summaryrefslogtreecommitdiff
path: root/source3/smbd/globals.h
AgeCommit message (Collapse)AuthorFilesLines
2012-03-09s3:smb2_server add function to verify creditchargeChristian Ambach1-0/+3
Signed-off-by: Jeremy Allison <jra@samba.org>
2012-03-09s3:smb2_server: add supports_multicredit to sconnChristian Ambach1-0/+1
Signed-off-by: Jeremy Allison <jra@samba.org>
2012-03-08s3-auth: Follow auth_ntlmssp and use auth4_context for Session SetupAndrew Bartlett1-1/+1
This patch ensures consistency in behaviour between NTLMSSP and NTLM session setup handlers. By calling the same layer that auth_ntlmssp calls, we can not only allow redirection of all authentication to the AD DC, we ensure that map to guest and username map handling is consistent, even in the file server alone. Andrew Bartlett
2012-03-06s3:smbd: keep 'num_files' and 'files' directly under smbd_server_connectionStefan Metzmacher1-1/+2
The plan is to have files_struct as some kind of low level abstraction for a smb1/smb2 opens, that can be used by SMB_VFS modules. metze Autobuild-User: Stefan Metzmacher <metze@samba.org> Autobuild-Date: Tue Mar 6 23:04:01 CET 2012 on sn-devel-104
2012-03-06s3:smbd: keep 'num_connections' and 'connections' directly under ↵Stefan Metzmacher1-4/+3
smbd_server_connection The plan is to have connection_struct as some kind of low level abstraction for a smb1/smb2 tree connects, that can be used by SMB_VFS modules. metze
2012-03-06s3:smbd: keep 'num_users' and 'users' directly under smbd_server_connectionStefan Metzmacher1-2/+3
The plan is to have users_struct as some kind of low level abstraction for a smb1/smb2 session, that can be used by SMB_VFS modules. metze
2012-03-04s3-auth: Remove security=share (depricated since 3.6).Andrew Bartlett1-4/+0
This patch removes security=share, which Samba implemented by matching the per-share password provided by the client in the Tree Connect with a selection of usernames supplied by the client, the smb.conf or guessed from the environment. The rationale for the removal is that for the bulk of security=share users, we just we need a very simple way to run a 'trust the network' Samba server, where users mark shares as guest ok. This is still supported, and the smb.conf options are documented at https://wiki.samba.org/index.php/Public_Samba_Server At the same time, this closes the door on one of the most arcane areas of Samba authentication. Naturally, full user-name/password authentication remain available in security=user and above. This includes documentation updates for username and only user, which now only do a small amount of what they used to do. Andrew Bartlett -------------- / \ / REST \ / IN \ / PEACE \ / \ | SEC_SHARE | | security=share | | | | | | 5 March | | | | 2012 | *| * * * | * _________)/\\_//(\/(/\)/\//\/\///|_)_______
2012-03-04s3:smbd/globals.h: remove unused pollfd pointerStefan Metzmacher1-6/+0
metze Autobuild-User: Stefan Metzmacher <metze@samba.org> Autobuild-Date: Sun Mar 4 23:18:10 CET 2012 on sn-devel-104
2012-02-16s3-smbd Remove unused code now we always have SPNEGO via gensecAndrew Bartlett1-3/+0
This was previously needed because SPNEGO was only available in the AD DC. Andrew Bartlett Signed-off-by: Stefan Metzmacher <metze@samba.org>
2012-01-31s3:smbd: remove pending_auth_data logicStefan Metzmacher1-2/+0
This is handled by the gensec_spnego module. metze
2012-01-05s3-auth use gensec directly rather than via auth_generic_stateAndrew Bartlett1-1/+1
This is possible because the s3 gensec modules are started as normal gensec modules, so we do not need a wrapper any more. Andrew Bartlett Signed-off-by: Stefan Metzmacher <metze@samba.org>
2012-01-03s3: Remove the unused "file_existed" parameter from smbd_calculate_access_maskVolker Lendecke1-1/+0
Autobuild-User: Volker Lendecke <vlendec@samba.org> Autobuild-Date: Tue Jan 3 15:16:50 CET 2012 on sn-devel-104
2011-12-22s3-auth rename auth_ntlmssp_state -> auth_generic_stateAndrew Bartlett1-1/+1
This structure handles more than NTLMSSP now, at least when we are an AD DC and so changing the name may avoid some confusion in the future. Andrew Bartlett Signed-off-by: Stefan Metzmacher <metze@samba.org>
2011-12-16s3:smbd: remove unused sconn_server_id()Stefan Metzmacher1-2/+0
metze
2011-12-15s3:smbd/globals: remove unused msg_ctx_to_sconn()Stefan Metzmacher1-2/+0
metze Autobuild-User: Stefan Metzmacher <metze@samba.org> Autobuild-Date: Thu Dec 15 14:24:59 CET 2011 on sn-devel-104
2011-12-14s3:smbd/server: maintain the list of child processes under smbd_parent_contextStefan Metzmacher1-3/+0
