1
0
mirror of https://github.com/samba-team/samba.git synced 2024-12-23 17:34:34 +03:00
Commit Graph

39767 Commits

Author SHA1 Message Date
Andrew Bartlett
8adde1b46b s3-auth Hook checking passwords and generating session_info via the auth4_context
This avoids creating a second auth_context, as it is a private pointer
in the auth4_context that has already been passed in, and makes the
gensec_ntlmssp code agnostic to the type of authentication backend
behind it. This will in turn allow the ntlmssp server code to be
further merged.

Andrew Bartlett

Signed-off-by: Stefan Metzmacher <metze@samba.org>
2012-02-17 10:48:09 +01:00
Andrew Bartlett
a68d4ccec0 s3-build: Use credentials_ntlm.c in the autoconf build as well
Signed-off-by: Stefan Metzmacher <metze@samba.org>
2012-02-17 10:48:09 +01:00
Andrew Bartlett
674278d5b0 auth/kerberos: Move gse_get_session_key() to common code and use in gensec_gssapi
Thie ensures that both code bases use the same logic to determine the use
of NEW_SPNEGO.

Andrew Bartlett
2012-02-17 17:36:38 +11:00
Andrew Bartlett
a315350341 s3-gse: Allow kerberos key type OID to be optional 2012-02-17 17:36:37 +11:00
Andrew Bartlett
6088f44ed7 s3-gse: Fix OID to read for kerberos key type 2012-02-17 17:36:37 +11:00
Andrew Bartlett
05cf2d41cc s3-librpc: Remove backup declaration of GSS_C_DCE_STYLE
All our supported krb5 libs provide this.

Andrew Bartlett
2012-02-17 17:36:37 +11:00
Andrew Bartlett
9eb8f07fc4 s3-gse: Remove unused OID declaration 2012-02-17 17:36:37 +11:00
Jeremy Allison
ed85e9fe6a Replace smbd_server_connection_loop_once() with tevent_loop_once() directly.
We no longer need to call poll() directly inside smbd !

Autobuild-User: Jeremy Allison <jra@samba.org>
Autobuild-Date: Fri Feb 17 02:49:13 CET 2012 on sn-devel-104
2012-02-17 02:49:13 +01:00
Andrew Bartlett
367c567c5f lib/util: Remove sys_poll as it is no longer needed
sys_poll() is only needed if the signal pipe is set up and used, but as
no signal handler ever writes to the pipe, this can all be removed.

signal based events are now handled via tevent.

Andrew Bartlett

Signed-off-by: Jeremy Allison <jra@samba.org>
2012-02-16 15:49:21 -08:00
Andrew Bartlett
91c325bb70 s3-librpc: Remove gse_verify_server_auth_flags
gensec_update() ensures that DCE-style and sign/seal are negotiated correctly
for DCE/RPC pipes.  Also, the smb sealing client/server already check for the
gensec_have_feature().

This additional check just keeps causing trouble, and is 'protecting'
an already secure negoitated exchange.

Andrew Bartlett

Signed-off-by: Stefan Metzmacher <metze@samba.org>

Autobuild-User: Stefan Metzmacher <metze@samba.org>
Autobuild-Date: Thu Feb 16 21:19:44 CET 2012 on sn-devel-104
2012-02-16 21:19:44 +01:00
Andrew Bartlett
d54404e565 s3-param Remove off-by-default and unused "send spnego principal"
This is not honoured by the common SPNEGO code.

This matches mondern windows versions which do not send this value, as
it would be insecure for a client to rely on it.  (See also the
depricated client use spnego principal directive).

Andrew Bartlett

Signed-off-by: Stefan Metzmacher <metze@samba.org>
2012-02-16 15:18:43 +01:00
Andrew Bartlett
eb3e34e965 s3-smbd Remove unused code now we always have SPNEGO via gensec
This was previously needed because SPNEGO was only available in the AD DC.

Andrew Bartlett

Signed-off-by: Stefan Metzmacher <metze@samba.org>
2012-02-16 15:18:43 +01:00
Andrew Bartlett
2b511f0e92 s3-librpc: Use gensec_spnego for DCE/RPC authentication
This ensures that we use the same SPNEGO code on session setup and on
DCE/RPC binds, and simplfies the calling code as spnego is no longer
a special case in cli_pipe.c

A special case wrapper function remains to avoid changing the
application layer callers in this patch.

