[SCM] Samba Shared Repository - branch master updated
Stefan Metzmacher
metze at samba.org
Fri Mar 24 14:51:04 UTC 2017
The branch, master has been updated
via a74fef0 Revert "selftest: temporary skip samba.blackbox.pdbtest.s4winbind"
via b5df13d s4:selftest: specify auth methods of pdbtests without 'samba4:' prefix
via b48dc10 auth4: implement the deprecated 'auth methods' in auth_methods_from_lp()
via 7f2d302 auth3: handle ROLE_ACTIVE_DIRECTORY_DC before lp_auth_methods() in make_auth_context_subsystem()
via 0c21cd5 selftest: temporary skip samba.blackbox.pdbtest.s4winbind
via ae2454c auth4: reflect the reality and use "winbind_rodc" instead of "winbind" for the auth methods as AD_DC
via 83dd7d0 auth4: add a "winbind_rodc" backend
via daf1523 auth: remove unused USER_INFO_LOCAL_SAM_ONLY/AUTH_METHOD_LOCAL_SAM defines
via b49c371 auth4: remove unused USER_INFO_LOCAL_SAM_ONLY/AUTH_METHOD_LOCAL_SAM handling
via 800e248 auth3: remove unused USER_INFO_LOCAL_SAM_ONLY/AUTH_METHOD_LOCAL_SAM handling
via 5bba164 winbindd: no longer use USER_INFO_LOCAL_SAM_ONLY
via a363a79 auth3: only use "[samba4:]sam" in make_auth3_context_for_winbind()
via 61e499c auth4: debug if method->ops->check_password() gives NOT_IMPLEMENTED
via 541d687 auth: let auth4_context->check_ntlm_password() return pauthoritative
via d568ebb ntlm_auth3: let contact_winbind_auth_crap() return pauthoritative
via 4af89d5 auth4: let auth_check_password* return pauthoritative
via 65d5f84 auth3: let auth_check_ntlm_password() return pauthoritative
via 111a6bf winbindd: let winbindd_dual_auth_passdb() return pauthoritative
via 15d1da0 winbindd: NT_STATUS_CANT_ACCESS_DOMAIN_INFO means "Dunno"
via 74deb48 netlogon4: make use of auth_context_create_for_netlogon()
via 2b685ff auth4: add auth_context_create_for_netlogon()
via c173b4e auth4: make auth_check_password_wrapper() static
via 29dc515 auth3: make make_auth_context_subsystem() static
via eff81e3 winbindd: make use of make_auth3_context_for_winbind()
via 9b8b409 netlogond3: make use of make_auth3_context_for_netlogon()
via 5627667 pdbtest: make use of make_auth3_context_for_ntlm()
via 8fba95f auth3: make use of make_auth3_context_for_ntlm()
via 0a8aabb auth3: add make_auth3_context_for_{ntlm,netlogon,winbind}
via 9e67fd4 auth3: Remove unused make_auth_context_fixed
via 0c50063 pdbtest: Call make_auth_context_subsystem directly
via f1ec0c4 netlogond3: only call make_auth_context_subsystem() in one place
via c6531b9 netlogond3: Call make_auth_context_subsystem directly
via 7f78cea netlogond3: "authorititative" is a uint8
via ab6ae3a winbindd: Call make_auth_context_subsystem directly
via 2a6388c auth3: Introduce auth3_context_set_challenge
via 51056c2 auth3: Simplify the logic in auth_check_ntlm_password
via c986141 auth3: Don't try other auth modules on any error
via 1e82d82 auth3: Introduce make_auth_context_specific
via b78de58 auth3: Slightly simplify make_auth_context_subsystem() step2
via 3fd7707 auth3: Slightly simplify make_auth_context_subsystem() step1
via 2b4c803 wbinfo: Add "authoritative" to wbinfo -a output
via 03b5585 auth4: add TODO comment on the auth_sam_trigger_repl_secret msDS-NeverRevealGroup interaction
from 294a1a8 CVE-2017-2619: s3: smbd: Use the new non_widelink_open() function.
https://git.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit a74fef0b907f03b8a52bddbaf1638cf794176e4b
Author: Stefan Metzmacher <metze at samba.org>
Date: Thu Mar 23 15:19:20 2017 +0100
Revert "selftest: temporary skip samba.blackbox.pdbtest.s4winbind"
This works again now...
BUG: https://bugzilla.samba.org/show_bug.cgi?id=2976
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12709
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Autobuild-User(master): Stefan Metzmacher <metze at samba.org>
Autobuild-Date(master): Fri Mar 24 15:50:22 CET 2017 on sn-devel-144
commit b5df13d1809e1cdb9d6c7a6879c394a53498b6db
Author: Stefan Metzmacher <metze at samba.org>
Date: Thu Mar 23 15:13:54 2017 +0100
s4:selftest: specify auth methods of pdbtests without 'samba4:' prefix
BUG: https://bugzilla.samba.org/show_bug.cgi?id=2976
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12709
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit b48dc10f1ebfa77933f839ec1bf83c35f2471c80
Author: Stefan Metzmacher <metze at samba.org>
Date: Wed Mar 22 09:50:13 2017 +0100
auth4: implement the deprecated 'auth methods' in auth_methods_from_lp()
This might be used to explicitly configure the old auth methods list
from Samba 4.6 and older, if required:
"auth methods = anonymous sam_ignoredomain"
But this option will be removed again in future releases.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=2976
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12709
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 7f2d30215e5b669e04e6c4c9c884fc387b13d565
Author: Stefan Metzmacher <metze at samba.org>
Date: Thu Mar 23 12:54:40 2017 +0100
auth3: handle ROLE_ACTIVE_DIRECTORY_DC before lp_auth_methods() in make_auth_context_subsystem()
"auth methods" never works as AD DC at all, so there's not really a change.
