summaryrefslogtreecommitdiff
path: root/source4/smb_server/smb/sesssetup.c
AgeCommit message (Collapse)AuthorFilesLines
2012-02-18auth: Reorder arguments to generate_session_infoAndrew Bartlett1-4/+4
This matches check_ntlm_password() and generate_session_info_pac() Andrew Bartlett Autobuild-User: Andrew Bartlett <abartlet@samba.org> Autobuild-Date: Sat Feb 18 02:19:35 CET 2012 on sn-devel-104
2012-02-13auth: Pass in the SMB username (for %U) into generate_session_infoAndrew Bartlett1-1/+3
This matches what Samba3 does. Andrew Bartlett Autobuild-User: Andrew Bartlett <abartlet@samba.org> Autobuild-Date: Mon Feb 13 01:25:59 CET 2012 on sn-devel-104
2011-08-03gensec: clarify memory ownership for gensec_session_info() and ↵Andrew Bartlett1-2/+3
gensec_session_key() This is slightly less efficient, because we no longer keep a cache on the gensec structures, but much clearer in terms of memory ownership. Both gensec_session_info() and gensec_session_key() now take a mem_ctx and put the result only on that context. Some duplication of memory in the callers (who were rightly uncertain about who was the rightful owner of the returned memory) has been removed to compensate for the internal copy. Andrew Bartlett
2011-05-08s4-auth Rename auth -> auth4 to avoid conflict with s3 authAndrew Bartlett1-1/+1
2011-03-04s4-nterr: move auth_nt_status_squash to nt_status_squash and move to nterr.cGünther Deschner1-5/+5
Guenther
2011-02-09s4-auth Rework auth subsystem to remove struct auth_serversupplied_infoAndrew Bartlett1-11/+10
This changes auth_serversupplied_info into the IDL-defined struct auth_user_info_dc. This then in turn contains a struct auth_user_info, which is the only part of the structure that is mainted into the struct session_info. The idea here is to avoid keeping the incomplete results of the authentication (such as session keys, lists of SID memberships etc) in a namespace where it may be confused for the finalised results. Andrew Barltett
2010-09-15s4-smb: serialise session setup operationsAndrew Tridgell1-0/+7
the mixture of async and sync code in gensec makes a EOF on a socket during a session setup cause a crash. The simplest solution is to stop processing events on the socket until the session setup is complete.
2010-08-14s4:auth Move struct auth_usersupplied_info to a common locationAndrew Bartlett1-2/+2
This also changes the calling convention slightly - we should always allocate this with talloc_zero() to allow some elements to be optional. Some elements may only make sense in Samba3, which I hope will use this common structure. Andrew Bartlett
2010-07-16s4-loadparm: 2nd half of lp_ to lpcfg_ conversionAndrew Tridgell1-1/+1
this converts all callers that use the Samba4 loadparm lp_ calling convention to use the lpcfg_ prefix. Signed-off-by: Andrew Bartlett <abartlet@samba.org>
2010-05-20s4:auth Change auth_generate_session_info to take flagsAndrew Bartlett1-1/+13
This allows us to control what groups should be added in what use cases, and in particular to more carefully control the introduction of the 'authenticated' group. In particular, in the 'service_named_pipe' protocol, we do not have control over the addition of the authenticated users group, so we key of 'is this user the anonymous SID'. This also takes more care to allocate the right length ptoken->sids Andrew Bartlett
2010-04-14s4:auth Change auth_generate_session_info to take an auth contextAndrew Bartlett1-18/+61
The auth context was in the past only for NTLM authentication, but we need a SAM, an event context and and loadparm context for calculating the local groups too, so re-use that infrustructure we already have in place. However, to avoid problems where we may not have an auth_context (in torture tests, for example), allow a simpler 'session_info' to be generated, by passing this via an indirection in gensec and an generate_session_info() function pointer in the struct auth_context. In the smb_server (for old-style session setups) we need to change the async context to a new 'struct sesssetup_context'. This allows us to use the auth_context in processing the authentication reply . Andrew Bartlett
2009-12-24s4:auth: change auth_check_password_send/recv to tevent_reqStefan Metzmacher1-13/+26
metze
2009-12-24s4:gensec: change gensec_update_send/recv to tevent_reqStefan Metzmacher1-5/+15
metze
2009-12-24s4:smb_server: fix mixing socket_address and tsocket_addressStefan Metzmacher1-6/+9
metze
2009-09-19s4-smbd: minimise includes in smbd/ and smb_serverAndrew Tridgell1-2/+0
2009-02-13Remove auth/ntlm as a dependency of GENSEC by means of function pointers.Andrew Bartlett1-9/+7
When starting GENSEC on the server, the auth subsystem context must be passed in, which now includes function pointers to the key elements. This should (when the other dependencies are fixed up) allow GENSEC to exist as a client or server library without bundling in too much of our server code. Andrew Bartlett
2008-11-02Fix the build.Jelmer Vernooij1-1/+1
2008-11-02Add gensec_settings structure. This wraps loadparm_context for now, butJelmer Vernooij1-1/+1
should in the future only contain some settings required for gensec.
