[SCM] Samba Shared Repository - branch master updated
Volker Lendecke
vlendec at samba.org
Fri Dec 10 14:53:02 UTC 2021
The branch, master has been updated
via ea2ec7ea5e8 WHATSNEW. Added section about samba-dcerpcd.
via 7b62fa967d0 dcesrv_core: Remove unused dcesrv_reinit_context()
via 730f7dfd615 s3:rpc_server: Delete unused code and doc references
via 9e3ee8c40c0 printing: Remove "start_daemons" from printing_subsystem_init()
via a7c65958a15 s3:rpc_server: Activate samba-dcerpcd
via d522a8cce12 s3:rpc_server: Add samba-dcerpcd helper programs
via 3fb2fd49445 s3:winbind: Close internal RPC pipes after 5 idle seconds
via a350a000f10 s3:rpc_server: Make npa_state_init() public
via a0075a1fd0e unittest: Remove test_sambafs_srv_pipe
via c2b8cf05c37 s3:printing: Move pcap_cache_loaded() to load.c
via 3aee4c171c2 smbcontrol: Add rpc-dump-status
via 188586dddde s3:rpc_client: Add rpc_pipe_open_local_np()
via d3e1ece1a45 s3:rpc_server: Implement the rpcd_* helper-end of the samba-dcerpc protocol
via 4d75f08fd22 s3:rpc_client: Add local_np_connect()
via 3ca7c640da0 s3:rpc_server: Add samba-dcerpcd
via 8ffeb18b9a1 docs-xml: Add "rpc start on demand helpers", true by default.
via a697814eba9 idl: Define messages sent between samba-dcerpcd and rpcd's
via da90c02b168 dcesrv_core: Add dcesrv_loop_next_packet()
via 95659031e45 backupkey.idl: Don't listen on \pipe
tsvcs
via 3284ee9985d dcesrv_core: Add dcesrv_context_set_callbacks()
via ebc3918f7d0 s3:rpc_client: Bump debug level for ncalrpc connect error
via f83f7bd6bdd s3:rpc_server: Remove direct registry access from svcctl_init_winreg
via a60c7b4ff29 s3:services: Disable rcinit-based service control code
via afd014245a9 test: Prime the kpasswd server
via d5fa6263948 rpc_server: Check info5->transport
via 00e41d198d2 librpc: Get transport out of tstream_npa_accept_existing_recv()
via fa445f15318 auth: Fix a typo in auth/gensec/ncalrpc.c
via 1bab76223cd librpc: Add named_pipe_auth_req_info5->transport
via 530fb4fdfb3 named_pipe_auth.idl: Add "need_idle_server"
via d1934e2331f named_pipe_auth: Bump info4 to info5
from bd98e040d4a Update WHATSNEW.txt with removal of wildcard copy, rename and unlink.
https://git.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit ea2ec7ea5e891f662278dc0fae9f87b426196f2e
Author: Jeremy Allison <jra at samba.org>
Date: Thu Sep 30 16:05:49 2021 -0700
WHATSNEW. Added section about samba-dcerpcd.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
Autobuild-User(master): Volker Lendecke <vl at samba.org>
Autobuild-Date(master): Fri Dec 10 14:52:54 UTC 2021 on sn-devel-184
commit 7b62fa967d02f771d4afa9eaeef2f6b2d9f6ccd0
Author: Volker Lendecke <vl at samba.org>
Date: Mon Sep 27 13:13:11 2021 +0200
dcesrv_core: Remove unused dcesrv_reinit_context()
This was only used in the prefork source3 rpc servers
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Samuel Cabrero <scabrero at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
commit 730f7dfd615ed9997cdf2e7e418605b28826e310
Author: Volker Lendecke <vl at samba.org>
Date: Tue Jun 8 09:10:05 2021 +0200
s3:rpc_server: Delete unused code and doc references
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Samuel Cabrero <scabrero at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
commit 9e3ee8c40c012ef6febe1737d952a744b0b14861
Author: Volker Lendecke <vl at samba.org>
Date: Sun Nov 28 20:29:26 2021 +0100
printing: Remove "start_daemons" from printing_subsystem_init()
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
commit a7c65958a15149918415b7456d6f20ee8c9669d2
Author: Volker Lendecke <vl at samba.org>
Date: Fri Jun 18 19:11:19 2021 +0200
s3:rpc_server: Activate samba-dcerpcd
This is the big switch to use samba-dcerpcd for the RPC services in
source3/. It is a pretty big and unordered patch, but I don't see a
good way to split this up into more manageable pieces without
sacrificing bisectability even more. Probably I could cut out a few
small ones, but a major architechtural switch like this will always be
messy.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Samuel Cabrero <scabrero at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
commit d522a8cce12043903ecf4f66835eb69367cdde17
Author: Volker Lendecke <vl at samba.org>
Date: Wed Apr 7 07:13:25 2021 +0000
s3:rpc_server: Add samba-dcerpcd helper programs
These are rpcd_* binaries.
rpcd_classic collects everything that's not specific
Changes the epmapper to read the epmdb.tdb, which will make the
epmapper tests non-bisectable until the switch is done.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Samuel Cabrero <scabrero at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
commit 3fb2fd49445eae8a075638d0ed18e2ca41696450
Author: Volker Lendecke <vl at samba.org>
Date: Sat Jun 19 17:06:59 2021 +0200
s3:winbind: Close internal RPC pipes after 5 idle seconds
Even internal pipes have a small cost, external ones will block a
process from exiting soon.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Samuel Cabrero <scabrero at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
commit a350a000f10ed3360fa0b1300893902db8e07231
Author: Volker Lendecke <vl at samba.org>
Date: Fri Jun 18 19:56:48 2021 +0200
s3:rpc_server: Make npa_state_init() public
Will be used later in client tools.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Samuel Cabrero <scabrero at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
commit a0075a1fd0e2cc650997562d0980982b1f9d564f
Author: Volker Lendecke <vl at samba.org>
Date: Thu Jun 17 08:31:32 2021 +0200
unittest: Remove test_sambafs_srv_pipe
is_known_pipename() will be removed soon
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Samuel Cabrero <scabrero at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
commit c2b8cf05c372c12658d6a65da7f37afce0f8655b
Author: Volker Lendecke <vl at samba.org>
Date: Wed Jun 16 08:31:56 2021 +0200
s3:printing: Move pcap_cache_loaded() to load.c
A future patch will remove the PRINTING dependency from smbd, but in
delete_and_reload_printers() we still reference it.
