source/build/smb_build/config.pm
source/auth/auth_proto.h
source/auth/auth_sam.h
-source/auth/pam_errors.h
source/auth/credentials/credentials_proto.h
source/auth/gensec/gensec_proto.h
source/auth/gensec/schannel_proto.h
source/mkconfig.mk
source/data.mk
source/librpc/idl-deps
+source/libcli/netlogon_proto.h
+source/libcli/ndr_netlogon_proto.h
+source/foo.tdb
+source/gentest_seeds.dat
+source/templates.ldb
+source/torture.tdb
method 1: "rsync -avz samba.org::ftp/unpacked/samba_4_0_test/ samba4"
- method 2: "git clone git://git.samba.org/samba.git samba4; cd samba4; git checkout v4-0-test; cd .."
+ method 2: "git clone git://git.samba.org/samba.git samba4; cd samba4 && git checkout -b v4-0-test origin/v4-0-test; cd .."
both methods will create a directory called "samba4" in the current
directory. If you don't have rsync or git then install one of them.
include mkconfig.mk
+pidldir := $(srcdir)/pidl
+
VPATH = $(builddir):$(srcdir):heimdal_build:heimdal/lib/asn1:heimdal/lib/krb5:heimdal/lib/gssapi:heimdal/lib/hdb:heimdal/lib/roken:heimdal/lib/des
BASEDIR = $(prefix)
.DEFAULT_GOAL := all
ifneq ($(automatic_dependencies),yes)
-ALL_PREDEP = proto
+ALL_PREDEP = basics
.NOTPARALLEL:
endif
.DEFAULT_GOAL := all
ifneq ($(automatic_dependencies),yes)
-ALL_PREDEP = proto
+ALL_PREDEP = basics
.NOTPARALLEL:
endif
# This file was automatically generated by SWIG (http://www.swig.org).
-# Version 1.3.33
+# Version 1.3.35
#
# Don't modify this file, modify the SWIG interface instead.
+++ /dev/null
-/*
- Unix SMB/CIFS implementation.
- Authenticate to a remote server
- Copyright (C) Andrew Tridgell 1992-1998
- Copyright (C) Andrew Bartlett 2001
-
- This program is free software; you can redistribute it and/or modify
- it under the terms of the GNU General Public License as published by
- the Free Software Foundation; either version 3 of the License, or
- (at your option) any later version.
-
- This program is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- GNU General Public License for more details.
-
- You should have received a copy of the GNU General Public License
- along with this program. If not, see <http://www.gnu.org/licenses/>.
-*/
-
-#include "includes.h"
-
-/****************************************************************************
- Support for server level security.
-****************************************************************************/
-
-static struct smbcli_state *server_cryptkey(TALLOC_CTX *mem_ctx, bool unicode, int maxprotocol, struct resolve_context *resolve_ctx)
-{
- struct smbcli_state *cli = NULL;
- fstring desthost;
- struct in_addr dest_ip;
- const char *p;
- char *pserver;
- bool connected_ok = false;
-
- if (!(cli = smbcli_initialise(cli)))
- return NULL;
-
- /* security = server just can't function with spnego */
- cli->use_spnego = false;
-
- pserver = talloc_strdup(mem_ctx, lp_passwordserver());
- p = pserver;
-
- while(next_token( &p, desthost, LIST_SEP, sizeof(desthost))) {
- strupper(desthost);
-
- if(!resolve_name(resolve_ctx, desthost, &dest_ip, 0x20)) {
- DEBUG(1,("server_cryptkey: Can't resolve address for %s\n",desthost));
- continue;
- }
-
- if (ismyip(dest_ip)) {
- DEBUG(1,("Password server loop - disabling password server %s\n",desthost));
- continue;
- }
-
- /* we use a mutex to prevent two connections at once - when a
- Win2k PDC get two connections where one hasn't completed a
- session setup yet it will send a TCP reset to the first
- connection (tridge) */
-
- if (!grab_server_mutex(desthost)) {
- return NULL;
- }
-
- if (smbcli_connect(cli, desthost, &dest_ip)) {
- DEBUG(3,("connected to password server %s\n",desthost));
- connected_ok = true;
- break;
- }
- }
-
- if (!connected_ok) {
- release_server_mutex();
- DEBUG(0,("password server not available\n"));
- talloc_free(cli);
- return NULL;
- }
-
- if (!attempt_netbios_session_request(cli, lp_netbios_name(),
- desthost, &dest_ip)) {
- release_server_mutex();
- DEBUG(1,("password server fails session request\n"));
- talloc_free(cli);
- return NULL;
- }
-
- if (strequal(desthost,myhostname(mem_ctx))) {
- exit_server("Password server loop!");
- }
-
- DEBUG(3,("got session\n"));
-
- if (!smbcli_negprot(cli, unicode, maxprotocol)) {
- DEBUG(1,("%s rejected the negprot\n",desthost));
- release_server_mutex();
- talloc_free(cli);
- return NULL;
- }
-
- if (cli->protocol < PROTOCOL_LANMAN2 ||
- !(cli->sec_mode & NEGOTIATE_SECURITY_USER_LEVEL)) {
- DEBUG(1,("%s isn't in user level security mode\n",desthost));
- release_server_mutex();
- talloc_free(cli);
- return NULL;
- }
-
- /* Get the first session setup done quickly, to avoid silly
- Win2k bugs. (The next connection to the server will kill
- this one...
- */
-
- if (!smbcli_session_setup(cli, "", "", 0, "", 0,
- "")) {
- DEBUG(0,("%s rejected the initial session setup (%s)\n",
- desthost, smbcli_errstr(cli)));
- release_server_mutex();
- talloc_free(cli);
- return NULL;
- }
-
- release_server_mutex();
-
- DEBUG(3,("password server OK\n"));
-
- return cli;
-}
-
-/****************************************************************************
- Clean up our allocated cli.
-****************************************************************************/
-
-static void free_server_private_data(void **private_data_pointer)
-{
- struct smbcli_state **cli = (struct smbcli_state **)private_data_pointer;
- if (*cli && (*cli)->initialised) {
- talloc_free(*cli);
- }
-}
-
-/****************************************************************************
- Get the challenge out of a password server.
-****************************************************************************/
-
-static DATA_BLOB auth_get_challenge_server(const struct auth_context *auth_context,
- void **my_private_data,
- TALLOC_CTX *mem_ctx)
-{
- struct smbcli_state *cli = server_cryptkey(mem_ctx, lp_cli_maxprotocol(auth_context->lp_ctx));
-
- if (cli) {
- DEBUG(3,("using password server validation\n"));
-
- if ((cli->sec_mode & NEGOTIATE_SECURITY_CHALLENGE_RESPONSE) == 0) {
- /* We can't work with unencrypted password servers
- unless 'encrypt passwords = no' */
- DEBUG(5,("make_auth_info_server: Server is unencrypted, no challenge available..\n"));
-
- /* However, it is still a perfectly fine connection
- to pass that unencrypted password over */
- *my_private_data = (void *)cli;
- return data_blob(NULL, 0);
-
- } else if (cli->secblob.length < 8) {
- /* We can't do much if we don't get a full challenge */
- DEBUG(2,("make_auth_info_server: Didn't receive a full challenge from server\n"));
- talloc_free(cli);
- return data_blob(NULL, 0);
- }
-
- *my_private_data = (void *)cli;
-
- /* The return must be allocated on the caller's mem_ctx, as our own will be
- destoyed just after the call. */
- return data_blob_talloc(auth_context->mem_ctx, cli->secblob.data,8);
- } else {
- return data_blob(NULL, 0);
- }
-}
-
-
-/****************************************************************************
- Check for a valid username and password in security=server mode.
- - Validate a password with the password server.
-****************************************************************************/
-
-static NTSTATUS check_smbserver_security(const struct auth_context *auth_context,
- void *my_private_data,
- TALLOC_CTX *mem_ctx,
- const auth_usersupplied_info *user_info,
- auth_serversupplied_info **server_info)
-{
- struct smbcli_state *cli;
- static uint8_t badpass[24];
- static fstring baduser;
- static bool tested_password_server = false;
- static bool bad_password_server = false;
- NTSTATUS nt_status = NT_STATUS_LOGON_FAILURE;
- bool locally_made_cli = false;
-
- /*
- * Check that the requested domain is not our own machine name.
- * If it is, we should never check the PDC here, we use our own local
- * password file.
- */
-
- if (lp_is_myname(auth_context->lp_ctx, user_info->domain.str)) {
- DEBUG(3,("check_smbserver_security: Requested domain was for this machine.\n"));
- return NT_STATUS_LOGON_FAILURE;
- }
-
- cli = my_private_data;
-
- if (cli) {
- } else {
- cli = server_cryptkey(mem_ctx, lp_unicode(auth_context->lp_ctx), lp_cli_maxprotocol(auth_context->lp_ctx), lp_resolve_context(auth_context->lp_ctx));
- locally_made_cli = true;
- }
-
- if (!cli || !cli->initialised) {
- DEBUG(1,("password server is not connected (cli not initilised)\n"));
- return NT_STATUS_LOGON_FAILURE;
- }
-
- if ((cli->sec_mode & NEGOTIATE_SECURITY_CHALLENGE_RESPONSE) == 0) {
- if (user_info->encrypted) {
- DEBUG(1,("password server %s is plaintext, but we are encrypted. This just can't work :-(\n", cli->desthost));
- return NT_STATUS_LOGON_FAILURE;
- }
- } else {
- if (memcmp(cli->secblob.data, auth_context->challenge.data, 8) != 0) {
- DEBUG(1,("the challenge that the password server (%s) supplied us is not the one we gave our client. This just can't work :-(\n", cli->desthost));
- return NT_STATUS_LOGON_FAILURE;
- }
- }
-
- if(badpass[0] == 0)
- memset(badpass, 0x1f, sizeof(badpass));
-
- if((user_info->nt_resp.length == sizeof(badpass)) &&
- !memcmp(badpass, user_info->nt_resp.data, sizeof(badpass))) {
- /*
- * Very unlikely, our random bad password is the same as the users
- * password.
- */
- memset(badpass, badpass[0]+1, sizeof(badpass));
- }
-
- if(baduser[0] == 0) {
- fstrcpy(baduser, INVALID_USER_PREFIX);
- fstrcat(baduser, lp_netbios_name());
- }
-
- /*
- * Attempt a session setup with a totally incorrect password.
- * If this succeeds with the guest bit *NOT* set then the password
- * server is broken and is not correctly setting the guest bit. We
- * need to detect this as some versions of NT4.x are broken. JRA.
- */
-
- /* I sure as hell hope that there aren't servers out there that take
- * NTLMv2 and have this bug, as we don't test for that...
- * - abartlet@samba.org
- */
-
- if ((!tested_password_server) && (lp_paranoid_server_security())) {
- if (smbcli_session_setup(cli, baduser, (char *)badpass, sizeof(badpass),
- (char *)badpass, sizeof(badpass), user_info->domain.str)) {
-
- /*
- * We connected to the password server so we
- * can say we've tested it.
- */
- tested_password_server = true;
-
- if ((SVAL(cli->inbuf,smb_vwv2) & 1) == 0) {
- DEBUG(0,("server_validate: password server %s allows users as non-guest \
-with a bad password.\n", cli->desthost));
- DEBUG(0,("server_validate: This is broken (and insecure) behaviour. Please do not \
-use this machine as the password server.\n"));
- smbcli_ulogoff(cli);
-
- /*
- * Password server has the bug.
- */
- bad_password_server = true;
- return NT_STATUS_LOGON_FAILURE;
- }
- smbcli_ulogoff(cli);
- }
- } else {
-
- /*
- * We have already tested the password server.
- * Fail immediately if it has the bug.
- */
-
- if(bad_password_server) {
- DEBUG(0,("server_validate: [1] password server %s allows users as non-guest \
-with a bad password.\n", cli->desthost));
- DEBUG(0,("server_validate: [1] This is broken (and insecure) behaviour. Please do not \
-use this machine as the password server.\n"));
- return NT_STATUS_LOGON_FAILURE;
- }
- }
-
- /*
- * Now we know the password server will correctly set the guest bit, or is
- * not guest enabled, we can try with the real password.
- */
-
- if (!user_info->encrypted) {
- /* Plaintext available */
- if (!smbcli_session_setup(cli, user_info->smb_name.str,
- (char *)user_info->plaintext_password.data,
- user_info->plaintext_password.length,
- NULL, 0,
- user_info->domain.str)) {
- DEBUG(1,("password server %s rejected the password\n", cli->desthost));
- /* Make this smbcli_nt_error() when the conversion is in */
- nt_status = smbcli_nt_error(cli);
- } else {
- nt_status = NT_STATUS_OK;
- }
- } else {
- if (!smbcli_session_setup(cli, user_info->smb_name.str,
- (char *)user_info->lm_resp.data,
- user_info->lm_resp.length,
- (char *)user_info->nt_resp.data,
- user_info->nt_resp.length,
- user_info->domain.str)) {
- DEBUG(1,("password server %s rejected the password\n", cli->desthost));
- /* Make this smbcli_nt_error() when the conversion is in */
- nt_status = smbcli_nt_error(cli);
- } else {
- nt_status = NT_STATUS_OK;
- }
- }
-
- /* if logged in as guest then reject */
- if ((SVAL(cli->inbuf,smb_vwv2) & 1) != 0) {
- DEBUG(1,("password server %s gave us guest only\n", cli->desthost));
- nt_status = NT_STATUS_LOGON_FAILURE;
- }
-
- smbcli_ulogoff(cli);
-
- if NT_STATUS_IS_OK(nt_status) {
- struct passwd *pass = Get_Pwnam(user_info->internal_username.str);
- if (pass) {
- nt_status = make_server_info_pw(auth_context, server_info, pass);
- } else {
- nt_status = NT_STATUS_NO_SUCH_USER;
- }
- }
-
- if (locally_made_cli) {
- talloc_free(cli);
- }
-
- return(nt_status);
-}
-
-NTSTATUS auth_init_smbserver(struct auth_context *auth_context, const char* param, auth_methods **auth_method)
-{
- if (!make_auth_methods(auth_context, auth_method)) {
- return NT_STATUS_NO_MEMORY;
- }
- (*auth_method)->name = "smbserver";
- (*auth_method)->auth = check_smbserver_security;
- (*auth_method)->get_chal = auth_get_challenge_server;
- (*auth_method)->send_keepalive = send_server_keepalive;
- (*auth_method)->free_private_data = free_server_private_data;
- return NT_STATUS_OK;
-}
/* ----------------------------------------------------------------------------
* This file was automatically generated by SWIG (http://www.swig.org).
- * Version 1.3.33
+ * Version 1.3.35
*
* This file is not intended to be easily readable and contains a number of
* coding conventions designed to improve portability and efficiency. Do not make
/* This should only be incremented when either the layout of swig_type_info changes,
or for whatever reason, the runtime changes incompatibly */
-#define SWIG_RUNTIME_VERSION "3"
+#define SWIG_RUNTIME_VERSION "4"
/* define SWIG_TYPE_TABLE_NAME as "SWIG_TYPE_TABLE" */
#ifdef SWIG_TYPE_TABLE
/* Flags for pointer conversions */
#define SWIG_POINTER_DISOWN 0x1
+#define SWIG_CAST_NEW_MEMORY 0x2
/* Flags for new pointer objects */
#define SWIG_POINTER_OWN 0x1
extern "C" {
#endif
-typedef void *(*swig_converter_func)(void *);
+typedef void *(*swig_converter_func)(void *, int *);
typedef struct swig_type_info *(*swig_dycast_func)(void **);
-/* Structure to store inforomation on one type */
+/* Structure to store information on one type */
typedef struct swig_type_info {
const char *name; /* mangled name of this type */
const char *str; /* human readable name of this type */
Cast a pointer up an inheritance hierarchy
*/
SWIGRUNTIMEINLINE void *
-SWIG_TypeCast(swig_cast_info *ty, void *ptr) {
- return ((!ty) || (!ty->converter)) ? ptr : (*ty->converter)(ptr);
+SWIG_TypeCast(swig_cast_info *ty, void *ptr, int *newmemory) {
+ return ((!ty) || (!ty->converter)) ? ptr : (*ty->converter)(ptr, newmemory);
}
/*
Py_DECREF(old_str);
Py_DECREF(value);
} else {
- PyErr_Format(PyExc_RuntimeError, mesg);
+ PyErr_SetString(PyExc_RuntimeError, mesg);
}
}
{
PySwigObject *sobj = (PySwigObject *) v;
PyObject *next = sobj->next;
- if (sobj->own) {
+ if (sobj->own == SWIG_POINTER_OWN) {
swig_type_info *ty = sobj->ty;
PySwigClientData *data = ty ? (PySwigClientData *) ty->clientdata : 0;
PyObject *destroy = data ? data->destroy : 0;
res = ((*meth)(mself, v));
}
Py_XDECREF(res);
- } else {
- const char *name = SWIG_TypePrettyName(ty);
+ }
#if !defined(SWIG_PYTHON_SILENT_MEMLEAK)
- printf("swig/python detected a memory leak of type '%s', no destructor found.\n", name);
-#endif
+ else {
+ const char *name = SWIG_TypePrettyName(ty);
+ printf("swig/python detected a memory leak of type '%s', no destructor found.\n", (name ? name : "unknown"));
}
+#endif
}
Py_XDECREF(next);
PyObject_DEL(v);
SWIGRUNTIME int
SWIG_Python_AcquirePtr(PyObject *obj, int own) {
- if (own) {
+ if (own == SWIG_POINTER_OWN) {
PySwigObject *sobj = SWIG_Python_GetSwigThis(obj);
if (sobj) {
int oldown = sobj->own;
return SWIG_OK;
} else {
PySwigObject *sobj = SWIG_Python_GetSwigThis(obj);
+ if (own)
+ *own = 0;
while (sobj) {
void *vptr = sobj->ptr;
if (ty) {
if (!tc) {
sobj = (PySwigObject *)sobj->next;
} else {
- if (ptr) *ptr = SWIG_TypeCast(tc,vptr);
+ if (ptr) {
+ int newmemory = 0;
+ *ptr = SWIG_TypeCast(tc,vptr,&newmemory);
+ if (newmemory == SWIG_CAST_NEW_MEMORY) {
+ assert(own);
+ if (own)
+ *own = *own | SWIG_CAST_NEW_MEMORY;
+ }
+ }
break;
}
}
}
}
if (sobj) {
- if (own) *own = sobj->own;
+ if (own)
+ *own = *own | sobj->own;
if (flags & SWIG_POINTER_DISOWN) {
sobj->own = 0;
}
}
if (ty) {
swig_cast_info *tc = SWIG_TypeCheck(desc,ty);
- if (!tc) return SWIG_ERROR;
- *ptr = SWIG_TypeCast(tc,vptr);
+ if (tc) {
+ int newmemory = 0;
+ *ptr = SWIG_TypeCast(tc,vptr,&newmemory);
+ assert(!newmemory); /* newmemory handling not yet implemented */
+ } else {
+ return SWIG_ERROR;
+ }
} else {
*ptr = vptr;
}
#define SWIG_name "_auth"
-#define SWIGVERSION 0x010333
+#define SWIGVERSION 0x010335
#define SWIG_VERSION SWIGVERSION
SWIG_InitializeModule(void *clientdata) {
size_t i;
swig_module_info *module_head, *iter;
- int found;
+ int found, init;
clientdata = clientdata;
swig_module.type_initial = swig_type_initial;
swig_module.cast_initial = swig_cast_initial;
swig_module.next = &swig_module;
+ init = 1;
+ } else {
+ init = 0;
}
/* Try and load any already created modules */
module_head->next = &swig_module;
}
+ /* When multiple interpeters are used, a module could have already been initialized in
+ a different interpreter, but not yet have a pointer in this interpreter.
