The branch, master has been updated
via 31203ee2075 rpc_server: Remove the source4 implementation of wkssvc
via f83ebb3bdab wkssvc3: Return RNG_ERROR where source4 does it
via 5b2bfb405f0 wkssvc3: Return ACCESS_DENIED where source4 does it
from 3e128df1ef4 samr: Fix CID 1035506: close slave fd (REASOURCE_LEAK)
https://git.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit 31203ee2075e7c170ab540eb3b24131ba5c04dd7
Author: Stefan Metzmacher <[email protected]>
Date: Thu Jul 3 10:35:32 2025 +0200
rpc_server: Remove the source4 implementation of wkssvc
This was pretty much a stub anyway
Signed-off-by: Stefan Metzmacher <[email protected]>
Reviewed-by: Guenther Deschner <[email protected]>
Autobuild-User(master): Günther Deschner <[email protected]>
Autobuild-Date(master): Thu Sep 11 15:16:17 UTC 2025 on atb-devel-224
commit f83ebb3bdab7ec8c2d59a2afbdb97476c922a67c
Author: Volker Lendecke <[email protected]>
Date: Thu Jul 3 10:32:43 2025 +0200
wkssvc3: Return RNG_ERROR where source4 does it
Signed-off-by: Volker Lendecke <[email protected]>
Reviewed-by: Guenther Deschner <[email protected]>
commit 5b2bfb405f077b6fdef8dced664c3543b6966676
Author: Volker Lendecke <[email protected]>
Date: Thu Jul 3 10:27:27 2025 +0200
wkssvc3: Return ACCESS_DENIED where source4 does it
Signed-off-by: Volker Lendecke <[email protected]>
Reviewed-by: Guenther Deschner <[email protected]>
-----------------------------------------------------------------------
Summary of changes:
.../smbdotconf/protocol/dcerpcendpointservers.xml | 2 +-
lib/param/loadparm.c | 6 +-
source3/param/loadparm.c | 6 +-
source3/rpc_server/rpcd_classic.c | 29 --
source3/rpc_server/wkssvc/srv_wkssvc_nt.c | 11 +
source4/rpc_server/wkssvc/dcesrv_wkssvc.c | 403 ---------------------
source4/rpc_server/wscript_build | 9 -
7 files changed, 22 insertions(+), 444 deletions(-)
delete mode 100644 source4/rpc_server/wkssvc/dcesrv_wkssvc.c
Changeset truncated at 500 lines:
diff --git a/docs-xml/smbdotconf/protocol/dcerpcendpointservers.xml
b/docs-xml/smbdotconf/protocol/dcerpcendpointservers.xml
index c6642b795fd..6c32d9e6e17 100644
--- a/docs-xml/smbdotconf/protocol/dcerpcendpointservers.xml
+++ b/docs-xml/smbdotconf/protocol/dcerpcendpointservers.xml
@@ -6,6 +6,6 @@
<para>Specifies which DCE/RPC endpoint servers should be run.</para>
</description>
-<value type="default">epmapper, wkssvc, samr, netlogon, lsarpc, drsuapi,
dssetup, unixinfo, browser, eventlog6, backupkey, dnsserver</value>
+<value type="default">epmapper, samr, netlogon, lsarpc, drsuapi, dssetup,
unixinfo, browser, eventlog6, backupkey, dnsserver</value>
<value type="example">rpcecho</value>
</samba:parameter>
diff --git a/lib/param/loadparm.c b/lib/param/loadparm.c
index 05b6ec48ac8..4af9638ffd7 100644
--- a/lib/param/loadparm.c
+++ b/lib/param/loadparm.c
@@ -2841,7 +2841,11 @@ struct loadparm_context *loadparm_init(TALLOC_CTX
*mem_ctx)
lpcfg_do_global_parameter(lp_ctx, "ntvfs handler", "unixuid default");
lpcfg_do_global_parameter(lp_ctx, "max connections", "0");
- lpcfg_do_global_parameter(lp_ctx, "dcerpc endpoint servers", "epmapper
wkssvc samr netlogon lsarpc drsuapi dssetup unixinfo browser eventlog6
backupkey dnsserver");
+ lpcfg_do_global_parameter(
+ lp_ctx,
+ "dcerpc endpoint servers",
+ "epmapper samr netlogon lsarpc drsuapi dssetup unixinfo "
+ "browser eventlog6 backupkey dnsserver");
lpcfg_do_global_parameter(lp_ctx, "server services", "s3fs rpc nbt