Maybe at some later stage we can remove reload_printers() overall, we
don't really need to load the full printer list into every smbd. All
we need is to load them on-demand for explicit listing functions, but
there we can throw them away again. And when someone connects to the
printer, we can also load them on demand.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Samuel Cabrero <scabrero at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
commit 3aee4c171c2fdb555c91f74d861d7977e4b91f06
Author: Volker Lendecke <vl at samba.org>
Date: Sun Feb 28 22:03:01 2021 +0100
smbcontrol: Add rpc-dump-status
Get status information out of samba-dcerpcd and its RPC helpers.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Samuel Cabrero <scabrero at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
commit 188586dddde933ef9dfd8e732593982a1a65e540
Author: Volker Lendecke <vl at samba.org>
Date: Wed Apr 7 07:19:27 2021 +0000
s3:rpc_client: Add rpc_pipe_open_local_np()
Helper routine to connect to bind to a locally started rpcd_* process's
rpc interface.
Based upon local_np_connect() to start samba-dcerpcd on demand if it's
not there, designed to replace our internal RPC interfaces where the
RPC server runs in the same process. This will be called from winbindd_cm.c
and source3/rpc_server/rpc_ncacn_np.c
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Samuel Cabrero <scabrero at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
commit d3e1ece1a451f9f91a2c2a4fc3169ac08c4758ba
Author: Volker Lendecke <vl at samba.org>
Date: Wed Apr 7 07:00:23 2021 +0000
s3:rpc_server: Implement the rpcd_* helper-end of the samba-dcerpc protocol
This is the generic code that becomes the
template that all rpcd_* instances that
serve DCERPC can use to provide services to samba-dcerpcd.
The external entry point is:
rpc_worker_main() which takes an argc/argv list
and two functions:
get_interfaces() - List all interfaces that this server provides
get_servers() - Provide the RPC server implementations
Each rpcd_* service needs only to provide
the implementations of get_interfaces() and get_servers()
and call rpc_worker_main() from their main() function
to provide services that can be connected to from samba-dcerpcd.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Samuel Cabrero <scabrero at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
commit 4d75f08fd22f1126a4fd616d8374de15305970b9
Author: Volker Lendecke <vl at samba.org>
Date: Wed Apr 7 07:07:50 2021 +0000
s3:rpc_client: Add local_np_connect()
This will be used for internal pipe connects. It starts samba_dcerpc
on demand if it's not there yet, so long as smb.conf [global]
has "rpc start on demand helpers = true" (the default setting).
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Samuel Cabrero <scabrero at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
commit 3ca7c640da0bd47bfa9899f0921404a42013d28d
Author: Volker Lendecke <vl at samba.org>
Date: Wed Jun 9 08:37:06 2021 +0200
s3:rpc_server: Add samba-dcerpcd
Central dispatcher for incoming RPC requests, supported by helpers
that implement RPC services.
Upon startup, it asks all helpers which interfaces and endpoints to
listen on so it doesn't interfere with the samba binary when we're
configured as an Active Directory Domain Controller, then samba-dcerpcd
opens the relevant sockets. Once clients connect, start required helpers
and tell them to shut down once idle for a while.
Can be started as a full standalone daemon without smbd involved or as
a helper daemon started on demand by smbd or winbind or other local
processes trying to connect to a named pipe based RPC service.
NB. To start as a standalone daemon the smb.conf [global] option
"rpc start on demand helpers = false" must be set.
By default "rpc start on demand helpers = true"
in order to allow upgrades without needing an smb.conf change.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Samuel Cabrero <scabrero at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
commit 8ffeb18b9a1aac87d5bcec09744c7c90f64fbdbd
Author: Jeremy Allison <jra at samba.org>
Date: Mon Oct 4 14:39:03 2021 -0700
docs-xml: Add "rpc start on demand helpers", true by default.
If "true" allow smbd and winbindd to spawn samba-dcerpcd
as a named pipe helper. Allows upgrade without any change
to smb.conf. If samba-dcerpcd is run as a daemon this
must be set to "false".
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
commit a697814eba925c0a1d7bea8210181adf370436be
Author: Volker Lendecke <vl at samba.org>
Date: Wed Jun 9 08:27:36 2021 +0200
idl: Define messages sent between samba-dcerpcd and rpcd's
MSG_RPC_DUMP_STATUS will be like pool-usage carrying a file descriptor to
report status to, the other two are described in rpc_host.idl.
