[SCM] Samba Shared Repository - branch master updated
Andrew Bartlett
abartlet at samba.org
Thu Feb 23 02:56:03 MST 2012
The branch, master has been updated
via 6f8f24c selftest: Do not skip environments that fail to start up
via c623b4b s4-provision: Fix typo in 9b9fdeefb47f2657c9bb4c2f48318550da510209
via b0798cc s3-libads: Remove unused ads_set_machine_password()
via a6aa244 s3-libads: Remove unused ads_pull_sids_from_extendeddn()
via 1c7725a s3-utils: Remove unused connect_to_ipc_krb5()
via 7724533 wintest: Change to a new Win2008R2 VM
via bea0515 s3-libsmb: Remove unused spnego functions
via 757c9b7 s3-rpc_server Remove unused function auth_generic_server_start()
from fe24ab4 s4:smbcli:smb2: add a random GUID to the transport connection in smb2_transport_init()
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit 6f8f24c5f2564cf0d0f742af556e3f641803efbd
Author: Andrew Bartlett <abartlet at samba.org>
Date: Thu Feb 23 16:34:47 2012 +1100
selftest: Do not skip environments that fail to start up
This is a regression in 70f4a96c68e91e407651e2487cc3c66a80262fa2.
Andrew Bartlett
Autobuild-User: Andrew Bartlett <abartlet at samba.org>
Autobuild-Date: Thu Feb 23 10:55:20 CET 2012 on sn-devel-104
commit c623b4bbb8963baf82d1582abe29b7d54d09397c
Author: Andrew Bartlett <abartlet at samba.org>
Date: Thu Feb 23 16:36:33 2012 +1100
s4-provision: Fix typo in 9b9fdeefb47f2657c9bb4c2f48318550da510209
This was not found to to a bug in the selftest system.
Andrew Bartlett
commit b0798cc0131df4abc314317e43f597c328deaceb
Author: Andrew Bartlett <abartlet at samba.org>
Date: Thu Feb 9 15:59:38 2012 +1100
s3-libads: Remove unused ads_set_machine_password()
Found by callcatcher.
Andrew Bartlett
commit a6aa24428add3faeb38461929576dc28670c25c6
Author: Andrew Bartlett <abartlet at samba.org>
Date: Thu Feb 9 16:04:30 2012 +1100
s3-libads: Remove unused ads_pull_sids_from_extendeddn()
Found by callcatcher.
Andrew Bartlett
commit 1c7725ae8a4ed3270720ce71de08f4949aa83ea7
Author: Andrew Bartlett <abartlet at samba.org>
Date: Thu Feb 9 16:07:06 2012 +1100
s3-utils: Remove unused connect_to_ipc_krb5()
Found by callcatcher.
Andrew Bartlett
commit 7724533d8065a2cd78573e6a07fcad9879296c71
Author: Andrew Bartlett <abartlet at samba.org>
Date: Tue Feb 21 11:55:50 2012 +1100
wintest: Change to a new Win2008R2 VM
commit bea05159e4239e04dc5e8782b881ed7f70b231fc
Author: Andrew Bartlett <abartlet at samba.org>
Date: Mon Feb 20 17:03:25 2012 +1100
s3-libsmb: Remove unused spnego functions
commit 757c9b79ea1b2a599d9db1f6e686534777abd3a7
Author: Andrew Bartlett <abartlet at samba.org>
Date: Mon Feb 20 16:42:20 2012 +1100
s3-rpc_server Remove unused function auth_generic_server_start()
-----------------------------------------------------------------------
Summary of changes:
selftest/selftest.pl | 2 +-
selftest/target/Samba.pm | 8 +-
source3/include/proto.h | 11 --
source3/libads/ads_ldap_protos.h | 7 --
source3/libads/ads_proto.h | 3 -
source3/libads/kerberos_util.c | 30 ------
