xslt/pearson.xsl:
distclean clobber:: clean
- rm Makefile.settings config.status config.log configure
+ rm -f Makefile.settings config.status config.log
+
+realdistclean:: distclean
+ rm -f configure
rm -rf autom4te.cache
mv manpages-3 manpages
mv htmldocs/manpages-3 htmldocs/manpages
+cd ../docs-xml || exit 1
+make distclean
+
exit
if [ -n "$vendor_version" ]; then
version="$version-$vendor_version"
fi
+ vendor_patch=`grep "define SAMBA_VERSION_VENDOR_PATCH" $VER_H | awk '{print $3}'`
+ if [ -n "$vendor_patch" ]; then
+ version="$version-$vendor_patch"
+ fi
version=`echo $version | sed 's/\"//g'`
echo "Creating release tarball for Samba $version"
selftest --help
-selftest [--srcdir=DIR] [--builddir=DIR] [--target=samba4|samba3|win|kvm] [--socket-wrapper] [--quick] [--exclude=FILE] [--include=FILE] [--one] [--prefix=prefix] [--immediate] [--testlist=FILE] [TESTS]
+selftest [--srcdir=DIR] [--builddir=DIR] [--exeext=EXT][--target=samba4|samba3|win|kvm] [--socket-wrapper] [--quick] [--exclude=FILE] [--include=FILE] [--one] [--prefix=prefix] [--immediate] [--testlist=FILE] [TESTS]
=head1 DESCRIPTION
Build directory.
+=item I<--exeext=EXT>
+
+Executable extention
+
=item I<--prefix=DIR>
Change directory to run tests in. Default is 'st'.
my $srcdir = ".";
my $builddir = ".";
+my $exeext = "";
my $prefix = "./st";
my @expected_failures = ();
--prefix=DIR prefix to run tests in [st]
--srcdir=DIR source directory [.]
--builddir=DIR output directory [.]
+ --exeext=EXT executable extention []
Target Specific:
--socket-wrapper-pcap save traffic to pcap directories
'include=s' => \@opt_include,
'srcdir=s' => \$srcdir,
'builddir=s' => \$builddir,
+ 'exeext=s' => \$exeext,
'verbose' => \$opt_verbose,
'testenv' => \$opt_testenv,
'ldap:s' => \$ldap,
if ($opt_target eq "samba4") {
$testenv_default = "member";
require target::Samba4;
- $target = new Samba4($opt_bindir or "$srcdir/bin", $ldap, "$srcdir/setup");
+ $target = new Samba4($opt_bindir or "$builddir/bin",
+ $ldap, "$srcdir/setup", $exeext);
} elsif ($opt_target eq "samba3") {
- my $bindir = ($opt_bindir or "$srcdir/bin");
+ my $bindir = ($opt_bindir or "$builddir/bin");
if ($opt_socket_wrapper and `$bindir/smbd -b | grep SOCKET_WRAPPER` eq "") {
die("You must include --enable-socket-wrapper when compiling Samba in order to execute 'make test'. Exiting....");
}
use FindBin qw($RealBin);
use POSIX;
-sub new($$$$) {
- my ($classname, $bindir, $ldap, $setupdir) = @_;
+sub new($$$$$) {
+ my ($classname, $bindir, $ldap, $setupdir, $exeext) = @_;
+ $exeext = "" unless defined($exeext);
my $self = {
vars => {},
ldap => $ldap,
bindir => $bindir,
- setupdir => $setupdir
+ setupdir => $setupdir,
+ exeext => $exeext
};
bless $self;
return $self;
}
+sub bindir_path($$) {
+ my ($self, $path) = @_;
+
+ return "$self->{bindir}/$path$self->{exeext}";
+}
+
sub openldap_start($$$) {
my ($slapd_conf, $uri, $logs) = @_;
my $oldpath = $ENV{PATH};
} elsif ($self->{ldap} eq "openldap") {
openldap_start($env_vars->{SLAPD_CONF}, $uri, "$env_vars->{LDAPDIR}/logs");
}
- while (system("$self->{bindir}/ldbsearch -H $uri -s base -b \"\" supportedLDAPVersion > /dev/null") != 0) {
+ my $ldbsearch = $self->bindir_path("ldbsearch");
+ while (system("$ldbsearch -H $uri -s base -b \"\" supportedLDAPVersion > /dev/null") != 0) {
$count++;
if ($count > 40) {
$self->slapd_stop($env_vars);
if (defined($ENV{SMBD_OPTIONS})) {
$optarg.= " $ENV{SMBD_OPTIONS}";
}
- my $ret = system("$valgrind $self->{bindir}/samba $optarg $env_vars->{CONFIGURATION} -M single -i --leak-report-full");