Andrew Bartlett

Signed-off-by: Stefan Metzmacher <metze@samba.org>
2012-02-16 15:18:42 +01:00
Andrew Bartlett
5c9b6db68e s3-gse: Use the session key type, not the lucid context to set NEW_SPNEGO
Using gss_krb5_export_lucid_sec_context() is a problem with MIT krb5, as
it (reasonably, I suppose) invalidates the gssapi context on which it
is called.  Instead, we look to the type of session key which is
negotiated, and see if it not AES (or newer).

If we negotiated AES or newer, then we set GENSEC_FEATURE_NEW_SPENGO
so that we know to generate valid mechListMic values in SPNEGO.

Andrew Bartlett

Signed-off-by: Stefan Metzmacher <metze@samba.org>
2012-02-16 15:18:42 +01:00
Andrew Bartlett
1d0684c845 s3-librpc: Remove unused bool gensec_hook
Signed-off-by: Stefan Metzmacher <metze@samba.org>
2012-02-16 15:18:42 +01:00
Stefan Metzmacher
0c5cbb557b s3:rpc_client: fix comment
metze
2012-02-16 15:18:41 +01:00
Andrew Bartlett
bd2a7aac2c s3-librpc: make gensec result handling more generic
This prepares us for handling SPNEGO via gensec

Signed-off-by: Stefan Metzmacher <metze@samba.org>
2012-02-16 15:18:41 +01:00
Christopher R. Hertel (crh)
b5b204184a Rename obscure defined constants.
Replaced the undescriptive SMB_PORT1 and SMB_PORT2 defined constants
with the slightly more descriptive names NBT_SMB_PORT and TCP_SMB_PORT.
Also replaced several hard-coded references to the well-known port
numbers (139 and 445, respectively) as appropriate.

Small changes to clarify some comments regarding the two transport
types.

Signed-off-by: Simo Sorce <idra@samba.org>

Autobuild-User: Simo Sorce <idra@samba.org>
Autobuild-Date: Thu Feb 16 08:29:41 CET 2012 on sn-devel-104
2012-02-16 08:29:41 +01:00
Andrew Bartlett
95d3096f98 s3-selftest: Remove .posix_s3 from s3 test names
As far as I can tell, this simply referred to the posix_s3.sh script
that originally ran these tests.

Andrew Bartlett

Autobuild-User: Andrew Bartlett <abartlet@samba.org>
Autobuild-Date: Thu Feb 16 06:57:09 CET 2012 on sn-devel-104
2012-02-16 06:57:08 +01:00
Andrew Bartlett
7e0e713406 selftest: Remove 'if have_ads_support:' from tests.py
The selftest system now skips launching these if the environment is not available.

Andrew Bartlett
2012-02-16 15:21:11 +11:00
Andrew Bartlett
3cf091cf68 s3-smbd: Avoid starting log lines with the word 'error' 2012-02-16 15:21:11 +11:00
Andrew Bartlett
00f86a36e0 s3-nmbd: Initialise newly non-static variables
Found by testing with wintest.  When the variables were made non-static in
c21f6a1c68 the implicit initialisation to 0
was lost.

Andrew Bartlett
2012-02-16 15:20:08 +11:00
Volker Lendecke
dd5868d41e s3: Add SERVERID_UNIQUE_ID_NOT_TO_VERIFY, bug 8760
Autobuild-User: Jeremy Allison <jra@samba.org>
Autobuild-Date: Wed Feb 15 21:10:22 CET 2012 on sn-devel-104
2012-02-15 21:10:22 +01:00
David Disseldorp
a6bd7f3d57 s3-printing: fix crash in printer_list_set_printer()
The printer list database format was recently changed to accommodate for
the printcap location field.
One of the tdb_pack calls is not provided with a location string
argument, this causes a crash on some platforms.

https://bugzilla.samba.org/show_bug.cgi?id=8762

Signed-off-by: Günther Deschner <gd@samba.org>
Signed-off-by: Jim McDonough <jmcd@samba.org>
Signed-off-by: Lars Müller <lars@samba.org>

