[SCM] Samba Shared Repository - branch master updated
Matthieu Patou
mat at samba.org
Fri Oct 14 01:43:07 MDT 2011
Hello Andrew,
On two of my machines with this patchset I have this error:
samba version 4.0.0alpha18-DEVELOPERBUILD started.
Copyright Andrew Tridgell and the Samba Team 1992-2011
Called with maxruntime 7500 - current ts 1318577424
samba: using 'standard' process model
Failed to start service 'rpc' - NT_STATUS_INVALID_SYSTEM_SERVICE
Starting Services failed - NT_STATUS_INVALID_SYSTEM_SERVICE
./bin/samba failed with status 1!
Lookup failed - NT_STATUS_IO_TIMEOUT
Lookup failed - NT_STATUS_HOST_UNREACHABLE
Lookup failed - NT_STATUS_IO_TIMEOUT
Lookup failed - NT_STATUS_HOST_UNREACHABLE
Lookup failed - NT_STATUS_IO_TIMEOUT
Lookup failed - NT_STATUS_HOST_UNREACHABLE
Lookup failed - NT_STATUS_IO_TIMEOUT
Lookup failed - NT_STATUS_HOST_UNREACHABLE
Lookup failed - NT_STATUS_IO_TIMEOUT
Lookup failed - NT_STATUS_HOST_UNREACHABLE
Lookup failed - NT_STATUS_IO_TIMEOUT
Lookup failed - NT_STATUS_HOST_UNREACHABLE
SAMBA LOG of: LOCALDC
samba version 4.0.0alpha18-DEVELOPERBUILD started.
Copyright Andrew Tridgell and the Samba Team 1992-2011
Called with maxruntime 7500 - current ts 1318577424
samba: using 'standard' process model
Failed to start service 'rpc' - NT_STATUS_INVALID_SYSTEM_SERVICE
Starting Services failed - NT_STATUS_INVALID_SYSTEM_SERVICE
./bin/samba failed with status 1!
I bissect and found that it's the first patch
b21b012756dbb9e7022280b34d7103a5dcbea6d6 that is causing the error.
Can you have a look ?
On 11/10/2011 06:14, Andrew Bartlett wrote:
> The branch, master has been updated
> via 4549862 gensec: trim header includes back to what is actually required
> via 534355f auth/credentials Declare remaining functions are public interfaces and put into credentials.h
> via fe02752 auth: move gensec_start.c to the top level
> via 561d834 auth: move credentials layer to the top level
> via 1255383 s4-s3-upgrade: Allow import (just without a uid mapping) where getpwnam fails
> via c9bb497 lib/param Avoid dyn_ defines that are not provided by the autoconf build
> via 1e5af9e lib/param Use strcasecmp_m rather than strcasecmp as this is banned in the s3 includes.h
> via 8f2741b lib/param Use talloc_strdup rather than strdup as strdup is banned in the s3 includes.h
> via 1b81af0 lib/param Avoid the name string_set as this is already used in the s3 param code
> via 15c97a8 lib/param Avoid the use of the name service_ok() which is used in the s3 param code
> via d0ecd1a lib/param: Remove unused #include of lib/socket/socket.h
> via 26de383 libcli/smb Move CSC_POLICY_* definition to smb_constants.h
> via b21b012 lib/param move source4 param code to the top level
> from 6bed577 pac: Fix wrong memory allocation check
>
> http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master
>
>
> - Log -----------------------------------------------------------------
> commit 454986298aa5696b0b029e2feba0109617aaf968
> Author: Andrew Bartlett<abartlet at samba.org>
> Date: Sun Oct 9 23:28:15 2011 +1100
>
> gensec: trim header includes back to what is actually required
>
> Autobuild-User: Andrew Bartlett<abartlet at samba.org>
> Autobuild-Date: Tue Oct 11 06:13:08 CEST 2011 on sn-devel-104
>
> commit 534355fecf5a14a36ec5a3d643bcf2140df2da4e
> Author: Andrew Bartlett<abartlet at samba.org>
> Date: Sun Oct 9 23:27:44 2011 +1100
>
> auth/credentials Declare remaining functions are public interfaces and put into credentials.h
>
> This is in preperation for this file being used by s3, and recognises that these are all
> reasonable, public interfaces but were not declared as such in the past.
