1
0
mirror of https://github.com/samba-team/samba.git synced 2024-12-24 21:34:56 +03:00
Commit Graph

519 Commits

Author SHA1 Message Date
Volker Lendecke
df9e7c7ae5 lib: Remove global xfile.h includes
This makes it more obvious where this legacy code is used

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Sun Nov 20 06:23:19 CET 2016 on sn-devel-144
2016-11-20 06:23:19 +01:00
Volker Lendecke
93b982faad lib: Give base64.c its own .h
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2016-05-04 01:28:23 +02:00
Volker Lendecke
cf5a81013d lib: Make callers of base64_encode_data_blob check for success
Quite a few callers already did check for !=NULL. With the current code this is
pointless due to a SMB_ASSERT in base64_encode_data_blob() itself. Make the
callers consistently check, so that we can remove SMB_ASSERT from base64.c.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2016-05-04 01:28:23 +02:00
Herwin Weststrate
0b500d413c Added MSV1_0_ALLOW_MSVCHAPV2 flag to ntlm_auth
An implementation of https://lists.samba.org/archive/samba/2012-March/166497.html (which has been discussed in 2012, but was never implemented).

It has been tested on a Debian Jessie system with this patch added to the Debian package (which is currently 4.1.17). Even though this is Samba 4, the ntlm_auth installed is the one from Samba 3 (yes, it surprised me too). The backend was a machine with Windows 2012R2.

It was first tested with the local security policy 'Network Security: LAN Manager authentication level' setting changed to 'Send NTLMv2 Response Only' (allow ntlm v1). This way we are able to authenticate with and without the MSV1_0_ALLOW_MSVCHAPV2 flag (as expected).

After the basic step has been verified, the local security policy 'Network Security: LAN Manager authentication level' setting was changed to 'Send NTLMv2 Response Only. Refuse LM & NTLM' (only allow ntlm v2). The behaviour now changed according to the MSV1_0_ALLOW_MSVCHAPV2 flag (again: as expected).

  $ ntlm_auth --request-nt-key --username=XXXXXXXXXXXXX --challenge=XXXXXXXXXXXXXXXXX --nt-response=XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX --domain=
  Logon failure (0xc000006d)
  $ ntlm_auth --request-nt-key --username=XXXXXXXXXXXXX --challenge=XXXXXXXXXXXXXXXXX --nt-response=XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX --domain= --allow-mschapv2
  NT_KEY: XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

The changes in `wbclient.h` are intended for programs that use libwinbind directly instead of authenticating via `ntlm_auth`. I intend to use that within FreeRADIUS (see https://bugzilla.samba.org/show_bug.cgi?id=11149).

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11694
Signed-off-by: Herwin Weststrate <herwin@quarantainenet.nl>
Reviewed-by: Kai Blin <kai@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2016-03-11 22:58:18 +01:00
Mathieu Parent
c315fce17e Fix various spelling errors
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>

Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Fri Nov  6 13:43:45 CET 2015 on sn-devel-104
2015-11-06 13:43:45 +01:00
Volker Lendecke
c8e9574f41 ntlm_auth: Remove two uses of hex_encode()
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2015-05-13 01:44:20 +02:00
Jelmer Vernooij
e0cddcd5c4 Typo: s/preceeded/preceded/
Caught by lintian, the Debian package linter :)

Change-Id: Ia7162ea8c2b1845155345526b66d71ae64f15227
Reviewed-on: https://gerrit.samba.org/216
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

Autobuild-User(master): Jelmer Vernooij <jelmer@samba.org>
Autobuild-Date(master): Mon Apr 14 03:51:15 CEST 2014 on sn-devel-104
2014-04-14 03:51:15 +02:00
Stefan Metzmacher
01575faf67 s4:ntlm_auth: make use of gensec_update_ev()
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2014-03-27 00:36:32 +01:00
Volker Lendecke
096358f4e1 oLschema2ldif: Add some NULL checks
This should fix Coverity ID 1034812

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ira Cooper <ira@samba.org>
2013-11-11 21:04:08 +01:00
Jeroen Dekkers
0af09f0179 ldb: Do not build libldb-cmdline when using system ldb.
Cleanup leftover include and linking of libldb-cmdline in
oLschema2ldif. Do not build libldb-cmdline anymore when using the
system ldb, oLschema2ldif was the only reason for building
libldb-cmdline.

Signed-off-by: Jeroen Dekkers <jeroen@dekkers.ch>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>

Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Tue Sep 10 12:52:26 CEST 2013 on sn-devel-104
2013-09-10 12:52:26 +02:00
Stefan Metzmacher
71c63e85e7 auth/gensec: introduce gensec_internal.h
We should treat most gensec related structures private.

It's a long way, but this is a start.

