sin/samba-mirror
1
0
Fork 0
mirror of https://github.com/samba-team/samba.git synced 2024-12-25 23:21:54 +03:00
Code
59378dddbf
samba-mirror/libcli/auth/wscript_build

Ignoring revisions in .git-blame-ignore-revs. Click here to bypass and see the normal blame view.

101 lines
2.6 KiB
Plaintext
Raw Normal View History

s4-waf: mark the wscript files as python so vim/emacs knows how to highlight them
2010-03-28 01:48:49 +03:00
#!/usr/bin/env python
build: moved libcli/auth/ntlmssp*.c into a common libcliauth.so library Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2011-02-24 02:28:43 +03:00
bld.SAMBA_LIBRARY('cliauth',
source='',
Rename 'errors' to 'samba-errors' and make it public. This is necessary because it has public headers. Signed-off-by: Jelmer Vernooij <jelmer@jelmer.uk> Reviewed-By: Andrew Bartlett <abartlet@samba.org> Reviewed-By: Stefan Metzmacher <metze@samba.org> Autobuild-User(master): Jelmer Vernooij <jelmer@samba.org> Autobuild-Date(master): Wed Jan 13 07:47:04 CET 2016 on sn-devel-144
2016-01-04 04:01:53 +03:00
deps='MSRPC_PARSE LIBCLI_AUTH COMMON_SCHANNEL PAM_ERRORS SPNEGO_PARSE krb5samba samba-errors NTLM_CHECK UTIL_LSARPC',
build: moved libcli/auth/ntlmssp*.c into a common libcliauth.so library Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2011-02-24 02:28:43 +03:00
private_library=True,
grouping_library=True)
build: commit all the waf build files in the tree
2010-03-17 14:07:42 +03:00
bld.SAMBA_SUBSYSTEM('MSRPC_PARSE',
s4-waf: more dependencies on talloc these are needed so we can support a system talloc without using the bundled talloc.h
2010-03-28 10:46:25 +04:00
source='msrpc_parse.c',
libcli-auth: Remove unnecessary dependency on libsamba-hostconfig.
2010-10-11 00:56:38 +04:00
deps='talloc'
build: commit all the waf build files in the tree
2010-03-17 14:07:42 +03:00
)
ntlmssp: Move ntlmssp code to auth/ntlmssp This brings in the code from both libcli/auth and source4/auth/ntlmssp. Andrew Bartlett Signed-off-by: Stefan Metzmacher <metze@samba.org>
2011-07-25 10:04:38 +04:00
bld.SAMBA_SUBSYSTEM('NTLM_CHECK',
source='ntlm_check.c',
smbdes: add des_crypt56_gnutls() using DES-CBC with zeroed IV Signed-off-by: Isaac Boukris <iboukris@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2019-10-19 23:48:19 +03:00
deps = 'talloc LIBCLI_AUTH'
ntlmssp: Move ntlmssp code to auth/ntlmssp This brings in the code from both libcli/auth and source4/auth/ntlmssp. Andrew Bartlett Signed-off-by: Stefan Metzmacher <metze@samba.org>
2011-07-25 10:04:38 +04:00
)
build: commit all the waf build files in the tree
2010-03-17 14:07:42 +03:00
bld.SAMBA_SUBSYSTEM('LIBCLI_AUTH',
source='credentials.c session.c smbencrypt.c smbdes.c',
CVE-2020-1472(ZeroLogon): libcli/auth: reject weak client challenges in netlogon_creds_server_init() This implements the note from MS-NRPC 3.1.4.1 Session-Key Negotiation: 7. If none of the first 5 bytes of the client challenge is unique, the server MUST fail session-key negotiation without further processing of the following steps. It lets ./zerologon_tester.py from https://github.com/SecuraBV/CVE-2020-1472.git report: "Attack failed. Target is probably patched." BUG: https://bugzilla.samba.org/show_bug.cgi?id=14497 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
2020-09-16 17:17:29 +03:00
public_deps='MSRPC_PARSE gnutls GNUTLS_HELPERS util_str_escape',
s4-waf: install the rest of the headers
2010-03-27 05:56:05 +03:00
public_headers='credentials.h:domain_credentials.h'
build: commit all the waf build files in the tree
2010-03-17 14:07:42 +03:00
)
build: moved schannel_sign.c into a shared COMMON_SCHANNEL subsystem Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2011-02-24 02:36:55 +03:00
bld.SAMBA_SUBSYSTEM('COMMON_SCHANNEL',
auth/gensec: move libcli/auth/schannel_sign.c into schannel.c Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2013-12-31 12:42:36 +04:00
source='schannel_state_tdb.c',
libcli/auth: convert to dbwrap. Signed-off-by: Rusty Russell <rusty@rustcorp.com.au> Reviewed-by: Jeremy Allison <jra@samba.org>
2013-04-11 11:42:12 +04:00
deps='dbwrap util_tdb samba-hostconfig NDR_NETLOGON'
build: commit all the waf build files in the tree
2010-03-17 14:07:42 +03:00
)
