IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
- Fix mixing of code and data
- send mechListMic again in SPENGO server
- only send optomistic first packet in the client.
(This used to be commit 9941da8081)
into Samba3.
The NTLMSSP sign/seal code now assumes that GENSEC has already checked
to see if SIGN or SEAL should be permitted. This simplfies the code
ensures that no matter what the mech, the correct code paths have been
set in place.
Also remove duplication caused by the NTLMv2 code's history, and
document why some of the things a bit funny.
In SPNEGO, create a new routine to handle the negTokenInit creation.
We no longer send an OID for a mech we can't start (like kerberos on
the server without a valid trust account).
Andrew Bartlett
(This used to be commit fe45ef608f)
caused me pain (and covourty warnings).
Simply gensec_gssapi to assume the properties of lorikeet-heimdal,
rather than having #ifdef around critical features. This simplifies
the code rather a lot.
Andrew Bartlett
(This used to be commit 11156f556d)
supply the user_sess_key and lm_sess_key parameters. Inspired by
coverty complaining about inconsistant checking.
Also factor out some of this code, where we deal with just NT and LM
hashes, or embedded plaintext passwords.
Andrew Bartlett
(This used to be commit ceec35564f)
the ndr_pull/push/print functions for it in the ntacl-lsm module
- fix compiler warnings in the ldap_encode_ndr_* code
metze
(This used to be commit 83d65d0d7e)
If we ever get problems with the kerberos code, it should show up as a
different signature in this PAC.
This involved returning more data from the pac functions, so changed
some callers and split up some functions.
Andrew Bartlett
(This used to be commit d514a74912)
non-existant field).
Also change time(NULL) into an NTTIME for comparison, rather than
experience rounding bugs (size of time_t) when converting an NTTIME
into a time_t.
Andrew Bartlett
(This used to be commit 181155f9e0)
user_info strcture in auth/
This moves it to a pattern much like that found in ntvfs, with
functions to migrate between PAIN, HASH and RESPONSE passwords.
Instead of make_user_info*() functions, we simply fill in the control
block in the callers, per recent dicussions on the lists. This
removed a lot of data copies as well as error paths, as we can grab
much of it with talloc.
Andrew Bartlett
(This used to be commit ecbd2235a3)
S390. This is an attempt to avoid the panic we're seeing in the
automatic builds.
The main fixes are:
- assumptions that sizeof(size_t) == sizeof(int), mostly in printf formats
- use of NULL format statements to perform dn searches.
- assumption that sizeof() returns an int
(This used to be commit a58ea6b385)
now push/pull a sample PAC, and still have the same byte buffer.
(Metze set up the string code, and probably already has a similar
patch).
Unfortunetly win2k3 still doesn't like what we provide, but every step helps.
Also use data_blob_const() when we are just wrapping data for API
reasons.
Andrew Bartlett
(This used to be commit e7c8076fc1)
(I have included the krbtgt key from my test network).
It turns out the krbtgt signature is over the 16 (or whatever,
enc-type dependent) bytes of the signature, not the entire structure.
Also do not even try to use Kerberos or GSSAPI on an IP address, it
will only fail.
Andrew Bartlett
(This used to be commit 3b9558e82f)
LOGON_INFO
LOGON_NAME
SRV_CHECKSUM
KDC_CHECKSUM
- w2k3 also don't use the groupmembership array with rids
it uses the othersids array
metze
(This used to be commit 2286fad27d)
- move to handmodified pull/push code for PAC_BUFFER
to get the _ndr_size field and the subcontext size right
- after looking closely to the sample w2k3 PAC in our torture test (and some more in my archive)
I found out that the first uint32 before the netr_SamInfo3 was also a pointer,
(and we passed a NULL pointer there before, so I think that was the reason why the windows clients doesn't want our PAC)
w2k3 uses this for unique pointers:
ptr = ndr->ptr_count * 4;
ptr |= 0x00020000;
ndr->ptr_count;
- do one more pull/push round with the sample PAC
metze
(This used to be commit 0eee179415)
much closer.
This changes PIDL to allow a subcontext to have a pad8 flag, saying to
pad behind to an 8 byte boundary. This is the only way I can explain
the 4 trainling zeros in the signature struct.
Far more importantly, the PAC code is now under self-test, both in
creating/parsing our own PAC, but also a PAC from my win2k3 server.
This required changing auth_anonymous, because I wanted to reuse the
anonymous 'server_info' generation code.
I'm still having trouble with PIDL, particulary as surrounds value(),
but I'll follow up on the list.
Andrew Bartlett
(This used to be commit 50a54bf4e9)
We now generate the PAC, and can verifiy both our own PAC and the PAC
from Win2k3.
This commit adds the PAC generation code, spits out the code to get
the information we need from the NETLOGON server back into a auth/
helper function, and adds a number of glue functions.
