summaryrefslogtreecommitdiff
path: root/source3/smbd/sesssetup.c
AgeCommit message (Collapse)AuthorFilesLines
2012-08-05s3:smbd: remove unused variable in sesssetup.cStefan Metzmacher1-1/+0
metze Autobuild-User(master): Stefan Metzmacher <metze@samba.org> Autobuild-Date(master): Sun Aug 5 23:09:06 CEST 2012 on sn-devel-104
2012-08-04s3:smbd: setup the application session key with the first tcon on a sessionStefan Metzmacher1-30/+2
Look for Server.Session.SessionKeyState in [MS-SMB]. The first SMBtconX sets the state to available, which makes it possible to protect the session key at that stage, if client and server support TREE_CONNECT_ANDX_EXTENDED_SIGNATURE. metze
2012-08-04s3:smbd: setup session->global->signing_/application_key during SPNEGO SMB1 ↵Stefan Metzmacher1-2/+57
session setups metze Autobuild-User(master): Stefan Metzmacher <metze@samba.org> Autobuild-Date(master): Sat Aug 4 11:09:42 CEST 2012 on sn-devel-104
2012-08-04s3:smbd: setup session->global->signing_/application_key during old SMB1 ↵Stefan Metzmacher1-2/+60
session setups metze
2012-08-04s3:smbd: keep the "application session key" during SMB1 reauthStefan Metzmacher1-2/+12
metze
2012-06-25s3:smbd/sesssetup: implement dynamic re-authentication and expire session if ↵Stefan Metzmacher1-4/+78
client supports it metze
2012-06-25s3:smbd: make use of smbXsrv_session for smb1Stefan Metzmacher1-58/+167
Pair-Programmed-With: Michael Adam <obnox@samba.org> metze
2012-06-21s3:util: rename procid_equal() to serverid_equal()Michael Adam1-1/+1
Signed-off-by: Stefan Metzmacher <metze@samba.org>
2012-06-21s3: Remove a user of procid_is_meVolker Lendecke1-1/+2
Signed-off-by: Michael Adam <obnox@samba.org> Signed-off-by: Stefan Metzmacher <metze@samba.org>
2012-06-06s3:smbd: change user_struct->vuid to uint64_tStefan Metzmacher1-3/+3
Only sconn->smb1.sessions.next_vuid remains as uint16_t, so that we do not generate larger values yet. metze Autobuild-User: Stefan Metzmacher <metze@samba.org> Autobuild-Date: Wed Jun 6 12:07:33 CEST 2012 on sn-devel-104
2012-06-06s3:smbd: use 'struct user_struct' instead of typedef'ed 'user_struct'Stefan Metzmacher1-1/+1
metze
2012-06-05s3:lib: split things into a conn_tdb.hStefan Metzmacher1-0/+1
metze Autobuild-User: Stefan Metzmacher <metze@samba.org> Autobuild-Date: Tue Jun 5 19:28:35 CEST 2012 on sn-devel-104
2012-05-18s3:smbd: allow creating new spnego sessions only with a 0 vuidStefan Metzmacher1-0/+5
Found by the raw.context test. metze
2012-04-16s3:smbd/sesssetup: use a helper variable 'action' to mark guest accessStefan Metzmacher1-1/+3
metze
2012-03-10s3: Remove chain_replyVolker Lendecke1-2/+0
<insert your favourite tombstone ascii art here>
2012-03-10s3: Make sure the andX chains are ended correctlyVolker Lendecke1-0/+3
Normally chain_reply took care of this. This will go away soon.