Signed-off-by: Stefan Metzmacher <metze@samba.org>

Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2013-08-10 09:19:02 +02:00
Stefan Metzmacher
bbd63dd8a1 s4:ntlm_auth: make use of cli_credentials_[set_]callback_data*
Signed-off-by: Stefan Metzmacher <metze@samba.org>

Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2013-08-05 17:48:04 +12:00
Andreas Schneider
ce29ecfd44 ntlm_auth4: Use new samba_getpass() function.
Reviewed-by: Jelmer Vernooij <jelmer@samba.org>
2012-12-03 14:35:10 +01:00
Karolin Seeger
26a0ee5a0d docs: man oLschema2ldif: Add missing meta data.
This avoids warnings during the waf build and removes "FIXME" entries from the
manpage.

Karolin

Reviewed-by: Andreas Schneider <asn@samba.org>

Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Thu Nov 29 15:27:45 CET 2012 on sn-devel-104
2012-11-29 15:27:45 +01:00
Karolin Seeger
e9e9661b23 docs: man ntlm_auth4: Add missing meta data.
This avoids warnings during the waf build and removes "FIXME" entries from the
manpage.

Karolin

Reviewed-by: Andreas Schneider <asn@samba.org>
2012-11-29 13:42:31 +01:00
Karolin Seeger
941bb9bb6d docs: Rename man ntlm_auth.
Rename man ntlm_auth to ntlm_auth4.

Karolin

Reviewed-by: Andreas Schneider <asn@samba.org>

Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Wed Nov 28 20:41:48 CET 2012 on sn-devel-104
2012-11-28 20:41:48 +01:00
Andrew Bartlett
1000da9335 build: Use ntlm_auth from source3 as the only ntlm_auth installed on the system
The ntlm_auth4 binary is untested, and is missing major features compared with
the source3 binary.  The two are being slowly merged, but I have not finished
that.

Andrew Bartlett

Reviewed-by: Andreas Schneider <asn@samba.org>
2012-11-22 10:21:16 +01:00
Andrew Bartlett
1a8fd711d7 selftest: Add test of smbclient --machine-pass against and using both s3 and s4
This uses both smbclient binaries to ensure that both work in both environments.

Andrew Bartlett
2012-08-28 07:57:29 +10:00
Michael Adam
769908540f s4:selftest: change the blackbox.samba_tool_demote test to use a binary mapping for smbclient 2012-05-31 04:46:07 +02:00
Michael Adam
df0cadbcc9 s4:selftest: change the blackbox.samba_tool test to use a binary mapping for smbclient 2012-05-31 04:46:06 +02:00
Michael Adam
fef5ce7f0f s4:selftest: determine nmblookup via binary mapping for blackbox test in tests.py 2012-05-31 04:46:06 +02:00
Matthieu Patou
aae8085c61 olschema2ldif: be more strict where checking for open/closed braces 2012-05-05 17:26:10 -07:00
Matthias Dieter Wallnöfer
fa89f2756f s4:samba-tool fsmo * - fix missing "takes_optiongroups"
This has been reported in bug #8755.

Reviewed-by: Jelmer
2012-02-17 21:36:56 +01:00
Andrew Bartlett
eecf2ac4c8 selftest: Remove unused support for --exeext 2012-02-01 02:45:07 +01:00
Matthieu Patou
105d388c9b s4: add blackbox test for the demote function 2011-12-05 18:23:07 +01:00
Matthias Dieter Wallnöfer
6b63d7e618 s4:selftest/test_samba_tool.sh - add a basic unit test for the new "domain info" command
Signed-off-by: Stefan Metzmacher <metze@samba.org>
2011-11-27 12:51:57 +01:00
Andrew Bartlett
e7d5f0a357 gensec: move event context from gensec_*_init() to gensec_update()
This avoids keeping the event context around on a the gensec_security
context structure long term.

In the Samba3 server, the event context we either supply is a NULL
pointer as no server-side modules currently use the event context.

Andrew Bartlett

Signed-off-by: Stefan Metzmacher <metze@samba.org>
2011-10-18 13:13:33 +11:00
Andrew Bartlett
3cdb1fe440 s4-messaging: Pass the loadparm context, not just the messaging path
This will allow the TDB layer to get at the lp_ctx for tdb options.

Andrew Bartlett
2011-10-13 14:06:07 +02:00
Andrew Bartlett
35b309fa0c gensec: clarify memory ownership for gensec_session_info() and gensec_session_key()
This is slightly less efficient, because we no longer keep a cache on
the gensec structures, but much clearer in terms of memory ownership.
Both gensec_session_info() and gensec_session_key() now take a mem_ctx
and put the result only on that context.

Some duplication of memory in the callers (who were rightly uncertain
about who was the rightful owner of the returned memory) has been
removed to compensate for the internal copy.