In the process of building the PAC generation code, some hints in the
Microsoft PAC specification shed light on other parts of the code, and
the updates to samr.idl and netlogon.idl come from those hints.
Also in this commit:
The Heimdal build package has been split up, so as to only link the
KDC with smbd, not the client utils.
To enable the PAC to be veified with gensec_krb5 (which isn't quite
dead yet), the keyblock has been passed back to the calling layer.
Andrew Bartlett
(This used to be commit e2015671c2)
This won't actually work until I get the keyblock filled in again, but
at least it will compile.
I first need to decide if we want to keep the server-side gensec_krb5
code at all, now we have the GSSAPI layer doing what we want.
Andrew Bartlett
(This used to be commit 28e49de929)
the 'PAC', required for interopability with Active Directory.
This is still a cludge, as it doesn't handle different encryption
types, but that should be fairly easy to fix (needs PIDL/IDL changes).
Andrew Bartlett
(This used to be commit 690cfc44ce)
keys appear at the end of the PAC, which I feel is deliberate (it
makes this much easier).
I still can't make it work, but I'm sure we are closer.
Andrew Bartlett
(This used to be commit 6f0e1c80ae)
'mock GSSAPI'.
Many thanks to Luke Howard for the work he has done on Heimdal for
XAD, to provide the right API hooks in GSSAPI.
Next step is to verify the signatures, and to build the PAC for the
KDC end.
Andrew Bartlett
(This used to be commit 2e82743c98)
This builds on the work tridge did to make -lcrypt conditional, rather
than globally linked. This was needed for Heimdal stuff, but then I
'fixed' heimdal, and we now reintroduce it here.
Andrew Bartlett
(This used to be commit 83d9d8f482)
quite a large change as we had lots of code that assumed that
objectSid was a string in S- format.
metze and simo tried to convince me to use NDR format months ago, but
I didn't listen, so its fair that I have the pain of fixing all the
code now :-)
This builds on the ldb_register_samba_handlers() and ldif handlers
code I did earlier this week. There are still three parts of this
conversion I have not finished:
- the ltdb index records need to use the string form of the objectSid
(to keep the DNs sane). Until that it done I have disabled indexing on
objectSid, which is a big performance hit, but allows us to pass
all our tests while I rejig the indexing system to use a externally
supplied conversion function
- I haven't yet put in place the code that allows client to use the
"S-xxx-yyy" form for objectSid in ldap search expressions. w2k3
supports this, presumably by looking for the "S-" prefix to
determine what type of objectSid form is being used by the client. I
have been working on ways to handle this, but am not happy with
them yet so they aren't part of this patch
- I need to change pidl to generate push functions that take a
"const void *" instead of a "void*" for the data pointer. That will
fix the couple of new warnings this code generates.
Luckily it many places the conversion to NDR formatted records
actually simplified the code, as it means we no longer need as many
calls to dom_sid_parse_talloc(). In some places it got more complex,
but not many.
(This used to be commit d40bc2fa8d)
lifetime constraints, and works with the in-memory keytab.
Move initialize_krb5_error_table() into our kerberos startup code,
rather than in the GSSAPI code explitly. (Hmm, we probably don't need
this at all..)
Andrew Bartlett
(This used to be commit bedf92da5c)
support in Heimdal.
This removes the 'ext_keytab' step from my Samba4/WinXP client howto.
In doing this work, I realised that the replay cache in Heimdal is
currently a no-op, so I have removed the calls to it, and therefore
the mutex calls from passdb/secrets.c.
This patch also includes a replacement 'magic' mechanism detection,
that does not issue extra error messages from deep inside the GSSAPI
code.
Andrew Bartlett
(This used to be commit c19d5706f4)
Session Setup code.
Add a mem_ctx argument to a few of the NTLMv2 support functions, and
add smb.conf options to control client NTLMv2 behaviour.
Andrew Bartlett
(This used to be commit 3f35cdb218)
event_context for the socket_connect() call, so that when things that
use dcerpc are running alongside anything else it doesn't block the
whole process during a connect.
Then of course I needed to change any code that created a dcerpc
connection (such as the auth code) to also take an event context, and
anything that called that and so on .... thus the size of the patch.
There were 3 places where I punted:
- abartlet wanted me to add a gensec_set_event_context() call
instead of adding it to the gensec init calls. Andrew, my
apologies for not doing this. I didn't do it as adding a new
parameter allowed me to catch all the callers with the
compiler. Now that its done, we could go back and use
gensec_set_event_context()
- the ejs code calls auth initialisation, which means it should pass
in the event context from the web server. I punted on that. Needs fixing.
- I used a NULL event context in dcom_get_pipe(). This is equivalent
to what we did already, but should be fixed to use a callers event
context. Jelmer, can you think of a clean way to do that?
