summaryrefslogtreecommitdiff
path: root/source3/smbd/sesssetup.c
AgeCommit message (Collapse)AuthorFilesLines
2007-10-10r14168: Fix Coverity #219. I think this is a false coverityJeremy Allison1-1/+4
warning as it seems to get confused with assignment and comparison. Clarify the code anyway. Jeremy. (This used to be commit 754818f8cc0849bddf84b7a534cd65e8dcd932ac)
2007-10-10r14130: Remove make_server_info_pac alltogether, make_server_info_info3 doesGünther Deschner1-3/+3
already do what we need. Guenther (This used to be commit 773e33c9717ae04f48983ddc49f7619a97523603)
2007-10-10r14112: * fix checks on return code from register_vuid() which could actuallyGerald Carter1-4/+19
fail and we would still return success in the SMBsesssetup reply :-( * Make sure to create the local token for the server_fino struct in reply_spnego_kerberos() so that register_vuid() does not fail. (how did this ever work?) (This used to be commit 8dafa45b97020d1aceb027a85e18401c965bf402)
2007-10-10r13604: Fix for bug #3512 "use spnego=no" and "server signing=auto" cause ↵Jeremy Allison1-22/+20
client to disconnect after negprot" We missed one case of ignoring "BSRSPYL ". Merge for 3.0.21c. Jeremy. (This used to be commit 7d21cf420fdecaee43408ad5cc192cc0715d95a2)
2007-10-10r13316: Let the carnage begin....Gerald Carter1-11/+19
Sync with trunk as off r13315 (This used to be commit 17e63ac4ed8325c0d44fe62b2442449f3298559f)
2007-10-10r11909: Implement 'reset on zero vc'. This kills other connections when a ↵Volker Lendecke1-0/+26
session setup comes in with the vc (virtual connection) field set to zero. This is done by Windows, probably you can tweak that by some registry key. This boolean option controls whether an incoming session setup should kill other connections coming from the same IP. This matches the default Windows 2003 behaviour. Setting this parameter to yes becomes necessary when you have a flaky network and windows decides to reconnect while the old connection still has files with share modes open. These files become inaccessible over the new connection. The client sends a zero VC on the new connection, and Windows 2003 kills all other connections coming from the same IP. This way the locked files are accessible again. Please be aware that enabling this option will kill connections behind a masquerading router. Volker (This used to be commit 5629ca16235f0aa21fea3afd9e414309e4e1374e)
2007-10-10r11846: Destroy the TALLOC_CTX on error in the Kerberos session setup and give aGünther Deschner1-0/+7
more precise inline comment why PAC verification may fail. Guenther (This used to be commit 43b57715e9b44a0a0c7cc7fe3674a5fd4369e78b)
2007-10-10r11661: Store the INFO3 in the PAC data into the netsamlogon_cache.Gerald Carter1-4/+8
Also remove the mem_ctx from the netsamlogon_cache_store() API. Guenther, what should we be doing with the other fields in the PAC_LOGON_INFO? (This used to be commit 8bead2d2825015fe41ba7d7401a12c06c29ea7f7)
2007-10-10r11655: Two small fixesGerald Carter1-3/+0
* remove redundant call to sub_set_smb_name() in session setup code. * Fix lockup when running 'wbinfo -t' on a Samba PDC. Cause was new authenticated session setup from winbindd which resulted in a mangled username (machine_) that was not found in the local files and so was queiued up to nss_winbindd. Deadlock.... So now make sure to keep the trailing '$' for machine account names when calling sub_set_smb_name(). (This used to be commit b0a2d43b603c2e230da6ada73587696605102e8f)
2007-10-10r11213: Fix the buildGünther Deschner1-1/+0
Guenther (This used to be commit 908ac0c9eccd1ba368a6305fee9673770fc74a53)
2007-10-10r11183: add small helper function to return a PAC_LOGON_INFO.Günther Deschner1-10/+1
Guenther (This used to be commit a8d5d6b845efb62e73e281549528376f3ee74211)
2007-10-10r10656: BIG merge from trunk. Features not copied overGerald Carter1-13/+57
