sin/samba-mirror
1
0
Fork 0
mirror of https://github.com/samba-team/samba.git synced 2025-01-07 17:18:11 +03:00
Code
910a331f3e
samba-mirror/source4/smb_server/smb/sesssetup.c

Ignoring revisions in .git-blame-ignore-revs. Click here to bypass and see the normal blame view.

647 lines
19 KiB
C
Raw Normal View History

r12804: This patch reworks the Samba4 sockets layer to use a socket_address structure that is more generic than just 'IP/port'. It now passes make test, and has been reviewed and updated by metze. (Thankyou *very* much). This passes 'make test' as well as kerberos use (not currently in the testsuite). The original purpose of this patch was to have Samba able to pass a socket address stucture from the BSD layer into the kerberos routines and back again. It also removes nbt_peer_addr, which was being used for a similar purpose. It is a large change, but worthwhile I feel. Andrew Bartlett (This used to be commit 88198c4881d8620a37086f80e4da5a5b71c5bbb2)
2006-01-10 01:12:53 +03:00
first public release of samba4 code (This used to be commit b0510b5428b3461aeb9bbe3cc95f62fc73e2b97f)
2003-08-13 05:53:07 +04:00
/*
Unix SMB/CIFS implementation.
handle SMBsessionsetup
r6270: Move the VUID handling to a IDR tree. This should avoid O(n) behaviour on session setups, and because we no longer need do deal with the linked list as much, the code is much simpiler too. We may be able to compleatly remove the tid and vuid linked lists, but I need to check. This patch also tries to clean up the VUID handling and session setups in general. To avoid security issues, we now have a distinction between VUIDs allocated for the session setup (to tie togeather the multiple round trips) and those used after authentication. Andrew Bartlett (This used to be commit 3e5775146d9ce6f0ac43aecae7e899b5324399ad)
2005-04-10 11:39:51 +04:00
Copyright (C) Andrew Tridgell 1998-2001
Copyright (C) Andrew Bartlett <abartlet@samba.org> 2001-2005
Copyright (C) Jim McDonough 2002
Copyright (C) Luke Howard 2003
r11783: - make the VIUD field in smbsrv_session 64bit, as SMB2 needs it - add an idtree_limit to limit the max VUID we give the clients it's UINT16_MAX (0xffff) for the SMB protocol - add auth_time to the smbsrv_session statistics - use the session_info as marker for finished and non-finished session setups metze (This used to be commit 7eb10048b2c4e5ee9c39750dc877514ed9235a76)
2005-11-18 15:57:48 +03:00
Copyright (C) Stefan Metzmacher 2005
first public release of samba4 code (This used to be commit b0510b5428b3461aeb9bbe3cc95f62fc73e2b97f)
2003-08-13 05:53:07 +04:00
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
r23792: convert Samba4 to GPLv3 There are still a few tidyups of old FSF addresses to come (in both s3 and s4). More commits soon. (This used to be commit fcf38a38ac691abd0fa51b89dc951a08e89fdafa)
2007-07-10 06:07:03 +04:00
the Free Software Foundation; either version 3 of the License, or
first public release of samba4 code (This used to be commit b0510b5428b3461aeb9bbe3cc95f62fc73e2b97f)
2003-08-13 05:53:07 +04:00
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
r23792: convert Samba4 to GPLv3 There are still a few tidyups of old FSF addresses to come (in both s3 and s4). More commits soon. (This used to be commit fcf38a38ac691abd0fa51b89dc951a08e89fdafa)
2007-07-10 06:07:03 +04:00
along with this program. If not, see <http://www.gnu.org/licenses/>.
first public release of samba4 code (This used to be commit b0510b5428b3461aeb9bbe3cc95f62fc73e2b97f)
2003-08-13 05:53:07 +04:00
*/
#include "includes.h"
s4:gensec: change gensec_update_send/recv to tevent_req metze
2009-12-22 18:24:44 +03:00
#include <tevent.h>
r4819: its just not my day today .... (This used to be commit e54a97f8a67a04427b36cb4afac204c4e5f4502a)
2005-01-18 13:10:35 +03:00
#include "version.h"
r19598: Ahead of a merge to current lorikeet-heimdal: Break up auth/auth.h not to include the world. Add credentials_krb5.h with the kerberos dependent prototypes. Andrew Bartlett (This used to be commit 2b569c42e0fbb596ea82484d0e1cb22e193037b9)
2006-11-07 03:48:36 +03:00
#include "auth/gensec/gensec.h"
r3453: - split out the auth and popt includes - tidied up some of the system includes - moved a few more structures back from misc.idl to netlogon.idl and samr.idl now that pidl knows about inter-IDL dependencies (This used to be commit 7b7477ac42d96faac1b0ff361525d2c63cedfc64)
2004-11-02 05:57:18 +03:00
#include "auth/auth.h"
r3466: split out request.h, signing.h, and smb_server.h (This used to be commit 7c4e6ebf05790dd6e29896dd316db0fff613aa4e)
2004-11-02 10:18:24 +03:00
#include "smb_server/smb_server.h"
s4: rename source4/smbd/ to source4/samba/ Signed-off-by: Ralph Boehme <slow@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Autobuild-User(master): Ralph Böhme <slow@samba.org> Autobuild-Date(master): Fri Nov 27 10:07:18 UTC 2020 on sn-devel-184
2020-11-20 17:27:17 +03:00
#include "samba/service_stream.h"
r25026: Move param/param.h out of includes.h (This used to be commit abe8349f9b4387961ff3665d8c589d61cd2edf31)
2007-09-08 16:42:09 +04:00
#include "param/param.h"
s4:smb_server: fix mixing socket_address and tsocket_address metze
2009-12-23 12:19:43 +03:00
#include "../lib/tsocket/tsocket.h"
s4-smb: serialise session setup operations the mixture of async and sync code in gensec makes a EOF on a socket during a session setup cause a crash. The simplest solution is to stop processing events on the socket until the session setup is complete.
2010-09-12 16:24:46 +04:00
#include "lib/stream/packet.h"
first public release of samba4 code (This used to be commit b0510b5428b3461aeb9bbe3cc95f62fc73e2b97f)
2003-08-13 05:53:07 +04:00
s4:auth Change auth_generate_session_info to take an auth context The auth context was in the past only for NTLM authentication, but we need a SAM, an event context and and loadparm context for calculating the local groups too, so re-use that infrustructure we already have in place. However, to avoid problems where we may not have an auth_context (in torture tests, for example), allow a simpler 'session_info' to be generated, by passing this via an indirection in gensec and an generate_session_info() function pointer in the struct auth_context. In the smb_server (for old-style session setups) we need to change the async context to a new 'struct sesssetup_context'. This allows us to use the auth_context in processing the authentication reply . Andrew Bartlett
2010-04-13 06:00:06 +04:00
struct sesssetup_context {
s4-auth Rename auth -> auth4 to avoid conflict with s3 auth
2011-05-07 10:14:06 +04:00
struct auth4_context *auth_context;
s4:auth Change auth_generate_session_info to take an auth context The auth context was in the past only for NTLM authentication, but we need a SAM, an event context and and loadparm context for calculating the local groups too, so re-use that infrustructure we already have in place. However, to avoid problems where we may not have an auth_context (in torture tests, for example), allow a simpler 'session_info' to be generated, by passing this via an indirection in gensec and an generate_session_info() function pointer in the struct auth_context. In the smb_server (for old-style session setups) we need to change the async context to a new 'struct sesssetup_context'. This allows us to use the auth_context in processing the authentication reply . Andrew Bartlett
2010-04-13 06:00:06 +04:00
struct smbsrv_request *req;
};
s4-auth: Log SMB authorization for bare NTLM (NTLMSSP/krb5 already done) gensec_session_info() is not called for bare NTLM, so we have to log manually Signed-off-by: Andrew Bartlett <abartlet@samba.org> Pair-Programmed-by: Gary Lockyer <gary@catalyst.net.nz> Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
2017-03-01 06:28:06 +03:00
/*
* Log the SMB authentication, as by not calling GENSEC we won't log
* it during the gensec_session_info().
*/
void smbsrv_not_spengo_sesssetup_authz_log(struct smbsrv_request *req,
struct auth_session_info *session_info)
{
struct tsocket_address *local_address;
struct tsocket_address *remote_address;
TALLOC_CTX *frame = talloc_stackframe();
remote_address = socket_get_remote_addr(req->smb_conn->connection->socket,
frame);
local_address = socket_get_local_addr(req->smb_conn->connection->socket,
frame);
auth: Add hooks for notification of authentication events over the message bus This will allow tests to be written to confirm the correct events are triggered. We pass in a messaging context from the callers Signed-off-by: Andrew Bartlett <abartlet@samba.org>
2017-03-24 05:18:46 +03:00
log_successful_authz_event(req->smb_conn->connection->msg_ctx,
req->smb_conn->lp_ctx,
remote_address,
s4-auth: Log SMB authorization for bare NTLM (NTLMSSP/krb5 already done) gensec_session_info() is not called for bare NTLM, so we have to log manually Signed-off-by: Andrew Bartlett <abartlet@samba.org> Pair-Programmed-by: Gary Lockyer <gary@catalyst.net.nz> Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
2017-03-01 06:28:06 +03:00
local_address,
"SMB",
"bare-NTLM",
auth: Log the transport connection for the authorization We also log if a simple bind was over TLS, as this particular case matters to a lot of folks Signed-off-by: Andrew Bartlett <abartlet@samba.org> Signed-off-by: Andrew Bartlett <abartlet@samba.org>
2017-03-06 04:10:17 +03:00
AUTHZ_TRANSPORT_PROTECTION_SMB,
auth: Add functionality to log client and server policy information Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-06-15 08:07:05 +03:00
session_info,
NULL /* client_audit_info */,
NULL /* server_audit_info */);
s4-auth: Log SMB authorization for bare NTLM (NTLMSSP/krb5 already done) gensec_session_info() is not called for bare NTLM, so we have to log manually Signed-off-by: Andrew Bartlett <abartlet@samba.org> Pair-Programmed-by: Gary Lockyer <gary@catalyst.net.nz> Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
2017-03-01 06:28:06 +03:00
talloc_free(frame);
return;
}
first public release of samba4 code (This used to be commit b0510b5428b3461aeb9bbe3cc95f62fc73e2b97f)
2003-08-13 05:53:07 +04:00
/*
setup the OS, Lanman and domain portions of a session setup reply
*/
r1280: rename struct request_context to smbsrv_request metze (This used to be commit a85d2db5826a84b812ea5162a11f54edd25f74e3)
2004-06-28 12:39:00 +04:00
static void sesssetup_common_strings(struct smbsrv_request *req,
first public release of samba4 code (This used to be commit b0510b5428b3461aeb9bbe3cc95f62fc73e2b97f)
2003-08-13 05:53:07 +04:00
char **os, char **lanman, char **domain)
{
r2249: got rid of some more mem_ctx elements in structures (This used to be commit 21ef338cbbe96acc8594ffc550ef60c6a40fb951)
2004-09-08 09:39:06 +04:00
(*os) = talloc_asprintf(req, "Unix");
(*lanman) = talloc_asprintf(req, "Samba %s", SAMBA_VERSION_STRING);
r26268: Avoid more use of global_loadparm - put lp_ctx in smb_server and wbsrv_connection. (This used to be commit 7c008664238ed966cb82adf5b25b22157bb50730)
2007-12-03 23:25:17 +03:00
(*domain) = talloc_asprintf(req, "%s",
s4-loadparm: 2nd half of lp_ to lpcfg_ conversion this converts all callers that use the Samba4 loadparm lp_ calling convention to use the lpcfg_ prefix. Signed-off-by: Andrew Bartlett <abartlet@samba.org>
2010-07-16 08:32:42 +04:00
lpcfg_workgroup(req->smb_conn->lp_ctx));
first public release of samba4 code (This used to be commit b0510b5428b3461aeb9bbe3cc95f62fc73e2b97f)
2003-08-13 05:53:07 +04:00
}
r17283: use the async calls of auth_check_password() and gensec_update() in the smb server. metze (This used to be commit 216e02c69cf5914487f0000d836d1082795487b2)
2006-07-27 23:07:15 +04:00
static void smbsrv_sesssetup_backend_send(struct smbsrv_request *req,
union smb_sesssetup *sess,
NTSTATUS status)
{
if (NT_STATUS_IS_OK(status)) {
r25551: Convert to standard bool type. (This used to be commit c9651e2c5c078edee7b91085e936a93625c8d708)
2007-10-07 02:10:49 +04:00
req->smb_conn->negotiate.done_sesssetup = true;
r23020: a better fix for the memory leak - this one doesn't stuff up spnego :) (This used to be commit 9a8da730a725fc9fc1a3e407273e688f44eadfe1)
2007-05-20 13:44:03 +04:00
/* we need to keep the session long term */
req->session = talloc_steal(req->smb_conn, req->session);
r17283: use the async calls of auth_check_password() and gensec_update() in the smb server. metze (This used to be commit 216e02c69cf5914487f0000d836d1082795487b2)
2006-07-27 23:07:15 +04:00
}
smbsrv_reply_sesssetup_send(req, sess, status);
}
s4:auth: change auth_check_password_send/recv to tevent_req metze
2009-12-23 11:09:37 +03:00
static void sesssetup_old_send(struct tevent_req *subreq)
r17283: use the async calls of auth_check_password() and gensec_update() in the smb server. metze (This used to be commit 216e02c69cf5914487f0000d836d1082795487b2)
2006-07-27 23:07:15 +04:00
{
s4:auth Change auth_generate_session_info to take an auth context The auth context was in the past only for NTLM authentication, but we need a SAM, an event context and and loadparm context for calculating the local groups too, so re-use that infrustructure we already have in place. However, to avoid problems where we may not have an auth_context (in torture tests, for example), allow a simpler 'session_info' to be generated, by passing this via an indirection in gensec and an generate_session_info() function pointer in the struct auth_context. In the smb_server (for old-style session setups) we need to change the async context to a new 'struct sesssetup_context'. This allows us to use the auth_context in processing the authentication reply . Andrew Bartlett
2010-04-13 06:00:06 +04:00
struct sesssetup_context *state = tevent_req_callback_data(subreq, struct sesssetup_context);
struct smbsrv_request *req = state->req;
r17283: use the async calls of auth_check_password() and gensec_update() in the smb server. metze (This used to be commit 216e02c69cf5914487f0000d836d1082795487b2)
2006-07-27 23:07:15 +04:00
union smb_sesssetup *sess = talloc_get_type(req->io_ptr, union smb_sesssetup);
s4-auth Rework auth subsystem to remove struct auth_serversupplied_info This changes auth_serversupplied_info into the IDL-defined struct auth_user_info_dc. This then in turn contains a struct auth_user_info, which is the only part of the structure that is mainted into the struct session_info. The idea here is to avoid keeping the incomplete results of the authentication (such as session keys, lists of SID memberships etc) in a namespace where it may be confused for the finalised results. Andrew Barltett