>
> Andrew Bartlett
>
> commit fe02752ed6493efb7af28faa3d64d9fd7895d6f1
> Author: Andrew Bartlett<abartlet at samba.org>
> Date: Fri Oct 7 17:24:12 2011 +1100
>
> auth: move gensec_start.c to the top level
>
> This does not change who uses gensec for now, but makes it possible to
> write new gensec modules outside source4/
>
> Andrew Bartlett
>
> commit 561d834123a2a8a96954f7cca556f8838ab38b72
> Author: Andrew Bartlett<abartlet at samba.org>
> Date: Fri Oct 7 17:20:33 2011 +1100
>
> auth: move credentials layer to the top level
>
> This will allow gensec_start.c to move to the top level. This does not change
> what code uses the cli_credentials code, but allows the gensec code to be
> more broadly.
>
> Andrew Bartlett
>
> commit 1255383140a9b3fbd957c1f7ce47e89c17cc4eda
> Author: Andrew Bartlett<abartlet at samba.org>
> Date: Mon Oct 10 13:09:30 2011 +1100
>
> s4-s3-upgrade: Allow import (just without a uid mapping) where getpwnam fails
>
> This allows the tests to pass on systems without a jelmer user :-)
>
> Andrew Bartlett
>
> commit c9bb497f3f7fae8aa6ec4a4a45a2ac4047b640a5
> Author: Andrew Bartlett<abartlet at samba.org>
> Date: Sun Oct 9 23:25:11 2011 +1100
>
> lib/param Avoid dyn_ defines that are not provided by the autoconf build
>
> The autoconf build will never use these parameters or load the
> smb.conf with these defaults, so the defaults are not important.
>
> Andrew Bartlett
>
> commit 1e5af9ecd0567e0afbe29ee3d69d4537628a3d63
> Author: Andrew Bartlett<abartlet at samba.org>
> Date: Sun Oct 9 23:24:32 2011 +1100
>
> lib/param Use strcasecmp_m rather than strcasecmp as this is banned in the s3 includes.h
>
> commit 8f2741ba1ad0a300c6c044c363d2278573b1a4ca
> Author: Andrew Bartlett<abartlet at samba.org>
> Date: Sun Oct 9 23:23:45 2011 +1100
>
> lib/param Use talloc_strdup rather than strdup as strdup is banned in the s3 includes.h
>
> commit 1b81af0d56014275a4aece81325fdfe4b3cd699b
> Author: Andrew Bartlett<abartlet at samba.org>
> Date: Sun Oct 9 23:23:05 2011 +1100
>
> lib/param Avoid the name string_set as this is already used in the s3 param code
>
> commit 15c97a8ab36bda23ed08aacfd318b5717c53b20f
> Author: Andrew Bartlett<abartlet at samba.org>
> Date: Sun Oct 9 23:22:11 2011 +1100
>
> lib/param Avoid the use of the name service_ok() which is used in the s3 param code
>
> commit d0ecd1a59f2c577a75ee38c8b54d7b0fb82bdc7c
> Author: Andrew Bartlett<abartlet at samba.org>
> Date: Sun Oct 9 23:17:45 2011 +1100
>
> lib/param: Remove unused #include of lib/socket/socket.h
>
> commit 26de383c428a513a4aaceb2460ea6d20a088e2d4
> Author: Andrew Bartlett<abartlet at samba.org>
> Date: Sun Oct 9 23:16:55 2011 +1100
>
> libcli/smb Move CSC_POLICY_* definition to smb_constants.h
>
> This removes the duplicate definition between smb.h and lib/param/loadparm.c
> which in turn allows this file to be compiled with the s3 includes.h
>
> Andrew Bartlett
>
> commit b21b012756dbb9e7022280b34d7103a5dcbea6d6
> Author: Andrew Bartlett<abartlet at samba.org>
> Date: Thu Oct 6 19:34:50 2011 +1100
>
> lib/param move source4 param code to the top level
>
> This is done so that the lpcfg_ functions are available across the whole
> build, either with the struct loadparm_context loaded from an smb.conf directly
> or as a wrapper around the source3 param code.
