Andrew Bartlett [Fri, 29 Jul 2011 07:01:38 +0000 (17:01 +1000)]
build: provide tevent-util as a public library
This is needed so that OpenChange can get at _tevent_req_nterr(), which is referenced
by generated PIDL output.
Andrew Bartlett
Andrew Bartlett [Mon, 8 Aug 2011 01:16:20 +0000 (11:16 +1000)]
s3-waf: Fix build on FreeBSD when sunacl.h is found
Autobuild-User: Andrew Bartlett <abartlet@samba.org>
Autobuild-Date: Mon Aug 8 04:34:35 CEST 2011 on sn-devel-104
Stefan Metzmacher [Sat, 6 Aug 2011 08:19:21 +0000 (10:19 +0200)]
s3:smb2_server: make sure we grant credits on async read/write operations (bug #8357)
Currently we skip, the "gone async" interim response on read and write,
this caused the aio code path to grant 0 credits to the client
in the read/write responses.
metze
Autobuild-User: Stefan Metzmacher <metze@samba.org>
Autobuild-Date: Sun Aug 7 22:23:57 CEST 2011 on sn-devel-104
Jelmer Vernooij [Sun, 7 Aug 2011 16:55:14 +0000 (18:55 +0200)]
sd_utils: Fix some formatting, add module docstring.
Autobuild-User: Jelmer Vernooij <jelmer@samba.org>
Autobuild-Date: Sun Aug 7 21:07:04 CEST 2011 on sn-devel-104
Jelmer Vernooij [Sun, 7 Aug 2011 15:17:18 +0000 (17:17 +0200)]
pyldb: Generate ABI file.
Jelmer Vernooij [Sun, 7 Aug 2011 15:08:56 +0000 (17:08 +0200)]
pyldb: Consistently use pyldb_ prefix.
Stefan Metzmacher [Fri, 5 Aug 2011 17:48:38 +0000 (19:48 +0200)]
s3:web/swat: use strtoll() instead of atoi/atol/atoll
This is more portable, as we have a strtoll replacement
in lib/replace.
metze
Autobuild-User: Stefan Metzmacher <metze@samba.org>
Autobuild-Date: Sat Aug 6 11:55:45 CEST 2011 on sn-devel-104
Stefan Metzmacher [Wed, 3 Aug 2011 07:15:11 +0000 (09:15 +0200)]
s4:netcmd/gpo.py: we don't need to set autogenerated attributes
metze
Matthieu Patou [Fri, 5 Aug 2011 20:55:52 +0000 (00:55 +0400)]
idl: We don't need a context for FRSRPC_COMM_PKT_CHUNK_CO_EXTENTION_2 and avoid colision on bop attribute
Autobuild-User: Matthieu Patou <mat@samba.org>
Autobuild-Date: Sat Aug 6 00:50:47 CEST 2011 on sn-devel-104
Matthieu Patou [Fri, 5 Aug 2011 19:14:03 +0000 (23:14 +0400)]
pidl: for wireshark use only the major of the version
Matthieu Patou [Fri, 5 Aug 2011 19:13:08 +0000 (23:13 +0400)]
pidl: For wireshark check also LIBNDR_FLAG_NOALIGN for not aligning
Matthieu Patou [Fri, 5 Aug 2011 19:11:47 +0000 (23:11 +0400)]
pidl: handle union when the switch variable is outside of the union for wireshark dissector
Matthieu Patou [Fri, 5 Aug 2011 19:07:57 +0000 (23:07 +0400)]
pidl: add subcontext handling for wireshark
Matthieu Patou [Fri, 5 Aug 2011 19:03:29 +0000 (23:03 +0400)]
pidl: If STR_NULLTERM we concider it's a string as well
Matthieu Patou [Tue, 2 Aug 2011 18:42:58 +0000 (22:42 +0400)]
pidl: handle hyper attribute for wireshark
Matthieu Patou [Tue, 2 Aug 2011 18:42:44 +0000 (22:42 +0400)]
pidl: handle datablob for wireshark generator
Matthieu Patou [Tue, 2 Aug 2011 07:56:51 +0000 (11:56 +0400)]
pidl: rpc version is a 32 bit
Matthieu Patou [Tue, 2 Aug 2011 07:56:32 +0000 (11:56 +0400)]
pidl: generate code for dissecting null terminated strings
Matthieu Patou [Tue, 2 Aug 2011 07:50:32 +0000 (11:50 +0400)]
pidl: don't expect to have quote when creating import headers
Currently the $_ didn't contains the quote anymore, in order to avoid
any further regression the cleanup of quote is done before so that if
$_ still have quotes we clean them in anycase.
