[SCM] Samba Shared Repository - branch master updated

Matthieu Patou mat at samba.org
Fri Oct 14 01:43:07 MDT 2011


Hello Andrew,

On two of my machines with this patchset I have this error:

samba version 4.0.0alpha18-DEVELOPERBUILD started.
Copyright Andrew Tridgell and the Samba Team 1992-2011
Called with maxruntime 7500 - current ts 1318577424
samba: using 'standard' process model
Failed to start service 'rpc' - NT_STATUS_INVALID_SYSTEM_SERVICE
Starting Services failed - NT_STATUS_INVALID_SYSTEM_SERVICE
./bin/samba failed with status 1!
Lookup failed - NT_STATUS_IO_TIMEOUT
Lookup failed - NT_STATUS_HOST_UNREACHABLE
Lookup failed - NT_STATUS_IO_TIMEOUT
Lookup failed - NT_STATUS_HOST_UNREACHABLE
Lookup failed - NT_STATUS_IO_TIMEOUT
Lookup failed - NT_STATUS_HOST_UNREACHABLE
Lookup failed - NT_STATUS_IO_TIMEOUT
Lookup failed - NT_STATUS_HOST_UNREACHABLE
Lookup failed - NT_STATUS_IO_TIMEOUT
Lookup failed - NT_STATUS_HOST_UNREACHABLE
Lookup failed - NT_STATUS_IO_TIMEOUT
Lookup failed - NT_STATUS_HOST_UNREACHABLE
SAMBA LOG of: LOCALDC
samba version 4.0.0alpha18-DEVELOPERBUILD started.
Copyright Andrew Tridgell and the Samba Team 1992-2011
Called with maxruntime 7500 - current ts 1318577424
samba: using 'standard' process model
Failed to start service 'rpc' - NT_STATUS_INVALID_SYSTEM_SERVICE
Starting Services failed - NT_STATUS_INVALID_SYSTEM_SERVICE
./bin/samba failed with status 1!

I bissect and found that it's the first patch 
b21b012756dbb9e7022280b34d7103a5dcbea6d6 that is causing the error.

Can you have a look ?



On 11/10/2011 06:14, Andrew Bartlett wrote:
> The branch, master has been updated
>         via  4549862 gensec: trim header includes back to what is actually required
>         via  534355f auth/credentials Declare remaining functions are public interfaces and put into credentials.h
>         via  fe02752 auth: move gensec_start.c to the top level
>         via  561d834 auth: move credentials layer to the top level
>         via  1255383 s4-s3-upgrade: Allow import (just without a uid mapping) where getpwnam fails
>         via  c9bb497 lib/param Avoid dyn_ defines that are not provided by the autoconf build
>         via  1e5af9e lib/param Use strcasecmp_m rather than strcasecmp as this is banned in the s3 includes.h
>         via  8f2741b lib/param Use talloc_strdup rather than strdup as strdup is banned in the s3 includes.h
>         via  1b81af0 lib/param Avoid the name string_set as this is already used in the s3 param code
>         via  15c97a8 lib/param Avoid the use of the name service_ok() which is used in the s3 param code
>         via  d0ecd1a lib/param: Remove unused #include of lib/socket/socket.h
>         via  26de383 libcli/smb Move CSC_POLICY_* definition to smb_constants.h
>         via  b21b012 lib/param move source4 param code to the top level
>        from  6bed577 pac: Fix wrong memory allocation check
>
> http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master
>
>
> - Log -----------------------------------------------------------------
> commit 454986298aa5696b0b029e2feba0109617aaf968
> Author: Andrew Bartlett<abartlet at samba.org>
> Date:   Sun Oct 9 23:28:15 2011 +1100
>
>      gensec: trim header includes back to what is actually required
>
>      Autobuild-User: Andrew Bartlett<abartlet at samba.org>
>      Autobuild-Date: Tue Oct 11 06:13:08 CEST 2011 on sn-devel-104
>
> commit 534355fecf5a14a36ec5a3d643bcf2140df2da4e
> Author: Andrew Bartlett<abartlet at samba.org>
> Date:   Sun Oct 9 23:27:44 2011 +1100
>
>      auth/credentials Declare remaining functions are public interfaces and put into credentials.h
>
>      This is in preperation for this file being used by s3, and recognises that these are all
>      reasonable, public interfaces but were not declared as such in the past.