>
> This is not the final, merged loadparm, but simply one step to make
> it easier to solve other problems while we make our slow progress
> on this difficult problem.
>
> Andrew Bartlett
>
> -----------------------------------------------------------------------
>
> Summary of changes:
> auth/credentials/credentials.c | 1001 ++++++
> auth/credentials/credentials.h | 337 ++
> .../auth => auth}/credentials/credentials_krb5.c | 0
> .../auth => auth}/credentials/credentials_krb5.h | 0
> .../auth => auth}/credentials/credentials_ntlm.c | 0
> .../credentials/credentials_secrets.c | 0
> {source4/auth => auth}/credentials/pycredentials.c | 0
> {source4/auth => auth}/credentials/pycredentials.h | 0
> .../credentials/samba-credentials.pc.in | 0
> {source4/auth => auth}/credentials/tests/bind.py | 0
> {source4/auth => auth}/credentials/tests/simple.c | 0
> {source4/auth => auth}/credentials/wscript_build | 0
> {source4/auth => auth}/gensec/gensec.pc.in | 0
> auth/gensec/gensec_start.c | 913 +++++
> auth/gensec/wscript_build | 14 +-
> auth/wscript_build | 1 +
> {source4 => lib}/param/generic.c | 0
> lib/param/loadparm.c | 3770 ++++++++++++++++++++
> {source4 => lib}/param/param.h | 0
> {source4 => lib}/param/samba-hostconfig.pc.in | 0
> lib/param/util.c | 266 ++
> lib/param/wscript_build | 24 +
> libcli/smb/smb_constants.h | 12 +
> nsswitch/libwbclient/tests/wbclient.c | 2 +-
> {source4/script => script}/mks3param.pl | 0
> source3/auth/auth_samba4.c | 2 +-
> source3/include/smb.h | 6 -
> source3/modules/vfs_dfs_samba4.c | 2 +-
> source3/param/loadparm_ctx.c | 2 +-
> source3/passdb/pdb_samba4.c | 2 +-
> source3/wscript_build | 2 +-
> source4/auth/credentials/credentials.c | 1002 ------
> source4/auth/credentials/credentials.h | 300 --
> source4/auth/gensec/cyrus_sasl.c | 1 +
> source4/auth/gensec/gensec_start.c | 948 -----
> source4/auth/gensec/gensec_util.c | 59 +
> source4/auth/gensec/schannel.c | 1 +
> source4/auth/gensec/wscript_build | 13 +-
> source4/auth/ntlm/wscript_build | 2 +-
> source4/auth/ntlmssp/ntlmssp.c | 1 +
> source4/auth/wscript_build | 1 -
> source4/libcli/raw/libcliraw.h | 2 +-
> source4/libcli/raw/signing.h | 4 -
> source4/libcli/wscript_build | 2 +-
> source4/librpc/wscript_build | 2 +-
> source4/ntvfs/wscript_build | 4 +-
> source4/param/loadparm.c | 3747 +-------------------
> source4/param/util.c | 266 --
> source4/param/wscript_build | 26 +-
> source4/scripting/python/samba/upgrade.py | 2 +-
> source4/selftest/tests.py | 2 +-
> source4/torture/libnetapi/libnetapi.c | 2 +-
> source4/torture/local/wscript_build | 2 +-
> source4/wscript_build | 4 +-
> 54 files changed, 6422 insertions(+), 6327 deletions(-)
> create mode 100644 auth/credentials/credentials.c
> create mode 100644 auth/credentials/credentials.h
> rename {source4/auth => auth}/credentials/credentials_krb5.c (100%)
> rename {source4/auth => auth}/credentials/credentials_krb5.h (100%)
> rename {source4/auth => auth}/credentials/credentials_ntlm.c (100%)
> rename {source4/auth => auth}/credentials/credentials_secrets.c (100%)
> rename {source4/auth => auth}/credentials/pycredentials.c (100%)
