1
0
mirror of https://github.com/samba-team/samba.git synced 2024-12-24 21:34:56 +03:00
Commit Graph

37911 Commits

Author SHA1 Message Date
Stefan Metzmacher
56319cf1b7 s3:rpc_transport_tstream: only use tstream_cli_np_use_trans() for sync requests
Currently the caller doesn't cope with multiple async requests anyway,
so this is just protection for the future.

metze

Autobuild-User: Stefan Metzmacher <metze@samba.org>
Autobuild-Date: Fri Aug  5 22:31:12 CEST 2011 on sn-devel-104
2011-08-05 22:31:12 +02:00
Volker Lendecke
dfa8a5fca5 s3: Make srv_enc_ctx static
Autobuild-User: Volker Lendecke <vlendec@samba.org>
Autobuild-Date: Fri Aug  5 18:29:24 CEST 2011 on sn-devel-104
2011-08-05 18:29:24 +02:00
Volker Lendecke
3b5e7c55d8 s3: Fix a debug message 2011-08-05 17:12:07 +02:00
Volker Lendecke
eb2d3961d8 s3: Fix some nonempty blank lines 2011-08-05 17:12:06 +02:00
Volker Lendecke
c73890d230 s3: Fix "ISO C90 forbids mixed declarations and code"
Autobuild-User: Volker Lendecke <vlendec@samba.org>
Autobuild-Date: Fri Aug  5 16:58:37 CEST 2011 on sn-devel-104
2011-08-05 16:58:37 +02:00
Volker Lendecke
2751ed6f45 s3: Fix some nonempty blank lines 2011-08-05 15:41:36 +02:00
Björn Jacke
601a2ad588 s3: make linking of pthreadpooltest work on more platforms
Autobuild-User: Björn Jacke <bj@sernet.de>
Autobuild-Date: Fri Aug  5 12:48:55 CEST 2011 on sn-devel-104
2011-08-05 12:48:55 +02:00
Björn Jacke
fd06cf379d s3/ldap: delay the ldap search alarm termination a bit
do the alarm termination of the the ldap search a bit delayed so the LDAP
server has a chance to tell us that the time limit was reached and the
search was abandoned. If the search is terminated this way we also get
the correct LDAP return code in the logs. If alarm() stops the search the ldap
search routine will report that the LDAP server is down which would trigger us
to rebind to the server needlessly which we also want to avoid.
2011-08-05 11:32:09 +02:00
Günther Deschner
a7438cce4e s3-nmbd: fix talloc/malloc mismatch in create_listen_pollfds().
Guenther

Autobuild-User: Günther Deschner <gd@samba.org>
Autobuild-Date: Thu Aug  4 19:06:39 CEST 2011 on sn-devel-104
2011-08-04 19:06:39 +02:00
Björn Jacke
d3b4d75364 s3/swat: use strlcat instead of strncat to fix build on old Linux distros
SLES 9's glibc for example had weird macros where the use of strncat resulted
in the use of strcat which we don't allow.

Signed-off-by: Stefan Metzmacher <metze@samba.org>

Autobuild-User: Björn Jacke <bj@sernet.de>
Autobuild-Date: Thu Aug  4 17:50:24 CEST 2011 on sn-devel-104
2011-08-04 17:50:24 +02:00
Andrew Bartlett
ed59f21f65 s3-ntlmssp void function cannot return value
Removing the return is reasonable here because while no callers
currently specify more than one flag at a time, the
ntlmssp_want_feature code allows it.

