summaryrefslogtreecommitdiff
path: root/source4/lib
Commit message (Collapse)AuthorAgeFilesLines
* s4:messaging: add support 'smbcontrol <pid> debug/debuglevel'Stefan Metzmacher2019-02-051-0/+72
| | | | | | | | BUG: https://bugzilla.samba.org/show_bug.cgi?id=13752 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Björn Baumbach <bbaumbach@samba.org> (cherry picked from commit 3a0c1da432c53de234b54bac90a3fb84534994eb)
* s4:lib/tls: fix the developer build without gnutls supportStefan Metzmacher2018-01-101-0/+1
| | | | | Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org>
* source4/lib/socket/socket_ip.c set socket close on execGary Lockyer2017-12-181-0/+3
| | | | | | | | | | | | | Set SOCKET_CLOEXEC on the sockets returned by accept. This ensures that the socket is unavailable to any child process created by system(). Making it harder for malicious code to set up a command channel, as seen in the exploit for CVE-2015-0240 Signed-off-by: Gary Lockyer <gary@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Autobuild-User(master): Andrew Bartlett <abartlet@samba.org> Autobuild-Date(master): Mon Dec 18 08:49:57 CET 2017 on sn-devel-144
* s4: remove ipv6:enabled parameteric optionBjörn Jacke2017-12-131-16/+8
| | | | | | | | this was never disabling ipv6, only v6-only interfaces. This can be achieved with the interfaces parameter also if wanted. Signed-off-by: Bjoern Jacke <bjacke@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* s4-lib-policy: fix type of enumUri Simchoni2017-11-221-1/+1
| | | | | Signed-off-by: Uri Simchoni <uri@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* python: Port samba.messaging module to Python 3 compatible form.Lumir Balhar2017-10-232-11/+25
| | | | | | Signed-off-by: Lumir Balhar <lbalhar@redhat.com> Reviewed-by: Andrew Bartlet <abartlet@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
* python: Port samba.registry module to Python 3 compatible formLumir Balhar2017-10-182-18/+29
| | | | | | Signed-off-by: Lumir Balhar <lbalhar@redhat.com> Reviewed-by: Andrew Bartlet <abartlet@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
* lib: talloc: Use the system <talloc.h> include.Jeremy Allison2017-08-171-1/+1
| | | | | | | | Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org> Autobuild-User(master): Jeremy Allison <jra@samba.org> Autobuild-Date(master): Thu Aug 17 00:53:48 CEST 2017 on sn-devel-144
* libhttp: Remove an unneeded includeVolker Lendecke2017-08-161-1/+0
| | | | | | | | Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> Autobuild-User(master): Jeremy Allison <jra@samba.org> Autobuild-Date(master): Wed Aug 16 04:11:47 CEST 2017 on sn-devel-144
* s4/lib/tls: Use SHA256 to sign the TLS certificatesAndrew Bartlett2017-08-151-3/+6
| | | | | | | | | | | The use of SHA-1 has been on the "do not" list for a while now, so make our self-signed certificates use SHA256 using the new gnutls_x509_crt_sign2 provided since GNUTLS 1.2.0 Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Garming Sam <garming@catalyst.net.nz> BUG: https://bugzilla.samba.org/show_bug.cgi?id=12953
* s4: com: Replace erroneous inclusion of internal talloc.h header with external.Jeremy Allison2017-08-151-1/+1
| | | | | | | | | | BUG: https://bugzilla.samba.org/show_bug.cgi?id=12932 Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org> Autobuild-User(master): Jeremy Allison <jra@samba.org> Autobuild-Date(master): Tue Aug 15 08:06:40 CEST 2017 on sn-devel-144
* s4:lib/http: pass down the target service/hostname to gensecStefan Metzmacher2017-08-071-0/+21
| | | | | Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
* s4:lib/http: add HTTP_AUTH_NEGOTIATE which maps to the "http_negotiate" ↵Stefan Metzmacher2017-08-072-0/+5
| | | | | | | gensec backend Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
* s4:http/gensec: implement "http_negotiate" using GENSEC_OID_SPNEGOStefan Metzmacher2017-08-071-0/+24
| | | | | Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
* s4:http/gensec: make the "NTLM" base64 wrapping more genericStefan Metzmacher2017-08-071-32/+107
| | | | | | | | | | | We only need to know the prefix "NTLM" and the submech oid GENSEC_OID_NTLMSSP everything else can be generic. This should allow us to implement "Negotiate" with GENSEC_OID_SPNEGO trivial. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
