vlendec/samba-autobuild/.git
2 years agos3-printing: add spoolss_get_short_filesys_environment function.
Günther Deschner [Thu, 8 Sep 2016 19:23:54 +0000 (21:23 +0200)]
s3-printing: add spoolss_get_short_filesys_environment function.

Note this is different from "get_short_archi" and reflects what windows uses
internally.

Guenther

Signed-off-by: Guenther Deschner <gd@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2 years agos3-printing: pre-create color and PCC directories under print$.
Günther Deschner [Fri, 2 Sep 2016 08:00:01 +0000 (10:00 +0200)]
s3-printing: pre-create color and PCC directories under print$.

Guenther

Signed-off-by: Guenther Deschner <gd@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2 years agolibsmb: Enable "cli_notify" for SMB2+
Volker Lendecke [Tue, 25 Jul 2017 10:30:47 +0000 (12:30 +0200)]
libsmb: Enable "cli_notify" for SMB2+

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Wed Jul 26 01:33:25 CEST 2017 on sn-devel-144

2 years agolibsmb: Add cli_smb2_notify
Volker Lendecke [Tue, 25 Jul 2017 10:12:02 +0000 (12:12 +0200)]
libsmb: Add cli_smb2_notify

We have to do the parsing manually. Looking at librpc/gen_ndr/ndr_notify.c we
have the following code snippet:

  size_FileName1_0 = strlen_m(r->FileName1);
  NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->FileName1,
                             size_FileName1_0, sizeof(uint16_t),
                             CH_UTF16));

which means that we take strlen_m(r->FileName1) before we pull
it off the wire. Not sure how to fix this, but that is clearly
broken pidl output. Once that is fixed, we can convert this
to ndr_pull_struct.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2 years agolibsmb: Add smb2cli_notify()
Volker Lendecke [Tue, 25 Jul 2017 10:11:37 +0000 (12:11 +0200)]
libsmb: Add smb2cli_notify()

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2 years agomessaging: Remove "struct messaging_backend"
Volker Lendecke [Wed, 5 Jul 2017 17:26:22 +0000 (19:26 +0200)]
messaging: Remove "struct messaging_backend"

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Tue Jul 25 21:35:49 CEST 2017 on sn-devel-144

2 years agomessaging: Remove messages_ctdbd.c
Volker Lendecke [Wed, 5 Jul 2017 17:24:32 +0000 (19:24 +0200)]
messaging: Remove messages_ctdbd.c

Replaced by messages_ctdb.[ch]

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
2 years agoctdb_conn: Use messaging_ctdb_connection
Volker Lendecke [Fri, 16 Jun 2017 11:00:59 +0000 (13:00 +0200)]
ctdb_conn: Use messaging_ctdb_connection

Replace messaging_ctdbd_connection

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
2 years agomessaging: Use messaging_ctdb_ref()
Volker Lendecke [Wed, 5 Jul 2017 17:20:09 +0000 (19:20 +0200)]
messaging: Use messaging_ctdb_ref()

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
2 years agomessages_ctdb: Add messaging_ctdb_connection
Volker Lendecke [Wed, 5 Jul 2017 17:13:23 +0000 (19:13 +0200)]
messages_ctdb: Add messaging_ctdb_connection

This will be the replacement for messaging_ctdbd_connection(). This does not
default to initializing messaging but panics. We just don't have correct
default arguments for messaging_init. Implicit multiple messaging and event
contexts is a bug also.

It *might* be that some tools fail due to this, but this needs fixing in
different ways. See the previous commit for smbpasswd.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
2 years agosmbpasswd: Initialize messaging for messaging_ctdb_conn
Volker Lendecke [Fri, 16 Jun 2017 13:20:39 +0000 (15:20 +0200)]
smbpasswd: Initialize messaging for messaging_ctdb_conn

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
2 years agodbwrap_ctdb: Use messaging_ctdbd_connection
Volker Lendecke [Fri, 16 Jun 2017 15:11:48 +0000 (17:11 +0200)]
dbwrap_ctdb: Use messaging_ctdbd_connection

With messages_ctdb, the global ctdb connection will change after fork.