This allows us to implement "auth methods" (temporary) for the auth4 stack.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=2976
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12709
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 0c21cd5cb548f574d7ee6434622eb79af6539d4e
Author: Stefan Metzmacher <metze at samba.org>
Date: Thu Mar 23 15:15:45 2017 +0100
selftest: temporary skip samba.blackbox.pdbtest.s4winbind
This will reenabled in a few commits.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=2976
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12709
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit ae2454c5be4a8314e504e65d46d1caaeff36fb31
Author: Stefan Metzmacher <metze at samba.org>
Date: Fri Mar 17 14:54:16 2017 +0100
auth4: reflect the reality and use "winbind_rodc" instead of "winbind" for the auth methods as AD_DC
Currently we always map any incoming domain to our own domain
in map_user_info_cracknames(), so that the winbind module is never
used at all, e.g. we're DC of W4EDOM-L4.BASE with a forest trust to W2012R2-L4.BASE:
[2017/03/22 10:09:54.268472, 3, pid=4724, effective(0, 0), real(0, 0)] ../source4/auth/ntlm/auth.c:271(auth_check_password_send)
auth_check_password_send: Checking password for unmapped user [W2012R2-L4]\[administrator]@[UB1404-163]
[2017/03/22 10:09:54.268496, 5, pid=4724, effective(0, 0), real(0, 0)] ../source4/auth/ntlm/auth_util.c:57(map_user_info_cracknames)
map_user_info_cracknames: Mapping user [W2012R2-L4]\[administrator] from workstation [UB1404-163]
auth_check_password_send: mapped user is: [W4EDOM-L4]\[administrator]@[UB1404-163]
That means the only condition in which "sam_ignoredomain" returns
NT_STATUS_NOT_IMPLEMENTED is the RODC case.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=2976
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12709
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 83dd7d033b8dc902f4ba3dbf733c7bfb079900f1
Author: Stefan Metzmacher <metze at samba.org>
Date: Thu Mar 23 11:57:49 2017 +0100
auth4: add a "winbind_rodc" backend
This is only active on a RODC.
The background for this is that we currently only ever
call the "winbind" module when we're an RODC,
otherwise everything is catched by "sam_ignoredomain" before.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=2976
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12709
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit daf1523effedb3d7c646ed231b053500dfc6d23d
Author: Stefan Metzmacher <metze at samba.org>
Date: Tue Mar 21 08:32:27 2017 +0100
auth: remove unused USER_INFO_LOCAL_SAM_ONLY/AUTH_METHOD_LOCAL_SAM defines
BUG: https://bugzilla.samba.org/show_bug.cgi?id=2976
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit b49c371762bf9c2ccd8d1da070e27d3f14cc347c
Author: Stefan Metzmacher <metze at samba.org>
Date: Tue Mar 21 08:32:27 2017 +0100
auth4: remove unused USER_INFO_LOCAL_SAM_ONLY/AUTH_METHOD_LOCAL_SAM handling
BUG: https://bugzilla.samba.org/show_bug.cgi?id=2976
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 800e248dcdfa4d202eaf31cb836ced55fde43487
Author: Stefan Metzmacher <metze at samba.org>
Date: Tue Mar 21 08:32:27 2017 +0100
auth3: remove unused USER_INFO_LOCAL_SAM_ONLY/AUTH_METHOD_LOCAL_SAM handling
BUG: https://bugzilla.samba.org/show_bug.cgi?id=2976
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 5bba164d15699fff9523424cf72de04221b736a2
Author: Stefan Metzmacher <metze at samba.org>
Date: Tue Mar 21 08:31:29 2017 +0100
winbindd: no longer use USER_INFO_LOCAL_SAM_ONLY
make_auth3_context_for_winbind() restricts the used auth backends now.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=2976
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit a363a7936cefd76d923c1106677ddc5c322e3bc5
Author: Stefan Metzmacher <metze at samba.org>
Date: Fri Mar 17 16:46:38 2017 +0100
auth3: only use "[samba4:]sam" in make_auth3_context_for_winbind()
This makes the USER_INFO_LOCAL_SAM_ONLY and AUTH_METHOD_LOCAL_SAM
interaction obsolete.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=2976
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 61e499cbaa291b512e8647e1288be7811bca2377
Author: Stefan Metzmacher <metze at samba.org>
Date: Thu Mar 16 16:47:15 2017 +0100
auth4: debug if method->ops->check_password() gives NOT_IMPLEMENTED
BUG: https://bugzilla.samba.org/show_bug.cgi?id=2976
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 541d6873479b2e7843c6ebc31e8fa238403f0416
Author: Stefan Metzmacher <metze at samba.org>
Date: Fri Mar 17 11:52:51 2017 +0100
auth: let auth4_context->check_ntlm_password() return pauthoritative
BUG: https://bugzilla.samba.org/show_bug.cgi?id=2976
