1
0
mirror of https://github.com/samba-team/samba.git synced 2024-12-25 23:21:54 +03:00
Commit Graph

2440 Commits

Author SHA1 Message Date
Andrew Bartlett
d7bb961859 s3-auth: Remove security=share (depricated since 3.6).
This patch removes security=share, which Samba implemented by matching
the per-share password provided by the client in the Tree Connect with
a selection of usernames supplied by the client, the smb.conf or
guessed from the environment.

The rationale for the removal is that for the bulk of security=share
users, we just we need a very simple way to run a 'trust the network'
Samba server, where users mark shares as guest ok.  This is still
supported, and the smb.conf options are documented at
https://wiki.samba.org/index.php/Public_Samba_Server

At the same time, this closes the door on one of the most arcane areas
of Samba authentication.

Naturally, full user-name/password authentication remain available in
security=user and above.

This includes documentation updates for username and only user, which
now only do a small amount of what they used to do.

Andrew Bartlett

                       --------------
                      /              \
                     /      REST      \
                    /        IN        \
                   /       PEACE        \
                  /                      \
                  |      SEC_SHARE       |
                  |    security=share    |
                  |                      |
                  |                      |
                  |       5 March        |
                  |                      |
                  |        2012          |
                 *|     *  *  *          | *
        _________)/\\_//(\/(/\)/\//\/\///|_)_______
2012-03-04 23:33:05 +01:00
Stefan Metzmacher
062d1a09c2 lib/crypto: add aes_cmac_128* (rfc 4493)
Thanks to Jeremy, Michael and Volker for the debugging!

metze
2012-02-29 03:16:22 +01:00
Volker Lendecke
c5c67cacd9 s3: Add a test that makes a chained open break an oplock
Autobuild-User: Volker Lendecke <vl@samba.org>
Autobuild-Date: Wed Feb 29 01:13:03 CET 2012 on sn-devel-104
2012-02-29 01:13:01 +01:00
Andrew Bartlett
a5c1e6e647 s3-build: allow gcov testing by linking timelimit with --coverage 2012-02-18 07:28:07 +01:00
Andrew Bartlett
9b147ce26d s3-auth Use the common gensec_ntlmssp_update in gensec_ntlmssp3_server
Signed-off-by: Stefan Metzmacher <metze@samba.org>
2012-02-17 10:48:09 +01:00
Andrew Bartlett
9c5b26f864 s3-auth: Use common gensec_ntlmssp server functions for more of gensec_ntlmssp3_server
This is possible because we now supply the auth4_context abstraction that this
code is looking for.

Andrew Bartlett

Signed-off-by: Stefan Metzmacher <metze@samba.org>
2012-02-17 10:48:09 +01:00
Andrew Bartlett
a68d4ccec0 s3-build: Use credentials_ntlm.c in the autoconf build as well
Signed-off-by: Stefan Metzmacher <metze@samba.org>
2012-02-17 10:48:09 +01:00
Andrew Bartlett
2b511f0e92 s3-librpc: Use gensec_spnego for DCE/RPC authentication
This ensures that we use the same SPNEGO code on session setup and on
DCE/RPC binds, and simplfies the calling code as spnego is no longer
a special case in cli_pipe.c

A special case wrapper function remains to avoid changing the
application layer callers in this patch.

Andrew Bartlett

Signed-off-by: Stefan Metzmacher <metze@samba.org>
2012-02-16 15:18:42 +01:00
Andrew Bartlett
b93326b968 s3-build: remove EXEEXT from Makefiles
As far as I am aware, we do not actually build on any platforms that
require this.  The last Stratos VOS release on
ftp://ftp.stratus.com/vos/samba/samba.html was 3.0.5

Andrew Bartlett
2012-02-09 00:27:08 +01:00
Andrew Bartlett
e4546f50fe auth: rename ntlmssp.c to ntlmssp_util.c 2012-02-08 16:30:25 +11:00
Andreas Schneider
390734acca lib: Remove dead mszip code.
RIP, long live zlib.
2012-01-25 11:58:26 +01:00
Stefan Metzmacher
23ddaa858c Revert "build: Add -lz to wbinfo to fix build on some hosts"
This reverts commit 88daf798fe.

This is not needed as 5c88cfcc52 is the better
fix, see https://bugzilla.samba.org/show_bug.cgi?id=8711

metze
2012-01-25 03:44:34 +01:00
Andrew Bartlett
88daf798fe build: Add -lz to wbinfo to fix build on some hosts
This is required after the rework of the object lists for gensec_gse

Andrew Bartlett

Autobuild-User: Andrew Bartlett <abartlet@samba.org>
Autobuild-Date: Fri Jan 20 23:33:14 CET 2012 on sn-devel-104
2012-01-20 23:33:14 +01:00
Volker Lendecke
5c88cfcc52 s3: Fix the build on FreeBSD8
Autobuild-User: Volker Lendecke <vlendec@samba.org>
Autobuild-Date: Fri Jan 20 21:58:04 CET 2012 on sn-devel-104
2012-01-20 21:58:04 +01:00
Andrew Bartlett
1b5870a6d1 s3-librpc Remove unused dcesrv_gssapi.[ch] functions
The code from dcesrv_gssapi.c is now
in source3/auth/auth_generic.c as an auth callback.