2011-02-08 08:53:13 +03:00
struct auth_user_info_dc *user_info_dc = NULL;
r17283: use the async calls of auth_check_password() and gensec_update() in the smb server. metze (This used to be commit 216e02c69cf5914487f0000d836d1082795487b2)
2006-07-27 23:07:15 +04:00
struct auth_session_info *session_info;
r23019: revert r23018 - this will require more thought. (This used to be commit df60df9678e5c45fad6c7f7cb53ba8d0ce6b7cf0)
2007-05-20 12:57:01 +04:00
struct smbsrv_session *smb_sess;
r17283: use the async calls of auth_check_password() and gensec_update() in the smb server. metze (This used to be commit 216e02c69cf5914487f0000d836d1082795487b2)
2006-07-27 23:07:15 +04:00
NTSTATUS status;
CVE-2020-25717: s4:smb_server: start with authoritative = 1 This is not strictly needed, but makes it easier to audit that we don't miss important places. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14556 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2021-10-26 18:42:41 +03:00
uint8_t authoritative = 1;
s4:auth Change auth_generate_session_info to take flags This allows us to control what groups should be added in what use cases, and in particular to more carefully control the introduction of the 'authenticated' group. In particular, in the 'service_named_pipe' protocol, we do not have control over the addition of the authenticated users group, so we key of 'is this user the anonymous SID'. This also takes more care to allocate the right length ptoken->sids Andrew Bartlett
2010-04-19 09:51:57 +04:00
uint32_t flags;
r17283: use the async calls of auth_check_password() and gensec_update() in the smb server. metze (This used to be commit 216e02c69cf5914487f0000d836d1082795487b2)
2006-07-27 23:07:15 +04:00
auth4: let auth_check_password* return pauthoritative BUG: https://bugzilla.samba.org/show_bug.cgi?id=2976 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2017-03-17 13:16:36 +03:00
status = auth_check_password_recv(subreq, req, &user_info_dc,
&authoritative);
s4:auth: change auth_check_password_send/recv to tevent_req metze
2009-12-23 11:09:37 +03:00
TALLOC_FREE(subreq);
r17283: use the async calls of auth_check_password() and gensec_update() in the smb server. metze (This used to be commit 216e02c69cf5914487f0000d836d1082795487b2)
2006-07-27 23:07:15 +04:00
if (!NT_STATUS_IS_OK(status)) goto failed;
s4:auth Change auth_generate_session_info to take flags This allows us to control what groups should be added in what use cases, and in particular to more carefully control the introduction of the 'authenticated' group. In particular, in the 'service_named_pipe' protocol, we do not have control over the addition of the authenticated users group, so we key of 'is this user the anonymous SID'. This also takes more care to allocate the right length ptoken->sids Andrew Bartlett
2010-04-19 09:51:57 +04:00
flags = AUTH_SESSION_INFO_DEFAULT_GROUPS;
auth: Pass through entire PAC flags value in auth_user_info Besides the NETLOGON_GUEST bit indicating whether the user has been authenticated, we now carry all of the other bits as well. This lets us match Windows' behaviour of simply passing these bits through to an updated PAC when processing a TGS-REQ. Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2022-12-12 00:50:01 +03:00
if (!(user_info_dc->info->user_flags & NETLOGON_GUEST)) {
s4:auth Change auth_generate_session_info to take flags This allows us to control what groups should be added in what use cases, and in particular to more carefully control the introduction of the 'authenticated' group. In particular, in the 'service_named_pipe' protocol, we do not have control over the addition of the authenticated users group, so we key of 'is this user the anonymous SID'. This also takes more care to allocate the right length ptoken->sids Andrew Bartlett
2010-04-19 09:51:57 +04:00
flags |= AUTH_SESSION_INFO_AUTHENTICATED;
}
s4-auth Rework auth subsystem to remove struct auth_serversupplied_info This changes auth_serversupplied_info into the IDL-defined struct auth_user_info_dc. This then in turn contains a struct auth_user_info, which is the only part of the structure that is mainted into the struct session_info. The idea here is to avoid keeping the incomplete results of the authentication (such as session keys, lists of SID memberships etc) in a namespace where it may be confused for the finalised results. Andrew Barltett
2011-02-08 08:53:13 +03:00
/* This references user_info_dc into session_info */
auth: Reorder arguments to generate_session_info This matches check_ntlm_password() and generate_session_info_pac() Andrew Bartlett Autobuild-User: Andrew Bartlett <abartlet@samba.org> Autobuild-Date: Sat Feb 18 02:19:35 CET 2012 on sn-devel-104
2012-02-04 10:49:49 +04:00
status = req->smb_conn->negotiate.auth_context->generate_session_info(req->smb_conn->negotiate.auth_context,
req,
auth: Pass in the SMB username (for %U) into generate_session_info This matches what Samba3 does. Andrew Bartlett Autobuild-User: Andrew Bartlett <abartlet@samba.org> Autobuild-Date: Mon Feb 13 01:25:59 CET 2012 on sn-devel-104
2012-01-30 14:49:33 +04:00
user_info_dc, sess->old.in.user,
flags, &session_info);
r17283: use the async calls of auth_check_password() and gensec_update() in the smb server. metze (This used to be commit 216e02c69cf5914487f0000d836d1082795487b2)
2006-07-27 23:07:15 +04:00
if (!NT_STATUS_IS_OK(status)) goto failed;
/* allocate a new session */
r23020: a better fix for the memory leak - this one doesn't stuff up spnego :) (This used to be commit 9a8da730a725fc9fc1a3e407273e688f44eadfe1)
2007-05-20 13:44:03 +04:00
smb_sess = smbsrv_session_new(req->smb_conn, req, NULL);
r17283: use the async calls of auth_check_password() and gensec_update() in the smb server. metze (This used to be commit 216e02c69cf5914487f0000d836d1082795487b2)
2006-07-27 23:07:15 +04:00
if (!smb_sess) {
status = NT_STATUS_INSUFFICIENT_RESOURCES;
goto failed;
}
s4-auth: Log SMB authorization for bare NTLM (NTLMSSP/krb5 already done) gensec_session_info() is not called for bare NTLM, so we have to log manually Signed-off-by: Andrew Bartlett <abartlet@samba.org> Pair-Programmed-by: Gary Lockyer <gary@catalyst.net.nz> Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
2017-03-01 06:28:06 +03:00
smbsrv_not_spengo_sesssetup_authz_log(req, session_info);
r17283: use the async calls of auth_check_password() and gensec_update() in the smb server. metze (This used to be commit 216e02c69cf5914487f0000d836d1082795487b2)
2006-07-27 23:07:15 +04:00
/* Ensure this is marked as a 'real' vuid, not one
* simply valid for the session setup leg */
status = smbsrv_session_sesssetup_finished(smb_sess, session_info);
if (!NT_STATUS_IS_OK(status)) goto failed;
/* To correctly process any AndX packet (like a tree connect)
* we need to fill in the session on the request here */
req->session = smb_sess;
sess->old.out.vuid = smb_sess->vuid;
failed:
s4-nterr: move auth_nt_status_squash to nt_status_squash and move to nterr.c Guenther
2011-03-03 03:05:33 +03:00
status = nt_status_squash(status);
r17283: use the async calls of auth_check_password() and gensec_update() in the smb server. metze (This used to be commit 216e02c69cf5914487f0000d836d1082795487b2)
2006-07-27 23:07:15 +04:00
smbsrv_sesssetup_backend_send(req, sess, status);
}
first public release of samba4 code (This used to be commit b0510b5428b3461aeb9bbe3cc95f62fc73e2b97f)
2003-08-13 05:53:07 +04:00
/*
handler for old style session setup
*/
r17283: use the async calls of auth_check_password() and gensec_update() in the smb server. metze (This used to be commit 216e02c69cf5914487f0000d836d1082795487b2)
2006-07-27 23:07:15 +04:00
static void sesssetup_old(struct smbsrv_request *req, union smb_sesssetup *sess)
first public release of samba4 code (This used to be commit b0510b5428b3461aeb9bbe3cc95f62fc73e2b97f)
2003-08-13 05:53:07 +04:00
{
r1019: Push the auth subsystem away from using typedef, and over to the 'all goodness and light' struct ;-) Break apart the auth subsystem's return strucutres, into the parts that a netlogon call cares about, and the parts that are for a local session. This is the 'struct session_info' and it will almost completly replace the current information stored on a vuid, but be generic to all login methods (RPC over TCP, for example). Andrew Bartlett (This used to be commit d199697014d9562f9439a30b950fda798c5ef419)
2004-06-05 05:39:08 +04:00
struct auth_usersupplied_info *user_info = NULL;
auth: Always supply both the remote and local address to the auth subsystem This ensures that gensec, and then the NTLM auth subsystem under it, always gets the remote and local address pointers for potential logging. The local address allows us to know which interface an authentication is on Signed-off-by: Andrew Bartlett <abartlet@samba.org> Pair-Programmed-by: Gary Lockyer <gary@catalyst.net.nz> Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
2017-02-23 04:31:52 +03:00
struct tsocket_address *remote_address, *local_address;
r8700: Propmted by tridge's need to do plaintext auth in ejs, rework the user_info strcture in auth/ This moves it to a pattern much like that found in ntvfs, with functions to migrate between PAIN, HASH and RESPONSE passwords. Instead of make_user_info*() functions, we simply fill in the control block in the callers, per recent dicussions on the lists. This removed a lot of data copies as well as error paths, as we can grab much of it with talloc. Andrew Bartlett (This used to be commit ecbd2235a3e2be937440fa1dc0aecc5a047eda88)
2005-07-22 08:10:07 +04:00
const char *remote_machine = NULL;
s4:auth: change auth_check_password_send/recv to tevent_req metze
2009-12-23 11:09:37 +03:00
struct tevent_req *subreq;
s4:auth Change auth_generate_session_info to take an auth context The auth context was in the past only for NTLM authentication, but we need a SAM, an event context and and loadparm context for calculating the local groups too, so re-use that infrustructure we already have in place. However, to avoid problems where we may not have an auth_context (in torture tests, for example), allow a simpler 'session_info' to be generated, by passing this via an indirection in gensec and an generate_session_info() function pointer in the struct auth_context. In the smb_server (for old-style session setups) we need to change the async context to a new 'struct sesssetup_context'. This allows us to use the auth_context in processing the authentication reply . Andrew Bartlett
2010-04-13 06:00:06 +04:00
struct sesssetup_context *state;
r4620: - add interface functions to the auth subsystem so that callers doesn't need to use function pointers anymore - make the module init much easier - a lot of cleanups don't try to read the diff in auth/ better read the new files it passes test_echo.sh and test_rpc.sh abartlet: please fix spelling fixes metze (This used to be commit 3c0d16b8236451f2cfd38fc3db8ae2906106d847)
2005-01-09 15:55:25 +03:00
r11778: - remove unused memory contexts as req is already the temporary context for the current request - just use '0', I'll remove the UID_FIELD_INVALID macro completly later - why search for the session we have just create - add TODO notices, I need to dicuss them with abartlet... metze (This used to be commit 4bceb94749fba3138c492bed2733fad006affcc5)
2005-11-18 14:39:31 +03:00
sess->old.out.vuid = 0;
r6270: Move the VUID handling to a IDR tree. This should avoid O(n) behaviour on session setups, and because we no longer need do deal with the linked list as much, the code is much simpiler too. We may be able to compleatly remove the tid and vuid linked lists, but I need to check. This patch also tries to clean up the VUID handling and session setups in general. To avoid security issues, we now have a distinction between VUIDs allocated for the session setup (to tie togeather the multiple round trips) and those used after authentication. Andrew Bartlett (This used to be commit 3e5775146d9ce6f0ac43aecae7e899b5324399ad)
2005-04-10 11:39:51 +04:00
sess->old.out.action = 0;
r17283: use the async calls of auth_check_password() and gensec_update() in the smb server. metze (This used to be commit 216e02c69cf5914487f0000d836d1082795487b2)
2006-07-27 23:07:15 +04:00
sesssetup_common_strings(req,
&sess->old.out.os,
&sess->old.out.lanman,
&sess->old.out.domain);
r1291: rename struct smbsrv_context to smbsrv_connection because this is the connection state per transport layer (tcp) connection I also moved the substructs directly into smbsrv_connection, because they don't need a struct name and we should allway pass the complete smbsrv_connection struct into functions metze (This used to be commit 60f823f201fcedf5473008e8453a6351e73a92c7)
2004-06-29 11:40:14 +04:00
if (!req->smb_conn->negotiate.done_sesssetup) {
req->smb_conn->negotiate.max_send = sess->old.in.bufsize;
first public release of samba4 code (This used to be commit b0510b5428b3461aeb9bbe3cc95f62fc73e2b97f)
2003-08-13 05:53:07 +04:00
}
r17283: use the async calls of auth_check_password() and gensec_update() in the smb server. metze (This used to be commit 216e02c69cf5914487f0000d836d1082795487b2)
2006-07-27 23:07:15 +04:00
r10946: Use the right name for the remote workstation, and always initialise it. Should fix a valgrind error volker is seeing. Andrew Bartlett (This used to be commit 11957c5f37fe0a0be465a9ce9d6d256724c5951c)
2005-10-13 02:25:51 +04:00
if (req->smb_conn->negotiate.calling_name) {
remote_machine = req->smb_conn->negotiate.calling_name->name;
r8700: Propmted by tridge's need to do plaintext auth in ejs, rework the user_info strcture in auth/ This moves it to a pattern much like that found in ntvfs, with functions to migrate between PAIN, HASH and RESPONSE passwords. Instead of make_user_info*() functions, we simply fill in the control block in the callers, per recent dicussions on the lists. This removed a lot of data copies as well as error paths, as we can grab much of it with talloc. Andrew Bartlett (This used to be commit ecbd2235a3e2be937440fa1dc0aecc5a047eda88)
2005-07-22 08:10:07 +04:00
}
s4:smb_server: fix mixing socket_address and tsocket_address metze
2009-12-23 12:19:43 +03:00
remote_address = socket_get_remote_addr(req->smb_conn->connection->socket, req);
r17283: use the async calls of auth_check_password() and gensec_update() in the smb server. metze (This used to be commit 216e02c69cf5914487f0000d836d1082795487b2)
2006-07-27 23:07:15 +04:00
if (!remote_address) goto nomem;
