summaryrefslogtreecommitdiff
path: root/source4/smb_server
AgeCommit message (Collapse)AuthorFilesLines
2007-10-10r8627: fixed a big memory leak in the spnego gensec code in sessionAndrew Tridgell1-2/+3
setup. Andrew, please check over this. What happens is this: - run the BASE-SECLEAK test - with each failed session setup using spnego a gensec ctx is leaked into the smb_conn structure - after the client disconnects these are finally cleaned up as they are all children of the connection structure - the cleanup of the millions of memory objects takes long enough that the next operation in test_posix.sh sometimes fails with a timeout Andrew, can you also look at the talloc_reference() on line 332 of sesssetup.c ? I suspect it isn't needed (I don't think it does any actual harm though) (This used to be commit b40fb6a4569ccc1fa1750a1e534e18a020764b4c)
2007-10-10r8577: added management calls to list current tree connectsAndrew Tridgell3-0/+36
(This used to be commit 658befc1e4df44bee1f365a730951001f0f36640)
2007-10-10r8574: added server side irpc calls for listing the current sessionsAndrew Tridgell5-4/+101
(This used to be commit 391cfe3c9645a19f8f5ff5c11b1ac03ee0b10f8f)
2007-10-10r8527: found an uninitialised variable in 'make valgrindtest'Andrew Tridgell1-10/+11
(This used to be commit 9eebd240d8ed9a634307ce31696d817f78f503b2)
2007-10-10r8487: kfixed a typoAndrew Tridgell1-1/+1
(This used to be commit adae47c829fd157afa0011d29e5969d883a0956e)
2007-10-10r8272: added the hooks for adding a name to a messaging context, so we willAndrew Tridgell1-0/+3
be able to send a message to the "ldap_server" task without having to know its task ID. (This used to be commit 8f69867867857e0c9a9246c2dec9612ccc234724)
2007-10-10r8119: fixed two error code returns in the smb server now that we haveAndrew Tridgell2-2/+2
torture code that can tell the difference between dos and ntstatus codes without mapping (This used to be commit 5521060c089c2181a2f3c7aeabd2f3ba813c6e60)
2007-10-10r8028: fix a crash bug in ulogoff, when the tree_connect failed beforeStefan Metzmacher1-0/+4
metze (This used to be commit a2e34475d723eb74fc58b9afa9f4a863b1277b0d)
2007-10-10r7857: improved the handling of end-of-file on sockets in the smb serverAndrew Tridgell1-2/+8
(This used to be commit 6ee98c5f6505824826955f9d60a7964471fa6c26)
2007-10-10r7782: fixed an ordering problem with smb requests. I found this when I had ↵Andrew Tridgell2-0/+16
"sam database" set to the internal ldap server over loopback. The following happened: - DCERPC_AUTH3 request - auth requests calls ldb - ldb calls ldap - ldap calls our internal ldap server, triggering events - samrConnect from client - connect refused - SMBclose from client - causes dcerpc_pipe to be destroyed - AUTH3 continues - dies on freed pipe I chose this solution as it provides a guarantee that backends only have to think about async issues when they mark a request async. When they don't, this code guarantees that a second request won't happen on the same connection while processing the first one (This used to be commit 45487e8a1402c64d1c314befe8bd9f65587fd0d6)
2007-10-10r7676: Make VUID and TID choice random, as this gives us protection againstAndrew Bartlett2-2/+2
replay attacks under SMB signing, where the session key is a fixed derivitive of the user's password. This removes the VID offset, but I'm not worried about random client bytes mattering here, given the space (and the fact that it applies to very, very old clients). Andrew Bartlett (This used to be commit eb1d37c5a91a6bc4515469e1ae026d28c12d7149)
2007-10-10r7675: Use correct memory context for anonymous session setup auth contextAndrew Bartlett1-2/+2
(no need for it to hang around forever). Add test for this behaviour. Andrew Bartlett (This used to be commit 36dc2491d778fbbff32c4abdf95faa9f83024e12)
2007-10-10r7633: this patch started as an attempt to make the dcerpc code use a givenAndrew Tridgell2-4/+11
