sin/samba-mirror
1
0
Fork 0
mirror of https://github.com/samba-team/samba.git synced 2025-02-23 09:57:40 +03:00
Code

Merge branch 'v4-0-test' into v4-0-gmake3

Browse Source 
Conflicts:

	source/auth/config.mk
	source/auth/gensec/config.mk
	source/torture/smbtorture.c
(This used to be commit edfd02e59bba86b977bd60848f57a614691fff7a)
This commit is contained in:
Jelmer Vernooij 2008-05-10 18:08:00 +02:00
commit 7b45a4d7fa
93 changed files with 1002 additions and 748 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

377
source4/auth/auth_server.c
View File

@ -1,377 +0,0 @@
/*
Unix SMB/CIFS implementation.
Authenticate to a remote server
Copyright (C) Andrew Tridgell 1992-1998
Copyright (C) Andrew Bartlett 2001
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 3 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
#include "includes.h"
/****************************************************************************
Support for server level security.
****************************************************************************/
static struct smbcli_state *server_cryptkey(TALLOC_CTX *mem_ctx, bool unicode, int maxprotocol, struct resolve_context *resolve_ctx)
{
struct smbcli_state *cli = NULL;
fstring desthost;
struct in_addr dest_ip;
const char *p;
char *pserver;
bool connected_ok = false;
if (!(cli = smbcli_initialise(cli)))
return NULL;
/* security = server just can't function with spnego */
cli->use_spnego = false;
pserver = talloc_strdup(mem_ctx, lp_passwordserver());
p = pserver;
while(next_token( &p, desthost, LIST_SEP, sizeof(desthost))) {
strupper(desthost);
if(!resolve_name(resolve_ctx, desthost, &dest_ip, 0x20)) {
DEBUG(1,("server_cryptkey: Can't resolve address for %s\n",desthost));
continue;
}
if (ismyip(dest_ip)) {
DEBUG(1,("Password server loop - disabling password server %s\n",desthost));
continue;
}
/* we use a mutex to prevent two connections at once - when a
Win2k PDC get two connections where one hasn't completed a
session setup yet it will send a TCP reset to the first
connection (tridge) */
if (!grab_server_mutex(desthost)) {
return NULL;
}
if (smbcli_connect(cli, desthost, &dest_ip)) {
DEBUG(3,("connected to password server %s\n",desthost));
connected_ok = true;
break;
}
}
if (!connected_ok) {
release_server_mutex();
DEBUG(0,("password server not available\n"));
talloc_free(cli);
return NULL;
}
if (!attempt_netbios_session_request(cli, lp_netbios_name(),
desthost, &dest_ip)) {
release_server_mutex();
DEBUG(1,("password server fails session request\n"));
talloc_free(cli);
return NULL;
}
if (strequal(desthost,myhostname(mem_ctx))) {
exit_server("Password server loop!");
}
DEBUG(3,("got session\n"));
if (!smbcli_negprot(cli, unicode, maxprotocol)) {
DEBUG(1,("%s rejected the negprot\n",desthost));
release_server_mutex();
talloc_free(cli);
return NULL;
}
if (cli->protocol < PROTOCOL_LANMAN2 ||
!(cli->sec_mode & NEGOTIATE_SECURITY_USER_LEVEL)) {
DEBUG(1,("%s isn't in user level security mode\n",desthost));
release_server_mutex();
talloc_free(cli);
return NULL;
}
/* Get the first session setup done quickly, to avoid silly
Win2k bugs. (The next connection to the server will kill
this one...
*/
if (!smbcli_session_setup(cli, "", "", 0, "", 0,
"")) {
DEBUG(0,("%s rejected the initial session setup (%s)\n",
desthost, smbcli_errstr(cli)));
release_server_mutex();
talloc_free(cli);
return NULL;
}
release_server_mutex();
DEBUG(3,("password server OK\n"));
return cli;
}
/****************************************************************************
Clean up our allocated cli.
****************************************************************************/
static void free_server_private_data(void **private_data_pointer)
{
struct smbcli_state **cli = (struct smbcli_state **)private_data_pointer;
if (*cli && (*cli)->initialised) {
talloc_free(*cli);
}
}
/****************************************************************************
Get the challenge out of a password server.
****************************************************************************/
static DATA_BLOB auth_get_challenge_server(const struct auth_context *auth_context,
void **my_private_data,
TALLOC_CTX *mem_ctx)
{
struct smbcli_state *cli = server_cryptkey(mem_ctx, lp_cli_maxprotocol(auth_context->lp_ctx));
if (cli) {
DEBUG(3,("using password server validation\n"));
if ((cli->sec_mode & NEGOTIATE_SECURITY_CHALLENGE_RESPONSE) == 0) {
/* We can't work with unencrypted password servers
unless 'encrypt passwords = no' */
DEBUG(5,("make_auth_info_server: Server is unencrypted, no challenge available..\n"));
/* However, it is still a perfectly fine connection
to pass that unencrypted password over */
*my_private_data = (void *)cli;
return data_blob(NULL, 0);
} else if (cli->secblob.length < 8) {
/* We can't do much if we don't get a full challenge */
DEBUG(2,("make_auth_info_server: Didn't receive a full challenge from server\n"));
talloc_free(cli);
return data_blob(NULL, 0);
}
*my_private_data = (void *)cli;
/* The return must be allocated on the caller's mem_ctx, as our own will be
destoyed just after the call. */
return data_blob_talloc(auth_context->mem_ctx, cli->secblob.data,8);
} else {
return data_blob(NULL, 0);
}
}
/****************************************************************************
Check for a valid username and password in security=server mode.
- Validate a password with the password server.
****************************************************************************/
static NTSTATUS check_smbserver_security(const struct auth_context *auth_context,
void *my_private_data,
TALLOC_CTX *mem_ctx,
const auth_usersupplied_info *user_info,
auth_serversupplied_info **server_info)
{
struct smbcli_state *cli;
static uint8_t badpass[24];
static fstring baduser;
static bool tested_password_server = false;
static bool bad_password_server = false;
NTSTATUS nt_status = NT_STATUS_LOGON_FAILURE;
bool locally_made_cli = false;
/*
* Check that the requested domain is not our own machine name.
* If it is, we should never check the PDC here, we use our own local
* password file.
*/
if (lp_is_myname(auth_context->lp_ctx, user_info->domain.str)) {
DEBUG(3,("check_smbserver_security: Requested domain was for this machine.\n"));
return NT_STATUS_LOGON_FAILURE;
}
cli = my_private_data;
if (cli) {
} else {
cli = server_cryptkey(mem_ctx, lp_unicode(auth_context->lp_ctx), lp_cli_maxprotocol(auth_context->lp_ctx), lp_resolve_context(auth_context->lp_ctx));
locally_made_cli = true;
}
if (!cli || !cli->initialised) {
DEBUG(1,("password server is not connected (cli not initilised)\n"));
return NT_STATUS_LOGON_FAILURE;
}
if ((cli->sec_mode & NEGOTIATE_SECURITY_CHALLENGE_RESPONSE) == 0) {
if (user_info->encrypted) {
DEBUG(1,("password server %s is plaintext, but we are encrypted. This just can't work :-(\n", cli->desthost));
return NT_STATUS_LOGON_FAILURE;
}
} else {
if (memcmp(cli->secblob.data, auth_context->challenge.data, 8) != 0) {
DEBUG(1,("the challenge that the password server (%s) supplied us is not the one we gave our client. This just can't work :-(\n", cli->desthost));
return NT_STATUS_LOGON_FAILURE;
}
}
if(badpass[0] == 0)
memset(badpass, 0x1f, sizeof(badpass));
if((user_info->nt_resp.length == sizeof(badpass)) &&
!memcmp(badpass, user_info->nt_resp.data, sizeof(badpass))) {
/*
* Very unlikely, our random bad password is the same as the users
* password.
*/
memset(badpass, badpass[0]+1, sizeof(badpass));
}
if(baduser[0] == 0) {
fstrcpy(baduser, INVALID_USER_PREFIX);
fstrcat(baduser, lp_netbios_name());
}
/*
* Attempt a session setup with a totally incorrect password.
* If this succeeds with the guest bit *NOT* set then the password
* server is broken and is not correctly setting the guest bit. We
* need to detect this as some versions of NT4.x are broken. JRA.
*/
/* I sure as hell hope that there aren't servers out there that take
* NTLMv2 and have this bug, as we don't test for that...
* - abartlet@samba.org
*/
if ((!tested_password_server) && (lp_paranoid_server_security())) {
if (smbcli_session_setup(cli, baduser, (char *)badpass, sizeof(badpass),
(char *)badpass, sizeof(badpass), user_info->domain.str)) {
/*
* We connected to the password server so we
* can say we've tested it.
*/
tested_password_server = true;
if ((SVAL(cli->inbuf,smb_vwv2) & 1) == 0) {
DEBUG(0,("server_validate: password server %s allows users as non-guest \
with a bad password.\n", cli->desthost));
DEBUG(0,("server_validate: This is broken (and insecure) behaviour. Please do not \
use this machine as the password server.\n"));
smbcli_ulogoff(cli);
/*
* Password server has the bug.
*/
bad_password_server = true;
return NT_STATUS_LOGON_FAILURE;
}
smbcli_ulogoff(cli);
}
} else {
/*
* We have already tested the password server.
* Fail immediately if it has the bug.
*/
if(bad_password_server) {
DEBUG(0,("server_validate: [1] password server %s allows users as non-guest \
with a bad password.\n", cli->desthost));
DEBUG(0,("server_validate: [1] This is broken (and insecure) behaviour. Please do not \
use this machine as the password server.\n"));
return NT_STATUS_LOGON_FAILURE;
}
}
/*
* Now we know the password server will correctly set the guest bit, or is
* not guest enabled, we can try with the real password.
*/
if (!user_info->encrypted) {
/* Plaintext available */
if (!smbcli_session_setup(cli, user_info->smb_name.str,
(char *)user_info->plaintext_password.data,
user_info->plaintext_password.length,
NULL, 0,
user_info->domain.str)) {
DEBUG(1,("password server %s rejected the password\n", cli->desthost));
/* Make this smbcli_nt_error() when the conversion is in */
nt_status = smbcli_nt_error(cli);
} else {
nt_status = NT_STATUS_OK;
}
} else {
if (!smbcli_session_setup(cli, user_info->smb_name.str,
(char *)user_info->lm_resp.data,
user_info->lm_resp.length,
(char *)user_info->nt_resp.data,
user_info->nt_resp.length,
user_info->domain.str)) {
DEBUG(1,("password server %s rejected the password\n", cli->desthost));
/* Make this smbcli_nt_error() when the conversion is in */
nt_status = smbcli_nt_error(cli);
} else {
nt_status = NT_STATUS_OK;
}
}
/* if logged in as guest then reject */
if ((SVAL(cli->inbuf,smb_vwv2) & 1) != 0) {
DEBUG(1,("password server %s gave us guest only\n", cli->desthost));
nt_status = NT_STATUS_LOGON_FAILURE;
}
smbcli_ulogoff(cli);
if NT_STATUS_IS_OK(nt_status) {
struct passwd *pass = Get_Pwnam(user_info->internal_username.str);
if (pass) {
nt_status = make_server_info_pw(auth_context, server_info, pass);
} else {
nt_status = NT_STATUS_NO_SUCH_USER;
}
}
if (locally_made_cli) {
talloc_free(cli);
}
return(nt_status);
}
NTSTATUS auth_init_smbserver(struct auth_context *auth_context, const char* param, auth_methods **auth_method)
{
if (!make_auth_methods(auth_context, auth_method)) {
return NT_STATUS_NO_MEMORY;
}
(*auth_method)->name = "smbserver";
(*auth_method)->auth = check_smbserver_security;
(*auth_method)->get_chal = auth_get_challenge_server;
(*auth_method)->send_keepalive = send_server_keepalive;
(*auth_method)->free_private_data = free_server_private_data;
return NT_STATUS_OK;
}