wrepl ldap cldap kdc drepl ft_scanner winbindd ntp_signd kcc dnsupdate dns");
lpcfg_do_global_parameter(lp_ctx, "kccsrv:samba_kcc", "true");
/* the winbind method for domain controllers is for both RODC
diff --git a/source3/param/loadparm.c b/source3/param/loadparm.c
index afe2aad5f33..1be550d9ad3 100644
--- a/source3/param/loadparm.c
+++ b/source3/param/loadparm.c
@@ -891,7 +891,11 @@ void loadparm_s3_init_globals(struct loadparm_context
*lp_ctx,
Globals.server_services = str_list_make_v3_const(NULL, "s3fs rpc nbt
wrepl ldap cldap kdc drepl ft_scanner winbindd ntp_signd kcc dnsupdate dns",
NULL);
- Globals.dcerpc_endpoint_servers = str_list_make_v3_const(NULL,
"epmapper wkssvc samr netlogon lsarpc drsuapi dssetup unixinfo browser
eventlog6 backupkey dnsserver", NULL);
+ Globals.dcerpc_endpoint_servers = str_list_make_v3_const(
+ NULL,
+ "epmapper samr netlogon lsarpc drsuapi dssetup unixinfo "
+ "browser eventlog6 backupkey dnsserver",
+ NULL);
Globals.tls_enabled = true;
Globals.tls_verify_peer = TLS_VERIFY_PEER_AS_STRICT_AS_POSSIBLE;
diff --git a/source3/rpc_server/rpcd_classic.c
b/source3/rpc_server/rpcd_classic.c
index 2b7e9398d90..8f5e0f3223d 100644
--- a/source3/rpc_server/rpcd_classic.c
+++ b/source3/rpc_server/rpcd_classic.c
@@ -46,27 +46,10 @@ static size_t classic_interfaces(
&ndr_table_svcctl,
&ndr_table_ntsvcs,
&ndr_table_eventlog,
- /*
- * This last item is truncated from the list by the
- * num_ifaces -= 1 below. Take care when adding new
- * services.
- */
&ndr_table_wkssvc,
};
size_t num_ifaces = ARRAY_SIZE(ifaces);
- switch(lp_server_role()) {
- case ROLE_ACTIVE_DIRECTORY_DC:
- /*
- * On the AD DC wkssvc is provided by the 'samba'
- * binary from source4/
- */
- num_ifaces -= 1;
- break;
- default:
- break;
- }
-
*pifaces = ifaces;
return num_ifaces;
@@ -91,18 +74,6 @@ static NTSTATUS classic_servers(
ep_servers[5] = eventlog_get_ep_server();
ep_servers[6] = wkssvc_get_ep_server();
- switch(lp_server_role()) {
- case ROLE_ACTIVE_DIRECTORY_DC:
- /*
- * On the AD DC wkssvc is provided by the 'samba'
- * binary from source4/
- */
- num_servers -= 1;
- break;
- default:
- break;
- }
-
ok = secrets_init();
if (!ok) {
DBG_ERR("secrets_init() failed\n");
diff --git a/source3/rpc_server/wkssvc/srv_wkssvc_nt.c
b/source3/rpc_server/wkssvc/srv_wkssvc_nt.c
index c75b0d19e2b..f7efa95d113 100644
--- a/source3/rpc_server/wkssvc/srv_wkssvc_nt.c
+++ b/source3/rpc_server/wkssvc/srv_wkssvc_nt.c
@@ -315,6 +315,9 @@ WERROR _wkssvc_NetWkstaGetInfo(struct pipes_struct *p,
return WERR_NOT_ENOUGH_MEMORY;
}
break;
+ case 502:
+ return WERR_ACCESS_DENIED;
+ break;
default:
return WERR_INVALID_LEVEL;
}
@@ -448,6 +451,14 @@ WERROR _wkssvc_NetWkstaEnumUsers(struct pipes_struct *p,
struct auth_session_info *session_info =
dcesrv_call_session_info(dce_call);
+ if (IS_AD_DC) {
+ /*
+ * source4/rpc_server/wkssvc returns RNG_ERROR here
+ */
+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR;
+ return WERR_NOT_SUPPORTED;
+ }
+
/* This with any level should only be allowed from a domain
administrator */
if (!nt_token_check_sid(&global_sid_Builtin_Administrators,
session_info->security_token)) {
diff --git a/source4/rpc_server/wkssvc/dcesrv_wkssvc.c
b/source4/rpc_server/wkssvc/dcesrv_wkssvc.c
deleted file mode 100644
index f638471824b..00000000000
--- a/source4/rpc_server/wkssvc/dcesrv_wkssvc.c
+++ /dev/null
@@ -1,403 +0,0 @@
-/*
- Unix SMB/CIFS implementation.