I also cleaned up a couple of things:
- libnet_context_destroy() makes no sense. I removed it.
- removed some unused vars in various places
(This used to be commit 3a3025485b)
them in the ntlmssp code, which is the only place they are
used. Andrew, please remove them completely once you have some more
reliable way to get this info
they are bogus as gethostname() may give us a short hostname (and does
on lot of systems), so the calls often give totally the wrong result
anyway
(This used to be commit 35ec292f86)
- if you want kerberos now, you need to unpack a lorikeet heimdal
tree in source/heimdal/. If source/heimdal/ does not exist at
configure time then all kerberos features are disabled. You cannot
use an external kerberos library for now. That may change later.
- moved lib/replace/ config stuff to lib/replace/ and create a
lib/replace/replace.h. That allows the heimdal build to use our
portability layer, and prevenets duplicate definitions of functions
like strlcat()
- if you do enable heimdal, then you will need to do 'make
HEIMDAL_EXTERNAL' before you build Samba. That should be fixed once
I explain the problem to jelmer (the problem is the inability to
set a depend without also dragging in the object list of the
dependency. We need this for building the heimdal asn1 compiler and
et compiler.
- disabled all of the m4 checks for external kerberos libraries. I
left them in place in auth/kerberos/, but disabled it in
configure.in
some of the heimdal_build/ code is still very rough, for example I
don't correctly detect the correct awk, flex, bison replacements for
heimdal_build/build_external.sh. I expect to fix that stuff up over
the next few days.
(This used to be commit d4648249b2)
btw: I use this for configuring heimdal
>>>
CONFIG="CFLAGS=\"-g -O -Wall -Wstrict-prototypes -Wpointer-arith -Wcast-align -Wwrite-strings -Wdeclaration-after-statement\" \
CC=gcc-4.0 \
./configure -C --prefix=$HOME/prefix/heimdal-test \
--sysconfdir=/etc \
--enable-shared=no \
--with-ldb=$HOME/prefix/ldb \
--without-openldap \
--without-openssl $@"
echo $CONFIG
eval $CONFIG
>>>
maybe you also want to use --disable-berkeley-db
metze
(This used to be commit 2aec140e00)
fill in the function pointers to handle the logging, and catch all the
kerberos warnings. (Currently at level 3).
To avoid a memory leak, this requries a new function: krb5_freelog(),
which I've added to lorikeet/heimdal.
This also required a revamp to how we handle the krb5_context, so as
to make it easier to handle with talloc destructors.
Andrew Bartlett
(This used to be commit 63272794c4)
Using current lorikeet/heimdal, and with the KDC module enabled (it is
disabled by default), I almost get the KDC to link.
(To enable the KDC for testing, comment out the only line in
smbd/config.m4, and add 'kdc' to the 'server services' line in
smb.conf).
(This used to be commit 26cd4b4f68)
and long names for a domain.
Add servicePrincipalName mapping table (administrator configurable),
in the same spot as microsoft uses.
Andrew Bartlett
(This used to be commit c25e78b4b3)
done by setting:
OUTPUT_TYPE = SHARED_LIBRARY
in the [SUBSYSTEM::...] section belonging to a subsystem.
The idea is to allow multiple values to OUTPUT_TYPE simultaneously
(e.g. OUTPUT_TYPE = SHARED_LIBRARY, STATIC_LIBRARY, OBJLIST )
(This used to be commit b9d0ae93ba)
should allow us to ditch the local static storage for OIDs, as well as
fix the build on non-heimdal platforms.
Andrew Bartlett
(This used to be commit a7e2ecfac9)
Finally remove the distinction between 'krb5' and 'ms_krb5'. We now
don't do kerberos stuff twice on failure. The solution to this is
slightly more general than perhaps was really required (as this is a
special case), but it works, and I'm happy with the cleanup I achived
in the process. All modules have been updated to supply a
NULL-terminated list of OIDs.
In that process, SPNEGO code has been generalised, as I realised that
two of the functions should have been identical in behaviour.
Over in the actual modules, I have worked to remove the 'kinit' code
from gensec_krb5, and placed it in kerberos/kerberos_util.c.
The GSSAPI module has been extended to use this, so no longer requires
a manual kinit at the command line. It will soon loose the
requirement for a on-disk keytab too.
The general kerberos code has also been updated to move from
error_message() to our routine which gets the Heimdal error string
(which may be much more useful) when available.
Andrew Bartlett
(This used to be commit 0101728d8e)
features merged back into gensec_gssapi.
(Removed because I've made some API changes, and it isn't worth
'fixing' the rudundent code to cope with changes)
Andrew Bartlett
(This used to be commit e8cf3d58ec)
This also includes other changes to reduce memory use by GENSEC when
not being used for sign/seal operations. This should lower tridge's K
'per connection' benchmark further.