71
source4/auth/config.mk
View File

@ -2,13 +2,14 @@
mkinclude gensec/config.mk
mkinclude kerberos/config.mk
mkinclude ntlmssp/config.mk
mkinclude ntlm/config.mk
mkinclude credentials/config.mk
[SUBSYSTEM::auth_session]
PRIVATE_PROTO_HEADER = session_proto.h
PUBLIC_DEPENDENCIES = CREDENTIALS
# PUBLIC_HEADERS += auth/session.h
PUBLIC_HEADERS += auth/session.h
auth_session_OBJ_FILES = $(addprefix auth/, session.o)
@ -24,79 +25,13 @@ PRIVATE_PROTO_HEADER = auth_sam.h
PUBLIC_DEPENDENCIES = SAMDB UTIL_LDB LIBSECURITY
PRIVATE_DEPENDENCIES = LDAP_ENCODE
auth_sam_OBJ_FILES = $(addprefix auth/, sam.o ntlm_check.o)
auth_sam_OBJ_FILES = $(addprefix auth/, sam.o)
[SUBSYSTEM::auth_sam_reply]
PRIVATE_PROTO_HEADER = auth_sam_reply.h
auth_sam_reply_OBJ_FILES = $(addprefix auth/, auth_sam_reply.o)
#######################
# Start MODULE auth_sam
[MODULE::auth_sam_module]
# gensec_krb5 and gensec_gssapi depend on it
INIT_FUNCTION = auth_sam_init
SUBSYSTEM = service_auth
PRIVATE_DEPENDENCIES = \
SAMDB auth_sam
# End MODULE auth_sam
#######################
auth_sam_module_OBJ_FILES = $(addprefix auth/, auth_sam.o)
#######################
# Start MODULE auth_anonymous
[MODULE::auth_anonymous]
INIT_FUNCTION = auth_anonymous_init
SUBSYSTEM = service_auth
# End MODULE auth_anonymous
#######################
auth_anonymous_OBJ_FILES = $(addprefix auth/, auth_anonymous.o)
#######################
# Start MODULE auth_winbind
[MODULE::auth_winbind]
INIT_FUNCTION = auth_winbind_init
SUBSYSTEM = service_auth
PRIVATE_DEPENDENCIES = NDR_WINBIND MESSAGING LIBWINBIND-CLIENT
# End MODULE auth_winbind
#######################
auth_winbind_OBJ_FILES = $(addprefix auth/, auth_winbind.o)
#######################
# Start MODULE auth_developer
[MODULE::auth_developer]
INIT_FUNCTION = auth_developer_init
SUBSYSTEM = service_auth
# End MODULE auth_developer
#######################
auth_developer_OBJ_FILES = $(addprefix auth/, auth_developer.o)
[MODULE::auth_unix]
INIT_FUNCTION = auth_unix_init
SUBSYSTEM = service_auth
PRIVATE_DEPENDENCIES = CRYPT PAM PAM_ERRORS NSS_WRAPPER
auth_unix_OBJ_FILES = $(addprefix auth/, auth_unix.o)
[SUBSYSTEM::PAM_ERRORS]
PRIVATE_PROTO_HEADER = pam_errors.h
PAM_ERRORS_OBJ_FILES = $(addprefix auth/, pam_errors.o)
[MODULE::auth]
INIT_FUNCTION = server_service_auth_init
SUBSYSTEM = smbd
PRIVATE_PROTO_HEADER = auth_proto.h
PRIVATE_DEPENDENCIES = LIBSAMBA-UTIL LIBSECURITY SAMDB CREDENTIALS
auth_OBJ_FILES = $(addprefix auth/, auth.o auth_util.o auth_simple.o)
# PUBLIC_HEADERS += auth/auth.h
[PYTHON::swig_auth]
PUBLIC_DEPENDENCIES = auth_system_session
PRIVATE_DEPENDENCIES = SAMDB

20
source4/auth/credentials/credentials.c
View File

@ -306,6 +306,8 @@ _PUBLIC_ bool cli_credentials_set_password(struct cli_credentials *cred,
cli_credentials_invalidate_ccache(cred, cred->password_obtained);
cred->nt_hash = NULL;
cred->lm_response = data_blob(NULL, 0);
cred->nt_response = data_blob(NULL, 0);
return true;
}
@ -376,24 +378,6 @@ _PUBLIC_ const struct samr_Password *cli_credentials_get_nt_hash(struct cli_cred
}
}
_PUBLIC_ bool cli_credentials_set_nt_hash(struct cli_credentials *cred,
const struct samr_Password *nt_hash,
enum credentials_obtained obtained)
{
if (obtained >= cred->password_obtained) {
cli_credentials_set_password(cred, NULL, obtained);
if (nt_hash) {
cred->nt_hash = talloc(cred, struct samr_Password);
*cred->nt_hash = *nt_hash;
} else {
cred->nt_hash = NULL;
}
return true;
}
return false;
}
/**
* Obtain the 'short' or 'NetBIOS' domain for this credentials context.
* @param cred credentials context

9
source4/auth/credentials/credentials.h
View File

@ -80,8 +80,13 @@ struct cli_credentials {
const char *bind_dn;
/* Allows authentication from a keytab or similar */
struct samr_Password *nt_hash;
/* Allows NTLM pass-though authentication */
DATA_BLOB lm_response;
DATA_BLOB nt_response;
struct ccache_container *ccache;
struct gssapi_creds_container *client_gss_creds;
struct keytab_container *keytab;
@ -221,6 +226,10 @@ void cli_credentials_set_kvno(struct cli_credentials *cred,
bool cli_credentials_set_nt_hash(struct cli_credentials *cred,
const struct samr_Password *nt_hash,
enum credentials_obtained obtained);
bool cli_credentials_set_ntlm_response(struct cli_credentials *cred,
const DATA_BLOB *lm_response,
const DATA_BLOB *nt_response,
enum credentials_obtained obtained);
int cli_credentials_set_keytab_name(struct cli_credentials *cred,
struct event_context *event_ctx,
struct loadparm_context *lp_ctx,

52
source4/auth/credentials/credentials_ntlm.c
View File

@ -52,6 +52,20 @@ _PUBLIC_ NTSTATUS cli_credentials_get_ntlm_response(struct cli_credentials *cred
const struct samr_Password *nt_hash;
lm_session_key = data_blob(NULL, 0);
/* We may already have an NTLM response we prepared earlier.
* This is used for NTLM pass-though authentication */
if (cred->nt_response.data || cred->lm_response.data) {
*_nt_response = cred->nt_response;
*_lm_response = cred->lm_response;
if (!cred->lm_response.data) {
*flags = *flags & ~CLI_CRED_LANMAN_AUTH;
}
*_lm_session_key = data_blob(NULL, 0);
*_session_key = data_blob(NULL, 0);
return NT_STATUS_OK;
}
nt_hash = cli_credentials_get_nt_hash(cred, mem_ctx);
cli_credentials_get_ntlm_username_domain(cred, mem_ctx, &user, &domain);
@ -215,3 +229,41 @@ _PUBLIC_ NTSTATUS cli_credentials_get_ntlm_response(struct cli_credentials *cred
return NT_STATUS_OK;
}
_PUBLIC_ bool cli_credentials_set_nt_hash(struct cli_credentials *cred,
const struct samr_Password *nt_hash,
enum credentials_obtained obtained)
{
if (obtained >= cred->password_obtained) {
cli_credentials_set_password(cred, NULL, obtained);
if (nt_hash) {
cred->nt_hash = talloc(cred, struct samr_Password);
*cred->nt_hash = *nt_hash;
} else {
cred->nt_hash = NULL;
}
return true;
}
return false;
}
_PUBLIC_ bool cli_credentials_set_ntlm_response(struct cli_credentials *cred,
const DATA_BLOB *lm_response,
const DATA_BLOB *nt_response,
enum credentials_obtained obtained)
{
if (obtained >= cred->password_obtained) {
cli_credentials_set_password(cred, NULL, obtained);
if (nt_response) {
cred->nt_response = data_blob_talloc(cred, nt_response->data, nt_response->length);
talloc_steal(cred, cred->nt_response.data);
}
if (nt_response) {
cred->lm_response = data_blob_talloc(cred, lm_response->data, lm_response->length);
}
return true;
}
return false;
}

2
source4/auth/gensec/config.mk
View File

@ -20,7 +20,7 @@ PUBLIC_HEADERS += auth/gensec/gensec.h
[MODULE::gensec_krb5]
SUBSYSTEM = gensec
INIT_FUNCTION = gensec_krb5_init
PRIVATE_DEPENDENCIES = CREDENTIALS KERBEROS service_auth auth_sam
PRIVATE_DEPENDENCIES = CREDENTIALS KERBEROS auth_session auth_sam
# End MODULE gensec_krb5
################################################

3
source4/auth/auth.c → source4/auth/ntlm/auth.c
View File

@ -21,7 +21,7 @@
#include "includes.h"
#include "lib/util/dlinklist.h"
#include "auth/auth.h"
#include "auth/auth_proto.h"
#include "auth/ntlm/auth_proto.h"
#include "lib/events/events.h"
#include "param/param.h"
@ -520,6 +520,7 @@ _PUBLIC_ NTSTATUS auth_init(void)
extern NTSTATUS auth_anonymous_init(void);
extern NTSTATUS auth_unix_init(void);
extern NTSTATUS auth_sam_init(void);
extern NTSTATUS auth_server_init(void);
init_module_fn static_init[] = { STATIC_service_auth_MODULES };

2
source4/auth/auth_anonymous.c → source4/auth/ntlm/auth_anonymous.c
View File

@ -21,7 +21,7 @@
#include "includes.h"
#include "auth/auth.h"
#include "auth/auth_proto.h"
#include "auth/ntlm/auth_proto.h"
#include "param/param.h"
/**

2
source4/auth/auth_developer.c → source4/auth/ntlm/auth_developer.c
View File

@ -21,7 +21,7 @@
#include "includes.h"
#include "auth/auth.h"
#include "auth/auth_proto.h"
#include "auth/ntlm/auth_proto.h"
#include "libcli/security/security.h"
#include "librpc/gen_ndr/ndr_samr.h"

50
source4/auth/ntlm/auth_proto.h Normal file
View File

@ -0,0 +1,50 @@
#ifndef __AUTH_NTLM_AUTH_PROTO_H__
#define __AUTH_NTLM_AUTH_PROTO_H__
#undef _PRINTF_ATTRIBUTE
#define _PRINTF_ATTRIBUTE(a1, a2) PRINTF_ATTRIBUTE(a1, a2)
/* This file was automatically generated by mkproto.pl. DO NOT EDIT */
/* this file contains prototypes for functions that are private
* to this subsystem or library. These functions should not be
* used outside this particular subsystem! */
/* The following definitions come from auth/ntlm/auth.c */
/***************************************************************************
Set a fixed challenge
***************************************************************************/
bool auth_challenge_may_be_modified(struct auth_context *auth_ctx) ;
const struct auth_operations *auth_backend_byname(const char *name);
const struct auth_critical_sizes *auth_interface_version(void);
NTSTATUS server_service_auth_init(void);
/* The following definitions come from auth/ntlm/auth_util.c */
NTSTATUS auth_get_challenge_not_implemented(struct auth_method_context *ctx, TALLOC_CTX *mem_ctx, DATA_BLOB *challenge);
/****************************************************************************
Create an auth_usersupplied_data structure after appropriate mapping.
****************************************************************************/
NTSTATUS map_user_info(TALLOC_CTX *mem_ctx,
const char *default_domain,
const struct auth_usersupplied_info *user_info,
struct auth_usersupplied_info **user_info_mapped);
/****************************************************************************
Create an auth_usersupplied_data structure after appropriate mapping.
****************************************************************************/
NTSTATUS encrypt_user_info(TALLOC_CTX *mem_ctx, struct auth_context *auth_context,
enum auth_password_state to_state,
const struct auth_usersupplied_info *user_info_in,
const struct auth_usersupplied_info **user_info_encrypted);
/* The following definitions come from auth/ntlm/auth_simple.c */
#undef _PRINTF_ATTRIBUTE
#define _PRINTF_ATTRIBUTE(a1, a2)
#endif /* __AUTH_NTLM_AUTH_PROTO_H__ */

