;
/* no arguments given, enumerate all printers */
@@ -1139,7 +1139,6 @@ static bool get_printer_info(struct rpc_pipe_client
*pipe_hnd,
/* argument given, get a single printer by name */
if (!net_spoolss_open_printer_ex(pipe_hnd, mem_ctx, argv[0],
MAXIMUM_ALLOWED_ACCESS,
- cli_credentials_get_username(creds),
&hnd))
return false;
@@ -1318,8 +1317,6 @@ static NTSTATUS rpc_printer_publish_internals_args(struct
rpc_pipe_client *pipe_
struct policy_handle hnd = { 0, };
WERROR result;
const char *action_str;
- struct cli_credentials *creds =
gensec_get_credentials(pipe_hnd->auth->auth_ctx);
- const char *username = cli_credentials_get_username(creds);
if (!get_printer_info(pipe_hnd, mem_ctx, 2, argc, argv, &num_printers,
&info_enum))
return nt_status;
@@ -1335,7 +1332,7 @@ static NTSTATUS rpc_printer_publish_internals_args(struct
rpc_pipe_client *pipe_
/* open printer handle */
if (!net_spoolss_open_printer_ex(pipe_hnd, mem_ctx, sharename,
- PRINTER_ALL_ACCESS, username, &hnd))
+ PRINTER_ALL_ACCESS, &hnd))
goto done;
/* check for existing dst printer */
@@ -1492,7 +1489,7 @@ NTSTATUS rpc_printer_publish_list_internals(struct
net_context *c,
/* open printer handle */
if (!net_spoolss_open_printer_ex(pipe_hnd, mem_ctx, sharename,
- PRINTER_ALL_ACCESS, cli->user_name, &hnd))
+ PRINTER_ALL_ACCESS, &hnd))
goto done;
/* check for existing dst printer */
@@ -1628,12 +1625,12 @@ NTSTATUS rpc_printer_migrate_security_internals(struct
net_context *c,
/* open src printer handle */
if (!net_spoolss_open_printer_ex(pipe_hnd, mem_ctx, sharename,
- MAXIMUM_ALLOWED_ACCESS, cli->user_name, &hnd_src))
+ MAXIMUM_ALLOWED_ACCESS, &hnd_src))
goto done;
/* open dst printer handle */
if (!net_spoolss_open_printer_ex(pipe_hnd_dst, mem_ctx,
sharename,
- PRINTER_ALL_ACCESS, cli_dst->user_name, &hnd_dst))
+ PRINTER_ALL_ACCESS, &hnd_dst))
goto done;
/* check for existing dst printer */
@@ -1784,12 +1781,12 @@ NTSTATUS rpc_printer_migrate_forms_internals(struct
net_context *c,
/* open src printer handle */
if (!net_spoolss_open_printer_ex(pipe_hnd, mem_ctx, sharename,
- MAXIMUM_ALLOWED_ACCESS, cli->user_name, &hnd_src))
+ MAXIMUM_ALLOWED_ACCESS, &hnd_src))
goto done;
/* open dst printer handle */
if (!net_spoolss_open_printer_ex(pipe_hnd_dst, mem_ctx,
sharename,
- PRINTER_ALL_ACCESS, cli->user_name, &hnd_dst))
+ PRINTER_ALL_ACCESS, &hnd_dst))
goto done;
/* check for existing dst printer */
@@ -1917,8 +1914,6 @@ NTSTATUS rpc_printer_migrate_drivers_internals(struct
net_context *c,
struct cli_state *cli_share_src = NULL;
struct cli_state *cli_share_dst = NULL;
const char *drivername = NULL;
- struct cli_credentials *creds =
gensec_get_credentials(pipe_hnd->auth->auth_ctx);
- const char *username = cli_credentials_get_username(creds);
WERROR werr;
DEBUG(3,("copying printer-drivers\n"));
@@ -1986,7 +1981,7 @@ NTSTATUS rpc_printer_migrate_drivers_internals(struct
net_context *c,
/* open dst printer handle */
if (!net_spoolss_open_printer_ex(pipe_hnd_dst, mem_ctx,
sharename,
- PRINTER_ALL_ACCESS, cli->user_name, &hnd_dst))
+ PRINTER_ALL_ACCESS, &hnd_dst))
goto done;
/* check for existing dst printer */
@@ -1997,7 +1992,6 @@ NTSTATUS rpc_printer_migrate_drivers_internals(struct
net_context *c,
/* open src printer handle */
if (!net_spoolss_open_printer_ex(pipe_hnd, mem_ctx, sharename,
MAXIMUM_ALLOWED_ACCESS,
- username,
&hnd_src))
goto done;
@@ -2183,7 +2177,7 @@ NTSTATUS rpc_printer_migrate_printers_internals(struct
net_context *c,
/* open dst printer handle */
if (!net_spoolss_open_printer_ex(pipe_hnd_dst, mem_ctx,
sharename,
- PRINTER_ALL_ACCESS, cli->user_name, &hnd_dst)) {
+ PRINTER_ALL_ACCESS, &hnd_dst)) {
DEBUG(1,("could not open printer: %s\n", sharename));
}
@@ -2205,7 +2199,7 @@ NTSTATUS rpc_printer_migrate_printers_internals(struct
net_context *c,
/* open src printer handle */
if (!net_spoolss_open_printer_ex(pipe_hnd, mem_ctx, sharename,
- MAXIMUM_ALLOWED_ACCESS, cli->user_name, &hnd_src))
+ MAXIMUM_ALLOWED_ACCESS, &hnd_src))
goto done;
/* getprinter on the src server */
@@ -2370,12 +2364,12 @@ NTSTATUS rpc_printer_migrate_settings_internals(struct
net_context *c,
/* open src printer handle */
if (!net_spoolss_open_printer_ex(pipe_hnd, mem_ctx, sharename,
- MAXIMUM_ALLOWED_ACCESS, cli->user_name, &hnd_src))
+ MAXIMUM_ALLOWED_ACCESS, &hnd_src))
goto done;
/* open dst printer handle */
if (!net_spoolss_open_printer_ex(pipe_hnd_dst, mem_ctx,
sharename,
- PRINTER_ALL_ACCESS, cli_dst->user_name, &hnd_dst))
+ PRINTER_ALL_ACCESS, &hnd_dst))
goto done;
/* check for existing dst printer */
--
Samba Shared Repository
