[SCM] Samba Shared Repository - branch master updated
Andrew Bartlett
abartlet at samba.org
Wed Apr 28 04:33:01 UTC 2021
The branch, master has been updated
via eb573067425 docs-xml: Add doc entities for the options of the new cmdline parser
via 8560c310808 lib:cmdline: Add sanity check for options
via d945ed03c91 lib:cmdline: Add samba_cmdline_burn()
via 095bed6aa28 lib:cmdline: Set kerberos=required for --use-krb5-ccache=CCACHE
via 054d11f73a7 lib:cmdline: Implement legacy kerberos options
via 726ccf1d56b lib:cmdline: Parse cmdline options with popt
via e54f5f9527a lib:cmdline: Add callback for loading the config file
via 6c812505658 lib:cmdline: Add client credentials
via 5470da07c0f lib:cmdline: Add initial code for new cmdline option parser
via fcba4eb4329 auth:creds:tests: Add test for cli_credentials_get_password_and_obtained()
via bd2b1825015 auth:creds: Add cli_credentials_get_password_and_obtained()
via 3b78f4f0932 auth:creds:tests: Add test for cli_credentials_get_username_and_obtained()
via f33844b70b6 auth:creds: Add cli_credentials_get_username_and_obtained()
via f65a32fac10 auth:creds:tests: Add test for cli_credentials_set_gensec_features()
via 2fbc63cacc8 auth:creds: Add obtained arg to cli_credentials_set_gensec_features()
via 7accd900352 auth:creds: Use 'client protection' option for smb sign and encrypt defaults
via 4c4353705f3 lib:param: Add 'client protection' config option
via 5a751ea55e7 auth:creds:tests: Add test for cli_credentials_set_kerberos_state()
via 521f77c6671 auth:creds: Add obtained arg to cli_credentials_set_kerberos_state()
via a00726593c2 s4:rpc_server: Set Kerberos to desired
via 08be28241b8 selftest: Check the return code of setup_namespaces()
via 1cd233712e1 lib:param: Add 'client use kerberos' config parameter
via b2bad13ca35 s3:tests: Check for 'Client started' in the log
via f291b8f1571 tests: Use --configfile instead of -s
via 86f7bc7a372 testprogs: Use --suppress-prompt instead of -s for testparm
via fca9c56836c tests: Use ldbsearch '--scope instead of '-s'
via 9fb88e6ee79 docs-xml: Use 'desired' and 'required' for option 'client ipc signing'
via 293a941fc01 docs-xml: Use 'desired' and 'required' for option 'client signing'
via c54d5dbe0ce selftest: Specify /dev/null as the smbd config file
via 24c4fcf8115 s3:winbind: Pass the 'samba' daemon config file to winbindd
via 0b8433cf87f s4:winbind: Add a missing no memory check
via ceccb618207 file_server: Pass the 'samba' daemon config file to smbd
via d45eddb585c file_server: Add a missing no memory check
via 0e6e5f9c3a5 s3:utils: Link py_net only against needed cmdline_contexts library
via e45980ff5de build: Use bison at build time rather than lexyacc.sh to build the embedded heimdal
via c2c09113e55 heimdal: use correct prototype of yyparse()
via 3bb4a0df366 heimdal_build: Make HEIMDAL_BINARY be based on HEIMDAL_SUBSYSTEM
via 2ccd5c096aa HEIMDAL: Avoid yydebug compiler warning
via e84924fdfe2 python: remove 'from __future__ import unicode_literals'
via ba4aa2e8c1f python/hostconfig: remove 'from __future__ import absolute_import'
via c3a95b22aa1 python: remove all 'from __future__ import division'
via aecb2b779b8 python: remove all 'from __future__ import print_function'
via a4cce28bfa3 .gitlab-ci.yml: Always build the ubuntu1804-samba-o3 with --enable-coverage
via 836ad93795c .gitlab-ci.yml: Return code coverage reporting for "none" tasks
via 742ae6172f8 s3-modules: Fix "-Werror=maybe-uninitialized" errors only seen with -O3 and --enable-coverage
via 190e15dfb07 tests: Fix "-Werror=maybe-uninitialized" errors only seen with -O3 and --enable-coverage
via 225fefe6cf8 torture: Avoid -Werror=strict-overflow in -O3 coverage build
via b5984c3da0f .gitlab-ci.yml and autobuild: Publish the current HTML docs with the code coverage
from ca6a8037aa1 lib:replace: Fix a posible double free
https://git.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit eb5730674252b43251dc5799fa2225a65f2f570c
Author: Andreas Schneider <asn at samba.org>
Date: Fri Aug 21 13:33:09 2020 +0200
docs-xml: Add doc entities for the options of the new cmdline parser
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet at samba.org>
Autobuild-Date(master): Wed Apr 28 04:32:47 UTC 2021 on sn-devel-184
commit 8560c31080881f746946bb88ea8e549b3df97d63
Author: Andreas Schneider <asn at samba.org>
Date: Wed Sep 2 17:19:00 2020 +0200
lib:cmdline: Add sanity check for options
Make sure we don't have duplicate options!
