Merge branch 'master' of ssh://git.samba.org/data/git/samba

9 files changed, 153 insertions, 156 deletions

diff --git a/source4/auth/auth_sam_reply.c b/source4/auth/auth_sam_reply.c
index 839553632e..dfa76234b4 100644
--- a/source4/auth/auth_sam_reply.c
+++ b/source4/auth/auth_sam_reply.c
@@ -147,3 +147,142 @@ NTSTATUS auth_convert_server_info_saminfo3(TALLOC_CTX *mem_ctx,
 	return NT_STATUS_OK;
 }	
 
+/**
+ * Make a server_info struct from the info3 returned by a domain logon 
+ */
+NTSTATUS make_server_info_netlogon_validation(TALLOC_CTX *mem_ctx,
+					      const char *account_name,
+					      uint16_t validation_level,
+					      union netr_Validation *validation,
+					      struct auth_serversupplied_info **_server_info)
+{
+	struct auth_serversupplied_info *server_info;
+	struct netr_SamBaseInfo *base = NULL;
+	int i;
+
+	switch (validation_level) {
+	case 2:
+		if (!validation || !validation->sam2) {
+			return NT_STATUS_INVALID_PARAMETER;
+		}
+		base = &validation->sam2->base;
+		break;
+	case 3:
+		if (!validation || !validation->sam3) {
+			return NT_STATUS_INVALID_PARAMETER;
+		}
+		base = &validation->sam3->base;
+		break;
+	case 6:
+		if (!validation || !validation->sam6) {
+			return NT_STATUS_INVALID_PARAMETER;
+		}
+		base = &validation->sam6->base;
+		break;
+	default:
+		return NT_STATUS_INVALID_LEVEL;
+	}
+
+	server_info = talloc(mem_ctx, struct auth_serversupplied_info);
+	NT_STATUS_HAVE_NO_MEMORY(server_info);
+
+	/*
+	   Here is where we should check the list of
+	   trusted domains, and verify that the SID 
+	   matches.
+	*/
+	server_info->account_sid = dom_sid_add_rid(server_info, base->domain_sid, base->rid);
+	NT_STATUS_HAVE_NO_MEMORY(server_info->account_sid);
+
+
+	server_info->primary_group_sid = dom_sid_add_rid(server_info, base->domain_sid, base->primary_gid);
+	NT_STATUS_HAVE_NO_MEMORY(server_info->primary_group_sid);
+
+	server_info->n_domain_groups = base->groups.count;
+	if (base->groups.count) {
+		server_info->domain_groups = talloc_array(server_info, struct dom_sid*, base->groups.count);
+		NT_STATUS_HAVE_NO_MEMORY(server_info->domain_groups);
+	} else {
+		server_info->domain_groups = NULL;
+	}
+
+	for (i = 0; i < base->groups.count; i++) {
+		server_info->domain_groups[i] = dom_sid_add_rid(server_info, base->domain_sid, base->groups.rids[i].rid);
+		NT_STATUS_HAVE_NO_MEMORY(server_info->domain_groups[i]);
+	}
+
+	/* Copy 'other' sids.  We need to do sid filtering here to
+ 	   prevent possible elevation of privileges.  See:
+
+           http://www.microsoft.com/windows2000/techinfo/administration/security/sidfilter.asp
+         */
+
+	if (validation_level == 3) {
+		struct dom_sid **dgrps = server_info->domain_groups;
+		size_t sidcount = server_info->n_domain_groups + validation->sam3->sidcount;
+		size_t n_dgrps = server_info->n_domain_groups;
+
+		if (validation->sam3->sidcount > 0) {
+			dgrps = talloc_realloc(server_info, dgrps, struct dom_sid*, sidcount);
+			NT_STATUS_HAVE_NO_MEMORY(dgrps);
+
+			for (i = 0; i < validation->sam3->sidcount; i++) {