libcli/auth: add netlogon_creds_cli* infrastructure This provides an abstraction to hide netlogon_creds_CredentialState, which is stored in a node local tdb. Where the global state (netlogon_creds_CredentialState) between client and server was only kept in memory (on the client side), we now use the abstracted netlogon_creds_cli_context. We now use a node specific computer name in order to establish individual netlogon sessions per node. If the caller wants to use some netlogon calls with credential chain (struct netr_Authenticator), netlogon_creds_cli_lock*() is used to get the current netlogon_creds_CredentialState in a g_lock'ed fashion, a talloc_free() will release the lock. The locking is needed as there might be more than one process (multiple winbindd child, cmdline tools) which want to talk to a specific domain controller. The usage of netlogon_creds_CredentialState needs to be serialized as it uses sequence numbers. LogonSamLogonEx doesn't use the credential chain, but for some operations it needs the global session in order to de/encrypt individual fields. It uses the lockless netlogon_creds_cli_get() and netlogon_creds_cli_validate() functions, which just make sure the session hasn't changed between get and validate. This is prepares the proper fix for a large number of bugs: https://bugzilla.samba.org/show_bug.cgi?id=6563 https://bugzilla.samba.org/show_bug.cgi?id=7944 https://bugzilla.samba.org/show_bug.cgi?id=7945 https://bugzilla.samba.org/show_bug.cgi?id=7568 https://bugzilla.samba.org/show_bug.cgi?id=8599 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2013-04-18 21:16:42 +04:00
bld.SAMBA_SUBSYSTEM('NETLOGON_CREDS_CLI',
source='netlogon_creds_cli.c',
librpc: Remove the gensec dependency from library dcerpc-binding This means yet another library, but having to depend on gensec just for dcerpc_parse_binding() and basic packet parsing seems like a bit overkill to me. Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> Autobuild-User(master): Jeremy Allison <jra@samba.org> Autobuild-Date(master): Tue Apr 6 23:33:14 UTC 2021 on sn-devel-184
2021-04-02 14:41:21 +03:00
deps='''
dbwrap
util_tdb
tevent-util
samba-hostconfig
gensec
RPC_NDR_NETLOGON
NDR_NETLOGON
'''
libcli/auth: add netlogon_creds_cli* infrastructure This provides an abstraction to hide netlogon_creds_CredentialState, which is stored in a node local tdb. Where the global state (netlogon_creds_CredentialState) between client and server was only kept in memory (on the client side), we now use the abstracted netlogon_creds_cli_context. We now use a node specific computer name in order to establish individual netlogon sessions per node. If the caller wants to use some netlogon calls with credential chain (struct netr_Authenticator), netlogon_creds_cli_lock*() is used to get the current netlogon_creds_CredentialState in a g_lock'ed fashion, a talloc_free() will release the lock. The locking is needed as there might be more than one process (multiple winbindd child, cmdline tools) which want to talk to a specific domain controller. The usage of netlogon_creds_CredentialState needs to be serialized as it uses sequence numbers. LogonSamLogonEx doesn't use the credential chain, but for some operations it needs the global session in order to de/encrypt individual fields. It uses the lockless netlogon_creds_cli_get() and netlogon_creds_cli_validate() functions, which just make sure the session hasn't changed between get and validate. This is prepares the proper fix for a large number of bugs: https://bugzilla.samba.org/show_bug.cgi?id=6563 https://bugzilla.samba.org/show_bug.cgi?id=7944 https://bugzilla.samba.org/show_bug.cgi?id=7945 https://bugzilla.samba.org/show_bug.cgi?id=7568 https://bugzilla.samba.org/show_bug.cgi?id=8599 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2013-04-18 21:16:42 +04:00
)
pam: share pam errors in a common location. Guenther
2011-02-08 12:45:39 +03:00
bld.SAMBA_SUBSYSTEM('PAM_ERRORS',
libcli/auth: fix PAM_ERRORS subsystem build. (waf-)god knows why, without this (fake) dependency, ./configure && make fails while including replace.h while ./configure.developer && make succeeds... Guenther Autobuild-User: Günther Deschner <gd@samba.org> Autobuild-Date: Fri Feb 11 23:50:40 CET 2011 on sn-devel-104
2011-02-12 00:59:31 +03:00
source='pam_errors.c',
deps='talloc'
pam: share pam errors in a common location. Guenther
2011-02-08 12:45:39 +03:00
)
build: moved spnego_parse.c into a common subsystem
2011-02-24 05:00:52 +03:00
bld.SAMBA_SUBSYSTEM('SPNEGO_PARSE',
source='spnego_parse.c',
lib: make asn1_util a private library this prevents symbol duplication of the asn1 symbols in the service and ntvfs subsystems Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2011-04-06 08:28:28 +04:00
deps='asn1util')
CVE-2018-1139 libcli/auth: Add initial tests for ntlm_password_check() BUG: https://bugzilla.samba.org/show_bug.cgi?id=13360 Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
2018-07-26 23:44:24 +03:00
bld.SAMBA_BINARY(
'test_ntlm_check',
source='tests/ntlm_check.c',
deps='''
NTLM_CHECK
CREDENTIALS_NTLM