-
- endpoint server for the wkssvc pipe
-
- Copyright (C) Stefan (metze) Metzmacher 2004
-
- This program is free software; you can redistribute it and/or modify
- it under the terms of the GNU General Public License as published by
- the Free Software Foundation; either version 3 of the License, or
- (at your option) any later version.
-
- This program is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- GNU General Public License for more details.
-
- You should have received a copy of the GNU General Public License
- along with this program. If not, see <http://www.gnu.org/licenses/>.
-*/
-
-#include "includes.h"
-#include "rpc_server/dcerpc_server.h"
-#include "librpc/gen_ndr/ndr_wkssvc.h"
-#include "librpc/gen_ndr/ndr_srvsvc.h"
-#include "rpc_server/common/common.h"
-#include "param/param.h"
-
-/*
- wkssvc_NetWkstaGetInfo
-*/
-static WERROR dcesrv_wkssvc_NetWkstaGetInfo(struct dcesrv_call_state
*dce_call, TALLOC_CTX *mem_ctx,
- struct wkssvc_NetWkstaGetInfo *r)
-{
- struct dcesrv_context *dce_ctx = dce_call->conn->dce_ctx;
- struct dcerpc_server_info *server_info =
lpcfg_dcerpc_server_info(mem_ctx, dce_ctx->lp_ctx);
-
- /* NOTE: win2k3 ignores r->in.server_name completely so we do --metze */
-
- switch(r->in.level) {
- case 100:
- {
- struct wkssvc_NetWkstaInfo100 *info100;
-
- info100 = talloc(mem_ctx, struct wkssvc_NetWkstaInfo100);
- W_ERROR_HAVE_NO_MEMORY(info100);
-
- info100->platform_id =
dcesrv_common_get_platform_id(mem_ctx, dce_ctx);
- info100->server_name =
dcesrv_common_get_server_name(mem_ctx, dce_ctx, NULL);
- W_ERROR_HAVE_NO_MEMORY(info100->server_name);
- info100->domain_name = server_info->domain_name;
- info100->version_major = server_info->version_major;
- info100->version_minor = server_info->version_minor;
-
- r->out.info->info100 = info100;
- return WERR_OK;
- }
- case 101:
- {
- struct wkssvc_NetWkstaInfo101 *info101;
-
- info101 = talloc(mem_ctx, struct wkssvc_NetWkstaInfo101);
- W_ERROR_HAVE_NO_MEMORY(info101);
-
- info101->platform_id =
dcesrv_common_get_platform_id(mem_ctx, dce_ctx);
- info101->server_name =
dcesrv_common_get_server_name(mem_ctx, dce_ctx, NULL);
- W_ERROR_HAVE_NO_MEMORY(info101->server_name);
- info101->domain_name = server_info->domain_name;
- info101->version_major = server_info->version_major;
- info101->version_minor = server_info->version_minor;
- info101->lan_root = dcesrv_common_get_lan_root(mem_ctx,
dce_ctx);
-
- r->out.info->info101 = info101;
- return WERR_OK;
- }
- case 102:
- {
- return WERR_ACCESS_DENIED;
- }
- case 502:
- {
- return WERR_ACCESS_DENIED;
- }
- default:
- return WERR_INVALID_LEVEL;
- }
-}
-
-
-/*
- wkssvc_NetWkstaSetInfo
-*/
-static WERROR dcesrv_wkssvc_NetWkstaSetInfo(struct dcesrv_call_state
*dce_call, TALLOC_CTX *mem_ctx,
- struct wkssvc_NetWkstaSetInfo *r)
-{
- DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
-}
-
-
-/*
- wkssvc_NetWkstaEnumUsers
-*/
-static WERROR dcesrv_wkssvc_NetWkstaEnumUsers(struct dcesrv_call_state
*dce_call, TALLOC_CTX *mem_ctx,
- struct wkssvc_NetWkstaEnumUsers *r)
-{
- DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
-}
-
-
-/*
- wkssvc_NetrWkstaUserGetInfo
-*/
-static WERROR dcesrv_wkssvc_NetrWkstaUserGetInfo(struct dcesrv_call_state