Andrew Bartlett

Signed-off-by: Stefan Metzmacher <metze@samba.org>
2012-01-18 16:23:22 +01:00
Andrew Bartlett
60e1aa701c s3-build: Rework object lists to allow gse gensec module
This also allows the spnego_parse_krb5_wrap() function to be shared.

Andrew Bartlett

Signed-off-by: Stefan Metzmacher <metze@samba.org>
2012-01-18 16:23:22 +01:00
Andrew Bartlett
cbd8231e34 s3-gse: Add gensec wrapper for gse GSSAPI client
This brings in part of the s4 gensec_gssapi as the boilerplate for the
new module.

Andrew Bartlett

Signed-off-by: Stefan Metzmacher <metze@samba.org>
2012-01-18 16:23:21 +01:00
Günther Deschner
e75c436fe6 s3-passdb: trying to decouple passdb and secrets a little.
Guenther

Autobuild-User: Günther Deschner <gd@samba.org>
Autobuild-Date: Wed Jan 18 14:46:18 CET 2012 on sn-devel-104
2012-01-18 14:46:18 +01:00
Günther Deschner
07664f9a99 s3-autoconf: fix the build of the pdb_ldap shared module in autoconf build as well.
Guenther
2012-01-13 09:44:23 +01:00
Stefan Metzmacher
342be2851a s3:build: add auth/gensec/spnego.o
metze

Autobuild-User: Stefan Metzmacher <metze@samba.org>
Autobuild-Date: Fri Jan 13 06:32:30 CET 2012 on sn-devel-104
2012-01-13 06:32:30 +01:00
Volker Lendecke
6f9442a705 s3: Move the share_mode_lock handling to its own file
Signed-off-by: Jeremy Allison <jra@samba.org>
2012-01-12 23:59:22 +01:00
Andrew Bartlett
138121c516 s3-libsmb: split out auth_generic client functions into auth_generic.c
Signed-off-by: Stefan Metzmacher <metze@samba.org>
2012-01-11 09:04:56 +01:00
Andrew Bartlett
f5a117172e gensec: move gensec_util.c to the top level
To do this some defines need to move to common_auth.h

Andrew Bartlett

Signed-off-by: Stefan Metzmacher <metze@samba.org>
2012-01-11 09:02:41 +01:00
Andrew Bartlett
12cb6cd44a s3-build: Remove unused hooks to set smbtorture4 and test args
These were left around after the selftest.pl script was introduced.

Andrew Bartlett

Autobuild-User: Andrew Bartlett <abartlet@samba.org>
Autobuild-Date: Mon Jan  9 06:13:21 CET 2012 on sn-devel-104
2012-01-09 06:13:21 +01:00
Andrew Bartlett
319209592d s3-build SMBTORTRUE4 variable is unused in make test 2012-01-09 10:56:26 +11:00
Andrew Bartlett
bd9309b91c s3-build SAMBA4SHAREDIR is unused in make test 2012-01-09 10:56:26 +11:00
Volker Lendecke
0d0141893e s3: Add a test excercising the share mode cleanup routine 2012-01-05 13:09:36 +01:00
Jeremy Allison
3a18a42d13 Add S3 vfs_aio_pthread module to replace broken glibc aio code.
Compiles but not yet tested.

Autobuild-User: Jeremy Allison <jra@samba.org>
Autobuild-Date: Thu Jan  5 01:43:51 CET 2012 on sn-devel-104
2012-01-05 01:43:51 +01:00
Andrew Bartlett
43f35f1826 s3-rpc_server: Rename dcesrv_ntlmssp.[ch] to dcesrv_auth_generic.[ch]
Signed-off-by: Stefan Metzmacher <metze@samba.org>
2011-12-22 19:25:11 +01:00
Andrew Bartlett
5e038432f7 s3-auth split the auth_generic functions into a seperate file
Signed-off-by: Stefan Metzmacher <metze@samba.org>
2011-12-22 19:25:11 +01:00
Stefan Metzmacher
cbb67e9e2e s3:smbd: remove unused sconn_server_id()
metze
2011-12-16 13:19:33 +01:00
Stefan Metzmacher
715933a3d3 s3:smbd: split ID_CACHE_* message handling into parent and child parts
metze
2011-12-15 08:16:31 +01:00
Andrew Bartlett
c9d929af8b s4-lsarpc handle more info levels in SetInfoTrustedDomain calls
This uses the very helpful conversion functions written for the s3 lsa server
and places these in common.