source3/libads/ldap.c | 55 ----------
source3/libsmb/clispnego.c | 109 --------------------
source3/rpc_server/dcesrv_auth_generic.c | 53 ----------
source3/rpc_server/dcesrv_auth_generic.h | 10 --
source3/utils/net_proto.h | 4 -
source3/utils/net_util.c | 53 ----------
.../scripting/python/samba/provision/sambadns.py | 6 +-
wintest/conf/abartlet.conf | 12 +-
14 files changed, 16 insertions(+), 347 deletions(-)
Changeset truncated at 500 lines:
diff --git a/selftest/selftest.pl b/selftest/selftest.pl
index 4625172..72e9ddf 100755
--- a/selftest/selftest.pl
+++ b/selftest/selftest.pl
@@ -888,7 +888,7 @@ sub setup_env($$)
$testenv_vars->{target} = $target;
}
if (not defined($testenv_vars)) {
- warn("$opt_target can't provide environment '$envname'");
+ warn("$opt_target can't start up known environment '$envname'");
}
}
diff --git a/selftest/target/Samba.pm b/selftest/target/Samba.pm
index eea1987..445cbb2 100644
--- a/selftest/target/Samba.pm
+++ b/selftest/target/Samba.pm
@@ -31,7 +31,7 @@ sub setup_env($$$)
if (not defined($env->{target})) {
$env->{target} = $self->{samba4};
}
- } else {
+ } elsif (defined($env) and $env eq "UNKNOWN") {
$env = $self->{samba3}->setup_env($envname, $path);
if (defined($env) and $env ne "UNKNOWN") {
if (not defined($env->{target})) {
@@ -39,8 +39,12 @@ sub setup_env($$$)
}
}
}
- if (not defined $env) {
+ if (defined($env) and ($env eq "UNKNOWN")) {
warn("Samba can't provide environment '$envname'");
+ return "UNKNOWN";
+ }
+ if (not defined $env) {
+ warn("failed to start up environment '$envname'");
return undef;
}
return $env;
diff --git a/source3/include/proto.h b/source3/include/proto.h
index 7adb2c4..30fc216 100644
--- a/source3/include/proto.h
+++ b/source3/include/proto.h
@@ -869,9 +869,6 @@ int spnego_gen_krb5_negTokenInit(TALLOC_CTX *ctx,
bool spnego_parse_challenge(TALLOC_CTX *ctx, const DATA_BLOB blob,
DATA_BLOB *chal1, DATA_BLOB *chal2);
DATA_BLOB spnego_gen_auth(TALLOC_CTX *ctx, DATA_BLOB blob);
-bool spnego_parse_auth(TALLOC_CTX *ctx, DATA_BLOB blob, DATA_BLOB *auth);
-DATA_BLOB spnego_gen_auth_response(TALLOC_CTX *ctx, DATA_BLOB *reply, NTSTATUS nt_status,
- const char *mechOID);
bool spnego_parse_auth_response(TALLOC_CTX *ctx,
DATA_BLOB blob, NTSTATUS nt_status,
const char *mechOID,
@@ -879,14 +876,6 @@ bool spnego_parse_auth_response(TALLOC_CTX *ctx,
bool spnego_parse_auth_and_mic(TALLOC_CTX *ctx, DATA_BLOB blob,
DATA_BLOB *auth, DATA_BLOB *signature);
-DATA_BLOB spnego_gen_auth_response_and_mic(TALLOC_CTX *ctx,
- NTSTATUS nt_status,
- const char *mechOID,
- DATA_BLOB *reply,
- DATA_BLOB *mechlistMIC);
-bool spnego_mech_list_blob(TALLOC_CTX *mem_ctx,
- char **oid_list, DATA_BLOB *data);
-
/* The following definitions come from libsmb/conncache.c */
NTSTATUS check_negative_conn_cache( const char *domain, const char *server);
diff --git a/source3/libads/ads_ldap_protos.h b/source3/libads/ads_ldap_protos.h
index 83b6fc1..3024ae2 100644
--- a/source3/libads/ads_ldap_protos.h
+++ b/source3/libads/ads_ldap_protos.h