metze
2011-12-14s3:smbd/globals: change 'int am_parent' into 'struct smbd_parent_context ↵Stefan Metzmacher1-1/+2
*am_parent' This is a short term solution on the way to get rid of 'am_parent' completely. metze
2011-12-13s3:smbd/globals: remove unused extern declarationsStefan Metzmacher1-2/+0
metze Autobuild-User: Stefan Metzmacher <metze@samba.org> Autobuild-Date: Tue Dec 13 22:06:02 CET 2011 on sn-devel-104
2011-12-12s3:smb2_server: use sconn->ev_ctx instead of sconn->smb2.event_ctxStefan Metzmacher1-1/+0
metze Autobuild-User: Stefan Metzmacher <metze@samba.org> Autobuild-Date: Mon Dec 12 16:08:59 CET 2011 on sn-devel-104
2011-12-12s3:smbd: remember the event context on smbd_server_connectionStefan Metzmacher1-0/+1
metze
2011-11-15s3:smb2_server: pass explicit defer_times to smbd_smb2_request_pending_queue()Stefan Metzmacher1-1/+2
metze
2011-11-15s3:smb2_server: always send STATUS_PENDING responses, but delayed by 0.5 ↵Stefan Metzmacher1-1/+1
milliseconds In future we'll pass the delay from the caller. metze
2011-10-31s3:smb2_server: FLAG_CHAINED means we always use the last session_id and tidStefan Metzmacher1-0/+2
metze
2011-10-28Make smbd_check_open_rights() static.Jeremy Allison1-4/+0
2011-10-21s3-seal Remove struct smb_srv_trans_enc_ctxAndrew Bartlett1-3/+2
This structure added no value, particularly after the move to gensec. It was added at a time when auth_ntlmssp_state was not available in the client. This changed a while back (the wrapper was extended with client calls), and the move to gensec again reinforced that we do not need the extra complexity. Andrew Bartlett Signed-off-by: Stefan Metzmacher <metze@samba.org>
2011-10-13s3:smb2_server: remember the max_{trans,read,write} sizes we negotiated (bug ↵Stefan Metzmacher1-0/+3
#8473) We should enforce the negotiated max sizes instead of the lp_smb2_max_*() sizes. metze
2011-09-14s3:smbd: remember the client unix capabilities on the connectionStefan Metzmacher1-0/+7
metze Signed-off-by: Jeremy Allison <jra@samba.org>
2011-09-07s3:smb2_server: add smbd_smb2_request_verify_sizes()Stefan Metzmacher1-0/+3
metze
2011-09-05s3:smb2_server: add basic support for SMB 2.1Stefan Metzmacher1-0/+2
This adds support for the 2 stage negprot, from SMB 1 to SMB 2.1. Support for this of for now and "max protocol = SMB2" still maps to "max protocol = SMB2_02" PROTOCOL_SMB2_02. In order to activate smb2.1, you need to use "max protocol = SMB2_10". metze Autobuild-User: Stefan Metzmacher <metze@samba.org> Autobuild-Date: Mon Sep 5 19:30:58 CEST 2011 on sn-devel-104
2011-09-05libcli/smb: move smb2_signing.c to the toplevelStefan Metzmacher1-7/+0
metze
2011-08-31Based on metze's fix for Bug 8407 - SMB2 server can return requests ↵Jeremy Allison1-0/+1
out-of-order when processing a compound request. (cherry picked from commit 19db1c98c6ba3cb5e883e16e865c44900ce17444)
2011-08-31s3:smb2_server: keep compound_related on struct smbd_smb2_requestStefan Metzmacher1-0/+1
metze (cherry picked from commit cda93f04eb4e7e975b192a5fd33275ec638140ac)
2011-08-10s3-printing: Rework how the background process is startedSimo Sorce1-0/+2
Signed-off-by: Andreas Schneider <asn@samba.org>
2011-08-03s3-auth use auth_generic_start to get full GENSEC in Samba3 session setupAndrew Bartlett1-0/+3
This tests if the auth_generic_start() hook is available on the auth context during the negprot, and if so it uses auth_generic_start() to hook to GENSEC to handle the full SPNEGO blob. Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org>
2011-08-02s3: Move deferred_open_queue to smbd_server_connectionVolker Lendecke1-2/+4
2011-07-20s3-auth Use the common auth_session_infoAndrew Bartlett1-1/+1
This patch finally has the same structure being used to describe the authorization data of a user across the whole codebase. This will allow of our session handling to be accomplished with common code. Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org>
2011-07-20s3-auth Use struct auth3_session_info outside the auth subsystemAndrew Bartlett1-1/+1
This seperation between the structure used inside the auth modules and in the wider codebase allows for a gradual migration from struct auth_serversupplied_info -> struct auth_session_info (from auth.idl) The idea here is that we keep a clear seperation between the structure before and after the local groups, local user lookup and the session key modifications have been processed, as the lack of this seperation has caused issues in the past. Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org>
