summaryrefslogtreecommitdiff
path: root/source3/smbd/sesssetup.c
AgeCommit message (Collapse)AuthorFilesLines
2007-10-10r21882: The server part of the code has to use an AUTH_NTLMSSP struct,Jeremy Allison1-1/+1
not just an NTLMSSP - grr. This complicates the re-use of common client and server code but I think I've got it right. Not turned on of valgrinded yet, but you can see it start to take shape ! Jeremy. (This used to be commit 60fc9c0aedf42dcd9df2ef9f1df07eaf3bca9bce)
2007-10-10r21847: Fix memory leaks in error paths (and in main code path in one case...)Jeremy Allison1-0/+1
in sasl bind. Wonder why coverity didn't find these ? Jeremy. (This used to be commit 89bdd30e4b2bb9dbc2ab57c54be8c6d01cae5a26)
2007-10-10r21845: Refactor the sessionsetupX code a little to allow usJeremy Allison1-42/+193
to return a NT_STATUS_TIME_DIFFERENCE_AT_DC error to a client when there's clock skew. Will help people debug this. Prepare us for being able to return the correct sessionsetupX "NT_STATUS_MORE_PROCESSING_REQUIRED" error with associated krb5 clock skew error to allow clients to re-sync time with us when we're eventually able to be a KDC. Jeremy. (This used to be commit c426340fc79a6b446033433b8de599130adffe28)
2007-10-10r21483: Fix use of uninitialized variable.Jeremy Allison1-3/+6
Jeremy. (This used to be commit 4a74d042c9108ed68cc92f27b390c261c0bc8885)
2007-10-10r21478: Add 65k length limit for split SPNEGO blobs.Jeremy Allison1-9/+19
Jeremy (This used to be commit 6be078da267677e3e558033c28099e3932a17712)
2007-10-10r21461: Not strictly necessary, as data_blob() panics if it can't allocate. ↵Volker Lendecke1-0/+4
But I'd see this as a design flaw in data_blob() and it made me look in that routine. Jeremy, revert or merge please :-) Volker (This used to be commit e7e6b8b5e0b00cc0746db4e9baa2e860074f903a)
2007-10-10r21460: Fix for server-side processing of SPNEGO authJeremy Allison1-10/+216
fragmented into "max xmit" size security blob chunks. Bug #4400. Needs limits adding, and also a client-side version. Jeremy. (This used to be commit aa69f2481aafee5dccc3783b8a6e23ca4eb0dbfa)
2007-10-10r21128: Fix Vista connecting to Samba in share level security.Jeremy Allison1-0/+1
Vista sends the NTLMv2 blob by default in the tconX packet. Make sure we save off the workgroup the user was logged into on the client in the sessionsetupX and re-use it for the NTLMv2 calc. Jeremy. (This used to be commit 45dcf62960c2815c4d8e0c5f4a2d0af24df83290)
2007-10-10r20124: clean up nested extern declaration warningsHerb Lewis1-6/+6
(This used to be commit ac3eb7813e33b9a2e78c9158433f7ed62c3b62bb)
2007-10-10r19986: ooopsSimo Sorce1-2/+0
(This used to be commit 97f150fbbbee4837c15de121b418881241f321e2)
2007-10-10r19984: Must have been drunk yesterday.Simo Sorce1-7/+4
Freeing memctx is all we need, fix double free stupidity (This used to be commit 2a7454959e93e5bd11161707d0bd16a431b92351)
2007-10-10r19980: Implement pam account stack checks when obey pam restrictions is true.Simo Sorce1-0/+16
It was missing for security=server/domain/ads Simo. (This used to be commit 550f651499c22c3c11594a0a39061a8a9b438d82)
2007-10-10r19979: Fix memleak on pw and change talloc_destroy to TALLOC_FREE for mem_ctxSimo Sorce1-3/+7
(This used to be commit defa0a352b32469984126ec5d47aab9ef8d6b61c)
2007-10-10r18907: W00t. My original fix was correct after all :-).Jeremy Allison1-1/+1
Re-checking it in. Fix bug #4095 - username composed into domain\user twice in spnego path. Jeremy. (This used to be commit 0c770467519e73897462e730c3226e65668d3890)
2007-10-10r18403: Revert until we get this sorted out correctly.Jeremy Allison1-1/+1
Jeremy. (This used to be commit d0fdd5eb1e0c8bf135c267d4ff8183899345beaa)
2007-10-10r18398: Fix bug #4095 - username composed into domain\userJeremy Allison1-1/+1
twice in spnego path. Jerry please check. Jeremy. (This used to be commit e872bacf2850cfb66be1c57be40484fe8e4c2da5)
2007-10-10r17909: ensure we do not call map_username() twice on Krb5 session setupsGerald Carter1-1/+5
(This used to be commit 779eba0a7cab3156b8580410cfe288609a288548)
2007-10-10r16397: Fix Klocwork #11767 and drasticly simplify theJeremy Allison1-0/+1
logic in smbd/process.c. All interested (Volker, Jerry, James etc). PLEASE REVIEW THIS CHANGE. The logic should be identical but *much* easier to follow and change (and shouldn't confuse Klockwork :-). Jeremy. (This used to be commit d357f8b33594472ffa78d0a112accccc2a8b1fe7)
