Changeset 988 for vendor/current/source4/utils

Timestamp:

Nov 24, 2016, 1:14:11 PM (9 years ago)

Author:

Silvan Scherrer

Message:

Samba Server: update vendor to version 4.4.3

Location:

vendor/current/source4/utils

Files:

• man/ntlm_auth.1.xml (deleted)
• man/ntlm_auth4.1.xml (added)
• man/oLschema2ldif.1.xml (modified) (1 diff)
• net (deleted)
• ntlm_auth.c (modified) (19 diffs)
• oLschema2ldif.c (modified) (6 diffs)
• tests/test_demote.sh (added)
• tests/test_nmblookup.sh (modified) (2 diffs)
• tests/test_samba_tool.sh (modified) (2 diffs)
• tests/test_smbclient.sh (added)
• wscript_build (modified) (2 diffs)

vendor/current/source4/utils/man/oLschema2ldif.1.xml

@@ -6 +6 @@
         <refentrytitle>oLschema2ldif</refentrytitle>
         <manvolnum>1</manvolnum>
+        <refmiscinfo class="source">Samba</refmiscinfo>
+        <refmiscinfo class="manual">System Administration tools</refmiscinfo>
+        <refmiscinfo class="version">4.0</refmiscinfo>
 </refmeta>
 

vendor/current/source4/utils/ntlm_auth.c

@@ -28 +28 @@
 #include "auth/credentials/credentials.h"
 #include "auth/gensec/gensec.h"
+#include "auth/gensec/gensec_internal.h" /* TODO: remove this */
 #include "auth/auth.h"
 #include "librpc/gen_ndr/ndr_netlogon.h"
@@ -142 +143 @@
         return true;
 }
-
-/**
- * Decode a base64 string into a DATA_BLOB - simple and slow algorithm
- **/
-static DATA_BLOB base64_decode_data_blob(TALLOC_CTX *mem_ctx, const char *s)
-{
-        DATA_BLOB ret = data_blob_talloc(mem_ctx, s, strlen(s)+1);
-        ret.length = ldb_base64_decode((char *)ret.data);
-        return ret;
-}
-
-/**
- * Encode a base64 string into a talloc()ed string caller to free.
- **/
-static char *base64_encode_data_blob(TALLOC_CTX *mem_ctx, DATA_BLOB data)
-{
-        return ldb_base64_encode(mem_ctx, (const char *)data.data, data.length);
-}
-
-/**
- * Decode a base64 string in-place - wrapper for the above
- **/
-static void base64_decode_inplace(char *s)
-{
-        ldb_base64_decode(s);
-}
-
 
 
@@ -292 +266 @@
 
         if (strlen(buf) > 3) {
-                in = base64_decode_data_blob(NULL, buf + 3);
+                in = base64_decode_data_blob(buf + 3);
         } else {
                 in = data_blob(NULL, 0);
@@ -327 +301 @@
 {
         char *password = NULL;
-        
+        void *cb = cli_credentials_callback_data_void(credentials);
+
         /* Ask for a password */
-        mux_printf((unsigned int)(uintptr_t)credentials->priv_data, "PW\n");
-        credentials->priv_data = NULL;
+        mux_printf((unsigned int)(uintptr_t)cb, "PW\n");
+        cli_credentials_set_callback_data(credentials, NULL);
 
         manage_squid_request(cmdline_lp_ctx, NUM_HELPER_MODES /* bogus */, manage_gensec_get_pw_request, (void **)&password);
@@ -394 +369 @@
         struct gensec_ntlm_state *state;
         struct tevent_context *ev;
-        struct messaging_context *msg;
+        struct imessaging_context *msg;
 
         NTSTATUS nt_status;
@@ -434 +409 @@
                         return;
                 }
-                in = base64_decode_data_blob(NULL, buf + 3);
+                in = base64_decode_data_blob(buf + 3);
         } else {
                 in = data_blob(NULL, 0);
@@ -477 +452 @@
                         /* setup the client side */
 
-                        nt_status = gensec_client_start(NULL, &state->gensec_state, ev, 
+                        nt_status = gensec_client_start(NULL, &state->gensec_state,
                                                         lpcfg_gensec_settings(NULL, lp_ctx));
                         if (!NT_STATUS_IS_OK(nt_status)) {
@@ -489 +464 @@
                 {
                         const char *winbind_method[] = { "winbind", NULL };
-                        struct auth_context *auth_context;
-
-                        msg = messaging_client_init(state, lpcfg_messaging_path(state, lp_ctx), ev);
+                        struct auth4_context *auth_context;
+
+                        msg = imessaging_client_init(state, lp_ctx, ev);
                         if (!msg) {
                                 talloc_free(mem_ctx);
@@ -509 +484 @@
                         }
                         
