summaryrefslogtreecommitdiff
path: root/source3/smbd/sesssetup.c
AgeCommit message (Collapse)AuthorFilesLines
2002-09-25Metze claims that without this his win2k server gets horribly confused lookingAndrew Bartlett1-2/+2
for all sorts of AD things in lp_realm(). We need to get some non-Win2k NTLMSSP and chase this up a bit, but this will do for now. (Hmm, this might affect NTLMv2 as well) Andrew Bartlett (This used to be commit 0e6babc306f60e88fc28705a8d4ad112bafe92cb)
2002-09-25Kill of Get_Pwnam_Modify and smb_getpwnam(). The latter assumes some thingsAndrew Bartlett1-2/+2
that just don't apply any more - now that we always keep username and domain seperate. Also, the policy it was trying to permit is now implemented by the auth code. Andrew Bartlett (This used to be commit 760c0740cad948665db4a1d462fbbd99332713ef)
2002-09-20"@" is valid in NetBIOS domain names.Jeremy Allison1-1/+1
Jeremy. (This used to be commit 5c4857d8e00162fc43a0f2e3a335b441bad743bd)
2002-09-06This is the 'easy' parts of the trusted domains patch n+3 patch fromAndrew Bartlett1-13/+11
Rafal Szczesniak <mimir@diament.ists.pwr.wroc.pl> It includes a conversion of make_user_info*() to NTSTATUS and some minor changes to other files. It also picks up on a nasty segfault that can occour in some security=domain cases. Andrew Bartlett (This used to be commit d1e1fc3e4bf72717b3593685f0ea5750d676952a)
2002-09-06Revert accidental commit - I'll need to do a fair bit more testing before IAndrew Bartlett1-3/+0
commit changes to NTLMSSP flags. (This used to be commit d200770796d871b3994a06fab45624068fdc5682)
2002-09-06Patch from "Stefan (metze) Metzmacher" <metze@metzemix.de>Andrew Bartlett1-0/+3
to extend the ADS_STATUS system to include NTSTATUS, and to provide a better general infrustructure for his sam_ads work. I've also added some extra failure mode DEBUG()s to parts of the code. NOTE: The ADS_ERR_OK() macro is rather sensitive to braketing issues - without the final set of brakets, the test is essentially inverted - causing some intersting 'error = success' messages... Andrew Bartlett (This used to be commit 5b9a7ab901bc311f3ad08462a8a68d133c34a8b4)
2002-08-31Add a bit of 'const' and move a lot of our 'repeditive' DEBUG() statements toAndrew Bartlett1-2/+0
'DEBUGADD', so we don't repeat headers. (Makes them much easier to read). (Based on patch by kai) Andrew Bartlett (This used to be commit 9deada345c5f89f338530c4de62835cc1eeb3d0e)
2002-08-20Based orginally by work by Kai, this patch moves our NT_TOKEN generation intoAndrew Bartlett1-2/+2
our authenticaion code - removing some of the duplication from the current code. This also gets us *much* closer to supporting a real SAM backend, becouse the SAM can give us the right info then. This also changes our service.c code, so that we do a VUID (rather than uid) cache on the connection struct, and do full NT ACL/NT_TOKEN checks (or cached equivilant) on every packet, for the same r or rw mode the whole share was open for. Andrew Bartlett (This used to be commit d8122cee059fc7098bfa7e42e638a9958b3ac902)
2002-08-17Change which session key we negotiate. This uses the NT-based session key thatAndrew Bartlett1-1/+1
we previously expected, rather than the LM based key. A Win2k SPNEGO enabled join goes a *lot* further with this option on. Andrew Bartlett (This used to be commit b224938e4e843288630cdc7c3c3931b241bd0e1a)
2002-08-16Re-add the last empty item to the NTLMSSP info list, but this time do itJim McDonough1-3/+4
with an empty string, not a NULL pointer... Also, check for security=ads before giving a kerberos spnego response. (This used to be commit 6eca417d1c29c7c18455f8290cad86fb1444e615)
2002-08-16Fix segfault in the new NTLMSSP code. jmcd: can you look at this - whatAndrew Bartlett1-3/+2
exactly were you trying to do here? Andrew Bartlett (This used to be commit 81b675b54d86d196fb2035dc5d22781160518beb)