Andrew Bartlett
(This used to be commit 4a5829401b)
same time, but with different names. This just helps me avoid
conflicts when I merge up my other changes.
Andrew Bartlett
(This used to be commit 27e6a853a5)
This patch allows a suitably patched Heimdal GSSAPI library (detected
in configure) to supply to us the session keys, and further compleats
the gensec_gssapi module. This is tested for CIFS, but fails for LDAP
at this point (that is what I'll work on next).
We currently fill out the 'session info' from the SAM, like
gensec_krb5 does, but both will need to use the PAC extraction
functions in the near future.
Andrew Bartlett
(This used to be commit 937ee36161)
code, which is certainly not in the form of machine$.
Rework the default salt to match what I just added to the heimdal
server (Samba4 is back on speaking terms with lorikeet heimdal now),
from Luke Howard's post to samba-technical in Nov 2004.
Now to test compatability with MS...
Andrew Bartlett
(This used to be commit d719a0093b)
client credentials code to read the secrets.ldb.
Also clean up error handling, and ensure to always set the
last_error_message stuff.
Andrew Bartlett
(This used to be commit 435d229e5d)
no longer done globally.
This keeps MIT client libraries happy, because otherwise the windows
KDC will return a different case to what was requested.
Andrew Bartlett
(This used to be commit 9098b9321f)
We need to pass the 'secure channel type' to the NETLOGON layer, which
must match the account type.
(Yes, jelmer objects to this inclusion of the kitchen sink ;-)
Andrew Bartlett
(This used to be commit 8ee208a926)
if we use lm_response = data_blob(NULL, 0);
we got NT_STATUS_INVALID_PARAMETER
(abartlet: we should maybe also give this error in our server code)
metze
(This used to be commit be5e301442)
struct ntlmssp_state, and pushes all the member elements into struct
gensec_ntlmssp_state.
This also removes the 2-layer start function, caused by the previous
double abstraction layer.
Andrew Bartlett
(This used to be commit eebbb4205b)
client and server logic code. In future, this may allow us to build
only the NTLMSSP client, and not the server, but in the short-term, it
allows me greater sainity in moving around these files.
Andrew Bartlett
(This used to be commit 2f22841c67)
The aim here is to remove the extra layer of abstraction, and to then
use the credentials code directly in the NTLMSSP layer.
Andrew Bartlett
(This used to be commit b14c530dfd)
auth/gensec and auth/kerberos.
This also pulls the kerberos configure code out of libads (which is
otherwise dead), and into auth/kerberos/kerberos.m4
Andrew Bartlett
(This used to be commit e074d63f3d)
GENSEC, and to pull SCHANNEL into GENSEC, by making it less 'special'.
GENSEC now no longer has it's own handling of 'set username' etc,
instead it uses cli_credentials calls.
In order to link the credentails code right though Samba, a lot of
interfaces have changed to remove 'username, domain, password'
arguments, and these have been replaced with a single 'struct
cli_credentials'.
In the session setup code, a new parameter 'workgroup' contains the
client/server current workgroup, which seems unrelated to the
authentication exchange (it was being filled in from the auth info).
This allows in particular kerberos to only call back for passwords
when it actually needs to perform the kinit.
The kerberos code has been modified not to use the SPNEGO provided
'principal name' (in the mechListMIC), but to instead use the name the
host was connected to as. This better matches Microsoft behaviour,
is more secure and allows better use of standard kerberos functions.
To achieve this, I made changes to our socket code so that the
hostname (before name resolution) is now recorded on the socket.
In schannel, most of the code from librpc/rpc/dcerpc_schannel.c is now
in libcli/auth/schannel.c, and it looks much more like a standard
GENSEC module. The actual sign/seal code moved to
libcli/auth/schannel_sign.c in a previous commit.
The schannel credentails structure is now merged with the rest of the
credentails, as many of the values (username, workstation, domain)
where already present there. This makes handling this in a generic
manner much easier, as there is no longer a custom entry-point.
The auth_domain module continues to be developed, but is now just as
functional as auth_winbind. The changes here are consequential to the
schannel changes.
The only removed function at this point is the RPC-LOGIN test
(simulating the load of a WinXP login), which needs much more work to
clean it up (it contains copies of too much code from all over the
torture suite, and I havn't been able to penetrate its 'structure').
Andrew Bartlett
(This used to be commit 2301a4b38a)
secrets system, and not the old system from Samba3.
This allowed the code from auth_domain to be shared - we now only
lookup the secrets.ldb in lib/credentials.c.
In order to link the resultant binary, samdb_search() has been moved
from deep inside rpc_server into lib/gendb.c, along with the existing
gendb_search_v(). The vast majority of this patch is the simple
rename that followed,
(Depending on the whole SAMDB for just this function seemed pointless,
and brought in futher dependencies, such as smbencrypt.c).
