Age | Commit message (Collapse) | Author | Files | Lines |
|
when we have negotiated SPNEGO.
Andrew Bartlett
(This used to be commit 07e3d2c4cd77d06c9ffaefd481ba58e4debe028c)
|
|
to finish
metze
(This used to be commit ddac5e46d42d3b2daae10107b1bcb3b138de7474)
|
|
(This used to be commit 2b41de48b24d5850a2e3a5834916403f44a6d9ed)
|
|
is reworked).
Andrew Bartlett
(This used to be commit 73ee549b8c54e93556ff0105941996e0d4de8303)
|
|
cases, so don't shorten them back to 0 byte data length.
Andrew Bartlett
(This used to be commit 66c54fe7ebdbe1348731191d86ac4804e99d114e)
|
|
Andrew Bartlett
(This used to be commit 30275764d8f22c47d46195e155d07c106ca3beba)
|
|
Andrew Bartlett
(This used to be commit 3520af0f3d8826ac52a7fb6a658ed0924e51bbf7)
|
|
Up to now the client code has had an async API, and operated
asynchronously at the packet level, but was not truly async in that it
assumed that it could always write to the socket and when a partial
packet came in that it could block waiting for the rest of the packet.
This change makes the SMB client library full async, by adding a
separate outgoing packet queue, using non-blocking socket IO and
having a input buffer that can fill asynchonously until the full
packet has arrived.
The main complexity was in dealing with the events structure when
using the CIFS proxy backend. In that case the same events structure
needs to be used in both the client library and the main smbd server,
so that when the client library is waiting for a reply that the main
server keeps processing packets. This required some changes in the
events library code.
Next step is to make the generated rpc client code use these new
capabilities.
(This used to be commit 96bf4da3edc4d64b0f58ef520269f3b385b8da02)
|
|
e.g. we now have 'union smb_mkdir' and 'enum smb_mkdir_level' in sync
we may should also rename 'RAW_MKDIR_*' -> 'SMB_MKDIR_*'
metze
(This used to be commit 0bb50dcf1ccb9797000fcbea4d8a73f2d2a3db77)
|
|
- This causes our client and server code to use the same core code,
with the same debugs etc.
- In turn, this will allow the 'mandetory/fallback' signing algorithms
to be shared, and only written once.
Updates to the SPNEGO code
- Don't wrap an empty token to the server, if we are actually already finished.
Andrew Bartlett
(This used to be commit 35b83eb329482ac1b3bc67285854cc47844ff353)
|
|
close_connection fn of a specific service
metze
(This used to be commit 0e1f5e66d37deb7a77ae9f545e60685428fd9d21)
|
|
SPNEGO, but I'll leave andrew to tackle that.
(This used to be commit 5dd71be8d9e49277f17668877e47729c340f0f67)
|
|
must think carefully about packet chaining when dealing with any
authentication or SMB parsing issues. The particular problem here was
that a chained tconX didn't get the req->session setup after an
initial sesstion setup call, so the tconx used a bogus VUID.
(This used to be commit 6f2a335cd623211071b01d982d4e7c69b49a5602)
|
|
to a struct smbsrv_session that the same as cli_session for the client
we need a gensec_security pointer there
(spnego support will follow)
prefix some related functions with smbsrv_
metze
(This used to be commit f276378157bb9994c4c91ce46150a510de5c33f8)
|
|
the idea is to have services as modules (smb, dcerpc, swat, ...)
the process_model don't know about the service it self anymore.
TODO:
- the smbsrv should use the smbsrv_send function
- the service subsystem init should be done like for other modules
- we need to have a generic socket subsystem, which handle stream, datagram,
and virtuell other sockets( e.g. for the ntvfs_ipc module to connect to the dcerpc server
, or for smb or dcerpc or whatever to connect to a server wide auth service)
- and other fixes...
NOTE: process model pthread seems to be broken( but also before this patch!)
metze
(This used to be commit bbe5e00715ca4013ff0dbc345aa97adc6b5c2458)
|
|
(This used to be commit 2758c26ac96a62d7e0853e5d5fa95925ddce3420)
|
|
Initial attempt at RAP server infrastructure. Look at rap_server.c for the
dummy functions that are supposed to implement the core functionality.
ipc_rap.c contains all the data shuffling. _rap_shareenum and _rap_serverenum2
in ipc_rap.c are (I think) regular enough to be auto-generated.
I did not test all the corner cases yet, but nevertheless I would like some
comments on the general style.
Volker
P.S: samba-3 smbclient now doesn't freak out anymore, although the results are
not entirely correct :-)
(This used to be commit 08140cc1a838b4eaa23c897b280a46c95b7ef3e0)
|
|
metze
(This used to be commit ee711c71fedd9d24b5a78b51d9dc3e166645260f)
|
|
metze
(This used to be commit 32e307857ccc99b446e7574d46b610c63ee03583)
|
|
This implements gensec for Samba's server side, and brings gensec up
to the standards of a full subsystem.
This means that use of the subsystem is by gensec_* functions, not
function pointers in structures (this is internal). This causes
changes in all the existing gensec users.
Our RPC server no longer contains it's own generalised security
scheme, and now calls gensec directly.
Gensec has also taken over the role of auth/auth_ntlmssp.c
An important part of gensec, is the output of the 'session_info'
struct. This is now reference counted, so that we can correctly free
it when a pipe is closed, no matter if it was inherited, or created by
per-pipe authentication.