*dce_call, TALLOC_CTX *mem_ctx,
- struct wkssvc_NetrWkstaUserGetInfo *r)
-{
- DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
-}
-
-
-/*
- wkssvc_NetrWkstaUserSetInfo
-*/
-static WERROR dcesrv_wkssvc_NetrWkstaUserSetInfo(struct dcesrv_call_state
*dce_call, TALLOC_CTX *mem_ctx,
- struct wkssvc_NetrWkstaUserSetInfo *r)
-{
- DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
-}
-
-
-/*
- wkssvc_NetWkstaTransportEnum
-*/
-static WERROR dcesrv_wkssvc_NetWkstaTransportEnum(struct dcesrv_call_state
*dce_call, TALLOC_CTX *mem_ctx,
- struct wkssvc_NetWkstaTransportEnum *r)
-{
- switch (r->in.info->level) {
- case 0:
- r->out.info->ctr.ctr0 = talloc(mem_ctx, struct
wkssvc_NetWkstaTransportCtr0);
- W_ERROR_HAVE_NO_MEMORY(r->out.info->ctr.ctr0);
-
- r->out.info->ctr.ctr0->count = 0;
- r->out.info->ctr.ctr0->array = NULL;
-
- return WERR_NOT_SUPPORTED;
-
- default:
- return WERR_INVALID_LEVEL;
- }
-}
-
-
-/*
- wkssvc_NetrWkstaTransportAdd
-*/
-static WERROR dcesrv_wkssvc_NetrWkstaTransportAdd(struct dcesrv_call_state
*dce_call, TALLOC_CTX *mem_ctx,
- struct wkssvc_NetrWkstaTransportAdd *r)
-{
- DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
-}
-
-
-/*
- wkssvc_NetrWkstaTransportDel
-*/
-static WERROR dcesrv_wkssvc_NetrWkstaTransportDel(struct dcesrv_call_state
*dce_call, TALLOC_CTX *mem_ctx,
- struct wkssvc_NetrWkstaTransportDel *r)
-{
- DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
-}
-
-
-/*
- wkssvc_NetrUseAdd
-*/
-static WERROR dcesrv_wkssvc_NetrUseAdd(struct dcesrv_call_state *dce_call,
TALLOC_CTX *mem_ctx,
- struct wkssvc_NetrUseAdd *r)
-{
- DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
-}
-
-
-/*
- wkssvc_NetrUseGetInfo
-*/
-static WERROR dcesrv_wkssvc_NetrUseGetInfo(struct dcesrv_call_state *dce_call,
TALLOC_CTX *mem_ctx,
- struct wkssvc_NetrUseGetInfo *r)
-{
- DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
-}
-
-
-/*
- wkssvc_NetrUseDel
-*/
-static WERROR dcesrv_wkssvc_NetrUseDel(struct dcesrv_call_state *dce_call,
TALLOC_CTX *mem_ctx,
- struct wkssvc_NetrUseDel *r)
-{
- DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
-}
-
-
-/*
- wkssvc_NetrUseEnum
-*/
-static WERROR dcesrv_wkssvc_NetrUseEnum(struct dcesrv_call_state *dce_call,
TALLOC_CTX *mem_ctx,
- struct wkssvc_NetrUseEnum *r)
-{
- DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
-}
-
-
-/*
- wkssvc_NetrMessageBufferSend
-*/
-static WERROR dcesrv_wkssvc_NetrMessageBufferSend(struct dcesrv_call_state
*dce_call, TALLOC_CTX *mem_ctx,
- struct wkssvc_NetrMessageBufferSend *r)
-{
- DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
-}
-
-
-/*
- wkssvc_NetrWorkstationStatisticsGet
-*/
-static WERROR dcesrv_wkssvc_NetrWorkstationStatisticsGet(struct
dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
- struct wkssvc_NetrWorkstationStatisticsGet *r)
-{
- DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
-}
-
-
-/*
- wkssvc_NetrLogonDomainNameAdd
-*/
-static WERROR dcesrv_wkssvc_NetrLogonDomainNameAdd(struct dcesrv_call_state
*dce_call, TALLOC_CTX *mem_ctx,
- struct wkssvc_NetrLogonDomainNameAdd *r)
-{
- DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
-}
-
-
-/*
- wkssvc_NetrLogonDomainNameDel
-*/
-static WERROR dcesrv_wkssvc_NetrLogonDomainNameDel(struct dcesrv_call_state
