1
0
mirror of https://github.com/samba-team/samba.git synced 2024-12-27 03:21:53 +03:00
Commit Graph

211 Commits

Author SHA1 Message Date
Volker Lendecke
6c019b8755 Slightly simplify reply_sesssetup_blob(): Remove an else branch 2008-10-22 17:53:22 +02:00
Volker Lendecke
84df0a6870 Don't push the data out to the client in reply_sesssetup_blob()
Sending the data at this level breaks the assumption at higher levels that
req->outbuf == NULL means this request is deferred. It also breaks potential
chaining (Kerberos session setup and tcon X in one request)
2008-10-22 17:53:22 +02:00
Jeremy Allison
4a5ccfb91f Don't re-initialize a token when we already have one. This fixes the build farm failures when winbindd connects as guest.
This one took a *lot* of tracking down :-).
Jeremy.
(This used to be commit dca8277912)
2008-08-22 13:49:46 -07:00
Volker Lendecke
c38a1e06b5 Fix type error in debug message
(This used to be commit eb281532b1)
2008-05-20 23:08:42 +02:00
Karolin Seeger
bdcc7ddc1e sesssetup.c: Add debug message.
Log when we kill other smbd sessions like when we hit the VC == 0 case.
This one fixes BUG #5476.
Initial patch from Björn Jacke <bj@sernet.de>.

Karolin
(This used to be commit 1429f3b7cf)
2008-05-20 11:09:06 +02:00
Volker Lendecke
6b6bb484a8 Fix a memleak in new auth_serversupplied code
(This used to be commit f23e970848)
2008-05-11 00:23:36 +02:00
Volker Lendecke
4f9b325fb2 Fix a memleak
(This used to be commit 9891c7c308)
2008-05-10 23:27:21 +02:00
Volker Lendecke
0283e95a7c Add a mem_ctx argument to make_server_info_guest()
(This used to be commit e4a9492967)
2008-05-10 11:16:59 +02:00
Volker Lendecke
64ddd381b7 Rename server_info->was_mapped to server_info->nss_token
"nss_token" from my point of view much better reflects what this flag actually
represents
(This used to be commit b121a5acb2)
2008-05-07 14:47:29 +02:00
Volker Lendecke
0636236eec Fix typo
(This used to be commit 8047a1991a)
2008-05-05 18:28:59 +02:00
Volker Lendecke
82d2f07dae Remove "session_key" from "struct user_struct"
This one took a bit -- I hope I covered all data paths
(This used to be commit 74c88a4442)
2008-05-05 18:28:59 +02:00
Bill Ricker
f700ee6418 Fix Kerberos interop with Mac OS X 10.5 clients.
Ignore optional req_flags. Use the Kerberos mechanism OID negotiated
with the client rather than hardcoding OID_KERBEROS5_OLD.
(This used to be commit 59a2bcf30f)
2008-04-07 15:05:51 -07:00
Jeremy Allison
7752494cf1 Fix up the comments on security=share to explain we're
ignoring passwords.
Jeremy.
(This used to be commit e7b6ea4653)
2008-03-27 16:08:39 -07:00
Michael Adam
be2fab1fef smbd: fix session setup with security = share.
Broken by pstring removal in 9ed12bfc48.
Jeremy, please check.

Thanks to Yannick Bergeron <yaberger@ca.ibm.com> for noting this.

Michael
(This used to be commit 008c4bdbe5)
2008-03-20 17:00:36 +01:00
Günther Deschner
23cd8e5ea7 Be more verbose why create local token has failed during
NTLMSSP and Kerberos session setup