3
source4/auth/auth_sam.c → source4/auth/ntlm/auth_sam.c
View File

@ -25,7 +25,8 @@
#include "lib/ldb/include/ldb.h"
#include "util/util_ldb.h"
#include "auth/auth.h"
#include "auth/auth_proto.h"
#include "auth/ntlm/ntlm_check.h"
#include "auth/ntlm/auth_proto.h"
#include "auth/auth_sam.h"
#include "dsdb/samdb/samdb.h"
#include "libcli/security/security.h"

225
source4/auth/ntlm/auth_server.c Normal file
View File

@ -0,0 +1,225 @@
/*
Unix SMB/CIFS implementation.
Authenticate by using a remote server
Copyright (C) Andrew Bartlett 2001-2002, 2008
Copyright (C) Jelmer Vernooij 2002
Copyright (C) Stefan Metzmacher 2005
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 3 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
#include "includes.h"
#include "auth/auth.h"
#include "auth/ntlm/auth_proto.h"
#include "auth/credentials/credentials.h"
#include "libcli/security/security.h"
#include "librpc/gen_ndr/ndr_samr.h"
#include "libcli/smb_composite/smb_composite.h"
#include "param/param.h"
#include "libcli/resolve/resolve.h"
/* This version of 'security=server' rewirtten from scratch for Samba4
* libraries in 2008 */
static NTSTATUS server_want_check(struct auth_method_context *ctx,
TALLOC_CTX *mem_ctx,
const struct auth_usersupplied_info *user_info)
{
return NT_STATUS_OK;
}
/**
* The challenge from the target server, when operating in security=server
**/
static NTSTATUS server_get_challenge(struct auth_method_context *ctx, TALLOC_CTX *mem_ctx, DATA_BLOB *_blob)
{
struct smb_composite_connect io;
struct smbcli_options smb_options;
const char **host_list;
NTSTATUS status;
/* Make a connection to the target server, found by 'password server' in smb.conf */
lp_smbcli_options(ctx->auth_ctx->lp_ctx, &smb_options);
/* Make a negprot, WITHOUT SPNEGO, so we get a challenge nice an easy */
io.in.options.use_spnego = false;
/* Hope we don't get * (the default), as this won't work... */
host_list = lp_passwordserver(ctx->auth_ctx->lp_ctx);
if (!host_list) {
return NT_STATUS_INTERNAL_ERROR;
}
io.in.dest_host = host_list[0];
if (strequal(io.in.dest_host, "*")) {
return NT_STATUS_INTERNAL_ERROR;
}
io.in.dest_ports = lp_smb_ports(ctx->auth_ctx->lp_ctx);
io.in.called_name = strupper_talloc(mem_ctx, io.in.dest_host);
/* We don't want to get as far as the session setup */
io.in.credentials = NULL;
io.in.service = NULL;
io.in.workgroup = ""; /* only used with SPNEGO, disabled above */
io.in.options = smb_options;
status = smb_composite_connect(&io, mem_ctx, lp_resolve_context(ctx->auth_ctx->lp_ctx),
ctx->auth_ctx->event_ctx);
if (!NT_STATUS_IS_OK(status)) {
*_blob = io.out.tree->session->transport->negotiate.secblob;
ctx->private_data = talloc_steal(ctx, io.out.tree->session);
}
return NT_STATUS_OK;
}
/**
* Return an error based on username
*
* This function allows the testing of obsure errors, as well as the generation
* of NT_STATUS -> DOS error mapping tables.
*
* This module is of no value to end-users.
*
* The password is ignored.
*
* @return An NTSTATUS value based on the username
**/
static NTSTATUS server_check_password(struct auth_method_context *ctx,
TALLOC_CTX *mem_ctx,
const struct auth_usersupplied_info *user_info,
struct auth_serversupplied_info **_server_info)
{
NTSTATUS nt_status;
struct auth_serversupplied_info *server_info;
struct cli_credentials *creds;
const char *user;
struct smb_composite_sesssetup session_setup;
struct smbcli_session *session = talloc_get_type(ctx->private_data, struct smbcli_session);
creds = cli_credentials_init(mem_ctx);
NT_STATUS_HAVE_NO_MEMORY(creds);
cli_credentials_set_username(creds, user_info->client.account_name, CRED_SPECIFIED);
cli_credentials_set_domain(creds, user_info->client.domain_name, CRED_SPECIFIED);
switch (user_info->password_state) {
case AUTH_PASSWORD_PLAIN:
cli_credentials_set_password(creds, user_info->password.plaintext,
CRED_SPECIFIED);
break;
case AUTH_PASSWORD_HASH:
cli_credentials_set_nt_hash(creds, user_info->password.hash.nt,
CRED_SPECIFIED);
break;
case AUTH_PASSWORD_RESPONSE:
cli_credentials_set_ntlm_response(creds, &user_info->password.response.lanman, &user_info->password.response.nt, CRED_SPECIFIED);
break;
}
session_setup.in.sesskey = session->transport->negotiate.sesskey;
session_setup.in.capabilities = session->transport->negotiate.capabilities;
session_setup.in.credentials = creds;
session_setup.in.workgroup = ""; /* Only used with SPNEGO, which we are not doing */
/* Check password with remove server - this should be async some day */
nt_status = smb_composite_sesssetup(session, &session_setup);
if (!NT_STATUS_IS_OK(nt_status)) {
return nt_status;
}
server_info = talloc(mem_ctx, struct auth_serversupplied_info);
NT_STATUS_HAVE_NO_MEMORY(server_info);
server_info->account_sid = dom_sid_parse_talloc(server_info, SID_NT_ANONYMOUS);
NT_STATUS_HAVE_NO_MEMORY(server_info->account_sid);
/* is this correct? */
server_info->primary_group_sid = dom_sid_parse_talloc(server_info, SID_BUILTIN_GUESTS);
NT_STATUS_HAVE_NO_MEMORY(server_info->primary_group_sid);
server_info->n_domain_groups = 0;
server_info->domain_groups = NULL;
/* annoying, but the Anonymous really does have a session key,
and it is all zeros! */
server_info->user_session_key = data_blob(NULL, 0);
server_info->lm_session_key = data_blob(NULL, 0);
server_info->account_name = talloc_strdup(server_info, user_info->client.account_name);
NT_STATUS_HAVE_NO_MEMORY(server_info->account_name);
server_info->domain_name = talloc_strdup(server_info, user_info->client.domain_name);
NT_STATUS_HAVE_NO_MEMORY(server_info->domain_name);
server_info->full_name = NULL;
server_info->logon_script = talloc_strdup(server_info, "");
NT_STATUS_HAVE_NO_MEMORY(server_info->logon_script);
server_info->profile_path = talloc_strdup(server_info, "");
NT_STATUS_HAVE_NO_MEMORY(server_info->profile_path);
server_info->home_directory = talloc_strdup(server_info, "");
NT_STATUS_HAVE_NO_MEMORY(server_info->home_directory);
server_info->home_drive = talloc_strdup(server_info, "");
NT_STATUS_HAVE_NO_MEMORY(server_info->home_drive);
server_info->last_logon = 0;
server_info->last_logoff = 0;
server_info->acct_expiry = 0;
server_info->last_password_change = 0;
server_info->allow_password_change = 0;
server_info->force_password_change = 0;
server_info->logon_count = 0;
server_info->bad_password_count = 0;
server_info->acct_flags = ACB_NORMAL;
server_info->authenticated = false;
*_server_info = server_info;
return nt_status;
}
static const struct auth_operations server_auth_ops = {
.name = "server",
.get_challenge = server_get_challenge,
.want_check = server_want_check,
.check_password = server_check_password
};
_PUBLIC_ NTSTATUS auth_server_init(void)
{
NTSTATUS ret;
ret = auth_register(&server_auth_ops);
if (!NT_STATUS_IS_OK(ret)) {
DEBUG(0,("Failed to register 'server' auth backend!\n"));
return ret;
}
return ret;
}

0
source4/auth/auth_simple.c → source4/auth/ntlm/auth_simple.c
View File

4
source4/auth/auth_unix.c → source4/auth/ntlm/auth_unix.c
View File

@ -21,10 +21,10 @@
#include "includes.h"
#include "auth/auth.h"
#include "auth/auth_proto.h"
#include "auth/ntlm/auth_proto.h"
#include "system/passwd.h" /* needed by some systems for struct passwd */
#include "lib/socket/socket.h"
#include "auth/pam_errors.h"
#include "auth/ntlm/pam_errors.h"
#include "param/param.h"
/* TODO: look at how to best fill in parms retrieveing a struct passwd info

0
source4/auth/auth_util.c → source4/auth/ntlm/auth_util.c
View File

2
source4/auth/auth_winbind.c → source4/auth/ntlm/auth_winbind.c
View File

@ -23,7 +23,7 @@
#include "includes.h"
#include "auth/auth.h"
#include "auth/auth_proto.h"
#include "auth/ntlm/auth_proto.h"
#include "auth/session_proto.h"
#include "nsswitch/winbind_client.h"
#include "librpc/gen_ndr/ndr_netlogon.h"

87
source4/auth/ntlm/config.mk Normal file
View File

@ -0,0 +1,87 @@
# NTLM auth server subsystem
[SUBSYSTEM::ntlm_check]
PRIVATE_DEPENDENCIES = LIBSAMBA-UTIL
ntlm_check_OBJ_FILES = $(addprefix auth/ntlm/, ntlm_check.o)
#######################
# Start MODULE auth_sam
[MODULE::auth_sam_module]
# gensec_krb5 and gensec_gssapi depend on it
INIT_FUNCTION = auth_sam_init
SUBSYSTEM = auth
PRIVATE_DEPENDENCIES = \
SAMDB auth_sam ntlm_check
# End MODULE auth_sam
#######################
auth_sam_module_OBJ_FILES = $(addprefix auth/ntlm/, auth_sam.o)
#######################
# Start MODULE auth_anonymous
[MODULE::auth_anonymous]
INIT_FUNCTION = auth_anonymous_init
SUBSYSTEM = auth
# End MODULE auth_anonymous
#######################
auth_anonymous_OBJ_FILES = $(addprefix auth/ntlm/, auth_anonymous.o)
#######################
# Start MODULE auth_anonymous
[MODULE::auth_server]
INIT_FUNCTION = auth_server_init
SUBSYSTEM = auth
PRIVATE_DEPENDENCIES = LIBSAMBA-UTIL LIBCLI_SMB
OUTPUT_TYPE = SHARED_LIBRARY
# End MODULE auth_server
#######################
auth_server_OBJ_FILES = $(addprefix auth/ntlm/, auth_server.o)
#######################
# Start MODULE auth_winbind
[MODULE::auth_winbind]
INIT_FUNCTION = auth_winbind_init
SUBSYSTEM = auth
PRIVATE_DEPENDENCIES = NDR_WINBIND MESSAGING LIBWINBIND-CLIENT
# End MODULE auth_winbind
#######################
auth_winbind_OBJ_FILES = $(addprefix auth/ntlm/, auth_winbind.o)
#######################
# Start MODULE auth_developer
[MODULE::auth_developer]
INIT_FUNCTION = auth_developer_init
SUBSYSTEM = auth
# End MODULE auth_developer
#######################
auth_developer_OBJ_FILES = $(addprefix auth/ntlm/, auth_developer.o)
[MODULE::auth_unix]
INIT_FUNCTION = auth_unix_init
SUBSYSTEM = auth
PRIVATE_DEPENDENCIES = CRYPT PAM PAM_ERRORS NSS_WRAPPER
auth_unix_OBJ_FILES = $(addprefix auth/ntlm/, auth_unix.o)
[SUBSYSTEM::PAM_ERRORS]
PRIVATE_PROTO_HEADER = pam_errors.h
#VERSION = 0.0.1
#SO_VERSION = 0
PAM_ERRORS_OBJ_FILES = $(addprefix auth/ntlm/, pam_errors.o)
[MODULE::auth]
INIT_FUNCTION = server_service_auth_init
SUBSYSTEM = service
PRIVATE_PROTO_HEADER = auth_proto.h
PRIVATE_DEPENDENCIES = LIBSAMBA-UTIL LIBSECURITY SAMDB CREDENTIALS
auth_OBJ_FILES = $(addprefix auth/ntlm/, auth.o auth_util.o auth_simple.o)
# PUBLIC_HEADERS += auth/auth.h

1
source4/auth/ntlm_check.c → source4/auth/ntlm/ntlm_check.c
View File

@ -24,6 +24,7 @@
#include "librpc/gen_ndr/netlogon.h"
#include "libcli/auth/libcli_auth.h"
#include "param/param.h"
#include "auth/ntlm/ntlm_check.h"
/****************************************************************************
Core of smb password checking routine.