+				dgrps[n_dgrps + i] = talloc_reference(dgrps, validation->sam3->sids[i].sid);
+			}
+		}
+
+		server_info->n_domain_groups = sidcount;
+		server_info->domain_groups = dgrps;
+
+		/* Where are the 'global' sids?... */
+	}
+
+	if (base->account_name.string) {
+		server_info->account_name = talloc_reference(server_info, base->account_name.string);
+	} else {
+		server_info->account_name = talloc_strdup(server_info, account_name);
+		NT_STATUS_HAVE_NO_MEMORY(server_info->account_name);
+	}
+
+	server_info->domain_name = talloc_reference(server_info, base->domain.string);
+	server_info->full_name = talloc_reference(server_info, base->full_name.string);
+	server_info->logon_script = talloc_reference(server_info, base->logon_script.string);
+	server_info->profile_path = talloc_reference(server_info, base->profile_path.string);
+	server_info->home_directory = talloc_reference(server_info, base->home_directory.string);
+	server_info->home_drive = talloc_reference(server_info, base->home_drive.string);
+	server_info->logon_server = talloc_reference(server_info, base->logon_server.string);
+	server_info->last_logon = base->last_logon;
+	server_info->last_logoff = base->last_logoff;
+	server_info->acct_expiry = base->acct_expiry;
+	server_info->last_password_change = base->last_password_change;
+	server_info->allow_password_change = base->allow_password_change;
+	server_info->force_password_change = base->force_password_change;
+	server_info->logon_count = base->logon_count;
+	server_info->bad_password_count = base->bad_password_count;
+	server_info->acct_flags = base->acct_flags;
+
+	server_info->authenticated = true;
+
+	/* ensure we are never given NULL session keys */
+
+	if (all_zero(base->key.key, sizeof(base->key.key))) {
+		server_info->user_session_key = data_blob(NULL, 0);
+	} else {
+		server_info->user_session_key = data_blob_talloc(server_info, base->key.key, sizeof(base->key.key));
+		NT_STATUS_HAVE_NO_MEMORY(server_info->user_session_key.data);
+	}
+
+	if (all_zero(base->LMSessKey.key, sizeof(base->LMSessKey.key))) {
+		server_info->lm_session_key = data_blob(NULL, 0);
+	} else {
+		server_info->lm_session_key = data_blob_talloc(server_info, base->LMSessKey.key, sizeof(base->LMSessKey.key));
+		NT_STATUS_HAVE_NO_MEMORY(server_info->lm_session_key.data);
+	}
+
+	ZERO_STRUCT(server_info->pac_srv_sig);
+	ZERO_STRUCT(server_info->pac_kdc_sig);
+
+	*_server_info = server_info;
+	return NT_STATUS_OK;
+}
+
diff --git a/source4/auth/gensec/gensec_krb5.c b/source4/auth/gensec/gensec_krb5.c
index 16867366a4..6c6b928917 100644
--- a/source4/auth/gensec/gensec_krb5.c
+++ b/source4/auth/gensec/gensec_krb5.c
@@ -30,7 +30,6 @@
 #include "auth/auth.h"
 #include "lib/ldb/include/ldb.h"
 #include "auth/auth_sam.h"
-#include "system/network.h"
 #include "lib/socket/socket.h"
 #include "librpc/rpc/dcerpc.h"
 #include "auth/credentials/credentials.h"
@@ -39,6 +38,7 @@
 #include "auth/gensec/gensec_proto.h"
 #include "param/param.h"
 #include "auth/session_proto.h"
+#include "auth/auth_sam_reply.h"
 