>
>      Andrew Bartlett
>
> commit fe02752ed6493efb7af28faa3d64d9fd7895d6f1
> Author: Andrew Bartlett<abartlet at samba.org>
> Date:   Fri Oct 7 17:24:12 2011 +1100
>
>      auth: move gensec_start.c to the top level
>
>      This does not change who uses gensec for now, but makes it possible to
>      write new gensec modules outside source4/
>
>      Andrew Bartlett
>
> commit 561d834123a2a8a96954f7cca556f8838ab38b72
> Author: Andrew Bartlett<abartlet at samba.org>
> Date:   Fri Oct 7 17:20:33 2011 +1100
>
>      auth: move credentials layer to the top level
>
>      This will allow gensec_start.c to move to the top level.  This does not change
>      what code uses the cli_credentials code, but allows the gensec code to be
>      more broadly.
>
>      Andrew Bartlett
>
> commit 1255383140a9b3fbd957c1f7ce47e89c17cc4eda
> Author: Andrew Bartlett<abartlet at samba.org>
> Date:   Mon Oct 10 13:09:30 2011 +1100
>
>      s4-s3-upgrade: Allow import (just without a uid mapping) where getpwnam fails
>
>      This allows the tests to pass on systems without a jelmer user :-)
>
>      Andrew Bartlett
>
> commit c9bb497f3f7fae8aa6ec4a4a45a2ac4047b640a5
> Author: Andrew Bartlett<abartlet at samba.org>
> Date:   Sun Oct 9 23:25:11 2011 +1100
>
>      lib/param Avoid dyn_ defines that are not provided by the autoconf build
>
>      The autoconf build will never use these parameters or load the
>      smb.conf with these defaults, so the defaults are not important.
>
>      Andrew Bartlett
>
> commit 1e5af9ecd0567e0afbe29ee3d69d4537628a3d63
> Author: Andrew Bartlett<abartlet at samba.org>
> Date:   Sun Oct 9 23:24:32 2011 +1100
>
>      lib/param Use strcasecmp_m rather than strcasecmp as this is banned in the s3 includes.h
>
> commit 8f2741ba1ad0a300c6c044c363d2278573b1a4ca
> Author: Andrew Bartlett<abartlet at samba.org>
> Date:   Sun Oct 9 23:23:45 2011 +1100
>
>      lib/param Use talloc_strdup rather than strdup as strdup is banned in the s3 includes.h
>
> commit 1b81af0d56014275a4aece81325fdfe4b3cd699b
> Author: Andrew Bartlett<abartlet at samba.org>
> Date:   Sun Oct 9 23:23:05 2011 +1100
>
>      lib/param Avoid the name string_set as this is already used in the s3 param code
>
> commit 15c97a8ab36bda23ed08aacfd318b5717c53b20f
> Author: Andrew Bartlett<abartlet at samba.org>
> Date:   Sun Oct 9 23:22:11 2011 +1100
>
>      lib/param Avoid the use of the name service_ok() which is used in the s3 param code
>
> commit d0ecd1a59f2c577a75ee38c8b54d7b0fb82bdc7c
> Author: Andrew Bartlett<abartlet at samba.org>
> Date:   Sun Oct 9 23:17:45 2011 +1100
>
>      lib/param: Remove unused #include of lib/socket/socket.h
>
> commit 26de383c428a513a4aaceb2460ea6d20a088e2d4
> Author: Andrew Bartlett<abartlet at samba.org>
> Date:   Sun Oct 9 23:16:55 2011 +1100
>
>      libcli/smb Move CSC_POLICY_* definition to smb_constants.h
>
>      This removes the duplicate definition between smb.h and lib/param/loadparm.c
>      which in turn allows this file to be compiled with the s3 includes.h
>
>      Andrew Bartlett
>
> commit b21b012756dbb9e7022280b34d7103a5dcbea6d6
> Author: Andrew Bartlett<abartlet at samba.org>
> Date:   Thu Oct 6 19:34:50 2011 +1100
>
>      lib/param move source4 param code to the top level
>
>      This is done so that the lpcfg_ functions are available across the whole
>      build, either with the struct loadparm_context loaded from an smb.conf directly
>      or as a wrapper around the source3 param code.