-                        if (!NT_STATUS_IS_OK(gensec_server_start(state, ev, 
+                        if (!NT_STATUS_IS_OK(gensec_server_start(state,
                                                                  lpcfg_gensec_settings(state, lp_ctx),
                                                                  auth_context, &state->gensec_state))) {
@@ -533 +508 @@
                         cli_credentials_set_password(creds, state->set_password, CRED_SPECIFIED);
                 } else {
+                        void *cb = (void*)(uintptr_t)mux_id;
+                        cli_credentials_set_callback_data(creds, cb);
                         cli_credentials_set_password_callback(creds, get_password);
-                        creds->priv_data = (void*)(uintptr_t)mux_id;
                 }
                 if (opt_workstation) {
@@ -603 +579 @@
                 struct auth_session_info *session_info;
 
-                nt_status = gensec_session_info(state->gensec_state, &session_info); 
+                nt_status = gensec_session_info(state->gensec_state, mem_ctx, &session_info);
                 if (!NT_STATUS_IS_OK(nt_status)) {
                         DEBUG(1, ("gensec_session_info failed: %s\n", nt_errstr(nt_status)));
@@ -632 +608 @@
                 char *base64_key;
                 DEBUG(10, ("Requested session key\n"));
-                nt_status = gensec_session_key(state->gensec_state, &session_key);
+                nt_status = gensec_session_key(state->gensec_state, mem_ctx, &session_key);
                 if(!NT_STATUS_IS_OK(nt_status)) {
                         DEBUG(1, ("gensec_session_key failed: %s\n", nt_errstr(nt_status)));
@@ -660 +636 @@
         }
 
-        nt_status = gensec_update(state->gensec_state, mem_ctx, in, &out);
+        nt_status = gensec_update_ev(state->gensec_state, mem_ctx, ev, in, &out);
         
         /* don't leak 'bad password'/'no such user' info to the network client */
@@ -699 +675 @@
                 struct auth_session_info *session_info;
 
-                nt_status = gensec_session_info(state->gensec_state, &session_info);
+                nt_status = gensec_session_info(state->gensec_state, mem_ctx, &session_info);
                 if (!NT_STATUS_IS_OK(nt_status)) {
                         reply_code = "BH Failed to retrive session info";
@@ -821 +797 @@
                         } else {
                                 static char zeros[16];
-                                char *hex_lm_key;
-                                char *hex_user_session_key;
 
                                 mux_printf(mux_id, "Authenticated: Yes\n");
@@ -830 +804 @@
                                     && (memcmp(zeros, lm_key.data, 
                                                                 lm_key.length) != 0)) {
-                                        hex_encode(lm_key.data,
-                                                   lm_key.length,
-                                                   &hex_lm_key);
+                                        char hex_lm_key[lm_key.length*2+1];
+                                        hex_encode_buf(hex_lm_key, lm_key.data,
+                                                       lm_key.length);
                                         mux_printf(mux_id, "LANMAN-Session-Key: %s\n", hex_lm_key);
-                                        SAFE_FREE(hex_lm_key);
                                 }
 
@@ -841 +814 @@
                                     && (memcmp(zeros, user_session_key.data, 
                                                user_session_key.length) != 0)) {
-                                        hex_encode(user_session_key.data, 
-                                                   user_session_key.length, 
-                                                   &hex_user_session_key);
+                                        char hex_user_session_key[
+                                                user_session_key.length*2+1];
+                                        hex_encode_buf(hex_user_session_key,
+                                                       user_session_key.data,
+                                                       user_session_key.length);
                                         mux_printf(mux_id, "User-Session-Key: %s\n", hex_user_session_key);
-                                        SAFE_FREE(hex_user_session_key);
                                 }
                         }
@@ -1131 +1105 @@
         }
 
-        gensec_init(cmdline_lp_ctx);
+        gensec_init();
 
         if (opt_domain == NULL) {
@@ -1165 +1139 @@
 
         if (!opt_password) {
-                opt_password = getpass("password: ");
+                char pwd[256] = {0};
+                int rc;
+
+                rc = samba_getpass("Password: ", pwd, sizeof(pwd), false, false);
+                if (rc == 0) {
+                        opt_password = smb_xstrdup(pwd);
+                }
         }
 

vendor/current/source4/utils/oLschema2ldif.c

@@ -34 +34 @@
 #include "includes.h"
 #include "ldb.h"
-#include "tools/cmdline.h"
 #include "dsdb/samdb/samdb.h"
 #include "../lib/crypto/sha256.h"
@@ -83 +82 @@
                 if (c == NULL) return 1;
                 if (*c == '(') b++;
-                if (*c == ')') b--;
+                if (*c == ')') {
+                        b--;
+                        if (*(c - 1) != ' ' && c && (*(c + 1) == '\0')) {
+                                return 2;
+                        }
+                }
                 c++;
         }
@@ -349 +353 @@
 