Andrew Bartlett
(This used to be commit e13c671619)
This adds the auth_domain module to the auth subsystem, and cleans up
some small details around the join process (ensuring all the right
info is in the DB).
Andrew Bartlett
(This used to be commit 858cbfb821)
need a NULL domain (or a "" domain, except this breaks NTLMv2, and I
need to look into it a bit more).
Add support to the Samba4 server for these logins. This will need
extension when we handle trusted domains as a DC, as it is a principal
name, not just another format for the username.
Andrew Bartlett
(This used to be commit de02c7c222)
less likely that anyone will use pstring for new code
- got rid of winbind_client.h from includes.h. This one triggered a
huge change, as winbind_client.h was including system/filesys.h and
defining the old uint32 and uint16 types, as well as its own
pstring and fstring.
(This used to be commit 9db6c79e90)
- added async support to the negprot client code
- removed two unused parameters from smbcli_full_connection() code
- converted smbclient to use smbcli_full_connection() rather than
reinventing everything itself
(This used to be commit 71cbe28734)
use function pointers anymore
- make the module init much easier
- a lot of cleanups
don't try to read the diff in auth/ better read the new files
it passes test_echo.sh and test_rpc.sh
abartlet: please fix spelling fixes
metze
(This used to be commit 3c0d16b823)
- added #if TALLOC_DEPRECATED around the _p functions
- fixes the code that broke from the above
while doing this I fixed quite a number of places that were
incorrectly using the non type-safe talloc functions to use the type
safe ones. Some were even doing multiplies for array allocation, which
is potentially unsafe.
(This used to be commit 6e7754abd0)
Include RPC-SAMLOGON in the list of tests expected to pass
Remove silly extra loops from the RPC-SAMLOGON test, which mostly just
slowed htings down.
Andrew Bartlett
(This used to be commit 518ca9fb69)
I just need to fix a couple of NTLMv2 issues before we can fully pass,
and put this in test_rpc.sh, as a 'should pass' test.
Andrew Bartlett
(This used to be commit 4b52409e38)
pvfs will now honor some privileges on ACLs, and it will be quite easy
to add the checks for more privileges in the necessary places, by
making calls to sec_privilege_check().
(This used to be commit 3549039d0f)
this is mostly just a tidyup, but also adds the privilege_mask, which
I will be using shortly in ACL checking.
note that I had to move the definition of struct security_token out of
security.idl as pidl doesn't yet handle arrays of pointers, and the
usual workaround (to use a intermediate structure) would make things
too cumbersome for this structure, especially given we never encode it
to NDR.
(This used to be commit 7b446af09b)
This reduces the total size of the samba binaries from 119 Mb to 73 Mb.
Next step will be to have the build system obtain some of this information
by itself, so that we don't have to write ~10 lines per interface manually.
(This used to be commit 16d905f6b0)
- split ldh.h out of samba's includes.h
- make ldb_context and ldb_module private to the subsystem
- use ltdb_ prefix for all ldb_tdb functions
metze
(This used to be commit f5ee40d6ce)
- Use .mk files directly (no need for a SMB_*_MK() macro when adding a new SUBSYSTEM, MODULE or BINARY). This allows addition of new modules and subsystems without running configure
- Add support for generating .dot files with the Samba4 dependency tree (as used by the graphviz and springgraph utilities)
(This used to be commit 64826da834)
Both subsystems and modules can now have init functions, which can be
specified in .mk files (INIT_FUNCTION = ...)
The build system will define :
- SUBSYSTEM_init_static_modules that calls the init functions of all statically compiled modules. Failing to load will generate an error which is not fatal
- BINARY_init_subsystems that calls the init functions (if defined) for the subsystems the binary depends on
This removes the hack with the "static bool Initialised = " and the
"lazy_init" functions
(This used to be commit 7a8244761b)
(which I suspect was missing some pieces)
this at least fixes the build so i can keep going on pvfs. Please review/fix Andrew.
(This used to be commit bffd18d09d)
returned validation information into the server_info struct.
Also allow for easier expansion to different variations on validation
levels.
Andrew Bartlett
(This used to be commit 316b74029c)
- tidied up some of the system includes
- moved a few more structures back from misc.idl to netlogon.idl and samr.idl now that pidl
knows about inter-IDL dependencies
(This used to be commit 7b7477ac42)
I have created the include/system/ directory, which will contain the
wrappers for the system includes for logical subsystems. So far I have
created include/system/kerberos.h and include/system/network.h, which
contain all the system includes for kerberos code and networking code.
These are the included in subsystems that need kerberos or networking
respectively.
Note that this method avoids the mess of #ifdef HAVE_XXX_H in every C
file, instead each C module includes the include/system/XXX.h file for
the logical system support it needs, and the details are kept isolated
in include/system/
This patch also creates a "struct ipv4_addr" which replaces "struct
in_addr" in our code. That avoids every C file needing to import all
the system networking headers.