r12804: This patch reworks the Samba4 sockets layer to use a socket_address structure that is more generic than just 'IP/port'. It now passes make test, and has been reviewed and updated by metze. (Thankyou *very* much). This passes 'make test' as well as kerberos use (not currently in the testsuite). The original purpose of this patch was to have Samba able to pass a socket address stucture from the BSD layer into the kerberos routines and back again. It also removes nbt_peer_addr, which was being used for a similar purpose. It is a large change, but worthwhile I feel. Andrew Bartlett (This used to be commit 88198c4881d8620a37086f80e4da5a5b71c5bbb2)
2006-01-10 01:12:53 +03:00
r8700: Propmted by tridge's need to do plaintext auth in ejs, rework the user_info strcture in auth/ This moves it to a pattern much like that found in ntvfs, with functions to migrate between PAIN, HASH and RESPONSE passwords. Instead of make_user_info*() functions, we simply fill in the control block in the callers, per recent dicussions on the lists. This removed a lot of data copies as well as error paths, as we can grab much of it with talloc. Andrew Bartlett (This used to be commit ecbd2235a3e2be937440fa1dc0aecc5a047eda88)
2005-07-22 08:10:07 +04:00
if (!remote_machine) {
s4:smb_server: fix mixing socket_address and tsocket_address metze
2009-12-23 12:19:43 +03:00
remote_machine = tsocket_address_inet_addr_string(remote_address, req);
if (!remote_machine) goto nomem;
r8700: Propmted by tridge's need to do plaintext auth in ejs, rework the user_info strcture in auth/ This moves it to a pattern much like that found in ntvfs, with functions to migrate between PAIN, HASH and RESPONSE passwords. Instead of make_user_info*() functions, we simply fill in the control block in the callers, per recent dicussions on the lists. This removed a lot of data copies as well as error paths, as we can grab much of it with talloc. Andrew Bartlett (This used to be commit ecbd2235a3e2be937440fa1dc0aecc5a047eda88)
2005-07-22 08:10:07 +04:00
}
auth: Always supply both the remote and local address to the auth subsystem This ensures that gensec, and then the NTLM auth subsystem under it, always gets the remote and local address pointers for potential logging. The local address allows us to know which interface an authentication is on Signed-off-by: Andrew Bartlett <abartlet@samba.org> Pair-Programmed-by: Gary Lockyer <gary@catalyst.net.nz> Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
2017-02-23 04:31:52 +03:00
local_address = socket_get_local_addr(req->smb_conn->connection->socket, req);
if (!local_address) goto nomem;
s4:auth Move struct auth_usersupplied_info to a common location This also changes the calling convention slightly - we should always allocate this with talloc_zero() to allow some elements to be optional. Some elements may only make sense in Samba3, which I hope will use this common structure. Andrew Bartlett
2010-05-04 10:44:08 +04:00
user_info = talloc_zero(req, struct auth_usersupplied_info);
r17283: use the async calls of auth_check_password() and gensec_update() in the smb server. metze (This used to be commit 216e02c69cf5914487f0000d836d1082795487b2)
2006-07-27 23:07:15 +04:00
if (!user_info) goto nomem;
auth: Fill in user_info->service_description from all callers This will allow the logging code to make clear which protocol an authentication was for. Signed-off-by: Andrew Bartlett <abartlet@samba.org> Pair-Programmed-by: Gary Lockyer <gary@catalyst.net.nz> Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
2017-02-20 04:52:07 +03:00
user_info->service_description = "SMB";
r8700: Propmted by tridge's need to do plaintext auth in ejs, rework the user_info strcture in auth/ This moves it to a pattern much like that found in ntvfs, with functions to migrate between PAIN, HASH and RESPONSE passwords. Instead of make_user_info*() functions, we simply fill in the control block in the callers, per recent dicussions on the lists. This removed a lot of data copies as well as error paths, as we can grab much of it with talloc. Andrew Bartlett (This used to be commit ecbd2235a3e2be937440fa1dc0aecc5a047eda88)
2005-07-22 08:10:07 +04:00
r11367: Ensure to intialise the new logon_parameters (0 for session setups). Andrew Bartlett (This used to be commit abff53b6339b7924ff705c7e3685135e85d8ed7a)
2005-10-28 13:14:16 +04:00
user_info->logon_parameters = 0;
r8700: Propmted by tridge's need to do plaintext auth in ejs, rework the user_info strcture in auth/ This moves it to a pattern much like that found in ntvfs, with functions to migrate between PAIN, HASH and RESPONSE passwords. Instead of make_user_info*() functions, we simply fill in the control block in the callers, per recent dicussions on the lists. This removed a lot of data copies as well as error paths, as we can grab much of it with talloc. Andrew Bartlett (This used to be commit ecbd2235a3e2be937440fa1dc0aecc5a047eda88)
2005-07-22 08:10:07 +04:00
user_info->flags = 0;
user_info->client.account_name = sess->old.in.user;
user_info->client.domain_name = sess->old.in.domain;
user_info->workstation_name = remote_machine;
auth: Always supply both the remote and local address to the auth subsystem This ensures that gensec, and then the NTLM auth subsystem under it, always gets the remote and local address pointers for potential logging. The local address allows us to know which interface an authentication is on Signed-off-by: Andrew Bartlett <abartlet@samba.org> Pair-Programmed-by: Gary Lockyer <gary@catalyst.net.nz> Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
2017-02-23 04:31:52 +03:00
r12804: This patch reworks the Samba4 sockets layer to use a socket_address structure that is more generic than just 'IP/port'. It now passes make test, and has been reviewed and updated by metze. (Thankyou *very* much). This passes 'make test' as well as kerberos use (not currently in the testsuite). The original purpose of this patch was to have Samba able to pass a socket address stucture from the BSD layer into the kerberos routines and back again. It also removes nbt_peer_addr, which was being used for a similar purpose. It is a large change, but worthwhile I feel. Andrew Bartlett (This used to be commit 88198c4881d8620a37086f80e4da5a5b71c5bbb2)
2006-01-10 01:12:53 +03:00
user_info->remote_host = talloc_steal(user_info, remote_address);
auth: Always supply both the remote and local address to the auth subsystem This ensures that gensec, and then the NTLM auth subsystem under it, always gets the remote and local address pointers for potential logging. The local address allows us to know which interface an authentication is on Signed-off-by: Andrew Bartlett <abartlet@samba.org> Pair-Programmed-by: Gary Lockyer <gary@catalyst.net.nz> Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
2017-02-23 04:31:52 +03:00
user_info->local_host = talloc_steal(user_info, local_address);
r8700: Propmted by tridge's need to do plaintext auth in ejs, rework the user_info strcture in auth/ This moves it to a pattern much like that found in ntvfs, with functions to migrate between PAIN, HASH and RESPONSE passwords. Instead of make_user_info*() functions, we simply fill in the control block in the callers, per recent dicussions on the lists. This removed a lot of data copies as well as error paths, as we can grab much of it with talloc. Andrew Bartlett (This used to be commit ecbd2235a3e2be937440fa1dc0aecc5a047eda88)
2005-07-22 08:10:07 +04:00
user_info->password_state = AUTH_PASSWORD_RESPONSE;
user_info->password.response.lanman = sess->old.in.password;
user_info->password.response.lanman.data = talloc_steal(user_info, sess->old.in.password.data);
user_info->password.response.nt = data_blob(NULL, 0);
first public release of samba4 code (This used to be commit b0510b5428b3461aeb9bbe3cc95f62fc73e2b97f)
2003-08-13 05:53:07 +04:00
s4:auth Change auth_generate_session_info to take an auth context The auth context was in the past only for NTLM authentication, but we need a SAM, an event context and and loadparm context for calculating the local groups too, so re-use that infrustructure we already have in place. However, to avoid problems where we may not have an auth_context (in torture tests, for example), allow a simpler 'session_info' to be generated, by passing this via an indirection in gensec and an generate_session_info() function pointer in the struct auth_context. In the smb_server (for old-style session setups) we need to change the async context to a new 'struct sesssetup_context'. This allows us to use the auth_context in processing the authentication reply . Andrew Bartlett
2010-04-13 06:00:06 +04:00
state = talloc(req, struct sesssetup_context);
if (!state) goto nomem;
if (req->smb_conn->negotiate.auth_context) {
state->auth_context = req->smb_conn->negotiate.auth_context;
} else {
/* TODO: should we use just "anonymous" here? */
NTSTATUS status = auth_context_create(state,
req->smb_conn->connection->event.ctx,
req->smb_conn->connection->msg_ctx,
req->smb_conn->lp_ctx,
&state->auth_context);
if (!NT_STATUS_IS_OK(status)) {
smbsrv_sesssetup_backend_send(req, sess, status);
return;
}
}
state->req = req;
subreq = auth_check_password_send(state,
s4:auth: change auth_check_password_send/recv to tevent_req metze
2009-12-23 11:09:37 +03:00
req->smb_conn->connection->event.ctx,
req->smb_conn->negotiate.auth_context,
user_info);
if (!subreq) goto nomem;
s4:auth Change auth_generate_session_info to take an auth context The auth context was in the past only for NTLM authentication, but we need a SAM, an event context and and loadparm context for calculating the local groups too, so re-use that infrustructure we already have in place. However, to avoid problems where we may not have an auth_context (in torture tests, for example), allow a simpler 'session_info' to be generated, by passing this via an indirection in gensec and an generate_session_info() function pointer in the struct auth_context. In the smb_server (for old-style session setups) we need to change the async context to a new 'struct sesssetup_context'. This allows us to use the auth_context in processing the authentication reply . Andrew Bartlett
2010-04-13 06:00:06 +04:00
tevent_req_set_callback(subreq, sesssetup_old_send, state);
r17283: use the async calls of auth_check_password() and gensec_update() in the smb server. metze (This used to be commit 216e02c69cf5914487f0000d836d1082795487b2)
2006-07-27 23:07:15 +04:00
return;
nomem:
smbsrv_sesssetup_backend_send(req, sess, NT_STATUS_NO_MEMORY);
}
s4:auth: change auth_check_password_send/recv to tevent_req metze
2009-12-23 11:09:37 +03:00
static void sesssetup_nt1_send(struct tevent_req *subreq)
r17283: use the async calls of auth_check_password() and gensec_update() in the smb server. metze (This used to be commit 216e02c69cf5914487f0000d836d1082795487b2)
2006-07-27 23:07:15 +04:00
{
s4:auth Change auth_generate_session_info to take an auth context The auth context was in the past only for NTLM authentication, but we need a SAM, an event context and and loadparm context for calculating the local groups too, so re-use that infrustructure we already have in place. However, to avoid problems where we may not have an auth_context (in torture tests, for example), allow a simpler 'session_info' to be generated, by passing this via an indirection in gensec and an generate_session_info() function pointer in the struct auth_context. In the smb_server (for old-style session setups) we need to change the async context to a new 'struct sesssetup_context'. This allows us to use the auth_context in processing the authentication reply . Andrew Bartlett
2010-04-13 06:00:06 +04:00
struct sesssetup_context *state = tevent_req_callback_data(subreq, struct sesssetup_context);
struct smbsrv_request *req = state->req;
r17283: use the async calls of auth_check_password() and gensec_update() in the smb server. metze (This used to be commit 216e02c69cf5914487f0000d836d1082795487b2)
2006-07-27 23:07:15 +04:00
union smb_sesssetup *sess = talloc_get_type(req->io_ptr, union smb_sesssetup);
s4-auth Rework auth subsystem to remove struct auth_serversupplied_info This changes auth_serversupplied_info into the IDL-defined struct auth_user_info_dc. This then in turn contains a struct auth_user_info, which is the only part of the structure that is mainted into the struct session_info. The idea here is to avoid keeping the incomplete results of the authentication (such as session keys, lists of SID memberships etc) in a namespace where it may be confused for the finalised results. Andrew Barltett
2011-02-08 08:53:13 +03:00
struct auth_user_info_dc *user_info_dc = NULL;
r17283: use the async calls of auth_check_password() and gensec_update() in the smb server. metze (This used to be commit 216e02c69cf5914487f0000d836d1082795487b2)
2006-07-27 23:07:15 +04:00
struct auth_session_info *session_info;
r23019: revert r23018 - this will require more thought. (This used to be commit df60df9678e5c45fad6c7f7cb53ba8d0ce6b7cf0)
2007-05-20 12:57:01 +04:00
struct smbsrv_session *smb_sess;
CVE-2020-25717: s4:smb_server: start with authoritative = 1 This is not strictly needed, but makes it easier to audit that we don't miss important places. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14556 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2021-10-26 18:42:41 +03:00
uint8_t authoritative = 1;
s4:auth Change auth_generate_session_info to take flags This allows us to control what groups should be added in what use cases, and in particular to more carefully control the introduction of the 'authenticated' group. In particular, in the 'service_named_pipe' protocol, we do not have control over the addition of the authenticated users group, so we key of 'is this user the anonymous SID'. This also takes more care to allocate the right length ptoken->sids Andrew Bartlett
2010-04-19 09:51:57 +04:00
uint32_t flags;
r17283: use the async calls of auth_check_password() and gensec_update() in the smb server. metze (This used to be commit 216e02c69cf5914487f0000d836d1082795487b2)
2006-07-27 23:07:15 +04:00
NTSTATUS status;
auth4: let auth_check_password* return pauthoritative BUG: https://bugzilla.samba.org/show_bug.cgi?id=2976 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2017-03-17 13:16:36 +03:00
status = auth_check_password_recv(subreq, req, &user_info_dc,
&authoritative);
s4:auth: change auth_check_password_send/recv to tevent_req metze
2009-12-23 11:09:37 +03:00
TALLOC_FREE(subreq);