@@ -61,13 +61,6 @@ bool ads_pull_sd(ADS_STRUCT *ads, TALLOC_CTX *mem_ctx,
LDAPMessage *msg, const char *field, struct security_descriptor **sd);
char *ads_pull_username(ADS_STRUCT *ads, TALLOC_CTX *mem_ctx,
LDAPMessage *msg);
-int ads_pull_sids_from_extendeddn(ADS_STRUCT *ads,
- TALLOC_CTX *mem_ctx,
- LDAPMessage *msg,
- const char *field,
- enum ads_extended_dn_flags flags,
- struct dom_sid **sids);
-
ADS_STATUS ads_find_machine_acct(ADS_STRUCT *ads, LDAPMessage **res,
const char *machine);
ADS_STATUS ads_find_printer_on_server(ADS_STRUCT *ads, LDAPMessage **res,
diff --git a/source3/libads/ads_proto.h b/source3/libads/ads_proto.h
index 324fa2a..17a84d1 100644
--- a/source3/libads/ads_proto.h
+++ b/source3/libads/ads_proto.h
@@ -58,9 +58,6 @@ int ads_keytab_list(const char *keytab_name);
/* The following definitions come from libads/kerberos_util.c */
-ADS_STATUS ads_set_machine_password(ADS_STRUCT *ads,
- const char *machine_account,
- const char *password);
int ads_kinit_password(ADS_STRUCT *ads);
/* The following definitions come from libads/ldap.c */
diff --git a/source3/libads/kerberos_util.c b/source3/libads/kerberos_util.c
index 4935da8..f252645 100644
--- a/source3/libads/kerberos_util.c
+++ b/source3/libads/kerberos_util.c
@@ -24,36 +24,6 @@
#ifdef HAVE_KRB5
-/**
- * Set the machine account password
- * @param ads connection to ads server
- * @param hostname machine whose password is being set
- * @param password new password
- * @return status of password change
- **/
-ADS_STATUS ads_set_machine_password(ADS_STRUCT *ads,
- const char *machine_account,
- const char *password)
-{
- ADS_STATUS status;
- char *principal = NULL;
-
- /*
- we need to use the '$' form of the name here (the machine account name),
- as otherwise the server might end up setting the password for a user
- instead
- */
- if (asprintf(&principal, "%s@%s", machine_account, ads->config.realm) < 0) {
- return ADS_ERROR_NT(NT_STATUS_NO_MEMORY);
- }
-
- status = ads_krb5_set_password(ads->auth.kdc_server, principal,
- password, ads->auth.time_offset);
-
- SAFE_FREE(principal);
- return status;
-}
-
/* run kinit to setup our ccache */
int ads_kinit_password(ADS_STRUCT *ads)
{
diff --git a/source3/libads/ldap.c b/source3/libads/ldap.c
index 870d4bc..70dad2f 100644
--- a/source3/libads/ldap.c
+++ b/source3/libads/ldap.c
@@ -3278,61 +3278,6 @@ ADS_STATUS ads_get_sid_from_extended_dn(TALLOC_CTX *mem_ctx,
return ADS_ERROR_NT(NT_STATUS_OK);
}
-/**
- * pull an array of struct dom_sids from a ADS result
- * @param ads connection to ads server
- * @param mem_ctx TALLOC_CTX for allocating sid array
- * @param msg Results of search
- * @param field Attribute to retrieve
- * @param flags string type of extended_dn
- * @param sids pointer to sid array to allocate
- * @return the count of SIDs pulled
- **/
- int ads_pull_sids_from_extendeddn(ADS_STRUCT *ads,
- TALLOC_CTX *mem_ctx,
- LDAPMessage *msg,
- const char *field,
- enum ads_extended_dn_flags flags,
- struct dom_sid **sids)
-{
- int i;
