[SCM] Samba Shared Repository - branch master updated

Stefan Metzmacher metze at samba.org
Mon Sep 29 02:52:04 MDT 2014


The branch, master has been updated
       via  f3ce6b4 s3:net_rpc_printer: make use of cli_credentials_get_username()
       via  ceb2625 lib/util: Do not duplicate the protocol list, use smb_constants.h
       via  8280bc5 lib/param: set the kccsrv:samba_kcc option to false by default
      from  a59b00d s3-winbindd: Require SMB signing by default to disrupt MITM attacks with our DC

http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master


- Log -----------------------------------------------------------------
commit f3ce6b4d35f6e24fdbc6b6231e6d845eac87657c
Author: Stefan Metzmacher <metze at samba.org>
Date:   Fri Sep 26 03:12:14 2014 +0200

    s3:net_rpc_printer: make use of cli_credentials_get_username()
    
    Signed-off-by: Stefan Metzmacher <metze at samba.org>
    Reviewed-by: Andrew Bartlett <abartlet at samba.org>
    Reviewed-by: Günther Deschner <gd at samba.org>
    
    Autobuild-User(master): Stefan Metzmacher <metze at samba.org>
    Autobuild-Date(master): Mon Sep 29 10:51:37 CEST 2014 on sn-devel-104

commit ceb26257dd02dc5d4aad06be01e913feade35dac
Author: Andrew Bartlett <abartlet at samba.org>
Date:   Tue Sep 23 14:05:43 2014 -0700

    lib/util: Do not duplicate the protocol list, use smb_constants.h
    
    This avoids the two lists getting out of sync, and only applies to a Samba build due to the surrounding #ifdef
    
    Andrew Bartlett
    
    Signed-off-by: Andrew Bartlett <abartlet at samba.org>
    Reviewed-by: Stefan Metzmacher <metze at samba.org>

commit 8280bc5092242d222e3b169bacd901478d196408
Author: Stefan Metzmacher <metze at samba.org>
Date:   Fri Sep 26 00:49:37 2014 +0200

    lib/param: set the kccsrv:samba_kcc option to false by default
    
    Bug: https://bugzilla.samba.org/show_bug.cgi?id=10697
    
    Signed-off-by: Stefan Metzmacher <metze at samba.org>
    Reviewed-by: Andrew Bartlett <abartlet at samba.org>

-----------------------------------------------------------------------

Summary of changes:
 ctdb/lib/util/util.h            |   12 +-----------
 lib/param/loadparm.c            |    2 +-
 source3/utils/net_rpc_printer.c |   32 +++++++++++++-------------------
 3 files changed, 15 insertions(+), 31 deletions(-)


Changeset truncated at 500 lines:

diff --git a/ctdb/lib/util/util.h b/ctdb/lib/util/util.h
index 33f46bd..c7734d1 100644
--- a/ctdb/lib/util/util.h
+++ b/ctdb/lib/util/util.h
@@ -485,17 +485,7 @@ _PUBLIC_ int sys_fsusage(const char *path, uint64_t *dfree, uint64_t *dsize);
  */
 
 #if _SAMBA_BUILD_ == 4
-/* protocol types. It assumes that higher protocols include lower protocols
-   as subsets. FIXME: Move to one of the smb-specific headers */
-enum protocol_types {
-	PROTOCOL_NONE,
-	PROTOCOL_CORE,
-	PROTOCOL_COREPLUS,
-	PROTOCOL_LANMAN1,
-	PROTOCOL_LANMAN2,
-	PROTOCOL_NT1,
-	PROTOCOL_SMB2
-};
+#include "libcli/smb/smb_constants.h"
 
 int ms_fnmatch(const char *pattern, const char *string, enum protocol_types protocol);
 
diff --git a/lib/param/loadparm.c b/lib/param/loadparm.c
index 4154260..7b86a1e 100644
--- a/lib/param/loadparm.c
+++ b/lib/param/loadparm.c
@@ -2432,7 +2432,7 @@ struct loadparm_context *loadparm_init(TALLOC_CTX *mem_ctx)
 
