The branch, master has been updated via 8588d10 s4:ntvfs/smb2: remove misleading comment regarding security=server via 12ce84f s4:ntvfs/cifs: remove misleading comment regarding security=server via 7cb4acd s4:auth: remove unused auth_server.c via 413e1be s3:auth: remove unused auth_server.c via 0239f68 docs-xml: remove documentation of "SECURITY = SERVER" via b4abd3f s3-auth: remove "security=server" (depricated since 3.6) via 053fcfe s4:param/tests: remove "security=server" test via f67cb32 selftest: Remove tests for security=server from 747e539 samba-upgradedns: Use the correct magic incantation of sys.path.insert()
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log ----------------------------------------------------------------- commit 8588d1086142cebcf8734fcd0773f99e8825c87b Author: Stefan Metzmacher <me...@samba.org> Date: Sat May 12 12:53:34 2012 +0200 s4:ntvfs/smb2: remove misleading comment regarding security=server metze Autobuild-User: Stefan Metzmacher <me...@samba.org> Autobuild-Date: Tue May 15 10:12:53 CEST 2012 on sn-devel-104 commit 12ce84f0cf8b2658cf4067dd5189624bdee4bde7 Author: Stefan Metzmacher <me...@samba.org> Date: Sat May 12 12:53:34 2012 +0200 s4:ntvfs/cifs: remove misleading comment regarding security=server metze commit 7cb4acd5dd1825e157e00e0e8babd674b494375a Author: Stefan Metzmacher <me...@samba.org> Date: Sat May 12 12:01:18 2012 +0200 s4:auth: remove unused auth_server.c metze commit 413e1be7739003696fd903dd80d1ead5275fe74c Author: Stefan Metzmacher <me...@samba.org> Date: Sat May 12 12:01:03 2012 +0200 s3:auth: remove unused auth_server.c metze commit 0239f680a79ec41ecff97eea38687eccad2b5894 Author: Stefan Metzmacher <me...@samba.org> Date: Sat May 12 12:00:32 2012 +0200 docs-xml: remove documentation of "SECURITY = SERVER" metze commit b4abd3faaf3bdcbcd24fed8325960ccdee43bea9 Author: Stefan Metzmacher <me...@samba.org> Date: Sat May 12 12:00:00 2012 +0200 s3-auth: remove "security=server" (depricated since 3.6) "security=server" has a lot of problems in the world with modern security (ntlmv2 and krb5). It was also not very reliable, as it needed a stable connection to the password server for the lifetime of the whole client connection! Please use "security=domain" or "security=ads" is you authentication against remote servers (domain controllers). metze -------------- / \ / REST \ / IN \ / PEACE \ / \ | SEC_SERVER | | security=server | | | | | | 12 May | | | | 2012 | *| * * * | * _________)/\\_//(\/(/\)/\//\/\///|_)_______ commit 053fcfef0fa680e2443a07933973f0f21624c336 Author: Stefan Metzmacher <me...@samba.org> Date: Sat May 12 11:14:17 2012 +0200 s4:param/tests: remove "security=server" test metze commit f67cb32b51a77dd0ebf63d9469a99f9359cb1e54 Author: Andrew Bartlett <abart...@samba.org> Date: Tue May 15 09:43:03 2012 +1000 selftest: Remove tests for security=server Signed-off-by: Stefan Metzmacher <me...@samba.org> ----------------------------------------------------------------------- Summary of changes: docs-xml/smbdotconf/security/security.xml | 32 -- lib/param/loadparm_server_role.c | 9 +- lib/param/param_enums.c | 1 - libds/common/roles.h | 19 +- selftest/target/Samba.pm | 1 - selftest/target/Samba3.pm | 40 --- source3/Makefile.in | 5 - source3/auth/auth.c | 6 - source3/auth/auth_server.c | 487 ----------------------------- source3/auth/proto.h | 4 - source3/auth/wscript_build | 9 - source3/configure.in | 2 - source3/param/loadparm.c | 4 - source3/selftest/tests.py | 5 +- source3/utils/testparm.c | 6 +- source3/wscript | 2 +- source4/auth/ntlm/auth_server.c | 237 -------------- source4/auth/ntlm/wscript_build | 8 - source4/ntvfs/cifs/vfs_cifs.c | 1 - source4/ntvfs/smb2/vfs_smb2.c | 1 - source4/param/tests/loadparm.c | 10 - 21 files changed, 22 insertions(+), 867 deletions(-) delete mode 100644 source3/auth/auth_server.c delete mode 100644 source4/auth/ntlm/auth_server.c Changeset truncated at 500 lines: diff --git a/docs-xml/smbdotconf/security/security.xml b/docs-xml/smbdotconf/security/security.xml index 2575d77..453de94 100644 --- a/docs-xml/smbdotconf/security/security.xml +++ b/docs-xml/smbdotconf/security/security.xml @@ -79,38 +79,6 @@ <para>See also the <smbconfoption name="password server"/> parameter and the <smbconfoption name="encrypted passwords"/> parameter.