event_context for the socket_connect() call, so that when things that use dcerpc are running alongside anything else it doesn't block the whole process during a connect. Then of course I needed to change any code that created a dcerpc connection (such as the auth code) to also take an event context, and anything that called that and so on .... thus the size of the patch. There were 3 places where I punted: - abartlet wanted me to add a gensec_set_event_context() call instead of adding it to the gensec init calls. Andrew, my apologies for not doing this. I didn't do it as adding a new parameter allowed me to catch all the callers with the compiler. Now that its done, we could go back and use gensec_set_event_context() - the ejs code calls auth initialisation, which means it should pass in the event context from the web server. I punted on that. Needs fixing. - I used a NULL event context in dcom_get_pipe(). This is equivalent to what we did already, but should be fixed to use a callers event context. Jelmer, can you think of a clean way to do that? I also cleaned up a couple of things: - libnet_context_destroy() makes no sense. I removed it. - removed some unused vars in various places (This used to be commit 3a3025485bdb8f600ab528c0b4b4eef0c65e3fc9)
2007-10-10r7631: - remove unused function, as the disgn of samba4 doesn't allow the ↵Stefan Metzmacher1-39/+2
old style auto homedir share stuff - add TODO: for checking the password on share mode security metze (This used to be commit d9a0c61801f19e55a41c573ea96565946314ecb3)
2007-10-10r7523: blerghAndrew Tridgell1-1/+6
the error code for an invalid tid depends on the command (This used to be commit 9dab036fbe50d84cb79d7a103c454a1c0c90a48a)
2007-10-10r7510: fixed error code for using a bad tid.Andrew Tridgell1-1/+1
amazingly, I have seen w2k do a session setup followed by an immediate attempted opening of \netlogon, with no tconx to ipc$ first. So this error code can matter. (This used to be commit 79112d81cb9ea3fc7e94be1af282ab4247170532)
2007-10-10r7222: remove double call to the same function in the same place, probable ↵Simo Sorce1-6/+0
cut&paste error (This used to be commit 615618f192a05b95ab0e0fba68e339a6df1a3363)
2007-10-10r6342: fixed a bad union assumption that caused ACLs to fail on 64 bit machinesAndrew Tridgell1-1/+1
Thanks to lars and agruen for finding this (This used to be commit 2acc06918574b1178eecf3d61026f84f85bb40e1)
2007-10-10r6313: Much better handling of LogoffAndX when the vuid is invalid (ie, don'tAndrew Bartlett1-12/+14
segfault). This should fix another of the issues that Richard came up with last week. Andrew Bartlett (This used to be commit c2c8b6abf3ffa39c8677cab4fda415d66df0c4ff)
2007-10-10r6312: Metze reminds me this header is no longer required.Andrew Bartlett1-1/+0
Andrew Bartlett (This used to be commit c67a9370c4e8f94aad68abba073779bb0edf742b)
2007-10-10r6310: Rename password.c to session.c, and remove the linked list of allAndrew Bartlett3-7/+3
outstanding sessions, as we don't use it. Andrew Bartlett (This used to be commit 0cbd11a0f2448f2021fa1d8ad85a0a6f52192ee8)
2007-10-10r6309: Remove this file it is empty and unreferenced. (In preperation forAndrew Bartlett1-29/+0
renaming password.c over the top, as it deals with sessions, not passwords). Andrew Bartlett (This used to be commit 0bba8da460f77946ba9ee5db58ae2329e9e57e1a)
2007-10-10r6270: Move the VUID handling to a IDR tree. This should avoid O(n)Andrew Bartlett4-119/+157
behaviour on session setups, and because we no longer need do deal with the linked list as much, the code is much simpiler too. We may be able to compleatly remove the tid and vuid linked lists, but I need to check. This patch also tries to clean up the VUID handling and session setups in general. To avoid security issues, we now have a distinction between VUIDs allocated for the session setup (to tie togeather the multiple round trips) and those used after authentication. Andrew Bartlett (This used to be commit 3e5775146d9ce6f0ac43aecae7e899b5324399ad)
2007-10-10r6031: don't try to send errors when the socket has been destroyedAndrew Tridgell1-0/+5
