Age | Commit message (Collapse) | Author | Files | Lines |
|
authentication. This pulls the creating of the keytab back to the
credentials code, and removes the special case of 'use keberos keytab
= yes' for now.
This allows (and requires) the callers to specify the credentials for
the server credentails to GENSEC. This allows kpasswdd (soon to be
added) to use a different set of kerberos credentials.
The 'use kerberos keytab' code will be moved into the credentials
layer, as the layers below now expect a keytab.
We also now allow for the old secret to be stored into the
credentials, allowing service password changes.
Andrew Bartlett
(This used to be commit 205f77c579ac8680c85f713a76de5767189c627b)
|
|
the right
talloc context.
Volker
(This used to be commit 256cf928d786b2533953505aea20ec80a25c6929)
|
|
Should fix a valgrind error volker is seeing.
Andrew Bartlett
(This used to be commit 11957c5f37fe0a0be465a9ce9d6d256724c5951c)
|
|
(This used to be commit d2f80c0457f7404b2cac9df59a400130e9ad025f)
|
|
then StaticLibrary()
(This used to be commit b53313dc517986c69a4e4cb8fe3885b696f8faa1)
|
|
use pstring is next_token() now.
(This used to be commit a5b88bcd420eb7ae42283293541519e142be36e3)
|
|
but final linking still fails (as does generating files asn1, et, idl and proto
files)
(This used to be commit 4f0d7f75b99c7f4388d8acb0838577d86baf68b5)
|
|
RAW_SEARCH_UNIX_INFO find_fill_info(), which I think is a bug.
(This used to be commit 5f1cd6382cd90b1b33f645b1b2a469f4de4f42b9)
|
|
we do pass it as size_t. In case src_len is negative, we need to register a failure and return to the caller
(This used to be commit 95d96c79a538814bb524d7905e1e8f64df6341ca)
|
|
(This used to be commit cf1a7bbe96e8e40ac4df3eaa3e5922a944b45579)
|
|
(This used to be commit fac77f5fa267da57a55e88cad8993897e80741a0)
|
|
we didn't cope with the 'anonymous NTLM under SPNEGO' login.
Andrew Bartlett
(This used to be commit c3cc14542e426b23e468a11803c1bab0f6fe290f)
|
|
user_info strcture in auth/
This moves it to a pattern much like that found in ntvfs, with
functions to migrate between PAIN, HASH and RESPONSE passwords.
Instead of make_user_info*() functions, we simply fill in the control
block in the callers, per recent dicussions on the lists. This
removed a lot of data copies as well as error paths, as we can grab
much of it with talloc.
Andrew Bartlett
(This used to be commit ecbd2235a3e2be937440fa1dc0aecc5a047eda88)
|
|
connection structure.
This massively reduces the number of lp_*() calls made
(This used to be commit b1d577f48d31c0c17ad0b6abd78120087408e58d)
|
|
setup. Andrew, please check over this.
What happens is this:
- run the BASE-SECLEAK test
- with each failed session setup using spnego a gensec ctx is leaked into the smb_conn structure
- after the client disconnects these are finally cleaned up as they
are all children of the connection structure
- the cleanup of the millions of memory objects takes long enough
that the next operation in test_posix.sh sometimes fails with a timeout
Andrew, can you also look at the talloc_reference() on line 332 of
sesssetup.c ? I suspect it isn't needed (I don't think it does any
actual harm though)
(This used to be commit b40fb6a4569ccc1fa1750a1e534e18a020764b4c)
|
|
(This used to be commit 658befc1e4df44bee1f365a730951001f0f36640)
|
|
(This used to be commit 391cfe3c9645a19f8f5ff5c11b1ac03ee0b10f8f)
|
|
(This used to be commit 9eebd240d8ed9a634307ce31696d817f78f503b2)
|
|
(This used to be commit adae47c829fd157afa0011d29e5969d883a0956e)
|
|
be able to send a message to the "ldap_server" task without having to
know its task ID.
(This used to be commit 8f69867867857e0c9a9246c2dec9612ccc234724)
|
|
torture code that can tell the difference between dos and ntstatus
codes without mapping
(This used to be commit 5521060c089c2181a2f3c7aeabd2f3ba813c6e60)
|
|
metze
(This used to be commit a2e34475d723eb74fc58b9afa9f4a863b1277b0d)
|
|
(This used to be commit 6ee98c5f6505824826955f9d60a7964471fa6c26)
|
|
"sam database"
set to the internal ldap server over loopback. The following happened:
- DCERPC_AUTH3 request
- auth requests calls ldb
- ldb calls ldap
- ldap calls our internal ldap server, triggering events
- samrConnect from client
- connect refused
- SMBclose from client
- causes dcerpc_pipe to be destroyed
- AUTH3 continues
- dies on freed pipe
I chose this solution as it provides a guarantee that backends only have to think about
async issues when they mark a request async. When they don't, this code guarantees that
a second request won't happen on the same connection while processing the first one
(This used to be commit 45487e8a1402c64d1c314befe8bd9f65587fd0d6)
|
|
replay attacks under SMB signing, where the session key is a fixed
derivitive of the user's password.