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit d568ebbcf9500dc59a9938d8a0d62a7044102e65
Author: Stefan Metzmacher <metze at samba.org>
Date: Fri Mar 17 11:49:40 2017 +0100
ntlm_auth3: let contact_winbind_auth_crap() return pauthoritative
BUG: https://bugzilla.samba.org/show_bug.cgi?id=2976
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 4af89d534d17744c54ea2408190a25c27cec18ea
Author: Stefan Metzmacher <metze at samba.org>
Date: Fri Mar 17 11:16:36 2017 +0100
auth4: let auth_check_password* return pauthoritative
BUG: https://bugzilla.samba.org/show_bug.cgi?id=2976
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 65d5f845ed61641f42be614bb78391cba87e762a
Author: Stefan Metzmacher <metze at samba.org>
Date: Fri Mar 17 09:43:59 2017 +0100
auth3: let auth_check_ntlm_password() return pauthoritative
BUG: https://bugzilla.samba.org/show_bug.cgi?id=2976
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 111a6bfc035f133474d2cb764c5a489140eb5295
Author: Stefan Metzmacher <metze at samba.org>
Date: Fri Mar 17 09:42:38 2017 +0100
winbindd: let winbindd_dual_auth_passdb() return pauthoritative
BUG: https://bugzilla.samba.org/show_bug.cgi?id=2976
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 15d1da0a19c542205ead4063a518d2fa02aa35d9
Author: Volker Lendecke <vl at samba.org>
Date: Thu Mar 2 11:28:18 2017 +0100
winbindd: NT_STATUS_CANT_ACCESS_DOMAIN_INFO means "Dunno"
BUG: https://bugzilla.samba.org/show_bug.cgi?id=2976
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 74deb488e92d42f246a590c97c7c108f0fc3cd4d
Author: Stefan Metzmacher <metze at samba.org>
Date: Fri Mar 17 12:15:13 2017 +0100
netlogon4: make use of auth_context_create_for_netlogon()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=2976
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 2b685ffe04914db7b6af7261ba7c7657f1c63f3f
Author: Stefan Metzmacher <metze at samba.org>
Date: Fri Mar 17 12:08:59 2017 +0100
auth4: add auth_context_create_for_netlogon()
For now it's the same as auth_context_create(), but this will
change the in the next commits.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=2976
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit c173b4e3ef70a2a75b391b7581f87aae2fd67d22
Author: Stefan Metzmacher <metze at samba.org>
Date: Fri Mar 17 11:41:04 2017 +0100
auth4: make auth_check_password_wrapper() static
BUG: https://bugzilla.samba.org/show_bug.cgi?id=2976
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 29dc515be9cfac3a47d9c0a0b03858f7c8eedd90
Author: Stefan Metzmacher <metze at samba.org>
Date: Fri Mar 17 12:31:01 2017 +0100
auth3: make make_auth_context_subsystem() static
BUG: https://bugzilla.samba.org/show_bug.cgi?id=2976
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit eff81e32e5df7a0f87ae63f70f50e70f0384fb6d
Author: Stefan Metzmacher <metze at samba.org>
Date: Fri Mar 17 09:18:41 2017 +0100
winbindd: make use of make_auth3_context_for_winbind()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=2976
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 9b8b4093791f95c7b61b106bdfb88c7619654a76
Author: Stefan Metzmacher <metze at samba.org>
Date: Fri Mar 17 09:18:25 2017 +0100
netlogond3: make use of make_auth3_context_for_netlogon()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=2976
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 5627667fc6865157ca0bf6e92cb76c87ee42916d
Author: Stefan Metzmacher <metze at samba.org>
Date: Fri Mar 17 12:29:26 2017 +0100
pdbtest: make use of make_auth3_context_for_ntlm()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=2976
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 8fba95f362cfd7862b76de7b2bee0cba010311d0
Author: Stefan Metzmacher <metze at samba.org>
Date: Fri Mar 17 09:17:45 2017 +0100
auth3: make use of make_auth3_context_for_ntlm()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=2976
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 0a8aabbd86361dddbe23560c03fdb53d940a6b70
Author: Stefan Metzmacher <metze at samba.org>
Date: Fri Mar 17 09:13:02 2017 +0100
auth3: add make_auth3_context_for_{ntlm,netlogon,winbind}
For now they'll all do the same, but that will change in the following commits.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=2976
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 9e67fd41293525aae0a8b3fd95ce0d7e86d602f7
Author: Volker Lendecke <vl at samba.org>
Date: Mon Mar 13 08:22:27 2017 +0100
auth3: Remove unused make_auth_context_fixed
BUG: https://bugzilla.samba.org/show_bug.cgi?id=2976
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 0c50063decb41cfeb9b3ec2d52bada2e39b71ba8
Author: Volker Lendecke <vl at samba.org>
Date: Mon Mar 13 08:19:41 2017 +0100