75
source4/auth/ntlm/ntlm_check.h Normal file
View File

@ -0,0 +1,75 @@
/*
Unix SMB/CIFS implementation.
Password and authentication handling
Copyright (C) Andrew Bartlett <abartlet@samba.org> 2001-2004
Copyright (C) Gerald Carter 2003
Copyright (C) Luke Kenneth Casson Leighton 1996-2000
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 3 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
/**
* Compare password hashes against those from the SAM
*
* @param mem_ctx talloc context
* @param client_lanman LANMAN password hash, as supplied by the client
* @param client_nt NT (MD4) password hash, as supplied by the client
* @param username internal Samba username, for log messages
* @param client_username username the client used
* @param client_domain domain name the client used (may be mapped)
* @param stored_lanman LANMAN password hash, as stored on the SAM
* @param stored_nt NT (MD4) password hash, as stored on the SAM
* @param user_sess_key User session key
* @param lm_sess_key LM session key (first 8 bytes of the LM hash)
*/
NTSTATUS hash_password_check(TALLOC_CTX *mem_ctx,
struct loadparm_context *lp_ctx,
const struct samr_Password *client_lanman,
const struct samr_Password *client_nt,
const char *username,
const struct samr_Password *stored_lanman,
const struct samr_Password *stored_nt);
/**
* Check a challenge-response password against the value of the NT or
* LM password hash.
*
* @param mem_ctx talloc context
* @param challenge 8-byte challenge. If all zero, forces plaintext comparison
* @param nt_response 'unicode' NT response to the challenge, or unicode password
* @param lm_response ASCII or LANMAN response to the challenge, or password in DOS code page
* @param username internal Samba username, for log messages
* @param client_username username the client used
* @param client_domain domain name the client used (may be mapped)
* @param stored_lanman LANMAN ASCII password from our passdb or similar
* @param stored_nt MD4 unicode password from our passdb or similar
* @param user_sess_key User session key
* @param lm_sess_key LM session key (first 8 bytes of the LM hash)
*/
NTSTATUS ntlm_password_check(TALLOC_CTX *mem_ctx,
struct loadparm_context *lp_ctx,
uint32_t logon_parameters,
const DATA_BLOB *challenge,
const DATA_BLOB *lm_response,
const DATA_BLOB *nt_response,
const char *username,
const char *client_username,
const char *client_domain,
const struct samr_Password *stored_lanman,
const struct samr_Password *stored_nt,
DATA_BLOB *user_sess_key,
DATA_BLOB *lm_sess_key);

0
source4/auth/pam_errors.c → source4/auth/ntlm/pam_errors.c
View File

39
source4/auth/ntlm/pam_errors.h Normal file
View File

@ -0,0 +1,39 @@
#ifndef __AUTH_NTLM_PAM_ERRORS_H__
#define __AUTH_NTLM_PAM_ERRORS_H__
#undef _PRINTF_ATTRIBUTE
#define _PRINTF_ATTRIBUTE(a1, a2) PRINTF_ATTRIBUTE(a1, a2)
/* This file was automatically generated by mkproto.pl. DO NOT EDIT */
/* this file contains prototypes for functions that are private
* to this subsystem or library. These functions should not be
* used outside this particular subsystem! */
/* The following definitions come from auth/ntlm/pam_errors.c */
/*****************************************************************************
convert a PAM error to a NT status32 code
*****************************************************************************/
NTSTATUS pam_to_nt_status(int pam_error);
/*****************************************************************************
convert an NT status32 code to a PAM error
*****************************************************************************/
int nt_status_to_pam(NTSTATUS nt_status);
/*****************************************************************************
convert a PAM error to a NT status32 code
*****************************************************************************/
NTSTATUS pam_to_nt_status(int pam_error);
/*****************************************************************************
convert an NT status32 code to a PAM error
*****************************************************************************/
int nt_status_to_pam(NTSTATUS nt_status);
#undef _PRINTF_ATTRIBUTE
#define _PRINTF_ATTRIBUTE(a1, a2)
#endif /* __AUTH_NTLM_PAM_ERRORS_H__ */

2
source4/auth/ntlmssp/config.mk
View File

@ -9,7 +9,7 @@ MSRPC_PARSE_OBJ_FILES = $(addprefix auth/ntlmssp/, ntlmssp_parse.o)
SUBSYSTEM = gensec
INIT_FUNCTION = gensec_ntlmssp_init
PRIVATE_PROTO_HEADER = proto.h
PRIVATE_DEPENDENCIES = MSRPC_PARSE CREDENTIALS
PRIVATE_DEPENDENCIES = MSRPC_PARSE CREDENTIALS auth
OUTPUT_TYPE = MERGED_OBJ
# End MODULE gensec_ntlmssp
################################################

2
source4/auth/ntlmssp/ntlmssp.c
View File

@ -29,7 +29,7 @@
#include "auth/gensec/gensec.h"
#include "auth/gensec/gensec_proto.h"
#include "auth/auth.h"
#include "auth/auth_proto.h"
#include "auth/ntlm/auth_proto.h"
#include "param/param.h"
/**

2
source4/auth/ntlmssp/ntlmssp_server.c
View File

@ -30,7 +30,7 @@
#include "auth/credentials/credentials.h"
#include "auth/gensec/gensec.h"
#include "auth/auth.h"
#include "auth/auth_proto.h"
#include "auth/ntlm/auth_proto.h"
#include "param/param.h"
#include "auth/session_proto.h"

14
source4/auth/session.h
View File

@ -1,6 +1,6 @@
/*
Unix SMB/CIFS implementation.
Auth session handling
Process and provide the logged on user's authorization token
Copyright (C) Andrew Bartlett 2001
Copyright (C) Stefan Metzmacher 2005
@ -30,8 +30,18 @@ struct auth_session_info {
#include "librpc/gen_ndr/netlogon.h"
struct auth_session_info *system_session_anon(TALLOC_CTX *mem_ctx, struct loadparm_context *lp_ctx);
/* Create a security token for a session SYSTEM (the most
* trusted/prvilaged account), including the local machine account as
* the off-host credentials */
struct auth_session_info *system_session(TALLOC_CTX *mem_ctx, struct loadparm_context *lp_ctx) ;
/*
* Create a system session, but with anonymous credentials (so we do
* not need to open secrets.ldb)
*/
struct auth_session_info *system_session_anon(TALLOC_CTX *mem_ctx, struct loadparm_context *lp_ctx);
NTSTATUS auth_anonymous_server_info(TALLOC_CTX *mem_ctx,
const char *netbios_name,
struct auth_serversupplied_info **_server_info) ;

7
source4/auth/system_session.c
View File

@ -147,9 +147,10 @@ static NTSTATUS generate_session_info(TALLOC_CTX *mem_ctx,
/**
Create a system session, with machine account credentials
*/
/* Create a security token for a session SYSTEM (the most
* trusted/prvilaged account), including the local machine account as
* the off-host credentials
*/
_PUBLIC_ struct auth_session_info *system_session(TALLOC_CTX *mem_ctx, struct loadparm_context *lp_ctx)
{
NTSTATUS nt_status;

5
source4/build/make/rules.mk
View File

@ -212,8 +212,7 @@ include/includes.d: include/includes.h
@-mkdir -p `dirname $@`
@$(COMPILE) && exit 0 ; \
echo "The following command failed:" 1>&2;\
echo "$(COMPILE)" 1>&2;\
$(COMPILE) >/dev/null 2>&1
echo "$(COMPILE)" 1>&2 && exit 1
.c.ho:
@ -234,7 +233,7 @@ include/includes.d: include/includes.h
.l.c:
@echo "Building $< with $(LEX)"
@-$(make_utility_dir)/script/lex_compile.sh "$(LEX)" "$<" "$@"
@-$(make_utility_dir)/lex_compile.sh "$(LEX)" "$<" "$@"
%.a:
@echo Linking $@

9
source4/client/client.c
View File

@ -3124,11 +3124,6 @@ static int do_message_op(const char *netbios_name, const char *desthost,
const char *query_host = NULL;
bool message = false;
const char *desthost = NULL;
#ifdef KANJI
const char *term_code = KANJI;
#else
const char *term_code = "";
#endif /* KANJI */
poptContext pc;
const char *service = NULL;
int port = 0;
@ -3148,7 +3143,6 @@ static int do_message_op(const char *netbios_name, const char *desthost,
{ "ip-address", 'I', POPT_ARG_STRING, NULL, 'I', "Use this IP to connect to", "IP" },
{ "stderr", 'E', POPT_ARG_NONE, NULL, 'E', "Write messages to stderr instead of stdout" },
{ "list", 'L', POPT_ARG_STRING, NULL, 'L', "Get a list of shares available on a host", "HOST" },
{ "terminal", 't', POPT_ARG_STRING, NULL, 't', "Terminal I/O code {sjis|euc|jis7|jis8|junet|hex}", "CODE" },
{ "directory", 'D', POPT_ARG_STRING, NULL, 'D', "Start from directory", "DIR" },
{ "command", 'c', POPT_ARG_STRING, &cmdstr, 'c', "Execute semicolon separated commands" },
{ "send-buffer", 'b', POPT_ARG_INT, NULL, 'b', "Changes the transmit/send buffer", "BYTES" },
@ -3190,9 +3184,6 @@ static int do_message_op(const char *netbios_name, const char *desthost,
case 'L':
query_host = strdup(poptGetOptArg(pc));
break;
case 't':
term_code = strdup(poptGetOptArg(pc));
break;
case 'D':
base_directory = strdup(poptGetOptArg(pc));
break;

2
source4/configure.ac
View File

@ -31,7 +31,7 @@ m4_include(pidl/config.m4)
AC_CONFIG_FILES(lib/registry/registry.pc)
AC_CONFIG_FILES(librpc/dcerpc.pc)
AC_CONFIG_FILES(librpc/ndr.pc)
AC_CONFIG_FILES(torture/torture.pc)
AC_CONFIG_FILES(lib/torture/torture.pc)
AC_CONFIG_FILES(auth/gensec/gensec.pc)
AC_CONFIG_FILES(param/samba-hostconfig.pc)
AC_CONFIG_FILES(librpc/dcerpc_samr.pc)

5
source4/headermap.txt
View File

@ -44,7 +44,7 @@ rpc_server/common/common.h: dcerpc_server/common.h
libcli/auth/credentials.h: domain_credentials.h
lib/charset/charset.h: charset.h
libcli/ldap/ldap.h: ldap.h
torture/torture.h: torture.h
lib/torture/torture.h: torture.h
libcli/libcli.h: client.h
librpc/gen_ndr/nbt.h: gen_ndr/nbt.h
librpc/gen_ndr/svcctl.h: gen_ndr/svcctl.h
@ -60,7 +60,7 @@ lib/util/asn1.h: samba/asn1.h
libcli/util/error.h: core/error.h
lib/tdb_wrap.h: tdb_wrap.h
lib/ldb_wrap.h: ldb_wrap.h
torture/ui.h: torture/ui.h
torture/smbtorture.h: smbtorture.h
librpc/gen_ndr/winbind.h: gen_ndr/winbind.h
param/share.h: share.h
lib/util/util_tdb.h: util_tdb.h
@ -71,3 +71,4 @@ lib/events/events_internal.h: events/events_internal.h
libcli/ldap/ldap_ndr.h: ldap_ndr.h
lib/events/events.h: events.h
lib/events/events_internal.h: events_internal.h
auth/session.h: samba/session.h

