1
0
mirror of https://github.com/samba-team/samba.git synced 2024-12-25 23:21:54 +03:00
Commit Graph

68 Commits

Author SHA1 Message Date
Stefan Metzmacher
894e5001c7 smbd: add an effective {smb,smbd_smb2}_request->ev_ctx that holds the event context used for the request processing
In future this will an impersonation wrapper tevent_context based on the
user session.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
2018-06-18 08:59:21 +02:00
Ralph Wuerthner
5bba8c393d s3:smb2_tcon: Add check to prevent non-DFS clients from connecting to an msdfs proxy.
Signed-off-by: Ralph Wuerthner <ralph.wuerthner@de.ibm.com>
Reviewed-by: David Disseldorp <ddiss@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Sat Apr  7 05:05:22 CEST 2018 on sn-devel-144
2018-04-07 05:05:22 +02:00
Jeremy Allison
8dabcf8948 s3: debug: smb2: Create a new DBGC_SMB2 debug class and mark all smbd/smb2_*.c files with it.
Will allow easier smb2-specific debugging.

https://bugzilla.samba.org/show_bug.cgi?id=13347

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Böhme <slow@samba.org>
2018-03-22 02:15:13 +01:00
Stefan Metzmacher
f8974bcdbf s3:smb2_tcon: allow a compound request after a TreeConnect
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12844

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2017-06-17 06:39:20 +02:00
Ralph Boehme
b0b418c225 s3/smbd: ensure global "smb encrypt = off" is effective for share with "smb encrypt = desired"
If encryption is disabled globally, per definition we shouldn't allow
enabling encryption on individual shares.

The behaviour of specifying

[Global]
  smb encrypt = off

[share]
  smb encrypt = desired

must be an unecrypted tree connect to the share "share".

Bug: https://bugzilla.samba.org/show_bug.cgi?id=12520

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2017-01-27 22:00:17 +01:00
Ralph Boehme
bfdffea0fa s3:smb2_server: convert encryption desired and required bools to flags
This adds a bitmap smbXsrv_encrpytion_flags with flags to the
smbXsrv_session_global.tdb and smbXsrv_tcon_global.tdb that we use
instead of bools for desired and required.

We need this info in the smbXsrv tdbs for smbstatus. Subsequent commits
for smbstatus will use it.

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2016-01-22 07:52:20 +01:00
Michael Adam
41cb881e77 smbd:smb2: only enable encryption in tcon if desired
Don't enforce it but only announce DATA_ENCRYPT,
making use of encryption_desired in tcon.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11372

Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
2015-07-07 14:05:27 +02:00
Stefan Metzmacher
873d3ccd48 s3:smb2_tcon: require a signed request when authentication is used for SMB >= 3.11
Disconnect the client if the request is not signed.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>

Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Sat Jun  6 03:19:33 CEST 2015 on sn-devel-104
2015-06-06 03:19:33 +02:00
Stefan Metzmacher
f71941491b s3:smb2_tcon: cancel pending requests on all connections on tdis
Bug: https://bugzilla.samba.org/show_bug.cgi?id=11182

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2015-05-06 22:33:19 +02:00
Volker Lendecke
b3385f74db smbd: Make SMB3 clients use encryption with "smb encrypt = auto"
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>

Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Tue Mar  3 10:40:42 CET 2015 on sn-devel-104
2015-03-03 10:40:42 +01:00
Stefan Metzmacher
1ed30a6ba7 s3:smb2_server: check xconn->smb2.server.cipher instead of xconn->smb2.server.capabilities
SMB 3.10 and later won't have SMB2_CAP_ENCRYPTION anymore.

xconn->smb2.server.cipher == 0 is the indication that we don't support encryption on the connection.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2014-10-16 19:30:04 +02:00
Stefan Metzmacher
2dd215919d s3:smbd: pass smbd_smb2_request to make_connection_smb2()
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
2014-09-19 09:15:11 +02:00
Stefan Metzmacher
4a07b14cea s3:smb2_server: pass smbXsrv_connection to smbd_server_connection_terminate*()
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
2014-08-06 09:51:13 +02:00
Stefan Metzmacher
c9e171ff72 s3:smb2_*: make use of smb2req->xconn where possible
We need to use the connection that is used by the current request.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
2014-08-06 09:51:13 +02:00
Stefan Metzmacher
92e96bedfb s3:smb2_server: move sconn->smb2.requests to xconn->smb2.requests
This prepares the structures for multi-channel support.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
2014-08-06 09:51:11 +02:00
Stefan Metzmacher
95f96a8108 s3:smb2_tcon: cancel and wait for pending requests on tdis
Bug: https://bugzilla.samba.org/show_bug.cgi?id=10344
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2014-03-12 09:27:38 -07:00
Jeremy Allison
195c2d8480 s3:smb2_tcon: split smbd_smb2_tdis into an async *_send/recv pair.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=10344

