summaryrefslogtreecommitdiff
path: root/source3/smbd/sesssetup.c
AgeCommit message (Collapse)AuthorFilesLines
2009-02-01Add two new parameters to control how we verify kerberos tickets. Removes ↵Dan Sledz1-2/+2
lp_use_kerberos_keytab parameter. The first is "kerberos method" and replaces the "use kerberos keytab" with an enum. Valid options are: secrets only - use only the secrets for ticket verification (default) system keytab - use only the system keytab for ticket verification dedicated keytab - use a dedicated keytab for ticket verification. secrets and keytab - use the secrets.tdb first, then the system keytab For existing installs: "use kerberos keytab = yes" corresponds to secrets and keytab "use kerberos keytab = no" corresponds to secrets only The major difference between "system keytab" and "dedicated keytab" is that the latter method relies on kerberos to find the correct keytab entry instead of filtering based on expected principals. The second parameter is "dedicated keytab file", which is the keytab to use when in "dedicated keytab" mode. This keytab is only used in ads_verify_ticket.
2009-01-15s3: make better use of ccache by not including version.h in every C-file.Michael Adam1-1/+1
version.h changes rather frequently. Since it is included via includes.h, this means each C file will be a cache miss. This applies to the following situations: * When building a new package with a new Samba version * building in a git branch after calling mkversion.sh after a new commit (i.e. virtually always) This patch improves the situation in the following way: * remove inlude "version.h" from includes.h * Use samba_version_string() instead of SAMBA_VERSION_STRING in files that use no other macro from version.h instead of SAMBA_VERSION_STRING. * explicitly include "version.h" in those files that use more macros from "version.h" than just SAMBA_VERSION_STRING. Michael
2009-01-08s3:smbd: move all globals and static variables in globals.[ch]Stefan Metzmacher1-13/+1
The goal is to move all this variables into a big context structure. metze
2008-12-30Move a comment to its placeVolker Lendecke1-5/+5
2008-12-12s3 sesssetup.c: Add missing line break to debug message.root1-1/+1
Karolin
2008-11-28Remove two direct inbuf references from reply_sesssetup_and_X_spnego()Volker Lendecke1-2/+2
2008-11-02Remove a bunch of direct inbuf references by adding "vwv" to smb_requestVolker Lendecke1-10/+10
2008-11-02Remove some direct inbuf references by adding smbreq_bufremVolker Lendecke1-3/+3
2008-11-02Simplify params of srvstr_pull_buf_talloc()Volker Lendecke1-20/+13
Now that "req" is available everywhere, use it. Rename srvstr_pull_buf_talloc() to srvstr_pull_req()
2008-11-01Kill some fstringsVolker Lendecke1-31/+55
2008-11-01Remove a bunch of direct inbuf references by adding "buf" to smb_requestVolker Lendecke1-10/+9
2008-11-01Add a "buflen" struct member to smb_requestVolker Lendecke1-2/+1
This removes some explicit inbuf references and also removes a pointless check in reply_echo. The buflen can never be more than 64k, this is just a 16 bit value.