+ In this case, we do not want to continue adding types... everything should be
+ set up already */
+ if (init == 0) return;
+
/* Now work on filling in swig_module.types */
#ifdef SWIGRUNTIME_DEBUG
printf("SWIG_InitializeModule: size %d\n", swig_module.size);
# auth server subsystem
+gensecsrcdir := $(authsrcdir)/gensec
mkinclude gensec/config.mk
mkinclude kerberos/config.mk
mkinclude ntlmssp/config.mk
+mkinclude ntlm/config.mk
mkinclude credentials/config.mk
[SUBSYSTEM::auth_session]
-PRIVATE_PROTO_HEADER = session_proto.h
PUBLIC_DEPENDENCIES = CREDENTIALS
-# PUBLIC_HEADERS += auth/session.h
+PUBLIC_HEADERS += $(authsrcdir)/session.h
-auth_session_OBJ_FILES = $(addprefix auth/, session.o)
+auth_session_OBJ_FILES = $(addprefix $(authsrcdir)/, session.o)
+
+$(eval $(call proto_header_template,$(authsrcdir)/session_proto.h,$(auth_session_OBJ_FILES:.o=.c)))
[SUBSYSTEM::auth_system_session]
-PRIVATE_PROTO_HEADER = system_session_proto.h
PUBLIC_DEPENDENCIES = CREDENTIALS
PRIVATE_DEPENDENCIES = auth_session LIBSAMBA-UTIL LIBSECURITY
-auth_system_session_OBJ_FILES = $(addprefix auth/, system_session.o)
+auth_system_session_OBJ_FILES = $(addprefix $(authsrcdir)/, system_session.o)
+$(eval $(call proto_header_template,$(authsrcdir)/system_session_proto.h,$(auth_system_session_OBJ_FILES:.o=.c)))
[SUBSYSTEM::auth_sam]
-PRIVATE_PROTO_HEADER = auth_sam.h
PUBLIC_DEPENDENCIES = SAMDB UTIL_LDB LIBSECURITY
PRIVATE_DEPENDENCIES = LDAP_ENCODE
-auth_sam_OBJ_FILES = $(addprefix auth/, sam.o ntlm_check.o)
+auth_sam_OBJ_FILES = $(addprefix $(authsrcdir)/, sam.o)
+
+$(eval $(call proto_header_template,$(authsrcdir)/auth_sam.h,$(auth_sam_OBJ_FILES:.o=.c)))
[SUBSYSTEM::auth_sam_reply]
-PRIVATE_PROTO_HEADER = auth_sam_reply.h
-
-auth_sam_reply_OBJ_FILES = $(addprefix auth/, auth_sam_reply.o)
-
-#######################
-# Start MODULE auth_sam
-[MODULE::auth_sam_module]
-# gensec_krb5 and gensec_gssapi depend on it
-INIT_FUNCTION = auth_sam_init
-SUBSYSTEM = auth
-PRIVATE_DEPENDENCIES = \
- SAMDB auth_sam
-# End MODULE auth_sam
-#######################
-
-auth_sam_module_OBJ_FILES = $(addprefix auth/, auth_sam.o)
-
-#######################
-# Start MODULE auth_anonymous
-[MODULE::auth_anonymous]
-INIT_FUNCTION = auth_anonymous_init
-SUBSYSTEM = auth
-# End MODULE auth_anonymous
-#######################
-
-auth_anonymous_OBJ_FILES = $(addprefix auth/, auth_anonymous.o)
-
-#######################
-# Start MODULE auth_winbind
-[MODULE::auth_winbind]
-INIT_FUNCTION = auth_winbind_init
-SUBSYSTEM = auth
-PRIVATE_DEPENDENCIES = NDR_WINBIND MESSAGING LIBWINBIND-CLIENT
-# End MODULE auth_winbind
-#######################
-
-auth_winbind_OBJ_FILES = $(addprefix auth/, auth_winbind.o)
-
-#######################
-# Start MODULE auth_developer
-[MODULE::auth_developer]
-INIT_FUNCTION = auth_developer_init
-SUBSYSTEM = auth
-# End MODULE auth_developer
-#######################
-
-auth_developer_OBJ_FILES = $(addprefix auth/, auth_developer.o)
-
-[MODULE::auth_unix]
-INIT_FUNCTION = auth_unix_init
-SUBSYSTEM = auth
-PRIVATE_DEPENDENCIES = CRYPT PAM PAM_ERRORS NSS_WRAPPER
-
-auth_unix_OBJ_FILES = $(addprefix auth/, auth_unix.o)
-
-[SUBSYSTEM::PAM_ERRORS]
-PRIVATE_PROTO_HEADER = pam_errors.h
-
-#VERSION = 0.0.1
-#SO_VERSION = 0
-PAM_ERRORS_OBJ_FILES = $(addprefix auth/, pam_errors.o)
-
-[MODULE::auth]
-INIT_FUNCTION = server_service_auth_init
-SUBSYSTEM = service
-PRIVATE_PROTO_HEADER = auth_proto.h
-PRIVATE_DEPENDENCIES = LIBSAMBA-UTIL LIBSECURITY SAMDB CREDENTIALS
-
-auth_OBJ_FILES = $(addprefix auth/, auth.o auth_util.o auth_simple.o)
-
-# PUBLIC_HEADERS += auth/auth.h
+
+auth_sam_reply_OBJ_FILES = $(addprefix $(authsrcdir)/, auth_sam_reply.o)
+
+$(eval $(call proto_header_template,$(authsrcdir)/auth_sam_reply.h,$(auth_sam_reply_OBJ_FILES:.o=.c)))
[PYTHON::swig_auth]
+LIBRARY_REALNAME = samba/_auth.$(SHLIBEXT)
PUBLIC_DEPENDENCIES = auth_system_session
PRIVATE_DEPENDENCIES = SAMDB
-SWIG_FILE = auth.i
-swig_auth_OBJ_FILES = auth/auth_wrap.o
+$(eval $(call python_py_module_template,samba/auth.py,$(authsrcdir)/auth.py))
+
+swig_auth_OBJ_FILES = $(authsrcdir)/auth_wrap.o
+
+$(swig_auth_OBJ_FILES): CFLAGS+=$(CFLAG_NO_UNUSED_MACROS) $(CFLAG_NO_CAST_QUAL)
#################################
# Start SUBSYSTEM CREDENTIALS
[SUBSYSTEM::CREDENTIALS]
-PRIVATE_PROTO_HEADER = credentials_proto.h
PUBLIC_DEPENDENCIES = \
LIBCLI_AUTH SECRETS LIBCRYPTO KERBEROS UTIL_LDB HEIMDAL_GSSAPI
PRIVATE_DEPENDENCIES = \
SECRETS
-CREDENTIALS_OBJ_FILES = $(addprefix auth/credentials/, credentials.o credentials_files.o credentials_ntlm.o credentials_krb5.o ../kerberos/kerberos_util.o)
-PUBLIC_HEADERS += auth/credentials/credentials.h
+CREDENTIALS_OBJ_FILES = $(addprefix $(authsrcdir)/credentials/, credentials.o credentials_files.o credentials_ntlm.o credentials_krb5.o ../kerberos/kerberos_util.o)
+
+$(eval $(call proto_header_template,$(authsrcdir)/credentials/credentials_proto.h,$(CREDENTIALS_OBJ_FILES:.o=.c)))
+
+PUBLIC_HEADERS += $(authsrcdir)/credentials/credentials.h
[PYTHON::swig_credentials]
+LIBRARY_REALNAME = samba/_credentials.$(SHLIBEXT)
PUBLIC_DEPENDENCIES = CREDENTIALS LIBCMDLINE_CREDENTIALS
-SWIG_FILE = credentials.i
-swig_credentials_OBJ_FILES = auth/credentials/credentials_wrap.o
+$(eval $(call python_py_module_template,samba/credentials.py,$(authsrcdir)/credentials/credentials.py))
+
+swig_credentials_OBJ_FILES = $(authsrcdir)/credentials/credentials_wrap.o
+
+$(swig_credentials_OBJ_FILES): CFLAGS+=$(CFLAG_NO_UNUSED_MACROS) $(CFLAG_NO_CAST_QUAL)
cred->tries = 3;
cred->callback_running = false;
- cred->ev = NULL;
cli_credentials_set_kerberos_state(cred, CRED_AUTO_USE_KERBEROS);
cli_credentials_set_gensec_features(cred, 0);
cli_credentials_invalidate_ccache(cred, cred->password_obtained);
cred->nt_hash = NULL;
+ cred->lm_response = data_blob(NULL, 0);
+ cred->nt_response = data_blob(NULL, 0);
return true;
}
}
}
-_PUBLIC_ bool cli_credentials_set_nt_hash(struct cli_credentials *cred,
- const struct samr_Password *nt_hash,
- enum credentials_obtained obtained)
-{
- if (obtained >= cred->password_obtained) {
- cli_credentials_set_password(cred, NULL, obtained);
- if (nt_hash) {
- cred->nt_hash = talloc(cred, struct samr_Password);
- *cred->nt_hash = *nt_hash;
- } else {
- cred->nt_hash = NULL;
- }
- return true;
- }
-
- return false;
-}
-
/**
* Obtain the 'short' or 'NetBIOS' domain for this credentials context.
* @param cred credentials context
}
if (cli_credentials_get_kerberos_state(cred) != CRED_DONT_USE_KERBEROS) {
- cli_credentials_set_ccache(cred, lp_ctx, NULL, CRED_GUESS_FILE);
+ cli_credentials_set_ccache(cred, event_context_find(cred), lp_ctx, NULL, CRED_GUESS_FILE);
}
}
return (cred->tries > 0);
}
-
-/*
- set the common event context for this set of credentials
- */
-_PUBLIC_ void cli_credentials_set_event_context(struct cli_credentials *cred, struct event_context *ev)
-{
- cred->ev = ev;
-}
-
-/*
- set the common event context for this set of credentials
- */
-_PUBLIC_ struct event_context *cli_credentials_get_event_context(struct cli_credentials *cred)
-{
- if (cred->ev == NULL) {
- cred->ev = event_context_find(cred);
- }
- return cred->ev;
-}
#include "librpc/gen_ndr/misc.h"
struct ccache_container;
+struct event_context;
/* In order of priority */
enum credentials_obtained {
const char *bind_dn;
+ /* Allows authentication from a keytab or similar */
struct samr_Password *nt_hash;
+ /* Allows NTLM pass-though authentication */
+ DATA_BLOB lm_response;
+ DATA_BLOB nt_response;
+
struct ccache_container *ccache;
struct gssapi_creds_container *client_gss_creds;
struct keytab_container *keytab;
/* Whether any callback is currently running */
bool callback_running;
-
- /* an event context for anyone wanting to use the credentials */
- struct event_context *ev;
};
struct ldb_context;
const char *cli_credentials_get_realm(struct cli_credentials *cred);
const char *cli_credentials_get_username(struct cli_credentials *cred);
int cli_credentials_get_krb5_context(struct cli_credentials *cred,
+ struct event_context *event_ctx,
struct loadparm_context *lp_ctx,
struct smb_krb5_context **smb_krb5_context);
int cli_credentials_get_ccache(struct cli_credentials *cred,
+ struct event_context *event_ctx,
struct loadparm_context *lp_ctx,
struct ccache_container **ccc);
int cli_credentials_get_keytab(struct cli_credentials *cred,
+ struct event_context *event_ctx,
struct loadparm_context *lp_ctx,
struct keytab_container **_ktc);
const char *cli_credentials_get_domain(struct cli_credentials *cred);
struct loadparm_context *lp_ctx);
const char *cli_credentials_get_principal(struct cli_credentials *cred, TALLOC_CTX *mem_ctx);
int cli_credentials_get_server_gss_creds(struct cli_credentials *cred,
+ struct event_context *event_ctx,
struct loadparm_context *lp_ctx,
struct gssapi_creds_container **_gcc);
int cli_credentials_get_client_gss_creds(struct cli_credentials *cred,
+ struct event_context *event_ctx,
struct loadparm_context *lp_ctx,
struct gssapi_creds_container **_gcc);
-void cli_credentials_set_event_context(struct cli_credentials *cred, struct event_context *ev);
void cli_credentials_set_kerberos_state(struct cli_credentials *creds,
enum credentials_use_kerberos use_kerberos);
-struct event_context *cli_credentials_get_event_context(struct cli_credentials *cred);
bool cli_credentials_set_domain(struct cli_credentials *cred,
const char *val,
enum credentials_obtained obtained);
NTSTATUS cli_credentials_set_krb5_context(struct cli_credentials *cred,
struct smb_krb5_context *smb_krb5_context);
NTSTATUS cli_credentials_set_stored_principal(struct cli_credentials *cred,
+ struct event_context *event_ctx,
struct loadparm_context *lp_ctx,
const char *serviceprincipal);
NTSTATUS cli_credentials_set_machine_account(struct cli_credentials *cred,
bool cli_credentials_set_nt_hash(struct cli_credentials *cred,
const struct samr_Password *nt_hash,
enum credentials_obtained obtained);
+bool cli_credentials_set_ntlm_response(struct cli_credentials *cred,
+ const DATA_BLOB *lm_response,
+ const DATA_BLOB *nt_response,
+ enum credentials_obtained obtained);
int cli_credentials_set_keytab_name(struct cli_credentials *cred,
+ struct event_context *event_ctx,
struct loadparm_context *lp_ctx,
const char *keytab_name,
enum credentials_obtained obtained);
int cli_credentials_update_keytab(struct cli_credentials *cred,
+ struct event_context *event_ctx,
struct loadparm_context *lp_ctx);
void cli_credentials_set_gensec_features(struct cli_credentials *creds, uint32_t gensec_features);
uint32_t cli_credentials_get_gensec_features(struct cli_credentials *creds);
int cli_credentials_set_ccache(struct cli_credentials *cred,
+ struct event_context *event_ctx,
struct loadparm_context *lp_ctx,
const char *name,
enum credentials_obtained obtained);
void cli_credentials_set_salt_principal(struct cli_credentials *cred, const char *principal);
enum credentials_use_kerberos cli_credentials_get_kerberos_state(struct cli_credentials *creds);
NTSTATUS cli_credentials_set_secrets(struct cli_credentials *cred,
+ struct event_context *event_ctx,
struct loadparm_context *lp_ctx,
struct ldb_context *ldb,
const char *base,
return cli_credentials_init(NULL);
}
/* username */
+ %feature("docstring") get_username "S.get_username() -> username\nObtain username.";
const char *get_username(void);
+ %feature("docstring") set_username "S.set_username(name, obtained=CRED_SPECIFIED) -> None\nChange username.";
bool set_username(const char *value,
- enum credentials_obtained=CRED_SPECIFIED);
+ enum credentials_obtained obtained=CRED_SPECIFIED);
/* password */
+ %feature("docstring") get_password "S.get_password() -> password\n" \
+ "Obtain password.";
const char *get_password(void);
+ %feature("docstring") set_password "S.set_password(password, obtained=CRED_SPECIFIED) -> None\n" \
+ "Change password.";
bool set_password(const char *val,
- enum credentials_obtained=CRED_SPECIFIED);
+ enum credentials_obtained obtained=CRED_SPECIFIED);
/* domain */
+ %feature("docstring") get_password "S.get_domain() -> domain\nObtain domain name.";
const char *get_domain(void);
+ %feature("docstring") set_domain "S.set_domain(domain, obtained=CRED_SPECIFIED) -> None\n" \
+ "Change domain name.";
bool set_domain(const char *val,
- enum credentials_obtained=CRED_SPECIFIED);
+ enum credentials_obtained obtained=CRED_SPECIFIED);
/* realm */
+ %feature("docstring") get_realm "S.get_realm() -> realm\nObtain realm name.";
const char *get_realm(void);
+ %feature("docstring") set_realm "S.set_realm(realm, obtained=CRED_SPECIFIED) -> None\n" \
+ "Change realm name.";
bool set_realm(const char *val,
- enum credentials_obtained=CRED_SPECIFIED);
+ enum credentials_obtained obtained=CRED_SPECIFIED);
- /* Kerberos */
+ /* Kerberos */
void set_kerberos_state(enum credentials_use_kerberos use_kerberos);
+ %feature("docstring") parse_string "S.parse_string(text, obtained=CRED_SPECIFIED) -> None\n" \
+ "Parse credentials string.";
void parse_string(const char *text,
- enum credentials_obtained=CRED_SPECIFIED);
+ enum credentials_obtained obtained=CRED_SPECIFIED);
/* bind dn */
+ %feature("docstring") get_bind_dn "S.get_bind_dn() -> bind dn\nObtain bind DN.";
const char *get_bind_dn(void);
+ %feature("docstring") set_bind_dn "S.set_bind_dn(bind_dn) -> None\nChange bind DN.";
bool set_bind_dn(const char *bind_dn);
- void set_anonymous();
+ %feature("docstring") set_anonymous "S.set_anonymous() -> None\nUse anonymous credentials.";
+ void set_anonymous();
/* workstation name */
const char *get_workstation(void);
bool authentication_requested(void);
+ %feature("docstring") wrong_password "S.wrong_password() -> bool\nIndicate the returned password was incorrect.";
bool wrong_password(void);
+ %feature("docstring") set_cmdline_callbacks "S.set_cmdline_callbacks() -> bool\nUse command-line to obtain credentials not explicitly set.";
bool set_cmdline_callbacks();
}
} cli_credentials;
# This file was automatically generated by SWIG (http://www.swig.org).
-# Version 1.3.33
+# Version 1.3.35
#
# Don't modify this file, modify the SWIG interface instead.
__repr__ = _swig_repr
def __init__(self, *args, **kwargs):
_credentials.Credentials_swiginit(self,_credentials.new_Credentials(*args, **kwargs))
+ def get_username(*args, **kwargs):
+ """
+ S.get_username() -> username
+ Obtain username.