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit d945ed03c91a11509356964ced8a2c76fdaa547c
Author: Andreas Schneider <asn at samba.org>
Date: Wed Aug 19 09:07:47 2020 +0200
lib:cmdline: Add samba_cmdline_burn()
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 095bed6aa280a9960a2d7dd4b6badb10cc1105ba
Author: Andreas Schneider <asn at samba.org>
Date: Thu Nov 12 11:45:05 2020 +0100
lib:cmdline: Set kerberos=required for --use-krb5-ccache=CCACHE
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 054d11f73a7c50427ff0ec4394ad2681dc0aa3ac
Author: Andreas Schneider <asn at samba.org>
Date: Mon Aug 31 17:42:57 2020 +0200
lib:cmdline: Implement legacy kerberos options
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 726ccf1d56b2979c827dd8586d1aeb6cb8de236c
Author: Andreas Schneider <asn at samba.org>
Date: Tue Aug 11 16:37:16 2020 +0200
lib:cmdline: Parse cmdline options with popt
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit e54f5f9527a9758e094187dd0dd71bc324fb63b4
Author: Andreas Schneider <asn at samba.org>
Date: Mon Aug 10 15:09:54 2020 +0200
lib:cmdline: Add callback for loading the config file
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 6c812505658d92c8d0fbed6cedc5d6520cbed627
Author: Andreas Schneider <asn at samba.org>
Date: Mon Jul 27 16:13:53 2020 +0200
lib:cmdline: Add client credentials
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 5470da07c0f9768749978a52def2582615c616f5
Author: Andreas Schneider <asn at samba.org>
Date: Thu Jul 16 15:15:07 2020 +0200
lib:cmdline: Add initial code for new cmdline option parser
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit fcba4eb4329641c535b809d268b04474df596c56
Author: Andreas Schneider <asn at samba.org>
Date: Tue Sep 1 15:36:20 2020 +0200
auth:creds:tests: Add test for cli_credentials_get_password_and_obtained()
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit bd2b18250158ba90768c304d2c7cb4d7e81d8dcd
Author: Andreas Schneider <asn at samba.org>
Date: Tue Sep 1 15:33:18 2020 +0200
auth:creds: Add cli_credentials_get_password_and_obtained()
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 3b78f4f093251bface20f307eb673ca632add34f
Author: Andreas Schneider <asn at samba.org>
Date: Tue Sep 1 13:33:19 2020 +0200
auth:creds:tests: Add test for cli_credentials_get_username_and_obtained()
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit f33844b70b6712fd5b909b730c5b4da582c06b20
Author: Andreas Schneider <asn at samba.org>
Date: Mon Aug 31 18:52:44 2020 +0200
auth:creds: Add cli_credentials_get_username_and_obtained()
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit f65a32fac10e2d96d95bddee37f12abea7036ba3
Author: Andreas Schneider <asn at samba.org>
Date: Tue Sep 1 13:28:12 2020 +0200
auth:creds:tests: Add test for cli_credentials_set_gensec_features()
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 2fbc63cacc81ab9e1dfdbe6d979c248c3bdea686
Author: Andreas Schneider <asn at samba.org>
Date: Thu Aug 20 10:50:30 2020 +0200
auth:creds: Add obtained arg to cli_credentials_set_gensec_features()
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 7accd9003521f38b03d1073890761f7d8dc8d675
Author: Andreas Schneider <asn at samba.org>
Date: Thu Aug 20 16:44:32 2020 +0200
auth:creds: Use 'client protection' option for smb sign and encrypt defaults
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 4c4353705f3303c91abe97766000ece18f724388
Author: Andreas Schneider <asn at samba.org>
Date: Thu Aug 20 10:18:08 2020 +0200
lib:param: Add 'client protection' config option
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 5a751ea55e74528e32a6b8dd356f6fe8683f5210
Author: Andreas Schneider <asn at samba.org>
Date: Tue Sep 1 13:01:56 2020 +0200
auth:creds:tests: Add test for cli_credentials_set_kerberos_state()
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 521f77c6671a0a088dedcdcafd264690c123b0b3
Author: Andreas Schneider <asn at samba.org>
Date: Wed Aug 19 15:46:11 2020 +0200
auth:creds: Add obtained arg to cli_credentials_set_kerberos_state()
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit a00726593c2f3b464e48c22e7a757aa1a06ecff2
Author: Andreas Schneider <asn at samba.org>
Date: Thu Apr 8 15:45:42 2021 +0200
s4:rpc_server: Set Kerberos to desired
This is required for ncalrpc_as_system to work. In FIPS enabled mode,
'client use kerberos' is forced to required. We need to allow
non-kerberos use for ncalrpc_as_system here.
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 08be28241b808845c4b51a4c47765a9416ca3aa7
Author: Andreas Schneider <asn at samba.org>
Date: Thu Apr 8 15:54:18 2021 +0200
selftest: Check the return code of setup_namespaces()
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 1cd233712e1a62d716a1d8b34ff3dca6a8f0f501
Author: Andreas Schneider <asn at samba.org>
Date: Wed Aug 19 11:34:02 2020 +0200
lib:param: Add 'client use kerberos' config parameter
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit b2bad13ca3545ea451c7858dace56195d18c4827
Author: Andreas Schneider <asn at samba.org>
Date: Wed Aug 26 11:27:59 2020 +0200
s3:tests: Check for 'Client started' in the log
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit f291b8f157156024fe6726ddf16218529b39f5e9
Author: Andreas Schneider <asn at samba.org>
Date: Wed Apr 14 11:44:51 2021 +0200
tests: Use --configfile instead of -s
We should use long options in tests to make clear what we are trying to
do.
Also the -s short option will be removed for --configfile later.
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 86f7bc7a3722a95cb2c0e45255affb1520e581f9
Author: Andreas Schneider <asn at samba.org>
Date: Fri Apr 9 14:33:09 2021 +0200
testprogs: Use --suppress-prompt instead of -s for testparm
We should use long options in tests to make clear what we are trying to
do.
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit fca9c56836cd28875d67eef6e33628f8a51ebd88
Author: Andreas Schneider <asn at samba.org>
Date: Thu Dec 17 12:25:15 2020 +0100
tests: Use ldbsearch '--scope instead of '-s'
We should use long options in tests to make clear what we are trying to
do.
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 9fb88e6ee79da8912b696bbbcda76f3020662bdf
Author: Andreas Schneider <asn at samba.org>
Date: Thu Dec 3 15:29:28 2020 +0100
docs-xml: Use 'desired' and 'required' for option 'client ipc signing'
For a better user experience we use disabled, desired, required
everywhere now. The arguments auto and mandatory are still working and
synonyms.
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 293a941fc01b14ab22d785a56ea17ea0b8363bf3
Author: Andreas Schneider <asn at samba.org>
Date: Thu Dec 3 15:25:59 2020 +0100
docs-xml: Use 'desired' and 'required' for option 'client signing'
For a better user experience we use disabled, desired, required
everywhere now. The arguments auto and mandatory are still working and
synonyms.
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit c54d5dbe0ce86beb166728d5925afd4b6afe0f34
Author: Andreas Schneider <asn at samba.org>
Date: Tue Jan 12 10:07:56 2021 +0100
selftest: Specify /dev/null as the smbd config file
smbd will require a smb.conf later.
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 24c4fcf811517593074a606d12327a3d2842c427
Author: Andreas Schneider <asn at samba.org>
Date: Mon Jan 11 16:30:44 2021 +0100
s3:winbind: Pass the 'samba' daemon config file to winbindd
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 0b8433cf87f7e106b3ff1695801ab5ce723a27e0
Author: Andreas Schneider <asn at samba.org>
Date: Mon Jan 11 16:27:48 2021 +0100
s4:winbind: Add a missing no memory check
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit ceccb6182072ec3ec7d1fe2fc3b85ad140a9e407
Author: Andreas Schneider <asn at samba.org>
Date: Mon Jan 11 16:24:23 2021 +0100
file_server: Pass the 'samba' daemon config file to smbd
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit d45eddb585ca3c6d4f1a165eaa2e2f5d766faef4
Author: Andreas Schneider <asn at samba.org>
Date: Mon Jan 11 16:24:00 2021 +0100
file_server: Add a missing no memory check
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 0e6e5f9c3a5d584dd6ef9401e7323cd198a41db8
Author: Andreas Schneider <asn at samba.org>
Date: Mon Apr 26 08:15:00 2021 +0200
s3:utils: Link py_net only against needed cmdline_contexts library
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit e45980ff5de27b4558e7dfe0ce4c7af39d9c8b6b
Author: Andrew Bartlett <abartlet at samba.org>
Date: Tue Mar 30 09:39:00 2021 +1300
build: Use bison at build time rather than lexyacc.sh to build the embedded heimdal
Because the filenames are changed to the *.tab.{h,c} format
a transitional header is added.
While the built compilers differ, the output of the compilers
and the resulting .o files have been verified not to have changed
on Ubuntu 20.04.