(This used to be commit 54c02846791cd8bda942fec847257c00013d3409)
2007-10-10r6028: A MAJOR update to intergrate the new credentails system fully withAndrew Bartlett2-7/+7
GENSEC, and to pull SCHANNEL into GENSEC, by making it less 'special'. GENSEC now no longer has it's own handling of 'set username' etc, instead it uses cli_credentials calls. In order to link the credentails code right though Samba, a lot of interfaces have changed to remove 'username, domain, password' arguments, and these have been replaced with a single 'struct cli_credentials'. In the session setup code, a new parameter 'workgroup' contains the client/server current workgroup, which seems unrelated to the authentication exchange (it was being filled in from the auth info). This allows in particular kerberos to only call back for passwords when it actually needs to perform the kinit. The kerberos code has been modified not to use the SPNEGO provided 'principal name' (in the mechListMIC), but to instead use the name the host was connected to as. This better matches Microsoft behaviour, is more secure and allows better use of standard kerberos functions. To achieve this, I made changes to our socket code so that the hostname (before name resolution) is now recorded on the socket. In schannel, most of the code from librpc/rpc/dcerpc_schannel.c is now in libcli/auth/schannel.c, and it looks much more like a standard GENSEC module. The actual sign/seal code moved to libcli/auth/schannel_sign.c in a previous commit. The schannel credentails structure is now merged with the rest of the credentails, as many of the values (username, workstation, domain) where already present there. This makes handling this in a generic manner much easier, as there is no longer a custom entry-point. The auth_domain module continues to be developed, but is now just as functional as auth_winbind. The changes here are consequential to the schannel changes. The only removed function at this point is the RPC-LOGIN test (simulating the load of a WinXP login), which needs much more work to clean it up (it contains copies of too much code from all over the torture suite, and I havn't been able to penetrate its 'structure'). Andrew Bartlett (This used to be commit 2301a4b38a21aa60917973451687063d83d18d66)
2007-10-10r5899: Fix spelling.Andrew Bartlett1-1/+1
Andrew Bartlett (This used to be commit 50af206477d8834d58629131e8cc994fb194adfe)
2007-10-10r5308: trimmed back a lot of the old macros from smb_macros.hAndrew Tridgell2-3/+4
(This used to be commit bf43c9bdcf9e654d123f6a2b29feb9189ca9e561)
2007-10-10r5294: - added a separate NBT-WINS test for WINS operations (register, ↵Andrew Tridgell1-1/+1
refresh, release and query) - change the iface_n_*() functions to return a "const char *" instead of a "struct ipv4_addr" I think that in general we should move towards "const char *" for all IP addresses, as this makes IPv6 much easier, and is also easier to debug. Andrew, when you get a chance, could you fix some of the auth code to use strings for IPs ? - return a NTSTATUS error on bad name queries and node status instead of using rcode. This makes the calling code simpler. - added low level name release code in libcli/nbt/ - use a real IP in the register and wins nbt torture tests, as w2k3 WINS server silently rejects some operations that don't come from the IP being used (eg. it says "yes" to a release, but does not in fact release the name) (This used to be commit bb1ab11d8e0ea0bd9ae34aebeb565d36fe4b495f)
2007-10-10r5197: moved events code to lib/events/ (suggestion from metze)Andrew Tridgell2-2/+2
(This used to be commit 7f54c8a339f36aa43c9340be70ab7f0067593ef2)
2007-10-10r5195: most events don't need the time of the event, so save a ↵Andrew Tridgell1-5/+5
gettimeofday() call and just use timeval_current() when its actually needed (This used to be commit 236403cc4dc2924ed6a898acae0bb44cc1688dcc)
2007-10-10r5193: make sure we mark the event dead when we free it on a dead connectionAndrew Tridgell1-0/+1