Don't store the wrong parent connection across a fork. The alternative would
be to do a reinit on all dbwrap_ctdb databases, but that seems overkill
given that we only have one "standard" ctdb connection anyway.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
2 years agomessaging: Add messages_ctdb_ref
Volker Lendecke [Mon, 12 Jun 2017 14:50:16 +0000 (16:50 +0200)]
messaging: Add messages_ctdb_ref

Modeled after messages_dgm_ref

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
2 years agomessaging: Add messaging_ctdb_init/destroy
Volker Lendecke [Sun, 11 Jun 2017 08:45:25 +0000 (10:45 +0200)]
messaging: Add messaging_ctdb_init/destroy

This models connecting to ctdb after the dgm code. The main point
is that we should never open more than more ctdb socket for messaging.

With more than one socket, we might end up with our pid registered with
ctdb on more than one socket. This could lead to memory overconsumption
in ctdb. ctdbd will eventually throw away messages, but they will take
up space unnecessarily.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
2 years agodbwrap: Avoid dbwrap_merge_dbufs in db_ctdb_storev
Volker Lendecke [Tue, 13 Sep 2016 12:22:05 +0000 (14:22 +0200)]
dbwrap: Avoid dbwrap_merge_dbufs in db_ctdb_storev

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
2 years agomessages_ctdb: Handle async msgs for nested event contexts
Volker Lendecke [Thu, 1 Jun 2017 16:58:16 +0000 (18:58 +0200)]
messages_ctdb: Handle async msgs for nested event contexts

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
2 years agomessaging: Add messaging_ctdbd_register_tevent_context
Volker Lendecke [Thu, 8 Jun 2017 10:51:29 +0000 (12:51 +0200)]
messaging: Add messaging_ctdbd_register_tevent_context

We need to listen for the ctdb socket in nested event contexts

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
2 years agoctdbd_conn: Pass "ev" through ctdbd_socket_readable
Volker Lendecke [Thu, 1 Jun 2017 16:00:45 +0000 (18:00 +0200)]
ctdbd_conn: Pass "ev" through ctdbd_socket_readable

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
2 years agoctdbd_conn: Pass "ev" through ctdb_handle_message
Volker Lendecke [Thu, 1 Jun 2017 15:55:06 +0000 (17:55 +0200)]
ctdbd_conn: Pass "ev" through ctdb_handle_message

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
2 years agoctdbd_conn: Pass "ev" through ctdbd_msg_call_back
Volker Lendecke [Thu, 1 Jun 2017 15:49:56 +0000 (17:49 +0200)]
ctdbd_conn: Pass "ev" through ctdbd_msg_call_back

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
2 years agoctdbd_conn: Pass "ev" through ctdb connection callbacks
Volker Lendecke [Thu, 1 Jun 2017 15:45:47 +0000 (17:45 +0200)]
ctdbd_conn: Pass "ev" through ctdb connection callbacks

This prepares the same logic we've implemented in messages_dgm for clustering
that is used in 6d3c064f1a5: We need to reply for messages from ctdb in nested
event contexts properly.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
2 years agomessaging: Broadcast messages to all event contexts
Volker Lendecke [Thu, 22 Jun 2017 06:54:56 +0000 (08:54 +0200)]
messaging: Broadcast messages to all event contexts

We must give all event contexts that might be interested the chance to pick up
the message. If we send a message to ourselves via messaging_send_iov_from,
nested event contexts need to get a chance to see the message. Before this
patch only the main event context in msg_ctx got it.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
2 years agomessaging: Keep an array of event contexts registered
Volker Lendecke [Thu, 22 Jun 2017 06:34:34 +0000 (08:34 +0200)]
messaging: Keep an array of event contexts registered

This is done with an explicit reference-counting and without talloc
destructors. The code is isolated enough for now that explicit refcount
management seems simpler. This might change in the future, but for
now keep it simple.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
2 years agomessaging: Add DLIST pointers to messaging_rec
Volker Lendecke [Sat, 17 Jun 2017 06:48:35 +0000 (08:48 +0200)]
messaging: Add DLIST pointers to messaging_rec

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
2 years agomessaging: Factor out messaging_dispatch_waiters
Volker Lendecke [Sat, 17 Jun 2017 13:43:14 +0000 (15:43 +0200)]
messaging: Factor out messaging_dispatch_waiters

No real code change: This makes dispatching to non-classic receives available
for other callers.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
2 years agog_lock: remove unused functions g_lock_get() and g_lock_get_talloc()
Volker Lendecke [Tue, 18 Jul 2017 10:35:25 +0000 (12:35 +0200)]
g_lock: remove unused functions g_lock_get() and g_lock_get_talloc()

