summaryrefslogtreecommitdiff
path: root/source3/smbd/smb2_sesssetup.c
AgeCommit message (Collapse)AuthorFilesLines
2011-08-03s3-auth Move map to guest to directly after the check_password callsAndrew Bartlett1-26/+9
This means we no longer need two different map to guest functions and have consistent logic with fewer layering violations. Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org>
2011-07-20s3-auth Remove seperate guest booleanAndrew Bartlett1-4/+5
Instead, we base our guest calculations on the presence or absense of the authenticated users group in the token, ensuring that we have only one canonical source of this important piece of authorization data Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org>
2011-07-20s3-auth Use guest boolean in auth_user_info_unixAndrew Bartlett1-4/+4
Signed-off-by: Andrew Tridgell <tridge@samba.org>
2011-07-20s3-auth Use struct auth_user_info_unix for unix_name and sanitized_usernameAndrew Bartlett1-4/+4
This is closer to the layout of struct auth_session_info in auth.idl Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org>
2011-07-08Move smbd_smb2_request_check_tcon() smbd_smb2_request_check_session() next ↵Jeremy Allison1-58/+0
to their only user and make them static. Add comments. Autobuild-User: Jeremy Allison <jra@samba.org> Autobuild-Date: Fri Jul 8 21:01:40 CEST 2011 on sn-devel-104
2011-07-04s3-smbd: Replace client_id in smbd session setup.Andreas Schneider1-1/+2
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
2011-07-04s3-auth: Added remote_address to ntlmssp server.Andreas Schneider1-3/+6
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
2011-05-05More simple const fixes.Jeremy Allison1-1/+1
2011-04-05s3-auth Rename user_session_key -> session_key to match auth_session_infoAndrew Bartlett1-2/+2
2011-04-05s3-auth use create_local_token() to transform server_info -> session_infoAndrew Bartlett1-17/+6
Before a auth_serversupplied_info struct can be used for authorization, the local groups and privileges must be calculated. create_local_token() now copies the server_info, and then sets the calulated token and unix groups. Soon, it will also transform the result into an expanded struct auth_session_info. Until then, the variable name (server_info vs session_info provides a clue to the developer about what information has been entered in the structure). By moving the calls to create_local_token within the codebase, we remove duplication, and ensure that the session key (where modified) is consistently copied into the new structure. Andrew Bartlett
2011-04-04s3-auth consolidate create_local_token() into make_server_info_krb5()Andrew Bartlett1-18/+4
This ensures that all callers don't need to each add builtin groups and privileges to the user's token Andrew Bartlett
2011-03-30s3-auth: smbd needs auth.hGünther Deschner1-0/+1
Guenther
2011-03-30s3: include smbd/smbd.h where needed.Günther Deschner1-0/+1
Guenther
2011-03-16s3-build: only include asn1 headers where actually needed.Günther Deschner1-0/+1
Guenther
2011-02-22s3-auth Rename auth_serversupplied_info varaiables: server_info -> session_infoAndrew Bartlett1-34/+34
These variables, of type struct auth_serversupplied_info were poorly named when added into 2001, and in good consistant practice, this has extended all over the codebase in the years since. The structure is also not ideal for it's current purpose. Originally intended to convey the results of the authentication modules, it really describes all the essential attributes of a session. This rename will reduce the volume of a future patch to replaced these with a struct auth_session_info, with auth_serversupplied_info confined to the lower levels of the auth subsystem, and then eliminated. (The new structure will be the output of create_local_token(), and the change in struct definition will ensure that this is always run, populating local groups and privileges). Andrew Bartlett Signed-off-by: Stefan Metzmacher <metze@samba.org>
2011-02-10s3-auth Rename cryptic 'ptok' to security_tokenAndrew Bartlett1-1/+1
This will allow the auth_serversupplied_info struct to be migrated to auth_session_info easier. Adnrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-08-30s3-smbd: use make_server_info_krb5() in smb2 too.Simo Sorce1-75/+8
Signed-off-by: Günther Deschner <gd@samba.org>
2010-08-30s3-smbd: User helper function to resolve kerberos user for smb2Simo Sorce1-125/+30
Signed-off-by: Günther Deschner <gd@samba.org>
2010-08-22s3: Pass the rhost through smb_pam_accountcheckVolker Lendecke1-1/+2
2010-08-18s3: Lift smbd_server_fd from reload_services()Volker Lendecke1-1/+1
2010-08-17s3: Remove smbd_server_fd() from session_claimVolker Lendecke1-4/+2
2010-08-09Fix bug #7608 - Win7 SMB2 authentication causes smbd panicJeremy Allison1-2/+4
We need to call setup_ntlmssp_server_info() if status==NT_STATUS_OK, or if status is anything except NT_STATUS_MORE_PROCESSING_REQUIRED, as this can trigger map to guest. Jeremy.
2010-08-08s3: Lift the smbd_messaging_context from reload_servicesVolker Lendecke1-1/+1
2010-08-06s3-krb5: include krb5pac.h where needed.Günther Deschner1-0/+1
Guenther
2010-08-05s3: avoid global include of ads.h.Günther Deschner1-0/+1
Guenther
2010-07-20Add approriate TALLOC_CTX's thoughout the spnego code. No more implicit NULL ↵Jeremy Allison1-17/+11
contexts. Jeremy.
2010-07-20Add TALLOC_CTX argument to spnego_parse_negTokenInit, reduceJeremy Allison1-5/+6
use of malloc, and data_blob(). Jeremy.
