From 6d34ab056f70d85c3207696fac4fbb9e7f437b14 Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Fri, 18 Nov 2005 13:30:18 +0000 Subject: r11786: move all SMB protocol specific stuff to smb_server/smb/ metze (This used to be commit 5fea278cb65076cea71bb6c921e51c4feffc37d7) --- source4/smb_server/smb/sesssetup.c | 370 +++++++++++++++++++++++++++++++++++++ 1 file changed, 370 insertions(+) create mode 100644 source4/smb_server/smb/sesssetup.c (limited to 'source4/smb_server/smb/sesssetup.c') diff --git a/source4/smb_server/smb/sesssetup.c b/source4/smb_server/smb/sesssetup.c new file mode 100644 index 0000000000..3f09346243 --- /dev/null +++ b/source4/smb_server/smb/sesssetup.c @@ -0,0 +1,370 @@ +/* + Unix SMB/CIFS implementation. + handle SMBsessionsetup + Copyright (C) Andrew Tridgell 1998-2001 + Copyright (C) Andrew Bartlett 2001-2005 + Copyright (C) Jim McDonough 2002 + Copyright (C) Luke Howard 2003 + Copyright (C) Stefan Metzmacher 2005 + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 2 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; if not, write to the Free Software + Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. +*/ + +#include "includes.h" +#include "version.h" +#include "auth/auth.h" +#include "smb_server/smb_server.h" +#include "smbd/service_stream.h" +#include "libcli/nbt/libnbt.h" + +/* + setup the OS, Lanman and domain portions of a session setup reply +*/ +static void sesssetup_common_strings(struct smbsrv_request *req, + char **os, char **lanman, char **domain) +{ + (*os) = talloc_asprintf(req, "Unix"); + (*lanman) = talloc_asprintf(req, "Samba %s", SAMBA_VERSION_STRING); + (*domain) = talloc_asprintf(req, "%s", lp_workgroup()); +} + + +/* + handler for old style session setup +*/ +static NTSTATUS sesssetup_old(struct smbsrv_request *req, union smb_sesssetup *sess) +{ + NTSTATUS status; + struct auth_usersupplied_info *user_info = NULL; + struct auth_serversupplied_info *server_info = NULL; + struct auth_session_info *session_info; + struct smbsrv_session *smb_sess; + const char *remote_machine = NULL; + + sess->old.out.vuid = 0; + sess->old.out.action = 0; + + if (!req->smb_conn->negotiate.done_sesssetup) { + req->smb_conn->negotiate.max_send = sess->old.in.bufsize; + } + + if (req->smb_conn->negotiate.calling_name) { + remote_machine = req->smb_conn->negotiate.calling_name->name; + } + + if (!remote_machine) { + remote_machine = socket_get_peer_addr(req->smb_conn->connection->socket, req); + } + + user_info = talloc(req, struct auth_usersupplied_info); + NT_STATUS_HAVE_NO_MEMORY(user_info); + + user_info->mapped_state = False; + user_info->logon_parameters = 0; + user_info->flags = 0; + user_info->client.account_name = sess->old.in.user; + user_info->client.domain_name = sess->old.in.domain; + user_info->workstation_name = remote_machine; + user_info->remote_host = socket_get_peer_addr(req->smb_conn->connection->socket, user_info); + + user_info->password_state = AUTH_PASSWORD_RESPONSE; + user_info->password.response.lanman = sess->old.in.password; + user_info->password.response.lanman.data = talloc_steal(user_info, sess->old.in.password.data); + user_info->password.response.nt = data_blob(NULL, 0); + + status = auth_check_password(req->smb_conn->negotiate.auth_context, + req, user_info, &server_info); + if (!NT_STATUS_IS_OK(status)) { + return auth_nt_status_squash(status); + } + + /* This references server_info into session_info */ + status = auth_generate_session_info(req, server_info, &session_info); + if (!NT_STATUS_IS_OK(status)) { + return auth_nt_status_squash(status); + } + + /* allocate a new session */ + smb_sess = smbsrv_session_new(req->smb_conn, NULL); + if (!smb_sess) { + return NT_STATUS_ACCESS_DENIED; + } + + /* Ensure this is marked as a 'real' vuid, not one + * simply valid for the session setup leg */ + status = smbsrv_session_sesssetup_finished(smb_sess, session_info); + if (!NT_STATUS_IS_OK(status)) { + return auth_nt_status_squash(status); + } + + /* To correctly process any AndX packet (like a tree connect) + * we need to fill in the session on the request here */ + req->session = smb_sess; + sess->old.out.vuid = smb_sess->vuid; + + sesssetup_common_strings(req, + &sess->old.out.os, + &sess->old.out.lanman, + &sess->old.out.domain); + + return NT_STATUS_OK; +} + + +/* + handler for NT1 style session setup +*/ +static NTSTATUS sesssetup_nt1(struct smbsrv_request *req, union smb_sesssetup *sess) +{ + NTSTATUS status; + struct auth_context *auth_context; + struct auth_usersupplied_info *user_info = NULL; + struct auth_serversupplied_info *server_info = NULL; + struct auth_session_info *session_info; + struct smbsrv_session *smb_sess; + const char *remote_machine = NULL; + + sess->nt1.out.vuid = 0; + sess->nt1.out.action = 0; + + if (!req->smb_conn->negotiate.done_sesssetup) { + req->smb_conn->negotiate.max_send = sess->nt1.in.bufsize; + req->smb_conn->negotiate.client_caps = sess->nt1.in.capabilities; + } + + if (req->smb_conn->negotiate.spnego_negotiated) { + if (sess->nt1.in.user && *sess->nt1.in.user) { + /* We can't accept a normal login, because we + * don't have a challenge */ + return NT_STATUS_LOGON_FAILURE; + } + + /* TODO: should we use just "anonymous" here? */ + status = auth_context_create(req, lp_auth_methods(), + &auth_context, + req->smb_conn->connection->event.ctx); + NT_STATUS_NOT_OK_RETURN(status); + } else { + auth_context = req->smb_conn->negotiate.auth_context; + } + + if (req->smb_conn->negotiate.calling_name) { + remote_machine = req->smb_conn->negotiate.calling_name->name; + } + + if (!remote_machine) { + remote_machine = socket_get_peer_addr(req->smb_conn->connection->socket, req); + } + + user_info = talloc(req, struct auth_usersupplied_info); + NT_STATUS_HAVE_NO_MEMORY(user_info); + + user_info->mapped_state = False; + user_info->logon_parameters = 0; + user_info->flags = 0; + user_info->client.account_name = sess->nt1.in.user; + user_info->client.domain_name = sess->nt1.in.domain; + user_info->workstation_name = remote_machine; + user_info->remote_host = socket_get_peer_addr(req->smb_conn->connection->socket, user_info); + + user_info->password_state = AUTH_PASSWORD_RESPONSE; + user_info->password.response.lanman = sess->nt1.in.password1; + user_info->password.response.lanman.data = talloc_steal(user_info, sess->nt1.in.password1.data); + user_info->password.response.nt = sess->nt1.in.password2; + user_info->password.response.nt.data = talloc_steal(user_info, sess->nt1.in.password2.data); + + status = auth_check_password(auth_context, req, user_info, &server_info); + if (!NT_STATUS_IS_OK(status)) { + return auth_nt_status_squash(status); + } + + /* This references server_info into session_info */ + status = auth_generate_session_info(req, server_info, &session_info); + if (!NT_STATUS_IS_OK(status)) { + return auth_nt_status_squash(status); + } + + /* allocate a new session */ + smb_sess = smbsrv_session_new(req->smb_conn, NULL); + if (!smb_sess) { + return NT_STATUS_ACCESS_DENIED; + } + + /* Ensure this is marked as a 'real' vuid, not one + * simply valid for the session setup leg */ + status = smbsrv_session_sesssetup_finished(smb_sess, session_info); + if (!NT_STATUS_IS_OK(status)) { + return auth_nt_status_squash(status); + } + + /* To correctly process any AndX packet (like a tree connect) + * we need to fill in the session on the request here */ + req->session = smb_sess; + sess->nt1.out.vuid = smb_sess->vuid; + + sesssetup_common_strings(req, + &sess->nt1.out.os, + &sess->nt1.out.lanman, + &sess->nt1.out.domain); + + if (!session_info->server_info->authenticated) { + return NT_STATUS_OK; + } + + if (!srv_setup_signing(req->smb_conn, &session_info->session_key, &sess->nt1.in.password2)) { + /* Already signing, or disabled */ + return NT_STATUS_OK; + } + + /* Force check of the request packet, now we know the session key */ + req_signing_check_incoming(req); +/* TODO: why don't we check the result here? */ + + /* Unfortunetly win2k3 as a client doesn't sign the request + * packet here, so we have to force signing to start again */ + + srv_signing_restart(req->smb_conn, &session_info->session_key, &sess->nt1.in.password2); + + return NT_STATUS_OK; +} + + +/* + handler for SPNEGO style session setup +*/ +static NTSTATUS sesssetup_spnego(struct smbsrv_request *req, union smb_sesssetup *sess) +{ + NTSTATUS status = NT_STATUS_ACCESS_DENIED; + struct smbsrv_session *smb_sess; + struct gensec_security *gensec_ctx; + struct auth_session_info *session_info = NULL; + uint16_t vuid; + + sess->spnego.out.vuid = 0; + sess->spnego.out.action = 0; + + sesssetup_common_strings(req, + &sess->spnego.out.os, + &sess->spnego.out.lanman, + &sess->spnego.out.workgroup); + + if (!req->smb_conn->negotiate.done_sesssetup) { + req->smb_conn->negotiate.max_send = sess->nt1.in.bufsize; + req->smb_conn->negotiate.client_caps = sess->nt1.in.capabilities; + } + + vuid = SVAL(req->in.hdr,HDR_UID); + smb_sess = smbsrv_session_find_sesssetup(req->smb_conn, vuid); + if (smb_sess) { + gensec_ctx = smb_sess->gensec_ctx; + } else { + status = gensec_server_start(req, &gensec_ctx, + req->smb_conn->connection->event.ctx); + if (!NT_STATUS_IS_OK(status)) { + DEBUG(1, ("Failed to start GENSEC server code: %s\n", nt_errstr(status))); + return status; + } + + gensec_set_credentials(gensec_ctx, req->smb_conn->negotiate.server_credentials); + + gensec_set_target_service(gensec_ctx, "cifs"); + + gensec_want_feature(gensec_ctx, GENSEC_FEATURE_SESSION_KEY); + + status = gensec_start_mech_by_oid(gensec_ctx, GENSEC_OID_SPNEGO); + if (!NT_STATUS_IS_OK(status)) { + DEBUG(1, ("Failed to start GENSEC SPNEGO server code: %s\n", nt_errstr(status))); + return status; + } + + smb_sess = smbsrv_session_new(req->smb_conn, gensec_ctx); + if (!smb_sess) { + return NT_STATUS_ACCESS_DENIED; + } + } + + status = gensec_update(gensec_ctx, req, sess->spnego.in.secblob, &sess->spnego.out.secblob); + if (NT_STATUS_IS_OK(status)) { + DATA_BLOB session_key; + + status = gensec_session_info(gensec_ctx, &session_info); + if (!NT_STATUS_IS_OK(status)) { + talloc_free(smb_sess); + return status; + } + + status = gensec_session_key(gensec_ctx, + &session_key); +/* TODO: what if getting the session key failed? */ + if (NT_STATUS_IS_OK(status) + && session_info->server_info->authenticated + && srv_setup_signing(req->smb_conn, &session_key, NULL)) { + /* Force check of the request packet, now we know the session key */ + req_signing_check_incoming(req); + + srv_signing_restart(req->smb_conn, &session_key, NULL); + } + + } else if (NT_STATUS_EQUAL(status, NT_STATUS_MORE_PROCESSING_REQUIRED)) { + } else { + status = auth_nt_status_squash(status); + + /* This invalidates the VUID of the failed login */ + talloc_free(smb_sess); + return status; + } + + if (NT_STATUS_IS_OK(status)) { + /* Ensure this is marked as a 'real' vuid, not one + * simply valid for the session setup leg */ + status = smbsrv_session_sesssetup_finished(smb_sess, session_info); + if (!NT_STATUS_IS_OK(status)) { + return auth_nt_status_squash(status); + } + req->session = smb_sess; + } + sess->spnego.out.vuid = smb_sess->vuid; + + return status; +} + +/* + backend for sessionsetup call - this takes all 3 variants of the call +*/ +NTSTATUS sesssetup_backend(struct smbsrv_request *req, + union smb_sesssetup *sess) +{ + NTSTATUS status = NT_STATUS_INVALID_LEVEL; + + switch (sess->old.level) { + case RAW_SESSSETUP_OLD: + status = sesssetup_old(req, sess); + break; + case RAW_SESSSETUP_NT1: + status = sesssetup_nt1(req, sess); + break; + case RAW_SESSSETUP_SPNEGO: + status = sesssetup_spnego(req, sess); + break; + } + + if (NT_STATUS_IS_OK(status)) { + req->smb_conn->negotiate.done_sesssetup = True; + } + + return status; +} + + -- cgit From 344703bfc0580419666e14217e6acf9e5f0c86c7 Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Wed, 7 Dec 2005 08:11:50 +0000 Subject: r12115: bring SMB sesssetup_spnego in sync with SMB2 sesssetup metze (This used to be commit 99cf7dbb177f92df40301ed8faeeb93e89452922) --- source4/smb_server/smb/sesssetup.c | 97 ++++++++++++++++++++------------------ 1 file changed, 51 insertions(+), 46 deletions(-) (limited to 'source4/smb_server/smb/sesssetup.c') diff --git a/source4/smb_server/smb/sesssetup.c b/source4/smb_server/smb/sesssetup.c index 3f09346243..2532a2f78f 100644 --- a/source4/smb_server/smb/sesssetup.c +++ b/source4/smb_server/smb/sesssetup.c @@ -246,10 +246,11 @@ static NTSTATUS sesssetup_nt1(struct smbsrv_request *req, union smb_sesssetup *s */ static NTSTATUS sesssetup_spnego(struct smbsrv_request *req, union smb_sesssetup *sess) { - NTSTATUS status = NT_STATUS_ACCESS_DENIED; - struct smbsrv_session *smb_sess; - struct gensec_security *gensec_ctx; + NTSTATUS status; + NTSTATUS skey_status; + struct smbsrv_session *smb_sess = NULL; struct auth_session_info *session_info = NULL; + DATA_BLOB session_key; uint16_t vuid; sess->spnego.out.vuid = 0; @@ -266,10 +267,12 @@ static NTSTATUS sesssetup_spnego(struct smbsrv_request *req, union smb_sesssetup } vuid = SVAL(req->in.hdr,HDR_UID); + + /* lookup an existing session */ smb_sess = smbsrv_session_find_sesssetup(req->smb_conn, vuid); - if (smb_sess) { - gensec_ctx = smb_sess->gensec_ctx; - } else { + if (!smb_sess) { + struct gensec_security *gensec_ctx; + status = gensec_server_start(req, &gensec_ctx, req->smb_conn->connection->event.ctx); if (!NT_STATUS_IS_OK(status)) { @@ -289,55 +292,57 @@ static NTSTATUS sesssetup_spnego(struct smbsrv_request *req, union smb_sesssetup return status; } + /* allocate a new session */ smb_sess = smbsrv_session_new(req->smb_conn, gensec_ctx); - if (!smb_sess) { - return NT_STATUS_ACCESS_DENIED; - } } - status = gensec_update(gensec_ctx, req, sess->spnego.in.secblob, &sess->spnego.out.secblob); - if (NT_STATUS_IS_OK(status)) { - DATA_BLOB session_key; - - status = gensec_session_info(gensec_ctx, &session_info); - if (!NT_STATUS_IS_OK(status)) { - talloc_free(smb_sess); - return status; - } - - status = gensec_session_key(gensec_ctx, - &session_key); -/* TODO: what if getting the session key failed? */ - if (NT_STATUS_IS_OK(status) - && session_info->server_info->authenticated - && srv_setup_signing(req->smb_conn, &session_key, NULL)) { - /* Force check of the request packet, now we know the session key */ - req_signing_check_incoming(req); - - srv_signing_restart(req->smb_conn, &session_key, NULL); - } + if (!smb_sess) { + return NT_STATUS_ACCESS_DENIED; + } - } else if (NT_STATUS_EQUAL(status, NT_STATUS_MORE_PROCESSING_REQUIRED)) { - } else { - status = auth_nt_status_squash(status); - - /* This invalidates the VUID of the failed login */ - talloc_free(smb_sess); + if (!smb_sess->gensec_ctx) { + status = NT_STATUS_INTERNAL_ERROR; + DEBUG(1, ("Internal ERROR: no gensec_ctx on session: %s\n", nt_errstr(status))); + goto failed; + } + + status = gensec_update(smb_sess->gensec_ctx, req, sess->spnego.in.secblob, &sess->spnego.out.secblob); + if (NT_STATUS_EQUAL(status, NT_STATUS_MORE_PROCESSING_REQUIRED)) { + sess->spnego.out.vuid = smb_sess->vuid; return status; + } else if (!NT_STATUS_IS_OK(status)) { + goto failed; } - - if (NT_STATUS_IS_OK(status)) { - /* Ensure this is marked as a 'real' vuid, not one - * simply valid for the session setup leg */ - status = smbsrv_session_sesssetup_finished(smb_sess, session_info); - if (!NT_STATUS_IS_OK(status)) { - return auth_nt_status_squash(status); - } - req->session = smb_sess; + + status = gensec_session_info(smb_sess->gensec_ctx, &session_info); + if (!NT_STATUS_IS_OK(status)) { + goto failed; + } + + skey_status = gensec_session_key(smb_sess->gensec_ctx, &session_key); + if (NT_STATUS_IS_OK(skey_status) && + session_info->server_info->authenticated && + srv_setup_signing(req->smb_conn, &session_key, NULL)) { + /* Force check of the request packet, now we know the session key */ + req_signing_check_incoming(req); + + srv_signing_restart(req->smb_conn, &session_key, NULL); + } + + /* Ensure this is marked as a 'real' vuid, not one + * simply valid for the session setup leg */ + status = smbsrv_session_sesssetup_finished(smb_sess, session_info); + if (!NT_STATUS_IS_OK(status)) { + goto failed; } + req->session = smb_sess; + sess->spnego.out.vuid = smb_sess->vuid; + return NT_STATUS_OK; - return status; +failed: + talloc_free(smb_sess); + return auth_nt_status_squash(status); } /* -- cgit From d4de4c2d210d2e8c9b5aedf70695594809ad6a0b Mon Sep 17 00:00:00 2001 From: Jelmer Vernooij Date: Fri, 30 Dec 2005 13:16:54 +0000 Subject: r12608: Remove some unused #include lines. (This used to be commit 70e7449318aa0e9d2639c76730a7d1683b2f4981) --- source4/smb_server/smb/sesssetup.c | 1 - 1 file changed, 1 deletion(-) (limited to 'source4/smb_server/smb/sesssetup.c') diff --git a/source4/smb_server/smb/sesssetup.c b/source4/smb_server/smb/sesssetup.c index 2532a2f78f..4bafc6cbf4 100644 --- a/source4/smb_server/smb/sesssetup.c +++ b/source4/smb_server/smb/sesssetup.c @@ -27,7 +27,6 @@ #include "auth/auth.h" #include "smb_server/smb_server.h" #include "smbd/service_stream.h" -#include "libcli/nbt/libnbt.h" /* setup the OS, Lanman and domain portions of a session setup reply -- cgit From f55ea8bb3dca868e21663cd90eaea7a35cd7886c Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Mon, 9 Jan 2006 22:12:53 +0000 Subject: r12804: This patch reworks the Samba4 sockets layer to use a socket_address structure that is more generic than just 'IP/port'. It now passes make test, and has been reviewed and updated by metze. (Thankyou *very* much). This passes 'make test' as well as kerberos use (not currently in the testsuite). The original purpose of this patch was to have Samba able to pass a socket address stucture from the BSD layer into the kerberos routines and back again. It also removes nbt_peer_addr, which was being used for a similar purpose. It is a large change, but worthwhile I feel. Andrew Bartlett (This used to be commit 