2008-10-31Remove a pointles call to smb_bufremVolker Lendecke1-2/+1
This call expanded to (smb_buflen(req->inbuf) - PTR_DIFF(smb_buf(req->inbuf) - smb_buf(req->inbuf))) which seems pretty pointless :-)
2008-10-22s3-asn1: make all of s3 asn1 code do a proper asn1_init() first.Günther Deschner1-12/+17
Guenther
2008-10-22s3: use shared asn1 code.Günther Deschner1-1/+1
Guenther
2008-10-22Slightly simplify reply_sesssetup_blob(): Remove an else branchVolker Lendecke1-10/+11
2008-10-22Don't push the data out to the client in reply_sesssetup_blob()Volker Lendecke1-4/+0
Sending the data at this level breaks the assumption at higher levels that req->outbuf == NULL means this request is deferred. It also breaks potential chaining (Kerberos session setup and tcon X in one request)
2008-08-22Don't re-initialize a token when we already have one. This fixes the build ↵Jeremy Allison1-10/+13
farm failures when winbindd connects as guest. This one took a *lot* of tracking down :-). Jeremy. (This used to be commit dca827791276906436452c650062164eb819dfe0)
2008-05-20Fix type error in debug messageVolker Lendecke1-1/+1
(This used to be commit eb281532b1721ded39c39bb00c26202080dcd735)
2008-05-20sesssetup.c: Add debug message.Karolin Seeger1-0/+3
Log when we kill other smbd sessions like when we hit the VC == 0 case. This one fixes BUG #5476. Initial patch from Björn Jacke <bj@sernet.de>. Karolin (This used to be commit 1429f3b7cf293994b334052428fcdadcee162dea)
2008-05-11Fix a memleak in new auth_serversupplied codeVolker Lendecke1-1/+2
(This used to be commit f23e970848b6e6655453fa65f6f160f624acfcff)
2008-05-10Fix a memleakVolker Lendecke1-5/+0
(This used to be commit 9891c7c30858a3bea9adbea1c5bfa5c6b1b85221)
2008-05-10Add a mem_ctx argument to make_server_info_guest()Volker Lendecke1-3/+3
(This used to be commit e4a9492967f3d2b64f27943f99414608e0c03d21)
2008-05-07Rename server_info->was_mapped to server_info->nss_tokenVolker Lendecke1-3/+1
"nss_token" from my point of view much better reflects what this flag actually represents (This used to be commit b121a5acb2ef0bb3067d953b028696175432f10d)
2008-05-05Fix typoVolker Lendecke1-1/+1
(This used to be commit 8047a1991a09191fec254815f3bfc85a2c36674a)
2008-05-05Remove "session_key" from "struct user_struct"Volker Lendecke1-18/+13
This one took a bit -- I hope I covered all data paths (This used to be commit 74c88a44422f88d6e2f2cdbfdfa0bafe0dbe06c4)
2008-04-07Fix Kerberos interop with Mac OS X 10.5 clients.Bill Ricker1-21/+28
Ignore optional req_flags. Use the Kerberos mechanism OID negotiated with the client rather than hardcoding OID_KERBEROS5_OLD. (This used to be commit 59a2bcf30fef14ecc826271862b645dd3a61cb48)
2008-03-27Fix up the comments on security=share to explain we'reJeremy Allison1-1/+5
ignoring passwords. Jeremy. (This used to be commit e7b6ea46532a26611dfd9d9e2727d52ba6a9cf50)
2008-03-20smbd: fix session setup with security = share.Michael Adam1-1/+1
Broken by pstring removal in 9ed12bfc48fe7f9b1863a9dd88e881974083053c. Jeremy, please check. Thanks to Yannick Bergeron <yaberger@ca.ibm.com> for noting this. Michael (This used to be commit 008c4bdbe5de064b4469fc1f7c7173290f35b3ef)
2008-03-06Be more verbose why create local token has failed duringGünther Deschner1-0/+2
NTLMSSP and Kerberos session setup Guenther (This used to be commit 18b8c2c19e50aee8fc900c7507244cb95014a4fa)
2008-02-17Use new structs in reply_spnego_kerberos().Günther Deschner1-6/+5
Guenther (This used to be commit c55160f8e866d9b24a4dad234af78ae46c236a37)
2008-02-14Correctly use SPNEGO to negotiate down from krb5 to NTLMSSP.Jeremy Allison1-28/+81
Previously we didn't implement the 'NEGO' part of SPNEGO :-). Jeremy. (This used to be commit 8767a0dab95c544878b4187157e494e740974bb8)
2008-02-11smbd: use make usage of wbcDomainInfo()Stefan Metzmacher1-15/+9
metze (This used to be commit 9d6b43ea106df188b51060a8055fe5168220c314)
