summaryrefslogtreecommitdiff
path: root/source3/smbd/sesssetup.c
AgeCommit message (Collapse)AuthorFilesLines
2007-11-03Stop get_peer_addr() and client_addr() from using globalJeremy Allison1-1/+3
statics. Part of my library cleanups. Jeremy. (This used to be commit e848506c858bd16706c1d7f6b4b032005512b8ac)
2007-10-18RIP BOOL. Convert BOOL -> bool. I found a few interestingJeremy Allison1-17/+17
bugs in various places whilst doing this (places that assumed BOOL == int). I also need to fix the Samba4 pidl generation (next checkin). Jeremy. (This used to be commit f35a266b3cbb3e5fa6a86be60f34fe340a3ca71f)
2007-10-11Add const to the get_peer_addr() and get_socket_addr()Jeremy Allison1-1/+2
calls. Use the IPv6 varient for get_peer_addr(). Jeremy. (This used to be commit baf1f52e34ae2465a7a34be1065da29ed97e7bea)
2007-10-10r25286: Fix one more caller of unistr2_to_ascii() that passedMichael Adam1-1/+1
in -1 for maxlen. Michael (This used to be commit cd3d652d0d7609fc369ed0743c1fc54c87558438)
2007-10-10r24702: Remove the old API pointersVolker Lendecke1-1/+1
(This used to be commit 17df313db42199e26d7d2044f6a1d845aacd1a90)
2007-10-10r24661: Fix some obvious diffs between 3_2 and 3_2_0Volker Lendecke1-3/+5
Jeremy, there are two remaining diffs in sesssetup.c which I don't really know which one is right. Can you take a look? Thanks, Volker (This used to be commit d82f35448763eacd564836f34c9aa450b15ea582)
2007-10-10r24638: Remove redundent setting of vuid.Jeremy Allison1-3/+1
Jeremy (This used to be commit fd682c3f397714ebdaf4af3f6d1cbcbab6a2f572)
2007-10-10r24590: Reformatting to coding standards. Added my (C) in places it already ↵Jeremy Allison1-172/+249
should have been :-). Jeremy. (This used to be commit 41611a22ed852bb74e2ef3f45766c0580ffd3a18)
2007-10-10r24589: Refactor our vuid code so that we keep the sameJeremy Allison1-43/+79
vuid that was allocated whilst the connection is being constructed and after the connection has been set up. This is what Windows does and at least one client (and HP printer) depends on this behaviour. As it depends on the req struct not yet ported to SAMBA_3_2_0 (Volker, hint hint.... :-) I am not yet adding this to that branch, but will investigate that tomorrow. Jeremy. (This used to be commit a54f2805df92c67e74a6764568eedebe394fd500)
2007-10-10r24135: Convert call_trans2open to the new APIVolker Lendecke1-0/+1
This itself won't help much, because send_trans2_replies_new still allocates the big buffers, but stay tuned :-) Also add/update my copyright on stuff I recently touched. Volker (This used to be commit 248f15ff143474db2493cef89ba446892342a361)
2007-10-10r24056: Another big one: This converts reply_sesssetup_and_X to the new API. ↵Volker Lendecke1-185/+248
As usual, its history can be found on http://samba.org/~vlendec/sesssetup/. This very obviously needs close review. Volker (This used to be commit 35675a6a33d584e5c3c97d1cb5ca9b0315a5fa92)
2007-10-10r24050: Fix a typoVolker Lendecke1-1/+3
(This used to be commit 53027d0ee2dbe15beb2fce5d11a26f4ac0b08b9c)
2007-10-10r23997: Check in the infrastructure for getting rid of the global ↵Volker Lendecke1-1/+1
InBuffer/OutBuffer The complete history of this patch can be found under http://www.samba.org/~vlendec/inbuf-checkin/. Jeremy, Jerry: If possible I would like to see this in 3.2.0. I'm only checking into 3_2 at the moment, as it currently will slow down operations for all non-converted (i.e. all at this moment) operations, as it will copy the talloc'ed inbuf over the global InBuffer. It will need quite a bit of effort to convert everything necessary for the normal operations an XP box does. I have patches for negprot, session setup, tcon_and_X, open_and_X, close. More to come, but I would appreciate some help here. Volker (This used to be commit 5594af2b208c860d3f4b453af6a649d9e4295d1c)
2007-10-10r23784: use the GPLv3 boilerplate as recommended by the FSF and the license textAndrew Tridgell1-2/+1
(This used to be commit b0132e94fc5fef936aa766fb99a306b3628e9f07)
2007-10-10r23779: Change from v2 or later to v3 or later.Jeremy Allison1-1/+1
Jeremy. (This used to be commit 407e6e695b8366369b7c76af1ff76869b45347b3)
2007-10-10r23736: Use local variable of smb_flag2 instead of using the macro every time.Jeremy Allison1-14/+16
Jeremy. (This used to be commit 9e1663b1f18d716a7f307bea2b09dadeef392ab8)
2007-10-10r23726: Explicitly pass down the FLAGS2 field to srvstr_pull_buf. The nextVolker Lendecke1-14/+29
