[SCM] Samba Shared Repository - branch master updated
Stefan Metzmacher
metze at samba.org
Tue May 15 02:13:05 MDT 2012
The branch, master has been updated
via 8588d10 s4:ntvfs/smb2: remove misleading comment regarding security=server
via 12ce84f s4:ntvfs/cifs: remove misleading comment regarding security=server
via 7cb4acd s4:auth: remove unused auth_server.c
via 413e1be s3:auth: remove unused auth_server.c
via 0239f68 docs-xml: remove documentation of "SECURITY = SERVER"
via b4abd3f s3-auth: remove "security=server" (depricated since 3.6)
via 053fcfe s4:param/tests: remove "security=server" test
via f67cb32 selftest: Remove tests for security=server
from 747e539 samba-upgradedns: Use the correct magic incantation of sys.path.insert()
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit 8588d1086142cebcf8734fcd0773f99e8825c87b
Author: Stefan Metzmacher <metze at samba.org>
Date: Sat May 12 12:53:34 2012 +0200
s4:ntvfs/smb2: remove misleading comment regarding security=server
metze
Autobuild-User: Stefan Metzmacher <metze at samba.org>
Autobuild-Date: Tue May 15 10:12:53 CEST 2012 on sn-devel-104
commit 12ce84f0cf8b2658cf4067dd5189624bdee4bde7
Author: Stefan Metzmacher <metze at samba.org>
Date: Sat May 12 12:53:34 2012 +0200
s4:ntvfs/cifs: remove misleading comment regarding security=server
metze
commit 7cb4acd5dd1825e157e00e0e8babd674b494375a
Author: Stefan Metzmacher <metze at samba.org>
Date: Sat May 12 12:01:18 2012 +0200
s4:auth: remove unused auth_server.c
metze
commit 413e1be7739003696fd903dd80d1ead5275fe74c
Author: Stefan Metzmacher <metze at samba.org>
Date: Sat May 12 12:01:03 2012 +0200
s3:auth: remove unused auth_server.c
metze
commit 0239f680a79ec41ecff97eea38687eccad2b5894
Author: Stefan Metzmacher <metze at samba.org>
Date: Sat May 12 12:00:32 2012 +0200
docs-xml: remove documentation of "SECURITY = SERVER"
metze
commit b4abd3faaf3bdcbcd24fed8325960ccdee43bea9
Author: Stefan Metzmacher <metze at samba.org>
Date: Sat May 12 12:00:00 2012 +0200
s3-auth: remove "security=server" (depricated since 3.6)
"security=server" has a lot of problems in the world with
modern security (ntlmv2 and krb5). It was also not very
reliable, as it needed a stable connection to the password
server for the lifetime of the whole client connection!
Please use "security=domain" or "security=ads" is you
authentication against remote servers (domain controllers).
