summaryrefslogtreecommitdiff
path: root/source4/smb_server/smb_server.h
AgeCommit message (Collapse)AuthorFilesLines
2007-10-10r11200: Reposition the creation of the kerberos keytab for GSSAPI and Krb5Andrew Bartlett1-2/+2
authentication. This pulls the creating of the keytab back to the credentials code, and removes the special case of 'use keberos keytab = yes' for now. This allows (and requires) the callers to specify the credentials for the server credentails to GENSEC. This allows kpasswdd (soon to be added) to use a different set of kerberos credentials. The 'use kerberos keytab' code will be moved into the credentials layer, as the layers below now expect a keytab. We also now allow for the old secret to be stored into the credentials, allowing service password changes. Andrew Bartlett (This used to be commit 205f77c579ac8680c85f713a76de5767189c627b)
2007-10-10r10513: Reduce some use of pstring. The main reason some parts of the code stillJelmer Vernooij1-0/+3
use pstring is next_token() now. (This used to be commit a5b88bcd420eb7ae42283293541519e142be36e3)
2007-10-10r8893: fixed the valgrind error on stream termination due to prototol errorsAndrew Tridgell1-0/+3
(This used to be commit cf1a7bbe96e8e40ac4df3eaa3e5922a944b45579)
2007-10-10r8658: move use of lp_security() and lp_nt_status_support() into the ↵Andrew Tridgell1-0/+6
connection structure. This massively reduces the number of lp_*() calls made (This used to be commit b1d577f48d31c0c17ad0b6abd78120087408e58d)
2007-10-10r8577: added management calls to list current tree connectsAndrew Tridgell1-0/+2
(This used to be commit 658befc1e4df44bee1f365a730951001f0f36640)
2007-10-10r8574: added server side irpc calls for listing the current sessionsAndrew Tridgell1-0/+6
(This used to be commit 391cfe3c9645a19f8f5ff5c11b1ac03ee0b10f8f)
2007-10-10r8487: kfixed a typoAndrew Tridgell1-1/+1
(This used to be commit adae47c829fd157afa0011d29e5969d883a0956e)
2007-10-10r7782: fixed an ordering problem with smb requests. I found this when I had ↵Andrew Tridgell1-0/+2
"sam database" set to the internal ldap server over loopback. The following happened: - DCERPC_AUTH3 request - auth requests calls ldb - ldb calls ldap - ldap calls our internal ldap server, triggering events - samrConnect from client - connect refused - SMBclose from client - causes dcerpc_pipe to be destroyed - AUTH3 continues - dies on freed pipe I chose this solution as it provides a guarantee that backends only have to think about async issues when they mark a request async. When they don't, this code guarantees that a second request won't happen on the same connection while processing the first one (This used to be commit 45487e8a1402c64d1c314befe8bd9f65587fd0d6)
2007-10-10r6310: Rename password.c to session.c, and remove the linked list of allAndrew Bartlett1-3/+2
outstanding sessions, as we don't use it. Andrew Bartlett (This used to be commit 0cbd11a0f2448f2021fa1d8ad85a0a6f52192ee8)
2007-10-10r6270: Move the VUID handling to a IDR tree. This should avoid O(n)Andrew Bartlett1-1/+8
behaviour on session setups, and because we no longer need do deal with the linked list as much, the code is much simpiler too. We may be able to compleatly remove the tid and vuid linked lists, but I need to check. This patch also tries to clean up the VUID handling and session setups in general. To avoid security issues, we now have a distinction between VUIDs allocated for the session setup (to tie togeather the multiple round trips) and those used after authentication. Andrew Bartlett (This used to be commit 3e5775146d9ce6f0ac43aecae7e899b5324399ad)
2007-10-10r5102: This is a major simplification of the logic for controlling top levelAndrew Tridgell1-1/+1