+ """
+ return _credentials.Credentials_get_username(*args, **kwargs)
+
+ def set_username(*args, **kwargs):
+ """
+ S.set_username(name, obtained=CRED_SPECIFIED) -> None
+ Change username.
+ """
+ return _credentials.Credentials_set_username(*args, **kwargs)
+
+ def get_password(*args, **kwargs):
+ """
+ S.get_password() -> password
+ Obtain password.
+ """
+ return _credentials.Credentials_get_password(*args, **kwargs)
+
+ def set_password(*args, **kwargs):
+ """
+ S.set_password(password, obtained=CRED_SPECIFIED) -> None
+ Change password.
+ """
+ return _credentials.Credentials_set_password(*args, **kwargs)
+
+ def set_domain(*args, **kwargs):
+ """
+ S.set_domain(domain, obtained=CRED_SPECIFIED) -> None
+ Change domain name.
+ """
+ return _credentials.Credentials_set_domain(*args, **kwargs)
+
+ def get_realm(*args, **kwargs):
+ """
+ S.get_realm() -> realm
+ Obtain realm name.
+ """
+ return _credentials.Credentials_get_realm(*args, **kwargs)
+
+ def set_realm(*args, **kwargs):
+ """
+ S.set_realm(realm, obtained=CRED_SPECIFIED) -> None
+ Change realm name.
+ """
+ return _credentials.Credentials_set_realm(*args, **kwargs)
+
+ def parse_string(*args, **kwargs):
+ """
+ S.parse_string(text, obtained=CRED_SPECIFIED) -> None
+ Parse credentials string.
+ """
+ return _credentials.Credentials_parse_string(*args, **kwargs)
+
+ def get_bind_dn(*args, **kwargs):
+ """
+ S.get_bind_dn() -> bind dn
+ Obtain bind DN.
+ """
+ return _credentials.Credentials_get_bind_dn(*args, **kwargs)
+
+ def set_bind_dn(*args, **kwargs):
+ """
+ S.set_bind_dn(bind_dn) -> None
+ Change bind DN.
+ """
+ return _credentials.Credentials_set_bind_dn(*args, **kwargs)
+
+ def set_anonymous(*args, **kwargs):
+ """
+ S.set_anonymous() -> None
+ Use anonymous credentials.
+ """
+ return _credentials.Credentials_set_anonymous(*args, **kwargs)
+
+ def wrong_password(*args, **kwargs):
+ """
+ S.wrong_password() -> bool
+ Indicate the returned password was incorrect.
+ """
+ return _credentials.Credentials_wrong_password(*args, **kwargs)
+
+ def set_cmdline_callbacks(*args, **kwargs):
+ """
+ S.set_cmdline_callbacks() -> bool
+ Use command-line to obtain credentials not explicitly set.
+ """
+ return _credentials.Credentials_set_cmdline_callbacks(*args, **kwargs)
+
__swig_destroy__ = _credentials.delete_Credentials
Credentials.get_username = new_instancemethod(_credentials.Credentials_get_username,None,Credentials)
Credentials.set_username = new_instancemethod(_credentials.Credentials_set_username,None,Credentials)
#include "auth/credentials/credentials.h"
#include "auth/credentials/credentials_krb5.h"
#include "param/param.h"
+#include "lib/events/events.h"
/**
* Read a file descriptor, and parse it for a password (eg from a file or stdin)
* @retval NTSTATUS error detailing any failure
*/
_PUBLIC_ NTSTATUS cli_credentials_set_secrets(struct cli_credentials *cred,
+ struct event_context *event_ctx,
struct loadparm_context *lp_ctx,
struct ldb_context *ldb,
const char *base,
* (chewing CPU time) from the password */
keytab = ldb_msg_find_attr_as_string(msgs[0], "krb5Keytab", NULL);
if (keytab) {
- cli_credentials_set_keytab_name(cred, lp_ctx, keytab, CRED_SPECIFIED);
+ cli_credentials_set_keytab_name(cred, event_ctx, lp_ctx, keytab, CRED_SPECIFIED);
} else {
keytab = ldb_msg_find_attr_as_string(msgs[0], "privateKeytab", NULL);
if (keytab) {
keytab = talloc_asprintf(mem_ctx, "FILE:%s", private_path(mem_ctx, lp_ctx, keytab));
if (keytab) {
- cli_credentials_set_keytab_name(cred, lp_ctx, keytab, CRED_SPECIFIED);
+ cli_credentials_set_keytab_name(cred, event_ctx, lp_ctx, keytab, CRED_SPECIFIED);
}
}
}
cred->machine_account_pending = false;
filter = talloc_asprintf(cred, SECRETS_PRIMARY_DOMAIN_FILTER,
cli_credentials_get_domain(cred));
- return cli_credentials_set_secrets(cred, lp_ctx, NULL,
+ return cli_credentials_set_secrets(cred, event_context_find(cred), lp_ctx, NULL,
SECRETS_PRIMARY_DOMAIN_DN,
filter);
}
* @retval NTSTATUS error detailing any failure
*/
NTSTATUS cli_credentials_set_krbtgt(struct cli_credentials *cred,
+ struct event_context *event_ctx,
struct loadparm_context *lp_ctx)
{
char *filter;
filter = talloc_asprintf(cred, SECRETS_KRBTGT_SEARCH,
cli_credentials_get_realm(cred),
cli_credentials_get_domain(cred));
- return cli_credentials_set_secrets(cred, lp_ctx, NULL,
+ return cli_credentials_set_secrets(cred, event_ctx, lp_ctx, NULL,
SECRETS_PRINCIPALS_DN,
filter);
}
* @retval NTSTATUS error detailing any failure
*/
_PUBLIC_ NTSTATUS cli_credentials_set_stored_principal(struct cli_credentials *cred,
+ struct event_context *event_ctx,
struct loadparm_context *lp_ctx,
const char *serviceprincipal)
{
cli_credentials_get_realm(cred),
cli_credentials_get_domain(cred),
serviceprincipal);
- return cli_credentials_set_secrets(cred, lp_ctx, NULL,
+ return cli_credentials_set_secrets(cred, event_ctx, lp_ctx, NULL,
SECRETS_PRINCIPALS_DN, filter);
}
#include "param/param.h"
_PUBLIC_ int cli_credentials_get_krb5_context(struct cli_credentials *cred,
+ struct event_context *event_ctx,
struct loadparm_context *lp_ctx,
struct smb_krb5_context **smb_krb5_context)
{
return 0;
}
- ret = smb_krb5_init_context(cred, cli_credentials_get_event_context(cred),
- lp_ctx, &cred->smb_krb5_context);
+ ret = smb_krb5_init_context(cred, event_ctx, lp_ctx, &cred->smb_krb5_context);
if (ret) {
cred->smb_krb5_context = NULL;
return ret;
}
_PUBLIC_ int cli_credentials_set_ccache(struct cli_credentials *cred,
+ struct event_context *event_ctx,
struct loadparm_context *lp_ctx,
const char *name,
enum credentials_obtained obtained)
return ENOMEM;
}
- ret = cli_credentials_get_krb5_context(cred, lp_ctx,
+ ret = cli_credentials_get_krb5_context(cred, event_ctx, lp_ctx,
&ccc->smb_krb5_context);
if (ret) {
talloc_free(ccc);
static int cli_credentials_new_ccache(struct cli_credentials *cred,
+ struct event_context *event_ctx,
struct loadparm_context *lp_ctx,
struct ccache_container **_ccc)
{
return ENOMEM;
}
- ret = cli_credentials_get_krb5_context(cred, lp_ctx,
+ ret = cli_credentials_get_krb5_context(cred, event_ctx, lp_ctx,
&ccc->smb_krb5_context);
if (ret) {
talloc_free(ccc);
}
_PUBLIC_ int cli_credentials_get_ccache(struct cli_credentials *cred,
+ struct event_context *event_ctx,
struct loadparm_context *lp_ctx,
struct ccache_container **ccc)
{
return EINVAL;
}
- ret = cli_credentials_new_ccache(cred, lp_ctx, ccc);
+ ret = cli_credentials_new_ccache(cred, event_ctx, lp_ctx, ccc);
if (ret) {
return ret;
}
}
_PUBLIC_ int cli_credentials_get_client_gss_creds(struct cli_credentials *cred,
+ struct event_context *event_ctx,
struct loadparm_context *lp_ctx,
struct gssapi_creds_container **_gcc)
{
*_gcc = cred->client_gss_creds;
return 0;
}
- ret = cli_credentials_get_ccache(cred, lp_ctx,
+ ret = cli_credentials_get_ccache(cred, event_ctx, lp_ctx,
&ccache);
if (ret) {
DEBUG(1, ("Failed to get CCACHE for GSSAPI client: %s\n", error_message(ret)));
*/
int cli_credentials_set_client_gss_creds(struct cli_credentials *cred,
+ struct event_context *event_ctx,
struct loadparm_context *lp_ctx,
gss_cred_id_t gssapi_cred,
enum credentials_obtained obtained)
return ENOMEM;
}
- ret = cli_credentials_new_ccache(cred, lp_ctx, &ccc);
+ ret = cli_credentials_new_ccache(cred, event_ctx, lp_ctx, &ccc);
if (ret != 0) {
return ret;
}
* it will be generated from the password.
*/
_PUBLIC_ int cli_credentials_get_keytab(struct cli_credentials *cred,
+ struct event_context *event_ctx,
struct loadparm_context *lp_ctx,
struct keytab_container **_ktc)
{
return EINVAL;
}
- ret = cli_credentials_get_krb5_context(cred, lp_ctx,
+ ret = cli_credentials_get_krb5_context(cred, event_ctx, lp_ctx,
&smb_krb5_context);
if (ret) {
return ret;
* FILE:/etc/krb5.keytab), open it and attach it */
_PUBLIC_ int cli_credentials_set_keytab_name(struct cli_credentials *cred,
+ struct event_context *event_ctx,
struct loadparm_context *lp_ctx,
const char *keytab_name,
enum credentials_obtained obtained)
return 0;
}
- ret = cli_credentials_get_krb5_context(cred, lp_ctx, &smb_krb5_context);
+ ret = cli_credentials_get_krb5_context(cred, event_ctx, lp_ctx, &smb_krb5_context);
if (ret) {
return ret;
}
}
_PUBLIC_ int cli_credentials_update_keytab(struct cli_credentials *cred,
+ struct event_context *event_ctx,
struct loadparm_context *lp_ctx)
{
krb5_error_code ret;
return ENOMEM;
}
- ret = cli_credentials_get_krb5_context(cred, lp_ctx, &smb_krb5_context);
+ ret = cli_credentials_get_krb5_context(cred, event_ctx, lp_ctx, &smb_krb5_context);
if (ret) {
talloc_free(mem_ctx);
return ret;
enctype_strings = cli_credentials_get_enctype_strings(cred);
- ret = cli_credentials_get_keytab(cred, lp_ctx, &ktc);
+ ret = cli_credentials_get_keytab(cred, event_ctx, lp_ctx, &ktc);
if (ret != 0) {
talloc_free(mem_ctx);
return ret;
/* Get server gss credentials (in gsskrb5, this means the keytab) */
_PUBLIC_ int cli_credentials_get_server_gss_creds(struct cli_credentials *cred,
+ struct event_context *event_ctx,
struct loadparm_context *lp_ctx,
struct gssapi_creds_container **_gcc)
{
return 0;
}
- ret = cli_credentials_get_krb5_context(cred, lp_ctx, &smb_krb5_context);
+ ret = cli_credentials_get_krb5_context(cred, event_ctx, lp_ctx, &smb_krb5_context);
if (ret) {
return ret;
}
- ret = cli_credentials_get_keytab(cred, lp_ctx, &ktc);
+ ret = cli_credentials_get_keytab(cred, event_ctx, lp_ctx, &ktc);
if (ret) {
DEBUG(1, ("Failed to get keytab for GSSAPI server: %s\n", error_message(ret)));
return ret;
/* Manually prototyped here to avoid needing gss headers in most callers */
int cli_credentials_set_client_gss_creds(struct cli_credentials *cred,
+ struct event_context *event_ctx,
struct loadparm_context *lp_ctx,
gss_cred_id_t gssapi_cred,
enum credentials_obtained obtained);
const struct samr_Password *nt_hash;
lm_session_key = data_blob(NULL, 0);
+ /* We may already have an NTLM response we prepared earlier.
+ * This is used for NTLM pass-though authentication */
+ if (cred->nt_response.data || cred->lm_response.data) {
+ *_nt_response = cred->nt_response;
+ *_lm_response = cred->lm_response;
+
+ if (!cred->lm_response.data) {
+ *flags = *flags & ~CLI_CRED_LANMAN_AUTH;
+ }
+ *_lm_session_key = data_blob(NULL, 0);
+ *_session_key = data_blob(NULL, 0);
+ return NT_STATUS_OK;
+ }
+
nt_hash = cli_credentials_get_nt_hash(cred, mem_ctx);
cli_credentials_get_ntlm_username_domain(cred, mem_ctx, &user, &domain);
return NT_STATUS_OK;
}
+_PUBLIC_ bool cli_credentials_set_nt_hash(struct cli_credentials *cred,
+ const struct samr_Password *nt_hash,
+ enum credentials_obtained obtained)
+{
+ if (obtained >= cred->password_obtained) {
+ cli_credentials_set_password(cred, NULL, obtained);
+ if (nt_hash) {
+ cred->nt_hash = talloc(cred, struct samr_Password);
+ *cred->nt_hash = *nt_hash;
+ } else {
+ cred->nt_hash = NULL;
+ }
+ return true;
+ }
+
+ return false;
+}
+
+_PUBLIC_ bool cli_credentials_set_ntlm_response(struct cli_credentials *cred,
+ const DATA_BLOB *lm_response,
+ const DATA_BLOB *nt_response,
+ enum credentials_obtained obtained)
+{
+ if (obtained >= cred->password_obtained) {
+ cli_credentials_set_password(cred, NULL, obtained);
+ if (nt_response) {
+ cred->nt_response = data_blob_talloc(cred, nt_response->data, nt_response->length);
+ talloc_steal(cred, cred->nt_response.data);
+ }
+ if (nt_response) {
+ cred->lm_response = data_blob_talloc(cred, lm_response->data, lm_response->length);
+ }
+ return true;
+ }
+
+ return false;
+}
+
/* ----------------------------------------------------------------------------
* This file was automatically generated by SWIG (http://www.swig.org).