1
source4/lib/basic.mk
View File

@ -16,6 +16,7 @@ mkinclude util/config.mk
mkinclude tdr/config.mk
mkinclude dbwrap/config.mk
mkinclude crypto/config.mk
mkinclude torture/config.mk
[SUBSYSTEM::LIBCOMPRESSION]

2
source4/lib/crypto/sha1test.c
View File

@ -17,7 +17,7 @@
*/
#include "includes.h"
#include "torture/ui.h"
#include "torture/torture.h"
#include "lib/crypto/crypto.h"

2
source4/lib/ldb/ldb.mk
View File

@ -71,7 +71,7 @@ ldb_wrap.o: $(ldbdir)/ldb_wrap.c
$(CC) $(PICFLAG) -c $(ldbdir)/ldb_wrap.c $(CFLAGS) `$(PYTHON_CONFIG) --cflags`
_ldb.$(SHLIBEXT): $(LIBS) ldb_wrap.o
$(SHLD) $(SHLD_FLAGS) -o _ldb.$(SHLIBEXT) ldb_wrap.o $(LIB_FLAGS)
$(SHLD) $(SHLD_FLAGS) -o _ldb.$(SHLIBEXT) ldb_wrap.o $(LIB_FLAGS) `$(PYTHON_CONFIG) --ldflags`
install-python:: build-python
mkdir -p $(DESTDIR)`$(PYTHON) -c "import distutils.sysconfig; print distutils.sysconfig.get_python_lib(0, prefix='$(prefix)')"` \

2
source4/lib/replace/README
View File

@ -62,6 +62,8 @@ getnameinfo
gai_strerror
getifaddrs
freeifaddrs
utime
utimes
Types:
bool

1
source4/lib/replace/configure.ac
View File

@ -6,6 +6,7 @@ AC_CONFIG_HEADER(config.h)
CFLAGS="$CFLAGS -I$srcdir"
AC_LIBREPLACE_ALL_CHECKS
AC_LIBREPLACE_NETWORK_CHECKS
if test "$ac_cv_prog_gcc" = yes; then
CFLAGS="$CFLAGS -Wall"

64
source4/lib/replace/libreplace.m4
View File

@ -96,65 +96,10 @@ fi
AC_CHECK_HEADERS(sys/syslog.h syslog.h)
AC_CHECK_HEADERS(sys/time.h time.h)
AC_CHECK_HEADERS(stdarg.h vararg.h)
AC_CHECK_HEADERS(sys/socket.h netinet/in.h netdb.h arpa/inet.h)
AC_CHECK_HEADERS(netinet/ip.h netinet/tcp.h netinet/in_systm.h netinet/in_ip.h)
AC_CHECK_HEADERS(sys/sockio.h sys/un.h)
AC_CHECK_HEADERS(sys/mount.h mntent.h)
AC_CHECK_HEADERS(stropts.h)
dnl we need to check that net/if.h really can be used, to cope with hpux
dnl where including it always fails
AC_CACHE_CHECK([for usable net/if.h],libreplace_cv_USABLE_NET_IF_H,[
AC_COMPILE_IFELSE([AC_LANG_SOURCE([
AC_INCLUDES_DEFAULT
#if HAVE_SYS_SOCKET_H
# include <sys/socket.h>
#endif
#include <net/if.h>
int main(void) {return 0;}])],
[libreplace_cv_USABLE_NET_IF_H=yes],
[libreplace_cv_USABLE_NET_IF_H=no]
)
])
if test x"$libreplace_cv_USABLE_NET_IF_H" = x"yes";then
AC_DEFINE(HAVE_NET_IF_H, 1, usability of net/if.h)
fi
AC_HAVE_TYPE([socklen_t],[#include <sys/socket.h>])
AC_HAVE_TYPE([sa_family_t],[#include <sys/socket.h>])
AC_HAVE_TYPE([struct addrinfo], [#include <netdb.h>])
AC_HAVE_TYPE([struct sockaddr], [#include <sys/socket.h>])
AC_HAVE_TYPE([struct sockaddr_storage], [
#include <sys/socket.h>
#include <sys/types.h>
#include <netinet/in.h>
])
AC_HAVE_TYPE([struct sockaddr_in6], [
#include <sys/socket.h>
#include <sys/types.h>
#include <netinet/in.h>
])
if test x"$ac_cv_type_struct_sockaddr_storage" = x"yes"; then
AC_CHECK_MEMBER(struct sockaddr_storage.ss_family,
AC_DEFINE(HAVE_SS_FAMILY, 1, [Defined if struct sockaddr_storage has ss_family field]),,
[
#include <sys/socket.h>
#include <sys/types.h>
#include <netinet/in.h>
])
if test x"$ac_cv_member_struct_sockaddr_storage_ss_family" != x"yes"; then
AC_CHECK_MEMBER(struct sockaddr_storage.__ss_family,
AC_DEFINE(HAVE___SS_FAMILY, 1, [Defined if struct sockaddr_storage has __ss_family field]),,
[
#include <sys/socket.h>
#include <sys/types.h>
#include <netinet/in.h>
])
fi
fi
AC_CHECK_FUNCS(seteuid setresuid setegid setresgid chroot bzero strerror)
AC_CHECK_FUNCS(vsyslog setlinebuf mktime ftruncate chsize rename)
AC_CHECK_FUNCS(waitpid strlcpy strlcat initgroups memmove strdup)
@ -326,15 +271,7 @@ m4_include(getpass.m4)
m4_include(strptime.m4)
m4_include(win32.m4)
m4_include(timegm.m4)
m4_include(socket.m4)
m4_include(inet_ntop.m4)
m4_include(inet_pton.m4)
m4_include(inet_aton.m4)
m4_include(inet_ntoa.m4)
m4_include(getaddrinfo.m4)
m4_include(repdir.m4)
m4_include(getifaddrs.m4)
m4_include(socketpair.m4)
AC_CHECK_FUNCS([syslog printf memset memcpy],,[AC_MSG_ERROR([Required function not found])])
@ -361,5 +298,6 @@ CFLAGS="$CFLAGS -I$libreplacedir"
m4_include(libreplace_cc.m4)
m4_include(libreplace_ld.m4)
m4_include(libreplace_network.m4)
m4_include(libreplace_macros.m4)
m4_include(autoconf-2.60.m4)

3
source4/lib/replace/libreplace_ld.m4
View File

@ -270,6 +270,9 @@ AC_DEFUN([AC_LIBREPLACE_LD_SHLIB_ALLOW_UNDEF_FLAG],
*darwin*)
LD_SHLIB_ALLOW_UNDEF_FLAG="-undefined dynamic_lookup"
;;
*aix*)
LD_SHLIB_ALLOW_UNDEF_FLAG="--Wl,-bnoentry"
;;
esac
AC_SUBST(LD_SHLIB_ALLOW_UNDEF_FLAG)

71
source4/lib/replace/libreplace_network.m4 Normal file
View File

@ -0,0 +1,71 @@
AC_DEFUN_ONCE(AC_LIBREPLACE_NETWORK_CHECKS,
[
echo "LIBREPLACE_NETWORK_CHECKS: START"
AC_CHECK_HEADERS(sys/socket.h netinet/in.h netdb.h arpa/inet.h)
AC_CHECK_HEADERS(netinet/ip.h netinet/tcp.h netinet/in_systm.h netinet/in_ip.h)
dnl we need to check that net/if.h really can be used, to cope with hpux
dnl where including it always fails
AC_CACHE_CHECK([for usable net/if.h],libreplace_cv_USABLE_NET_IF_H,[
AC_COMPILE_IFELSE([AC_LANG_SOURCE([
AC_INCLUDES_DEFAULT
#if HAVE_SYS_SOCKET_H
# include <sys/socket.h>
#endif
#include <net/if.h>
int main(void) {return 0;}])],
[libreplace_cv_USABLE_NET_IF_H=yes],
[libreplace_cv_USABLE_NET_IF_H=no]
)
])
if test x"$libreplace_cv_USABLE_NET_IF_H" = x"yes";then
AC_DEFINE(HAVE_NET_IF_H, 1, usability of net/if.h)
fi
AC_HAVE_TYPE([socklen_t],[#include <sys/socket.h>])
AC_HAVE_TYPE([sa_family_t],[#include <sys/socket.h>])
AC_HAVE_TYPE([struct addrinfo], [#include <netdb.h>])
AC_HAVE_TYPE([struct sockaddr], [#include <sys/socket.h>])
AC_HAVE_TYPE([struct sockaddr_storage], [
#include <sys/socket.h>
#include <sys/types.h>
#include <netinet/in.h>
])
AC_HAVE_TYPE([struct sockaddr_in6], [
#include <sys/socket.h>
#include <sys/types.h>
#include <netinet/in.h>
])
if test x"$ac_cv_type_struct_sockaddr_storage" = x"yes"; then
AC_CHECK_MEMBER(struct sockaddr_storage.ss_family,
AC_DEFINE(HAVE_SS_FAMILY, 1, [Defined if struct sockaddr_storage has ss_family field]),,
[
#include <sys/socket.h>
#include <sys/types.h>
#include <netinet/in.h>
])
if test x"$ac_cv_member_struct_sockaddr_storage_ss_family" != x"yes"; then
AC_CHECK_MEMBER(struct sockaddr_storage.__ss_family,
AC_DEFINE(HAVE___SS_FAMILY, 1, [Defined if struct sockaddr_storage has __ss_family field]),,
[
#include <sys/socket.h>
#include <sys/types.h>
#include <netinet/in.h>
])
fi
fi
m4_include(socket.m4)
m4_include(inet_ntop.m4)
m4_include(inet_pton.m4)
m4_include(inet_aton.m4)
m4_include(inet_ntoa.m4)
m4_include(getaddrinfo.m4)
m4_include(getifaddrs.m4)
m4_include(socketpair.m4)
echo "LIBREPLACE_NETWORK_CHECKS: END"
]) dnl end AC_LIBREPLACE_NETWORK_CHECKS

27
source4/lib/replace/replace.c
View File

@ -584,3 +584,30 @@ int rep_unsetenv(const char *name)
return 0;
}
#endif
#ifndef HAVE_UTIME
int rep_utime(const char *filename, const struct utimbuf *buf)
{
errno = ENOSYS;
return -1;
}
#endif
#ifndef HAVE_UTIMES
int rep_utimes(const char *filename, const struct timeval tv[2])
{
struct utimbuf u;
u.actime = tv[0].tv_sec;
if (tv[0].tv_usec > 500000) {
u.actime += 1;
}
u.modtime = tv[1].tv_sec;
if (tv[1].tv_usec > 500000) {
u.modtime += 1;
}
return utime(filename, &u);
}
#endif

10
source4/lib/replace/replace.h
View File

@ -101,6 +101,16 @@ void *rep_memmove(void *dest,const void *src,int size);
/* prototype is in "system/time.h" */
#endif
#ifndef HAVE_UTIME
#define utime rep_utime
/* prototype is in "system/time.h" */
#endif
#ifndef HAVE_UTIMES
#define utimes rep_utimes
/* prototype is in "system/time.h" */
#endif
#ifndef HAVE_STRLCPY
#define strlcpy rep_strlcpy
size_t rep_strlcpy(char *d, const char *s, size_t bufsize);

1
source4/lib/replace/samba.m4
View File

@ -1,4 +1,5 @@
AC_LIBREPLACE_BROKEN_CHECKS
AC_LIBREPLACE_NETWORK_CHECKS
SMB_EXT_LIB(LIBREPLACE_EXT, [${LIBDL}])
SMB_ENABLE(LIBREPLACE_EXT)

1
source4/lib/replace/system/config.m4
View File

@ -9,6 +9,7 @@ AC_CHECK_HEADERS(sys/select.h)
# time
AC_CHECK_HEADERS(sys/time.h utime.h)
AC_HEADER_TIME
AC_CHECK_FUNCS(utime utimes)
# wait
AC_HEADER_SYS_WAIT