Matthieu Patou [Thu, 4 Aug 2011 15:59:49 +0000 (19:59 +0400)]
s4-scripting: allow to specify the number max of iteration around getNcChanges
Stefan Metzmacher [Thu, 28 Jul 2011 12:15:15 +0000 (14:15 +0200)]
s3:rpc_transport_tstream: only use tstream_cli_np_use_trans() for sync requests
Currently the caller doesn't cope with multiple async requests anyway,
so this is just protection for the future.
metze
Autobuild-User: Stefan Metzmacher <metze@samba.org>
Autobuild-Date: Fri Aug 5 22:31:12 CEST 2011 on sn-devel-104
Volker Lendecke [Fri, 5 Aug 2011 14:19:27 +0000 (16:19 +0200)]
s3: Make srv_enc_ctx static
Autobuild-User: Volker Lendecke <vlendec@samba.org>
Autobuild-Date: Fri Aug 5 18:29:24 CEST 2011 on sn-devel-104
Volker Lendecke [Fri, 5 Aug 2011 14:14:11 +0000 (16:14 +0200)]
s3: Fix a debug message
Volker Lendecke [Fri, 5 Aug 2011 14:01:23 +0000 (16:01 +0200)]
s3: Fix some nonempty blank lines
Volker Lendecke [Fri, 5 Aug 2011 13:40:22 +0000 (15:40 +0200)]
s3: Fix "ISO C90 forbids mixed declarations and code"
Autobuild-User: Volker Lendecke <vlendec@samba.org>
Autobuild-Date: Fri Aug 5 16:58:37 CEST 2011 on sn-devel-104
Volker Lendecke [Fri, 5 Aug 2011 13:38:33 +0000 (15:38 +0200)]
s3: Fix some nonempty blank lines
Günther Deschner [Fri, 5 Aug 2011 10:25:52 +0000 (12:25 +0200)]
s3-docs: document --user-sidinfo wbinfo option.
Guenther
Autobuild-User: Günther Deschner <gd@samba.org>
Autobuild-Date: Fri Aug 5 14:06:09 CEST 2011 on sn-devel-104
Björn Jacke [Thu, 4 Aug 2011 21:47:47 +0000 (23:47 +0200)]
s3: make linking of pthreadpooltest work on more platforms
Autobuild-User: Björn Jacke <bj@sernet.de>
Autobuild-Date: Fri Aug 5 12:48:55 CEST 2011 on sn-devel-104
Björn Jacke [Thu, 4 Aug 2011 14:42:37 +0000 (16:42 +0200)]
s3/ldap: delay the ldap search alarm termination a bit
do the alarm termination of the the ldap search a bit delayed so the LDAP
server has a chance to tell us that the time limit was reached and the
search was abandoned. If the search is terminated this way we also get
the correct LDAP return code in the logs. If alarm() stops the search the ldap
search routine will report that the LDAP server is down which would trigger us
to rebind to the server needlessly which we also want to avoid.
Günther Deschner [Thu, 4 Aug 2011 15:32:22 +0000 (17:32 +0200)]
s3-nmbd: fix talloc/malloc mismatch in create_listen_pollfds().
Guenther
Autobuild-User: Günther Deschner <gd@samba.org>
Autobuild-Date: Thu Aug 4 19:06:39 CEST 2011 on sn-devel-104
Björn Jacke [Thu, 4 Aug 2011 14:25:08 +0000 (16:25 +0200)]
s3/swat: use strlcat instead of strncat to fix build on old Linux distros
SLES 9's glibc for example had weird macros where the use of strncat resulted
in the use of strcat which we don't allow.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User: Björn Jacke <bj@sernet.de>
Autobuild-Date: Thu Aug 4 17:50:24 CEST 2011 on sn-devel-104
Andreas Schneider [Wed, 3 Aug 2011 21:44:45 +0000 (23:44 +0200)]
s4-librpc: Fix double free.
