Age | Commit message (Collapse) | Author | Files | Lines |
|
GENSEC, and to pull SCHANNEL into GENSEC, by making it less 'special'.
GENSEC now no longer has it's own handling of 'set username' etc,
instead it uses cli_credentials calls.
In order to link the credentails code right though Samba, a lot of
interfaces have changed to remove 'username, domain, password'
arguments, and these have been replaced with a single 'struct
cli_credentials'.
In the session setup code, a new parameter 'workgroup' contains the
client/server current workgroup, which seems unrelated to the
authentication exchange (it was being filled in from the auth info).
This allows in particular kerberos to only call back for passwords
when it actually needs to perform the kinit.
The kerberos code has been modified not to use the SPNEGO provided
'principal name' (in the mechListMIC), but to instead use the name the
host was connected to as. This better matches Microsoft behaviour,
is more secure and allows better use of standard kerberos functions.
To achieve this, I made changes to our socket code so that the
hostname (before name resolution) is now recorded on the socket.
In schannel, most of the code from librpc/rpc/dcerpc_schannel.c is now
in libcli/auth/schannel.c, and it looks much more like a standard
GENSEC module. The actual sign/seal code moved to
libcli/auth/schannel_sign.c in a previous commit.
The schannel credentails structure is now merged with the rest of the
credentails, as many of the values (username, workstation, domain)
where already present there. This makes handling this in a generic
manner much easier, as there is no longer a custom entry-point.
The auth_domain module continues to be developed, but is now just as
functional as auth_winbind. The changes here are consequential to the
schannel changes.
The only removed function at this point is the RPC-LOGIN test
(simulating the load of a WinXP login), which needs much more work to
clean it up (it contains copies of too much code from all over the
torture suite, and I havn't been able to penetrate its 'structure').
Andrew Bartlett
(This used to be commit 2301a4b38a21aa60917973451687063d83d18d66)
|
|
annoying "not parsing session request" message on each SMB connection
(This used to be commit b06b8dd2f4f4fea750b05fd29d68372828159f16)
|
|
- make use of talloc destructors
metze
(This used to be commit 8308da6ce4a95f8c10e22949ef00e9e64f2dbb85)
|
|
- added #if TALLOC_DEPRECATED around the _p functions
- fixes the code that broke from the above
while doing this I fixed quite a number of places that were
incorrectly using the non type-safe talloc functions to use the type
safe ones. Some were even doing multiplies for array allocation, which
is potentially unsafe.
(This used to be commit 6e7754abd0c225527fb38363996a6e241b87b37e)
|
|
talloc_size() or talloc_array_p() where appropriate.
also fixed a memory leak in pvfs_copy_file() (failed to free a memory
context)
(This used to be commit 89b74b53546e1570b11b3702f40bee58aed8c503)
|
|
(This used to be commit 44ca3f41cc835e22e6adca48ddfd84f246b22bfb)
|
|
- added test for chained OpenX/ReadX, simulating the OS/2 workplace shell
- fixed a bug in handling chained fnum in openx and ntcreatex in the server
(yes, I'm on holiday, but this bug was annoying me ....)
(This used to be commit b3b8958a18e302b815d98c0e3879e404bced6a08)
|
|
to kukks on #samba-technical for the sniffs that allowed me to work
this out
- much simpler ntvfs open generic mapping code
- added t2open create with EA torture test to RAW-OPEN test
(This used to be commit a56d95ad89b4f32a05974c4fe9a816d67aa369e3)
|
|
(This used to be commit 13c7794e02b0d5c83baa5efbe93e46defd38c8e1)
|
|
Guenter Kukkukk
(This used to be commit 49c8df5648eae1e8222c0dd2859fd2ff62ef34ce)
|
|
mode, so after we
call it we need to return, and not continue processing packets
(This used to be commit 33e4cee17dbfbb79e5ae68fda893a4d313865eb5)
|
|
(This used to be commit eef066175f98f38eff465f941a7bd747173e8db9)
|
|
- change smbcli_read/write to take void * for the buffers to match read(2)/write(2)
all this fixes a lot of gcc-4 warnings
metze
(This used to be commit b94f92bc6637f748d6f7049f4f9a30b0b8d18a7a)
|
|
call has an optional sec_desc and ea_list.
