1
0
mirror of https://github.com/samba-team/samba.git synced 2024-12-25 23:21:54 +03:00
Commit Graph

101 Commits

Author SHA1 Message Date
Jeremy Allison
b2de5a81bf s4: popt: Global replace of cmdline_credentials -> popt_get_cmdline_credentials().
Add one use of popt_set_cmdline_credentials().
Fix 80 column limits when cmdline_credentials changes
to popt_get_cmdline_credentials().

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2017-05-11 20:30:13 +02:00
Andrew Bartlett
086c06e361 kerberos: Remove un-used event context argument from smb_krb5_init_context()
The event context here was only specified in the server or admin-tool
context, which does not do network communication, so this only caused
a talloc_reference() and never any useful result.

The actual network communication code sets an event context directly
before making the network call.

Andrew Bartlett

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Mon Apr 28 02:24:57 CEST 2014 on sn-devel-104
2014-04-28 02:24:57 +02:00
Stefan Metzmacher
71c63e85e7 auth/gensec: introduce gensec_internal.h
We should treat most gensec related structures private.

It's a long way, but this is a start.

Signed-off-by: Stefan Metzmacher <metze@samba.org>

Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2013-08-10 09:19:02 +02:00
Alexander Bokovoy
21d383d04f s4:torture: auth/pac.c: use Kerberos wrapper for krb5_keyblock_init
Signed-off-by: Simo Sorce <idra@samba.org>
2012-05-04 16:51:29 +02:00
Simo Sorce
70c303a7f3 auth-krb: Move pac related util functions in a single place.
Signed-off-by: Andreas Schneider <asn@samba.org>
2012-04-12 12:06:43 +02:00
Andrew Bartlett
f433baa3c8 auth: Make more of the ntlmssp code private or static
Now that there is only one gensec_ntlmssp server, some of these functions can be static

For the rest, put the implemtnation of the gensec_ntlmssp code into ntlmssp_private.h

Andrew Bartlett

Signed-off-by: Stefan Metzmacher <metze@samba.org>
2012-02-17 10:48:10 +01:00
Andrew Bartlett
e7d5f0a357 gensec: move event context from gensec_*_init() to gensec_update()
This avoids keeping the event context around on a the gensec_security
context structure long term.

In the Samba3 server, the event context we either supply is a NULL
pointer as no server-side modules currently use the event context.

Andrew Bartlett

Signed-off-by: Stefan Metzmacher <metze@samba.org>
2011-10-18 13:13:33 +11:00
Andrew Bartlett
d3fe48ba48 gensec: Remove mem_ctx from calls that do not return memory
Signed-off-by: Andrew Tridgell <tridge@samba.org>
2011-08-03 18:48:01 +10:00
Andrew Bartlett
52b28ec813 auth: Split out make_user_info_SamBaseInfo and add authenticated argument
This will allow the source3 auth code to call this without needing to
double-parse the SIDs

Andrew Bartlett

Signed-off-by: Andrew Tridgell <tridge@samba.org>
2011-07-20 09:17:14 +10:00
Andrew Bartlett
f28f5db15a libcli/auth Move PAC parsing and verification in common.
This uses the source3 PAC code (originally from Samba4) with some
small changes to restore functionality needed by the torture tests,
and to have a common API.

Andrew Bartlett
2011-04-20 04:31:07 +02:00
Andrew Tridgell
887fdb7ba1 s4-test: added a test for E_deshash()
this particularly checks the boundary conditions near passwords of
length 14 characters

Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>

Autobuild-User: Andrew Tridgell <tridge@samba.org>
Autobuild-Date: Wed Apr 13 07:31:55 CEST 2011 on sn-devel-104
2011-04-13 07:31:55 +02:00
Jelmer Vernooij
fc720be5a2 source4/torture: Fix prototypes for all functions. 2011-03-19 03:20:05 +01:00
Andrew Bartlett
a2ce53c1f5 s4-auth Rework auth subsystem to remove struct auth_serversupplied_info
This changes auth_serversupplied_info into the IDL-defined struct
auth_user_info_dc.  This then in turn contains a struct
auth_user_info, which is the only part of the structure that is
mainted into the struct session_info.

The idea here is to avoid keeping the incomplete results of the
authentication (such as session keys, lists of SID memberships etc) in
a namespace where it may be confused for the finalised results.

Andrew Barltett
2011-02-09 01:11:06 +01:00
Andrew Bartlett
fbe6d155bf s4-auth Remove special case for account_sid from auth_serversupplied_info
This makes everything reference a server_info->sids list, which is now
a struct dom_sid *, not a struct dom_sid **.  This is in keeping with
the other sid lists in the security_token etc.

In the process, I also tidy up the talloc tree (move more structures
under their logical parents) and check for some possible overflows in
situations with a pathological number of sids.

Andrew Bartlett
2011-01-20 23:44:05 +01:00
Jelmer Vernooij
35fbc7bbda s4-smbtorture: Make test names lowercase and dot-separated.
This is consistent with the test names used by selftest, should
make the names less confusing and easier to integrate with other tools.