r17283: use the async calls of auth_check_password() and gensec_update() in the smb server. metze (This used to be commit 216e02c69cf5914487f0000d836d1082795487b2)
2006-07-27 23:07:15 +04:00
if (!NT_STATUS_IS_OK(status)) goto failed;
r443: Update Samba4 to the auth and NTLMSSP code from Samba3. Not all the auth code is merged - only those parts that are actually being used in Samba4. There is a lot more work to do in the NTLMSSP area, and I hope to develop that work here. There is a start on this here - splitting NTLMSSP into two parts that my operate in an async fashion (before and after the actual authentication) Andrew Bartlett (This used to be commit 5876c78806e6a6c44613a1354e8d564b427d0c9f)
2004-05-02 12:45:00 +04:00
s4:auth Change auth_generate_session_info to take flags This allows us to control what groups should be added in what use cases, and in particular to more carefully control the introduction of the 'authenticated' group. In particular, in the 'service_named_pipe' protocol, we do not have control over the addition of the authenticated users group, so we key of 'is this user the anonymous SID'. This also takes more care to allocate the right length ptoken->sids Andrew Bartlett
2010-04-19 09:51:57 +04:00
flags = AUTH_SESSION_INFO_DEFAULT_GROUPS;
auth: Pass through entire PAC flags value in auth_user_info Besides the NETLOGON_GUEST bit indicating whether the user has been authenticated, we now carry all of the other bits as well. This lets us match Windows' behaviour of simply passing these bits through to an updated PAC when processing a TGS-REQ. Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2022-12-12 00:50:01 +03:00
if (!(user_info_dc->info->user_flags & NETLOGON_GUEST)) {
s4:auth Change auth_generate_session_info to take flags This allows us to control what groups should be added in what use cases, and in particular to more carefully control the introduction of the 'authenticated' group. In particular, in the 'service_named_pipe' protocol, we do not have control over the addition of the authenticated users group, so we key of 'is this user the anonymous SID'. This also takes more care to allocate the right length ptoken->sids Andrew Bartlett
2010-04-19 09:51:57 +04:00
flags |= AUTH_SESSION_INFO_AUTHENTICATED;
}
s4-auth Rework auth subsystem to remove struct auth_serversupplied_info This changes auth_serversupplied_info into the IDL-defined struct auth_user_info_dc. This then in turn contains a struct auth_user_info, which is the only part of the structure that is mainted into the struct session_info. The idea here is to avoid keeping the incomplete results of the authentication (such as session keys, lists of SID memberships etc) in a namespace where it may be confused for the finalised results. Andrew Barltett
2011-02-08 08:53:13 +03:00
/* This references user_info_dc into session_info */
auth: Reorder arguments to generate_session_info This matches check_ntlm_password() and generate_session_info_pac() Andrew Bartlett Autobuild-User: Andrew Bartlett <abartlet@samba.org> Autobuild-Date: Sat Feb 18 02:19:35 CET 2012 on sn-devel-104
2012-02-04 10:49:49 +04:00
status = state->auth_context->generate_session_info(state->auth_context,
req,
s4-auth Rework auth subsystem to remove struct auth_serversupplied_info This changes auth_serversupplied_info into the IDL-defined struct auth_user_info_dc. This then in turn contains a struct auth_user_info, which is the only part of the structure that is mainted into the struct session_info. The idea here is to avoid keeping the incomplete results of the authentication (such as session keys, lists of SID memberships etc) in a namespace where it may be confused for the finalised results. Andrew Barltett
2011-02-08 08:53:13 +03:00
user_info_dc,
auth: Pass in the SMB username (for %U) into generate_session_info This matches what Samba3 does. Andrew Bartlett Autobuild-User: Andrew Bartlett <abartlet@samba.org> Autobuild-Date: Mon Feb 13 01:25:59 CET 2012 on sn-devel-104
2012-01-30 14:49:33 +04:00
sess->nt1.in.user,
s4:auth Change auth_generate_session_info to take flags This allows us to control what groups should be added in what use cases, and in particular to more carefully control the introduction of the 'authenticated' group. In particular, in the 'service_named_pipe' protocol, we do not have control over the addition of the authenticated users group, so we key of 'is this user the anonymous SID'. This also takes more care to allocate the right length ptoken->sids Andrew Bartlett
2010-04-19 09:51:57 +04:00
flags,
s4:auth Change auth_generate_session_info to take an auth context The auth context was in the past only for NTLM authentication, but we need a SAM, an event context and and loadparm context for calculating the local groups too, so re-use that infrustructure we already have in place. However, to avoid problems where we may not have an auth_context (in torture tests, for example), allow a simpler 'session_info' to be generated, by passing this via an indirection in gensec and an generate_session_info() function pointer in the struct auth_context. In the smb_server (for old-style session setups) we need to change the async context to a new 'struct sesssetup_context'. This allows us to use the auth_context in processing the authentication reply . Andrew Bartlett
2010-04-13 06:00:06 +04:00
&session_info);
r17283: use the async calls of auth_check_password() and gensec_update() in the smb server. metze (This used to be commit 216e02c69cf5914487f0000d836d1082795487b2)
2006-07-27 23:07:15 +04:00
if (!NT_STATUS_IS_OK(status)) goto failed;
first public release of samba4 code (This used to be commit b0510b5428b3461aeb9bbe3cc95f62fc73e2b97f)
2003-08-13 05:53:07 +04:00
r11783: - make the VIUD field in smbsrv_session 64bit, as SMB2 needs it - add an idtree_limit to limit the max VUID we give the clients it's UINT16_MAX (0xffff) for the SMB protocol - add auth_time to the smbsrv_session statistics - use the session_info as marker for finished and non-finished session setups metze (This used to be commit 7eb10048b2c4e5ee9c39750dc877514ed9235a76)
2005-11-18 15:57:48 +03:00
/* allocate a new session */
r23020: a better fix for the memory leak - this one doesn't stuff up spnego :) (This used to be commit 9a8da730a725fc9fc1a3e407273e688f44eadfe1)
2007-05-20 13:44:03 +04:00
smb_sess = smbsrv_session_new(req->smb_conn, req, NULL);
r6270: Move the VUID handling to a IDR tree. This should avoid O(n) behaviour on session setups, and because we no longer need do deal with the linked list as much, the code is much simpiler too. We may be able to compleatly remove the tid and vuid linked lists, but I need to check. This patch also tries to clean up the VUID handling and session setups in general. To avoid security issues, we now have a distinction between VUIDs allocated for the session setup (to tie togeather the multiple round trips) and those used after authentication. Andrew Bartlett (This used to be commit 3e5775146d9ce6f0ac43aecae7e899b5324399ad)
2005-04-10 11:39:51 +04:00
if (!smb_sess) {
r17283: use the async calls of auth_check_password() and gensec_update() in the smb server. metze (This used to be commit 216e02c69cf5914487f0000d836d1082795487b2)
2006-07-27 23:07:15 +04:00
status = NT_STATUS_INSUFFICIENT_RESOURCES;
goto failed;
r1336: check the vuid in old style sessionsetup too metze (This used to be commit 32e307857ccc99b446e7574d46b610c63ee03583)
2004-07-05 11:29:14 +04:00
}
r6270: Move the VUID handling to a IDR tree. This should avoid O(n) behaviour on session setups, and because we no longer need do deal with the linked list as much, the code is much simpiler too. We may be able to compleatly remove the tid and vuid linked lists, but I need to check. This patch also tries to clean up the VUID handling and session setups in general. To avoid security issues, we now have a distinction between VUIDs allocated for the session setup (to tie togeather the multiple round trips) and those used after authentication. Andrew Bartlett (This used to be commit 3e5775146d9ce6f0ac43aecae7e899b5324399ad)
2005-04-10 11:39:51 +04:00
s4-auth: Log SMB authorization for bare NTLM (NTLMSSP/krb5 already done) gensec_session_info() is not called for bare NTLM, so we have to log manually Signed-off-by: Andrew Bartlett <abartlet@samba.org> Pair-Programmed-by: Gary Lockyer <gary@catalyst.net.nz> Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
2017-03-01 06:28:06 +03:00
smbsrv_not_spengo_sesssetup_authz_log(req, session_info);
r6270: Move the VUID handling to a IDR tree. This should avoid O(n) behaviour on session setups, and because we no longer need do deal with the linked list as much, the code is much simpiler too. We may be able to compleatly remove the tid and vuid linked lists, but I need to check. This patch also tries to clean up the VUID handling and session setups in general. To avoid security issues, we now have a distinction between VUIDs allocated for the session setup (to tie togeather the multiple round trips) and those used after authentication. Andrew Bartlett (This used to be commit 3e5775146d9ce6f0ac43aecae7e899b5324399ad)
2005-04-10 11:39:51 +04:00
/* Ensure this is marked as a 'real' vuid, not one
* simply valid for the session setup leg */
r11783: - make the VIUD field in smbsrv_session 64bit, as SMB2 needs it - add an idtree_limit to limit the max VUID we give the clients it's UINT16_MAX (0xffff) for the SMB protocol - add auth_time to the smbsrv_session statistics - use the session_info as marker for finished and non-finished session setups metze (This used to be commit 7eb10048b2c4e5ee9c39750dc877514ed9235a76)
2005-11-18 15:57:48 +03:00
status = smbsrv_session_sesssetup_finished(smb_sess, session_info);
r17283: use the async calls of auth_check_password() and gensec_update() in the smb server. metze (This used to be commit 216e02c69cf5914487f0000d836d1082795487b2)
2006-07-27 23:07:15 +04:00
if (!NT_STATUS_IS_OK(status)) goto failed;
r6270: Move the VUID handling to a IDR tree. This should avoid O(n) behaviour on session setups, and because we no longer need do deal with the linked list as much, the code is much simpiler too. We may be able to compleatly remove the tid and vuid linked lists, but I need to check. This patch also tries to clean up the VUID handling and session setups in general. To avoid security issues, we now have a distinction between VUIDs allocated for the session setup (to tie togeather the multiple round trips) and those used after authentication. Andrew Bartlett (This used to be commit 3e5775146d9ce6f0ac43aecae7e899b5324399ad)
2005-04-10 11:39:51 +04:00
/* To correctly process any AndX packet (like a tree connect)
* we need to fill in the session on the request here */
req->session = smb_sess;
r17283: use the async calls of auth_check_password() and gensec_update() in the smb server. metze (This used to be commit 216e02c69cf5914487f0000d836d1082795487b2)
2006-07-27 23:07:15 +04:00
sess->nt1.out.vuid = smb_sess->vuid;
r6270: Move the VUID handling to a IDR tree. This should avoid O(n) behaviour on session setups, and because we no longer need do deal with the linked list as much, the code is much simpiler too. We may be able to compleatly remove the tid and vuid linked lists, but I need to check. This patch also tries to clean up the VUID handling and session setups in general. To avoid security issues, we now have a distinction between VUIDs allocated for the session setup (to tie togeather the multiple round trips) and those used after authentication. Andrew Bartlett (This used to be commit 3e5775146d9ce6f0ac43aecae7e899b5324399ad)
2005-04-10 11:39:51 +04:00
r17283: use the async calls of auth_check_password() and gensec_update() in the smb server. metze (This used to be commit 216e02c69cf5914487f0000d836d1082795487b2)
2006-07-27 23:07:15 +04:00
if (!smbsrv_setup_signing(req->smb_conn, &session_info->session_key, &sess->nt1.in.password2)) {
/* Already signing, or disabled */
goto done;
}
first public release of samba4 code (This used to be commit b0510b5428b3461aeb9bbe3cc95f62fc73e2b97f)
2003-08-13 05:53:07 +04:00
r17283: use the async calls of auth_check_password() and gensec_update() in the smb server. metze (This used to be commit 216e02c69cf5914487f0000d836d1082795487b2)
2006-07-27 23:07:15 +04:00
done:
status = NT_STATUS_OK;
failed:
s4-nterr: move auth_nt_status_squash to nt_status_squash and move to nterr.c Guenther
2011-03-03 03:05:33 +03:00
status = nt_status_squash(status);
r17283: use the async calls of auth_check_password() and gensec_update() in the smb server. metze (This used to be commit 216e02c69cf5914487f0000d836d1082795487b2)
2006-07-27 23:07:15 +04:00
smbsrv_sesssetup_backend_send(req, sess, status);
}
first public release of samba4 code (This used to be commit b0510b5428b3461aeb9bbe3cc95f62fc73e2b97f)
2003-08-13 05:53:07 +04:00
/*
handler for NT1 style session setup
*/
r17283: use the async calls of auth_check_password() and gensec_update() in the smb server. metze (This used to be commit 216e02c69cf5914487f0000d836d1082795487b2)
2006-07-27 23:07:15 +04:00
static void sesssetup_nt1(struct smbsrv_request *req, union smb_sesssetup *sess)
first public release of samba4 code (This used to be commit b0510b5428b3461aeb9bbe3cc95f62fc73e2b97f)
2003-08-13 05:53:07 +04:00
{
NTSTATUS status;
r1019: Push the auth subsystem away from using typedef, and over to the 'all goodness and light' struct ;-) Break apart the auth subsystem's return strucutres, into the parts that a netlogon call cares about, and the parts that are for a local session. This is the 'struct session_info' and it will almost completly replace the current information stored on a vuid, but be generic to all login methods (RPC over TCP, for example). Andrew Bartlett (This used to be commit d199697014d9562f9439a30b950fda798c5ef419)
2004-06-05 05:39:08 +04:00
struct auth_usersupplied_info *user_info = NULL;
auth: Always supply both the remote and local address to the auth subsystem This ensures that gensec, and then the NTLM auth subsystem under it, always gets the remote and local address pointers for potential logging. The local address allows us to know which interface an authentication is on Signed-off-by: Andrew Bartlett <abartlet@samba.org> Pair-Programmed-by: Gary Lockyer <gary@catalyst.net.nz> Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
2017-02-23 04:31:52 +03:00
struct tsocket_address *remote_address, *local_address;