Guenther
(This used to be commit 18b8c2c19e)
2008-03-06 12:27:11 +01:00
Günther Deschner
65fc3ae070 Use new structs in reply_spnego_kerberos().
Guenther
(This used to be commit c55160f8e8)
2008-02-17 02:11:59 +01:00
Jeremy Allison
4754c2bafe Correctly use SPNEGO to negotiate down from krb5 to NTLMSSP.
Previously we didn't implement the 'NEGO' part of SPNEGO :-).
Jeremy.
(This used to be commit 8767a0dab9)
2008-02-14 18:10:50 -08:00
Stefan Metzmacher
de48cd925a smbd: use make usage of wbcDomainInfo()
metze
(This used to be commit 9d6b43ea10)
2008-02-11 18:14:15 +01:00
Jeremy Allison
43717a16e2 Fix CID 476. Ensure a valid pac_data pointer is always passed to
ads_verify_ticket as it's always derefed.
Jeremy.
(This used to be commit 0599d57eff)
2008-01-11 23:53:27 -08:00
Jeremy Allison
d5bd2e7000 Can't use logical operations on boolean values.
Jeremy.
(This used to be commit 34cd9b5b51)
2008-01-04 22:56:06 -08:00
Jeremy Allison
29562987c3 Now conn is part of smb_request, we don't need it as
an extra parameter. This cleans up quite a few places
we were passing it around without needing it.
Jeremy.
(This used to be commit 8f36def18e)
2008-01-04 15:37:24 -08:00
Jeremy Allison
9254bb4ef1 Refactor the crypto code after a very helpful conversation
with Volker. Mostly making sure we have data on the incoming
packet type, not stored in the smb header.
Jeremy.
(This used to be commit c4e5a50504)
2008-01-04 12:56:23 -08:00
Jeremy Allison
41ae2a0a17 Remove last pstring from sesssetup.c
Jeremy.
(This used to be commit 9ed12bfc48)
2007-11-10 15:36:47 -08:00
Jeremy Allison
5b0b4f23ef Remove most of the remaining globals out of lib/util_sock.c.
I have a plan for dealing with the remaining..... Watch
this space.
Jeremy.
(This used to be commit 963fc76852)
2007-11-03 23:20:10 -07:00
Jeremy Allison
25074433f4 I can't get away without a 'length' arg. :-).
Jeremy.
(This used to be commit 95d01279a5)
2007-11-03 18:41:26 -07:00
Jeremy Allison
6658165d5e Stop get_peer_addr() and client_addr() from using global
statics. Part of my library cleanups.
Jeremy.
(This used to be commit e848506c85)
2007-11-03 18:15:45 -07:00
Jeremy Allison
30191d1a57 RIP BOOL. Convert BOOL -> bool. I found a few interesting
bugs in various places whilst doing this (places that assumed
BOOL == int). I also need to fix the Samba4 pidl generation
(next checkin).
Jeremy.
(This used to be commit f35a266b3c)
2007-10-18 17:40:25 -07:00
Jeremy Allison
cb5436bcc3 Add const to the get_peer_addr() and get_socket_addr()
calls. Use the IPv6 varient for get_peer_addr().
Jeremy.
(This used to be commit baf1f52e34)
2007-10-11 15:36:13 -07:00
Michael Adam
30fc640057 r25286: Fix one more caller of unistr2_to_ascii() that passed
in -1 for maxlen.

Michael
(This used to be commit cd3d652d0d)
2007-10-10 12:30:57 -05:00
Volker Lendecke
b578db69e9 r24702: Remove the old API pointers
(This used to be commit 17df313db4)
2007-10-10 12:30:14 -05:00
Volker Lendecke
7bd8ad3c92 r24661: Fix some obvious diffs between 3_2 and 3_2_0
Jeremy, there are two remaining diffs in sesssetup.c which I don't really
know which one is right. Can you take a look?

Thanks,

Volker
(This used to be commit d82f354487)
2007-10-10 12:30:13 -05:00
Jeremy Allison
a689f6082b r24638: Remove redundent setting of vuid.
Jeremy
(This used to be commit fd682c3f39)
2007-10-10 12:30:12 -05:00
Jeremy Allison
644b43d993 r24590: Reformatting to coding standards. Added my (C) in places it already should
have been :-).
Jeremy.
(This used to be commit 41611a22ed)
2007-10-10 12:30:08 -05:00
Jeremy Allison
57e2718e09 r24589: Refactor our vuid code so that we keep the same
vuid that was allocated whilst the connection is
being constructed and after the connection has been set up.
This is what Windows does and at least one client
(and HP printer) depends on this behaviour. As it
depends on the req struct not yet ported to SAMBA_3_2_0
(Volker, hint hint.... :-) I am not yet adding this
to that branch, but will investigate that tomorrow.
Jeremy.
(This used to be commit a54f2805df)
2007-10-10 12:30:08 -05:00
Volker Lendecke
b91704d47b r24135: Convert call_trans2open to the new API
This itself won't help much, because send_trans2_replies_new still allocates
the big buffers, but stay tuned :-)

Also add/update my copyright on stuff I recently touched.

Volker
(This used to be commit 248f15ff14)
2007-10-10 12:29:10 -05:00
Volker Lendecke
7d2d4ddfa2 r24056: Another big one: This converts reply_sesssetup_and_X to the new API. As usual,
its history can be found on http://samba.org/~vlendec/sesssetup/. This very
obviously needs close review.