* s4:http/gensec: rename ntlm.c to generic.cStefan Metzmacher2017-08-072-5/+5
| | | | | | | Check with git show -C Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
* s4:lib/http: pass a generic prefix blob to http_parse_auth_response()Stefan Metzmacher2017-08-071-11/+13
| | | | | Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
* s4:lib/http: use strcasecmp(h->key, "WWW-Authenticate") instead of strncasecmp()Stefan Metzmacher2017-08-071-1/+4
| | | | | | | The key is already normalized and should match completely. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
* s4:lib/http: remove indentation level from http_parse_auth_response()Stefan Metzmacher2017-08-071-10/+12
| | | | | Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
* s4:lib/http: let http_read_response_send/recv() also consume the body if it ↵Stefan Metzmacher2017-08-074-17/+76
| | | | | | | | | | | | | | | | | | | fits into a max value We need to consume full HTTP responses from the socket during the authentication exchanges, otherwise our HTTP parser gets out of sync for the next requests. This will be important for gensec mechs which use an even number for authentication packets. I guess this should be done just based on the Content-Length value and not based on the response code. So far I saw bodies with 200 and 401 codes. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
* s4:lib/http: lower HTTP_MAX_HEADER_SIZE from UINT_MAX to 0x1FFFFStefan Metzmacher2017-08-071-1/+1
| | | | | | | | | We don't need very large headers, the largest ones are "Authorization" or "WWW-Authenticate", but 128k should be more than enough for all headers. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
* s4: COM: Remove talloc_autofree_context() from (unused) COM code.Jeremy Allison2017-07-265-11/+16
| | | | | | | BUG: https://bugzilla.samba.org/show_bug.cgi?id=12932 Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* s4:lib/http: rewrite http_send_auth_request_*() using gensec_update_send/recvStefan Metzmacher2017-07-252-186/+153
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The new logic makes it much clearer that we have a loop of gensec_update_send() gensec_update_recv() http_send_request_send() http_send_request_recv() http_read_response_send() http_read_response_recv() Until the local gensec and the server are ready. I've tested this against Windows 2008R2 like this: bin/smbtorture \ -W BLA --realm=BLA.BASE \ -s /dev/null -Uadministrator%A1b2C3d4 \ ncacn_http:w2k8r2-219[593,RpcProxy=w2k8r2-219.bla.base,HttpUseTls=false,HttpAuthOption=basic] \ rpc.epmapper.epmapper.Lookup_simple \ and: bin/smbtorture \ -W BLA --realm=BLA.BASE \ -s /dev/null -Uadministrator%A1b2C3d4 \ ncacn_http:w2k8r2-219[593,RpcProxy=w2k8r2-219.bla.base,HttpUseTls=false,HttpAuthOption=ntlm] \ rpc.epmapper.epmapper.Lookup_simple \ Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
* s4:http/gensec: add missing tevent_req_done() to gensec_http_ntlm_update_done()Stefan Metzmacher2017-07-211-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This was missing in commit d718e92d5e145dccd492c46febc249e462ce50c6. Sadly we can't have automated tests for this as we only implement the client side for this protocol. I've tested with using: bin/smbtorture \ -W BLA --realm=BLA.BASE \ -s /dev/null -Uadministrator%A1b2C3d4 \ ncacn_http:w2k8r2-219[593,RpcProxy=w2k8r2-219.bla.base,HttpUseTls=false,HttpAuthOption=basic] \ rpc.epmapper.epmapper.Lookup_simple \ and: bin/smbtorture \ -W BLA --realm=BLA.BASE \ -s /dev/null -Uadministrator%A1b2C3d4 \ ncacn_http:w2k8r2-219[593,RpcProxy=w2k8r2-219.bla.base,HttpUseTls=false,HttpAuthOption=ntlm] \ rpc.epmapper.epmapper.Lookup_simple \ BUG: https://bugzilla.samba.org/show_bug.cgi?id=12919 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> Autobuild-User(master): Jeremy Allison <jra@samba.org> Autobuild-Date(master): Fri Jul 21 23:29:39 CEST 2017 on sn-devel-144
* s4:lib/com: remove unused pycom bindingStefan Metzmacher2017-05-302-90/+0
| | | | | | | | | | | This is completely untested and from reading the code it doesn't really do anything beside always returning None from the get_class_object() method. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Autobuild-User(master): Andrew Bartlett <abartlet@samba.org> Autobuild-Date(master): Tue May 30 12:16:57 CEST 2017 on sn-devel-144