metze
--------------
/ \
/ REST \
/ IN \
/ PEACE \
/ \
| SEC_SERVER |
| security=server |
| |
| |
| 12 May |
| |
| 2012 |
*| * * * | *
_________)/\\_//(\/(/\)/\//\/\///|_)_______
commit 053fcfef0fa680e2443a07933973f0f21624c336
Author: Stefan Metzmacher <metze at samba.org>
Date: Sat May 12 11:14:17 2012 +0200
s4:param/tests: remove "security=server" test
metze
commit f67cb32b51a77dd0ebf63d9469a99f9359cb1e54
Author: Andrew Bartlett <abartlet at samba.org>
Date: Tue May 15 09:43:03 2012 +1000
selftest: Remove tests for security=server
Signed-off-by: Stefan Metzmacher <metze at samba.org>
-----------------------------------------------------------------------
Summary of changes:
docs-xml/smbdotconf/security/security.xml | 32 --
lib/param/loadparm_server_role.c | 9 +-
lib/param/param_enums.c | 1 -
libds/common/roles.h | 19 +-
selftest/target/Samba.pm | 1 -
selftest/target/Samba3.pm | 40 ---
source3/Makefile.in | 5 -
source3/auth/auth.c | 6 -
source3/auth/auth_server.c | 487 -----------------------------
source3/auth/proto.h | 4 -
source3/auth/wscript_build | 9 -
source3/configure.in | 2 -
source3/param/loadparm.c | 4 -
source3/selftest/tests.py | 5 +-
source3/utils/testparm.c | 6 +-
source3/wscript | 2 +-
source4/auth/ntlm/auth_server.c | 237 --------------
source4/auth/ntlm/wscript_build | 8 -
source4/ntvfs/cifs/vfs_cifs.c | 1 -
source4/ntvfs/smb2/vfs_smb2.c | 1 -
source4/param/tests/loadparm.c | 10 -
21 files changed, 22 insertions(+), 867 deletions(-)
delete mode 100644 source3/auth/auth_server.c
delete mode 100644 source4/auth/ntlm/auth_server.c
Changeset truncated at 500 lines:
diff --git a/docs-xml/smbdotconf/security/security.xml b/docs-xml/smbdotconf/security/security.xml
index 2575d77..453de94 100644
--- a/docs-xml/smbdotconf/security/security.xml
+++ b/docs-xml/smbdotconf/security/security.xml
@@ -79,38 +79,6 @@
<para>See also the <smbconfoption name="password server"/> parameter and
the <smbconfoption name="encrypted passwords"/> parameter.</para>
- <para><anchor id="SECURITYEQUALSSERVER"/><emphasis>SECURITY = SERVER</emphasis></para>
-
- <para>
- In this depicted mode Samba will try to validate the username/password by passing it to another SMB server, such as an
- NT box. If this fails it will revert to <command moreinfo="none">security = user</command>. It expects the
- <smbconfoption name="encrypted passwords"/> parameter to be set to <constant>yes</constant>, unless the remote
- server does not support them. However note that if encrypted passwords have been negotiated then Samba cannot
- revert back to checking the UNIX password file, it must have a valid <filename
- moreinfo="none">smbpasswd</filename> file to check users against. See the chapter about the User Database in
- the Samba HOWTO Collection for details on how to set this up.
-</para>
-
- <note><para>This mode of operation has
- significant pitfalls since it is more vulnerable to
- man-in-the-middle attacks and server impersonation. In particular,
- this mode of operation can cause significant resource consumption on
- the PDC, as it must maintain an active connection for the duration
- of the user's session. Furthermore, if this connection is lost,
- there is no way to reestablish it, and further authentications to the
- Samba server may fail (from a single client, till it disconnects).
- </para></note>
-