> rename {source4/auth => auth}/credentials/pycredentials.h (100%)
> rename {source4/auth => auth}/credentials/samba-credentials.pc.in (100%)
> rename {source4/auth => auth}/credentials/tests/bind.py (100%)
> rename {source4/auth => auth}/credentials/tests/simple.c (100%)
> rename {source4/auth => auth}/credentials/wscript_build (100%)
> rename {source4/auth => auth}/gensec/gensec.pc.in (100%)
> create mode 100644 auth/gensec/gensec_start.c
> rename {source4 => lib}/param/generic.c (100%)
> create mode 100644 lib/param/loadparm.c
> rename {source4 => lib}/param/param.h (100%)
> rename {source4 => lib}/param/samba-hostconfig.pc.in (100%)
> create mode 100644 lib/param/util.c
> rename {source4/script => script}/mks3param.pl (100%)
> delete mode 100644 source4/auth/credentials/credentials.c
> delete mode 100644 source4/auth/credentials/credentials.h
> delete mode 100644 source4/auth/gensec/gensec_start.c
> create mode 100644 source4/auth/gensec/gensec_util.c
> delete mode 100644 source4/param/util.c
>
>
> Changeset truncated at 500 lines:
>
> diff --git a/auth/credentials/credentials.c b/auth/credentials/credentials.c
> new file mode 100644
> index 0000000..ee60220
> --- /dev/null
> +++ b/auth/credentials/credentials.c
> @@ -0,0 +1,1001 @@
> +/*
> + Unix SMB/CIFS implementation.
> +
> + User credentials handling
> +
> + Copyright (C) Jelmer Vernooij 2005
> + Copyright (C) Tim Potter 2001
> + Copyright (C) Andrew Bartlett<abartlet at samba.org> 2005
> +
> + This program is free software; you can redistribute it and/or modify
> + it under the terms of the GNU General Public License as published by
> + the Free Software Foundation; either version 3 of the License, or
> + (at your option) any later version.
> +
> + This program is distributed in the hope that it will be useful,
> + but WITHOUT ANY WARRANTY; without even the implied warranty of
> + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
> + GNU General Public License for more details.
> +
> + You should have received a copy of the GNU General Public License
> + along with this program. If not, see<http://www.gnu.org/licenses/>.
> +*/
> +
> +#include "includes.h"
> +#include "librpc/gen_ndr/samr.h" /* for struct samrPassword */
> +#include "auth/credentials/credentials.h"
> +#include "libcli/auth/libcli_auth.h"
> +#include "tevent.h"
> +#include "param/param.h"
> +#include "system/filesys.h"
> +
> +/**
> + * Create a new credentials structure
> + * @param mem_ctx TALLOC_CTX parent for credentials structure
> + */
> +_PUBLIC_ struct cli_credentials *cli_credentials_init(TALLOC_CTX *mem_ctx)
> +{
> + struct cli_credentials *cred = talloc(mem_ctx, struct cli_credentials);
> + if (cred == NULL) {
> + return cred;
> + }
> +
> + cred->workstation_obtained = CRED_UNINITIALISED;
> + cred->username_obtained = CRED_UNINITIALISED;
> + cred->password_obtained = CRED_UNINITIALISED;
> + cred->domain_obtained = CRED_UNINITIALISED;
> + cred->realm_obtained = CRED_UNINITIALISED;
> + cred->ccache_obtained = CRED_UNINITIALISED;
> + cred->client_gss_creds_obtained = CRED_UNINITIALISED;
> + cred->principal_obtained = CRED_UNINITIALISED;
> + cred->keytab_obtained = CRED_UNINITIALISED;