2008-01-11Fix CID 476. Ensure a valid pac_data pointer is always passed toJeremy Allison1-2/+1
ads_verify_ticket as it's always derefed. Jeremy. (This used to be commit 0599d57efff0f417f75510e8b08c3cb7b4bcfcd8)
2008-01-04Can't use logical operations on boolean values.Jeremy Allison1-1/+3
Jeremy. (This used to be commit 34cd9b5b51a4209b4d970eb90bf1db0eb24a60bb)
2008-01-04Now conn is part of smb_request, we don't need it asJeremy Allison1-23/+17
an extra parameter. This cleans up quite a few places we were passing it around without needing it. Jeremy. (This used to be commit 8f36def18e9f980e8db522e1de41e80cfd5f466e)
2008-01-04Refactor the crypto code after a very helpful conversationJeremy Allison1-1/+1
with Volker. Mostly making sure we have data on the incoming packet type, not stored in the smb header. Jeremy. (This used to be commit c4e5a505043965eec77b5bb9bc60957e8f3b97c8)
2007-11-10Remove last pstring from sesssetup.cJeremy Allison1-19/+21
Jeremy. (This used to be commit 9ed12bfc48fe7f9b1863a9dd88e881974083053c)
2007-11-03Remove most of the remaining globals out of lib/util_sock.c.Jeremy Allison1-2/+2
I have a plan for dealing with the remaining..... Watch this space. Jeremy. (This used to be commit 963fc7685212689f02b3adcc05b4273ee5c382d4)
2007-11-03I can't get away without a 'length' arg. :-).Jeremy Allison1-1/+2
Jeremy. (This used to be commit 95d01279a5def709d0a5d5ae7224d6286006d120)
2007-11-03Stop get_peer_addr() and client_addr() from using globalJeremy Allison1-1/+3
statics. Part of my library cleanups. Jeremy. (This used to be commit e848506c858bd16706c1d7f6b4b032005512b8ac)
2007-10-18RIP BOOL. Convert BOOL -> bool. I found a few interestingJeremy Allison1-17/+17
bugs in various places whilst doing this (places that assumed BOOL == int). I also need to fix the Samba4 pidl generation (next checkin). Jeremy. (This used to be commit f35a266b3cbb3e5fa6a86be60f34fe340a3ca71f)
2007-10-11Add const to the get_peer_addr() and get_socket_addr()Jeremy Allison1-1/+2
calls. Use the IPv6 varient for get_peer_addr(). Jeremy. (This used to be commit baf1f52e34ae2465a7a34be1065da29ed97e7bea)
2007-10-10r25286: Fix one more caller of unistr2_to_ascii() that passedMichael Adam1-1/+1
in -1 for maxlen. Michael (This used to be commit cd3d652d0d7609fc369ed0743c1fc54c87558438)
2007-10-10r24702: Remove the old API pointersVolker Lendecke1-1/+1
(This used to be commit 17df313db42199e26d7d2044f6a1d845aacd1a90)
2007-10-10r24661: Fix some obvious diffs between 3_2 and 3_2_0Volker Lendecke1-3/+5
Jeremy, there are two remaining diffs in sesssetup.c which I don't really know which one is right. Can you take a look? Thanks, Volker (This used to be commit d82f35448763eacd564836f34c9aa450b15ea582)
2007-10-10r24638: Remove redundent setting of vuid.Jeremy Allison1-3/+1
Jeremy (This used to be commit fd682c3f397714ebdaf4af3f6d1cbcbab6a2f572)
2007-10-10r24590: Reformatting to coding standards. Added my (C) in places it already ↵Jeremy Allison1-172/+249
should have been :-). Jeremy. (This used to be commit 41611a22ed852bb74e2ef3f45766c0580ffd3a18)
2007-10-10r24589: Refactor our vuid code so that we keep the sameJeremy Allison1-43/+79
vuid that was allocated whilst the connection is being constructed and after the connection has been set up. This is what Windows does and at least one client (and HP printer) depends on this behaviour. As it depends on the req struct not yet ported to SAMBA_3_2_0 (Volker, hint hint.... :-) I am not yet adding this to that branch, but will investigate that tomorrow. Jeremy. (This used to be commit a54f2805df92c67e74a6764568eedebe394fd500)
2007-10-10r24135: Convert call_trans2open to the new APIVolker Lendecke1-0/+1
This itself won't help much, because send_trans2_replies_new still allocates the big buffers, but stay tuned :-) Also add/update my copyright on stuff I recently touched. Volker (This used to be commit 248f15ff143474db2493cef89ba446892342a361)