summaryrefslogtreecommitdiffstats
path: root/source3/smbd/negprot.c
Commit message (Collapse)AuthorAgeFilesLines
* s3:smbd: only pass smbXsrv_connection to fork_echo_handler()Stefan Metzmacher2014-09-191-1/+1
| | | | | | | We don't need smbd_server_connection there. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Michael Adam <obnox@samba.org>
* s3:smbd: use req->sconn in reply_negprot()Stefan Metzmacher2014-09-191-1/+1
| | | | | | | xconn->sconn will go away soon. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Michael Adam <obnox@samba.org>
* s3:smbd: pass smbXsrv_connection to get_challenge()Stefan Metzmacher2014-08-061-14/+10
| | | | | | Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Volker Lendecke <vl@samba.org> Reviewed-by: Michael Adam <obnox@samba.org>
* s3:smbd: pass smbXsrv_connection to negprot_spnego()Stefan Metzmacher2014-08-061-6/+5
| | | | | | Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Volker Lendecke <vl@samba.org> Reviewed-by: Michael Adam <obnox@samba.org>
* s3:smbd: move sconn->smb1.signing_state to xconn->smb1.signing_stateStefan Metzmacher2014-08-061-2/+2
| | | | | | | | This prepares the structures for multi-channel support. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Volker Lendecke <vl@samba.org> Reviewed-by: Michael Adam <obnox@samba.org>
* s3:smbd: move sconn->smb1.negprot.* to xconn->smb1.negprot.*Stefan Metzmacher2014-08-061-23/+29
| | | | | | | | This prepares the structures for multi-channel support. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Volker Lendecke <vl@samba.org> Reviewed-by: Michael Adam <obnox@samba.org>
* samba: Retain case sensitivity of cifs clientShirish Pargaonkar2014-08-011-1/+2
| | | | | | | | | | | | | | | | | | | | | | | | | When a client supports extended security but server does not, and that client, in Flags2 field of smb header indicates that - it supports extended security negotiation - it does not support security signatures - it does not require security signatures Samba server treats a client as a Vista client. That turns off case sensitivity and that is a problem for cifs vfs client. So include remote cifs client along with remote samba client to not do so otherwise. Bug: https://bugzilla.samba.org/show_bug.cgi?id=10755 Signed-off-by: Shirish Pargaonkar <spargaonkar@suse.com> Reviewed-by: Jeremy Allison <jra@samba.org> Reviewed-by: David Disseldorp <ddiss@samba.org> Autobuild-User(master): David Disseldorp <ddiss@samba.org> Autobuild-Date(master): Fri Aug 1 16:11:43 CEST 2014 on sn-devel-104
* s3:smbd: always allow SMB1 signing, but only announce it if configured.Stefan Metzmacher2014-04-161-3/+3
| | | | | | | | | | | Always allow the client to turn on SMB1 signing using FLAGS2_SMB_SECURITY_SIGNATURES_REQUIRED. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Autobuild-User(master): Stefan Metzmacher <metze@samba.org> Autobuild-Date(master): Wed Apr 16 10:07:56 CEST 2014 on sn-devel-104
* auth/gensec: remove tevent_context argument from gensec_update()Stefan Metzmacher2014-03-271-1/+1
| | | | | Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* lib/param: Normalise "read raw" and "write raw" parametersAndrew Bartlett2014-02-121-3/+13
| | | | | | | | | | | They have been changed to function like normal parameters, removing a special case in the loadparm system. Andrew Bartlett Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Garming Sam <garming@catalyst.net.nz> Reviewed-by: Michael Adam <obnox@samba.org>
* param: rename lp function and variable from "encrypted_passwords" to ↵Garming Sam2014-02-071-3/+3
| | | | | | | | "encrypt_passwords" Signed-off-by: Garming Sam <garming@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* param: rename lp function and variable from "srv_minprotocol" to ↵Garming Sam2014-02-071-1/+1