 enum GENSEC_KRB5_STATE {
 	GENSEC_KRB5_SERVER_START,
diff --git a/source4/auth/ntlm/auth_winbind.c b/source4/auth/ntlm/auth_winbind.c
index ac63b242e4..bf75ad9eca 100644
--- a/source4/auth/ntlm/auth_winbind.c
+++ b/source4/auth/ntlm/auth_winbind.c
@@ -24,7 +24,7 @@
 #include "includes.h"
 #include "auth/auth.h"
 #include "auth/ntlm/auth_proto.h"
-#include "auth/session_proto.h"
+#include "auth/auth_sam_reply.h"
 #include "nsswitch/winbind_client.h"
 #include "librpc/gen_ndr/ndr_netlogon.h"
 #include "librpc/gen_ndr/ndr_winbind.h"
diff --git a/source4/auth/session.c b/source4/auth/session.c
index 885b2b96c2..ef5646fd37 100644
--- a/source4/auth/session.c
+++ b/source4/auth/session.c
@@ -201,143 +201,3 @@ void auth_session_info_debug(int dbg_lev,
 	security_token_debug(dbg_lev, session_info->security_token);
 }
 
-/**
- * Make a server_info struct from the info3 returned by a domain logon 
- */
-_PUBLIC_ NTSTATUS make_server_info_netlogon_validation(TALLOC_CTX *mem_ctx,
-					      const char *account_name,
-					      uint16_t validation_level,
-					      union netr_Validation *validation,
-					      struct auth_serversupplied_info **_server_info)
-{
-	struct auth_serversupplied_info *server_info;
-	struct netr_SamBaseInfo *base = NULL;
-	int i;
-
-	switch (validation_level) {
-	case 2:
-		if (!validation || !validation->sam2) {
-			return NT_STATUS_INVALID_PARAMETER;
-		}
-		base = &validation->sam2->base;
-		break;
-	case 3:
-		if (!validation || !validation->sam3) {
-			return NT_STATUS_INVALID_PARAMETER;
-		}
-		base = &validation->sam3->base;
-		break;
-	case 6:
-		if (!validation || !validation->sam6) {
-			return NT_STATUS_INVALID_PARAMETER;
-		}
-		base = &validation->sam6->base;
-		break;
-	default:
-		return NT_STATUS_INVALID_LEVEL;
-	}
-
-	server_info = talloc(mem_ctx, struct auth_serversupplied_info);
-	NT_STATUS_HAVE_NO_MEMORY(server_info);
-
-	/*
-	   Here is where we should check the list of
-	   trusted domains, and verify that the SID 
-	   matches.
-	*/
-	server_info->account_sid = dom_sid_add_rid(server_info, base->domain_sid, base->rid);
-	NT_STATUS_HAVE_NO_MEMORY(server_info->account_sid);
-
-
-	server_info->primary_group_sid = dom_sid_add_rid(server_info, base->domain_sid, base->primary_gid);
-	NT_STATUS_HAVE_NO_MEMORY(server_info->primary_group_sid);
-
-	server_info->n_domain_groups = base->groups.count;
-	if (base->groups.count) {
-		server_info->domain_groups = talloc_array(server_info, struct dom_sid*, base->groups.count);
-		NT_STATUS_HAVE_NO_MEMORY(server_info->domain_groups);
-	} else {
-		server_info->domain_groups = NULL;
-	}
-
-	for (i = 0; i < base->groups.count; i++) {
-		server_info->domain_groups[i] = dom_sid_add_rid(server_info, base->domain_sid, base->groups.rids[i].rid);
-		NT_STATUS_HAVE_NO_MEMORY(server_info->domain_groups[i]);
-	}
-
-	/* Copy 'other' sids.  We need to do sid filtering here to
- 	   prevent possible elevation of privileges.  See:
-
-           http://www.microsoft.com/windows2000/techinfo/administration/security/sidfilter.asp
-         */
-
-	if (validation_level == 3) {
-		struct dom_sid **dgrps = server_info->domain_groups;