Autobuild-User: Jelmer Vernooij <jelmer@samba.org>
Autobuild-Date: Sat Dec 11 04:16:13 CET 2010 on sn-devel-104
2010-12-11 04:16:13 +01:00
Andrew Tridgell
6b266b85cf s4-loadparm: 2nd half of lp_ to lpcfg_ conversion
this converts all callers that use the Samba4 loadparm lp_ calling
convention to use the lpcfg_ prefix.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
2010-07-16 18:24:27 +10:00
Jelmer Vernooij
f9ca9e46ad Finish removal of iconv_convenience in public API's. 2010-05-18 11:45:30 +02:00
Stefan Metzmacher
d3e7266676 s4:ntlmssp: rename gensec_ntlmssp_state => ntlmssp_state
Inspired by the NTLMSSP merge work by Andrew Bartlett.

metze

Signed-off-by: Günther Deschner <gd@samba.org>
2010-03-24 17:34:51 +01:00
Stefan Metzmacher
ee240799b6 s4:ntlmssp: keep struct gensec_ntlmssp_context in gensec_security->private_data
Inspired by the NTLMSSP merge work by Andrew Bartlett.

metze

Signed-off-by: Günther Deschner <gd@samba.org>
2010-03-24 17:34:50 +01:00
Andrew Tridgell
84d0047377 s4-torture: ran minimal_includes.pl over source4/torture
This reduces compile time somewhat.
2009-10-20 16:04:46 +11:00
Jelmer Vernooij
28d155499a Add missing includes. 2009-07-19 13:39:38 +02:00
Stefan Metzmacher
a83feb2fe3 s4:auth: move make_server_info_netlogon_validation() function arround
metze
2009-01-21 13:36:11 +01:00
Jelmer Vernooij
b034c519f5 Add gensec_settings structure. This wraps loadparm_context for now, but
should in the future only contain some settings required for gensec.
2008-11-02 02:05:48 +01:00
Jelmer Vernooij
6a89b59ca6 Add TALLOC_CTX pointer to strhex_to_data_blob for consistency with Samba
3.
2008-10-18 18:09:04 +02:00
Jelmer Vernooij
3994c42f19 Fix number of arguments for file_load() functions. 2008-10-12 19:46:38 +02:00
Andrew Bartlett
c79dff2e9b Heimdal provides Kerberos PAC parsing routines. Use them.
This uses Heimdal's PAC parsing code in the:
 - LOCAL-PAC test
 - gensec_gssapi server
 - KDC (where is was already used, the support code refactored from here)

In addition, the service and KDC checksums are recorded in the struct
auth_serversupplied_info, allowing them to be extracted for validation
across NETLOGON.

Andrew Bartlett
(This used to be commit 418b440a7b)
2008-08-28 16:28:47 +10:00
Andrew Tridgell
88ec1aead4 cope with not knowing the kdc key
(This used to be commit 7e48dad4c7)
2008-08-14 15:27:22 +10:00
Simo Sorce
4e83011f72 Remove more event_context_init() uses from function calls within deep down the code.
Make sure we pass around the event_context where we need it instead.
All test but a few python ones fail. Jelmer promised to fix them.
(This used to be commit 3045d39162)
2008-04-21 18:12:33 -04:00
Jelmer Vernooij
148d3b170a Use torture_assert_mem_equal() in a couple more places.
(This used to be commit e2c3fab9d1)
2008-04-13 22:00:36 +02:00
Jelmer Vernooij
afe3e8172d Install public header files again and include required prototypes.
(This used to be commit 47ffbbf674)
2008-04-02 04:53:27 +02:00
Jelmer Vernooij
37deca2d41 Avoid use of global_loadparm.
(This used to be commit c5a95bbe0c)
2008-02-21 14:16:02 +01:00
Jelmer Vernooij
4537be1542 r26655: torture/auth/pac: remove uses of global_loadparm
(This used to be commit ff67935be4)
2008-01-03 15:27:01 -06:00
Jelmer Vernooij
7d5f0e0893 r26639: librpc: Pass iconv convenience on from RPC connection to NDR library, so it can be overridden by OpenChange.
(This used to be commit 2f29f80e07)
2008-01-01 16:12:15 -06:00
Jelmer Vernooij
ecea5ce245 r26260: Store loadparm context in gensec context.
(This used to be commit b9e3a4862e)
2007-12-21 05:47:34 +01:00
Jelmer Vernooij
43696d2752 r26252: Specify loadparm_context explicitly when creating sessions.
(This used to be commit 7280c1e941)
2007-12-21 05:47:29 +01:00
Jelmer Vernooij
bbdfbf8d9d r26238: Add a loadparm context parameter to torture_context, remove more uses of global_loadparm.
(This used to be commit a33a553054)
2007-12-21 05:47:20 +01:00
Jelmer Vernooij
120ecdb5cb r26233: Pass loadparm context when creating krb5 contexts.
(This used to be commit 7780bf285f)
2007-12-21 05:47:11 +01:00
Stefan Metzmacher
529763a9aa r25920: ndr: change NTSTAUS into enum ndr_err_code (samba4 callers)
lib/messaging/
lib/registry/
lib/ldb-samba/
librpc/rpc/
auth/auth_winbind.c
auth/gensec/
auth/kerberos/
dsdb/repl/
dsdb/samdb/
dsdb/schema/
torture/
cluster/ctdb/
kdc/
ntvfs/ipc/
torture/rap/
ntvfs/
utils/getntacl.c
ntptr/
smb_server/
libcli/wrepl/
wrepl_server/
libcli/cldap/
libcli/dgram/
libcli/ldap/
libcli/raw/
libcli/nbt/
libnet/
winbind/
rpc_server/

