Andrew Tridgell [Mon, 8 Aug 2011 22:40:17 +0000 (08:40 +1000)]
talloc: prepare for 2.0.6 release
Andrew Tridgell [Mon, 8 Aug 2011 08:24:32 +0000 (18:24 +1000)]
talloc: ensure the sibling linked list remains valid during a free
This ensures that the sibling list of a pointer doesn't become invalid
during a free operation. It is an alternative fix to the fix in
6f51a1f45bf4de062cce7a562477e8140630a53d, and avoids the problem of
trying to calculate the parent pointer early
This should fix the subtle spoolss talloc bug that Simo found
Autobuild-User: Andrew Tridgell <tridge@samba.org>
Autobuild-Date: Tue Aug 9 01:53:17 CEST 2011 on sn-devel-104
Michael Adam [Mon, 8 Aug 2011 14:31:31 +0000 (16:31 +0200)]
s3:selftest: run the net rpc registry test under "s3dc" instead "s3dc:local".
Autobuild-User: Michael Adam <obnox@samba.org>
Autobuild-Date: Mon Aug 8 19:18:41 CEST 2011 on sn-devel-104
Vicentiu Ciorbaru [Thu, 28 Jul 2011 12:39:34 +0000 (15:39 +0300)]
s3-net: Fixed a small typo in net conf function table
The description of the function net conf delincludes had a wrong
usage message: "net conf setincludes" instead of "net conf delincludes".
Signed-off-by: Michael Adam <obnox@samba.org>
Stefan Metzmacher [Mon, 8 Aug 2011 12:34:11 +0000 (14:34 +0200)]
s4:pyglue: PyArg_ParseTuple("I") requires an 'unsigned int' argument
If we pass variable references we don't get implicit casting!
metze
Autobuild-User: Stefan Metzmacher <metze@samba.org>
Autobuild-Date: Mon Aug 8 18:01:19 CEST 2011 on sn-devel-104
Stefan Metzmacher [Mon, 8 Aug 2011 12:31:40 +0000 (14:31 +0200)]
s4:py_net: PyArg_ParseTuple("i") requires an 'int' argument
If we pass variable references we don't get implicit casting!
metze
Stefan Metzmacher [Mon, 8 Aug 2011 12:30:00 +0000 (14:30 +0200)]
s4:pyregistry: PyArg_ParseTuple("z#") requires an 'int' argument instead of 'size_t'
If we pass variables by reference we don't get implicit type casting.
metze
Stefan Metzmacher [Mon, 8 Aug 2011 12:21:42 +0000 (14:21 +0200)]
s4:pycredentials: PyArg_ParseTuple("i") requires an 'int' argument.
If we pass variable references we don't get implicit casting!
metze
Stefan Metzmacher [Mon, 8 Aug 2011 12:00:31 +0000 (14:00 +0200)]
pidl:Samba4/Python: PyArg_ParseTuple with "s#" returns 'int' instead of 'size_t'
If we pass variable references we don't get implicit casting!
metze
Stefan Metzmacher [Mon, 8 Aug 2011 11:21:18 +0000 (13:21 +0200)]
pyldb: fix uninitialized memory bug in PyArg_ParseTuple() argument
"s#", &str, &len) required 'len' as 'int' not as 'Py_ssize_t'.
With Py_ssize_t the 2nd half of a 64bit Py_ssize_t, will be
uninitialized as 'int' is only 32bit.
metze
Vicentiu Ciorbaru [Wed, 3 Aug 2011 20:24:09 +0000 (23:24 +0300)]
s3-net: Fixed typo in net conf
There was a missing ']' in net conf addshare usage message.
Signed-off-by: Michael Adam <obnox@samba.org>
Autobuild-User: Michael Adam <obnox@samba.org>
Autobuild-Date: Mon Aug 8 16:44:08 CEST 2011 on sn-devel-104
Gregor Beck [Tue, 2 Aug 2011 12:52:12 +0000 (14:52 +0200)]
s3:smbconf let drop leave the smbconf key in place to match a virgin registry.tdb
Signed-off-by: Michael Adam <obnox@samba.org>
Gregor Beck [Mon, 1 Aug 2011 13:27:46 +0000 (15:27 +0200)]
s3:registry avoid updating keys which are going to be deleted in
reg_deletekey_recursive
this changes the complexity from O(n^2) to O(n) and reduces the time of
a 'net conf drop' with 10000 shares from 6min to 1.5s
Signed-off-by: Michael Adam <obnox@samba.org>
Andrew Bartlett [Fri, 29 Jul 2011 07:04:11 +0000 (17:04 +1000)]
build: Make credentials a public library for OpenChange to use
Autobuild-User: Andrew Bartlett <abartlet@samba.org>
Autobuild-Date: Mon Aug 8 14:53:53 CEST 2011 on sn-devel-104
Andrew Bartlett [Fri, 29 Jul 2011 07:03:45 +0000 (17:03 +1000)]
build: rename rpcommon to dcerpc-binding an make a public library
OpenChange needs this library.