* s4:gensec/http_basic: add simple gensec_http_basic_update_send/recv() ↵Stefan Metzmacher2017-05-211-6/+72
| | | | | | | wrapper functions Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* s4:gensec/http_ntlm: add implement gensec_http_ntlm_update_send/recv()Stefan Metzmacher2017-05-211-31/+95
| | | | | Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* gensec: Add a TALLOC_CTX * to gensec_register().Jeremy Allison2017-05-132-2/+2
| | | | | | | | Pass in the TALLOC_CTX * from the module init to remove another talloc_autofree_context() use. Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org>
* s4: popt: Change from talloc_autofree_context() to NULL context.Jeremy Allison2017-05-111-2/+1
| | | | | | | Call popt_free_cmdline_credentials() on successful exit from torture. Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
* s4: popt: Make cmdline_credentials static.Jeremy Allison2017-05-112-2/+3
| | | | | Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
* s4: popt: Global replace of cmdline_credentials -> ↵Jeremy Allison2017-05-117-26/+53
| | | | | | | | | | | popt_get_cmdline_credentials(). Add one use of popt_set_cmdline_credentials(). Fix 80 column limits when cmdline_credentials changes to popt_get_cmdline_credentials(). Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
* s4: popt: Add set/get/free functions for cmdline_credentials.Jeremy Allison2017-05-112-0/+19
| | | | | | | Preparing to make this static instead of a global. Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
* s4-lib/policy: remove some dead prototypesGünther Deschner2017-05-101-2/+0
| | | | | | | Guenther Signed-off-by: Guenther Deschner <gd@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
* s4:tls: Do not use deprecated GnuTLS typesAndreas Schneider2017-05-092-14/+16
| | | | | | | | Those have been deprecated with GnuTLS 1.0.20 in 2004. I think it is safe to use them now ;) Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* s4-messaging: Add helpful commentsAndrew Bartlett2017-04-261-0/+7
| | | | | | | | Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org> Autobuild-User(master): Stefan Metzmacher <metze@samba.org> Autobuild-Date(master): Wed Apr 26 03:09:19 CEST 2017 on sn-devel-144
* lib: modules: Change XXX_init interface from XXX_init(void) to ↵Jeremy Allison2017-04-223-6/+6
| | | | | | | | | | | | | | | | | | | | XXX_init(TALLOC_CTX *) Not currently used - no logic changes inside. This will make it possible to pass down a long-lived talloc context from the loading function for modules to use instead of having them internally all use talloc_autofree_context() which is a hidden global. Updated all known module interface numbers, and added a WHATSNEW. Signed-off-by: Jeremy Allison <jra@samba.org> Signed-off-by: Ralph Böhme <slow@samba.org> Autobuild-User(master): Jeremy Allison <jra@samba.org> Autobuild-Date(master): Sat Apr 22 01:17:00 CEST 2017 on sn-devel-144
* s4: messaging: When talloc_free()'ing an event context, only remove ↵Jeremy Allison2017-04-172-4/+6
| | | | | | | | | | msg_dgm_ref's that point to *that* context. Defensive programming change. Not strictly needed to prevent any crash/error. Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Volker Lendecke <vl@samba.org>
* s4: messaging. Minor cleanup. Check for error returns on imessaging_register ↵Jeremy Allison2017-04-171-5/+23
| | | | | | | calls. Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Volker Lendecke <vl@samba.org>
* s4: messaging. Add imessaging_reinit_all() function.Jeremy Allison2017-03-312-0/+44
| | | | | | | | | | | Ensure it is called from process_standard.c after every fork(). Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Volker Lendecke <vl@samba.org> Autobuild-User(master): Volker Lendecke <vl@samba.org> Autobuild-Date(master): Fri Mar 31 14:48:17 CEST 2017 on sn-devel-144
* s4-messaging: split up messaging into a smaller library for send onlyAndrew Bartlett2017-03-293-80/+121
| | | | | | | This will help avoid a dep loop when the low-level auth code relies on the message code to deliver authentication messages Signed-off-by: Andrew Bartlett <abartlet@samba.org>