-		size_t sidcount = server_info->n_domain_groups + validation->sam3->sidcount;
-		size_t n_dgrps = server_info->n_domain_groups;
-
-		if (validation->sam3->sidcount > 0) {
-			dgrps = talloc_realloc(server_info, dgrps, struct dom_sid*, sidcount);
-			NT_STATUS_HAVE_NO_MEMORY(dgrps);
-
-			for (i = 0; i < validation->sam3->sidcount; i++) {
-				dgrps[n_dgrps + i] = talloc_reference(dgrps, validation->sam3->sids[i].sid);
-			}
-		}
-
-		server_info->n_domain_groups = sidcount;
-		server_info->domain_groups = dgrps;
-
-		/* Where are the 'global' sids?... */
-	}
-
-	if (base->account_name.string) {
-		server_info->account_name = talloc_reference(server_info, base->account_name.string);
-	} else {
-		server_info->account_name = talloc_strdup(server_info, account_name);
-		NT_STATUS_HAVE_NO_MEMORY(server_info->account_name);
-	}
-
-	server_info->domain_name = talloc_reference(server_info, base->domain.string);
-	server_info->full_name = talloc_reference(server_info, base->full_name.string);
-	server_info->logon_script = talloc_reference(server_info, base->logon_script.string);
-	server_info->profile_path = talloc_reference(server_info, base->profile_path.string);
-	server_info->home_directory = talloc_reference(server_info, base->home_directory.string);
-	server_info->home_drive = talloc_reference(server_info, base->home_drive.string);
-	server_info->logon_server = talloc_reference(server_info, base->logon_server.string);
-	server_info->last_logon = base->last_logon;
-	server_info->last_logoff = base->last_logoff;
-	server_info->acct_expiry = base->acct_expiry;
-	server_info->last_password_change = base->last_password_change;
-	server_info->allow_password_change = base->allow_password_change;
-	server_info->force_password_change = base->force_password_change;
-	server_info->logon_count = base->logon_count;
-	server_info->bad_password_count = base->bad_password_count;
-	server_info->acct_flags = base->acct_flags;
-
-	server_info->authenticated = true;
-
-	/* ensure we are never given NULL session keys */
-
-	if (all_zero(base->key.key, sizeof(base->key.key))) {
-		server_info->user_session_key = data_blob(NULL, 0);
-	} else {
-		server_info->user_session_key = data_blob_talloc(server_info, base->key.key, sizeof(base->key.key));
-		NT_STATUS_HAVE_NO_MEMORY(server_info->user_session_key.data);
-	}
-
-	if (all_zero(base->LMSessKey.key, sizeof(base->LMSessKey.key))) {
-		server_info->lm_session_key = data_blob(NULL, 0);
-	} else {
-		server_info->lm_session_key = data_blob_talloc(server_info, base->LMSessKey.key, sizeof(base->LMSessKey.key));
-		NT_STATUS_HAVE_NO_MEMORY(server_info->lm_session_key.data);
-	}
-
-	ZERO_STRUCT(server_info->pac_srv_sig);
-	ZERO_STRUCT(server_info->pac_kdc_sig);
-
-	*_server_info = server_info;
-	return NT_STATUS_OK;
-}
-
-
diff --git a/source4/auth/session.h b/source4/auth/session.h
index bdb63ec4a2..15570c4414 100644
--- a/source4/auth/session.h
+++ b/source4/auth/session.h
@@ -53,11 +53,6 @@ NTSTATUS auth_generate_session_info(TALLOC_CTX *mem_ctx,
 				    struct auth_serversupplied_info *server_info, 
 				    struct auth_session_info **_session_info) ;
 