> + cred->server_gss_creds_obtained = CRED_UNINITIALISED;
> +
> + cred->ccache_threshold = CRED_UNINITIALISED;
> + cred->client_gss_creds_threshold = CRED_UNINITIALISED;
> +
> + cred->workstation = NULL;
> + cred->username = NULL;
> + cred->password = NULL;
> + cred->old_password = NULL;
> + cred->domain = NULL;
> + cred->realm = NULL;
> + cred->principal = NULL;
> + cred->salt_principal = NULL;
> + cred->impersonate_principal = NULL;
> + cred->self_service = NULL;
> + cred->target_service = NULL;
> +
> + cred->bind_dn = NULL;
> +
> + cred->nt_hash = NULL;
> +
> + cred->lm_response.data = NULL;
> + cred->lm_response.length = 0;
> + cred->nt_response.data = NULL;
> + cred->nt_response.length = 0;
> +
> + cred->ccache = NULL;
> + cred->client_gss_creds = NULL;
> + cred->keytab = NULL;
> + cred->server_gss_creds = NULL;
> +
> + cred->workstation_cb = NULL;
> + cred->password_cb = NULL;
> + cred->username_cb = NULL;
> + cred->domain_cb = NULL;
> + cred->realm_cb = NULL;
> + cred->principal_cb = NULL;
> +
> + cred->priv_data = NULL;
> +
> + cred->netlogon_creds = NULL;
> + cred->secure_channel_type = SEC_CHAN_NULL;
> +
> + cred->kvno = 0;
> +
> + cred->password_last_changed_time = 0;
> +
> + cred->smb_krb5_context = NULL;
> +
> + cred->machine_account_pending = false;
> + cred->machine_account_pending_lp_ctx = NULL;
> +
> + cred->machine_account = false;
> +
> + cred->tries = 3;
> +
> + cred->callback_running = false;
> +
> + cli_credentials_set_kerberos_state(cred, CRED_AUTO_USE_KERBEROS);
> + cli_credentials_set_gensec_features(cred, 0);
> + cli_credentials_set_krb_forwardable(cred, CRED_AUTO_KRB_FORWARDABLE);
> +
> + return cred;
> +}
> +
> +/**
> + * Create a new anonymous credential
> + * @param mem_ctx TALLOC_CTX parent for credentials structure
> + */
> +_PUBLIC_ struct cli_credentials *cli_credentials_init_anon(TALLOC_CTX *mem_ctx)
> +{
> + struct cli_credentials *anon_credentials;
> +
> + anon_credentials = cli_credentials_init(mem_ctx);
> + cli_credentials_set_anonymous(anon_credentials);
> +
> + return anon_credentials;
> +}
> +
> +_PUBLIC_ void cli_credentials_set_kerberos_state(struct cli_credentials *creds,
> + enum credentials_use_kerberos use_kerberos)
> +{
> + creds->use_kerberos = use_kerberos;
> +}
> +
> +_PUBLIC_ void cli_credentials_set_krb_forwardable(struct cli_credentials *creds,
> + enum credentials_krb_forwardable krb_forwardable)
> +{
> + creds->krb_forwardable = krb_forwardable;
> +}
> +
> +_PUBLIC_ enum credentials_use_kerberos cli_credentials_get_kerberos_state(struct cli_credentials *creds)
> +{
> + return creds->use_kerberos;
> +}
> +
> +_PUBLIC_ enum credentials_krb_forwardable cli_credentials_get_krb_forwardable(struct cli_credentials *creds)
> +{
> + return creds->krb_forwardable;
> +}
> +
> +_PUBLIC_ void cli_credentials_set_gensec_features(struct cli_credentials *creds, uint32_t gensec_features)
> +{
> + creds->gensec_features = gensec_features;
> +}
> +
> +_PUBLIC_ uint32_t cli_credentials_get_gensec_features(struct cli_credentials *creds)
> +{
> + return creds->gensec_features;
> +}
> +
> +
> +/**
> + * Obtain the username for this credentials context.
