summaryrefslogtreecommitdiff
path: root/source3/include
diff options
context:
space:
mode:
Diffstat (limited to 'source3/include')
-rw-r--r--source3/include/ads_protos.h4
-rw-r--r--source3/include/client.h26
-rw-r--r--source3/include/debug.h27
-rw-r--r--source3/include/doserr.h2
-rw-r--r--source3/include/libsmb_internal.h7
-rw-r--r--source3/include/memcache.h57
-rw-r--r--source3/include/passdb.h9
-rw-r--r--source3/include/popt_common.h1
-rw-r--r--source3/include/smb.h10
-rw-r--r--source3/include/smb_macros.h11
-rw-r--r--source3/include/trans2.h27
11 files changed, 157 insertions, 24 deletions
diff --git a/source3/include/ads_protos.h b/source3/include/ads_protos.h
index 0292d91f4f..738df3ed40 100644
--- a/source3/include/ads_protos.h
+++ b/source3/include/ads_protos.h
@@ -114,3 +114,7 @@ ADS_STATUS ads_get_tokensids(ADS_STRUCT *ads,
DOM_SID *primary_group_sid,
DOM_SID **sids,
size_t *num_sids);
+ADS_STATUS ads_get_joinable_ous(ADS_STRUCT *ads,
+ TALLOC_CTX *mem_ctx,
+ char ***ous,
+ size_t *num_ous);
diff --git a/source3/include/client.h b/source3/include/client.h
index 0047b2bf23..f8adf567de 100644
--- a/source3/include/client.h
+++ b/source3/include/client.h
@@ -27,7 +27,9 @@
will be a multiple of the page size on almost any system */
#define CLI_BUFFER_SIZE (0xFFFF)
#define CLI_SAMBA_MAX_LARGE_READX_SIZE (127*1024) /* Works for Samba servers */
+#define CLI_SAMBA_MAX_LARGE_WRITEX_SIZE (127*1024) /* Works for Samba servers */
#define CLI_WINDOWS_MAX_LARGE_READX_SIZE ((64*1024)-2) /* Windows servers are broken.... */
+#define CLI_WINDOWS_MAX_LARGE_WRITEX_SIZE ((64*1024)-2) /* Windows servers are broken.... */
#define CLI_SAMBA_MAX_POSIX_LARGE_READX_SIZE (0xFFFF00) /* 24-bit len. */
#define CLI_SAMBA_MAX_POSIX_LARGE_WRITEX_SIZE (0xFFFF00) /* 24-bit len. */
@@ -79,6 +81,28 @@ struct rpc_pipe_client {
struct dcinfo *dc;
};
+/* Transport encryption state. */
+enum smb_trans_enc_type { SMB_TRANS_ENC_NTLM, SMB_TRANS_ENC_GSS };
+
+#if defined(HAVE_GSSAPI) && defined(HAVE_KRB5)
+struct smb_tran_enc_state_gss {
+ gss_ctx_id_t gss_ctx;
+ gss_cred_id_t creds;
+};
+#endif
+
+struct smb_trans_enc_state {
+ enum smb_trans_enc_type smb_enc_type;
+ uint16 enc_ctx_num;
+ bool enc_on;
+ union {
+ NTLMSSP_STATE *ntlmssp_state;
+#if defined(HAVE_GSSAPI) && defined(HAVE_KRB5)
+ struct smb_tran_enc_state_gss *gss_state;
+#endif
+ } s;
+};
+
struct cli_state {
int port;
int fd;
@@ -142,6 +166,8 @@ struct cli_state {
smb_sign_info sign_info;
+ struct smb_trans_enc_state *trans_enc_state; /* Setup if we're encrypting SMB's. */
+
/* the session key for this CLI, outside
any per-pipe authenticaion */
DATA_BLOB user_session_key;
diff --git a/source3/include/debug.h b/source3/include/debug.h
index 46e5620cc7..284671c730 100644
--- a/source3/include/debug.h
+++ b/source3/include/debug.h
@@ -161,9 +161,24 @@ extern bool *DEBUGLEVEL_CLASS_ISSET;
* will remove the extra conditional test.