r11778: - remove unused memory contexts as req is already the temporary context for the current request - just use '0', I'll remove the UID_FIELD_INVALID macro completly later - why search for the session we have just create - add TODO notices, I need to dicuss them with abartlet... metze (This used to be commit 4bceb94749fba3138c492bed2733fad006affcc5)
2005-11-18 14:39:31 +03:00
const char *remote_machine = NULL;
s4:auth: change auth_check_password_send/recv to tevent_req metze
2009-12-23 11:09:37 +03:00
struct tevent_req *subreq;
s4:auth Change auth_generate_session_info to take an auth context The auth context was in the past only for NTLM authentication, but we need a SAM, an event context and and loadparm context for calculating the local groups too, so re-use that infrustructure we already have in place. However, to avoid problems where we may not have an auth_context (in torture tests, for example), allow a simpler 'session_info' to be generated, by passing this via an indirection in gensec and an generate_session_info() function pointer in the struct auth_context. In the smb_server (for old-style session setups) we need to change the async context to a new 'struct sesssetup_context'. This allows us to use the auth_context in processing the authentication reply . Andrew Bartlett
2010-04-13 06:00:06 +04:00
struct sesssetup_context *state;
CVE-2016-2111: s4:smb_server: implement "raw NTLMv2 auth" checks BUG: https://bugzilla.samba.org/show_bug.cgi?id=11749 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Günther Deschner <gd@samba.org>
2016-03-01 12:25:54 +03:00
bool allow_raw = lpcfg_raw_ntlmv2_auth(req->smb_conn->lp_ctx);
s4:auth: change auth_check_password_send/recv to tevent_req metze
2009-12-23 11:09:37 +03:00
r11778: - remove unused memory contexts as req is already the temporary context for the current request - just use '0', I'll remove the UID_FIELD_INVALID macro completly later - why search for the session we have just create - add TODO notices, I need to dicuss them with abartlet... metze (This used to be commit 4bceb94749fba3138c492bed2733fad006affcc5)
2005-11-18 14:39:31 +03:00
sess->nt1.out.vuid = 0;
r6270: Move the VUID handling to a IDR tree. This should avoid O(n) behaviour on session setups, and because we no longer need do deal with the linked list as much, the code is much simpiler too. We may be able to compleatly remove the tid and vuid linked lists, but I need to check. This patch also tries to clean up the VUID handling and session setups in general. To avoid security issues, we now have a distinction between VUIDs allocated for the session setup (to tie togeather the multiple round trips) and those used after authentication. Andrew Bartlett (This used to be commit 3e5775146d9ce6f0ac43aecae7e899b5324399ad)
2005-04-10 11:39:51 +04:00
sess->nt1.out.action = 0;
r17283: use the async calls of auth_check_password() and gensec_update() in the smb server. metze (This used to be commit 216e02c69cf5914487f0000d836d1082795487b2)
2006-07-27 23:07:15 +04:00
sesssetup_common_strings(req,
&sess->nt1.out.os,
&sess->nt1.out.lanman,
&sess->nt1.out.domain);
r1291: rename struct smbsrv_context to smbsrv_connection because this is the connection state per transport layer (tcp) connection I also moved the substructs directly into smbsrv_connection, because they don't need a struct name and we should allway pass the complete smbsrv_connection struct into functions metze (This used to be commit 60f823f201fcedf5473008e8453a6351e73a92c7)
2004-06-29 11:40:14 +04:00
if (!req->smb_conn->negotiate.done_sesssetup) {
req->smb_conn->negotiate.max_send = sess->nt1.in.bufsize;
req->smb_conn->negotiate.client_caps = sess->nt1.in.capabilities;
first public release of samba4 code (This used to be commit b0510b5428b3461aeb9bbe3cc95f62fc73e2b97f)
2003-08-13 05:53:07 +04:00
}
s4:auth Change auth_generate_session_info to take an auth context The auth context was in the past only for NTLM authentication, but we need a SAM, an event context and and loadparm context for calculating the local groups too, so re-use that infrustructure we already have in place. However, to avoid problems where we may not have an auth_context (in torture tests, for example), allow a simpler 'session_info' to be generated, by passing this via an indirection in gensec and an generate_session_info() function pointer in the struct auth_context. In the smb_server (for old-style session setups) we need to change the async context to a new 'struct sesssetup_context'. This allows us to use the auth_context in processing the authentication reply . Andrew Bartlett
2010-04-13 06:00:06 +04:00
state = talloc(req, struct sesssetup_context);
if (!state) goto nomem;
state->req = req;
r13403: Try to better handle a case where SPNEGO isn't available (allow us to emulate the behaviour of XP standalone if required). Andrew Bartlett (This used to be commit 7f821097fbdbc9f35d96e05f85cf008f36c0eea3)
2006-02-09 06:04:48 +03:00
if (req->smb_conn->negotiate.oid) {
r1762: Ensure that a user (as opposed to guest) cannot login without SPNEGO, when we have negotiated SPNEGO. Andrew Bartlett (This used to be commit 07e3d2c4cd77d06c9ffaefd481ba58e4debe028c)
2004-08-12 10:58:10 +04:00
if (sess->nt1.in.user && *sess->nt1.in.user) {
r8700: Propmted by tridge's need to do plaintext auth in ejs, rework the user_info strcture in auth/ This moves it to a pattern much like that found in ntvfs, with functions to migrate between PAIN, HASH and RESPONSE passwords. Instead of make_user_info*() functions, we simply fill in the control block in the callers, per recent dicussions on the lists. This removed a lot of data copies as well as error paths, as we can grab much of it with talloc. Andrew Bartlett (This used to be commit ecbd2235a3e2be937440fa1dc0aecc5a047eda88)
2005-07-22 08:10:07 +04:00
/* We can't accept a normal login, because we
* don't have a challenge */
r17283: use the async calls of auth_check_password() and gensec_update() in the smb server. metze (This used to be commit 216e02c69cf5914487f0000d836d1082795487b2)
2006-07-27 23:07:15 +04:00
status = NT_STATUS_LOGON_FAILURE;
goto failed;
r1731: Add server-side SPNEGO support to Samba (disabled, until SMB signing is reworked). Andrew Bartlett (This used to be commit 73ee549b8c54e93556ff0105941996e0d4de8303)
2004-08-11 22:09:40 +04:00
}
r8706: My previous patch oversimplied the previous change to session setup - we didn't cope with the 'anonymous NTLM under SPNEGO' login. Andrew Bartlett (This used to be commit c3cc14542e426b23e468a11803c1bab0f6fe290f)
2005-07-22 09:04:45 +04:00
/* TODO: should we use just "anonymous" here? */
s4:auth Change auth_generate_session_info to take an auth context The auth context was in the past only for NTLM authentication, but we need a SAM, an event context and and loadparm context for calculating the local groups too, so re-use that infrustructure we already have in place. However, to avoid problems where we may not have an auth_context (in torture tests, for example), allow a simpler 'session_info' to be generated, by passing this via an indirection in gensec and an generate_session_info() function pointer in the struct auth_context. In the smb_server (for old-style session setups) we need to change the async context to a new 'struct sesssetup_context'. This allows us to use the auth_context in processing the authentication reply . Andrew Bartlett
2010-04-13 06:00:06 +04:00
status = auth_context_create(state,
r17341: pass a messaging context to auth_context_create() and gensec_server_start(). calling them with NULL for event context or messaging context is no longer allowed! metze (This used to be commit 679ac74e71b111344f1097ab389c0b83a9247710)
2006-07-31 18:05:08 +04:00
req->smb_conn->connection->event.ctx,
req->smb_conn->connection->msg_ctx,
r26268: Avoid more use of global_loadparm - put lp_ctx in smb_server and wbsrv_connection. (This used to be commit 7c008664238ed966cb82adf5b25b22157bb50730)
2007-12-03 23:25:17 +03:00
req->smb_conn->lp_ctx,
s4:auth Change auth_generate_session_info to take an auth context The auth context was in the past only for NTLM authentication, but we need a SAM, an event context and and loadparm context for calculating the local groups too, so re-use that infrustructure we already have in place. However, to avoid problems where we may not have an auth_context (in torture tests, for example), allow a simpler 'session_info' to be generated, by passing this via an indirection in gensec and an generate_session_info() function pointer in the struct auth_context. In the smb_server (for old-style session setups) we need to change the async context to a new 'struct sesssetup_context'. This allows us to use the auth_context in processing the authentication reply . Andrew Bartlett
2010-04-13 06:00:06 +04:00
&state->auth_context);
r17283: use the async calls of auth_check_password() and gensec_update() in the smb server. metze (This used to be commit 216e02c69cf5914487f0000d836d1082795487b2)
2006-07-27 23:07:15 +04:00
if (!NT_STATUS_IS_OK(status)) goto failed;
s4:auth Change auth_generate_session_info to take an auth context The auth context was in the past only for NTLM authentication, but we need a SAM, an event context and and loadparm context for calculating the local groups too, so re-use that infrustructure we already have in place. However, to avoid problems where we may not have an auth_context (in torture tests, for example), allow a simpler 'session_info' to be generated, by passing this via an indirection in gensec and an generate_session_info() function pointer in the struct auth_context. In the smb_server (for old-style session setups) we need to change the async context to a new 'struct sesssetup_context'. This allows us to use the auth_context in processing the authentication reply . Andrew Bartlett
2010-04-13 06:00:06 +04:00
} else if (req->smb_conn->negotiate.auth_context) {
state->auth_context = req->smb_conn->negotiate.auth_context;
r8706: My previous patch oversimplied the previous change to session setup - we didn't cope with the 'anonymous NTLM under SPNEGO' login. Andrew Bartlett (This used to be commit c3cc14542e426b23e468a11803c1bab0f6fe290f)
2005-07-22 09:04:45 +04:00
} else {
s4:auth Change auth_generate_session_info to take an auth context The auth context was in the past only for NTLM authentication, but we need a SAM, an event context and and loadparm context for calculating the local groups too, so re-use that infrustructure we already have in place. However, to avoid problems where we may not have an auth_context (in torture tests, for example), allow a simpler 'session_info' to be generated, by passing this via an indirection in gensec and an generate_session_info() function pointer in the struct auth_context. In the smb_server (for old-style session setups) we need to change the async context to a new 'struct sesssetup_context'. This allows us to use the auth_context in processing the authentication reply . Andrew Bartlett
2010-04-13 06:00:06 +04:00
/* TODO: should we use just "anonymous" here? */
status = auth_context_create(state,
req->smb_conn->connection->event.ctx,
req->smb_conn->connection->msg_ctx,
req->smb_conn->lp_ctx,
&state->auth_context);
if (!NT_STATUS_IS_OK(status)) goto failed;
first public release of samba4 code (This used to be commit b0510b5428b3461aeb9bbe3cc95f62fc73e2b97f)
2003-08-13 05:53:07 +04:00
}
r10946: Use the right name for the remote workstation, and always initialise it. Should fix a valgrind error volker is seeing. Andrew Bartlett (This used to be commit 11957c5f37fe0a0be465a9ce9d6d256724c5951c)
2005-10-13 02:25:51 +04:00
if (req->smb_conn->negotiate.calling_name) {
remote_machine = req->smb_conn->negotiate.calling_name->name;
r8700: Propmted by tridge's need to do plaintext auth in ejs, rework the user_info strcture in auth/ This moves it to a pattern much like that found in ntvfs, with functions to migrate between PAIN, HASH and RESPONSE passwords. Instead of make_user_info*() functions, we simply fill in the control block in the callers, per recent dicussions on the lists. This removed a lot of data copies as well as error paths, as we can grab much of it with talloc. Andrew Bartlett (This used to be commit ecbd2235a3e2be937440fa1dc0aecc5a047eda88)
2005-07-22 08:10:07 +04:00
}
r11783: - make the VIUD field in smbsrv_session 64bit, as SMB2 needs it - add an idtree_limit to limit the max VUID we give the clients it's UINT16_MAX (0xffff) for the SMB protocol - add auth_time to the smbsrv_session statistics - use the session_info as marker for finished and non-finished session setups metze (This used to be commit 7eb10048b2c4e5ee9c39750dc877514ed9235a76)
2005-11-18 15:57:48 +03:00
s4:smb_server: fix mixing socket_address and tsocket_address metze
2009-12-23 12:19:43 +03:00
remote_address = socket_get_remote_addr(req->smb_conn->connection->socket, req);
r17283: use the async calls of auth_check_password() and gensec_update() in the smb server. metze (This used to be commit 216e02c69cf5914487f0000d836d1082795487b2)
2006-07-27 23:07:15 +04:00
if (!remote_address) goto nomem;
r12804: This patch reworks the Samba4 sockets layer to use a socket_address structure that is more generic than just 'IP/port'. It now passes make test, and has been reviewed and updated by metze. (Thankyou *very* much). This passes 'make test' as well as kerberos use (not currently in the testsuite). The original purpose of this patch was to have Samba able to pass a socket address stucture from the BSD layer into the kerberos routines and back again. It also removes nbt_peer_addr, which was being used for a similar purpose. It is a large change, but worthwhile I feel. Andrew Bartlett (This used to be commit 88198c4881d8620a37086f80e4da5a5b71c5bbb2)
2006-01-10 01:12:53 +03:00
r8700: Propmted by tridge's need to do plaintext auth in ejs, rework the user_info strcture in auth/ This moves it to a pattern much like that found in ntvfs, with functions to migrate between PAIN, HASH and RESPONSE passwords. Instead of make_user_info*() functions, we simply fill in the control block in the callers, per recent dicussions on the lists. This removed a lot of data copies as well as error paths, as we can grab much of it with talloc. Andrew Bartlett (This used to be commit ecbd2235a3e2be937440fa1dc0aecc5a047eda88)
2005-07-22 08:10:07 +04:00
if (!remote_machine) {
s4:smb_server: fix mixing socket_address and tsocket_address metze
2009-12-23 12:19:43 +03:00
remote_machine = tsocket_address_inet_addr_string(remote_address, req);
if (!remote_machine) goto nomem;