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
commit c2c09113e5598ae87dcf470cb85aaf1a62d03ba4
Author: Andrew Bartlett <abartlet at samba.org>
Date: Mon Apr 19 07:03:47 2021 +1200
heimdal: use correct prototype of yyparse()
As noted in 92c6891c368cae5c2402727c1f66f1c60778199d in upstream
Heimdal yyparse() returns an int.
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
commit 3bb4a0df36652821f77e674bca3e35d11254bc76
Author: Andrew Bartlett <abartlet at samba.org>
Date: Mon Apr 19 12:57:38 2021 +1200
heimdal_build: Make HEIMDAL_BINARY be based on HEIMDAL_SUBSYSTEM
This is imporatant as it ensures that the warning -> error
logic and overrides are done for source files directly
listed in a HEIMDAL_BINARY and a HEIMDAL_SUBSYSTEM.
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
commit 2ccd5c096aa77f3b81a60d01e1c97464f2681d43
Author: Viktor Dukhovni <viktor at twosigma.com>
Date: Mon Nov 14 06:51:17 2016 +1100
HEIMDAL: Avoid yydebug compiler warning
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
(cherry-picked from Heimdal commit 17d6d0ac1e8597e91d723399cbe9af9ea2e13f42)
commit e84924fdfe22829d8dcc733e4aa9bd3af30f0c66
Author: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Date: Wed Apr 28 01:07:51 2021 +0000
python: remove 'from __future__ import unicode_literals'
as well as a comment about Python 2 strings, which we don't want to be
reminded of.
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit ba4aa2e8c1f2c428212301f5584f2bd59252ecdb
Author: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Date: Wed Apr 28 01:06:06 2021 +0000
python/hostconfig: remove 'from __future__ import absolute_import'
obsolete in Python 3.
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit c3a95b22aa1cf9bacba57d094a1ec178ee77cd63
Author: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Date: Wed Apr 28 01:04:57 2021 +0000
python: remove all 'from __future__ import division'
This made '//' and '/' in Python 2 behave as in Python 3.
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit aecb2b779b88c13784b7c2691ae08da716d65ab2
Author: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Date: Wed Apr 28 01:02:37 2021 +0000
python: remove all 'from __future__ import print_function'
This made Python 2's print behave like Python 3's print().
In some cases, where we had:
from __future__ import print_function
"""Intended module documentation..."""
this will have the side effect of making the intended module documentation
work as the actual module documentation (i.e. becoming __doc__), because
it is once again the first statement in the module.
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit a4cce28bfa3c1d0cd7e05c4628f6931eef8ce69f
Author: Andrew Bartlett <abartlet at samba.org>
Date: Tue Apr 20 07:45:31 2021 +1200
.gitlab-ci.yml: Always build the ubuntu1804-samba-o3 with --enable-coverage
This ensures that the coverage build always works, as it can trigger different warnings.
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
commit 836ad93795c5719622d69971d657fa57dca9f1b9
Author: Andrew Bartlett <abartlet at samba.org>
Date: Mon Apr 19 21:09:03 2021 +1200
.gitlab-ci.yml: Return code coverage reporting for "none" tasks
This was lost early on with 54f26cfcf2587a2b1d97f466a886fa89a116eea1
which did not take into account code coverage, which stopped running
for these tasks very early on with
71595201bea9b3fa28357065fa137806f9220f38.
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
commit 742ae6172f82c7d77080bfda58fde33303bb5759
Author: Andrew Bartlett <abartlet at samba.org>
Date: Tue Apr 20 14:39:40 2021 +1200
s3-modules: Fix "-Werror=maybe-uninitialized" errors only seen with -O3 and --enable-coverage
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
commit 190e15dfb07b2b99398ea1874ae413c7a90f862e
Author: Andrew Bartlett <abartlet at samba.org>
Date: Tue Apr 20 14:38:37 2021 +1200
tests: Fix "-Werror=maybe-uninitialized" errors only seen with -O3 and --enable-coverage
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
commit 225fefe6cf8f1c0292f13104c7b51c3397b941ae
Author: Andrew Bartlett <abartlet at samba.org>
Date: Tue Apr 20 07:34:12 2021 +1200
torture: Avoid -Werror=strict-overflow in -O3 coverage build
The test_getinfo() function only needs to return if this happens
not how many times.
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
commit b5984c3da0f799368f739083a2d9f331e1a4e368
Author: Andrew Bartlett <abartlet at samba.org>
Date: Fri Apr 16 11:16:17 2021 +1200
.gitlab-ci.yml and autobuild: Publish the current HTML docs with the code coverage
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
-----------------------------------------------------------------------
Summary of changes:
.gitlab-ci-main.yml | 23 +-
auth/credentials/credentials.c | 134 +-
auth/credentials/credentials.h | 20 +-
auth/credentials/credentials_internal.h | 4 +-
auth/credentials/credentials_krb5.c | 4 +-
auth/credentials/credentials_ntlm.c | 2 +-
auth/credentials/credentials_secrets.c | 4 +-
auth/credentials/pycredentials.c | 6 +-
auth/credentials/tests/bind.py | 1 -
auth/credentials/tests/simple.c | 8 +-
auth/credentials/tests/test_creds.c | 81 +
docs-xml/build/DTD/samba.entities | 680 +++++++++
docs-xml/smbdotconf/security/clientipcsigning.xml | 6 +-
docs-xml/smbdotconf/security/clientprotection.xml | 51 +
docs-xml/smbdotconf/security/clientsigning.xml | 6 +-
docs-xml/smbdotconf/security/clientusekerberos.xml | 49 +
examples/ad-bench/time_group.sh | 8 +-
examples/ad-bench/time_join.sh | 4 +-
examples/ad-bench/time_ldap.sh | 10 +-
