1
0
mirror of https://github.com/samba-team/samba.git synced 2024-12-24 21:34:56 +03:00
Commit Graph

95743 Commits

Author SHA1 Message Date
Günther Deschner
9c5470be1e lib/krb5_wrap: provide krb5_warnx() replacement.
Guenther

Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Fri Aug  8 08:30:50 CEST 2014 on sn-devel-104
2014-08-08 08:30:50 +02:00
Günther Deschner
c0d000692b lib/krb5_wrap: use krb5_copy_data_contents in smb_krb5_principal_set_realm.
Guenther

Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2014-08-08 06:02:35 +02:00
Günther Deschner
7b1a5179fa lib/krb5_wrap: provide CKSUMTYPE_HMAC_MD5 type matching MIT.
Guenther

Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2014-08-08 06:02:35 +02:00
Günther Deschner
6bc619d159 lib/krb5_wrap: define KRB5_PW_SALT if it is not already there.
Guenther

Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2014-08-08 06:02:35 +02:00
Günther Deschner
0e255497d2 lib/krb5_wrap: add smb_krb5_principal_get_type().
Guenther

Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2014-08-08 06:02:35 +02:00
Günther Deschner
abc2d812f5 auth/credentials_krb5: silence a build warning.
Guenther

Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2014-08-08 06:02:35 +02:00
Günther Deschner
763cae60c3 lib/krb5_wrap: add smb_krb5_principal_set_realm().
Guenther

Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2014-08-08 06:02:35 +02:00
Günther Deschner
1a58585a9b lib/krb5_wrap: use const principal in smb_krb5_principal_get_realm().
Guenther

Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2014-08-08 06:02:35 +02:00
Günther Deschner
a6145a2822 wscript: add check for krb5_keyblock_init.
Guenther

Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2014-08-08 06:02:35 +02:00
Günther Deschner
d487bce3ab s4-gensec_krb5: fix memleak in gensec_krb5_session_info().
Guenther

Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2014-08-08 06:02:35 +02:00
Günther Deschner
9fed7ed00e lib/krb5_wrap: add krb5_copy_data_contents.
This reuses krb5_data_copy() if available, choosed not to call it
krb5_data_copy as that is easily mixed up with krb5_copy_data (which allocs the
krb5_data pointer). Thanks Simo for proposing the better name.

Guenther

Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2014-08-08 06:02:35 +02:00
Günther Deschner
57b6517441 s4-heimdal: fix krb5_get_init_creds_opt_set_process_last_req().
Most probably just a copy/paste error.

Guenther

Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2014-08-08 06:02:35 +02:00
Günther Deschner
759c9b03e4 s4-auth/kerberos: add a note how to implement krb5_get_init_creds_opt_set_win2k() with MIT.
Guenther

Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2014-08-08 06:02:35 +02:00
Günther Deschner
7f61950398 s4-kerberos: remove duplicate macros.
Guenther

Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2014-08-08 06:02:34 +02:00
Günther Deschner
feabae7417 s4-dsdb/samdb: use smb_krb5_principal_get_comp_string in ldb ACL module.
Guenther

Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2014-08-08 06:02:34 +02:00
Günther Deschner
f5ce0ee45a lib/krb5_wrap: add smb_krb5_principal_get_comp_string().
Guenther

Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2014-08-08 06:02:34 +02:00
Günther Deschner
5c663685eb lib/krb5_wrap: move krb5_princ_size replacement code to lib/krb5_wrap/krb5_samba.c.
Guenther

Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2014-08-08 06:02:34 +02:00
Günther Deschner
fb2a8b34c1 auth/credentials-krb5: use get_kerberos_allowed_etypes().
Guenther

Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2014-08-08 06:02:34 +02:00
Günther Deschner
3d56bcc1de s4-torture: use smb_krb5_get_allowed_weak_crypto() in remote PAC test.
Guenther

Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Pair-Programmed-With: Andreas Schneider <asn@samba.org>
2014-08-08 06:02:34 +02:00
Günther Deschner
561c74666a lib/krb5_wrap: add smb_krb5_get_allowed_weak_crypto().
Guenther

Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Pair-Programmed-With: Andreas Schneider <asn@samba.org>
2014-08-08 06:02:34 +02:00
Günther Deschner
38d454eb44 lib/krb5_wrap: remove unused create_kerberos_key_from_string_direct().
Guenther

Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Pair-Programmed-With: Andreas Schneider <asn@samba.org>
2014-08-08 06:02:34 +02:00
Günther Deschner
22c6766693 samba: use smb_krb5_create_key_from_string() in some places.
Guenther

Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Pair-Programmed-With: Andreas Schneider <asn@samba.org>
2014-08-08 06:02:34 +02:00
Günther Deschner
016cd35d75 lib/krb5_wrap: add smb_krb5_create_key_from_string().
This function can take either a calculated salt or a principal and calculate the
salt on its own.

Guenther

Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Pair-Programmed-With: Andreas Schneider <asn@samba.org>
2014-08-08 06:02:34 +02:00
Günther Deschner
6b3d9853ce lib/krb5_wrap: add smb_krb5_get_pw_salt().
Guenther

Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Pair-Programmed-With: Andreas Schneider <asn@samba.org>
2014-08-08 06:02:34 +02:00
Günther Deschner
3f7b80f691 s4-dsdb/samdb: use smb_krb5_make_principal for compatibility reasons with MIT.
Guenther

Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2014-08-08 06:02:34 +02:00
Christof Schmitt
685af0342e doc: Add new parameters to vfs_full_audit man page
Signed-off-by: Christof Schmitt <cs@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Fri Aug  8 00:37:48 CEST 2014 on sn-devel-104
2014-08-08 00:37:48 +02:00
Volker Lendecke
4d9432fd24 vfs_full_audit: Optionally log security descriptors in FSET_NT_ACL
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2014-08-07 22:12:12 +02:00
Volker Lendecke
221afae9ae vfs_full_audit: Add "full_audit:syslog"
Defaults to true (for compatibility)

With full_audit:syslog=false we DEBUG the messages with level 1.