Andrew Bartlett
Andrew Bartlett [Fri, 29 Jul 2011 07:01:38 +0000 (17:01 +1000)]
build: provide tevent-util as a public library
This is needed so that OpenChange can get at _tevent_req_nterr(), which is referenced
by generated PIDL output.
Andrew Bartlett
Andrew Bartlett [Mon, 8 Aug 2011 01:16:20 +0000 (11:16 +1000)]
s3-waf: Fix build on FreeBSD when sunacl.h is found
Autobuild-User: Andrew Bartlett <abartlet@samba.org>
Autobuild-Date: Mon Aug 8 04:34:35 CEST 2011 on sn-devel-104
Stefan Metzmacher [Sat, 6 Aug 2011 08:19:21 +0000 (10:19 +0200)]
s3:smb2_server: make sure we grant credits on async read/write operations (bug #8357)
Currently we skip, the "gone async" interim response on read and write,
this caused the aio code path to grant 0 credits to the client
in the read/write responses.
metze
Autobuild-User: Stefan Metzmacher <metze@samba.org>
Autobuild-Date: Sun Aug 7 22:23:57 CEST 2011 on sn-devel-104
Jelmer Vernooij [Sun, 7 Aug 2011 16:55:14 +0000 (18:55 +0200)]
sd_utils: Fix some formatting, add module docstring.
Autobuild-User: Jelmer Vernooij <jelmer@samba.org>
Autobuild-Date: Sun Aug 7 21:07:04 CEST 2011 on sn-devel-104
Jelmer Vernooij [Sun, 7 Aug 2011 15:17:18 +0000 (17:17 +0200)]
pyldb: Generate ABI file.
Jelmer Vernooij [Sun, 7 Aug 2011 15:08:56 +0000 (17:08 +0200)]
pyldb: Consistently use pyldb_ prefix.
Stefan Metzmacher [Fri, 5 Aug 2011 17:48:38 +0000 (19:48 +0200)]
s3:web/swat: use strtoll() instead of atoi/atol/atoll
This is more portable, as we have a strtoll replacement
in lib/replace.
metze
Autobuild-User: Stefan Metzmacher <metze@samba.org>
Autobuild-Date: Sat Aug 6 11:55:45 CEST 2011 on sn-devel-104
Stefan Metzmacher [Wed, 3 Aug 2011 07:15:11 +0000 (09:15 +0200)]
s4:netcmd/gpo.py: we don't need to set autogenerated attributes
metze
Matthieu Patou [Fri, 5 Aug 2011 20:55:52 +0000 (00:55 +0400)]
idl: We don't need a context for FRSRPC_COMM_PKT_CHUNK_CO_EXTENTION_2 and avoid colision on bop attribute
Autobuild-User: Matthieu Patou <mat@samba.org>
Autobuild-Date: Sat Aug 6 00:50:47 CEST 2011 on sn-devel-104
Matthieu Patou [Fri, 5 Aug 2011 19:14:03 +0000 (23:14 +0400)]
pidl: for wireshark use only the major of the version
Matthieu Patou [Fri, 5 Aug 2011 19:13:08 +0000 (23:13 +0400)]
pidl: For wireshark check also LIBNDR_FLAG_NOALIGN for not aligning
Matthieu Patou [Fri, 5 Aug 2011 19:11:47 +0000 (23:11 +0400)]
pidl: handle union when the switch variable is outside of the union for wireshark dissector
Matthieu Patou [Fri, 5 Aug 2011 19:07:57 +0000 (23:07 +0400)]
pidl: add subcontext handling for wireshark
Matthieu Patou [Fri, 5 Aug 2011 19:03:29 +0000 (23:03 +0400)]
pidl: If STR_NULLTERM we concider it's a string as well
Matthieu Patou [Tue, 2 Aug 2011 18:42:58 +0000 (22:42 +0400)]
pidl: handle hyper attribute for wireshark
Matthieu Patou [Tue, 2 Aug 2011 18:42:44 +0000 (22:42 +0400)]
pidl: handle datablob for wireshark generator
Matthieu Patou [Tue, 2 Aug 2011 07:56:51 +0000 (11:56 +0400)]
pidl: rpc version is a 32 bit
Matthieu Patou [Tue, 2 Aug 2011 07:56:32 +0000 (11:56 +0400)]
pidl: generate code for dissecting null terminated strings
Matthieu Patou [Tue, 2 Aug 2011 07:50:32 +0000 (11:50 +0400)]
pidl: don't expect to have quote when creating import headers
Currently the $_ didn't contains the quote anymore, in order to avoid
any further regression the cleanup of quote is done before so that if
$_ still have quotes we clean them in anycase.