>
>      This is not the final, merged loadparm, but simply one step to make
>      it easier to solve other problems while we make our slow progress
>      on this difficult problem.
>
>      Andrew Bartlett
>
> -----------------------------------------------------------------------
>
> Summary of changes:
>   auth/credentials/credentials.c                     | 1001 ++++++
>   auth/credentials/credentials.h                     |  337 ++
>   .../auth =>  auth}/credentials/credentials_krb5.c   |    0
>   .../auth =>  auth}/credentials/credentials_krb5.h   |    0
>   .../auth =>  auth}/credentials/credentials_ntlm.c   |    0
>   .../credentials/credentials_secrets.c              |    0
>   {source4/auth =>  auth}/credentials/pycredentials.c |    0
>   {source4/auth =>  auth}/credentials/pycredentials.h |    0
>   .../credentials/samba-credentials.pc.in            |    0
>   {source4/auth =>  auth}/credentials/tests/bind.py   |    0
>   {source4/auth =>  auth}/credentials/tests/simple.c  |    0
>   {source4/auth =>  auth}/credentials/wscript_build   |    0
>   {source4/auth =>  auth}/gensec/gensec.pc.in         |    0
>   auth/gensec/gensec_start.c                         |  913 +++++
>   auth/gensec/wscript_build                          |   14 +-
>   auth/wscript_build                                 |    1 +
>   {source4 =>  lib}/param/generic.c                   |    0
>   lib/param/loadparm.c                               | 3770 ++++++++++++++++++++
>   {source4 =>  lib}/param/param.h                     |    0
>   {source4 =>  lib}/param/samba-hostconfig.pc.in      |    0
>   lib/param/util.c                                   |  266 ++
>   lib/param/wscript_build                            |   24 +
>   libcli/smb/smb_constants.h                         |   12 +
>   nsswitch/libwbclient/tests/wbclient.c              |    2 +-
>   {source4/script =>  script}/mks3param.pl            |    0
>   source3/auth/auth_samba4.c                         |    2 +-
>   source3/include/smb.h                              |    6 -
>   source3/modules/vfs_dfs_samba4.c                   |    2 +-
>   source3/param/loadparm_ctx.c                       |    2 +-
>   source3/passdb/pdb_samba4.c                        |    2 +-
>   source3/wscript_build                              |    2 +-
>   source4/auth/credentials/credentials.c             | 1002 ------
>   source4/auth/credentials/credentials.h             |  300 --
>   source4/auth/gensec/cyrus_sasl.c                   |    1 +
>   source4/auth/gensec/gensec_start.c                 |  948 -----
>   source4/auth/gensec/gensec_util.c                  |   59 +
>   source4/auth/gensec/schannel.c                     |    1 +
>   source4/auth/gensec/wscript_build                  |   13 +-
>   source4/auth/ntlm/wscript_build                    |    2 +-
>   source4/auth/ntlmssp/ntlmssp.c                     |    1 +
>   source4/auth/wscript_build                         |    1 -
>   source4/libcli/raw/libcliraw.h                     |    2 +-
>   source4/libcli/raw/signing.h                       |    4 -
>   source4/libcli/wscript_build                       |    2 +-
>   source4/librpc/wscript_build                       |    2 +-
>   source4/ntvfs/wscript_build                        |    4 +-
>   source4/param/loadparm.c                           | 3747 +-------------------
>   source4/param/util.c                               |  266 --
>   source4/param/wscript_build                        |   26 +-
>   source4/scripting/python/samba/upgrade.py          |    2 +-