15
source4/lib/replace/system/time.h
View File

@ -39,6 +39,11 @@
#ifdef HAVE_UTIME_H
#include <utime.h>
#else
struct utimbuf {
time_t actime; /* access time */
time_t modtime; /* modification time */
};
#endif
#ifndef HAVE_MKTIME
@ -51,4 +56,14 @@ time_t rep_mktime(struct tm *t);
time_t rep_timegm(struct tm *tm);
#endif
#ifndef HAVE_UTIME
/* define is in "replace.h" */
int rep_utime(const char *filename, const struct utimbuf *buf);
#endif
#ifndef HAVE_UTIMES
/* define is in "replace.h" */
int rep_utimes(const char *filename, const struct timeval tv[2]);
#endif
#endif

145
source4/lib/replace/test/testsuite.c
View File

@ -872,6 +872,149 @@ static int test_getifaddrs(void)
return true;
}
static int test_utime(void)
{
struct utimbuf u;
struct stat st1, st2, st3;
int fd;
printf("test: utime\n");
unlink(TESTFILE);
fd = open(TESTFILE, O_RDWR|O_CREAT, 0600);
if (fd == -1) {
printf("failure: utime [\n"
"creating '%s' failed - %s\n]\n",
TESTFILE, strerror(errno));
return false;
}
if (fstat(fd, &st1) != 0) {
printf("failure: utime [\n"
"fstat (1) failed - %s\n]\n",
strerror(errno));
return false;
}
u.actime = st1.st_atime + 300;
u.modtime = st1.st_mtime - 300;
if (utime(TESTFILE, &u) != 0) {
printf("failure: utime [\n"
"utime(&u) failed - %s\n]\n",
strerror(errno));
return false;
}
if (fstat(fd, &st2) != 0) {
printf("failure: utime [\n"
"fstat (2) failed - %s\n]\n",
strerror(errno));
return false;
}
if (utime(TESTFILE, NULL) != 0) {
printf("failure: utime [\n"
"utime(NULL) failed - %s\n]\n",
strerror(errno));
return false;
}
if (fstat(fd, &st3) != 0) {
printf("failure: utime [\n"
"fstat (3) failed - %s\n]\n",
strerror(errno));
return false;
}
#define CMP_VAL(a,c,b) do { \
if (a c b) { \
printf("failure: utime [\n" \
"%s: %s(%d) %s %s(%d)\n]\n", \
__location__, \
#a, (int)a, #c, #b, (int)b); \
return false; \
} \
} while(0)
#define EQUAL_VAL(a,b) CMP_VAL(a,!=,b)
#define GREATER_VAL(a,b) CMP_VAL(a,<=,b)
#define LESSER_VAL(a,b) CMP_VAL(a,>=,b)
EQUAL_VAL(st2.st_atime, st1.st_atime + 300);
EQUAL_VAL(st2.st_mtime, st1.st_mtime - 300);
LESSER_VAL(st3.st_atime, st2.st_atime);
GREATER_VAL(st3.st_mtime, st2.st_mtime);
#undef CMP_VAL
#undef EQUAL_VAL
#undef GREATER_VAL
#undef LESSER_VAL
unlink(TESTFILE);
printf("success: utime\n");
return true;
}
static int test_utimes(void)
{
struct timeval tv[2];
struct stat st1, st2;
int fd;
printf("test: utimes\n");
unlink(TESTFILE);
fd = open(TESTFILE, O_RDWR|O_CREAT, 0600);
if (fd == -1) {
printf("failure: utimes [\n"
"creating '%s' failed - %s\n]\n",
TESTFILE, strerror(errno));
return false;
}
if (fstat(fd, &st1) != 0) {
printf("failure: utimes [\n"
"fstat (1) failed - %s\n]\n",
strerror(errno));
return false;
}
ZERO_STRUCT(tv);
tv[0].tv_sec = st1.st_atime + 300;
tv[1].tv_sec = st1.st_mtime - 300;
if (utimes(TESTFILE, tv) != 0) {
printf("failure: utimes [\n"
"utimes(tv) failed - %s\n]\n",
strerror(errno));
return false;
}
if (fstat(fd, &st2) != 0) {
printf("failure: utimes [\n"
"fstat (2) failed - %s\n]\n",
strerror(errno));
return false;
}
#define EQUAL_VAL(a,b) do { \
if (a != b) { \
printf("failure: utimes [\n" \
"%s: %s(%d) != %s(%d)\n]\n", \
__location__, \
#a, (int)a, #b, (int)b); \
return false; \
} \
} while(0)
EQUAL_VAL(st2.st_atime, st1.st_atime + 300);
EQUAL_VAL(st2.st_mtime, st1.st_mtime - 300);
#undef EQUAL_VAL
unlink(TESTFILE);
printf("success: utimes\n");
return true;
}
struct torture_context;
bool torture_local_replace(struct torture_context *ctx)
{
@ -920,6 +1063,8 @@ bool torture_local_replace(struct torture_context *ctx)
ret &= test_socketpair();
ret &= test_strptime();
ret &= test_getifaddrs();
ret &= test_utime();
ret &= test_utimes();
return ret;
}

2
source4/lib/tdb/tdb.mk
View File

@ -39,7 +39,7 @@ tdb_wrap.o: $(tdbdir)/tdb_wrap.c
$(CC) $(PICFLAG) -c $(tdbdir)/tdb_wrap.c $(CFLAGS) `$(PYTHON_CONFIG) --cflags`
_tdb.$(SHLIBEXT): libtdb.$(SHLIBEXT) tdb_wrap.o
$(SHLD) $(SHLD_FLAGS) -o $@ tdb_wrap.o -L. -ltdb `$(PYTHON_CONFIG) --libs`
$(SHLD) $(SHLD_FLAGS) -o $@ tdb_wrap.o -L. -ltdb `$(PYTHON_CONFIG) --ldflags`
install:: installdirs installbin installheaders installlibs \
$(PYTHON_INSTALL_TARGET)

14
source4/lib/torture/config.mk Normal file
View File

@ -0,0 +1,14 @@
# TORTURE subsystem
[LIBRARY::torture]
PUBLIC_DEPENDENCIES = \
LIBSAMBA-HOSTCONFIG \
LIBSAMBA-UTIL \
LIBTALLOC
torture_VERSION = 0.0.1
torture_SO_VERSION = 0
PC_FILES += lib/torture/torture.pc
torture_OBJ_FILES = $(addprefix lib/torture/, torture.o)
PUBLIC_HEADERS += lib/torture/torture.h

1
source4/torture/ui.c → source4/lib/torture/torture.c
View File

@ -19,7 +19,6 @@
*/
#include "includes.h"
#include "torture/ui.h"
#include "torture/torture.h"
#include "lib/util/dlinklist.h"
#include "param/param.h"

0
source4/torture/ui.h → source4/lib/torture/torture.h
View File

0
source4/torture/torture.pc.in → source4/lib/torture/torture.pc.in
View File

2
source4/lib/util/tests/str.c
View File

@ -20,7 +20,7 @@
*/
#include "includes.h"
#include "torture/ui.h"
#include "torture/torture.h"
static bool test_string_sub_simple(struct torture_context *tctx)
{

5
source4/libcli/raw/clitree.c
View File

@ -193,6 +193,11 @@ NTSTATUS smbcli_tree_full_connection(TALLOC_CTX *parent_ctx,
io.in.service_type = service_type;
io.in.credentials = credentials;
io.in.fallback_to_anonymous = false;
/* This workgroup gets sent out by the SPNEGO session setup.
* I don't know of any servers that look at it, so we might
* hardcode it to "" some day, when the war on global_loadparm
* is complete -- abartlet 2008-04-28 */
io.in.workgroup = lp_workgroup(global_loadparm);
io.in.options = *options;

81
source4/libcli/smb_composite/connect.c
View File

@ -38,7 +38,9 @@ enum connect_stage {CONNECT_RESOLVE,
CONNECT_NEGPROT,
CONNECT_SESSION_SETUP,
CONNECT_SESSION_SETUP_ANON,
CONNECT_TCON};
CONNECT_TCON,
CONNECT_DONE
};
struct connect_state {
enum connect_stage stage;
@ -56,25 +58,6 @@ struct connect_state {
static void request_handler(struct smbcli_request *);
static void composite_handler(struct composite_context *);
/*
setup a negprot send
*/
static NTSTATUS connect_send_negprot(struct composite_context *c,
struct smb_composite_connect *io)
{
struct connect_state *state = talloc_get_type(c->private_data, struct connect_state);
state->req = smb_raw_negotiate_send(state->transport, io->in.options.unicode, io->in.options.max_protocol);
NT_STATUS_HAVE_NO_MEMORY(state->req);
state->req->async.fn = request_handler;
state->req->async.private = c;
state->stage = CONNECT_NEGPROT;
return NT_STATUS_OK;
}
/*
a tree connect request has completed
*/
@ -97,8 +80,7 @@ static NTSTATUS connect_tcon(struct composite_context *c,
state->io_tcon->tconx.out.fs_type);
}
/* all done! */
c->state = COMPOSITE_STATE_DONE;
state->stage = CONNECT_DONE;
return NT_STATUS_OK;
}
@ -121,9 +103,6 @@ static NTSTATUS connect_session_setup_anon(struct composite_context *c,
state->session->vuid = state->io_setup->out.vuid;
/* setup for a tconx */
io->out.tree = smbcli_tree_init(state->session, state, true);
NT_STATUS_HAVE_NO_MEMORY(io->out.tree);
state->io_tcon = talloc(c, union smb_tcon);
NT_STATUS_HAVE_NO_MEMORY(state->io_tcon);
@ -203,9 +182,12 @@ static NTSTATUS connect_session_setup(struct composite_context *c,
state->session->vuid = state->io_setup->out.vuid;
/* setup for a tconx */
io->out.tree = smbcli_tree_init(state->session, state, true);
NT_STATUS_HAVE_NO_MEMORY(io->out.tree);
/* If we don't have a remote share name then this indicates that
* we don't want to do a tree connect */
if (!io->in.service) {
state->stage = CONNECT_DONE;
return NT_STATUS_OK;
}
state->io_tcon = talloc(c, union smb_tcon);
NT_STATUS_HAVE_NO_MEMORY(state->io_tcon);
@ -254,6 +236,18 @@ static NTSTATUS connect_negprot(struct composite_context *c,
/* next step is a session setup */
state->session = smbcli_session_init(state->transport, state, true);
NT_STATUS_HAVE_NO_MEMORY(state->session);
/* setup for a tconx (or at least have the structure ready to
* return, if we won't go that far) */
io->out.tree = smbcli_tree_init(state->session, state, true);
NT_STATUS_HAVE_NO_MEMORY(io->out.tree);
/* If we don't have any credentials then this indicates that
* we don't want to do a session setup */
if (!io->in.credentials) {
state->stage = CONNECT_DONE;
return NT_STATUS_OK;
}
state->io_setup = talloc(c, struct smb_composite_sesssetup);
NT_STATUS_HAVE_NO_MEMORY(state->io_setup);
@ -272,11 +266,30 @@ static NTSTATUS connect_negprot(struct composite_context *c,
state->creq->async.fn = composite_handler;
state->creq->async.private_data = c;
state->stage = CONNECT_SESSION_SETUP;
return NT_STATUS_OK;
}
/*
setup a negprot send
*/
static NTSTATUS connect_send_negprot(struct composite_context *c,
struct smb_composite_connect *io)
{
struct connect_state *state = talloc_get_type(c->private_data, struct connect_state);
state->req = smb_raw_negotiate_send(state->transport, io->in.options.unicode, io->in.options.max_protocol);
NT_STATUS_HAVE_NO_MEMORY(state->req);
state->req->async.fn = request_handler;
state->req->async.private = c;
state->stage = CONNECT_NEGPROT;
return NT_STATUS_OK;
}
/*
a session request operation has completed
@ -405,13 +418,11 @@ static void state_handler(struct composite_context *c)
break;
}
if (!NT_STATUS_IS_OK(c->status)) {
c->state = COMPOSITE_STATE_ERROR;
}
if (c->state >= COMPOSITE_STATE_DONE &&
c->async.fn) {
c->async.fn(c);
if (state->stage == CONNECT_DONE) {
/* all done! */
composite_done(c);
} else {
composite_is_ok(c);
}
}