Andrew Bartlett
2011-12-12 12:57:07 +01:00
Jelmer Vernooij
05bc4de083 Revert making public of the samba-module library.
This library was tiny - containing just two public functions than were
themselves trivial. The amount of overhead this causes isn't really worth the
benefits of sharing the code with other projects like OpenChange. In addition, this code
isn't really generically useful anyway, as it can only load from the module path
set for Samba at configure time.

Adding a new library was breaking the API/ABI anyway, so OpenChange had to be
updated to cope with the new situation one way or another. I've added a simpler
(compatible) routine for loading modules to OpenChange, which is less than 100 lines of code.

Autobuild-User: Jelmer Vernooij <jelmer@samba.org>
Autobuild-Date: Sat Dec  3 08:36:33 CET 2011 on sn-devel-104
2011-12-03 08:36:30 +01:00
Gregor Beck
789aa9aab2 s3:registry: do not use regdb functions during db upgrade
It is importante to not use the database backend implementation
in the upgrade. Otherwise this would only work as long as this
is the newset version. In future versions of the registry, this
(then) intermediate upgrade step would change in behaviour and not
work as expected any more.

Signed-off-by: Michael Adam <obnox@samba.org>
2011-12-03 03:48:31 +01:00
Volker Lendecke
1c46fb5c3e s3: Use autogenerated open_files.idl 2011-12-02 22:43:05 +01:00
Volker Lendecke
057e4422a7 s3: Move ndr_file_id to LIBNDR_OBJ 2011-12-02 22:43:05 +01:00
Volker Lendecke
0c325463a2 s3: Add open_files.idl 2011-12-02 22:43:05 +01:00
Stefan Metzmacher
da2027faf7 smbXcli: rework smb1cli_trans.c to use smbXcli_conn/smbXcli_req
metze
2011-11-24 19:02:32 +01:00
Stefan Metzmacher
f60b768df4 s3:smb2cli: remove unused smb2cli_negprot()
metze
2011-11-24 19:02:32 +01:00
Stefan Metzmacher
349977e1a0 s3:smb2cli: replace smb2cli_base.c code with the more generic smbXcli_base.c code
metze
2011-11-24 19:02:30 +01:00
Andrew Bartlett
9524e2fce1 param: calculate server role from security, and security from server role
This allows smb.conf files from either the samba3 or samba4 tradition
to come to the same value of server role, using the information in the
smb.conf file.

This is important so that tools like 'net getlocalsid' work against a
Samba4 AD installation (yes, users have tried this).

Andrew Bartlett

Pair-Programmed-With: Amitay Isaacs <amitay@samba.org>
2011-11-17 00:34:08 +01:00
Andreas Schneider
1a72b6c524 s3: Fix wbinfo socket dir path.
Autobuild-User: Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date: Wed Nov 16 17:19:56 CET 2011 on sn-devel-104
2011-11-16 17:19:56 +01:00
Günther Deschner
8312ee1367 s3-passdb: split out passdb/pdb_ldap_schema.c
Guenther
2011-11-16 12:26:26 +01:00
Günther Deschner
28f8ccbe8b s3: move smbldap_util to pdb_ldap_util.
Guenther
2011-11-16 12:26:26 +01:00
Andreas Schneider
e66ceb6566 s3: Use autotools to set the winbind socket directory.
Autobuild-User: Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date: Wed Nov  9 13:31:27 CET 2011 on sn-devel-104
2011-11-09 13:31:27 +01:00
Günther Deschner
72879f491f nbt: merge in LIBCLI_NDR_NETLOGON helper into NDR_NBT.
Guenther
2011-11-03 18:35:08 +01:00
Björn Baumbach
bdf755ce08 s3-build: add bin/dbwrap_tool to the BIN_PROGS2 dependencies
Signed-off-by: Michael Adam <obnox@samba.org>

Autobuild-User: Michael Adam <obnox@samba.org>
Autobuild-Date: Thu Nov  3 11:52:53 CET 2011 on sn-devel-104
2011-11-03 11:52:53 +01:00
Andrew Bartlett
87354c9a6d lib/util Split samba-modules library into public and private parts
This will allow OpenChange to get at the symbols it needs, without
exposing any more of this as a public API than we must.

Andrew Bartlett
2011-10-28 13:10:28 +02:00
Andrew Bartlett
289b03de5d s3-build: Remove libbigballofmud.so
We no longer need this, as all the small test binaries have either
been converted rolled into python bindings and python-subunit tests, or have
been moved into smbtorture.

                       --------------
                      /              \
                     /      REST      \
                    /        IN        \
                   /       PEACE        \
                  /                      \
                  |  libbigballofmud.so  |
                  |                      |
                  |                      |
                  |      26 October      |
                  |                      |
                  |         2011         |
                 *|     *  *  *          | *
        _________)/\\_//(\/(/\)/\//\/\///|_)_______

Andrew Bartlett
2011-10-28 13:10:28 +02:00