         ctx = talloc_new(mem_ctx);
+        if (ctx == NULL) {
+                return NULL;
+        }
         msg = ldb_msg_new(ctx);
+        if (msg == NULL) {
+                goto failed;
+        }
 
         ldb_msg_add_string(msg, "objectClass", "top");
@@ -393 +403 @@
         }
 
-        SHA256_Init(&sha256_context);
-        SHA256_Update(&sha256_context, (uint8_t*)s, strlen(s));
-        SHA256_Final(digest, &sha256_context);
+        samba_SHA256_Init(&sha256_context);
+        samba_SHA256_Update(&sha256_context, (uint8_t*)s, strlen(s));
+        samba_SHA256_Final(digest, &sha256_context);
 
         memcpy(&guid, digest, sizeof(struct GUID));
@@ -539 +549 @@
                 do { 
                         if (c == '\n') {
-                                entry[t] = '\0';        
-                                if (check_braces(entry) == 0) {
+                                int ret2 = 0;
+                                entry[t] = '\0';
+                                ret2 = check_braces(entry);
+                                if (ret2 == 0) {
                                         ret.count++;
                                         ldif.msg = process_entry(ctx, entry);
@@ -549 +561 @@
                                         }
                                         ldb_ldif_write_file(ldb_ctx, out, &ldif);
+                                        break;
+                                }
+                                if (ret2 == 2) {
+                                        fprintf(stderr, "Invalid entry %s, closing braces need to be preceded by a space\n", entry);
+                                        ret.failures++;
                                         break;
                                 }

vendor/current/source4/utils/tests/test_nmblookup.sh

@@ -6 +6 @@
 SERVER=$3
 SERVER_IP=$4
-shift 4
+nmblookup=$5
+shift 5
 TORTURE_OPTIONS=$*
 
@@ -27 +28 @@
 }
 
-samba4bindir="$BUILDDIR/bin"
-nmblookup="$samba4bindir/nmblookup$EXEEXT"
-
 testit "nmblookup -U \$SERVER_IP \$SERVER" $nmblookup $TORTURE_OPTIONS -U $SERVER_IP $SERVER
 testit "nmblookup -U \$SERVER_IP \$NETBIOSNAME" $nmblookup $TORTURE_OPTIONS -U $SERVER_IP $NETBIOSNAME

vendor/current/source4/utils/tests/test_samba_tool.sh

@@ -3 +3 @@
 
 SERVER=$1
-USERNAME=$2
-PASSWORD=$3
-DOMAIN=$4
-shift 4
+SERVER_IP=$2
+USERNAME=$3
+PASSWORD=$4
+DOMAIN=$5
+smbclient=$6
+shift 6
 
 failed=0
 
-samba4bindir="$BUILDDIR/bin"
-smbclient="$samba4bindir/smbclient$EXEEXT"
-samba_tool="$samba4bindir/samba-tool$EXEEXT"
+samba4bindir="$BINDIR"
+samba_tool="$samba4bindir/samba-tool"
 
 testit() {
@@ -36 +37 @@
 testit "time" $VALGRIND $samba_tool time $SERVER $CONFIGURATION  -W "$DOMAIN" -U"$USERNAME%$PASSWORD" $@
 
-# FIXME: testit "domainlevel.show" $VALGRIND $samba_tool domainlevel show $CONFIGURATION
+testit "domain level.show" $VALGRIND $samba_tool domain level show
+
+testit "domain info" $VALGRIND $samba_tool domain info $SERVER_IP
+
+testit "fsmo show" $VALGRIND $samba_tool fsmo show
 
 exit $failed

vendor/current/source4/utils/wscript_build

@@ -1 +1 @@
 #!/usr/bin/env python
 
-bld.SAMBA_BINARY('ntlm_auth',
-        source='ntlm_auth.c',
-        manpages='man/ntlm_auth.1',
-        deps='''samba-hostconfig samba-util popt POPT_SAMBA POPT_CREDENTIALS gensec LIBCLI_RESOLVE
-        auth4 NTLMSSP_COMMON MESSAGING events service''',
-        pyembed=True
+bld.SAMBA_BINARY('ntlm_auth4',
+                 source='ntlm_auth.c',
+                 manpages='man/ntlm_auth4.1',
+                 deps='''samba-hostconfig samba-util popt
+                 POPT_SAMBA POPT_CREDENTIALS gensec LIBCLI_RESOLVE
+                 auth4 NTLMSSP_COMMON MESSAGING events service''',
+                 pyembed=True,
+                 install=False
         )
 
@@ -13 +15 @@
         source='oLschema2ldif.c',
         manpages='man/oLschema2ldif.1',
-        deps='ldb-cmdline samdb POPT_SAMBA'
+        deps='samdb POPT_SAMBA'
         )