r8700: Propmted by tridge's need to do plaintext auth in ejs, rework the user_info strcture in auth/ This moves it to a pattern much like that found in ntvfs, with functions to migrate between PAIN, HASH and RESPONSE passwords. Instead of make_user_info*() functions, we simply fill in the control block in the callers, per recent dicussions on the lists. This removed a lot of data copies as well as error paths, as we can grab much of it with talloc. Andrew Bartlett (This used to be commit ecbd2235a3e2be937440fa1dc0aecc5a047eda88)
2005-07-22 08:10:07 +04:00
}
r12804: This patch reworks the Samba4 sockets layer to use a socket_address structure that is more generic than just 'IP/port'. It now passes make test, and has been reviewed and updated by metze. (Thankyou *very* much). This passes 'make test' as well as kerberos use (not currently in the testsuite). The original purpose of this patch was to have Samba able to pass a socket address stucture from the BSD layer into the kerberos routines and back again. It also removes nbt_peer_addr, which was being used for a similar purpose. It is a large change, but worthwhile I feel. Andrew Bartlett (This used to be commit 88198c4881d8620a37086f80e4da5a5b71c5bbb2)
2006-01-10 01:12:53 +03:00
auth: Always supply both the remote and local address to the auth subsystem This ensures that gensec, and then the NTLM auth subsystem under it, always gets the remote and local address pointers for potential logging. The local address allows us to know which interface an authentication is on Signed-off-by: Andrew Bartlett <abartlet@samba.org> Pair-Programmed-by: Gary Lockyer <gary@catalyst.net.nz> Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
2017-02-23 04:31:52 +03:00
local_address = socket_get_local_addr(req->smb_conn->connection->socket, req);
if (!local_address) goto nomem;
s4:auth Move struct auth_usersupplied_info to a common location This also changes the calling convention slightly - we should always allocate this with talloc_zero() to allow some elements to be optional. Some elements may only make sense in Samba3, which I hope will use this common structure. Andrew Bartlett
2010-05-04 10:44:08 +04:00
user_info = talloc_zero(req, struct auth_usersupplied_info);
r17283: use the async calls of auth_check_password() and gensec_update() in the smb server. metze (This used to be commit 216e02c69cf5914487f0000d836d1082795487b2)
2006-07-27 23:07:15 +04:00
if (!user_info) goto nomem;
auth: Fill in user_info->service_description from all callers This will allow the logging code to make clear which protocol an authentication was for. Signed-off-by: Andrew Bartlett <abartlet@samba.org> Pair-Programmed-by: Gary Lockyer <gary@catalyst.net.nz> Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
2017-02-20 04:52:07 +03:00
user_info->service_description = "SMB";
s4-auth: Log SMB authorization for bare NTLM (NTLMSSP/krb5 already done) gensec_session_info() is not called for bare NTLM, so we have to log manually Signed-off-by: Andrew Bartlett <abartlet@samba.org> Pair-Programmed-by: Gary Lockyer <gary@catalyst.net.nz> Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
2017-03-01 06:28:06 +03:00
user_info->auth_description = "bare-NTLM";
auth: Fill in user_info->service_description from all callers This will allow the logging code to make clear which protocol an authentication was for. Signed-off-by: Andrew Bartlett <abartlet@samba.org> Pair-Programmed-by: Gary Lockyer <gary@catalyst.net.nz> Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
2017-02-20 04:52:07 +03:00
r11367: Ensure to intialise the new logon_parameters (0 for session setups). Andrew Bartlett (This used to be commit abff53b6339b7924ff705c7e3685135e85d8ed7a)
2005-10-28 13:14:16 +04:00
user_info->logon_parameters = 0;
r8700: Propmted by tridge's need to do plaintext auth in ejs, rework the user_info strcture in auth/ This moves it to a pattern much like that found in ntvfs, with functions to migrate between PAIN, HASH and RESPONSE passwords. Instead of make_user_info*() functions, we simply fill in the control block in the callers, per recent dicussions on the lists. This removed a lot of data copies as well as error paths, as we can grab much of it with talloc. Andrew Bartlett (This used to be commit ecbd2235a3e2be937440fa1dc0aecc5a047eda88)
2005-07-22 08:10:07 +04:00
user_info->flags = 0;
user_info->client.account_name = sess->nt1.in.user;
user_info->client.domain_name = sess->nt1.in.domain;
user_info->workstation_name = remote_machine;
r12804: This patch reworks the Samba4 sockets layer to use a socket_address structure that is more generic than just 'IP/port'. It now passes make test, and has been reviewed and updated by metze. (Thankyou *very* much). This passes 'make test' as well as kerberos use (not currently in the testsuite). The original purpose of this patch was to have Samba able to pass a socket address stucture from the BSD layer into the kerberos routines and back again. It also removes nbt_peer_addr, which was being used for a similar purpose. It is a large change, but worthwhile I feel. Andrew Bartlett (This used to be commit 88198c4881d8620a37086f80e4da5a5b71c5bbb2)
2006-01-10 01:12:53 +03:00
user_info->remote_host = talloc_steal(user_info, remote_address);
auth: Always supply both the remote and local address to the auth subsystem This ensures that gensec, and then the NTLM auth subsystem under it, always gets the remote and local address pointers for potential logging. The local address allows us to know which interface an authentication is on Signed-off-by: Andrew Bartlett <abartlet@samba.org> Pair-Programmed-by: Gary Lockyer <gary@catalyst.net.nz> Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
2017-02-23 04:31:52 +03:00
user_info->local_host = talloc_steal(user_info, local_address);
r8700: Propmted by tridge's need to do plaintext auth in ejs, rework the user_info strcture in auth/ This moves it to a pattern much like that found in ntvfs, with functions to migrate between PAIN, HASH and RESPONSE passwords. Instead of make_user_info*() functions, we simply fill in the control block in the callers, per recent dicussions on the lists. This removed a lot of data copies as well as error paths, as we can grab much of it with talloc. Andrew Bartlett (This used to be commit ecbd2235a3e2be937440fa1dc0aecc5a047eda88)
2005-07-22 08:10:07 +04:00
user_info->password_state = AUTH_PASSWORD_RESPONSE;
user_info->password.response.lanman = sess->nt1.in.password1;
user_info->password.response.lanman.data = talloc_steal(user_info, sess->nt1.in.password1.data);
user_info->password.response.nt = sess->nt1.in.password2;
user_info->password.response.nt.data = talloc_steal(user_info, sess->nt1.in.password2.data);
CVE-2016-2111: s4:smb_server: implement "raw NTLMv2 auth" checks BUG: https://bugzilla.samba.org/show_bug.cgi?id=11749 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Günther Deschner <gd@samba.org>
2016-03-01 12:25:54 +03:00
if (!allow_raw && user_info->password.response.nt.length >= 48) {
/*
* NTLMv2_RESPONSE has at least 48 bytes
* and should only be supported via NTLMSSP.
*/
status = NT_STATUS_INVALID_PARAMETER;
goto failed;
}
s4:auth Change auth_generate_session_info to take an auth context The auth context was in the past only for NTLM authentication, but we need a SAM, an event context and and loadparm context for calculating the local groups too, so re-use that infrustructure we already have in place. However, to avoid problems where we may not have an auth_context (in torture tests, for example), allow a simpler 'session_info' to be generated, by passing this via an indirection in gensec and an generate_session_info() function pointer in the struct auth_context. In the smb_server (for old-style session setups) we need to change the async context to a new 'struct sesssetup_context'. This allows us to use the auth_context in processing the authentication reply . Andrew Bartlett
2010-04-13 06:00:06 +04:00
subreq = auth_check_password_send(state,
s4:auth: change auth_check_password_send/recv to tevent_req metze
2009-12-23 11:09:37 +03:00
req->smb_conn->connection->event.ctx,
s4:auth Change auth_generate_session_info to take an auth context The auth context was in the past only for NTLM authentication, but we need a SAM, an event context and and loadparm context for calculating the local groups too, so re-use that infrustructure we already have in place. However, to avoid problems where we may not have an auth_context (in torture tests, for example), allow a simpler 'session_info' to be generated, by passing this via an indirection in gensec and an generate_session_info() function pointer in the struct auth_context. In the smb_server (for old-style session setups) we need to change the async context to a new 'struct sesssetup_context'. This allows us to use the auth_context in processing the authentication reply . Andrew Bartlett
2010-04-13 06:00:06 +04:00
state->auth_context,
s4:auth: change auth_check_password_send/recv to tevent_req metze
2009-12-23 11:09:37 +03:00
user_info);
if (!subreq) goto nomem;
s4:auth Change auth_generate_session_info to take an auth context The auth context was in the past only for NTLM authentication, but we need a SAM, an event context and and loadparm context for calculating the local groups too, so re-use that infrustructure we already have in place. However, to avoid problems where we may not have an auth_context (in torture tests, for example), allow a simpler 'session_info' to be generated, by passing this via an indirection in gensec and an generate_session_info() function pointer in the struct auth_context. In the smb_server (for old-style session setups) we need to change the async context to a new 'struct sesssetup_context'. This allows us to use the auth_context in processing the authentication reply . Andrew Bartlett
2010-04-13 06:00:06 +04:00
tevent_req_set_callback(subreq, sesssetup_nt1_send, state);
s4:auth: change auth_check_password_send/recv to tevent_req metze
2009-12-23 11:09:37 +03:00
r17283: use the async calls of auth_check_password() and gensec_update() in the smb server. metze (This used to be commit 216e02c69cf5914487f0000d836d1082795487b2)
2006-07-27 23:07:15 +04:00
return;
r443: Update Samba4 to the auth and NTLMSSP code from Samba3. Not all the auth code is merged - only those parts that are actually being used in Samba4. There is a lot more work to do in the NTLMSSP area, and I hope to develop that work here. There is a start on this here - splitting NTLMSSP into two parts that my operate in an async fashion (before and after the actual authentication) Andrew Bartlett (This used to be commit 5876c78806e6a6c44613a1354e8d564b427d0c9f)
2004-05-02 12:45:00 +04:00
r17283: use the async calls of auth_check_password() and gensec_update() in the smb server. metze (This used to be commit 216e02c69cf5914487f0000d836d1082795487b2)
2006-07-27 23:07:15 +04:00
nomem:
status = NT_STATUS_NO_MEMORY;
failed:
s4-nterr: move auth_nt_status_squash to nt_status_squash and move to nterr.c Guenther
2011-03-03 03:05:33 +03:00
status = nt_status_squash(status);
r17283: use the async calls of auth_check_password() and gensec_update() in the smb server. metze (This used to be commit 216e02c69cf5914487f0000d836d1082795487b2)
2006-07-27 23:07:15 +04:00
smbsrv_sesssetup_backend_send(req, sess, status);
}
r2797: don't free the server_info before using it for anonymous connections (This used to be commit 5f5b04196c7930c91e6c00e0276f25f88181b317)
2004-10-03 11:32:08 +04:00
r17283: use the async calls of auth_check_password() and gensec_update() in the smb server. metze (This used to be commit 216e02c69cf5914487f0000d836d1082795487b2)
2006-07-27 23:07:15 +04:00
struct sesssetup_spnego_state {
struct smbsrv_request *req;
union smb_sesssetup *sess;
struct smbsrv_session *smb_sess;
};
r6270: Move the VUID handling to a IDR tree. This should avoid O(n) behaviour on session setups, and because we no longer need do deal with the linked list as much, the code is much simpiler too. We may be able to compleatly remove the tid and vuid linked lists, but I need to check. This patch also tries to clean up the VUID handling and session setups in general. To avoid security issues, we now have a distinction between VUIDs allocated for the session setup (to tie togeather the multiple round trips) and those used after authentication. Andrew Bartlett (This used to be commit 3e5775146d9ce6f0ac43aecae7e899b5324399ad)
2005-04-10 11:39:51 +04:00
s4:gensec: change gensec_update_send/recv to tevent_req metze
2009-12-22 18:24:44 +03:00
static void sesssetup_spnego_send(struct tevent_req *subreq)
r17283: use the async calls of auth_check_password() and gensec_update() in the smb server. metze (This used to be commit 216e02c69cf5914487f0000d836d1082795487b2)
2006-07-27 23:07:15 +04:00
{
s4:gensec: change gensec_update_send/recv to tevent_req metze
2009-12-22 18:24:44 +03:00
struct sesssetup_spnego_state *s = tevent_req_callback_data(subreq,
r17283: use the async calls of auth_check_password() and gensec_update() in the smb server. metze (This used to be commit 216e02c69cf5914487f0000d836d1082795487b2)
2006-07-27 23:07:15 +04:00
struct sesssetup_spnego_state);
struct smbsrv_request *req = s->req;
union smb_sesssetup *sess = s->sess;
struct smbsrv_session *smb_sess = s->smb_sess;
struct auth_session_info *session_info = NULL;
NTSTATUS status;
NTSTATUS skey_status;
DATA_BLOB session_key;
r6270: Move the VUID handling to a IDR tree. This should avoid O(n) behaviour on session setups, and because we no longer need do deal with the linked list as much, the code is much simpiler too. We may be able to compleatly remove the tid and vuid linked lists, but I need to check. This patch also tries to clean up the VUID handling and session setups in general. To avoid security issues, we now have a distinction between VUIDs allocated for the session setup (to tie togeather the multiple round trips) and those used after authentication. Andrew Bartlett (This used to be commit 3e5775146d9ce6f0ac43aecae7e899b5324399ad)
2005-04-10 11:39:51 +04:00
s4:gensec: change gensec_update_send/recv to tevent_req metze
2009-12-22 18:24:44 +03:00
status = gensec_update_recv(subreq, req, &sess->spnego.out.secblob);
s4-smb: serialise session setup operations the mixture of async and sync code in gensec makes a EOF on a socket during a session setup cause a crash. The simplest solution is to stop processing events on the socket until the session setup is complete.