servers in smbd. The old code still contained a fairly bit of legacy from the time when smbd was only handling SMB connection. The new code gets rid of all of the smb_server specific code in smbd/, and creates a much simpler infrastructures for new server code. Major changes include: - simplified the process model code a lot. - got rid of the top level server and service structures completely. The top level context is now the event_context. This got rid of service.h and server.h completely (they were the most confusing parts of the old code) - added service_stream.[ch] for the helper functions that are specific to stream type services (services that handle streams, and use a logically separate process per connection) - got rid of the builtin idle_handler code in the service logic, as none of the servers were using it, and it can easily be handled by a server in future by adding its own timed_event to the event context. - fixed some major memory leaks in the rpc server code. - added registration of servers, rather than hard coding our list of possible servers. This allows for servers as modules in the future. - temporarily disabled the winbind code until I add the helper functions for that type of server - added error checking on service startup. If a configured server fails to startup then smbd doesn't startup. - cleaned up the command line handling in smbd, removing unused options (This used to be commit cf6a46c3cbde7b1eb1b86bd3882b953a2de3a42e)
2007-10-10r4927: parse the NBT session request in the smb server. This gets rid of thatAndrew Tridgell1-0/+4
annoying "not parsing session request" message on each SMB connection (This used to be commit b06b8dd2f4f4fea750b05fd29d68372828159f16)
2007-10-10r4730: remove unused struct elementsStefan Metzmacher1-38/+1
part of this went in in the last commit... metze (This used to be commit 9ea9e1ced59e7962164972b1dc2d53e0277d4449)
2007-10-10r4728: split up server_services into:Stefan Metzmacher1-13/+6
- stream_socket services the smb, ldap and rpc service which sets up a srtam socket end then waits for connections and - task services which this you can create a seperate task that do something (this is also going through the process_model subsystem so with -M standard a new process for this created with -M thread a new thread ... I'll add datagram services later when we whave support for datagram sockets in lib/socket/ see the next commit as an example for service_task's metze (This used to be commit d5fa02746c6569b09b6e05785642da2fad3ba3e0)
2007-10-10r4726: - use the name tcon and tid instead of conn and cnumStefan Metzmacher1-1/+2
- make use of talloc destructors metze (This used to be commit 8308da6ce4a95f8c10e22949ef00e9e64f2dbb85)
2007-10-10r4684: the smbsrv code should not know about rpc stuffStefan Metzmacher1-2/+0
just vfs_ipc metze (This used to be commit f85ebd1e8e19f5ff271dd7d79190fea16d6a98c4)
2007-10-10r4232: added server support for multi-part SMBtrans requests, whileAndrew Tridgell1-0/+8
maintaining the async nature of the server. This is done with a SMBtrans request queue for partially completed requests. The smb signing issues with this get a little tricky, but it now seems to work fine (This used to be commit bc0209058b76a947ad27673aeb096d11a168996b)
2007-10-10r3466: split out request.h, signing.h, and smb_server.hAndrew Tridgell1-2/+3
(This used to be commit 7c4e6ebf05790dd6e29896dd316db0fff613aa4e)
2007-10-10r3425: got rid of a bunch of cruft from rewrite.hAndrew Tridgell1-1/+0
(This used to be commit 3f902f8d851d32fa81d89ed61bfda6edaea00984)
2007-10-10r3341: - don't zero the async structure (makes valgrind more useful)Andrew Tridgell1-3/+0
- get rid of req->mid, as it isn't a safe value to use to match requests in the server (it is safe in the client code, as we choose the mid, but in the server we can't rely on other clients to choose the mid carefully) (This used to be commit 938fb44351e12a515073ea94cd306988d5ca7340)
2007-10-10r3336: use a struct ntvfs_async_state to be able to do async chaning of ↵Stefan Metzmacher1-20/+8
ntvfs modules the idea is that a passthru module can use ntvfs_async_state_push() before calling ntvfs_next_*() and in the _send function it calls ntvfs_async_state_pop() and then call the upper layer send_fn itself - ntvfs_nbench is now fully async - the ntvfs_map_*() functions and the trans(2) mapping functions are not converted yet metze (This used to be commit fde64c0dc142b53d128c8ba09af048dc58d8ef3a)
2007-10-10r3307: fixed the send side of the smb_server code to be non-blocking. ThisAndrew Tridgell1-0/+7