*/
+/*
+ * From talloc.c:
+ */
+
+/* these macros gain us a few percent of speed on gcc */
+#if (__GNUC__ >= 3)
+/* the strange !! is to ensure that __builtin_expect() takes either 0 or 1
+ as its first argument */
+#define likely(x) __builtin_expect(!!(x), 1)
+#define unlikely(x) __builtin_expect(!!(x), 0)
+#else
+#define likely(x) (x)
+#define unlikely(x) (x)
+#endif
+
#define DEBUGLVL( level ) \
( ((level) <= MAX_DEBUG_LEVEL) && \
- ((DEBUGLEVEL_CLASS[ DBGC_CLASS ] >= (level))|| \
+ unlikely((DEBUGLEVEL_CLASS[ DBGC_CLASS ] >= (level))|| \
(!DEBUGLEVEL_CLASS_ISSET[ DBGC_CLASS ] && \
DEBUGLEVEL_CLASS[ DBGC_ALL ] >= (level)) ) \
&& dbghdr( level, DBGC_CLASS, __FILE__, FUNCTION_MACRO, (__LINE__) ) )
@@ -171,7 +186,7 @@ extern bool *DEBUGLEVEL_CLASS_ISSET;
#define DEBUGLVLC( dbgc_class, level ) \
( ((level) <= MAX_DEBUG_LEVEL) && \
- ((DEBUGLEVEL_CLASS[ dbgc_class ] >= (level))|| \
+ unlikely((DEBUGLEVEL_CLASS[ dbgc_class ] >= (level))|| \
(!DEBUGLEVEL_CLASS_ISSET[ dbgc_class ] && \
DEBUGLEVEL_CLASS[ DBGC_ALL ] >= (level)) ) \
&& dbghdr( level, DBGC_CLASS, __FILE__, FUNCTION_MACRO, (__LINE__) ) )
@@ -179,7 +194,7 @@ extern bool *DEBUGLEVEL_CLASS_ISSET;
#define DEBUG( level, body ) \
(void)( ((level) <= MAX_DEBUG_LEVEL) && \
- ((DEBUGLEVEL_CLASS[ DBGC_CLASS ] >= (level))|| \
+ unlikely((DEBUGLEVEL_CLASS[ DBGC_CLASS ] >= (level))|| \
(!DEBUGLEVEL_CLASS_ISSET[ DBGC_CLASS ] && \
DEBUGLEVEL_CLASS[ DBGC_ALL ] >= (level)) ) \
&& (dbghdr( level, DBGC_CLASS, __FILE__, FUNCTION_MACRO, (__LINE__) )) \
@@ -187,7 +202,7 @@ extern bool *DEBUGLEVEL_CLASS_ISSET;
#define DEBUGC( dbgc_class, level, body ) \
(void)( ((level) <= MAX_DEBUG_LEVEL) && \
- ((DEBUGLEVEL_CLASS[ dbgc_class ] >= (level))|| \
+ unlikely((DEBUGLEVEL_CLASS[ dbgc_class ] >= (level))|| \
(!DEBUGLEVEL_CLASS_ISSET[ dbgc_class ] && \
DEBUGLEVEL_CLASS[ DBGC_ALL ] >= (level)) ) \
&& (dbghdr( level, DBGC_CLASS, __FILE__, FUNCTION_MACRO, (__LINE__) )) \
@@ -195,14 +210,14 @@ extern bool *DEBUGLEVEL_CLASS_ISSET;
#define DEBUGADD( level, body ) \
(void)( ((level) <= MAX_DEBUG_LEVEL) && \
- ((DEBUGLEVEL_CLASS[ DBGC_CLASS ] >= (level))|| \
+ unlikely((DEBUGLEVEL_CLASS[ DBGC_CLASS ] >= (level))|| \
(!DEBUGLEVEL_CLASS_ISSET[ DBGC_CLASS ] && \
DEBUGLEVEL_CLASS[ DBGC_ALL ] >= (level)) ) \
&& (dbgtext body) )
#define DEBUGADDC( dbgc_class, level, body ) \
(void)( ((level) <= MAX_DEBUG_LEVEL) && \
- ((DEBUGLEVEL_CLASS[ dbgc_class ] >= (level))|| \
+ unlikely((DEBUGLEVEL_CLASS[ dbgc_class ] >= (level))|| \
(!DEBUGLEVEL_CLASS_ISSET[ dbgc_class ] && \
DEBUGLEVEL_CLASS[ DBGC_ALL ] >= (level)) ) \
&& (dbgtext body) )
diff --git a/source3/include/doserr.h b/source3/include/doserr.h
index 079a5664dd..08f5b3e39d 100644
--- a/source3/include/doserr.h
+++ b/source3/include/doserr.h
@@ -216,12 +216,14 @@
#define WERR_BUF_TOO_SMALL W_ERROR(2123)
#define WERR_JOB_NOT_FOUND W_ERROR(2151)
#define WERR_DEST_NOT_FOUND W_ERROR(2152)
+#define WERR_USER_EXISTS W_ERROR(2224)
#define WERR_NOT_LOCAL_DOMAIN W_ERROR(2320)
#define WERR_DOMAIN_CONTROLLER_NOT_FOUND W_ERROR(2453)
#define WERR_SETUP_ALREADY_JOINED W_ERROR(2691)
#define WERR_SETUP_NOT_JOINED W_ERROR(2692)
#define WERR_SETUP_DOMAIN_CONTROLLER W_ERROR(2693)
+#define WERR_DEFAULT_JOIN_REQUIRED W_ERROR(2694)
#define WERR_DEVICE_NOT_AVAILABLE W_ERROR(4319)
#define WERR_STATUS_MORE_ENTRIES W_ERROR(0x0105)
diff --git a/source3/include/libsmb_internal.h b/source3/include/libsmb_internal.h
index 19a3edc9bf..dbc115429b 100644
--- a/source3/include/libsmb_internal.h
+++ b/source3/include/libsmb_internal.h
@@ -106,6 +106,13 @@ struct smbc_internal_data {
* and retrieved with smbc_option_set() and smbc_option_get().