pdbtest: Call make_auth_context_subsystem directly
Last caller of make_auth_context_fixed
BUG: https://bugzilla.samba.org/show_bug.cgi?id=2976
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit f1ec0c40d9f0b17e42ae2ec62f022035b23d88fa
Author: Stefan Metzmacher <metze at samba.org>
Date: Thu Mar 16 15:54:18 2017 +0100
netlogond3: only call make_auth_context_subsystem() in one place
BUG: https://bugzilla.samba.org/show_bug.cgi?id=2976
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit c6531b9df8ba20d1f5472a8d578a87a6d102b453
Author: Volker Lendecke <vl at samba.org>
Date: Mon Mar 13 08:14:00 2017 +0100
netlogond3: Call make_auth_context_subsystem directly
Soon we'll call specific methods here
BUG: https://bugzilla.samba.org/show_bug.cgi?id=2976
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 7f78cea66f812ea428dbce010b6a3eced2fab294
Author: Volker Lendecke <vl at samba.org>
Date: Thu Mar 9 15:19:06 2017 +0100
netlogond3: "authorititative" is a uint8
BUG: https://bugzilla.samba.org/show_bug.cgi?id=2976
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit ab6ae3af39410507641117c1c251626da84d6538
Author: Volker Lendecke <vl at samba.org>
Date: Mon Mar 13 08:14:00 2017 +0100
winbindd: Call make_auth_context_subsystem directly
Soon we'll call specific methods here
BUG: https://bugzilla.samba.org/show_bug.cgi?id=2976
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 2a6388cdcf6a22973529f280b3ce56bb65d741a2
Author: Volker Lendecke <vl at samba.org>
Date: Mon Mar 13 08:08:44 2017 +0100
auth3: Introduce auth3_context_set_challenge
BUG: https://bugzilla.samba.org/show_bug.cgi?id=2976
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 51056c2cefe6b2c4ef5b8583ec145fb0664de714
Author: Volker Lendecke <vl at samba.org>
Date: Sat Feb 11 15:44:01 2017 +0100
auth3: Simplify the logic in auth_check_ntlm_password
Move everything but the strict loop logic outside. This makes the
loop exit condition clearer to me: Anything but NOT_IMPLEMENTED breaks
the loop.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=2976
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit c98614152cad7a463d4008064f140134cc5b8441
Author: Volker Lendecke <vl at samba.org>
Date: Sat Feb 11 15:05:52 2017 +0100
auth3: Don't try other auth modules on any error
So far if any kind of error has happened, we just tried further auth
modules. An auth module should have the chance to definitely say "no,
this is a valid error, no further attempts anywhere else". The protocol
so far was for an auth module to return NT_STATUS_NOT_IMPLEMENTED if it
wanted to pass on to other modules, but any error led to the next auth
modules also being given a try.
This patch makes any auth module return code except NOT_IMPLEMENTED to
terminate the loop, such that every module has to explicitly request to
pass on to the next module via NOT_IMPLEMENTED.
All modules we reference in make_auth_context_subsystem() have code to
explicitly say "not for me please" with NOT_IMPLEMENTED.
This *might* break existing setups which fail in for example "guest" or
"winbind" due to other reasons. I prefer it this way though, because
adding another parameter like "This is a real authoritative failure,
don't go looking somewhere else" will only add to the mess.
But it's more a theoretical than a practical change with the
default auth backends.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=2976
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 1e82d82571d33e0ff50c3f5fc461bf9dddc18fa5
Author: Volker Lendecke <vl at samba.org>
Date: Mon Mar 13 08:58:43 2017 +0100
auth3: Introduce make_auth_context_specific
Take a string instead of a string list. Simplifies
make_auth_context_subsystem and later similar callers
BUG: https://bugzilla.samba.org/show_bug.cgi?id=2976
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit b78de58e578eaa00391b87abbfd905726ecb559f
Author: Volker Lendecke <vl at samba.org>
Date: Mon Mar 13 08:43:06 2017 +0100
auth3: Slightly simplify make_auth_context_subsystem() step2
Use "git show -b" to see the simple diff.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=2976
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 3fd7707cdfdbc2dc59064143328aad3c29cba2a8
Author: Volker Lendecke <vl at samba.org>
Date: Mon Mar 13 08:43:06 2017 +0100
auth3: Slightly simplify make_auth_context_subsystem() step1
BUG: https://bugzilla.samba.org/show_bug.cgi?id=2976
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 2b4c803ece765f4b8d3447feb55ea8bbf0b6411d
Author: Volker Lendecke <vl at samba.org>
Date: Mon Mar 6 14:32:18 2017 +0100
wbinfo: Add "authoritative" to wbinfo -a output
BUG: https://bugzilla.samba.org/show_bug.cgi?id=2976