NOALIGN on rpc_worker_status: This makes it easier to count bytes to
push into a static buffer.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Samuel Cabrero <scabrero at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
commit da90c02b16849038a8fce4f3ab824a41c43bfea9
Author: Volker Lendecke <vl at samba.org>
Date: Thu Jan 21 15:28:31 2021 +0100
dcesrv_core: Add dcesrv_loop_next_packet()
This is used by the helpers of samba-dcerpcd: When accepting a DCERPC
client, normally the server engine would read the initial bind
packet. In case of samba-dcerpcd the bind packet will already be read
from the socket, so we need to inject it into the rpc server engine
externally.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Samuel Cabrero <scabrero at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
commit 95659031e4519e9c9222c51737fe177eb5a56a7c
Author: Volker Lendecke <vl at samba.org>
Date: Thu Mar 4 18:53:37 2021 +0100
backupkey.idl: Don't listen on \\pipe\ntsvcs
[MS-BKRP] says it SHOULD listen here. In the ad dc, this conflicts
with smbd's srv_ntsvcs_nt.c listening also on nt ntsvcs unix domain
socket. Because "samba" starts smbd after itself, smbd takes over the
socket anyway, backupkey can't have been reached over this transport.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Samuel Cabrero <scabrero at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
commit 3284ee9985d8cc0dd2086b03acee4937fefcd5e0
Author: Volker Lendecke <vl at samba.org>
Date: Tue Feb 2 15:10:38 2021 +0100
dcesrv_core: Add dcesrv_context_set_callbacks()
We'll need to set custom callbacks on source3's global_dcesrv_ctx,
which right now is deeply embedded. Once we have everything more
nicely layered, this can go again.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Samuel Cabrero <scabrero at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
commit ebc3918f7d0704b8f08b6e7e3d50c7b0c50b9fc6
Author: Volker Lendecke <vl at samba.org>
Date: Thu Jul 8 09:48:07 2021 +0200
s3:rpc_client: Bump debug level for ncalrpc connect error
This does not have to go to syslog by default always, it might be just
a daemon not listening.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Samuel Cabrero <scabrero at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
commit f83f7bd6bdd8c8e62446d67ec59c21db31c11ba8
Author: Volker Lendecke <vl at samba.org>
Date: Sun Jun 13 07:48:01 2021 +0200
s3:rpc_server: Remove direct registry access from svcctl_init_winreg
Once we do registry access via a pipe into a different process, a
registry client won't be able to directly do registry transactions
anymore. In this case, I argue that doing this in a transactioned way
is overkill anyway. svcctl_init_winreg() just sets up some registry
keys, and if that leaves behind some stale entries if it fails
somewhere in the middle, it does not really matter because the only
one looking at these registry keys is the svcctl service, and that
only starts up if the init function was successfully run.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Samuel Cabrero <scabrero at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
commit a60c7b4ff29bc59c0d5a42f14dbe0ae4dbe26192
Author: Volker Lendecke <vl at samba.org>
Date: Mon Jun 14 07:54:55 2021 +0200
s3:services: Disable rcinit-based service control code
This is a become_root user callout that I have never seen in use in
more than 20 years of Samba. Why disable now? In the next commit I
need to make a change to initializing the registry values for
services, the svcctl service won't be able to do registry transactions
anymore. I'm not sure that going without transactions is 100% safe in
all failure cases, so I decided to propose disabling the problematic
code that might lead to security issues.
One fix might be to add a lot more validation code to
_svcctl_OpenServiceW() to see whether the registry values underlying
the service are sane.
Yes, this is technical debt, but I would question that starting unix
daemons via DCERPC used at all out there.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Samuel Cabrero <scabrero at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
commit afd014245a95f97f2bf166dad74ca9e6a58fc83b
Author: Volker Lendecke <vl at samba.org>
Date: Wed Sep 1 12:04:43 2021 +0200
test: Prime the kpasswd server
I was getting this failure:
[102(815)/143 at 10m59s] samba4.blackbox.net_ads_dns(ad_member:local)(ad_member:local)
UNEXPECTED(failure): samba4.blackbox.net_ads_dns(ad_member:local).Adding an unprivileged user(ad_member:local)
REASON: Exception: Exception: Could not add user unprivuser. Error setting password Incorrect net address
My preliminary analysis shows that the KRB5KRB_AP_ERR_BADADDR error
message is triggered by the libkrb5 client code. I have not yet shown
this to happen with pure libkrb5, but my theory is the following:
k5_privsafe_check_addrs() fails under the following circumstances: The
kpasswd server is contacted on IPv4 and is slow to reply. After
waiting a bit, libkrb5 also tries to contact kpasswd on
IPv6. kpasswd_sendto_msg_callback() for the IPv6 request changes the
authentication context's local_addr to IPv6. Then the IPv4 request is
replied to, and then k5_privsafe_check_addrs() bails on the address
family in ac->local_addr (IPv6) vs the one received and via the IPv4
connection.
libkrb5's src/lib/krb5/os/changepw.c has this comment:
/*
* TBD: Does this tamper w/ the auth context in such a way
* to break us? Yes - provide 1 per conn-state / host...
*/
I think we're hit by this.
This patch hacks around the situation by priming the kpasswd server
without error checking. If the initial v4 request is quick enough
because the kpasswd server is already started up properly, everything
works flawlessly.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Samuel Cabrero <scabrero at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
commit d5fa62639489a97407ac53fcedbded2246328407
Author: Volker Lendecke <vl at samba.org>
Date: Sun Nov 28 16:19:56 2021 +0100
rpc_server: Check info5->transport
Eventually, this new mechanism might replace the ncalrpc_as_system mechanism: I
think with this we're much more flexible and even more secure: We rely on the
direct permissions on "np/" and don't have to pretend that the local client
came from a file on /root. We are more flexible because with this mechanism we
can easily fake arbitrary tokens and play with session keys.
However, this would require that the source4 librpc code needs to learn about
this mechanism, which I was not able to complete.
The source3 rpc_server side of this will go away soon, so for now only
allow NCACN_NP there. The check in source4 will stay with us for a
while, so allow NCACN_NP and NCALRPC to be set remotely here. With
NCACN_NP (the case for a client to connect on a named pipe), protect
against accidentially connecting as system.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
commit 00e41d198d2972dddf075f79747f257f81c8e3b8
Author: Volker Lendecke <vl at samba.org>
Date: Sun Nov 28 08:48:58 2021 +0100
librpc: Get transport out of tstream_npa_accept_existing_recv()
To be used by the RPC servers in the next commit
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
commit fa445f153180fee33291f0650437c1a72ccc9104
Author: Volker Lendecke <vl at samba.org>
Date: Sat Nov 27 16:42:00 2021 +0100
auth: Fix a typo in auth/gensec/ncalrpc.c
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
commit 1bab76223cd1b87a96909a66143d02b8b6b5d5f6
Author: Volker Lendecke <vl at samba.org>
Date: Sat Nov 27 16:38:38 2021 +0100
librpc: Add named_pipe_auth_req_info5->transport
This will serve as a check to make sure that in particular a SAMR
client is really root. This is for example used in get_user_info_18()
handing out a machine password.
The unix domain sockets for NCACN_NP can only be contacted by root,
the "np\" subdirectory for those sockets is root/root 0700.
Connecting to such a socket is done in two situations: First, local
real root processes connecting and smbd on behalf of SMB clients
connecting to \\pipe\name, smbd does become_root() there. Via the
named_pipe_auth_req_info4 smbd hands over the SMB session information
that the RPC server blindly trusts. The session information (i.e. the
NT token) is heavily influenced by external sources like the KDC. It
is highly unlikely that we get a system token via SMB, but who knows,
this is information not fully controlled by smbd.