Matthieu Patou [Thu, 4 Aug 2011 15:59:49 +0000 (19:59 +0400)]
s4-scripting: allow to specify the number max of iteration around getNcChanges
Stefan Metzmacher [Thu, 28 Jul 2011 12:15:15 +0000 (14:15 +0200)]
s3:rpc_transport_tstream: only use tstream_cli_np_use_trans() for sync requests
Currently the caller doesn't cope with multiple async requests anyway,
so this is just protection for the future.
metze
Autobuild-User: Stefan Metzmacher <metze@samba.org>
Autobuild-Date: Fri Aug 5 22:31:12 CEST 2011 on sn-devel-104
Volker Lendecke [Fri, 5 Aug 2011 14:19:27 +0000 (16:19 +0200)]
s3: Make srv_enc_ctx static
Autobuild-User: Volker Lendecke <vlendec@samba.org>
Autobuild-Date: Fri Aug 5 18:29:24 CEST 2011 on sn-devel-104
Volker Lendecke [Fri, 5 Aug 2011 14:14:11 +0000 (16:14 +0200)]
s3: Fix a debug message
Volker Lendecke [Fri, 5 Aug 2011 14:01:23 +0000 (16:01 +0200)]
s3: Fix some nonempty blank lines
Volker Lendecke [Fri, 5 Aug 2011 13:40:22 +0000 (15:40 +0200)]
s3: Fix "ISO C90 forbids mixed declarations and code"
Autobuild-User: Volker Lendecke <vlendec@samba.org>
Autobuild-Date: Fri Aug 5 16:58:37 CEST 2011 on sn-devel-104
Volker Lendecke [Fri, 5 Aug 2011 13:38:33 +0000 (15:38 +0200)]
s3: Fix some nonempty blank lines
Günther Deschner [Fri, 5 Aug 2011 10:25:52 +0000 (12:25 +0200)]
s3-docs: document --user-sidinfo wbinfo option.
Guenther
Autobuild-User: Günther Deschner <gd@samba.org>
Autobuild-Date: Fri Aug 5 14:06:09 CEST 2011 on sn-devel-104
Björn Jacke [Thu, 4 Aug 2011 21:47:47 +0000 (23:47 +0200)]
s3: make linking of pthreadpooltest work on more platforms
Autobuild-User: Björn Jacke <bj@sernet.de>
Autobuild-Date: Fri Aug 5 12:48:55 CEST 2011 on sn-devel-104
Björn Jacke [Thu, 4 Aug 2011 14:42:37 +0000 (16:42 +0200)]
s3/ldap: delay the ldap search alarm termination a bit
do the alarm termination of the the ldap search a bit delayed so the LDAP
server has a chance to tell us that the time limit was reached and the
search was abandoned. If the search is terminated this way we also get
the correct LDAP return code in the logs. If alarm() stops the search the ldap
search routine will report that the LDAP server is down which would trigger us
to rebind to the server needlessly which we also want to avoid.
Günther Deschner [Thu, 4 Aug 2011 15:32:22 +0000 (17:32 +0200)]
s3-nmbd: fix talloc/malloc mismatch in create_listen_pollfds().