Autobuild-User: Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date: Thu Aug 4 12:31:18 CEST 2011 on sn-devel-104
Andrew Tridgell [Thu, 4 Aug 2011 04:59:47 +0000 (14:59 +1000)]
s4-ldb: two DNs only match if they have the same deletion status
Autobuild-User: Andrew Tridgell <tridge@samba.org>
Autobuild-Date: Thu Aug 4 09:34:08 CEST 2011 on sn-devel-104
Andrew Tridgell [Thu, 4 Aug 2011 02:07:19 +0000 (12:07 +1000)]
talloc: check block count aftter references test
Pair-Programmed-With: Amitay Isaacs <amitay@gmail.com>
Andrew Tridgell [Wed, 3 Aug 2011 01:31:45 +0000 (11:31 +1000)]
s4-samdb: save the url in the samdb class
this is useful for debugging, so we know which database we are dealing
with
Pair-Programmed-With: Amitay Isaacs <amitay@gmail.com>
Andrew Tridgell [Tue, 2 Aug 2011 07:19:16 +0000 (17:19 +1000)]
s4-dsdb: extend the extended_dn_in module to handle DN links
this replaces DN components in incoming filter expressions with the
full extended DN of the target, which allows search expressions based
on <GUID=> and <SID=> DNs, as well as fixing the problem with one-way
links in search expressions
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
Andrew Tridgell [Tue, 2 Aug 2011 07:17:13 +0000 (17:17 +1000)]
ldb: rule_id in ldb_parse_tree should be const
this allows assignment to a constant string without allocation
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
Andrew Tridgell [Tue, 2 Aug 2011 07:16:44 +0000 (17:16 +1000)]
ldb: added a new always-fail ldap extended match OID
this is used when rewriting filter rules to replace a filter rule with
one that is guaranteed not to match
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
Andrew Tridgell [Tue, 2 Aug 2011 07:15:28 +0000 (17:15 +1000)]
ldb: changed DN matching rules to obey GUID/SID/string ordering
when matching two DNs, the GUID takes priority, then the SID, then the
string component
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
Pair-Programmed-With: Amitay Isaacs <amitay@gmail.com>
Andrew Tridgell [Mon, 1 Aug 2011 07:48:53 +0000 (17:48 +1000)]
s4-dsdb: handle search expressions containing extended DNs
this allows for searches like member=<SID=S-1-2-3>
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
Pair-Programmed-With: Amitay Isaacs <amitay@gmail.com>
Andrew Tridgell [Mon, 1 Aug 2011 07:47:34 +0000 (17:47 +1000)]
s4-dsdb: added dn_format attribute of a dsdb_attribute
this is faster than string comparisons during searches at runtime
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
Pair-Programmed-With: Amitay Isaacs <amitay@gmail.com>
Andrew Tridgell [Mon, 1 Aug 2011 03:55:58 +0000 (13:55 +1000)]
s4-dsdb: fixed outgoing one way link DNs
when we return a DN which is a one way link, fix the string DN
component by searching for the GUID and replacing the DN components
Pair-Programmed-With: Amitay Isaacs <amitay@gmail.com>
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
Andrew Tridgell [Mon, 1 Aug 2011 03:54:58 +0000 (13:54 +1000)]
s4-dsdb: setup a one_way_link attribute on schema attributes
this allows us to quickly determine if a DN is a one way link
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
Pair-Programmed-With: Amitay Isaacs <amitay@gmail.com>
Andrew Tridgell [Mon, 1 Aug 2011 02:40:24 +0000 (12:40 +1000)]
s4-dsdb: fixed a warning on dsdb_delete()
struct ldb_dn is never const
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
Pair-Programmed-With: Amitay Isaacs <amitay@gmail.com>
Andrew Tridgell [Mon, 1 Aug 2011 02:25:11 +0000 (12:25 +1000)]
s4-dsdb: make requests for STORAGE_FORMAT control non-critical
this allows us to use dsdb_module_dn_by_guid() from levels below the
extended_dn_out module
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
Pair-Programmed-With: Amitay Isaacs <amitay@gmail.com>
Andrew Tridgell [Wed, 3 Aug 2011 06:44:28 +0000 (16:44 +1000)]
ldb: added signatures for 1.1.2
Andrew Tridgell [Mon, 1 Aug 2011 02:24:38 +0000 (12:24 +1000)]
ldb: raise minor version
needed for new module function ldb_dn_replace_components()
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
Pair-Programmed-With: Amitay Isaacs <amitay@gmail.com>
Andrew Tridgell [Mon, 1 Aug 2011 07:46:39 +0000 (17:46 +1000)]
ldb: added ldb_parse_tree_walk()
this walks a ldb parse tree, calling a callback on each node
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
Pair-Programmed-With: Amitay Isaacs <amitay@gmail.com>
Andrew Tridgell [Mon, 1 Aug 2011 02:24:13 +0000 (12:24 +1000)]
ldb: added ldb_dn_replace_components()
this allows you to replace the string part of a DN with the string
part from another DN. This is useful when you want to fix a DN that
has the right GUID but the wrong string part, because the target
object has moved.
