summaryrefslogtreecommitdiff
path: root/source3/smbd/sesssetup.c
AgeCommit message (Collapse)AuthorFilesLines
2003-05-28It seems only NT4 does the VC == 0 session drop code.Jeremy Allison1-1/+5
Jeremy. (This used to be commit 30bbf4c8c4cbed0f7980237ea9b78baa785dec3d)
2003-05-27Correct (?) handling for VC = 0. Trying to fix XP logoff leaving resourcesJeremy Allison1-1/+18
around. Jeremy. (This used to be commit bf0916e1da442606311c74ac73ccec2e9710d663)
2003-05-27volker's add_signature() fix; must pass the beginning on the outbuf to get ↵Gerald Carter1-5/+5
the flags field (This used to be commit 48c8211084503172f053ad23b308901628f8a978)
2003-05-21fix for UNICODE plaintext passwords (bug #59) and fix smbclient to send the ↵Gerald Carter1-1/+4
unicode plain text password if negoitated (This used to be commit e7d635af80c844f17ff9f34c26c1e9c978951ce1)
2003-05-20really make sure to include the version in the lanman string; tested spnego ↵Gerald Carter1-8/+9
using smbclient (This used to be commit d7ca85613b6acf60e29cc118435db2c075995edb)
2003-05-14spellingTim Potter1-1/+1
(This used to be commit 865c11275685c85124b506c9bbd2a8bde2e760b9)
2003-05-01Fix uninitialized blobs reported by Luke Howard.Jeremy Allison1-0/+6
Jeremy. (This used to be commit 8dcc00899977a126d5782e44bdae74175ecc0d93)
2003-04-29add version back to lanman string in sessetup replyGerald Carter1-1/+5
(This used to be commit dade462a168abe721c70022546109074961969b6)
2003-04-22Merge comment with HEADAndrew Bartlett1-3/+3
(This used to be commit 8f8d819d5814c2a538b5b906014ff0c354625450)
2003-03-17Merge from HEAD - sync up SessionSetup code to HEAD, including Luke Howard'sAndrew Bartlett1-27/+55
session key and auth verifier patches. Andrew Bartlett (This used to be commit 3f9616a68a855acbae3f405c27ee2358fbe7ba2c)
2003-03-14fix WinXP & Win2K3 remote_arch and check pointer in ntlmssp code before ↵Gerald Carter1-19/+20
dereferencing (This used to be commit 7bc5fc729f67ae16e09ea67efa9e2b8e2ba41c8f)
2003-03-12adding some initiaial code to sert %a to Win2K3 (using Native LanMan string ↵Gerald Carter1-0/+2
from .NET RC2) (This used to be commit e074cab810f9299d0b27881cddf8a74f10fe233e)
2003-02-27additional fix for CR 601Gerald Carter1-0/+15
* distinguish WinXP from Win2k * add a 1/3 of a second delay in OpenPrinter in order to trigger a LAN/WAN optimization in 2k clients. (This used to be commit c7712fa054d21b4884a78b7ea6c0fb8b3d637c6b)
2003-02-24Merge of server-side authentication changes to 3.0:Andrew Bartlett1-35/+25
- user_ok() and user_in_group() now take a list of groups, instead of looking for the user in the members of all groups. - The 'server_info' returned from the authentication is now kept around - in future we won't copy the sesion key, username etc, we will just referece them directly. - rhosts upgraded to use the SAM if possible, otherwise fake up based on getpwnam(). - auth_util code to deal with groups upgraded to deal with non-winbind domain members again. Andrew Bartlett (This used to be commit 74b5436c75114170ce7c780c19226103d0df9060)
2003-02-07check pointer before dereferencing itGerald Carter1-1/+1
(This used to be commit 8712bd1f8eb5321278e7c57bfdc7bdddbdaf1424)
2003-01-28Merge from HEAD:Andrew Bartlett1-262/+109
- NTLMSSP over SPENGO (sesssion-setup-and-x) cleanup and code refactor. - also consequential changes to the NTLMSSP and SPNEGO parsing functions - and the client code that uses the same functions - Add ntlm_auth, a NTLMSSP authentication interface for use by applications like Squid and Apache. - also consquential changes to use common code for base64 encode/decode. - Winbind changes to support ntlm_auth (I don't want this program to need to read smb.conf, instead getting all it's details over the pipe). - nmbd changes for fstrcat() instead of fstrcpy(). Andrew Bartlett (This used to be commit fbb46da79cf322570a7e3318100c304bbf33409e)