88198c4881d8620a37086f80e4da5a5b71c5bbb2) --- source4/smb_server/smb/sesssetup.c | 19 ++++++++++++++----- 1 file changed, 14 insertions(+), 5 deletions(-) (limited to 'source4/smb_server/smb/sesssetup.c') diff --git a/source4/smb_server/smb/sesssetup.c b/source4/smb_server/smb/sesssetup.c index 4bafc6cbf4..225f0f7c47 100644 --- a/source4/smb_server/smb/sesssetup.c +++ b/source4/smb_server/smb/sesssetup.c @@ -1,3 +1,4 @@ + /* Unix SMB/CIFS implementation. handle SMBsessionsetup @@ -50,6 +51,7 @@ static NTSTATUS sesssetup_old(struct smbsrv_request *req, union smb_sesssetup *s struct auth_serversupplied_info *server_info = NULL; struct auth_session_info *session_info; struct smbsrv_session *smb_sess; + struct socket_address *remote_address; const char *remote_machine = NULL; sess->old.out.vuid = 0; @@ -63,8 +65,11 @@ static NTSTATUS sesssetup_old(struct smbsrv_request *req, union smb_sesssetup *s remote_machine = req->smb_conn->negotiate.calling_name->name; } + remote_address = socket_get_peer_addr(req->smb_conn->connection->socket, req); + NT_STATUS_HAVE_NO_MEMORY(remote_address); + if (!remote_machine) { - remote_machine = socket_get_peer_addr(req->smb_conn->connection->socket, req); + remote_machine = remote_address->addr; } user_info = talloc(req, struct auth_usersupplied_info); @@ -76,7 +81,7 @@ static NTSTATUS sesssetup_old(struct smbsrv_request *req, union smb_sesssetup *s user_info->client.account_name = sess->old.in.user; user_info->client.domain_name = sess->old.in.domain; user_info->workstation_name = remote_machine; - user_info->remote_host = socket_get_peer_addr(req->smb_conn->connection->socket, user_info); + user_info->remote_host = talloc_steal(user_info, remote_address); user_info->password_state = AUTH_PASSWORD_RESPONSE; user_info->password.response.lanman = sess->old.in.password; @@ -133,6 +138,7 @@ static NTSTATUS sesssetup_nt1(struct smbsrv_request *req, union smb_sesssetup *s struct auth_serversupplied_info *server_info = NULL; struct auth_session_info *session_info; struct smbsrv_session *smb_sess; + struct socket_address *remote_address; const char *remote_machine = NULL; sess->nt1.out.vuid = 0; @@ -163,10 +169,13 @@ static NTSTATUS sesssetup_nt1(struct smbsrv_request *req, union smb_sesssetup *s remote_machine = req->smb_conn->negotiate.calling_name->name; } + remote_address = socket_get_peer_addr(req->smb_conn->connection->socket, req); + NT_STATUS_HAVE_NO_MEMORY(remote_address); + if (!remote_machine) { - remote_machine = socket_get_peer_addr(req->smb_conn->connection->socket, req); + remote_machine = remote_address->addr; } - + user_info = talloc(req, struct auth_usersupplied_info); NT_STATUS_HAVE_NO_MEMORY(user_info); @@ -176,7 +185,7 @@ static NTSTATUS sesssetup_nt1(struct smbsrv_request *req, union smb_sesssetup *s user_info->client.account_name = sess->nt1.in.user; user_info->client.domain_name = sess->nt1.in.domain; user_info->workstation_name = remote_machine; - user_info->remote_host = socket_get_peer_addr(req->smb_conn->connection->socket, user_info); + user_info->remote_host = talloc_steal(user_info, remote_address); user_info->password_state = AUTH_PASSWORD_RESPONSE; user_info->password.response.lanman = sess->nt1.in.password1; -- cgit From 941c1566e514ef039220a781e12ce9385265071a Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Thu, 9 Feb 2006 03:04:48 +0000 Subject: r13403: Try to better handle a case where SPNEGO isn't available (allow us to emulate the behaviour of XP standalone if required). Andrew Bartlett (This used to be commit 7f821097fbdbc9f35d96e05f85cf008f36c0eea3) --- source4/smb_server/smb/sesssetup.c | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) (limited to 'source4/smb_server/smb/sesssetup.c') diff --git a/source4/smb_server/smb/sesssetup.c b/source4/smb_server/smb/sesssetup.c index 225f0f7c47..a90f709a12 100644 --- a/source4/smb_server/smb/sesssetup.c +++ b/source4/smb_server/smb/sesssetup.c @@ -149,7 +149,7 @@ static NTSTATUS sesssetup_nt1(struct smbsrv_request *req, union smb_sesssetup *s req->smb_conn->negotiate.client_caps = sess->nt1.in.capabilities; } - if (req->smb_conn->negotiate.spnego_negotiated) { + if (req->smb_conn->negotiate.oid) { if (sess->nt1.in.user && *sess->nt1.in.user) { /* We can't accept a normal login, because we * don't have a challenge */ @@ -294,9 +294,10 @@ static NTSTATUS sesssetup_spnego(struct smbsrv_request *req, union smb_sesssetup gensec_want_feature(gensec_ctx, GENSEC_FEATURE_SESSION_KEY); - status = gensec_start_mech_by_oid(gensec_ctx, GENSEC_OID_SPNEGO); + status = gensec_start_mech_by_oid(gensec_ctx, req->smb_conn->negotiate.oid); if (!NT_STATUS_IS_OK(status)) { - DEBUG(1, ("Failed to start GENSEC SPNEGO server code: %s\n", nt_errstr(status))); + DEBUG(1, ("Failed to start GENSEC %s server code: %s\n", + gensec_get_name_by_oid(req->smb_conn->negotiate.oid), nt_errstr(status))); return status; } -- cgit From 354a61fc915da99a16732337b62920909a591b58 Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Mon, 6 Mar 2006 15:33:25 +0000 Subject: r13866: prefix more functions with smbsrv_ metze (This used to be commit bb083f17c961964dd99185ae4194596ccaafd4a8) --- source4/smb_server/smb/sesssetup.c | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) (limited to 'source4/smb_server/smb/sesssetup.c') diff --git a/source4/smb_server/smb/sesssetup.c b/source4/smb_server/smb/sesssetup.c index a90f709a12..916224b26e 100644 --- a/source4/smb_server/smb/sesssetup.c +++ b/source4/smb_server/smb/sesssetup.c @@ -357,8 +357,8 @@ failed: /* backend for sessionsetup call - this takes all 3 variants of the call */ -NTSTATUS sesssetup_backend(struct smbsrv_request *req, - union smb_sesssetup *sess) +NTSTATUS smbsrv_sesssetup_backend(struct smbsrv_request *req, + union smb_sesssetup *sess) { NTSTATUS status = NT_STATUS_INVALID_LEVEL; @@ -380,5 +380,3 @@ NTSTATUS sesssetup_backend(struct smbsrv_request *req, return status; } - - -- cgit From a0e66eac7d8ff337b77e078038d0b23a25b22ee7 Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Mon, 6 Mar 2006 16:19:27 +0000 Subject: r13870: prefix more functions with smbsrv_ metze (This used to be commit e6275db7b926d3660ad4a0f40041a5129001427a) --- source4/smb_server/smb/sesssetup.c | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) (limited to 'source4/smb_server/smb/sesssetup.c') diff --git a/source4/smb_server/smb/sesssetup.c b/source4/smb_server/smb/sesssetup.c index 916224b26e..29589ce074 100644 --- a/source4/smb_server/smb/sesssetup.c +++ b/source4/smb_server/smb/sesssetup.c @@ -231,19 +231,19 @@ static NTSTATUS sesssetup_nt1(struct smbsrv_request *req, union smb_sesssetup *s return NT_STATUS_OK; } - if (!srv_setup_signing(req->smb_conn, &session_info->session_key, &sess->nt1.in.password2)) { + if (!smbsrv_setup_signing(req->smb_conn, &session_info->session_key, &sess->nt1.in.password2)) { /* Already signing, or disabled */ return NT_STATUS_OK; } /* Force check of the request packet, now we know the session key */ - req_signing_check_incoming(req); + smbsrv_signing_check_incoming(req); /* TODO: why don't we check the result here? */ /* Unfortunetly win2k3 as a client doesn't sign the request * packet here, so we have to force signing to start again */ - srv_signing_restart(req->smb_conn, &session_info->session_key, &sess->nt1.in.password2); + smbsrv_signing_restart(req->smb_conn, &session_info->session_key, &sess->nt1.in.password2); return NT_STATUS_OK; } @@ -331,11 +331,11 @@ static NTSTATUS sesssetup_spnego(struct smbsrv_request *req, union smb_sesssetup skey_status = gensec_session_key(smb_sess->gensec_ctx, &session_key); if (NT_STATUS_IS_OK(skey_status) && session_info->server_info->authenticated && - srv_setup_signing(req->smb_conn, &session_key, NULL)) { + smbsrv_setup_signing(req->smb_conn, &session_key, NULL)) { /* Force check of the request packet, now we know the session key */ - req_signing_check_incoming(req); + smbsrv_signing_check_incoming(req); - srv_signing_restart(req->smb_conn, &session_key, NULL); + smbsrv_signing_restart(req->smb_conn, &session_key, NULL); } /* Ensure this is marked as a 'real' vuid, not one -- cgit From 35349a58df5b69446607fbd742a05f57f3515319 Mon Sep 17 00:00:00 2001 From: Jelmer Vernooij Date: Sat, 18 Mar 2006 15:42:57 +0000 Subject: r14542: Remove librpc, libndr and libnbt from includes.h (This used to be commit 51b4270513752d2eafbe77f9de598de16ef84a1f) --- source4/smb_server/smb/sesssetup.c | 1 + 1 file changed, 1 insertion(+) (limited to 'source4/smb_server/smb/sesssetup.c') diff --git a/source4/smb_server/smb/sesssetup.c b/source4/smb_server/smb/sesssetup.c index 29589ce074..0edee86a60 100644 --- a/source4/smb_server/smb/sesssetup.c +++ b/source4/smb_server/smb/sesssetup.c @@ -28,6 +28,7 @@ #include "auth/auth.h" #include "smb_server/smb_server.h" #include "smbd/service_stream.h" +#include "librpc/gen_ndr/nbt.h" /* setup the OS, Lanman and domain portions of a session setup reply -- cgit From e306c5bf129a981693bd251d45597f1e584ee850 Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Sat, 20 May 2006 10:46:38 +0000 Subject: r15741: move smb2 request structures into the main smb request structs as new levels metze (This used to be commit 91806353174704857dfcc15a730af7232cfde660) --- source4/smb_server/smb/sesssetup.c | 3 +++ 1 file changed, 3 insertions(+) (limited to 'source4/smb_server/smb/sesssetup.c') diff --git a/source4/smb_server/smb/sesssetup.c b/source4/smb_server/smb/sesssetup.c index 0edee86a60..2256f51b73 100644 --- a/source4/smb_server/smb/sesssetup.c +++ b/source4/smb_server/smb/sesssetup.c @@ -373,6 +373,9 @@ NTSTATUS smbsrv_sesssetup_backend(struct smbsrv_request *req, case RAW_SESSSETUP_SPNEGO: status = sesssetup_spnego(req, sess); break; + case RAW_SESSSETUP_SMB2: + status = NT_STATUS_INTERNAL_ERROR; + break; } if (NT_STATUS_IS_OK(status)) { -- cgit From 61d620012d8e13b6a9c95444db9de7dc31427a37 Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Thu, 27 Jul 2006 14:19:51 +0000 Subject: r17274: fix typos metze (This used to be commit 699dee70aaa13bddbe8be760033aa81dd583208a) --- source4/smb_server/smb/sesssetup.