+ my $samba = $self->bindir_path("samba");
+ my $ret = system("$valgrind $samba $optarg $env_vars->{CONFIGURATION} -M single -i --leak-report-full");
if ($? == -1) {
- print "Unable to start samba: $ret: $!\n";
+ print "Unable to start $samba: $ret: $!\n";
exit 1;
}
unlink($env_vars->{SMBD_TEST_FIFO});
my $exit = $? >> 8;
if ( $ret == 0 ) {
- print "samba exits with status $exit\n";
+ print "$samba exits with status $exit\n";
} elsif ( $ret & 127 ) {
- print "samba got signal ".($ret & 127)." and exits with $exit!\n";
+ print "$samba got signal ".($ret & 127)." and exits with $exit!\n";
} else {
$ret = $? >> 8;
- print "samba failed with status $exit!\n";
+ print "$samba failed with status $exit!\n";
}
exit $exit;
}
{
my ($self, $file, $ldif) = @_;
- open(LDIF, "|$self->{bindir}/ldbadd -H $file >/dev/null");
+ my $ldbadd = $self->bindir_path("ldbadd");
+ open(LDIF, "|$ldbadd -H $file >/dev/null");
print LDIF $ldif;
return close(LDIF);
}
close(GRP);
#Ensure the config file is valid before we start
- if (system("$self->{bindir}/testparm $configuration -v --suppress-prompt >/dev/null 2>&1") != 0) {
- system("$self->{bindir}/testparm -v --suppress-prompt $configuration >&2");
- die("Failed to create a valid smb.conf configuration!");
+ my $testparm = $self->bindir_path("testparm");
+ if (system("$testparm $configuration -v --suppress-prompt >/dev/null 2>&1") != 0) {
+ system("$testparm -v --suppress-prompt $configuration >&2");
+ die("Failed to create a valid smb.conf configuration $testparm!");
}
- (system("($self->{bindir}/testparm $configuration -v --suppress-prompt --parameter-name=\"netbios name\" --section-name=global 2> /dev/null | grep -i \"^$netbiosname\" ) >/dev/null 2>&1") == 0) or die("Failed to create a valid smb.conf configuration! $self->{bindir}/testparm $configuration -v --suppress-prompt --parameter-name=\"netbios name\" --section-name=global");
+ (system("($testparm $configuration -v --suppress-prompt --parameter-name=\"netbios name\" --section-name=global 2> /dev/null | grep -i \"^$netbiosname\" ) >/dev/null 2>&1") == 0) or die("Failed to create a valid smb.conf configuration! $self->{bindir}/testparm $configuration -v --suppress-prompt --parameter-name=\"netbios name\" --section-name=global");
my @provision_options = ();
push (@provision_options, "NSS_WRAPPER_PASSWD=\"$nsswrap_passwd\"");
$ret or die("Unable to provision");
+ my $net = $self->bindir_path("net");
my $cmd = "";
$cmd .= "SOCKET_WRAPPER_DEFAULT_IFACE=\"$ret->{SOCKET_WRAPPER_DEFAULT_IFACE}\" ";
$cmd .= "KRB5_CONFIG=\"$ret->{KRB5_CONFIG}\" ";
- $cmd .= "$self->{bindir}/net join $ret->{CONFIGURATION} $dcvars->{DOMAIN} member";
+ $cmd .= "$net join $ret->{CONFIGURATION} $dcvars->{DOMAIN} member";
$cmd .= " -U$dcvars->{USERNAME}\%$dcvars->{PASSWORD}";
system($cmd) == 0 or die("Join failed\n$cmd");
}
result->sam_account = sampass;
- /* Ensure thaat the sampass will be freed with the result */
+ /* Ensure that the sampass will be freed with the result */
talloc_steal(result, sampass);
result->unix_name = pwd->pw_name;
/* Ensure that we keep pwd->pw_name, because we will free pwd below */
setup:
@ln -sf ../source4/setup setup
-SELFTEST4 = $(LD_LIBPATH_OVERRIDE) $(PERL) $(selftestdir)/selftest.pl --prefix=st4 \
+LD_LIBPATH_OVERRIDE = $(LIB_PATH_VAR)="$(builddir)/bin/shared"
+
+SELFTEST4 = $(LD_LIBPATH_OVERRIDE) EXEEXT="4" $(PERL) $(selftestdir)/selftest.pl --prefix=st4 \
--builddir=$(builddir) --srcdir=$(samba4srcdir) \
+ --exeext=4 \