Autobuild-User: David Disseldorp <ddiss@samba.org>
Autobuild-Date: Wed Feb 15 19:34:38 CET 2012 on sn-devel-104
2012-02-15 19:34:38 +01:00
Volker Lendecke
740d4d7550 s3: files_struct->mode is only written, remove it
Autobuild-User: Volker Lendecke <vl@samba.org>
Autobuild-Date: Tue Feb 14 19:14:29 CET 2012 on sn-devel-104
2012-02-14 19:14:29 +01:00
Sumit Bose
0f22e35028 s3-auth: On successful user mapping set mapped_to_guest to false.
Autobuild-User: Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date: Mon Feb 13 13:09:10 CET 2012 on sn-devel-104
2012-02-13 13:09:10 +01:00
Andrew Bartlett
cf155fa366 s3-selftest: Do not assume $USERNAME is the same as $DC_USERNAME
Autobuild-User: Andrew Bartlett <abartlet@samba.org>
Autobuild-Date: Mon Feb 13 06:13:38 CET 2012 on sn-devel-104
2012-02-13 06:13:38 +01:00
Andrew Bartlett
3bf922111a s3-build: expliticly require gssapi for HAVE_KRB5 and remove HAVE_GSSAPI
The requirement for gss functions already make this happen, but
this is clearer.  No code depends on HAVE_GSSAPI any more.

Andrew Bartlett
2012-02-13 04:41:05 +01:00
Andrew Bartlett
4a0d1b5ac6 s3-libads: Move to using only the HAVE_KRB5 define
HAVE_KRB5 already implies that GSSAPI is present as well.

Andrew Bartlett
2012-02-13 04:41:05 +01:00
Amitay Isaacs
567f05e571 mkversion: Add quotes around various version strings
This fixes compilation errors when VENDOR strings are specified.

Autobuild-User: Amitay Isaacs <amitay@samba.org>
Autobuild-Date: Sat Feb 11 09:07:54 CET 2012 on sn-devel-104
2012-02-11 09:07:54 +01:00
Matthieu Patou
474c02acac s3-waf: add dependency on talloc or it won't build if talloc.h is not in the default include path
The problem occurs only if talloc, tdb and ldb are used as system
libraries and talloc is not installed in a default.

Autobuild-User: Matthieu Patou <mat@samba.org>
Autobuild-Date: Fri Feb 10 23:27:29 CET 2012 on sn-devel-104
2012-02-10 23:27:29 +01:00
Matthieu Patou
05036fab0a s3-winbindd: set the can_do_validation6 also for trusted domain
The flag can_do_validation6 was only set for the domain to which
winbindd is the member. Setting this flag in other domains (trusted
domain) if it's active directory domain is a good idea as it allow to do
level 6 validation also when winbindd is querying them directly.
2012-02-10 12:52:19 -08:00
Stefan Metzmacher
389bb4fbe1 s3:smbd/oplock_linux: don't overwrite private_data
We set ctx->private_data = sconn a few lines above
and expect 'sconn' in the signal event handler.

Thanks to Christian Ambach <ambi@samba.org> for the
bug report.

metze

Autobuild-User: Stefan Metzmacher <metze@samba.org>
Autobuild-Date: Fri Feb 10 21:48:18 CET 2012 on sn-devel-104
2012-02-10 21:48:18 +01:00
Christian Ambach
e87d98c0fc s3:vfs_gpfs:quieten an expectable warning message
Autobuild-User: Christian Ambach <ambi@samba.org>
Autobuild-Date: Fri Feb 10 20:14:12 CET 2012 on sn-devel-104
2012-02-10 20:14:12 +01:00
Christian Ambach
4a11be3fb4 s3:vfs_gpfs: fix a compiler warning 2012-02-10 18:11:30 +01:00
Christof Schmitt
8ce9982be9 s3:vfs_gpfs:Fix query of creation time from GPFS
Setting the creation time through SetFileTime on a GPFS file system and
querying it with GetFileTime shows a mismatch.