| | | | | | | | "server_min_protocol" Signed-off-by: Garming Sam <garming@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* param: rename lp function and variable from "srv_maxprotocol" to ↵Garming Sam2014-02-071-1/+1
| | | | | | | | "server_max_protocol" Signed-off-by: Garming Sam <garming@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* param: rename lp function and variable from "maxmux" to "max_mux"Garming Sam2014-02-071-3/+3
| | | | | | Signed-off-by: Garming Sam <garming@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* smbd: Fix async echo handler forking (Bug 10086)Volker Lendecke2013-08-141-3/+6
| | | | | | | | | | | If SMB3 is chosen via an SMB1 negprot, we forked the echo handler because set_Protocol is called later, after the full protocol negotiation is done. Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org Autobuild-User(master): Volker Lendecke <vl@samba.org> Autobuild-Date(master): Wed Aug 14 15:54:43 CEST 2013 on sn-devel-104
* s3:smbd: remove silly (SMB_OFF_T_BITS == 64) checksStefan Metzmacher2013-03-201-3/+2
| | | | | | | configure will abort if sizeof(off_t) is not 8. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* Correctly check for errors in strlower_m() returns.Jeremy Allison2012-08-091-1/+1
|
* param: Make the 'unicode' parameter commonAndrew Bartlett2012-07-241-1/+5
| | | | | | This parameter is most useful for interop testing, rather than production use. Andrew Bartlett
* s3-smbd: Remove unused branches in negprot since security=share was removedAndrew Bartlett2012-06-111-21/+8
|
* s3-smbd: Remove support for protocols before LANMAN1Andrew Bartlett2012-06-051-35/+0
| | | | | | | This falls out of the removal of security=share, because we now require that a session setup has been performed before (essentially) all other operations. Andrew Bartlett
* s3:smbd: introduce struct smbXsrv_connectionStefan Metzmacher2012-05-121-5/+6
| | | | | | | | | This will represent a transport connection for SMB 1 or 2 in the server. smbd_server_connection will slowly be moved to the SMB_VFS layer to satisfy the existing modules, but it will hopefully be protocol independend in future. metze
* lib/util: Remove obsolete sys_getpid() and sys_fork().Jelmer Vernooij2012-03-241-14/+14
| | | | | | | | | The performance of these is minimal (these days) and they can return invalid results when used as part of applications that do not use sys_fork(). Autobuild-User: Jelmer Vernooij <jelmer@samba.org> Autobuild-Date: Sat Mar 24 21:55:41 CET 2012 on sn-devel-104
* s3-auth: Follow auth_ntlmssp and use auth4_context for Session SetupAndrew Bartlett2012-03-081-1/+1
| | | | | | | | | | This patch ensures consistency in behaviour between NTLMSSP and NTLM session setup handlers. By calling the same layer that auth_ntlmssp calls, we can not only allow redirection of all authentication to the AD DC, we ensure that map to guest and username map handling is consistent, even in the file server alone. Andrew Bartlett
* s3-auth: Remove security=share (depricated since 3.6).Andrew Bartlett2012-03-041-1/+0
