diff options
| -rw-r--r-- | source4/auth/gensec/config.mk | 2 | ||||
| -rw-r--r-- | source4/auth/ntlmssp/config.mk | 2 | ||||
| -rw-r--r-- | source4/auth/session.h | 14 | ||||
| -rw-r--r-- | source4/auth/system_session.c | 7 | ||||
| -rw-r--r-- | source4/build/make/rules.mk | 3 | ||||
| -rw-r--r-- | source4/client/client.c | 9 | ||||
| -rw-r--r-- | source4/libcli/raw/clitree.c | 5 | ||||
| -rw-r--r-- | source4/libcli/smb_composite/connect.c | 44 | ||||
| -rw-r--r-- | source4/libcli/smb_composite/sesssetup.c | 2 | ||||
| -rw-r--r-- | source4/libcli/smb_composite/smb_composite.h | 4 | ||||
| -rwxr-xr-x | source4/script/harness2subunit.pl | 6 | ||||
| -rwxr-xr-x | source4/setup/vampire.py | 53 |
12 files changed, 60 insertions, 91 deletions
diff --git a/source4/auth/gensec/config.mk b/source4/auth/gensec/config.mk index cfb3493484..8b602e75f0 100644 --- a/source4/auth/gensec/config.mk +++ b/source4/auth/gensec/config.mk @@ -20,7 +20,7 @@ PUBLIC_HEADERS += auth/gensec/gensec.h [MODULE::gensec_krb5] SUBSYSTEM = gensec INIT_FUNCTION = gensec_krb5_init -PRIVATE_DEPENDENCIES = CREDENTIALS KERBEROS auth auth_sam +PRIVATE_DEPENDENCIES = CREDENTIALS KERBEROS auth_session auth_sam # End MODULE gensec_krb5 ################################################ diff --git a/source4/auth/ntlmssp/config.mk b/source4/auth/ntlmssp/config.mk index f8e711feda..849448f5bb 100644 --- a/source4/auth/ntlmssp/config.mk +++ b/source4/auth/ntlmssp/config.mk @@ -9,7 +9,7 @@ MSRPC_PARSE_OBJ_FILES = $(addprefix auth/ntlmssp/, ntlmssp_parse.o) SUBSYSTEM = gensec INIT_FUNCTION = gensec_ntlmssp_init PRIVATE_PROTO_HEADER = proto.h -PRIVATE_DEPENDENCIES = MSRPC_PARSE CREDENTIALS +PRIVATE_DEPENDENCIES = MSRPC_PARSE CREDENTIALS auth OUTPUT_TYPE = MERGED_OBJ # End MODULE gensec_ntlmssp ################################################ diff --git a/source4/auth/session.h b/source4/auth/session.h index 9b5fba7f39..933b14a1b4 100644 --- a/source4/auth/session.h +++ b/source4/auth/session.h @@ -1,6 +1,6 @@ /* Unix SMB/CIFS implementation. - Auth session handling + Process and provide the logged on user's authorization token Copyright (C) Andrew Bartlett 2001 Copyright (C) Stefan Metzmacher 2005 @@ -30,8 +30,18 @@ struct auth_session_info { #include "librpc/gen_ndr/netlogon.h" -struct auth_session_info *system_session_anon(TALLOC_CTX *mem_ctx, struct loadparm_context *lp_ctx); +/* Create a security token for a session SYSTEM (the most + * trusted/prvilaged account), including the local machine account as + * the off-host credentials */ struct auth_session_info *system_session(TALLOC_CTX *mem_ctx, struct loadparm_context *lp_ctx) ; + +/* + * Create a system session, but with anonymous credentials (so we do + * not need to open secrets.ldb) + */ +struct auth_session_info *system_session_anon(TALLOC_CTX *mem_ctx, struct loadparm_context *lp_ctx); + + NTSTATUS auth_anonymous_server_info(TALLOC_CTX *mem_ctx, const char *netbios_name, struct auth_serversupplied_info **_server_info) ; diff --git a/source4/auth/system_session.c b/source4/auth/system_session.c index e99bbbb1ab..1d227fe468 100644 --- a/source4/auth/system_session.c +++ b/source4/auth/system_session.c @@ -147,9 +147,10 @@ static NTSTATUS generate_session_info(TALLOC_CTX *mem_ctx, -/** - Create a system session, with machine account credentials -*/ +/* Create a security token for a session SYSTEM (the most + * trusted/prvilaged account), including the local machine account as + * the off-host credentials + */ _PUBLIC_ struct auth_session_info *system_session(TALLOC_CTX *mem_ctx, struct loadparm_context *lp_ctx) { NTSTATUS nt_status; diff --git a/source4/build/make/rules.mk b/source4/build/make/rules.mk index 541fa018db..8c5b1fe6f3 100644 --- a/source4/build/make/rules.mk +++ b/source4/build/make/rules.mk @@ -212,8 +212,7 @@ include/includes.d: include/includes.h @-mkdir -p `dirname $@` @$(COMPILE) && exit 0 ; \ echo "The following command failed:" 1>&2;\ - echo "$(COMPILE)" 1>&2;\ - $(COMPILE) >/dev/null 2>&1 + echo "$(COMPILE)" 1>&2 && exit 1 diff --git a/source4/client/client.c b/source4/client/client.c index 79cc1b5382..120a80ccd2 100644 --- a/source4/client/client.c +++ b/source4/client/client.c @@ -3124,11 +3124,6 @@ static int do_message_op(const char *netbios_name, const char *desthost, const char *query_host = NULL; bool message = false; const char *desthost = NULL; -#ifdef KANJI - const char *term_code = KANJI; -#else - const char *term_code = ""; -#endif /* KANJI */ poptContext pc; const char *service = NULL; int port = 0; @@ -3148,7 +3143,6 @@ static int do_message_op(const char *netbios_name, const char *desthost, { "ip-address", 'I', POPT_ARG_STRING, NULL, 'I', "Use this IP to connect to", "IP" }, { "stderr", 'E', POPT_ARG_NONE, NULL, 'E', "Write messages to stderr instead of stdout" }, { "list", 'L', POPT_ARG_STRING, NULL, 'L', "Get a list of shares available on a host", "HOST" }, - { "terminal", 't', POPT_ARG_STRING, NULL, 't', "Terminal I/O code {sjis|euc|jis7|jis8|junet|hex}", "CODE" }, { "directory", 'D', POPT_ARG_STRING, NULL, 'D', "Start from directory", "DIR" }, { "command", 'c', POPT_ARG_STRING, &cmdstr, 'c', "Execute semicolon separated commands" }, { "send-buffer", 'b', POPT_ARG_INT, NULL, 'b', "Changes the transmit/send buffer", "BYTES" }, @@ -3190,9 +3184,6 @@ static int do_message_op(const char *netbios_name, const char *desthost, case 'L': query_host = strdup(poptGetOptArg(pc)); break; - case 't': - term_code = strdup(poptGetOptArg(pc)); - break; case 'D': base_directory = strdup(poptGetOptArg(pc)); break; diff --git a/source4/libcli/raw/clitree.c b/source4/libcli/raw/clitree.c index d5075f9271..15cd70833c 100644 --- a/source4/libcli/raw/clitree.c +++ b/source4/libcli/raw/clitree.c @@ -193,6 +193,11 @@ NTSTATUS smbcli_tree_full_connection(TALLOC_CTX *parent_ctx, io.in.service_type = service_type; io.in.credentials = credentials; io.in.fallback_to_anonymous = false; + + /* This workgroup gets sent out by the SPNEGO session setup. + * I don't know of any servers that look at it, so we might + * hardcode it to "" some day, when the war on global_loadparm + * is complete -- abartlet 2008-04-28 */ io.in.workgroup = lp_workgroup(global_loadparm); io.in.options = *options; diff --git a/source4/libcli/smb_composite/connect.c b/source4/libcli/smb_composite/connect.c index c4abfa5e37..39c614f042 100644 --- a/source4/libcli/smb_composite/connect.c +++ b/source4/libcli/smb_composite/connect.c @@ -38,7 +38,9 @@ enum connect_stage {CONNECT_RESOLVE, CONNECT_NEGPROT, CONNECT_SESSION_SETUP, CONNECT_SESSION_SETUP_ANON, - CONNECT_TCON}; + CONNECT_TCON, + CONNECT_DONE +}; struct connect_state { enum connect_stage stage; @@ -97,8 +99,7 @@ static NTSTATUS connect_tcon(struct composite_context *c, state->io_tcon->tconx.out.fs_type); } - /* all done! */ - c->state = COMPOSITE_STATE_DONE; + state->stage = CONNECT_DONE; return NT_STATUS_OK; } @@ -121,9 +122,6 @@ static NTSTATUS connect_session_setup_anon(struct composite_context *c, state->session->vuid = state->io_setup->out.vuid; /* setup for a tconx */ - io->out.tree = smbcli_tree_init(state->session, state, true); - NT_STATUS_HAVE_NO_MEMORY(io->out.tree); - state->io_tcon = talloc(c, union smb_tcon); NT_STATUS_HAVE_NO_MEMORY(state->io_tcon); @@ -203,9 +201,12 @@ static NTSTATUS connect_session_setup(struct composite_context *c, state->session->vuid = state->io_setup->out.vuid; - /* setup for a tconx */ - io->out.tree = smbcli_tree_init(state->session, state, true); - NT_STATUS_HAVE_NO_MEMORY(io->out.tree); + /* If we don't have a remote share name then this indicates that + * we don't want to do a tree connect */ + if (!io->in.service) { + state->stage = CONNECT_DONE; + return NT_STATUS_OK; + } state->io_tcon = talloc(c, union smb_tcon); NT_STATUS_HAVE_NO_MEMORY(state->io_tcon); @@ -254,6 +255,18 @@ static NTSTATUS connect_negprot(struct composite_context *c, /* next step is a session setup */ state->session = smbcli_session_init(state->transport, state, true); NT_STATUS_HAVE_NO_MEMORY(state->session); + + /* setup for a tconx (or at least have the structure ready to + * return, if we won't go that far) */ + io->out.tree = smbcli_tree_init(state->session, state, true); + NT_STATUS_HAVE_NO_MEMORY(io->out.tree); + + /* If we don't have any credentials then this indicates that + * we don't want to do a session setup */ + if (!io->in.credentials) { + state->stage = CONNECT_DONE; + return NT_STATUS_OK; + } state->io_setup = talloc(c, struct smb_composite_sesssetup); NT_STATUS_HAVE_NO_MEMORY(state->io_setup); @@ -272,6 +285,7 @@ static NTSTATUS connect_negprot(struct composite_context *c, state->creq->async.fn = composite_handler; state->creq->async.private_data = c; + state->stage = CONNECT_SESSION_SETUP; return NT_STATUS_OK; @@ -405,13 +419,11 @@ static void state_handler(struct composite_context *c) break; } - if (!NT_STATUS_IS_OK(c->status)) { - c->state = COMPOSITE_STATE_ERROR; - } - - if (c->state >= COMPOSITE_STATE_DONE && - c->async.fn) { - c->async.fn(c); + if (state->stage == CONNECT_DONE) { + /* all done! */ + composite_done(c); + } else { + composite_is_ok(c); } } diff --git a/source4/libcli/smb_composite/sesssetup.c b/source4/libcli/smb_composite/sesssetup.c index 1427fe525b..11ac37e257 100644 --- a/source4/libcli/smb_composite/sesssetup.c +++ b/source4/libcli/smb_composite/sesssetup.c @@ -224,7 +224,6 @@ static NTSTATUS session_setup_nt1(struct composite_context *c, { NTSTATUS nt_status; struct sesssetup_state *state = talloc_get_type(c->private_data, struct sesssetup_state); - const char *password = cli_credentials_get_password(io->in.credentials); DATA_BLOB names_blob = NTLMv2_generate_names_blob(state, lp_iconv_convenience(global_loadparm), session->transport->socket->hostname, lp_workgroup(global_loadparm)); DATA_BLOB