* pymessaging: add single element tupple form of the server_idGary Lockyer2017-03-281-1/+8
| | | | | | | | | This avoids the python code needing to call getpid() internally, while declaring a stable task_id. Signed-off-by: Gary Lockyer <gary@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Garming Sam <garming@catalyst.net.nz>
* pymessaging: Add a hook to run the event loop, make callbacks practicalAndrew Bartlett2017-03-283-26/+117
| | | | | | | | | | | | | | | | These change allow us to write a messaging server in python. The previous ping_speed test did not actually test anything, so we use .loop_once() to make it actually work. To enable practial use a context is supplied in the tuple with the callback, and the server_id for the reply is not placed inside an additional tuple. In order to get at the internal event context on which to loop, we expose imessaging_context in messaging_internal.h and allow the python bindings to use that header. Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Garming Sam <garming@catalyst.net.nz>
* pymessaging: Add irpc_remove_nameAndrew Bartlett2017-03-281-0/+18
| | | | | | | | | This allows tests to be indirectly added for server_id_db_lookup() and server_id_db_prune_name() Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Garming Sam <garming@catalyst.net.nz> BUG: https://bugzilla.samba.org/show_bug.cgi?id=12705
* pymessaging: Add support for irpc_add_nameAndrew Bartlett2017-03-281-1/+25
| | | | | | | | | | This allows tests to be indirectly added for server_id_db_lookup() Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Garming Sam <garming@catalyst.net.nz> Pair-Programmed-by: Gary Lockyer <gary@catalyst.net.nz> Signed-off-by: Gary Lockyer <gary@catalyst.net.nz> BUG: https://bugzilla.samba.org/show_bug.cgi?id=12705
* waf: disable-python - don't build samba-policyIan Stakenvicius2017-03-101-1/+2
| | | | | | | | | samba-policy requires samba-net which requires PROVISION, which is disabled when python isn't available. Signed-off-by: Ian Stakenvicius <axs@gentoo.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
* build:wafsamba: Remove ambiguous 'if x in conf.env' constructsThomas Nagy2017-02-211-2/+2
| | | | | | | | | | | | | | | | | | | Configuration values such as HAVE_STDDEF_H can be set to 0 to indicate a test failure. Waf 1.5 has a few bugs that prevent configuration tests from setting such values consistently on failures. Consequently, conditions such as 'if conf.env.VARNAME' must be used to indicate that config test successes are expected. Note that conf.env.VARNAME always returns an empty list (False value) when no variable is defined so there are no risk of raising AttributeError/KeyError exceptions. Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Uri Simchoni <uri@samba.org> Autobuild-User(master): Uri Simchoni <uri@samba.org> Autobuild-Date(master): Tue Feb 21 13:47:07 CET 2017 on sn-devel-144
* lib: Add lib/util/server_id.hVolker Lendecke2017-01-221-0/+1
| | | | | Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org>
* s4/messaging: register for MSG_REQ_RINGBUF_LOGRalph Boehme2017-01-201-0/+22
| | | | | Signed-off-by: Ralph Boehme <slow@samba.org> Reviewed-by: Volker Lendecke <vl@samba.org>
* lib/registry/regf: better initialise nk_blockDouglas Bagnall2016-11-301-1/+1
| | | | | | | | | | | | | | | We were initialising a uint32_t[5] block with memset(..., 5) when we surely meant memset(..., 5 * sizeof(uint32_t)) or some equivalent. Thanks go to gcc-7 and -Wmemset-elt-size. The warning looks like this: ../source4/lib/registry/regf.c: In function ‘reg_create_regf_file’: ../source4/lib/registry/regf.c:2095:2: warning: ‘memset’ used with length equal to number of elements without multiplication by element size [-Wmemset-elt-size] memset(nk.unk3, 0, 5); ^~~~~~ Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Ralph Boehme <slow@samba.org>
* source4: Change to use lib/util/access functions.Jeremy Allison2016-11-163-239/+3
| | | | | | | | | | BUG: https://bugzilla.samba.org/show_bug.cgi?id=12419 Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org> Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org> Autobuild-Date(master): Wed Nov 16 16:35:12 CET 2016 on sn-devel-144
View Lorry Controller Status