summaryrefslogtreecommitdiff
path: root/source3/smbd/smb2_sesssetup.c
AgeCommit message (Collapse)AuthorFilesLines
2012-01-31s3:smbd: rework smbd_smb2_*_ntlmssp_auth* to smbd_smb2_auth_generic*Stefan Metzmacher1-22/+28
metze
2012-01-31s3:smbd: always use the gensec code path in smb2_sesssetup.cStefan Metzmacher1-460/+7
The other code pathes are unused, because we always have the spnego gensec module. metze
2012-01-25s3:smb2_sessetup: call set_current_user_info() and reload_services() on successStefan Metzmacher1-0/+11
This matches the smb1 code. metze Autobuild-User: Stefan Metzmacher <metze@samba.org> Autobuild-Date: Wed Jan 25 08:39:35 CET 2012 on sn-devel-104
2012-01-12s3:smbd: explicitly ask for GENSEC_FEATURE_UNIX_TOKENStefan Metzmacher1-0/+3
metze Autobuild-User: Stefan Metzmacher <metze@samba.org> Autobuild-Date: Thu Jan 12 11:22:53 CET 2012 on sn-devel-104
2012-01-05s3-auth Remove ntlmssp_wrap.h which is no longer requiredAndrew Bartlett1-1/+0
Signed-off-by: Stefan Metzmacher <metze@samba.org>
2012-01-05s3-auth use gensec directly rather than via auth_generic_stateAndrew Bartlett1-20/+20
This is possible because the s3 gensec modules are started as normal gensec modules, so we do not need a wrapper any more. Andrew Bartlett Signed-off-by: Stefan Metzmacher <metze@samba.org>
2012-01-05s3-auth Add TALLOC_CTX * to auth_generic_prepare()Andrew Bartlett1-10/+3
This makes the long term owner of this memory more clear. So far only the clear cases have been moved from NULL however. Andrew Bartlett Signed-off-by: Stefan Metzmacher <metze@samba.org>
2011-12-22s3-auth remove auth_ntlmssp_start(), call auth_generic_start() directlyAndrew Bartlett1-3/+3
This makes it clear that this can support more than just NTLMSSP. Andrew Bartlett Signed-off-by: Stefan Metzmacher <metze@samba.org>
2011-12-22s3-auth rename auth_ntlmssp_prepare() -> auth_generic_prepare()Andrew Bartlett1-3/+3
This function handles more than NTLMSSP now, at least when we are an AD DC and so changing the name may avoid some confusion in the future. Andrew Bartlett Signed-off-by: Stefan Metzmacher <metze@samba.org>
2011-12-15s3:smbd: pass smbd_server_connection and a snumused function pointer to ↵Stefan Metzmacher1-1/+1
reload_services() metze
2011-11-03s3:smbd: make use of SMB_SIGNING_* constantsStefan Metzmacher1-2/+2
metze
2011-10-21s3-ntlmssp Remove auth_ntlmssp_want_feature()Andrew Bartlett1-3/+3
We now just call the gensec_want_feature() directly. Andrew Bartlett Signed-off-by: Stefan Metzmacher <metze@samba.org>
2011-10-21s3-ntlmssp Remove auth_ntlmssp_update wrapperAndrew Bartlett1-11/+12
We now just call gensec_update directly. Andrew Bartlett Signed-off-by: Stefan Metzmacher <metze@samba.org>
2011-10-21s3-auth remove auth_ntlmssp_session_info()Andrew Bartlett1-6/+6
Instead, call gensec_session_info() directly. Andrew Bartlett Signed-off-by: Stefan Metzmacher <metze@samba.org>
2011-10-18ntlmssp: Move ntlmssp code to auth/ntlmsspAndrew Bartlett1-1/+1
This brings in the code from both libcli/auth and source4/auth/ntlmssp. Andrew Bartlett Signed-off-by: Stefan Metzmacher <metze@samba.org>
2011-09-23Fix bug #8477 - Map to guest can return uninitialized blob of data.Jeremy Allison1-1/+3
Found by Codenomicon at SNIA SDC. Autobuild-User: Jeremy Allison <jra@samba.org> Autobuild-Date: Fri Sep 23 03:19:46 CEST 2011 on sn-devel-104
2011-09-22s3:smb2_server: fix a logic error, we should sign non guest sessionsStefan Metzmacher1-1/+1
metze
2011-09-21s3:smb2-server: session setup replies should always be signed (except for ↵Michael Adam1-2/+7
guest sessions) not only if the session should be signed Signed-off-by: Stefan Metzmacher <metze@samba.org> Autobuild-User: Stefan Metzmacher <metze@samba.org> Autobuild-Date: Wed Sep 21 11:00:09 CEST 2011 on sn-devel-104