This is where this additional field in named_pipe_auth_req_info5 makes
a difference: This field is set to NCACN_NP by smbd's code, not
directly controlled by the clients. Other clients directly connecting
to a socket in "np\" is root anyway (only smbd can do become_root())
and can set this field to NCALRPC.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
commit 530fb4fdfb32d38cc55ed57cc6157bf63df069a7
Author: Volker Lendecke <vl at samba.org>
Date: Wed Jun 9 06:09:37 2021 +0200
named_pipe_auth.idl: Add "need_idle_server"
Once RPC services are done by individual processes, we need to avoid
recursion between processes:
Any RPC server process will be able to serve multiple client requests
simultaneously, but each request is served in a single-threaded
blocking manner.
For example the netlogon RPC service needs to ask samr for
something. The netlogon->samr connection will initially be handled by
a central dispatcher assigning clients to processes. This dispatcher
needs to know that this connection can't end up in the same process
that originated the request.
With this flag an RPC client can request a samr server process that
exclusively serves its own requests and that will not serve anybody
else while serving netlogon.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Samuel Cabrero <scabrero at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
commit d1934e2331f4e452dce8fa2ed2e32ea595dc5e97
Author: Volker Lendecke <vl at samba.org>
Date: Fri Nov 12 19:24:33 2021 +0100
named_pipe_auth: Bump info4 to info5
We'll add a field soon
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
-----------------------------------------------------------------------
Summary of changes:
WHATSNEW.txt | 40 +-
auth/gensec/ncalrpc.c | 2 +-
docs-xml/manpages/samba-dcerpcd.8.xml | 210 ++
docs-xml/manpages/vfs_btrfs.8.xml | 1 -
docs-xml/manpages/vfs_shell_snap.8.xml | 1 -
docs-xml/manpages/vfs_snapper.8.xml | 1 -
docs-xml/smbdotconf/misc/rpcdaemon.xml | 76 -
docs-xml/smbdotconf/misc/rpcserver.xml | 94 -
docs-xml/smbdotconf/misc/spotlight.xml | 25 -
.../smbdotconf/rpc/rpcstartondemandhelpers.xml | 22 +
docs-xml/wscript_build | 1 +
lib/fuzzing/wscript_build | 2 +-
lib/param/loadparm.c | 4 +
libcli/named_pipe_auth/npa_tstream.c | 116 +-
libcli/named_pipe_auth/npa_tstream.h | 11 +-
librpc/idl/backupkey.idl | 2 +-
librpc/idl/messaging.idl | 4 +
librpc/idl/named_pipe_auth.idl | 10 +-
librpc/rpc/dcesrv_core.c | 65 +-
librpc/rpc/dcesrv_core.h | 9 +-
pidl/lib/Parse/Pidl/Samba4/NDR/ServerCompat.pm | 97 +-
selftest/in_screen | 4 +-
selftest/knownfail | 7 +-
selftest/knownfail.d/source3-epmapper | 2 +
selftest/target/Samba3.pm | 132 +-
selftest/target/Samba4.pm | 9 -
selftest/tests.py | 2 -
selftest/wscript | 1 +
source3/lib/server_prefork.c | 698 -----
source3/lib/server_prefork.h | 312 --
source3/lib/server_prefork_util.c | 169 --
source3/lib/server_prefork_util.h | 52 -
source3/librpc/idl/rpc_host.idl | 76 +
source3/librpc/idl/wscript_build | 5 +-
source3/librpc/rpc/dcerpc_ep.c | 300 --
source3/librpc/rpc/dcerpc_ep.h | 77 -
source3/librpc/wscript_build | 4 +
source3/param/loadparm.c | 6 +
source3/param/wscript_build | 2 +-
source3/printing/load.c | 15 +
source3/printing/load.h | 1 +
source3/printing/pcap.c | 15 -
source3/printing/pcap.h | 1 -
source3/printing/queue_process.c | 56 +-
source3/printing/queue_process.h | 7 +-
source3/printing/spoolssd.c | 822 ------
source3/printing/spoolssd.h | 32 -
source3/rpc_client/cli_pipe.c | 117 +-
source3/rpc_client/cli_pipe.h | 10 +
source3/rpc_client/local_np.c | 780 +++++
source3/rpc_client/local_np.h | 56 +
source3/rpc_server/epmapper/srv_epmapper.c | 869 +++---
source3/rpc_server/epmapper/srv_epmapper.h | 41 -
source3/rpc_server/epmd.c | 251 --
source3/rpc_server/eventlog/srv_eventlog_nt.c | 6 -
source3/rpc_server/fssd.c | 238 --
source3/rpc_server/fssd.h | 34 -
source3/rpc_server/lsasd.c | 775 -----
source3/rpc_server/lsasd.h | 34 -
source3/rpc_server/mdssd.c | 691 -----
source3/rpc_server/mdssd.h | 34 -
source3/rpc_server/mdssvc/srv_mdssvc_nt.c | 46 -
source3/rpc_server/netlogon/srv_netlog_nt.c | 6 +-
source3/rpc_server/rpc_config.c | 126 -
source3/rpc_server/rpc_config.h | 46 -
source3/rpc_server/rpc_ep_register.c | 279 --
source3/rpc_server/rpc_ep_register.h | 51 -
source3/rpc_server/rpc_host.c | 3053 ++++++++++++++++++++
source3/rpc_server/rpc_modules.c | 102 -
source3/rpc_server/rpc_modules.h | 39 -
source3/rpc_server/rpc_ncacn_np.c | 1147 +-------
source3/rpc_server/rpc_ncacn_np.h | 27 +-
source3/rpc_server/rpc_pipes.h | 3 -
source3/rpc_server/rpc_server.c | 451 ---
source3/rpc_server/rpc_server.h | 23 +-
source3/rpc_server/rpc_service_setup.c | 942 ------
source3/rpc_server/rpc_service_setup.h | 63 -
source3/rpc_server/rpc_sock_helper.c | 2 -
