s4:rpc_server: make use of dcesrv_auth_prepare_auth3() in dcesrv_auth3()
It means we also need to call gensec_update_ev() and dcesrv_auth_complete()
directly in dcesrv_auth3(). Doing that will make it easier to make dcesrv_auth3()
async in the next commits.
Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
s4:rpc_server: make use of dcesrv_auth_prepare_alter_ack() in dcesrv_alter()
It means we also need to call gensec_update_ev() and dcesrv_auth_complete()
directly in dcesrv_alter(). Doing that will make it easier to make dcesrv_alter()
async in the next commits.
Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
s4:rpc_server: make use of dcesrv_auth_prepare_bind_ack() in dcesrv_bind()
It means we also need to call gensec_update_ev() and dcesrv_auth_complete()
directly in dcesrv_bind(). Doing that will make it easier to make dcesrv_bind()
async in the next commits.
Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
This will be used by the dns services to only allow
spnego/krb5. This makes sure the accepting backend
doesn't require any RPC or IPC communication for now.
Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
auth/gensec: remove the sync update() hook from gensec_security_ops
Some backends still do some nested event context magic,
but that mapping between async and sync is done in these backends
and not in the core gensec code anymore.
Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
s4:rpc_server: simplify the GENSEC_FEATURE_SIGN_PKT_HEADER logic
We can directly check this after gensec_start_mech_by_authtype(),
the backend either supports it or not. There's nothing that
can change during the authentication phase.
Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
s3:rpc_server: move gensec_update() out of auth_generic_server_authtype_start*()
We let the caller use auth_generic_server_step() instead.
This allows us to request GENSEC_FEATURE_SIGN_PKT_HEADER before
starting the gensec_update() dance.
Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
s4:smb_server: avoid using gensec_update_ev() for the negotiate blob
Getting the SPNEGO mech type blob, we don't expect to block for
any network io, so we can also use gensec_update() which creates
a temporary event context.
Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
auth/gensec: call gensec_verify_features() also after update_recv() in gensec_update_ev()
This is no a real problem until now, because the only backends with update_send()/recv()
are "schannel" (which only supports AUTH_LEVEL_{INTEGRITY,PRIVACY}) and
"naclrpc_as_system" (which doesn't support any protection beside using unix
domain sockets).
Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Andrew Bartlett [Tue, 2 May 2017 10:55:45 +0000 (12:55 +0200)]
selftest: Actually run python3 tests during the selftest
These previously only ran if the develper was using EXTRA_PYTHON in their
OS environment
Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Sat May 20 02:26:33 CEST 2017 on sn-devel-144
Petr Viktorin [Wed, 3 May 2017 14:57:07 +0000 (16:57 +0200)]
python3: Use "y#" instead of "s#" for binary data in PyArg_ParseTuple
The "s#" format code for PyArg_ParseTupleAndKeywords and Py_BuildValue
converts a char* and size to/from Python str (with utf-8 encoding under
Python 3).
In some cases, we want bytes (str on Python 2, bytes on 3) instead. The
code for this is "y#" in Python 3, but that is not available in 2.
Introduce a PYARG_BYTES_LEN macro that expands to "s#" or "y#", and use
that in:
- credentials.get_ntlm_response (for input and output)
- ndr_unpack argument in PIDL generated code
Signed-off-by: Petr Viktorin <pviktori@redhat.com> Reviewed-by: Andreas Schneider <asn@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Jeremy Allison [Tue, 16 May 2017 23:12:19 +0000 (16:12 -0700)]
s3: smbd: Fix open_files.idl to correctly ignore share_mode_lease *lease in share_mode_entry.
This is currently marked 'skip', which means it isn't stored in the
db, but printed out in ndr dump. However, this pointer can be invalid
if the lease_idx is set to 0xFFFFFFFF (invalid).
This is fixed up inside parse_share_modes(), but not until after
ndr_pull_share_mode_data() is called. If lease_idx == 0xFFFFFFFF
then ndr_print_share_mode_lease() prints an invalid value and
crashes.
Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Alexander Bokovoy <ab@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Thu May 18 03:01:40 CEST 2017 on sn-devel-144
Ralph Boehme [Fri, 12 May 2017 12:40:03 +0000 (14:40 +0200)]
vfs_fruit: add pread_send/recv and pwrite_send/recv
This is needed to support copy-chunk of streams. vfs_default issues
calls to async pread and pwrite (send/recv versions) since
commit60e45a2d25401eaf9a15a86d19114670ccfde259.
Ralph Boehme [Fri, 12 May 2017 05:58:01 +0000 (07:58 +0200)]
vfs_streams_xattr: add pread_send/recv and pwrite_send/recv
This is needed to support copy-chunk of streams. vfs_default issues
calls to async pread and pwrite (send/recv versions) since commit 60e45a2d25401eaf9a15a86d19114670ccfde259.
To make libads using 'struct smbldap_state' instead of direct LDAP
structure, we need to abstract out libads logic from connection
handling. SASL wrapping does not really depend on availability of LDAP
handle and does not need direct access to ADS_STRUCT. As result, we'll
be able to move SASL wrapping code under smbldap once the latter is able
to pass settings that libads passes to the SASL wrapping.
Signed-off-by: Alexander Bokovoy <ab@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
Peter Somogyi [Mon, 15 May 2017 08:21:01 +0000 (10:21 +0200)]
SMB_INFO_ALLOCATION: return with UINT32_MAX rather than cutting at 4 bytes
An AIX cifs client queries SMB_INFO_ALLOCATION that has only 4 bytes to report
dfree and dsize. Return the max instead of random unexpeced numbers.
Signed-off-by: Peter Somogyi <psomogyi@hu.ibm.com> Reviewed-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Wed May 17 05:49:46 CEST 2017 on sn-devel-144
Signed-off-by: David Disseldorp <ddiss@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org>
Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Wed May 17 01:46:52 CEST 2017 on sn-devel-144
Signed-off-by: Amitay Isaacs <amitay@gmail.com> Reviewed-by: Martin Schwenke <martin@meltin.net>
Autobuild-User(master): Martin Schwenke <martins@samba.org>
Autobuild-Date(master): Mon May 15 08:08:10 CEST 2017 on sn-devel-144
Jeremy Allison [Thu, 11 May 2017 23:15:56 +0000 (16:15 -0700)]
s4: nmblookup: Allocate event context off NULL instead of talloc_autofree_context().
It's already correctly freed on exit.
Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org>
Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Sat May 13 21:01:25 CEST 2017 on sn-devel-144
Jeremy Allison [Tue, 9 May 2017 23:28:53 +0000 (16:28 -0700)]
s4: torture: Remove use of local variables that are simply mirroring popt_get_cmdline_credentials().
Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Fri May 12 00:37:29 CEST 2017 on sn-devel-144
projects / thirdparty / samba.git / log