The schannel code is reworked, to be in the same file for client and
server.
ntlm_auth is reworked to use gensec.
The major problem with this code is the way it relies on subsystem
auto-initialisation. The primary reason for this commit now.is to
allow these problems to be looked at, and fixed.
There are problems with the new code:
- I've tested it with smbtorture, but currently don't have VMware and
valgrind working (this I'll fix soon).
- The SPNEGO code is client-only at this point.
- We still do not do kerberos.
Andrew Bartlett
(This used to be commit 07fd885fd488fd1051eacc905a2d4962f8a018ec)
|
|
Andrew Bartlett
(This used to be commit 9002584c020a48ab37cce103b4413e871aae2985)
|
|
because this is the connection state per transport layer (tcp)
connection
I also moved the substructs directly into smbsrv_connection,
because they don't need a struct name and we should allway pass the complete
smbsrv_connection struct into functions
metze
(This used to be commit 60f823f201fcedf5473008e8453a6351e73a92c7)
|
|
metze
(This used to be commit 7b4ad993ad7c937ef9bee1a48a8bda62f2f5d3b9)
|
|
metze
(This used to be commit a85d2db5826a84b812ea5162a11f54edd25f74e3)
|
|
metze
(This used to be commit 99473fab4b1ff87a795f3c08f4c521d9beb504c0)
|
|
metze
(This used to be commit a9ba29e00fc818e798079c42888da3f20f3d1634)
|
|
because I need server_context fot the generic server infastructure
metze
(This used to be commit 0712f9f30797e65362c99423c0cf158a2f539000)
|
|
(This used to be commit de5984c95602ca67e8ac3139c3aa4330b74266e0)
|
|
-move process_model code to smbd/process_model.c
-remove some used code
metze
(This used to be commit 10dd8487290a2876253ce69033e374d23b42e704)
|
|
STATUS_BUFFER_OVERFLOW when more data is present.
(This used to be commit 0e557fe85748558affd20a58455c4b75fee69e27)
|
|
Fix other 'const' warnings in the torture code.
Andrew Bartlett
(This used to be commit 5d39d7497f189da15d659b3f83b7314026040a15)
|
|
(This used to be commit be75cdc1bf5558cb7da50b15bf1fd629a0c44dc2)
|
|
goodness and light' struct ;-)
Break apart the auth subsystem's return strucutres, into the parts
that a netlogon call cares about, and the parts that are for a local
session. This is the 'struct session_info' and it will almost
completly replace the current information stored on a vuid, but be
generic to all login methods (RPC over TCP, for example).
Andrew Bartlett
(This used to be commit d199697014d9562f9439a30b950fda798c5ef419)
|
|
metze
(This used to be commit 57151e80eb1090281401930c8fe25b20a8cf3a38)
|
|
metze
(This used to be commit 18062d2ed9fc9224c43143c10efbf2f6f1f5bbe0)
|
|
metze
(This used to be commit b5378803fdcb3b3afe7c2932a38828e83470f61a)
|
|
- remove unused lib/smbpasswd.c
- don't set the pkt size twice when doing SMB signing
(This used to be commit 69a2942f7987647a32d43c71f41ac1a82a82ccda)
|
|
metze
(This used to be commit 2986c5f08c8f0c26a2ea7b6ce20aae025183109f)
|
|
metze
(This used to be commit af6f1f8a01bebbecd99bc8c066519e89966e65e3)
|
|
metze
(This used to be commit 0e5517d937a2eb7cf707991d1c7498c1ab456095)
|
|
structures. This was suggested by metze recently.
I checked on the build farm and all the machines we have support 64
bit ints, and support the LL suffix for 64 bit constants. I suspect
some won't support strtoll() and related functions, so we will
probably need replacements for those.
(This used to be commit 9a9244a1c66654c12abe4379661cba83a73c4c21)
|
|
metze
(This used to be commit 8f59daba0d03a2c58f7f23655153de05cbe47e81)
|
|
metze
(This used to be commit 7f2e8a2b843cb58098a841c71764697553c57112)
|
|
(This used to be commit 8e5ddf5e8eb74f667897f90baa2d00f02ca5818b)
|
|
(This used to be commit b4b67c330174ac0570558bedf50729542ea775da)
|
|
This commit kills passdb, which was only hosting the auth subsystem.
With the work tridge has done on Samba4's SAM backend, this can (and
now is) all hosted on ldb. The auth_sam.c file now references this
backend.
You will need to assign your users passwords in ldb - adding a new line:
unicodePwd: myPass
to a record, using ldbedit, should be sufficient. Naturally, this
assumes you have had your personal SAMR provisioning tutorial from
tridge. Everybody else can still use the anonymous logins.
Andrew Bartlett
(This used to be commit 2aa0b55fb86648731d5f2201fa5a6aa993b7ca48)
|
|
to the main SAMBA_4_0 tree.
NOTE: that it's not completely ready, but it's functional:-)
metze
(This used to be commit c78a2ddb28ec50d6570a83b1f66f18a5c3621731)
|
|
andrew's recent chainsaw job :)
(This used to be commit 20166f4e19a599a85dfff045a738309d191db9e7)
|
|
This removes the code that tried to lookup posix groups, as well as
the code that was tied to the SAM_ACCOUNT.
This should make auth_ldb much easier to write :-)
Andrew Bartlett
(This used to be commit e096ee2112adecaa69b6b3eb155a4e8f80dfc0f7)
|
|
(This used to be commit 329c5ccd74680381b30c4a2235010c766ac46ecc)
|