Pair-Programmed-With: Stefan Metzmacher <metze@samba.org>

Signed-off-by: Jeremy Allison <jra@samba.org>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
2014-03-12 09:27:37 -07:00
Stefan Metzmacher
ec8dedb50f s3:smb2_tcon: make use of smbd_smb2_generate_outbody()
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2014-03-05 13:59:22 -08:00
Garming Sam
debda15785 param: rename lp function and variable from "hideunwriteable_files" to "hide_unwriteable_files"
Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2014-02-07 16:19:11 -08:00
Garming Sam
324a976653 param: rename lp function and variable from "hideunreadable" to "hide_unreadable"
Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2014-02-07 16:19:11 -08:00
Stefan Metzmacher
f76436c6ea s3:smbd: fill tcon->global->session_global_id
metze

Signed-off-by: Michael Adam <obnox@samba.org>
2012-10-19 12:15:02 +02:00
Jeremy Allison
b70f23c2b5 Correctly check for errors in strlower_m() returns. 2012-08-09 12:08:18 -07:00
Stefan Metzmacher
95e4270813 s3:smb2_tcon: set global->encryption_required and enforce it
This the account or client doesn't support encryption we should
reject the tree connect.

metze
2012-08-09 08:21:35 +02:00
Stefan Metzmacher
f08e478d2f s3:smb2_tcon: make use of SMBD_SMB2_* macros
metze
2012-08-05 20:55:37 +02:00
Stefan Metzmacher
88f326a2c0 s3:smb2_tcon: reject access to shares mark as "smb encrypt = required"
We do not support SMB2 transport encryption yet.

metze
2012-07-23 18:19:36 +02:00
Rusty Russell
fe72740e82 loadparm: make the source3/ lp_ functions take an explicit TALLOC_CTX *.
They use talloc_tos() internally: hoist that up to the callers, some
of whom don't want to us talloc_tos().

A simple patch, but hits a lot of files.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2012-07-18 15:07:23 +09:30
Stefan Metzmacher
463b308f16 s3:smbd: make use of smbXsrv_tcon and smbXsrv_session for smb2
The removes the protocol specific smbd_smb2_session and
smbd_smb2_tcon.

Pair-Programmed-With: Michael Adam <obnox@samba.org>

metze
2012-06-25 20:55:06 +02:00
Stefan Metzmacher
f52e5738a2 s3:smbd: use 'struct user_struct' instead of typedef'ed 'user_struct'
metze
2012-06-06 10:18:39 +02:00
Stefan Metzmacher
302f767fb7 s3:smb2_tcon: make the top level code async using
metze
2012-05-14 15:12:33 +02:00
Stefan Metzmacher
b19a9dbb5b s3:smb2_tcon: add smbd_smb2_tree_connect_send/recv as wrapper
metze
2012-05-14 15:12:33 +02:00
Stefan Metzmacher
f6b6e963f6 s3:smbd: keep 'num_connections' and 'connections' directly under smbd_server_connection
The plan is to have connection_struct as some kind of low level
abstraction for a smb1/smb2 tree connects, that can be used by SMB_VFS modules.

metze
2012-03-06 21:26:05 +01:00
Andrew Bartlett
d7bb961859 s3-auth: Remove security=share (depricated since 3.6).
This patch removes security=share, which Samba implemented by matching
the per-share password provided by the client in the Tree Connect with
a selection of usernames supplied by the client, the smb.conf or
guessed from the environment.

The rationale for the removal is that for the bulk of security=share
users, we just we need a very simple way to run a 'trust the network'
Samba server, where users mark shares as guest ok.  This is still
supported, and the smb.conf options are documented at
https://wiki.samba.org/index.php/Public_Samba_Server

At the same time, this closes the door on one of the most arcane areas
of Samba authentication.

Naturally, full user-name/password authentication remain available in
security=user and above.

This includes documentation updates for username and only user, which
now only do a small amount of what they used to do.

Andrew Bartlett

                       --------------
                      /              \
                     /      REST      \
                    /        IN        \
                   /       PEACE        \
                  /                      \
                  |      SEC_SHARE       |
                  |    security=share    |
                  |                      |
                  |                      |
                  |       5 March        |
                  |                      |
                  |        2012          |
                 *|     *  *  *          | *
        _________)/\\_//(\/(/\)/\//\/\///|_)_______
2012-03-04 23:33:05 +01:00
Jeremy Allison
39c627b607 Fix bug 8710 - connections.tdb - major leak with SMB2.
Ensure the cnum used to claim the connection for SMB2 is the
id that will be used for the SMB2 tcon. Based on code from
Ira Cooper <ira@wakeful.net>.