This removes the VID offset, but I'm not worried about random client
bytes mattering here, given the space (and the fact that it applies to
very, very old clients).
Andrew Bartlett
(This used to be commit eb1d37c5a91a6bc4515469e1ae026d28c12d7149)
|
|
(no need for it to hang around forever).
Add test for this behaviour.
Andrew Bartlett
(This used to be commit 36dc2491d778fbbff32c4abdf95faa9f83024e12)
|
|
event_context for the socket_connect() call, so that when things that
use dcerpc are running alongside anything else it doesn't block the
whole process during a connect.
Then of course I needed to change any code that created a dcerpc
connection (such as the auth code) to also take an event context, and
anything that called that and so on .... thus the size of the patch.
There were 3 places where I punted:
- abartlet wanted me to add a gensec_set_event_context() call
instead of adding it to the gensec init calls. Andrew, my
apologies for not doing this. I didn't do it as adding a new
parameter allowed me to catch all the callers with the
compiler. Now that its done, we could go back and use
gensec_set_event_context()
- the ejs code calls auth initialisation, which means it should pass
in the event context from the web server. I punted on that. Needs fixing.
- I used a NULL event context in dcom_get_pipe(). This is equivalent
to what we did already, but should be fixed to use a callers event
context. Jelmer, can you think of a clean way to do that?
I also cleaned up a couple of things:
- libnet_context_destroy() makes no sense. I removed it.
- removed some unused vars in various places
(This used to be commit 3a3025485bdb8f600ab528c0b4b4eef0c65e3fc9)
|
|
old style
auto homedir share stuff
- add TODO: for checking the password on share mode security
metze
(This used to be commit d9a0c61801f19e55a41c573ea96565946314ecb3)
|
|
the error code for an invalid tid depends on the command
(This used to be commit 9dab036fbe50d84cb79d7a103c454a1c0c90a48a)
|
|
amazingly, I have seen w2k do a session setup followed by an immediate
attempted opening of \netlogon, with no tconx to ipc$ first. So this
error code can matter.
(This used to be commit 79112d81cb9ea3fc7e94be1af282ab4247170532)
|
|
cut&paste error
(This used to be commit 615618f192a05b95ab0e0fba68e339a6df1a3363)
|
|
Thanks to lars and agruen for finding this
(This used to be commit 2acc06918574b1178eecf3d61026f84f85bb40e1)
|
|
segfault). This should fix another of the issues that Richard came up
with last week.
Andrew Bartlett
(This used to be commit c2c8b6abf3ffa39c8677cab4fda415d66df0c4ff)
|
|
Andrew Bartlett
(This used to be commit c67a9370c4e8f94aad68abba073779bb0edf742b)
|
|
outstanding sessions, as we don't use it.
Andrew Bartlett
(This used to be commit 0cbd11a0f2448f2021fa1d8ad85a0a6f52192ee8)
|
|
renaming password.c over the top, as it deals with sessions, not
passwords).
Andrew Bartlett
(This used to be commit 0bba8da460f77946ba9ee5db58ae2329e9e57e1a)
|
|
behaviour on session setups, and because we no longer need do deal
with the linked list as much, the code is much simpiler too.
We may be able to compleatly remove the tid and vuid linked lists, but
I need to check.
This patch also tries to clean up the VUID handling and session setups
in general. To avoid security issues, we now have a distinction
between VUIDs allocated for the session setup (to tie togeather the
multiple round trips) and those used after authentication.
Andrew Bartlett
(This used to be commit 3e5775146d9ce6f0ac43aecae7e899b5324399ad)
|
|
(This used to be commit 54c02846791cd8bda942fec847257c00013d3409)
|
|
GENSEC, and to pull SCHANNEL into GENSEC, by making it less 'special'.
GENSEC now no longer has it's own handling of 'set username' etc,
instead it uses cli_credentials calls.
In order to link the credentails code right though Samba, a lot of
interfaces have changed to remove 'username, domain, password'
arguments, and these have been replaced with a single 'struct
cli_credentials'.
In the session setup code, a new parameter 'workgroup' contains the
client/server current workgroup, which seems unrelated to the
authentication exchange (it was being filled in from the auth info).