Guenther
Autobuild-User: Günther Deschner <gd@samba.org>
Autobuild-Date: Thu Aug 4 19:06:39 CEST 2011 on sn-devel-104
Björn Jacke [Thu, 4 Aug 2011 14:25:08 +0000 (16:25 +0200)]
s3/swat: use strlcat instead of strncat to fix build on old Linux distros
SLES 9's glibc for example had weird macros where the use of strncat resulted
in the use of strcat which we don't allow.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User: Björn Jacke <bj@sernet.de>
Autobuild-Date: Thu Aug 4 17:50:24 CEST 2011 on sn-devel-104
Andreas Schneider [Wed, 3 Aug 2011 21:44:45 +0000 (23:44 +0200)]
s4-librpc: Fix double free.
Autobuild-User: Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date: Thu Aug 4 12:31:18 CEST 2011 on sn-devel-104
Andrew Tridgell [Thu, 4 Aug 2011 04:59:47 +0000 (14:59 +1000)]
s4-ldb: two DNs only match if they have the same deletion status
Autobuild-User: Andrew Tridgell <tridge@samba.org>
Autobuild-Date: Thu Aug 4 09:34:08 CEST 2011 on sn-devel-104
Andrew Tridgell [Thu, 4 Aug 2011 02:07:19 +0000 (12:07 +1000)]
talloc: check block count aftter references test
Pair-Programmed-With: Amitay Isaacs <amitay@gmail.com>
Andrew Tridgell [Wed, 3 Aug 2011 01:31:45 +0000 (11:31 +1000)]
s4-samdb: save the url in the samdb class
this is useful for debugging, so we know which database we are dealing
with
Pair-Programmed-With: Amitay Isaacs <amitay@gmail.com>
Andrew Tridgell [Tue, 2 Aug 2011 07:19:16 +0000 (17:19 +1000)]
s4-dsdb: extend the extended_dn_in module to handle DN links
this replaces DN components in incoming filter expressions with the
full extended DN of the target, which allows search expressions based
on <GUID=> and <SID=> DNs, as well as fixing the problem with one-way
links in search expressions
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
Andrew Tridgell [Tue, 2 Aug 2011 07:17:13 +0000 (17:17 +1000)]
ldb: rule_id in ldb_parse_tree should be const
this allows assignment to a constant string without allocation
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
Andrew Tridgell [Tue, 2 Aug 2011 07:16:44 +0000 (17:16 +1000)]
ldb: added a new always-fail ldap extended match OID
this is used when rewriting filter rules to replace a filter rule with
one that is guaranteed not to match
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
Andrew Tridgell [Tue, 2 Aug 2011 07:15:28 +0000 (17:15 +1000)]
ldb: changed DN matching rules to obey GUID/SID/string ordering
when matching two DNs, the GUID takes priority, then the SID, then the
string component
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
Pair-Programmed-With: Amitay Isaacs <amitay@gmail.com>
Andrew Tridgell [Mon, 1 Aug 2011 07:48:53 +0000 (17:48 +1000)]
s4-dsdb: handle search expressions containing extended DNs
this allows for searches like member=<SID=S-1-2-3>
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
Pair-Programmed-With: Amitay Isaacs <amitay@gmail.com>
Andrew Tridgell [Mon, 1 Aug 2011 07:47:34 +0000 (17:47 +1000)]
s4-dsdb: added dn_format attribute of a dsdb_attribute
this is faster than string comparisons during searches at runtime
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
Pair-Programmed-With: Amitay Isaacs <amitay@gmail.com>
Andrew Tridgell [Mon, 1 Aug 2011 03:55:58 +0000 (13:55 +1000)]
s4-dsdb: fixed outgoing one way link DNs
when we return a DN which is a one way link, fix the string DN
component by searching for the GUID and replacing the DN components
Pair-Programmed-With: Amitay Isaacs <amitay@gmail.com>
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
Andrew Tridgell [Mon, 1 Aug 2011 03:54:58 +0000 (13:54 +1000)]
s4-dsdb: setup a one_way_link attribute on schema attributes
this allows us to quickly determine if a DN is a one way link
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
Pair-Programmed-With: Amitay Isaacs <amitay@gmail.com>
Andrew Tridgell [Mon, 1 Aug 2011 02:40:24 +0000 (12:40 +1000)]
s4-dsdb: fixed a warning on dsdb_delete()
struct ldb_dn is never const