2010-09-12 16:24:46 +04:00
packet_recv_enable(req->smb_conn->packet);
s4:gensec: change gensec_update_send/recv to tevent_req metze
2009-12-22 18:24:44 +03:00
TALLOC_FREE(subreq);
r17283: use the async calls of auth_check_password() and gensec_update() in the smb server. metze (This used to be commit 216e02c69cf5914487f0000d836d1082795487b2)
2006-07-27 23:07:15 +04:00
if (NT_STATUS_EQUAL(status, NT_STATUS_MORE_PROCESSING_REQUIRED)) {
goto done;
} else if (!NT_STATUS_IS_OK(status)) {
goto failed;
}
r6270: Move the VUID handling to a IDR tree. This should avoid O(n) behaviour on session setups, and because we no longer need do deal with the linked list as much, the code is much simpiler too. We may be able to compleatly remove the tid and vuid linked lists, but I need to check. This patch also tries to clean up the VUID handling and session setups in general. To avoid security issues, we now have a distinction between VUIDs allocated for the session setup (to tie togeather the multiple round trips) and those used after authentication. Andrew Bartlett (This used to be commit 3e5775146d9ce6f0ac43aecae7e899b5324399ad)
2005-04-10 11:39:51 +04:00
gensec: clarify memory ownership for gensec_session_info() and gensec_session_key() This is slightly less efficient, because we no longer keep a cache on the gensec structures, but much clearer in terms of memory ownership. Both gensec_session_info() and gensec_session_key() now take a mem_ctx and put the result only on that context. Some duplication of memory in the callers (who were rightly uncertain about who was the rightful owner of the returned memory) has been removed to compensate for the internal copy. Andrew Bartlett
2011-08-01 09:39:01 +04:00
status = gensec_session_info(smb_sess->gensec_ctx, smb_sess, &session_info);
r17283: use the async calls of auth_check_password() and gensec_update() in the smb server. metze (This used to be commit 216e02c69cf5914487f0000d836d1082795487b2)
2006-07-27 23:07:15 +04:00
if (!NT_STATUS_IS_OK(status)) goto failed;
r11778: - remove unused memory contexts as req is already the temporary context for the current request - just use '0', I'll remove the UID_FIELD_INVALID macro completly later - why search for the session we have just create - add TODO notices, I need to dicuss them with abartlet... metze (This used to be commit 4bceb94749fba3138c492bed2733fad006affcc5)
2005-11-18 14:39:31 +03:00
gensec: clarify memory ownership for gensec_session_info() and gensec_session_key() This is slightly less efficient, because we no longer keep a cache on the gensec structures, but much clearer in terms of memory ownership. Both gensec_session_info() and gensec_session_key() now take a mem_ctx and put the result only on that context. Some duplication of memory in the callers (who were rightly uncertain about who was the rightful owner of the returned memory) has been removed to compensate for the internal copy. Andrew Bartlett
2011-08-01 09:39:01 +04:00
/* The session_key is only needed until the end of the smbsrv_setup_signing() call */
skey_status = gensec_session_key(smb_sess->gensec_ctx, req, &session_key);
s4:smb_server: remove the bogus smbsrv_signing_restart() Real signing always starts with seqnumber 2, and once signing is on the session key never change anymore for the complete smb connection. metze
2008-09-23 04:30:15 +04:00
if (NT_STATUS_IS_OK(skey_status)) {
smbsrv_setup_signing(req->smb_conn, &session_key, NULL);
r1796: Enable server-side SPNEGO, now that I have fixed the server-side SMB signing code to be able to cope. Andrew Bartlett (This used to be commit cb74d52b563730a50e33c92d868c45ee96a598e8)
2004-08-13 04:16:57 +04:00
}
r4620: - add interface functions to the auth subsystem so that callers doesn't need to use function pointers anymore - make the module init much easier - a lot of cleanups don't try to read the diff in auth/ better read the new files it passes test_echo.sh and test_rpc.sh abartlet: please fix spelling fixes metze (This used to be commit 3c0d16b8236451f2cfd38fc3db8ae2906106d847)
2005-01-09 15:55:25 +03:00
r17283: use the async calls of auth_check_password() and gensec_update() in the smb server. metze (This used to be commit 216e02c69cf5914487f0000d836d1082795487b2)
2006-07-27 23:07:15 +04:00
/* Ensure this is marked as a 'real' vuid, not one
* simply valid for the session setup leg */
status = smbsrv_session_sesssetup_finished(smb_sess, session_info);
if (!NT_STATUS_IS_OK(status)) goto failed;
r6270: Move the VUID handling to a IDR tree. This should avoid O(n) behaviour on session setups, and because we no longer need do deal with the linked list as much, the code is much simpiler too. We may be able to compleatly remove the tid and vuid linked lists, but I need to check. This patch also tries to clean up the VUID handling and session setups in general. To avoid security issues, we now have a distinction between VUIDs allocated for the session setup (to tie togeather the multiple round trips) and those used after authentication. Andrew Bartlett (This used to be commit 3e5775146d9ce6f0ac43aecae7e899b5324399ad)
2005-04-10 11:39:51 +04:00
r17283: use the async calls of auth_check_password() and gensec_update() in the smb server. metze (This used to be commit 216e02c69cf5914487f0000d836d1082795487b2)
2006-07-27 23:07:15 +04:00
req->session = smb_sess;
r1687: Fix bogus requirement for SMB signing on guest connections. Andrew Bartlett (This used to be commit 3520af0f3d8826ac52a7fb6a658ed0924e51bbf7)
2004-08-10 08:56:44 +04:00
r17283: use the async calls of auth_check_password() and gensec_update() in the smb server. metze (This used to be commit 216e02c69cf5914487f0000d836d1082795487b2)
2006-07-27 23:07:15 +04:00
done:
sess->spnego.out.vuid = smb_sess->vuid;
failed:
s4-nterr: move auth_nt_status_squash to nt_status_squash and move to nterr.c Guenther
2011-03-03 03:05:33 +03:00
status = nt_status_squash(status);
r17283: use the async calls of auth_check_password() and gensec_update() in the smb server. metze (This used to be commit 216e02c69cf5914487f0000d836d1082795487b2)
2006-07-27 23:07:15 +04:00
smbsrv_sesssetup_backend_send(req, sess, status);
r23020: a better fix for the memory leak - this one doesn't stuff up spnego :) (This used to be commit 9a8da730a725fc9fc1a3e407273e688f44eadfe1)
2007-05-20 13:44:03 +04:00
if (!NT_STATUS_IS_OK(status) &&
!NT_STATUS_EQUAL(status, NT_STATUS_MORE_PROCESSING_REQUIRED)) {
talloc_free(smb_sess);
}
first public release of samba4 code (This used to be commit b0510b5428b3461aeb9bbe3cc95f62fc73e2b97f)
2003-08-13 05:53:07 +04:00
}
/*
handler for SPNEGO style session setup
*/
r17283: use the async calls of auth_check_password() and gensec_update() in the smb server. metze (This used to be commit 216e02c69cf5914487f0000d836d1082795487b2)
2006-07-27 23:07:15 +04:00
static void sesssetup_spnego(struct smbsrv_request *req, union smb_sesssetup *sess)
first public release of samba4 code (This used to be commit b0510b5428b3461aeb9bbe3cc95f62fc73e2b97f)
2003-08-13 05:53:07 +04:00
{
r12115: bring SMB sesssetup_spnego in sync with SMB2 sesssetup metze (This used to be commit 99cf7dbb177f92df40301ed8faeeb93e89452922)
2005-12-07 11:11:50 +03:00
NTSTATUS status;
struct smbsrv_session *smb_sess = NULL;
s4-smb_server: Fix a use after free. If we haven't allocated the smbsrv_session then we should not free it. Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
2013-11-08 19:14:35 +04:00
bool is_smb_sess_new = false;
r17283: use the async calls of auth_check_password() and gensec_update() in the smb server. metze (This used to be commit 216e02c69cf5914487f0000d836d1082795487b2)
2006-07-27 23:07:15 +04:00
struct sesssetup_spnego_state *s = NULL;
r1731: Add server-side SPNEGO support to Samba (disabled, until SMB signing is reworked). Andrew Bartlett (This used to be commit 73ee549b8c54e93556ff0105941996e0d4de8303)
2004-08-11 22:09:40 +04:00
uint16_t vuid;
s4:gensec: change gensec_update_send/recv to tevent_req metze
2009-12-22 18:24:44 +03:00
struct tevent_req *subreq;
r1731: Add server-side SPNEGO support to Samba (disabled, until SMB signing is reworked). Andrew Bartlett (This used to be commit 73ee549b8c54e93556ff0105941996e0d4de8303)
2004-08-11 22:09:40 +04:00
r11778: - remove unused memory contexts as req is already the temporary context for the current request - just use '0', I'll remove the UID_FIELD_INVALID macro completly later - why search for the session we have just create - add TODO notices, I need to dicuss them with abartlet... metze (This used to be commit 4bceb94749fba3138c492bed2733fad006affcc5)
2005-11-18 14:39:31 +03:00
sess->spnego.out.vuid = 0;
r6270: Move the VUID handling to a IDR tree. This should avoid O(n) behaviour on session setups, and because we no longer need do deal with the linked list as much, the code is much simpiler too. We may be able to compleatly remove the tid and vuid linked lists, but I need to check. This patch also tries to clean up the VUID handling and session setups in general. To avoid security issues, we now have a distinction between VUIDs allocated for the session setup (to tie togeather the multiple round trips) and those used after authentication. Andrew Bartlett (This used to be commit 3e5775146d9ce6f0ac43aecae7e899b5324399ad)
2005-04-10 11:39:51 +04:00
sess->spnego.out.action = 0;
sesssetup_common_strings(req,
&sess->spnego.out.os,
&sess->spnego.out.lanman,
&sess->spnego.out.workgroup);
r1731: Add server-side SPNEGO support to Samba (disabled, until SMB signing is reworked). Andrew Bartlett (This used to be commit 73ee549b8c54e93556ff0105941996e0d4de8303)
2004-08-11 22:09:40 +04:00
if (!req->smb_conn->negotiate.done_sesssetup) {
r17274: fix typos metze (This used to be commit 699dee70aaa13bddbe8be760033aa81dd583208a)
2006-07-27 18:19:51 +04:00
req->smb_conn->negotiate.max_send = sess->spnego.in.bufsize;
req->smb_conn->negotiate.client_caps = sess->spnego.in.capabilities;
r1731: Add server-side SPNEGO support to Samba (disabled, until SMB signing is reworked). Andrew Bartlett (This used to be commit 73ee549b8c54e93556ff0105941996e0d4de8303)
2004-08-11 22:09:40 +04:00
}
vuid = SVAL(req->in.hdr,HDR_UID);
r12115: bring SMB sesssetup_spnego in sync with SMB2 sesssetup metze (This used to be commit 99cf7dbb177f92df40301ed8faeeb93e89452922)
2005-12-07 11:11:50 +03:00
/* lookup an existing session */
s4:smb_server/smb: only create a new session with vuid == 0 metze
2012-05-06 23:09:47 +04:00
if (vuid == 0) {
r12115: bring SMB sesssetup_spnego in sync with SMB2 sesssetup metze (This used to be commit 99cf7dbb177f92df40301ed8faeeb93e89452922)
2005-12-07 11:11:50 +03:00
struct gensec_security *gensec_ctx;
auth: Always supply both the remote and local address to the auth subsystem This ensures that gensec, and then the NTLM auth subsystem under it, always gets the remote and local address pointers for potential logging. The local address allows us to know which interface an authentication is on Signed-off-by: Andrew Bartlett <abartlet@samba.org> Pair-Programmed-by: Gary Lockyer <gary@catalyst.net.nz> Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
2017-02-23 04:31:52 +03:00
struct tsocket_address *remote_address, *local_address;
Remove auth/ntlm as a dependency of GENSEC by means of function pointers. When starting GENSEC on the server, the auth subsystem context must be passed in, which now includes function pointers to the key elements. This should (when the other dependencies are fixed up) allow GENSEC to exist as a client or server library without bundling in too much of our server code. Andrew Bartlett
2009-02-13 02:24:16 +03:00
status = samba_server_gensec_start(req,
req->smb_conn->connection->event.ctx,
req->smb_conn->connection->msg_ctx,
req->smb_conn->lp_ctx,
req->smb_conn->negotiate.server_credentials,
"cifs",
&gensec_ctx);
r1731: Add server-side SPNEGO support to Samba (disabled, until SMB signing is reworked). Andrew Bartlett (This used to be commit 73ee549b8c54e93556ff0105941996e0d4de8303)
2004-08-11 22:09:40 +04:00
if (!NT_STATUS_IS_OK(status)) {
DEBUG(1, ("Failed to start GENSEC server code: %s\n", nt_errstr(status)));
r17283: use the async calls of auth_check_password() and gensec_update() in the smb server. metze (This used to be commit 216e02c69cf5914487f0000d836d1082795487b2)
2006-07-27 23:07:15 +04:00
goto failed;
r1731: Add server-side SPNEGO support to Samba (disabled, until SMB signing is reworked). Andrew Bartlett (This used to be commit 73ee549b8c54e93556ff0105941996e0d4de8303)
2004-08-11 22:09:40 +04:00
}
r4079: implement the gensec_have_feature() correctly by asking the backend what is actually in use metze (This used to be commit 6f3eb7bc03609108b9e0ea5676fca3d04140e737)
2004-12-06 18:44:17 +03:00
gensec_want_feature(gensec_ctx, GENSEC_FEATURE_SESSION_KEY);
auth: Log the transport connection for the authorization We also log if a simple bind was over TLS, as this particular case matters to a lot of folks Signed-off-by: Andrew Bartlett <abartlet@samba.org> Signed-off-by: Andrew Bartlett <abartlet@samba.org>
2017-03-06 04:10:17 +03:00
gensec_want_feature(gensec_ctx, GENSEC_FEATURE_SMB_TRANSPORT);
r2041: Fix NTLMSSP RPC sealing, client -> win2k3 server. The bug (found by tridge) is that Win2k3 is being tighter about the NTLMSSP flags. If we don't negotiate sealing, we can't use it. We now have a way to indicate to the GENSEC implementation mechanisms what things we want for a connection. Andrew Bartlett (This used to be commit 86f61568ea44c5719f9b583beeeefb12e0c26f4c)
2004-08-25 06:25:20 +04:00
auth: Always supply both the remote and local address to the auth subsystem This ensures that gensec, and then the NTLM auth subsystem under it, always gets the remote and local address pointers for potential logging. The local address allows us to know which interface an authentication is on Signed-off-by: Andrew Bartlett <abartlet@samba.org> Pair-Programmed-by: Gary Lockyer <gary@catalyst.net.nz> Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
2017-02-23 04:31:52 +03:00
remote_address = socket_get_remote_addr(req->smb_conn->connection->socket,
req);
if (!remote_address) {
status = NT_STATUS_INTERNAL_ERROR;
s4:smb_server: Add missing newlines to logging messages Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-08-07 07:54:43 +03:00
DBG_ERR("Failed to obtain remote address\n");
auth: Always supply both the remote and local address to the auth subsystem This ensures that gensec, and then the NTLM auth subsystem under it, always gets the remote and local address pointers for potential logging. The local address allows us to know which interface an authentication is on Signed-off-by: Andrew Bartlett <abartlet@samba.org> Pair-Programmed-by: Gary Lockyer <gary@catalyst.net.nz> Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
2017-02-23 04:31:52 +03:00
goto failed;
}
status = gensec_set_remote_address(gensec_ctx,
remote_address);
if (!NT_STATUS_IS_OK(status)) {
s4:smb_server: Add missing newlines to logging messages Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-08-07 07:54:43 +03:00
DBG_ERR("Failed to set remote address\n");
auth: Always supply both the remote and local address to the auth subsystem This ensures that gensec, and then the NTLM auth subsystem under it, always gets the remote and local address pointers for potential logging. The local address allows us to know which interface an authentication is on Signed-off-by: Andrew Bartlett <abartlet@samba.org> Pair-Programmed-by: Gary Lockyer <gary@catalyst.net.nz> Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
2017-02-23 04:31:52 +03:00
goto failed;
}
local_address = socket_get_local_addr(req->smb_conn->connection->socket,
req);
if (!local_address) {
status = NT_STATUS_INTERNAL_ERROR;
s4:smb_server: Add missing newlines to logging messages Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-08-07 07:54:43 +03:00
DBG_ERR("Failed to obtain local address\n");
auth: Always supply both the remote and local address to the auth subsystem This ensures that gensec, and then the NTLM auth subsystem under it, always gets the remote and local address pointers for potential logging. The local address allows us to know which interface an authentication is on Signed-off-by: Andrew Bartlett <abartlet@samba.org> Pair-Programmed-by: Gary Lockyer <gary@catalyst.net.nz> Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
2017-02-23 04:31:52 +03:00
goto failed;
}
status = gensec_set_local_address(gensec_ctx,
local_address);
if (!NT_STATUS_IS_OK(status)) {
s4:smb_server: Add missing newlines to logging messages Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-08-07 07:54:43 +03:00
DBG_ERR("Failed to set local address\n");
auth: Always supply both the remote and local address to the auth subsystem This ensures that gensec, and then the NTLM auth subsystem under it, always gets the remote and local address pointers for potential logging. The local address allows us to know which interface an authentication is on Signed-off-by: Andrew Bartlett <abartlet@samba.org> Pair-Programmed-by: Gary Lockyer <gary@catalyst.net.nz> Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
2017-02-23 04:31:52 +03:00
goto failed;
}
status = gensec_set_target_service_description(gensec_ctx,
"SMB");
if (!NT_STATUS_IS_OK(status)) {
s4:smb_server: Add missing newlines to logging messages Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-08-07 07:54:43 +03:00
DBG_ERR("Failed to set service description\n");
auth: Always supply both the remote and local address to the auth subsystem This ensures that gensec, and then the NTLM auth subsystem under it, always gets the remote and local address pointers for potential logging. The local address allows us to know which interface an authentication is on Signed-off-by: Andrew Bartlett <abartlet@samba.org> Pair-Programmed-by: Gary Lockyer <gary@catalyst.net.nz> Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
2017-02-23 04:31:52 +03:00
goto failed;
}
r13403: Try to better handle a case where SPNEGO isn't available (allow us to emulate the behaviour of XP standalone if required). Andrew Bartlett (This used to be commit 7f821097fbdbc9f35d96e05f85cf008f36c0eea3)
2006-02-09 06:04:48 +03:00
status = gensec_start_mech_by_oid(gensec_ctx, req->smb_conn->negotiate.oid);
r1731: Add server-side SPNEGO support to Samba (disabled, until SMB signing is reworked). Andrew Bartlett (This used to be commit 73ee549b8c54e93556ff0105941996e0d4de8303)
2004-08-11 22:09:40 +04:00
if (!NT_STATUS_IS_OK(status)) {
r13403: Try to better handle a case where SPNEGO isn't available (allow us to emulate the behaviour of XP standalone if required). Andrew Bartlett (This used to be commit 7f821097fbdbc9f35d96e05f85cf008f36c0eea3)
2006-02-09 06:04:48 +03:00
DEBUG(1, ("Failed to start GENSEC %s server code: %s\n",
Fix the build.