2011-09-07s3:smb2_server: use smbd_smb2_request_verify_sizes() in smb2_sesssetup.cStefan Metzmacher1-26/+9
metze
2011-08-03ntlmssp: Add ntlmssp_blob_matches_magic()Andrew Bartlett1-1/+1
This avoids having the same check in 3 different parts of the code Andrew Bartlett Autobuild-User: Andrew Bartlett <abartlet@samba.org> Autobuild-Date: Wed Aug 3 12:45:04 CEST 2011 on sn-devel-104
2011-08-03s3-auth rename auth_ntlmssp_steal_session_info()Andrew Bartlett1-6/+6
There is no longer any theft of memory as the underlying routines now produce a new auth_session_info for this caller, allocating it on the supplied memory context. Andrew Bartlett
2011-08-03s3-auth use auth_generic_start to get full GENSEC in Samba3 session setupAndrew Bartlett1-7/+18
This tests if the auth_generic_start() hook is available on the auth context during the negprot, and if so it uses auth_generic_start() to hook to GENSEC to handle the full SPNEGO blob. Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org>
2011-08-03s3-smbd Ensure we do not read past the end of a possible NTLMSSP blobAndrew Bartlett1-1/+1
Signed-off-by: Andrew Tridgell <tridge@samba.org>
2011-08-03s3-auth set session_info->sanitized_username in create_local_token()Andrew Bartlett1-16/+0
Rather than passing this value around the callers, and eventually setting it in register_existing_vuid(), we simply pass it to create_local_token(). This also removes the need for auth_ntlmssp_get_username(). Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org>
2011-08-03s3-ntlmssp Split auth_ntlmssp_start into two functionsAndrew Bartlett1-3/+25
This helps map on to the GENSEC semantics better, and ensures that the full set of desired features are set before the mechanism starts. Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org>
2011-08-03s3-ntlmssp Remove calls to auth_ntlmssp_and_flags from the serverAndrew Bartlett1-0/+2
This is changed so that the callers ask for the additional flags that they need, starting with no additional flags. This helps to create a proper abstraction layer in ntlmssp_wrap/auth_ntlmssp. Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org>
2011-08-03s3-ntlmssp Add mem_ctx argument to auth_ntlmssp_updateAndrew Bartlett1-15/+4
This clarifies the lifetime of the returned token. Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org>
2011-08-03s3-auth Move map to guest to directly after the check_password callsAndrew Bartlett1-26/+9
This means we no longer need two different map to guest functions and have consistent logic with fewer layering violations. Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org>
2011-07-20s3-auth Remove seperate guest booleanAndrew Bartlett1-4/+5
Instead, we base our guest calculations on the presence or absense of the authenticated users group in the token, ensuring that we have only one canonical source of this important piece of authorization data Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org>
2011-07-20s3-auth Use guest boolean in auth_user_info_unixAndrew Bartlett1-4/+4
Signed-off-by: Andrew Tridgell <tridge@samba.org>
2011-07-20s3-auth Use struct auth_user_info_unix for unix_name and sanitized_usernameAndrew Bartlett1-4/+4
This is closer to the layout of struct auth_session_info in auth.idl Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org>
2011-07-08Move smbd_smb2_request_check_tcon() smbd_smb2_request_check_session() next ↵Jeremy Allison1-58/+0
to their only user and make them static. Add comments. Autobuild-User: Jeremy Allison <jra@samba.org> Autobuild-Date: Fri Jul 8 21:01:40 CEST 2011 on sn-devel-104