> + * @param cred credentials context
> + * @retval The username set on this context.
> + * @note Return value will never be NULL except by programmer error.
> + */
> +_PUBLIC_ const char *cli_credentials_get_username(struct cli_credentials *cred)
> +{
> + if (cred->machine_account_pending) {
> + cli_credentials_set_machine_account(cred,
> + cred->machine_account_pending_lp_ctx);
> + }
> +
> + if (cred->username_obtained == CRED_CALLBACK&&
> + !cred->callback_running) {
> + cred->callback_running = true;
> + cred->username = cred->username_cb(cred);
> + cred->callback_running = false;
> + cred->username_obtained = CRED_SPECIFIED;
> + cli_credentials_invalidate_ccache(cred, cred->username_obtained);
> + }
> +
> + return cred->username;
> +}
> +
> +_PUBLIC_ bool cli_credentials_set_username(struct cli_credentials *cred,
> + const char *val, enum credentials_obtained obtained)
> +{
> + if (obtained>= cred->username_obtained) {
> + cred->username = talloc_strdup(cred, val);
> + cred->username_obtained = obtained;
> + cli_credentials_invalidate_ccache(cred, cred->username_obtained);
> + return true;
> + }
> +
> + return false;
> +}
> +
> +_PUBLIC_ bool cli_credentials_set_username_callback(struct cli_credentials *cred,
> + const char *(*username_cb) (struct cli_credentials *))
> +{
> + if (cred->username_obtained< CRED_CALLBACK) {
> + cred->username_cb = username_cb;
> + cred->username_obtained = CRED_CALLBACK;
> + return true;
> + }
> +
> + return false;
> +}
> +
> +_PUBLIC_ bool cli_credentials_set_bind_dn(struct cli_credentials *cred,
> + const char *bind_dn)
> +{
> + cred->bind_dn = talloc_strdup(cred, bind_dn);
> + return true;
> +}
> +
> +/**
> + * Obtain the BIND DN for this credentials context.
> + * @param cred credentials context
> + * @retval The username set on this context.
> + * @note Return value will be NULL if not specified explictly
> + */
> +_PUBLIC_ const char *cli_credentials_get_bind_dn(struct cli_credentials *cred)
> +{
> + return cred->bind_dn;
> +}
> +
> +
> +/**
> + * Obtain the client principal for this credentials context.
> + * @param cred credentials context
> + * @retval The username set on this context.
> + * @note Return value will never be NULL except by programmer error.
> + */
> +_PUBLIC_ const char *cli_credentials_get_principal_and_obtained(struct cli_credentials *cred, TALLOC_CTX *mem_ctx, enum credentials_obtained *obtained)
> +{
> + if (cred->machine_account_pending) {
> + cli_credentials_set_machine_account(cred,
> + cred->machine_account_pending_lp_ctx);
> + }
> +
> + if (cred->principal_obtained == CRED_CALLBACK&&
> + !cred->callback_running) {
> + cred->callback_running = true;
> + cred->principal = cred->principal_cb(cred);
> + cred->callback_running = false;
> + cred->principal_obtained = CRED_SPECIFIED;
> + cli_credentials_invalidate_ccache(cred, cred->principal_obtained);
> + }
> +
> + if (cred->principal_obtained< cred->username_obtained
> + || cred->principal_obtained< MAX(cred->domain_obtained, cred->realm_obtained)) {
> + if (cred->domain_obtained> cred->realm_obtained) {
> + *obtained = MIN(cred->domain_obtained, cred->username_obtained);
> + return talloc_asprintf(mem_ctx, "%s@%s",
> + cli_credentials_get_username(cred),
> + cli_credentials_get_domain(cred));
> + } else {
> + *obtained = MIN(cred->domain_obtained, cred->username_obtained);
> + return talloc_asprintf(mem_ctx, "%s@%s",
> + cli_credentials_get_username(cred),
> + cli_credentials_get_realm(cred));
> + }
> + }
> + *obtained = cred->principal_obtained;
> + return talloc_reference(mem_ctx, cred->principal);
> +}
> +
> +/**
> + * Obtain the client principal for this credentials context.