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
2 years agog_lock: Use parse_record in g_lock_dump
Volker Lendecke [Fri, 30 Jun 2017 20:09:12 +0000 (22:09 +0200)]
g_lock: Use parse_record in g_lock_dump

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
2 years agog_lock: remove unused functions g_lock_put() and g_lock_record_store()
Volker Lendecke [Tue, 18 Jul 2017 10:34:11 +0000 (12:34 +0200)]
g_lock: remove unused functions g_lock_put() and g_lock_record_store()

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
2 years agog_lock: Use dbwrap_do_locked in g_lock_write_data
Volker Lendecke [Fri, 30 Jun 2017 17:42:50 +0000 (19:42 +0200)]
g_lock: Use dbwrap_do_locked in g_lock_write_data

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
2 years agotorture3: Add verification for g_lock_retry
Volker Lendecke [Mon, 3 Jul 2017 06:09:18 +0000 (08:09 +0200)]
torture3: Add verification for g_lock_retry

During development I had a bug that would have been found early
by this

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
2 years agog_lock: Use dbwrap_do_locked in g_lock_lock_retry
Volker Lendecke [Fri, 30 Jun 2017 20:20:41 +0000 (22:20 +0200)]
g_lock: Use dbwrap_do_locked in g_lock_lock_retry

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
2 years agog_lock: Use dbwrap_do_locked for g_lock_lock
Volker Lendecke [Wed, 28 Jun 2017 18:01:34 +0000 (20:01 +0200)]
g_lock: Use dbwrap_do_locked for g_lock_lock

Don't talloc the record

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
2 years agog_lock: Avoid talloc in g_lock_trylock
Volker Lendecke [Wed, 28 Jun 2017 17:39:33 +0000 (19:39 +0200)]
g_lock: Avoid talloc in g_lock_trylock

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
2 years agog_lock: Initialize variables
Volker Lendecke [Wed, 5 Jul 2017 10:16:02 +0000 (12:16 +0200)]
g_lock: Initialize variables

gcc -O3 complains, but I think this is a false positive

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
2 years agog_lock: Implement g_lock_unlock without talloc
Volker Lendecke [Wed, 28 Jun 2017 13:39:49 +0000 (15:39 +0200)]
g_lock: Implement g_lock_unlock without talloc

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
2 years agog_lock: add "struct g_lock" without talloc
Volker Lendecke [Wed, 28 Jun 2017 11:36:53 +0000 (13:36 +0200)]
g_lock: add "struct g_lock" without talloc

Enable handing the g_lock.tdb content without having to talloc

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
2 years agog_lock: simplify g_lock_trylock
Volker Lendecke [Wed, 28 Jun 2017 17:12:36 +0000 (19:12 +0200)]
g_lock: simplify g_lock_trylock

The now mandatory talloc_realloc_array will go away soon

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
2 years agog_lock: Walk locks only once in g_lock_trylock
Volker Lendecke [Wed, 28 Jun 2017 14:21:19 +0000 (16:21 +0200)]
g_lock: Walk locks only once in g_lock_trylock

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
2 years agodbwrap_watch: Implement do_locked
Volker Lendecke [Tue, 27 Jun 2017 16:40:28 +0000 (18:40 +0200)]
dbwrap_watch: Implement do_locked

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
2 years agodbwrap_watch: Introduce dbwrap_watch_rec
Volker Lendecke [Sat, 1 Jul 2017 16:13:44 +0000 (18:13 +0200)]
dbwrap_watch: Introduce dbwrap_watch_rec

The idea is to leave the "watchers" array unparsed until it's needed. This
avoids a few talloc calls and unnecessary parsing.

Also, it deletes quite a few lines of code and .text bytes.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
2 years agodbwrap_tdb: Implement do_locked
Volker Lendecke [Tue, 27 Jun 2017 06:25:03 +0000 (08:25 +0200)]
dbwrap_tdb: Implement do_locked

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
2 years agotorture3: Test dbwrap_do_locked
Volker Lendecke [Tue, 27 Jun 2017 06:25:36 +0000 (08:25 +0200)]
torture3: Test dbwrap_do_locked

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
2 years agodbwrap: Add dbwrap_do_locked
Volker Lendecke [Wed, 9 Nov 2016 07:45:59 +0000 (08:45 +0100)]
dbwrap: Add dbwrap_do_locked

