summaryrefslogtreecommitdiff
path: root/source4
Commit message (Collapse)AuthorAgeFilesLines
* python: Make generated modules samba.ntstatus and samba.werror Python 3 ↵Lumir Balhar2017-08-222-8/+24
| | | | | | | | | | | compatible. Signed-off-by: Lumir Balhar <lbalhar@redhat.com> Reviewed-by: Andreas Schneider <asn@samba.org> Reviewed-by: Andrew Bartlet <abartlet@samba.org> Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org> Autobuild-Date(master): Tue Aug 22 17:38:17 CEST 2017 on sn-devel-144
* python: scripting: Port ntstatus and werror generators to Python 3 ↵Lumir Balhar2017-08-223-9/+9
| | | | | | | | compatible form. Signed-off-by: Lumir Balhar <lbalhar@redhat.com> Reviewed-by: Andreas Schneider <asn@samba.org> Reviewed-by: Andrew Bartlet <abartlet@samba.org>
* getncchanges.py: Add test for GET_ANC and linked attributesTim Beale2017-08-182-39/+157
| | | | | | | | | | | | | | | | | | | | | Add a basic test that when we use GET_ANC and the parents have linked attributes, then we receive all the expected links and all the expected objects by the end of the test. This extends the test code to track what linked attributes get received and check whether they match what's present on the DC. Also made some minor cleanups to store the received objects/links each time we successfully receive a GETNCChanges response (this saves the test case having to repeat this code every time). Note that although this test involves linked attributes, it shouldn't exercise the GET_TGT case at all. Signed-off-by: Tim Beale <timbeale@catalyst.net.nz> Reviewed-by: Garming Sam <garming@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org> BUG: https://bugzilla.samba.org/show_bug.cgi?id=12972
* getncchanges.py: Add GET_ANC replication test caseTim Beale2017-08-182-8/+212
| | | | | | | | | | | | | | | | | | | | | | | | | | This test: - creates blocks of parent/child objects - modifies the parents, so the child gets received first in the replication (which means the client has to use GET_ANC) - checks that we always receive the parent before the child (if not, it either retries with GET_ANC, or asserts if GET_ANC is already set) - modifies the parent objects to change their USN while the replication is in progress - checks that all expected objects are received by the end of the test I've added a repl_get_next() function to help simulate a client's behaviour - if it encounters an object it doesn't know the parent of, then it retries with GET_ANC. Also added some debug to drs_base.py that developers can turn on to make it easier to see what objects we're actually receiving in the responses. Signed-off-by: Tim Beale <timbeale@catalyst.net.nz> Reviewed-by: Garming Sam <garming@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org> BUG: https://bugzilla.samba.org/show_bug.cgi?id=12972
* getncchanges.py: Add a new test for replicationTim Beale2017-08-183-19/+208
| | | | | | | | | | | | | | | | | | | | | | This adds a new test to check that if objects are modified during a replication, then those objects don't wind up missing from the replication data. Note that when this scenario occurs, samba returns the objects in a different order to Windows. This test doesn't care what order the replicated objects get returned in, so long as they all have been received by the end of the test. As part of this, I've refactored _check_replication() in drs_base.py so it can be reused in new tests. In these cases, the objects are split up over multiple different chunks. So asserting that the objects are returned in a specific order makes it difficult to run the same test on both Samba and Windows. Signed-off-by: Tim Beale <timbeale@catalyst.net.nz> Reviewed-by: Garming Sam <garming@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org> BUG: https://bugzilla.samba.org/show_bug.cgi?id=12972
* replmd: Try to add forward-link for unknown cross-partition linksTim Beale2017-08-181-7/+7
