Age | Commit message (Collapse) | Author | Files | Lines |
|
metze
Signed-off-by: Michael Adam <obnox@samba.org>
|
|
|
|
This the account or client doesn't support encryption we should
reject the tree connect.
metze
|
|
metze
|
|
We do not support SMB2 transport encryption yet.
metze
|
|
They use talloc_tos() internally: hoist that up to the callers, some
of whom don't want to us talloc_tos().
A simple patch, but hits a lot of files.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
|
|
The removes the protocol specific smbd_smb2_session and
smbd_smb2_tcon.
Pair-Programmed-With: Michael Adam <obnox@samba.org>
metze
|
|
metze
|
|
metze
|
|
metze
|
|
smbd_server_connection
The plan is to have connection_struct as some kind of low level
abstraction for a smb1/smb2 tree connects, that can be used by SMB_VFS modules.
metze
|
|
This patch removes security=share, which Samba implemented by matching
the per-share password provided by the client in the Tree Connect with
a selection of usernames supplied by the client, the smb.conf or
guessed from the environment.
The rationale for the removal is that for the bulk of security=share
users, we just we need a very simple way to run a 'trust the network'
Samba server, where users mark shares as guest ok. This is still
supported, and the smb.conf options are documented at
https://wiki.samba.org/index.php/Public_Samba_Server
At the same time, this closes the door on one of the most arcane areas
of Samba authentication.
Naturally, full user-name/password authentication remain available in
security=user and above.
This includes documentation updates for username and only user, which
now only do a small amount of what they used to do.
Andrew Bartlett
--------------
/ \
/ REST \
/ IN \
/ PEACE \
/ \
| SEC_SHARE |
| security=share |
| |
| |
| 5 March |
| |
| 2012 |
*| * * * | *
_________)/\\_//(\/(/\)/\//\/\///|_)_______
|
|
Ensure the cnum used to claim the connection for SMB2 is the
id that will be used for the SMB2 tcon. Based on code from
Ira Cooper <ira@wakeful.net>.
Autobuild-User: Jeremy Allison <jra@samba.org>
Autobuild-Date: Wed Jan 18 23:14:32 CET 2012 on sn-devel-104
|
|
let the client know when hide unreadable or hide unwriteable files
is set for a share
|
|
this matches Win7/2002R2 behavior and clients also must ignore
this flag when set (MS-SMB 2.2.10), so we should not set it at all
|
|
metze
|
|
metze
|
|
This is closer to the layout of struct auth_session_info in auth.idl
Andrew Bartlett
Signed-off-by: Andrew Tridgell <tridge@samba.org>
|
|
metze
|
|
to their only user and make them static. Add comments.
Autobuild-User: Jeremy Allison <jra@samba.org>
Autobuild-Date: Fri Jul 8 21:01:40 CEST 2011 on sn-devel-104
|
|
This defines a common table format, so we can in future define a
common table.
Andrew Bartlett
|
|
|
|
Guenther
|
|
Guenther
|
|
convert_string*()
we shouldn't accept bad multi-byte strings, it just hides problems
Autobuild-User: Andrew Tridgell <tridge@samba.org>
Autobuild-Date: Thu Mar 24 01:47:26 CET 2011 on sn-devel-104
|
|
These variables, of type struct auth_serversupplied_info were poorly
named when added into 2001, and in good consistant practice, this has
extended all over the codebase in the years since.
The structure is also not ideal for it's current purpose. Originally
intended to convey the results of the authentication modules, it
really describes all the essential attributes of a session. This
rename will reduce the volume of a future patch to replaced these with
a struct auth_session_info, with auth_serversupplied_info confined to
the lower levels of the auth subsystem, and then eliminated.
(The new structure will be the output of create_local_token(), and the
change in struct definition will ensure that this is always run, populating
local groups and privileges).
Andrew Bartlett
Signed-off-by: Stefan Metzmacher <metze@samba.org>
|
|
adding new share via MMC
Change the find_service() interface to not depend on fstring, and
create a useable talloc-based interface.
Jeremy.
|
|
SMB2 also.
|
|
This will reduce the noise from merges of the rest of the
libcli/security code, without this commit changing what code
is actually used.
This includes (along with other security headers) dom_sid.h and
security_token.h
Andrew Bartlett
Autobuild-User: Andrew Bartlett <abartlet@samba.org>
Autobuild-Date: Tue Oct 12 05:54:10 UTC 2010 on sn-devel-104
|
|
|
|
Jeremy.
|
|
Jeremy.
|
|
freeing the global context, as we close access to the locking db
before freeing the global context.
Jeremy.
|
|
Jeremy.
|
|
Jeremy.
|
|
right.
Gets us handling SMB2 compound async requests similar to W2K8R2
(and triggers the same client bug in the Win7 redirector). Great
thanks to Ira Cooper <samba@ira.wakeful.net> for helping with
this and to Metze for the wonderful async framework. The one
thing I need to fix to make us identical to W2K8R2 is that
when a compound request goes async at the end W2K8R2 splits
the replies up into a compound non-async reply followed by
a separate async reply. Currently we're doing the whole thing
in a compound reply.
Jeremy.
|
|
tid and 0xFFFFFFFFFFFFFFFF for compound sessionid values. Cope with this.
Jeremy.
|
|
Ensure we don't call close_cnum() with SMB2, also talloc_move the
compat_conn pointer from the NULL context onto the tcon context
in SMB2 as it's conceptually owned by that pointer.
Jeremy.
|
|
I don't think we need to log the fact that a user gave a wrong sharename in Explorer with the highest log level.
The level of this was not very consistent:
service.c: DEBUG(3,("find_service() failed to find service %s\n", service));
service.c: DEBUG(0,("%s (%s) couldn't find service %s\n",
smb2_tcon.c: DEBUG(1,("smbd_smb2_tree_connect: couldn't find service %s\n",
This changes the last two to 3 as the first one.
Signed-off-by: Christian Ambach <christian.ambach@de.ibm.com>
|
|
This will hold code that's shared between source3 and source4.
metze
|
|
metze
|
|
This should avoid confusion between smbd_server_connection
and connection_struct variables.
metze
|
|
This can be NULL for faked connection structs used in the rpc server
or printing code.
metze
|
|
metze
|
|
metze
|
|
metze
|
|
metze
|
|
For now this only checks if the share is present or not.
metze
|