2011-07-04s3-smbd: Replace client_id in smbd session setup.Andreas Schneider1-1/+2
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
2011-07-04s3-auth: Added remote_address to ntlmssp server.Andreas Schneider1-3/+6
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
2011-05-05More simple const fixes.Jeremy Allison1-1/+1
2011-04-05s3-auth Rename user_session_key -> session_key to match auth_session_infoAndrew Bartlett1-2/+2
2011-04-05s3-auth use create_local_token() to transform server_info -> session_infoAndrew Bartlett1-17/+6
Before a auth_serversupplied_info struct can be used for authorization, the local groups and privileges must be calculated. create_local_token() now copies the server_info, and then sets the calulated token and unix groups. Soon, it will also transform the result into an expanded struct auth_session_info. Until then, the variable name (server_info vs session_info provides a clue to the developer about what information has been entered in the structure). By moving the calls to create_local_token within the codebase, we remove duplication, and ensure that the session key (where modified) is consistently copied into the new structure. Andrew Bartlett
2011-04-04s3-auth consolidate create_local_token() into make_server_info_krb5()Andrew Bartlett1-18/+4
This ensures that all callers don't need to each add builtin groups and privileges to the user's token Andrew Bartlett
2011-03-30s3-auth: smbd needs auth.hGünther Deschner1-0/+1
Guenther
2011-03-30s3: include smbd/smbd.h where needed.Günther Deschner1-0/+1
Guenther
2011-03-16s3-build: only include asn1 headers where actually needed.Günther Deschner1-0/+1
Guenther
2011-02-22s3-auth Rename auth_serversupplied_info varaiables: server_info -> session_infoAndrew Bartlett1-34/+34
These variables, of type struct auth_serversupplied_info were poorly named when added into 2001, and in good consistant practice, this has extended all over the codebase in the years since. The structure is also not ideal for it's current purpose. Originally intended to convey the results of the authentication modules, it really describes all the essential attributes of a session. This rename will reduce the volume of a future patch to replaced these with a struct auth_session_info, with auth_serversupplied_info confined to the lower levels of the auth subsystem, and then eliminated. (The new structure will be the output of create_local_token(), and the change in struct definition will ensure that this is always run, populating local groups and privileges). Andrew Bartlett Signed-off-by: Stefan Metzmacher <metze@samba.org>
2011-02-10s3-auth Rename cryptic 'ptok' to security_tokenAndrew Bartlett1-1/+1
This will allow the auth_serversupplied_info struct to be migrated to auth_session_info easier. Adnrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-08-30s3-smbd: use make_server_info_krb5() in smb2 too.Simo Sorce1-75/+8
Signed-off-by: Günther Deschner <gd@samba.org>
2010-08-30s3-smbd: User helper function to resolve kerberos user for smb2Simo Sorce1-125/+30
Signed-off-by: Günther Deschner <gd@samba.org>
2010-08-22s3: Pass the rhost through smb_pam_accountcheckVolker Lendecke1-1/+2
2010-08-18s3: Lift smbd_server_fd from reload_services()Volker Lendecke1-1/+1
2010-08-17s3: Remove smbd_server_fd() from session_claimVolker Lendecke1-4/+2
2010-08-09Fix bug #7608 - Win7 SMB2 authentication causes smbd panicJeremy Allison1-2/+4
We need to call setup_ntlmssp_server_info() if status==NT_STATUS_OK, or if status is anything except NT_STATUS_MORE_PROCESSING_REQUIRED, as this can trigger map to guest. Jeremy.
2010-08-08s3: Lift the smbd_messaging_context from reload_servicesVolker Lendecke1-1/+1