sin/samba-mirror
1
0
Fork 0
mirror of https://github.com/samba-team/samba.git synced 2024-12-25 23:21:54 +03:00
Code
85,107 Commits 60 Branches 1,144 Tags 452 MiB
d7d75fd311
Commit Graph

123 Commits

Author SHA1 Message Date
Gregor Beck
e24b1041b1 s3:smbd: initialize session->global before calling session_claim 
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Michael Adam <obnox@samba.org>
 2012-10-19 12:14:59 +02:00
Gregor Beck
02b9b79447 s3:smbd: remove smbd_server_connection argument from session_claim() 
retrieve the server connection from the smbXsrv_session  argument instead.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Michael Adam <obnox@samba.org>
 2012-10-19 12:14:59 +02:00
Gregor Beck
4878769f8e s3:smbd: pass smbXsrv_session instead of user_struct to session_claim() and session_yield() 
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Michael Adam <obnox@samba.org>
 2012-10-19 12:14:59 +02:00
Jeremy Allison
49a335731a Revert "Fix bug #9222 - smbd ignores the "server signing = no" setting for SMB2." 
This reverts commit dfd3c31a3f.

As Metze pointed out:

From MS-SMB2 section 2.2.4:

SMB2_NEGOTIATE_SIGNING_ENABLED

When set, indicates that security signatures are enabled
on the server. The server MUST set this bit, and the client MUST return
STATUS_INVALID_NETWORK_RESPONSE if the flag is missing.

I'll submit a documentation bug to fix #9222 that way.
 2012-10-03 12:50:42 -07:00
Jeremy Allison
dfd3c31a3f Fix bug #9222 - smbd ignores the "server signing = no" setting for SMB2. 
Still sign if client request is signed, just don't negotiate it in
negprot or sessionsetup.

Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Wed Oct  3 00:59:42 CEST 2012 on sn-devel-104
 2012-10-03 00:59:42 +02:00
Jeremy Allison
bd2f1604d7 Make metze happy and the code clearer :-). 
Ensure we know after the destructor fires we're never going to
look at this again.

Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Wed Sep 12 03:00:21 CEST 2012 on sn-devel-104
 2012-09-12 03:00:20 +02:00
Jeremy Allison
ba5f557b5d Fix talloc memory heirarchy bug. If there's an SMB2 sessionsetup in flight when we're shut down, we end up freeing the struct smbXsrv_session *session pointer twice. 
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Mon Sep 10 23:34:06 CEST 2012 on sn-devel-104
 2012-09-10 23:34:06 +02:00
Stefan Metzmacher
54dfd08cb2 s3:smb2_server: use smbXsrv_session->nonce_* 
metze
 2012-08-23 08:23:07 +02:00
Stefan Metzmacher
0d7b17f4db s3:smb2_sesssetup: setup global->[en|de]cryption_key 
metze

Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Thu Aug  9 09:59:02 CEST 2012 on sn-devel-104
 2012-08-09 09:59:02 +02:00
Stefan Metzmacher
64dce26533 s3:smb2_sesssetup: set global->encryption_required and enforce it 
This the account or client doesn't support encryption we should
reject the session setup.

metze
 2012-08-09 08:21:35 +02:00
Stefan Metzmacher
6bfdca4786 s3:smb2_sesssetup: remove unused code in smbd_smb2_reauth_generic_return() 
A reauth exchange is already signed, with the channel signing key.

metze
 2012-08-08 05:37:49 +02:00
Stefan Metzmacher
5f7d786b08 s3:smb2_sesssetup: remove TALLOC_FREE(session) from smbd_smb2_[re]auth_generic_return 
The caller does this via the smbd_smb2_session_setup_state_destructor()

metze
 2012-08-08 05:37:49 +02:00
Stefan Metzmacher
559742f45f s3:smb2_sesssetup: make use of SMBD_SMB2_* macros 
metze
 2012-08-05 20:55:36 +02:00
Stefan Metzmacher
df08929d28 s3:smb2_sesssetup: reject SMB2_SESSION_FLAG_BINDING requests 
metze

Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Thu Jul 26 02:08:56 CEST 2012 on sn-devel-104
 2012-07-26 02:08:56 +02:00
Stefan Metzmacher
45cd2bc2b3 s3:smb2_sesssetup: make use of smb2srv_session_close_previous_send/recv 
metze
 2012-06-25 20:55:07 +02:00
Stefan Metzmacher
ed75069460 s3:smb2_sesssetup: inline gensec_session_info() call 
metze
 2012-06-25 20:55:07 +02:00
Stefan Metzmacher
1b8bcaeda3 s3:smb2_sesssetup: make use of gensec_update_send/recv 
metze
 2012-06-25 20:55:07 +02:00
Stefan Metzmacher
f32e99a0fc s3:smb2_sesssetup: inline most of smbd_smb2_session_setup() 
metze
 2012-06-25 20:55:07 +02:00
Stefan Metzmacher
d2e1058f42 s3:smb2_sesssetup: implement dynamic re-authentication and expire sessions 
metze
 2012-06-25 20:55:06 +02:00
Stefan Metzmacher
463b308f16 s3:smbd: make use of smbXsrv_tcon and smbXsrv_session for smb2 
The removes the protocol specific smbd_smb2_session and
smbd_smb2_tcon.