Autobuild-User: Andrew Bartlett <abartlet@samba.org>
Autobuild-Date: Thu Aug  4 02:19:46 CEST 2011 on sn-devel-104
2011-08-04 02:19:46 +02:00
Volker Lendecke
84a940e4b7 s3: Fix some nonempty blank lines
Autobuild-User: Volker Lendecke <vlendec@samba.org>
Autobuild-Date: Wed Aug  3 22:00:19 CEST 2011 on sn-devel-104
2011-08-03 22:00:19 +02:00
Günther Deschner
98f9c88e93 s3-printing: fix some build warnings in queue_process.c
Guenther

Autobuild-User: Günther Deschner <gd@samba.org>
Autobuild-Date: Wed Aug  3 17:48:33 CEST 2011 on sn-devel-104
2011-08-03 17:48:33 +02:00
Andrew Bartlett
fec25c3a62 ntlmssp: Add ntlmssp_blob_matches_magic()
This avoids having the same check in 3 different parts of the code

Andrew Bartlett

Autobuild-User: Andrew Bartlett <abartlet@samba.org>
Autobuild-Date: Wed Aug  3 12:45:04 CEST 2011 on sn-devel-104
2011-08-03 12:45:04 +02:00
Andrew Bartlett
d811862b45 s3-ntlmssp Remove rudundent comment
This is explained where SESSION_KEY maps to SIGN at the NTLMSSP layer

Andrew Bartlett
2011-08-03 18:48:06 +10:00
Andrew Bartlett
1dbdddf223 s3-ntlmssp Remove a level of nesting in if/else statement 2011-08-03 18:48:05 +10:00
Andrew Bartlett
7b1d6a6a05 selftest: test plugin_s4_dc against all ncacn_np tests
Changes to the s3 epmapper behaviour seem to have fixed the rest of these
tests.

Andrew Bartlett
2011-08-03 18:48:05 +10:00
Andrew Bartlett
7c4eb9e32e s3-ntlmssp clarify session key behaviour after create_local_token() changes 2011-08-03 18:48:05 +10:00
Andrew Bartlett
3f0b5d05b5 s3-ntlmssp Remove auth_ntlmssp_state_destructor, use the talloc tree instead 2011-08-03 18:48:05 +10:00
Andrew Bartlett
8131dd9df3 s3-auth directly return the result of make_server_info_guest() 2011-08-03 18:48:05 +10:00
Andrew Bartlett
8fca9741fe s3-auth rename auth_ntlmssp_steal_session_info()
There is no longer any theft of memory as the underlying routines now
produce a new auth_session_info for this caller, allocating it
on the supplied memory context.

Andrew Bartlett
2011-08-03 18:48:05 +10:00
Andrew Bartlett
b0dd2cde86 s3-smbd Be consistent with %U subs on guest logins
The NTLMSSP code always specified "" as the username, and this makes
guest logins via the old-style session setup do the same.

Andrew Bartlett
2011-08-03 18:48:05 +10:00
Andrew Bartlett
d3524f2eae s3-auth use auth_generic_start to get full GENSEC in Samba3 session setup
This tests if the auth_generic_start() hook is available on the auth
context during the negprot, and if so it uses auth_generic_start() to
hook to GENSEC to handle the full SPNEGO blob.

Andrew Bartlett

Signed-off-by: Andrew Tridgell <tridge@samba.org>
2011-08-03 18:48:04 +10:00
Andrew Bartlett
9f663270fd s3-auth Add function to start any GENSEC mech by OID
Signed-off-by: Andrew Tridgell <tridge@samba.org>
2011-08-03 18:48:04 +10:00
Andrew Bartlett
23bbf4e758 s3-smbd clarify behaviour by not passing an OID that will not be used
Signed-off-by: Andrew Tridgell <tridge@samba.org>
2011-08-03 18:48:04 +10:00
Andrew Bartlett
36112a442f s3-smbd Ensure we do not read past the end of a possible NTLMSSP blob
Signed-off-by: Andrew Tridgell <tridge@samba.org>
2011-08-03 18:48:04 +10:00
Andrew Bartlett
ef69e140d8 s3-auth clarify the role of these session keys
This comment can be clarified now the auth subsystem does not use the same
structure as the rest of the code.