2003-01-02pstring/fstring missmatches found by Andrew Bartlett.Jeremy Allison1-5/+5
Jeremy. (This used to be commit 666861b1e263370f6ba8fa4108842f52a81d8b83)
2002-11-20merged the %U changes to 3.0Andrew Tridgell1-0/+11
(This used to be commit 58fa6bfee8ba35cc182c18c980e0a4040ddd7d09)
2002-11-12Removed global_myworkgroup, global_myname, global_myscope. Added liberalJeremy Allison1-3/+2
dashes of const. This is a rather large check-in, some things may break. It does compile though :-). Jeremy. (This used to be commit f755711df8f74f9b8e8c1a2b0d07d02a931eeb89)
2002-09-25sync'ing up for 3.0alpha20 releaseGerald Carter1-22/+18
(This used to be commit 65e7b5273bb58802bf0c389b77f7fcae0a1f6139)
2002-08-17Sync 3.0 branch with headJelmer Vernooij1-49/+70
(This used to be commit 42615b945e2e48e53a21ea47f2e45407913a6a1e)
2002-07-15updated the 3.0 branch from the head branch - ready for alpha18Andrew Tridgell1-28/+60
(This used to be commit 03ac082dcb375b6f3ca3d810a6a6367542bc23ce)
2002-01-30Removed version number from file header.Tim Potter1-2/+1
Changed "SMB/Netbios" to "SMB/CIFS" in file header. (This used to be commit 6a58c9bd06d0d7502a24bf5ce5a2faf0a146edfa)
2002-01-17A nice *big* change to the fundemental way we do things.Andrew Bartlett1-7/+0
Samba (ab)uses the returns from getpwnam() a lot - in particular it keeps them around for a long time - often past the next call... This adds a getpwnam_alloc and a getpwuid_alloc to the collection. These function as expected, returning a malloced structure that can be free()ed with passwd_free(&passwd). This patch also cuts down on the number of calls to getpwnam - mostly by taking advantage of the fact that the passdb interface is already case-insensiteve. With this patch most of the recursive cases have been removed (that I know of) and the problems are reduced further by not using the sys_ interface in the new code. This means that pointers to the cache won't be affected. (This is a tempoary HACK, I intend to kill the password cache entirly). The only change I'm a little worried about is the change to rpc_server/srv_samr_nt.c for private groups. In this case we are getting groups from the new group mapping DB. Do we still need to check for private groups? I've toned down the check to a case sensitve match with the new code, but we might be able to kill it entirly. I've also added a make_modifyable_passwd() function, that copies a passwd struct into the form that the old sys_getpw* code provided. As far as I can tell this is only actually used in the pass_check.c crazies, where I moved the final 'special case' for shadow passwords (out of _Get_Pwnam()). The matching case for getpwent() is dealt with already, in lib/util_getent.c Also included in here is a small change to register the [homes] share at vuid creation rather than just in one varient of the session setup. (This picks up the SPNEGO cases). The home directory is now stored on the vuid, and I am hoping this might provide a saner way to do %H substitions. TODO: Kill off remaining Get_Pwnam_Modify calls (they are not needed), change the remaining sys_getpwnam() callers to use getpwnam_alloc() and move Get_Pwnam to return an allocated struct. Andrew Bartlett (This used to be commit 1d86c7f94230bc53daebd4d2cd829da6292e05da)
2002-01-11Back out the crazy notion that the NTLMSSP flags actually mean anything...Andrew Bartlett1-1/+12
Replace this with some flags that *we* define. We can do a mapping later if we actually get some more reliable info about what passwords are actually valid. Andrew Bartlett (This used to be commit 7f7a42c3e4d5798ac87ea16a42e4976c3778a76b)
2002-01-09Better explanation message for dmalloc.Martin Pool1-5/+5