Pair-Programmed-With: Michael Adam <obnox@samba.org>

metze
 2012-06-25 20:55:06 +02:00
Stefan Metzmacher
ef408e5068 s3:smb2_sesssetup: add support for SMB 2.24/3.00 signing 
metze
 2012-06-25 20:55:06 +02:00
Stefan Metzmacher
02d206ee64 s3:smb2_sesssetup: make use of the smbXsrv_session infrastructure 
We still have smbd_smb2_session as primary structure,
but that will went away once we got rid of smbd_smb2_tcon.

metze
 2012-06-25 20:55:06 +02:00
Stefan Metzmacher
02d9ba6ee1 s3:smbd: change user_struct->vuid to uint64_t 
Only sconn->smb1.sessions.next_vuid remains as uint16_t,
so that we do not generate larger values yet.

metze

Autobuild-User: Stefan Metzmacher <metze@samba.org>
Autobuild-Date: Wed Jun  6 12:07:33 CEST 2012 on sn-devel-104
 2012-06-06 12:07:33 +02:00
Stefan Metzmacher
f52e5738a2 s3:smbd: use 'struct user_struct' instead of typedef'ed 'user_struct' 
metze
 2012-06-06 10:18:39 +02:00
Stefan Metzmacher
ff700acdd0 s3:smb2_sesssetup: make use of nt_status_squash() in smbd_smb2_session_setup_recv() 
metze
 2012-05-17 12:59:08 +02:00
Stefan Metzmacher
8f887ce164 s3:smb2_sesssetup: make the top level code async using 
metze

Autobuild-User: Stefan Metzmacher <metze@samba.org>
Autobuild-Date: Sun May 13 17:59:39 CEST 2012 on sn-devel-104
 2012-05-13 17:59:39 +02:00
Stefan Metzmacher
1b8645b4c8 s3:smb2_sesssetup: add smbd_smb2_session_setup_send/recv as wrapper 
This just adds smbd_smb2_session_setup_send/recv as wrapper to
the sync smbd_smb2_session_setup function.

This will allow us to change to top level code to work async,
then we can have a 2nd step where we remove the sync
smbd_smb2_session_setup function.

metze
 2012-05-13 14:11:02 +02:00
Stefan Metzmacher
70ac2cc831 s3:smb2_sesssetup: pass down in_flags to smbd_smb2_session_setup() 
metze
 2012-05-13 14:11:01 +02:00
Stefan Metzmacher
7b359bc615 s3:smb2_sesssetup: pass down in_previous_session_id to all layers 
metze
 2012-05-13 14:11:00 +02:00
Stefan Metzmacher
148ca9e05f s3:smbd: call file_close_user() before removing tree connects in conn_close_all() 
This will help later if we have to handle a SMB2TreeDisconnect different
compared to a SMB2SessionLogoff and a TCPDisconnect.

metze

Autobuild-User: Stefan Metzmacher <metze@samba.org>
Autobuild-Date: Thu Mar 15 21:56:09 CET 2012 on sn-devel-104
 2012-03-15 21:56:09 +01:00
Stefan Metzmacher
6ce72a01ab s3:smbd: keep 'num_users' and 'users' directly under smbd_server_connection 
The plan is to have users_struct as some kind of low level
abstraction for a smb1/smb2 session, that can be used by SMB_VFS modules.

metze
 2012-03-06 21:26:05 +01:00
Andrew Bartlett
eb3e34e965 s3-smbd Remove unused code now we always have SPNEGO via gensec 
This was previously needed because SPNEGO was only available in the AD DC.

Andrew Bartlett

Signed-off-by: Stefan Metzmacher <metze@samba.org>
 2012-02-16 15:18:43 +01:00
Stefan Metzmacher
3383ebbe7e s3:smbd: rework smbd_smb2_*_ntlmssp_auth* to smbd_smb2_auth_generic* 
metze
 2012-01-31 20:17:10 +01:00
Stefan Metzmacher
58e401fae2 s3:smbd: always use the gensec code path in smb2_sesssetup.c 
The other code pathes are unused, because we always have
the spnego gensec module.

metze
 2012-01-31 20:17:10 +01:00
Stefan Metzmacher
da8e8e5fa5 s3:smb2_sessetup: call set_current_user_info() and reload_services() on success 
This matches the smb1 code.