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
Pair-Programmed-With: Amitay Isaacs <amitay@gmail.com>
Andrew Bartlett [Wed, 3 Aug 2011 22:38:21 +0000 (08:38 +1000)]
s3-ntlmssp void function cannot return value
Removing the return is reasonable here because while no callers
currently specify more than one flag at a time, the
ntlmssp_want_feature code allows it.
Autobuild-User: Andrew Bartlett <abartlet@samba.org>
Autobuild-Date: Thu Aug 4 02:19:46 CEST 2011 on sn-devel-104
Volker Lendecke [Wed, 3 Aug 2011 18:12:20 +0000 (20:12 +0200)]
s3: Fix some nonempty blank lines
Autobuild-User: Volker Lendecke <vlendec@samba.org>
Autobuild-Date: Wed Aug 3 22:00:19 CEST 2011 on sn-devel-104
Günther Deschner [Wed, 3 Aug 2011 10:59:17 +0000 (12:59 +0200)]
s3-printing: fix some build warnings in queue_process.c
Guenther
Autobuild-User: Günther Deschner <gd@samba.org>
Autobuild-Date: Wed Aug 3 17:48:33 CEST 2011 on sn-devel-104
Andrew Bartlett [Tue, 2 Aug 2011 23:33:29 +0000 (09:33 +1000)]
ntlmssp: Add ntlmssp_blob_matches_magic()
This avoids having the same check in 3 different parts of the code
Andrew Bartlett
Autobuild-User: Andrew Bartlett <abartlet@samba.org>
Autobuild-Date: Wed Aug 3 12:45:04 CEST 2011 on sn-devel-104
Andrew Bartlett [Tue, 2 Aug 2011 23:26:55 +0000 (09:26 +1000)]
s3-ntlmssp Remove rudundent comment
This is explained where SESSION_KEY maps to SIGN at the NTLMSSP layer
Andrew Bartlett
Andrew Bartlett [Tue, 2 Aug 2011 13:17:02 +0000 (23:17 +1000)]
s3-ntlmssp Remove a level of nesting in if/else statement
Andrew Bartlett [Tue, 2 Aug 2011 03:17:24 +0000 (13:17 +1000)]
selftest: test plugin_s4_dc against all ncacn_np tests
Changes to the s3 epmapper behaviour seem to have fixed the rest of these
tests.
Andrew Bartlett
Andrew Bartlett [Tue, 2 Aug 2011 01:29:43 +0000 (11:29 +1000)]
s3-ntlmssp clarify session key behaviour after create_local_token() changes
Andrew Bartlett [Tue, 2 Aug 2011 01:28:51 +0000 (11:28 +1000)]
s3-ntlmssp Remove auth_ntlmssp_state_destructor, use the talloc tree instead
Andrew Bartlett [Mon, 1 Aug 2011 23:35:23 +0000 (09:35 +1000)]
ldb-samba: Explain the current behaviour of ldif_canonicalise_objectCategory
Andrew Bartlett [Mon, 1 Aug 2011 23:06:22 +0000 (09:06 +1000)]
s3-auth directly return the result of make_server_info_guest()
Andrew Bartlett [Mon, 1 Aug 2011 22:53:10 +0000 (08:53 +1000)]
s3-auth rename auth_ntlmssp_steal_session_info()
There is no longer any theft of memory as the underlying routines now
produce a new auth_session_info for this caller, allocating it
on the supplied memory context.