- <note><para>If the client selects NTLMv2 authentication, then this mode of operation <emphasis>will fail</emphasis>
- </para></note>
-
- <note><para>From the client's point of
- view, <command moreinfo="none">security = server</command> is the
- same as <command moreinfo="none">security = user</command>. It
- only affects how the server deals with the authentication, it does
- not in any way affect what the client sees.</para></note>
-
- <note><para>This option is deprecated, and may be removed in future</para></note>
<para><emphasis>Note</emphasis> that the name of the resource being
requested is <emphasis>not</emphasis> sent to the server until after
diff --git a/lib/param/loadparm_server_role.c b/lib/param/loadparm_server_role.c
index 4ba54b9..9ff64be 100644
--- a/lib/param/loadparm_server_role.c
+++ b/lib/param/loadparm_server_role.c
@@ -73,13 +73,6 @@ int lp_find_server_role(int server_role, int security, int domain_logons, int do
role = ROLE_STANDALONE;
switch (security) {
- case SEC_SERVER:
- if (domain_logons) {
- DEBUG(0, ("Server's Role (logon server) conflicts with server-level security\n"));
- }
- /* this used to be considered ROLE_DOMAIN_MEMBER but that's just wrong */
- role = ROLE_STANDALONE;
- break;
case SEC_DOMAIN:
if (domain_logons) {
DEBUG(1, ("Server's Role (logon server) NOT ADVISED with domain-level security\n"));
@@ -157,7 +150,7 @@ bool lp_is_security_and_server_role_valid(int server_role, int security)
valid = true;
break;
case ROLE_STANDALONE:
- if (security == SEC_SERVER || security == SEC_USER) {
+ if (security == SEC_USER) {
valid = true;
}
break;
diff --git a/lib/param/param_enums.c b/lib/param/param_enums.c
index 36234ea..5f4cd61 100644
--- a/lib/param/param_enums.c
+++ b/lib/param/param_enums.c
@@ -46,7 +46,6 @@ static const struct enum_list enum_protocol[] = {
static const struct enum_list enum_security[] = {
{SEC_AUTO, "AUTO"},
{SEC_USER, "USER"},
- {SEC_SERVER, "SERVER"},
{SEC_DOMAIN, "DOMAIN"},
#if (defined(HAVE_ADS) || _SAMBA_BUILD_ >= 4)
{SEC_ADS, "ADS"},
diff --git a/libds/common/roles.h b/libds/common/roles.h
index 90281ba..9dc9a00 100644
--- a/libds/common/roles.h
+++ b/libds/common/roles.h
@@ -60,10 +60,25 @@ enum server_role {
*| * * * | *
_________)/\\_//(\/(/\)/\//\/\///|_)_______
- */
+ --------------
+ / \
+ / REST \
+ / IN \
+ / PEACE \
+ / \
+ | SEC_SERVER |
+ | security=server |
+ | |
+ | |
+ | 12 May |
+ | |
+ | 2012 |
+ *| * * * | *
+ _________)/\\_//(\/(/\)/\//\/\///|_)_______
+
+*/
enum security_types {SEC_AUTO = 0,
SEC_USER = 2,
- SEC_SERVER = 3,
SEC_DOMAIN = 4,
SEC_ADS = 5};
diff --git a/selftest/target/Samba.pm b/selftest/target/Samba.pm
index 1422603..72f26a5 100644
--- a/selftest/target/Samba.pm
+++ b/selftest/target/Samba.pm
@@ -144,7 +144,6 @@ sub get_interface($)
$interfaces{"locals3dc2"} = 2;
$interfaces{"localmember3"} = 3;
$interfaces{"localshare4"} = 4;
- $interfaces{"localserver5"} = 5;
$interfaces{"localktest6"} = 6;
$interfaces{"maptoguest"} = 7;
diff --git a/selftest/target/Samba3.pm b/selftest/target/Samba3.pm
index b148167..04026be 100755
--- a/selftest/target/Samba3.pm
+++ b/selftest/target/Samba3.pm
@@ -159,13 +159,6 @@ sub setup_env($$$)
return $self->setup_maptoguest("$path/maptoguest");
} elsif ($envname eq "ktest") {
return $self->setup_ktest("$path/ktest");
- } elsif ($envname eq "secserver") {
- if (not defined($self->{vars}->{s3dc})) {
- if (not defined($self->setup_s3dc("$path/s3dc"))) {
- return undef;
- }
- }