With a proper implementation this enables modifications without
having to allocate a record. In really performance sensitive code
paths this matters.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
2 years agodbwrap: Factor out the core dbwrap lock order logic
Volker Lendecke [Thu, 20 Jul 2017 14:31:14 +0000 (16:31 +0200)]
dbwrap: Factor out the core dbwrap lock order logic

This will allow dbwrap_do_locked to check the order without talloc

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
2 years agodbwrap: Add dbwrap_record_storev
Volker Lendecke [Tue, 13 Sep 2016 10:25:14 +0000 (12:25 +0200)]
dbwrap: Add dbwrap_record_storev

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
2 years agodbwrap: Convert backend store to storev
Volker Lendecke [Mon, 12 Sep 2016 15:30:55 +0000 (17:30 +0200)]
dbwrap: Convert backend store to storev

Convert all implementors of dbwrap_store to a storev-style call
by using the dbwrap_merge_dbufs call

For dbwrap_tdb, this matches tdb_storev.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
2 years agodbwrap: Add dbwrap_merge_dbufs
Volker Lendecke [Mon, 12 Sep 2016 15:11:09 +0000 (17:11 +0200)]
dbwrap: Add dbwrap_merge_dbufs

Transitional code to implement dbwrap_record_storev

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
2 years agotorture: Add local-g-lock-ping-pong
Volker Lendecke [Mon, 22 May 2017 19:55:11 +0000 (21:55 +0200)]
torture: Add local-g-lock-ping-pong

This is similar to the ctdb ping_pong test.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
2 years agos3: torture: Add a test for cli_setpathinfo_basic() to smbtorture3.
Jeremy Allison [Fri, 21 Jul 2017 22:11:08 +0000 (15:11 -0700)]
s3: torture: Add a test for cli_setpathinfo_basic() to smbtorture3.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12913

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
2 years agos3: libsmb: Implement cli_smb2_setatr() by calling cli_smb2_setpathinfo().
Jeremy Allison [Fri, 21 Jul 2017 19:46:23 +0000 (12:46 -0700)]
s3: libsmb: Implement cli_smb2_setatr() by calling cli_smb2_setpathinfo().

This removes duplicate code paths and ensures we have only one
function calling the underlying smb2cli_set_info() for setting
info levels by path.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12913

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
2 years agos3: libsmb: Add cli_smb2_setpathinfo(), to be called by cli_setpathinfo_basic().
Jeremy Allison [Fri, 21 Jul 2017 19:41:11 +0000 (12:41 -0700)]
s3: libsmb: Add cli_smb2_setpathinfo(), to be called by cli_setpathinfo_basic().

Fix to prevent libsmbclient from accidently making SMB1 calls inside an SMB2
connection.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12913

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
2 years agos3: libsmbclient: Fix cli_setpathinfo_basic() to treat mode == -1 as no change.
Jeremy Allison [Fri, 21 Jul 2017 16:56:45 +0000 (09:56 -0700)]
s3: libsmbclient: Fix cli_setpathinfo_basic() to treat mode == -1 as no change.

This is only called from SMBC_setatr(), so bring it into line with
the specification for that function.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12913

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
2 years agoauth/gensec: finally remove unused gensec_update_ev()
Stefan Metzmacher [Wed, 14 Jun 2017 22:05:29 +0000 (00:05 +0200)]
auth/gensec: finally remove unused gensec_update_ev()

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Tue Jul 25 17:42:55 CEST 2017 on sn-devel-144

2 years agoauth/gensec: don't allow gensec_update[_ev] to be called on a subcontext
Stefan Metzmacher [Thu, 11 May 2017 12:22:27 +0000 (14:22 +0200)]
auth/gensec: don't allow gensec_update[_ev] to be called on a subcontext

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2 years agoauth/gensec: make use of gensec_update_send/recv in gensec_update_ev()
Stefan Metzmacher [Thu, 11 May 2017 11:16:16 +0000 (13:16 +0200)]
auth/gensec: make use of gensec_update_send/recv in gensec_update_ev()

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2 years agos4:lib/http: rewrite http_send_auth_request_*() using gensec_update_send/recv
Stefan Metzmacher [Thu, 11 May 2017 13:34:08 +0000 (15:34 +0200)]
s4:lib/http: rewrite http_send_auth_request_*() using gensec_update_send/recv

The new logic makes it much clearer that we have a loop of

gensec_update_send()
gensec_update_recv()
http_send_request_send()
http_send_request_recv()
http_read_response_send()
http_read_response_recv()

Until the local gensec and the server are ready.