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'source4/smb_server/smb/sesssetup.c') diff --git a/source4/smb_server/smb/sesssetup.c b/source4/smb_server/smb/sesssetup.c index 2256f51b73..f4407c1a28 100644 --- a/source4/smb_server/smb/sesssetup.c +++ b/source4/smb_server/smb/sesssetup.c @@ -271,8 +271,8 @@ static NTSTATUS sesssetup_spnego(struct smbsrv_request *req, union smb_sesssetup &sess->spnego.out.workgroup); if (!req->smb_conn->negotiate.done_sesssetup) { - req->smb_conn->negotiate.max_send = sess->nt1.in.bufsize; - req->smb_conn->negotiate.client_caps = sess->nt1.in.capabilities; + req->smb_conn->negotiate.max_send = sess->spnego.in.bufsize; + req->smb_conn->negotiate.client_caps = sess->spnego.in.capabilities; } vuid = SVAL(req->in.hdr,HDR_UID); -- cgit From 1575743c36e742403c48a15a61bb0afa518012d8 Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Thu, 27 Jul 2006 19:07:15 +0000 Subject: r17283: use the async calls of auth_check_password() and gensec_update() in the smb server. metze (This used to be commit 216e02c69cf5914487f0000d836d1082795487b2) --- source4/smb_server/smb/sesssetup.c | 338 ++++++++++++++++++++++--------------- 1 file changed, 202 insertions(+), 136 deletions(-) (limited to 'source4/smb_server/smb/sesssetup.c') diff --git a/source4/smb_server/smb/sesssetup.c b/source4/smb_server/smb/sesssetup.c index f4407c1a28..fe75cce17e 100644 --- a/source4/smb_server/smb/sesssetup.c +++ b/source4/smb_server/smb/sesssetup.c @@ -41,40 +41,89 @@ static void sesssetup_common_strings(struct smbsrv_request *req, (*domain) = talloc_asprintf(req, "%s", lp_workgroup()); } +static void smbsrv_sesssetup_backend_send(struct smbsrv_request *req, + union smb_sesssetup *sess, + NTSTATUS status) +{ + if (NT_STATUS_IS_OK(status)) { + req->smb_conn->negotiate.done_sesssetup = True; + } + smbsrv_reply_sesssetup_send(req, sess, status); +} + +static void sesssetup_old_send(struct auth_check_password_request *areq, + void *private_data) +{ + struct smbsrv_request *req = talloc_get_type(private_data, struct smbsrv_request); + union smb_sesssetup *sess = talloc_get_type(req->io_ptr, union smb_sesssetup); + struct auth_serversupplied_info *server_info = NULL; + struct auth_session_info *session_info; + struct smbsrv_session *smb_sess; + NTSTATUS status; + + status = auth_check_password_recv(areq, req, &server_info); + if (!NT_STATUS_IS_OK(status)) goto failed; + + /* This references server_info into session_info */ + status = auth_generate_session_info(req, server_info, &session_info); + if (!NT_STATUS_IS_OK(status)) goto failed; + + /* allocate a new session */ + smb_sess = smbsrv_session_new(req->smb_conn, NULL); + if (!smb_sess) { + status = NT_STATUS_INSUFFICIENT_RESOURCES; + goto failed; + } + + /* Ensure this is marked as a 'real' vuid, not one + * simply valid for the session setup leg */ + status = smbsrv_session_sesssetup_finished(smb_sess, session_info); + if (!NT_STATUS_IS_OK(status)) goto failed; + + /* To correctly process any AndX packet (like a tree connect) + * we need to fill in the session on the request here */ + req->session = smb_sess; + sess->old.out.vuid = smb_sess->vuid; + +failed: + status = auth_nt_status_squash(status); + smbsrv_sesssetup_backend_send(req, sess, status); +} /* handler for old style session setup */ -static NTSTATUS sesssetup_old(struct smbsrv_request *req, union smb_sesssetup *sess) +static void sesssetup_old(struct smbsrv_request *req, union smb_sesssetup *sess) { - NTSTATUS status; struct auth_usersupplied_info *user_info = NULL; - struct auth_serversupplied_info *server_info = NULL; - struct auth_session_info *session_info; - struct smbsrv_session *smb_sess; struct socket_address *remote_address; const char *remote_machine = NULL; sess->old.out.vuid = 0; sess->old.out.action = 0; + sesssetup_common_strings(req, + &sess->old.out.os, + &sess->old.out.lanman, + &sess->old.out.domain); + if (!req->smb_conn->negotiate.done_sesssetup) { req->smb_conn->negotiate.max_send = sess->old.in.bufsize; } - + if (req->smb_conn->negotiate.calling_name) { remote_machine = req->smb_conn->negotiate.calling_name->name; } remote_address = socket_get_peer_addr(req->smb_conn->connection->socket, req); - NT_STATUS_HAVE_NO_MEMORY(remote_address); + if (!remote_address) goto nomem; if (!remote_machine) { remote_machine = remote_address->addr; } user_info = talloc(req, struct auth_usersupplied_info); - NT_STATUS_HAVE_NO_MEMORY(user_info); + if (!user_info) goto nomem; user_info->mapped_state = False; user_info->logon_parameters = 0; @@ -89,62 +138,93 @@ static NTSTATUS sesssetup_old(struct smbsrv_request *req, union smb_sesssetup *s user_info->password.response.lanman.data = talloc_steal(user_info, sess->old.in.password.data); user_info->password.response.nt = data_blob(NULL, 0); - status = auth_check_password(req->smb_conn->negotiate.auth_context, - req, user_info, &server_info); - if (!NT_STATUS_IS_OK(status)) { - return auth_nt_status_squash(status); - } + auth_check_password_send(req->smb_conn->negotiate.auth_context, user_info, + sesssetup_old_send, req); + return; + +nomem: + smbsrv_sesssetup_backend_send(req, sess, NT_STATUS_NO_MEMORY); +} + +static void sesssetup_nt1_send(struct auth_check_password_request *areq, + void *private_data) +{ + struct smbsrv_request *req = talloc_get_type(private_data, struct smbsrv_request); + union smb_sesssetup *sess = talloc_get_type(req->io_ptr, union smb_sesssetup); + struct auth_serversupplied_info *server_info = NULL; + struct auth_session_info *session_info; + struct smbsrv_session *smb_sess; + NTSTATUS status; + + status = auth_check_password_recv(areq, req, &server_info); + if (!NT_STATUS_IS_OK(status)) goto failed; /* This references server_info into session_info */ status = auth_generate_session_info(req, server_info, &session_info); - if (!NT_STATUS_IS_OK(status)) { - return auth_nt_status_squash(status); - } + if (!NT_STATUS_IS_OK(status)) goto failed; /* allocate a new session */ smb_sess = smbsrv_session_new(req->smb_conn, NULL); if (!smb_sess) { - return NT_STATUS_ACCESS_DENIED; + status = NT_STATUS_INSUFFICIENT_RESOURCES; + goto failed; } /* Ensure this is marked as a 'real' vuid, not one * simply valid for the session setup leg */ status = smbsrv_session_sesssetup_finished(smb_sess, session_info); - if (!NT_STATUS_IS_OK(status)) { - return auth_nt_status_squash(status); - } + if (!NT_STATUS_IS_OK(status)) goto failed; /* To correctly process any AndX packet (like a tree connect) * we need to fill in the session on the request here */ req->session = smb_sess; - sess->old.out.vuid = smb_sess->vuid; + sess->nt1.out.vuid = smb_sess->vuid; - sesssetup_common_strings(req, - &sess->old.out.os, - &sess->old.out.lanman, - &sess->old.out.domain); + if (!session_info->server_info->authenticated) { + /* don't try signing as anonymous */ + goto done; + } - return NT_STATUS_OK; -} + if (!smbsrv_setup_signing(req->smb_conn, &session_info->session_key, &sess->nt1.in.password2)) { + /* Already signing, or disabled */ + goto done; + } + /* Force check of the request packet, now we know the session key */ + smbsrv_signing_check_incoming(req); +/* TODO: why don't we check the result here? */ + + /* Unfortunetly win2k3 as a client doesn't sign the request + * packet here, so we have to force signing to start again */ + + smbsrv_signing_restart(req->smb_conn, &session_info->session_key, &sess->nt1.in.password2); + +done: + status = NT_STATUS_OK; +failed: + status = auth_nt_status_squash(status); + smbsrv_sesssetup_backend_send(req, sess, status); +} /* handler for NT1 style session setup */ -static NTSTATUS sesssetup_nt1(struct smbsrv_request *req, union smb_sesssetup *sess) +static void sesssetup_nt1(struct smbsrv_request *req, union smb_sesssetup *sess) { NTSTATUS status; struct auth_context *auth_context; struct auth_usersupplied_info *user_info = NULL; - struct auth_serversupplied_info *server_info = NULL; - struct auth_session_info *session_info; - struct smbsrv_session *smb_sess; struct socket_address *remote_address; const char *remote_machine = NULL; sess->nt1.out.vuid = 0; sess->nt1.out.action = 0; + sesssetup_common_strings(req, + &sess->nt1.out.os, + &sess->nt1.out.lanman, + &sess->nt1.out.domain); + if (!req->smb_conn->negotiate.done_sesssetup) { req->smb_conn->negotiate.max_send = sess->nt1.in.bufsize; req->smb_conn->negotiate.client_caps = sess->nt1.in.capabilities; @@ -154,14 +234,15 @@ static NTSTATUS sesssetup_nt1(struct smbsrv_request *req, union smb_sesssetup *s if (sess->nt1.in.user && *sess->nt1.in.user) { /* We can't accept a normal login, because we * don't have a challenge */ - return NT_STATUS_LOGON_FAILURE; + status = NT_STATUS_LOGON_FAILURE; + goto failed; } /* TODO: should we use just "anonymous" here? */ status = auth_context_create(req, lp_auth_methods(), - &auth_context, + &auth_context, req->smb_conn->connection->event.ctx); - NT_STATUS_NOT_OK_RETURN(status); + if (!NT_STATUS_IS_OK(status)) goto failed; } else { auth_context = req->smb_conn->negotiate.auth_context; } @@ -171,15 +252,15 @@ static NTSTATUS sesssetup_nt1(struct smbsrv_request *req, union smb_sesssetup *s } remote_address = socket_get_peer_addr(req->smb_conn->connection->socket, req); - NT_STATUS_HAVE_NO_MEMORY(remote_address); + if (!remote_address) goto nomem; if (!remote_machine) { remote_machine = remote_address->addr; } user_info = talloc(req, struct auth_usersupplied_info); - NT_STATUS_HAVE_NO_MEMORY(user_info); - + if (!user_info) goto nomem; + user_info->mapped_state = False; user_info->logon_parameters = 0; user_info->flags = 0; @@ -194,72 +275,77 @@ static NTSTATUS sesssetup_nt1(struct smbsrv_request *req, union smb_sesssetup *s user_info->password.response.nt = sess->nt1.in.password2; user_info->password.response.nt.data = talloc_steal(user_info, sess->nt1.in.password2.data); - status = auth_check_password(auth_context, req, user_info, &server_info); - if (!NT_STATUS_IS_OK(status)) { - return auth_nt_status_squash(status); - } + auth_check_password_send(auth_context, user_info, + sesssetup_nt1_send, req); + return; - /* This references server_info into session_info */ - status = auth_generate_session_info(req, server_info, &session_info); - if (!NT_STATUS_IS_OK(status)) { - return auth_nt_status_squash(status); - } +nomem: + status = NT_STATUS_NO_MEMORY; +failed: + status = auth_nt_status_squash(status); + smbsrv_sesssetup_backend_send(req, sess, status); +} - /* allocate a new session */ - smb_sess = smbsrv_session_new(req->smb_conn, NULL); - if (!smb_sess) { - return NT_STATUS_ACCESS_DENIED; - } +struct sesssetup_spnego_state { + struct smbsrv_request *req; + union smb_sesssetup *sess; + struct smbsrv_session *smb_sess; +}; - /* Ensure this is marked as a 'real' vuid, not one - * simply valid for the session setup leg */ - status = smbsrv_session_sesssetup_finished(smb_sess, session_info); - if (!NT_STATUS_IS_OK(status)) { - return auth_nt_status_squash(status); - } +static void sesssetup_spnego_send(struct gensec_update_request *greq, void *private_data) +{ + struct sesssetup_spnego_state *s = talloc_get_type(private_data, + struct sesssetup_spnego_state); + struct smbsrv_request *req = s->req; + union smb_sesssetup *sess = s->sess; + struct smbsrv_session *smb_sess = s->smb_sess; + struct auth_session_info *session_info = NULL; + NTSTATUS status; + NTSTATUS skey_status; + DATA_BLOB session_key; - /* To correctly process any AndX packet (like a tree connect) - * we need to fill in the session on the request here */ - req->session = smb_sess; - sess->nt1.out.vuid = smb_sess->vuid; + status = gensec_update_recv(greq, req, &sess->spnego.out.secblob); + if (NT_STATUS_EQUAL(status, NT_STATUS_MORE_PROCESSING_REQUIRED)) { + goto done; + } else if (!NT_STATUS_IS_OK(status)) { + goto failed; + } - sesssetup_common_strings(req, - &sess->nt1.out.os, - &sess->nt1.out.lanman, - &sess->nt1.out.domain); + status = gensec_session_info(smb_sess->gensec_ctx, &session_info); + if (!NT_STATUS_IS_OK(status)) goto failed; - if (!session_info->server_info->authenticated) { - return NT_STATUS_OK; - } + skey_status = gensec_session_key(smb_sess->gensec_ctx, &session_key); + if (NT_STATUS_IS_OK(skey_status) && + session_info->server_info->authenticated && + smbsrv_setup_signing(req->smb_conn, &session_key, NULL)) { + /* Force check of the request packet, now we know the session key */ + smbsrv_signing_check_incoming(req); - if (!smbsrv_setup_signing(req->smb_conn, &session_info->session_key, &sess->nt1.in.password2)) { - /* Already signing, or disabled */ - return NT_STATUS_OK; + smbsrv_signing_restart(req->smb_conn, &session_key, NULL); } - /* Force check of the request packet, now we know the session key */ - smbsrv_signing_check_incoming(req); -/* TODO: why don't we check the result here? */ - - /* Unfortunetly win2k3 as a client doesn't sign the request - * packet here, so we have to force signing to start again */ + /* Ensure this is marked as a 'real' vuid, not one + * simply valid for the session setup leg */ + status = smbsrv_session_sesssetup_finished(smb_sess, session_info); + if (!NT_STATUS_IS_OK(status)) goto failed; - smbsrv_signing_restart(req->smb_conn, &session_info->session_key, &sess->nt1.in.password2); + req->session = smb_sess; - return NT_STATUS_OK; +done: + sess->spnego.out.vuid = smb_sess->vuid; +failed: + status = auth_nt_status_squash(status); + smbsrv_sesssetup_backend_send(req, sess, status); } - /* handler for SPNEGO style session setup */ -static NTSTATUS sesssetup_spnego(struct smbsrv_request *req, union smb_sesssetup *sess) +static void sesssetup_spnego(struct smbsrv_request *req, union smb_sesssetup *sess) { NTSTATUS status; - NTSTATUS skey_status; struct smbsrv_session *smb_sess = NULL; - struct auth_session_info *session_info = NULL; - DATA_BLOB session_key; + struct sesssetup_spnego_state *s = NULL; uint16_t vuid; sess->spnego.out.vuid = 0; @@ -286,7 +372,7 @@ static NTSTATUS sesssetup_spnego(struct smbsrv_request *req, union smb_sesssetup req->smb_conn->connection->event.ctx); if (!NT_STATUS_IS_OK(status)) { DEBUG(1, ("Failed to start GENSEC server code: %s\n", nt_errstr(status))); - return status; + goto failed; } gensec_set_credentials(gensec_ctx, req->smb_conn->negotiate.server_credentials); @@ -299,15 +385,20 @@ static NTSTATUS sesssetup_spnego(struct smbsrv_request *req, union smb_sesssetup if (!NT_STATUS_IS_OK(status)) { DEBUG(1, ("Failed to start GENSEC %s server code: %s\n", gensec_get_name_by_oid(req->smb_conn->negotiate.oid), nt_errstr(status))); - return status; + goto failed; } /* allocate a new session */ smb_sess = smbsrv_session_new(req->smb_conn, gensec_ctx); + if (!smb_sess) { + status = NT_STATUS_INSUFFICIENT_RESOURCES; + goto failed; + } } if (!smb_sess) { - return NT_STATUS_ACCESS_DENIED; + status = NT_STATUS_ACCESS_DENIED; + goto failed; } if (!smb_sess->gensec_ctx) { @@ -316,71 +407,46 @@ static NTSTATUS sesssetup_spnego(struct smbsrv_request *req, union smb_sesssetup goto failed; } - status = gensec_update(smb_sess->gensec_ctx, req, sess->spnego.in.secblob, &sess->spnego.out.secblob); - if (NT_STATUS_EQUAL(status, NT_STATUS_MORE_PROCESSING_REQUIRED)) { - sess->spnego.out.vuid = smb_sess->vuid; - return status; - } else if (!NT_STATUS_IS_OK(status)) { - goto failed; - } - - status = gensec_session_info(smb_sess->gensec_ctx, &session_info); - if (!NT_STATUS_IS_OK(status)) { - goto failed; - } + s = talloc(req, struct sesssetup_spnego_state); + if (!s) goto nomem; + s->req = req; + s->sess = sess; + s->smb_sess = smb_sess; - skey_status = gensec_session_key(smb_sess->gensec_ctx, &session_key); - if (NT_STATUS_IS_OK(skey_status) && - session_info->server_info->authenticated && - smbsrv_setup_signing(req->smb_conn, &session_key, NULL)) { - /* Force check of the request packet, now we know the session key */ - smbsrv_signing_check_incoming(req); - - smbsrv_signing_restart(req->smb_conn, &session_key, NULL); - } - - /* Ensure this is marked as a 'real' vuid, not one - * simply valid for the session setup leg */ - status = smbsrv_session_sesssetup_finished(smb_sess, session_info); - if (!NT_STATUS_IS_OK(status)) { - goto failed; - } - req->session = smb_sess; - - sess->spnego.out.vuid = smb_sess->vuid; - return NT_STATUS_OK; + gensec_update_send(smb_sess->gensec_ctx, sess->spnego.in.secblob, + sesssetup_spnego_send, s); + return; +nomem: + status = NT_STATUS_NO_MEMORY; failed: talloc_free(smb_sess); - return auth_nt_status_squash(status); + status = auth_nt_status_squash(status); + smbsrv_sesssetup_backend_send(req, sess, status); } /* backend for sessionsetup call - this takes all 3 variants of the call */ -NTSTATUS smbsrv_sesssetup_backend(struct smbsrv_request *req, - union smb_sesssetup *sess) +void smbsrv_sesssetup_backend(struct smbsrv_request *req, + union smb_sesssetup *sess) { - NTSTATUS status = NT_STATUS_INVALID_LEVEL; - switch (sess->old.level) { case RAW_SESSSETUP_OLD: - status = sesssetup_old(req, sess); - break; + sesssetup_old(req, sess); + return; + case RAW_SESSSETUP_NT1: - status = sesssetup_nt1(req, sess); - break; + sesssetup_nt1(req, sess); + return; + case RAW_SESSSETUP_SPNEGO: - status = sesssetup_spnego(req, sess); - break; + sesssetup_spnego(req, sess); + return; + case RAW_SESSSETUP_SMB2: - status = NT_STATUS_INTERNAL_ERROR; break; } - if (NT_STATUS_IS_OK(status)) { - req->smb_conn->negotiate.done_sesssetup = True; - } - - return status; + smbsrv_sesssetup_backend_send(req, sess, NT_STATUS_INVALID_LEVEL); } -- cgit From 7a845bcb0141a895d5685afcef1ffe7f93428d0f Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Mon, 31 Jul 2006 14:05:08 +0000 Subject: r17341: pass a messaging context to auth_context_create() and gensec_server_start(). calling them with NULL for event context or messaging context is no longer allowed! metze (This used to be commit 679ac74e71b111344f1097ab389c0b83a9247710) --- source4/smb_server/smb/sesssetup.c | 11 +++++++---- 1 file changed, 7 insertions(+), 4 deletions(-) (limited to 'source4/smb_server/smb/sesssetup.c') diff --git a/source4/smb_server/smb/sesssetup.c b/source4/smb_server/smb/sesssetup.c index fe75cce17e..25655fc14f 100644 --- a/source4/smb_server/smb/sesssetup.c +++ b/source4/smb_server/smb/sesssetup.c @@ -240,8 +240,9 @@ static void sesssetup_nt1(struct smbsrv_request *req, union smb_sesssetup *sess) /* TODO: should we use just "anonymous" here? */ status = auth_context_create(req, lp_auth_methods(), - &auth_context, - req->smb_conn->connection->event.ctx); + req->smb_conn->connection->event.ctx, + req->smb_conn->connection->msg_ctx, + &auth_context); if (!NT_STATUS_IS_OK(status)) goto failed; } else { auth_context = req->smb_conn->negotiate.auth_context; @@ -368,8 +369,10 @@ static void sesssetup_spnego(struct smbsrv_request *req, union smb_sesssetup *se if (!smb_sess) { struct gensec_security *gensec_ctx; - status = gensec_server_start(req, &gensec_ctx, - req->smb_conn->connection->event.ctx); + status = gensec_server_start(req, + req->smb_conn->connection->event.ctx, + req->smb_conn->connection->msg_ctx, + &gensec_ctx); if (!NT_STATUS_IS_OK(status)) { DEBUG(1, ("Failed to start GENSEC server code: %s\n", nt_errstr(status))); goto failed; -- cgit From 13dbee3ffea6065a826f010e50c9b4eb2c6ad109 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Tue, 7 Nov 2006 00:48:36 +0000 Subject: r19598: Ahead of a merge to current lorikeet-heimdal: Break up auth/auth.h not to include the world. Add credentials_krb5.h with the kerberos dependent prototypes. Andrew Bartlett (This used to be commit 2b569c42e0fbb596ea82484d0e1cb22e193037b9) --- source4/smb_server/smb/sesssetup.c | 2 ++ 1 file changed, 2 insertions(+) (limited to 'source4/smb_server/smb/sesssetup.c') diff --git a/source4/smb_server/smb/sesssetup.c b/source4/smb_server/smb/sesssetup.c index 25655fc14f..b6bddaa5b1 100644 --- a/source4/smb_server/smb/sesssetup.c +++ b/source4/smb_server/smb/sesssetup.c @@ -25,6 +25,8 @@ #include "includes.h" #include "version.h" +#include "auth/credentials/credentials.h" +#include "auth/gensec/gensec.h" #include "auth/auth.h" #include "smb_server/smb_server.h" #include "smbd/service_stream.h" -- cgit From a8716afce8819a6dd8e73b34c513f7f512b274d6 Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Sun, 20 May 2007 08:43:03 +0000 Subject: r23018: fixed a memory leak in our server side session setup code for failed session setups (This used to be commit a4e043e1f8f3cf1ab86e6dde501722b8050bbde4) --- source4/smb_server/smb/sesssetup.c | 16 ++++++++++++++-- 1 file changed, 14 insertions(+), 2 deletions(-) (limited to 'source4/smb_server/smb/sesssetup.c') diff --git a/source4/smb_server/smb/sesssetup.c b/source4/smb_server/smb/sesssetup.c index b6bddaa5b1..56d9e64e31 100644 --- a/source4/smb_server/smb/sesssetup.c +++ b/source4/smb_server/smb/sesssetup.c @@ -60,7 +60,7 @@ static void sesssetup_old_send(struct auth_check_password_request *areq, union smb_sesssetup *sess = talloc_get_type(req->io_ptr, union smb_sesssetup); struct auth_serversupplied_info *server_info = NULL; struct auth_session_info *session_info; - struct smbsrv_session *smb_sess; + struct smbsrv_session *smb_sess = NULL; NTSTATUS status; status = auth_check_password_recv(areq, req, &server_info); @@ -88,6 +88,10 @@ static void sesssetup_old_send(struct auth_check_password_request *areq, sess->old.out.vuid = smb_sess->vuid; failed: + if (!NT_STATUS_IS_OK(status)) { + talloc_free(smb_sess); + req->session = NULL; + } status = auth_nt_status_squash(status); smbsrv_sesssetup_backend_send(req, sess, status); } @@ -155,7 +159,7 @@ static void sesssetup_nt1_send(struct auth_check_password_request *areq, union smb_sesssetup *sess = talloc_get_type(req->io_ptr, union smb_sesssetup); struct auth_serversupplied_info *server_info = NULL; struct auth_session_info *session_info; - struct smbsrv_session *smb_sess; + struct smbsrv_session *smb_sess = NULL; NTSTATUS status; status = auth_check_password_recv(areq, req, &server_info); @@ -204,6 +208,10 @@ static void sesssetup_nt1_send(struct auth_check_password_request *areq, done: status = NT_STATUS_OK; failed: + if (!NT_STATUS_IS_OK(status)) { + talloc_free(smb_sess); + req->session = NULL; + } status = auth_nt_status_squash(status); smbsrv_sesssetup_backend_send(req, sess, status); } @@ -337,6 +345,10 @@ static void sesssetup_spnego_send(struct gensec_update_request *greq, void *priv done: sess->spnego.out.vuid = smb_sess->vuid; failed: + if (!NT_STATUS_IS_OK(status)) { + talloc_free(smb_sess); + req->session = NULL; + } status = auth_nt_status_squash(status); smbsrv_sesssetup_backend_send(req, sess, status); } -- cgit From b691b4ad3d5b2ac813355d81d4c90f84977689a3 Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Sun, 20 May 2007 08:57:01 +0000 Subject: r23019: revert r23018 - this will require more thought. (This used to be commit df60df9678e5c45fad6c7f7cb53ba8d0ce6b7cf0) --- source4/smb_server/smb/sesssetup.c | 16 ++-------------- 1 file changed, 2 insertions(+), 14 deletions(-) (limited to 'source4/smb_server/smb/sesssetup.c') diff --git a/source4/smb_server/smb/sesssetup.c b/source4/smb_server/smb/sesssetup.c index 56d9e64e31..b6bddaa5b1 100644 --- a/source4/smb_server/smb/sesssetup.c +++ b/source4/smb_server/smb/sesssetup.c @@ -60,7 +60,7 @@ static void sesssetup_old_send(struct auth_check_password_request *areq, union smb_sesssetup *sess = talloc_get_type(req->io_ptr, union smb_sesssetup); struct auth_serversupplied_info *server_info = NULL; struct auth_session_info *session_info; - struct smbsrv_session *smb_sess = NULL; + struct smbsrv_session *smb_sess; NTSTATUS status; status = auth_check_password_recv(areq, req, &server_info); @@ -88,10 +88,6 @@ static void sesssetup_old_send(struct auth_check_password_request *areq, sess->old.out.vuid = smb_sess->vuid; failed: - if (!NT_STATUS_IS_OK(status)) { - talloc_free(smb_sess); - req->session = NULL; - } status = auth_nt_status_squash(status); smbsrv_sesssetup_backend_send(req, sess, status); } @@ -159,7 +155,7 @@ static void sesssetup_nt1_send(struct auth_check_password_request *areq, union smb_sesssetup *sess = talloc_get_type(req->io_ptr, union smb_sesssetup); struct auth_serversupplied_info *server_info = NULL; struct auth_session_info *session_info; - struct smbsrv_session *smb_sess = NULL; + struct smbsrv_session *smb_sess; NTSTATUS status; status = auth_check_password_recv(areq, req, &server_info); @@ -208,10 +204,6 @@ static void sesssetup_nt1_send(struct auth_check_password_request *areq, done: status = NT_STATUS_OK; failed: - if (!NT_STATUS_IS_OK(status)) { - talloc_free(smb_sess); - req->session = NULL; - } status = auth_nt_status_squash(status); smbsrv_sesssetup_backend_send(req, sess, status); } @@ -345,10 +337,6 @@ static void sesssetup_spnego_send(struct gensec_update_request *greq, void *priv done: sess->spnego.out.vuid = smb_sess->vuid; failed: - if (!NT_STATUS_IS_OK(status)) { - talloc_free(smb_sess); - req->session = NULL; - } status = auth_nt_status_squash(status); smbsrv_sesssetup_backend_send(req, sess, status); } -- cgit From d3e28ccd4824adce2feed9fe53cf2d4d393d607a Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Sun, 20 May 2007 09:44:03 +0000 Subject: r23020: a better fix for the memory leak - this one doesn't stuff up spnego :) (This used to be commit 9a8da730a725fc9fc1a3e407273e688f44eadfe1) --- source4/smb_server/smb/sesssetup.c | 12 +++++++++--- 1 file changed, 9 insertions(+), 3 deletions(-) (limited to 'source4/smb_server/smb/sesssetup.c') diff --git a/source4/smb_server/smb/sesssetup.c b/source4/smb_server/smb/sesssetup.c index b6bddaa5b1..2e9403b10a 100644 --- a/source4/smb_server/smb/sesssetup.c +++ b/source4/smb_server/smb/sesssetup.c @@ -49,6 +49,8 @@ static void smbsrv_sesssetup_backend_send(struct smbsrv_request *req, { if (NT_STATUS_IS_OK(status)) { req->smb_conn->negotiate.done_sesssetup = True; + /* we need to keep the session long term */ + req->session = talloc_steal(req->smb_conn, req->session); } smbsrv_reply_sesssetup_send(req, sess, status); } @@ -71,7 +73,7 @@ static void sesssetup_old_send(struct auth_check_password_request *areq, if (!NT_STATUS_IS_OK(status)) goto failed; /* allocate a new session */ - smb_sess = smbsrv_session_new(req->smb_conn, NULL); + smb_sess = smbsrv_session_new(req->smb_conn, req, NULL); if (!smb_sess) { status = NT_STATUS_INSUFFICIENT_RESOURCES; goto failed; @@ -166,7 +168,7 @@ static void sesssetup_nt1_send(struct auth_check_password_request *areq, if (!NT_STATUS_IS_OK(status)) goto failed; /* allocate a new session */ - smb_sess = smbsrv_session_new(req->smb_conn, NULL); + smb_sess = smbsrv_session_new(req->smb_conn, req, NULL); if (!smb_sess) { status = NT_STATUS_INSUFFICIENT_RESOURCES; goto failed; @@ -339,6 +341,10 @@ done: failed: status = auth_nt_status_squash(status); smbsrv_sesssetup_backend_send(req, sess, status); + if (!NT_STATUS_IS_OK(status) && + !NT_STATUS_EQUAL(status, NT_STATUS_MORE_PROCESSING_REQUIRED)) { + talloc_free(smb_sess); + } } /* @@ -394,7 +400,7 @@ static void sesssetup_spnego(struct smbsrv_request *req, union smb_sesssetup *se } /* allocate a new session */ - smb_sess = smbsrv_session_new(req->smb_conn, gensec_ctx); + smb_sess = smbsrv_session_new(req->smb_conn, req->smb_conn, gensec_ctx); if (!smb_sess) { status = NT_STATUS_INSUFFICIENT_RESOURCES; goto failed; -- cgit From 222c6dd7818c729540079cc480ee56812681854e Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Tue, 3 Jul 2007 08:05:55 +0000 Subject: r23680: Make it easier to setup a domain member server - the 'server role' will now control the auth methods, but an override is still available, ex: auth methods:domain controller = Andrew Bartlett (This used to be commit b7e727186ed8eda6a68c873e089f655dc24fe8ae) --- source4/smb_server/smb/sesssetup.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source4/smb_server/smb/sesssetup.c') diff --git a/source4/smb_server/smb/sesssetup.c b/source4/smb_server/smb/sesssetup.c index 2e9403b10a..532869f862 100644 --- a/source4/smb_server/smb/sesssetup.c +++ b/source4/smb_server/smb/sesssetup.c @@ -243,7 +243,7 @@ static void sesssetup_nt1(struct smbsrv_request *req, union smb_sesssetup *sess) } /* TODO: should we use just "anonymous" here? */ - status = auth_context_create(req, lp_auth_methods(), + status = auth_context_create(req, req->smb_conn->connection->event.ctx, req->smb_conn->connection->msg_ctx, &auth_context); -- cgit From 0479a2f1cbae51fcd8dbdc3c148c808421fb4d25 Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Tue, 10 Jul 2007 02:07:03 +0000 Subject: r23792: convert Samba4 to GPLv3 There are still a few tidyups of old FSF addresses to come (in both s3 and s4). More commits soon. (This used to be commit fcf38a38ac691abd0fa51b89dc951a08e89fdafa) --- source4/smb_server/smb/sesssetup.c | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) (limited to 'source4/smb_server/smb/sesssetup.c') diff --git a/source4/smb_server/smb/sesssetup.c b/source4/smb_server/smb/sesssetup.c index 532869f862..6470060286 100644 --- a/source4/smb_server/smb/sesssetup.c +++ b/source4/smb_server/smb/sesssetup.c @@ -10,7 +10,7 @@ This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by - the Free Software Foundation; either version 2 of the License, or + the Free Software Foundation; either version 3 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, @@ -19,8 +19,7 @@ GNU General Public License for more details. You should have received a copy of the GNU General Public License - along with this program; if not, write to the Free Software - Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. + along with this program. If not, see . */ #include "includes.h" -- cgit From ffeee68e4b72dd94fee57366bd8d38b8c284c3d4 Mon Sep 17 00:00:00 2001 From: Jelmer Vernooij Date: Sat, 8 Sep 2007 12:42:09 +0000 Subject: r25026: Move param/param.h out of includes.h (This used to be commit abe8349f9b4387961ff3665d8c589d61cd2edf31) --- source4/smb_server/smb/sesssetup.c | 1 + 1 file changed, 1 insertion(+) (limited to 'source4/smb_server/smb/sesssetup.c') diff --git a/source4/smb_server/smb/sesssetup.c b/source4/smb_server/smb/sesssetup.c index 6470060286..b3664ab7fe 100644 --- a/source4/smb_server/smb/sesssetup.c +++ b/source4/smb_server/smb/sesssetup.c @@ -30,6 +30,7 @@ #include "smb_server/smb_server.h" #include "smbd/service_stream.h" #include "librpc/gen_ndr/nbt.h" +#include "param/param.h" /* setup the OS, Lanman and domain portions of a session setup reply -- cgit From 37d53832a4623653f706e77985a79d84bd7c6694 Mon Sep 17 00:00:00 2001 From: Jelmer Vernooij Date: Fri, 28 Sep 2007 01:17:46 +0000 Subject: r25398: Parse loadparm context to all lp_*() functions. (This used to be commit 3fcc960839c6e5ca4de2c3c042f12f369ac5f238) --- source4/smb_server/smb/sesssetup.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source4/smb_server/smb/sesssetup.c') diff --git a/source4/smb_server/smb/sesssetup.c b/source4/smb_server/smb/sesssetup.c index b3664ab7fe..29d14016e7 100644 --- a/source4/smb_server/smb/sesssetup.c +++ b/source4/smb_server/smb/sesssetup.c @@ -40,7 +40,7 @@ static void sesssetup_common_strings(struct smbsrv_request *req, { (*os) = talloc_asprintf(req, "Unix"); (*lanman) = talloc_asprintf(req, "Samba %s", SAMBA_VERSION_STRING); - (*domain) = talloc_asprintf(req, "%s", lp_workgroup()); + (*domain) = talloc_asprintf(req, "%s", lp_workgroup(global_loadparm)); } static void smbsrv_sesssetup_backend_send(struct smbsrv_request *req, -- cgit From 0c56f8dac31c51a42dedf2a1da9fd76896855b19 Mon Sep 17 00:00:00 2001 From: Jelmer Vernooij Date: Sat, 6 Oct 2007 22:10:49 +0000 Subject: r25551: Convert to standard bool type. (This used to be commit c9651e2c5c078edee7b91085e936a93625c8d708) --- source4/smb_server/smb/sesssetup.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) (limited to 'source4/smb_server/smb/sesssetup.c') diff --git a/source4/smb_server/smb/sesssetup.c b/source4/smb_server/smb/sesssetup.c index 29d14016e7..57e2f28b8a 100644 --- a/source4/smb_server/smb/sesssetup.c +++ b/source4/smb_server/smb/sesssetup.c @@ -48,7 +48,7 @@ static void smbsrv_sesssetup_backend_send(struct smbsrv_request *req, NTSTATUS status) { if (NT_STATUS_IS_OK(status)) { - req->smb_conn->negotiate.done_sesssetup = True; + req->smb_conn->negotiate.done_sesssetup = true; /* we need to keep the session long term */ req->session = talloc_steal(req->smb_conn, req->session); } @@ -129,7 +129,7 @@ static void sesssetup_old(struct smbsrv_request *req, union smb_sesssetup *sess) user_info = talloc(req, struct auth_usersupplied_info); if (!user_info) goto nomem; - user_info->mapped_state = False; + user_info->mapped_state = false; user_info->logon_parameters = 0; user_info->flags = 0; user_info->client.account_name = sess->old.in.user; @@ -266,7 +266,7 @@ static void sesssetup_nt1(struct smbsrv_request *req, union smb_sesssetup *sess) user_info = talloc(req, struct auth_usersupplied_info); if (!user_info) goto nomem; - user_info->mapped_state = False; + user_info->mapped_state = false; user_info->logon_parameters = 0; user_info->flags = 0; user_info->client.account_name = sess->nt1.in.user; -- cgit From 181aab56d528c3a270ff9f349c8e91ecb402142b Mon Sep 17 00:00:00 2001 From: Jelmer Vernooij Date: Sun, 2 Dec 2007 16:20:18 +0100 Subject: r26221: Add loadparm_context parameter to auth_context_create. (This used to be commit a9a9634df8f3137ecb308adb90a755f12af94972) --- source4/smb_server/smb/sesssetup.c | 1 + 1 file changed, 1 insertion(+) (limited to 'source4/smb_server/smb/sesssetup.c') diff --git a/source4/smb_server/smb/sesssetup.c b/source4/smb_server/smb/sesssetup.c index 57e2f28b8a..d96ebb6cce 100644 --- a/source4/smb_server/smb/sesssetup.c +++ b/source4/smb_server/smb/sesssetup.c @@ -246,6 +246,7 @@ static void sesssetup_nt1(struct smbsrv_request *req, union smb_sesssetup *sess) status = auth_context_create(req, req->smb_conn->connection->event.ctx, req->smb_conn->connection->msg_ctx, + global_loadparm, &auth_context); if (!NT_STATUS_IS_OK(status)) goto failed; } else { -- cgit From ecea5ce24553989103d4a06296b24f4d29f30a36 Mon Sep 17 00:00:00 2001 From: Jelmer Vernooij Date: Mon, 3 Dec 2007 17:41:50 +0100 Subject: r26260: Store loadparm context in gensec context. (This used to be commit b9e3a4862e267be39d603fed8207a237c3d72081) --- source4/smb_server/smb/sesssetup.c | 1 + 1 file changed, 1 insertion(+) (limited to 'source4/smb_server/smb/sesssetup.c') diff --git a/source4/smb_server/smb/sesssetup.c b/source4/smb_server/smb/sesssetup.c index d96ebb6cce..d78f4050cf 100644 --- a/source4/smb_server/smb/sesssetup.c +++ b/source4/smb_server/smb/sesssetup.c @@ -380,6 +380,7 @@ static void sesssetup_spnego(struct smbsrv_request *req, union smb_sesssetup *se status = gensec_server_start(req, req->smb_conn->connection->event.ctx, + global_loadparm, req->smb_conn->connection->msg_ctx, &gensec_ctx); if (!NT_STATUS_IS_OK(status)) { -- cgit From 1fbdd6ef1dfb8704de0524fc6f5c33e1418858cd Mon Sep 17 00:00:00 2001 From: Jelmer Vernooij Date: Mon, 3 Dec 2007 18:47:35 +0100 Subject: r26264: pass name resolve order explicitly, use torture context for settings in dssync tests. (This used to be commit c7eae1c7842f9ff8b70cce9e5d6f3ebbbe78e83b) --- source4/smb_server/smb/sesssetup.