-NTSTATUS make_server_info_netlogon_validation(TALLOC_CTX *mem_ctx,
-					      const char *account_name,
-					      uint16_t validation_level,
-					      union netr_Validation *validation,
-					      struct auth_serversupplied_info **_server_info);
 NTSTATUS auth_anonymous_session_info(TALLOC_CTX *parent_ctx, 
 				     struct tevent_context *ev_ctx,
 				     struct loadparm_context *lp_ctx,
diff --git a/source4/scripting/python/config.mk b/source4/scripting/python/config.mk
index 71432042fc..4d33ed2219 100644
--- a/source4/scripting/python/config.mk
+++ b/source4/scripting/python/config.mk
@@ -17,7 +17,7 @@ python_uuid_OBJ_FILES = $(pyscriptsrcdir)/uuidmodule.o
 
 [PYTHON::python_glue]
 LIBRARY_REALNAME = samba/glue.$(SHLIBEXT)
-PRIVATE_DEPENDENCIES = LIBNDR LIBLDB SAMDB CREDENTIALS swig_ldb python_dcerpc_misc python_dcerpc_security swig_auth
+PRIVATE_DEPENDENCIES = LIBNDR LIBLDB SAMDB CREDENTIALS pyldb python_dcerpc_misc python_dcerpc_security swig_auth
 
 python_glue_OBJ_FILES = $(pyscriptsrcdir)/pyglue.o
 
diff --git a/source4/selftest/tests.sh b/source4/selftest/tests.sh
index 56cbacbdaf..88b83631ba 100755
--- a/source4/selftest/tests.sh
+++ b/source4/selftest/tests.sh
@@ -54,10 +54,10 @@ plansmbtorturetest() {
 	plantest "$modname" "$env" $cmdline
 }
 
-bin/smbtorture -V
-
 samba4srcdir=.
 samba4bindir=$samba4srcdir/bin
+smb4torture="$samba4bindir/smbtorture${EXEEXT}"
+$smb4torture -V
 
 prefix_abs="$SELFTEST_PREFIX/s4client"
 
@@ -76,7 +76,7 @@ TORTURE_OPTIONS="$TORTURE_OPTIONS --format=subunit"
 if [ -n "$SELFTEST_QUICK" ]; then
 	TORTURE_OPTIONS="$TORTURE_OPTIONS --option=torture:quick=yes"
 fi
-smb4torture="$samba4bindir/smbtorture $TORTURE_OPTIONS"
+smb4torture="$smb4torture $TORTURE_OPTIONS"
 
 echo "OPTIONS $TORTURE_OPTIONS"
 
@@ -264,9 +264,10 @@ for t in `$smb4torture --list | grep "^LOCAL-" | xargs`; do
 	plansmbtorturetest "$t" none ncalrpc: "$*"
 done
 
-if test -f $samba4bindir/tdbtorture
+tdbtorture4="$samba4bindir/tdbtorture${EXEEXT}"
+if test -f $tdbtorture4
 then
-	plantest "tdb.stress" none $VALGRIND $samba4bindir/tdbtorture
+	plantest "tdb.stress" none $VALGRIND $tdbtorture4
 fi
 
 # Pidl tests
@@ -379,9 +380,10 @@ for env in dc member; do
 	done
 done
 
-if test -f $samba4bindir/nsstest 
+nsstest4="$samba4bindir/nsstest${EXEEXT}"
+if test -f $nsstest4
 then
-	plantest "nss.test using winbind" member $VALGRIND $samba4bindir/nsstest $samba4bindir/shared/libnss_winbind.so
+	plantest "nss.test using winbind" member $VALGRIND $nsstest4 $samba4bindir/shared/libnss_winbind.so
 fi
 
 PYTHON=/usr/bin/python
diff --git a/source4/smbd/service_named_pipe.c b/source4/smbd/service_named_pipe.c
index 02b71de7c3..e3c0908a15 100644
--- a/source4/smbd/service_named_pipe.c
+++ b/source4/smbd/service_named_pipe.c
@@ -25,6 +25,7 @@
 #include "smbd/service.h"
 #include "param/param.h"
 #include "auth/session.h"
+#include "auth/auth_sam_reply.h"
 #include "lib/stream/packet.h"
 #include "librpc/gen_ndr/ndr_named_pipe_auth.h"
 #include "system/passwd.h"
diff --git a/source4/torture/auth/pac.c b/source4/torture/auth/pac.c
index f6f2fcb498..fd54863686 100644
--- a/source4/torture/auth/pac.c
+++ b/source4/torture/auth/pac.c
@@ -28,7 +28,7 @@
 #include "samba3/samba3.h"
 #include "libcli/security/security.h"
 #include "torture/torture.h"
-#include "auth/session_proto.h"
+#include "auth/auth_sam_reply.h"
 
 static bool torture_pac_self_check(struct torture_context *tctx)
 {