* \PIPE\unixinfo * winbindd's {group,alias}membership new functions * winbindd's lookupsids() functionality * swat (trunk changes to be reverted as per discussion with Deryck) (This used to be commit 939c3cb5d78e3a2236209b296aa8aba8bdce32d3)
2007-10-10r8913: Fix memory leak in -r 8912: Free the right thing, rather than blob1 ↵Andrew Bartlett1-1/+1
'twice'. Andrew Bartlett (This used to be commit 7adeba4036d9d83a10d8944c81ea3fab0267db21)
2007-10-10r8912: Samba 3.0 was failing from a Vista client, because it was using 'raw'Andrew Bartlett1-6/+39
NTLMSSP (not wrapped in SPNEGO). We really should have supported this anyway, but we got away with it for a while... Andrew Bartlett (This used to be commit 78f0640a4b4af8b40c0af251fd06edd97feaf1be)
2007-10-10r8472: abartlet's patch for parallel ntlmssp ↵Gerald Carter1-17/+58
supporttrunk/source/smbd/sesssetup.c (This used to be commit aab17a7095a18b243a271f8f3f824facd6932f23)
2007-10-10r7963: Add aio support to 3.0.Jeremy Allison1-0/+1
Jeremy. (This used to be commit 1de27da47051af08790317f5b48b02719d6b9934)
2007-10-10r7882: Looks like a large patch - but what it actually does is make SambaJeremy Allison1-1/+1
safe for using our headers and linking with C++ modules. Stops us from using C++ reserved keywords in our code. Jeremy (This used to be commit 9506b8e145982b1160a2f0aee5c9b7a54980940a)
2007-10-10r7398: commiting abartlet's patch for kerberos authentication when using a ↵Gerald Carter1-1/+1
keytab and security != ads (This used to be commit 3faaa5c3eb3b2057984586e069a47cb210c99140)
2007-10-10r7395: * new feature 'map to guest = bad uid' (based on patch fromGerald Carter1-20/+35
aruna.prabakar@hp.com). This re-enables the Samba 2.2 behavior where a user that was successfully authenticated by a remote DC would be mapped to the guest account if there was not existing UNIX account for that user and we could not create one. (This used to be commit b7455fbf81f4e47c087c861f70d492a328730a9b)
2007-10-10r7372: abartet's patch for BUG 2391 (segv caused by free a static pointer)Gerald Carter1-0/+2
(This used to be commit 4cda2bd035276bd090bf0fbd4e3b2eff657a80cb)
2007-10-10r7139: trying to reduce the number of diffs between trunk and 3.0; changing ↵Gerald Carter1-9/+6
version to 3.0.20pre1 (This used to be commit 9727d05241574042dd3aa8844ae5c701d22e2da1)
2007-10-10r7024: reverting mistaken commitGerald Carter1-14/+3
(This used to be commit c70c5c4ee9b14fbdb174f542607aceebe0e88470)
2007-10-10r7020: fixing printer ace values and getting rid of false compiler warning ↵Gerald Carter1-3/+14
about unitialized variable (This used to be commit 3a91b20e4bcc78c91932e6c4394b3f6f153b2ff5)
2007-10-10r6225: get rid of warnings from my compiler about nested externsHerb Lewis1-5/+6
(This used to be commit efea76ac71412f8622cd233912309e91b9ea52da)
2007-10-10r6149: Fixes bugs #2498 and 2484.Derrell Lipman1-1/+3
1. using smbc_getxattr() et al, one may now request all access control entities in the ACL without getting all other NT attributes. 2. added the ability to exclude specified attributes from the result set provided by smbc_getxattr() et al, when requesting all attributes, all NT attributes, or all DOS attributes. 3. eliminated all compiler warnings, including when --enable-developer compiler flags are in use. removed -Wcast-qual flag from list, as that is specifically to force warnings in the case of casting away qualifiers. Note: In the process of eliminating compiler warnings, a few nasties were discovered. In the file libads/sasl.c, PRIVATE kerberos interfaces are being used; and in libsmb/clikrb5.c, both PRIAVE and DEPRECATED kerberos interfaces are being used. Someone who knows kerberos should look at these and determine if there is an alternate method of accomplishing the task. (This used to be commit 994694f7f26da5099f071e1381271a70407f33bb)