- * Version 1.3.33
+ * Version 1.3.35
*
* This file is not intended to be easily readable and contains a number of
* coding conventions designed to improve portability and efficiency. Do not make
/* This should only be incremented when either the layout of swig_type_info changes,
or for whatever reason, the runtime changes incompatibly */
-#define SWIG_RUNTIME_VERSION "3"
+#define SWIG_RUNTIME_VERSION "4"
/* define SWIG_TYPE_TABLE_NAME as "SWIG_TYPE_TABLE" */
#ifdef SWIG_TYPE_TABLE
/* Flags for pointer conversions */
#define SWIG_POINTER_DISOWN 0x1
+#define SWIG_CAST_NEW_MEMORY 0x2
/* Flags for new pointer objects */
#define SWIG_POINTER_OWN 0x1
extern "C" {
#endif
-typedef void *(*swig_converter_func)(void *);
+typedef void *(*swig_converter_func)(void *, int *);
typedef struct swig_type_info *(*swig_dycast_func)(void **);
-/* Structure to store inforomation on one type */
+/* Structure to store information on one type */
typedef struct swig_type_info {
const char *name; /* mangled name of this type */
const char *str; /* human readable name of this type */
Cast a pointer up an inheritance hierarchy
*/
SWIGRUNTIMEINLINE void *
-SWIG_TypeCast(swig_cast_info *ty, void *ptr) {
- return ((!ty) || (!ty->converter)) ? ptr : (*ty->converter)(ptr);
+SWIG_TypeCast(swig_cast_info *ty, void *ptr, int *newmemory) {
+ return ((!ty) || (!ty->converter)) ? ptr : (*ty->converter)(ptr, newmemory);
}
/*
Py_DECREF(old_str);
Py_DECREF(value);
} else {
- PyErr_Format(PyExc_RuntimeError, mesg);
+ PyErr_SetString(PyExc_RuntimeError, mesg);
}
}
{
PySwigObject *sobj = (PySwigObject *) v;
PyObject *next = sobj->next;
- if (sobj->own) {
+ if (sobj->own == SWIG_POINTER_OWN) {
swig_type_info *ty = sobj->ty;
PySwigClientData *data = ty ? (PySwigClientData *) ty->clientdata : 0;
PyObject *destroy = data ? data->destroy : 0;
res = ((*meth)(mself, v));
}
Py_XDECREF(res);
- } else {
- const char *name = SWIG_TypePrettyName(ty);
+ }
#if !defined(SWIG_PYTHON_SILENT_MEMLEAK)
- printf("swig/python detected a memory leak of type '%s', no destructor found.\n", name);
-#endif
+ else {
+ const char *name = SWIG_TypePrettyName(ty);
+ printf("swig/python detected a memory leak of type '%s', no destructor found.\n", (name ? name : "unknown"));
}
+#endif
}
Py_XDECREF(next);
PyObject_DEL(v);
SWIGRUNTIME int
SWIG_Python_AcquirePtr(PyObject *obj, int own) {
- if (own) {
+ if (own == SWIG_POINTER_OWN) {
PySwigObject *sobj = SWIG_Python_GetSwigThis(obj);
if (sobj) {
int oldown = sobj->own;
return SWIG_OK;
} else {
PySwigObject *sobj = SWIG_Python_GetSwigThis(obj);
+ if (own)
+ *own = 0;
while (sobj) {
void *vptr = sobj->ptr;
if (ty) {
if (!tc) {
sobj = (PySwigObject *)sobj->next;
} else {
- if (ptr) *ptr = SWIG_TypeCast(tc,vptr);
+ if (ptr) {
+ int newmemory = 0;
+ *ptr = SWIG_TypeCast(tc,vptr,&newmemory);
+ if (newmemory == SWIG_CAST_NEW_MEMORY) {
+ assert(own);
+ if (own)
+ *own = *own | SWIG_CAST_NEW_MEMORY;
+ }
+ }
break;
}
}
}
}
if (sobj) {
- if (own) *own = sobj->own;
+ if (own)
+ *own = *own | sobj->own;
if (flags & SWIG_POINTER_DISOWN) {
sobj->own = 0;
}
}
if (ty) {
swig_cast_info *tc = SWIG_TypeCheck(desc,ty);
- if (!tc) return SWIG_ERROR;
- *ptr = SWIG_TypeCast(tc,vptr);
+ if (tc) {
+ int newmemory = 0;
+ *ptr = SWIG_TypeCast(tc,vptr,&newmemory);
+ assert(!newmemory); /* newmemory handling not yet implemented */
+ } else {
+ return SWIG_ERROR;
+ }
} else {
*ptr = vptr;
}
#define SWIG_name "_credentials"
-#define SWIGVERSION 0x010333
+#define SWIGVERSION 0x010335
#define SWIG_VERSION SWIGVERSION
PyObject * obj1 = 0 ;
PyObject * obj2 = 0 ;
char * kwnames[] = {
- (char *) "self",(char *) "value",(char *)"arg3", NULL
+ (char *) "self",(char *) "value",(char *) "obtained", NULL
};
arg1 = NULL;
PyObject * obj1 = 0 ;
PyObject * obj2 = 0 ;
char * kwnames[] = {
- (char *) "self",(char *) "val",(char *)"arg3", NULL
+ (char *) "self",(char *) "val",(char *) "obtained", NULL
};
arg1 = NULL;
PyObject * obj1 = 0 ;
PyObject * obj2 = 0 ;
char * kwnames[] = {
- (char *) "self",(char *) "val",(char *)"arg3", NULL
+ (char *) "self",(char *) "val",(char *) "obtained", NULL
};
arg1 = NULL;
PyObject * obj1 = 0 ;
PyObject * obj2 = 0 ;
char * kwnames[] = {
- (char *) "self",(char *) "val",(char *)"arg3", NULL
+ (char *) "self",(char *) "val",(char *) "obtained", NULL
};
arg1 = NULL;
PyObject * obj1 = 0 ;
PyObject * obj2 = 0 ;
char * kwnames[] = {
- (char *) "self",(char *) "text",(char *)"arg3", NULL
+ (char *) "self",(char *) "text",(char *) "obtained", NULL
};
arg1 = NULL;
static PyMethodDef SwigMethods[] = {
{ (char *)"new_Credentials", (PyCFunction)_wrap_new_Credentials, METH_NOARGS, NULL},
- { (char *)"Credentials_get_username", (PyCFunction) _wrap_Credentials_get_username, METH_VARARGS | METH_KEYWORDS, NULL},
- { (char *)"Credentials_set_username", (PyCFunction) _wrap_Credentials_set_username, METH_VARARGS | METH_KEYWORDS, NULL},
- { (char *)"Credentials_get_password", (PyCFunction) _wrap_Credentials_get_password, METH_VARARGS | METH_KEYWORDS, NULL},
- { (char *)"Credentials_set_password", (PyCFunction) _wrap_Credentials_set_password, METH_VARARGS | METH_KEYWORDS, NULL},
+ { (char *)"Credentials_get_username", (PyCFunction) _wrap_Credentials_get_username, METH_VARARGS | METH_KEYWORDS, (char *)"\n"
+ "S.get_username() -> username\n"
+ "Obtain username.\n"
+ ""},
+ { (char *)"Credentials_set_username", (PyCFunction) _wrap_Credentials_set_username, METH_VARARGS | METH_KEYWORDS, (char *)"\n"
+ "S.set_username(name, obtained=CRED_SPECIFIED) -> None\n"
+ "Change username.\n"
+ ""},
+ { (char *)"Credentials_get_password", (PyCFunction) _wrap_Credentials_get_password, METH_VARARGS | METH_KEYWORDS, (char *)"\n"
+ "S.get_password() -> password\n"
+ "Obtain password.\n"
+ ""},
+ { (char *)"Credentials_set_password", (PyCFunction) _wrap_Credentials_set_password, METH_VARARGS | METH_KEYWORDS, (char *)"\n"
+ "S.set_password(password, obtained=CRED_SPECIFIED) -> None\n"
+ "Change password.\n"
+ ""},
{ (char *)"Credentials_get_domain", (PyCFunction) _wrap_Credentials_get_domain, METH_VARARGS | METH_KEYWORDS, NULL},
- { (char *)"Credentials_set_domain", (PyCFunction) _wrap_Credentials_set_domain, METH_VARARGS | METH_KEYWORDS, NULL},
- { (char *)"Credentials_get_realm", (PyCFunction) _wrap_Credentials_get_realm, METH_VARARGS | METH_KEYWORDS, NULL},
- { (char *)"Credentials_set_realm", (PyCFunction) _wrap_Credentials_set_realm, METH_VARARGS | METH_KEYWORDS, NULL},
+ { (char *)"Credentials_set_domain", (PyCFunction) _wrap_Credentials_set_domain, METH_VARARGS | METH_KEYWORDS, (char *)"\n"
+ "S.set_domain(domain, obtained=CRED_SPECIFIED) -> None\n"
+ "Change domain name.\n"
+ ""},
+ { (char *)"Credentials_get_realm", (PyCFunction) _wrap_Credentials_get_realm, METH_VARARGS | METH_KEYWORDS, (char *)"\n"
+ "S.get_realm() -> realm\n"
+ "Obtain realm name.\n"
+ ""},
+ { (char *)"Credentials_set_realm", (PyCFunction) _wrap_Credentials_set_realm, METH_VARARGS | METH_KEYWORDS, (char *)"\n"
+ "S.set_realm(realm, obtained=CRED_SPECIFIED) -> None\n"
+ "Change realm name.\n"
+ ""},
{ (char *)"Credentials_set_kerberos_state", (PyCFunction) _wrap_Credentials_set_kerberos_state, METH_VARARGS | METH_KEYWORDS, NULL},
- { (char *)"Credentials_parse_string", (PyCFunction) _wrap_Credentials_parse_string, METH_VARARGS | METH_KEYWORDS, NULL},
- { (char *)"Credentials_get_bind_dn", (PyCFunction) _wrap_Credentials_get_bind_dn, METH_VARARGS | METH_KEYWORDS, NULL},
- { (char *)"Credentials_set_bind_dn", (PyCFunction) _wrap_Credentials_set_bind_dn, METH_VARARGS | METH_KEYWORDS, NULL},
- { (char *)"Credentials_set_anonymous", (PyCFunction) _wrap_Credentials_set_anonymous, METH_VARARGS | METH_KEYWORDS, NULL},
+ { (char *)"Credentials_parse_string", (PyCFunction) _wrap_Credentials_parse_string, METH_VARARGS | METH_KEYWORDS, (char *)"\n"
+ "S.parse_string(text, obtained=CRED_SPECIFIED) -> None\n"
+ "Parse credentials string.\n"
+ ""},
+ { (char *)"Credentials_get_bind_dn", (PyCFunction) _wrap_Credentials_get_bind_dn, METH_VARARGS | METH_KEYWORDS, (char *)"\n"
+ "S.get_bind_dn() -> bind dn\n"
+ "Obtain bind DN.\n"
+ ""},
+ { (char *)"Credentials_set_bind_dn", (PyCFunction) _wrap_Credentials_set_bind_dn, METH_VARARGS | METH_KEYWORDS, (char *)"\n"
+ "S.set_bind_dn(bind_dn) -> None\n"
+ "Change bind DN.\n"
+ ""},
+ { (char *)"Credentials_set_anonymous", (PyCFunction) _wrap_Credentials_set_anonymous, METH_VARARGS | METH_KEYWORDS, (char *)"\n"
+ "S.set_anonymous() -> None\n"
+ "Use anonymous credentials.\n"
+ ""},
{ (char *)"Credentials_get_workstation", (PyCFunction) _wrap_Credentials_get_workstation, METH_VARARGS | METH_KEYWORDS, NULL},
{ (char *)"Credentials_set_workstation", (PyCFunction) _wrap_Credentials_set_workstation, METH_VARARGS | METH_KEYWORDS, NULL},
{ (char *)"Credentials_set_machine_account", (PyCFunction) _wrap_Credentials_set_machine_account, METH_VARARGS | METH_KEYWORDS, NULL},
{ (char *)"Credentials_is_anonymous", (PyCFunction) _wrap_Credentials_is_anonymous, METH_VARARGS | METH_KEYWORDS, NULL},
{ (char *)"Credentials_get_nt_hash", (PyCFunction) _wrap_Credentials_get_nt_hash, METH_VARARGS | METH_KEYWORDS, NULL},
{ (char *)"Credentials_authentication_requested", (PyCFunction) _wrap_Credentials_authentication_requested, METH_VARARGS | METH_KEYWORDS, NULL},
- { (char *)"Credentials_wrong_password", (PyCFunction) _wrap_Credentials_wrong_password, METH_VARARGS | METH_KEYWORDS, NULL},
- { (char *)"Credentials_set_cmdline_callbacks", (PyCFunction) _wrap_Credentials_set_cmdline_callbacks, METH_VARARGS | METH_KEYWORDS, NULL},
+ { (char *)"Credentials_wrong_password", (PyCFunction) _wrap_Credentials_wrong_password, METH_VARARGS | METH_KEYWORDS, (char *)"\n"
+ "S.wrong_password() -> bool\n"
+ "Indicate the returned password was incorrect.\n"
+ ""},
+ { (char *)"Credentials_set_cmdline_callbacks", (PyCFunction) _wrap_Credentials_set_cmdline_callbacks, METH_VARARGS | METH_KEYWORDS, (char *)"\n"
+ "S.set_cmdline_callbacks() -> bool\n"
+ "Use command-line to obtain credentials not explicitly set.\n"
+ ""},
{ (char *)"delete_Credentials", (PyCFunction) _wrap_delete_Credentials, METH_VARARGS | METH_KEYWORDS, NULL},
{ (char *)"Credentials_swigregister", Credentials_swigregister, METH_VARARGS, NULL},
{ (char *)"Credentials_swiginit", Credentials_swiginit, METH_VARARGS, NULL},
SWIG_InitializeModule(void *clientdata) {
size_t i;
swig_module_info *module_head, *iter;
- int found;
+ int found, init;
clientdata = clientdata;
swig_module.type_initial = swig_type_initial;
swig_module.cast_initial = swig_cast_initial;
swig_module.next = &swig_module;
+ init = 1;
+ } else {
+ init = 0;
}
/* Try and load any already created modules */
module_head->next = &swig_module;
}
+ /* When multiple interpeters are used, a module could have already been initialized in
+ a different interpreter, but not yet have a pointer in this interpreter.
+ In this case, we do not want to continue adding types... everything should be
+ set up already */
+ if (init == 0) return;
+
/* Now work on filling in swig_module.types */
#ifdef SWIGRUNTIME_DEBUG
printf("SWIG_InitializeModule: size %d\n", swig_module.size);
"""
import unittest
-import credentials
+from samba import credentials
class CredentialsTests(unittest.TestCase):
def setUp(self):
#################################
# Start SUBSYSTEM gensec
[LIBRARY::gensec]
-PRIVATE_PROTO_HEADER = gensec_proto.h
PUBLIC_DEPENDENCIES = \
CREDENTIALS LIBSAMBA-UTIL LIBCRYPTO ASN1_UTIL samba-socket LIBPACKET
# End SUBSYSTEM gensec
#################################
-PC_FILES += auth/gensec/gensec.pc
+PC_FILES += $(gensecsrcdir)/gensec.pc
gensec_VERSION = 0.0.1
gensec_SOVERSION = 0
-gensec_OBJ_FILES = $(addprefix auth/gensec/, gensec.o socket.o)
+gensec_OBJ_FILES = $(addprefix $(gensecsrcdir)/, gensec.o socket.o)
-PUBLIC_HEADERS += auth/gensec/gensec.h
+PUBLIC_HEADERS += $(gensecsrcdir)/gensec.h
+
+$(eval $(call proto_header_template,$(gensecsrcdir)/gensec_proto.h,$(gensec_OBJ_FILES:.o=.c)))
################################################
# Start MODULE gensec_krb5
[MODULE::gensec_krb5]
SUBSYSTEM = gensec
INIT_FUNCTION = gensec_krb5_init
-PRIVATE_DEPENDENCIES = CREDENTIALS KERBEROS auth auth_sam
+PRIVATE_DEPENDENCIES = CREDENTIALS KERBEROS auth_session auth_sam
# End MODULE gensec_krb5
################################################
-gensec_krb5_OBJ_FILES = $(addprefix auth/gensec/, gensec_krb5.o)
+gensec_krb5_OBJ_FILES = $(addprefix $(gensecsrcdir)/, gensec_krb5.o)
################################################
# Start MODULE gensec_gssapi
# End MODULE gensec_gssapi
################################################
-gensec_gssapi_OBJ_FILES = $(addprefix auth/gensec/, gensec_gssapi.o)
+gensec_gssapi_OBJ_FILES = $(addprefix $(gensecsrcdir)/, gensec_gssapi.o)
################################################
# Start MODULE cyrus_sasl
# End MODULE cyrus_sasl
################################################
-cyrus_sasl_OBJ_FILES = $(addprefix auth/gensec/, cyrus_sasl.o)
+cyrus_sasl_OBJ_FILES = $(addprefix $(gensecsrcdir)/, cyrus_sasl.o)
################################################
# Start MODULE gensec_spnego
[MODULE::gensec_spnego]
SUBSYSTEM = gensec
INIT_FUNCTION = gensec_spnego_init
-PRIVATE_PROTO_HEADER = spnego_proto.h
PRIVATE_DEPENDENCIES = ASN1_UTIL CREDENTIALS
# End MODULE gensec_spnego
################################################
-gensec_spnego_OBJ_FILES = $(addprefix auth/gensec/, spnego.o spnego_parse.o)
+gensec_spnego_OBJ_FILES = $(addprefix $(gensecsrcdir)/, spnego.o spnego_parse.o)
+
+$(eval $(call proto_header_template,$(gensecsrcdir)/spnego_proto.h,$(gensec_spnego_OBJ_FILES:.o=.c)))
################################################
# Start MODULE gensec_schannel
[MODULE::gensec_schannel]
SUBSYSTEM = gensec
-PRIVATE_PROTO_HEADER = schannel_proto.h
INIT_FUNCTION = gensec_schannel_init
PRIVATE_DEPENDENCIES = SCHANNELDB NDR_SCHANNEL CREDENTIALS LIBNDR
OUTPUT_TYPE = MERGED_OBJ
# End MODULE gensec_schannel
################################################
-gensec_schannel_OBJ_FILES = $(addprefix auth/gensec/, schannel.o schannel_sign.o)
+gensec_schannel_OBJ_FILES = $(addprefix $(gensecsrcdir)/, schannel.o schannel_sign.o)
+$(eval $(call proto_header_template,$(gensecsrcdir)/schannel_proto.h,$(gensec_schannel_OBJ_FILES:.o=.c)))
################################################
# Start SUBSYSTEM SCHANNELDB
[SUBSYSTEM::SCHANNELDB]
-PRIVATE_PROTO_HEADER = schannel_state.h
PRIVATE_DEPENDENCIES = LDB_WRAP SAMDB
# End SUBSYSTEM SCHANNELDB
################################################