Andrew Bartlett

Signed-off-by: Andrew Tridgell <tridge@samba.org>
2011-08-03 18:48:04 +10:00
Andrew Bartlett
1aced1e989 s3-auth remove sanitized_username from auth_serversupplied_info
This structure element was only written to, not read.

It is filled into the companion structure, auth_session_info()
by create_local_token().

Andrew Bartlett

Signed-off-by: Andrew Tridgell <tridge@samba.org>
2011-08-03 18:48:04 +10:00
Andrew Bartlett
9a45bf3952 s3-auth set session_info->sanitized_username in create_local_token()
Rather than passing this value around the callers, and eventually
setting it in register_existing_vuid(), we simply pass it to
create_local_token().  This also removes the need for
auth_ntlmssp_get_username().

Andrew Bartlett

Signed-off-by: Andrew Tridgell <tridge@samba.org>
2011-08-03 18:48:04 +10:00
Andrew Bartlett
8b983d2326 s3-ntlmssp Split auth_ntlmssp_start into two functions
This helps map on to the GENSEC semantics better, and ensures that the
full set of desired features are set before the mechanism starts.

Andrew Bartlett

Signed-off-by: Andrew Tridgell <tridge@samba.org>
2011-08-03 18:48:04 +10:00
Andrew Bartlett
902df83680 s3-ntlmssp Split calls to gensec plugin into prepare and start
GENSEC has the concept of starting the GENSEC subsystem before starting the
actual mechansim.  Between these two stages is when most context methods
are called, to specify credentials and features.

Andrew Bartlett

Signed-off-by: Andrew Tridgell <tridge@samba.org>
2011-08-03 18:48:04 +10:00
Andrew Bartlett
1231b784a1 s3-ntlmssp Remove auth_ntlmssp_and_flags()
There is no need to mask out these flags as they simply are not set
yet.

The correct abstraction is to ask for NTLMSSP features.

Andrew Bartlett

Signed-off-by: Andrew Tridgell <tridge@samba.org>
2011-08-03 18:48:03 +10:00
Andrew Bartlett
da4345a8d1 s3-ntlmssp Remove rpccli_get_pwd_hash and auth_ntlmssp_get_nt_hash
The session key we want here (the only one that is availble to the
encryption layer) is the one obtained by cli_get_session_key(), as
NTLMSSP creates a per-session session key via key exchange and NTLMv2
negotiation.

The key was never directly the NT hash anyway (this is simply a
mistake, the extra MD4() was lost during my previous cleanup
f28f113d8e in 2008), but was MD4(NT
hash) in early implementations of NTLMSSP.

However, regardless this call is not available on domain trusts
between AD domains and Windows 2003 R2, making this less useful.

Andrew Bartlett

Signed-off-by: Andrew Tridgell <tridge@samba.org>
2011-08-03 18:48:03 +10:00
Andrew Bartlett
63cb8059db s3-auth Add hook to start a GENSEC mech to auth_samba4
Signed-off-by: Andrew Tridgell <tridge@samba.org>
2011-08-03 18:48:03 +10:00
Andrew Bartlett
bba5f0a641 s3-ntlmssp Remove auth_ntlmssp_or_flags
We now just use auth_ntlmssp_want_feature to get extra flags
on the NTLMSSP context

Andrew Bartlett

Signed-off-by: Andrew Tridgell <tridge@samba.org>
2011-08-03 18:48:03 +10:00
Andrew Bartlett
778bf87d8d s3-ntlmssp Remove calls to auth_ntlmssp_and_flags from the server
This is changed so that the callers ask for the additional flags
that they need, starting with no additional flags.

This helps to create a proper abstraction layer in
ntlmssp_wrap/auth_ntlmssp.

Andrew Bartlett

Signed-off-by: Andrew Tridgell <tridge@samba.org>
2011-08-03 18:48:03 +10:00
Andrew Bartlett
6d7ac4f1ad s3-ntlmssp Add mem_ctx argument to auth_ntlmssp_update
This clarifies the lifetime of the returned token.