- return $self->setup_secserver("$path/secserver", $self->{vars}->{s3dc});
} elsif ($envname eq "member") {
if (not defined($self->{vars}->{s3dc})) {
if (not defined($self->setup_s3dc("$path/s3dc"))) {
@@ -375,39 +368,6 @@ sub setup_secshare($$)
return $vars;
}
-sub setup_secserver($$$)
-{
- my ($self, $prefix, $s3dcvars) = @_;
-
- print "PROVISIONING server with security=server...";
-
- my $secserver_options = "
- security = server
- password server = $s3dcvars->{SERVER_IP}
-";
-
- my $ret = $self->provision($prefix,
- "LOCALSERVER5",
- "localserver5pass",
- $secserver_options);
-
- $ret or return undef;
-
- $self->check_or_start($ret, "yes", "no", "yes");
-
- if (not $self->wait_for_start($ret)) {
- return undef;
- }
-
- $ret->{DC_SERVER} = $s3dcvars->{SERVER};
- $ret->{DC_SERVER_IP} = $s3dcvars->{SERVER_IP};
- $ret->{DC_NETBIOSNAME} = $s3dcvars->{NETBIOSNAME};
- $ret->{DC_USERNAME} = $s3dcvars->{USERNAME};
- $ret->{DC_PASSWORD} = $s3dcvars->{PASSWORD};
-
- return $ret;
-}
-
sub setup_ktest($$$)
{
my ($self, $prefix) = @_;
diff --git a/source3/Makefile.in b/source3/Makefile.in
index 52ed5d3..5d70e6d 100644
--- a/source3/Makefile.in
+++ b/source3/Makefile.in
@@ -906,7 +906,6 @@ DCUTIL_OBJ = libsmb/namequery_dc.o libsmb/trustdom_cache.o libsmb/trusts_util.o
AUTH_BUILTIN_OBJ = auth/auth_builtin.o
AUTH_DOMAIN_OBJ = auth/auth_domain.o
AUTH_SAM_OBJ = auth/auth_sam.o auth/check_samsec.o
-AUTH_SERVER_OBJ = auth/auth_server.o
AUTH_UNIX_OBJ = auth/auth_unix.o
AUTH_WINBIND_OBJ = auth/auth_winbind.o
AUTH_WBC_OBJ = auth/auth_wbc.o
@@ -2859,10 +2858,6 @@ bin/netlogond. at SHLIBEXT@: $(BINARY_PREREQS) $(AUTH_NETLOGOND_OBJ)
@echo "Building plugin $@"
@$(SHLD_MODULE) $(AUTH_NETLOGOND_OBJ)
-bin/smbserver. at SHLIBEXT@: $(BINARY_PREREQS) $(AUTH_SERVER_OBJ)
- @echo "Building plugin $@"
- @$(SHLD_MODULE) $(AUTH_SERVER_OBJ)
-
bin/winbind. at SHLIBEXT@: $(BINARY_PREREQS) $(AUTH_WINBIND_OBJ)
@echo "Building plugin $@"
@$(SHLD_MODULE) $(AUTH_WINBIND_OBJ)
diff --git a/source3/auth/auth.c b/source3/auth/auth.c
index 4b075a6..c442a53 100644
--- a/source3/auth/auth.c
+++ b/source3/auth/auth.c
@@ -494,12 +494,6 @@ NTSTATUS make_auth_context_subsystem(TALLOC_CTX *mem_ctx,
talloc_tos(), "guest sam winbind:ntdomain",
NULL);
break;
- case SEC_SERVER:
- DEBUG(5,("Making default auth method list for security=server\n"));
- auth_method_list = str_list_make_v3(
- talloc_tos(), "guest sam smbserver",
- NULL);
- break;
case SEC_USER:
if (lp_encrypted_passwords()) {
if ((lp_server_role() == ROLE_DOMAIN_PDC) || (lp_server_role() == ROLE_DOMAIN_BDC)) {
diff --git a/source3/auth/auth_server.c b/source3/auth/auth_server.c
deleted file mode 100644
index 3bd69cd..0000000
--- a/source3/auth/auth_server.c
+++ /dev/null
@@ -1,487 +0,0 @@
-/*
- Unix SMB/CIFS implementation.
- Authenticate to a remote server
- Copyright (C) Andrew Tridgell 1992-1998
- Copyright (C) Andrew Bartlett 2001
-
- This program is free software; you can redistribute it and/or modify
- it under the terms of the GNU General Public License as published by
- the Free Software Foundation; either version 3 of the License, or
- (at your option) any later version.
-
- This program is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- GNU General Public License for more details.
-
- You should have received a copy of the GNU General Public License
- along with this program. If not, see <http://www.gnu.org/licenses/>.