</para> - <para><anchor id="SECURITYEQUALSSERVER"/><emphasis>SECURITY = SERVER</emphasis></para> - - <para> - In this depicted mode Samba will try to validate the username/password by passing it to another SMB server, such as an - NT box. If this fails it will revert to <command moreinfo="none">security = user</command>. It expects the - <smbconfoption name="encrypted passwords"/> parameter to be set to <constant>yes</constant>, unless the remote - server does not support them. However note that if encrypted passwords have been negotiated then Samba cannot - revert back to checking the UNIX password file, it must have a valid <filename - moreinfo="none">smbpasswd</filename> file to check users against. See the chapter about the User Database in - the Samba HOWTO Collection for details on how to set this up. -</para> - - <note><para>This mode of operation has - significant pitfalls since it is more vulnerable to - man-in-the-middle attacks and server impersonation. In particular, - this mode of operation can cause significant resource consumption on - the PDC, as it must maintain an active connection for the duration - of the user's session. Furthermore, if this connection is lost, - there is no way to reestablish it, and further authentications to the - Samba server may fail (from a single client, till it disconnects). - </para></note> - - <note><para>If the client selects NTLMv2 authentication, then this mode of operation <emphasis>will fail</emphasis> - </para></note> - - <note><para>From the client's point of - view, <command moreinfo="none">security = server</command> is the - same as <command moreinfo="none">security = user</command>. It - only affects how the server deals with the authentication, it does - not in any way affect what the client sees.</para></note> - - <note><para>This option is deprecated, and may be removed in future</para></note> <para><emphasis>Note</emphasis> that the name of the resource being requested is <emphasis>not</emphasis> sent to the server until after diff --git a/lib/param/loadparm_server_role.c b/lib/param/loadparm_server_role.c index 4ba54b9..9ff64be 100644 --- a/lib/param/loadparm_server_role.c +++ b/lib/param/loadparm_server_role.c @@ -73,13 +73,6 @@ int lp_find_server_role(int server_role, int security, int domain_logons, int do role = ROLE_STANDALONE; switch (security) { - case SEC_SERVER: - if (domain_logons) { - DEBUG(0, ("Server's Role (logon server) conflicts with server-level security\n")); - } - /* this used to be considered ROLE_DOMAIN_MEMBER but that's just wrong */ - role = ROLE_STANDALONE; - break; case SEC_DOMAIN: if (domain_logons) { DEBUG(1, ("Server's Role (logon server) NOT ADVISED with domain-level security\n")); @@ -157,7 +150,7 @@ bool lp_is_security_and_server_role_valid(int server_role, int security) valid = true; break; case ROLE_STANDALONE: - if (security == SEC_SERVER || security == SEC_USER) { + if (security == SEC_USER) { valid = true; } break; diff --git a/lib/param/param_enums.c b/lib/param/param_enums.c index 36234ea..5f4cd61 100644 --- a/lib/param/param_enums.c +++ b/lib/param/param_enums.c @@ -46,7 +46,6 @@ static const struct enum_list enum_protocol[] = { static const struct enum_list enum_security[] = { {SEC_AUTO, "AUTO"}, {SEC_USER, "USER"}, - {SEC_SERVER, "SERVER"}, {SEC_DOMAIN, "DOMAIN"}, #if (defined(HAVE_ADS) || _SAMBA_BUILD_ >= 