Also more insertion of parenthesis to handle struct members called 'free'. You can now get useful dmalloc output, as long as it is compatible with your C library. On RH7.1 it looks like you have to rebuild dmalloc to allow free(0) by default, because something in libcrypt does that. (sigh) (This used to be commit 391cbb690196537c8b6292b42c2e27408cc7e249)
2002-01-06Get this code back to where it belongs...Andrew Bartlett1-7/+7
Apparently (and I will doublecheck) its legal to do an annoymous session setup when we negoitiated SPNEGO, but we can't do an authenticated one becouse we didn't give a challange. Andrew Bartlett (This used to be commit 08a5c5bf940fac7a779be01db01ae7d97df80f79)
2002-01-06Some more SPNEGO fixes.Andrew Bartlett1-1/+1
(This used to be commit 0e564cb32acc70c1fc43f1be5ceb3637f0dc7361)
2002-01-05Fix up the SPNEGO segfault.Andrew Bartlett1-2/+2
(This used to be commit 17b1c83dd02035048bd38b305460c96c6c09343a)
2002-01-05I've decided to move the auth code around a bit more...Andrew Bartlett1-45/+56
The auth_authsupplied_info typedef is now just a plain struct - auth_context, but it has been modified to contain the function pointers to the rest of the auth subsystem's components. (Who needs non-static functions anyway?) In working all this mess out, I fixed a number of memory leaks and moved the entire auth subsystem over to talloc(). Note that the TALLOC_CTX attached to the auth_context can be rather long-lived, it is provided for things that are intended to live as long. (The global_negprot_auth_context lasts the whole life of the smbd). I've also adjusted a few things in auth_domain.c, mainly passing the domain as a paramater to a few functions instead of looking up lp_workgroup(). I'm hopign to make this entire thing a bit more trusted domains (as PDC) freindly in the near future. Other than that, I moved a bit of the code around, hence the rather messy diff. Andrew Bartlett (This used to be commit 12f5515f556cf39fea98134fe3e2ac4540501048)
2002-01-02debug statement fixups.Jeremy Allison1-5/+0
Merge SAFE_FREE fix in tdb from 2.2, and IRIX fix. Jeremy. (This used to be commit eb6607466565bcd5b3800492d0bc1ae8a44da4f6)
2001-12-31- portablitity fixes for cc -64 on irixAndrew Tridgell1-1/+1
- fixed gid* bug in rpc_server (This used to be commit 48aa90c48c5f0e3054c4acdc49668e222e7c0d36)
2001-12-20check for a winbindd username when doing a kerberos authAndrew Tridgell1-0/+11
(This used to be commit 39f2e2e1623a011e2c99ecca64e0643b1e450657)
2001-12-20don't use server_info after its been freedAndrew Tridgell1-2/+4
(This used to be commit ee161a57289409e2fa43e33b045473077c7b6ba5)
2001-12-20support "map to guest" with spnegoAndrew Tridgell1-21/+43
(This used to be commit e873d0ff1eee9442ff6152d666b8d874b6a01972)
2001-12-19added trusted realm support to ADS authenticationAndrew Tridgell1-5/+10
the method used for checking if a domain is a trusted domain is very crude, we should really call a backend fn of some sort. For now I'm using winbindd to do the dirty work. (This used to be commit adf44a9bd0d997ba4dcfadc564a29149531525af)
2001-12-08Ensure that 'use spnego' restricts, rather than just advises our clients.Andrew Bartlett1-1/+6
This means that if a hole is found in the spnego code, we can tell people to just set 'use spengo' in their config file while we sort it out. Other than that, preventing 'unusual' behaviour is always a good thing. Andrew Bartlett (This used to be commit a8a53c08f7d607268a3959486a850a2df50ca7a2)
2001-12-05Ensure we fill in the %U for NTLMSSP connectionsAndrew Bartlett1-1/+3
(This used to be commit d15ea4fa8e23469f104405c197206e2779461323)
2001-12-05added a REALLY gross hack into kerberos_kinit_password so thatAndrew Tridgell1-1/+1