--expected-failures=$(samba4srcdir)/selftest/knownfail \
--format=$(SELFTEST_FORMAT) \
--exclude=$(samba4srcdir)/selftest/skip --testlist="$(samba4srcdir)/selftest/tests.sh|" \
return NT_STATUS_OK;
}
+/**
+ * Make a server_info struct from the info3 returned by a domain logon
+ */
+NTSTATUS make_server_info_netlogon_validation(TALLOC_CTX *mem_ctx,
+ const char *account_name,
+ uint16_t validation_level,
+ union netr_Validation *validation,
+ struct auth_serversupplied_info **_server_info)
+{
+ struct auth_serversupplied_info *server_info;
+ struct netr_SamBaseInfo *base = NULL;
+ int i;
+
+ switch (validation_level) {
+ case 2:
+ if (!validation || !validation->sam2) {
+ return NT_STATUS_INVALID_PARAMETER;
+ }
+ base = &validation->sam2->base;
+ break;
+ case 3:
+ if (!validation || !validation->sam3) {
+ return NT_STATUS_INVALID_PARAMETER;
+ }
+ base = &validation->sam3->base;
+ break;
+ case 6:
+ if (!validation || !validation->sam6) {
+ return NT_STATUS_INVALID_PARAMETER;
+ }
+ base = &validation->sam6->base;
+ break;
+ default:
+ return NT_STATUS_INVALID_LEVEL;
+ }
+
+ server_info = talloc(mem_ctx, struct auth_serversupplied_info);
+ NT_STATUS_HAVE_NO_MEMORY(server_info);
+
+ /*
+ Here is where we should check the list of
+ trusted domains, and verify that the SID
+ matches.
+ */
+ server_info->account_sid = dom_sid_add_rid(server_info, base->domain_sid, base->rid);
+ NT_STATUS_HAVE_NO_MEMORY(server_info->account_sid);
+
+
+ server_info->primary_group_sid = dom_sid_add_rid(server_info, base->domain_sid, base->primary_gid);
+ NT_STATUS_HAVE_NO_MEMORY(server_info->primary_group_sid);
+
+ server_info->n_domain_groups = base->groups.count;
+ if (base->groups.count) {
+ server_info->domain_groups = talloc_array(server_info, struct dom_sid*, base->groups.count);
+ NT_STATUS_HAVE_NO_MEMORY(server_info->domain_groups);
+ } else {
+ server_info->domain_groups = NULL;
+ }
+
+ for (i = 0; i < base->groups.count; i++) {
+ server_info->domain_groups[i] = dom_sid_add_rid(server_info, base->domain_sid, base->groups.rids[i].rid);
+ NT_STATUS_HAVE_NO_MEMORY(server_info->domain_groups[i]);
+ }
+
+ /* Copy 'other' sids. We need to do sid filtering here to
+ prevent possible elevation of privileges. See:
+
+ http://www.microsoft.com/windows2000/techinfo/administration/security/sidfilter.asp
+ */
+
+ if (validation_level == 3) {
+ struct dom_sid **dgrps = server_info->domain_groups;
+ size_t sidcount = server_info->n_domain_groups + validation->sam3->sidcount;
+ size_t n_dgrps = server_info->n_domain_groups;
+
+ if (validation->sam3->sidcount > 0) {
+ dgrps = talloc_realloc(server_info, dgrps, struct dom_sid*, sidcount);
+ NT_STATUS_HAVE_NO_MEMORY(dgrps);
+
+ for (i = 0; i < validation->sam3->sidcount; i++) {
+ dgrps[n_dgrps + i] = talloc_reference(dgrps, validation->sam3->sids[i].sid);
+ }
+ }
+
+ server_info->n_domain_groups = sidcount;
+ server_info->domain_groups = dgrps;
+
+ /* Where are the 'global' sids?... */
+ }
+
+ if (base->account_name.string) {
+ server_info->account_name = talloc_reference(server_info, base->account_name.string);
+ } else {
+ server_info->account_name = talloc_strdup(server_info, account_name);
+ NT_STATUS_HAVE_NO_MEMORY(server_info->account_name);
+ }
+
+ server_info->domain_name = talloc_reference(server_info, base->domain.string);
+ server_info->full_name = talloc_reference(server_info, base->full_name.string);
+ server_info->logon_script = talloc_reference(server_info, base->logon_script.string);