4) {SEC_ADS, "ADS"}, diff --git a/libds/common/roles.h b/libds/common/roles.h index 90281ba..9dc9a00 100644 --- a/libds/common/roles.h +++ b/libds/common/roles.h @@ -60,10 +60,25 @@ enum server_role { *| * * * | * _________)/\\_//(\/(/\)/\//\/\///|_)_______ - */ + -------------- + / \ + / REST \ + / IN \ + / PEACE \ + / \ + | SEC_SERVER | + | security=server | + | | + | | + | 12 May | + | | + | 2012 | + *| * * * | * + _________)/\\_//(\/(/\)/\//\/\///|_)_______ + +*/ enum security_types {SEC_AUTO = 0, SEC_USER = 2, - SEC_SERVER = 3, SEC_DOMAIN = 4, SEC_ADS = 5}; diff --git a/selftest/target/Samba.pm b/selftest/target/Samba.pm index 1422603..72f26a5 100644 --- a/selftest/target/Samba.pm +++ b/selftest/target/Samba.pm @@ -144,7 +144,6 @@ sub get_interface($) $interfaces{"locals3dc2"} = 2; $interfaces{"localmember3"} = 3; $interfaces{"localshare4"} = 4; - $interfaces{"localserver5"} = 5; $interfaces{"localktest6"} = 6; $interfaces{"maptoguest"} = 7; diff --git a/selftest/target/Samba3.pm b/selftest/target/Samba3.pm index b148167..04026be 100755 --- a/selftest/target/Samba3.pm +++ b/selftest/target/Samba3.pm @@ -159,13 +159,6 @@ sub setup_env($$$) return $self->setup_maptoguest("$path/maptoguest"); } elsif ($envname eq "ktest") { return $self->setup_ktest("$path/ktest"); - } elsif ($envname eq "secserver") { - if (not defined($self->{vars}->{s3dc})) { - if (not defined($self->setup_s3dc("$path/s3dc"))) { - return undef; - } - } - return $self->setup_secserver("$path/secserver", $self->{vars}->{s3dc}); } elsif ($envname eq "member") { if (not defined($self->{vars}->{s3dc})) { if (not defined($self->setup_s3dc("$path/s3dc"))) { @@ -375,39 +368,6 @@ sub setup_secshare($$) return $vars; } -sub setup_secserver($$$) -{ - my ($self, $prefix, $s3dcvars) = @_; - - print "PROVISIONING server with security=server..."; - - my $secserver_options = " - security = server - password server = $s3dcvars->{SERVER_IP} -"; - - my $ret = $self->provision($prefix, - "LOCALSERVER5", - "localserver5pass", - $secserver_options); - - $ret or return undef; - - $self->check_or_start($ret, "yes", "no", "yes"); - - if (not $self->wait_for_start($ret)) { - return undef; - } - - $ret->{DC_SERVER} = $s3dcvars->{SERVER}; - $ret->{DC_SERVER_IP} = $s3dcvars->{SERVER_IP}; - $ret->{DC_NETBIOSNAME} = $s3dcvars->{NETBIOSNAME}; - $ret->{DC_USERNAME} = $s3dcvars->{USERNAME}; - $ret->{DC_PASSWORD} = $s3dcvars->{PASSWORD}; - - return $ret; -} - sub setup_ktest($$$) { my ($self, $prefix) = @_; diff --git a/source3/Makefile.in b/source3/Makefile.in index 52ed5d3..5d70e6d 100644 --- a/source3/Makefile.in +++ b/source3/Makefile.in @@ -906,7 +906,6 @@ DCUTIL_OBJ = libsmb/namequery_dc.o libsmb/trustdom_cache.o libsmb/trusts_util.o AUTH_BUILTIN_OBJ = auth/auth_builtin.o AUTH_DOMAIN_OBJ = auth/auth_domain.o AUTH_SAM_OBJ = auth/auth_sam.o auth/check_samsec.o -AUTH_SERVER_OBJ = auth/auth_server.o AUTH_UNIX_OBJ = auth/auth_unix.o AUTH_WINBIND_OBJ = auth/auth_winbind.o AUTH_WBC_OBJ = auth/auth_wbc.o @@ -2859,10 +2858,6 @@ bin/netlogond.@SHLIBEXT@: $(BINARY_PREREQS) $(AUTH_NETLOGOND_OBJ) @echo "Building plugin $@" @$(SHLD_MODULE) $(AUTH_NETLOGOND_OBJ) -bin/smbserver.@SHLIBEXT@: $(BINARY_PREREQS) $(AUTH_SERVER_OBJ) - @echo "Building plugin $@" - @$(SHLD_MODULE) $(AUTH_SERVER_OBJ) - bin/winbind.