>   source4/selftest/tests.py                          |    2 +-
>   source4/torture/libnetapi/libnetapi.c              |    2 +-
>   source4/torture/local/wscript_build                |    2 +-
>   source4/wscript_build                              |    4 +-
>   54 files changed, 6422 insertions(+), 6327 deletions(-)
>   create mode 100644 auth/credentials/credentials.c
>   create mode 100644 auth/credentials/credentials.h
>   rename {source4/auth =>  auth}/credentials/credentials_krb5.c (100%)
>   rename {source4/auth =>  auth}/credentials/credentials_krb5.h (100%)
>   rename {source4/auth =>  auth}/credentials/credentials_ntlm.c (100%)
>   rename {source4/auth =>  auth}/credentials/credentials_secrets.c (100%)
>   rename {source4/auth =>  auth}/credentials/pycredentials.c (100%)
>   rename {source4/auth =>  auth}/credentials/pycredentials.h (100%)
>   rename {source4/auth =>  auth}/credentials/samba-credentials.pc.in (100%)
>   rename {source4/auth =>  auth}/credentials/tests/bind.py (100%)
>   rename {source4/auth =>  auth}/credentials/tests/simple.c (100%)
>   rename {source4/auth =>  auth}/credentials/wscript_build (100%)
>   rename {source4/auth =>  auth}/gensec/gensec.pc.in (100%)
>   create mode 100644 auth/gensec/gensec_start.c
>   rename {source4 =>  lib}/param/generic.c (100%)
>   create mode 100644 lib/param/loadparm.c
>   rename {source4 =>  lib}/param/param.h (100%)
>   rename {source4 =>  lib}/param/samba-hostconfig.pc.in (100%)
>   create mode 100644 lib/param/util.c
>   rename {source4/script =>  script}/mks3param.pl (100%)
>   delete mode 100644 source4/auth/credentials/credentials.c
>   delete mode 100644 source4/auth/credentials/credentials.h
>   delete mode 100644 source4/auth/gensec/gensec_start.c
>   create mode 100644 source4/auth/gensec/gensec_util.c
>   delete mode 100644 source4/param/util.c
>
>
> Changeset truncated at 500 lines:
>
> diff --git a/auth/credentials/credentials.c b/auth/credentials/credentials.c
> new file mode 100644
> index 0000000..ee60220
> --- /dev/null
> +++ b/auth/credentials/credentials.c
> @@ -0,0 +1,1001 @@
> +/*
> +   Unix SMB/CIFS implementation.
> +
> +   User credentials handling
> +
> +   Copyright (C) Jelmer Vernooij 2005
> +   Copyright (C) Tim Potter 2001
> +   Copyright (C) Andrew Bartlett<abartlet at samba.org>  2005
> +
> +   This program is free software; you can redistribute it and/or modify
> +   it under the terms of the GNU General Public License as published by
> +   the Free Software Foundation; either version 3 of the License, or
> +   (at your option) any later version.
> +
> +   This program is distributed in the hope that it will be useful,
> +   but WITHOUT ANY WARRANTY; without even the implied warranty of
> +   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
> +   GNU General Public License for more details.
> +
> +   You should have received a copy of the GNU General Public License
> +   along with this program.  If not, see<http://www.gnu.org/licenses/>.
> +*/
> +
> +#include "includes.h"
> +#include "librpc/gen_ndr/samr.h" /* for struct samrPassword */
> +#include "auth/credentials/credentials.h"
> +#include "libcli/auth/libcli_auth.h"
> +#include "tevent.h"
> +#include "param/param.h"
> +#include "system/filesys.h"
> +
> +/**
> + * Create a new credentials structure
> + * @param mem_ctx TALLOC_CTX parent for credentials structure
> + */
> +_PUBLIC_ struct cli_credentials *cli_credentials_init(TALLOC_CTX *mem_ctx)
> +{
> +	struct cli_credentials *cred = talloc(mem_ctx, struct cli_credentials);
> +	if (cred == NULL) {
> +		return cred;
> +	}
> +