+ server_info->profile_path = talloc_reference(server_info, base->profile_path.string);
+ server_info->home_directory = talloc_reference(server_info, base->home_directory.string);
+ server_info->home_drive = talloc_reference(server_info, base->home_drive.string);
+ server_info->logon_server = talloc_reference(server_info, base->logon_server.string);
+ server_info->last_logon = base->last_logon;
+ server_info->last_logoff = base->last_logoff;
+ server_info->acct_expiry = base->acct_expiry;
+ server_info->last_password_change = base->last_password_change;
+ server_info->allow_password_change = base->allow_password_change;
+ server_info->force_password_change = base->force_password_change;
+ server_info->logon_count = base->logon_count;
+ server_info->bad_password_count = base->bad_password_count;
+ server_info->acct_flags = base->acct_flags;
+
+ server_info->authenticated = true;
+
+ /* ensure we are never given NULL session keys */
+
+ if (all_zero(base->key.key, sizeof(base->key.key))) {
+ server_info->user_session_key = data_blob(NULL, 0);
+ } else {
+ server_info->user_session_key = data_blob_talloc(server_info, base->key.key, sizeof(base->key.key));
+ NT_STATUS_HAVE_NO_MEMORY(server_info->user_session_key.data);
+ }
+
+ if (all_zero(base->LMSessKey.key, sizeof(base->LMSessKey.key))) {
+ server_info->lm_session_key = data_blob(NULL, 0);
+ } else {
+ server_info->lm_session_key = data_blob_talloc(server_info, base->LMSessKey.key, sizeof(base->LMSessKey.key));
+ NT_STATUS_HAVE_NO_MEMORY(server_info->lm_session_key.data);
+ }
+
+ ZERO_STRUCT(server_info->pac_srv_sig);
+ ZERO_STRUCT(server_info->pac_kdc_sig);
+
+ *_server_info = server_info;
+ return NT_STATUS_OK;
+}
+
#include "auth/auth.h"
#include "lib/ldb/include/ldb.h"
#include "auth/auth_sam.h"
-#include "system/network.h"
#include "lib/socket/socket.h"
#include "librpc/rpc/dcerpc.h"
#include "auth/credentials/credentials.h"
#include "auth/gensec/gensec_proto.h"
#include "param/param.h"
#include "auth/session_proto.h"
+#include "auth/auth_sam_reply.h"
enum GENSEC_KRB5_STATE {
GENSEC_KRB5_SERVER_START,
#include "includes.h"
#include "auth/auth.h"
#include "auth/ntlm/auth_proto.h"
-#include "auth/session_proto.h"
+#include "auth/auth_sam_reply.h"
#include "nsswitch/winbind_client.h"
#include "librpc/gen_ndr/ndr_netlogon.h"
#include "librpc/gen_ndr/ndr_winbind.h"
security_token_debug(dbg_lev, session_info->security_token);
}
-/**
- * Make a server_info struct from the info3 returned by a domain logon
- */
-_PUBLIC_ NTSTATUS make_server_info_netlogon_validation(TALLOC_CTX *mem_ctx,
- const char *account_name,
- uint16_t validation_level,
- union netr_Validation *validation,
- struct auth_serversupplied_info **_server_info)
-{
- struct auth_serversupplied_info *server_info;
- struct netr_SamBaseInfo *base = NULL;
- int i;
-
- switch (validation_level) {
- case 2:
- if (!validation || !validation->sam2) {
- return NT_STATUS_INVALID_PARAMETER;
- }
- base = &validation->sam2->base;
- break;
- case 3:
- if (!validation || !validation->sam3) {
- return NT_STATUS_INVALID_PARAMETER;
- }
- base = &validation->sam3->base;
- break;
- case 6:
- if (!validation || !validation->sam6) {
- return NT_STATUS_INVALID_PARAMETER;
- }
- base = &validation->sam6->base;
- break;
- default:
- return NT_STATUS_INVALID_LEVEL;
- }
-
- server_info = talloc(mem_ctx, struct auth_serversupplied_info);
- NT_STATUS_HAVE_NO_MEMORY(server_info);
-
- /*
- Here is where we should check the list of
- trusted domains, and verify that the SID
- matches.