-SCHANNELDB_OBJ_FILES = $(addprefix auth/gensec/, schannel_state.o)
+SCHANNELDB_OBJ_FILES = $(addprefix $(gensecsrcdir)/, schannel_state.o)
+$(eval $(call proto_header_template,$(gensecsrcdir)/schannel_state.h,$(SCHANNELDB_OBJ_FILES:.o=.c)))
#include "includes.h"
#include "auth/auth.h"
#include "lib/events/events.h"
-#include "build.h"
#include "librpc/rpc/dcerpc.h"
#include "auth/credentials/credentials.h"
#include "auth/gensec/gensec.h"
struct messaging_context *msg,
struct gensec_security **gensec_security)
{
+ if (ev == NULL) {
+ DEBUG(0, ("No event context available!\n"));
+ return NT_STATUS_INTERNAL_ERROR;
+ }
+
(*gensec_security) = talloc(mem_ctx, struct gensec_security);
NT_STATUS_HAVE_NO_MEMORY(*gensec_security);
(*gensec_security)->subcontext = false;
(*gensec_security)->want_features = 0;
-
- if (ev == NULL) {
- ev = event_context_init(*gensec_security);
- if (ev == NULL) {
- talloc_free(*gensec_security);
- return NT_STATUS_NO_MEMORY;
- }
- }
(*gensec_security)->event_ctx = ev;
(*gensec_security)->msg_ctx = msg;
struct loadparm_context *lp_ctx)
{
NTSTATUS status;
- struct event_context *new_ev = NULL;
-
- if (ev == NULL) {
- new_ev = event_context_init(mem_ctx);
- NT_STATUS_HAVE_NO_MEMORY(new_ev);
- ev = new_ev;
- }
status = gensec_start(mem_ctx, ev, lp_ctx, NULL, gensec_security);
if (!NT_STATUS_IS_OK(status)) {
- talloc_free(new_ev);
return status;
}
- talloc_steal((*gensec_security), new_ev);
(*gensec_security)->gensec_role = GENSEC_CLIENT;
return status;
DEBUG(3, ("No machine account credentials specified\n"));
return NT_STATUS_CANT_ACCESS_DOMAIN_INFO;
} else {
- ret = cli_credentials_get_server_gss_creds(machine_account, gensec_security->lp_ctx, &gcc);
+ ret = cli_credentials_get_server_gss_creds(machine_account,
+ gensec_security->event_ctx,
+ gensec_security->lp_ctx, &gcc);
if (ret) {
DEBUG(1, ("Aquiring acceptor credentials failed: %s\n",
error_message(ret)));
return NT_STATUS_INVALID_PARAMETER;
}
- ret = cli_credentials_get_client_gss_creds(creds, gensec_security->lp_ctx, &gcc);
+ ret = cli_credentials_get_client_gss_creds(creds,
+ gensec_security->event_ctx,
+ gensec_security->lp_ctx, &gcc);
switch (ret) {
case 0:
break;
} else if (!lp_parm_bool(gensec_security->lp_ctx, NULL, "gensec", "require_pac", false)) {
DEBUG(1, ("Unable to find PAC, resorting to local user lookup: %s\n",
gssapi_error_string(mem_ctx, maj_stat, min_stat, gensec_gssapi_state->gss_oid)));
- nt_status = sam_get_server_info_principal(mem_ctx, gensec_security->lp_ctx, principal_string,
+ nt_status = sam_get_server_info_principal(mem_ctx, gensec_security->event_ctx, gensec_security->lp_ctx, principal_string,
&server_info);
if (!NT_STATUS_IS_OK(nt_status)) {
}
/* references the server_info into the session_info */
- nt_status = auth_generate_session_info(mem_ctx, gensec_security->lp_ctx, server_info, &session_info);
+ nt_status = auth_generate_session_info(mem_ctx, gensec_security->event_ctx, gensec_security->lp_ctx, server_info, &session_info);
if (!NT_STATUS_IS_OK(nt_status)) {
talloc_free(mem_ctx);
return nt_status;
return NT_STATUS_NO_MEMORY;
}
- cli_credentials_set_event_context(session_info->credentials, gensec_security->event_ctx);
cli_credentials_set_conf(session_info->credentials, gensec_security->lp_ctx);
/* Just so we don't segfault trying to get at a username */
cli_credentials_set_anonymous(session_info->credentials);
ret = cli_credentials_set_client_gss_creds(session_info->credentials,
+ gensec_security->event_ctx,
gensec_security->lp_ctx,
gensec_gssapi_state->delegated_cred_handle,
CRED_SPECIFIED);
talloc_set_destructor(gensec_krb5_state, gensec_krb5_destroy);
- if (cli_credentials_get_krb5_context(creds, gensec_security->lp_ctx, &gensec_krb5_state->smb_krb5_context)) {
+ if (cli_credentials_get_krb5_context(creds,
+ gensec_security->event_ctx,
+ gensec_security->lp_ctx, &gensec_krb5_state->smb_krb5_context)) {
talloc_free(gensec_krb5_state);
return NT_STATUS_INTERNAL_ERROR;
}
principal = gensec_get_target_principal(gensec_security);
- ret = cli_credentials_get_ccache(gensec_get_credentials(gensec_security), gensec_security->lp_ctx, &ccache_container);
+ ret = cli_credentials_get_ccache(gensec_get_credentials(gensec_security),
+ gensec_security->event_ctx,
+ gensec_security->lp_ctx, &ccache_container);
switch (ret) {
case 0:
break;
}
/* Grab the keytab, however generated */
- ret = cli_credentials_get_keytab(gensec_get_credentials(gensec_security), gensec_security->lp_ctx, &keytab);
+ ret = cli_credentials_get_keytab(gensec_get_credentials(gensec_security),
+ gensec_security->event_ctx,
+ gensec_security->lp_ctx, &keytab);
if (ret) {
return NT_STATUS_CANT_ACCESS_DOMAIN_INFO;
}
DEBUG(5, ("krb5_ticket_get_authorization_data_type failed to find PAC: %s\n",
smb_get_krb5_error_message(context,
ret, mem_ctx)));
- nt_status = sam_get_server_info_principal(mem_ctx, gensec_security->lp_ctx, principal_string,
+ nt_status = sam_get_server_info_principal(mem_ctx, gensec_security->event_ctx, gensec_security->lp_ctx, principal_string,
&server_info);
krb5_free_principal(context, client_principal);
free(principal_string);
}
/* references the server_info into the session_info */
- nt_status = auth_generate_session_info(mem_ctx, gensec_security->lp_ctx, server_info, &session_info);
+ nt_status = auth_generate_session_info(mem_ctx, gensec_security->event_ctx, gensec_security->lp_ctx, server_info, &session_info);
if (!NT_STATUS_IS_OK(nt_status)) {
talloc_free(mem_ctx);
}
/* pull the session key for this client */
- status = schannel_fetch_session_key(out_mem_ctx, gensec_security->lp_ctx, workstation,
+ status = schannel_fetch_session_key(out_mem_ctx, gensec_security->event_ctx,
+ gensec_security->lp_ctx, workstation,
domain, &creds);
if (!NT_STATUS_IS_OK(status)) {
DEBUG(3, ("Could not find session key for attempted schannel connection from %s: %s\n",
struct auth_session_info **_session_info)
{
struct schannel_state *state = talloc_get_type(gensec_security->private_data, struct schannel_state);
- return auth_anonymous_session_info(state, gensec_security->lp_ctx, _session_info);
+ return auth_anonymous_session_info(state, gensec_security->event_ctx, gensec_security->lp_ctx, _session_info);
}
static NTSTATUS schannel_start(struct gensec_security *gensec_security)
/**
connect to the schannel ldb
*/
-struct ldb_context *schannel_db_connect(TALLOC_CTX *mem_ctx, struct loadparm_context *lp_ctx)
+struct ldb_context *schannel_db_connect(TALLOC_CTX *mem_ctx, struct event_context *ev_ctx,
+ struct loadparm_context *lp_ctx)
{
char *path;
struct ldb_context *ldb;
existed = file_exist(path);
- ldb = ldb_wrap_connect(mem_ctx, lp_ctx, path,
+ ldb = ldb_wrap_connect(mem_ctx, ev_ctx, lp_ctx, path,
system_session(mem_ctx, lp_ctx),
NULL, LDB_FLG_NOSYNC, NULL);
talloc_free(path);
}
NTSTATUS schannel_store_session_key(TALLOC_CTX *mem_ctx,
+ struct event_context *ev_ctx,
struct loadparm_context *lp_ctx,
struct creds_CredentialState *creds)
{
NTSTATUS nt_status;
int ret;
- ldb = schannel_db_connect(mem_ctx, lp_ctx);
+ ldb = schannel_db_connect(mem_ctx, ev_ctx, lp_ctx);
if (!ldb) {
return NT_STATUS_ACCESS_DENIED;
}
}
NTSTATUS schannel_fetch_session_key(TALLOC_CTX *mem_ctx,
+ struct event_context *ev_ctx,
struct loadparm_context *lp_ctx,
const char *computer_name,
const char *domain,
NTSTATUS nt_status;
struct ldb_context *ldb;
- ldb = schannel_db_connect(mem_ctx, lp_ctx);
+ ldb = schannel_db_connect(mem_ctx, ev_ctx, lp_ctx);
if (!ldb) {
return NT_STATUS_ACCESS_DENIED;
}
#################################
# Start SUBSYSTEM KERBEROS
[SUBSYSTEM::KERBEROS]
-PRIVATE_PROTO_HEADER = proto.h
PUBLIC_DEPENDENCIES = HEIMDAL_KRB5 NDR_KRB5PAC samba-socket LIBCLI_RESOLVE
PRIVATE_DEPENDENCIES = ASN1_UTIL auth_sam_reply LIBPACKET LIBNDR
# End SUBSYSTEM KERBEROS
#################################
-KERBEROS_OBJ_FILES = $(addprefix auth/kerberos/, \
+KERBEROS_OBJ_FILES = $(addprefix $(authsrcdir)/kerberos/, \
kerberos.o \
clikrb5.o \
kerberos_heimdal.o \
gssapi_parse.o \
krb5_init_context.o)
+$(eval $(call proto_header_template,$(authsrcdir)/kerberos/proto.h,$(KERBEROS_OBJ_FILES:.o=.c)))
+
#include "includes.h"
#include "lib/util/dlinklist.h"
#include "auth/auth.h"
-#include "auth/auth_proto.h"
+#include "auth/ntlm/auth_proto.h"
#include "lib/events/events.h"
-#include "build.h"
#include "param/param.h"
/***************************************************************************
extern NTSTATUS auth_anonymous_init(void);
extern NTSTATUS auth_unix_init(void);
extern NTSTATUS auth_sam_init(void);
+ extern NTSTATUS auth_server_init(void);
init_module_fn static_init[] = { STATIC_auth_MODULES };
#include "includes.h"
#include "auth/auth.h"
-#include "auth/auth_proto.h"
+#include "auth/ntlm/auth_proto.h"
#include "param/param.h"
/**
#include "includes.h"
#include "auth/auth.h"
-#include "auth/auth_proto.h"
+#include "auth/ntlm/auth_proto.h"
#include "libcli/security/security.h"
#include "librpc/gen_ndr/ndr_samr.h"
--- /dev/null
+#ifndef __AUTH_NTLM_AUTH_PROTO_H__
+#define __AUTH_NTLM_AUTH_PROTO_H__
+
+#undef _PRINTF_ATTRIBUTE
+#define _PRINTF_ATTRIBUTE(a1, a2) PRINTF_ATTRIBUTE(a1, a2)
+/* This file was automatically generated by mkproto.pl. DO NOT EDIT */
+
+/* this file contains prototypes for functions that are private
+ * to this subsystem or library. These functions should not be
+ * used outside this particular subsystem! */
+
+
+/* The following definitions come from auth/ntlm/auth.c */
+
+
+/***************************************************************************
+ Set a fixed challenge
+***************************************************************************/
+bool auth_challenge_may_be_modified(struct auth_context *auth_ctx) ;
+const struct auth_operations *auth_backend_byname(const char *name);
+const struct auth_critical_sizes *auth_interface_version(void);
+NTSTATUS server_service_auth_init(void);
+
+/* The following definitions come from auth/ntlm/auth_util.c */
+
+NTSTATUS auth_get_challenge_not_implemented(struct auth_method_context *ctx, TALLOC_CTX *mem_ctx, DATA_BLOB *challenge);
+
+/****************************************************************************
+ Create an auth_usersupplied_data structure after appropriate mapping.
+****************************************************************************/
+NTSTATUS map_user_info(TALLOC_CTX *mem_ctx,
+ const char *default_domain,
+ const struct auth_usersupplied_info *user_info,
+ struct auth_usersupplied_info **user_info_mapped);
+
+/****************************************************************************
+ Create an auth_usersupplied_data structure after appropriate mapping.
+****************************************************************************/
+NTSTATUS encrypt_user_info(TALLOC_CTX *mem_ctx, struct auth_context *auth_context,
+ enum auth_password_state to_state,
+ const struct auth_usersupplied_info *user_info_in,
+ const struct auth_usersupplied_info **user_info_encrypted);
+
+/* The following definitions come from auth/ntlm/auth_simple.c */
+
+#undef _PRINTF_ATTRIBUTE
+#define _PRINTF_ATTRIBUTE(a1, a2)
+
+#endif /* __AUTH_NTLM_AUTH_PROTO_H__ */
+
#include "lib/ldb/include/ldb.h"
#include "util/util_ldb.h"
#include "auth/auth.h"
-#include "auth/auth_proto.h"
+#include "auth/ntlm/ntlm_check.h"
+#include "auth/ntlm/auth_proto.h"
#include "auth/auth_sam.h"
#include "dsdb/samdb/samdb.h"
#include "libcli/security/security.h"
return NT_STATUS_NO_MEMORY;
}
- sam_ctx = samdb_connect(tmp_ctx, ctx->auth_ctx->lp_ctx, system_session(mem_ctx, ctx->auth_ctx->lp_ctx));
+ sam_ctx = samdb_connect(tmp_ctx, ctx->auth_ctx->event_ctx, ctx->auth_ctx->lp_ctx, system_session(mem_ctx, ctx->auth_ctx->lp_ctx));
if (sam_ctx == NULL) {
talloc_free(tmp_ctx);
return NT_STATUS_INVALID_SYSTEM_SERVICE;
--- /dev/null
+/*
+ Unix SMB/CIFS implementation.
+ Authenticate by using a remote server
+ Copyright (C) Andrew Bartlett 2001-2002, 2008
+ Copyright (C) Jelmer Vernooij 2002
+ Copyright (C) Stefan Metzmacher 2005
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; either version 3 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program. If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "auth/auth.h"
+#include "auth/ntlm/auth_proto.h"
+#include "auth/credentials/credentials.h"
+#include "libcli/security/security.h"
+#include "librpc/gen_ndr/ndr_samr.h"
+#include "libcli/smb_composite/smb_composite.h"
+#include "param/param.h"
+#include "libcli/resolve/resolve.h"
+
+/* This version of 'security=server' rewirtten from scratch for Samba4
+ * libraries in 2008 */
+
+
+static NTSTATUS server_want_check(struct auth_method_context *ctx,
+ TALLOC_CTX *mem_ctx,
+ const struct auth_usersupplied_info *user_info)
+{
+ return NT_STATUS_OK;
+}
+/**
+ * The challenge from the target server, when operating in security=server
+ **/
+static NTSTATUS server_get_challenge(struct auth_method_context *ctx, TALLOC_CTX *mem_ctx, DATA_BLOB *_blob)
+{
+ struct smb_composite_connect io;
+ struct smbcli_options smb_options;
+ const char **host_list;
+ NTSTATUS status;
+
+ /* Make a connection to the target server, found by 'password server' in smb.conf */
+
+ lp_smbcli_options(ctx->auth_ctx->lp_ctx, &smb_options);
+
+ /* Make a negprot, WITHOUT SPNEGO, so we get a challenge nice an easy */
+ io.in.options.use_spnego = false;
+
+ /* Hope we don't get * (the default), as this won't work... */
+ host_list = lp_passwordserver(ctx->auth_ctx->lp_ctx);
+ if (!host_list) {
+ return NT_STATUS_INTERNAL_ERROR;
+ }
+ io.in.dest_host = host_list[0];
+ if (strequal(io.in.dest_host, "*")) {
+ return NT_STATUS_INTERNAL_ERROR;
+ }
+ io.in.dest_ports = lp_smb_ports(ctx->auth_ctx->lp_ctx);
+
+ io.in.called_name = strupper_talloc(mem_ctx, io.in.dest_host);
+
+ /* We don't want to get as far as the session setup */
+ io.in.credentials = NULL;
+ io.in.service = NULL;
+
+ io.in.workgroup = ""; /* only used with SPNEGO, disabled above */
+
+ io.in.options = smb_options;
+
+ status = smb_composite_connect(&io, mem_ctx, lp_resolve_context(ctx->auth_ctx->lp_ctx),
+ ctx->auth_ctx->event_ctx);
+ if (!NT_STATUS_IS_OK(status)) {
+ *_blob = io.out.tree->session->transport->negotiate.secblob;
+ ctx->private_data = talloc_steal(ctx, io.out.tree->session);
+ }
+ return NT_STATUS_OK;
+}
+
+/**
+ * Return an error based on username
+ *
+ * This function allows the testing of obsure errors, as well as the generation
+ * of NT_STATUS -> DOS error mapping tables.
+ *
+ * This module is of no value to end-users.
+ *
+ * The password is ignored.
