The branch, master has been updated
via 3cd7fda build: Add libbsd as a dep for LIBREPLACE_HOSTCC
via cdfc49c s4-smbd: Show time event was expected to run, as well as
the current wall clock time
via 11f8852 s3-selftest: Add test for ntlm_auth --diagnostics
via f91c616 s3-ntlm_auth: allow ntlm_auth --diagnostics to pass again
via 3ebd79a s3-winbindd: pass logon parmeters down to
check_sam_security()
from b596b9c s4-selftest: Avoid running kinit for each new connection
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit 3cd7fdab62e2a99a1068f9e8f5a09e0345b4cc90
Author: Andrew Bartlett <abart...@samba.org>
Date: Mon Feb 20 11:26:15 2012 +1100
build: Add libbsd as a dep for LIBREPLACE_HOSTCC
Autobuild-User: Andrew Bartlett <abart...@samba.org>
Autobuild-Date: Mon Feb 20 02:58:20 CET 2012 on sn-devel-104
commit cdfc49cc6a96d08a81a780c85b8f7bbaeb7f352d
Author: Andrew Bartlett <abart...@samba.org>
Date: Mon Feb 20 08:08:19 2012 +1100
s4-smbd: Show time event was expected to run, as well as the current wall
clock time
commit 11f88524e30e671fb15df6e46e063d07197eb06b
Author: Andrew Bartlett <abart...@samba.org>
Date: Sun Feb 19 11:01:55 2012 +1100
s3-selftest: Add test for ntlm_auth --diagnostics
commit f91c616176555dc29052abd4c09ab1bf292c2929
Author: Andrew Bartlett <abart...@samba.org>
Date: Sun Feb 19 10:56:12 2012 +1100
s3-ntlm_auth: allow ntlm_auth --diagnostics to pass again
This still requires that the server permit LM passwords, but our s3dc test
environment has this enabled.
Andrew Bartlett
commit 3ebd79a6d042a1d7b4d671aec65883b2b786b7c5
Author: Andrew Bartlett <abart...@samba.org>
Date: Sun Feb 19 11:15:38 2012 +1100
s3-winbindd: pass logon parmeters down to check_sam_security()
This allows ntlm_auth --diagnostics to work against the local DC, just
as it works against a member server.
Andrew Bartlett
-----------------------------------------------------------------------
Summary of changes:
lib/replace/wscript | 9 ++++---
source3/script/tests/test_ntlm_auth_diagnostics.sh | 23 ++++++++++++++++++++
source3/selftest/tests.py | 3 ++
source3/utils/ntlm_auth.c | 9 +++++--
source3/utils/ntlm_auth_diagnostics.c | 10 ++++----
source3/utils/ntlm_auth_proto.h | 1 +
source3/winbindd/winbindd_pam.c | 8 +++++-
source4/smbd/server.c | 4 +-
8 files changed, 51 insertions(+), 16 deletions(-)
create mode 100755 source3/script/tests/test_ntlm_auth_diagnostics.sh
Changeset truncated at 500 lines:
diff --git a/lib/replace/wscript b/lib/replace/wscript
index 5bafc1f..36c2f0f 100644
--- a/lib/replace/wscript
+++ b/lib/replace/wscript
@@ -428,12 +428,16 @@ def build(bld):
REPLACE_HOSTCC_SOURCE += ' %s' % filename
break
+ extra_libs = ''
+ if bld.CONFIG_SET('HAVE_LIBBSD'): extra_libs += ' bsd'
+
bld.SAMBA_SUBSYSTEM('LIBREPLACE_HOSTCC',
REPLACE_HOSTCC_SOURCE,
use_hostcc=True,
use_global_deps=False,
cflags='-DSOCKET_WRAPPER_DISABLE=1 -DNSS_WRAPPER_DISABLE=1
-DUID_WRAPPER_DISABLE=1 -D_SAMBA_HOSTCC_',
- group='compiler_libraries'
+ group='compiler_libraries',
+ deps = extra_libs
)
REPLACE_SOURCE = REPLACE_HOSTCC_SOURCE
@@ -452,9 +456,6 @@ def build(bld):
if not bld.CONFIG_SET('HAVE_INET_NTOP'): REPLACE_SOURCE += '
inet_ntop.c'
if not bld.CONFIG_SET('HAVE_INET_PTON'): REPLACE_SOURCE += '
inet_pton.c'
- extra_libs = ''
- if bld.CONFIG_SET('HAVE_LIBBSD'): extra_libs += ' bsd'
-
bld.SAMBA_LIBRARY('replace',
source=REPLACE_SOURCE,
group='base_libraries',
diff --git a/source3/script/tests/test_ntlm_auth_diagnostics.sh