You can explicitly [en|dis]able this with debug class full_audit:0/1

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2014-08-07 22:12:12 +02:00
Volker Lendecke
b76bc4b713 vfs_full_audit: Save full_audit:priority in private_data
lp_parm_enum can become expensive

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2014-08-07 22:12:12 +02:00
Volker Lendecke
7efee03c84 vfs_full_audit: Save full_audit:facility in private_data
lp_parm_enum can become expensive

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2014-08-07 22:12:12 +02:00
Volker Lendecke
02d22d6a61 vfs_full_audit: Pass "vfs_full_audit_private_data" to log_failure/success()
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2014-08-07 22:12:12 +02:00
Michael Adam
a6e098fb22 s4:torture: use torture_assert instead of torture_comment and return in defer_open test
Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2014-08-07 22:12:12 +02:00
Michael Adam
3f422177ce s4:torture: consistently log "pid %u: ..." in the defer_open test
Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2014-08-07 22:12:12 +02:00
Michael Adam
5c6a1da82c s4:torture: remove an unused variable and bogus check from the defer_open test
Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2014-08-07 22:12:12 +02:00
Marc Muehlfeld
4639f6d7ba docs: Fix typos in smb.conf (inherit acls)
Bug: https://bugzilla.samba.org/show_bug.cgi?id=10761

Signed-off-by: Marc Muehlfeld <mmuehlfeld@samba.org>
Reviewed-by: David Disseldorp <ddiss@samba.org>

Autobuild-User(master): David Disseldorp <ddiss@samba.org>
Autobuild-Date(master): Thu Aug  7 00:52:42 CEST 2014 on sn-devel-104
2014-08-07 00:52:42 +02:00
Marc Muehlfeld
679d77a226 Redescribe --userou usage
Signed-off-by: Marc Muehlfeld <mmuehlfeld@samba.org>
Reviewed-by: David Disseldorp <ddiss@samba.org>
2014-08-06 22:26:15 +02:00
Volker Lendecke
332eeb8bc1 ctdbd_conn: Only poll if there's a timeout
At this point the ctdb socket is blocking, so we can save a syscall when
we wait indefinitely anyway.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>

Autobuild-User(master): Michael Adam <obnox@samba.org>
Autobuild-Date(master): Wed Aug  6 18:01:54 CEST 2014 on sn-devel-104
2014-08-06 18:01:53 +02:00
Volker Lendecke
c71b0c413c ctdbd_conn: Remove ctdb_packet
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
2014-08-06 15:40:10 +02:00
Volker Lendecke
a2a687205b ctdbd_conn: Remove ctdb_packet dependency
This was an early, failed attempt at async socket handling.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
2014-08-06 15:40:10 +02:00
Volker Lendecke
e185ff22ca ctdb-locking: Simplify ctdb_find_lock_context()
I like early returns that avoid else branches :-)

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>

Autobuild-User(master): Amitay Isaacs <amitay@samba.org>
Autobuild-Date(master): Wed Aug  6 14:44:31 CEST 2014 on sn-devel-104
2014-08-06 14:44:31 +02:00
Volker Lendecke
9f596c17c7 ctdb-locking: TALLOC_FREE copes with NULL
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
2014-08-06 12:22:13 +02:00
Stefan Metzmacher
bb8e6d458a s3:smbd: pass smbXsrv_connection to smbd_[un]lock_socket()
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>

Autobuild-User(master): Michael Adam <obnox@samba.org>
Autobuild-Date(master): Wed Aug  6 12:15:57 CEST 2014 on sn-devel-104
2014-08-06 12:15:57 +02:00
Stefan Metzmacher
3805249deb s3:smb2_server: pass smbXsrv_connection to smbd_smb2_send_break()
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
2014-08-06 09:51:14 +02:00
Stefan Metzmacher
245e3959de s3:smbd: pass smbXsrv_connection to smb1 encryption functions
These parameters are not really used currently, but may be in future.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
2014-08-06 09:51:14 +02:00
Stefan Metzmacher
d9716cb0db s3:smb2_server: propagate NTSTATUS from smb2_sendfile_send_data() to smbd_smb2_flush_send_queue()
Calling exit_server() from within a destructor is a bit ugly...

This will result in smbd_server_connection_terminate() instead of
directly calling exit_server(), which will be useful for multi-channel in
future.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
2014-08-06 09:51:14 +02:00
Volker Lendecke
2f47729beb smbd: Use %s/__func__
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
2014-08-06 09:51:14 +02:00
Stefan Metzmacher
cac1591fb3 s3:smbd: pass smbXsrv_connection explicitly to sendfile_short_send()
We now let the caller terminate the connection.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
2014-08-06 09:51:14 +02:00
Stefan Metzmacher
c18a62ee9d s3:smbd: pass smbXsrv_connection explicitly to fake_sendfile()
In future (with multi-channel) a fsp can be used from multiple
connections, we need to make it explicit on which we want to reply.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
2014-08-06 09:51:14 +02:00
Stefan Metzmacher
bd19fd1286 s3:smbd: remember the time of the session setup auth_time
This is the time of the last reauth.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
2014-08-06 09:51:14 +02:00
Stefan Metzmacher
d47c006d9d s3:smb2_sesssetup: make use of smb2req->xconn
We should use stuff relative to the current request.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
2014-08-06 09:51:14 +02:00