source3/rpc_server/rpc_worker.c | 1239 ++++++++
source3/rpc_server/{epmd.h => rpc_worker.h} | 31 +-
source3/rpc_server/rpcd_classic.c | 99 +
source3/rpc_server/rpcd_epmapper.c | 58 +
source3/rpc_server/rpcd_fsrvp.c | 79 +
source3/rpc_server/rpcd_lsad.c | 102 +
source3/rpc_server/rpcd_mdssvc.c | 61 +
source3/rpc_server/rpcd_rpcecho.c | 58 +
source3/rpc_server/rpcd_spoolss.c | 86 +
source3/rpc_server/rpcd_winreg.c | 69 +
source3/rpc_server/samr/srv_samr_nt.c | 3 +
source3/rpc_server/spoolss/srv_iremotewinspool.c | 28 -
source3/rpc_server/spoolss/srv_spoolss_nt.c | 6 -
source3/rpc_server/srv_pipe.c | 83 -
source3/rpc_server/srv_pipe.h | 32 -
source3/rpc_server/srv_pipe_hnd.c | 90 +-
source3/rpc_server/svcctl/srv_svcctl_nt.c | 6 -
source3/rpc_server/svcctl/srv_svcctl_reg.c | 27 -
source3/rpc_server/wscript_build | 174 +-
source3/services/svc_rcinit.c | 29 +-
source3/smbd/conn_idle.c | 8 -
source3/smbd/process.c | 5 -
source3/smbd/proto.h | 1 -
source3/smbd/server.c | 94 +-
source3/smbd/server_exit.c | 10 -
source3/utils/smbcontrol.c | 38 +
source3/winbindd/winbindd.c | 28 -
source3/winbindd/winbindd_cm.c | 20 +-
source3/winbindd/winbindd_samr.c | 38 +
source3/winbindd/wscript_build | 3 +-
source3/wscript | 3 +-
source3/wscript_build | 41 +-
source4/ntvfs/ipc/vfs_ipc.c | 1 +
source4/samba/service_named_pipe.c | 26 +
testprogs/blackbox/test_net_ads_dns.sh | 4 +
testsuite/unittests/test_sambafs_srv_pipe.c | 110 -
testsuite/unittests/wscript | 11 +-
115 files changed, 7179 insertions(+), 9564 deletions(-)
create mode 100644 docs-xml/manpages/samba-dcerpcd.8.xml
delete mode 100644 docs-xml/smbdotconf/misc/rpcdaemon.xml
delete mode 100644 docs-xml/smbdotconf/misc/rpcserver.xml
create mode 100644 docs-xml/smbdotconf/rpc/rpcstartondemandhelpers.xml
create mode 100644 selftest/knownfail.d/source3-epmapper
delete mode 100644 source3/lib/server_prefork.c
delete mode 100644 source3/lib/server_prefork.h
delete mode 100644 source3/lib/server_prefork_util.c
delete mode 100644 source3/lib/server_prefork_util.h
create mode 100644 source3/librpc/idl/rpc_host.idl
delete mode 100644 source3/librpc/rpc/dcerpc_ep.c
delete mode 100644 source3/librpc/rpc/dcerpc_ep.h
delete mode 100644 source3/printing/spoolssd.c
delete mode 100644 source3/printing/spoolssd.h
create mode 100644 source3/rpc_client/local_np.c
create mode 100644 source3/rpc_client/local_np.h
delete mode 100644 source3/rpc_server/epmapper/srv_epmapper.h
delete mode 100644 source3/rpc_server/epmd.c
delete mode 100644 source3/rpc_server/fssd.c
delete mode 100644 source3/rpc_server/fssd.h
delete mode 100644 source3/rpc_server/lsasd.c
delete mode 100644 source3/rpc_server/lsasd.h
delete mode 100644 source3/rpc_server/mdssd.c
delete mode 100644 source3/rpc_server/mdssd.h
delete mode 100644 source3/rpc_server/rpc_ep_register.c
delete mode 100644 source3/rpc_server/rpc_ep_register.h
create mode 100644 source3/rpc_server/rpc_host.c
delete mode 100644 source3/rpc_server/rpc_modules.c
delete mode 100644 source3/rpc_server/rpc_modules.h
delete mode 100644 source3/rpc_server/rpc_service_setup.c
delete mode 100644 source3/rpc_server/rpc_service_setup.h
create mode 100644 source3/rpc_server/rpc_worker.c
rename source3/rpc_server/{epmd.h => rpc_worker.h} (59%)
create mode 100644 source3/rpc_server/rpcd_classic.c
create mode 100644 source3/rpc_server/rpcd_epmapper.c
create mode 100644 source3/rpc_server/rpcd_fsrvp.c
create mode 100644 source3/rpc_server/rpcd_lsad.c
create mode 100644 source3/rpc_server/rpcd_mdssvc.c
create mode 100644 source3/rpc_server/rpcd_rpcecho.c
create mode 100644 source3/rpc_server/rpcd_spoolss.c
create mode 100644 source3/rpc_server/rpcd_winreg.c
delete mode 100644 source3/rpc_server/srv_pipe.c
delete mode 100644 source3/rpc_server/srv_pipe.h
delete mode 100644 testsuite/unittests/test_sambafs_srv_pipe.c
Changeset truncated at 500 lines:
diff --git a/WHATSNEW.txt b/WHATSNEW.txt
index 4271539e703..c82fa5079ce 100644
--- a/WHATSNEW.txt
+++ b/WHATSNEW.txt
@@ -16,6 +16,42 @@ UPGRADING
NEW FEATURES/CHANGES
====================
+New samba-dcerpcd binary to provide DCERPC in the member server setup
+---------------------------------------------------------------------
+
+In order to make it much easier to break out the DCERPC services
+from smbd, a new samba-dcerpcd binary has been created.
+
+samba-dcerpcd can be used in two ways. In the normal case without
+startup script modification it is invoked on demand from smbd or
+winbind --np-helper to serve DCERPC over named pipes. Note that
+in order to run in this mode the smb.conf [global] section has
+a new parameter "rpc start on demand helpers = [true|false]".
+This parameter is set to "true" by default, meaning no changes to
+smb.conf files are needed to run samba-dcerpcd on demand as a named
+pipe helper.