*/
void * _user_data;
+
+ /*
+ * Should we attempt UNIX smb encryption ?
+ * Set to 0 if we should never attempt, set to 1 if
+ * encryption requested, set to 2 if encryption required.
+ */
+ int _smb_encryption_level;
};
diff --git a/source3/include/memcache.h b/source3/include/memcache.h
index c4a2974b62..0a596b91a5 100644
--- a/source3/include/memcache.h
+++ b/source3/include/memcache.h
@@ -1,7 +1,7 @@
/*
Unix SMB/CIFS implementation.
In-memory cache
- Copyright (C) Volker Lendecke 2005-2007
+ Copyright (C) Volker Lendecke 2007-2008
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
@@ -24,6 +24,15 @@
struct memcache;
+/*
+ * A memcache can store different subkeys with overlapping keys, the
+ * memcache_number becomes part of the key. Feel free to add caches of your
+ * own here.
+ *
+ * If you add talloc type caches, also note this in the switch statement in
+ * memcache_is_talloc().
+ */
+
enum memcache_number {
STAT_CACHE,
UID_SID_CACHE,
@@ -33,28 +42,74 @@ enum memcache_number {
GETWD_CACHE,
GETPWNAM_CACHE, /* talloc */
MANGLE_HASH2_CACHE,
+ PDB_GETPWSID_CACHE, /* talloc */
+ SINGLETON_CACHE_TALLOC, /* talloc */
SINGLETON_CACHE
};
+/*
+ * Create a memcache structure. max_size is in bytes, if you set it 0 it will
+ * not forget anything.
+ */
+
struct memcache *memcache_init(TALLOC_CTX *mem_ctx, size_t max_size);
+/*
+ * If you set this global memcache, use it as the default cache when NULL is
+ * passed to the memcache functions below. This is a workaround for many
+ * situations where passing the cache everywhere would be a big hassle.
+ */
+
void memcache_set_global(struct memcache *cache);
+/*
+ * Add a data blob to the cache
+ */
+
void memcache_add(struct memcache *cache, enum memcache_number n,
DATA_BLOB key, DATA_BLOB value);
+/*
+ * Add a talloc object to the cache. The difference to memcache_add() is that
+ * when the objects is to be discared, talloc_free is called for it. Also
+ * talloc_move() ownership of the object to the cache.
+ *
+ * Please note that the current implementation has a fixed relationship
+ * between what cache subtypes store talloc objects and which ones store plain
+ * blobs. We can fix this, but for now we don't have a mixed use of blobs vs
+ * talloc objects in the cache types.
+ */
+
void memcache_add_talloc(struct memcache *cache, enum memcache_number n,
DATA_BLOB key, void *ptr);
+/*
+ * Delete an object from the cache
+ */
+
void memcache_delete(struct memcache *cache, enum memcache_number n,
DATA_BLOB key);
+/*
+ * Look up an object from the cache. Memory still belongs to the cache, so
+ * make a copy of it if needed.
+ */
+
bool memcache_lookup(struct memcache *cache, enum memcache_number n,
DATA_BLOB key, DATA_BLOB *value);
+/*
+ * Look up an object from the cache. Memory still belongs to the cache, so
+ * make a copy of it if needed.
+ */
+
void *memcache_lookup_talloc(struct memcache *cache, enum memcache_number n,
DATA_BLOB key);
+/*
+ * Flush a complete cache subset.
