summaryrefslogtreecommitdiff
path: root/source4/smb_server
AgeCommit message (Collapse)AuthorFilesLines
2007-10-10r6270: Move the VUID handling to a IDR tree. This should avoid O(n)Andrew Bartlett4-119/+157
behaviour on session setups, and because we no longer need do deal with the linked list as much, the code is much simpiler too. We may be able to compleatly remove the tid and vuid linked lists, but I need to check. This patch also tries to clean up the VUID handling and session setups in general. To avoid security issues, we now have a distinction between VUIDs allocated for the session setup (to tie togeather the multiple round trips) and those used after authentication. Andrew Bartlett (This used to be commit 3e5775146d9ce6f0ac43aecae7e899b5324399ad)
2007-10-10r6031: don't try to send errors when the socket has been destroyedAndrew Tridgell1-0/+5
(This used to be commit 54c02846791cd8bda942fec847257c00013d3409)
2007-10-10r6028: A MAJOR update to intergrate the new credentails system fully withAndrew Bartlett2-7/+7
GENSEC, and to pull SCHANNEL into GENSEC, by making it less 'special'. GENSEC now no longer has it's own handling of 'set username' etc, instead it uses cli_credentials calls. In order to link the credentails code right though Samba, a lot of interfaces have changed to remove 'username, domain, password' arguments, and these have been replaced with a single 'struct cli_credentials'. In the session setup code, a new parameter 'workgroup' contains the client/server current workgroup, which seems unrelated to the authentication exchange (it was being filled in from the auth info). This allows in particular kerberos to only call back for passwords when it actually needs to perform the kinit. The kerberos code has been modified not to use the SPNEGO provided 'principal name' (in the mechListMIC), but to instead use the name the host was connected to as. This better matches Microsoft behaviour, is more secure and allows better use of standard kerberos functions. To achieve this, I made changes to our socket code so that the hostname (before name resolution) is now recorded on the socket. In schannel, most of the code from librpc/rpc/dcerpc_schannel.c is now in libcli/auth/schannel.c, and it looks much more like a standard GENSEC module. The actual sign/seal code moved to libcli/auth/schannel_sign.c in a previous commit. The schannel credentails structure is now merged with the rest of the credentails, as many of the values (username, workstation, domain) where already present there. This makes handling this in a generic manner much easier, as there is no longer a custom entry-point. The auth_domain module continues to be developed, but is now just as functional as auth_winbind. The changes here are consequential to the schannel changes. The only removed function at this point is the RPC-LOGIN test (simulating the load of a WinXP login), which needs much more work to clean it up (it contains copies of too much code from all over the torture suite, and I havn't been able to penetrate its 'structure'). Andrew Bartlett (This used to be commit 2301a4b38a21aa60917973451687063d83d18d66)
2007-10-10r5899: Fix spelling.Andrew Bartlett1-1/+1
Andrew Bartlett (This used to be commit 50af206477d8834d58629131e8cc994fb194adfe)
2007-10-10r5308: trimmed back a lot of the old macros from smb_macros.hAndrew Tridgell2-3/+4
(This used to be commit bf43c9bdcf9e654d123f6a2b29feb9189ca9e561)
2007-10-10r5294: - added a separate NBT-WINS test for WINS operations (register, ↵Andrew Tridgell1-1/+1
refresh, release and query) - change the iface_n_*() functions to return a "const char *" instead of a "struct ipv4_addr" I think that in general we should move towards "const char *" for all IP addresses, as this makes IPv6 much easier, and is also easier to debug. Andrew, when you get a chance, could you fix some of the auth code to use strings for IPs ? - return a NTSTATUS error on bad name queries and node status instead of using rcode. This makes the calling code simpler. - added low level name release code in libcli/nbt/ - use a real IP in the register and wins nbt torture tests, as w2k3 WINS server silently rejects some operations that don't come from the IP being used (eg. it says "yes" to a release, but does not in fact release the name) (This used to be commit bb1ab11d8e0ea0bd9ae34aebeb565d36fe4b495f)
2007-10-10r5197: moved events code to lib/events/ (suggestion from metze)Andrew Tridgell2-2/+2
(This used to be commit 7f54c8a339f36aa43c9340be70ab7f0067593ef2)