> +	cred->workstation_obtained = CRED_UNINITIALISED;
> +	cred->username_obtained = CRED_UNINITIALISED;
> +	cred->password_obtained = CRED_UNINITIALISED;
> +	cred->domain_obtained = CRED_UNINITIALISED;
> +	cred->realm_obtained = CRED_UNINITIALISED;
> +	cred->ccache_obtained = CRED_UNINITIALISED;
> +	cred->client_gss_creds_obtained = CRED_UNINITIALISED;
> +	cred->principal_obtained = CRED_UNINITIALISED;
> +	cred->keytab_obtained = CRED_UNINITIALISED;
> +	cred->server_gss_creds_obtained = CRED_UNINITIALISED;
> +
> +	cred->ccache_threshold = CRED_UNINITIALISED;
> +	cred->client_gss_creds_threshold = CRED_UNINITIALISED;
> +
> +	cred->workstation = NULL;
> +	cred->username = NULL;
> +	cred->password = NULL;
> +	cred->old_password = NULL;
> +	cred->domain = NULL;
> +	cred->realm = NULL;
> +	cred->principal = NULL;
> +	cred->salt_principal = NULL;
> +	cred->impersonate_principal = NULL;
> +	cred->self_service = NULL;
> +	cred->target_service = NULL;
> +
> +	cred->bind_dn = NULL;
> +
> +	cred->nt_hash = NULL;
> +
> +	cred->lm_response.data = NULL;
> +	cred->lm_response.length = 0;
> +	cred->nt_response.data = NULL;
> +	cred->nt_response.length = 0;
> +
> +	cred->ccache = NULL;
> +	cred->client_gss_creds = NULL;
> +	cred->keytab = NULL;
> +	cred->server_gss_creds = NULL;
> +
> +	cred->workstation_cb = NULL;
> +	cred->password_cb = NULL;
> +	cred->username_cb = NULL;
> +	cred->domain_cb = NULL;
> +	cred->realm_cb = NULL;
> +	cred->principal_cb = NULL;
> +
> +	cred->priv_data = NULL;
> +
> +	cred->netlogon_creds = NULL;
> +	cred->secure_channel_type = SEC_CHAN_NULL;
> +
> +	cred->kvno = 0;
> +
> +	cred->password_last_changed_time = 0;
> +
> +	cred->smb_krb5_context = NULL;
> +
> +	cred->machine_account_pending = false;
> +	cred->machine_account_pending_lp_ctx = NULL;
> +
> +	cred->machine_account = false;
> +
> +	cred->tries = 3;
> +
> +	cred->callback_running = false;
> +
> +	cli_credentials_set_kerberos_state(cred, CRED_AUTO_USE_KERBEROS);
> +	cli_credentials_set_gensec_features(cred, 0);
> +	cli_credentials_set_krb_forwardable(cred, CRED_AUTO_KRB_FORWARDABLE);
> +
> +	return cred;
> +}
> +
> +/**
> + * Create a new anonymous credential
> + * @param mem_ctx TALLOC_CTX parent for credentials structure
> + */
> +_PUBLIC_ struct cli_credentials *cli_credentials_init_anon(TALLOC_CTX *mem_ctx)
> +{
> +	struct cli_credentials *anon_credentials;
> +
> +	anon_credentials = cli_credentials_init(mem_ctx);
> +	cli_credentials_set_anonymous(anon_credentials);
> +
> +	return anon_credentials;
> +}
> +
> +_PUBLIC_ void cli_credentials_set_kerberos_state(struct cli_credentials *creds,
> +					enum credentials_use_kerberos use_kerberos)
> +{
> +	creds->use_kerberos = use_kerberos;
> +}
> +
> +_PUBLIC_ void cli_credentials_set_krb_forwardable(struct cli_credentials *creds,
> +						  enum credentials_krb_forwardable krb_forwardable)
> +{
> +	creds->krb_forwardable = krb_forwardable;
> +}
> +
> +_PUBLIC_ enum credentials_use_kerberos cli_credentials_get_kerberos_state(struct cli_credentials *creds)
> +{
> +	return creds->use_kerberos;
> +}
> +
> +_PUBLIC_ enum credentials_krb_forwardable cli_credentials_get_krb_forwardable(struct cli_credentials *creds)
> +{
> +	return creds->krb_forwardable;
> +}
> +
> +_PUBLIC_ void cli_credentials_set_gensec_features(struct cli_credentials *creds, uint32_t gensec_features)
> +{
> +	creds->gensec_features = gensec_features;
> +}
> +
> +_PUBLIC_ uint32_t cli_credentials_get_gensec_features(struct cli_credentials *creds)
> +{
> +	return creds->gensec_features;
> +}
> +
> +
> +/**
> + * Obtain the username for this credentials context.
