Age | Commit message (Collapse) | Author | Files | Lines |
|
This helps map on to the GENSEC semantics better, and ensures that the
full set of desired features are set before the mechanism starts.
Andrew Bartlett
Signed-off-by: Andrew Tridgell <tridge@samba.org>
|
|
GENSEC has the concept of starting the GENSEC subsystem before starting the
actual mechansim. Between these two stages is when most context methods
are called, to specify credentials and features.
Andrew Bartlett
Signed-off-by: Andrew Tridgell <tridge@samba.org>
|
|
The auth4_context is already in the gensec_security structure, which is
available by de-reference here anyway.
Andrew Bartlett
Signed-off-by: Andrew Tridgell <tridge@samba.org>
|
|
There is no need to mask out these flags as they simply are not set
yet.
The correct abstraction is to ask for NTLMSSP features.
Andrew Bartlett
Signed-off-by: Andrew Tridgell <tridge@samba.org>
|
|
The session key we want here (the only one that is availble to the
encryption layer) is the one obtained by cli_get_session_key(), as
NTLMSSP creates a per-session session key via key exchange and NTLMv2
negotiation.
The key was never directly the NT hash anyway (this is simply a
mistake, the extra MD4() was lost during my previous cleanup
f28f113d8e76824b080359c90efd9c92de533740 in 2008), but was MD4(NT
hash) in early implementations of NTLMSSP.
However, regardless this call is not available on domain trusts
between AD domains and Windows 2003 R2, making this less useful.
Andrew Bartlett
Signed-off-by: Andrew Tridgell <tridge@samba.org>
|
|
Signed-off-by: Andrew Tridgell <tridge@samba.org>
|
|
Signed-off-by: Andrew Tridgell <tridge@samba.org>
|
|
Signed-off-by: Andrew Tridgell <tridge@samba.org>
|
|
We now just use auth_ntlmssp_want_feature to get extra flags
on the NTLMSSP context
Andrew Bartlett
Signed-off-by: Andrew Tridgell <tridge@samba.org>
|
|
This is changed so that the callers ask for the additional flags
that they need, starting with no additional flags.
This helps to create a proper abstraction layer in
ntlmssp_wrap/auth_ntlmssp.
Andrew Bartlett
Signed-off-by: Andrew Tridgell <tridge@samba.org>
|
|
This clarifies the lifetime of the returned token.
Andrew Bartlett
Signed-off-by: Andrew Tridgell <tridge@samba.org>
|
|
Signed-off-by: Andrew Tridgell <tridge@samba.org>
|
|
This allows the current behaviour of the NTLMSSP code to be unchanged
while adding a way to hook in an alternate implementation via an auth
module.
Andrew Bartlett
Signed-off-by: Andrew Tridgell <tridge@samba.org>
|
|
|
|
This will allow auth plugins such as auth_samba4 to provide an initialised
GENSEC context to auth subsystem callers.
Andrew Bartlett
Signed-off-by: Andrew Tridgell <tridge@samba.org>
|
|
This allows auth_ntlmssp_get_ntlmssp_state() to be removed.
Andrew Bartlett
Signed-off-by: Andrew Tridgell <tridge@samba.org>
|
|
Signed-off-by: Andrew Tridgell <tridge@samba.org>
|
|
Signed-off-by: Andrew Tridgell <tridge@samba.org>
|
|
This is the authoritative source for what the user was actually
authenticated as.
The previous message printed only what they claimed, and the DC might
map this.
The workstation is no longer printed in the logs, as it allows
auth_ntlmssp_get_client() to be removed.
Andrew Bartlett
Signed-off-by: Andrew Tridgell <tridge@samba.org>
|
|
This means we can't ever call make_server_info_guest() twice.
Andrew Bartlett
Signed-off-by: Andrew Tridgell <tridge@samba.org>
|
|
This means we no longer need two different map to guest functions
and have consistent logic with fewer layering violations.
Andrew Bartlett
Signed-off-by: Andrew Tridgell <tridge@samba.org>
|
|
gensec_session_key()
This is slightly less efficient, because we no longer keep a cache on
the gensec structures, but much clearer in terms of memory ownership.
Both gensec_session_info() and gensec_session_key() now take a mem_ctx
and put the result only on that context.
Some duplication of memory in the callers (who were rightly uncertain
about who was the rightful owner of the returned memory) has been
removed to compensate for the internal copy.