b/source3/script/tests/test_ntlm_auth_diagnostics.sh
new file mode 100755
index 0000000..6e0c3ee
--- /dev/null
+++ b/source3/script/tests/test_ntlm_auth_diagnostics.sh
@@ -0,0 +1,23 @@
+#!/bin/sh
+
+if [ $# -lt 1 ]; then
+cat <<EOF
+Usage: test_ntlm_auth_diagnostics.sh NTLM_AUTH DOMAIN USERNAME PASSWORD
+EOF
+exit 1;
+fi
+
+NTLM_AUTH=$1
+DOMAIN=$2
+USERNAME=$3
+PASSWORD=$4
+shift 4
+
+ADDARGS="$*"
+
+incdir=`dirname $0`/../../../testprogs/blackbox
+. $incdir/subunit.sh
+
+testit "ntlm_auth" $VALGRIND $NTLM_AUTH --domain=$DOMAIN --username=$USERNAME
--password=$PASSWORD --diagnostics $ADDARGS || failed=`expr $failed + 1`
+
+testok $0 $failed
diff --git a/source3/selftest/tests.py b/source3/selftest/tests.py
index 8d1c536..c52f616 100755
--- a/source3/selftest/tests.py
+++ b/source3/selftest/tests.py
@@ -135,6 +135,9 @@ plantestsuite("samba3.ntlm_auth.(s3dc:local)",
"s3dc:local", [os.path.join(samba
for env in ["s3dc", "member"]:
plantestsuite("samba3.blackbox.smbclient_auth.plain (%s)" % env, env,
[os.path.join(samba3srcdir, "script/tests/test_smbclient_auth.sh"), '$SERVER',
'$SERVER_IP', '$DC_USERNAME', '$DC_PASSWORD', binpath('smbclient3'),
configuration])
+ plantestsuite(
+ "samba3.ntlm_auth.diagnostics(%s:local)" % env, "%s:local" % env,
+ [os.path.join(samba3srcdir,
"script/tests/test_ntlm_auth_diagnostics.sh"), binpath('ntlm_auth3'),
'$DOMAIN', '$DC_USERNAME', '$DC_PASSWORD', configuration])
for env in ["secserver"]:
plantestsuite("samba3.blackbox.smbclient_auth.plain (%s) domain creds" %
env, env, [os.path.join(samba3srcdir, "script/tests/test_smbclient_auth.sh"),
'$SERVER', '$SERVER_IP', '$DOMAIN\\\\$DC_USERNAME', '$DC_PASSWORD',
binpath('smbclient3'), configuration + " --option=clientntlmv2auth=no"])
diff --git a/source3/utils/ntlm_auth.c b/source3/utils/ntlm_auth.c
index ff9b60e..02652b1 100644
--- a/source3/utils/ntlm_auth.c
+++ b/source3/utils/ntlm_auth.c
@@ -390,6 +390,7 @@ NTSTATUS contact_winbind_auth_crap(const char *username,
const DATA_BLOB *lm_response,
const DATA_BLOB *nt_response,
uint32 flags,
+ uint32 extra_logon_parameters,
uint8 lm_key[8],
uint8 user_session_key[16],
char **error_string,
@@ -409,7 +410,8 @@ NTSTATUS contact_winbind_auth_crap(const char *username,
request.flags = flags;
- request.data.auth_crap.logon_parameters =
MSV1_0_ALLOW_WORKSTATION_TRUST_ACCOUNT | MSV1_0_ALLOW_SERVER_TRUST_ACCOUNT;
+ request.data.auth_crap.logon_parameters = extra_logon_parameters
+ | MSV1_0_ALLOW_WORKSTATION_TRUST_ACCOUNT |
MSV1_0_ALLOW_SERVER_TRUST_ACCOUNT;
if (require_membership_of_sid)
fstrcpy(request.data.auth_crap.require_membership_of_sid,
require_membership_of_sid);
@@ -585,6 +587,7 @@ static NTSTATUS winbind_pw_check(struct ntlmssp_state
*ntlmssp_state, TALLOC_CTX
&ntlmssp_state->lm_resp,
&ntlmssp_state->nt_resp,
WBFLAG_PAM_LMKEY |
WBFLAG_PAM_USER_SESSION_KEY | WBFLAG_PAM_UNIX_NAME,
+ 0,
lm_key, user_sess_key,
&error_string, &unix_name);
@@ -2032,7 +2035,7 @@ static void manage_ntlm_server_1_request(struct
ntlm_auth_state *state,
&challenge,
&lm_response,
&nt_response,
- flags,
+ flags, 0,
lm_key,
user_session_key,
&error_string,
@@ -2486,7 +2489,7 @@ static bool check_auth_crap(void)
&opt_challenge,
&opt_lm_response,
&opt_nt_response,
- flags,
+ flags, 0,
(unsigned char *)lm_key,
(unsigned char
*)user_session_key,
&error_string, NULL);
diff --git a/source3/utils/ntlm_auth_diagnostics.c
b/source3/utils/ntlm_auth_diagnostics.c
index 41462c0..e83e975 100644
--- a/source3/utils/ntlm_auth_diagnostics.c