2010-07-20s3-auth: Move auth_ntlmssp wrappers in their own fileSimo Sorce1-0/+1
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
2010-07-20s3-auth: Refactor and rename auth_ntlmssp_server_info()Simo Sorce1-1/+1
Rename it to auth_ntlmssp_steal_server_info() to make it clear that the server_info struct is stolen from the auth_ntlmssp_state structure. Use talloc_move instead of manual steal&clear Add comments to explain what is going on. Signed-off-by: Andrew Bartlett <abartlet@samba.org>
2010-07-19s3-auth: Use talloc hierarchies to properly free auth_ntlmssp_state contextsSimo Sorce1-9/+9
Turn auth_ntlmssp_end into a destructor and attach it to auth_ntlmssp_state. Remote auth_ntlmssp_end and use TALLOC_FREE in the callers. Signed-off-by: Andrew Bartlett <abartlet@samba.org>
2010-07-16Make the "map to guest" parameter work correctly with NTLMSSP (spnegoJeremy Allison1-7/+28
and raw) under SMB2. Still need to investigate fixing this with krb5 auth (does this make sense ?). Jeremy.
2010-07-14s3:auth Change auth_ntlmssp_server_info API to return NTSTATUSAndrew Bartlett1-3/+4
This fixes a bug where register_existing_vuid() could be called with a NULL server_info if the alloction failed. Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-07-05s3: Remove procid_self() from session_claim()Volker Lendecke1-2/+4
2010-06-08Revert "s3:auth Change auth_ntlmssp_server_info API to return NTSTATUS"Volker Lendecke1-4/+3
This reverts commit edba46ce94c335411ab337eeb4ef6f88fb3aae80. Conflicts: source3/auth/auth_ntlmssp.c
2010-06-07s3:auth Change auth_ntlmssp_server_info API to return NTSTATUSAndrew Bartlett1-3/+4
It's nicer to have an NTSTATUS return, and in s3compat there may be a reason other than 'no memory' why this can fail. Andrew Bartlett
2010-06-03Allow us to cope correctly with NT_STATUS_MORE_PROCESSING_REQUIRED when ↵Jeremy Allison1-1/+7
downgrading from krb5 to NTLMSSP over SMB2. Jeremy.
2010-06-03Found by Guenther - fix up our fallback paths from krb5 to NTLMSSP when ↵Jeremy Allison1-8/+29
using SMB2. Jeremy.
2010-05-31s3:smbd map_username() doesn't need sconn anymoreSimo Sorce1-2/+1
Signed-off-by: Andreas Schneider <asn@samba.org>
2010-05-31ntlmssp: Make the ntlmssp.h from source3/ a common headerAndrew Bartlett1-1/+1
The code is not yet in common, but I hope to fix that soon. Andrew Bartlett Signed-off-by: Stefan Metzmacher <metze@samba.org> Signed-off-by: Günther Deschner <gd@samba.org>
2010-05-31s3:auth Make AUTH_NTLMSSP_STATE a private structure.Andrew Bartlett1-19/+11
This makes it a little easier for it to writen in terms of GENSEC in future. Andrew Bartlett Signed-off-by: Stefan Metzmacher <metze@samba.org> Signed-off-by: Günther Deschner <gd@samba.org>
2010-05-28s3:auth Free sampass as soon as we have server_infoSimo Sorce1-0/+1
We don't keep sampass in server_info anymore So it makes no sense to keep it around. Signed-off-by: Günther Deschner <gd@samba.org>
2010-05-28s3:auth use info3 in auth_serversupplied_infoSimo Sorce1-4/+4
Signed-off-by: Günther Deschner <gd@samba.org>
2010-05-21Make krb5 over SMB2 identical to the way we handle it in SMB1.Jeremy Allison1-2/+50
Jeremy.
2010-05-20s3 smb2: Fix the build without kerberosKai Blin1-0/+2
Jeremy, please check
2010-05-17Plumb in krb5 to the SMB2 sessionsetup code. First cut of this code.Jeremy Allison1-10/+403
Jeremy.
2010-05-17Refactor the sessionsetup SMB2 code to make it easy to addJeremy Allison1-140/+293
krb5. Fix a memory leak in returning security blobs. Jeremy
2010-05-10SMB2 always have level2 oplock capability. Correct mapping from break ↵Jeremy Allison1-0/+2
messages to SMB2 oplock levels. Jeremy.
2010-04-17First part of fix for bug #7331 - Compound async SMB 2 requests don't work ↵Jeremy Allison1-10/+17
right. Gets us handling SMB2 compound async requests similar to W2K8R2 (and triggers the same client bug in the Win7 redirector). Great thanks to Ira Cooper <samba@ira.wakeful.net> for helping with this and to Metze for the wonderful async framework. The one thing I need to fix to make us identical to W2K8R2 is that when a compound request goes async at the end W2K8R2 splits the replies up into a compound non-async reply followed by a separate async reply. Currently we're doing the whole thing in a compound reply. Jeremy.
2010-04-07On compound requests, MS-SMB2 says clients MAY use 0xFFFFFFFF for compound ↵Jeremy Allison1-0/+20
tid and 0xFFFFFFFFFFFFFFFF for compound sessionid values. Cope with this. Jeremy.
2009-12-22s3:ntlmssp: only include ntlmssp.h where actually neededAndrew Bartlett1-0/+1
Andrew Bartlett