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
Pair-Programmed-With: Amitay Isaacs <amitay@gmail.com>
Andrew Tridgell [Mon, 1 Aug 2011 02:25:11 +0000 (12:25 +1000)]
s4-dsdb: make requests for STORAGE_FORMAT control non-critical
this allows us to use dsdb_module_dn_by_guid() from levels below the
extended_dn_out module
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
Pair-Programmed-With: Amitay Isaacs <amitay@gmail.com>
Andrew Tridgell [Wed, 3 Aug 2011 06:44:28 +0000 (16:44 +1000)]
ldb: added signatures for 1.1.2
Andrew Tridgell [Mon, 1 Aug 2011 02:24:38 +0000 (12:24 +1000)]
ldb: raise minor version
needed for new module function ldb_dn_replace_components()
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
Pair-Programmed-With: Amitay Isaacs <amitay@gmail.com>
Andrew Tridgell [Mon, 1 Aug 2011 07:46:39 +0000 (17:46 +1000)]
ldb: added ldb_parse_tree_walk()
this walks a ldb parse tree, calling a callback on each node
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
Pair-Programmed-With: Amitay Isaacs <amitay@gmail.com>
Andrew Tridgell [Mon, 1 Aug 2011 02:24:13 +0000 (12:24 +1000)]
ldb: added ldb_dn_replace_components()
this allows you to replace the string part of a DN with the string
part from another DN. This is useful when you want to fix a DN that
has the right GUID but the wrong string part, because the target
object has moved.
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
Pair-Programmed-With: Amitay Isaacs <amitay@gmail.com>
Andrew Bartlett [Wed, 3 Aug 2011 22:38:21 +0000 (08:38 +1000)]
s3-ntlmssp void function cannot return value
Removing the return is reasonable here because while no callers
currently specify more than one flag at a time, the
ntlmssp_want_feature code allows it.
Autobuild-User: Andrew Bartlett <abartlet@samba.org>
Autobuild-Date: Thu Aug 4 02:19:46 CEST 2011 on sn-devel-104
Volker Lendecke [Wed, 3 Aug 2011 18:12:20 +0000 (20:12 +0200)]
s3: Fix some nonempty blank lines
Autobuild-User: Volker Lendecke <vlendec@samba.org>
Autobuild-Date: Wed Aug 3 22:00:19 CEST 2011 on sn-devel-104
Günther Deschner [Wed, 3 Aug 2011 10:59:17 +0000 (12:59 +0200)]
s3-printing: fix some build warnings in queue_process.c
Guenther
Autobuild-User: Günther Deschner <gd@samba.org>
Autobuild-Date: Wed Aug 3 17:48:33 CEST 2011 on sn-devel-104
Andrew Bartlett [Tue, 2 Aug 2011 23:33:29 +0000 (09:33 +1000)]
ntlmssp: Add ntlmssp_blob_matches_magic()
This avoids having the same check in 3 different parts of the code
Andrew Bartlett
Autobuild-User: Andrew Bartlett <abartlet@samba.org>
Autobuild-Date: Wed Aug 3 12:45:04 CEST 2011 on sn-devel-104
Andrew Bartlett [Tue, 2 Aug 2011 23:26:55 +0000 (09:26 +1000)]
s3-ntlmssp Remove rudundent comment
This is explained where SESSION_KEY maps to SIGN at the NTLMSSP layer
Andrew Bartlett
Andrew Bartlett [Tue, 2 Aug 2011 13:17:02 +0000 (23:17 +1000)]
s3-ntlmssp Remove a level of nesting in if/else statement
Andrew Bartlett [Tue, 2 Aug 2011 03:17:24 +0000 (13:17 +1000)]
selftest: test plugin_s4_dc against all ncacn_np tests
Changes to the s3 epmapper behaviour seem to have fixed the rest of these
tests.
Andrew Bartlett
Andrew Bartlett [Tue, 2 Aug 2011 01:29:43 +0000 (11:29 +1000)]
s3-ntlmssp clarify session key behaviour after create_local_token() changes
Andrew Bartlett [Tue, 2 Aug 2011 01:28:51 +0000 (11:28 +1000)]
s3-ntlmssp Remove auth_ntlmssp_state_destructor, use the talloc tree instead
Andrew Bartlett [Mon, 1 Aug 2011 23:35:23 +0000 (09:35 +1000)]
ldb-samba: Explain the current behaviour of ldif_canonicalise_objectCategory
Andrew Bartlett [Mon, 1 Aug 2011 23:06:22 +0000 (09:06 +1000)]
s3-auth directly return the result of make_server_info_guest()
Andrew Bartlett [Mon, 1 Aug 2011 22:53:10 +0000 (08:53 +1000)]
s3-auth rename auth_ntlmssp_steal_session_info()
There is no longer any theft of memory as the underlying routines now
produce a new auth_session_info for this caller, allocating it
on the supplied memory context.