This allows in particular kerberos to only call back for passwords
when it actually needs to perform the kinit.
The kerberos code has been modified not to use the SPNEGO provided
'principal name' (in the mechListMIC), but to instead use the name the
host was connected to as. This better matches Microsoft behaviour,
is more secure and allows better use of standard kerberos functions.
To achieve this, I made changes to our socket code so that the
hostname (before name resolution) is now recorded on the socket.
In schannel, most of the code from librpc/rpc/dcerpc_schannel.c is now
in libcli/auth/schannel.c, and it looks much more like a standard
GENSEC module. The actual sign/seal code moved to
libcli/auth/schannel_sign.c in a previous commit.
The schannel credentails structure is now merged with the rest of the
credentails, as many of the values (username, workstation, domain)
where already present there. This makes handling this in a generic
manner much easier, as there is no longer a custom entry-point.
The auth_domain module continues to be developed, but is now just as
functional as auth_winbind. The changes here are consequential to the
schannel changes.
The only removed function at this point is the RPC-LOGIN test
(simulating the load of a WinXP login), which needs much more work to
clean it up (it contains copies of too much code from all over the
torture suite, and I havn't been able to penetrate its 'structure').
Andrew Bartlett
(This used to be commit 2301a4b38a21aa60917973451687063d83d18d66)
|
|
Andrew Bartlett
(This used to be commit 50af206477d8834d58629131e8cc994fb194adfe)
|
|
(This used to be commit bf43c9bdcf9e654d123f6a2b29feb9189ca9e561)
|
|
refresh, release and query)
- change the iface_n_*() functions to return a "const char *" instead of a "struct ipv4_addr"
I think that in general we should move towards "const char *" for
all IP addresses, as this makes IPv6 much easier, and is also easier
to debug. Andrew, when you get a chance, could you fix some of the
auth code to use strings for IPs ?
- return a NTSTATUS error on bad name queries and node status instead
of using rcode. This makes the calling code simpler.
- added low level name release code in libcli/nbt/
- use a real IP in the register and wins nbt torture tests, as w2k3
WINS server silently rejects some operations that don't come from the
IP being used (eg. it says "yes" to a release, but does not in fact
release the name)
(This used to be commit bb1ab11d8e0ea0bd9ae34aebeb565d36fe4b495f)
|
|
(This used to be commit 7f54c8a339f36aa43c9340be70ab7f0067593ef2)
|
|
gettimeofday() call
and just use timeval_current() when its actually needed
(This used to be commit 236403cc4dc2924ed6a898acae0bb44cc1688dcc)
|
|
(This used to be commit 90535bab957ddaa7bfcdf43e199581f3352bdc8a)
|
|
make it possible to add optimisations to the events code such as
keeping the next timed event in a sorted list, and using epoll for
file descriptor events.
I also removed the loop events code, as it wasn't being used anywhere,
and changed timed events to always be one-shot (as adding a new timed
event in the event handler is so easy to do if needed)
(This used to be commit d7b4b6de51342a65bf46fce772d313f92f8d73d3)
|
|
servers in smbd. The old code still contained a fairly bit of legacy
from the time when smbd was only handling SMB connection. The new code
gets rid of all of the smb_server specific code in smbd/, and creates
a much simpler infrastructures for new server code.
Major changes include:
- simplified the process model code a lot.
- got rid of the top level server and service structures
completely. The top level context is now the event_context. This
got rid of service.h and server.h completely (they were the most
confusing parts of the old code)
- added service_stream.[ch] for the helper functions that are
specific to stream type services (services that handle streams, and
use a logically separate process per connection)
- got rid of the builtin idle_handler code in the service logic, as
none of the servers were using it, and it can easily be handled by
a server in future by adding its own timed_event to the event
context.
- fixed some major memory leaks in the rpc server code.
- added registration of servers, rather than hard coding our list of
possible servers. This allows for servers as modules in the future.
- temporarily disabled the winbind code until I add the helper
functions for that type of server
- added error checking on service startup. If a configured server
fails to startup then smbd doesn't startup.
- cleaned up the command line handling in smbd, removing unused options
(This used to be commit cf6a46c3cbde7b1eb1b86bd3882b953a2de3a42e)
|
|
large commit. I thought this was worthwhile to get done for
consistency.
(This used to be commit ec32b22ed5ec224f6324f5e069d15e92e38e15c0)
|
|
annoying "not parsing session request" message on each SMB connection
(This used to be commit b06b8dd2f4f4fea750b05fd29d68372828159f16)
|
|
(This used to be commit e54a97f8a67a04427b36cb4afac204c4e5f4502a)
|