2007-10-10r15589: While trying to understand the vuid code I found that security=share ↵Volker Lendecke1-11/+21
is broken right now. r14112 broke it, in 3.0.22 register_vuid for security=share returns UID_FIELD_INVALID which in current 3_0 is turned into an error condition. This makes sure that we only call register_vuid if sec!=share and meanwhile also fixes a little memleak. Then I also found a crash in smbclient with sec=share and hostmsdfs=yes. There's another crash with sec=share when coming from w2k3, but I need sleep now. Someone (jerry,jra?) please review the sesssetup.c change. Thanks, Volker (This used to be commit 8059d0ae395604503cad3d9f197928305923e3f5)
2007-10-10r15523: Honour the time_offset also when verifying kerberos tickets. ThisGünther Deschner1-1/+1
prevents a nasty failure condition in winbindd's pam_auth where a tgt and a service ticket could have been succefully retrieved, but just not validated. Guenther (This used to be commit a75dd80c6210d01aff104a86b0a9d39d65f2c348)
2007-10-10r15475: Ugly and disgusting patch to fix the username map problem I created byVolker Lendecke1-1/+4
changing the token generation. I *hate* this code! Jerry, you have been looking at this as well, can you double-check that I did not screw it up? Thanks, Volker (This used to be commit 2765c4ff8d44c970db3e075b0a2412662f1936c6)
2007-10-10r15472: Remove an unused function parameterVolker Lendecke1-1/+1
(This used to be commit d2f39ae7fe79fd31846c555849655023a2d1cbc7)
2007-10-10r15467: Ensure every exit error path calls nt_status_squash.Jeremy Allison1-27/+27
Jeremy. (This used to be commit e9b016ced636dfdfcb1c4d7d4313f89ddb5e7cbc)
2007-10-10r15115: Fix error return on sessionsetup. Ensure noJeremy Allison1-11/+15
data blob is added if the logon call failed. Jeremy. (This used to be commit 71d0191c313e2106ae2bdef3119b3ff6e591ee1b)
2007-10-10r14790: Fix possible null deref. Coverity #277.Jeremy Allison1-1/+3
Jeremy. (This used to be commit 2454af392a71989ecddb2dbb17a9217658102523)
2007-10-10r14170: Paranioa fix for sesssetup.Jeremy Allison1-0/+5
Fix Coverity bug #26. Guard against NULL ref. Jeremy. (This used to be commit c0f906ac8de850f4566b6b3be4e3c7d245e6e252)
2007-10-10r14168: Fix Coverity #219. I think this is a false coverityJeremy Allison1-1/+4
warning as it seems to get confused with assignment and comparison. Clarify the code anyway. Jeremy. (This used to be commit 754818f8cc0849bddf84b7a534cd65e8dcd932ac)
2007-10-10r14130: Remove make_server_info_pac alltogether, make_server_info_info3 doesGünther Deschner1-3/+3
already do what we need. Guenther (This used to be commit 773e33c9717ae04f48983ddc49f7619a97523603)
2007-10-10r14112: * fix checks on return code from register_vuid() which could actuallyGerald Carter1-4/+19
fail and we would still return success in the SMBsesssetup reply :-( * Make sure to create the local token for the server_fino struct in reply_spnego_kerberos() so that register_vuid() does not fail. (how did this ever work?) (This used to be commit 8dafa45b97020d1aceb027a85e18401c965bf402)
2007-10-10r13604: Fix for bug #3512 "use spnego=no" and "server signing=auto" cause ↵Jeremy Allison1-22/+20
client to disconnect after negprot" We missed one case of ignoring "BSRSPYL ". Merge for 3.0.21c. Jeremy. (This used to be commit 7d21cf420fdecaee43408ad5cc192cc0715d95a2)
2007-10-10r13316: Let the carnage begin....Gerald Carter1-11/+19
Sync with trunk as off r13315 (This used to be commit 17e63ac4ed8325c0d44fe62b2442449f3298559f)
2007-10-10r11909: Implement 'reset on zero vc'. This kills other connections when a ↵Volker Lendecke1-0/+26
session setup comes in with the vc (virtual connection) field set to zero. This is done by Windows, probably you can tweak that by some registry key. This boolean option controls whether an incoming session setup should kill other connections coming from the same IP. This matches the default Windows 2003 behaviour. Setting this parameter to yes becomes necessary when you have a flaky network and windows decides to reconnect while the old connection still has files with share modes open. These files become inaccessible over the new connection. The client sends a zero VC on the new connection, and Windows 2003 kills all other connections coming from the same IP. This way the locked files are accessible again. Please be aware that enabling this option will kill connections behind a masquerading router. Volker (This used to be commit 5629ca16235f0aa21fea3afd9e414309e4e1374e)