examples/ad-bench/time_user.sh | 8 +-
examples/winexe/winexe.c | 3 +-
file_server/file_server.c | 14 +
lib/cmdline/cmdline.c | 1185 +++++++++++++++
lib/cmdline/cmdline.h | 222 +++
lib/cmdline/cmdline_private.h | 117 ++
lib/cmdline/cmdline_s3.c | 113 ++
lib/cmdline/cmdline_s4.c | 97 ++
lib/cmdline/tests/test_cmdline.c | 95 ++
lib/cmdline/wscript | 32 +
lib/ldb/tests/test-generic.sh | 6 +-
lib/ldb/tests/test-tdb-features.sh | 4 +-
lib/param/loadparm.c | 18 +
lib/param/param_table.c | 20 +
lib/tdb/python/tdbdump.py | 1 -
libcli/drsuapi/tests/test_repl_decrypt.c | 8 +-
nsswitch/tests/test_idmap_ad.sh | 4 +-
nsswitch/tests/test_wbinfo_user_info_cached.sh | 2 +-
python/samba/dbchecker.py | 1 -
python/samba/emulate/traffic.py | 1 -
python/samba/graph.py | 2 -
python/samba/hostconfig.py | 1 -
python/samba/join.py | 1 -
python/samba/kcc/graph_utils.py | 1 -
python/samba/kcc/kcc_utils.py | 1 -
python/samba/ms_display_specifiers.py | 1 -
python/samba/ms_forest_updates_markdown.py | 1 -
python/samba/ms_schema.py | 1 -
python/samba/ms_schema_markdown.py | 1 -
python/samba/netcmd/domain.py | 2 -
python/samba/netcmd/drs.py | 1 -
python/samba/netcmd/gpo.py | 1 -
python/samba/netcmd/sites.py | 1 -
python/samba/netcmd/visualize.py | 2 -
python/samba/ntacls.py | 2 -
python/samba/tests/__init__.py | 1 -
python/samba/tests/audit_log_base.py | 2 -
python/samba/tests/audit_log_dsdb.py | 1 -
python/samba/tests/audit_log_pass_change.py | 1 -
python/samba/tests/auth_log.py | 1 -
python/samba/tests/auth_log_base.py | 1 -
python/samba/tests/auth_log_pass_change.py | 1 -
python/samba/tests/blackbox/downgradedatabase.py | 1 -
python/samba/tests/blackbox/mdsearch.py | 2 +-
python/samba/tests/blackbox/ndrdump.py | 1 -
python/samba/tests/blackbox/smbcacls.py | 1 -
python/samba/tests/blackbox/smbcacls_basic.py | 1 -
.../blackbox/smbcacls_dfs_propagate_inherit.py | 1 -
.../blackbox/smbcacls_propagate_inhertance.py | 1 -
python/samba/tests/blackbox/smbcontrol.py | 1 -
python/samba/tests/blackbox/smbcontrol_process.py | 1 -
python/samba/tests/complex_expressions.py | 1 -
python/samba/tests/dcerpc/dnsserver.py | 1 -
python/samba/tests/dcerpc/testrpc.py | 1 -
python/samba/tests/dns.py | 2 -
python/samba/tests/dns_base.py | 1 -
python/samba/tests/dns_forwarder.py | 1 -
python/samba/tests/dns_forwarder_helpers/server.py | 2 +-
python/samba/tests/docs.py | 30 +-
python/samba/tests/domain_backup_offline.py | 2 +-
python/samba/tests/graph.py | 2 -
python/samba/tests/group_audit.py | 2 -
python/samba/tests/ldap_referrals.py | 1 -
python/samba/tests/prefork_restart.py | 2 -
python/samba/tests/process_limits.py | 2 -
python/samba/tests/samba3sam.py | 2 -
python/samba/tests/samba_tool/visualize.py | 1 -
python/samba/tests/samba_tool/visualize_drs.py | 1 -
python/samba/upgradehelpers.py | 2 -
python/samba/uptodateness.py | 1 -
script/attr_count_read | 1 -
script/autobuild.py | 9 +-
script/compare_cc_results.py | 1 -
script/show_test_time | 1 -
script/traffic_learner | 1 -
script/traffic_replay | 1 -
selftest/format-subunit-json | 1 -
selftest/selftesthelpers.py | 1 -
selftest/subunithelper.py | 1 -
selftest/target/Samba3.pm | 6 +-
selftest/target/Samba4.pm | 64 +-
source3/auth/auth_generic.c | 8 +-
source3/lib/netapi/cm.c | 4 +-
source3/lib/netapi/netapi.c | 7 +-
source3/lib/util_cmdline.c | 12 +-
source3/libads/sasl.c | 3 +-
source3/libnet/libnet_join.c | 3 +-
source3/libsmb/cliconnect.c | 13 +-
source3/modules/vfs_ceph_snapshots.c | 2 +-
source3/param/loadparm.c | 15 +
source3/param/loadparm.h | 1 +
source3/passdb/passdb.c | 12 +-
source3/passdb/pdb_samba_dsdb.c | 6 +-
source3/rpc_client/cli_pipe.c | 4 +-
source3/rpcclient/rpcclient.c | 5 +-
.../script/tests/test_smbclient_log_basename.sh | 2 +-
source3/script/tests/test_wbinfo_sids2xids_int.py | 1 -
source3/utils/net_ads.c | 4 +-
source3/utils/net_util.c | 13 +-
source3/utils/ntlm_auth.c | 8 +-
source3/utils/wscript_build | 2 +-
source3/winbindd/winbindd_cm.c | 4 +-
source3/wscript | 9 -
source4/auth/gensec/gensec_gssapi.c | 4 +-
source4/auth/session.c | 3 +-
.../samdb/ldb_modules/tests/possibleinferiors.py | 1 -
source4/dsdb/tests/python/acl.py | 1 -
.../dsdb/tests/python/ad_dc_medley_performance.py | 1 -
source4/dsdb/tests/python/ad_dc_performance.py | 1 -
.../dsdb/tests/python/ad_dc_search_performance.py | 1 -
source4/dsdb/tests/python/attr_from_server.py | 1 -
source4/dsdb/tests/python/deletetest.py | 1 -
source4/dsdb/tests/python/dirsync.py | 1 -
source4/dsdb/tests/python/large_ldap.py | 1 -
source4/dsdb/tests/python/ldap.py | 1 -
source4/dsdb/tests/python/ldap_modify_order.py | 1 -
source4/dsdb/tests/python/ldap_schema.py | 1 -
source4/dsdb/tests/python/linked_attributes.py | 1 -
source4/dsdb/tests/python/login_basics.py | 1 -
source4/dsdb/tests/python/notification.py | 1 -
source4/dsdb/tests/python/password_lockout.py | 1 -
source4/dsdb/tests/python/password_lockout_base.py | 1 -
source4/dsdb/tests/python/passwords.py | 1 -
source4/dsdb/tests/python/rodc.py | 1 -
source4/dsdb/tests/python/rodc_rwdc.py | 1 -
source4/dsdb/tests/python/sam.py | 1 -
source4/dsdb/tests/python/sec_descriptor.py | 1 -
source4/dsdb/tests/python/sites.py | 1 -
source4/dsdb/tests/python/sort.py | 1 -
source4/dsdb/tests/python/subtree_rename.py | 1 -
source4/dsdb/tests/python/token_group.py | 1 -
source4/dsdb/tests/python/tombstone_reanimation.py | 1 -
source4/dsdb/tests/python/urgent_replication.py | 1 -
source4/dsdb/tests/python/user_account_control.py | 1 -
source4/dsdb/tests/python/vlv.py | 1 -
source4/heimdal/lib/asn1/asn1parse.c | 1582 --------------------
