summaryrefslogtreecommitdiff
path: root/source3/smbd/smb2_sesssetup.c
AgeCommit message (Collapse)AuthorFilesLines
2013-10-15smbd:smb2: fix crash when smb2 session reauth failsMichael Adam1-3/+17
https://bugzilla.samba.org/show_bug.cgi?id=10208 Authentication error in smb2 session reauth invalidates the session. In this case the session must in contrast to successful session setup requests be torn down and live no longer than the request. The talloc move of the session from the global session table to the request ensures that the session setup reply can still be correctly signed, but subsequent requests on the connection don't find a session any more. Pair-Programmed-With: Jeremy Allison <jra@samba.org> Pair-Programmed-With: Stefan Metzmacher <metze@samba.org> Signed-off-by: Michael Adam <obnox@samba.org>
2012-10-19s3:smbd: initialize session->global before calling session_claimGregor Beck1-7/+7
Signed-off-by: Stefan Metzmacher <metze@samba.org> Signed-off-by: Michael Adam <obnox@samba.org>
2012-10-19s3:smbd: remove smbd_server_connection argument from session_claim()Gregor Beck1-1/+1
retrieve the server connection from the smbXsrv_session argument instead. Signed-off-by: Stefan Metzmacher <metze@samba.org> Signed-off-by: Michael Adam <obnox@samba.org>
2012-10-19s3:smbd: pass smbXsrv_session instead of user_struct to session_claim() and ↵Gregor Beck1-1/+1
session_yield() Signed-off-by: Stefan Metzmacher <metze@samba.org> Signed-off-by: Michael Adam <obnox@samba.org>
2012-10-03Revert "Fix bug #9222 - smbd ignores the "server signing = no" setting for ↵Jeremy Allison1-6/+0
SMB2." This reverts commit dfd3c31a3f9eea96854b2d22574856368e86b245. As Metze pointed out: From MS-SMB2 section 2.2.4: SMB2_NEGOTIATE_SIGNING_ENABLED When set, indicates that security signatures are enabled on the server. The server MUST set this bit, and the client MUST return STATUS_INVALID_NETWORK_RESPONSE if the flag is missing. I'll submit a documentation bug to fix #9222 that way.
2012-10-03Fix bug #9222 - smbd ignores the "server signing = no" setting for SMB2.Jeremy Allison1-0/+6
Still sign if client request is signed, just don't negotiate it in negprot or sessionsetup. Autobuild-User(master): Jeremy Allison <jra@samba.org> Autobuild-Date(master): Wed Oct 3 00:59:42 CEST 2012 on sn-devel-104
2012-09-12Make metze happy and the code clearer :-).Jeremy Allison1-0/+6
Ensure we know after the destructor fires we're never going to look at this again. Autobuild-User(master): Jeremy Allison <jra@samba.org> Autobuild-Date(master): Wed Sep 12 03:00:21 CEST 2012 on sn-devel-104
2012-09-10Fix talloc memory heirarchy bug. If there's an SMB2 sessionsetup in flight ↵Jeremy Allison1-5/+36
when we're shut down, we end up freeing the struct smbXsrv_session *session pointer twice. Autobuild-User(master): Jeremy Allison <jra@samba.org> Autobuild-Date(master): Mon Sep 10 23:34:06 CEST 2012 on sn-devel-104
2012-08-23s3:smb2_server: use smbXsrv_session->nonce_*Stefan Metzmacher1-0/+3
metze
2012-08-09s3:smb2_sesssetup: setup global->[en|de]cryption_keyStefan Metzmacher1-0/+36
metze Autobuild-User(master): Stefan Metzmacher <metze@samba.org> Autobuild-Date(master): Thu Aug 9 09:59:02 CEST 2012 on sn-devel-104
2012-08-09s3:smb2_sesssetup: set global->encryption_required and enforce itStefan Metzmacher1-0/+22
This the account or client doesn't support encryption we should reject the session setup. metze
2012-08-08s3:smb2_sesssetup: remove unused code in smbd_smb2_reauth_generic_return()Stefan Metzmacher1-9/+0
A reauth exchange is already signed, with the channel signing key. metze