2
source4/libcli/smb_composite/sesssetup.c
View File

@ -224,7 +224,6 @@ static NTSTATUS session_setup_nt1(struct composite_context *c,
{
NTSTATUS nt_status;
struct sesssetup_state *state = talloc_get_type(c->private_data, struct sesssetup_state);
const char *password = cli_credentials_get_password(io->in.credentials);
DATA_BLOB names_blob = NTLMv2_generate_names_blob(state, lp_iconv_convenience(global_loadparm), session->transport->socket->hostname, lp_workgroup(global_loadparm));
DATA_BLOB session_key;
int flags = CLI_CRED_NTLM_AUTH;
@ -266,6 +265,7 @@ static NTSTATUS session_setup_nt1(struct composite_context *c,
data_blob_free(&session_key);
} else if (session->options.plaintext_auth) {
const char *password = cli_credentials_get_password(io->in.credentials);
state->setup.nt1.in.password1 = data_blob_talloc(state, password, strlen(password));
state->setup.nt1.in.password2 = data_blob(NULL, 0);
} else {

4
source4/libcli/smb_composite/smb_composite.h
View File

@ -83,8 +83,8 @@ struct smb_composite_savefile {
- socket establishment
- session request
- negprot
- session setup
- tree connect
- session setup (if credentials are not NULL)
- tree connect (if service is not NULL)
*/
struct smb_composite_connect {
struct {

2
source4/librpc/config.mk
View File

@ -340,7 +340,7 @@ NDR_WINSREPL_OBJ_FILES = librpc/gen_ndr/ndr_winsrepl.o
PUBLIC_DEPENDENCIES = LIBNDR NDR_NETLOGON
NDR_WINBIND_OBJ_FILES = librpc/gen_ndr/ndr_winbind.o
PUBLIC_HEADERS += librpc/gen_ndr/winbind.h
#PUBLIC_HEADERS += librpc/gen_ndr/winbind.h
librpc/idl-deps:
./librpc/idl-deps.pl librpc/idl/*.idl >$@

12
source4/librpc/idl/xattr.idl
View File

@ -31,8 +31,14 @@ interface xattr
NTTIME change_time;
} xattr_DosInfo1;
const int XATTR_ATTRIB_FLAG_STICKY_WRITE_TIME = 0x1;
/*
We use xattrDosInfo1 again when we store values.
Because the sticky write time is now stored in the opendb
and xattr_DosInfo2Old is only present to parse existing
values from disk.
const int XATTR_ATTRIB_FLAG_STICKY_WRITE_TIME = 0x1;
*/
typedef struct {
uint32 flags;
uint32 attrib;
@ -43,11 +49,11 @@ interface xattr
NTTIME change_time;
NTTIME write_time; /* only used when sticky write time is set */
utf8string name;
} xattr_DosInfo2;
} xattr_DosInfo2Old;
typedef [switch_type(uint16)] union {
[case(1)] xattr_DosInfo1 info1;
[case(2)] xattr_DosInfo2 info2;
[case(2)] xattr_DosInfo2Old oldinfo2;
} xattr_DosInfo;
typedef [public] struct {

17
source4/ntvfs/posix/pvfs_open.c
View File

@ -262,7 +262,6 @@ static NTSTATUS pvfs_open_directory(struct pvfs_state *pvfs,
f->handle->position = 0;
f->handle->mode = 0;
f->handle->oplock = NULL;
f->handle->sticky_write_time = false;
f->handle->open_completed = false;
if ((create_options & NTCREATEX_OPTIONS_DELETE_ON_CLOSE) &&
@ -416,16 +415,6 @@ cleanup_delete:
*/
static int pvfs_handle_destructor(struct pvfs_file_handle *h)
{
/* the write time is no longer sticky */
if (h->sticky_write_time) {
NTSTATUS status;
status = pvfs_dosattrib_load(h->pvfs, h->name, h->fd);
if (NT_STATUS_IS_OK(status)) {
h->name->dos.flags &= ~XATTR_ATTRIB_FLAG_STICKY_WRITE_TIME;
pvfs_dosattrib_save(h->pvfs, h->name, h->fd);
}
}
if ((h->create_options & NTCREATEX_OPTIONS_DELETE_ON_CLOSE) &&
h->name->stream_name) {
NTSTATUS status;
@ -707,7 +696,6 @@ static NTSTATUS pvfs_create_file(struct pvfs_state *pvfs,
f->handle->mode = 0;
f->handle->oplock = NULL;
f->handle->have_opendb_entry = true;
f->handle->sticky_write_time = false;
f->handle->open_completed = false;
status = odb_open_file(lck, f->handle, name->full_name,
@ -1257,7 +1245,6 @@ NTSTATUS pvfs_open(struct ntvfs_module_context *ntvfs,
f->handle->mode = 0;
f->handle->oplock = NULL;
f->handle->have_opendb_entry = false;
f->handle->sticky_write_time = false;
f->handle->open_completed = false;
/* form the lock context used for byte range locking and
@ -1479,10 +1466,6 @@ NTSTATUS pvfs_close(struct ntvfs_module_context *ntvfs,
unix_times.actime = 0;
unix_times.modtime = io->close.in.write_time;
utime(f->handle->name->full_name, &unix_times);
} else if (f->handle->sticky_write_time) {
unix_times.actime = 0;
unix_times.modtime = nt_time_to_unix(f->handle->name->dos.write_time);
utime(f->handle->name->full_name, &unix_times);
}
talloc_free(f);

2
source4/ntvfs/posix/pvfs_setfileinfo.c
View File

@ -342,8 +342,6 @@ NTSTATUS pvfs_setfileinfo(struct ntvfs_module_context *ntvfs,
}
if (!null_nttime(info->basic_info.in.write_time)) {
newstats.dos.write_time = info->basic_info.in.write_time;
newstats.dos.flags |= XATTR_ATTRIB_FLAG_STICKY_WRITE_TIME;
h->sticky_write_time = true;
}
if (!null_nttime(info->basic_info.in.change_time)) {
newstats.dos.change_time = info->basic_info.in.change_time;

32
source4/ntvfs/posix/pvfs_xattr.c
View File

@ -162,7 +162,7 @@ NTSTATUS pvfs_dosattrib_load(struct pvfs_state *pvfs, struct pvfs_filename *name
struct xattr_DosAttrib attrib;
TALLOC_CTX *mem_ctx = talloc_new(name);
struct xattr_DosInfo1 *info1;
struct xattr_DosInfo2 *info2;
struct xattr_DosInfo2Old *info2;
if (name->stream_name != NULL) {
name->stream_exists = false;
@ -210,7 +210,11 @@ NTSTATUS pvfs_dosattrib_load(struct pvfs_state *pvfs, struct pvfs_filename *name
break;
case 2:
info2 = &attrib.info.info2;
/*
* Note: This is only used to parse existing values from disk
* We use xattr_DosInfo1 again for storing new values
*/
info2 = &attrib.info.oldinfo2;
name->dos.attrib = pvfs_attrib_normalise(info2->attrib,
name->st.st_mode);
name->dos.ea_size = info2->ea_size;
@ -225,9 +229,6 @@ NTSTATUS pvfs_dosattrib_load(struct pvfs_state *pvfs, struct pvfs_filename *name
name->dos.change_time = info2->change_time;
}
name->dos.flags = info2->flags;
if (name->dos.flags & XATTR_ATTRIB_FLAG_STICKY_WRITE_TIME) {
name->dos.write_time = info2->write_time;
}
break;
default:
@ -250,26 +251,23 @@ NTSTATUS pvfs_dosattrib_load(struct pvfs_state *pvfs, struct pvfs_filename *name
NTSTATUS pvfs_dosattrib_save(struct pvfs_state *pvfs, struct pvfs_filename *name, int fd)
{
struct xattr_DosAttrib attrib;
struct xattr_DosInfo2 *info2;
struct xattr_DosInfo1 *info1;
if (!(pvfs->flags & PVFS_FLAG_XATTR_ENABLE)) {
return NT_STATUS_OK;
}
attrib.version = 2;
info2 = &attrib.info.info2;
attrib.version = 1;
info1 = &attrib.info.info1;
name->dos.attrib = pvfs_attrib_normalise(name->dos.attrib, name->st.st_mode);
info2->attrib = name->dos.attrib;
info2->ea_size = name->dos.ea_size;
info2->size = name->st.st_size;
info2->alloc_size = name->dos.alloc_size;
info2->create_time = name->dos.create_time;
info2->change_time = name->dos.change_time;
info2->write_time = name->dos.write_time;
info2->flags = name->dos.flags;
info2->name = "";
info1->attrib = name->dos.attrib;
info1->ea_size = name->dos.ea_size;
info1->size = name->st.st_size;
info1->alloc_size = name->dos.alloc_size;
info1->create_time = name->dos.create_time;
info1->change_time = name->dos.change_time;
return pvfs_xattr_ndr_save(pvfs, name->full_name, fd,
XATTR_DOSATTRIB_NAME, &attrib,

3
source4/ntvfs/posix/vfs_posix.h
View File

@ -169,9 +169,6 @@ struct pvfs_file_handle {
/* we need this hook back to our parent for lock destruction */
struct pvfs_state *pvfs;
/* have we set a sticky write time that we should remove on close */
bool sticky_write_time;
/* the open went through to completion */
bool open_completed;
};

2
source4/pidl/config.mk
View File

@ -6,7 +6,7 @@ pidl-testcov: pidl/Makefile
installpidl:: pidl/Makefile
$(MAKE) -C pidl install_vendor VENDORPREFIX=$(prefix) \
INSTALLVENDORLIB=$(libdir) \
INSTALLVENDORLIB=$(datarootdir)/perl5 \
INSTALLVENDORBIN=$(bindir) \
INSTALLVENDORSCRIPT=$(bindir) \
INSTALLVENDORMAN1DIR=$(mandir)/man1 \

6
source4/script/harness2subunit.pl
View File

@ -1,7 +1,7 @@
#!/usr/bin/perl
my $firstline = 1;
my $error = 0;
while(<STDIN>) {
if ($firstline) {
$firstline = 0;
@ -10,6 +10,7 @@ while(<STDIN>) {
if (/^not ok (\d+) - (.*)$/) {
print "test: $2\n";
print "failure: $2\n";
$error = 1;
} elsif (/^ok (\d+) - (.*)$/) {
print "test: $2\n";
print "success: $2\n";
@ -22,7 +23,10 @@ while(<STDIN>) {
} elsif (/^not ok (\d+)$/) {
print "test: $1\n";
print "failure: $1\n";
$error = 1;
} else {
print;
}
}
exit $error;

53
source4/setup/vampire.py
View File

@ -1,53 +0,0 @@
#!/usr/bin/python
# Unix SMB/CIFS implementation.
# Vampire a remote domain
# Copyright (C) Jelmer Vernooij <jelmer@samba.org> 2007
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
#
from net import libnet
import optparse
import samba.getopt as options
import param
from auth import system_session
import sys
parser = optparse.OptionParser("vampire [options] <domain>")
sambaopts = options.SambaOptions(parser)
parser.add_option_group(sambaopts)
parser.add_option_group(options.VersionOptions(parser))
credopts = options.CredentialsOptions(parser)
parser.add_option_group(credopts)
opts, args = parser.parse_args()
if len(args) < 1:
parser.print_usage()
sys.exit(1)
def vampire(domain, session_info, credentials, lp):
ctx = libnet(lp_ctx=lp)
ctx.cred = credentials
machine_creds = Credentials();
machine_creds.set_domain(domain);
if not machine_creds.set_machine_account():
raise Exception("Failed to access domain join information!")
ctx.samsync_ldb(vampire_ctx, machine_creds=machine_creds,
session_info=session_info)
lp = sambaopts.get_loadparm()
vampire(args[0], session_info=system_session(),
credentials=credopts.get_credentials(), lp=lp)