+ *
+ * @return An NTSTATUS value based on the username
+ **/
+
+static NTSTATUS server_check_password(struct auth_method_context *ctx,
+ TALLOC_CTX *mem_ctx,
+ const struct auth_usersupplied_info *user_info,
+ struct auth_serversupplied_info **_server_info)
+{
+ NTSTATUS nt_status;
+ struct auth_serversupplied_info *server_info;
+ struct cli_credentials *creds;
+ const char *user;
+ struct smb_composite_sesssetup session_setup;
+
+ struct smbcli_session *session = talloc_get_type(ctx->private_data, struct smbcli_session);
+
+ creds = cli_credentials_init(mem_ctx);
+
+ NT_STATUS_HAVE_NO_MEMORY(creds);
+
+ cli_credentials_set_username(creds, user_info->client.account_name, CRED_SPECIFIED);
+ cli_credentials_set_domain(creds, user_info->client.domain_name, CRED_SPECIFIED);
+
+ switch (user_info->password_state) {
+ case AUTH_PASSWORD_PLAIN:
+ cli_credentials_set_password(creds, user_info->password.plaintext,
+ CRED_SPECIFIED);
+ break;
+ case AUTH_PASSWORD_HASH:
+ cli_credentials_set_nt_hash(creds, user_info->password.hash.nt,
+ CRED_SPECIFIED);
+ break;
+
+ case AUTH_PASSWORD_RESPONSE:
+ cli_credentials_set_ntlm_response(creds, &user_info->password.response.lanman, &user_info->password.response.nt, CRED_SPECIFIED);
+ break;
+ }
+
+ session_setup.in.sesskey = session->transport->negotiate.sesskey;
+ session_setup.in.capabilities = session->transport->negotiate.capabilities;
+
+ session_setup.in.credentials = creds;
+ session_setup.in.workgroup = ""; /* Only used with SPNEGO, which we are not doing */
+
+ /* Check password with remove server - this should be async some day */
+ nt_status = smb_composite_sesssetup(session, &session_setup);
+
+ if (!NT_STATUS_IS_OK(nt_status)) {
+ return nt_status;
+ }
+
+ server_info = talloc(mem_ctx, struct auth_serversupplied_info);
+ NT_STATUS_HAVE_NO_MEMORY(server_info);
+
+ server_info->account_sid = dom_sid_parse_talloc(server_info, SID_NT_ANONYMOUS);
+ NT_STATUS_HAVE_NO_MEMORY(server_info->account_sid);
+
+ /* is this correct? */
+ server_info->primary_group_sid = dom_sid_parse_talloc(server_info, SID_BUILTIN_GUESTS);
+ NT_STATUS_HAVE_NO_MEMORY(server_info->primary_group_sid);
+
+ server_info->n_domain_groups = 0;
+ server_info->domain_groups = NULL;
+
+ /* annoying, but the Anonymous really does have a session key,
+ and it is all zeros! */
+ server_info->user_session_key = data_blob(NULL, 0);
+ server_info->lm_session_key = data_blob(NULL, 0);
+
+ server_info->account_name = talloc_strdup(server_info, user_info->client.account_name);
+ NT_STATUS_HAVE_NO_MEMORY(server_info->account_name);
+
+ server_info->domain_name = talloc_strdup(server_info, user_info->client.domain_name);
+ NT_STATUS_HAVE_NO_MEMORY(server_info->domain_name);
+
+ server_info->full_name = NULL;
+
+ server_info->logon_script = talloc_strdup(server_info, "");
+ NT_STATUS_HAVE_NO_MEMORY(server_info->logon_script);
+
+ server_info->profile_path = talloc_strdup(server_info, "");
+ NT_STATUS_HAVE_NO_MEMORY(server_info->profile_path);
+
+ server_info->home_directory = talloc_strdup(server_info, "");
+ NT_STATUS_HAVE_NO_MEMORY(server_info->home_directory);
+
+ server_info->home_drive = talloc_strdup(server_info, "");
+ NT_STATUS_HAVE_NO_MEMORY(server_info->home_drive);
+
+ server_info->last_logon = 0;
+ server_info->last_logoff = 0;
+ server_info->acct_expiry = 0;
+ server_info->last_password_change = 0;
+ server_info->allow_password_change = 0;
+ server_info->force_password_change = 0;
+
+ server_info->logon_count = 0;
+ server_info->bad_password_count = 0;
+
+ server_info->acct_flags = ACB_NORMAL;
+
+ server_info->authenticated = false;
+
+ *_server_info = server_info;
+
+ return nt_status;
+}
+
+static const struct auth_operations server_auth_ops = {
+ .name = "server",
+ .get_challenge = server_get_challenge,
+ .want_check = server_want_check,
+ .check_password = server_check_password
+};
+
+_PUBLIC_ NTSTATUS auth_server_init(void)
+{
+ NTSTATUS ret;
+
+ ret = auth_register(&server_auth_ops);
+ if (!NT_STATUS_IS_OK(ret)) {
+ DEBUG(0,("Failed to register 'server' auth backend!\n"));
+ return ret;
+ }
+
+ return ret;
+}
}
if (session_info) {
- nt_status = auth_generate_session_info(tmp_ctx, lp_ctx, server_info, session_info);
+ nt_status = auth_generate_session_info(tmp_ctx, ev, lp_ctx, server_info, session_info);
if (NT_STATUS_IS_OK(nt_status)) {
talloc_steal(mem_ctx, *session_info);
#include "includes.h"
#include "auth/auth.h"
-#include "auth/auth_proto.h"
+#include "auth/ntlm/auth_proto.h"
#include "system/passwd.h" /* needed by some systems for struct passwd */
#include "lib/socket/socket.h"
-#include "auth/pam_errors.h"
+#include "auth/ntlm/pam_errors.h"
#include "param/param.h"
/* TODO: look at how to best fill in parms retrieveing a struct passwd info
#include "includes.h"
#include "auth/auth.h"
-#include "auth/auth_proto.h"
+#include "auth/ntlm/auth_proto.h"
#include "auth/session_proto.h"
#include "nsswitch/winbind_client.h"
#include "librpc/gen_ndr/ndr_netlogon.h"
--- /dev/null
+# NTLM auth server subsystem
+
+[SUBSYSTEM::ntlm_check]
+PRIVATE_DEPENDENCIES = LIBSAMBA-UTIL
+
+ntlm_check_OBJ_FILES = $(addprefix $(authsrcdir)/ntlm/, ntlm_check.o)
+
+#######################
+# Start MODULE auth_sam
+[MODULE::auth_sam_module]
+# gensec_krb5 and gensec_gssapi depend on it
+INIT_FUNCTION = auth_sam_init
+SUBSYSTEM = auth
+PRIVATE_DEPENDENCIES = \
+ SAMDB auth_sam ntlm_check
+# End MODULE auth_sam
+#######################
+
+auth_sam_module_OBJ_FILES = $(addprefix $(authsrcdir)/ntlm/, auth_sam.o)
+
+#######################
+# Start MODULE auth_anonymous
+[MODULE::auth_anonymous]
+INIT_FUNCTION = auth_anonymous_init
+SUBSYSTEM = auth
+# End MODULE auth_anonymous
+#######################
+
+auth_anonymous_OBJ_FILES = $(addprefix $(authsrcdir)/ntlm/, auth_anonymous.o)
+
+#######################
+# Start MODULE auth_anonymous
+[MODULE::auth_server]
+INIT_FUNCTION = auth_server_init
+SUBSYSTEM = auth
+PRIVATE_DEPENDENCIES = LIBSAMBA-UTIL LIBCLI_SMB
+OUTPUT_TYPE = SHARED_LIBRARY
+# End MODULE auth_server
+#######################
+
+auth_server_OBJ_FILES = $(addprefix $(authsrcdir)/ntlm/, auth_server.o)
+
+#######################
+# Start MODULE auth_winbind
+[MODULE::auth_winbind]
+INIT_FUNCTION = auth_winbind_init
+SUBSYSTEM = auth
+PRIVATE_DEPENDENCIES = NDR_WINBIND MESSAGING LIBWINBIND-CLIENT
+# End MODULE auth_winbind
+#######################
+
+auth_winbind_OBJ_FILES = $(addprefix $(authsrcdir)/ntlm/, auth_winbind.o)
+
+#######################
+# Start MODULE auth_developer
+[MODULE::auth_developer]
+INIT_FUNCTION = auth_developer_init
+SUBSYSTEM = auth
+# End MODULE auth_developer
+#######################
+
+auth_developer_OBJ_FILES = $(addprefix $(authsrcdir)/ntlm/, auth_developer.o)
+
+[MODULE::auth_unix]
+INIT_FUNCTION = auth_unix_init
+SUBSYSTEM = auth
+PRIVATE_DEPENDENCIES = CRYPT PAM PAM_ERRORS NSS_WRAPPER
+
+auth_unix_OBJ_FILES = $(addprefix $(authsrcdir)/ntlm/, auth_unix.o)
+
+[SUBSYSTEM::PAM_ERRORS]
+
+#VERSION = 0.0.1
+#SO_VERSION = 0
+PAM_ERRORS_OBJ_FILES = $(addprefix $(authsrcdir)/ntlm/, pam_errors.o)
+
+[MODULE::auth]
+INIT_FUNCTION = server_service_auth_init
+SUBSYSTEM = service
+PRIVATE_DEPENDENCIES = LIBSAMBA-UTIL LIBSECURITY SAMDB CREDENTIALS
+
+auth_OBJ_FILES = $(addprefix $(authsrcdir)/ntlm/, auth.o auth_util.o auth_simple.o)
+$(eval $(call proto_header_template,$(authsrcdir)/auth_proto.h,$(auth_OBJ_FILES:.o=.c)))
+
+# PUBLIC_HEADERS += auth/auth.h
+
#include "librpc/gen_ndr/netlogon.h"
#include "libcli/auth/libcli_auth.h"
#include "param/param.h"
+#include "auth/ntlm/ntlm_check.h"
/****************************************************************************
Core of smb password checking routine.
--- /dev/null
+/*
+ Unix SMB/CIFS implementation.
+ Password and authentication handling
+ Copyright (C) Andrew Bartlett <abartlet@samba.org> 2001-2004
+ Copyright (C) Gerald Carter 2003
+ Copyright (C) Luke Kenneth Casson Leighton 1996-2000
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; either version 3 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program. If not, see <http://www.gnu.org/licenses/>.
+*/
+
+
+/**
+ * Compare password hashes against those from the SAM
+ *
+ * @param mem_ctx talloc context
+ * @param client_lanman LANMAN password hash, as supplied by the client
+ * @param client_nt NT (MD4) password hash, as supplied by the client
+ * @param username internal Samba username, for log messages
+ * @param client_username username the client used
+ * @param client_domain domain name the client used (may be mapped)
+ * @param stored_lanman LANMAN password hash, as stored on the SAM
+ * @param stored_nt NT (MD4) password hash, as stored on the SAM
+ * @param user_sess_key User session key
+ * @param lm_sess_key LM session key (first 8 bytes of the LM hash)
+ */
+
+NTSTATUS hash_password_check(TALLOC_CTX *mem_ctx,
+ struct loadparm_context *lp_ctx,
+ const struct samr_Password *client_lanman,
+ const struct samr_Password *client_nt,
+ const char *username,
+ const struct samr_Password *stored_lanman,
+ const struct samr_Password *stored_nt);
+
+/**
+ * Check a challenge-response password against the value of the NT or
+ * LM password hash.
+ *
+ * @param mem_ctx talloc context
+ * @param challenge 8-byte challenge. If all zero, forces plaintext comparison
+ * @param nt_response 'unicode' NT response to the challenge, or unicode password
+ * @param lm_response ASCII or LANMAN response to the challenge, or password in DOS code page
+ * @param username internal Samba username, for log messages
+ * @param client_username username the client used
+ * @param client_domain domain name the client used (may be mapped)
+ * @param stored_lanman LANMAN ASCII password from our passdb or similar
+ * @param stored_nt MD4 unicode password from our passdb or similar
+ * @param user_sess_key User session key
+ * @param lm_sess_key LM session key (first 8 bytes of the LM hash)
+ */
+
+NTSTATUS ntlm_password_check(TALLOC_CTX *mem_ctx,
+ struct loadparm_context *lp_ctx,
+ uint32_t logon_parameters,
+ const DATA_BLOB *challenge,
+ const DATA_BLOB *lm_response,
+ const DATA_BLOB *nt_response,
+ const char *username,
+ const char *client_username,
+ const char *client_domain,
+ const struct samr_Password *stored_lanman,
+ const struct samr_Password *stored_nt,
+ DATA_BLOB *user_sess_key,
+ DATA_BLOB *lm_sess_key);
--- /dev/null
+/*
+ * Unix SMB/CIFS implementation.
+ * PAM error mapping functions
+ * Copyright (C) Andrew Bartlett 2002
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+#ifndef __AUTH_NTLM_PAM_ERRORS_H__
+#define __AUTH_NTLM_PAM_ERRORS_H__
+
+/* The following definitions come from auth/pam_errors.c */
+
+
+/*****************************************************************************
+convert a PAM error to a NT status32 code
+ *****************************************************************************/
+NTSTATUS pam_to_nt_status(int pam_error);
+
+/*****************************************************************************
+convert an NT status32 code to a PAM error
+ *****************************************************************************/
+int nt_status_to_pam(NTSTATUS nt_status);
+
+/*****************************************************************************
+convert a PAM error to a NT status32 code
+ *****************************************************************************/
+NTSTATUS pam_to_nt_status(int pam_error);
+
+/*****************************************************************************
+convert an NT status32 code to a PAM error
+ *****************************************************************************/
+int nt_status_to_pam(NTSTATUS nt_status);
+
+#endif /* __AUTH_NTLM_PAM_ERRORS_H__ */
+
[SUBSYSTEM::MSRPC_PARSE]
-PRIVATE_PROTO_HEADER = msrpc_parse.h
-MSRPC_PARSE_OBJ_FILES = $(addprefix auth/ntlmssp/, ntlmssp_parse.o)
+MSRPC_PARSE_OBJ_FILES = $(addprefix $(authsrcdir)/ntlmssp/, ntlmssp_parse.o)
+
+$(eval $(call proto_header_template,$(authsrcdir)/ntlmssp/msrpc_parse.h,$(MSRPC_PARSE_OBJ_FILES:.o=.c)))
################################################
# Start MODULE gensec_ntlmssp
[MODULE::gensec_ntlmssp]
SUBSYSTEM = gensec
INIT_FUNCTION = gensec_ntlmssp_init
-PRIVATE_PROTO_HEADER = proto.h
-PRIVATE_DEPENDENCIES = MSRPC_PARSE CREDENTIALS
+PRIVATE_DEPENDENCIES = MSRPC_PARSE CREDENTIALS auth
OUTPUT_TYPE = MERGED_OBJ
# End MODULE gensec_ntlmssp
################################################
-gensec_ntlmssp_OBJ_FILES = $(addprefix auth/ntlmssp/, ntlmssp.o ntlmssp_sign.o ntlmssp_client.o ntlmssp_server.o)
+gensec_ntlmssp_OBJ_FILES = $(addprefix $(authsrcdir)/ntlmssp/, ntlmssp.o ntlmssp_sign.o ntlmssp_client.o ntlmssp_server.o)
+
+$(eval $(call proto_header_template,$(authsrcdir)/ntlmssp/proto.h,$(gensec_ntlmssp_OBJ_FILES:.o=.c)))
#include "auth/gensec/gensec.h"
#include "auth/gensec/gensec_proto.h"
#include "auth/auth.h"
-#include "auth/auth_proto.h"
+#include "auth/ntlm/auth_proto.h"
#include "param/param.h"
/**
#include "auth/credentials/credentials.h"
#include "auth/gensec/gensec.h"
#include "auth/auth.h"
-#include "auth/auth_proto.h"
+#include "auth/ntlm/auth_proto.h"
#include "param/param.h"
#include "auth/session_proto.h"
NTSTATUS nt_status;
struct gensec_ntlmssp_state *gensec_ntlmssp_state = (struct gensec_ntlmssp_state *)gensec_security->private_data;
- nt_status = auth_generate_session_info(gensec_ntlmssp_state, gensec_security->lp_ctx, gensec_ntlmssp_state->server_info, session_info);
+ nt_status = auth_generate_session_info(gensec_ntlmssp_state, gensec_security->event_ctx, gensec_security->lp_ctx, gensec_ntlmssp_state->server_info, session_info);
NT_STATUS_NOT_OK_RETURN(nt_status);
(*session_info)->session_key = data_blob_talloc(*session_info,
/* Used in the gensec_gssapi and gensec_krb5 server-side code, where the PAC isn't available */
NTSTATUS sam_get_server_info_principal(TALLOC_CTX *mem_ctx,
+ struct event_context *event_ctx,
struct loadparm_context *lp_ctx,
const char *principal,
struct auth_serversupplied_info **server_info)
return NT_STATUS_NO_MEMORY;
}
- sam_ctx = samdb_connect(tmp_ctx, lp_ctx, system_session(tmp_ctx, lp_ctx));
+ sam_ctx = samdb_connect(tmp_ctx, event_ctx, lp_ctx, system_session(tmp_ctx, lp_ctx));
if (sam_ctx == NULL) {
talloc_free(tmp_ctx);
return NT_STATUS_INVALID_SYSTEM_SERVICE;
#include "auth/session_proto.h"
_PUBLIC_ struct auth_session_info *anonymous_session(TALLOC_CTX *mem_ctx,
+ struct event_context *event_ctx,
struct loadparm_context *lp_ctx)
{
NTSTATUS nt_status;
struct auth_session_info *session_info = NULL;
- nt_status = auth_anonymous_session_info(mem_ctx, lp_ctx, &session_info);
+ nt_status = auth_anonymous_session_info(mem_ctx, event_ctx, lp_ctx, &session_info);
if (!NT_STATUS_IS_OK(nt_status)) {
return NULL;
}
}
_PUBLIC_ NTSTATUS auth_anonymous_session_info(TALLOC_CTX *parent_ctx,
+ struct event_context *event_ctx,
struct loadparm_context *lp_ctx,
struct auth_session_info **_session_info)
{
}
/* references the server_info into the session_info */
- nt_status = auth_generate_session_info(parent_ctx, lp_ctx, server_info, &session_info);
+ nt_status = auth_generate_session_info(parent_ctx, event_ctx, lp_ctx, server_info, &session_info);
talloc_free(mem_ctx);
NT_STATUS_NOT_OK_RETURN(nt_status);
}
_PUBLIC_ NTSTATUS auth_generate_session_info(TALLOC_CTX *mem_ctx,
+ struct event_context *event_ctx,
struct loadparm_context *lp_ctx,
struct auth_serversupplied_info *server_info,
struct auth_session_info **_session_info)
session_info->session_key = server_info->user_session_key;
nt_status = security_token_create(session_info,
+ event_ctx,
lp_ctx,
server_info->account_sid,
server_info->primary_group_sid,
/*
Unix SMB/CIFS implementation.