> + * @param cred credentials context
> + * @retval The username set on this context.
> + * @note Return value will never be NULL except by programmer error.
> + */
> +_PUBLIC_ const char *cli_credentials_get_principal(struct cli_credentials *cred, TALLOC_CTX *mem_ctx)
> +{
> + enum credentials_obtained obtained;
> + return cli_credentials_get_principal_and_obtained(cred, mem_ctx,&obtained);
> +}
> +
> +_PUBLIC_ bool cli_credentials_set_principal(struct cli_credentials *cred,
> + const char *val,
> + enum credentials_obtained obtained)
> +{
> + if (obtained>= cred->principal_obtained) {
> + cred->principal = talloc_strdup(cred, val);
> + cred->principal_obtained = obtained;
> + cli_credentials_invalidate_ccache(cred, cred->principal_obtained);
> + return true;
> + }
> +
> + return false;
> +}
> +
> +/* Set a callback to get the principal. This could be a popup dialog,
> + * a terminal prompt or similar. */
> +_PUBLIC_ bool cli_credentials_set_principal_callback(struct cli_credentials *cred,
> + const char *(*principal_cb) (struct cli_credentials *))
> +{
> + if (cred->principal_obtained< CRED_CALLBACK) {
> + cred->principal_cb = principal_cb;
> + cred->principal_obtained = CRED_CALLBACK;
> + return true;
> + }
> +
> + return false;
> +}
> +
> +/* Some of our tools are 'anonymous by default'. This is a single
> + * function to determine if authentication has been explicitly
> + * requested */
> +
> +_PUBLIC_ bool cli_credentials_authentication_requested(struct cli_credentials *cred)
> +{
> + if (cred->bind_dn) {
> + return true;
> + }
> +
> + if (cli_credentials_is_anonymous(cred)){
> + return false;
> + }
> +
> + if (cred->principal_obtained>= CRED_SPECIFIED) {
> + return true;
> + }
> + if (cred->username_obtained>= CRED_SPECIFIED) {
> + return true;
> + }
> +
> + if (cli_credentials_get_kerberos_state(cred) == CRED_MUST_USE_KERBEROS) {
> + return true;
> + }
> +
> + return false;
> +}
> +
> +/**
> + * Obtain the password for this credentials context.
> + * @param cred credentials context
> + * @retval If set, the cleartext password, otherwise NULL
> + */
> +_PUBLIC_ const char *cli_credentials_get_password(struct cli_credentials *cred)
> +{
> + if (cred->machine_account_pending) {
> + cli_credentials_set_machine_account(cred,
> + cred->machine_account_pending_lp_ctx);
> + }
> +
> + if (cred->password_obtained == CRED_CALLBACK&&
> + !cred->callback_running) {
> + cred->callback_running = true;
> + cred->password = cred->password_cb(cred);
> + cred->callback_running = false;
> + cred->password_obtained = CRED_CALLBACK_RESULT;
> + cli_credentials_invalidate_ccache(cred, cred->password_obtained);
> + }
> +
> + return cred->password;
> +}
> +
> +/* Set a password on the credentials context, including an indication
> + * of 'how' the password was obtained */
> +
> +_PUBLIC_ bool cli_credentials_set_password(struct cli_credentials *cred,
> + const char *val,
> + enum credentials_obtained obtained)
> +{
> + if (obtained>= cred->password_obtained) {
> + cred->password = talloc_strdup(cred, val);
> + cred->password_obtained = obtained;
> + cli_credentials_invalidate_ccache(cred, cred->password_obtained);
> +
> + cred->nt_hash = NULL;
> + cred->lm_response = data_blob(NULL, 0);
> + cred->nt_response = data_blob(NULL, 0);
> + return true;
> + }
> +
> + return false;
> +}
> +
> +_PUBLIC_ bool cli_credentials_set_password_callback(struct cli_credentials *cred,
> + const char *(*password_cb) (struct cli_credentials *))
> +{
> + if (cred->password_obtained< CRED_CALLBACK) {
> + cred->password_cb = password_cb;
> + cred->password_obtained = CRED_CALLBACK;
> + cli_credentials_invalidate_ccache(cred, cred->password_obtained);
> + return true;
> + }
> +
> + return false;
> +}
> +
> +/**
> + * Obtain the 'old' password for this credentials context (used for join accounts).