(This used to be commit 8379ad14e3d51a848a99865d9ce8d56a301e8a3c)
|
|
variable that is overwritten later.
Samba3 smbclient still does not like Samba4. In ntlmssp samba3 smbclient
expects an mechlistmic that 4 does not send.
Volker
(This used to be commit 614dbd8fec09a5e4c63e4b7774aa38335e030a42)
|
|
open->generic ntvfs mapping code.
(This used to be commit ed844192d7f7ed487290f719df65f256a5b0b9bc)
|
|
pvfs
(This used to be commit 1d2f0a55c1de01cbbf6552371584847223841bc3)
|
|
number rises by 1, not 2)
(This used to be commit 201ff734d47cb0c335820f11e2629cb3bd18162f)
|
|
outstanding async operation (triggering an immediate timeout).
pvfs now passes the RAW-MUX test
(This used to be commit 3423e2f41461d054067ef168b9b986f62cc8f77c)
|
|
part of the maxcnt. This caused an allocation failure and server exit.
Note: we need to go back over all the places in the core smb_server
that can cause allocation failures based on user input and fix them to
instead produce a SMB error.
Thanks to Susan for finding this bug.
(This used to be commit 4aed1b7921a3bfef460f8602467ac0dca9561032)
|
|
(This used to be commit 7c4e6ebf05790dd6e29896dd316db0fff613aa4e)
|
|
(This used to be commit 1087ea830e7aead86d54a1836512e88554afc919)
|
|
structure element called "open" as its a macro on solaris.
(This used to be commit 4e92e15c4e396b1d8cd211192888fea68c2cf0f9)
|
|
(This used to be commit 73ea8ee6c268371d05cf74160f2ad451dd2ae699)
|
|
happens with trans2, trans and echo. Now that smbd is async we queue
the multiples replies all at once, and now need a way to ensure each
reply gets it own smbsrv_request buffer. I have added
req_setup_secondary() to cope with this.
(This used to be commit 2dbd2abc5f197ee21d7dceeda2922c7449c46d99)
|
|
ntvfs modules
the idea is that a passthru module can use ntvfs_async_state_push() before
calling ntvfs_next_*() and in the _send function it calls
ntvfs_async_state_pop() and then call the upper layer send_fn itself
- ntvfs_nbench is now fully async
- the ntvfs_map_*() functions and the trans(2) mapping functions are not converted yet
metze
(This used to be commit fde64c0dc142b53d128c8ba09af048dc58d8ef3a)
|
|
(This used to be commit 977bc87d18d2ea8c6967bd8c1b953b09fff9b434)
|
|
to align the buffer, as that would make the read reply not fit
(This used to be commit 70be45de05993d386ceaf54325d1c3023008eaed)
|
|
(This used to be commit e11b000319953dfeeb84fed142e857a5247a93e9)
|
|
preparation for the full share modes and ntcreatex code that I am
working on.
highlights include:
- changed the way a backend determines if it is allowed to process a
request asynchronously. The previous method of looking at the
send_fn caused problems when an intermediate ntvfs module disabled
it, and the caller then wanted to finished processing using this
function. The new method is a REQ_CONTROL_MAY_ASYNC flag in
req->control_flags, which is also a bit easier to read
- fixed 2 bugs in the readbraw server code. One related to trying to
answer a readbraw with smb signing (which can't work, and crashed
our signing code), the second related to error handling, which
attempted to send a normal SMB error packet, when readbraw must
send a 0 read reply (as it has no header)
- added several more ntvfs_generic.c generic mapping functions. This
means that backends no longer need to implement such esoteric
functions as SMBwriteunlock() if they don't want to. The backend
can just request the mapping layer turn it into a write followed by
an unlock. This makes the backends considerably simpler as they
only need to implement one style of each function for lock, read,
write, open etc, rather than the full host of functions that SMB
provides. A backend can still choose to implement them
individually, of course, and the CIFS backend does that.
- simplified the generic structures to make them identical to the
principal call for several common SMB calls (such as
RAW_WRITE_GENERIC now being an alias for RAW_WRITE_WRITEX).
- started rewriting the pvfs_open() code in preparation for the full
ntcreatex semantics.