Andrew Bartlett
Andrew Bartlett [Fri, 29 Jul 2011 02:12:36 +0000 (12:12 +1000)]
selftest: print %U in smbclient -L output to allow testing
Andrew Bartlett [Wed, 27 Jul 2011 06:06:31 +0000 (16:06 +1000)]
s3-smbd Be consistent with %U subs on guest logins
The NTLMSSP code always specified "" as the username, and this makes
guest logins via the old-style session setup do the same.
Andrew Bartlett
Andrew Bartlett [Tue, 26 Jul 2011 06:17:30 +0000 (16:17 +1000)]
selftest: Add kerberos tests to plugin_s4_dc tests
Signed-off-by: Andrew Tridgell <tridge@samba.org>
Andrew Bartlett [Tue, 26 Jul 2011 05:11:47 +0000 (15:11 +1000)]
s3-auth use auth_generic_start to get full GENSEC in Samba3 session setup
This tests if the auth_generic_start() hook is available on the auth
context during the negprot, and if so it uses auth_generic_start() to
hook to GENSEC to handle the full SPNEGO blob.
Andrew Bartlett
Signed-off-by: Andrew Tridgell <tridge@samba.org>
Andrew Bartlett [Tue, 26 Jul 2011 04:40:33 +0000 (14:40 +1000)]
s3-auth Add function to start any GENSEC mech by OID
Signed-off-by: Andrew Tridgell <tridge@samba.org>
Andrew Bartlett [Tue, 26 Jul 2011 04:12:23 +0000 (14:12 +1000)]
s3-smbd clarify behaviour by not passing an OID that will not be used
Signed-off-by: Andrew Tridgell <tridge@samba.org>
Andrew Bartlett [Tue, 26 Jul 2011 04:11:56 +0000 (14:11 +1000)]
s3-smbd Ensure we do not read past the end of a possible NTLMSSP blob
Signed-off-by: Andrew Tridgell <tridge@samba.org>
Andrew Bartlett [Tue, 26 Jul 2011 03:46:25 +0000 (13:46 +1000)]
s3-auth clarify the role of these session keys
This comment can be clarified now the auth subsystem does not use the same
structure as the rest of the code.
Andrew Bartlett
Signed-off-by: Andrew Tridgell <tridge@samba.org>
Andrew Bartlett [Tue, 26 Jul 2011 03:43:33 +0000 (13:43 +1000)]
s3-auth remove sanitized_username from auth_serversupplied_info
This structure element was only written to, not read.
It is filled into the companion structure, auth_session_info()
by create_local_token().
Andrew Bartlett
Signed-off-by: Andrew Tridgell <tridge@samba.org>
Andrew Bartlett [Tue, 26 Jul 2011 03:37:36 +0000 (13:37 +1000)]
s3-auth set session_info->sanitized_username in create_local_token()
Rather than passing this value around the callers, and eventually
setting it in register_existing_vuid(), we simply pass it to
create_local_token(). This also removes the need for
auth_ntlmssp_get_username().
Andrew Bartlett
Signed-off-by: Andrew Tridgell <tridge@samba.org>
Andrew Bartlett [Tue, 26 Jul 2011 00:19:54 +0000 (10:19 +1000)]
s3-ntlmssp Split auth_ntlmssp_start into two functions
This helps map on to the GENSEC semantics better, and ensures that the
full set of desired features are set before the mechanism starts.
Andrew Bartlett
Signed-off-by: Andrew Tridgell <tridge@samba.org>
Andrew Bartlett [Tue, 26 Jul 2011 00:01:39 +0000 (10:01 +1000)]
s3-ntlmssp Split calls to gensec plugin into prepare and start
GENSEC has the concept of starting the GENSEC subsystem before starting the
actual mechansim. Between these two stages is when most context methods
are called, to specify credentials and features.
Andrew Bartlett
Signed-off-by: Andrew Tridgell <tridge@samba.org>
Andrew Bartlett [Mon, 25 Jul 2011 07:20:45 +0000 (17:20 +1000)]
gensec: Don't keep a second copy of the auth4_context in gensec_ntlmssp_state
The auth4_context is already in the gensec_security structure, which is
available by de-reference here anyway.
Andrew Bartlett
Signed-off-by: Andrew Tridgell <tridge@samba.org>
Andrew Bartlett [Wed, 27 Jul 2011 03:52:27 +0000 (13:52 +1000)]
s3-ntlmssp Remove auth_ntlmssp_and_flags()
There is no need to mask out these flags as they simply are not set
yet.