Andrew Bartlett
Andrew Bartlett [Fri, 29 Jul 2011 02:12:36 +0000 (12:12 +1000)]
selftest: print %U in smbclient -L output to allow testing
Andrew Bartlett [Wed, 27 Jul 2011 06:06:31 +0000 (16:06 +1000)]
s3-smbd Be consistent with %U subs on guest logins
The NTLMSSP code always specified "" as the username, and this makes
guest logins via the old-style session setup do the same.
Andrew Bartlett
Andrew Bartlett [Tue, 26 Jul 2011 06:17:30 +0000 (16:17 +1000)]
selftest: Add kerberos tests to plugin_s4_dc tests
Signed-off-by: Andrew Tridgell <tridge@samba.org>
Andrew Bartlett [Tue, 26 Jul 2011 05:11:47 +0000 (15:11 +1000)]
s3-auth use auth_generic_start to get full GENSEC in Samba3 session setup
This tests if the auth_generic_start() hook is available on the auth
context during the negprot, and if so it uses auth_generic_start() to
hook to GENSEC to handle the full SPNEGO blob.
Andrew Bartlett
Signed-off-by: Andrew Tridgell <tridge@samba.org>
Andrew Bartlett [Tue, 26 Jul 2011 04:40:33 +0000 (14:40 +1000)]
s3-auth Add function to start any GENSEC mech by OID
Signed-off-by: Andrew Tridgell <tridge@samba.org>
Andrew Bartlett [Tue, 26 Jul 2011 04:12:23 +0000 (14:12 +1000)]
s3-smbd clarify behaviour by not passing an OID that will not be used
Signed-off-by: Andrew Tridgell <tridge@samba.org>
Andrew Bartlett [Tue, 26 Jul 2011 04:11:56 +0000 (14:11 +1000)]
s3-smbd Ensure we do not read past the end of a possible NTLMSSP blob
Signed-off-by: Andrew Tridgell <tridge@samba.org>
Andrew Bartlett [Tue, 26 Jul 2011 03:46:25 +0000 (13:46 +1000)]
s3-auth clarify the role of these session keys
This comment can be clarified now the auth subsystem does not use the same
structure as the rest of the code.
Andrew Bartlett
Signed-off-by: Andrew Tridgell <tridge@samba.org>
Andrew Bartlett [Tue, 26 Jul 2011 03:43:33 +0000 (13:43 +1000)]
s3-auth remove sanitized_username from auth_serversupplied_info
This structure element was only written to, not read.
It is filled into the companion structure, auth_session_info()
by create_local_token().
Andrew Bartlett
Signed-off-by: Andrew Tridgell <tridge@samba.org>
Andrew Bartlett [Tue, 26 Jul 2011 03:37:36 +0000 (13:37 +1000)]
s3-auth set session_info->sanitized_username in create_local_token()
Rather than passing this value around the callers, and eventually
setting it in register_existing_vuid(), we simply pass it to
create_local_token(). This also removes the need for
auth_ntlmssp_get_username().
Andrew Bartlett
Signed-off-by: Andrew Tridgell <tridge@samba.org>
Andrew Bartlett [Tue, 26 Jul 2011 00:19:54 +0000 (10:19 +1000)]
s3-ntlmssp Split auth_ntlmssp_start into two functions
This helps map on to the GENSEC semantics better, and ensures that the
full set of desired features are set before the mechanism starts.
Andrew Bartlett
Signed-off-by: Andrew Tridgell <tridge@samba.org>
Andrew Bartlett [Tue, 26 Jul 2011 00:01:39 +0000 (10:01 +1000)]
s3-ntlmssp Split calls to gensec plugin into prepare and start
GENSEC has the concept of starting the GENSEC subsystem before starting the
actual mechansim. Between these two stages is when most context methods
are called, to specify credentials and features.