 	lpcfg_do_global_parameter(lp_ctx, "dcerpc endpoint servers", "epmapper wkssvc rpcecho samr netlogon lsarpc spoolss drsuapi dssetup unixinfo browser eventlog6 backupkey dnsserver");
 	lpcfg_do_global_parameter(lp_ctx, "server services", "s3fs rpc nbt wrepl ldap cldap kdc drepl winbindd ntp_signd kcc dnsupdate dns");
-	lpcfg_do_global_parameter(lp_ctx, "kccsrv:samba_kcc", "true");
+	lpcfg_do_global_parameter(lp_ctx, "kccsrv:samba_kcc", "false");
 	/* the winbind method for domain controllers is for both RODC
 	   auth forwarding and for trusted domains */
 	lpcfg_do_global_parameter(lp_ctx, "private dir", dyn_PRIVATE_DIR);
diff --git a/source3/utils/net_rpc_printer.c b/source3/utils/net_rpc_printer.c
index 8b5ea61..242235b 100644
--- a/source3/utils/net_rpc_printer.c
+++ b/source3/utils/net_rpc_printer.c
@@ -706,9 +706,10 @@ static bool net_spoolss_open_printer_ex(struct rpc_pipe_client *pipe_hnd,
 					TALLOC_CTX *mem_ctx,
 					const char *printername,
 					uint32_t access_required,
-					const char *username,
 					struct policy_handle *hnd)
 {
+	struct cli_credentials *creds = gensec_get_credentials(pipe_hnd->auth->auth_ctx);
+	const char *username = cli_credentials_get_username(creds);
 	WERROR result;
 	fstring printername2;
 
@@ -1122,7 +1123,6 @@ static bool get_printer_info(struct rpc_pipe_client *pipe_hnd,
 {
 	struct dcerpc_binding_handle *b = pipe_hnd->binding_handle;
 	struct policy_handle hnd;
-	struct cli_credentials *creds = gensec_get_credentials(pipe_hnd->auth->auth_ctx);
 	WERROR werr;
 
 	/* no arguments given, enumerate all printers */
@@ -1139,7 +1139,6 @@ static bool get_printer_info(struct rpc_pipe_client *pipe_hnd,
 	/* argument given, get a single printer by name */
 	if (!net_spoolss_open_printer_ex(pipe_hnd, mem_ctx, argv[0],
 					 MAXIMUM_ALLOWED_ACCESS,
-					 cli_credentials_get_username(creds),
 					 &hnd))
 		return false;
 
@@ -1318,8 +1317,6 @@ static NTSTATUS rpc_printer_publish_internals_args(struct rpc_pipe_client *pipe_
 	struct policy_handle hnd = { 0, };
 	WERROR result;
 	const char *action_str;
-	struct cli_credentials *creds = gensec_get_credentials(pipe_hnd->auth->auth_ctx);
-	const char *username = cli_credentials_get_username(creds);
 
 	if (!get_printer_info(pipe_hnd, mem_ctx, 2, argc, argv, &num_printers, &info_enum))
 		return nt_status;
@@ -1335,7 +1332,7 @@ static NTSTATUS rpc_printer_publish_internals_args(struct rpc_pipe_client *pipe_
 
 		/* open printer handle */
 		if (!net_spoolss_open_printer_ex(pipe_hnd, mem_ctx, sharename,
-			PRINTER_ALL_ACCESS, username, &hnd))
+			PRINTER_ALL_ACCESS, &hnd))
 			goto done;
 
 		/* check for existing dst printer */
@@ -1492,7 +1489,7 @@ NTSTATUS rpc_printer_publish_list_internals(struct net_context *c,
 
 		/* open printer handle */
 		if (!net_spoolss_open_printer_ex(pipe_hnd, mem_ctx, sharename,
-			PRINTER_ALL_ACCESS, cli->user_name, &hnd))
+			PRINTER_ALL_ACCESS, &hnd))
 			goto done;
 
 		/* check for existing dst printer */
@@ -1628,12 +1625,12 @@ NTSTATUS rpc_printer_migrate_security_internals(struct net_context *c,
 
 		/* open src printer handle */
 		if (!net_spoolss_open_printer_ex(pipe_hnd, mem_ctx, sharename,
-			MAXIMUM_ALLOWED_ACCESS, cli->user_name, &hnd_src))
+			MAXIMUM_ALLOWED_ACCESS, &hnd_src))
 			goto done;
 
 		/* open dst printer handle */
 		if (!net_spoolss_open_printer_ex(pipe_hnd_dst, mem_ctx, sharename,
-			PRINTER_ALL_ACCESS, cli_dst->user_name, &hnd_dst))
+			PRINTER_ALL_ACCESS, &hnd_dst))
 			goto done;
 