(This used to be commit 90535bab957ddaa7bfcdf43e199581f3352bdc8a)
2007-10-10r5185: make all the events data structures private to events.c. This willAndrew Tridgell2-3/+3
make it possible to add optimisations to the events code such as keeping the next timed event in a sorted list, and using epoll for file descriptor events. I also removed the loop events code, as it wasn't being used anywhere, and changed timed events to always be one-shot (as adding a new timed event in the event handler is so easy to do if needed) (This used to be commit d7b4b6de51342a65bf46fce772d313f92f8d73d3)
2007-10-10r5102: This is a major simplification of the logic for controlling top levelAndrew Tridgell7-111/+68
servers in smbd. The old code still contained a fairly bit of legacy from the time when smbd was only handling SMB connection. The new code gets rid of all of the smb_server specific code in smbd/, and creates a much simpler infrastructures for new server code. Major changes include: - simplified the process model code a lot. - got rid of the top level server and service structures completely. The top level context is now the event_context. This got rid of service.h and server.h completely (they were the most confusing parts of the old code) - added service_stream.[ch] for the helper functions that are specific to stream type services (services that handle streams, and use a logically separate process per connection) - got rid of the builtin idle_handler code in the service logic, as none of the servers were using it, and it can easily be handled by a server in future by adding its own timed_event to the event context. - fixed some major memory leaks in the rpc server code. - added registration of servers, rather than hard coding our list of possible servers. This allows for servers as modules in the future. - temporarily disabled the winbind code until I add the helper functions for that type of server - added error checking on service startup. If a configured server fails to startup then smbd doesn't startup. - cleaned up the command line handling in smbd, removing unused options (This used to be commit cf6a46c3cbde7b1eb1b86bd3882b953a2de3a42e)
2007-10-10r5037: got rid of all of the TALLOC_DEPRECATED stuff. My apologies for theAndrew Tridgell6-21/+21
large commit. I thought this was worthwhile to get done for consistency. (This used to be commit ec32b22ed5ec224f6324f5e069d15e92e38e15c0)
2007-10-10r4927: parse the NBT session request in the smb server. This gets rid of thatAndrew Tridgell2-7/+45
annoying "not parsing session request" message on each SMB connection (This used to be commit b06b8dd2f4f4fea750b05fd29d68372828159f16)
2007-10-10r4819: its just not my day today ....Andrew Tridgell1-0/+1
(This used to be commit e54a97f8a67a04427b36cb4afac204c4e5f4502a)
2007-10-10r4777: added a smb_composite_sesssetup() async composite function. ThisAndrew Tridgell1-4/+1
encapsulates all the different session setup methods, including the multi-pass spnego code. I have hooked this into all the places that previously used the RAW_SESSSETUP_GENERIC method, and have removed the old RAW_SESSSETUP_GENERIC code from clisession.c and clitree.c. A nice side effect is that these two modules are now very simple again, back to being "raw" session setup handling, which was what was originally intended. I have also used this to replace the session setup code in the smb_composite_connect() code, and used that to build a very simple replacement for smbcli_tree_full_connection(). As a result, smbclient, smbtorture and all our other SMB connection code now goes via these composite async functions. That should give them a good workout! (This used to be commit 080d0518bc7d6fd4bc3ef783e7d4d2e3275d0799)
2007-10-10r4730: remove unused struct elementsStefan Metzmacher1-38/+1
part of this went in in the last commit... metze (This used to be commit 9ea9e1ced59e7962164972b1dc2d53e0277d4449)
2007-10-10r4728: split up server_services into:Stefan Metzmacher5-106/+35