means the whole of the SMB handling code is now non-blocking. (This used to be commit 30acedb943f0170d30e7b08925280d0dffc7873e)
2007-10-10r3306: the main smb server code now handles non-blocking socket receives. IAndrew Tridgell1-0/+3
haven't marked the socket non-blocking yet as I haven't checked that the send path is OK for non-blocking. (This used to be commit bda978cc2a921a888534054135b9325427425dd2)
2007-10-10r3134: use struct idr_context * in tid allocationAndrew Tridgell1-1/+1
(This used to be commit 3ea9445226a678b410bf565ec114a3c544f8ade3)
2007-10-10r3081: several updates to ntvfs and server side async request handling inAndrew Tridgell1-2/+2
preparation for the full share modes and ntcreatex code that I am working on. highlights include: - changed the way a backend determines if it is allowed to process a request asynchronously. The previous method of looking at the send_fn caused problems when an intermediate ntvfs module disabled it, and the caller then wanted to finished processing using this function. The new method is a REQ_CONTROL_MAY_ASYNC flag in req->control_flags, which is also a bit easier to read - fixed 2 bugs in the readbraw server code. One related to trying to answer a readbraw with smb signing (which can't work, and crashed our signing code), the second related to error handling, which attempted to send a normal SMB error packet, when readbraw must send a 0 read reply (as it has no header) - added several more ntvfs_generic.c generic mapping functions. This means that backends no longer need to implement such esoteric functions as SMBwriteunlock() if they don't want to. The backend can just request the mapping layer turn it into a write followed by an unlock. This makes the backends considerably simpler as they only need to implement one style of each function for lock, read, write, open etc, rather than the full host of functions that SMB provides. A backend can still choose to implement them individually, of course, and the CIFS backend does that. - simplified the generic structures to make them identical to the principal call for several common SMB calls (such as RAW_WRITE_GENERIC now being an alias for RAW_WRITE_WRITEX). - started rewriting the pvfs_open() code in preparation for the full ntcreatex semantics. - in pvfs_open and ipc_open, initially allocate the open file structure as a child of the request, so on error we don't need to clean up. Then when we are going to succeed the open steal the pointer into the long term backend context. This makes for much simpler error handling (and fixes some bugs) - use a destructor in the ipc backend to make sure that everthing is cleaned up on receive error conditions. - switched the ipc backend to using idtree for fnum allocation - in the ntvfs_generic mapping routines, use a allocated secondary structure not a stack structure to ensure the request pointer remains valid even if the backend replies async. (This used to be commit 3457c1836c09c82956697eb21627dfa2ed37682e)
2007-10-10r3057: - moved the idtree.c code into lib/Andrew Tridgell1-3/+3
- converted the tid handling to use a idtree instead of bitmaps (This used to be commit 4220914179d10132057216650b65ed7f7679717e)
2007-10-10r2751: this is a new ntvfs design which tries to solve:Stefan Metzmacher1-16/+3
- the stacking of modules - finding the modules private data - hide the ntvfs details from the calling layer - I set NTVFS_INTERFACE_VERSION 0 till we are closer to release (because we need to solve some async problems with the module stacking) metze (This used to be commit 3ff03b5cb21bb79afdd3b1609be9635f6688a539)
2007-10-10r2627: use the new talloc capabilities in a bunch more places in the rpcAndrew Tridgell1-1/+1
server code. This fixes a number of memory leaks I found when testing with valgrind and smbtorture, as the cascading effect of a talloc_free() ensures that anything derived from the top level object is destroyed on disconnect. (This used to be commit 76d0b8206ce64d6ff4a192979c43dddbec726d6e)
2007-10-10r2561: completely redid the ntvfs module chaining code, You can now do ↵Andrew Tridgell1-2/+5