2012-03-08s3-auth: Follow auth_ntlmssp and use auth4_context for Session SetupAndrew Bartlett1-43/+20
This patch ensures consistency in behaviour between NTLMSSP and NTLM session setup handlers. By calling the same layer that auth_ntlmssp calls, we can not only allow redirection of all authentication to the AD DC, we ensure that map to guest and username map handling is consistent, even in the file server alone. Andrew Bartlett
2012-03-04s3-auth: Remove security=share (depricated since 3.6).Andrew Bartlett1-55/+25
This patch removes security=share, which Samba implemented by matching the per-share password provided by the client in the Tree Connect with a selection of usernames supplied by the client, the smb.conf or guessed from the environment. The rationale for the removal is that for the bulk of security=share users, we just we need a very simple way to run a 'trust the network' Samba server, where users mark shares as guest ok. This is still supported, and the smb.conf options are documented at https://wiki.samba.org/index.php/Public_Samba_Server At the same time, this closes the door on one of the most arcane areas of Samba authentication. Naturally, full user-name/password authentication remain available in security=user and above. This includes documentation updates for username and only user, which now only do a small amount of what they used to do. Andrew Bartlett -------------- / \ / REST \ / IN \ / PEACE \ / \ | SEC_SHARE | | security=share | | | | | | 5 March | | | | 2012 | *| * * * | * _________)/\\_//(\/(/\)/\//\/\///|_)_______
2012-02-17s3-auth: Add extra error messages on authentication or authorization failureAndrew Bartlett1-0/+3
Signed-off-by: Stefan Metzmacher <metze@samba.org>
2012-02-16s3-smbd Remove unused code now we always have SPNEGO via gensecAndrew Bartlett1-5/+2
This was previously needed because SPNEGO was only available in the AD DC. Andrew Bartlett Signed-off-by: Stefan Metzmacher <metze@samba.org>
2012-01-31s3:smbd: inline code in reply_sesssetup_and_X_spnego()Stefan Metzmacher1-102/+71
This makes the logic much easier to follow. metze Autobuild-User: Stefan Metzmacher <metze@samba.org> Autobuild-Date: Tue Jan 31 21:52:45 CET 2012 on sn-devel-104
2012-01-31s3:smbd: the spnego session setup don't need to copy the in blobStefan Metzmacher1-10/+5
metze
2012-01-31s3:smbd: rework reply_spnego_ntlmssp to reply_spnego_genericStefan Metzmacher1-27/+5
This removes the unused spnego_gen_auth_response() wrapping. metze
2012-01-31s3:smbd: remove unused code from sesssetup.cStefan Metzmacher1-545/+0
metze
2012-01-31s3:smbd: remove pending_auth_data logicStefan Metzmacher1-267/+0
This is handled by the gensec_spnego module. metze
2012-01-31s3:smbd: always use the gensec code path in sesssetup.cStefan Metzmacher1-67/+32
The other code pathes are unused, because we always have the spnego gensec module. metze
2012-01-12s3:smbd: explicitly ask for GENSEC_FEATURE_UNIX_TOKENStefan Metzmacher1-0/+3
metze Autobuild-User: Stefan Metzmacher <metze@samba.org> Autobuild-Date: Thu Jan 12 11:22:53 CET 2012 on sn-devel-104
2012-01-05s3-auth Remove ntlmssp_wrap.h which is no longer requiredAndrew Bartlett1-1/+0
Signed-off-by: Stefan Metzmacher <metze@samba.org>
2012-01-05s3-auth use gensec directly rather than via auth_generic_stateAndrew Bartlett1-27/+27
This is possible because the s3 gensec modules are started as normal gensec modules, so we do not need a wrapper any more. Andrew Bartlett Signed-off-by: Stefan Metzmacher <metze@samba.org>
2012-01-05s3-auth Add TALLOC_CTX * to auth_generic_prepare()Andrew Bartlett1-3/+3
This makes the long term owner of this memory more clear. So far only the clear cases have been moved from NULL however. Andrew Bartlett Signed-off-by: Stefan Metzmacher <metze@samba.org>
2011-12-22s3-auth remove auth_ntlmssp_start(), call auth_generic_start() directlyAndrew Bartlett1-3/+3
This makes it clear that this can support more than just NTLMSSP. Andrew Bartlett Signed-off-by: Stefan Metzmacher <metze@samba.org>
2011-12-22s3-auth rename auth_ntlmssp_prepare() -> auth_generic_prepare()Andrew Bartlett1-3/+3
This function handles more than NTLMSSP now, at least when we are an AD DC and so changing the name may avoid some confusion in the future. Andrew Bartlett Signed-off-by: Stefan Metzmacher <metze@samba.org>