+ */
+
void memcache_flush(struct memcache *cache, enum memcache_number n);
#endif
diff --git a/source3/include/passdb.h b/source3/include/passdb.h
index bb8a336b8c..b72ec6b0ba 100644
--- a/source3/include/passdb.h
+++ b/source3/include/passdb.h
@@ -242,20 +242,15 @@ struct pdb_search {
* changed to version 14 to move lookup_rids and lookup_names to return
* enum lsa_SidType rather than uint32.
* Changed to 16 for access to the trusted domain passwords (obnox).
+ * Changed to 17, the sampwent interface is gone.
*/
-#define PASSDB_INTERFACE_VERSION 16
+#define PASSDB_INTERFACE_VERSION 17
struct pdb_methods
{
const char *name; /* What name got this module */
- NTSTATUS (*setsampwent)(struct pdb_methods *, bool update, uint32 acb_mask);
-
- void (*endsampwent)(struct pdb_methods *);
-
- NTSTATUS (*getsampwent)(struct pdb_methods *, struct samu *user);
-
NTSTATUS (*getsampwnam)(struct pdb_methods *, struct samu *sam_acct, const char *username);
NTSTATUS (*getsampwsid)(struct pdb_methods *, struct samu *sam_acct, const DOM_SID *sid);
diff --git a/source3/include/popt_common.h b/source3/include/popt_common.h
index 1d3cc57acd..9e5503f270 100644
--- a/source3/include/popt_common.h
+++ b/source3/include/popt_common.h
@@ -49,6 +49,7 @@ struct user_auth_info {
bool got_pass;
bool use_kerberos;
int signing_state;
+ bool smb_encrypt;
};
#endif /* _POPT_COMMON_H */
diff --git a/source3/include/smb.h b/source3/include/smb.h
index 63ae51ecd4..49245eaa83 100644
--- a/source3/include/smb.h
+++ b/source3/include/smb.h
@@ -27,7 +27,7 @@
#define _SMB_H
/* logged when starting the various Samba daemons */
-#define COPYRIGHT_STARTUP_MESSAGE "Copyright Andrew Tridgell and the Samba Team 1992-2007"
+#define COPYRIGHT_STARTUP_MESSAGE "Copyright Andrew Tridgell and the Samba Team 1992-2008"
#if defined(LARGE_SMB_OFF_T)
@@ -80,7 +80,8 @@ enum smb_read_errors {
SMB_WRITE_ERROR, /* This error code can go into the client smb_rw_error. */
SMB_READ_BAD_SIG,
SMB_NO_MEMORY,
- SMB_DO_NOT_DO_TDIS /* cli_close_connection() check for this when smbfs wants to keep tree connected */
+ SMB_DO_NOT_DO_TDIS, /* cli_close_connection() check for this when smbfs wants to keep tree connected */
+ SMB_READ_BAD_DECRYPT
};
#define DIR_STRUCT_SIZE 43
@@ -657,6 +658,8 @@ typedef struct connection_struct {
bool used;
int num_files_open;
unsigned int num_smb_operations; /* Count of smb operations on this tree. */
+ int encrypt_level;
+ bool encrypted_tid;
/* Semantics requested by the client or forced by the server config. */
bool case_sensitive;
@@ -692,6 +695,8 @@ struct smb_request {
const uint8 *inbuf;
uint8 *outbuf;
size_t unread_bytes;
+ bool encrypted;
+ connection_struct *conn;
};
/* Defines for the sent_oplock_break field above. */
@@ -755,6 +760,7 @@ struct pending_message_list {
struct pending_message_list *next, *prev;
struct timeval request_time; /* When was this first issued? */
struct timeval end_time; /* When does this time out? */
+ bool encrypted;
DATA_BLOB buf;
DATA_BLOB private_data;
};
diff --git a/source3/include/smb_macros.h b/source3/include/smb_macros.h
index 0dfb596994..3324f3fc02 100644
--- a/source3/include/smb_macros.h
+++ b/source3/include/smb_macros.h
@@ -160,7 +160,6 @@
#define ERROR_DOS(class,code) error_packet(outbuf,class,code,NT_STATUS_OK,__LINE__,__FILE__)
#define ERROR_NT(status) error_packet(outbuf,0,0,status,__LINE__,__FILE__)
-#define ERROR_OPEN(status) error_open(outbuf,status,__LINE__,__FILE__)