Andrew Bartlett

Signed-off-by: Andrew Tridgell <tridge@samba.org>
2011-08-03 18:48:03 +10:00
Andrew Bartlett
763243d6ed s3-ntlmssp NTLMSSP sealing implies signing, so set both flags
Signed-off-by: Andrew Tridgell <tridge@samba.org>
2011-08-03 18:48:03 +10:00
Andrew Bartlett
d69843c908 s3-ntlmssp Add hooks to optionally call into GENSEC in auth_ntlmssp
This allows the current behaviour of the NTLMSSP code to be unchanged
while adding a way to hook in an alternate implementation via an auth
module.

Andrew Bartlett

Signed-off-by: Andrew Tridgell <tridge@samba.org>
2011-08-03 18:48:03 +10:00
Andrew Bartlett
dee845eb70 s3-ntlmssp Add mem_ctx argument to auth_ntlmssp_get_session_key() 2011-08-03 18:48:02 +10:00
Andrew Bartlett
6bcaba6f8a s3-auth Allow auth modules to provide an initialised GENSEC context
This will allow auth plugins such as auth_samba4 to provide an initialised
GENSEC context to auth subsystem callers.

Andrew Bartlett

Signed-off-by: Andrew Tridgell <tridge@samba.org>
2011-08-03 18:48:02 +10:00
Andrew Bartlett
a942401c1f s3-ntlmssp Use auth_ntlmssp_*() functions in more places
This allows auth_ntlmssp_get_ntlmssp_state() to be removed.

Andrew Bartlett

Signed-off-by: Andrew Tridgell <tridge@samba.org>
2011-08-03 18:48:02 +10:00
Andrew Bartlett
9edb9763df s3-ntlmssp Remove unused auth_ntlmssp_get_domain()
Signed-off-by: Andrew Tridgell <tridge@samba.org>
2011-08-03 18:48:02 +10:00
Andrew Bartlett
3185ecaf54 s3-ntlmssp Remove unused auth_ntlmssp_get_client
Signed-off-by: Andrew Tridgell <tridge@samba.org>
2011-08-03 18:48:02 +10:00
Andrew Bartlett
8e50c69626 s3-rpc_server use session_info to print user details
This is the authoritative source for what the user was actually
authenticated as.

The previous message printed only what they claimed, and the DC might
map this.

The workstation is no longer printed in the logs, as it allows
auth_ntlmssp_get_client() to be removed.

Andrew Bartlett

Signed-off-by: Andrew Tridgell <tridge@samba.org>
2011-08-03 18:48:02 +10:00
Andrew Bartlett
c9bde9ae75 s3-auth Use else if in do_map_to_guest_server_info
This means we can't ever call make_server_info_guest() twice.

Andrew Bartlett

Signed-off-by: Andrew Tridgell <tridge@samba.org>
2011-08-03 18:48:02 +10:00
Andrew Bartlett
8a650243b3 s3-auth Move map to guest to directly after the check_password calls
This means we no longer need two different map to guest functions
and have consistent logic with fewer layering violations.

Andrew Bartlett

Signed-off-by: Andrew Tridgell <tridge@samba.org>
2011-08-03 18:48:02 +10:00
Andrew Bartlett
d3fe48ba48 gensec: Remove mem_ctx from calls that do not return memory
Signed-off-by: Andrew Tridgell <tridge@samba.org>
2011-08-03 18:48:01 +10:00
Stefan Metzmacher
de71a67a1c s3:libsmb/clifile: make use of cli_set_timeout()
metze

Autobuild-User: Stefan Metzmacher <metze@samba.org>
Autobuild-Date: Wed Aug  3 10:16:18 CEST 2011 on sn-devel-104
2011-08-03 10:16:18 +02:00
Stefan Metzmacher
71c695d8d1 s3:cli_np_tstream: make use of cli_set_timeout()
metze
2011-08-03 09:01:40 +02:00