metze

Autobuild-User: Stefan Metzmacher <metze@samba.org>
Autobuild-Date: Wed Jan 25 08:39:35 CET 2012 on sn-devel-104
 2012-01-25 08:39:35 +01:00
Stefan Metzmacher
d3e5a0bea4 s3:smbd: explicitly ask for GENSEC_FEATURE_UNIX_TOKEN 
metze

Autobuild-User: Stefan Metzmacher <metze@samba.org>
Autobuild-Date: Thu Jan 12 11:22:53 CET 2012 on sn-devel-104
 2012-01-12 11:22:53 +01:00
Andrew Bartlett
16e463e169 s3-auth Remove ntlmssp_wrap.h which is no longer required 
Signed-off-by: Stefan Metzmacher <metze@samba.org>
 2012-01-05 17:17:28 +01:00
Andrew Bartlett
3042e38d51 s3-auth use gensec directly rather than via auth_generic_state 
This is possible because the s3 gensec modules are started as
normal gensec modules, so we do not need a wrapper any more.

Andrew Bartlett

Signed-off-by: Stefan Metzmacher <metze@samba.org>
 2012-01-05 17:17:28 +01:00
Andrew Bartlett
1075efabc7 s3-auth Add TALLOC_CTX * to auth_generic_prepare() 
This makes the long term owner of this memory more clear.  So far only the
clear cases have been moved from NULL however.

Andrew Bartlett

Signed-off-by: Stefan Metzmacher <metze@samba.org>
 2012-01-05 17:17:28 +01:00
Andrew Bartlett
c17131685c s3-auth remove auth_ntlmssp_start(), call auth_generic_start() directly 
This makes it clear that this can support more than just NTLMSSP.

Andrew Bartlett

Signed-off-by: Stefan Metzmacher <metze@samba.org>
 2011-12-22 19:25:10 +01:00
Andrew Bartlett
1100f6eca5 s3-auth rename auth_ntlmssp_prepare() -> auth_generic_prepare() 
This function handles more than NTLMSSP now, at least when we are an AD DC
and so changing the name may avoid some confusion in the future.

Andrew Bartlett

Signed-off-by: Stefan Metzmacher <metze@samba.org>
 2011-12-22 19:25:10 +01:00
Stefan Metzmacher
03455519e7 s3:smbd: pass smbd_server_connection and a snumused function pointer to reload_services() 
metze
 2011-12-15 11:11:24 +01:00
Stefan Metzmacher
caa134672c s3:smbd: make use of SMB_SIGNING_* constants 
metze
 2011-11-03 16:55:13 +01:00
Andrew Bartlett
3f079885b2 s3-ntlmssp Remove auth_ntlmssp_want_feature() 
We now just call the gensec_want_feature() directly.

Andrew Bartlett

Signed-off-by: Stefan Metzmacher <metze@samba.org>
 2011-10-21 08:43:33 +02:00
Andrew Bartlett
083025ccd5 s3-ntlmssp Remove auth_ntlmssp_update wrapper 
We now just call gensec_update directly.

Andrew Bartlett

Signed-off-by: Stefan Metzmacher <metze@samba.org>
 2011-10-21 08:43:10 +02:00
Andrew Bartlett
915fe7981b s3-auth remove auth_ntlmssp_session_info() 
Instead, call gensec_session_info() directly.

Andrew Bartlett

Signed-off-by: Stefan Metzmacher <metze@samba.org>
 2011-10-21 08:43:02 +02:00
Andrew Bartlett
0c6e4adcb2 ntlmssp: Move ntlmssp code to auth/ntlmssp 
This brings in the code from both libcli/auth and
source4/auth/ntlmssp.

Andrew Bartlett

Signed-off-by: Stefan Metzmacher <metze@samba.org>
 2011-10-18 13:13:31 +11:00
Jeremy Allison
f0f91d0117 Fix bug #8477 - Map to guest can return uninitialized blob of data. 
Found by Codenomicon at SNIA SDC.

Autobuild-User: Jeremy Allison <jra@samba.org>
Autobuild-Date: Fri Sep 23 03:19:46 CEST 2011 on sn-devel-104
 2011-09-23 03:19:46 +02:00
Stefan Metzmacher
1bb6e6758c s3:smb2_server: fix a logic error, we should sign non guest sessions 
metze
 2011-09-22 22:30:22 +02:00
Michael Adam
39dcf4bf02 s3:smb2-server: session setup replies should always be signed (except for guest sessions) 
not only if the session should be signed

Signed-off-by: Stefan Metzmacher <metze@samba.org>

Autobuild-User: Stefan Metzmacher <metze@samba.org>
Autobuild-Date: Wed Sep 21 11:00:09 CEST 2011 on sn-devel-104
 2011-09-21 11:00:09 +02:00