metze
(This used to be commit 6223c7fddc)
2007-12-21 05:45:02 +01:00
Jelmer Vernooij
98b57d5eb6 r25035: Fix some more warnings, use service pointer rather than service number in more places.
(This used to be commit df9cebcb97)
2007-10-10 15:05:43 -05:00
Andrew Tridgell
0479a2f1cb r23792: convert Samba4 to GPLv3
There are still a few tidyups of old FSF addresses to come (in both s3
and s4). More commits soon.
(This used to be commit fcf38a38ac)
2007-10-10 14:59:12 -05:00
Andrew Tridgell
c42219d735 r22969: fix some more places where we could end up with more than one event
context. We now have an event context on the torture_context, and we
can also get one from the cli_credentials structure
(This used to be commit c0f65eb656)
2007-10-10 14:52:34 -05:00
Andrew Bartlett
b60157ffd2 r22184: On some hosts, parsing a compleatly invalid principal causes heimadal
to try and figure out what realm the current host is in (by DNS lookup
for it's full domain name).  We don't want to do that for this test,
just break the checksum.

Andrew Bartlett
(This used to be commit 791e875145)
2007-10-10 14:49:59 -05:00
Andrew Bartlett
0f01aae914 r21039: Test some more failure paths (trying to increase the lcov score).
Andrew Bartlett
(This used to be commit 76812a0337)
2007-10-10 14:44:23 -05:00
Andrew Bartlett
0ee01e6fc2 r20949: Looking over some lcov output, try and walk some error paths.
Andrew Bartlett
(This used to be commit 9ed9a032c2)
2007-10-10 14:43:59 -05:00
Andrew Bartlett
be5e793233 r19649: Fix indentation.
Andrew Bartlett
(This used to be commit ffce008775)
2007-10-10 14:25:25 -05:00
Andrew Bartlett
3c1e780ec7 r19604: This is a massive commit, and I appologise in advance for it's size.
This merges Samba4 with lorikeet-heimdal, which itself has been
tracking Heimdal CVS for the past couple of weeks.

This is such a big change because Heimdal reorganised it's internal
structures, with the mechglue merge, and because many of our 'wishes' have been granted:  we now have DCE_STYLE GSSAPI, send_to_kdc hooks and many other features merged into the mainline code.  We have adapted to upstream's choice of API in these cases.

In gensec_gssapi and gensec_krb5, we either expect a valid PAC, or NO
PAC.  This matches windows behavour.  We also have an option to
require the PAC to be present (which allows us to automate the testing
of this code).

This also includes a restructure of how the kerberos dependencies are
handled, due to the fallout of the merge.

Andrew Bartlett
(This used to be commit 4826f17351)
2007-10-10 14:25:03 -05:00
Andrew Bartlett
13dbee3ffe r19598: Ahead of a merge to current lorikeet-heimdal:
Break up auth/auth.h not to include the world.

Add credentials_krb5.h with the kerberos dependent prototypes.

Andrew Bartlett
(This used to be commit 2b569c42e0)
2007-10-10 14:25:00 -05:00
Jelmer Vernooij
4fa24df98d r19507: Merge my DSO fixes branch. Building Samba's libraries as shared libraries
works again now, by specifying --enable-dso to configure.
(This used to be commit 7a01235067)
2007-10-10 14:24:41 -05:00
Jelmer Vernooij
8773e743c5 r19339: Merge my 4.0-unittest branch. This adds an API for more fine-grained
output in the testsuite rather than just True or False for a
set of tests.

The aim is to use this for:
 * known failure lists (run all tests and detect tests that
						started working or started failing). This
   would allow us to get rid of the RPC-SAMBA3-* tests
 * nicer torture output
 * simplification of the testsuite system
 * compatibility with other unit testing systems
 * easier usage of smbtorture (being able to run one test
						and automatically set up the environment for that)

This is still a work-in-progress; expect more updates over the next couple of
days.
(This used to be commit 0eb6097305)
2007-10-10 14:21:12 -05:00
Jelmer Vernooij
a3545383fb r16331: Split out registering of multi fn tests, fix typo in name of pac suite.
(This used to be commit 9e8574ac6c)
2007-10-10 14:09:11 -05:00