2
source4/torture/basic/base.c
View File

@ -19,7 +19,7 @@
*/
#include "includes.h"
#include "torture/torture.h"
#include "torture/smbtorture.h"
#include "torture/basic/proto.h"
#include "libcli/libcli.h"
#include "libcli/raw/raw_proto.h"

3
source4/torture/basic/locking.c
View File

@ -23,9 +23,8 @@
#include "includes.h"
#include "libcli/raw/libcliraw.h"
#include "libcli/libcli.h"
#include "torture/ui.h"
#include "torture/smbtorture.h"
#include "torture/util.h"
#include "torture/torture.h"
#include "system/time.h"
#include "system/filesys.h"

2
source4/torture/basic/misc.c
View File

@ -30,7 +30,7 @@
#include "libcli/resolve/resolve.h"
#include "auth/credentials/credentials.h"
#include "librpc/gen_ndr/ndr_nbt.h"
#include "torture/torture.h"
#include "torture/smbtorture.h"
#include "torture/util.h"
#include "libcli/smb_composite/smb_composite.h"
#include "libcli/composite/composite.h"

26
source4/torture/config.mk
View File

@ -1,17 +1,3 @@
# TORTURE subsystem
[LIBRARY::torture]
PRIVATE_PROTO_HEADER = proto.h
PUBLIC_DEPENDENCIES = \
LIBSAMBA-HOSTCONFIG \
LIBSAMBA-UTIL \
LIBTALLOC \
LIBPOPT
PC_FILES += torture/torture.pc
torture_OBJ_FILES = $(addprefix torture/, torture.o ui.o)
PUBLIC_HEADERS += torture/torture.h torture/ui.h
[SUBSYSTEM::TORTURE_UTIL]
PRIVATE_DEPENDENCIES = LIBCLI_RAW LIBPYTHON smbcalls PROVISION
PUBLIC_DEPENDENCIES = POPT_CREDENTIALS
@ -255,8 +241,9 @@ PRIVATE_DEPENDENCIES = \
# End BINARY smbtorture
#################################
smbtorture_OBJ_FILES = torture/smbtorture.o
smbtorture_OBJ_FILES = torture/smbtorture.o torture/torture.o
PUBLIC_HEADERS += torture/smbtorture.h
MANPAGES += torture/man/smbtorture.1
#################################
@ -340,9 +327,14 @@ gcov: test
do $(GCOV) -p -o $$I $$I/*.c; \
done
lcov: test
samba.info: test
-rm heimdal/lib/*/{lex,parse}.{gcda,gcno}
lcov --base-directory `pwd` --directory . --capture --output-file samba.info
genhtml -o coverage samba.info
lcov: samba.info
genhtml -o coverage $<
testcov-html:: lcov
clean::
@rm -f samba.info

2
source4/torture/ldap/common.c
View File

@ -22,7 +22,7 @@
#include "includes.h"
#include "libcli/ldap/ldap_client.h"
#include "torture/torture.h"
#include "torture/smbtorture.h"
#include "torture/ldap/proto.h"
NTSTATUS torture_ldap_bind(struct ldap_connection *conn, const char *userdn, const char *password)

2
source4/torture/libnet/libnet.c
View File

@ -18,7 +18,7 @@
*/
#include "includes.h"
#include "torture/torture.h"
#include "torture/smbtorture.h"
#include "librpc/rpc/dcerpc.h"
#include "librpc/gen_ndr/security.h"
#include "librpc/gen_ndr/lsa.h"

2
source4/torture/local/dbspeed.c
View File

@ -26,7 +26,7 @@
#include "lib/ldb/include/ldb_errors.h"
#include "lib/ldb_wrap.h"
#include "lib/tdb_wrap.h"
#include "torture/torture.h"
#include "torture/smbtorture.h"
#include "param/param.h"
float tdb_speed;

2
source4/torture/local/local.c
View File

@ -18,7 +18,7 @@
*/
#include "includes.h"
#include "torture/torture.h"
#include "torture/smbtorture.h"
#include "torture/local/proto.h"
#include "torture/ndr/ndr.h"
#include "torture/ndr/proto.h"

3
source4/torture/nbench/nbench.c
View File

@ -19,9 +19,8 @@
#include "includes.h"
#include "libcli/libcli.h"
#include "torture/ui.h"
#include "torture/util.h"
#include "torture/torture.h"
#include "torture/smbtorture.h"
#include "system/filesys.h"
#include "system/locale.h"
#include "pstring.h"

2
source4/torture/nbt/nbt.c
View File

@ -21,7 +21,7 @@
#include "libcli/nbt/libnbt.h"
#include "torture/torture.h"
#include "torture/nbt/proto.h"
#include "torture/ui.h"
#include "torture/smbtorture.h"
#include "libcli/resolve/resolve.h"
#include "param/param.h"

2
source4/torture/ndr/ndr.c
View File

@ -21,7 +21,7 @@
#include "includes.h"
#include "torture/ndr/ndr.h"
#include "torture/ndr/proto.h"
#include "torture/ui.h"
#include "torture/torture.h"
#include "util/dlinklist.h"
#include "param/param.h"

2
source4/torture/rap/rap.c
View File

@ -21,7 +21,7 @@
#include "includes.h"
#include "libcli/libcli.h"
#include "torture/torture.h"
#include "torture/smbtorture.h"
#include "torture/util.h"
#include "libcli/rap/rap.h"
#include "libcli/raw/libcliraw.h"

2
source4/torture/raw/lookuprate.c
View File

@ -20,7 +20,7 @@
#include "includes.h"
#include "param/param.h"
#include "system/filesys.h"
#include "torture/torture.h"
#include "torture/smbtorture.h"
#include "torture/basic/proto.h"
#include "libcli/libcli.h"
#include "torture/util.h"

4
source4/torture/raw/raw.c
View File

@ -18,10 +18,10 @@
*/
#include "includes.h"
#include "torture/torture.h"
#include "libcli/raw/libcliraw.h"
#include "torture/raw/proto.h"
#include "torture/util.h"
#include "torture/smbtorture.h"
#include "torture/raw/proto.h"
NTSTATUS torture_raw_init(void)
{

2
source4/torture/rpc/rpc.c
View File

@ -23,7 +23,7 @@
#include "lib/cmdline/popt_common.h"
#include "librpc/rpc/dcerpc.h"
#include "torture/rpc/rpc.h"
#include "torture/torture.h"
#include "torture/smbtorture.h"
#include "librpc/ndr/ndr_table.h"
#include "lib/util/dlinklist.h"

2
source4/torture/rpc/rpc.h
View File

@ -28,7 +28,7 @@
#include "librpc/rpc/dcerpc.h"
#include "libcli/raw/libcliraw.h"
#include "torture/rpc/proto.h"
#include "torture/ui.h"
#include "torture/torture.h"
struct torture_rpc_tcase {
struct torture_tcase tcase;

2
source4/torture/rpc/samba3rpc.c
View File

@ -426,7 +426,7 @@ static NTSTATUS get_usr_handle(struct smbcli_state *cli,
"builtin") ? 1:0;
l.in.connect_handle = &conn_handle;
domain_name.string = enumdom.out.sam->entries[0].name.string;
domain_name.string = enumdom.out.sam->entries[dom_idx].name.string;
*domain = talloc_strdup(mem_ctx, domain_name.string);
l.in.domain_name = &domain_name;

1
source4/torture/rpc/spoolss_notify.c
View File

@ -21,7 +21,6 @@
#include "includes.h"
#include "torture/torture.h"
#include "torture/ui.h"
#include "torture/rpc/rpc.h"
#include "librpc/gen_ndr/ndr_spoolss_c.h"
#include "rpc_server/dcerpc_server.h"

1
source4/torture/rpc/spoolss_win.c
View File

@ -20,7 +20,6 @@
#include "includes.h"
#include "torture/torture.h"
#include "torture/ui.h"
#include "torture/rpc/rpc.h"
#include "librpc/gen_ndr/ndr_spoolss_c.h"
#include "rpc_server/dcerpc_server.h"

2
source4/torture/smb2/smb2.c
View File

@ -21,7 +21,7 @@
#include "libcli/smb2/smb2.h"
#include "libcli/smb2/smb2_calls.h"
#include "torture/torture.h"
#include "torture/smbtorture.h"
#include "torture/smb2/proto.h"
#include "lib/util/dlinklist.h"

2
source4/torture/smbtorture.c
View File

@ -30,7 +30,7 @@
#include "lib/events/events.h"
#include "dynconfig.h"
#include "torture/torture.h"
#include "torture/smbtorture.h"
#include "lib/util/dlinklist.h"
#include "librpc/rpc/dcerpc.h"
#include "param/param.h"

9
source4/torture/torture.h → source4/torture/smbtorture.h
View File

@ -18,10 +18,10 @@
along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
#ifndef __TORTURE_H__
#define __TORTURE_H__
#ifndef __SMBTORTURE_H__
#define __SMBTORTURE_H__
#include "torture/ui.h"
#include "torture/torture.h"
struct smbcli_state;
@ -37,5 +37,4 @@ struct torture_test;
int torture_init(void);
bool torture_register_suite(struct torture_suite *suite);
#endif /* __TORTURE_H__ */
#endif /* __SMBTORTURE_H__ */

2
source4/torture/unix/unix.c
View File

@ -18,7 +18,7 @@
*/
#include "includes.h"
#include "torture/torture.h"
#include "torture/smbtorture.h"
#include "torture/unix/proto.h"
NTSTATUS torture_unix_init(void)

5
source4/torture/util.h
View File

@ -20,6 +20,11 @@
#ifndef _TORTURE_PROVISION_H_
#define _TORTURE_PROVISION_H_
#include "torture/torture.h"
struct smbcli_state;
struct smbcli_tree;
/**
setup a directory ready for a test
*/

1
source4/torture/util_smb.c
View File

@ -28,7 +28,6 @@
#include "system/shmem.h"
#include "system/wait.h"
#include "system/time.h"
#include "torture/ui.h"
#include "torture/torture.h"
#include "util/dlinklist.h"
#include "auth/credentials/credentials.h"

2
source4/torture/winbind/struct_based.c
View File

@ -26,7 +26,7 @@
#include "libcli/security/security.h"
#include "librpc/gen_ndr/netlogon.h"
#include "param/param.h"
#include "auth/pam_errors.h"
#include "auth/ntlm/pam_errors.h"
#define DO_STRUCT_REQ_REP_EXT(op,req,rep,expected,strict,warnaction,cmt) do { \
NSS_STATUS __got, __expected = (expected); \

2
source4/torture/winbind/winbind.c
View File

@ -18,7 +18,7 @@
*/
#include "includes.h"
#include "torture/torture.h"
#include "torture/smbtorture.h"
#include "torture/winbind/proto.h"
NTSTATUS torture_winbind_init(void)

1
source4/utils/config.mk
View File

@ -13,6 +13,7 @@ PRIVATE_DEPENDENCIES = \
gensec \
LIBCLI_RESOLVE \
auth \
ntlm_check \
MESSAGING \
LIBEVENTS
# End BINARY ntlm_auth

1
source4/utils/ntlm_auth.c
View File

@ -30,6 +30,7 @@
#include "auth/auth.h"
#include "librpc/gen_ndr/ndr_netlogon.h"
#include "auth/auth_sam.h"
#include "auth/ntlm/ntlm_check.h"
#include "pstring.h"
#include "libcli/auth/libcli_auth.h"
#include "libcli/security/security.h"

2
source4/winbind/wb_samba3_cmd.c
View File

@ -29,7 +29,7 @@
#include "version.h"
#include "librpc/gen_ndr/netlogon.h"
#include "libcli/security/security.h"
#include "auth/pam_errors.h"
#include "auth/ntlm/pam_errors.h"
#include "auth/credentials/credentials.h"
#include "smbd/service_task.h"