(This used to be commit 2e25c71853)
The thing that finally convinced me that minimal includes was worth
pursuing for rpc was a compiler (tcc) that failed to build Samba due
to reaching internal limits of the size of include files. Also the
fact that includes.h.gch was 16MB, which really seems excessive. This
patch brings it back to 12M, which is still too large, but
better. Note that this patch speeds up compile times for both the pch
and non-pch case.
This change also includes the addition iof a "depends()" option in our
IDL files, allowing you to specify that one IDL file depends on
another. This capability was needed for the auto-includes generation.
(This used to be commit b8f5fa8ac8)
Samba3's winbind. This is also the start of domain membership code in
Samba4, as we now (partially) parse the info3, and use it like Samba3
does.
Andrew Bartlett
(This used to be commit c1b7303c1c)
rather than doing everything itself. This greatly simplifies the
code, although I really don't like the socket_recv() interface (it
always allocates memory for you, which means an extra memcpy in this
code)
- fixed several bugs in the socket_ipv4.c code, in particular client
side code used a non-blocking connect but didn't handle EINPROGRESS,
so it had no chance of working. Also fixed the error codes, using
map_nt_error_from_unix()
- cleaned up and expanded map_nt_error_from_unix()
- changed interpret_addr2() to not take a mem_ctx. It makes absolutely
no sense to allocate a fixed size 4 byte structure like this. Dozens
of places in the code were also using interpret_addr2() incorrectly
(precisely because the allocation made no sense)
(This used to be commit 7f2c771b0e)
This required reworking the auth_sam code, so that it would export the
'name -> server_info' functionality. It's a bit ugly from a modular
point of view, but it's what we have to do...
Fix up some of the code to better use the new talloc()
Andrew Bartlett
(This used to be commit 18e08b4497)
auth_winbind to work, and to therefore use the new ntlm_auth and
GENSEC in an otherwise Samba3 setup.
I'm not quite sure what fun-and games my svn cp caused as I merged
this from samba_3_0, but anyway...
Andrew Bartlett
(This used to be commit 5925b94a59)
The motivation for this change was to avoid having to convert to/from
ucs2 strings for so many operations. Doing that was slow, used many
static buffers, and was also incorrect as it didn't cope properly with
unicode codepoints above 65536 (which could not be represented
correctly as smb_ucs2_t chars)
The two core functions that allowed this change are next_codepoint()
and push_codepoint(). These functions allow you to correctly walk a
arbitrary multi-byte string a character at a time without converting
the whole string to ucs2.
While doing this cleanup I also fixed several ucs2 string handling
bugs. See the commit for details.
The following code (which counts the number of occuraces of 'c' in a
string) shows how to use the new interface:
size_t count_chars(const char *s, char c)
{
size_t count = 0;
while (*s) {
size_t size;
codepoint_t c2 = next_codepoint(s, &size);
if (c2 == c) count++;
s += size;
}
return count;
}
(This used to be commit 814881f0e5)
the first was it didn't pass primaryGroupID as an attributed it
wanted, the second was it didn't cope with primaryGroupID not being
present.
(This used to be commit 8373bfcdec)
a const pointer really means that "the data pointed to by this pointer
won't change", and that is certainly true of talloc(). The fact that
some behind-the-scenes meta-data can change doesn't matter from the
point of view of const.
this fixes a number of const warnings caused by const data structures
being passed as talloc contexts. That will no longer generate a
warning.
also changed the talloc leak reporting option from --leak-check to
--leak-report, as all it does is generate a report on exit. A new
--leak-report-full option has been added that shows the complete tree
of memory allocations, which is is quite useful in tracking things down.
NOTE: I find it quite useful to insert talloc_report_full(ptr, stderr)
calls at strategic points in the code while debugging memory
allocation problems, particularly before freeing a major context (such
as the connection context). This allows you to see if that context has
been accumulating too much data, such as per-request data, which
should have been freed when the request finished.
(This used to be commit c60ff99c31)
connection termination cleanup, and to ensure that the event
contexts are properly removed for every process model
- gave auth_context the new talloc treatment, which removes another
source of memory leaks.
(This used to be commit 230e1cd777)
write_data and read_data, which are inherently blocking operations
- got rid of some old NBT keepalive routines that are not needed
(This used to be commit e73b4ae4e5)
count features of talloc, instead of re-implementing both those
features inside of samdb (which is what we did before).
This makes samdb considerably simpler, and also fixes some bugs, as I
found some error paths that didn't call samdb_close(). Those are now
handled by the fact that a talloc_free() will auto-close and destroy
the samdb context, using a destructor.