2008-11-03 01:58:49 +03:00
gensec_get_name_by_oid(gensec_ctx, req->smb_conn->negotiate.oid), nt_errstr(status)));
r17283: use the async calls of auth_check_password() and gensec_update() in the smb server. metze (This used to be commit 216e02c69cf5914487f0000d836d1082795487b2)
2006-07-27 23:07:15 +04:00
goto failed;
r1731: Add server-side SPNEGO support to Samba (disabled, until SMB signing is reworked). Andrew Bartlett (This used to be commit 73ee549b8c54e93556ff0105941996e0d4de8303)
2004-08-11 22:09:40 +04:00
}
r12115: bring SMB sesssetup_spnego in sync with SMB2 sesssetup metze (This used to be commit 99cf7dbb177f92df40301ed8faeeb93e89452922)
2005-12-07 11:11:50 +03:00
/* allocate a new session */
r23020: a better fix for the memory leak - this one doesn't stuff up spnego :) (This used to be commit 9a8da730a725fc9fc1a3e407273e688f44eadfe1)
2007-05-20 13:44:03 +04:00
smb_sess = smbsrv_session_new(req->smb_conn, req->smb_conn, gensec_ctx);
r17283: use the async calls of auth_check_password() and gensec_update() in the smb server. metze (This used to be commit 216e02c69cf5914487f0000d836d1082795487b2)
2006-07-27 23:07:15 +04:00
if (!smb_sess) {
status = NT_STATUS_INSUFFICIENT_RESOURCES;
goto failed;
}
s4-smb_server: Fix a use after free. If we haven't allocated the smbsrv_session then we should not free it. Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
2013-11-08 19:14:35 +04:00
is_smb_sess_new = true;
s4:smb_server/smb: only create a new session with vuid == 0 metze
2012-05-06 23:09:47 +04:00
} else {
smb_sess = smbsrv_session_find_sesssetup(req->smb_conn, vuid);
r1747: don't segfault when the spnego mech only use one call from the client to finish metze (This used to be commit ddac5e46d42d3b2daae10107b1bcb3b138de7474)
2004-08-12 07:23:19 +04:00
}
r12115: bring SMB sesssetup_spnego in sync with SMB2 sesssetup metze (This used to be commit 99cf7dbb177f92df40301ed8faeeb93e89452922)
2005-12-07 11:11:50 +03:00
if (!smb_sess) {
s4:smb_server/smb: only create a new session with vuid == 0 metze
2012-05-06 23:09:47 +04:00
status = NT_STATUS_DOS(ERRSRV, ERRbaduid);
goto failed;
}
if (smb_sess->session_info) {
status = NT_STATUS_INVALID_PARAMETER;
r17283: use the async calls of auth_check_password() and gensec_update() in the smb server. metze (This used to be commit 216e02c69cf5914487f0000d836d1082795487b2)
2006-07-27 23:07:15 +04:00
goto failed;
r12115: bring SMB sesssetup_spnego in sync with SMB2 sesssetup metze (This used to be commit 99cf7dbb177f92df40301ed8faeeb93e89452922)
2005-12-07 11:11:50 +03:00
}
r6270: Move the VUID handling to a IDR tree. This should avoid O(n) behaviour on session setups, and because we no longer need do deal with the linked list as much, the code is much simpiler too. We may be able to compleatly remove the tid and vuid linked lists, but I need to check. This patch also tries to clean up the VUID handling and session setups in general. To avoid security issues, we now have a distinction between VUIDs allocated for the session setup (to tie togeather the multiple round trips) and those used after authentication. Andrew Bartlett (This used to be commit 3e5775146d9ce6f0ac43aecae7e899b5324399ad)
2005-04-10 11:39:51 +04:00
r12115: bring SMB sesssetup_spnego in sync with SMB2 sesssetup metze (This used to be commit 99cf7dbb177f92df40301ed8faeeb93e89452922)
2005-12-07 11:11:50 +03:00
if (!smb_sess->gensec_ctx) {
status = NT_STATUS_INTERNAL_ERROR;
DEBUG(1, ("Internal ERROR: no gensec_ctx on session: %s\n", nt_errstr(status)));
goto failed;
}
r17283: use the async calls of auth_check_password() and gensec_update() in the smb server. metze (This used to be commit 216e02c69cf5914487f0000d836d1082795487b2)
2006-07-27 23:07:15 +04:00
s = talloc(req, struct sesssetup_spnego_state);
if (!s) goto nomem;
s->req = req;
s->sess = sess;
s->smb_sess = smb_sess;
r12115: bring SMB sesssetup_spnego in sync with SMB2 sesssetup metze (This used to be commit 99cf7dbb177f92df40301ed8faeeb93e89452922)
2005-12-07 11:11:50 +03:00
s4:gensec: change gensec_update_send/recv to tevent_req metze
2009-12-22 18:24:44 +03:00
subreq = gensec_update_send(s,
req->smb_conn->connection->event.ctx,
smb_sess->gensec_ctx,
sess->spnego.in.secblob);
if (!subreq) {
goto nomem;
}
s4-smb: serialise session setup operations the mixture of async and sync code in gensec makes a EOF on a socket during a session setup cause a crash. The simplest solution is to stop processing events on the socket until the session setup is complete.
2010-09-12 16:24:46 +04:00
/* disable receipt of more packets on this socket until we've
finished with the session setup. This avoids a problem with
crashes if we get EOF on the socket while processing a session
setup */
packet_recv_disable(req->smb_conn->packet);
s4:gensec: change gensec_update_send/recv to tevent_req metze
2009-12-22 18:24:44 +03:00
tevent_req_set_callback(subreq, sesssetup_spnego_send, s);
r17283: use the async calls of auth_check_password() and gensec_update() in the smb server. metze (This used to be commit 216e02c69cf5914487f0000d836d1082795487b2)
2006-07-27 23:07:15 +04:00
return;
r1731: Add server-side SPNEGO support to Samba (disabled, until SMB signing is reworked). Andrew Bartlett (This used to be commit 73ee549b8c54e93556ff0105941996e0d4de8303)
2004-08-11 22:09:40 +04:00
r17283: use the async calls of auth_check_password() and gensec_update() in the smb server. metze (This used to be commit 216e02c69cf5914487f0000d836d1082795487b2)
2006-07-27 23:07:15 +04:00
nomem:
status = NT_STATUS_NO_MEMORY;
r12115: bring SMB sesssetup_spnego in sync with SMB2 sesssetup metze (This used to be commit 99cf7dbb177f92df40301ed8faeeb93e89452922)
2005-12-07 11:11:50 +03:00
failed:
s4-smb_server: Fix a use after free. If we haven't allocated the smbsrv_session then we should not free it. Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
2013-11-08 19:14:35 +04:00
if (is_smb_sess_new) {
talloc_free(smb_sess);
}
s4-nterr: move auth_nt_status_squash to nt_status_squash and move to nterr.c Guenther
2011-03-03 03:05:33 +03:00
status = nt_status_squash(status);
r17283: use the async calls of auth_check_password() and gensec_update() in the smb server. metze (This used to be commit 216e02c69cf5914487f0000d836d1082795487b2)
2006-07-27 23:07:15 +04:00
smbsrv_sesssetup_backend_send(req, sess, status);
first public release of samba4 code (This used to be commit b0510b5428b3461aeb9bbe3cc95f62fc73e2b97f)
2003-08-13 05:53:07 +04:00
}
/*
r1268: varient -> variant (This used to be commit de5984c95602ca67e8ac3139c3aa4330b74266e0)
2004-06-27 15:06:10 +04:00
backend for sessionsetup call - this takes all 3 variants of the call
first public release of samba4 code (This used to be commit b0510b5428b3461aeb9bbe3cc95f62fc73e2b97f)
2003-08-13 05:53:07 +04:00
*/
r17283: use the async calls of auth_check_password() and gensec_update() in the smb server. metze (This used to be commit 216e02c69cf5914487f0000d836d1082795487b2)
2006-07-27 23:07:15 +04:00
void smbsrv_sesssetup_backend(struct smbsrv_request *req,
union smb_sesssetup *sess)
first public release of samba4 code (This used to be commit b0510b5428b3461aeb9bbe3cc95f62fc73e2b97f)
2003-08-13 05:53:07 +04:00
{
r4777: added a smb_composite_sesssetup() async composite function. This encapsulates all the different session setup methods, including the multi-pass spnego code. I have hooked this into all the places that previously used the RAW_SESSSETUP_GENERIC method, and have removed the old RAW_SESSSETUP_GENERIC code from clisession.c and clitree.c. A nice side effect is that these two modules are now very simple again, back to being "raw" session setup handling, which was what was originally intended. I have also used this to replace the session setup code in the smb_composite_connect() code, and used that to build a very simple replacement for smbcli_tree_full_connection(). As a result, smbclient, smbtorture and all our other SMB connection code now goes via these composite async functions. That should give them a good workout! (This used to be commit 080d0518bc7d6fd4bc3ef783e7d4d2e3275d0799)
2005-01-16 14:15:08 +03:00
switch (sess->old.level) {
first public release of samba4 code (This used to be commit b0510b5428b3461aeb9bbe3cc95f62fc73e2b97f)
2003-08-13 05:53:07 +04:00
case RAW_SESSSETUP_OLD:
r17283: use the async calls of auth_check_password() and gensec_update() in the smb server. metze (This used to be commit 216e02c69cf5914487f0000d836d1082795487b2)
2006-07-27 23:07:15 +04:00
sesssetup_old(req, sess);
return;
first public release of samba4 code (This used to be commit b0510b5428b3461aeb9bbe3cc95f62fc73e2b97f)
2003-08-13 05:53:07 +04:00
case RAW_SESSSETUP_NT1:
r17283: use the async calls of auth_check_password() and gensec_update() in the smb server. metze (This used to be commit 216e02c69cf5914487f0000d836d1082795487b2)
2006-07-27 23:07:15 +04:00
sesssetup_nt1(req, sess);
return;
first public release of samba4 code (This used to be commit b0510b5428b3461aeb9bbe3cc95f62fc73e2b97f)
2003-08-13 05:53:07 +04:00
case RAW_SESSSETUP_SPNEGO:
r17283: use the async calls of auth_check_password() and gensec_update() in the smb server. metze (This used to be commit 216e02c69cf5914487f0000d836d1082795487b2)
2006-07-27 23:07:15 +04:00
sesssetup_spnego(req, sess);
return;
r15741: move smb2 request structures into the main smb request structs as new levels metze (This used to be commit 91806353174704857dfcc15a730af7232cfde660)
2006-05-20 14:46:38 +04:00
case RAW_SESSSETUP_SMB2:
break;
first public release of samba4 code (This used to be commit b0510b5428b3461aeb9bbe3cc95f62fc73e2b97f)
2003-08-13 05:53:07 +04:00
}
r17283: use the async calls of auth_check_password() and gensec_update() in the smb server. metze (This used to be commit 216e02c69cf5914487f0000d836d1082795487b2)
2006-07-27 23:07:15 +04:00
smbsrv_sesssetup_backend_send(req, sess, NT_STATUS_INVALID_LEVEL);
first public release of samba4 code (This used to be commit b0510b5428b3461aeb9bbe3cc95f62fc73e2b97f)
2003-08-13 05:53:07 +04:00
}
Copy Permalink