samba-credentials
cmocka
talloc
''',
build: Do not build selftest binaries for builds without --enable-selftest Add new for_selftest option to SAMBA_BINARY() and SAMBA3_BINARY() This allows us to be much more consistent (at least in the core Samba) and documents clearly why the binary should not be installed. Not modified are - test_lp_load - notifyd-tests - gendrandperf - test* from examples/libsmbclient - dbwrap_torture - split_tokens - locktest2 - msgtest - msg_sink - msg_source - versiontest - rpc_open_tcp - test_headers As these are not tested in selftest so any change would also be untested. Of course they probably should be added in a different MR. Also not modified (because they are not tests, nor part of the build system) are: - smb2mount - notifydd - log2pacp - debug2html - smbfilter - destroy_netlogon_creds_cli - spotlight2* - tevent_glib_tracker These do however appear to be untested. For now, the source4 forked client tools are left unchanged: - smbclient4 - nmblookup4 Finally, the heimdal binaries are left as install=False as they are either part of the build system or end-user tools that we just don't want to install. These are however tested. The motivation is commit like c34ec003b7d45aa4196ff93a0ac29694b25e5309 and da87fa998ab71328f30bcdf5b41aee8675aee48a, which are both totally correct but are not needed if the selftest is not run on MacOS. There are likely other platforms or build environments where building our test binaries is more pain than valuable, see for example also https://lists.samba.org/archive/samba/2019-November/227137.html Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Isaac Boukris <iboukris@samba.org> Autobuild-User(master): Isaac Boukris <iboukris@samba.org> Autobuild-Date(master): Fri Nov 22 11:48:59 UTC 2019 on sn-devel-184
2019-11-22 00:06:57 +03:00
for_selftest=True
CVE-2018-1139 libcli/auth: Add initial tests for ntlm_password_check() BUG: https://bugzilla.samba.org/show_bug.cgi?id=13360 Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
2018-07-26 23:44:24 +03:00
)
libcli:auth: Add test for decoding an RC4 password buffer BUG: https://bugzilla.samba.org/show_bug.cgi?id=14031 Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2019-07-05 10:39:02 +03:00
bld.SAMBA_BINARY('test_rc4_passwd_buffer',
source='tests/test_rc4_passwd_buffer.c',
deps='''
INIT_SAMR
LIBCLI_AUTH
cmocka
''',
build: Do not build selftest binaries for builds without --enable-selftest Add new for_selftest option to SAMBA_BINARY() and SAMBA3_BINARY() This allows us to be much more consistent (at least in the core Samba) and documents clearly why the binary should not be installed. Not modified are - test_lp_load - notifyd-tests - gendrandperf - test* from examples/libsmbclient - dbwrap_torture - split_tokens - locktest2 - msgtest - msg_sink - msg_source - versiontest - rpc_open_tcp - test_headers As these are not tested in selftest so any change would also be untested. Of course they probably should be added in a different MR. Also not modified (because they are not tests, nor part of the build system) are: - smb2mount - notifydd - log2pacp - debug2html - smbfilter - destroy_netlogon_creds_cli - spotlight2* - tevent_glib_tracker These do however appear to be untested. For now, the source4 forked client tools are left unchanged: - smbclient4 - nmblookup4 Finally, the heimdal binaries are left as install=False as they are either part of the build system or end-user tools that we just don't want to install. These are however tested. The motivation is commit like c34ec003b7d45aa4196ff93a0ac29694b25e5309 and da87fa998ab71328f30bcdf5b41aee8675aee48a, which are both totally correct but are not needed if the selftest is not run on MacOS. There are likely other platforms or build environments where building our test binaries is more pain than valuable, see for example also https://lists.samba.org/archive/samba/2019-November/227137.html Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Isaac Boukris <iboukris@samba.org> Autobuild-User(master): Isaac Boukris <iboukris@samba.org> Autobuild-Date(master): Fri Nov 22 11:48:59 UTC 2019 on sn-devel-184
2019-11-22 00:06:57 +03:00
for_selftest=True)
libcli/auth: add test for gensec_schannel code Guenther Signed-off-by: Guenther Deschner <gd@samba.org> Pair-Programmed-With: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
2019-09-26 00:44:49 +03:00
bld.SAMBA_BINARY('test_schannel',
source='tests/test_schannel.c',
deps='''
gensec
cmocka
''',