2007-10-10r6020: Never do NT status codes with protocols before NT1 as we don't get ↵Jeremy Allison1-0/+4
client caps. Jeremy. (This used to be commit 4868e4202775c1c0a60828e0c6f6fa23cf8346e1)
2007-10-10r5952: BUG 2469: patch from Jason Mader to cleanup compiler warning when not ↵Gerald Carter1-4/+8
using krb5 (This used to be commit 19a639ac468237b22f16d917c0150fbf10c9623e)
2007-10-10r5290: Fix for bug #2323 - plaintext problem with WinXP.Jeremy Allison1-0/+8
Jeremy. (This used to be commit 3e10c36cb50462d1f220029e8fa64c3b6e554e6c)
2007-10-10r3946: Fix for bugid #2085 reported by Jason Mader <jason@ncac.gwu.edu>. Use ↵Jeremy Allison1-1/+1
consistent enum type for Protocol extern. Jeremy. (This used to be commit 65dfae7ea45d4c9452b2a08efa09b01d870142f3)
2007-10-10r1370: BUG 1297 - prevent map_username() from being called twice during logonGerald Carter1-0/+2
(This used to be commit e1364ff774b62f46c0f50864695da49972352126)
2007-10-10r1122: As spotted by lha@stacken.kth.se we don't actually use this variable ↵Andrew Bartlett1-2/+0
any more. Andrew Bartlett (This used to be commit 9d5821d5ee5e9f666dfbe75419e97508af9cad5e)
2007-10-10r786: Memory leak fixes in (mostly) error code paths fromJeremy Allison1-1/+7
kawasa_r@itg.hitachi.co.jp. A couple of mem leak fixes in mainline code paths though :-). Jeremy. (This used to be commit 4695cc95fe576b6da0d0cb0686f208fc306b2646)
2007-10-10r69: Global rename of 'nt_session_key' -> 'user_session_key'. The session ↵Andrew Bartlett1-2/+2
key could be anything, and may not be based on anything 'NT'. This is also what microsoft calls it. (This used to be commit 724e8d3f33719543146280062435c69a835c491e)
2007-10-10r59: revert session key problemAndrew Tridgell1-2/+2
(This used to be commit 40b5794ae0919c6c6f1b8a451871dcc95bbab5cc)
2007-10-10r49: Support SMB signing on connections using only theAndrew Bartlett1-8/+4
LANMAN password. This also corrects the 'session key' for these connections. (This used to be commit 26d8791ddedb7964c219067480cf4a7d61877765)
2004-03-27Merge from HEAD the SMB signing patch that I developed a couple of weeksAndrew Bartlett1-5/+6
ago. This patch re-adds support for 'optional' SMB signing. It also ensures that we are much more careful about when we enable signing, particularly with on-the-fly smb.conf reloads. The client code will now attempt to use smb signing by default, and disable it if the server doesn't correctly support it. Andrew Bartlett (This used to be commit e27b5cbe75d89ec839dafd52dd33101885a4c263)
2004-03-19BUG 417: fix %UuGg variables expansion in include lines setging the ↵Gerald Carter1-0/+9
current_user_info struct in register_vuid() -- shouldn't be any more broken than we were (This used to be commit a90c3bd281e7a62bb8482e42aa3b674eeeb5995a)
2004-03-16BUG 1165, 1126: Fix bug with secondary groups (security = ads) and winbind ↵Gerald Carter1-4/+8
use default domain = yes (This used to be commit f2eaa14b1eb7e89c945b2b06a48e17998c75d620)
2004-01-26Patch by Luca Bolcioni <Luca.Bolcioni@yacme.com>. Ensure we alwaysAndrew Bartlett1-0/+2
initialise the session key. Fixes segfaults with security=server, and encrypt passwords = no. Andrew Bartlett (This used to be commit 493ac5ce98fa3fcddb596139240dd762e70d4ac3)
2004-01-15reply_spnego_kerberos did not set the domain of the user handed toVolker Lendecke1-0/+7
register_vuid correctly. We ended up with the local netbios name in substitutions for %D later. Volker P.S: Tridge, I can *really* see why you want to get rid of global variables :-) (This used to be commit 3d9931fe291559a907c3e172a66fbce1155497a3)
2004-01-07Fix from Luke Howard <lukeh@PADL.COM> for incorrect early free().Jeremy Allison1-5/+7
Jeremy. (This used to be commit 8e20c06ed31d9ec10ff0155b1624eee3d60cd006)
2004-01-04Commit the translation of the realm to the netbios domain name in the kerberosVolker Lendecke1-3/+41