*dce_call, TALLOC_CTX *mem_ctx,
- struct wkssvc_NetrLogonDomainNameDel *r)
-{
- DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
-}
-
-
-/*
- wkssvc_NetrJoinDomain
-*/
-static WERROR dcesrv_wkssvc_NetrJoinDomain(struct dcesrv_call_state *dce_call,
TALLOC_CTX *mem_ctx,
- struct wkssvc_NetrJoinDomain *r)
-{
- DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
-}
-
-
-/*
- wkssvc_NetrUnjoinDomain
-*/
-static WERROR dcesrv_wkssvc_NetrUnjoinDomain(struct dcesrv_call_state
*dce_call, TALLOC_CTX *mem_ctx,
- struct wkssvc_NetrUnjoinDomain *r)
-{
- DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
-}
-
-
-/*
- wkssvc_NetrRenameMachineInDomain
-*/
-static WERROR dcesrv_wkssvc_NetrRenameMachineInDomain(struct dcesrv_call_state
*dce_call, TALLOC_CTX *mem_ctx,
- struct wkssvc_NetrRenameMachineInDomain *r)
-{
- DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
-}
-
-
-/*
- wkssvc_NetrValidateName
-*/
-static WERROR dcesrv_wkssvc_NetrValidateName(struct dcesrv_call_state
*dce_call, TALLOC_CTX *mem_ctx,
- struct wkssvc_NetrValidateName *r)
-{
- DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
-}
-
-
-/*
- wkssvc_NetrGetJoinInformation
-*/
-static WERROR dcesrv_wkssvc_NetrGetJoinInformation(struct dcesrv_call_state
*dce_call, TALLOC_CTX *mem_ctx,
- struct wkssvc_NetrGetJoinInformation *r)
-{
- DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
-}
-
-
-/*
- wkssvc_NetrGetJoinableOus
-*/
-static WERROR dcesrv_wkssvc_NetrGetJoinableOus(struct dcesrv_call_state
*dce_call, TALLOC_CTX *mem_ctx,
- struct wkssvc_NetrGetJoinableOus *r)
-{
- DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
-}
-
-
-/*
- WKSSVC_NETRJOINDOMAIN2
-*/
-static WERROR dcesrv_wkssvc_NetrJoinDomain2(struct dcesrv_call_state
*dce_call, TALLOC_CTX *mem_ctx,
- struct wkssvc_NetrJoinDomain2 *r)
-{
- DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
-}
-
-
-/*
- WKSSVC_NETRUNJOINDOMAIN2
-*/
-static WERROR dcesrv_wkssvc_NetrUnjoinDomain2(struct dcesrv_call_state
*dce_call, TALLOC_CTX *mem_ctx,
- struct wkssvc_NetrUnjoinDomain2 *r)
-{
- DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
-}
-
-
-/*
- wkssvc_NetrRenameMachineInDomain2
-*/
-static WERROR dcesrv_wkssvc_NetrRenameMachineInDomain2(struct
dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
- struct wkssvc_NetrRenameMachineInDomain2 *r)
-{
- DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
-}
-
-
-/*
- wkssvc_NetrValidateName2
-*/
-static WERROR dcesrv_wkssvc_NetrValidateName2(struct dcesrv_call_state
*dce_call, TALLOC_CTX *mem_ctx,
- struct wkssvc_NetrValidateName2 *r)
-{
- DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
-}
-
-
-/*
- wkssvc_NetrGetJoinableOus2
-*/
-static WERROR dcesrv_wkssvc_NetrGetJoinableOus2(struct dcesrv_call_state
*dce_call, TALLOC_CTX *mem_ctx,
- struct wkssvc_NetrGetJoinableOus2 *r)
-{
- DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
-}
-
-
-/*
- wkssvc_NetrAddAlternateComputername
-*/
-static WERROR dcesrv_wkssvc_NetrAddAlternateComputerName(struct
dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
- struct wkssvc_NetrAddAlternateComputerName *r)
-{
- DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
--
Samba Shared Repository