2011-07-11s3:smbd: make smbd_calculate_access_mask() non-staticStefan Metzmacher1-0/+5
metze
2011-07-08Move smbd_smb2_request_check_tcon() smbd_smb2_request_check_session() next ↵Jeremy Allison1-3/+0
to their only user and make them static. Add comments. Autobuild-User: Jeremy Allison <jra@samba.org> Autobuild-Date: Fri Jul 8 21:01:40 CEST 2011 on sn-devel-104
2011-07-08Fix bug #8293 - SMB2 doesn't rotate the log files often enough.Jeremy Allison1-1/+2
Move the num_requests field out of the smb1 struct into the generic struct smbd_server_connection struct. Use it to count SMB2 requests as well as SMB1 and ensure that check_log_size() is called every 50 SMB2 requests. Autobuild-User: Jeremy Allison <jra@samba.org> Autobuild-Date: Fri Jul 8 01:14:53 CEST 2011 on sn-devel-104
2011-07-04s3-smbd: Remove client_address from smbd_server_connection struct.Andreas Schneider1-1/+0
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
2011-07-04s3-smbd: Replace client_id in smbd process.Andreas Schneider1-0/+1
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
2011-05-06s3: only include tdb headers where needed.Günther Deschner1-1/+2
Guenther
2011-03-18The searches struct is still being used and idled in SMB2 - move it to the ↵Jeremy Allison1-5/+7
global section until we decide if we want to idle SMB2 directory handles. Jeremy. Autobuild-User: Jeremy Allison <jra@samba.org> Autobuild-Date: Fri Mar 18 01:13:53 CET 2011 on sn-devel-104
2011-03-01s3-auth struct security_unix_token replaces UNIX_USER_TOKENAndrew Bartlett1-1/+1
2011-02-28s3: Use poll in smbdVolker Lendecke1-0/+8
2011-02-22s3-auth Rename auth_serversupplied_info varaiables: server_info -> session_infoAndrew Bartlett1-1/+1
These variables, of type struct auth_serversupplied_info were poorly named when added into 2001, and in good consistant practice, this has extended all over the codebase in the years since. The structure is also not ideal for it's current purpose. Originally intended to convey the results of the authentication modules, it really describes all the essential attributes of a session. This rename will reduce the volume of a future patch to replaced these with a struct auth_session_info, with auth_serversupplied_info confined to the lower levels of the auth subsystem, and then eliminated. (The new structure will be the output of create_local_token(), and the change in struct definition will ensure that this is always run, populating local groups and privileges). Andrew Bartlett Signed-off-by: Stefan Metzmacher <metze@samba.org>
2011-01-07s3-printing: Initiate pcap reload from parent smbdDavid Disseldorp1-1/+0
Since commit 7022554, smbds share a printcap cache (printer_list.tdb), therefore ordering of events between smbd processes is important when updating printcap cache information. Consider the following two process example: 1) smbd1 receives HUP or printcap cache time expiry 2) smbd1 checks whether pcap needs refresh, it does 3) smbd1 marks pcap as refreshed 4) smbd1 forks child1 to obtain cups printer info 5) smbd2 receives HUP or printcap cache time expiry 6) smbd2 checks whether pcap needs refresh, it does not (due to step 3) 7) smbd2 reloads printer shares prior to child1 completion (stale pcap) 8) child1 completion, pcap cache (printer_list.tdb) is updated by smbd1 9) smbd1 reloads printer shares based on new pcap information In this case both smbd1 and smbd2 are reliant on the pcap update performed on child1 completion. The prior commit "reload shares after pcap cache fill" ensures that smbd1 only reloads printer shares following pcap update, however smbd2 continues to present shares based on stale pcap data. This commit addresses the above problem by driving pcap cache and printer share updates from the parent smbd process. 1) smbd0 (parent) receives a HUP or printcap cache time expiry 2) smbd0 forks child0 to obtain cups printer info 3) child0 completion, pcap cache (printer_list.tdb) is updated by smbd0 4) smbd0 reloads printer shares 5) smbd0 notifies child smbds of pcap update via message_send_all() 6) child smbds read fresh pcap data and reload printer shares This architecture has the additional advantage that only a single process (the parent smbd) requests printer information from the printcap backend. Use time_mono in housekeeping functions As suggested by Björn Jacke.
2010-12-10Add a SMB2 crediting algorithm, by default the same as Windows. Defaults to ↵Jeremy Allison1-1/+4
128 credits. Jeremy.
2010-10-19Move tcons.num_open from smb1 to sconn->num_tcons_open as this is needed for ↵Jeremy Allison1-1/+3
SMB2 also.