I've tested this against Windows 2008R2 like this:

bin/smbtorture \
  -W BLA --realm=BLA.BASE \
  -s /dev/null -Uadministrator%A1b2C3d4 \
  ncacn_http:w2k8r2-219[593,RpcProxy=w2k8r2-219.bla.base,HttpUseTls=false,HttpAuthOption=basic] \
  rpc.epmapper.epmapper.Lookup_simple \

and:

bin/smbtorture \
  -W BLA --realm=BLA.BASE \
  -s /dev/null -Uadministrator%A1b2C3d4 \
  ncacn_http:w2k8r2-219[593,RpcProxy=w2k8r2-219.bla.base,HttpUseTls=false,HttpAuthOption=ntlm] \
  rpc.epmapper.epmapper.Lookup_simple \

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2 years agoauth/gensec: introduce gensec_security_ops.glue in order to avoid depending on GENSEC...
Stefan Metzmacher [Thu, 20 Jul 2017 21:28:51 +0000 (23:28 +0200)]
auth/gensec: introduce gensec_security_ops.glue in order to avoid depending on GENSEC_OID_SPNEGO being special

In future we have get more backends that can negotiate other backends,
we should keep all of them even if we require kerberos.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2 years agoauth/gensec: add some useful debugging to gensec_update_send/gensec_update_done
Stefan Metzmacher [Thu, 20 Jul 2017 13:42:58 +0000 (15:42 +0200)]
auth/gensec: add some useful debugging to gensec_update_send/gensec_update_done

This makes it easier to spot problems with all the abstraction and async layers.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2 years agoauth/spnego: Use talloc_get_type_abort() in gsensec_spnego_update_out()
Andreas Schneider [Wed, 19 Jul 2017 09:05:32 +0000 (11:05 +0200)]
auth/spnego: Use talloc_get_type_abort() in gsensec_spnego_update_out()

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2 years agoauth/spnego: Use talloc_get_type_abort() in gsensec_spnego_update_in()
Andreas Schneider [Wed, 19 Jul 2017 09:02:39 +0000 (11:02 +0200)]
auth/spnego: Use talloc_get_type_abort() in gsensec_spnego_update_in()

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2 years agoauth/spnego: Rename gensec_spnego_update_sub_abort()
Andreas Schneider [Wed, 19 Jul 2017 08:53:30 +0000 (10:53 +0200)]
auth/spnego: Rename gensec_spnego_update_sub_abort()

The name is not ideal as someone might think we will panic and abort the
process. So rename it to gensec_spnego_reset_sub_sec().

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2 years agoauth/spnego: replace gensec_spnego_neg_loop() by real async processing of {start...
Stefan Metzmacher [Wed, 14 Jun 2017 09:01:23 +0000 (11:01 +0200)]
auth/spnego: replace gensec_spnego_neg_loop() by real async processing of {start,step,finish}_fn()

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2 years agoauth/spnego: split gensec_spnego_server_negTokenTarg() into subfunctions
Stefan Metzmacher [Wed, 14 Jun 2017 13:40:41 +0000 (15:40 +0200)]
auth/spnego: split gensec_spnego_server_negTokenTarg() into subfunctions

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2 years agoauth/spnego: split gensec_spnego_server_negTokenInit() into subfunctions
Stefan Metzmacher [Wed, 14 Jun 2017 13:22:57 +0000 (15:22 +0200)]
auth/spnego: split gensec_spnego_server_negTokenInit() into subfunctions

Check with git show -U15

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2 years agoauth/spnego: split gensec_spnego_client_negTokenTarg() into subfunctions
Stefan Metzmacher [Wed, 14 Jun 2017 11:56:02 +0000 (13:56 +0200)]
auth/spnego: split gensec_spnego_client_negTokenTarg() into subfunctions

Check with git show -U15

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2 years agoauth/spnego: split gensec_spnego_client_negTokenInit() into subfunctions
Stefan Metzmacher [Wed, 14 Jun 2017 10:59:43 +0000 (12:59 +0200)]
auth/spnego: split gensec_spnego_client_negTokenInit() into subfunctions

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2 years agoauth/spnego: split gensec_spnego_create_negTokenInit() into subfunctions
Stefan Metzmacher [Tue, 13 Jun 2017 23:52:09 +0000 (01:52 +0200)]
auth/spnego: split gensec_spnego_create_negTokenInit() into subfunctions

This adds and uses the gensec_spnego_neg_loop() abstraction, which
abstracts start, step and finish hooks.