-*/
-
-#include "includes.h"
-#include "auth.h"
-#include "system/passwd.h"
-#include "smbd/smbd.h"
-#include "libsmb/libsmb.h"
-
-#undef DBGC_CLASS
-#define DBGC_CLASS DBGC_AUTH
-
-extern userdom_struct current_user_info;
-
-/****************************************************************************
- Support for server level security.
-****************************************************************************/
-
-static struct cli_state *server_cryptkey(TALLOC_CTX *mem_ctx)
-{
- struct cli_state *cli = NULL;
- char *desthost = NULL;
- struct sockaddr_storage dest_ss;
- const char *p;
- char *pserver = NULL;
- bool connected_ok = False;
- struct named_mutex *mutex = NULL;
- NTSTATUS status;
- /* security = server just can't function with spnego */
- int flags = CLI_FULL_CONNECTION_DONT_SPNEGO;
- uint16_t sec_mode = 0;
-
- pserver = talloc_strdup(mem_ctx, lp_passwordserver());
- p = pserver;
-
- while(next_token_talloc(mem_ctx, &p, &desthost, LIST_SEP)) {
-
- desthost = talloc_sub_basic(mem_ctx,
- current_user_info.smb_name,
- current_user_info.domain,
- desthost);
- if (!desthost) {
- return NULL;
- }
- strupper_m(desthost);
-
- if (strequal(desthost, myhostname())) {
- DEBUG(1,("Password server loop - disabling "
- "password server %s\n", desthost));
- continue;
- }
-
- if(!resolve_name( desthost, &dest_ss, 0x20, false)) {
- DEBUG(1,("server_cryptkey: Can't resolve address for %s\n",desthost));
- continue;
- }
-
- if (ismyaddr((struct sockaddr *)(void *)&dest_ss)) {
- DEBUG(1,("Password server loop - disabling password server %s\n",desthost));
- continue;
- }
-
- /* we use a mutex to prevent two connections at once - when a
- Win2k PDC get two connections where one hasn't completed a
- session setup yet it will send a TCP reset to the first
- connection (tridge) */
-
- mutex = grab_named_mutex(talloc_tos(), desthost, 10);
- if (mutex == NULL) {
- return NULL;
- }
-
- status = cli_connect_nb(desthost, &dest_ss, 0, 0x20,
- lp_netbios_name(), SMB_SIGNING_DEFAULT,
- flags, &cli);
- if (NT_STATUS_IS_OK(status)) {
- DEBUG(3,("connected to password server %s\n",desthost));
- connected_ok = True;
- break;
- }
- DEBUG(10,("server_cryptkey: failed to connect to server %s. Error %s\n",
- desthost, nt_errstr(status) ));
- TALLOC_FREE(mutex);
- }
-
- if (!connected_ok) {
- DEBUG(0,("password server not available\n"));
- return NULL;
- }
-
- DEBUG(3,("got session\n"));
-
- status = cli_negprot(cli, PROTOCOL_NT1);
-
- if (!NT_STATUS_IS_OK(status)) {
- TALLOC_FREE(mutex);
- DEBUG(1, ("%s rejected the negprot: %s\n",
- desthost, nt_errstr(status)));
- cli_shutdown(cli);
- return NULL;
- }
-
- sec_mode = cli_state_security_mode(cli);
- if (cli_state_protocol(cli) < PROTOCOL_LANMAN2 ||
- !(sec_mode & NEGOTIATE_SECURITY_USER_LEVEL)) {
- TALLOC_FREE(mutex);
- DEBUG(1,("%s isn't in user level security mode\n",desthost));
- cli_shutdown(cli);
- return NULL;
- }
-
- /* Get the first session setup done quickly, to avoid silly
- Win2k bugs. (The next connection to the server will kill
- this one...
