summaryrefslogtreecommitdiffstats
path: root/source3/smbd/sesssetup.c
Commit message (Collapse)AuthorAgeFilesLines
* s3:smbd: use req->sconn in sesssetup.cStefan Metzmacher2014-09-191-2/+2
| | | | | | | xconn->sconn will go away soon. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Michael Adam <obnox@samba.org>
* s3:smbd: remember the time of the session setup auth_timeStefan Metzmacher2014-08-061-0/+3
| | | | | | | | This is the time of the last reauth. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Volker Lendecke <vl@samba.org> Reviewed-by: Michael Adam <obnox@samba.org>
* s3:smbd: use req->xconn in sesssetup.cStefan Metzmacher2014-08-061-8/+8
| | | | | | Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Volker Lendecke <vl@samba.org> Reviewed-by: Michael Adam <obnox@samba.org>
* s3:smbd: move sconn->smb1.signing_state to xconn->smb1.signing_stateStefan Metzmacher2014-08-061-5/+5
| | | | | | | | This prepares the structures for multi-channel support. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Volker Lendecke <vl@samba.org> Reviewed-by: Michael Adam <obnox@samba.org>
* s3:smbd: move sconn->smb1.sessions.* to xconn->smb1.sessions.*Stefan Metzmacher2014-08-061-8/+9
| | | | | | | | This prepares the structures for multi-channel support. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Volker Lendecke <vl@samba.org> Reviewed-by: Michael Adam <obnox@samba.org>
* s3:smbd: move sconn->smb1.negprot.* to xconn->smb1.negprot.*Stefan Metzmacher2014-08-061-6/+5
| | | | | | | | This prepares the structures for multi-channel support. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Volker Lendecke <vl@samba.org> Reviewed-by: Michael Adam <obnox@samba.org>
* s3-auth: Finally change make_user_info_*() use a parent talloc contextAndrew Bartlett2014-04-021-8/+10
| | | | | | Change-Id: Iedf516e8c24e0d18064aeedd8e287ed692d3c5b4 Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: David Disseldorp <ddiss@samba.org>
* s3:smbd: let srvstr_pull_req_talloc() take 'const uint8_t *src'Stefan Metzmacher2014-04-021-5/+4
| | | | | | | | | | This is the correct thing to do the smb request buffer contains just bytes (uint8_t). It also avoids strange casting in the callers. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* auth/gensec: remove tevent_context argument from gensec_update()Stefan Metzmacher2014-03-271-1/+1
| | | | | Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* s3:smbd: reject a MaxBufferSize < SMB_BUFFER_SIZE_MIN (500) in a session ↵Stefan Metzmacher2014-03-051-6/+13
| | | | | | | | | | setup request This makes sure sconn->smb1.sessions.max_send is always >= SMB_BUFFER_SIZE_MIN. Bug: https://bugzilla.samba.org/show_bug.cgi?id=10422 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* s3: set native os according to Windows and NBT_ANNOUNCE_VERSION definesBjörn Jacke2014-01-141-1/+5
| | | | | | | | | | | | | | When the native os in sessionsetup is "Unix" then broken Konica Minolta printers refuse to talk to those CIFS servers. Other CIFS servers also announce themselves with native os Windows. Let's do the same to improve interoperability with broken devices like those printers from Konica Minolta. Thanks to Daniel Hoffmann for finding and reporting this Konika printer brokenness. https://bugzilla.samba.org/show_bug.cgi?id=10168 Signed-off-by: Bjoern Jacke <bj@sernet.de> Reviewed-by: Jeremy Allison <jra@samba.org>
* s3:smbd: keep global_client_caps and max_send from the first successful ↵Stefan Metzmacher2013-03-201-4/+10
| | | | | | | session setup Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* s3:smbd:setup_new_vc_session: traverse sessions instead of connections to ↵Gregor Beck2012-10-191-10/+17