The start hook does the initial processing on the incoming paket and
may start the first possible subcontext. It indicates that
gensec_update() is required on the subcontext by returning
NT_STATUS_MORE_PROCESSING_REQUIRED and return something useful in
'in_next'. Note that 'in_mem_ctx' is just passed as a hint, the
caller should treat 'in_next' as const and don't attempt to free the
content.  NT_STATUS_OK indicates the finish hook should be invoked
directly withing the need of gensec_update() on the subcontext.
Every other error indicates an error that's returned to the caller.

The step hook processes the result of a failed gensec_update() and
can decide to ignore a failure or continue the negotiation by
setting up the next possible subcontext. It indicates that
gensec_update() is required on the subcontext by returning
NT_STATUS_MORE_PROCESSING_REQUIRED and return something useful in
'in_next'. Note that 'in_mem_ctx' is just passed as a hint, the
caller should treat 'in_next' as const and don't attempt to free the
content.  NT_STATUS_OK indicates the finish hook should be invoced
directly withing the need of gensec_update() on the subcontext.
Every other error indicated an error that's returned to the caller.

The finish hook processes the result of a successful gensec_update()
(NT_STATUS_OK or NT_STATUS_MORE_PROCESSING_REQUIRED). It forms the
response pdu that will be returned from the toplevel gensec_update()
together with NT_STATUS_OK or NT_STATUS_MORE_PROCESSING_REQUIRED. It
may also alter the state machine to prepare receiving the next pdu
from the peer.

This is the start of using this abstraction for the initial client or server
start with on empty input token from the peer.

This abstraction will be applied to all four other spnego states,
gensec_spnego_{client,server}_negToken{Init,Targ}() in the following
commits.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2 years agoauth/spnego: don't produce an output token for errors in gensec_spnego_server_response()
Stefan Metzmacher [Mon, 17 Jul 2017 20:00:10 +0000 (22:00 +0200)]
auth/spnego: don't produce an output token for errors in gensec_spnego_server_response()

gensec_spnego_server_response() is never called with a fatal error anymore.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2 years agoauth/spnego: don't call gensec_spnego_server_response() with a fatal error
Stefan Metzmacher [Mon, 17 Jul 2017 19:54:51 +0000 (21:54 +0200)]
auth/spnego: don't call gensec_spnego_server_response() with a fatal error

It doesn't make sense to produce an output token without
returning OK or MORE_PROCESSING_REQUIRED.

Even in v4-0-test we had gensec_spnego_update_wrapper()
which only passed the constructed output token to the caller
with OK or MORE_PROCESSING_REQUIRED.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2 years agoauth/spnego: generate a valid packet if gensec_spnego_client_negTokenTarg() gives...
Stefan Metzmacher [Tue, 18 Jul 2017 09:42:43 +0000 (11:42 +0200)]
auth/spnego: generate a valid packet if gensec_spnego_client_negTokenTarg() gives MORE_PROCESSING_REQUIRED

If we wait for the mechListMIC from the server we should send a valid paket
instead of an empty blob.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2 years agoauth/spnego: make sure we don't return OK without sub_sec_ready in gensec_spnego_clie...
Stefan Metzmacher [Mon, 17 Jul 2017 18:49:34 +0000 (20:49 +0200)]
auth/spnego: make sure we don't return OK without sub_sec_ready in gensec_spnego_client_negTokenTarg()

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2 years agoauth/spnego: do an early return for the success case in gensec_spnego_client_negToken...
Stefan Metzmacher [Mon, 17 Jul 2017 18:47:57 +0000 (20:47 +0200)]
auth/spnego: do an early return for the success case in gensec_spnego_client_negTokenTarg()

Check with git show -w

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2 years agoauth/spnego: use better variable names in gensec_spnego_create_negTokenInit()
Stefan Metzmacher [Thu, 13 Jul 2017 14:26:42 +0000 (16:26 +0200)]
auth/spnego: use better variable names in gensec_spnego_create_negTokenInit()

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2 years agoauth/spnego: introduce an early return in gensec_spnego_create_negTokenInit()
Stefan Metzmacher [Thu, 13 Jul 2017 14:20:59 +0000 (16:20 +0200)]
auth/spnego: introduce an early return in gensec_spnego_create_negTokenInit()