source4/heimdal/lib/asn1/asn1parse.h | 109 --
source4/heimdal/lib/com_err/compile_et.c | 5 +-
source4/heimdal/lib/com_err/parse.c | 637 --------
source4/heimdal/lib/com_err/parse.h | 20 -
source4/heimdal/lib/hx509/sel-gram.c | 589 --------
source4/heimdal/lib/hx509/sel-gram.h | 21 -
source4/heimdal_build/asn1parse.h | 1 +
source4/heimdal_build/lexyacc.sh | 42 -
source4/heimdal_build/parse.h | 1 +
source4/heimdal_build/sel-gram.h | 1 +
source4/heimdal_build/wscript_build | 27 +-
source4/heimdal_build/wscript_configure | 6 +
source4/lib/cmdline/popt_credentials.c | 9 +-
source4/libcli/ldap/ldap_bind.c | 8 +-
source4/rpc_server/dcerpc_server.c | 9 +
source4/script/depfilter.py | 1 -
source4/scripting/bin/gen_hresult.py | 1 -
source4/scripting/bin/gen_ntstatus.py | 3 -
source4/scripting/bin/gen_werror.py | 3 -
source4/scripting/bin/get-descriptors | 1 -
source4/scripting/bin/rebuildextendeddn | 1 -
source4/scripting/bin/samba_downgrade_db | 1 -
source4/scripting/bin/samba_kcc | 1 -
source4/scripting/bin/setup_dns.sh | 2 +-
source4/scripting/devel/addlotscontacts | 1 -
source4/scripting/devel/crackname | 1 -
source4/scripting/devel/demodirsync.py | 2 -
source4/scripting/devel/getncchanges | 1 -
source4/scripting/devel/pfm_verify.py | 1 -
source4/scripting/devel/rebuild_zone.sh | 4 +-
source4/scripting/devel/repl_cleartext_pwd.py | 1 -
source4/scripting/devel/speedtest.py | 1 -
source4/selftest/tests.py | 1 -
source4/setup/tests/blackbox_provision.sh | 4 +-
source4/setup/tests/blackbox_s3upgrade.sh | 10 +-
source4/setup/tests/blackbox_start_backup.sh | 2 +-
source4/setup/tests/blackbox_upgradeprovision.sh | 4 +-
source4/torture/drs/python/delete_object.py | 1 -
source4/torture/drs/python/drs_base.py | 1 -
source4/torture/drs/python/fsmo.py | 1 -
source4/torture/drs/python/getncchanges.py | 1 -
source4/torture/drs/python/repl_move.py | 1 -
source4/torture/drs/python/replica_sync.py | 1 -
source4/torture/drs/python/ridalloc_exop.py | 4 +-
source4/torture/drs/python/samba_tool_drs.py | 8 +-
.../torture/drs/python/samba_tool_drs_no_dns.py | 12 +-
.../torture/drs/python/samba_tool_drs_showrepl.py | 1 -
source4/torture/ldap/session_expiry.c | 5 +-
source4/torture/rpc/dsgetinfo.c | 10 +-
source4/torture/rpc/schannel.c | 8 +-
source4/winbind/winbindd.c | 14 +
testprogs/blackbox/dbcheck-links.sh | 36 +-
testprogs/blackbox/dbcheck-oldrelease.sh | 28 +-
testprogs/blackbox/ldapcmp_restoredc.sh | 2 +-
testprogs/blackbox/renamedc.sh | 20 +-
testprogs/blackbox/test_chgdcpass.sh | 4 +-
testprogs/blackbox/test_client_etypes.sh | 2 +-
testprogs/blackbox/test_kinit_heimdal.sh | 2 +-
testprogs/blackbox/test_kinit_mit.sh | 2 +-
testprogs/blackbox/test_ldb.sh | 22 +-
testprogs/blackbox/test_ldb_simple.sh | 2 +-
testprogs/blackbox/test_net_ads.sh | 12 +-
testprogs/blackbox/test_net_ads_dns.sh | 2 +-
testprogs/blackbox/test_net_ads_fips.sh | 2 +-
testprogs/blackbox/test_pdbtest.sh | 8 +-
testprogs/blackbox/test_samba-tool_ntacl.sh | 12 +-
testprogs/blackbox/test_samba_upgradedns.sh | 10 +-
testprogs/blackbox/test_trust_token.sh | 2 +-
testprogs/blackbox/test_weak_crypto.sh | 4 +-
testprogs/blackbox/test_weak_crypto_server.sh | 2 +-
testprogs/blackbox/tombstones-expunge.sh | 30 +-
testprogs/blackbox/upgradeprovision-oldrelease.sh | 6 +-
wscript | 12 +
wscript_build | 1 +
wscript_configure_embedded_heimdal | 3 +
230 files changed, 3389 insertions(+), 3427 deletions(-)
create mode 100644 docs-xml/smbdotconf/security/clientprotection.xml
create mode 100644 docs-xml/smbdotconf/security/clientusekerberos.xml
create mode 100644 lib/cmdline/cmdline.c
create mode 100644 lib/cmdline/cmdline.h
create mode 100644 lib/cmdline/cmdline_private.h
create mode 100644 lib/cmdline/cmdline_s3.c
create mode 100644 lib/cmdline/cmdline_s4.c
create mode 100644 lib/cmdline/tests/test_cmdline.c
create mode 100644 lib/cmdline/wscript
delete mode 100644 source4/heimdal/lib/asn1/asn1parse.c
delete mode 100644 source4/heimdal/lib/asn1/asn1parse.h
delete mode 100644 source4/heimdal/lib/com_err/parse.c
delete mode 100644 source4/heimdal/lib/com_err/parse.h
delete mode 100644 source4/heimdal/lib/hx509/sel-gram.c
delete mode 100644 source4/heimdal/lib/hx509/sel-gram.h
create mode 100644 source4/heimdal_build/asn1parse.h
delete mode 100755 source4/heimdal_build/lexyacc.sh
create mode 100644 source4/heimdal_build/parse.h
create mode 100644 source4/heimdal_build/sel-gram.h
Changeset truncated at 500 lines:
diff --git a/.gitlab-ci-main.yml b/.gitlab-ci-main.yml
index cbc812648e8..b0f81e674bb 100644
--- a/.gitlab-ci-main.yml
+++ b/.gitlab-ci-main.yml
@@ -131,6 +131,7 @@ include:
- "*.stdout"
- "*.stderr"
- "*.info"
+ - public
- system-info.txt
retry:
max: 2
@@ -432,6 +433,7 @@ pages:
- samba-fips
- samba-no-opath1
- samba-no-opath2
+ - ubuntu1804-samba-o3
script:
- ls -la *.info
- ./configure.developer
@@ -485,6 +487,22 @@ coverity:
# We build samba-o3 on all supported distributions
#
+# This job, which matches the main CI, needs to still do coverage so
+# we show the coverage on the "none" environment tests
+#
+# We want --enable-coverage specified here otherwise we will have a
+# different set of build options on the coverage build and can fail
+# when -O3 gets combined with --enable-coverage in the scheduled
+# builds.
+
+ubuntu1804-samba-o3:
+ extends: .shared_template
+ variables:
+ AUTOBUILD_JOB_NAME: samba-o3
+ SAMBA_CI_JOB_IMAGE: ${SAMBA_CI_CONTAINER_IMAGE_ubuntu1804}
+ SAMBA_CI_AUTOBUILD_ENABLE_COVERAGE: "--enable-coverage"
+
+# All other jobs do not want code coverage.