- */
-
- status = cli_session_setup(cli, "", "", 0, "", 0, "");
- if (!NT_STATUS_IS_OK(status)) {
- TALLOC_FREE(mutex);
- DEBUG(0,("%s rejected the initial session setup (%s)\n",
- desthost, nt_errstr(status)));
- cli_shutdown(cli);
- return NULL;
- }
-
- TALLOC_FREE(mutex);
-
- DEBUG(3,("password server OK\n"));
-
- return cli;
-}
-
-struct server_security_state {
- struct cli_state *cli;
-};
-
-/****************************************************************************
- Send a 'keepalive' packet down the cli pipe.
-****************************************************************************/
-
-static bool send_server_keepalive(const struct timeval *now,
- void *private_data)
-{
- struct server_security_state *state = talloc_get_type_abort(
- private_data, struct server_security_state);
- NTSTATUS status;
- unsigned char garbage[16];
-
- if (!cli_state_is_connected(state->cli)) {
- return false;
- }
-
- /* Ping the server to keep the connection alive using SMBecho. */
- memset(garbage, 0xf0, sizeof(garbage));
- status = cli_echo(state->cli, 1, data_blob_const(garbage, sizeof(garbage)));
- if (NT_STATUS_IS_OK(status)) {
- return true;
- }
-
- DEBUG(2,("send_server_keepalive: password server SMBecho failed: %s\n",
- nt_errstr(status)));
- cli_shutdown(state->cli);
- state->cli = NULL;
- return false;
-}
-
-static int destroy_server_security(struct server_security_state *state)
-{
- if (state->cli) {
- cli_shutdown(state->cli);
- }
- return 0;
-}
-
-static struct server_security_state *make_server_security_state(struct cli_state *cli)
-{
- struct server_security_state *result;
-
- if (!(result = talloc(NULL, struct server_security_state))) {
- DEBUG(0, ("talloc failed\n"));
- cli_shutdown(cli);
- return NULL;
- }
-
- result->cli = cli;
- talloc_set_destructor(result, destroy_server_security);
-
- if (lp_keepalive() != 0) {
- struct timeval interval;
- interval.tv_sec = lp_keepalive();
- interval.tv_usec = 0;
-
- if (event_add_idle(server_event_context(), result, interval,
- "server_security_keepalive",
- send_server_keepalive,
- result) == NULL) {
- DEBUG(0, ("event_add_idle failed\n"));
- TALLOC_FREE(result);
- return NULL;
- }
- }
-
- return result;
-}
-
-/****************************************************************************
- Get the challenge out of a password server.
-****************************************************************************/
-
-static DATA_BLOB auth_get_challenge_server(const struct auth_context *auth_context,
- void **my_private_data,
- TALLOC_CTX *mem_ctx)
-{
- struct cli_state *cli = server_cryptkey(mem_ctx);
-
- if (cli) {
- uint16_t sec_mode = cli_state_security_mode(cli);
- const uint8_t *server_challenge = cli_state_server_challenge(cli);
-
- DEBUG(3,("using password server validation\n"));
-
- if ((sec_mode & NEGOTIATE_SECURITY_CHALLENGE_RESPONSE) == 0) {
- /* We can't work with unencrypted password servers
- unless 'encrypt passwords = no' */
- DEBUG(5,("make_auth_info_server: Server is unencrypted, no challenge available..\n"));
-
- /* However, it is still a perfectly fine connection
- to pass that unencrypted password over */
- *my_private_data =
- (void *)make_server_security_state(cli);
- return data_blob_null;
- }
-
- if (!(*my_private_data = (void *)make_server_security_state(cli))) {
- return data_blob(NULL,0);
- }
-
- /* The return must be allocated on the caller's mem_ctx, as our own will be
- destoyed just after the call. */
- return data_blob_talloc(discard_const_p(TALLOC_CTX, auth_context), server_challenge ,8);
- } else {
- return data_blob_null;
- }
-}
-
-
-/****************************************************************************
- Check for a valid username and password in security=server mode.
- - Validate a password with the password server.
-****************************************************************************/
-
-static NTSTATUS check_smbserver_security(const struct auth_context *auth_context,
- void *my_private_data,
--
Samba Shared Repository
More information about the samba-cvs
mailing list