This avoids print two debug message for the same failure.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2 years agoauth/spnego: add more error checking to gensec_spnego_create_negTokenInit()
Stefan Metzmacher [Thu, 13 Jul 2017 14:16:35 +0000 (16:16 +0200)]
auth/spnego: add more error checking to gensec_spnego_create_negTokenInit()

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2 years agoauth/spnego: rename 'nt_status' to 'status' in gensec_spnego_create_negTokenInit()
Stefan Metzmacher [Thu, 13 Jul 2017 14:08:05 +0000 (16:08 +0200)]
auth/spnego: rename 'nt_status' to 'status' in gensec_spnego_create_negTokenInit()

This makes future diffs smaller.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2 years agoauth/spnego: make the debug messages in gensec_spnego_create_negTokenInit() more...
Stefan Metzmacher [Thu, 13 Jul 2017 14:05:39 +0000 (16:05 +0200)]
auth/spnego: make the debug messages in gensec_spnego_create_negTokenInit() more useful

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2 years agoauth/spnego: remove one more useless indentation level in gensec_spnego_create_negTok...
Stefan Metzmacher [Thu, 13 Jul 2017 13:49:32 +0000 (15:49 +0200)]
auth/spnego: remove one more useless indentation level in gensec_spnego_create_negTokenInit()

Check with git show -w -U20

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2 years agoauth/spnego: introduce an early goto reply: for the server in gensec_spnego_create_ne...
Stefan Metzmacher [Thu, 13 Jul 2017 13:44:53 +0000 (15:44 +0200)]
auth/spnego: introduce an early goto reply: for the server in gensec_spnego_create_negTokenInit()

This removes a useless indentation level and simplifies future patches.

Check with git show -w

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2 years agoauth/spnego: move the output generation to the end of gensec_spnego_create_negTokenInit()
Stefan Metzmacher [Thu, 13 Jul 2017 13:41:23 +0000 (15:41 +0200)]
auth/spnego: move the output generation to the end of gensec_spnego_create_negTokenInit()

This will simplify the diff of future patches.

Check with git show -w

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2 years agoauth/spnego: make the SPNEGO_FALLBACK continuation completely async
Stefan Metzmacher [Tue, 13 Jun 2017 21:43:01 +0000 (23:43 +0200)]
auth/spnego: make the SPNEGO_FALLBACK continuation completely async

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2 years agoauth/spnego: invert the fallback logic in gensec_spnego_client_negTokenInit()
Stefan Metzmacher [Thu, 13 Jul 2017 14:49:57 +0000 (16:49 +0200)]
auth/spnego: invert the fallback logic in gensec_spnego_client_negTokenInit()

We should do the return first, that will simplify further changes.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2 years agoauth/spnego: split out gensec_spnego_update_pre/post() functions
Stefan Metzmacher [Tue, 13 Jun 2017 21:43:01 +0000 (23:43 +0200)]
auth/spnego: split out gensec_spnego_update_pre/post() functions

For now we keep doing sync processing only, in future
we'll do some preprocessing before a gensec_update_send()
on the subcontext in gensec_spnego_update_pre()
and handle the the result of gensec_update_recv()
in gensec_spnego_update_post().

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2 years agoauth/spnego: inline gensec_spnego_parse_negTokenInit() into gensec_spnego_server_negT...
Stefan Metzmacher [Fri, 7 Jul 2017 09:39:39 +0000 (11:39 +0200)]
auth/spnego: inline gensec_spnego_parse_negTokenInit() into gensec_spnego_server_negTokenInit()

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2 years agoauth/spnego: remove more dead code from gensec_spnego_parse_negTokenInit()
Stefan Metzmacher [Fri, 7 Jul 2017 09:11:57 +0000 (11:11 +0200)]
auth/spnego: remove more dead code from gensec_spnego_parse_negTokenInit()

Now we finally have a logic that someone can understand while reading it.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2 years agoauth/spnego: add an early return for OK or MORE PROCESSING in gensec_spnego_parse_neg...
Stefan Metzmacher [Fri, 7 Jul 2017 09:09:59 +0000 (11:09 +0200)]
auth/spnego: add an early return for OK or MORE PROCESSING in gensec_spnego_parse_negTokenInit()