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 03b5585709c60661ac1fbb26a1297ac11a51097b
Author: Stefan Metzmacher <metze at samba.org>
Date: Thu Mar 23 09:37:22 2017 +0100
auth4: add TODO comment on the auth_sam_trigger_repl_secret msDS-NeverRevealGroup interaction
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
-----------------------------------------------------------------------
Summary of changes:
auth/common_auth.h | 5 +-
auth/ntlmssp/ntlmssp_server.c | 3 +
nsswitch/wbinfo.c | 4 +-
source3/auth/auth.c | 245 ++++++++++++++------------
source3/auth/auth_generic.c | 6 +-
source3/auth/auth_ntlmssp.c | 16 +-
source3/auth/auth_sam.c | 3 +-
source3/auth/auth_samba4.c | 12 +-
source3/auth/proto.h | 22 ++-
source3/rpc_server/netlogon/srv_netlog_nt.c | 33 ++--
source3/torture/pdbtest.c | 22 ++-
source3/utils/ntlm_auth.c | 16 +-
source3/utils/ntlm_auth_diagnostics.c | 15 +-
source3/utils/ntlm_auth_proto.h | 1 +
source3/winbindd/winbindd_pam.c | 48 +++--
source4/auth/auth.h | 17 +-
source4/auth/ntlm/auth.c | 85 ++++++---
source4/auth/ntlm/auth_sam.c | 7 +-
source4/auth/ntlm/auth_simple.c | 4 +-
source4/auth/ntlm/auth_winbind.c | 55 ++++++
source4/rpc_server/netlogon/dcerpc_netlogon.c | 22 ++-
source4/selftest/tests.py | 4 +-
source4/smb_server/smb/sesssetup.c | 9 +-
23 files changed, 427 insertions(+), 227 deletions(-)
Changeset truncated at 500 lines:
diff --git a/auth/common_auth.h b/auth/common_auth.h
index d1a775d..8cbfc54 100644
--- a/auth/common_auth.h
+++ b/auth/common_auth.h
@@ -26,7 +26,7 @@
#define USER_INFO_CASE_INSENSITIVE_PASSWORD 0x02 /* password may be in any case */
#define USER_INFO_DONT_CHECK_UNIX_ACCOUNT 0x04 /* don't check unix account status */
#define USER_INFO_INTERACTIVE_LOGON 0x08 /* Interactive logon */
-#define USER_INFO_LOCAL_SAM_ONLY 0x10 /* Only authenticate against the local SAM, do not map missing passwords to NO_SUCH_USER */
+/*unused #define USER_INFO_LOCAL_SAM_ONLY 0x10 Only authenticate against the local SAM, do not map missing passwords to NO_SUCH_USER */
#define USER_INFO_INFO3_AND_NO_AUTHZ 0x20 /* Only fill in server_info->info3 and do not do any authorization steps */
enum auth_password_state {
@@ -79,8 +79,6 @@ struct loadparm_context;
struct ldb_context;
struct smb_krb5_context;
-#define AUTH_METHOD_LOCAL_SAM 0x01
-
struct auth4_context {
struct {
/* Who set this up in the first place? */
@@ -110,6 +108,7 @@ struct auth4_context {
NTSTATUS (*check_ntlm_password)(struct auth4_context *auth_ctx,
TALLOC_CTX *mem_ctx,
const struct auth_usersupplied_info *user_info,
+ uint8_t *pauthoritative,
void **server_returned_info,
DATA_BLOB *nt_session_key, DATA_BLOB *lm_session_key);
diff --git a/auth/ntlmssp/ntlmssp_server.c b/auth/ntlmssp/ntlmssp_server.c
index ddee875..eab8121 100644
--- a/auth/ntlmssp/ntlmssp_server.c
+++ b/auth/ntlmssp/ntlmssp_server.c
@@ -726,9 +726,12 @@ static NTSTATUS ntlmssp_server_check_password(struct gensec_security *gensec_sec
user_info->password.response.nt.data = talloc_steal(user_info, ntlmssp_state->nt_resp.data);
if (auth_context->check_ntlm_password) {
+ uint8_t authoritative = 0;
+
nt_status = auth_context->check_ntlm_password(auth_context,
gensec_ntlmssp,
user_info,
+ &authoritative,
&gensec_ntlmssp->server_returned_info,
user_session_key, lm_session_key);
}
diff --git a/nsswitch/wbinfo.c b/nsswitch/wbinfo.c
index 80b245a..57f2b3b 100644
--- a/nsswitch/wbinfo.c
+++ b/nsswitch/wbinfo.c
@@ -1823,13 +1823,15 @@ static bool wbinfo_auth_crap(char *username, bool use_ntlmv2, bool use_lanman)
if (wbc_status == WBC_ERR_AUTH_ERROR) {
d_fprintf(stderr,
- "wbcAuthenticateUserEx(%s%c%s): error code was %s (0x%x)\n"
+ "wbcAuthenticateUserEx(%s%c%s): error code was "
+ "%s (0x%x, authoritative=%"PRIu8")\n"
"error message was: %s\n",
name_domain,
winbind_separator(),
name_user,
err->nt_string,
err->nt_status,
+ err->authoritative,
err->display_string);
wbcFreeMemory(err);
} else if (WBC_ERROR_IS_OK(wbc_status)) {
diff --git a/source3/auth/auth.c b/source3/auth/auth.c
index 1cbe46e..e2e99a1 100644
--- a/source3/auth/auth.c
+++ b/source3/auth/auth.c
@@ -153,21 +153,25 @@ static bool check_domain_match(const char *user, const char *domain)
* filled in, either at creation or by calling the challenge geneation
* function auth_get_challenge().
*
- * @param server_info If successful, contains information about the authentication,
- * including a struct samu struct describing the user.
+ * @param pserver_info If successful, contains information about the authentication,
+ * including a struct samu struct describing the user.
+ *
+ * @param pauthoritative Indicates if the result should be treated as final
+ * result.
*
* @return An NTSTATUS with NT_STATUS_OK or an appropriate error.