- */
- server_info->account_sid = dom_sid_add_rid(server_info, base->domain_sid, base->rid);
- NT_STATUS_HAVE_NO_MEMORY(server_info->account_sid);
-
-
- server_info->primary_group_sid = dom_sid_add_rid(server_info, base->domain_sid, base->primary_gid);
- NT_STATUS_HAVE_NO_MEMORY(server_info->primary_group_sid);
-
- server_info->n_domain_groups = base->groups.count;
- if (base->groups.count) {
- server_info->domain_groups = talloc_array(server_info, struct dom_sid*, base->groups.count);
- NT_STATUS_HAVE_NO_MEMORY(server_info->domain_groups);
- } else {
- server_info->domain_groups = NULL;
- }
-
- for (i = 0; i < base->groups.count; i++) {
- server_info->domain_groups[i] = dom_sid_add_rid(server_info, base->domain_sid, base->groups.rids[i].rid);
- NT_STATUS_HAVE_NO_MEMORY(server_info->domain_groups[i]);
- }
-
- /* Copy 'other' sids. We need to do sid filtering here to
- prevent possible elevation of privileges. See:
-
- http://www.microsoft.com/windows2000/techinfo/administration/security/sidfilter.asp
- */
-
- if (validation_level == 3) {
- struct dom_sid **dgrps = server_info->domain_groups;
- size_t sidcount = server_info->n_domain_groups + validation->sam3->sidcount;
- size_t n_dgrps = server_info->n_domain_groups;
-
- if (validation->sam3->sidcount > 0) {
- dgrps = talloc_realloc(server_info, dgrps, struct dom_sid*, sidcount);
- NT_STATUS_HAVE_NO_MEMORY(dgrps);
-
- for (i = 0; i < validation->sam3->sidcount; i++) {
- dgrps[n_dgrps + i] = talloc_reference(dgrps, validation->sam3->sids[i].sid);
- }
- }
-
- server_info->n_domain_groups = sidcount;
- server_info->domain_groups = dgrps;
-
- /* Where are the 'global' sids?... */
- }
-
- if (base->account_name.string) {
- server_info->account_name = talloc_reference(server_info, base->account_name.string);
- } else {
- server_info->account_name = talloc_strdup(server_info, account_name);
- NT_STATUS_HAVE_NO_MEMORY(server_info->account_name);
- }
-
- server_info->domain_name = talloc_reference(server_info, base->domain.string);
- server_info->full_name = talloc_reference(server_info, base->full_name.string);
- server_info->logon_script = talloc_reference(server_info, base->logon_script.string);
- server_info->profile_path = talloc_reference(server_info, base->profile_path.string);
- server_info->home_directory = talloc_reference(server_info, base->home_directory.string);
- server_info->home_drive = talloc_reference(server_info, base->home_drive.string);
- server_info->logon_server = talloc_reference(server_info, base->logon_server.string);
- server_info->last_logon = base->last_logon;
- server_info->last_logoff = base->last_logoff;
- server_info->acct_expiry = base->acct_expiry;
- server_info->last_password_change = base->last_password_change;
- server_info->allow_password_change = base->allow_password_change;
- server_info->force_password_change = base->force_password_change;
- server_info->logon_count = base->logon_count;
- server_info->bad_password_count = base->bad_password_count;
- server_info->acct_flags = base->acct_flags;
-
- server_info->authenticated = true;
-