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2 years agoauth/spnego: add an early return for a hard error in gensec_spnego_parse_negTokenInit()
Stefan Metzmacher [Fri, 7 Jul 2017 09:07:41 +0000 (11:07 +0200)]
auth/spnego: add an early return for a hard error in gensec_spnego_parse_negTokenInit()

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2 years agoauth/spnego: do an early return when we downgraded the mech in gensec_spnego_parse_ne...
Stefan Metzmacher [Fri, 7 Jul 2017 09:05:39 +0000 (11:05 +0200)]
auth/spnego: do an early return when we downgraded the mech in gensec_spnego_parse_negTokenInit()

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2 years agoauth/spnego: remove one more useless indentation level from gensec_spnego_parse_negTo...
Stefan Metzmacher [Fri, 7 Jul 2017 09:03:37 +0000 (11:03 +0200)]
auth/spnego: remove one more useless indentation level from gensec_spnego_parse_negTokenInit()

Check with 'git show -w -U45' and carefully check the 'break' vs. 'continue'
changes.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2 years agoauth/spnego: remove dead code from gensec_spnego_parse_negTokenInit()
Stefan Metzmacher [Fri, 7 Jul 2017 08:57:52 +0000 (10:57 +0200)]
auth/spnego: remove dead code from gensec_spnego_parse_negTokenInit()

Check with git show -U15

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2 years agoauth/spnego: remove unused indentation level from gensec_spnego_parse_negTokenInit()
Stefan Metzmacher [Fri, 7 Jul 2017 08:54:54 +0000 (10:54 +0200)]
auth/spnego: remove unused indentation level from gensec_spnego_parse_negTokenInit()

gensec_spnego_parse_negTokenInit() is only used as server now.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2 years agoauth/spnego: inline gensec_spnego_parse_negTokenInit() client logic into gensec_spneg...
Stefan Metzmacher [Fri, 7 Jul 2017 08:11:43 +0000 (10:11 +0200)]
auth/spnego: inline gensec_spnego_parse_negTokenInit() client logic into gensec_spnego_client_negTokenInit()

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2 years agoauth/spnego: let gensec_spnego_parse_negTokenInit() require client provides mechs
Stefan Metzmacher [Fri, 7 Jul 2017 08:44:00 +0000 (10:44 +0200)]
auth/spnego: let gensec_spnego_parse_negTokenInit() require client provides mechs

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2 years agoauth/spnego: inline gensec_spnego_update_server() into gensec_spnego_update_send()
Stefan Metzmacher [Fri, 7 Jul 2017 07:22:25 +0000 (09:22 +0200)]
auth/spnego: inline gensec_spnego_update_server() into gensec_spnego_update_send()

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2 years agoauth/spnego: inline gensec_spnego_update_client() into gensec_spnego_update_send()
Stefan Metzmacher [Fri, 7 Jul 2017 07:22:25 +0000 (09:22 +0200)]
auth/spnego: inline gensec_spnego_update_client() into gensec_spnego_update_send()

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2 years agoauth/spnego: split out a gensec_spnego_server_negTokenTarg() function
Stefan Metzmacher [Fri, 7 Jul 2017 07:18:18 +0000 (09:18 +0200)]
auth/spnego: split out a gensec_spnego_server_negTokenTarg() function

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2 years agoauth/spnego: introduce a 'struct spnego_negTokenTarg *ta' helper variable in gensec_s...
Stefan Metzmacher [Fri, 7 Jul 2017 07:05:29 +0000 (09:05 +0200)]
auth/spnego: introduce a 'struct spnego_negTokenTarg *ta' helper variable in gensec_spnego_update_server()

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2 years agoauth/spnego: split out a gensec_spnego_client_negTokenTarg() function
Stefan Metzmacher [Fri, 7 Jul 2017 07:01:18 +0000 (09:01 +0200)]
auth/spnego: split out a gensec_spnego_client_negTokenTarg() function

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2 years agoauth/spnego: make more use of the 'ta' helper variable in gensec_spnego_update_client()
Stefan Metzmacher [Fri, 7 Jul 2017 06:42:08 +0000 (08:42 +0200)]
auth/spnego: make more use of the 'ta' helper variable in gensec_spnego_update_client()

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2 years agoauth/spnego: split out a gensec_spnego_server_negTokenInit() function.
Stefan Metzmacher [Fri, 7 Jul 2017 06:30:24 +0000 (08:30 +0200)]
auth/spnego: split out a gensec_spnego_server_negTokenInit() function.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>