| | | | | | | shutdown other smbds Signed-off-by: Stefan Metzmacher <metze@samba.org> Signed-off-by: Michael Adam <obnox@samba.org>
* s3:smbd: initialize session->global before calling session_claimGregor Beck2012-10-191-20/+20
| | | | | Signed-off-by: Stefan Metzmacher <metze@samba.org> Signed-off-by: Michael Adam <obnox@samba.org>
* s3:smbd: remove smbd_server_connection argument from session_claim()Gregor Beck2012-10-191-2/+2
| | | | | | | retrieve the server connection from the smbXsrv_session argument instead. Signed-off-by: Stefan Metzmacher <metze@samba.org> Signed-off-by: Michael Adam <obnox@samba.org>
* s3:smbd: pass smbXsrv_session instead of user_struct to session_claim() and ↵Gregor Beck2012-10-191-2/+2
| | | | | | | session_yield() Signed-off-by: Stefan Metzmacher <metze@samba.org> Signed-off-by: Michael Adam <obnox@samba.org>
* s3:smbd: remove unused variable in sesssetup.cStefan Metzmacher2012-08-051-1/+0
| | | | | | | metze Autobuild-User(master): Stefan Metzmacher <metze@samba.org> Autobuild-Date(master): Sun Aug 5 23:09:06 CEST 2012 on sn-devel-104
* s3:smbd: setup the application session key with the first tcon on a sessionStefan Metzmacher2012-08-041-30/+2
| | | | | | | | | Look for Server.Session.SessionKeyState in [MS-SMB]. The first SMBtconX sets the state to available, which makes it possible to protect the session key at that stage, if client and server support TREE_CONNECT_ANDX_EXTENDED_SIGNATURE. metze
* s3:smbd: setup session->global->signing_/application_key during SPNEGO SMB1 ↵Stefan Metzmacher2012-08-041-2/+57
| | | | | | | | | session setups metze Autobuild-User(master): Stefan Metzmacher <metze@samba.org> Autobuild-Date(master): Sat Aug 4 11:09:42 CEST 2012 on sn-devel-104
* s3:smbd: setup session->global->signing_/application_key during old SMB1 ↵Stefan Metzmacher2012-08-041-2/+60
| | | | | | session setups metze
* s3:smbd: keep the "application session key" during SMB1 reauthStefan Metzmacher2012-08-041-2/+12
| | | | metze
* s3:smbd/sesssetup: implement dynamic re-authentication and expire session if ↵Stefan Metzmacher2012-06-251-4/+78
| | | | | | client supports it metze
* s3:smbd: make use of smbXsrv_session for smb1Stefan Metzmacher2012-06-251-58/+167
| | | | | | Pair-Programmed-With: Michael Adam <obnox@samba.org> metze
* s3:util: rename procid_equal() to serverid_equal()Michael Adam2012-06-211-1/+1
| | | | Signed-off-by: Stefan Metzmacher <metze@samba.org>
* s3: Remove a user of procid_is_meVolker Lendecke2012-06-211-1/+2
| | | | | Signed-off-by: Michael Adam <obnox@samba.org> Signed-off-by: Stefan Metzmacher <metze@samba.org>
* s3:smbd: change user_struct->vuid to uint64_tStefan Metzmacher2012-06-061-3/+3
| | | | | | | | | | Only sconn->smb1.sessions.next_vuid remains as uint16_t, so that we do not generate larger values yet. metze Autobuild-User: Stefan Metzmacher <metze@samba.org> Autobuild-Date: Wed Jun 6 12:07:33 CEST 2012 on sn-devel-104
* s3:smbd: use 'struct user_struct' instead of typedef'ed 'user_struct'Stefan Metzmacher2012-06-061-1/+1
| | | | metze
* s3:lib: split things into a conn_tdb.hStefan Metzmacher2012-06-051-0/+1
| | | | | | | metze Autobuild-User: Stefan Metzmacher <metze@samba.org> Autobuild-Date: Tue Jun 5 19:28:35 CEST 2012 on sn-devel-104
* s3:smbd: allow creating new spnego sessions only with a 0 vuidStefan Metzmacher2012-05-181-0/+5
| | | | | | Found by the raw.context test. metze
* s3:smbd/sesssetup: use a helper variable 'action' to mark guest accessStefan Metzmacher2012-04-161-1/+3
| | | | metze
* s3: Remove chain_replyVolker Lendecke2012-03-101-2/+0
| | | | <insert your favourite tombstone ascii art here>
* s3: Make sure the andX chains are ended correctlyVolker Lendecke2012-03-101-0/+3
| | | | Normally chain_reply took care of this. This will go away soon.