| | | | | | | | | | | | | | | | | | | | | | | | | Previously Samba would just drop cross-partition links where the link target object is unknown. Instead, what we want to do is try to add the forward link for the GUID specified. We can't add the backlink because we don't know the target, however, dbcheck should be able to fix any missing backlinks. The new behaviour should now mean dbcheck will detect the problem and be able to fix it. It's still not ideal, but it's better than dropping the link completely. I've updated the log so that it has higher severity and tells the user what they need to do to fix it. These changes now mean that the selftests now detect an error - instead of completely dropping the serverReference, we now have a missing backlink. I've updated the selftests to fix up any missing serverReference backlinks before running dbcheck. Signed-off-by: Tim Beale <timbeale@catalyst.net.nz> Reviewed-by: Garming Sam <garming@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org> BUG: https://bugzilla.samba.org/show_bug.cgi?id=12972
* replmd: Don't fail cycle if we get link for deleted object with GET_TGTTim Beale2017-08-184-21/+39
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | We are going to end up supporting 2 different server schemes: A. the old/default behaviour of sending all the linked attributes last, at the end of the replication cycle. B. the new/Microsoft way of sending the linked attributes interleaved with the source/target objects. Normally if we're talking to a server using the old scheme-A, we won't ever use the GET_TGT flag. However, there are a couple of cases where it can happen: - A link to a new object was added during the replication cycle. - An object was deleted while the replication was in progress (and the linked attribute got queued before the object was deleted). Talking to an Samba DC running the old scheme will just cause it to start the replication cycle from scratch again, which is fairly harmless. However, there is a chance that the same thing can happen again, in which case the replication cycle will fail (because GET_TGT was already set). Even if we're using the new scheme (B), we could still potentially hit this case, as we can still queue up linked attributes between requests (group memberships can be larger than what can fit into a single replication chunk). If GET_TGT is set in the GetNcChanges request, then the local copy of the target object should always be up-to-date when we process the linked attribute. So if we still think the target object is deleted/recycled at this point, then it's safe to ignore the linked attribute (because we know our local copy is up-to-date). This logic matches the MS spec logic in ProcessLinkValue(). Not failing the replication cycle may be beneficial if we're trying to do a full-sync of a large database. Otherwise it might be time-consuming and frustrating to repeat the sync unnecessarily. Signed-off-by: Tim Beale <timbeale@catalyst.net.nz> Reviewed-by: Garming Sam <garming@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org> BUG: https://bugzilla.samba.org/show_bug.cgi?id=12972
* replmd: Avoid dropping links if link target is deletedTim Beale2017-08-181-18/+34
| | | | | | | | | | | | | | | | | | | | | | | | | | | | The server-side can potentially send the linked attribute before the target-object. This happens on Microsoft, and will happen on Samba once server-side GET_TGT support is added. In these cases there is a hole where the Samba client can silently drop the linked attribute. If the old copy of the target object was deleted/recycled, then the client can receive the new linked attribute before it realizes the target has now been reincarnated. It silently ignores the linked attribute, thinking its receiving out of date information, when really it's the client's copy of the target object that's out of date. In this case we want to retry with the GET_TGT flag set, which will force the updated version of the target object to be sent along with the linked attribute. This deleted/recycled target case is the main reason that Windows added the GET_TGT flag. If the server sends all the links at the end, instead of along with the source object, then this case can still be hit. If so, it will cause the server to restart the replication from the beginning again. This is probably preferential to silently dropping links. Signed-off-by: Tim Beale <timbeale@catalyst.net.nz> Reviewed-by: Garming Sam <garming@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org> BUG: https://bugzilla.samba.org/show_bug.cgi?id=12972
* replmd: Move where we store linked attributesTim Beale2017-08-181-90/+103