- Auth session handling
+ Process and provide the logged on user's authorization token
Copyright (C) Andrew Bartlett 2001
Copyright (C) Stefan Metzmacher 2005
#include "librpc/gen_ndr/netlogon.h"
-struct auth_session_info *system_session_anon(TALLOC_CTX *mem_ctx, struct loadparm_context *lp_ctx);
+/* Create a security token for a session SYSTEM (the most
+ * trusted/prvilaged account), including the local machine account as
+ * the off-host credentials */
struct auth_session_info *system_session(TALLOC_CTX *mem_ctx, struct loadparm_context *lp_ctx) ;
+
+/*
+ * Create a system session, but with anonymous credentials (so we do
+ * not need to open secrets.ldb)
+ */
+struct auth_session_info *system_session_anon(TALLOC_CTX *mem_ctx, struct loadparm_context *lp_ctx);
+
+
NTSTATUS auth_anonymous_server_info(TALLOC_CTX *mem_ctx,
const char *netbios_name,
struct auth_serversupplied_info **_server_info) ;
NTSTATUS auth_generate_session_info(TALLOC_CTX *mem_ctx,
+ struct event_context *event_ctx,
struct loadparm_context *lp_ctx,
struct auth_serversupplied_info *server_info,
struct auth_session_info **_session_info) ;
union netr_Validation *validation,
struct auth_serversupplied_info **_server_info);
NTSTATUS auth_anonymous_session_info(TALLOC_CTX *parent_ctx,
+ struct event_context *ev_ctx,
struct loadparm_context *lp_ctx,
struct auth_session_info **_session_info);
struct auth_session_info *anonymous_session(TALLOC_CTX *mem_ctx,
+ struct event_context *event_ctx,
struct loadparm_context *lp_ctx);
-/**
- Create a system session, with machine account credentials
-*/
+/* Create a security token for a session SYSTEM (the most
+ * trusted/prvilaged account), including the local machine account as
+ * the off-host credentials
+ */
_PUBLIC_ struct auth_session_info *system_session(TALLOC_CTX *mem_ctx, struct loadparm_context *lp_ctx)
{
NTSTATUS nt_status;
"""
import unittest
-import auth
+from samba import auth
class AuthTests(unittest.TestCase):
def test_system_session(self):
ac_cv_shmod_works=yes
rm -f shlib.${SHLIBEXT} shlib.o
])
- if test $ac_cv_shlib_works = no -o $ac_cv_shmod_works = no; then
- BLDSHARED=false
+ if test $ac_cv_shlib_works = no; then
+ AC_MSG_ERROR(unable to build shared libraries)
+ fi
+ if test $ac_cv_shmod_works = no; then
+ AC_MSG_ERROR(unable to build shared modules)
fi
-fi
-
-if test $BLDSHARED != true; then
- SHLD="shared-libraries-disabled"
- SHLD_FLAGS="shared-libraries-disabled"
- MDLD="shared-modules-disabled"
- MDLD_FLAGS="shared-modules-disabled"
- SHLIBEXT="shared_libraries_disabled"
- SONAMEFLAG="shared-libraries-disabled"
- PICFLAG=""
- AC_MSG_CHECKING([SHLD])
- AC_MSG_RESULT([$SHLD])
- AC_MSG_CHECKING([SHLD_FLAGS])
- AC_MSG_RESULT([$SHLD_FLAGS])
-
- AC_MSG_CHECKING([MDLD])
- AC_MSG_RESULT([$MDLD])
- AC_MSG_CHECKING([MDLD_FLAGS])
- AC_MSG_RESULT([$MDLD_FLAGS])
-
- AC_MSG_CHECKING([SHLIBEXT])
- AC_MSG_RESULT([$SHLIBEXT])
- AC_MSG_CHECKING([SONAMEFLAG])
- AC_MSG_RESULT([$SONAMEFLAG])
-
- AC_MSG_CHECKING([PICFLAG])
- AC_MSG_RESULT([$PICFLAG])
fi
AC_DEFINE_UNQUOTED(SHLIBEXT, "$SHLIBEXT", [Shared library extension])
dnl
dnl SMB_INCLUDE_MK(file)
dnl
+dnl SMB_WRITE_MAKEVARS(file)
+dnl
+dnl SMB_WRITE_PERLVARS(file)
+dnl
dnl #######################################################
dnl ### And now the implementation ###
dnl #######################################################
"
])
-dnl SMB_LIBRARY(name,obj_files,required_subsystems,version,so_version,cflags,ldflags)
+dnl SMB_LIBRARY(name,obj_files,required_subsystems,cflags,ldflags)
AC_DEFUN([SMB_LIBRARY],
[
MAKE_SETTINGS="$MAKE_SETTINGS
$1_CFLAGS = $6
$1_LDFLAGS = $7
-$1_ENABLE = YES
+n1_ENABLE = YES
$1_OBJ_FILES = $2
"
SMB_INFO_ENABLES="$SMB_INFO_ENABLES
\$enabled{$1} = \"$2\";"
])
+
+dnl SMB_WRITE_MAKEVARS(path)
+AC_DEFUN([SMB_WRITE_MAKEVARS],
+[
+echo "configure: creating $1"
+cat >$1<<CEOF
+# $1 - Autogenerated by configure, DO NOT EDIT!
+AC_FOREACH([AC_Var], m4_defn([_AC_SUBST_VARS]), [
+AC_Var = $AC_Var])
+$MAKE_SETTINGS
+CEOF
+])
+
+dnl SMB_WRITE_PERLVARS(path)
+AC_DEFUN([SMB_WRITE_PERLVARS],
+[
+echo "configure: creating $1"
+cat >$1<<CEOF
+# config.pm - Autogenerate by configure. DO NOT EDIT!
+
+package config;
+require Exporter;
+@ISA = qw(Exporter);
+@EXPORT_OK = qw(%enabled %config);
+use strict;
+
+use vars qw(%enabled %config);
+
+%config = (AC_FOREACH([AC_Var], m4_defn([_AC_SUBST_VARS]), [
+ AC_Var => '$AC_Var',])
+);
+
+$SMB_INFO_ENABLES
+1;
+CEOF
+])
+
+dnl SMB_BUILD_RUN(OUTPUT_FILE)
+AC_DEFUN([SMB_BUILD_RUN],
+[
+AC_OUTPUT_COMMANDS(
+[
+test "x$ac_abs_srcdir" != "x$ac_abs_builddir" && (
+ cd $builddir;
+ # NOTE: We *must* use -R so we don't follow symlinks (at least on BSD
+ # systems).
+ test -d heimdal || cp -R $srcdir/heimdal $builddir/
+ test -d heimdal_build || cp -R $srcdir/heimdal_build $builddir/
+ test -d build || builddir="$builddir" \
+ srcdir="$srcdir" \
+ $PERL ${srcdir}/script/buildtree.pl
+ )
+
+$PERL -I${builddir} -I${builddir}/build \
+ -I${srcdir} -I${srcdir}/build \
+ ${srcdir}/build/smb_build/main.pl --output=$1 main.mk || exit $?
+],
+[
+srcdir="$srcdir"
+builddir="$builddir"
+PERL="$PERL"
+
+export PERL
+export srcdir
+export builddir
+])
+])
pythonbuilddir = $(builddir)/bin/python
+installpython::
+ mkdir -p $(DESTDIR)$(pythondir)
+
# Install Python
# Arguments: Module path
define python_module_template
installpython:: $$(pythonbuilddir)/$(1) ;
- cp $$< $$(DESTDIR)$$(PYTHONDIR)/$(1)
+ mkdir -p $$(DESTDIR)$$(pythondir)/$$(dir $(1))
+ cp $$< $$(DESTDIR)$$(pythondir)/$(1)
uninstallpython::
- rm -f $$(DESTDIR)$$(PYTHONDIR)/$(1) ;
+ rm -f $$(DESTDIR)$$(pythondir)/$(1) ;
pythonmods:: $$(pythonbuilddir)/$(1) ;
endef
# Python C module
-# Arguments: Module path, object files
+# Arguments: File name, dependencies, link list
define python_c_module_template
$$(pythonbuilddir)/$(1): $(2) ;
# Swig extensions
swig:: pythonmods
-.SUFFIXES: _wrap.c .i
+.SUFFIXES: _wrap.c .i .py
-.i_wrap.c:
+%_wrap.c %.py: %.i
[ "$(SWIG)" == "no" ] || $(SWIG) -O -Wall -I$(srcdir)/scripting/swig -python -keyword $<
realdistclean::
@echo Removing generated files
@-rm -f bin/*_init_module.c
@-rm -rf librpc/gen_*
- @echo Removing proto headers
- @-rm -f $(PROTO_HEADERS)
distclean:: clean
-rm -f include/config.h include/config_tmp.h include/build.h
@mkdir -p $(@D)
@$(STLD) $(STLD_FLAGS) $@ $^
-###############################################################################
-# Templates
-###############################################################################
-
-# Partially link
-# Arguments: target object file, source object files
-define partial_link_template
-$(1): $(2) ;
- @echo Partially linking $$@
- @mkdir -p $$(@D)
- $$(PARTLINK) -o $$@ $$^
-endef
-
-# Link a binary
-# Arguments: target file, depends, flags
-define binary_link_template
-$(1): $(2) ;
- @echo Linking $$@
- @$$(BNLD) $$(BNLD_FLAGS) $$(INTERN_LDFLAGS) -o $$@ $$(INSTALL_LINK_FLAGS) $(3)
-endef
-
-# Link a host-machine binary
-# Arguments: target file, depends, flags
-define host_binary_link_template
-$(1): $(2) ;
- @echo Linking $$@
- @$$(HOSTLD) $$(HOSTLD_FLAGS) -L$${builddir}/bin/static -o $$@ $$(INSTALL_LINK_FLAGS) $(3)
-endef
-
-# Create a prototype header
-# Arguments: header file, c files
-define proto_header_template
-$(1): $(2) ;
- @echo "Creating $$@"
- @$$(PERL) $$(srcdir)/script/mkproto.pl --srcdir=$$(srcdir) --builddir=$$(builddir) --public=/dev/null --private=$$@ $$^
-endef
-
-# Shared module
-# Arguments: Target, dependencies, objects
-define shared_module_template
-
-$(1): $(2) ;
- @echo Linking $$@
- @mkdir -p $$(@D)
- @$$(MDLD) $$(LDFLAGS) $$(MDLD_FLAGS) $$(INTERN_LDFLAGS) -o $$@ $$(INSTALL_LINK_FLAGS) $(3)
-
-endef
-
-# Shared library
-# Arguments: Target, dependencies, link flags, soname
-define shared_library_template
-$(1): $(2)
- @echo Linking $$@
- @mkdir -p $$(@D)
- @$$(SHLD) $$(LDFLAGS) $$(SHLD_FLAGS) $$(INTERN_LDFLAGS) -o $$@ $$(INSTALL_LINK_FLAGS) \
- $(3) \
- $$(if $$(SONAMEFLAG), $$(SONAMEFLAG)$(notdir $(4)))
-
-ifneq ($(notdir $(1)),$(notdir $(4)))
-$(4): $(1)
- @echo "Creating symbolic link for $$@"
- @ln -fs $$(<F) $$@
-endif
-
-ifneq ($(notdir $(1)),$(notdir $(5)))
-$(5): $(1)
- @echo "Creating symbolic link for $$@"
- @ln -fs $$(<F) $$@
-endif
-endef
-
-# Shared alias
-# Arguments: Target, subsystem name, alias name
-define shared_module_alias_template
-bin/modules/$(2)/$(3).$$(SHLIBEXT): $(1)
- @ln -fs $$(<F) $$@
-
-PLUGINS += bin/modules/$(2)/$(3).$$(SHLIBEXT)
-
-uninstallplugins::
- @-rm $$(DESTDIR)$$(modulesdir)/$(2)/$(3).$$(SHLIBEXT)
-installplugins::
- @ln -fs $(1) $$(DESTDIR)$$(modulesdir)/$(2)/$(3).$$(SHLIBEXT)
-
-endef
-
-define shared_module_install_template
-installplugins:: bin/modules/$(1)/$(2)
- @echo Installing$(2) as $$(DESTDIR)$$(modulesdir)/$(1)/$(2)
- @mkdir -p $$(DESTDIR)$$(modulesdir)/$(1)/
- @cp bin/modules/$(1)/$(2) $$(DESTDIR)$$(modulesdir)/$(1)/$(2)
-uninstallplugins::
- @echo Uninstalling $$(DESTDIR)$$(modulesdir)/$(1)/$(2)
- @-rm $$(DESTDIR)$$(modulesdir)/$(1)/$(2)
-
-endef
+include build/make/templates.mk
###############################################################################
# File types
@echo "Compiling $<"
@-mkdir -p `dirname $@`
@$(COMPILE) && exit 0 ; \
- $(COMPILE)
-
+ echo "The following command failed:" 1>&2;\
+ echo "$(subst ",\",$(COMPILE))" 1>&2 && exit 1
.c.ho:
@-mkdir -p `dirname $@`
@$(HCOMPILE) && exit 0;\
echo "The following command failed:" 1>&2;\
- echo "$(HCOMPILE)" 1>&2;\
+ echo "$(subst ",\",$(HCOMPILE))" 1>&2;\
$(HCOMPILE) >/dev/null 2>&1
.h.h.gch:
.l.c:
@echo "Building $< with $(LEX)"
- @-$(make_utility_dir)/script/lex_compile.sh "$(LEX)" "$<" "$@"
+ @-$(make_utility_dir)/lex_compile.sh "$(LEX)" "$<" "$@"
%.a:
@echo Linking $@
--- /dev/null
+# Templates file for Samba 4
+# This relies on GNU make.
+#
+# © 2008 Jelmer Vernooij <jelmer@samba.org>
+#
+###############################################################################
+# Templates
+###############################################################################
+
+# Partially link
+# Arguments: target object file, source object files
+define partial_link_template
+$(1): $(2) ;
+ @echo Partially linking $$@
+ @mkdir -p $$(@D)
+ $$(PARTLINK) -o $$@ $$^
+endef
+
+# Link a binary
+# Arguments: target file, depends, flags
+define binary_link_template
+$(1): $(2) ;
+ @echo Linking $$@
+ @$$(BNLD) $$(BNLD_FLAGS) $$(INTERN_LDFLAGS) -o $$@ $$(INSTALL_LINK_FLAGS) $(3)
+endef
+
+# Link a host-machine binary
+# Arguments: target file, depends, flags
+define host_binary_link_template
+$(1): $(2) ;
+ @echo Linking $$@
+ @$$(HOSTLD) $$(HOSTLD_FLAGS) -L$${builddir}/bin/static -o $$@ $$(INSTALL_LINK_FLAGS) $(3)
+endef
+
+# Create a prototype header
+# Arguments: header file, c files
+define proto_header_template
+
+proto:: $(1) ;
+
+clean:: ;
+ rm -f $(1)
+
+$(1): $(2) ;
+ @echo "Creating $$@"
+ @$$(PERL) $$(srcdir)/script/mkproto.pl --srcdir=$$(srcdir) --builddir=$$(builddir) --public=/dev/null --private=$$@ $$^
+
+endef
+
+# Shared module
+# Arguments: Target, dependencies, objects
+define shared_module_template
+
+$(1): $(2) ;
+ @echo Linking $$@
+ @mkdir -p $$(@D)
+ @$$(MDLD) $$(LDFLAGS) $$(MDLD_FLAGS) $$(INTERN_LDFLAGS) -o $$@ $$(INSTALL_LINK_FLAGS) $(3)
+
+endef
+
+# Shared library
+# Arguments: Target, dependencies, link flags, soname
+define shared_library_template
+$(1): $(2)
+ @echo Linking $$@
+ @mkdir -p $$(@D)
+ @$$(SHLD) $$(LDFLAGS) $$(SHLD_FLAGS) $$(INTERN_LDFLAGS) -o $$@ $$(INSTALL_LINK_FLAGS) \
+ $(3) \
+ $$(if $$(SONAMEFLAG), $$(SONAMEFLAG)$(notdir $(4)))
+
+ifneq ($(notdir $(1)),$(notdir $(4)))
+$(4): $(1)
+ @echo "Creating symbolic link for $$@"
+ @ln -fs $$(<F) $$@
+endif
+
+ifneq ($(notdir $(1)),$(notdir $(5)))
+$(5): $(1)
+ @echo "Creating symbolic link for $$@"
+ @ln -fs $$(<F) $$@
+endif
+endef
+
+# Shared alias
+# Arguments: Target, subsystem name, alias name
+define shared_module_alias_template
+bin/modules/$(2)/$(3).$$(SHLIBEXT): $(1)
+ @ln -fs $$(<F) $$@
+
+PLUGINS += bin/modules/$(2)/$(3).$$(SHLIBEXT)
+
+uninstallplugins::
+ @-rm $$(DESTDIR)$$(modulesdir)/$(2)/$(3).$$(SHLIBEXT)
+installplugins::
+ @ln -fs $(notdir $(1)) $$(DESTDIR)$$(modulesdir)/$(2)/$(3).$$(SHLIBEXT)
+
+endef
+
+define shared_module_install_template
+installplugins:: bin/modules/$(1)/$(2)
+ @echo Installing $(2) as $$(DESTDIR)$$(modulesdir)/$(1)/$(2)
+ @mkdir -p $$(DESTDIR)$$(modulesdir)/$(1)/
+ @cp bin/modules/$(1)/$(2) $$(DESTDIR)$$(modulesdir)/$(1)/$(2)
+uninstallplugins::
+ @echo Uninstalling $$(DESTDIR)$$(modulesdir)/$(1)/$(2)
+ @-rm $$(DESTDIR)$$(modulesdir)/$(1)/$(2)
+
+endef
"LDFLAGS" => "list",
},
"PYTHON" => {
- SWIG_FILE => "string",
+ "LIBRARY_REALNAME" => "string",
"PRIVATE_DEPENDENCIES" => "list",
"PUBLIC_DEPENDENCIES" => "list",
"ENABLE" => "bool",
"ENABLE" => "bool",
- "PRIVATE_PROTO_HEADER" => "string",
-
"CFLAGS" => "list",
"LDFLAGS" => "list",
"STANDARD_VISIBILITY" => "string",
"OUTPUT_TYPE" => "list",