2002-08-15Fix NTLMSSP challenge command and auth response. We can now service joinsJim McDonough1-31/+37
from win2k AND still use SPNEGO (provided you don't build with kerberos...I still have to fix that, as we are not properly falling back). (This used to be commit 1f9b3d46c7c99e84b2983220f79613b7420c5ced)
2002-08-11Make 'remote_machine' private to lib/substitute.c, and fix all the user to useAndrew Bartlett1-2/+1
the new accessor functions. Andrew Bartlett (This used to be commit f393de2310e997d05674eb7f1268655373e03647)
2002-08-10Fix the %m security bug again - and try to make it harder to reintroduce inAndrew Bartlett1-2/+3
future. This moves us from fstrcpy() and global variables to 'get' and 'set' functions. In particular, the 'set' function sainity-checks the input, in the same way as we always have. Andrew Bartlett (This used to be commit e57a896f06b16fe7e336e1ae63a0c9e4cc75fd36)
2002-08-05This fixes a number of ADS problems, particularly with netbioslessAndrew Tridgell1-1/+13
setups. - split up the ads structure into logical pieces. This makes it much easier to keep things like the authentication realm and the server realm separate (they can be different). - allow ads callers to specify that no sasl bind should be performed (used by "net ads info" for example) - fix an error with handing ADS_ERROR_SYSTEM() when errno is 0 - completely rewrote the code for finding the LDAP server. Now try DNS methods first, and try all DNS servers returned from the SRV DNS query, sorted by closeness to our interfaces (using the same sort code as we use in replies from WINS servers). This allows us to cope with ADS DCs that are down, and ensures we don't pick one that is on the other side of the country unless absolutely necessary. - recognise dnsRecords as binary when displaying them - cope with the realm not being configured in smb.conf (work it out from the LDAP server) - look at the trustDirection when looking up trusted domains and don't include trusts that trust our domains but we don't trust theirs. - use LDAP to query the alternate (netbios) name for a realm, and make sure that both and long and short forms of the name are accepted by winbindd. Use the short form by default for listing users/groups. - rescan the list of trusted domains every 5 minutes in case new trust relationships are added while winbindd is running - include transient trust relationships (ie. C trusts B, B trusts A, so C trusts A) in winbindd. - don't do a gratuituous node status lookup when finding an ADS DC (we don't need it and it could fail) - remove unused sid_to_distinguished_name function - make sure we find the allternate name of our primary domain when operating with a netbiosless ADS DC (using LDAP to do the lookup) - fixed the rpc trusted domain enumeration to support up to approx 2000 trusted domains (the old limit was 3) - use the IP for the remote_machine (%m) macro when the client doesn't supply us with a name via a netbios session request (eg. port 445) - if the client uses SPNEGO then use the machine name from the SPNEGO auth packet for remote_machine (%m) macro - add new 'net ads workgroup' command to find the netbios workgroup name for a realm (This used to be commit e358d7b24c86a46d8c361b9e32a25d4f71a6dc00)
2002-08-01make sure we null terminate plaintext passwordsAndrew Tridgell1-1/+1
(This used to be commit cf2abf677ed9942d841ef61ffb2565244c8979ac)
2002-07-31Rework parinioa to ensure we never get passwords longer than MAX_PASS_LEN, norAndrew Bartlett1-18/+11
longer than the buffer they claim to be in. Many thanks to tridge for explaining the macros. Andrew Bartlett (This used to be commit 3efd462bf2f1ed50c108c2b8ddecc461d002745d)
2002-07-31fixed the length checking for plaintext passwords (thanks to andrewbAndrew Tridgell1-2/+11
for spotting this) (This used to be commit d4c905e5a0a67c8e01a4fcf78aa992a3b7beff02)
2002-07-30this fixes plaintext passwords with win2000Andrew Tridgell1-3/+4