checkin will pull this up to srvstr_get_path. At that point we can get more independent of the inbuf, the base_ptr in pull_string will only be used to satisfy UCS2 alignment constraints. (This used to be commit 836782b07bf133e9b2598c4a089f1c810e4c7754)
2007-10-10r23474: Here's a small patch that disables the libkrb5.so replay cacheGerald Carter1-1/+3
when verifying a ticket from winbindd_pam.c. I've found during multiple, fast, automated SSH logins (such as from a cron script) that the replay cache in MIT's krb5 lib will occasionally fail the krb5_rd_req() as a replay attack. There seems to be a small window during which the MIT krb5 libs could reproduce identical time stamps for ctime and cusec in the authenticator since Unix systems only give back milli-seconds rather than the micro-seconds needed by the authenticator. Checked against MIT 1.5.1. Have not researched how Heimdal does it. My thinking is that if someone can spoof the KDC and TDS services we are pretty hopeless anyways. (This used to be commit cbd33da9f78373e29729325bbab1ae9040712b11)
2007-10-10r23172: Change shutdown_other_smbds to use connections_traverse instead ofVolker Lendecke1-9/+10
session_traverse. (This used to be commit ccb5eb245e962b0264b337c2d0275c22e2a36830)
2007-10-10r22868: Replace some message_send_pid calls with messaging_send_pid calls. MoreVolker Lendecke1-2/+2
tomorrow. (This used to be commit 74fa57ca5d7fa8eace72bbe948a08a0bca3cc4ca)
2007-10-10r22844: Introduce const DATA_BLOB data_blob_null = { NULL, 0, NULL }; andVolker Lendecke1-10/+10
replace all data_blob(NULL, 0) calls. (This used to be commit 3d3d61687ef00181f4f04e001d42181d93ac931e)
2007-10-10r22751: Next step for the cluster merge: sessionid.tdb should contain a 'structVolker Lendecke1-3/+3
server_id' instead of a 'uint32 pid' (This used to be commit be7bac55c37676a8137c59a22dfb2e4c4821ac21)
2007-10-10r22747: Fix some C++ warningsVolker Lendecke1-2/+1
(This used to be commit a66a04e9f11f6c4462f2b56b447bae4eca7b177c)
2007-10-10r22391: Looks bigger than it is. Make "inbuf" availableJeremy Allison1-11/+14
to all callers of smb_setlen (via set_message() calls). This will allow the server to reflect back the correct encryption context. Jeremy. (This used to be commit 2d80a96120a5fe2fe726f00746d36d85044c4bdb)
2007-10-10r22095: BUG 4484: Add more checks to set %a for Vista clients (based on ↵Gerald Carter1-0/+5
absence of native OS and Lanman strings in the session setup request) (This used to be commit e5c9fc937d40046030c0d3bcfced505410a14caf)
2007-10-10r21882: The server part of the code has to use an AUTH_NTLMSSP struct,Jeremy Allison1-1/+1
not just an NTLMSSP - grr. This complicates the re-use of common client and server code but I think I've got it right. Not turned on of valgrinded yet, but you can see it start to take shape ! Jeremy. (This used to be commit 60fc9c0aedf42dcd9df2ef9f1df07eaf3bca9bce)
2007-10-10r21847: Fix memory leaks in error paths (and in main code path in one case...)Jeremy Allison1-0/+1
in sasl bind. Wonder why coverity didn't find these ? Jeremy. (This used to be commit 89bdd30e4b2bb9dbc2ab57c54be8c6d01cae5a26)
2007-10-10r21845: Refactor the sessionsetupX code a little to allow usJeremy Allison1-42/+193
to return a NT_STATUS_TIME_DIFFERENCE_AT_DC error to a client when there's clock skew. Will help people debug this. Prepare us for being able to return the correct sessionsetupX "NT_STATUS_MORE_PROCESSING_REQUIRED" error with associated krb5 clock skew error to allow clients to re-sync time with us when we're eventually able to be a KDC. Jeremy. (This used to be commit c426340fc79a6b446033433b8de599130adffe28)
2007-10-10r21483: Fix use of uninitialized variable.Jeremy Allison1-3/+6
Jeremy. (This used to be commit 4a74d042c9108ed68cc92f27b390c261c0bc8885)
2007-10-10r21478: Add 65k length limit for split SPNEGO blobs.Jeremy Allison1-9/+19
Jeremy (This used to be commit 6be078da267677e3e558033c28099e3932a17712)
2007-10-10r21461: Not strictly necessary, as data_blob() panics if it can't allocate. ↵Volker Lendecke1-0/+4
But I'd see this as a design flaw in data_blob() and it made me look in that routine. Jeremy, revert or merge please :-) Volker (This used to be commit e7e6b8b5e0b00cc0746db4e9baa2e860074f903a)
2007-10-10r21460: Fix for server-side processing of SPNEGO authJeremy Allison1-10/+216