@SHLIBEXT@: $(BINARY_PREREQS) $(AUTH_WINBIND_OBJ) @echo "Building plugin $@" @$(SHLD_MODULE) $(AUTH_WINBIND_OBJ) diff --git a/source3/auth/auth.c b/source3/auth/auth.c index 4b075a6..c442a53 100644 --- a/source3/auth/auth.c +++ b/source3/auth/auth.c @@ -494,12 +494,6 @@ NTSTATUS make_auth_context_subsystem(TALLOC_CTX *mem_ctx, talloc_tos(), "guest sam winbind:ntdomain", NULL); break; - case SEC_SERVER: - DEBUG(5,("Making default auth method list for security=server\n")); - auth_method_list = str_list_make_v3( - talloc_tos(), "guest sam smbserver", - NULL); - break; case SEC_USER: if (lp_encrypted_passwords()) { if ((lp_server_role() == ROLE_DOMAIN_PDC) || (lp_server_role() == ROLE_DOMAIN_BDC)) { diff --git a/source3/auth/auth_server.c b/source3/auth/auth_server.c deleted file mode 100644 index 3bd69cd..0000000 --- a/source3/auth/auth_server.c +++ /dev/null @@ -1,487 +0,0 @@ -/* - Unix SMB/CIFS implementation. - Authenticate to a remote server - Copyright (C) Andrew Tridgell 1992-1998 - Copyright (C) Andrew Bartlett 2001 - - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; either version 3 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program. If not, see <http://www.gnu.org/licenses/>. -*/ - -#include "includes.h" -#include "auth.h" -#include "system/passwd.h" -#include "smbd/smbd.h" -#include "libsmb/libsmb.h" - -#undef DBGC_CLASS -#define DBGC_CLASS DBGC_AUTH - -extern userdom_struct current_user_info; - -/**************************************************************************** - Support for server level security. -****************************************************************************/ - -static struct cli_state *server_cryptkey(TALLOC_CTX *mem_ctx) -{ - struct cli_state *cli = NULL; - char *desthost = NULL; - struct sockaddr_storage dest_ss; - const char *p; - char *pserver = NULL; - bool connected_ok = False; - struct named_mutex *mutex = NULL; - NTSTATUS status; - /* security = server just can't function with spnego */ - int flags = CLI_FULL_CONNECTION_DONT_SPNEGO; - uint16_t sec_mode = 0; - - pserver = talloc_strdup(mem_ctx, lp_passwordserver()); - p = pserver; - - while(next_token_talloc(mem_ctx, &p, &desthost, LIST_SEP)) { - - desthost = talloc_sub_basic(mem_ctx, - current_user_info.smb_name, - current_user_info.domain, - desthost); - if (!desthost) { - return NULL; - } - strupper_m(desthost); - - if (strequal(desthost, myhostname())) { - DEBUG(1,("Password server loop - disabling " - "password server %s\n", desthost)); - continue; - } - - if(!resolve_name( desthost, &dest_ss, 0x20, false)) { - DEBUG(1,("server_cryptkey: Can't resolve address for %s\n",desthost)); - continue; - } - - if (ismyaddr((struct sockaddr *)(void *)&dest_ss)) { - DEBUG(1,("Password server loop - disabling password server %s\n",desthost)); - continue; - } - - /* we use a mutex to prevent two connections at once - when a - Win2k PDC get two connections where one hasn't completed a - session setup yet it will send a TCP reset to the first - connection (tridge) */ - - mutex = grab_named_mutex(talloc_tos(), desthost, 10); - if (mutex == NULL) { - return NULL; - } - - status = cli_connect_nb(desthost, &dest_ss, 0, 0x20, - lp_netbios_name(), SMB_SIGNING_DEFAULT, - flags, &cli); - if (NT_STATUS_IS_OK(status)) { - DEBUG(3,("connected to password server %s\n",desthost)); - connected_ok = True; - break; - } - DEBUG(10,("server_cryptkey: failed to connect to server %s. Error %s\n", - desthost, nt_errstr(status) )); - TALLOC_FREE(mutex); - } - - if (!connected_ok) { - DEBUG(0,("password server not available\n")); - return NULL; - } - - DEBUG(3,("got session\n")); - - status = cli_negprot(cli, PROTOCOL_NT1); - - if (!NT_STATUS_IS_OK(status)) { - TALLOC_FREE(mutex); - DEBUG(1, ("%s rejected the negprot: %s\n", - desthost, nt_errstr(status))); - cli_shutdown(cli); - return NULL; - } - - sec_mode = cli_state_security_mode(cli); - if (cli_state_protocol(cli) < PROTOCOL_LANMAN2 || - !