.samba-o3-template:
extends: .shared_template
variables:
@@ -494,11 +512,6 @@ coverity:
# do not run o3 for coverage since they are using different images
- $SAMBA_CI_AUTOBUILD_ENABLE_COVERAGE == ""
-ubuntu1804-samba-o3:
- extends: .samba-o3-template
- variables:
- SAMBA_CI_JOB_IMAGE: ${SAMBA_CI_CONTAINER_IMAGE_ubuntu1804}
-
ubuntu2004-samba-o3:
extends: .samba-o3-template
variables:
diff --git a/auth/credentials/credentials.c b/auth/credentials/credentials.c
index d851951c9ed..5c39569e34a 100644
--- a/auth/credentials/credentials.c
+++ b/auth/credentials/credentials.c
@@ -44,7 +44,7 @@ _PUBLIC_ struct cli_credentials *cli_credentials_init(TALLOC_CTX *mem_ctx)
cred->winbind_separator = '\\';
- cred->use_kerberos = CRED_USE_KERBEROS_DESIRED;
+ cred->kerberos_state = CRED_USE_KERBEROS_DESIRED;
cred->signing_state = SMB_SIGNING_DEFAULT;
@@ -108,10 +108,18 @@ _PUBLIC_ struct cli_credentials *cli_credentials_init_anon(TALLOC_CTX *mem_ctx)
return anon_credentials;
}
-_PUBLIC_ void cli_credentials_set_kerberos_state(struct cli_credentials *creds,
- enum credentials_use_kerberos use_kerberos)
+_PUBLIC_ bool cli_credentials_set_kerberos_state(struct cli_credentials *creds,
+ enum credentials_use_kerberos kerberos_state,
+ enum credentials_obtained obtained)
{
- creds->use_kerberos = use_kerberos;
+ if (obtained >= creds->kerberos_state_obtained) {
+ creds->kerberos_state = kerberos_state;
+ creds->kerberos_state_obtained = obtained;
+
+ return true;
+ }
+
+ return false;
}
_PUBLIC_ void cli_credentials_set_forced_sasl_mech(struct cli_credentials *creds,
@@ -129,7 +137,7 @@ _PUBLIC_ void cli_credentials_set_krb_forwardable(struct cli_credentials *creds,
_PUBLIC_ enum credentials_use_kerberos cli_credentials_get_kerberos_state(struct cli_credentials *creds)
{
- return creds->use_kerberos;
+ return creds->kerberos_state;
}
_PUBLIC_ const char *cli_credentials_get_forced_sasl_mech(struct cli_credentials *creds)
@@ -142,9 +150,18 @@ _PUBLIC_ enum credentials_krb_forwardable cli_credentials_get_krb_forwardable(st
return creds->krb_forwardable;
}
-_PUBLIC_ void cli_credentials_set_gensec_features(struct cli_credentials *creds, uint32_t gensec_features)
+_PUBLIC_ bool cli_credentials_set_gensec_features(struct cli_credentials *creds,
+ uint32_t gensec_features,
+ enum credentials_obtained obtained)
{
- creds->gensec_features = gensec_features;
+ if (obtained >= creds->gensec_features_obtained) {
+ creds->gensec_features_obtained = obtained;
+ creds->gensec_features = gensec_features;
+
+ return true;
+ }
+
+ return false;
}
_PUBLIC_ uint32_t cli_credentials_get_gensec_features(struct cli_credentials *creds)
@@ -180,6 +197,26 @@ _PUBLIC_ const char *cli_credentials_get_username(struct cli_credentials *cred)
return cred->username;
}
+/**
+ * @brief Obtain the username for this credentials context.
+ *
+ * @param[in] cred The credential context.
+ *
+ * @param[in] obtained A pointer to store the obtained information.
+ *
+ * return The user name or NULL if an error occured.
+ */
+_PUBLIC_ const char *
+cli_credentials_get_username_and_obtained(struct cli_credentials *cred,
+ enum credentials_obtained *obtained)
+{
+ if (obtained != NULL) {
+ *obtained = cred->username_obtained;
+ }
+
+ return cli_credentials_get_username(cred);
+}
+
_PUBLIC_ bool cli_credentials_set_username(struct cli_credentials *cred,
const char *val, enum credentials_obtained obtained)
{
@@ -409,6 +446,26 @@ _PUBLIC_ const char *cli_credentials_get_password(struct cli_credentials *cred)
return cred->password;
}
+/**
+ * @brief Obtain the password for this credentials context.
+ *
+ * @param[in] cred The credential context.
+ *
+ * @param[in] obtained A pointer to store the obtained information.
+ *
+ * return The user name or NULL if an error occured.
+ */
+_PUBLIC_ const char *
+cli_credentials_get_password_and_obtained(struct cli_credentials *cred,
+ enum credentials_obtained *obtained)
+{
+ if (obtained != NULL) {
+ *obtained = cred->password_obtained;
+ }
+
+ return cli_credentials_get_password(cred);
+}
+
/* Set a password on the credentials context, including an indication
* of 'how' the password was obtained */
@@ -939,6 +996,8 @@ _PUBLIC_ void cli_credentials_set_conf(struct cli_credentials *cred,
{
const char *sep = NULL;
const char *realm = lpcfg_realm(lp_ctx);
+ enum credentials_client_protection protection =
+ lpcfg_client_protection(lp_ctx);
cli_credentials_set_username(cred, "", CRED_UNINITIALISED);
if (lpcfg_parm_is_cmdline(lp_ctx, "workgroup")) {
@@ -968,6 +1027,20 @@ _PUBLIC_ void cli_credentials_set_conf(struct cli_credentials *cred,
if (cred->signing_state_obtained <= CRED_SMB_CONF) {
/* Will be set to default for invalid smb.conf values */
cred->signing_state = lpcfg_client_signing(lp_ctx);
+ if (cred->signing_state == SMB_SIGNING_DEFAULT) {
+ switch (protection) {
+ case CRED_CLIENT_PROTECTION_DEFAULT:
+ break;
+ case CRED_CLIENT_PROTECTION_PLAIN:
+ cred->signing_state = SMB_SIGNING_OFF;
+ break;
+ case CRED_CLIENT_PROTECTION_SIGN:
+ case CRED_CLIENT_PROTECTION_ENCRYPT:
+ cred->signing_state = SMB_SIGNING_REQUIRED;
+ break;
+ }
+ }
+
cred->signing_state_obtained = CRED_SMB_CONF;
}
@@ -980,7 +1053,43 @@ _PUBLIC_ void cli_credentials_set_conf(struct cli_credentials *cred,
if (cred->encryption_state_obtained <= CRED_SMB_CONF) {
/* Will be set to default for invalid smb.conf values */
cred->encryption_state = lpcfg_client_smb_encrypt(lp_ctx);
- cred->encryption_state_obtained = CRED_SMB_CONF;
+ if (cred->encryption_state == SMB_ENCRYPTION_DEFAULT) {
+ switch (protection) {
+ case CRED_CLIENT_PROTECTION_DEFAULT:
+ break;
+ case CRED_CLIENT_PROTECTION_PLAIN:
+ case CRED_CLIENT_PROTECTION_SIGN:
+ cred->encryption_state = SMB_ENCRYPTION_OFF;
+ break;
+ case CRED_CLIENT_PROTECTION_ENCRYPT:
+ cred->encryption_state = SMB_ENCRYPTION_REQUIRED;
+ break;
+ }
+ }
+ }
+
+ if (cred->kerberos_state_obtained <= CRED_SMB_CONF) {
+ /* Will be set to default for invalid smb.conf values */
+ cred->kerberos_state = lpcfg_client_use_kerberos(lp_ctx);
+ cred->kerberos_state_obtained = CRED_SMB_CONF;
+ }
+
+ if (cred->gensec_features_obtained <= CRED_SMB_CONF) {
+ switch (protection) {
+ case CRED_CLIENT_PROTECTION_DEFAULT:
+ break;
+ case CRED_CLIENT_PROTECTION_PLAIN:
+ cred->gensec_features = 0;
+ break;
+ case CRED_CLIENT_PROTECTION_SIGN:
+ cred->gensec_features = GENSEC_FEATURE_SIGN;
+ break;
+ case CRED_CLIENT_PROTECTION_ENCRYPT:
+ cred->gensec_features =
+ GENSEC_FEATURE_SIGN|GENSEC_FEATURE_SEAL;
+ break;
+ }
+ cred->gensec_features_obtained = CRED_SMB_CONF;
}
}
@@ -1105,7 +1214,9 @@ _PUBLIC_ void cli_credentials_set_anonymous(struct cli_credentials *cred)
cli_credentials_set_principal(cred, NULL, CRED_SPECIFIED);
cli_credentials_set_realm(cred, NULL, CRED_SPECIFIED);
cli_credentials_set_workstation(cred, "", CRED_UNINITIALISED);
- cli_credentials_set_kerberos_state(cred, CRED_USE_KERBEROS_DISABLED);
+ cli_credentials_set_kerberos_state(cred,
+ CRED_USE_KERBEROS_DISABLED,
+ CRED_SPECIFIED);
}
/**
@@ -1592,8 +1703,9 @@ _PUBLIC_ void cli_credentials_dump(struct cli_credentials *creds)
creds->self_service);
DBG_ERR(" Target service: %s\n",
creds->target_service);
- DBG_ERR(" Kerberos state: %s\n",
- krb5_state_to_str(creds->use_kerberos));
+ DBG_ERR(" Kerberos state: %s - %s\n",
+ krb5_state_to_str(creds->kerberos_state),
+ obtained_to_str(creds->kerberos_state_obtained));
DBG_ERR(" Kerberos forwardable ticket: %s\n",
krb5_fwd_to_str(creds->krb_forwardable));
DBG_ERR(" Signing state: %s - %s\n",
diff --git a/auth/credentials/credentials.h b/auth/credentials/credentials.h
index 1802e383594..04cf5138aec 100644
--- a/auth/credentials/credentials.h
+++ b/auth/credentials/credentials.h
@@ -61,6 +61,13 @@ enum credentials_use_kerberos {
CRED_USE_KERBEROS_REQUIRED,
};
+enum credentials_client_protection {
+ CRED_CLIENT_PROTECTION_DEFAULT = -1,
+ CRED_CLIENT_PROTECTION_PLAIN = 0,
+ CRED_CLIENT_PROTECTION_SIGN,
+ CRED_CLIENT_PROTECTION_ENCRYPT,
+};
+
enum credentials_krb_forwardable {
CRED_AUTO_KRB_FORWARDABLE = 0, /* Default, follow library defaults */
CRED_NO_KRB_FORWARDABLE, /* not forwardable */
@@ -84,6 +91,8 @@ struct cli_credentials *cli_credentials_init_server(TALLOC_CTX *mem_ctx,
void cli_credentials_set_anonymous(struct cli_credentials *cred);
bool cli_credentials_wrong_password(struct cli_credentials *cred);
const char *cli_credentials_get_password(struct cli_credentials *cred);
+const char *cli_credentials_get_password_and_obtained(struct cli_credentials *cred,
+ enum credentials_obtained *obtained);
void cli_credentials_get_ntlm_username_domain(struct cli_credentials *cred, TALLOC_CTX *mem_ctx,
const char **username,
const char **domain);
@@ -96,6 +105,8 @@ NTSTATUS cli_credentials_get_ntlm_response(struct cli_credentials *cred, TALLOC_
DATA_BLOB *_lm_session_key, DATA_BLOB *_session_key);
const char *cli_credentials_get_realm(struct cli_credentials *cred);
const char *cli_credentials_get_username(struct cli_credentials *cred);
+const char *cli_credentials_get_username_and_obtained(struct cli_credentials *cred,
+ enum credentials_obtained *obtained);
int cli_credentials_get_krb5_context(struct cli_credentials *cred,
struct loadparm_context *lp_ctx,
struct smb_krb5_context **smb_krb5_context);
@@ -132,8 +143,9 @@ int cli_credentials_get_client_gss_creds(struct cli_credentials *cred,
const char **error_string);
void cli_credentials_set_forced_sasl_mech(struct cli_credentials *creds,
const char *sasl_mech);
-void cli_credentials_set_kerberos_state(struct cli_credentials *creds,
- enum credentials_use_kerberos use_kerberos);
+bool cli_credentials_set_kerberos_state(struct cli_credentials *creds,
+ enum credentials_use_kerberos kerberos_state,
+ enum credentials_obtained obtained);
void cli_credentials_set_krb_forwardable(struct cli_credentials *creds,
enum credentials_krb_forwardable krb_forwardable);
bool cli_credentials_set_domain(struct cli_credentials *cred,
@@ -225,7 +237,9 @@ int cli_credentials_set_keytab_name(struct cli_credentials *cred,
struct loadparm_context *lp_ctx,
const char *keytab_name,
enum credentials_obtained obtained);
-void cli_credentials_set_gensec_features(struct cli_credentials *creds, uint32_t gensec_features);
+bool cli_credentials_set_gensec_features(struct cli_credentials *creds,
+ uint32_t gensec_features,
+ enum credentials_obtained obtained);
uint32_t cli_credentials_get_gensec_features(struct cli_credentials *creds);
int cli_credentials_set_ccache(struct cli_credentials *cred,
struct loadparm_context *lp_ctx,
diff --git a/auth/credentials/credentials_internal.h b/auth/credentials/credentials_internal.h
index 3b86b742448..afbda1a4b48 100644
--- a/auth/credentials/credentials_internal.h
+++ b/auth/credentials/credentials_internal.h
@@ -40,6 +40,8 @@ struct cli_credentials {
enum credentials_obtained signing_state_obtained;
enum credentials_obtained ipc_signing_state_obtained;
enum credentials_obtained encryption_state_obtained;
+ enum credentials_obtained kerberos_state_obtained;
+ enum credentials_obtained gensec_features_obtained;
/* Threshold values (essentially a MAX() over a number of the
* above) for the ccache and GSS credentials, to ensure we
@@ -101,7 +103,7 @@ struct cli_credentials {
bool machine_account;
/* Should we be trying to use kerberos? */
- enum credentials_use_kerberos use_kerberos;