*
**/
-
NTSTATUS auth_check_ntlm_password(TALLOC_CTX *mem_ctx,
const struct auth_context *auth_context,
const struct auth_usersupplied_info *user_info,
- struct auth_serversupplied_info **pserver_info)
+ struct auth_serversupplied_info **pserver_info,
+ uint8_t *pauthoritative)
{
TALLOC_CTX *frame;
+ const char *auth_method_name = "";
/* if all the modules say 'not for me' this is reasonable */
- NTSTATUS nt_status = NT_STATUS_NO_SUCH_USER;
+ NTSTATUS nt_status = NT_STATUS_NOT_IMPLEMENTED;
const char *unix_username;
auth_methods *auth_method;
struct auth_serversupplied_info *server_info;
@@ -178,6 +182,8 @@ NTSTATUS auth_check_ntlm_password(TALLOC_CTX *mem_ctx,
frame = talloc_stackframe();
+ *pauthoritative = 1;
+
DEBUG(3, ("check_ntlm_password: Checking password for unmapped user [%s]\\[%s]@[%s] with the new password interface\n",
user_info->client.domain_name, user_info->client.account_name, user_info->workstation_name));
@@ -214,53 +220,40 @@ NTSTATUS auth_check_ntlm_password(TALLOC_CTX *mem_ctx,
}
for (auth_method = auth_context->auth_method_list;auth_method; auth_method = auth_method->next) {
- NTSTATUS result;
-
- if (user_info->flags & USER_INFO_LOCAL_SAM_ONLY
- && !(auth_method->flags & AUTH_METHOD_LOCAL_SAM)) {
- continue;
- }
- result = auth_method->auth(auth_context,
- auth_method->private_data,
- talloc_tos(),
- user_info,
- &server_info);
-
- /* check if the module did anything */
- if (NT_STATUS_EQUAL(result, NT_STATUS_NOT_IMPLEMENTED)) {
- DEBUG(10,("check_ntlm_password: %s had nothing to say\n", auth_method->name));
- if (user_info->flags & USER_INFO_LOCAL_SAM_ONLY) {
- /* we don't expose the NT_STATUS_NOT_IMPLEMENTED
- * internals, except when the caller is only probing
- * one method, as they may do the fallback
- */
- nt_status = result;
- }
- continue;
- }
+ auth_method_name = auth_method->name;
- nt_status = result;
+ nt_status = auth_method->auth(auth_context,
+ auth_method->private_data,
+ talloc_tos(),
+ user_info,
+ &server_info);
- if (NT_STATUS_IS_OK(nt_status)) {
- DEBUG(3, ("check_ntlm_password: %s authentication for user [%s] succeeded\n",
- auth_method->name, user_info->client.account_name));
- } else {
- DEBUG(5, ("check_ntlm_password: %s authentication for user [%s] FAILED with error %s\n",
- auth_method->name, user_info->client.account_name, nt_errstr(nt_status)));
- }
-
- if (NT_STATUS_IS_OK(nt_status)) {
+ if (!NT_STATUS_EQUAL(nt_status, NT_STATUS_NOT_IMPLEMENTED)) {
break;
}
+
+ DBG_DEBUG("%s had nothing to say\n", auth_method->name);
}
- /* successful authentication */
+ if (NT_STATUS_EQUAL(nt_status, NT_STATUS_NOT_IMPLEMENTED)) {
+ *pauthoritative = 0;
+ nt_status = NT_STATUS_NO_SUCH_USER;
+ }
if (!NT_STATUS_IS_OK(nt_status)) {
+ DBG_INFO("%s authentication for user [%s] FAILED with "
+ "error %s, authoritative=%u\n",
+ auth_method_name,
+ user_info->client.account_name,
+ nt_errstr(nt_status),
+ *pauthoritative);
goto fail;
}
+ DBG_NOTICE("%s authentication for user [%s] succeeded\n",
+ auth_method_name, user_info->client.account_name);
+
unix_username = server_info->unix_name;
/* We skip doing this step if the caller asked us not to */
@@ -315,9 +308,10 @@ fail:
/* failed authentication; check for guest lapping */
- DEBUG(2, ("check_ntlm_password: Authentication for user [%s] -> [%s] FAILED with error %s\n",
+ DEBUG(2, ("check_ntlm_password: Authentication for user "
+ "[%s] -> [%s] FAILED with error %s, authoritative=%u\n",
user_info->client.account_name, user_info->mapped.account_name,
- nt_errstr(nt_status)));
+ nt_errstr(nt_status), *pauthoritative));
ZERO_STRUCTP(pserver_info);
TALLOC_FREE(frame);
@@ -461,90 +455,125 @@ static NTSTATUS make_auth_context_text_list(TALLOC_CTX *mem_ctx,
return NT_STATUS_OK;
}
+static NTSTATUS make_auth_context_specific(TALLOC_CTX *mem_ctx,
+ struct auth_context **auth_context,
+ const char *methods)
+{
+ char **method_list;
+ NTSTATUS status;
+
+ method_list = str_list_make_v3(talloc_tos(), methods, NULL);
+ if (method_list == NULL) {
+ return NT_STATUS_NO_MEMORY;
+ }
+
+ status = make_auth_context_text_list(
+ mem_ctx, auth_context, method_list);
+
+ TALLOC_FREE(method_list);
+
+ return status;
+}
+
/***************************************************************************
Make a auth_context struct for the auth subsystem
***************************************************************************/
-NTSTATUS make_auth_context_subsystem(TALLOC_CTX *mem_ctx,