2007-10-10r5195: most events don't need the time of the event, so save a ↵Andrew Tridgell1-5/+5
gettimeofday() call and just use timeval_current() when its actually needed (This used to be commit 236403cc4dc2924ed6a898acae0bb44cc1688dcc)
2007-10-10r5193: make sure we mark the event dead when we free it on a dead connectionAndrew Tridgell1-0/+1
(This used to be commit 90535bab957ddaa7bfcdf43e199581f3352bdc8a)
2007-10-10r5185: make all the events data structures private to events.c. This willAndrew Tridgell2-3/+3
make it possible to add optimisations to the events code such as keeping the next timed event in a sorted list, and using epoll for file descriptor events. I also removed the loop events code, as it wasn't being used anywhere, and changed timed events to always be one-shot (as adding a new timed event in the event handler is so easy to do if needed) (This used to be commit d7b4b6de51342a65bf46fce772d313f92f8d73d3)
2007-10-10r5102: This is a major simplification of the logic for controlling top levelAndrew Tridgell7-111/+68
servers in smbd. The old code still contained a fairly bit of legacy from the time when smbd was only handling SMB connection. The new code gets rid of all of the smb_server specific code in smbd/, and creates a much simpler infrastructures for new server code. Major changes include: - simplified the process model code a lot. - got rid of the top level server and service structures completely. The top level context is now the event_context. This got rid of service.h and server.h completely (they were the most confusing parts of the old code) - added service_stream.[ch] for the helper functions that are specific to stream type services (services that handle streams, and use a logically separate process per connection) - got rid of the builtin idle_handler code in the service logic, as none of the servers were using it, and it can easily be handled by a server in future by adding its own timed_event to the event context. - fixed some major memory leaks in the rpc server code. - added registration of servers, rather than hard coding our list of possible servers. This allows for servers as modules in the future. - temporarily disabled the winbind code until I add the helper functions for that type of server - added error checking on service startup. If a configured server fails to startup then smbd doesn't startup. - cleaned up the command line handling in smbd, removing unused options (This used to be commit cf6a46c3cbde7b1eb1b86bd3882b953a2de3a42e)
2007-10-10r5037: got rid of all of the TALLOC_DEPRECATED stuff. My apologies for theAndrew Tridgell6-21/+21
large commit. I thought this was worthwhile to get done for consistency. (This used to be commit ec32b22ed5ec224f6324f5e069d15e92e38e15c0)
2007-10-10r4927: parse the NBT session request in the smb server. This gets rid of thatAndrew Tridgell2-7/+45
annoying "not parsing session request" message on each SMB connection (This used to be commit b06b8dd2f4f4fea750b05fd29d68372828159f16)
2007-10-10r4819: its just not my day today ....Andrew Tridgell1-0/+1
(This used to be commit e54a97f8a67a04427b36cb4afac204c4e5f4502a)
2007-10-10r4777: added a smb_composite_sesssetup() async composite function. ThisAndrew Tridgell1-4/+1
encapsulates all the different session setup methods, including the multi-pass spnego code. I have hooked this into all the places that previously used the RAW_SESSSETUP_GENERIC method, and have removed the old RAW_SESSSETUP_GENERIC code from clisession.c and clitree.c. A nice side effect is that these two modules are now very simple again, back to being "raw" session setup handling, which was what was originally intended. I have also used this to replace the session setup code in the smb_composite_connect() code, and used that to build a very simple replacement for smbcli_tree_full_connection(). As a result, smbclient, smbtorture and all our other SMB connection code now goes via these composite async functions. That should give them a good workout! (This used to be commit 080d0518bc7d6fd4bc3ef783e7d4d2e3275d0799)
2007-10-10r4730: remove unused struct elementsStefan Metzmacher1-38/+1
part of this went in in the last commit... metze (This used to be commit 9ea9e1ced59e7962164972b1dc2d53e0277d4449)
2007-10-10r4728: split up server_services into:Stefan Metzmacher5-106/+35