Andrew Bartlett
Signed-off-by: Andrew Tridgell <tridge@samba.org>
Andrew Bartlett [Mon, 25 Jul 2011 07:20:45 +0000 (17:20 +1000)]
gensec: Don't keep a second copy of the auth4_context in gensec_ntlmssp_state
The auth4_context is already in the gensec_security structure, which is
available by de-reference here anyway.
Andrew Bartlett
Signed-off-by: Andrew Tridgell <tridge@samba.org>
Andrew Bartlett [Wed, 27 Jul 2011 03:52:27 +0000 (13:52 +1000)]
s3-ntlmssp Remove auth_ntlmssp_and_flags()
There is no need to mask out these flags as they simply are not set
yet.
The correct abstraction is to ask for NTLMSSP features.
Andrew Bartlett
Signed-off-by: Andrew Tridgell <tridge@samba.org>
Andrew Bartlett [Mon, 25 Jul 2011 01:21:31 +0000 (11:21 +1000)]
s3-ntlmssp Remove rpccli_get_pwd_hash and auth_ntlmssp_get_nt_hash
The session key we want here (the only one that is availble to the
encryption layer) is the one obtained by cli_get_session_key(), as
NTLMSSP creates a per-session session key via key exchange and NTLMv2
negotiation.
The key was never directly the NT hash anyway (this is simply a
mistake, the extra MD4() was lost during my previous cleanup
f28f113d8e76824b080359c90efd9c92de533740 in 2008), but was MD4(NT
hash) in early implementations of NTLMSSP.
However, regardless this call is not available on domain trusts
between AD domains and Windows 2003 R2, making this less useful.
Andrew Bartlett
Signed-off-by: Andrew Tridgell <tridge@samba.org>
Andrew Bartlett [Fri, 22 Jul 2011 02:32:15 +0000 (12:32 +1000)]
selftest: Test encrypted RPC pipes against plugin_s4_dc
Signed-off-by: Andrew Tridgell <tridge@samba.org>
Andrew Bartlett [Thu, 21 Jul 2011 22:03:56 +0000 (08:03 +1000)]
selftest: use the s4 winbindd in plugin_s4_dc test
Signed-off-by: Andrew Tridgell <tridge@samba.org>
Andrew Bartlett [Thu, 21 Jul 2011 04:48:59 +0000 (14:48 +1000)]
s3-auth Add hook to start a GENSEC mech to auth_samba4
Signed-off-by: Andrew Tridgell <tridge@samba.org>
Andrew Bartlett [Fri, 22 Jul 2011 02:15:06 +0000 (12:15 +1000)]
s3-ntlmssp Remove auth_ntlmssp_or_flags
We now just use auth_ntlmssp_want_feature to get extra flags
on the NTLMSSP context
Andrew Bartlett
Signed-off-by: Andrew Tridgell <tridge@samba.org>
Andrew Bartlett [Fri, 22 Jul 2011 02:10:30 +0000 (12:10 +1000)]
s3-ntlmssp Remove calls to auth_ntlmssp_and_flags from the server
This is changed so that the callers ask for the additional flags
that they need, starting with no additional flags.
This helps to create a proper abstraction layer in
ntlmssp_wrap/auth_ntlmssp.
Andrew Bartlett
Signed-off-by: Andrew Tridgell <tridge@samba.org>
Andrew Bartlett [Tue, 26 Jul 2011 07:20:35 +0000 (17:20 +1000)]
s3-ntlmssp Add mem_ctx argument to auth_ntlmssp_update
This clarifies the lifetime of the returned token.
Andrew Bartlett
Signed-off-by: Andrew Tridgell <tridge@samba.org>
Andrew Bartlett [Wed, 27 Jul 2011 03:35:01 +0000 (13:35 +1000)]
s3-ntlmssp NTLMSSP sealing implies signing, so set both flags
Signed-off-by: Andrew Tridgell <tridge@samba.org>
Andrew Bartlett [Wed, 27 Jul 2011 03:34:34 +0000 (13:34 +1000)]
s3-ntlmssp Add hooks to optionally call into GENSEC in auth_ntlmssp
This allows the current behaviour of the NTLMSSP code to be unchanged
while adding a way to hook in an alternate implementation via an auth
module.
Andrew Bartlett
Signed-off-by: Andrew Tridgell <tridge@samba.org>
Andrew Bartlett [Tue, 2 Aug 2011 00:24:28 +0000 (10:24 +1000)]
s3-ntlmssp Add mem_ctx argument to auth_ntlmssp_get_session_key()