fragmented into "max xmit" size security blob chunks. Bug #4400. Needs limits adding, and also a client-side version. Jeremy. (This used to be commit aa69f2481aafee5dccc3783b8a6e23ca4eb0dbfa)
2007-10-10r21128: Fix Vista connecting to Samba in share level security.Jeremy Allison1-0/+1
Vista sends the NTLMv2 blob by default in the tconX packet. Make sure we save off the workgroup the user was logged into on the client in the sessionsetupX and re-use it for the NTLMv2 calc. Jeremy. (This used to be commit 45dcf62960c2815c4d8e0c5f4a2d0af24df83290)
2007-10-10r20124: clean up nested extern declaration warningsHerb Lewis1-6/+6
(This used to be commit ac3eb7813e33b9a2e78c9158433f7ed62c3b62bb)
2007-10-10r19986: ooopsSimo Sorce1-2/+0
(This used to be commit 97f150fbbbee4837c15de121b418881241f321e2)
2007-10-10r19984: Must have been drunk yesterday.Simo Sorce1-7/+4
Freeing memctx is all we need, fix double free stupidity (This used to be commit 2a7454959e93e5bd11161707d0bd16a431b92351)
2007-10-10r19980: Implement pam account stack checks when obey pam restrictions is true.Simo Sorce1-0/+16
It was missing for security=server/domain/ads Simo. (This used to be commit 550f651499c22c3c11594a0a39061a8a9b438d82)
2007-10-10r19979: Fix memleak on pw and change talloc_destroy to TALLOC_FREE for mem_ctxSimo Sorce1-3/+7
(This used to be commit defa0a352b32469984126ec5d47aab9ef8d6b61c)
2007-10-10r18907: W00t. My original fix was correct after all :-).Jeremy Allison1-1/+1
Re-checking it in. Fix bug #4095 - username composed into domain\user twice in spnego path. Jeremy. (This used to be commit 0c770467519e73897462e730c3226e65668d3890)
2007-10-10r18403: Revert until we get this sorted out correctly.Jeremy Allison1-1/+1
Jeremy. (This used to be commit d0fdd5eb1e0c8bf135c267d4ff8183899345beaa)
2007-10-10r18398: Fix bug #4095 - username composed into domain\userJeremy Allison1-1/+1
twice in spnego path. Jerry please check. Jeremy. (This used to be commit e872bacf2850cfb66be1c57be40484fe8e4c2da5)
2007-10-10r17909: ensure we do not call map_username() twice on Krb5 session setupsGerald Carter1-1/+5
(This used to be commit 779eba0a7cab3156b8580410cfe288609a288548)
2007-10-10r16397: Fix Klocwork #11767 and drasticly simplify theJeremy Allison1-0/+1
logic in smbd/process.c. All interested (Volker, Jerry, James etc). PLEASE REVIEW THIS CHANGE. The logic should be identical but *much* easier to follow and change (and shouldn't confuse Klockwork :-). Jeremy. (This used to be commit d357f8b33594472ffa78d0a112accccc2a8b1fe7)
2007-10-10r15589: While trying to understand the vuid code I found that security=share ↵Volker Lendecke1-11/+21
is broken right now. r14112 broke it, in 3.0.22 register_vuid for security=share returns UID_FIELD_INVALID which in current 3_0 is turned into an error condition. This makes sure that we only call register_vuid if sec!=share and meanwhile also fixes a little memleak. Then I also found a crash in smbclient with sec=share and hostmsdfs=yes. There's another crash with sec=share when coming from w2k3, but I need sleep now. Someone (jerry,jra?) please review the sesssetup.c change. Thanks, Volker (This used to be commit 8059d0ae395604503cad3d9f197928305923e3f5)
2007-10-10r15523: Honour the time_offset also when verifying kerberos tickets. ThisGünther Deschner1-1/+1
prevents a nasty failure condition in winbindd's pam_auth where a tgt and a service ticket could have been succefully retrieved, but just not validated. Guenther (This used to be commit a75dd80c6210d01aff104a86b0a9d39d65f2c348)
2007-10-10r15475: Ugly and disgusting patch to fix the username map problem I created byVolker Lendecke1-1/+4
changing the token generation. I *hate* this code! Jerry, you have been looking at this as well, can you double-check that I did not screw it up? Thanks, Volker (This used to be commit 2765c4ff8d44c970db3e075b0a2412662f1936c6)
2007-10-10r15472: Remove an unused function parameterVolker Lendecke1-1/+1
(This used to be commit d2f39ae7fe79fd31846c555849655023a2d1cbc7)
2007-10-10r15467: Ensure every exit error path calls nt_status_squash.Jeremy Allison1-27/+27
Jeremy. (This used to be commit e9b016ced636dfdfcb1c4d7d4313f89ddb5e7cbc)
2007-10-10r15115: Fix error return on sessionsetup. Ensure noJeremy Allison1-11/+15
data blob is added if the logon call failed. Jeremy. (This used to be commit 71d0191c313e2106ae2bdef3119b3ff6e591ee1b)
2007-10-10r14790: Fix possible null deref. Coverity #277.Jeremy Allison1-1/+3
Jeremy. (This used to be commit 2454af392a71989ecddb2dbb17a9217658102523)