2011-12-22s3-auth rename auth_ntlmssp_state -> auth_generic_stateAndrew Bartlett1-3/+3
This structure handles more than NTLMSSP now, at least when we are an AD DC and so changing the name may avoid some confusion in the future. Andrew Bartlett Signed-off-by: Stefan Metzmacher <metze@samba.org>
2011-12-15s3:smbd: pass smbd_server_connection and a snumused function pointer to ↵Stefan Metzmacher1-5/+5
reload_services() metze
2011-10-21s3-ntlmssp Remove auth_ntlmssp_want_feature()Andrew Bartlett1-3/+3
We now just call the gensec_want_feature() directly. Andrew Bartlett Signed-off-by: Stefan Metzmacher <metze@samba.org>
2011-10-21s3-ntlmssp Remove auth_ntlmssp_update wrapperAndrew Bartlett1-7/+7
We now just call gensec_update directly. Andrew Bartlett Signed-off-by: Stefan Metzmacher <metze@samba.org>
2011-10-21s3-auth remove auth_ntlmssp_session_info()Andrew Bartlett1-2/+3
Instead, call gensec_session_info() directly. Andrew Bartlett Signed-off-by: Stefan Metzmacher <metze@samba.org>
2011-10-18ntlmssp: Move ntlmssp code to auth/ntlmsspAndrew Bartlett1-1/+1
This brings in the code from both libcli/auth and source4/auth/ntlmssp. Andrew Bartlett Signed-off-by: Stefan Metzmacher <metze@samba.org>
2011-09-14s3:smbd: make use of better SMB signing negotiationStefan Metzmacher1-0/+18
metze Autobuild-User: Stefan Metzmacher <metze@samba.org> Autobuild-Date: Wed Sep 14 09:41:02 CEST 2011 on sn-devel-104
2011-08-03ntlmssp: Add ntlmssp_blob_matches_magic()Andrew Bartlett1-1/+1
This avoids having the same check in 3 different parts of the code Andrew Bartlett Autobuild-User: Andrew Bartlett <abartlet@samba.org> Autobuild-Date: Wed Aug 3 12:45:04 CEST 2011 on sn-devel-104
2011-08-03s3-auth rename auth_ntlmssp_steal_session_info()Andrew Bartlett1-1/+1
There is no longer any theft of memory as the underlying routines now produce a new auth_session_info for this caller, allocating it on the supplied memory context. Andrew Bartlett
2011-08-03s3-smbd Be consistent with %U subs on guest loginsAndrew Bartlett1-1/+1
The NTLMSSP code always specified "" as the username, and this makes guest logins via the old-style session setup do the same. Andrew Bartlett
2011-08-03s3-auth use auth_generic_start to get full GENSEC in Samba3 session setupAndrew Bartlett1-22/+32
This tests if the auth_generic_start() hook is available on the auth context during the negprot, and if so it uses auth_generic_start() to hook to GENSEC to handle the full SPNEGO blob. Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org>
2011-08-03s3-smbd clarify behaviour by not passing an OID that will not be usedAndrew Bartlett1-1/+1
Signed-off-by: Andrew Tridgell <tridge@samba.org>
2011-08-03s3-smbd Ensure we do not read past the end of a possible NTLMSSP blobAndrew Bartlett1-1/+1
Signed-off-by: Andrew Tridgell <tridge@samba.org>
2011-08-03s3-auth set session_info->sanitized_username in create_local_token()Andrew Bartlett1-6/+4
Rather than passing this value around the callers, and eventually setting it in register_existing_vuid(), we simply pass it to create_local_token(). This also removes the need for auth_ntlmssp_get_username(). Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org>
2011-08-03s3-ntlmssp Split auth_ntlmssp_start into two functionsAndrew Bartlett1-6/+35
This helps map on to the GENSEC semantics better, and ensures that the full set of desired features are set before the mechanism starts. Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org>
2011-08-03s3-ntlmssp Remove calls to auth_ntlmssp_and_flags from the serverAndrew Bartlett1-1/+3
This is changed so that the callers ask for the additional flags that they need, starting with no additional flags. This helps to create a proper abstraction layer in ntlmssp_wrap/auth_ntlmssp. Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org>
2011-08-03s3-ntlmssp Add mem_ctx argument to auth_ntlmssp_updateAndrew Bartlett1-5/+6
This clarifies the lifetime of the returned token. Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org>
2011-08-03s3-auth Move map to guest to directly after the check_password callsAndrew Bartlett1-71/+0
This means we no longer need two different map to guest functions and have consistent logic with fewer layering violations. Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org>