2007-10-10r11846: Destroy the TALLOC_CTX on error in the Kerberos session setup and give aGünther Deschner1-0/+7
more precise inline comment why PAC verification may fail. Guenther (This used to be commit 43b57715e9b44a0a0c7cc7fe3674a5fd4369e78b)
2007-10-10r11661: Store the INFO3 in the PAC data into the netsamlogon_cache.Gerald Carter1-4/+8
Also remove the mem_ctx from the netsamlogon_cache_store() API. Guenther, what should we be doing with the other fields in the PAC_LOGON_INFO? (This used to be commit 8bead2d2825015fe41ba7d7401a12c06c29ea7f7)
2007-10-10r11655: Two small fixesGerald Carter1-3/+0
* remove redundant call to sub_set_smb_name() in session setup code. * Fix lockup when running 'wbinfo -t' on a Samba PDC. Cause was new authenticated session setup from winbindd which resulted in a mangled username (machine_) that was not found in the local files and so was queiued up to nss_winbindd. Deadlock.... So now make sure to keep the trailing '$' for machine account names when calling sub_set_smb_name(). (This used to be commit b0a2d43b603c2e230da6ada73587696605102e8f)
2007-10-10r11213: Fix the buildGünther Deschner1-1/+0
Guenther (This used to be commit 908ac0c9eccd1ba368a6305fee9673770fc74a53)
2007-10-10r11183: add small helper function to return a PAC_LOGON_INFO.Günther Deschner1-10/+1
Guenther (This used to be commit a8d5d6b845efb62e73e281549528376f3ee74211)
2007-10-10r10656: BIG merge from trunk. Features not copied overGerald Carter1-13/+57
* \PIPE\unixinfo * winbindd's {group,alias}membership new functions * winbindd's lookupsids() functionality * swat (trunk changes to be reverted as per discussion with Deryck) (This used to be commit 939c3cb5d78e3a2236209b296aa8aba8bdce32d3)
2007-10-10r8913: Fix memory leak in -r 8912: Free the right thing, rather than blob1 ↵Andrew Bartlett1-1/+1
'twice'. Andrew Bartlett (This used to be commit 7adeba4036d9d83a10d8944c81ea3fab0267db21)
2007-10-10r8912: Samba 3.0 was failing from a Vista client, because it was using 'raw'Andrew Bartlett1-6/+39
NTLMSSP (not wrapped in SPNEGO). We really should have supported this anyway, but we got away with it for a while... Andrew Bartlett (This used to be commit 78f0640a4b4af8b40c0af251fd06edd97feaf1be)
2007-10-10r8472: abartlet's patch for parallel ntlmssp ↵Gerald Carter1-17/+58
supporttrunk/source/smbd/sesssetup.c (This used to be commit aab17a7095a18b243a271f8f3f824facd6932f23)
2007-10-10r7963: Add aio support to 3.0.Jeremy Allison1-0/+1
Jeremy. (This used to be commit 1de27da47051af08790317f5b48b02719d6b9934)
2007-10-10r7882: Looks like a large patch - but what it actually does is make SambaJeremy Allison1-1/+1
safe for using our headers and linking with C++ modules. Stops us from using C++ reserved keywords in our code. Jeremy (This used to be commit 9506b8e145982b1160a2f0aee5c9b7a54980940a)
2007-10-10r7398: commiting abartlet's patch for kerberos authentication when using a ↵Gerald Carter1-1/+1
keytab and security != ads (This used to be commit 3faaa5c3eb3b2057984586e069a47cb210c99140)
2007-10-10r7395: * new feature 'map to guest = bad uid' (based on patch fromGerald Carter1-20/+35
aruna.prabakar@hp.com). This re-enables the Samba 2.2 behavior where a user that was successfully authenticated by a remote DC would be mapped to the guest account if there was not existing UNIX account for that user and we could not create one. (This used to be commit b7455fbf81f4e47c087c861f70d492a328730a9b)
2007-10-10r7372: abartet's patch for BUG 2391 (segv caused by free a static pointer)Gerald Carter1-0/+2
(This used to be commit 4cda2bd035276bd090bf0fbd4e3b2eff657a80cb)
2007-10-10r7139: trying to reduce the number of diffs between trunk and 3.0; changing ↵Gerald Carter1-9/+6
version to 3.0.20pre1 (This used to be commit 9727d05241574042dd3aa8844ae5c701d22e2da1)
2007-10-10r7024: reverting mistaken commitGerald Carter1-14/+3
(This used to be commit c70c5c4ee9b14fbdb174f542607aceebe0e88470)
2007-10-10r7020: fixing printer ace values and getting rid of false compiler warning ↵Gerald Carter1-3/+14
about unitialized variable (This used to be commit 3a91b20e4bcc78c91932e6c4394b3f6f153b2ff5)
2007-10-10r6225: get rid of warnings from my compiler about nested externsHerb Lewis1-5/+6
(This used to be commit efea76ac71412f8622cd233912309e91b9ea52da)