(This used to be commit da60987a92)
This version does the following:
1) talloc_free(), talloc_realloc() and talloc_steal() lose their
(redundent) first arguments
2) you can use _any_ talloc pointer as a talloc context to allocate
more memory. This allows you to create complex data structures
where the top level structure is the logical parent of the next
level down, and those are the parents of the level below
that. Then destroy either the lot with a single talloc_free() or
destroy any sub-part with a talloc_free() of that part
3) you can name any pointer. Use talloc_named() which is just like
talloc() but takes the printf style name argument as well as the
parent context and the size.
The whole thing ends up being a very simple piece of code, although
some of the pointer walking gets hairy.
So far, I'm just using the new talloc() like the old one. The next
step is to actually take advantage of the new interface
properly. Expect some new commits soon that simplify some common
coding styles in samba4 by using the new talloc().
(This used to be commit e35bb094c5)
Rework our random number generation system.
On systems with /dev/urandom, this avoids a change to secrets.tdb for every fork().
For other systems, we now only re-seed after a fork, and on startup.
No need to do it per-operation. This removes the 'need_reseed'
parameter from generate_random_buffer().
This also requires that we start the secrets subsystem, as that is
where the reseed value is stored, for systems without /dev/urandom.
In order to aviod identical streams in forked children, the random
state is re-initialised after the fork(), at the same point were we do
that to the tdbs.
Andrew Bartlett
(This used to be commit b97d3cb2ef)
the idea is to have services as modules (smb, dcerpc, swat, ...)
the process_model don't know about the service it self anymore.
TODO:
- the smbsrv should use the smbsrv_send function
- the service subsystem init should be done like for other modules
- we need to have a generic socket subsystem, which handle stream, datagram,
and virtuell other sockets( e.g. for the ntvfs_ipc module to connect to the dcerpc server
, or for smb or dcerpc or whatever to connect to a server wide auth service)
- and other fixes...
NOTE: process model pthread seems to be broken( but also before this patch!)
metze
(This used to be commit bbe5e00715)
This implements gensec for Samba's server side, and brings gensec up
to the standards of a full subsystem.
This means that use of the subsystem is by gensec_* functions, not
function pointers in structures (this is internal). This causes
changes in all the existing gensec users.
Our RPC server no longer contains it's own generalised security
scheme, and now calls gensec directly.
Gensec has also taken over the role of auth/auth_ntlmssp.c
An important part of gensec, is the output of the 'session_info'
struct. This is now reference counted, so that we can correctly free
it when a pipe is closed, no matter if it was inherited, or created by
per-pipe authentication.
The schannel code is reworked, to be in the same file for client and
server.
ntlm_auth is reworked to use gensec.
The major problem with this code is the way it relies on subsystem
auto-initialisation. The primary reason for this commit now.is to
allow these problems to be looked at, and fixed.
There are problems with the new code:
- I've tested it with smbtorture, but currently don't have VMware and
valgrind working (this I'll fix soon).
- The SPNEGO code is client-only at this point.
- We still do not do kerberos.
Andrew Bartlett
(This used to be commit 07fd885fd4)
- added workstation to auth_session_info in rpc servers
- added session key fetch hook in crypto backends in dcesrv
- store and fetch seed as well as a session key in schannel ldb
- when a client uses schannel to setup a netlogon pipe connection we
also need to setup the credentials from the schannel negotiation so
credentials chaining works
- added server side netr_LogonGetDomainInfo() call
(This used to be commit a35459387d)
the dce_conn->auth_state.session_info
( the ntlmssp one works fine, but the schannel one isn't implemented yet)
this is also set by the ntvfs_ipc backend on the endpoint connect.
metze
(This used to be commit ad3dd1789e)
This starts to store information about the user in the server_info
struct - like the account name, the full name etc.
Also, continue to make the names of the structure elements in the
logon reply more consistant with those in the SAMR pipe.
Andrew Bartlett
(This used to be commit 3ccd96bd94)
pwd -> password
passwd -> password
username -> account_name
Also work on consistant structure feild names between these two pipes,
and fix up some callers to use samr_Password for the netlogon
credential code.
Andrew Bartlett
(This used to be commit 4e35418c27)
goodness and light' struct ;-)
Break apart the auth subsystem's return strucutres, into the parts
that a netlogon call cares about, and the parts that are for a local
session. This is the 'struct session_info' and it will almost
completly replace the current information stored on a vuid, but be
generic to all login methods (RPC over TCP, for example).
Andrew Bartlett
(This used to be commit d199697014)
names rather than our crazy naming scheme. So DES is now called
des_crypt() rather than smbhash()
- added the code from the solution of the ADS crypto challenge that
allows Samba to correctly handle a 128 bit session key in all of the
netr_ServerAuthenticateX() varients. A huge thanks to Luke Howard
from PADL for solving this one!
- restructured the server side rpc authentication to allow for other
than NTLMSSP sign and seal. This commit just adds the structure, the
next commit will add schannel server side support.