- stream_socket services the smb, ldap and rpc service which sets up a srtam socket end then waits for connections and - task services which this you can create a seperate task that do something (this is also going through the process_model subsystem so with -M standard a new process for this created with -M thread a new thread ... I'll add datagram services later when we whave support for datagram sockets in lib/socket/ see the next commit as an example for service_task's metze (This used to be commit d5fa02746c6569b09b6e05785642da2fad3ba3e0)
2007-10-10r4726: - use the name tcon and tid instead of conn and cnumStefan Metzmacher5-66/+33
- make use of talloc destructors metze (This used to be commit 8308da6ce4a95f8c10e22949ef00e9e64f2dbb85)
2007-10-10r4684: the smbsrv code should not know about rpc stuffStefan Metzmacher2-5/+0
just vfs_ipc metze (This used to be commit f85ebd1e8e19f5ff271dd7d79190fea16d6a98c4)
2007-10-10r4620: - add interface functions to the auth subsystem so that callers ↵Stefan Metzmacher2-55/+70
doesn't need to use function pointers anymore - make the module init much easier - a lot of cleanups don't try to read the diff in auth/ better read the new files it passes test_echo.sh and test_rpc.sh abartlet: please fix spelling fixes metze (This used to be commit 3c0d16b8236451f2cfd38fc3db8ae2906106d847)
2007-10-10r4611: - renamed add_socket() to smb_add_socket() as that is less confusingAndrew Tridgell1-10/+6
- removed the spurious call to set_blocking() in the smb server setup. (This used to be commit 76d905d12e6f65a3670e4167ec79d8876b772ca6)
2007-10-10r4591: - converted the other _p talloc functions to not need _pAndrew Tridgell5-7/+10
- added #if TALLOC_DEPRECATED around the _p functions - fixes the code that broke from the above while doing this I fixed quite a number of places that were incorrectly using the non type-safe talloc functions to use the type safe ones. Some were even doing multiplies for array allocation, which is potentially unsafe. (This used to be commit 6e7754abd0c225527fb38363996a6e241b87b37e)
2007-10-10r4549: got rid of a lot more uses of plain talloc(), instead usingAndrew Tridgell3-5/+5
talloc_size() or talloc_array_p() where appropriate. also fixed a memory leak in pvfs_copy_file() (failed to free a memory context) (This used to be commit 89b74b53546e1570b11b3702f40bee58aed8c503)
2007-10-10r4383: in order to cope with overfilled buffers on trans2 findfirst we need ↵Andrew Tridgell1-5/+6
to use 32 bit offsets and lengths in trans2 fill code, even though the packets themselves can only use 16 bit lengths. This prevents the overflow detection code from failing due to 16 bit length wrap. (This used to be commit 5cd74c22e99bc78e1f3ddf3f098790c4b4b87b4f)
2007-10-10r4382: check for bad tid in SMBtdisAndrew Tridgell1-0/+5
(This used to be commit 44ca3f41cc835e22e6adca48ddfd84f246b22bfb)
2007-10-10r4364: - added support for testing of chained SMB operations in smbtortureAndrew Tridgell1-0/+4
- added test for chained OpenX/ReadX, simulating the OS/2 workplace shell - fixed a bug in handling chained fnum in openx and ntcreatex in the server (yes, I'm on holiday, but this bug was annoying me ....) (This used to be commit b3b8958a18e302b815d98c0e3879e404bced6a08)
2007-10-10r4358: At metze's request, the Christmas elves have removed gensec_end inAndrew Bartlett1-1/+2
favor of talloc_free(). Andrew Bartlett (This used to be commit 1933cd12fbaed56e13f2386b19de6ade99bf9478)
2007-10-10r4355: More work from the elves on Christmas eve:Andrew Bartlett1-0/+2
- Update Samba4's kerberos code to match the 'salting' changes in Samba3 (and many other cleanups by jra). - Move GENSEC into the modern era of talloc destructors. This avoids many of the memory leaks in this code, as we now can't somehow 'forget' to call the end routine. - This required fixing some of the talloc hierarchies. - The new krb5 seems more sensitive to getting the service name right, so start actually setting the service name on the krb5 context. Andrew Bartlett (This used to be commit 278bf1a61a6da6ef955a12c13d7b1a0357cebf1f)
2007-10-10r4284: fixed a problem with very large EA lists and OS/2 clients. TheseAndrew Tridgell1-17/+28
checks on allocations need to go in a lot more places, but at least this is a start. (This used to be commit 99b0dac2292d72e3a77f105e8f2ef5a3838d7e1b)
2007-10-10r4263: added support for the trans2 RAW_SEARCH_EA_LIST informationAndrew Tridgell1-0/+42
level. This is quite a strange level that we've never seen before, but is used by the os2 workplace shell. note w2k screws up this level when unicode is negotiated, so it only passes the RAW-SEARCH test when you force non-unicode (This used to be commit 25189b8fbf6515d573e3398dc9fca56505dc37b9)