2012-08-08s3:smb2_sesssetup: remove TALLOC_FREE(session) from ↵Stefan Metzmacher1-9/+0
smbd_smb2_[re]auth_generic_return The caller does this via the smbd_smb2_session_setup_state_destructor() metze
2012-08-05s3:smb2_sesssetup: make use of SMBD_SMB2_* macrosStefan Metzmacher1-8/+6
metze
2012-07-26s3:smb2_sesssetup: reject SMB2_SESSION_FLAG_BINDING requestsStefan Metzmacher1-0/+13
metze Autobuild-User(master): Stefan Metzmacher <metze@samba.org> Autobuild-Date(master): Thu Jul 26 02:08:56 CEST 2012 on sn-devel-104
2012-06-25s3:smb2_sesssetup: make use of smb2srv_session_close_previous_send/recvStefan Metzmacher1-0/+66
metze
2012-06-25s3:smb2_sesssetup: inline gensec_session_info() callStefan Metzmacher1-25/+15
metze
2012-06-25s3:smb2_sesssetup: make use of gensec_update_send/recvStefan Metzmacher1-10/+35
metze
2012-06-25s3:smb2_sesssetup: inline most of smbd_smb2_session_setup()Stefan Metzmacher1-130/+99
metze
2012-06-25s3:smb2_sesssetup: implement dynamic re-authentication and expire sessionsStefan Metzmacher1-1/+85
metze
2012-06-25s3:smbd: make use of smbXsrv_tcon and smbXsrv_session for smb2Stefan Metzmacher1-112/+64
The removes the protocol specific smbd_smb2_session and smbd_smb2_tcon. Pair-Programmed-With: Michael Adam <obnox@samba.org> metze
2012-06-25s3:smb2_sesssetup: add support for SMB 2.24/3.00 signingStefan Metzmacher1-0/+29
metze
2012-06-25s3:smb2_sesssetup: make use of the smbXsrv_session infrastructureStefan Metzmacher1-31/+87
We still have smbd_smb2_session as primary structure, but that will went away once we got rid of smbd_smb2_tcon. metze
2012-06-06s3:smbd: change user_struct->vuid to uint64_tStefan Metzmacher1-2/+2
Only sconn->smb1.sessions.next_vuid remains as uint16_t, so that we do not generate larger values yet. metze Autobuild-User: Stefan Metzmacher <metze@samba.org> Autobuild-Date: Wed Jun 6 12:07:33 CEST 2012 on sn-devel-104
2012-06-06s3:smbd: use 'struct user_struct' instead of typedef'ed 'user_struct'Stefan Metzmacher1-1/+1
metze
2012-05-17s3:smb2_sesssetup: make use of nt_status_squash() in ↵Stefan Metzmacher1-1/+1
smbd_smb2_session_setup_recv() metze
2012-05-13s3:smb2_sesssetup: make the top level code async usingStefan Metzmacher1-30/+62
metze Autobuild-User: Stefan Metzmacher <metze@samba.org> Autobuild-Date: Sun May 13 17:59:39 CEST 2012 on sn-devel-104
2012-05-13s3:smb2_sesssetup: add smbd_smb2_session_setup_send/recv as wrapperStefan Metzmacher1-0/+105
This just adds smbd_smb2_session_setup_send/recv as wrapper to the sync smbd_smb2_session_setup function. This will allow us to change to top level code to work async, then we can have a 2nd step where we remove the sync smbd_smb2_session_setup function. metze
2012-05-13s3:smb2_sesssetup: pass down in_flags to smbd_smb2_session_setup()Stefan Metzmacher1-1/+5
metze
2012-05-13s3:smb2_sesssetup: pass down in_previous_session_id to all layersStefan Metzmacher1-2/+15
metze
2012-03-15s3:smbd: call file_close_user() before removing tree connects in ↵Stefan Metzmacher1-0/+2
conn_close_all() This will help later if we have to handle a SMB2TreeDisconnect different compared to a SMB2SessionLogoff and a TCPDisconnect. metze Autobuild-User: Stefan Metzmacher <metze@samba.org> Autobuild-Date: Thu Mar 15 21:56:09 CET 2012 on sn-devel-104
2012-03-06s3:smbd: keep 'num_users' and 'users' directly under smbd_server_connectionStefan Metzmacher1-1/+2
The plan is to have users_struct as some kind of low level abstraction for a smb1/smb2 session, that can be used by SMB_VFS modules. metze
2012-02-16s3-smbd Remove unused code now we always have SPNEGO via gensecAndrew Bartlett1-5/+1