| | | | | | | | | | | | | | | | | | | | | | | There was a bug in my previous patch where the code would verify *all* links in the list, rather than just the ones that are new. And it would do this for every replication chunk it received, regardless of whether there were actually any links in that chunk. The problem is by the time we want to verify the attributes, we don't actually know which attributes are new. We can fix this by moving where we store the linked attributes from the start of processing the replication chunk to the end of processing the chunk. We can then verify the new linked attributes at the same time we store them. Longer-term we may want to try to apply the linked attribute at this point. This would save looking up the source/target objects twice, but it makes things a bit more complicated (attributes will usually apply at this point *most* of the time, but not *all* the time). Signed-off-by: Tim Beale <timbeale@catalyst.net.nz> Reviewed-by: Garming Sam <garming@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org> BUG: https://bugzilla.samba.org/show_bug.cgi?id=12972
* replmd: Set GET_ANC if Windows sends a link with unknown source objectTim Beale2017-08-181-0/+11
| | | | | | | | | | | | | | | | | Windows replication can send the linked attribute before it sends the source object. The MS-DRSR spec says that in this case the client should resend the GetNCChanges request with the GET_ANC flag set. In my testing this resolves the problem - Windows will include the source object for the linked attribute in the same replication chunk. This problem doesn't happen with Samba-to-Samba replication, because the source object for the linked attribute is guaranteed to have already been sent. Signed-off-by: Tim Beale <timbeale@catalyst.net.nz> Reviewed-by: Garming Sam <garming@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org> BUG: https://bugzilla.samba.org/show_bug.cgi?id=12972
* drepl: Support GET_TGT on periodic replication clientTim Beale2017-08-183-17/+83
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | - Update IDL comments to include Microsoft reference doc - Add support for sending v10 GetNCChanges request (needed for the GET_TGT flag, which is in the new 'more_flags' field) - Update to also set the GET_TGT flag in the same place we were setting GET_ANC (I split this logic out into a separate function). - The state struct now needs to hold a 'more_flags' field as well (this flag is different to the GET_ANC replica flag) Note that using the GET_TGT when replicating from a Windows DC could be highly inefficient. Because Samba keeps the GET_TGT flag set throughout the replication cycle, it will basically receive a repeated object from Windows for every single linked attribute that it receives. I believe Windows behaviour only expects the client to set the GET_TGT flag when it actually needs to (i.e. when it receives a target object it doesn't know about), rather than throughout the replication cycle. However, this approach won't work with Samba-to-Samba replication, because when the server receives the GET_TGT flag it restarts the replication cycle from scratch. So if we only set the GET_TGT flag when the client encountered an unknown target then Samba-to-Samba could potentially get into an endless replication loop. Signed-off-by: Tim Beale <timbeale@catalyst.net.nz> Reviewed-by: Garming Sam <garming@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org> BUG: https://bugzilla.samba.org/show_bug.cgi?id=12972
* drs: Check target object is known after applying objectsTim Beale2017-08-182-44/+145
| | | | | | | | | | | | | | | | | Currently we only check that the target object is known at the end of the transaction (i.e. the .prepare_commit hook). It's too late at this point to resend the request with GET_TGT. Move this processing earlier on, after we've applied all the objects (i.e. off the .extended hook). In reality, we need to perform the checks at both points. I've split the common code that gets the source/target details out of the la_entry into a helper function. It's not the greatest function ever, but seemed to make more sense than duplicating the code. Signed-off-by: Tim Beale <timbeale@catalyst.net.nz> Reviewed-by: Garming Sam <garming@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org> BUG: https://bugzilla.samba.org/show_bug.cgi?id=12972
* drs: Fail replication transaction instead of dropping linksTim Beale2017-08-184-4/+95