The correct abstraction is to ask for NTLMSSP features.
Andrew Bartlett
Signed-off-by: Andrew Tridgell <tridge@samba.org>
Andrew Bartlett [Mon, 25 Jul 2011 01:21:31 +0000 (11:21 +1000)]
s3-ntlmssp Remove rpccli_get_pwd_hash and auth_ntlmssp_get_nt_hash
The session key we want here (the only one that is availble to the
encryption layer) is the one obtained by cli_get_session_key(), as
NTLMSSP creates a per-session session key via key exchange and NTLMv2
negotiation.
The key was never directly the NT hash anyway (this is simply a
mistake, the extra MD4() was lost during my previous cleanup
f28f113d8e76824b080359c90efd9c92de533740 in 2008), but was MD4(NT
hash) in early implementations of NTLMSSP.
However, regardless this call is not available on domain trusts
between AD domains and Windows 2003 R2, making this less useful.
Andrew Bartlett
Signed-off-by: Andrew Tridgell <tridge@samba.org>
Andrew Bartlett [Fri, 22 Jul 2011 02:32:15 +0000 (12:32 +1000)]
selftest: Test encrypted RPC pipes against plugin_s4_dc
Signed-off-by: Andrew Tridgell <tridge@samba.org>
Andrew Bartlett [Thu, 21 Jul 2011 22:03:56 +0000 (08:03 +1000)]
selftest: use the s4 winbindd in plugin_s4_dc test
Signed-off-by: Andrew Tridgell <tridge@samba.org>
Andrew Bartlett [Thu, 21 Jul 2011 04:48:59 +0000 (14:48 +1000)]
s3-auth Add hook to start a GENSEC mech to auth_samba4
Signed-off-by: Andrew Tridgell <tridge@samba.org>
Andrew Bartlett [Fri, 22 Jul 2011 02:15:06 +0000 (12:15 +1000)]
s3-ntlmssp Remove auth_ntlmssp_or_flags
We now just use auth_ntlmssp_want_feature to get extra flags
on the NTLMSSP context
Andrew Bartlett
Signed-off-by: Andrew Tridgell <tridge@samba.org>
Andrew Bartlett [Fri, 22 Jul 2011 02:10:30 +0000 (12:10 +1000)]
s3-ntlmssp Remove calls to auth_ntlmssp_and_flags from the server
This is changed so that the callers ask for the additional flags
that they need, starting with no additional flags.
This helps to create a proper abstraction layer in
ntlmssp_wrap/auth_ntlmssp.
Andrew Bartlett
Signed-off-by: Andrew Tridgell <tridge@samba.org>
Andrew Bartlett [Tue, 26 Jul 2011 07:20:35 +0000 (17:20 +1000)]
s3-ntlmssp Add mem_ctx argument to auth_ntlmssp_update
This clarifies the lifetime of the returned token.
Andrew Bartlett
Signed-off-by: Andrew Tridgell <tridge@samba.org>
Andrew Bartlett [Wed, 27 Jul 2011 03:35:01 +0000 (13:35 +1000)]
s3-ntlmssp NTLMSSP sealing implies signing, so set both flags
Signed-off-by: Andrew Tridgell <tridge@samba.org>
Andrew Bartlett [Wed, 27 Jul 2011 03:34:34 +0000 (13:34 +1000)]
s3-ntlmssp Add hooks to optionally call into GENSEC in auth_ntlmssp
This allows the current behaviour of the NTLMSSP code to be unchanged
while adding a way to hook in an alternate implementation via an auth
module.
Andrew Bartlett
Signed-off-by: Andrew Tridgell <tridge@samba.org>
Andrew Bartlett [Tue, 2 Aug 2011 00:24:28 +0000 (10:24 +1000)]
s3-ntlmssp Add mem_ctx argument to auth_ntlmssp_get_session_key()
Andrew Bartlett [Thu, 21 Jul 2011 04:27:00 +0000 (14:27 +1000)]
s3-auth Allow auth modules to provide an initialised GENSEC context
This will allow auth plugins such as auth_samba4 to provide an initialised
GENSEC context to auth subsystem callers.