This was previously needed because SPNEGO was only available in the AD DC. Andrew Bartlett Signed-off-by: Stefan Metzmacher <metze@samba.org>
2012-01-31s3:smbd: rework smbd_smb2_*_ntlmssp_auth* to smbd_smb2_auth_generic*Stefan Metzmacher1-22/+28
metze
2012-01-31s3:smbd: always use the gensec code path in smb2_sesssetup.cStefan Metzmacher1-460/+7
The other code pathes are unused, because we always have the spnego gensec module. metze
2012-01-25s3:smb2_sessetup: call set_current_user_info() and reload_services() on successStefan Metzmacher1-0/+11
This matches the smb1 code. metze Autobuild-User: Stefan Metzmacher <metze@samba.org> Autobuild-Date: Wed Jan 25 08:39:35 CET 2012 on sn-devel-104
2012-01-12s3:smbd: explicitly ask for GENSEC_FEATURE_UNIX_TOKENStefan Metzmacher1-0/+3
metze Autobuild-User: Stefan Metzmacher <metze@samba.org> Autobuild-Date: Thu Jan 12 11:22:53 CET 2012 on sn-devel-104
2012-01-05s3-auth Remove ntlmssp_wrap.h which is no longer requiredAndrew Bartlett1-1/+0
Signed-off-by: Stefan Metzmacher <metze@samba.org>
2012-01-05s3-auth use gensec directly rather than via auth_generic_stateAndrew Bartlett1-20/+20
This is possible because the s3 gensec modules are started as normal gensec modules, so we do not need a wrapper any more. Andrew Bartlett Signed-off-by: Stefan Metzmacher <metze@samba.org>
2012-01-05s3-auth Add TALLOC_CTX * to auth_generic_prepare()Andrew Bartlett1-10/+3
This makes the long term owner of this memory more clear. So far only the clear cases have been moved from NULL however. Andrew Bartlett Signed-off-by: Stefan Metzmacher <metze@samba.org>
2011-12-22s3-auth remove auth_ntlmssp_start(), call auth_generic_start() directlyAndrew Bartlett1-3/+3
This makes it clear that this can support more than just NTLMSSP. Andrew Bartlett Signed-off-by: Stefan Metzmacher <metze@samba.org>
2011-12-22s3-auth rename auth_ntlmssp_prepare() -> auth_generic_prepare()Andrew Bartlett1-3/+3
This function handles more than NTLMSSP now, at least when we are an AD DC and so changing the name may avoid some confusion in the future. Andrew Bartlett Signed-off-by: Stefan Metzmacher <metze@samba.org>
2011-12-15s3:smbd: pass smbd_server_connection and a snumused function pointer to ↵Stefan Metzmacher1-1/+1
reload_services() metze
2011-11-03s3:smbd: make use of SMB_SIGNING_* constantsStefan Metzmacher1-2/+2
metze
2011-10-21s3-ntlmssp Remove auth_ntlmssp_want_feature()Andrew Bartlett1-3/+3
We now just call the gensec_want_feature() directly. Andrew Bartlett Signed-off-by: Stefan Metzmacher <metze@samba.org>
2011-10-21s3-ntlmssp Remove auth_ntlmssp_update wrapperAndrew Bartlett1-11/+12
We now just call gensec_update directly. Andrew Bartlett Signed-off-by: Stefan Metzmacher <metze@samba.org>
2011-10-21s3-auth remove auth_ntlmssp_session_info()Andrew Bartlett1-6/+6
Instead, call gensec_session_info() directly. Andrew Bartlett Signed-off-by: Stefan Metzmacher <metze@samba.org>
2011-10-18ntlmssp: Move ntlmssp code to auth/ntlmsspAndrew Bartlett1-1/+1
This brings in the code from both libcli/auth and source4/auth/ntlmssp. Andrew Bartlett Signed-off-by: Stefan Metzmacher <metze@samba.org>
2011-09-23Fix bug #8477 - Map to guest can return uninitialized blob of data.Jeremy Allison1-1/+3
Found by Codenomicon at SNIA SDC. Autobuild-User: Jeremy Allison <jra@samba.org> Autobuild-Date: Fri Sep 23 03:19:46 CEST 2011 on sn-devel-104
2011-09-22s3:smb2_server: fix a logic error, we should sign non guest sessionsStefan Metzmacher1-1/+1
metze
generated by cgit (git 2.34.1) at 2024-06-11 01:38:34 +0000