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'source4/smb_server/smb/sesssetup.c') diff --git a/source4/smb_server/smb/sesssetup.c b/source4/smb_server/smb/sesssetup.c index d78f4050cf..8cc16aaa68 100644 --- a/source4/smb_server/smb/sesssetup.c +++ b/source4/smb_server/smb/sesssetup.c @@ -69,7 +69,7 @@ static void sesssetup_old_send(struct auth_check_password_request *areq, if (!NT_STATUS_IS_OK(status)) goto failed; /* This references server_info into session_info */ - status = auth_generate_session_info(req, server_info, &session_info); + status = auth_generate_session_info(req, global_loadparm, server_info, &session_info); if (!NT_STATUS_IS_OK(status)) goto failed; /* allocate a new session */ @@ -164,7 +164,7 @@ static void sesssetup_nt1_send(struct auth_check_password_request *areq, if (!NT_STATUS_IS_OK(status)) goto failed; /* This references server_info into session_info */ - status = auth_generate_session_info(req, server_info, &session_info); + status = auth_generate_session_info(req, global_loadparm, server_info, &session_info); if (!NT_STATUS_IS_OK(status)) goto failed; /* allocate a new session */ -- cgit From b83a7a135f3247f553cb04173646b2d871b97235 Mon Sep 17 00:00:00 2001 From: Jelmer Vernooij Date: Mon, 3 Dec 2007 21:25:17 +0100 Subject: r26268: Avoid more use of global_loadparm - put lp_ctx in smb_server and wbsrv_connection. (This used to be commit 7c008664238ed966cb82adf5b25b22157bb50730) --- source4/smb_server/smb/sesssetup.c | 13 ++++++++----- 1 file changed, 8 insertions(+), 5 deletions(-) (limited to 'source4/smb_server/smb/sesssetup.c') diff --git a/source4/smb_server/smb/sesssetup.c b/source4/smb_server/smb/sesssetup.c index 8cc16aaa68..de2141b808 100644 --- a/source4/smb_server/smb/sesssetup.c +++ b/source4/smb_server/smb/sesssetup.c @@ -40,7 +40,8 @@ static void sesssetup_common_strings(struct smbsrv_request *req, { (*os) = talloc_asprintf(req, "Unix"); (*lanman) = talloc_asprintf(req, "Samba %s", SAMBA_VERSION_STRING); - (*domain) = talloc_asprintf(req, "%s", lp_workgroup(global_loadparm)); + (*domain) = talloc_asprintf(req, "%s", + lp_workgroup(req->smb_conn->lp_ctx)); } static void smbsrv_sesssetup_backend_send(struct smbsrv_request *req, @@ -69,7 +70,8 @@ static void sesssetup_old_send(struct auth_check_password_request *areq, if (!NT_STATUS_IS_OK(status)) goto failed; /* This references server_info into session_info */ - status = auth_generate_session_info(req, global_loadparm, server_info, &session_info); + status = auth_generate_session_info(req, req->smb_conn->lp_ctx, + server_info, &session_info); if (!NT_STATUS_IS_OK(status)) goto failed; /* allocate a new session */ @@ -164,7 +166,8 @@ static void sesssetup_nt1_send(struct auth_check_password_request *areq, if (!NT_STATUS_IS_OK(status)) goto failed; /* This references server_info into session_info */ - status = auth_generate_session_info(req, global_loadparm, server_info, &session_info); + status = auth_generate_session_info(req, req->smb_conn->lp_ctx, + server_info, &session_info); if (!NT_STATUS_IS_OK(status)) goto failed; /* allocate a new session */ @@ -246,7 +249,7 @@ static void sesssetup_nt1(struct smbsrv_request *req, union smb_sesssetup *sess) status = auth_context_create(req, req->smb_conn->connection->event.ctx, req->smb_conn->connection->msg_ctx, - global_loadparm, + req->smb_conn->lp_ctx, &auth_context); if (!NT_STATUS_IS_OK(status)) goto failed; } else { @@ -380,7 +383,7 @@ static void sesssetup_spnego(struct smbsrv_request *req, union smb_sesssetup *se status = gensec_server_start(req, req->smb_conn->connection->event.ctx, - global_loadparm, + req->smb_conn->lp_ctx, req->smb_conn->connection->msg_ctx, &gensec_ctx); if (!NT_STATUS_IS_OK(status)) { -- cgit From 21fc7673780aa1d7c0caab7b17ff9171238913ba Mon Sep 17 00:00:00 2001 From: Jelmer Vernooij Date: Thu, 17 Apr 2008 12:23:44 +0200 Subject: Specify event_context to ldb_wrap_connect explicitly. (This used to be commit b4e1ae07a284c044704322446c94351c2decff91) --- source4/smb_server/smb/sesssetup.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) (limited to 'source4/smb_server/smb/sesssetup.c') diff --git a/source4/smb_server/smb/sesssetup.c b/source4/smb_server/smb/sesssetup.c index de2141b808..2c4068bda5 100644 --- a/source4/smb_server/smb/sesssetup.c +++ b/source4/smb_server/smb/sesssetup.c @@ -70,7 +70,7 @@ static void sesssetup_old_send(struct auth_check_password_request *areq, if (!NT_STATUS_IS_OK(status)) goto failed; /* This references server_info into session_info */ - status = auth_generate_session_info(req, req->smb_conn->lp_ctx, + status = auth_generate_session_info(req, req->smb_conn->connection->event.ctx, req->smb_conn->lp_ctx, server_info, &session_info); if (!NT_STATUS_IS_OK(status)) goto failed; @@ -166,7 +166,8 @@ static void sesssetup_nt1_send(struct auth_check_password_request *areq, if (!NT_STATUS_IS_OK(status)) goto failed; /* This references server_info into session_info */ - status = auth_generate_session_info(req, req->smb_conn->lp_ctx, + status = auth_generate_session_info(req, req->smb_conn->connection->event.ctx, + req->smb_conn->lp_ctx, server_info, &session_info); if (!NT_STATUS_IS_OK(status)) goto failed; -- cgit From b7a1640b38e3f9bef6a031fd120fb0365801e531 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Fri, 5 Sep 2008 16:24:44 +1000 Subject: With a windows 2008 client, even anonymous requires signing... Andrew Bartlett (This used to be commit a89f9818180e8fb868975c444c4d0e5aaa8d4e79) --- source4/smb_server/smb/sesssetup.c | 6 ------ 1 file changed, 6 deletions(-) (limited to 'source4/smb_server/smb/sesssetup.c') diff --git a/source4/smb_server/smb/sesssetup.c b/source4/smb_server/smb/sesssetup.c index 2c4068bda5..9d0d1533ce 100644 --- a/source4/smb_server/smb/sesssetup.c +++ b/source4/smb_server/smb/sesssetup.c @@ -188,11 +188,6 @@ static void sesssetup_nt1_send(struct auth_check_password_request *areq, req->session = smb_sess; sess->nt1.out.vuid = smb_sess->vuid; - if (!session_info->server_info->authenticated) { - /* don't try signing as anonymous */ - goto done; - } - if (!smbsrv_setup_signing(req->smb_conn, &session_info->session_key, &sess->nt1.in.password2)) { /* Already signing, or disabled */ goto done; @@ -326,7 +321,6 @@ static void sesssetup_spnego_send(struct gensec_update_request *greq, void *priv skey_status = gensec_session_key(smb_sess->gensec_ctx, &session_key); if (NT_STATUS_IS_OK(skey_status) && - session_info->server_info->authenticated && smbsrv_setup_signing(req->smb_conn, &session_key, NULL)) { /* Force check of the request packet, now we know the session key */ smbsrv_signing_check_incoming(req); -- cgit From 059cd93497c4c81d6ab957144beb6ae58e1638dc Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Fri, 5 Sep 2008 16:45:10 +1000 Subject: Move our DC to implement mandetory signing. (this does not change the file server role, and only really changes what 'server signing = auto' means) Optional signing really isn't any benifit to network security. In doing so, allow anonymous clients (if permitted by policy) to log in without signing, as Samba3 does not sign these connections (which would use an all-zero key, so pointless). Andrew Bartlett (This used to be commit 468bf839c500ed1a26ab9a358ee64a4c0a695797) --- source4/smb_server/smb/sesssetup.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) (limited to 'source4/smb_server/smb/sesssetup.c') diff --git a/source4/smb_server/smb/sesssetup.c b/source4/smb_server/smb/sesssetup.c index 9d0d1533ce..f45cbf1756 100644 --- a/source4/smb_server/smb/sesssetup.c +++ b/source4/smb_server/smb/sesssetup.c @@ -200,7 +200,8 @@ static void sesssetup_nt1_send(struct auth_check_password_request *areq, /* Unfortunetly win2k3 as a client doesn't sign the request * packet here, so we have to force signing to start again */ - smbsrv_signing_restart(req->smb_conn, &session_info->session_key, &sess->nt1.in.password2); + smbsrv_signing_restart(req->smb_conn, &session_info->session_key, &sess->nt1.in.password2, + session_info->server_info->authenticated); done: status = NT_STATUS_OK; @@ -325,7 +326,8 @@ static void sesssetup_spnego_send(struct gensec_update_request *greq, void *priv /* Force check of the request packet, now we know the session key */ smbsrv_signing_check_incoming(req); - smbsrv_signing_restart(req->smb_conn, &session_key, NULL); + smbsrv_signing_restart(req->smb_conn, &session_key, NULL, + session_info->server_info->authenticated); } /* Ensure this is marked as a 'real' vuid, not one -- cgit