+ enum credentials_use_kerberos kerberos_state;
/* Should we get a forwardable ticket? */
enum credentials_krb_forwardable krb_forwardable;
diff --git a/auth/credentials/credentials_krb5.c b/auth/credentials/credentials_krb5.c
index d7b1c430841..c03d80ac440 100644
--- a/auth/credentials/credentials_krb5.c
+++ b/auth/credentials/credentials_krb5.c
@@ -1433,7 +1433,9 @@ _PUBLIC_ void cli_credentials_set_impersonate_principal(struct cli_credentials *
cred->impersonate_principal = talloc_strdup(cred, principal);
talloc_free(cred->self_service);
cred->self_service = talloc_strdup(cred, self_service);
- cli_credentials_set_kerberos_state(cred, CRED_USE_KERBEROS_REQUIRED);
+ cli_credentials_set_kerberos_state(cred,
+ CRED_USE_KERBEROS_REQUIRED,
+ CRED_SPECIFIED);
}
/*
diff --git a/auth/credentials/credentials_ntlm.c b/auth/credentials/credentials_ntlm.c
index 1bec60e5dce..49505f64315 100644
--- a/auth/credentials/credentials_ntlm.c
+++ b/auth/credentials/credentials_ntlm.c
@@ -53,7 +53,7 @@ _PUBLIC_ NTSTATUS cli_credentials_get_ntlm_response(struct cli_credentials *cred
const struct samr_Password *nt_hash = NULL;
int rc;
- if (cred->use_kerberos == CRED_USE_KERBEROS_REQUIRED) {
+ if (cred->kerberos_state == CRED_USE_KERBEROS_REQUIRED) {
TALLOC_FREE(frame);
return NT_STATUS_INVALID_PARAMETER_MIX;
}
diff --git a/auth/credentials/credentials_secrets.c b/auth/credentials/credentials_secrets.c
index 58067a5bece..ab2c9ddeef9 100644
--- a/auth/credentials/credentials_secrets.c
+++ b/auth/credentials/credentials_secrets.c
@@ -391,7 +391,9 @@ _PUBLIC_ NTSTATUS cli_credentials_set_machine_account_db_ctx(struct cli_credenti
break;
}
}
- cli_credentials_set_kerberos_state(cred, use_kerberos);
+ cli_credentials_set_kerberos_state(cred,
+ use_kerberos,
+ CRED_SPECIFIED);
cli_credentials_set_username(cred, machine_account, CRED_SPECIFIED);
cli_credentials_set_password_last_changed_time(cred, secrets_tdb_lct);
cli_credentials_set_secure_channel_type(cred, secrets_tdb_secure_channel_type);
diff --git a/auth/credentials/pycredentials.c b/auth/credentials/pycredentials.c
index 4c9ad0bde44..0ba2618cec9 100644
--- a/auth/credentials/pycredentials.c
+++ b/auth/credentials/pycredentials.c
@@ -569,7 +569,7 @@ static PyObject *py_creds_set_kerberos_state(PyObject *self, PyObject *args)
if (!PyArg_ParseTuple(args, "i", &state))
return NULL;
- cli_credentials_set_kerberos_state(creds, state);
+ cli_credentials_set_kerberos_state(creds, state, CRED_SPECIFIED);
Py_RETURN_NONE;
}
@@ -842,7 +842,9 @@ static PyObject *py_creds_set_gensec_features(PyObject *self, PyObject *args)
if (!PyArg_ParseTuple(args, "I", &gensec_features))
return NULL;
- cli_credentials_set_gensec_features(creds, gensec_features);
+ cli_credentials_set_gensec_features(creds,
+ gensec_features,
+ CRED_SPECIFIED);
Py_RETURN_NONE;
}
diff --git a/auth/credentials/tests/bind.py b/auth/credentials/tests/bind.py
index ad465e94968..a256a930a8a 100755
--- a/auth/credentials/tests/bind.py
+++ b/auth/credentials/tests/bind.py
@@ -2,7 +2,6 @@
# -*- coding: utf-8 -*-
# This is unit with tests for LDAP access checks
-from __future__ import print_function
import optparse
import sys
import base64
diff --git a/auth/credentials/tests/simple.c b/auth/credentials/tests/simple.c
index b39d7a2251b..32a9ca7c533 100644
--- a/auth/credentials/tests/simple.c
+++ b/auth/credentials/tests/simple.c
@@ -73,7 +73,9 @@ static bool test_guess(struct torture_context *tctx)
const char *passwd_fd = getenv("PASSWD_FD");
const char *passwd_file = getenv("PASSWD_FILE");
- cli_credentials_set_kerberos_state(creds, CRED_USE_KERBEROS_REQUIRED);
+ cli_credentials_set_kerberos_state(creds,
+ CRED_USE_KERBEROS_REQUIRED,
+ CRED_SPECIFIED);
unsetenv("USER");
unsetenv("PASSWD_FD");
@@ -98,7 +100,9 @@ static bool test_guess(struct torture_context *tctx)
if (passwd_file != NULL) {
setenv("PASSWD_FILE", passwd_file, 1);
}
- cli_credentials_set_kerberos_state(creds, old_kerb_state);
+ cli_credentials_set_kerberos_state(creds,
+ old_kerb_state,
+ CRED_SPECIFIED);
return true;
}
diff --git a/auth/credentials/tests/test_creds.c b/auth/credentials/tests/test_creds.c
index f58b11112ea..0f482e38eaa 100644
--- a/auth/credentials/tests/test_creds.c
+++ b/auth/credentials/tests/test_creds.c
@@ -48,6 +48,8 @@ static void torture_creds_init(void **state)
const char *username = NULL;
const char *domain = NULL;
const char *password = NULL;
+ enum credentials_obtained usr_obtained = CRED_UNINITIALISED;
+ enum credentials_obtained pwd_obtained = CRED_UNINITIALISED;
bool ok;
creds = cli_credentials_init(mem_ctx);
@@ -71,6 +73,11 @@ static void torture_creds_init(void **state)
username = cli_credentials_get_username(creds);
assert_string_equal(username, "brot");
+ username = cli_credentials_get_username_and_obtained(creds,
+ &usr_obtained);
+ assert_int_equal(usr_obtained, CRED_SPECIFIED);
+ assert_string_equal(username, "brot");
+
password = cli_credentials_get_password(creds);
assert_null(password);
ok = cli_credentials_set_password(creds, "SECRET", CRED_SPECIFIED);
@@ -79,6 +86,11 @@ static void torture_creds_init(void **state)
password = cli_credentials_get_password(creds);
assert_string_equal(password, "SECRET");
+ password = cli_credentials_get_password_and_obtained(creds,
+ &pwd_obtained);
+ assert_int_equal(pwd_obtained, CRED_SPECIFIED);
+ assert_string_equal(password, "SECRET");
+
/* Run dump to check it works */
cli_credentials_dump(creds);
}
@@ -200,6 +212,73 @@ static void torture_creds_parse_string(void **state)
assert_int_equal(creds->password_obtained, CRED_SPECIFIED);
}
+static void torture_creds_krb5_state(void **state)
--
Samba Shared Repository
More information about the samba-cvs
mailing list