 		/* check for existing dst printer */
@@ -1784,12 +1781,12 @@ NTSTATUS rpc_printer_migrate_forms_internals(struct net_context *c,
 
 		/* open src printer handle */
 		if (!net_spoolss_open_printer_ex(pipe_hnd, mem_ctx, sharename,
-			MAXIMUM_ALLOWED_ACCESS, cli->user_name, &hnd_src))
+			MAXIMUM_ALLOWED_ACCESS, &hnd_src))
 			goto done;
 
 		/* open dst printer handle */
 		if (!net_spoolss_open_printer_ex(pipe_hnd_dst, mem_ctx, sharename,
-			PRINTER_ALL_ACCESS, cli->user_name, &hnd_dst))
+			PRINTER_ALL_ACCESS, &hnd_dst))
 			goto done;
 
 		/* check for existing dst printer */
@@ -1917,8 +1914,6 @@ NTSTATUS rpc_printer_migrate_drivers_internals(struct net_context *c,
 	struct cli_state *cli_share_src = NULL;
 	struct cli_state *cli_share_dst = NULL;
 	const char *drivername = NULL;
-	struct cli_credentials *creds = gensec_get_credentials(pipe_hnd->auth->auth_ctx);
-	const char *username = cli_credentials_get_username(creds);
 	WERROR werr;
 
 	DEBUG(3,("copying printer-drivers\n"));
@@ -1986,7 +1981,7 @@ NTSTATUS rpc_printer_migrate_drivers_internals(struct net_context *c,
 
 		/* open dst printer handle */
 		if (!net_spoolss_open_printer_ex(pipe_hnd_dst, mem_ctx, sharename,
-			PRINTER_ALL_ACCESS, cli->user_name, &hnd_dst))
+			PRINTER_ALL_ACCESS, &hnd_dst))
 			goto done;
 
 		/* check for existing dst printer */
@@ -1997,7 +1992,6 @@ NTSTATUS rpc_printer_migrate_drivers_internals(struct net_context *c,
 		/* open src printer handle */
 		if (!net_spoolss_open_printer_ex(pipe_hnd, mem_ctx, sharename,
 						 MAXIMUM_ALLOWED_ACCESS,
-						 username,
 						 &hnd_src))
 			goto done;
 
@@ -2183,7 +2177,7 @@ NTSTATUS rpc_printer_migrate_printers_internals(struct net_context *c,
 
 		/* open dst printer handle */
 		if (!net_spoolss_open_printer_ex(pipe_hnd_dst, mem_ctx, sharename,
-			PRINTER_ALL_ACCESS, cli->user_name, &hnd_dst)) {
+			PRINTER_ALL_ACCESS, &hnd_dst)) {
 
 			DEBUG(1,("could not open printer: %s\n", sharename));
 		}
@@ -2205,7 +2199,7 @@ NTSTATUS rpc_printer_migrate_printers_internals(struct net_context *c,
 
 		/* open src printer handle */
 		if (!net_spoolss_open_printer_ex(pipe_hnd, mem_ctx, sharename,
-			MAXIMUM_ALLOWED_ACCESS, cli->user_name, &hnd_src))
+			MAXIMUM_ALLOWED_ACCESS, &hnd_src))
 			goto done;
 
 		/* getprinter on the src server */
@@ -2370,12 +2364,12 @@ NTSTATUS rpc_printer_migrate_settings_internals(struct net_context *c,
 
 		/* open src printer handle */
 		if (!net_spoolss_open_printer_ex(pipe_hnd, mem_ctx, sharename,
-			MAXIMUM_ALLOWED_ACCESS, cli->user_name, &hnd_src))
+			MAXIMUM_ALLOWED_ACCESS, &hnd_src))
 			goto done;
 
 		/* open dst printer handle */
 		if (!net_spoolss_open_printer_ex(pipe_hnd_dst, mem_ctx, sharename,
-			PRINTER_ALL_ACCESS, cli_dst->user_name, &hnd_dst))
+			PRINTER_ALL_ACCESS, &hnd_dst))
 			goto done;
 
 		/* check for existing dst printer */


-- 
Samba Shared Repository


More information about the samba-cvs mailing list