- ADS_STATUS rc;
- size_t dn_count, ret_count = 0;
- char **dn_strings;
-
- if ((dn_strings = ads_pull_strings(ads, mem_ctx, msg, field,
- &dn_count)) == NULL) {
- return 0;
- }
-
- (*sids) = talloc_zero_array(mem_ctx, struct dom_sid, dn_count + 1);
- if (!(*sids)) {
- TALLOC_FREE(dn_strings);
- return 0;
- }
-
- for (i=0; i<dn_count; i++) {
- rc = ads_get_sid_from_extended_dn(mem_ctx, dn_strings[i],
- flags, &(*sids)[i]);
- if (!ADS_ERR_OK(rc)) {
- if (NT_STATUS_EQUAL(ads_ntstatus(rc),
- NT_STATUS_NOT_FOUND)) {
- continue;
- }
- else {
- TALLOC_FREE(*sids);
- TALLOC_FREE(dn_strings);
- return 0;
- }
- }
- ret_count++;
- }
-
- TALLOC_FREE(dn_strings);
-
- return ret_count;
-}
-
/********************************************************************
********************************************************************/
diff --git a/source3/libsmb/clispnego.c b/source3/libsmb/clispnego.c
index d584f9f..c1b49c9 100644
--- a/source3/libsmb/clispnego.c
+++ b/source3/libsmb/clispnego.c
@@ -449,78 +449,6 @@ done:
return true;
}
-bool spnego_parse_auth(TALLOC_CTX *ctx, DATA_BLOB blob, DATA_BLOB *auth)
-{
- return spnego_parse_auth_and_mic(ctx, blob, auth, NULL);
-}
-
-/*
- generate a minimal SPNEGO response packet. Doesn't contain much.
-*/
-DATA_BLOB spnego_gen_auth_response_and_mic(TALLOC_CTX *ctx,
- NTSTATUS nt_status,
- const char *mechOID,
- DATA_BLOB *reply,
- DATA_BLOB *mechlistMIC)
-{
- ASN1_DATA *data;
- DATA_BLOB ret;
- uint8 negResult;
-
- if (NT_STATUS_IS_OK(nt_status)) {
- negResult = SPNEGO_ACCEPT_COMPLETED;
- } else if (NT_STATUS_EQUAL(nt_status, NT_STATUS_MORE_PROCESSING_REQUIRED)) {
- negResult = SPNEGO_ACCEPT_INCOMPLETE;
- } else {
- negResult = SPNEGO_REJECT;
- }
-
- data = asn1_init(talloc_tos());
- if (data == NULL) {
- return data_blob_null;
- }
-
- asn1_push_tag(data, ASN1_CONTEXT(1));
- asn1_push_tag(data, ASN1_SEQUENCE(0));
- asn1_push_tag(data, ASN1_CONTEXT(0));
- asn1_write_enumerated(data, negResult);
- asn1_pop_tag(data);
-
- if (mechOID) {
- asn1_push_tag(data,ASN1_CONTEXT(1));
- asn1_write_OID(data, mechOID);
- asn1_pop_tag(data);
- }
-
- if (reply && reply->data != NULL) {
- asn1_push_tag(data,ASN1_CONTEXT(2));
- asn1_write_OctetString(data, reply->data, reply->length);
- asn1_pop_tag(data);
- }
-
- if (mechlistMIC && mechlistMIC->data != NULL) {
- asn1_push_tag(data, ASN1_CONTEXT(3));
- asn1_write_OctetString(data,
- mechlistMIC->data,
- mechlistMIC->length);
- asn1_pop_tag(data);
- }
-
- asn1_pop_tag(data);
- asn1_pop_tag(data);
-
- ret = data_blob_talloc(ctx, data->data, data->length);
- asn1_free(data);
- return ret;
-}
-
-DATA_BLOB spnego_gen_auth_response(TALLOC_CTX *ctx, DATA_BLOB *reply,
- NTSTATUS nt_status, const char *mechOID)
-{
- return spnego_gen_auth_response_and_mic(ctx, nt_status,
- mechOID, reply, NULL);
-}
-
/*
parse a SPNEGO auth packet. This contains the encrypted passwords
*/
@@ -596,40 +524,3 @@ bool spnego_parse_auth_response(TALLOC_CTX *ctx,
return True;
}
-bool spnego_mech_list_blob(TALLOC_CTX *mem_ctx,