Volker
(This used to be commit 35675a6a33)
2007-10-10 12:29:00 -05:00
Volker Lendecke
e29325a6ce r24050: Fix a typo
(This used to be commit 53027d0ee2)
2007-10-10 12:29:00 -05:00
Volker Lendecke
cc6a41017c r23997: Check in the infrastructure for getting rid of the global InBuffer/OutBuffer
The complete history of this patch can be found under
http://www.samba.org/~vlendec/inbuf-checkin/.

Jeremy, Jerry: If possible I would like to see this in 3.2.0. I'm only
checking into 3_2 at the moment, as it currently will slow down operations for
all non-converted (i.e. all at this moment) operations, as it will copy the
talloc'ed inbuf over the global InBuffer. It will need quite a bit of effort
to convert everything necessary for the normal operations an XP box does.

I have patches for negprot, session setup, tcon_and_X, open_and_X, close. More
to come, but I would appreciate some help here.

Volker
(This used to be commit 5594af2b20)
2007-10-10 12:28:53 -05:00
Andrew Tridgell
5e54558c6d r23784: use the GPLv3 boilerplate as recommended by the FSF and the license text
(This used to be commit b0132e94fc)
2007-10-10 12:28:22 -05:00
Jeremy Allison
d824b98f80 r23779: Change from v2 or later to v3 or later.
Jeremy.
(This used to be commit 407e6e695b)
2007-10-10 12:28:20 -05:00
Jeremy Allison
d3965a2689 r23736: Use local variable of smb_flag2 instead of using the macro every time.
Jeremy.
(This used to be commit 9e1663b1f1)
2007-10-10 12:23:50 -05:00
Volker Lendecke
fcda5b5896 r23726: Explicitly pass down the FLAGS2 field to srvstr_pull_buf. The next
checkin will pull this up to srvstr_get_path. At that point we can get more
independent of the inbuf, the base_ptr in pull_string will only be used
to satisfy UCS2 alignment constraints.
(This used to be commit 836782b07b)
2007-10-10 12:23:49 -05:00
Gerald Carter
4caefdf348 r23474: Here's a small patch that disables the libkrb5.so replay cache
when verifying a ticket from winbindd_pam.c.

I've found during multiple, fast, automated SSH logins (such
as from a cron script) that the replay cache in MIT's krb5
lib will occasionally fail the krb5_rd_req() as a replay attack.

There seems to be a small window during which the MIT krb5
libs could reproduce identical time stamps for ctime and cusec
in the authenticator since Unix systems only give back
milli-seconds rather than the micro-seconds needed by the
authenticator.  Checked against MIT 1.5.1.  Have not
researched how Heimdal does it.

My thinking is that if someone can spoof the KDC and TDS
services we are pretty hopeless anyways.
(This used to be commit cbd33da9f7)
2007-10-10 12:23:19 -05:00
Volker Lendecke
fff51a9af2 r23172: Change shutdown_other_smbds to use connections_traverse instead of
session_traverse.
(This used to be commit ccb5eb245e)
2007-10-10 12:22:52 -05:00
Volker Lendecke
fad7dd8a60 r22868: Replace some message_send_pid calls with messaging_send_pid calls. More
tomorrow.
(This used to be commit 74fa57ca5d)
2007-10-10 12:22:04 -05:00
Volker Lendecke
b4a7b7a888 r22844: Introduce const DATA_BLOB data_blob_null = { NULL, 0, NULL }; and
replace all data_blob(NULL, 0) calls.
(This used to be commit 3d3d61687e)
2007-10-10 12:22:01 -05:00
Volker Lendecke
76ce309234 r22751: Next step for the cluster merge: sessionid.tdb should contain a 'struct
server_id' instead of a 'uint32 pid'
(This used to be commit be7bac55c3)
2007-10-10 12:21:54 -05:00
Volker Lendecke
7192160599 r22747: Fix some C++ warnings
(This used to be commit a66a04e9f1)
2007-10-10 12:21:54 -05:00
Jeremy Allison
0829e1ad1c r22391: Looks bigger than it is. Make "inbuf" available
to all callers of smb_setlen (via set_message()
calls). This will allow the server to reflect back
the correct encryption context.
Jeremy.
(This used to be commit 2d80a96120)
2007-10-10 12:19:30 -05:00
Gerald Carter
90dc261315 r22095: BUG 4484: Add more checks to set %a for Vista clients (based on absence of native OS and Lanman strings in the session setup request)
(This used to be commit e5c9fc937d)
2007-10-10 12:19:11 -05:00