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This patch removes security=share, which Samba implemented by matching the per-share password provided by the client in the Tree Connect with a selection of usernames supplied by the client, the smb.conf or guessed from the environment. The rationale for the removal is that for the bulk of security=share users, we just we need a very simple way to run a 'trust the network' Samba server, where users mark shares as guest ok. This is still supported, and the smb.conf options are documented at https://wiki.samba.org/index.php/Public_Samba_Server At the same time, this closes the door on one of the most arcane areas of Samba authentication. Naturally, full user-name/password authentication remain available in security=user and above. This includes documentation updates for username and only user, which now only do a small amount of what they used to do. Andrew Bartlett -------------- / \ / REST \ / IN \ / PEACE \ / \ | SEC_SHARE | | security=share | | | | | | 5 March | | | | 2012 | *| * * * | * _________)/\\_//(\/(/\)/\//\/\///|_)_______
* s3-param: Align lp_{max,min}protocol with lib/param namesAndrew Bartlett2012-02-271-2/+2
| | | | | | | | | | This adds an alisas to ensure that both our loadparm systems know all the names. I would like to move to the 'server ..' name as canonical, and this will be raised on the list. Andrew Bartlett
* s3-smbd Remove unused code now we always have SPNEGO via gensecAndrew Bartlett2012-02-161-36/+4
| | | | | | | | This was previously needed because SPNEGO was only available in the AD DC. Andrew Bartlett Signed-off-by: Stefan Metzmacher <metze@samba.org>
* s3-auth Remove ntlmssp_wrap.h which is no longer requiredAndrew Bartlett2012-01-051-1/+0
| | | | Signed-off-by: Stefan Metzmacher <metze@samba.org>
* s3-auth use gensec directly rather than via auth_generic_stateAndrew Bartlett2012-01-051-5/+5
| | | | | | | | | This is possible because the s3 gensec modules are started as normal gensec modules, so we do not need a wrapper any more. Andrew Bartlett Signed-off-by: Stefan Metzmacher <metze@samba.org>
* s3-auth Add TALLOC_CTX * to auth_generic_prepare()Andrew Bartlett2012-01-051-1/+2
| | | | | | | | | This makes the long term owner of this memory more clear. So far only the clear cases have been moved from NULL however. Andrew Bartlett Signed-off-by: Stefan Metzmacher <metze@samba.org>
* s3-auth rename auth_ntlmssp_prepare() -> auth_generic_prepare()Andrew Bartlett2011-12-221-1/+1
| | | | | | | | | This function handles more than NTLMSSP now, at least when we are an AD DC and so changing the name may avoid some confusion in the future. Andrew Bartlett Signed-off-by: Stefan Metzmacher <metze@samba.org>
* s3-auth rename auth_ntlmssp_state -> auth_generic_stateAndrew Bartlett2011-12-221-1/+1
| | | | | | | | | This structure handles more than NTLMSSP now, at least when we are an AD DC and so changing the name may avoid some confusion in the future. Andrew Bartlett Signed-off-by: Stefan Metzmacher <metze@samba.org>
* s3:smbd: avoid using sconn_server_id()Stefan Metzmacher2011-12-161-1/+1
| | | | metze
* s3:smbd: pass smbd_server_connection and a snumused function pointer to ↵Stefan Metzmacher2011-12-151-2/+2
| | | | | | reload_services() metze
* s3:smbd: calculate the negprot signing flags from the signing_stateStefan Metzmacher2011-11-161-3/+10
| | | | | | | | | | | We should map from lp_server_signing() just once in srv_init_signing(). metze Signed-off-by: Günther Deschner <gd@samba.org> Autobuild-User: Günther Deschner <gd@samba.org> Autobuild-Date: Wed Nov 16 18:59:49 CET 2011 on sn-devel-104
* s3:smbd: also send the server name in the negprot responseStefan Metzmacher2011-11-041-0/+8
| | | | | | | | | This matches W2K (at least sp4) and higher. metze Autobuild-User: Stefan Metzmacher <metze@samba.org> Autobuild-Date: Fri Nov 4 15:50:06 CET 2011 on sn-devel-104
* s3:smbd: make use of SMB_SIGNING_* constantsStefan Metzmacher2011-11-031-4/+5
| | | | metze
* s3-ntlmssp Remove auth_ntlmssp_update wrapperAndrew Bartlett2011-10-211-2/+2
| | | | | | | | We now just call gensec_update directly. Andrew Bartlett Signed-off-by: Stefan Metzmacher <metze@samba.org>
* s3:smbd: make use of better SMB signing negotiationStefan Metzmacher2011-09-141-1/+0