> + * @param cred credentials context
> + * @retval The username set on this context.
> + * @note Return value will never be NULL except by programmer error.
> + */
> +_PUBLIC_ const char *cli_credentials_get_username(struct cli_credentials *cred)
> +{
> +	if (cred->machine_account_pending) {
> +		cli_credentials_set_machine_account(cred,
> +					cred->machine_account_pending_lp_ctx);
> +	}
> +
> +	if (cred->username_obtained == CRED_CALLBACK&&
> +	    !cred->callback_running) {
> +	    	cred->callback_running = true;
> +		cred->username = cred->username_cb(cred);
> +	    	cred->callback_running = false;
> +		cred->username_obtained = CRED_SPECIFIED;
> +		cli_credentials_invalidate_ccache(cred, cred->username_obtained);
> +	}
> +
> +	return cred->username;
> +}
> +
> +_PUBLIC_ bool cli_credentials_set_username(struct cli_credentials *cred,
> +				  const char *val, enum credentials_obtained obtained)
> +{
> +	if (obtained>= cred->username_obtained) {
> +		cred->username = talloc_strdup(cred, val);
> +		cred->username_obtained = obtained;
> +		cli_credentials_invalidate_ccache(cred, cred->username_obtained);
> +		return true;
> +	}
> +
> +	return false;
> +}
> +
> +_PUBLIC_ bool cli_credentials_set_username_callback(struct cli_credentials *cred,
> +				  const char *(*username_cb) (struct cli_credentials *))
> +{
> +	if (cred->username_obtained<  CRED_CALLBACK) {
> +		cred->username_cb = username_cb;
> +		cred->username_obtained = CRED_CALLBACK;
> +		return true;
> +	}
> +
> +	return false;
> +}
> +
> +_PUBLIC_ bool cli_credentials_set_bind_dn(struct cli_credentials *cred,
> +				 const char *bind_dn)
> +{
> +	cred->bind_dn = talloc_strdup(cred, bind_dn);
> +	return true;
> +}
> +
> +/**
> + * Obtain the BIND DN for this credentials context.
> + * @param cred credentials context
> + * @retval The username set on this context.
> + * @note Return value will be NULL if not specified explictly
> + */
> +_PUBLIC_ const char *cli_credentials_get_bind_dn(struct cli_credentials *cred)
> +{
> +	return cred->bind_dn;
> +}
> +
> +
> +/**
> + * Obtain the client principal for this credentials context.
> + * @param cred credentials context
> + * @retval The username set on this context.
> + * @note Return value will never be NULL except by programmer error.
> + */
> +_PUBLIC_ const char *cli_credentials_get_principal_and_obtained(struct cli_credentials *cred, TALLOC_CTX *mem_ctx, enum credentials_obtained *obtained)
> +{
> +	if (cred->machine_account_pending) {
> +		cli_credentials_set_machine_account(cred,
> +					cred->machine_account_pending_lp_ctx);
> +	}
> +
> +	if (cred->principal_obtained == CRED_CALLBACK&&
> +	    !cred->callback_running) {
> +	    	cred->callback_running = true;
> +		cred->principal = cred->principal_cb(cred);
> +	    	cred->callback_running = false;
> +		cred->principal_obtained = CRED_SPECIFIED;
> +		cli_credentials_invalidate_ccache(cred, cred->principal_obtained);
> +	}
> +
> +	if (cred->principal_obtained<  cred->username_obtained
> +	    || cred->principal_obtained<  MAX(cred->domain_obtained, cred->realm_obtained)) {
> +		if (cred->domain_obtained>  cred->realm_obtained) {
> +			*obtained = MIN(cred->domain_obtained, cred->username_obtained);
> +			return talloc_asprintf(mem_ctx, "%s@%s",
> +					       cli_credentials_get_username(cred),
> +					       cli_credentials_get_domain(cred));
> +		} else {
> +			*obtained = MIN(cred->domain_obtained, cred->username_obtained);
> +			return talloc_asprintf(mem_ctx, "%s@%s",
> +					       cli_credentials_get_username(cred),
> +					       cli_credentials_get_realm(cred));
> +		}
> +	}
> +	*obtained = cred->principal_obtained;
> +	return talloc_reference(mem_ctx, cred->principal);
> +}
> +
> +/**
> + * Obtain the client principal for this credentials context.