there were 2 bugs: 1) we were sending a null challenge when we should have sent an empty challenge 2) the password can be in unicode if unicode is negotiated. This means our client code was wrong too :( (This used to be commit 1a6dfddf6788b30fc81794b1bfe749693183b2c1)
2002-05-31Removed some unused variables - tidy up some formating, add struct toJeremy Allison1-3/+2
client state to implement smb signing - this is a test at present. Jeremy. (This used to be commit a234e303558a25c4ea26b7f6788006e4fee651bf)
2002-05-26Add support for NTLMv2 (tested!) with NTLMSSP.Andrew Bartlett1-17/+49
The problem was the NTLMv2 uses extra data in order to make reply/lookup more difficult. That extra data includes the hostname, and the domain. This matches Win2k (sort of) by sending this information. Win2k connects with LMCompatibilityLevel=5 without a problem. We can change the negotiation bits if we want, this should allow us to make NTLMv2 the default for other clients as well. Some of the extra #defines were found in the squid source. Andrew Bartlett (This used to be commit 17a5f67b3d1935baf6197ae967624eb847b66ac8)
2002-04-18fixed the fallback to a BDC for ADS connectionsAndrew Tridgell1-1/+1
(This used to be commit 3e58a1ee83ea0b4347ce24e566445cc6cb67bb3a)
2002-04-16make sure we don't walk past the end of the current SMB buffer whenAndrew Tridgell1-9/+5
pulling a string this might explain a serious filename corruption bug that Quantum QA spotted (This used to be commit a877eae24becad9e0cd5b33ffe0916a20d5ba227)
2002-04-14it looks like it is possible for a w2k client to send a spnego auth without ↵Andrew Tridgell1-1/+6
sending the negotiate - try to cope (This used to be commit 95278aa41f654108d9d20cd0096a34caf175d32b)
2002-01-30Removed version number from file header.Tim Potter1-2/+1
Changed "SMB/Netbios" to "SMB/CIFS" in file header. (This used to be commit 6a58c9bd06d0d7502a24bf5ce5a2faf0a146edfa)
2002-01-17A nice *big* change to the fundemental way we do things.Andrew Bartlett1-7/+0
Samba (ab)uses the returns from getpwnam() a lot - in particular it keeps them around for a long time - often past the next call... This adds a getpwnam_alloc and a getpwuid_alloc to the collection. These function as expected, returning a malloced structure that can be free()ed with passwd_free(&passwd). This patch also cuts down on the number of calls to getpwnam - mostly by taking advantage of the fact that the passdb interface is already case-insensiteve. With this patch most of the recursive cases have been removed (that I know of) and the problems are reduced further by not using the sys_ interface in the new code. This means that pointers to the cache won't be affected. (This is a tempoary HACK, I intend to kill the password cache entirly). The only change I'm a little worried about is the change to rpc_server/srv_samr_nt.c for private groups. In this case we are getting groups from the new group mapping DB. Do we still need to check for private groups? I've toned down the check to a case sensitve match with the new code, but we might be able to kill it entirly. I've also added a make_modifyable_passwd() function, that copies a passwd struct into the form that the old sys_getpw* code provided. As far as I can tell this is only actually used in the pass_check.c crazies, where I moved the final 'special case' for shadow passwords (out of _Get_Pwnam()). The matching case for getpwent() is dealt with already, in lib/util_getent.c Also included in here is a small change to register the [homes] share at vuid creation rather than just in one varient of the session setup. (This picks up the SPNEGO cases). The home directory is now stored on the vuid, and I am hoping this might provide a saner way to do %H substitions. TODO: Kill off remaining Get_Pwnam_Modify calls (they are not needed), change the remaining sys_getpwnam() callers to use getpwnam_alloc() and move Get_Pwnam to return an allocated struct. Andrew Bartlett (This used to be commit 1d86c7f94230bc53daebd4d2cd829da6292e05da)