| | | | | | | metze Autobuild-User: Stefan Metzmacher <metze@samba.org> Autobuild-Date: Wed Sep 14 09:41:02 CEST 2011 on sn-devel-104
* libcli/smb: s/FLAGS2_UNKNOWN_BIT4/FLAGS2_SMB_SECURITY_SIGNATURES_REQUIREDStefan Metzmacher2011-09-101-1/+1
| | | | | | | metze Autobuild-User: Stefan Metzmacher <metze@samba.org> Autobuild-Date: Sat Sep 10 00:34:50 CEST 2011 on sn-devel-104
* s3:smb2_server: add basic support for SMB 2.1Stefan Metzmacher2011-09-051-0/+1
| | | | | | | | | | | | | | This adds support for the 2 stage negprot, from SMB 1 to SMB 2.1. Support for this of for now and "max protocol = SMB2" still maps to "max protocol = SMB2_02" PROTOCOL_SMB2_02. In order to activate smb2.1, you need to use "max protocol = SMB2_10". metze Autobuild-User: Stefan Metzmacher <metze@samba.org> Autobuild-Date: Mon Sep 5 19:30:58 CEST 2011 on sn-devel-104
* s3:smbd: make use of PROTOCOL_SMB2_02Stefan Metzmacher2011-09-051-1/+1
| | | | metze
* s3: Fix bug 8334, do not fork the echo handler for smb2Volker Lendecke2011-08-311-1/+2
| | | | | | | | | | | | | | | | | | | If a smb1 negprot negotiated smb2 we forked the echo responder. This will eventually lead to a panic from [2011/08/30 10:33:29.212578, 0, pid=3846917] smbd/smb2_server.c:243(smbd_smb2_request_create) Invalid SMB packet: first request: 0x0009 because from the echo responder we always read using the normal smb1 protocol handling routine. If that is a bit down the smb2 stream, we get a non-negprot packet and panic. BTW, the echo responder is not required for smb2 anyway, Microsoft confirmed that it probes the server liveness using TCP keepalives and not smb2 echo requests. Autobuild-User: Volker Lendecke <vlendec@samba.org> Autobuild-Date: Wed Aug 31 17:58:48 CEST 2011 on sn-devel-104
* s3-auth use auth_generic_start to get full GENSEC in Samba3 session setupAndrew Bartlett2011-08-031-1/+27
| | | | | | | | | | This tests if the auth_generic_start() hook is available on the auth context during the negprot, and if so it uses auth_generic_start() to hook to GENSEC to handle the full SPNEGO blob. Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org>
* s3:smbd: use PROTOCOL_SMB2_02 instead PROTOCOL_SMB2Stefan Metzmacher2011-07-121-1/+1
| | | | metze
* s3-param Remove special case for global_myname(), rename to lp_netbios_name()Andrew Bartlett2011-06-091-2/+2
| | | | | | | | There is no reason this can't be a normal constant string in the loadparm system, now that we have lp_set_cmdline() to handle overrides correctly. Andrew Bartlett
* s3-talloc Change TALLOC_REALLOC_ARRAY() to talloc_realloc()Andrew Bartlett2011-06-091-1/+1
| | | | | | | Using the standard macro makes it easier to move code into common, as TALLOC_REALLOC_ARRAY isn't standard talloc. Andrew Bartlett
* s3: Fork the echo handler only after SMB1 negprot is doneVolker Lendecke2011-05-201-0/+5
| | | | | | | | This enables activating the echo responder also if SMB2 is enabled, albeit it will only be used for SMB1 at this moment. Autobuild-User: Volker Lendecke <vlendec@samba.org> Autobuild-Date: Fri May 20 15:06:03 CEST 2011 on sn-devel-104
* BUGFIX when converting from safe_strcpy to strlcpy.Jeremy Allison2011-05-041-1/+5
| | | | | We must have a blob legth > 0 in order to safely copy the (possibly) 16 bytes + 1 byte zero character safely.
* s3: only include smb profiling where needed.Günther Deschner2011-04-141-0/+1
| | | | | | | Guenther Autobuild-User: Günther Deschner <gd@samba.org> Autobuild-Date: Thu Apr 14 01:31:39 CEST 2011 on sn-devel-104
* s3-messages: only include messages.h where needed.Günther Deschner2011-03-301-0/+1
| | | | Guenther
generated by cgit (git 2.34.1) at 2025-09-25 23:35:19 +0000