Andrew Bartlett
2011-08-03 18:48:02 +10:00
Giampaolo Lauria
eb259a676d samba-tool: updated test suite to reflect the move from domainlevel to domain level
The test suite needs to reflect the change from domailevel to "domain level" to fit the object-action model

Signed-off-by: Andrew Tridgell <tridge@samba.org>
2011-07-21 10:32:23 +10:00
Andrew Bartlett
907cdb5de7 s4-modules Remove lp_ctx from init functions that no longer need it
Now that we don't allow the smb.conf to change the modules dir, many
functions that simply load modules or initialise a subsytem that may
load modules no longer need an lp_ctx.

Andrew Bartlett
2011-06-06 17:37:51 +10:00
Andrew Bartlett
ea0ac9cdfc s4-auth Rename auth -> auth4 to avoid conflict with s3 auth 2011-05-08 10:56:26 +02:00
Andrew Bartlett
cdd802af83 s4-messaging Rename messaging -> imessaging
This avoid symbol and structure conflicts between Samba3 and Samba4,
and chooses a less generic name.

Andrew Bartlett
2011-05-03 07:37:07 +02:00
Andrew Bartlett
4fd6ebf544 selftest: Remove duplication between BUILDIR and BINDIR
Just have BINDIR, and have it default to ./bin

Andrew Bartlett
2011-04-16 11:43:04 +02:00
Andrew Tridgell
49ab2df28a lib/crypto: rename the SHA256_ functions to samba_SHA256_
this prevents a symbol duplication with the openssl library, which may
be linked in via a secondary library dependency

Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2011-04-06 08:12:19 +02:00
Andrew Bartlett
a64958a880 lib/util Move base64 functions into lib/util/base64.c
Andrew Bartlett
2011-03-30 12:17:05 +02:00
Günther Deschner
dc35442fb1 s4-nterr: move auth_nt_status_squash to nt_status_squash and move to nterr.c
Guenther
2011-03-04 01:18:42 +01:00
Andrew Tridgell
d37a55548b build: moved libcli/auth/ntlmssp*.c into a common libcliauth.so library
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2011-02-24 11:57:48 +11:00
Andrew Tridgell
ed71c1ef1f s4-auth: rename 'auth' subsystem to 'auth4'
this prevents conflicts with the s3 auth modules. The auth modules in
samba3 may appear in production smb.conf files, so it is preferable to
rename the s4 modules for minimal disruption.

Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2011-02-18 15:09:46 +11:00
Andrew Tridgell
8dc92c8f71 ldb: use #include <ldb.h> for ldb
thi ensures we are using the header corresponding to the version of
ldb we're linking against. Otherwise we could use the system ldb for
link and the in-tree one for include

Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2011-02-10 06:51:07 +01:00
Andrew Bartlett
a2ce53c1f5 s4-auth Rework auth subsystem to remove struct auth_serversupplied_info
This changes auth_serversupplied_info into the IDL-defined struct
auth_user_info_dc.  This then in turn contains a struct
auth_user_info, which is the only part of the structure that is
mainted into the struct session_info.

The idea here is to avoid keeping the incomplete results of the
authentication (such as session keys, lists of SID memberships etc) in
a namespace where it may be confused for the finalised results.

Andrew Barltett
2011-02-09 01:11:06 +01:00
Jelmer Vernooij
0878399bd5 samdb: Lowercase library name. 2010-11-07 01:52:13 +01:00
Andrew Tridgell
952ce1521c s4-ldb: fixed build of oLschema2ldif 2010-11-01 18:55:20 +11:00
Jelmer Vernooij
3deece5591 s4: Remove the old perl/m4/make/mk-based build system.
The new waf-based build system now has all the same functionality, and
the old build system has been broken for quite some time.

Autobuild-User: Jelmer Vernooij <jelmer@samba.org>
Autobuild-Date: Sun Oct 31 02:01:44 UTC 2010 on sn-devel-104
2010-10-31 02:01:44 +00:00
Andrew Tridgell
0d45d97540 s4-ldb: create a private library ldb-cmdline
this prevents duplicate linking of the cmdline support code
2010-10-30 23:48:59 +11:00
Kai Blin
b73a05e4e1 s4 net: rename to samba-tool in order to not clash with s3 net
Autobuild-User: Kai Blin <kai@samba.org>
Autobuild-Date: Thu Oct 28 07:25:16 UTC 2010 on sn-devel-104
2010-10-28 07:25:16 +00:00
Jelmer Vernooij
8cf61377aa waf: Remove lib prefix from libraries manually. 2010-10-26 10:17:17 -07:00
Jelmer Vernooij
d9cbcdd410 s4: Drop duplicate 'lib' prefix for private libraries. 2010-10-26 10:17:16 -07:00
Jelmer Vernooij
833480d3ad s4: Rename LIBSAMBA-* to libsamba-* 2010-10-24 00:20:04 +00:00
Jelmer Vernooij
cf26d8a958 s4: Rename LIBEVENTS to libevents. 2010-10-23 22:24:06 +00:00