- struct auth_context **auth_context)
+static NTSTATUS make_auth_context_subsystem(TALLOC_CTX *mem_ctx,
+ struct auth_context **auth_context)
{
- char **auth_method_list = NULL;
+ const char *methods = NULL;
NTSTATUS nt_status;
- if (lp_auth_methods()
- && !(auth_method_list = str_list_copy(talloc_tos(),
- lp_auth_methods()))) {
- return NT_STATUS_NO_MEMORY;
+ switch (lp_server_role()) {
+ case ROLE_ACTIVE_DIRECTORY_DC:
+ DEBUG(5,("Making default auth method list for server role = "
+ "'active directory domain controller'\n"));
+ return make_auth_context_specific(mem_ctx, auth_context, "samba4");
+ default:
+ break;
}
- if (auth_method_list == NULL) {
- switch (lp_server_role())
- {
- case ROLE_DOMAIN_MEMBER:
- DEBUG(5,("Making default auth method list for server role = 'domain member'\n"));
- auth_method_list = str_list_make_v3(
- talloc_tos(), "guest sam winbind:ntdomain",
- NULL);
- break;
- case ROLE_DOMAIN_BDC:
- case ROLE_DOMAIN_PDC:
- DEBUG(5,("Making default auth method list for DC\n"));
- auth_method_list = str_list_make_v3(
- talloc_tos(),
- "guest sam winbind:trustdomain",
- NULL);
- break;
- case ROLE_STANDALONE:
- DEBUG(5,("Making default auth method list for server role = 'standalone server', encrypt passwords = yes\n"));
- if (lp_encrypt_passwords()) {
- auth_method_list = str_list_make_v3(
- talloc_tos(), "guest sam",
- NULL);
- } else {
- DEBUG(5,("Making default auth method list for server role = 'standalone server', encrypt passwords = no\n"));
- auth_method_list = str_list_make_v3(
- talloc_tos(), "guest unix", NULL);
- }
- break;
- case ROLE_ACTIVE_DIRECTORY_DC:
- DEBUG(5,("Making default auth method list for server role = 'active directory domain controller'\n"));
- auth_method_list = str_list_make_v3(
- talloc_tos(),
- "samba4",
- NULL);
- break;
- default:
- DEBUG(5,("Unknown auth method!\n"));
- return NT_STATUS_UNSUCCESSFUL;
- }
- } else {
+ if (lp_auth_methods()) {
DEBUG(5,("Using specified auth order\n"));
+ nt_status = make_auth_context_text_list(
+ mem_ctx, auth_context,
+ discard_const_p(char *, lp_auth_methods()));
+ return nt_status;
}
- nt_status = make_auth_context_text_list(mem_ctx, auth_context,
- auth_method_list);
+ switch (lp_server_role()) {
+ case ROLE_DOMAIN_MEMBER:
+ DEBUG(5,("Making default auth method list for server role = 'domain member'\n"));
+ methods = "guest sam winbind:ntdomain";
+ break;
+ case ROLE_DOMAIN_BDC:
+ case ROLE_DOMAIN_PDC:
+ DEBUG(5,("Making default auth method list for DC\n"));
+ methods = "guest sam winbind:trustdomain";
+ break;
+ case ROLE_STANDALONE:
+ DEBUG(5,("Making default auth method list for server role = 'standalone server', encrypt passwords = yes\n"));
+ if (lp_encrypt_passwords()) {
+ methods = "guest sam";
+ } else {
+ DEBUG(5,("Making default auth method list for server role = 'standalone server', encrypt passwords = no\n"));
+ methods = "guest unix";
+ }
+ break;
+ default:
+ DEBUG(5,("Unknown auth method!\n"));
+ return NT_STATUS_UNSUCCESSFUL;
+ }
- TALLOC_FREE(auth_method_list);
- return nt_status;
+ return make_auth_context_specific(mem_ctx, auth_context, methods);
}
-/***************************************************************************
- Make a auth_info struct with a fixed challenge
-***************************************************************************/
+NTSTATUS make_auth3_context_for_ntlm(TALLOC_CTX *mem_ctx,
+ struct auth_context **auth_context)
+{
+ return make_auth_context_subsystem(mem_ctx, auth_context);
+}
-NTSTATUS make_auth_context_fixed(TALLOC_CTX *mem_ctx,
- struct auth_context **auth_context,
- uchar chal[8])
+NTSTATUS make_auth3_context_for_netlogon(TALLOC_CTX *mem_ctx,
+ struct auth_context **auth_context)
{
- NTSTATUS nt_status;
- nt_status = make_auth_context_subsystem(mem_ctx, auth_context);
- if (!NT_STATUS_IS_OK(nt_status)) {
- return nt_status;
+ return make_auth_context_subsystem(mem_ctx, auth_context);
+}
+
+NTSTATUS make_auth3_context_for_winbind(TALLOC_CTX *mem_ctx,
+ struct auth_context **auth_context)
+{
+ const char *methods = NULL;
+
+ switch (lp_server_role()) {
+ case ROLE_STANDALONE:
+ case ROLE_DOMAIN_MEMBER:
+ case ROLE_DOMAIN_BDC:
+ case ROLE_DOMAIN_PDC:
+ methods = "sam";
+ break;
+ case ROLE_ACTIVE_DIRECTORY_DC:
+ methods = "samba4:sam";
+ break;
+ default:
+ DEBUG(5,("Unknown auth method!\n"));
+ return NT_STATUS_UNSUCCESSFUL;