(sec_mode & NEGOTIATE_SECURITY_USER_LEVEL)) { - TALLOC_FREE(mutex); - DEBUG(1,("%s isn't in user level security mode\n",desthost)); - cli_shutdown(cli); - return NULL; - } - - /* Get the first session setup done quickly, to avoid silly - Win2k bugs. (The next connection to the server will kill - this one... - */ - - status = cli_session_setup(cli, "", "", 0, "", 0, ""); - if (!NT_STATUS_IS_OK(status)) { - TALLOC_FREE(mutex); - DEBUG(0,("%s rejected the initial session setup (%s)\n", - desthost, nt_errstr(status))); - cli_shutdown(cli); - return NULL; - } - - TALLOC_FREE(mutex); - - DEBUG(3,("password server OK\n")); - - return cli; -} - -struct server_security_state { - struct cli_state *cli; -}; - -/**************************************************************************** - Send a 'keepalive' packet down the cli pipe. -****************************************************************************/ - -static bool send_server_keepalive(const struct timeval *now, - void *private_data) -{ - struct server_security_state *state = talloc_get_type_abort( - private_data, struct server_security_state); - NTSTATUS status; - unsigned char garbage[16]; - - if (!cli_state_is_connected(state->cli)) { - return false; - } - - /* Ping the server to keep the connection alive using SMBecho. */ - memset(garbage, 0xf0, sizeof(garbage)); - status = cli_echo(state->cli, 1, data_blob_const(garbage, sizeof(garbage))); - if (NT_STATUS_IS_OK(status)) { - return true; - } - - DEBUG(2,("send_server_keepalive: password server SMBecho failed: %s\n", - nt_errstr(status))); - cli_shutdown(state->cli); - state->cli = NULL; - return false; -} - -static int destroy_server_security(struct server_security_state *state) -{ - if (state->cli) { - cli_shutdown(state->cli); - } - return 0; -} - -static struct server_security_state *make_server_security_state(struct cli_state *cli) -{ - struct server_security_state *result; - - if (!(result = talloc(NULL, struct server_security_state))) { - DEBUG(0, ("talloc failed\n")); - cli_shutdown(cli); - return NULL; - } - - result->cli = cli; - talloc_set_destructor(result, destroy_server_security); - - if (lp_keepalive() != 0) { - struct timeval interval; - interval.tv_sec = lp_keepalive(); - interval.tv_usec = 0; - - if (event_add_idle(server_event_context(), result, interval, - "server_security_keepalive", - send_server_keepalive, - result) == NULL) { - DEBUG(0, ("event_add_idle failed\n")); - TALLOC_FREE(result); - return NULL; - } - } - - return result; -} - -/**************************************************************************** - Get the challenge out of a password server. -****************************************************************************/ - -static DATA_BLOB auth_get_challenge_server(const struct auth_context *auth_context, - void **my_private_data, - TALLOC_CTX *mem_ctx) -{ - struct cli_state *cli = server_cryptkey(mem_ctx); - - if (cli) { - uint16_t sec_mode = cli_state_security_mode(cli); - const uint8_t *server_challenge = cli_state_server_challenge(cli); - - DEBUG(3,("using password server validation\n")); - - if ((sec_mode & NEGOTIATE_SECURITY_CHALLENGE_RESPONSE) == 0) { - /* We can't work with unencrypted password servers - unless 'encrypt passwords = no' */ - DEBUG(5,("make_auth_info_server: Server is unencrypted, no challenge available..\n")); - - /* However, it is still a perfectly fine connection - to pass that unencrypted password over */ - *my_private_data = - (void *)make_server_security_state(cli); - return data_blob_null; - } - - if (!(*my_private_data = (void *)make_server_security_state(cli))) { - return data_blob(NULL,0); - } - - /* The return must be allocated on the caller's mem_ctx, as our own will be - destoyed just after the call. */ - return data_blob_talloc(discard_const_p(TALLOC_CTX, auth_context), server_challenge ,8); - } else { - return data_blob_null; - } -} - - -/**************************************************************************** - Check for a valid username and password in security=server mode. - - Validate a password with the password server. -****************************************************************************/ - -static NTSTATUS check_smbserver_security(const struct auth_context *auth_context, - void *my_private_data, -- Samba Shared Repository