> + * @param cred credentials context
> + * @retval The username set on this context.
> + * @note Return value will never be NULL except by programmer error.
> + */
> +_PUBLIC_ const char *cli_credentials_get_principal(struct cli_credentials *cred, TALLOC_CTX *mem_ctx)
> +{
> +	enum credentials_obtained obtained;
> +	return cli_credentials_get_principal_and_obtained(cred, mem_ctx,&obtained);
> +}
> +
> +_PUBLIC_ bool cli_credentials_set_principal(struct cli_credentials *cred,
> +				   const char *val,
> +				   enum credentials_obtained obtained)
> +{
> +	if (obtained>= cred->principal_obtained) {
> +		cred->principal = talloc_strdup(cred, val);
> +		cred->principal_obtained = obtained;
> +		cli_credentials_invalidate_ccache(cred, cred->principal_obtained);
> +		return true;
> +	}
> +
> +	return false;
> +}
> +
> +/* Set a callback to get the principal.  This could be a popup dialog,
> + * a terminal prompt or similar.  */
> +_PUBLIC_ bool cli_credentials_set_principal_callback(struct cli_credentials *cred,
> +				  const char *(*principal_cb) (struct cli_credentials *))
> +{
> +	if (cred->principal_obtained<  CRED_CALLBACK) {
> +		cred->principal_cb = principal_cb;
> +		cred->principal_obtained = CRED_CALLBACK;
> +		return true;
> +	}
> +
> +	return false;
> +}
> +
> +/* Some of our tools are 'anonymous by default'.  This is a single
> + * function to determine if authentication has been explicitly
> + * requested */
> +
> +_PUBLIC_ bool cli_credentials_authentication_requested(struct cli_credentials *cred)
> +{
> +	if (cred->bind_dn) {
> +		return true;
> +	}
> +
> +	if (cli_credentials_is_anonymous(cred)){
> +		return false;
> +	}
> +
> +	if (cred->principal_obtained>= CRED_SPECIFIED) {
> +		return true;
> +	}
> +	if (cred->username_obtained>= CRED_SPECIFIED) {
> +		return true;
> +	}
> +
> +	if (cli_credentials_get_kerberos_state(cred) == CRED_MUST_USE_KERBEROS) {
> +		return true;
> +	}
> +
> +	return false;
> +}
> +
> +/**
> + * Obtain the password for this credentials context.
> + * @param cred credentials context
> + * @retval If set, the cleartext password, otherwise NULL
> + */
> +_PUBLIC_ const char *cli_credentials_get_password(struct cli_credentials *cred)
> +{
> +	if (cred->machine_account_pending) {
> +		cli_credentials_set_machine_account(cred,
> +						    cred->machine_account_pending_lp_ctx);
> +	}
> +
> +	if (cred->password_obtained == CRED_CALLBACK&&
> +	    !cred->callback_running) {
> +	    	cred->callback_running = true;
> +		cred->password = cred->password_cb(cred);
> +	    	cred->callback_running = false;
> +		cred->password_obtained = CRED_CALLBACK_RESULT;
> +		cli_credentials_invalidate_ccache(cred, cred->password_obtained);
> +	}
> +
> +	return cred->password;
> +}
> +
> +/* Set a password on the credentials context, including an indication
> + * of 'how' the password was obtained */
> +
> +_PUBLIC_ bool cli_credentials_set_password(struct cli_credentials *cred,
> +				  const char *val,
> +				  enum credentials_obtained obtained)
> +{
> +	if (obtained>= cred->password_obtained) {
> +		cred->password = talloc_strdup(cred, val);
> +		cred->password_obtained = obtained;
> +		cli_credentials_invalidate_ccache(cred, cred->password_obtained);
> +
> +		cred->nt_hash = NULL;
> +		cred->lm_response = data_blob(NULL, 0);
> +		cred->nt_response = data_blob(NULL, 0);
> +		return true;
> +	}
> +
> +	return false;
> +}
> +
> +_PUBLIC_ bool cli_credentials_set_password_callback(struct cli_credentials *cred,
> +					   const char *(*password_cb) (struct cli_credentials *))
> +{
> +	if (cred->password_obtained<  CRED_CALLBACK) {
> +		cred->password_cb = password_cb;
> +		cred->password_obtained = CRED_CALLBACK;
> +		cli_credentials_invalidate_ccache(cred, cred->password_obtained);
> +		return true;
> +	}
> +
> +	return false;
> +}
> +
> +/**
> + * Obtain the 'old' password for this credentials context (used for join accounts).