2002-01-11Back out the crazy notion that the NTLMSSP flags actually mean anything...Andrew Bartlett1-1/+12
Replace this with some flags that *we* define. We can do a mapping later if we actually get some more reliable info about what passwords are actually valid. Andrew Bartlett (This used to be commit 7f7a42c3e4d5798ac87ea16a42e4976c3778a76b)
2002-01-09Better explanation message for dmalloc.Martin Pool1-5/+5
Also more insertion of parenthesis to handle struct members called 'free'. You can now get useful dmalloc output, as long as it is compatible with your C library. On RH7.1 it looks like you have to rebuild dmalloc to allow free(0) by default, because something in libcrypt does that. (sigh) (This used to be commit 391cbb690196537c8b6292b42c2e27408cc7e249)
2002-01-06Get this code back to where it belongs...Andrew Bartlett1-7/+7
Apparently (and I will doublecheck) its legal to do an annoymous session setup when we negoitiated SPNEGO, but we can't do an authenticated one becouse we didn't give a challange. Andrew Bartlett (This used to be commit 08a5c5bf940fac7a779be01db01ae7d97df80f79)
2002-01-06Some more SPNEGO fixes.Andrew Bartlett1-1/+1
(This used to be commit 0e564cb32acc70c1fc43f1be5ceb3637f0dc7361)
2002-01-05Fix up the SPNEGO segfault.Andrew Bartlett1-2/+2
(This used to be commit 17b1c83dd02035048bd38b305460c96c6c09343a)
2002-01-05I've decided to move the auth code around a bit more...Andrew Bartlett1-45/+56
The auth_authsupplied_info typedef is now just a plain struct - auth_context, but it has been modified to contain the function pointers to the rest of the auth subsystem's components. (Who needs non-static functions anyway?) In working all this mess out, I fixed a number of memory leaks and moved the entire auth subsystem over to talloc(). Note that the TALLOC_CTX attached to the auth_context can be rather long-lived, it is provided for things that are intended to live as long. (The global_negprot_auth_context lasts the whole life of the smbd). I've also adjusted a few things in auth_domain.c, mainly passing the domain as a paramater to a few functions instead of looking up lp_workgroup(). I'm hopign to make this entire thing a bit more trusted domains (as PDC) freindly in the near future. Other than that, I moved a bit of the code around, hence the rather messy diff. Andrew Bartlett (This used to be commit 12f5515f556cf39fea98134fe3e2ac4540501048)
2002-01-02debug statement fixups.Jeremy Allison1-5/+0
Merge SAFE_FREE fix in tdb from 2.2, and IRIX fix. Jeremy. (This used to be commit eb6607466565bcd5b3800492d0bc1ae8a44da4f6)
2001-12-31- portablitity fixes for cc -64 on irixAndrew Tridgell1-1/+1
- fixed gid* bug in rpc_server (This used to be commit 48aa90c48c5f0e3054c4acdc49668e222e7c0d36)
2001-12-20check for a winbindd username when doing a kerberos authAndrew Tridgell1-0/+11
(This used to be commit 39f2e2e1623a011e2c99ecca64e0643b1e450657)
2001-12-20don't use server_info after its been freedAndrew Tridgell1-2/+4
(This used to be commit ee161a57289409e2fa43e33b045473077c7b6ba5)
2001-12-20support "map to guest" with spnegoAndrew Tridgell1-21/+43
(This used to be commit e873d0ff1eee9442ff6152d666b8d874b6a01972)
2001-12-19added trusted realm support to ADS authenticationAndrew Tridgell1-5/+10
the method used for checking if a domain is a trusted domain is very crude, we should really call a backend fn of some sort. For now I'm using winbindd to do the dirty work. (This used to be commit adf44a9bd0d997ba4dcfadc564a29149531525af)
2001-12-08Ensure that 'use spnego' restricts, rather than just advises our clients.Andrew Bartlett1-1/+6