session_key; int flags = CLI_CRED_NTLM_AUTH; @@ -266,6 +265,7 @@ static NTSTATUS session_setup_nt1(struct composite_context *c, data_blob_free(&session_key); } else if (session->options.plaintext_auth) { + const char *password = cli_credentials_get_password(io->in.credentials); state->setup.nt1.in.password1 = data_blob_talloc(state, password, strlen(password)); state->setup.nt1.in.password2 = data_blob(NULL, 0); } else { diff --git a/source4/libcli/smb_composite/smb_composite.h b/source4/libcli/smb_composite/smb_composite.h index e7e131869c..afee11ce3b 100644 --- a/source4/libcli/smb_composite/smb_composite.h +++ b/source4/libcli/smb_composite/smb_composite.h @@ -83,8 +83,8 @@ struct smb_composite_savefile { - socket establishment - session request - negprot - - session setup - - tree connect + - session setup (if credentials are not NULL) + - tree connect (if service is not NULL) */ struct smb_composite_connect { struct { diff --git a/source4/script/harness2subunit.pl b/source4/script/harness2subunit.pl index c14e4730e0..9f2391ad6c 100755 --- a/source4/script/harness2subunit.pl +++ b/source4/script/harness2subunit.pl @@ -1,7 +1,7 @@ #!/usr/bin/perl my $firstline = 1; - +my $error = 0; while(<STDIN>) { if ($firstline) { $firstline = 0; @@ -10,6 +10,7 @@ while(<STDIN>) { if (/^not ok (\d+) - (.*)$/) { print "test: $2\n"; print "failure: $2\n"; + $error = 1; } elsif (/^ok (\d+) - (.*)$/) { print "test: $2\n"; print "success: $2\n"; @@ -22,7 +23,10 @@ while(<STDIN>) { } elsif (/^not ok (\d+)$/) { print "test: $1\n"; print "failure: $1\n"; + $error = 1; } else { print; } } +exit $error; + diff --git a/source4/setup/vampire.py b/source4/setup/vampire.py deleted file mode 100755 index 728c53146a..0000000000 --- a/source4/setup/vampire.py +++ /dev/null @@ -1,53 +0,0 @@ -#!/usr/bin/python - -# Unix SMB/CIFS implementation. -# Vampire a remote domain -# Copyright (C) Jelmer Vernooij <jelmer@samba.org> 2007 -# -# This program is free software; you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation; either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program. If not, see <http://www.gnu.org/licenses/>. -# - -from net import libnet -import optparse -import samba.getopt as options -import param -from auth import system_session -import sys - -parser = optparse.OptionParser("vampire [options] <domain>") -sambaopts = options.SambaOptions(parser) -parser.add_option_group(sambaopts) -parser.add_option_group(options.VersionOptions(parser)) -credopts = options.CredentialsOptions(parser) -parser.add_option_group(credopts) - -opts, args = parser.parse_args() - -if len(args) < 1: - parser.print_usage() - sys.exit(1) - -def vampire(domain, session_info, credentials, lp): - ctx = libnet(lp_ctx=lp) - ctx.cred = credentials - machine_creds = Credentials(); - machine_creds.set_domain(domain); - if not machine_creds.set_machine_account(): - raise Exception("Failed to access domain join information!") - ctx.samsync_ldb(vampire_ctx, machine_creds=machine_creds, - session_info=session_info) - -lp = sambaopts.get_loadparm() -vampire(args[0], session_info=system_session(), - credentials=credopts.get_credentials(), lp=lp) |