> + * @param cred credentials context
> + * @retval If set, the cleartext password, otherwise NULL
> + */
> +_PUBLIC_ const char *cli_credentials_get_old_password(struct cli_credentials *cred)
> +{
> +	if (cred->machine_account_pending) {
> +		cli_credentials_set_machine_account(cred,
> +						    cred->machine_account_pending_lp_ctx);
> +	}
> +
> +	return cred->old_password;
> +}
> +
> +_PUBLIC_ bool cli_credentials_set_old_password(struct cli_credentials *cred,
> +				      const char *val,
> +				      enum credentials_obtained obtained)
> +{
> +	cred->old_password = talloc_strdup(cred, val);
> +	return true;
> +}
> +
> +/**
> + * Obtain the password, in the form MD4(unicode(password)) for this credentials context.
> + *
> + * Sometimes we only have this much of the password, while the rest of
> + * the time this call avoids calling E_md4hash themselves.
> + *
> + * @param cred credentials context
> + * @retval If set, the cleartext password, otherwise NULL
> + */
> +_PUBLIC_ const struct samr_Password *cli_credentials_get_nt_hash(struct cli_credentials *cred,
> +							TALLOC_CTX *mem_ctx)
> +{
> +	const char *password = cli_credentials_get_password(cred);
> +
> +	if (password) {
> +		struct samr_Password *nt_hash = talloc(mem_ctx, struct samr_Password);
> +		if (!nt_hash) {
> +			return NULL;
> +		}
> +		
> +		E_md4hash(password, nt_hash->hash);
> +
> +		return nt_hash;
> +	} else {
> +		return cred->nt_hash;
> +	}
> +}
> +
> +/**
> + * Obtain the 'short' or 'NetBIOS' domain for this credentials context.
> + * @param cred credentials context
> + * @retval The domain set on this context.
> + * @note Return value will never be NULL except by programmer error.
> + */
> +_PUBLIC_ const char *cli_credentials_get_domain(struct cli_credentials *cred)
> +{
> +	if (cred->machine_account_pending) {
> +		cli_credentials_set_machine_account(cred,
> +						    cred->machine_account_pending_lp_ctx);
> +	}
> +
> +	if (cred->domain_obtained == CRED_CALLBACK&&
> +	    !cred->callback_running) {
> +	    	cred->callback_running = true;
> +		cred->domain = cred->domain_cb(cred);
> +	    	cred->callback_running = false;
> +		cred->domain_obtained = CRED_SPECIFIED;
> +		cli_credentials_invalidate_ccache(cred, cred->domain_obtained);
> +	}
> +
> +	return cred->domain;
> +}
> +
> +
> +_PUBLIC_ bool cli_credentials_set_domain(struct cli_credentials *cred,
> +				const char *val,
> +				enum credentials_obtained obtained)
> +{
> +	if (obtained>= cred->domain_obtained) {
> +		/* it is important that the domain be in upper case,
> +		 * particularly for the sensitive NTLMv2
> +		 * calculations */
> +		cred->domain = strupper_talloc(cred, val);
> +		cred->domain_obtained = obtained;
> +		cli_credentials_invalidate_ccache(cred, cred->domain_obtained);
> +		return true;
> +	}
> +
> +	return false;
> +}
> +
> +bool cli_credentials_set_domain_callback(struct cli_credentials *cred,
> +					 const char *(*domain_cb) (struct cli_credentials *))
>
>


-- 
Matthieu Patou
Samba Team
http://samba.org



More information about the samba-technical mailing list