}
- (*auth_context)->challenge = data_blob_talloc(*auth_context, chal, 8);
- (*auth_context)->challenge_set_by = "fixed";
- return nt_status;
+ return make_auth_context_specific(mem_ctx, auth_context, methods);
}
-
+bool auth3_context_set_challenge(struct auth_context *ctx, uint8_t chal[8],
+ const char *challenge_set_by)
+{
+ ctx->challenge = data_blob_talloc(ctx, chal, 8);
+ if (ctx->challenge.data == NULL) {
+ return false;
+ }
+ ctx->challenge_set_by = talloc_strdup(ctx, challenge_set_by);
+ if (ctx->challenge_set_by == NULL) {
+ return false;
+ }
+ return true;
+}
diff --git a/source3/auth/auth_generic.c b/source3/auth/auth_generic.c
index f9b9184..875b7ff 100644
--- a/source3/auth/auth_generic.c
+++ b/source3/auth/auth_generic.c
@@ -208,7 +208,7 @@ NTSTATUS make_auth4_context(TALLOC_CTX *mem_ctx, struct auth4_context **auth4_co
TALLOC_CTX *tmp_ctx = talloc_new(mem_ctx);
NT_STATUS_HAVE_NO_MEMORY(tmp_ctx);
- nt_status = make_auth_context_subsystem(tmp_ctx, &auth_context);
+ nt_status = make_auth3_context_for_ntlm(tmp_ctx, &auth_context);
if (!NT_STATUS_IS_OK(nt_status)) {
TALLOC_FREE(tmp_ctx);
return nt_status;
@@ -242,7 +242,7 @@ NTSTATUS auth_generic_prepare(TALLOC_CTX *mem_ctx,
TALLOC_CTX *tmp_ctx = talloc_new(mem_ctx);
NT_STATUS_HAVE_NO_MEMORY(tmp_ctx);
- nt_status = make_auth_context_subsystem(tmp_ctx, &auth_context);
+ nt_status = make_auth3_context_for_ntlm(tmp_ctx, &auth_context);
if (!NT_STATUS_IS_OK(nt_status)) {
TALLOC_FREE(tmp_ctx);
return nt_status;
@@ -389,10 +389,12 @@ NTSTATUS auth_check_password_session_info(struct auth4_context *auth_context,
{
NTSTATUS nt_status;
void *server_info;
+ uint8_t authoritative = 0;
nt_status = auth_context->check_ntlm_password(auth_context,
talloc_tos(),
user_info,
+ &authoritative,
&server_info, NULL, NULL);
if (NT_STATUS_IS_OK(nt_status)) {
diff --git a/source3/auth/auth_ntlmssp.c b/source3/auth/auth_ntlmssp.c
index a0e4902..a48c444 100644
--- a/source3/auth/auth_ntlmssp.c
+++ b/source3/auth/auth_ntlmssp.c
@@ -136,6 +136,7 @@ NTSTATUS auth3_set_challenge(struct auth4_context *auth4_context, const uint8_t
NTSTATUS auth3_check_password(struct auth4_context *auth4_context,
TALLOC_CTX *mem_ctx,
const struct auth_usersupplied_info *user_info,
+ uint8_t *pauthoritative,
void **server_returned_info,
DATA_BLOB *session_key, DATA_BLOB *lm_session_key)
{
@@ -146,6 +147,11 @@ NTSTATUS auth3_check_password(struct auth4_context *auth4_context,
NTSTATUS nt_status;
bool username_was_mapped;
+ /*
+ * Be authoritative by default.
+ */
+ *pauthoritative = 1;
+
/* The client has given us its machine name (which we only get over NBT transport).
We need to possibly reload smb.conf if smb.conf includes depend on the machine name. */
@@ -179,13 +185,16 @@ NTSTATUS auth3_check_password(struct auth4_context *auth4_context,
nt_status = auth_check_ntlm_password(mem_ctx,
auth_context,
mapped_user_info,
- &server_info);
+ &server_info,
+ pauthoritative);
if (!NT_STATUS_IS_OK(nt_status)) {
- DEBUG(5,("Checking NTLMSSP password for %s\\%s failed: %s\n",
+ DEBUG(5,("Checking NTLMSSP password for %s\\%s failed: "
+ "%s, authoritative=%u\n",
user_info->client.domain_name,
user_info->client.account_name,
- nt_errstr(nt_status)));
+ nt_errstr(nt_status),
+ *pauthoritative));
}
username_was_mapped = mapped_user_info->was_mapped;
@@ -199,6 +208,7 @@ NTSTATUS auth3_check_password(struct auth4_context *auth4_context,
user_info->client.domain_name,
&server_info);
if (NT_STATUS_IS_OK(nt_status)) {
+ *pauthoritative = 1;
*server_returned_info = talloc_steal(mem_ctx, server_info);
}
return nt_status;
diff --git a/source3/auth/auth_sam.c b/source3/auth/auth_sam.c
index c4100d5..5b53bca 100644
--- a/source3/auth/auth_sam.c
+++ b/source3/auth/auth_sam.c
@@ -121,8 +121,7 @@ static NTSTATUS auth_init_sam(struct auth_context *auth_context, const char *par
}
result->auth = auth_samstrict_auth;
result->name = "sam";
- result->flags = AUTH_METHOD_LOCAL_SAM;
- *auth_method = result;
+ *auth_method = result;
return NT_STATUS_OK;
}
diff --git a/source3/auth/auth_samba4.c b/source3/auth/auth_samba4.c
index a0d6afd3..4c83c2a 100644
--- a/source3/auth/auth_samba4.c
+++ b/source3/auth/auth_samba4.c
@@ -118,6 +118,7 @@ static NTSTATUS check_samba4_security(const struct auth_context *auth_context,
NTSTATUS nt_status;
--
Samba Shared Repository
More information about the samba-cvs
mailing list