+
+It can also be used in a standalone mode where it is started
+separately from smbd or winbind but this requires changes to system
+startup scripts, and in addition a change to smb.conf, setting the new
+[global] parameter "rpc start on demand helpers = false". If "rpc
+start on demand helpers" is not set to false, samba-dcerpcd will
+refuse to start in standalone mode.
+
+Note that when Samba is run in the Active Directory Domain Controller
+mode the samba binary that provides the AD code will still provide its
+normal DCERPC services whilst allowing samba-dcerpcd to provide
+services like SRVSVC in the same way that smbd used to in this
+configuration.
+
+The parameters that allowed some smbd-hosted services to be started
+externally are now gone (detailed below) as this is now the default
+setting.
+
+samba-dcerpcd can also be useful for use outside of the Samba
+framework, for example, use with the Linux kernel SMB2 server ksmbd or
+possibly other SMB2 server implementations.
+
Certificate Auto Enrollment
---------------------------
@@ -75,7 +111,9 @@ smb.conf changes
-------------- ----------- -------
kernel share modes New default No
dns forwarder Changed
-
+ rpc_daemon Removed
+ rpc_server Removed
+ rpc start on demand helpers Added true
KNOWN ISSUES
============
diff --git a/auth/gensec/ncalrpc.c b/auth/gensec/ncalrpc.c
index 7474b6aff9b..f845947982b 100644
--- a/auth/gensec/ncalrpc.c
+++ b/auth/gensec/ncalrpc.c
@@ -329,7 +329,7 @@ static bool gensec_ncalrpc_have_feature(struct gensec_security *gensec_security,
}
static const struct gensec_security_ops gensec_ncalrpc_security_ops = {
- .name = "naclrpc_as_system",
+ .name = "ncalrpc_as_system",
.auth_type = DCERPC_AUTH_TYPE_NCALRPC_AS_SYSTEM,
.client_start = gensec_ncalrpc_client_start,
.server_start = gensec_ncalrpc_server_start,
diff --git a/docs-xml/manpages/samba-dcerpcd.8.xml b/docs-xml/manpages/samba-dcerpcd.8.xml
new file mode 100644
index 00000000000..da8b77c9517
--- /dev/null
+++ b/docs-xml/manpages/samba-dcerpcd.8.xml
@@ -0,0 +1,210 @@
+<?xml version="1.0" encoding="iso-8859-1"?>
+<!DOCTYPE refentry PUBLIC "-//Samba-Team//DTD DocBook V4.2-Based Variant V1.0//EN" "http://www.samba.org/samba/DTD/samba-doc">
+<refentry id="samba-dcerpcd.8">
+
+<refmeta>
+ <refentrytitle>samba-dcerpcd</refentrytitle>
+ <manvolnum>8</manvolnum>
+ <refmiscinfo class="source">Samba</refmiscinfo>
+ <refmiscinfo class="manual">System Administration tools</refmiscinfo>
+ <refmiscinfo class="version">&doc.version;</refmiscinfo>
+</refmeta>
+
+
+<refnamediv>
+ <refname>samba-dcerpcd</refname>
+ <refpurpose>This is one of Samba's DCERPC server processes
+ that can listen on sockets where RPC services are offered and
+ is the parent process of the DCERPC services it
+ invokes. Unless separately invoked it is started on demand
+ from <command>smbd</command> or <command>winbind</command> and
+ serves DCERPC only over named pipes (np) as a helper
+ process. This will be the standard setup for most
+ installations (standalone/member server/AD server) unless they
+ modify their startup scripts. Note in when Samba is configured
+ as an Active Directory Domain controller the
+ <command>samba</command> process that invokes
+ <command>smbd</command> will still provide its normal DCERPC
+ services, not <command>samba-dcerpcd</command>. When
+ separately invoked by system startup scripts or a a daemon,
+ the global smb.conf option <smbconfoption name="rpc start on
+ demand helpers">false</smbconfoption> MUST be set to allow
+ <command>samba-dcerpcd</command> to start standalone.
+ </refpurpose>
+</refnamediv>
+
+<refsynopsisdiv>
+ <cmdsynopsis>
+ <command>samba-dcerpcd</command>
+ <arg choice="opt">-D|--daemon</arg>
+ <arg choice="opt">-i|--interactive</arg>
+ <arg choice="opt">-F|--foreground</arg>
+ <arg choice="opt">--no-process-group</arg>
+ <arg choice="opt">-d <debug level></arg>
+ <arg choice="opt">--debug-stdout</arg>
+ <arg choice="opt">--configfile=<configuration file></arg>
+ <arg choice="opt">--option=<name>=<value></arg>
+ <arg choice="opt">--leak-report</arg>
+ <arg choice="opt">--leak-report-full</arg>
+ <arg choice="opt">-V|--version</arg>
+ <arg choice="opt">--libexec-rpcds</arg>
+ <arg choice="opt">--np-helper</arg>
+ <arg choice="opt">--ready-signal-fd=<fd></arg>
+ <arg choice="opt"><SERVICE_1></arg>
+ <arg choice="opt"><SERVICE_2></arg>
+ <arg choice="opt"><...></arg>
+ </cmdsynopsis>
+</refsynopsisdiv>
+
+<refsect1>
+ <title>DESCRIPTION</title>
+
+ <para>This tool is part of the
+ <citerefentry><refentrytitle>samba</refentrytitle>
+ <manvolnum>7</manvolnum></citerefentry> suite.</para>
+
+ <para>
+ samba-dcerpcd can be used in two ways. In the normal case
+ without startup script modification and the global smb.conf
+ option <smbconfoption name="rpc start on demand
+ helpers">true</smbconfoption> is set (the default setting),
+ it is invoked on demand from <command>smbd</command> or
+ <command>winbind</command> with a command line
+ containing--np-helper to serve DCERPC over named pipes
+ (np). It can also be used in a standalone mode where it is
+ started separately from <command>smbd</command> or
+ <command>winbind</command> via system startup scripts. If
+ invoked as a standalone daemon or started from system
+ startup scripts the global smb.conf option <smbconfoption
+ name="rpc start on demand helpers">false</smbconfoption>
+ MUST be set to false. If the global smb.conf option
+ <smbconfoption name="rpc start on demand
+ helpers">true</smbconfoption> is set to true or left as
+ default, <command>samba-dcerpcd</command> will fail to start
+ and log an error message.