Autobuild-User: Jeremy Allison <jra@samba.org>
Autobuild-Date: Wed Jan 18 23:14:32 CET 2012 on sn-devel-104
2012-01-18 23:14:32 +01:00
Christian Ambach
717a27ba22 s3:smb2 report access_based_dir_enum in tcon reply
let the client know when hide unreadable or hide unwriteable files
is set for a share
2011-11-24 17:26:02 +01:00
Christian Ambach
faf8b9bba0 s3:smb2 do not set allow_namespace_caching flag for a share
this matches Win7/2002R2 behavior and clients also must ignore
this flag when set (MS-SMB 2.2.10), so we should not set it at all
2011-11-24 17:25:58 +01:00
Stefan Metzmacher
68b33aa61a s3:smb2_server: return BAD_NETWORK_NAME if the path is terminated in SMB2_TCON
metze
2011-09-07 10:38:08 +02:00
Stefan Metzmacher
02f7c37e67 s3:smb2_server: use smbd_smb2_request_verify_sizes() in smb2_tcon.c
metze
2011-09-07 10:38:03 +02:00
Andrew Bartlett
9289537993 s3-auth Use struct auth_user_info_unix for unix_name and sanitized_username
This is closer to the layout of struct auth_session_info in auth.idl

Andrew Bartlett

Signed-off-by: Andrew Tridgell <tridge@samba.org>
2011-07-20 09:17:11 +10:00
Stefan Metzmacher
a1046389ff s3:smb2_tcon: return the correct maximal_access on the share
metze
2011-07-11 21:33:29 +02:00
Jeremy Allison
fe3992541d Move smbd_smb2_request_check_tcon() smbd_smb2_request_check_session() next to their only user and make them static. Add comments.
Autobuild-User: Jeremy Allison <jra@samba.org>
Autobuild-Date: Fri Jul  8 21:01:40 CEST 2011 on sn-devel-104
2011-07-08 21:01:40 +02:00
Andrew Bartlett
489f528857 param: Merge param headers into lib/param/loadparm.h
This defines a common table format, so we can in future define a
common table.

Andrew Bartlett
2011-06-29 15:44:09 +10:00
Jeremy Allison
02af307585 More simple const fixes. 2011-05-05 23:56:07 +02:00
Günther Deschner
af300a9fcb s3-auth: smbd needs auth.h
Guenther
2011-03-30 01:13:09 +02:00
Günther Deschner
8c24ebf371 s3: include smbd/smbd.h where needed.
Guenther
2011-03-30 01:13:08 +02:00
Andrew Tridgell
15e84a9a09 charcnv: removed the allow_badcharcnv and allow_bad_conv options to convert_string*()
we shouldn't accept bad multi-byte strings, it just hides problems

Autobuild-User: Andrew Tridgell <tridge@samba.org>
Autobuild-Date: Thu Mar 24 01:47:26 CET 2011 on sn-devel-104
2011-03-24 01:47:26 +01:00
Andrew Bartlett
2e69e89456 s3-auth Rename auth_serversupplied_info varaiables: server_info -> session_info
These variables, of type struct auth_serversupplied_info were poorly
named when added into 2001, and in good consistant practice, this has
extended all over the codebase in the years since.

The structure is also not ideal for it's current purpose.  Originally
intended to convey the results of the authentication modules, it
really describes all the essential attributes of a session.  This
rename will reduce the volume of a future patch to replaced these with
a struct auth_session_info, with auth_serversupplied_info confined to
the lower levels of the auth subsystem, and then eliminated.

(The new structure will be the output of create_local_token(), and the
change in struct definition will ensure that this is always run, populating
local groups and privileges).

Andrew Bartlett

Signed-off-by: Stefan Metzmacher <metze@samba.org>
2011-02-22 16:20:10 +11:00
Jeremy Allison
f0dcc90f72 Fix bug 7781 - Samba transforms ShareName to lowercase (sharename) when adding new share via MMC
Change the find_service() interface to not depend on fstring, and
create a useable talloc-based interface.

Jeremy.
2010-11-10 01:14:17 +00:00
Jeremy Allison
edefaf5bed Move tcons.num_open from smb1 to sconn->num_tcons_open as this is needed for SMB2 also. 2010-10-19 15:13:17 -07:00
Andrew Bartlett
f768b32e37 libcli/security Provide a common, top level libcli/security/security.h
This will reduce the noise from merges of the rest of the
libcli/security code, without this commit changing what code
is actually used.

This includes (along with other security headers) dom_sid.h and
security_token.h

Andrew Bartlett

Autobuild-User: Andrew Bartlett <abartlet@samba.org>
Autobuild-Date: Tue Oct 12 05:54:10 UTC 2010 on sn-devel-104
2010-10-12 05:54:10 +00:00
Volker Lendecke
1d3bd5b1c0 s3: Fix some uninitialized variable warnings 2010-08-30 15:57:14 +02:00