2008-09-23s4:smb_server: remove the bogus smbsrv_signing_restart()Stefan Metzmacher1-17/+2
Real signing always starts with seqnumber 2, and once signing is on the session key never change anymore for the complete smb connection. metze
2008-09-05Move our DC to implement mandetory signing.Andrew Bartlett1-2/+4
(this does not change the file server role, and only really changes what 'server signing = auto' means) Optional signing really isn't any benifit to network security. In doing so, allow anonymous clients (if permitted by policy) to log in without signing, as Samba3 does not sign these connections (which would use an all-zero key, so pointless). Andrew Bartlett (This used to be commit 468bf839c500ed1a26ab9a358ee64a4c0a695797)
2008-09-05With a windows 2008 client, even anonymous requires signing...Andrew Bartlett1-6/+0
Andrew Bartlett (This used to be commit a89f9818180e8fb868975c444c4d0e5aaa8d4e79)
2008-04-17Specify event_context to ldb_wrap_connect explicitly.Jelmer Vernooij1-2/+3
(This used to be commit b4e1ae07a284c044704322446c94351c2decff91)
2007-12-21r26268: Avoid more use of global_loadparm - put lp_ctx in smb_server and ↵Jelmer Vernooij1-5/+8
wbsrv_connection. (This used to be commit 7c008664238ed966cb82adf5b25b22157bb50730)
2007-12-21r26264: pass name resolve order explicitly, use torture context for settings ↵Jelmer Vernooij1-2/+2
in dssync tests. (This used to be commit c7eae1c7842f9ff8b70cce9e5d6f3ebbbe78e83b)
2007-12-21r26260: Store loadparm context in gensec context.Jelmer Vernooij1-0/+1
(This used to be commit b9e3a4862e267be39d603fed8207a237c3d72081)
2007-12-21r26221: Add loadparm_context parameter to auth_context_create.Jelmer Vernooij1-0/+1
(This used to be commit a9a9634df8f3137ecb308adb90a755f12af94972)
2007-10-10r25551: Convert to standard bool type.Jelmer Vernooij1-3/+3
(This used to be commit c9651e2c5c078edee7b91085e936a93625c8d708)
2007-10-10r25398: Parse loadparm context to all lp_*() functions.Jelmer Vernooij1-1/+1
(This used to be commit 3fcc960839c6e5ca4de2c3c042f12f369ac5f238)
2007-10-10r25026: Move param/param.h out of includes.hJelmer Vernooij1-0/+1
(This used to be commit abe8349f9b4387961ff3665d8c589d61cd2edf31)
2007-10-10r23792: convert Samba4 to GPLv3Andrew Tridgell1-3/+2
There are still a few tidyups of old FSF addresses to come (in both s3 and s4). More commits soon. (This used to be commit fcf38a38ac691abd0fa51b89dc951a08e89fdafa)
2007-10-10r23680: Make it easier to setup a domain member server - the 'server role'Andrew Bartlett1-1/+1
will now control the auth methods, but an override is still available, ex: auth methods:domain controller = <methods> Andrew Bartlett (This used to be commit b7e727186ed8eda6a68c873e089f655dc24fe8ae)
2007-10-10r23020: a better fix for the memory leak - this one doesn't stuff up spnego :)Andrew Tridgell1-3/+9
(This used to be commit 9a8da730a725fc9fc1a3e407273e688f44eadfe1)
2007-10-10r23019: revert r23018 - this will require more thought.Andrew Tridgell1-14/+2
(This used to be commit df60df9678e5c45fad6c7f7cb53ba8d0ce6b7cf0)