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | If the DRS client received a linked attribute that it couldn't resolve the target for, then it would just ignore that link and keep going. That link would then be lost forever (although a full-sync would resolve this). Instead of silently ignoring the link, fail the transaction. This *can* happen on Samba, but it is unusual. The target object and linked-attribute would need to be added while a replication is still in progress. It can also happen fairly easily when talking to a Windows DC. There are two import exceptions to this: 1). Linked attributes that span partitions. We can never guarantee that we will have received the target object, because it may be in a partition we haven't replicated yet. Samba doesn't have a great way of handling this currently, but we shouldn't fail the replication (because that breaks basic join tests). Just skip that linked attribute and hope that a subsequent full-sync will fix it. (I queried Microsoft and they said resolving cross-partition linked attributes is a implementation-specific problem to solve. GET_TGT won't resolve it) 2). When the replication involves a subset of objects, e.g. critical-only. In these cases, we don't increase the highwater-mark, so it is probably not such a dire problem if we don't add the link. In the case of critical-only, we will do a subsequent full sync which will then add the links. Signed-off-by: Tim Beale <timbeale@catalyst.net.nz> Reviewed-by: Garming Sam <garming@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org> BUG: https://bugzilla.samba.org/show_bug.cgi?id=12972
* replmd: Split checking link attr target into new functionTim Beale2017-08-181-69/+102
| | | | | | | | | | | | | | | | | | | | | | | We want to re-use this code to check that the linked attribute's target object exists *before* we try to commit the transaction. This will allow us to re-request the block with the GET_TGT flag set. This splits checking the target object exists into a separate function. Minor changes of note: - the 'parent' argument was passed to replmd_process_linked_attribute() as NULL, so I've just replaced where it was used in the refactored code with NULL. - I've tweaked the "Failed to find GUID" error message slightly to display the attribute ID rather than the attribute name (saves repeating lookups and/or passing extra arguments). - Tweaked the replmd_deletion_state() logic - it only made sense to call it in the code block where we actually found the target Signed-off-by: Tim Beale <timbeale@catalyst.net.nz> Reviewed-by: Garming Sam <garming@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org> BUG: https://bugzilla.samba.org/show_bug.cgi?id=12972
* tests: replace traffic_summary test with python blackbox testGary Lockyer2017-08-171-0/+3
| | | | | | | | | | | | | | Replace the shell subunit test for script/traffic_summary.pl with a python black box test. This involves moving the test files to more standard locations. Signed-off-by: Gary Lockyer <gary@catalyst.net.nz> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Garming Sam <garming@catalyst.net.nz> Autobuild-User(master): Douglas Bagnall <dbagnall@samba.org> Autobuild-Date(master): Thu Aug 17 07:59:38 CEST 2017 on sn-devel-144
* scripts: Scripts to replay and generate samba trafficGary Lockyer2017-08-171-0/+12
| | | | | | | | | | | | | | | | | | | | | | | | Scripts to generate representative network traffic and replay this to a samba instance. For load testing, performance profiling and capacity planning. traffic_learner process a file generated by traffic_summary and generate a model that can be used by traffic_replay to generate samba network traffic. traffic_replay Replay a summary file generated by traffic_summary, or use a model created by traffic_learner to generate network traffic. Signed-off-by: Gary Lockyer <gary@catalyst.net.nz> Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Garming Sam <garming@catalyst.net.nz> Pair-programmed-with: Garming Sam <garming@catalyst.net.nz> Pair-programmed-with: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org> Pair-Programmed-With: Tim Beale <timbeale@catalyst.net.nz>
* lib: talloc: Use the system <talloc.h> include.Jeremy Allison2017-08-173-3/+3
| | | | | | | | Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org> Autobuild-User(master): Jeremy Allison <jra@samba.org> Autobuild-Date(master): Thu Aug 17 00:53:48 CEST 2017 on sn-devel-144
* lib: tevent: Use system <tevent.h>, not internal header path (except in ↵Jeremy Allison2017-08-164-4/+4
| | | | | | | self-test). Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