The vfs_gpfs module first retrieves the information from the operating
system and the flag st_ex_calculated_birthtime is set to false. When
vfs_gpfs retrieves the birthtime from GPFS the flag
st_ex_calculated_birthtime has to be set to true. Otherwise the birth
time will get overwritten by a call to update_stat_ex_mtime, reporting
the wrong time to a client system.

Signed-off-by: Christian Ambach <ambi@samba.org>
2012-02-10 18:10:43 +01:00
Stefan Metzmacher
318346a937 s3:vfs_gpfs: make "gpfs:getrealfilename" a per share option
metze

Signed-off-by: Christian Ambach <ambi@samba.org>
2012-02-10 18:08:01 +01:00
Stefan Metzmacher
8ad2b6a55e s3:vfs_gpfs: make "gpfs:ftruncate" a per share option
metze

Signed-off-by: Christian Ambach <ambi@samba.org>
2012-02-10 17:54:10 +01:00
Stefan Metzmacher
89a4f66826 s3:vfs_gpfs: make "gpfs:winattr" a per share option
metze

Signed-off-by: Christian Ambach <ambi@samba.org>
2012-02-10 17:54:10 +01:00
Stefan Metzmacher
2e95d8048b s3:vfs_gpfs: be less verbose in get/set_xattr functions
metze

Signed-off-by: Christian Ambach <ambi@samba.org>
2012-02-10 17:54:10 +01:00
Volker Lendecke
f1db71576a s3-smb2: Use the correct indicator if a request was deferred
Autobuild-User: Volker Lendecke <vl@samba.org>
Autobuild-Date: Fri Feb 10 16:44:23 CET 2012 on sn-devel-104
2012-02-10 16:44:23 +01:00
Volker Lendecke
6b87623e9d s3-smb2: Make sure we have a subreq set 2012-02-10 15:06:06 +01:00
Christian Ambach
be3e479feb selftest: add smb2.rename to testsuite
Autobuild-User: Christian Ambach <ambi@samba.org>
Autobuild-Date: Fri Feb 10 15:02:51 CET 2012 on sn-devel-104
2012-02-10 15:02:51 +01:00
Andrew Bartlett
5c2a2135c9 s3-libsmb: Remove unused kerberos_set_creds_enctype()
Also remove the unused configure tests for krb5_c_enctype_compare.

Found by callcatcher: http://www.skynet.ie/~caolan/Packages/callcatcher.html

Andrew Bartlett
2012-02-10 16:45:15 +11:00
Andrew Bartlett
292974ed0c s3-libsmb: Remove unused kerberos_compatible_enctypes
Also remove the unused configure tests for krb5_c_enctype_compare.

Found by callcatcher: http://www.skynet.ie/~caolan/Packages/callcatcher.html

Andrew Bartlett
2012-02-10 16:45:14 +11:00
Andrew Bartlett
474fbfb7b7 s3-lib: Remove unused is_myworkgroup()
Found by callcatcher: http://www.skynet.ie/~caolan/Packages/callcatcher.html

Andrew Bartlett
2012-02-10 16:45:14 +11:00
Andrew Bartlett
45123530e5 s3-charcnv: Remove unused rpcstr_push()
Found by callcatcher: http://www.skynet.ie/~caolan/Packages/callcatcher.html

Andrew Bartlett
2012-02-10 16:45:14 +11:00
Andrew Bartlett
a7835f4736 s3-libsmb: Remove unused smb_krb5_mk_error()
Also remove now-unused configure checks for krb5_mk_error().

Found by callcatcher: http://www.skynet.ie/~caolan/Packages/callcatcher.html

Andrew Bartlett
2012-02-10 16:45:13 +11:00
Andrew Bartlett
3d63100890 s3-param: Remove unused share_defined()
Found by callcatcher: http://www.skynet.ie/~caolan/Packages/callcatcher.html

Andrew Bartlett
2012-02-10 16:45:13 +11:00
Andrew Bartlett
40bf23d862 s3-lib: Remove unused pid_path()
piddir.c calls lp_piddir() directly.

Found by callcatcher: http://www.skynet.ie/~caolan/Packages/callcatcher.html

Andrew Bartlett
2012-02-10 16:45:12 +11:00