+ </para>
+ <para>
+ Note that when Samba is run in the Active Directory Domain
+ Controller mode the <command>samba</command> AD code will
+ still provide its normal DCERPC services whilst allowing
+ samba-dcerpcd to provide services like SRVSVC in the same
+ way that <command>smbd</command> used to in this
+ configuration.
+ </para>
+ <para>
+ The standalone mode can also be useful for use outside of
+ the Samba framework, for example, use with the Linux kernel
+ SMB2 server ksmbd or possibly other SMB2 server
+ implementations. In this mode it behaves like inetd and
+ listens on sockets on behalf of RPC server implementations.
+ </para>
+ <para>
+ When a client connects, <command>samba-dcerpcd</command>
+ will start the relevant RPC service binary on demand and
+ hand over the connection to that service. When an RPC
+ service has been idle for a while,
+ <command>samba-dcerpcd</command> will ask it to shut down
+ again.
+ </para>
+
+</refsect1>
+
+<refsect1>
+ <title>OPTIONS</title>
+
+ <variablelist>
+ <varlistentry>
+ <term>-D|--daemon</term>
+ <listitem><para>If specified, this parameter causes
+ the server to operate as a daemon. That is, it
+ detaches itself and runs in the background, fielding
+ requests on the appropriate port. Operating the server
+ as a daemon is useful for running
+ <command>samba-dcerpcd</command> outside of the Samba
+ framework. However, it can also be used in this way
+ within Samba for member servers if configured to start
+ up via system startup scripts. This switch is assumed
+ if <command>samba-dcerpcd</command> is executed on the
+ command line of a shell. </para></listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>-i|--interactive</term>
+ <listitem><para>If this parameter is specified it
+ causes the server to run "interactively", not as a
+ daemon, even if the server is executed on the command
+ line of a shell. Setting this parameter negates the
+ implicit daemon mode when run from the command
+ line. <command>samba-dcerpcd</command> will only
+ accept one connection and terminate. It will also log
+ to standard output, as if the <command>-S</command>
+ parameter had been given.
+ </para></listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>-F|--foreground</term>
+ <listitem><para>If specified, this parameter causes
+ the main <command>samba-dcerpcd</command> process to
+ not daemonize, i.e. double-fork and disassociate with
+ the terminal. Child processes are still spawned as
+ normal to service each connection request, but the
+ main process does not exit. This operation mode is
+ suitable for running <command>samba-dcerpcd</command>
+ under process supervisors such as
+ <command>supervise</command> and
+ <command>svscan</command> from Daniel J. Bernstein's
+ <command>daemontools</command> package, or the AIX
+ process monitor. </para></listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>--no-process-group</term>
+ <listitem><para>Do not create a new process group for
+ samba-dcerpcd.
+ </para></listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>--libexec-rpcds</term>
+ <listitem><para>Offer RPC services for all daemons in
+ Samba's LIBEXECDIR, all programs starting with
+ "rpcd_" are assumed to offer RPC
+ services. If you don't use the
+ <command>--libexec-rpcds</command> option, you can
+ explicitly list all RPC service helpers explicitly on
+ the command line.</para></listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>--np-helper</term>
+ <listitem><para>Run <command>samba-dcerpcd</command>
+ on demand opening named pipe sockets as helpers for
+ <command>smbd</command> or <command>winbind</command>.
+ In order to run in this mode, the global smb.conf
+ option <smbconfoption name="rpc start on demand
+ helpers">true</smbconfoption> must be set to true
+ (this is the default setting). </para></listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>--ready-signal-fd=<fd></term>
+ <listitem><para>Report service readiness via this fd
+ to <command>smbd</command>. Only for internal use.
+ </para></listitem>
+ </varlistentry>
+ </variablelist>
+</refsect1>
+
+<refsect1>
+ <title>AUTHOR</title>
+
+ <para>
+ The original Samba software and related utilities were
+ created by Andrew Tridgell. Samba is now developed by the
+ Samba Team as an Open Source project similar to the way the
+ Linux kernel is developed.
+ </para>
+</refsect1>
+
+</refentry>
diff --git a/docs-xml/manpages/vfs_btrfs.8.xml b/docs-xml/manpages/vfs_btrfs.8.xml
index 60013f9be9a..c617a276e5b 100644
--- a/docs-xml/manpages/vfs_btrfs.8.xml
+++ b/docs-xml/manpages/vfs_btrfs.8.xml
@@ -107,7 +107,6 @@
<programlisting>
<smbconfsection name="[global]"/>
- <smbconfoption name="rpc_daemon:fssd">fork</smbconfoption>
<smbconfoption name="registry shares">yes</smbconfoption>
<smbconfoption name="include">registry</smbconfoption>
diff --git a/docs-xml/manpages/vfs_shell_snap.8.xml b/docs-xml/manpages/vfs_shell_snap.8.xml
index d6206e152f6..319d825cfaf 100644
--- a/docs-xml/manpages/vfs_shell_snap.8.xml
+++ b/docs-xml/manpages/vfs_shell_snap.8.xml
@@ -128,7 +128,6 @@
<programlisting>
<smbconfsection name="[global]"/>
- <smbconfoption name="rpc_daemon:fssd">fork</smbconfoption>
<smbconfoption name="registry shares">yes</smbconfoption>
<smbconfoption name="include">registry</smbconfoption>
</programlisting>
diff --git a/docs-xml/manpages/vfs_snapper.8.xml b/docs-xml/manpages/vfs_snapper.8.xml
index 053da7f5270..9663ece0b0c 100644
--- a/docs-xml/manpages/vfs_snapper.8.xml
+++ b/docs-xml/manpages/vfs_snapper.8.xml
@@ -70,7 +70,6 @@
<programlisting>
<smbconfsection name="[global]"/>
- <smbconfoption name="rpc_daemon:fssd">fork</smbconfoption>
<smbconfoption name="registry shares">yes</smbconfoption>
<smbconfoption name="include">registry</smbconfoption>
</programlisting>
diff --git a/docs-xml/smbdotconf/misc/rpcdaemon.xml b/docs-xml/smbdotconf/misc/rpcdaemon.xml
deleted file mode 100644
index d3e3e52c59b..00000000000
--- a/docs-xml/smbdotconf/misc/rpcdaemon.xml
+++ /dev/null
@@ -1,76 +0,0 @@
-<samba:parameter name="rpc_daemon:DAEMON"
- context="G"
- type="string"
- xmlns:samba="http://www.samba.org/samba/DTD/samba-doc">
-<description>
- <para>
- Defines whether to use the embedded code or start a separate daemon
- for the defined rpc services.