* libhttp: Remove an unneeded includeVolker Lendecke2017-08-161-1/+0
| | | | | | | | Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> Autobuild-User(master): Jeremy Allison <jra@samba.org> Autobuild-Date(master): Wed Aug 16 04:11:47 CEST 2017 on sn-devel-144
* py-librpc: Strictly check the type of the incoming sid pointerAndrew Bartlett2017-08-151-0/+7
| | | | | | | | | | This avoids casting another type of object to a void* and then to a SID Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Garming Sam <garming@catalyst.net.nz> Autobuild-User(master): Garming Sam <garming@samba.org> Autobuild-Date(master): Tue Aug 15 12:00:58 CEST 2017 on sn-devel-144
* s4/lib/tls: Use SHA256 to sign the TLS certificatesAndrew Bartlett2017-08-151-3/+6
| | | | | | | | | | | The use of SHA-1 has been on the "do not" list for a while now, so make our self-signed certificates use SHA256 using the new gnutls_x509_crt_sign2 provided since GNUTLS 1.2.0 Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Garming Sam <garming@catalyst.net.nz> BUG: https://bugzilla.samba.org/show_bug.cgi?id=12953
* dnsserver: Add support for dns wildcardsGary Lockyer2017-08-156-5/+380
| | | | | | | | | | | | | | | | | Add support for dns wildcard records. i.e. if the following records exist exact.samba.example.com 3600 A 1.1.1.1 *.samba.example.com 3600 A 1.1.1.2 look up on exact.samba.example.com will return 1.1.1.1 look up on *.samba.example.com will return 1.1.1.2 look up on other.samba.example.com will return 1.1.1.2 Signed-off-by: Gary Lockyer <gary@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Garming Sam <garming@catalyst.net.nz> BUG: https://bugzilla.samba.org/show_bug.cgi?id=12952
* dnsserver: Tighten DNS name checkingGary Lockyer2017-08-151-6/+29
| | | | | | | | | | | Add checks for the maximum permitted length, maximum number of labels and the maximum label length. These extra checks will be used by the DNS wild card handling. Signed-off-by: Gary Lockyer <gary@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Garming Sam <garming@catalyst.net.nz> BUG: https://bugzilla.samba.org/show_bug.cgi?id=12952
* dnsserver: Tests for dns wildcard entriesGary Lockyer2017-08-151-1/+1
| | | | | | | | | | Add tests for dns wildcards. Tests validated against Windows Server 2012 R2 Signed-off-by: Gary Lockyer <gary@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Garming Sam <garming@catalyst.net.nz> BUG: https://bugzilla.samba.org/show_bug.cgi?id=12952
* s4: com: Replace erroneous inclusion of internal talloc.h header with external.Jeremy Allison2017-08-151-1/+1
| | | | | | | | | | BUG: https://bugzilla.samba.org/show_bug.cgi?id=12932 Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org> Autobuild-User(master): Jeremy Allison <jra@samba.org> Autobuild-Date(master): Tue Aug 15 08:06:40 CEST 2017 on sn-devel-144
* s4:rpc_server:backupkey: Move variable into scopeAndreas Schneider2017-08-111-2/+2
| | | | | | | | | CID: #1415510 BUG: https://bugzilla.samba.org/show_bug.cgi?id=12959 Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
* heimdal: Fix printing a short int into a stringAndreas Schneider2017-08-111-2/+2
| | | | | | | | | | | | | | | The size of portstr is too small to print an integer and we should print a short anyway. This fixes building with GCC 7.1 BUG: https://bugzilla.samba.org/show_bug.cgi?id=12930 Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org> Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org> Autobuild-Date(master): Fri Aug 11 18:08:04 CEST 2017 on sn-devel-144
* s4/torture: additional tests for kernel-oplocksRalph Boehme2017-08-091-0/+185
| | | | | Signed-off-by: Ralph Boehme <slow@samba.org> Reviewed-by: Richard Sharpe <realrichardsharpe@gmail.com>
* s4/torture: reproducer for kernel oplocks issue with streamsRalph Boehme2017-08-091-0/+161
| | | | | | | | | | | | | test_smb2_kernel_oplocks3() wouldn't have failed without the patches, I'm just adding it to have at least one test that tests with 2 clients. All other tests use just one client. test_smb2_kernel_oplocks4() is the reproducer. Bug: https://bugzilla.samba.org/show_bug.cgi?id=12791 Signed-off-by: Ralph Boehme <slow@samba.org> Reviewed-by: Richard Sharpe <realrichardsharpe@gmail.com>
* s3:torture: Fix spoolss test to build with -O3Andreas Schneider2017-08-091-5/+6