- in pvfs_open and ipc_open, initially allocate the open file
structure as a child of the request, so on error we don't need to
clean up. Then when we are going to succeed the open steal the
pointer into the long term backend context. This makes for much
simpler error handling (and fixes some bugs)
- use a destructor in the ipc backend to make sure that everthing is
cleaned up on receive error conditions.
- switched the ipc backend to using idtree for fnum allocation
- in the ntvfs_generic mapping routines, use a allocated secondary
structure not a stack structure to ensure the request pointer
remains valid even if the backend replies async.
(This used to be commit 3457c1836c09c82956697eb21627dfa2ed37682e)
|
|
- the stacking of modules
- finding the modules private data
- hide the ntvfs details from the calling layer
- I set NTVFS_INTERFACE_VERSION 0 till we are closer to release
(because we need to solve some async problems with the module stacking)
metze
(This used to be commit 3ff03b5cb21bb79afdd3b1609be9635f6688a539)
|
|
rather than manual reference counts
- properly support SMBexit in the cifs and posix backends
- added a logoff method to all backends
With these changes the RAW-CONTEXT test now passes against the posix backend
(This used to be commit c315d6ac1cc40546fde1474702a6d66d07ee13c8)
|
|
server side request structure to prevent a structing being freed in
some circumstances. This change replaces this with the much more
robust mechanism of talloc_increase_ref_count().
(This used to be commit 3f7741f178b359f81cc98ef18cd69bf976123e9f)
|
|
Andrew Bartlett
(This used to be commit cd2f97530b2846bdb98ef36fabdc0a1cdd9e69fd)
|
|
original core level calls). The old code was completely wrong in many respects.
also fixed the EA_SIZE level in the server
extended the RAW-SEARCH test suite to test the new code properly
(This used to be commit 71480271ad84b57fcdde264a54bb2408cf783255)
|
|
(This used to be commit 9a708e2281b87e41032e8a0b12bb5ac3b0e151ce)
|
|
(This used to be commit 93d444e6fd6b0e86a17a9aa8fa72408435cab3e0)
|
|
(This used to be commit 21ef338cbbe96acc8594ffc550ef60c6a40fb951)
|
|
cases, so don't shorten them back to 0 byte data length.
Andrew Bartlett
(This used to be commit 66c54fe7ebdbe1348731191d86ac4804e99d114e)
|
|
to a struct smbsrv_session that the same as cli_session for the client
we need a gensec_security pointer there
(spnego support will follow)
prefix some related functions with smbsrv_
metze
(This used to be commit f276378157bb9994c4c91ce46150a510de5c33f8)
|
|
the idea is to have services as modules (smb, dcerpc, swat, ...)
the process_model don't know about the service it self anymore.
TODO:
- the smbsrv should use the smbsrv_send function
- the service subsystem init should be done like for other modules
- we need to have a generic socket subsystem, which handle stream, datagram,
and virtuell other sockets( e.g. for the ntvfs_ipc module to connect to the dcerpc server
, or for smb or dcerpc or whatever to connect to a server wide auth service)
- and other fixes...
NOTE: process model pthread seems to be broken( but also before this patch!)
metze
(This used to be commit bbe5e00715ca4013ff0dbc345aa97adc6b5c2458)
|
|
(This used to be commit 2758c26ac96a62d7e0853e5d5fa95925ddce3420)
|
|
because this is the connection state per transport layer (tcp)
connection
I also moved the substructs directly into smbsrv_connection,
because they don't need a struct name and we should allway pass the complete
smbsrv_connection struct into functions
metze
(This used to be commit 60f823f201fcedf5473008e8453a6351e73a92c7)
|
|
metze
(This used to be commit a85d2db5826a84b812ea5162a11f54edd25f74e3)
|
|
metze
(This used to be commit 99473fab4b1ff87a795f3c08f4c521d9beb504c0)
|
|
because I need server_context fot the generic server infastructure
metze
(This used to be commit 0712f9f30797e65362c99423c0cf158a2f539000)
|
|
(This used to be commit de5984c95602ca67e8ac3139c3aa4330b74266e0)
|
|
metze
(This used to be commit 2986c5f08c8f0c26a2ea7b6ce20aae025183109f)
|
|
metze
(This used to be commit af6f1f8a01bebbecd99bc8c066519e89966e65e3)
|
|
metze
(This used to be commit 0e5517d937a2eb7cf707991d1c7498c1ab456095)
|