> + * @param cred credentials context
> + * @retval If set, the cleartext password, otherwise NULL
> + */
> +_PUBLIC_ const char *cli_credentials_get_old_password(struct cli_credentials *cred)
> +{
> + if (cred->machine_account_pending) {
> + cli_credentials_set_machine_account(cred,
> + cred->machine_account_pending_lp_ctx);
> + }
> +
> + return cred->old_password;
> +}
> +
> +_PUBLIC_ bool cli_credentials_set_old_password(struct cli_credentials *cred,
> + const char *val,
> + enum credentials_obtained obtained)
> +{
> + cred->old_password = talloc_strdup(cred, val);
> + return true;
> +}
> +
> +/**
> + * Obtain the password, in the form MD4(unicode(password)) for this credentials context.
> + *
> + * Sometimes we only have this much of the password, while the rest of
> + * the time this call avoids calling E_md4hash themselves.
> + *
> + * @param cred credentials context
> + * @retval If set, the cleartext password, otherwise NULL
> + */
> +_PUBLIC_ const struct samr_Password *cli_credentials_get_nt_hash(struct cli_credentials *cred,
> + TALLOC_CTX *mem_ctx)
> +{
> + const char *password = cli_credentials_get_password(cred);
> +
> + if (password) {
> + struct samr_Password *nt_hash = talloc(mem_ctx, struct samr_Password);
> + if (!nt_hash) {
> + return NULL;
> + }
> +
> + E_md4hash(password, nt_hash->hash);
> +
> + return nt_hash;
> + } else {
> + return cred->nt_hash;
> + }
> +}
> +
> +/**
> + * Obtain the 'short' or 'NetBIOS' domain for this credentials context.
> + * @param cred credentials context
> + * @retval The domain set on this context.
> + * @note Return value will never be NULL except by programmer error.
> + */
> +_PUBLIC_ const char *cli_credentials_get_domain(struct cli_credentials *cred)
> +{
> + if (cred->machine_account_pending) {
> + cli_credentials_set_machine_account(cred,
> + cred->machine_account_pending_lp_ctx);
> + }
> +
> + if (cred->domain_obtained == CRED_CALLBACK&&
> + !cred->callback_running) {
> + cred->callback_running = true;
> + cred->domain = cred->domain_cb(cred);
> + cred->callback_running = false;
> + cred->domain_obtained = CRED_SPECIFIED;
> + cli_credentials_invalidate_ccache(cred, cred->domain_obtained);
> + }
> +
> + return cred->domain;
> +}
> +
> +
> +_PUBLIC_ bool cli_credentials_set_domain(struct cli_credentials *cred,
> + const char *val,
> + enum credentials_obtained obtained)
> +{
> + if (obtained>= cred->domain_obtained) {
> + /* it is important that the domain be in upper case,
> + * particularly for the sensitive NTLMv2
> + * calculations */
> + cred->domain = strupper_talloc(cred, val);
> + cred->domain_obtained = obtained;
> + cli_credentials_invalidate_ccache(cred, cred->domain_obtained);
> + return true;
> + }
> +
> + return false;
> +}
> +
> +bool cli_credentials_set_domain_callback(struct cli_credentials *cred,
> + const char *(*domain_cb) (struct cli_credentials *))
>
>
--
Matthieu Patou
Samba Team
http://samba.org
More information about the samba-technical
mailing list