| | | | | | | | | | Initialize variables so that we do not get a build warning that they might be used uninitilized. BUG: https://bugzilla.samba.org/show_bug.cgi?id=12930 Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org>
* s4:samdb: Fix building Samba with -O3Andreas Schneider2017-08-091-1/+1
| | | | | | | | | | | | gcc error: ‘result’ may be used uninitialized This wont happen, because ldb will return and error, but the compiler doesn't understand this. BUG: https://bugzilla.samba.org/show_bug.cgi?id=12930 Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org>
* s4:auth/ntlmssp: add support for using "winbind" as DCStefan Metzmacher2017-08-072-18/+3
| | | | | | | This adds support for trusted domains to the auth stack on AD DCs. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
* s4:auth: use "sam winbind" for the netlogon serverStefan Metzmacher2017-08-071-7/+4
| | | | | | | | This adds authentication support for trusted domains to the netlogon server. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
* s4:auth/ntlm: provide auth_check_password_wrapper_send/recv to auth4_contextStefan Metzmacher2017-08-071-11/+72
| | | | | Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
* s4:auth_winbind: implement async authentication via IRPCStefan Metzmacher2017-08-071-41/+137
| | | | | Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
* s4:rpc_server/netlogon: make use of auth_check_password_send/recv()Stefan Metzmacher2017-08-071-16/+55
| | | | | Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
* s4:rpc_server/netlogon: make use of async kdc_check_generic_kerberos_send/recv()Stefan Metzmacher2017-08-071-18/+79
| | | | | Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
* s4:rpc_server/netlogon: prepare dcesrv_netr_LogonSamLogon_base for async ↵Stefan Metzmacher2017-08-071-47/+138
| | | | | | | processing Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
* s4:rpc_server/netlogon: check auth_level for validation level 6 already in ↵Stefan Metzmacher2017-08-071-7/+15
| | | | | | | dcesrv_netr_LogonSamLogon_check() Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
* s4:librpc/rpc: add support for HttpAuthOption=negotiateStefan Metzmacher2017-08-071-0/+2
| | | | | | | | Note that rpcproxy.dll on Windows doesn't support kerberos, it allways downgrades the connection to NTLMSSP. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
* s4:lib/http: pass down the target service/hostname to gensecStefan Metzmacher2017-08-071-0/+21
| | | | | Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
* s4:lib/http: add HTTP_AUTH_NEGOTIATE which maps to the "http_negotiate" ↵Stefan Metzmacher2017-08-072-0/+5
| | | | | | | gensec backend Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
* s4:http/gensec: implement "http_negotiate" using GENSEC_OID_SPNEGOStefan Metzmacher2017-08-071-0/+24
| | | | | Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
* s4:http/gensec: make the "NTLM" base64 wrapping more genericStefan Metzmacher2017-08-071-32/+107
| | | | | | | | | | | We only need to know the prefix "NTLM" and the submech oid GENSEC_OID_NTLMSSP everything else can be generic. This should allow us to implement "Negotiate" with GENSEC_OID_SPNEGO trivial. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
* s4:http/gensec: rename ntlm.c to generic.cStefan Metzmacher2017-08-072-5/+5
| | | | | | | Check with git show -C Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
* s4:librpc/rpc: pass down HTTP_AUTH_* values directly to ↵Stefan Metzmacher2017-08-074-16/+15
| | | | | | | | | dcerpc_pipe_open_roh_send() They get passed to http_send_auth_request_send() unmodified. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
* s4:librpc/rpc: remember the target_hostname on ncacn_http connectionsStefan Metzmacher2017-08-071-0/+5
| | | | | Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
* s4:lib/http: pass a generic prefix blob to http_parse_auth_response()Stefan Metzmacher2017-08-071-11/+13
| | | | | Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
* s4:lib/http: use strcasecmp(h->key, "WWW-Authenticate") instead of strncasecmp()Stefan Metzmacher2017-08-071-1/+4
| | | | | | | The key is already normalized and should match completely. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
* s4:lib/http: remove indentation level from http_parse_auth_response()Stefan Metzmacher2017-08-071-10/+12
| | | | | Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
View Lorry Controller Status