- /* ensure we are never given NULL session keys */
-
- if (all_zero(base->key.key, sizeof(base->key.key))) {
- server_info->user_session_key = data_blob(NULL, 0);
- } else {
- server_info->user_session_key = data_blob_talloc(server_info, base->key.key, sizeof(base->key.key));
- NT_STATUS_HAVE_NO_MEMORY(server_info->user_session_key.data);
- }
-
- if (all_zero(base->LMSessKey.key, sizeof(base->LMSessKey.key))) {
- server_info->lm_session_key = data_blob(NULL, 0);
- } else {
- server_info->lm_session_key = data_blob_talloc(server_info, base->LMSessKey.key, sizeof(base->LMSessKey.key));
- NT_STATUS_HAVE_NO_MEMORY(server_info->lm_session_key.data);
- }
-
- ZERO_STRUCT(server_info->pac_srv_sig);
- ZERO_STRUCT(server_info->pac_kdc_sig);
-
- *_server_info = server_info;
- return NT_STATUS_OK;
-}
-
-
struct auth_serversupplied_info *server_info,
struct auth_session_info **_session_info) ;
-NTSTATUS make_server_info_netlogon_validation(TALLOC_CTX *mem_ctx,
- const char *account_name,
- uint16_t validation_level,
- union netr_Validation *validation,
- struct auth_serversupplied_info **_server_info);
NTSTATUS auth_anonymous_session_info(TALLOC_CTX *parent_ctx,
struct tevent_context *ev_ctx,
struct loadparm_context *lp_ctx,
[PYTHON::python_glue]
LIBRARY_REALNAME = samba/glue.$(SHLIBEXT)
-PRIVATE_DEPENDENCIES = LIBNDR LIBLDB SAMDB CREDENTIALS swig_ldb python_dcerpc_misc python_dcerpc_security swig_auth
+PRIVATE_DEPENDENCIES = LIBNDR LIBLDB SAMDB CREDENTIALS pyldb python_dcerpc_misc python_dcerpc_security swig_auth
python_glue_OBJ_FILES = $(pyscriptsrcdir)/pyglue.o
plantest "$modname" "$env" $cmdline
}
-bin/smbtorture -V
-
samba4srcdir=.
samba4bindir=$samba4srcdir/bin
+smb4torture="$samba4bindir/smbtorture${EXEEXT}"
+$smb4torture -V
prefix_abs="$SELFTEST_PREFIX/s4client"
if [ -n "$SELFTEST_QUICK" ]; then
TORTURE_OPTIONS="$TORTURE_OPTIONS --option=torture:quick=yes"
fi
-smb4torture="$samba4bindir/smbtorture $TORTURE_OPTIONS"
+smb4torture="$smb4torture $TORTURE_OPTIONS"
echo "OPTIONS $TORTURE_OPTIONS"
plansmbtorturetest "$t" none ncalrpc: "$*"
done
-if test -f $samba4bindir/tdbtorture
+tdbtorture4="$samba4bindir/tdbtorture${EXEEXT}"
+if test -f $tdbtorture4
then
- plantest "tdb.stress" none $VALGRIND $samba4bindir/tdbtorture
+ plantest "tdb.stress" none $VALGRIND $tdbtorture4
fi
# Pidl tests
done
done
-if test -f $samba4bindir/nsstest
+nsstest4="$samba4bindir/nsstest${EXEEXT}"
+if test -f $nsstest4
then
- plantest "nss.test using winbind" member $VALGRIND $samba4bindir/nsstest $samba4bindir/shared/libnss_winbind.so
+ plantest "nss.test using winbind" member $VALGRIND $nsstest4 $samba4bindir/shared/libnss_winbind.so
fi
PYTHON=/usr/bin/python
#include "smbd/service.h"
#include "param/param.h"
#include "auth/session.h"
+#include "auth/auth_sam_reply.h"
#include "lib/stream/packet.h"
#include "librpc/gen_ndr/ndr_named_pipe_auth.h"
#include "system/passwd.h"
#include "samba3/samba3.h"
#include "libcli/security/security.h"
#include "torture/torture.h"
-#include "auth/session_proto.h"
+#include "auth/auth_sam_reply.h"
static bool torture_pac_self_check(struct torture_context *tctx)
{