This means that if a hole is found in the spnego code, we can tell people to just set 'use spengo' in their config file while we sort it out. Other than that, preventing 'unusual' behaviour is always a good thing. Andrew Bartlett (This used to be commit a8a53c08f7d607268a3959486a850a2df50ca7a2)
2001-12-05Ensure we fill in the %U for NTLMSSP connectionsAndrew Bartlett1-1/+3
(This used to be commit d15ea4fa8e23469f104405c197206e2779461323)
2001-12-05added a REALLY gross hack into kerberos_kinit_password so thatAndrew Tridgell1-1/+1
winbindd can do a kinit this will be removed once we have code that gets a tgt and puts it in a place where cyrus-sasl can see it (This used to be commit 7d94f1b7365215a020d3678d03d820a7d086174f)
2001-11-29Make better use of the ads_init() function to get the kerberos relam etc.Andrew Bartlett1-7/+12
This allows us to use automagically obtained values in future, and the value from krb5.conf now. Also fix mem leaks etc. Andrew Bartlett (This used to be commit 8f9ce717819235d98a1463f20ac659cb4b4ebbd2)
2001-11-28fixed some krb5 ifdefsAndrew Tridgell1-2/+2
(This used to be commit 23ef22f11700bbaa5778a9678a990a2b041fcefe)
2001-11-27fixed another memory leakAndrew Tridgell1-1/+1
(This used to be commit 37aa2873e5f476a587316893b0ea3a6fbdfe746f)
2001-11-27more memory leak fixesAndrew Tridgell1-1/+6
(This used to be commit 5abf8442033587b79651301d39260abd44b1c3fa)
2001-11-26we can safely give NO_SUCH_USER if the ticket decodes but the localAndrew Tridgell1-1/+1
account doesn't exist (This used to be commit 477b6d27fd7281418739bc8ba0b984a53430ecda)
2001-11-26challange -> challengeTim Potter1-2/+2
(This used to be commit d6318add27f6bca5be00cbedf2226b642341297a)
2001-11-24added "net join" commandAndrew Tridgell1-38/+5
this completes the first stage of the smbd ADS support (This used to be commit 058a5aee901e6609969ef7e1d482a720a84a4a12)
2001-11-24This is another rather major change to the samba authenticaionAndrew Bartlett1-38/+85
subystem. The particular aim is to modularized the interface - so that we can have arbitrary password back-ends. This code adds one such back-end, a 'winbind' module to authenticate against the winbind_auth_crap functionality. While fully-functional this code is mainly useful as a demonstration, because we don't get back the info3 as we would for direct ntdomain authentication. This commit introduced the new 'auth methods' parameter, in the spirit of the 'auth order' discussed on the lists. It is renamed because not all the methods may be consulted, even if previous methods fail - they may not have a suitable challenge for example. Also, we have a 'local' authentication method, for old-style 'unix if plaintext, sam if encrypted' authentication and a 'guest' module to handle guest logins in a single place. While this current design is not ideal, I feel that it does provide a better infrastructure than the current design, and can be built upon. The following parameters have changed: - use rhosts = This has been replaced by the 'rhosts' authentication method, and can be specified like 'auth methods = guest rhosts' - hosts equiv = This needs both this parameter and an 'auth methods' entry to be effective. (auth methods = guest hostsequiv ....) - plaintext to smbpasswd = This is replaced by specifying 'sam' rather than 'local' in the auth methods. The security = parameter is unchanged, and now provides defaults for the 'auth methods' parameter. The available auth methods are: guest rhosts hostsequiv sam (passdb direct hash access) unix (PAM, crypt() etc) local (the combination of the above, based on encryption) smbserver (old security=server) ntdomain (old security=domain) winbind (use winbind to cache DC connections) Assistance in testing, or the production of new and interesting authentication modules is always appreciated. Andrew Bartlett (This used to be commit 8d31eae52a9757739711dbb82035a4dfe6b40c99)
2001-11-20add a hook to save the krb5 PACAndrew Tridgell1-0/+8
(This used to be commit 1cbc18ae732671d9a60528f8300ca7609e124d11)