- char **oid_list, DATA_BLOB *raw_data)
-{
- ASN1_DATA *data;
- unsigned int idx;
-
- if (!oid_list || !oid_list[0] || !raw_data) {
- return false;
- }
-
- data = asn1_init(talloc_tos());
- if (data == NULL) {
- return false;
- }
-
- asn1_push_tag(data, ASN1_SEQUENCE(0));
- for (idx = 0; oid_list[idx]; idx++) {
- asn1_write_OID(data, oid_list[idx]);
- }
- asn1_pop_tag(data);
-
- if (data->has_error) {
- DEBUG(3, (__location__ " failed at %d\n", (int)data->ofs));
- asn1_free(data);
- return false;
- }
-
- *raw_data = data_blob_talloc(mem_ctx, data->data, data->length);
- if (!raw_data->data) {
- DEBUG(3, (__location__": data_blob_talloc() failed!\n"));
- asn1_free(data);
- return false;
- }
-
- asn1_free(data);
- return true;
-}
diff --git a/source3/rpc_server/dcesrv_auth_generic.c b/source3/rpc_server/dcesrv_auth_generic.c
index 5fe6766..c4c08b2 100644
--- a/source3/rpc_server/dcesrv_auth_generic.c
+++ b/source3/rpc_server/dcesrv_auth_generic.c
@@ -24,59 +24,6 @@
#include "auth.h"
#include "auth/gensec/gensec.h"
-NTSTATUS auth_generic_server_start(TALLOC_CTX *mem_ctx,
- const char *oid,
- bool do_sign,
- bool do_seal,
- bool is_dcerpc,
- DATA_BLOB *token_in,
- DATA_BLOB *token_out,
- const struct tsocket_address *remote_address,
- struct gensec_security **ctx)
-{
- struct gensec_security *gensec_security = NULL;
- NTSTATUS status;
-
- status = auth_generic_prepare(talloc_tos(), remote_address, &gensec_security);
- if (!NT_STATUS_IS_OK(status)) {
- DEBUG(0, (__location__ ": auth_generic_prepare failed: %s\n",
- nt_errstr(status)));
- return status;
- }
-
- if (do_sign) {
- gensec_want_feature(gensec_security, GENSEC_FEATURE_SIGN);
- }
- if (do_seal) {
- gensec_want_feature(gensec_security, GENSEC_FEATURE_SIGN);
- gensec_want_feature(gensec_security, GENSEC_FEATURE_SEAL);
- }
-
- if (is_dcerpc) {
- gensec_want_feature(gensec_security, GENSEC_FEATURE_DCE_STYLE);
- }
-
- status = gensec_start_mech_by_oid(gensec_security, oid);
- if (!NT_STATUS_IS_OK(status)) {
- DEBUG(0, (__location__ ": auth_generic_start failed: %s\n",
- nt_errstr(status)));
- TALLOC_FREE(gensec_security);
- return status;
- }
-
- status = gensec_update(gensec_security, mem_ctx, NULL, *token_in, token_out);
- if (!NT_STATUS_IS_OK(status) && !NT_STATUS_EQUAL(status, NT_STATUS_MORE_PROCESSING_REQUIRED)) {
- DEBUG(2, (__location__ ": gensec_update failed: %s\n",
- nt_errstr(status)));
- TALLOC_FREE(gensec_security);
- return status;
- }
-
- /* steal gensec context to the caller */
- *ctx = talloc_move(mem_ctx, &gensec_security);
- return NT_STATUS_OK;
-}
-
NTSTATUS auth_generic_server_authtype_start(TALLOC_CTX *mem_ctx,
uint8_t auth_type, uint8_t auth_level,
DATA_BLOB *token_in,
diff --git a/source3/rpc_server/dcesrv_auth_generic.h b/source3/rpc_server/dcesrv_auth_generic.h
index 07e69af..f288c94 100644
--- a/source3/rpc_server/dcesrv_auth_generic.h
+++ b/source3/rpc_server/dcesrv_auth_generic.h
@@ -22,16 +22,6 @@
struct gensec_security;
-NTSTATUS auth_generic_server_start(TALLOC_CTX *mem_ctx,