#define ERROR_FORCE_NT(status) error_packet(outbuf,-1,-1,status,__LINE__,__FILE__)
#define ERROR_BOTH(status,class,code) error_packet(outbuf,class,code,status,__LINE__,__FILE__)
@@ -170,9 +169,6 @@
#define reply_botherror(req,status,eclass,ecode) reply_both_error(req,eclass,ecode,status,__LINE__,__FILE__)
#define reply_unixerror(req,defclass,deferror) reply_unix_error(req,defclass,deferror,NT_STATUS_OK,__LINE__,__FILE__)
-/* this is how errors are generated */
-#define UNIXERROR(defclass,deferror) unix_error_packet(outbuf,defclass,deferror,NT_STATUS_OK,__LINE__,__FILE__)
-
/* these are the datagram types */
#define DGRAM_DIRECT_UNIQUE 0x10
@@ -189,13 +185,16 @@
#define smb_offset(p,buf) (PTR_DIFF(p,buf+4) + chain_size)
#define smb_len(buf) (PVAL(buf,3)|(PVAL(buf,2)<<8)|((PVAL(buf,1)&1)<<16))
-#define _smb_setlen(buf,len) do { buf[0] = 0; buf[1] = (len&0x10000)>>16; \
- buf[2] = (len&0xFF00)>>8; buf[3] = len&0xFF; } while (0)
+#define _smb_setlen(buf,len) do { buf[0] = 0; buf[1] = ((len)&0x10000)>>16; \
+ buf[2] = ((len)&0xFF00)>>8; buf[3] = (len)&0xFF; } while (0)
#define smb_len_large(buf) (PVAL(buf,3)|(PVAL(buf,2)<<8)|(PVAL(buf,1)<<16))
#define _smb_setlen_large(buf,len) do { buf[0] = 0; buf[1] = ((len)&0xFF0000)>>16; \
buf[2] = ((len)&0xFF00)>>8; buf[3] = (len)&0xFF; } while (0)
+#define ENCRYPTION_REQUIRED(conn) ((conn) ? ((conn)->encrypt_level == Required) : false)
+#define IS_CONN_ENCRYPTED(conn) ((conn) ? (conn)->encrypted_tid : false)
+
/*******************************************************************
find the difference in milliseconds between two struct timeval
values
diff --git a/source3/include/trans2.h b/source3/include/trans2.h
index f7f3ef2149..3759d59681 100644
--- a/source3/include/trans2.h
+++ b/source3/include/trans2.h
@@ -530,7 +530,8 @@ findfirst/findnext is SMB_FIND_FILE_UNIX_INFO2.
#define CIFS_UNIX_POSIX_PATH_OPERATIONS_CAP 0x20 /* We can cope with POSIX open/mkdir/unlink etc. */
#define CIFS_UNIX_LARGE_READ_CAP 0x40 /* We can cope with 24 bit reads in readX. */
#define CIFS_UNIX_LARGE_WRITE_CAP 0x80 /* We can cope with 24 bit writes in writeX. */
-
+#define CIFS_UNIX_TRANSPORT_ENCRYPTION_CAP 0x100 /* We can do SPNEGO negotiations for encryption. */
+#define CIFS_UNIX_TRANSPORT_ENCRYPTION_MANDATORY_CAP 0x200 /* We *must* SPNEGO negotiations for encryption. */
#define SMB_QUERY_POSIX_FS_INFO 0x201
@@ -566,7 +567,6 @@ findfirst/findnext is SMB_FIND_FILE_UNIX_INFO2.
__u8 * psid_list may be empty
*/
-
/* ... more as we think of them :-). */
/* SMB POSIX ACL definitions. */
@@ -653,6 +653,29 @@ enum smb_whoami_flags {
DOM_SID[] - list of SIDs (may be empty)
*/
+/*
+ * The following trans2 is done between client and server
+ * as a FSINFO call to set up the encryption state for transport
+ * encryption.
+ * This is a subcommand of the TRANS2_QFSINFO.
+ *
+ * The request looks like :
+ *
+ * [data block] -> SPNEGO framed GSSAPI request.
+ *
+ * The reply looks like :
+ *
+ * [data block] -> SPNEGO framed GSSAPI reply - if error
+ * is NT_STATUS_OK then we're done, if it's
+ * NT_STATUS_MORE_PROCESSING_REQUIRED then the
+ * client needs to keep going. If it's an
+ * error it can be any NT_STATUS error.
+ *
+ */
+
+#define SMB_REQUEST_TRANSPORT_ENCRYPTION 0x203 /* QFSINFO */
+
+
/* The query/set info levels for POSIX ACLs. */
#define SMB_QUERY_POSIX_ACL 0x204
#define SMB_SET_POSIX_ACL 0x204
generated by cgit (git 2.34.1) at 2025-01-25 16:47:19 +0000