- stream_socket services the smb, ldap and rpc service which sets up a srtam socket end then waits for connections and - task services which this you can create a seperate task that do something (this is also going through the process_model subsystem so with -M standard a new process for this created with -M thread a new thread ... I'll add datagram services later when we whave support for datagram sockets in lib/socket/ see the next commit as an example for service_task's metze (This used to be commit d5fa02746c6569b09b6e05785642da2fad3ba3e0)
2007-10-10r4726: - use the name tcon and tid instead of conn and cnumStefan Metzmacher5-66/+33
- make use of talloc destructors metze (This used to be commit 8308da6ce4a95f8c10e22949ef00e9e64f2dbb85)
2007-10-10r4684: the smbsrv code should not know about rpc stuffStefan Metzmacher2-5/+0
just vfs_ipc metze (This used to be commit f85ebd1e8e19f5ff271dd7d79190fea16d6a98c4)
2007-10-10r4620: - add interface functions to the auth subsystem so that callers ↵Stefan Metzmacher2-55/+70
doesn't need to use function pointers anymore - make the module init much easier - a lot of cleanups don't try to read the diff in auth/ better read the new files it passes test_echo.sh and test_rpc.sh abartlet: please fix spelling fixes metze (This used to be commit 3c0d16b8236451f2cfd38fc3db8ae2906106d847)
2007-10-10r4611: - renamed add_socket() to smb_add_socket() as that is less confusingAndrew Tridgell1-10/+6
- removed the spurious call to set_blocking() in the smb server setup. (This used to be commit 76d905d12e6f65a3670e4167ec79d8876b772ca6)
2007-10-10r4591: - converted the other _p talloc functions to not need _pAndrew Tridgell5-7/+10
- added #if TALLOC_DEPRECATED around the _p functions - fixes the code that broke from the above while doing this I fixed quite a number of places that were incorrectly using the non type-safe talloc functions to use the type safe ones. Some were even doing multiplies for array allocation, which is potentially unsafe. (This used to be commit 6e7754abd0c225527fb38363996a6e241b87b37e)
2007-10-10r4549: got rid of a lot more uses of plain talloc(), instead usingAndrew Tridgell3-5/+5
talloc_size() or talloc_array_p() where appropriate. also fixed a memory leak in pvfs_copy_file() (failed to free a memory context) (This used to be commit 89b74b53546e1570b11b3702f40bee58aed8c503)
2007-10-10r4383: in order to cope with overfilled buffers on trans2 findfirst we need ↵Andrew Tridgell1-5/+6
to use 32 bit offsets and lengths in trans2 fill code, even though the packets themselves can only use 16 bit lengths. This prevents the overflow detection code from failing due to 16 bit length wrap. (This used to be commit 5cd74c22e99bc78e1f3ddf3f098790c4b4b87b4f)
2007-10-10r4382: check for bad tid in SMBtdisAndrew Tridgell1-0/+5
(This used to be commit 44ca3f41cc835e22e6adca48ddfd84f246b22bfb)
2007-10-10r4364: - added support for testing of chained SMB operations in smbtortureAndrew Tridgell1-0/+4
- added test for chained OpenX/ReadX, simulating the OS/2 workplace shell - fixed a bug in handling chained fnum in openx and ntcreatex in the server (yes, I'm on holiday, but this bug was annoying me ....) (This used to be commit b3b8958a18e302b815d98c0e3879e404bced6a08)
2007-10-10r4358: At metze's request, the Christmas elves have removed gensec_end inAndrew Bartlett1-1/+2
favor of talloc_free(). Andrew Bartlett (This used to be commit 1933cd12fbaed56e13f2386b19de6ade99bf9478)
2007-10-10r4355: More work from the elves on Christmas eve:Andrew Bartlett1-0/+2
- Update Samba4's kerberos code to match the 'salting' changes in Samba3 (and many other cleanups by jra). - Move GENSEC into the modern era of talloc destructors. This avoids many of the memory leaks in this code, as we now can't somehow 'forget' to call the end routine. - This required fixing some of the talloc hierarchies. - The new krb5 seems more sensitive to getting the service name right, so start actually setting the service name on the krb5 context. Andrew Bartlett (This used to be commit 278bf1a61a6da6ef955a12c13d7b1a0357cebf1f)