session setup. After talking to jht and abartlet I made this unconditional, no additional parameter. Jerry: This is a change in behaviour, but I think it is necessary. Volker (This used to be commit 3ce6c9f27368cfb278007fe660a0e44a84d67f8f)
2003-12-12Fix for bug #815. Make plaintext unicode passwords work with NT4.xJeremy Allison1-5/+11
Jeremy. (This used to be commit ba0b5b8c9be9bfeba5e0b3f930ca0463d1e78c9c)
2003-12-05fix %a variable for Windows 2003 -> Win2K3Gerald Carter1-9/+39
(This used to be commit 2f43a1c166dfc8679a9d03bd0f3cf9303aafcf74)
2003-12-01Subtract NT_STATUS from common flag, don't add it...Jeremy Allison1-4/+4
Jeremy. (This used to be commit 4e73faa7b4af7f73bdce9fcc2ee1825249dc7da7)
2003-12-01Don't automatically set nt status code flag unless client tells us it canJeremy Allison1-9/+19
cope. Jeremy. (This used to be commit 0d82ac57a59276adb403f8e023578c2d6d5136e4)
2003-11-22Changes all over the shop, but all towards:Andrew Bartlett1-11/+21
- NTLM2 support in the server - KEY_EXCH support in the server - variable length session keys. In detail: - NTLM2 is an extension of NTLMv1, that is compatible with existing domain controllers (unlike NTLMv2, which requires a DC upgrade). * This is known as 'NTLMv2 session security' * (This is not yet implemented on the RPC pipes however, so there may well still be issues for PDC setups, particuarly around password changes. We do not fully understand the sign/seal implications of NTLM2 on RPC pipes.) This requires modifications to our authentication subsystem, as we must handle the 'challege' input into the challenge-response algorithm being changed. This also needs to be turned off for 'security=server', which does not support this. - KEY_EXCH is another 'security' mechanism, whereby the session key actually used by the server is sent by the client, rather than being the shared-secret directly or indirectly. - As both these methods change the session key, the auth subsystem needed to be changed, to 'override' session keys provided by the backend. - There has also been a major overhaul of the NTLMSSP subsystem, to merge the 'client' and 'server' functions, so they both operate on a single structure. This should help the SPNEGO implementation. - The 'names blob' in NTLMSSP is always in unicode - never in ascii. Don't make an ascii version ever. - The other big change is to allow variable length session keys. We have always assumed that session keys are 16 bytes long - and padded to this length if shorter. However, Kerberos session keys are 8 bytes long, when the krb5 login uses DES. * This fix allows SMB signging on machines not yet running MIT KRB5 1.3.1. * - Add better DEBUG() messages to ntlm_auth, warning administrators of misconfigurations that prevent access to the privileged pipe. This should help reduce some of the 'it just doesn't work' issues. - Fix data_blob_talloc() to behave the same way data_blob() does when passed a NULL data pointer. (just allocate) REMEMBER to make clean after this commit - I have changed plenty of data structures... (This used to be commit f3bbc87b0dac63426cda6fac7a295d3aad810ecc)
2003-10-22Put strcasecmp/strncasecmp on the banned list (except for needed callsJeremy Allison1-1/+1
in iconv.c and nsswitch/). Using them means you're not thinking about multibyte at all and I really want to discourage that. Jeremy. (This used to be commit d7e35dfb9283d560d0ed2ab231f36ed92767dace)
2003-10-20more 2.2.x compatibility fixes - allow user looksup in the kerb5Gerald Carter1-13/+10
sesssetup to fall back to 'user' instaed of failing is REA.LM\user doesn't exist. also fix include line in smb_acls.h as requested by metze (This used to be commit 62ed2598b3441b3c198872df8eb55e594332807b)
2003-08-25Fix memleak.Volker Lendecke1-1/+3
(This used to be commit afbf15f94189f50cd447d9bcdebbc4886800b05a)