Andrew Bartlett
|
|
Signed-off-by: Andrew Tridgell <tridge@samba.org>
|
|
The startup and runtime functions that have no dependencies are moved
into the top level.
Andrew Bartlett
Signed-off-by: Andrew Tridgell <tridge@samba.org>
|
|
metze
Autobuild-User: Stefan Metzmacher <metze@samba.org>
Autobuild-Date: Wed Aug 3 10:16:18 CEST 2011 on sn-devel-104
|
|
metze
|
|
metze
|
|
metze
|
|
metze
|
|
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User: Andrew Bartlett <abartlet@samba.org>
Autobuild-Date: Wed Aug 3 07:49:12 CEST 2011 on sn-devel-104
|
|
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
|
|
Python version of samba-tool has now implemented all the commands
from C version and more.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
|
|
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
|
|
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
|
|
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
|
|
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
|
|
Python smb connection now uses smb_full_connection method.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
|
|
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
|
|
gpo fetch is remote->local and gpo create is local->remote
local is local filesystem and remote is smb share.
Need two functions to copy local->remote and remote->local.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
|
|
Use methods from python wrapper to convert gpo flags and gplink
options to string.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
|
|
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
|
|
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
|
|
Updated docstrings for all methods.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
|
|
this prevents an easy coding error where the caller modifies one of
the key DNs for the database, by using an add_child function or
similar
Pair-Programmed-With: Amitay Isaacs <amitay@gmail.com>
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
|
|
have already called check_name.
Autobuild-User: Jeremy Allison <jra@samba.org>
Autobuild-Date: Wed Aug 3 03:00:55 CEST 2011 on sn-devel-104
|
|
Found when reading with aio_fork beyond the end of file.
Metze, Jeremy, please check!
Without this we get
[2011/08/02 21:02:54.082661, 0] lib/util.c:778(smb_panic_s3)
PANIC (pid 2302): smbd/smb2_read.c:593: Type mismatch: name[NULL] expected[struct smbd_smb2_read_state]
[2011/08/02 21:02:54.094316, 0] lib/util.c:882(log_stack_trace)
BACKTRACE: 23 stack frames:
#0 bin/smbd(log_stack_trace+0x2d) [0xb72873d8]
#1 bin/smbd(smb_panic_s3+0x7c) [0xb7287529]
#2 bin/smbd(smb_panic+0x2f) [0xb7277e1f]
#3 /root/git/s3-work/source3/bin/libtalloc.so.2 [0xb6c6bc48]
#4 /root/git/s3-work/source3/bin/libtalloc.so.2 [0xb6c6ec79]
#5 /root/git/s3-work/source3/bin/libtalloc.so.2(_talloc_get_type_abort+0x34) [0xb6c6ecb3]
#6 bin/smbd [0xb6fbc405]
#7 bin/smbd(_tevent_req_notify_callback+0x4a) [0xb729a85a]
#8 bin/smbd [0xb729a888]
#9 bin/smbd(_tevent_req_done+0x19) [0xb729aa73]
#10 bin/smbd [0xb6fae517]
#11 bin/smbd [0xb6fad258]
#12 bin/smbd(smbd_aio_complete_aio_ex+0xf5) [0xb6fad6e8]
#13 /root/git/inst/modules/vfs/aio_fork.so [0xb66d4992]
#14 bin/smbd(run_events_poll+0x400) [0xb7297df2]
#15 bin/smbd(smbd_process+0xd75) [0xb6f9d3a7]
#16 bin/smbd [0xb756f07b]
#17 bin/smbd(run_events_poll+0x400) [0xb7297df2]
#18 bin/smbd [0xb7298254]
#19 bin/smbd(_tevent_loop_once+0x9e) [0xb72986ac]
#20 bin/smbd(main+0x185c) [0xb7570e59]
#21 /lib/i686/cmov/libc.so.6(__libc_start_main+0xe5) [0xb6b08455]
#22 bin/smbd [0xb6f14e01]
Autobuild-User: Volker Lendecke <vlendec@samba.org>
Autobuild-Date: Tue Aug 2 22:33:15 CEST 2011 on sn-devel-104
|
|
Autobuild-User: Volker Lendecke <vlendec@samba.org>
Autobuild-Date: Tue Aug 2 20:32:08 CEST 2011 on sn-devel-104
|
|
|
|
|
|
|