* s3-auth: Follow auth_ntlmssp and use auth4_context for Session SetupAndrew Bartlett2012-03-081-43/+20
| | | | | | | | | | This patch ensures consistency in behaviour between NTLMSSP and NTLM session setup handlers. By calling the same layer that auth_ntlmssp calls, we can not only allow redirection of all authentication to the AD DC, we ensure that map to guest and username map handling is consistent, even in the file server alone. Andrew Bartlett
* s3-auth: Remove security=share (depricated since 3.6).Andrew Bartlett2012-03-041-55/+25
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This patch removes security=share, which Samba implemented by matching the per-share password provided by the client in the Tree Connect with a selection of usernames supplied by the client, the smb.conf or guessed from the environment. The rationale for the removal is that for the bulk of security=share users, we just we need a very simple way to run a 'trust the network' Samba server, where users mark shares as guest ok. This is still supported, and the smb.conf options are documented at https://wiki.samba.org/index.php/Public_Samba_Server At the same time, this closes the door on one of the most arcane areas of Samba authentication. Naturally, full user-name/password authentication remain available in security=user and above. This includes documentation updates for username and only user, which now only do a small amount of what they used to do. Andrew Bartlett -------------- / \ / REST \ / IN \ / PEACE \ / \ | SEC_SHARE | | security=share | | | | | | 5 March | | | | 2012 | *| * * * | * _________)/\\_//(\/(/\)/\//\/\///|_)_______
* s3-auth: Add extra error messages on authentication or authorization failureAndrew Bartlett2012-02-171-0/+3
| | | | Signed-off-by: Stefan Metzmacher <metze@samba.org>
* s3-smbd Remove unused code now we always have SPNEGO via gensecAndrew Bartlett2012-02-161-5/+2
| | | | | | | | This was previously needed because SPNEGO was only available in the AD DC. Andrew Bartlett Signed-off-by: Stefan Metzmacher <metze@samba.org>
* s3:smbd: inline code in reply_sesssetup_and_X_spnego()Stefan Metzmacher2012-01-311-102/+71
| | | | | | | | | This makes the logic much easier to follow. metze Autobuild-User: Stefan Metzmacher <metze@samba.org> Autobuild-Date: Tue Jan 31 21:52:45 CET 2012 on sn-devel-104
* s3:smbd: the spnego session setup don't need to copy the in blobStefan Metzmacher2012-01-311-10/+5
| | | | metze
* s3:smbd: rework reply_spnego_ntlmssp to reply_spnego_genericStefan Metzmacher2012-01-311-27/+5
| | | | | | This removes the unused spnego_gen_auth_response() wrapping. metze
* s3:smbd: remove unused code from sesssetup.cStefan Metzmacher2012-01-311-545/+0
| | | | metze
* s3:smbd: remove pending_auth_data logicStefan Metzmacher2012-01-311-267/+0
| | | | | | This is handled by the gensec_spnego module. metze
* s3:smbd: always use the gensec code path in sesssetup.cStefan Metzmacher2012-01-311-67/+32
| | | | | | | The other code pathes are unused, because we always have the spnego gensec module. metze
* s3:smbd: explicitly ask for GENSEC_FEATURE_UNIX_TOKENStefan Metzmacher2012-01-121-0/+3
| | | | | | | metze Autobuild-User: Stefan Metzmacher <metze@samba.org> Autobuild-Date: Thu Jan 12 11:22:53 CET 2012 on sn-devel-104
* s3-auth Remove ntlmssp_wrap.h which is no longer requiredAndrew Bartlett2012-01-051-1/+0
| | | | Signed-off-by: Stefan Metzmacher <metze@samba.org>
* s3-auth use gensec directly rather than via auth_generic_stateAndrew Bartlett2012-01-051-27/+27
| | | | | | | | | This is possible because the s3 gensec modules are started as normal gensec modules, so we do not need a wrapper any more. Andrew Bartlett Signed-off-by: Stefan Metzmacher <metze@samba.org>
* s3-auth Add TALLOC_CTX * to auth_generic_prepare()Andrew Bartlett2012-01-051-3/+3
| | | | | | | | | This makes the long term owner of this memory more clear. So far only the clear cases have been moved from NULL however. Andrew Bartlett Signed-off-by: Stefan Metzmacher <metze@samba.org>
* s3-auth remove auth_ntlmssp_start(), call auth_generic_start() directlyAndrew Bartlett2011-12-221-3/+3
| | | | | | | | This makes it clear that this can support more than just NTLMSSP. Andrew Bartlett Signed-off-by: Stefan Metzmacher <metze@samba.org>
* s3-auth rename auth_ntlmssp_prepare() -> auth_generic_prepare()Andrew Bartlett2011-12-221-3/+3
| | | | | | | | | This function handles more than NTLMSSP now, at least when we are an AD DC and so changing the name may avoid some confusion in the future. Andrew Bartlett Signed-off-by: Stefan Metzmacher <metze@samba.org>
* s3-auth rename auth_ntlmssp_state -> auth_generic_stateAndrew Bartlett2011-12-221-3/+3
| | | | | | | | | This structure handles more than NTLMSSP now, at least when we are an AD DC and so changing the name may avoid some confusion in the future. Andrew Bartlett Signed-off-by: Stefan Metzmacher <metze@samba.org>
* s3:smbd: pass smbd_server_connection and a snumused function pointer to ↵Stefan Metzmacher2011-12-151-5/+5
| | | | | | reload_services() metze
generated by cgit (git 2.34.1) at 2025-09-25 22:17:13 +0000