Andrew Bartlett
Signed-off-by: Andrew Tridgell <tridge@samba.org>
Andrew Bartlett [Thu, 21 Jul 2011 09:13:59 +0000 (19:13 +1000)]
s3-ntlmssp Use auth_ntlmssp_*() functions in more places
This allows auth_ntlmssp_get_ntlmssp_state() to be removed.
Andrew Bartlett
Signed-off-by: Andrew Tridgell <tridge@samba.org>
Andrew Bartlett [Fri, 22 Jul 2011 01:41:46 +0000 (11:41 +1000)]
s3-ntlmssp Remove unused auth_ntlmssp_get_domain()
Signed-off-by: Andrew Tridgell <tridge@samba.org>
Andrew Bartlett [Thu, 21 Jul 2011 09:30:28 +0000 (19:30 +1000)]
s3-ntlmssp Remove unused auth_ntlmssp_get_client
Signed-off-by: Andrew Tridgell <tridge@samba.org>
Andrew Bartlett [Thu, 21 Jul 2011 09:29:10 +0000 (19:29 +1000)]
s3-rpc_server use session_info to print user details
This is the authoritative source for what the user was actually
authenticated as.
The previous message printed only what they claimed, and the DC might
map this.
The workstation is no longer printed in the logs, as it allows
auth_ntlmssp_get_client() to be removed.
Andrew Bartlett
Signed-off-by: Andrew Tridgell <tridge@samba.org>
Andrew Bartlett [Wed, 27 Jul 2011 03:20:59 +0000 (13:20 +1000)]
s3-auth Use else if in do_map_to_guest_server_info
This means we can't ever call make_server_info_guest() twice.
Andrew Bartlett
Signed-off-by: Andrew Tridgell <tridge@samba.org>
Andrew Bartlett [Fri, 22 Jul 2011 01:33:52 +0000 (11:33 +1000)]
s3-auth Move map to guest to directly after the check_password calls
This means we no longer need two different map to guest functions
and have consistent logic with fewer layering violations.
Andrew Bartlett
Signed-off-by: Andrew Tridgell <tridge@samba.org>
Andrew Bartlett [Mon, 1 Aug 2011 05:39:01 +0000 (15:39 +1000)]
gensec: clarify memory ownership for gensec_session_info() and gensec_session_key()
This is slightly less efficient, because we no longer keep a cache on
the gensec structures, but much clearer in terms of memory ownership.
Both gensec_session_info() and gensec_session_key() now take a mem_ctx
and put the result only on that context.
Some duplication of memory in the callers (who were rightly uncertain
about who was the rightful owner of the returned memory) has been
removed to compensate for the internal copy.
Andrew Bartlett
Andrew Bartlett [Thu, 21 Jul 2011 09:10:15 +0000 (19:10 +1000)]
gensec: Remove mem_ctx from calls that do not return memory
Signed-off-by: Andrew Tridgell <tridge@samba.org>
Andrew Bartlett [Thu, 21 Jul 2011 03:20:26 +0000 (13:20 +1000)]
gensec: split GENSEC into mechanism-dependent and runtime functions
The startup and runtime functions that have no dependencies are moved
into the top level.
Andrew Bartlett
Signed-off-by: Andrew Tridgell <tridge@samba.org>
Stefan Metzmacher [Tue, 2 Aug 2011 20:58:57 +0000 (22:58 +0200)]
s3:libsmb/clifile: make use of cli_set_timeout()
metze
Autobuild-User: Stefan Metzmacher <metze@samba.org>
Autobuild-Date: Wed Aug 3 10:16:18 CEST 2011 on sn-devel-104
Stefan Metzmacher [Tue, 2 Aug 2011 20:56:52 +0000 (22:56 +0200)]
s3:cli_np_tstream: make use of cli_set_timeout()
metze
Stefan Metzmacher [Tue, 2 Aug 2011 20:55:32 +0000 (22:55 +0200)]
s3:torture: make use of cli_set_timeout()
metze
Stefan Metzmacher [Tue, 2 Aug 2011 20:55:00 +0000 (22:55 +0200)]
s3:winbindd_cm: make use of cli_set_timeout()
metze
Stefan Metzmacher [Tue, 2 Aug 2011 20:54:28 +0000 (22:54 +0200)]
s3:libsmb/clidfs: make use of cli_state_encryption_on()
metze