1
0
mirror of https://github.com/samba-team/samba.git synced 2024-12-23 17:34:34 +03:00
Commit Graph

39 Commits

Author SHA1 Message Date
Andrew Bartlett
fd81759e2e python: Move PyList_AsStringList to common code so we can reuse
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15289

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2023-07-21 05:23:32 +00:00
Joseph Sutton
c8e85295c9 CVE-2022-3437 s4/auth/tests: Add unit tests for unwrap_des3()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15134

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2022-10-25 10:31:33 +00:00
Gary Lockyer
d6cf245b96 CVE-2021-20251 s4 auth test: Unit tests for source4/auth/sam.c
cmocka unit tests for the authsam_reread_user_logon_data in
source4/auth/sam.c

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14611

Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2022-09-12 23:07:37 +00:00
Andrew Bartlett
6107c79c90 build: Do not build selftest binaries for builds without --enable-selftest
Add new for_selftest option to SAMBA_BINARY() and SAMBA3_BINARY()

This allows us to be much more consistent (at least in the core Samba)
and documents clearly why the binary should not be installed.

Not modified are
 - test_lp_load
 - notifyd-tests
 - gendrandperf
 - test* from examples/libsmbclient
 - dbwrap_torture
 - split_tokens
 - locktest2
 - msgtest
 - msg_sink
 - msg_source
 - versiontest
 - rpc_open_tcp
 - test_headers

As these are not tested in selftest so any change would also be
untested.  Of course they probably should be added in a different
MR.

Also not modified (because they are not tests, nor part of the
build system) are:
 - smb2mount
 - notifydd
 - log2pacp
 - debug2html
 - smbfilter
 - destroy_netlogon_creds_cli
 - spotlight2*
 - tevent_glib_tracker

These do however appear to be untested.

For now, the source4 forked client tools are left unchanged:
 - smbclient4
 - nmblookup4

Finally, the heimdal binaries are left as install=False as
they are either part of the build system or end-user tools
that we just don't want to install.  These are however tested.

The motivation is commit like c34ec003b7
and da87fa998a, which are both totally
correct but are not needed if the selftest is not run on MacOS.

There are likely other platforms or build environments where building
our test binaries is more pain than valuable, see for example also
https://lists.samba.org/archive/samba/2019-November/227137.html

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Isaac Boukris <iboukris@samba.org>

Autobuild-User(master): Isaac Boukris <iboukris@samba.org>
Autobuild-Date(master): Fri Nov 22 11:48:59 UTC 2019 on sn-devel-184
2019-11-22 11:48:59 +00:00
Andrew Bartlett
fdb6305c86 build: Remove bld.gen_python_environments()
This was part of --extra-python support.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
2019-03-21 04:06:14 +00:00
Andrew Bartlett
270d04e4ea build: Remove --extra-python
This option is quite invasive in waf and was mainly for the python3 transition.

Testing with multiple python versions can be done by testing a full compile against
multiple versions, likewise multiple different binding versions can be created
the same way.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2019-03-21 04:06:14 +00:00
Noel Power
e8fec94827 PY3: fix "TabError: inconsistent use of tabs and spaces"
Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2018-09-27 01:54:27 +02:00
Aaron Haslett
a3d6fdd535 auth: keytab invalidation test
chgtdcpass should add a new DC password and delete the old ones but the bug
exposed by this test causes the tool to remove only a single record from
the old entries, leaving the old passwords functional.  Since the tool is
used by administrators who may have disclosed their domain join password and
want to invalidate it, this is a security concern.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13415

Signed-off-by: Aaron Haslett <aaronhaslett@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2018-05-15 12:41:55 +02:00
Noel Power
4a58393b2b wscript_build: make sure we link extra-python versions of libraries
Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2018-04-13 07:27:11 +02:00
Lumir Balhar
1ac5bf21a1 python: samba.auth: Port samba.auth to Python 3 compatible form
Port samba.auth Python module to Python 3 compatible form and
enable tests execution with Python 3.

Signed-off-by: Lumir Balhar <lbalhar@redhat.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2017-03-10 07:31:11 +01:00
Björn Jacke
13f8674a15 build: rename security → samba-security
there is a libsecurity on OSF1 which clasheѕ with our security lib. see bug #9023.

Signed-off-by: Stefan Metzmacher <metze@samba.org>

Autobuild-User(master): Björn Jacke <bj@sernet.de>
Autobuild-Date(master): Fri Aug 10 14:22:21 CEST 2012 on sn-devel-104
2012-08-10 14:22:20 +02:00
Andrew Bartlett
52ac479764 auth: Move the rest of the source4 gensec_ntlmssp code to the top level
The ntlmssp_server code will be in common shortly, and aside from a
symbol name or two, moving the client code causes no harm and makes
less mess.  We will also get the client code in common very soon.

Andrew Bartlett

Signed-off-by: Stefan Metzmacher <metze@samba.org>
2012-02-17 10:48:09 +01:00
Andrew Bartlett
561d834123 auth: move credentials layer to the top level
This will allow gensec_start.c to move to the top level.  This does not change
what code uses the cli_credentials code, but allows the gensec code to be
more broadly.

Andrew Bartlett
2011-10-11 13:41:36 +11:00
Andrew Bartlett
21c2e8b378 build: make LIBWBCLIENT_OLD and auth_unix_token libraries
This assists with avoiding duplicate symbols.