build: Do not build selftest binaries for builds without --enable-selftest Add new for_selftest option to SAMBA_BINARY() and SAMBA3_BINARY() This allows us to be much more consistent (at least in the core Samba) and documents clearly why the binary should not be installed. Not modified are - test_lp_load - notifyd-tests - gendrandperf - test* from examples/libsmbclient - dbwrap_torture - split_tokens - locktest2 - msgtest - msg_sink - msg_source - versiontest - rpc_open_tcp - test_headers As these are not tested in selftest so any change would also be untested. Of course they probably should be added in a different MR. Also not modified (because they are not tests, nor part of the build system) are: - smb2mount - notifydd - log2pacp - debug2html - smbfilter - destroy_netlogon_creds_cli - spotlight2* - tevent_glib_tracker These do however appear to be untested. For now, the source4 forked client tools are left unchanged: - smbclient4 - nmblookup4 Finally, the heimdal binaries are left as install=False as they are either part of the build system or end-user tools that we just don't want to install. These are however tested. The motivation is commit like c34ec003b7d45aa4196ff93a0ac29694b25e5309 and da87fa998ab71328f30bcdf5b41aee8675aee48a, which are both totally correct but are not needed if the selftest is not run on MacOS. There are likely other platforms or build environments where building our test binaries is more pain than valuable, see for example also https://lists.samba.org/archive/samba/2019-November/227137.html Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Isaac Boukris <iboukris@samba.org> Autobuild-User(master): Isaac Boukris <iboukris@samba.org> Autobuild-Date(master): Fri Nov 22 11:48:59 UTC 2019 on sn-devel-184
2019-11-22 00:06:57 +03:00
for_selftest=True)
libcli/auth: add gnutls test for aes-128-cfb8 cipher bug Guenther Signed-off-by: Guenther Deschner <gd@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org> Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org> Autobuild-Date(master): Mon Oct 7 09:31:35 UTC 2019 on sn-devel-184
2019-09-28 14:10:32 +03:00
bld.SAMBA_BINARY('test_gnutls',
source='tests/test_gnutls.c',
deps='''
gnutls
libcli/auth: test des_crypt56() and add test_gnutls to selftest Signed-off-by: Isaac Boukris <iboukris@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2019-11-09 19:47:33 +03:00
LIBCLI_AUTH
libcli/auth: add gnutls test for aes-128-cfb8 cipher bug Guenther Signed-off-by: Guenther Deschner <gd@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org> Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org> Autobuild-Date(master): Mon Oct 7 09:31:35 UTC 2019 on sn-devel-184
2019-09-28 14:10:32 +03:00
cmocka
samba-util
''',
build: Do not build selftest binaries for builds without --enable-selftest Add new for_selftest option to SAMBA_BINARY() and SAMBA3_BINARY() This allows us to be much more consistent (at least in the core Samba) and documents clearly why the binary should not be installed. Not modified are - test_lp_load - notifyd-tests - gendrandperf - test* from examples/libsmbclient - dbwrap_torture - split_tokens - locktest2 - msgtest - msg_sink - msg_source - versiontest - rpc_open_tcp - test_headers As these are not tested in selftest so any change would also be untested. Of course they probably should be added in a different MR. Also not modified (because they are not tests, nor part of the build system) are: - smb2mount - notifydd - log2pacp - debug2html - smbfilter - destroy_netlogon_creds_cli - spotlight2* - tevent_glib_tracker These do however appear to be untested. For now, the source4 forked client tools are left unchanged: - smbclient4 - nmblookup4 Finally, the heimdal binaries are left as install=False as they are either part of the build system or end-user tools that we just don't want to install. These are however tested. The motivation is commit like c34ec003b7d45aa4196ff93a0ac29694b25e5309 and da87fa998ab71328f30bcdf5b41aee8675aee48a, which are both totally correct but are not needed if the selftest is not run on MacOS. There are likely other platforms or build environments where building our test binaries is more pain than valuable, see for example also https://lists.samba.org/archive/samba/2019-November/227137.html Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Isaac Boukris <iboukris@samba.org> Autobuild-User(master): Isaac Boukris <iboukris@samba.org> Autobuild-Date(master): Fri Nov 22 11:48:59 UTC 2019 on sn-devel-184
2019-11-22 00:06:57 +03:00
for_selftest=True)
libcli:auth: Add test for encode_pwd_buffer514_from_str() Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
2022-07-25 12:25:09 +03:00
bld.SAMBA_BINARY('test_encode_decode',
source='tests/test_encode_decode.c',
deps='''
LIBCLI_AUTH
cmocka
samba-util
''',
for_selftest=True)
Copy Permalink