- The rpc_daemon prefix must be followed by the server name, and a value.
- </para>
-
- <para>
- Two possible values are currently supported:
- <programlisting>
- disabled
- fork
- </programlisting>
- </para>
-
- <para>
- The classic method is to run rpc services as internal daemons
- embedded in smbd, therefore the external daemons are
- <emphasis>disabled</emphasis> by default.
- </para>
-
- <para>
- Choosing the <emphasis>fork</emphasis> option will cause samba to fork
- a separate process for each daemon configured this way. Each daemon may
- in turn fork a number of children used to handle requests from multiple
- smbds and direct tcp/ip connections (if the Endpoint Mapper is
- enabled). Communication with smbd happens over named pipes and require
- that said pipes are forward to the external daemon (see <smbconfoption
- name="rpc_server"/>).
- </para>
-
- <para>
- Forked RPC Daemons support dynamically forking children to handle
- connections. The heuristics about how many children to keep around and
- how fast to allow them to fork and also how many clients each child is
- allowed to handle concurrently is defined by parametrical options named
- after the daemon.
- Five options are currently supported:
- <programlisting>
- prefork_min_children
- prefork_max_children
- prefork_spawn_rate
- prefork_max_allowed_clients
- prefork_child_min_life
- </programlisting>
-
- To set one of these options use the following syntax:
- <programlisting>
- daemonname:prefork_min_children = 5
- </programlisting>
- </para>
-
- <para>
- Samba includes separate daemons for spoolss, lsarpc/lsass,
- netlogon, samr, FSRVP and mdssvc(Spotlight). Currently five
- daemons are available and they are called:
- <programlisting>
- epmd
- lsasd
- spoolssd
- fssd
- mdssd
- </programlisting>
- Example:
- <programlisting>
- rpc_daemon:spoolssd = fork
- </programlisting>
- </para>
-</description>
-
-<value type="default">disabled</value>
-</samba:parameter>
diff --git a/docs-xml/smbdotconf/misc/rpcserver.xml b/docs-xml/smbdotconf/misc/rpcserver.xml
deleted file mode 100644
index 434e5ec49ee..00000000000
--- a/docs-xml/smbdotconf/misc/rpcserver.xml
+++ /dev/null
@@ -1,94 +0,0 @@
-<samba:parameter name="rpc_server:SERVER"
- context="G"
- type="string"
- xmlns:samba="http://www.samba.org/samba/DTD/samba-doc">
-<description>
- <para>
- With this option you can define if a rpc service should be
- running internal/embedded in smbd or should be redirected to an
- external daemon like Samba4, the endpoint mapper daemon, the
- spoolss daemon or the new LSA service daemon. The rpc_server
- prefix must be followed by the pipe name, and a value.
- </para>
-
- <para>
- This option can be set for each available rpc service in Samba.
- The following list shows all available pipe names services you
- can modify with this option.
- </para>
-
- <itemizedlist>
- <listitem><para>epmapper - Endpoint Mapper</para></listitem>
- <listitem><para>winreg - Remote Registry Service</para></listitem>
- <listitem><para>srvsvc - Remote Server Services</para></listitem>
- <listitem><para>lsarpc - Local Security Authority</para></listitem>
- <listitem><para>samr - Security Account Management</para></listitem>
- <listitem><para>netlogon - Netlogon Remote Protocol</para></listitem>
- <listitem><para>netdfs - Settings for Distributed File System</para></listitem>
- <listitem><para>dssetup - Active Directory Setup</para></listitem>
- <listitem><para>wkssvc - Workstation Services</para></listitem>
- <listitem><para>spoolss - Network Printing Spooler</para></listitem>
- <listitem><para>svcctl - Service Control</para></listitem>
- <listitem><para>ntsvcs - Plug and Play Services</para></listitem>
- <listitem><para>eventlog - Event Logger</para></listitem>
- <listitem><para>initshutdown - Init Shutdown Service</para></listitem>
- <listitem><para>mdssvc - Spotlight</para></listitem>
- </itemizedlist>
-
- <para>
- Three possible values currently supported are:
- <command moreinfo="none">embedded</command>
- <command moreinfo="none">external</command>
- <command moreinfo="none">disabled</command>
- </para>
-
- <para>
- The classic method is to run every pipe as an internal function
- <emphasis>embedded</emphasis> in smbd. The defaults may vary
- depending on the service.
- </para>
-
- <para>
- Choosing the <emphasis>external</emphasis> option allows one to run
- a separate daemon or even a completely independent (3rd party)
- server capable of interfacing with samba via the MS-RPC
- interface over named pipes.
- </para>
-
- <para>
- Currently in Samba3 we support four daemons, spoolssd, epmd,
- lsasd and mdssd. These daemons can be enabled using the
- <emphasis>rpc_daemon</emphasis> option. For spoolssd you have
- to enable the daemon and proxy the named pipe with:
- </para>
-
- <para>
- Examples:
- <programlisting>
- rpc_daemon:lsasd = fork
- rpc_server:lsarpc = external
- rpc_server:samr = external
- rpc_server:netlogon = external
-
- rpc_server:spoolss = external
- rpc_server:epmapper = disabled
-
- rpc_daemon:mdssd = fork
- rpc_server:mdssvc = external
- </programlisting>
- </para>
-
- <para>
- There is one special option which allows you to enable rpc
- services to listen for ncacn_ip_tcp connections too. Currently
- this is only used for testing and doesn't scale!
-
- <programlisting>
- rpc_server:tcpip = yes
- </programlisting>
- </para>
--
Samba Shared Repository
More information about the samba-cvs
mailing list