- const char *oid,
- bool do_sign,
- bool do_seal,
- bool is_dcerpc,
- DATA_BLOB *token_in,
- DATA_BLOB *token_out,
- const struct tsocket_address *remote_address,
- struct gensec_security **ctx);
-
NTSTATUS auth_generic_server_authtype_start(TALLOC_CTX *mem_ctx,
uint8_t auth_type, uint8_t auth_level,
DATA_BLOB *token_in,
diff --git a/source3/utils/net_proto.h b/source3/utils/net_proto.h
index 83633aa..3f99e14 100644
--- a/source3/utils/net_proto.h
+++ b/source3/utils/net_proto.h
@@ -414,10 +414,6 @@ NTSTATUS connect_to_ipc_anonymous(struct net_context *c,
struct cli_state **cli_ctx,
const struct sockaddr_storage *server_ss,
const char *server_name);
-NTSTATUS connect_to_ipc_krb5(struct net_context *c,
- struct cli_state **cli_ctx,
- const struct sockaddr_storage *server_ss,
- const char *server_name);
NTSTATUS connect_dst_pipe(struct net_context *c, struct cli_state **cli_dst,
struct rpc_pipe_client **pp_pipe_hnd,
const struct ndr_syntax_id *interface);
diff --git a/source3/utils/net_util.c b/source3/utils/net_util.c
index a6edc39..d0f2dd7 100644
--- a/source3/utils/net_util.c
+++ b/source3/utils/net_util.c
@@ -241,59 +241,6 @@ static char *get_user_and_realm(const char *username)
return user_and_realm;
}
-/****************************************************************************
- Connect to \\server\ipc$ using KRB5.
-****************************************************************************/
-
-NTSTATUS connect_to_ipc_krb5(struct net_context *c,
- struct cli_state **cli_ctx,
- const struct sockaddr_storage *server_ss,
- const char *server_name)
-{
- NTSTATUS nt_status;
- char *user_and_realm = NULL;
-
- /* FIXME: Should get existing kerberos ticket if possible. */
- c->opt_password = net_prompt_pass(c, c->opt_user_name);
- if (!c->opt_password) {
- return NT_STATUS_NO_MEMORY;
- }
-
- user_and_realm = get_user_and_realm(c->opt_user_name);
- if (!user_and_realm) {
- return NT_STATUS_NO_MEMORY;
- }
-
- nt_status = cli_full_connection(cli_ctx, NULL, server_name,
- server_ss, c->opt_port,
- "IPC$", "IPC",
- user_and_realm, c->opt_workgroup,
- c->opt_password,
- CLI_FULL_CONNECTION_USE_KERBEROS,
- SMB_SIGNING_DEFAULT);
-
- SAFE_FREE(user_and_realm);
-
- if (!NT_STATUS_IS_OK(nt_status)) {
- DEBUG(1,("Cannot connect to server using kerberos. Error was %s\n", nt_errstr(nt_status)));
- return nt_status;
- }
-
- if (c->smb_encrypt) {
- nt_status = cli_cm_force_encryption(*cli_ctx,
- user_and_realm,
- c->opt_password,
- c->opt_workgroup,
- "IPC$");
- if (!NT_STATUS_IS_OK(nt_status)) {
- cli_shutdown(*cli_ctx);
- *cli_ctx = NULL;
- }
- }
-
- return nt_status;
-}
-
/**
* Connect a server and open a given pipe
*
diff --git a/source4/scripting/python/samba/provision/sambadns.py b/source4/scripting/python/samba/provision/sambadns.py
index e8bb752..2aefe4d 100644
--- a/source4/scripting/python/samba/provision/sambadns.py
+++ b/source4/scripting/python/samba/provision/sambadns.py
--
Samba Shared Repository
More information about the samba-cvs
mailing list