winbindd can do a kinit this will be removed once we have code that gets a tgt and puts it in a place where cyrus-sasl can see it (This used to be commit 7d94f1b7365215a020d3678d03d820a7d086174f)
2001-11-29Make better use of the ads_init() function to get the kerberos relam etc.Andrew Bartlett1-7/+12
This allows us to use automagically obtained values in future, and the value from krb5.conf now. Also fix mem leaks etc. Andrew Bartlett (This used to be commit 8f9ce717819235d98a1463f20ac659cb4b4ebbd2)
2001-11-28fixed some krb5 ifdefsAndrew Tridgell1-2/+2
(This used to be commit 23ef22f11700bbaa5778a9678a990a2b041fcefe)
2001-11-27fixed another memory leakAndrew Tridgell1-1/+1
(This used to be commit 37aa2873e5f476a587316893b0ea3a6fbdfe746f)
2001-11-27more memory leak fixesAndrew Tridgell1-1/+6
(This used to be commit 5abf8442033587b79651301d39260abd44b1c3fa)
2001-11-26we can safely give NO_SUCH_USER if the ticket decodes but the localAndrew Tridgell1-1/+1
account doesn't exist (This used to be commit 477b6d27fd7281418739bc8ba0b984a53430ecda)
2001-11-26challange -> challengeTim Potter1-2/+2
(This used to be commit d6318add27f6bca5be00cbedf2226b642341297a)
2001-11-24added "net join" commandAndrew Tridgell1-38/+5
this completes the first stage of the smbd ADS support (This used to be commit 058a5aee901e6609969ef7e1d482a720a84a4a12)
2001-11-24This is another rather major change to the samba authenticaionAndrew Bartlett1-38/+85
subystem. The particular aim is to modularized the interface - so that we can have arbitrary password back-ends. This code adds one such back-end, a 'winbind' module to authenticate against the winbind_auth_crap functionality. While fully-functional this code is mainly useful as a demonstration, because we don't get back the info3 as we would for direct ntdomain authentication. This commit introduced the new 'auth methods' parameter, in the spirit of the 'auth order' discussed on the lists. It is renamed because not all the methods may be consulted, even if previous methods fail - they may not have a suitable challenge for example. Also, we have a 'local' authentication method, for old-style 'unix if plaintext, sam if encrypted' authentication and a 'guest' module to handle guest logins in a single place. While this current design is not ideal, I feel that it does provide a better infrastructure than the current design, and can be built upon. The following parameters have changed: - use rhosts = This has been replaced by the 'rhosts' authentication method, and can be specified like 'auth methods = guest rhosts' - hosts equiv = This needs both this parameter and an 'auth methods' entry to be effective. (auth methods = guest hostsequiv ....) - plaintext to smbpasswd = This is replaced by specifying 'sam' rather than 'local' in the auth methods. The security = parameter is unchanged, and now provides defaults for the 'auth methods' parameter. The available auth methods are: guest rhosts hostsequiv sam (passdb direct hash access) unix (PAM, crypt() etc) local (the combination of the above, based on encryption) smbserver (old security=server) ntdomain (old security=domain) winbind (use winbind to cache DC connections) Assistance in testing, or the production of new and interesting authentication modules is always appreciated. Andrew Bartlett (This used to be commit 8d31eae52a9757739711dbb82035a4dfe6b40c99)
2001-11-20add a hook to save the krb5 PACAndrew Tridgell1-0/+8
(This used to be commit 1cbc18ae732671d9a60528f8300ca7609e124d11)
2001-11-12Spelling fixes.Tim Potter1-6/+6
(This used to be commit 5c486bd28a5d4194b7cd50fd0fe3430d0d2eaa9b)
2001-11-12Code duplication is bad. So add an add_signiture() function and just refernceAndrew Bartlett1-23/+17
that. (This used to be commit a82c8638576b2c2164eaf046aa529e233ffb71d6)