Andrew Bartlett
2011-09-08 19:33:13 +10:00
Jelmer Vernooij
292fe74971 credentials: Rename library to samba-credentials to avoid name clashes.
Autobuild-User: Jelmer Vernooij <jelmer@samba.org>
Autobuild-Date: Thu Aug 18 22:16:38 CEST 2011 on sn-devel-104
2011-08-18 22:16:38 +02:00
Andrew Bartlett
f5963aad18 s4-auth Move conversion of security_token to unix_token to auth
This allows us to honour the AUTH_SESSION_INFO_UNIX_TOKEN flag.

Andrew Bartlett

Signed-off-by: Andrew Tridgell <tridge@samba.org>
2011-07-29 04:24:07 +02:00
Andrew Tridgell
ed71c1ef1f s4-auth: rename 'auth' subsystem to 'auth4'
this prevents conflicts with the s3 auth modules. The auth modules in
samba3 may appear in production smb.conf files, so it is preferable to
rename the s4 modules for minimal disruption.

Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2011-02-18 15:09:46 +11:00
Andrew Bartlett
4cfee6f88e auth Move auth_sam_reply into the top level.
These functions provide conversions between some netlogon.idl and
auth.idl structures

Andrew Bartlett

Signed-off-by: Andrew Tridgell <tridge@samba.org>
2011-02-10 06:51:06 +01:00
Andrew Bartlett
969c1b58eb s4-pyauth Add bindings for auth_context_create() as AuthContext() 2011-01-18 10:55:05 +01:00
Andrew Bartlett
edd3b033b8 s4-auth Add get and set methods for auth_session_info python wrapper
This allows the session key, security_token and credentials to be
manipulated from python.

Andrew Bartlett

Pair-Programmed-With: Andrew Tridgell <tridge@samba.org>
2011-01-14 16:39:32 +11:00
Andrew Bartlett
ece6eae4d8 s4-auth Add function to obtain any user's session_info from a given LDB
This will be a building block for a tokenGroups test, which can
compare against a remote server (in particular the rootDSE) against
what we would calculate the tokenGroups to be.

(this meant moving some parts out of the auth_sam code into the
containing library)

Andrew Bartlett
2011-01-14 16:39:32 +11:00
Jelmer Vernooij
4217734a51 credentials: Lowercase library name,
Autobuild-User: Jelmer Vernooij <jelmer@samba.org>
Autobuild-Date: Sun Nov  7 01:48:44 UTC 2010 on sn-devel-104
2010-11-07 01:48:44 +00:00
Jelmer Vernooij
0878399bd5 samdb: Lowercase library name. 2010-11-07 01:52:13 +01:00
Jelmer Vernooij
a702c07e02 talloc: change pytalloc-util to be a public library. 2010-10-26 10:17:19 -07:00
Jelmer Vernooij
d9cbcdd410 s4: Drop duplicate 'lib' prefix for private libraries. 2010-10-26 10:17:16 -07:00
Jelmer Vernooij
ca16d805bd s4: Rename LIBSECURITY{_SESSION,} to libsecurity{_session,} 2010-10-24 00:20:04 +00:00
Matthias Dieter Wallnöfer
3ead246062 s4:"util_ldb" - remove some really unused dependancies 2010-10-18 19:35:11 +02:00
Matthias Dieter Wallnöfer
a3f61dea40 Revert "s4:remove "util_ldb" submodule and integrate the three gendb_* calls in "dsdb/common/util.c""
This reverts commit 8a2ce5c47c.

Jelmer pointed out that these are also in use by other LDB databases - not only
SAMDB ones.

Autobuild-User: Matthias Dieter Wallnöfer <mdw@samba.org>
Autobuild-Date: Sun Oct 17 13:37:16 UTC 2010 on sn-devel-104
2010-10-17 13:37:16 +00:00
Matthias Dieter Wallnöfer
8a2ce5c47c s4:remove "util_ldb" submodule and integrate the three gendb_* calls in "dsdb/common/util.c"
They're only in use by SAMDB code.

Autobuild-User: Matthias Dieter Wallnöfer <mdw@samba.org>
Autobuild-Date: Sun Oct 17 09:40:13 UTC 2010 on sn-devel-104
2010-10-17 09:40:13 +00:00
Jelmer Vernooij
539d5f518d auth: Remove unnecessary dependencies, fix formatting. 2010-10-10 23:54:04 +00:00
Jelmer Vernooij
82d56b9374 ldb: Fix dependencies when building with system ldb. 2010-05-31 19:22:03 +02:00
Andrew Tridgell
553324bc10 s4-waf: move to a universal method of recursing into subdirs
This works with both standalone lib builds and bundled builds
2010-04-06 20:27:25 +10:00
Andrew Tridgell
b690fedef5 s4-waf: removed the AUTOGENERATED markers
we won't be using the mk -> wscript generator again
2010-04-06 20:27:16 +10:00
Andrew Tridgell
b0fb567f04 s4-waf: more dependencies on talloc
these are needed so we can support a system talloc without using the
bundled talloc.h
2010-04-06 20:27:13 +10:00
Andrew Tridgell
01682f797f s4-waf: fixed some deps now we don't auto-include tevent and replace
this is preparation for being able to use system versions of these
libraries
2010-04-06 20:27:12 +10:00
Andrew Tridgell
f9eae32f4b s4-waf: mark the wscript files as python so vim/emacs knows how to highlight them 2010-04-06 20:27:11 +10:00
Andrew Tridgell
aa5e08eb83 s4-waf: install the rest of the headers 2010-04-06 20:27:09 +10:00
Andrew Tridgell
844acb2260 build: waf quicktest nearly works
Rewrote wafsamba using a new dependency handling system, and started
adding the waf test code
2010-04-06 20:26:48 +10:00
Andrew Tridgell
845e0cbe6f build: commit all the waf build files in the tree 2010-04-06 20:26:48 +10:00