- added 128 bit session key support to our client side code, and
testing against w2k3 with smbtorture. Works well.
(This used to be commit 729b2f41c9)
Samba's NTLMSSP code is now fully talloc based, which should go a long
way to cleaning up the memory leaks in this code. This also avoids a
lot of extra copies of data, as we now allocate the 'return' blobs on
a caller-supplied context.
I have also been doing a lot of work towards NTLM2 signing and
sealing. I have this working for sealing, but not for the verifier
(MD5 integrity check on the stream) which is still incorrect.
(I can aim a rpcecho sinkdata from a Win2k3 box to my server, and the
data arrives intact, but the signature check fails. It does however
match the test values I have...).
The new torture test is cludged in - when we get a unit test suite
back, I'll happliy put it in the 'right' place....
Andrew Bartlett
(This used to be commit 399e2e2b11)
structures. This was suggested by metze recently.
I checked on the build farm and all the machines we have support 64
bit ints, and support the LL suffix for 64 bit constants. I suspect
some won't support strtoll() and related functions, so we will
probably need replacements for those.
(This used to be commit 9a9244a1c6)
- Remove legacy sid_to_string (which contained a memleak)
- Remove some unused parts of lib/util_sid.c
Andrew Bartlett
(This used to be commit 7c69a85984)
Currently this only authentiates the machine, not real users.
As a consequence of running the Samba4 NETLOGON test against Samba4, I
found a number of issues in the SAMR server, which I have addressed.
There are more templates in the provison.ldif for this reason.
I also added some debug to our credentials code, and fixed some bugs
in the auth_sam module.
The static buffer in generate_random_string() bit me badly, so I
removed it in favor of a talloc based system.
Andrew Bartlett
(This used to be commit 94624e519b)
This commit kills passdb, which was only hosting the auth subsystem.
With the work tridge has done on Samba4's SAM backend, this can (and
now is) all hosted on ldb. The auth_sam.c file now references this
backend.
You will need to assign your users passwords in ldb - adding a new line:
unicodePwd: myPass
to a record, using ldbedit, should be sufficient. Naturally, this
assumes you have had your personal SAMR provisioning tutorial from
tridge. Everybody else can still use the anonymous logins.
Andrew Bartlett
(This used to be commit 2aa0b55fb8)
This removes the code that tried to lookup posix groups, as well as
the code that was tied to the SAM_ACCOUNT.
This should make auth_ldb much easier to write :-)
Andrew Bartlett
(This used to be commit e096ee2112)
paramter, without special links to other variables.
When we get 'server role' ideas back into Samba4, we can fix this properly.
The default is:
guest, sam_ignoredomain
which is the expected behaviour for a stand-alone server.
Andrew Bartlett
(This used to be commit 56ebc4275f)
Not all the auth code is merged - only those parts that are actually
being used in Samba4.
There is a lot more work to do in the NTLMSSP area, and I hope to
develop that work here. There is a start on this here - splitting
NTLMSSP into two parts that my operate in an async fashion (before and
after the actual authentication)
Andrew Bartlett
(This used to be commit 5876c78806)
added ldbedit, a _really_ useful command
added ldbadd, ldbdel, ldbsearch and ldbmodify to build
solved lots of timezone issues, we now pass the torture tests with
client and server in different zones
fixed several build issues
I know this breaks the no-LDAP build. Wait till I arrive in San Jose for that
fix.
(This used to be commit af34710d4d)
I needed to hack the ntlmssp code a little, as the auth code in samba4
is out of date relative to the samba3 auth code. I need to do a merge :)
(This used to be commit 6ee0935afe)
don't cause fragmented pdus (I'll add fragments shortly)
* change data_blob_talloc() to not zero memory when the 2nd argument
is NULL. The zeroing just masks bugs, and can't even allow a DOS
attack
* modified pidl to ensure that [ref] arguments to the out side of
functions are allocated when parsing the in side. This allows rpc
backends to assume that [ref] variables are all setup. Doesn't work
correctly for [ref] arrays yet
* changed DLIST_ADD_END() to take the type instead of a tmp
variable. This means you don't need to declare a silly tmp variable in
the caller
(This used to be commit 46e0a35819)
* moved ntlmssp code into libcli/auth/, and updated to latest ntlmssp
code from samba3 (thanks Andrew! the new interface is great)
* added signing/ntlmssp support in the dcerpc code
* added a dcerpc_auth.c module for the various dcerpc auth mechanisms
(This used to be commit c18c9b5585)
- added SMBD_LISTEN_BACKLOG in local.h
- added the beginnings of a ndr/rpc parsing framework for Samba4. It
currently correctly parses security descriptors for the nttrans
QUERY_SECDESC call, but I hope it will become a reasonable framework
that an idl based generator can work to
(This used to be commit 9bf904fc34)