- "PRIVATE_PROTO_HEADER" => "string",
-
"CFLAGS" => "list"
},
"BINARY" => {
"ENABLE" => "bool",
"INSTALLDIR" => "string",
- "PRIVATE_PROTO_HEADER" => "string",
-
"CFLAGS" => "list",
"LDFLAGS" => "list",
"STANDARD_VISIBILITY" => "string",
"ENABLE" => "bool",
- "PRIVATE_PROTO_HEADER" => "string",
-
"CFLAGS" => "list",
"LDFLAGS" => "list",
"STANDARD_VISIBILITY" => "string"
@parsed_files = ();
-sub _read_config_file
+sub _read_config_file($$$)
{
- use File::Basename;
use Cwd;
- my $srcdir = shift;
- my $builddir = shift;
- my $filename = shift;
+ my ($srcdir, $builddir, $filename) = @_;
my @dirlist;
# We need to change our working directory because config.mk files can
$prev = "";
}
- if ($line =~ /^\[([-a-zA-Z0-9_:]+)\][\t ]*$/)
+ if ($line =~ /^\[([-a-zA-Z0-9_.:]+)\][\t ]*$/)
{
$section = $1;
$infragment = 0;
$infragment = 1;
next;
}
-
# Assignment
if ($line =~ /^([a-zA-Z0-9_]+)[\t ]*=(.*)$/) {
next;
}
- die("$parsing_file:$linenum: Bad line while parsing $parsing_file");
+ die("$parsing_file:$linenum: Bad line");
}
$makefile .= "# }END $parsing_file\n";
foreach my $part (values %{$depend}) {
next if (defined($only) and not contains($only,$part->{NAME}));
foreach my $elem (@{$part->{PUBLIC_DEPENDENCIES}}) {
- $res .= "\t\"$part->{NAME}\" -> \"$elem\"; /* public */\n";
+ $res .= "\t\"$part->{NAME}\" -> \"$elem\" [style=filled]; /* public */\n";
}
foreach my $elem (@{$part->{PRIVATE_DEPENDENCIES}}) {
- $res .= "\t\"$part->{NAME}\" -> \"$elem\"; /* private */\n";
+ $res .= "\t\"$part->{NAME}\" -> \"$elem\" [style=dotted]; /* private */\n";
}
}
+++ /dev/null
-# SMB Build System
-# - create output for build.h
-#
-# Copyright (C) Stefan (metze) Metzmacher 2004
-# Copyright (C) Jelmer Vernooij 2005
-# Released under the GNU GPL
-
-package header;
-use strict;
-
-sub _add_define_section($)
-{
- my $DEFINE = shift;
- my $output = "";
-
- $output .= "
-/* $DEFINE->{COMMENT} */
-#define $DEFINE->{KEY} $DEFINE->{VAL}
-";
-
- return $output;
-}
-
-sub _prepare_build_h($)
-{
- my $depend = shift;
- my @defines = ();
- my $output = "";
-
- foreach my $key (values %$depend) {
- my $DEFINE = ();
- next if ($key->{TYPE} ne "LIBRARY" and
- $key->{TYPE} ne "MODULE" and
- $key->{TYPE} ne "SUBSYSTEM" and
- $key->{TYPE} ne "BINARY");
- next unless defined($key->{INIT_FUNCTIONS});
-
- my $name = $key->{NAME};
- $name =~ s/-/_/g;
- $DEFINE->{COMMENT} = "$key->{TYPE} $key->{NAME} INIT";
- $DEFINE->{KEY} = "STATIC_$name\_MODULES";
- $DEFINE->{VAL} = "\\\n";
- foreach (@{$key->{INIT_FUNCTIONS}}) {
- $DEFINE->{VAL} .= "\t$_, \\\n";
- }
-
- die("Invalid sentinel") unless ($key->{INIT_FUNCTION_SENTINEL});
- $DEFINE->{VAL} .= "\t$key->{INIT_FUNCTION_SENTINEL} \n";
-
- push(@defines,$DEFINE);
- }
-
- #
- # loop over all BUILD_H define sections
- #
- foreach (@defines) { $output .= _add_define_section($_); }
-
- return $output;
-}
-
-###########################################################
-# This function creates include/build.h from the SMB_BUILD
-# context
-#
-# create_build_h($SMB_BUILD_CTX)
-#
-# $SMB_BUILD_CTX - the global SMB_BUILD context
-#
-# $output - the resulting output buffer
-sub create_smb_build_h($$)
-{
- my ($CTX, $file) = @_;
-
- open(BUILD_H,">$file") || die ("Can't open `$file'\n");
- print BUILD_H "/* autogenerated by build/smb_build/main.pl */\n";
- print BUILD_H _prepare_build_h($CTX);
- close(BUILD_H);
-
- print __FILE__.": creating $file\n";
-}
-
-1;
unless (defined($mod->{INIT_FUNCTION_SENTINEL})) { $mod->{INIT_FUNCTION_SENTINEL} = "NULL"; }
if (not defined($mod->{OUTPUT_TYPE})) {
- if (not defined($INPUT->{$mod->{SUBSYSTEM}}->{TYPE})) {
- die("Invalid type for subsystem $mod->{SUBSYSTEM}");
- }
- if ($INPUT->{$mod->{SUBSYSTEM}}->{TYPE} eq "EXT_LIB") {
+ if ((not defined($INPUT->{$mod->{SUBSYSTEM}}->{TYPE})) or
+ $INPUT->{$mod->{SUBSYSTEM}}->{TYPE} eq "EXT_LIB") {
$mod->{OUTPUT_TYPE} = undef;
} else {
$mod->{OUTPUT_TYPE} = $default_ot;
$python->{INSTALLDIR} = "PYTHONDIR";
unless (defined($python->{CFLAGS})) { $python->{CFLAGS} = []; }
- if (defined($python->{SWIG_FILE})) {
- my $dirname = dirname($python->{SWIG_FILE});
- my $basename = basename($python->{SWIG_FILE}, ".i");
-
- $dirname .= "/" unless $dirname =~ /\/$/;
- $dirname = "" if $dirname eq "./";
-
- $python->{LIBRARY_REALNAME} = "_$basename.\$(SHLIBEXT)";
- $python->{PYTHON_FILES} = ["$dirname$basename.py"];
- push (@{$python->{CFLAGS}}, "\$(CFLAG_NO_UNUSED_MACROS)");
- push (@{$python->{CFLAGS}}, "\$(CFLAG_NO_CAST_QUAL)");
- $python->{INIT_FUNCTION} = "{ (char *)\"_$basename\", init_$basename }";
- } else {
- my $basename = $python->{NAME};
- $basename =~ s/^python_//g;
+ my $basename = $python->{NAME};
+ $basename =~ s/^python_//g;
+ unless (defined($python->{LIBRARY_REALNAME})) {
$python->{LIBRARY_REALNAME} = "$basename.\$(SHLIBEXT)";
- $python->{INIT_FUNCTION} = "{ (char *)\"$basename\", init$basename }";
}
+ $python->{INIT_FUNCTION} = "{ (char *)\"$basename\", init$basename }";
push (@{$python->{CFLAGS}}, "\$(EXT_LIB_PYTHON_CFLAGS)");
$python->{SUBSYSTEM} = "LIBPYTHON";
return if ($bin->{ENABLE} ne "YES");
($bin->{BINARY} = (lc $bin->{NAME})) if not defined($bin->{BINARY});
+ unless (defined($bin->{INIT_FUNCTION_SENTINEL})) { $bin->{INIT_FUNCTION_SENTINEL} = "NULL"; }
+ unless (defined($bin->{INIT_FUNCTION_TYPE})) { $bin->{INIT_FUNCTION_TYPE} = "NTSTATUS (*) (void)"; }
$bin->{OUTPUT_TYPE} = ["BINARY"];
add_libreplace($bin);
{
my ($INPUT, $n) = @_;
- $INPUT->{$n} = {
- TYPE => "MAKE_RULE",
- NAME => $n,
- OUTPUT_TYPE => undef,
- LIBS => ["\$(".uc($n)."_LIBS)"],
- LDFLAGS => ["\$(".uc($n)."_LDFLAGS)"],
- CFLAGS => ["\$(".uc($n)."_CFLAGS)"],
- CPPFLAGS => ["\$(".uc($n)."_CPPFLAGS)"]
- };
+ $INPUT->{$n}->{TYPE} = "MAKE_RULE";
+ $INPUT->{$n}->{NAME} = $n;
+ $INPUT->{$n}->{OUTPUT_TYPE} = undef;
+ $INPUT->{$n}->{LIBS} = ["\$(".uc($n)."_LIBS)"];
+ $INPUT->{$n}->{LDFLAGS} = ["\$(".uc($n)."_LDFLAGS)"];
+ $INPUT->{$n}->{CFLAGS} = ["\$(".uc($n)."_CFLAGS)"];
+ $INPUT->{$n}->{CPPFLAGS} = ["\$(".uc($n)."_CPPFLAGS)"];
}
sub calc_unique_deps($$$$$$$$)
my ($name, $INPUT, $deps, $udeps, $withlibs, $forward, $pubonly, $busy) = @_;
foreach my $n (@$deps) {
- add_implicit($INPUT, $n) unless (defined($INPUT->{$n}));
+ add_implicit($INPUT, $n) unless (defined($INPUT->{$n}) and defined($INPUT->{$n}->{TYPE}));
my $dep = $INPUT->{$n};
if (grep (/^$n$/, @$busy)) {
next if (@{$dep->{OUTPUT_TYPE}}[0] eq "MERGED_OBJ");
}
next if (grep /^$n$/, @$udeps);
- push (@{$udeps}, $dep->{NAME}) if $forward;
+ push (@{$udeps}, $n) if $forward;
if (defined ($dep->{OUTPUT_TYPE}) &&
($withlibs or
(@{$dep->{OUTPUT_TYPE}}[0] eq "MERGED_OBJ") or
(@{$dep->{OUTPUT_TYPE}}[0] eq "STATIC_LIBRARY"))) {
- push (@$busy, $dep->{NAME});
- calc_unique_deps($dep->{NAME}, $INPUT, $dep->{PUBLIC_DEPENDENCIES}, $udeps, $withlibs, $forward, $pubonly, $busy);
- calc_unique_deps($dep->{NAME}, $INPUT, $dep->{PRIVATE_DEPENDENCIES}, $udeps, $withlibs, $forward, $pubonly, $busy) unless $pubonly;
+ push (@$busy, $n);
+ calc_unique_deps($n, $INPUT, $dep->{PUBLIC_DEPENDENCIES}, $udeps, $withlibs, $forward, $pubonly, $busy);
+ calc_unique_deps($n, $INPUT, $dep->{PRIVATE_DEPENDENCIES}, $udeps, $withlibs, $forward, $pubonly, $busy) unless $pubonly;
pop (@$busy);
}
- unshift (@{$udeps}, $dep->{NAME}) unless $forward;
+ unshift (@{$udeps}, $n) unless $forward;
}
}
# Released under the GNU GPL
use smb_build::makefile;
-use smb_build::header;
use smb_build::input;
use smb_build::config_mk;
use smb_build::output;
use smb_build::summary;
use smb_build::config;
+use Getopt::Long;
use strict;
+my $output_file = "data.mk";
+
+my $result = GetOptions (
+ 'output=s' => \$output_file);
+
+if (not $result) {
+ exit(1);
+}
+
+my $input_file = shift @ARGV;
+
my $INPUT = {};
-my $mkfile = smb_build::config_mk::run_config_mk($INPUT, $config::config{srcdir}, $config::config{builddir}, "main.mk");
+my $mkfile = smb_build::config_mk::run_config_mk($INPUT, $config::config{srcdir}, $config::config{builddir}, $input_file);
my $subsys_output_type = ["MERGED_OBJ"];
my $shared_libs_used = 0;
foreach my $key (values %$OUTPUT) {
+ next if ($key->{ENABLE} ne "YES");
push(@{$mkenv->{all_objs}}, "\$($key->{NAME}_OBJ_FILES)");
}
foreach my $key (values %$OUTPUT) {
next unless defined $key->{OUTPUT_TYPE};
+ $mkenv->StaticLibraryPrimitives($key) if grep(/STATIC_LIBRARY/, @{$key->{OUTPUT_TYPE}});
$mkenv->MergedObj($key) if grep(/MERGED_OBJ/, @{$key->{OUTPUT_TYPE}});
- $mkenv->StaticLibraryPrimitives($key) if grep(/STATIC_LIBRARY/, @{$key->{OUTPUT_TYPE}});
- if (defined($key->{PC_FILE})) {
- $mkenv->output("PC_FILES += $key->{BASEDIR}/$key->{PC_FILE}\n");
- }
$mkenv->SharedLibraryPrimitives($key) if ($key->{TYPE} eq "LIBRARY") and
grep(/SHARED_LIBRARY/, @{$key->{OUTPUT_TYPE}});
if ($key->{TYPE} eq "LIBRARY" and
${$key->{OUTPUT_TYPE}}[0] eq "SHARED_LIBRARY") {
$shared_libs_used = 1;
}
- $mkenv->SharedModulePrimitives($key) if ($key->{TYPE} eq "MODULE" or
- $key->{TYPE} eq "PYTHON") and
- grep(/SHARED_LIBRARY/, @{$key->{OUTPUT_TYPE}});
- $mkenv->PythonFiles($key) if defined($key->{PYTHON_FILES});
+ if ($key->{TYPE} eq "MODULE" and @{$key->{OUTPUT_TYPE}}[0] eq "MERGED_OBJ" and defined($key->{INIT_FUNCTION})) {
+ $mkenv->output("$key->{SUBSYSTEM}_INIT_FUNCTIONS += $key->{INIT_FUNCTION},\n");
+ }
$mkenv->CFlags($key);
}
$mkenv->SharedLibrary($key) if ($key->{TYPE} eq "LIBRARY") and
grep(/SHARED_LIBRARY/, @{$key->{OUTPUT_TYPE}});
- $mkenv->SharedModule($key) if ($key->{TYPE} eq "MODULE" or
- $key->{TYPE} eq "PYTHON") and
- grep(/SHARED_LIBRARY/, @{$key->{OUTPUT_TYPE}});
+ $mkenv->SharedModule($key) if ($key->{TYPE} eq "MODULE" and
+ grep(/SHARED_LIBRARY/, @{$key->{OUTPUT_TYPE}}));
+ $mkenv->PythonModule($key) if ($key->{TYPE} eq "PYTHON");
$mkenv->Binary($key) if grep(/BINARY/, @{$key->{OUTPUT_TYPE}});
- $mkenv->ProtoHeader($key) if defined($key->{PRIVATE_PROTO_HEADER});
+ $mkenv->InitFunctions($key) if defined($key->{INIT_FUNCTIONS});
}
-$mkenv->write("data.mk");
-header::create_smb_build_h($OUTPUT, "include/build.h");
+$mkenv->write($output_file);
summary::show($OUTPUT, \%config::config);
push (@tmp, $_);
}
- $self->output("
-ifneq (\$(MAKECMDGOALS),clean)
-ifneq (\$(MAKECMDGOALS),distclean)
-ifneq (\$(MAKECMDGOALS),realdistclean)
-");
$self->output("MK_FILES = " . array2oneperline(\@tmp) . "\n");
- $self->output("
-endif
-endif
-endif
-");
}
sub array2oneperline($)
$self->output("$ctx->{NAME}_$var =$tmplist\n");
}
-sub SharedModulePrimitives($$)
+sub PythonModule($$)
{
my ($self,$ctx) = @_;
-
- #FIXME
+
+ $self->_prepare_list($ctx, "FULL_OBJ_LIST");
+ $self->_prepare_list($ctx, "DEPEND_LIST");
+ $self->_prepare_list($ctx, "LINK_FLAGS");
+
+ $self->output("\$(eval \$(call python_c_module_template,$ctx->{LIBRARY_REALNAME},\$($ctx->{NAME}_DEPEND_LIST) \$($ctx->{NAME}_FULL_OBJ_LIST), \$($ctx->{NAME}\_FULL_OBJ_LIST) \$($ctx->{NAME}_LINK_FLAGS)))\n");
}
sub SharedModule($$)
{
my ($self,$ctx) = @_;
- my $init_obj = "";
-
my $sane_subsystem = lc($ctx->{SUBSYSTEM});
$sane_subsystem =~ s/^lib//;
- if ($ctx->{TYPE} eq "PYTHON") {
- $self->output("PYTHON_DSOS += $ctx->{SHAREDDIR}/$ctx->{LIBRARY_REALNAME}\n");
- } else {
- $self->output("PLUGINS += $ctx->{SHAREDDIR}/$ctx->{LIBRARY_REALNAME}\n");
- $self->output("installplugins:: $ctx->{SHAREDDIR}/$ctx->{LIBRARY_REALNAME}\n");
- $self->output("\t\@echo Installing $ctx->{SHAREDDIR}/$ctx->{LIBRARY_REALNAME} as \$(DESTDIR)\$(modulesdir)/$sane_subsystem/$ctx->{LIBRARY_REALNAME}\n");
- $self->output("\t\@mkdir -p \$(DESTDIR)\$(modulesdir)/$sane_subsystem/\n");
- $self->output("\t\@cp $ctx->{SHAREDDIR}/$ctx->{LIBRARY_REALNAME} \$(DESTDIR)\$(modulesdir)/$sane_subsystem/$ctx->{LIBRARY_REALNAME}\n");
- if (defined($ctx->{ALIASES})) {
- foreach (@{$ctx->{ALIASES}}) {
- $self->output("\t\@rm -f \$(DESTDIR)\$(modulesdir)/$sane_subsystem/$_.\$(SHLIBEXT)\n");
- $self->output("\t\@ln -fs $ctx->{LIBRARY_REALNAME} \$(DESTDIR)\$(modulesdir)/$sane_subsystem/$_.\$(SHLIBEXT)\n");
- }
- }
-
- $self->output("uninstallplugins::\n");
- $self->output("\t\@echo Uninstalling \$(DESTDIR)\$(modulesdir)/$sane_subsystem/$ctx->{LIBRARY_REALNAME}\n");
- $self->output("\t\@-rm \$(DESTDIR)\$(modulesdir)/$sane_subsystem/$ctx->{LIBRARY_REALNAME}\n");
-
- if (defined($ctx->{ALIASES})) {
- foreach (@{$ctx->{ALIASES}}) {
- $self->output("\t\@-rm \$(DESTDIR)\$(modulesdir)/$sane_subsystem/$_.\$(SHLIBEXT)\n");
- }
- }
- }
+ $self->output("PLUGINS += $ctx->{SHAREDDIR}/$ctx->{LIBRARY_REALNAME}\n");
+ $self->output("\$(eval \$(call shared_module_install_template,$sane_subsystem,$ctx->{LIBRARY_REALNAME}))\n");
- $self->output("$ctx->{NAME}_OUTPUT = $ctx->{OUTPUT}\n");
$self->_prepare_list($ctx, "FULL_OBJ_LIST");
$self->_prepare_list($ctx, "DEPEND_LIST");
$self->_prepare_list($ctx, "LINK_FLAGS");
- if (defined($ctx->{INIT_FUNCTION}) and $ctx->{TYPE} ne "PYTHON" and
- $ctx->{INIT_FUNCTION_TYPE} =~ /\(\*\)/) {
<
git.samba.org / ira / wip.git / commitdiff