1
0
mirror of https://github.com/samba-team/samba.git synced 2024-12-24 21:34:56 +03:00
Commit Graph

650 Commits

Author SHA1 Message Date
Mathieu Parent
105bb06318 Spelling fixes s/withing/within/
Signed-off-by: Mathieu Parent <math.parent@gmail.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
2019-09-01 22:21:28 +00:00
Andrew Bartlett
fa8eddc39b auth/gensec: Use gnutls_error_to_ntstatus() in netsec_do_seal()
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2019-08-21 09:57:31 +00:00
Andreas Schneider
025f6a135f auth:gensec: Use GnuTLS AES CFB8 in netsec_do_seal()
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2019-08-21 09:57:30 +00:00
Andrew Bartlett
3b27fd8a49 auth/gensec: Use gnutls_error_to_ntstatus() consistently in schannel
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2019-08-21 09:57:30 +00:00
Andreas Schneider
58c781dc93 auth:gensec: Use GnuTLS AES128 CFB8 in netsec_do_seq_num()
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2019-08-21 09:57:30 +00:00
Andrew Bartlett
fefd95091c auth/credentials: Check NTSTATUS return from netlogon_creds_aes_encrypt()
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2019-08-21 09:57:30 +00:00
Andreas Schneider
9b7825d2d3 auth:ntlmssp: Use generate_random_buffer() for session keys
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>

Autobuild-User(master): Alexander Bokovoy <ab@samba.org>
Autobuild-Date(master): Wed Aug 14 16:26:47 UTC 2019 on sn-devel-184
2019-08-14 16:26:47 +00:00
Andreas Schneider
7bd502dcdb auth:ntlmssp: Use GnuTLS RC4 for ntlmssp signing
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14031

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2019-07-26 01:48:24 +00:00
Andreas Schneider
cb4025a502 auth:ntlmssp: Use GnuTLS RC4 in ntlmssp client
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14031

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2019-07-26 01:48:24 +00:00
Douglas Bagnall
a5e8a5e05b auth/pycreds/encrypt_netr_crypt_password: don't pretend arg is optional
The "|O" signature is saying the password argument is optional, which
makes no sense in terms of the funxtion and immediately leads to a
TypeError (or until last commit, segfault). Removing the "|" leaves it
with a TypeError, but it is better worded and faster.

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2019-07-22 22:20:26 +00:00
Douglas Bagnall
f8fb6f3261 auth/pycreds/encrypt_netr_crypt_password: don't segfault
Non-talloc objects were treated as talloc objects, to no good effect

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2019-07-22 22:20:26 +00:00
Douglas Bagnall
0d0a88fc6a pycredentials.h: use import to ensure python type correctness
Because we include pyrpc_util.h, pycredentials doesn't need its own
PyStringFromStringOrNull().

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2019-07-22 22:20:26 +00:00
Douglas Bagnall
c9c1d44488 auth/pycredentials: always check self is a Credentials object
This prevents a segfault with

    credentials.Credentials.guess(x)

where x is not a Credentials object.

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2019-07-22 22:20:25 +00:00
Noel Power
f004f8a234 auth/gensec: clang: Fix 'Value stored to 'status' is never read'
Fixes:

auth/gensec/spnego.c:877:2: warning: Value stored to 'status' is never read <--[clang]
        status = sub_status;
        ^        ~~~~~~~~~~
1 warning generated.

Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
2019-07-11 04:08:13 +00:00
Noel Power
6b96ae8316 auth/kerberos: clang: Fix same instances of 'Value stored is never read'
Fixes:

auth/kerberos/gssapi_pac.c:136:3: warning: Value stored to 'gss_maj' is never read <--[clang]
                gss_maj = gss_release_buffer(&gss_min, &pac_buffer);
                ^         ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
auth/kerberos/gssapi_pac.c:137:3: warning: Value stored to 'gss_maj' is never read <--[clang]
                gss_maj = gss_release_buffer(&gss_min, &pac_display_buffer);
                ^         ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
auth/kerberos/gssapi_pac.c:265:4: warning: Value stored to 'gss_maj' is never read <--[clang]
                        gss_maj = gss_release_buffer_set(&gss_min, &set);
                        ^         ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
auth/kerberos/gssapi_pac.c:273:4: warning: Value stored to 'gss_maj' is never read <--[clang]
                        gss_maj = gss_release_buffer_set(&gss_min, &set);
                        ^         ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
auth/kerberos/gssapi_pac.c:279:4: warning: Value stored to 'gss_maj' is never read <--[clang]
                        gss_maj = gss_release_buffer_set(&gss_min, &set);
                        ^         ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
auth/kerberos/gssapi_pac.c:285:5: warning: Value stored to 'gss_maj' is never read <--[clang]
                                gss_maj = gss_release_buffer_set(&gss_min, &set);
                                ^         ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
auth/kerberos/gssapi_pac.c:291:2: warning: Value stored to 'gss_maj' is never read <--[clang]
        gss_maj = gss_release_buffer_set(&gss_min, &set);
        ^         ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
7 warnings generated.

Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>

Autobuild-User(master): Noel Power <npower@samba.org>
Autobuild-Date(master): Mon Jul  8 11:04:15 UTC 2019 on sn-devel-184
2019-07-08 11:04:15 +00:00
Isaac Boukris
2ae75184fc Add PrimaryGroupId to group array in DC response
This is a simplified version of the original patch by:
Felix Botner <botner@univention.de>

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11362

Pair-Programmed-With: Stefan Metzmacher <metze@samba.org>

Signed-off-by: Isaac Boukris <iboukris@gmail.com>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Wed Jul  3 13:52:55 UTC 2019 on sn-devel-184
2019-07-03 13:52:55 +00:00
Andreas Schneider
0a8a1c9c78 auth:ntlmssp: Use GnuTLS RC4 in ntlmssp server
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2019-06-27 12:54:24 +00:00
Andreas Schneider
ba96534eb3 auth:gensec: Return NTSTATUS for netsec_do_seal()
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2019-06-27 12:54:23 +00:00
Andreas Schneider
6148cd9c97 auth:gensec: Use GnuTLS RC4 in netsec_do_seal()
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2019-06-27 12:54:23 +00:00
Andreas Schneider
d5ca7ff40f auth:gensec: Use GnuTLS RC4 in netsec_do_seq_num()
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2019-06-27 12:54:23 +00:00
Andreas Schneider
67e6a9af2c libcli:auth: Return NTSTATUS for netlogon_creds_arcfour_crypt()
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2019-06-27 12:54:23 +00:00
Andrew Bartlett
8f4c30f785 lib/crypto: move gnutls error wrapper to own subsystem
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2019-06-27 12:54:22 +00:00
Andrew Bartlett
34f9a089d8 py3: Remove PyStr_FromString() compatability macro
We no longer need Samba to be py2/py3 compatible so we choose to return to the standard
function names.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Noel Power <noel.power@suse.com>
2019-06-24 17:24:27 +00:00
Andreas Schneider
b21af2f173 auth:creds: Use gnutls_error_to_ntstatus() in credentials_ntlm
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2019-06-24 06:11:17 +00:00
Andreas Schneider
aaf41bf96f auth:ntlmssp: Use gnutls_error_to_ntstatus() in ntlmssp_sign
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2019-06-24 06:11:17 +00:00
Andreas Schneider
d9a6cbd9e1 auth:ntlmssp: Use gnutls_error_to_ntstatus() in ntlmssp_server
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2019-06-24 06:11:17 +00:00
Andreas Schneider
35573821b6 auth:ntlmssp: Use gnutls_error_to_ntstatus() in ntlmssp_client
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2019-06-24 06:11:17 +00:00
Andreas Schneider
232c3b6f80 auth:gensec: Use gnutls_error_to_ntstatus() in schannel
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2019-06-24 06:11:16 +00:00
Gary Lockyer
ea7c4ac99d auth auth_log: csbuild unused parm transport_protection
Fixes csbuild errors.

Error: COMPILER_WARNING:
auth/auth_log.c: scope_hint: In function
‘log_successful_authz_event_human_readable’
auth/auth_log.c:728:14: warning: unused parameter ‘transport_protection’
[-Wunused-param
eter]

Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn@samba.org>
2019-06-13 07:16:22 +00:00
Gary Lockyer
ae4461dce9 auth auth_log: csbuild unused parm unix_username
Fixes csbuild errors

Error: COMPILER_WARNING:
auth/auth_log.c: scope_hint: In function ‘log_authentication_event_json’
auth/auth_log.c:146:14: warning: unused parameter ‘unix_username’
[-Wunused-parameter]

Error: COMPILER_WARNING:
auth/auth_log.c: scope_hint: In function
‘log_authentication_event_human_readable’
auth/auth_log.c:586:14: warning: unused parameter ‘unix_username’
[-Wunused-parameter]

Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn@samba.org>
2019-06-13 07:16:22 +00:00
Andreas Schneider
6317095023 auth:gensec: Return NTSTATUS for netsec_do_seq_num()
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2019-05-21 00:03:22 +00:00
Andreas Schneider
6aa30669a1 auth:gensec: Use GnuTLS HMAC MD5 and MD5 in netsec_do_sign()
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2019-05-21 00:03:22 +00:00
Andreas Schneider
71926c6e4f auth:gensec: Use GnuTLS HMAC MD5 in netsec_do_seal()
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2019-05-21 00:03:21 +00:00
Andreas Schneider
6b413dab0b auth:gensec: Use GnuTLS HMAC MD5 in netsec_do_seq_num()
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2019-05-21 00:03:21 +00:00
Andreas Schneider
d3ea318ba0 auth:creds: Use GnuTLS MD5 in ntlm creds
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2019-05-21 00:03:21 +00:00
Andreas Schneider
fe2a969544 auth:ntlmssp: Use GnuTLS MD5 and HMAC MD5 in ntlmssp sign
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2019-05-21 00:03:21 +00:00
Andreas Schneider
898fe5a142 auth:ntlmssp: Use GnuTLS MD5 and HMAC MD5 in ntlmssp server
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2019-05-21 00:03:21 +00:00
Andreas Schneider
44fcb59908 auth:ntlmssp: Use GnuTLS HMAC MD5 in ntlmssp client
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2019-05-21 00:03:21 +00:00
Noel Power
cbdd3d0c26 squash 'cast between incompatible function types' warning
To avoid warning above produced by using
-Wcast-function-type we;

  + ensure PyCFunctions of type METH_NOARGS defined dummy arg
  + ensure PyCFunctions of type METH_KEYWORDS use PY_DISCARD_FUNC_SIG
    macro

Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Andreas Schneider <asn@samba.org>
2019-05-16 17:55:17 +00:00
Douglas Bagnall
4954a96e45 auth/creds/torture: add a test showing segfault
This file isn't actually run...

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
2019-05-09 22:39:27 +00:00
Douglas Bagnall
2bd79a0cd0 auth/creds/guess: avoid segfault with NULL lp (CID 241187)
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
2019-05-09 22:39:27 +00:00
Andreas Schneider
83d228b66a auth:gensec: Add return code for netsec_do_sign()
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2019-04-30 23:18:28 +00:00
Andreas Schneider
c04571d47c auth:gensec: Use GnuTLS SHA256 HMAC for schannel
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2019-04-30 23:18:28 +00:00
Samuel Cabrero
d88f1c82b2 credentials: Workaround krb5_cc_remove_cred not implemented in MIT kerberos
Signed-off-by: Samuel Cabrero <scabrero@suse.de>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Mon Apr 29 19:15:48 UTC 2019 on sn-devel-184
2019-04-29 19:15:48 +00:00
Samuel Cabrero
937ad9d2a0 credentials: Initialize krb5 client to retrieve creds from ccache
MIT kerberos require krb5_creds.client to be initialized to match
krb5_creds.server with the cached credentials.

Signed-off-by: Samuel Cabrero <scabrero@suse.de>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2019-04-29 18:10:09 +00:00
Volker Lendecke
a0f03be77f auth: Add necessary decoration to auth/auth_util.h
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2019-04-03 16:55:27 +00:00
Andreas Schneider
5c7f0a6902 auth:creds: Prefer the principal over DOMAIN/username when using NTLM
If we want to authenticate using -Wadmin@otherdomain the DC should do
take care of the authentication with the right DC for us.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13861

Pair-Programmed-With: Guenther Deschner <gd@samba.org>
Signed-off-by: Guenther Deschner <gd@samba.org>
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2019-04-02 01:12:10 +00:00
Guenther Deschner
9e92654899 auth:ntlmssp: Add back CRAP ndr debug output
This got lost somehow during refactoring. This is still viable
information when trying to figure out what is going wrong when
authenticating a user over NTLMSSP.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13861

Signed-off-by: Guenther Deschner <gd@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2019-04-02 01:12:10 +00:00
Andrew Bartlett
fdb6305c86 build: Remove bld.gen_python_environments()
This was part of --extra-python support.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
2019-03-21 04:06:14 +00:00
Andreas Schneider
b451168d72 auth:gensec: Make sure we zero the checksum after use
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2019-02-27 01:35:19 +01:00