something like: ntvfs handler = nbench posix and the nbench pass-thru module will be called before the posix module. The chaining logic is now much saner, and less racy, with each level in the chain getting its own private pointer rather than relying on save/restore logic in the pass-thru module. The only pass-thru module we have at the moment is the nbench one (which records all traffic in a nbench compatibe format), but I plan on soon writing a "unixuid" pass-thru module that will implement the setegid()/setgroups()/seteuid() logic for standard posix uid handling. This separation of the posix backend from the uid handling should simplify the code, and make development easier. I also modified the nbench module so it can do multiple chaining, so if you want to you can do: ntvfs module = nbench nbench posix and it will save 2 copies of the log file in /tmp. This is really only useful for testing at the moment until we have more than one pass-thru module. (This used to be commit f84c0af35cb54c8fdc4933afefc18fa4c062aae4)
2007-10-10r2542: I really don't like the 'substitute' code, and I particularly don'tAndrew Bartlett1-15/+3
like it in the mainline code (outside the smb.conf magic). We will need to have a more useful 'helper' routine for this, but for now we at least get a reliable IP address. Also remove the unused 'socket' structure in the smb server - it seems to have been replaced by the socket library. Andrew Bartlett (This used to be commit d8fd19a2020da6cce691c0db2b00f42e31d672cc)
2007-10-10r2320: add my copyrightStefan Metzmacher1-0/+1
metze (This used to be commit 45b77064bfeae1d4db2fa83c5513bdafa0c237e4)
2007-10-10r2249: got rid of some more mem_ctx elements in structuresAndrew Tridgell1-9/+0
(This used to be commit 21ef338cbbe96acc8594ffc550ef60c6a40fb951)
2007-10-10r1796: Enable server-side SPNEGO, now that I have fixed the server-side SMBAndrew Bartlett1-5/+1
signing code to be able to cope. Andrew Bartlett (This used to be commit cb74d52b563730a50e33c92d868c45ee96a598e8)
2007-10-10r1521: Updates to our SMB signing code.Andrew Bartlett1-31/+2
- This causes our client and server code to use the same core code, with the same debugs etc. - In turn, this will allow the 'mandetory/fallback' signing algorithms to be shared, and only written once. Updates to the SPNEGO code - Don't wrap an empty token to the server, if we are actually already finished. Andrew Bartlett (This used to be commit 35b83eb329482ac1b3bc67285854cc47844ff353)
2007-10-10r1499: combine struct user_struct and struct smbsrv_userStefan Metzmacher1-11/+14
to a struct smbsrv_session that the same as cli_session for the client we need a gensec_security pointer there (spnego support will follow) prefix some related functions with smbsrv_ metze (This used to be commit f276378157bb9994c4c91ce46150a510de5c33f8)
2007-10-10r1486: commit the start of the generic server infastructureStefan Metzmacher1-4/+2
the idea is to have services as modules (smb, dcerpc, swat, ...) the process_model don't know about the service it self anymore. TODO: - the smbsrv should use the smbsrv_send function - the service subsystem init should be done like for other modules - we need to have a generic socket subsystem, which handle stream, datagram, and virtuell other sockets( e.g. for the ntvfs_ipc module to connect to the dcerpc server , or for smb or dcerpc or whatever to connect to a server wide auth service) - and other fixes... NOTE: process model pthread seems to be broken( but also before this patch!) metze (This used to be commit bbe5e00715ca4013ff0dbc345aa97adc6b5c2458)
2007-10-10r1291: rename struct smbsrv_context to smbsrv_connectionStefan Metzmacher1-166/+142
because this is the connection state per transport layer (tcp) connection I also moved the substructs directly into smbsrv_connection, because they don't need a struct name and we should allway pass the complete smbsrv_connection struct into functions metze (This used to be commit 60f823f201fcedf5473008e8453a6351e73a92c7)
2007-10-10r1281: move include/context.h to smb_server/smb_server.hStefan Metzmacher1-0/+375
metze (This used to be commit 7b4ad993ad7c937ef9bee1a48a8bda62f2f5d3b9)