+++ b/source3/utils/ntlm_auth_diagnostics.c
@@ -98,7 +98,7 @@ static bool test_lm_ntlm_broken(enum ntlm_break break_which)
&chall,
&lm_response,
&nt_response,
- flags,
+ flags, 0,
lm_key,
user_session_key,
&error_string, NULL);
@@ -197,7 +197,7 @@ static bool test_ntlm_in_lm(void)
&chall,
&nt_response,
NULL,
- flags,
+ flags, 0,
lm_key,
user_session_key,
&error_string, NULL);
@@ -268,7 +268,7 @@ static bool test_ntlm_in_both(void)
&chall,
&nt_response,
&nt_response,
- flags,
+ flags, 0,
lm_key,
user_session_key,
&error_string, NULL);
@@ -359,7 +359,7 @@ static bool test_lmv2_ntlmv2_broken(enum ntlm_break
break_which)
&chall,
&lmv2_response,
&ntlmv2_response,
- flags,
+ flags, 0,
NULL,
user_session_key,
&error_string, NULL);
@@ -510,7 +510,7 @@ static bool test_plaintext(enum ntlm_break break_which)
&chall,
&lm_response,
&nt_response,
- flags,
+ flags,
MSV1_0_CLEARTEXT_PASSWORD_ALLOWED,
lm_key,
user_session_key,
&error_string, NULL);
diff --git a/source3/utils/ntlm_auth_proto.h b/source3/utils/ntlm_auth_proto.h
index 5f8d264..ae26c94 100644
--- a/source3/utils/ntlm_auth_proto.h
+++ b/source3/utils/ntlm_auth_proto.h
@@ -36,6 +36,7 @@ NTSTATUS contact_winbind_auth_crap(const char *username,
const DATA_BLOB *lm_response,
const DATA_BLOB *nt_response,
uint32 flags,
+ uint32 extra_logon_parameters,
uint8 lm_key[8],
uint8 user_session_key[16],
char **error_string,
diff --git a/source3/winbindd/winbindd_pam.c b/source3/winbindd/winbindd_pam.c
index 93034ad..7163af2 100644
--- a/source3/winbindd/winbindd_pam.c
+++ b/source3/winbindd/winbindd_pam.c
@@ -1110,6 +1110,7 @@ done:
}
static NTSTATUS winbindd_dual_auth_passdb(TALLOC_CTX *mem_ctx,
+ uint32_t logon_parameters,
const char *domain, const char *user,
const DATA_BLOB *challenge,
const DATA_BLOB *lm_resp,
@@ -1136,6 +1137,7 @@ static NTSTATUS winbindd_dual_auth_passdb(TALLOC_CTX
*mem_ctx,
DEBUG(10, ("make_user_info failed: %s\n", nt_errstr(status)));
return status;
}
+ user_info->logon_parameters = logon_parameters;
/* We don't want any more mapping of the username */
user_info->mapped_state = True;
@@ -1397,7 +1399,7 @@ static NTSTATUS
winbindd_dual_pam_auth_samlogon(TALLOC_CTX *mem_ctx,
DATA_BLOB chal_blob = data_blob_const(chal, sizeof(chal));
result = winbindd_dual_auth_passdb(
- mem_ctx, name_domain, name_user,
+ mem_ctx, 0, name_domain, name_user,
&chal_blob, &lm_resp, &nt_resp, info3);
goto done;
}
@@ -1820,7 +1822,9 @@ enum winbindd_result winbindd_dual_pam_auth_crap(struct
winbindd_domain *domain,
sizeof(state->request->data.auth_crap.chal));
result = winbindd_dual_auth_passdb(
- state->mem_ctx, name_domain, name_user,
+ state->mem_ctx,
+ state->request->data.auth_crap.logon_parameters,
+ name_domain, name_user,
&chal_blob, &lm_resp, &nt_resp, &info3);
goto process_result;
}
diff --git a/source4/smbd/server.c b/source4/smbd/server.c
index 1cb829f..b877e29 100644
--- a/source4/smbd/server.c
+++ b/source4/smbd/server.c
@@ -179,8 +179,8 @@ _NORETURN_ static void max_runtime_handler(struct
tevent_context *ev,
struct timeval t, void *private_data)
{
const char *binary_name = (const char *)private_data;
- DEBUG(0,("%s: maximum runtime exceeded - terminating, current ts:
%llu\n",
- binary_name, (unsigned long long) time(NULL)));
+ DEBUG(0,("%s: maximum runtime exceeded - terminating at %llu, current
ts: %llu\n",
+ binary_name, (unsigned long long)t.tv_sec, (unsigned long
long) time(NULL)));
exit(0);
}
--
Samba Shared Repository