2007-10-10r23018: fixed a memory leak in our server side session setup code for failedAndrew Tridgell1-2/+14
session setups (This used to be commit a4e043e1f8f3cf1ab86e6dde501722b8050bbde4)
2007-10-10r19598: Ahead of a merge to current lorikeet-heimdal:Andrew Bartlett1-0/+2
Break up auth/auth.h not to include the world. Add credentials_krb5.h with the kerberos dependent prototypes. Andrew Bartlett (This used to be commit 2b569c42e0fbb596ea82484d0e1cb22e193037b9)
2007-10-10r17341: pass a messaging context to auth_context_create()Stefan Metzmacher1-4/+7
and gensec_server_start(). calling them with NULL for event context or messaging context is no longer allowed! metze (This used to be commit 679ac74e71b111344f1097ab389c0b83a9247710)
2007-10-10r17283: use the async calls of auth_check_password() and gensec_update()Stefan Metzmacher1-136/+202
in the smb server. metze (This used to be commit 216e02c69cf5914487f0000d836d1082795487b2)
2007-10-10r17274: fix typosStefan Metzmacher1-2/+2
metze (This used to be commit 699dee70aaa13bddbe8be760033aa81dd583208a)
2007-10-10r15741: move smb2 request structures into the main smb request structsStefan Metzmacher1-0/+3
as new levels metze (This used to be commit 91806353174704857dfcc15a730af7232cfde660)
2007-10-10r14542: Remove librpc, libndr and libnbt from includes.hJelmer Vernooij1-0/+1
(This used to be commit 51b4270513752d2eafbe77f9de598de16ef84a1f)
2007-10-10r13870: prefix more functions with smbsrv_Stefan Metzmacher1-6/+6
metze (This used to be commit e6275db7b926d3660ad4a0f40041a5129001427a)
2007-10-10r13866: prefix more functions with smbsrv_Stefan Metzmacher1-4/+2
metze (This used to be commit bb083f17c961964dd99185ae4194596ccaafd4a8)
2007-10-10r13403: Try to better handle a case where SPNEGO isn't available (allow us toAndrew Bartlett1-3/+4
emulate the behaviour of XP standalone if required). Andrew Bartlett (This used to be commit 7f821097fbdbc9f35d96e05f85cf008f36c0eea3)
2007-10-10r12804: This patch reworks the Samba4 sockets layer to use a socket_addressAndrew Bartlett1-5/+14
structure that is more generic than just 'IP/port'. It now passes make test, and has been reviewed and updated by metze. (Thankyou *very* much). This passes 'make test' as well as kerberos use (not currently in the testsuite). The original purpose of this patch was to have Samba able to pass a socket address stucture from the BSD layer into the kerberos routines and back again. It also removes nbt_peer_addr, which was being used for a similar purpose. It is a large change, but worthwhile I feel. Andrew Bartlett (This used to be commit 88198c4881d8620a37086f80e4da5a5b71c5bbb2)
2007-10-10r12608: Remove some unused #include lines.Jelmer Vernooij1-1/+0
(This used to be commit 70e7449318aa0e9d2639c76730a7d1683b2f4981)
2007-10-10r12115: bring SMB sesssetup_spnego in sync with SMB2 sesssetupStefan Metzmacher1-46/+51
metze (This used to be commit 99cf7dbb177f92df40301ed8faeeb93e89452922)
2007-10-10r11786: move all SMB protocol specific stuff to smb_server/smb/Stefan Metzmacher1-0/+370
metze (This used to be commit 5fea278cb65076cea71bb6c921e51c4feffc37d7)