2007-10-10r4261: added the RAW_FILEINFO_EA_LIST trans2 qfileinfo and qpathinfoAndrew Tridgell1-0/+27
level. Interestingly, this level did now show up on our trans2 scanner previously as we didn't have the FLAGS2_EXTENDED_ATTRIBUTES bit set in the client code. Now that we set that bit, new levels appear in windows servers. (This used to be commit 0b76d405a73e924dc2706f28bbf1084a59c9b393)
2007-10-10r4243: a sniff from kukks showed that the ea_set interface in trans2 ↵Andrew Tridgell1-15/+3
setfileinfo allows for multiple EAs to be set at once. This fixes all the ea code to allow for that. (This used to be commit b26828bef5d55e5eef0e34a164e76292df45e207)
2007-10-10r4232: added server support for multi-part SMBtrans requests, whileAndrew Tridgell3-87/+257
maintaining the async nature of the server. This is done with a SMBtrans request queue for partially completed requests. The smb signing issues with this get a little tricky, but it now seems to work fine (This used to be commit bc0209058b76a947ad27673aeb096d11a168996b)
2007-10-10r4214: possibly fix the "no-EAs" bug from OS/2Andrew Tridgell1-7/+2
(This used to be commit c9871253485b1a663fc79649742d3a89e81eb6d4)
2007-10-10r4182: fixed trans2 mkdir, allowing mkdir with an initial EA listAndrew Tridgell1-0/+43
(This used to be commit 7d981c29c28391813c7f93245f64b3ee108378a4)
2007-10-10r4173: - new t2open code, that can cope with "create with EAs". Many thanksAndrew Tridgell1-1/+1
to kukks on #samba-technical for the sniffs that allowed me to work this out - much simpler ntvfs open generic mapping code - added t2open create with EA torture test to RAW-OPEN test (This used to be commit a56d95ad89b4f32a05974c4fe9a816d67aa369e3)
2007-10-10r4159: fixed error return for writebrawAndrew Tridgell1-2/+1
(This used to be commit 13c7794e02b0d5c83baa5efbe93e46defd38c8e1)
2007-10-10r4146: an attempted fix for a OS/2 rename problem found by kukks - seems OS/2Andrew Tridgell1-2/+4
is v senstive to SMB flags2 bits (This used to be commit c232e21218e81ac9189b651478415e9fbd67bf78)
2007-10-10r4145: make sure we don't set the 32-bit error codes flag unless the clientAndrew Tridgell1-5/+9
can handle it, even for success packets (this bug was harmless, but can be confusing in ethereal with old clients) (This used to be commit 71e0c7b2ebbb01d64453c59e20911dc5008b9798)
2007-10-10r4109: fixed an uninitialised socket write found by kukksAndrew Tridgell1-0/+1
(This used to be commit 30c58b046d65164da37f705de105662f806e1331)
2007-10-10r4101: ignore secondary session requests to cope with a OS/2 bug reported byAndrew Tridgell1-2/+1
Guenter Kukkukk (This used to be commit 49c8df5648eae1e8222c0dd2859fd2ff62ef34ce)
2007-10-10r4099: Spelling fixes.Tim Potter2-6/+6
(This used to be commit 24d9f97bd6059d90eeead23900225e286047a862)
2007-10-10r4095: smbsrv_terminate_connection() doesn't exit() in single processor ↵Andrew Tridgell3-2/+11
mode, so after we call it we need to return, and not continue processing packets (This used to be commit 33e4cee17dbfbb79e5ae68fda893a4d313865eb5)
2007-10-10r4079: implement the gensec_have_feature() correctly by askingStefan Metzmacher1-1/+1
the backend what is actually in use metze (This used to be commit 6f3eb7bc03609108b9e0ea5676fca3d04140e737)
2007-10-10r4070: move some defines from asn_1.h to the places they belong toStefan Metzmacher2-4/+2
metze (This used to be commit ab2c2f27e1c61516e885f02bf26350f97209057a)
2007-10-10r4069: better error code for SMBwriteBMPXAndrew Tridgell1-4/+2
(This used to be commit eef066175f98f38eff465f941a7bd747173e8db9)
2007-10-10r4068: added LANMAN2.1 to list of supported protocols (for OS/2)Andrew Tridgell1-0/+1
(This used to be commit 06e48d1276d3837db4d278400e7ee29561cd9205)
2007-10-10r4063: - change char * -> uint8_t in struct request_bufferStefan Metzmacher7-35/+35
- change smbcli_read/write to take void * for the buffers to match read(2)/write(2) all this fixes a lot of gcc-4 warnings metze (This used to be commit b94f92bc6637f748d6f7049f4f9a30b0b8d18a7a)
2007-10-10r4055: fixed more places to use type safe allocation macrosAndrew Tridgell2-2/+2
(This used to be commit eec698254f67365f27b4b7569fa982e22472aca1)
2007-10-10r4011: get rid of rpc_secdes.h and replace it with a single sane set ofAndrew Tridgell1-19/+0
definitions for security access masks, in security.idl The previous definitions were inconsistently named, and contained many duplicate and misleading entries. I kept finding myself tripping up while using them. (This used to be commit 01c0fa722f80ceeb3f81f01987de95f365a2ed3d)