summaryrefslogtreecommitdiffstats
path: root/source3/smbd/sesssetup.c
Commit message (Collapse)AuthorAgeFilesLines
* r1370: BUG 1297 - prevent map_username() from being called twice during logonGerald Carter2007-10-101-0/+2
| | | | (This used to be commit e1364ff774b62f46c0f50864695da49972352126)
* r1122: As spotted by lha@stacken.kth.se we don't actually use this variable ↵Andrew Bartlett2007-10-101-2/+0
| | | | | | | any more. Andrew Bartlett (This used to be commit 9d5821d5ee5e9f666dfbe75419e97508af9cad5e)
* r786: Memory leak fixes in (mostly) error code paths fromJeremy Allison2007-10-101-1/+7
| | | | | | | kawasa_r@itg.hitachi.co.jp. A couple of mem leak fixes in mainline code paths though :-). Jeremy. (This used to be commit 4695cc95fe576b6da0d0cb0686f208fc306b2646)
* r69: Global rename of 'nt_session_key' -> 'user_session_key'. The session ↵Andrew Bartlett2007-10-101-2/+2
| | | | | | | | key could be anything, and may not be based on anything 'NT'. This is also what microsoft calls it. (This used to be commit 724e8d3f33719543146280062435c69a835c491e)
* r59: revert session key problemAndrew Tridgell2007-10-101-2/+2
| | | | (This used to be commit 40b5794ae0919c6c6f1b8a451871dcc95bbab5cc)
* r49: Support SMB signing on connections using only theAndrew Bartlett2007-10-101-8/+4
| | | | | | LANMAN password. This also corrects the 'session key' for these connections. (This used to be commit 26d8791ddedb7964c219067480cf4a7d61877765)
* Merge from HEAD the SMB signing patch that I developed a couple of weeksAndrew Bartlett2004-03-271-5/+6
| | | | | | | | | | | | | | ago. This patch re-adds support for 'optional' SMB signing. It also ensures that we are much more careful about when we enable signing, particularly with on-the-fly smb.conf reloads. The client code will now attempt to use smb signing by default, and disable it if the server doesn't correctly support it. Andrew Bartlett (This used to be commit e27b5cbe75d89ec839dafd52dd33101885a4c263)
* BUG 417: fix %UuGg variables expansion in include lines setging the ↵Gerald Carter2004-03-191-0/+9
| | | | | | current_user_info struct in register_vuid() -- shouldn't be any more broken than we were (This used to be commit a90c3bd281e7a62bb8482e42aa3b674eeeb5995a)
* BUG 1165, 1126: Fix bug with secondary groups (security = ads) and winbind ↵Gerald Carter2004-03-161-4/+8
| | | | | | use default domain = yes (This used to be commit f2eaa14b1eb7e89c945b2b06a48e17998c75d620)
* Patch by Luca Bolcioni <Luca.Bolcioni@yacme.com>. Ensure we alwaysAndrew Bartlett2004-01-261-0/+2
| | | | | | | | initialise the session key. Fixes segfaults with security=server, and encrypt passwords = no. Andrew Bartlett (This used to be commit 493ac5ce98fa3fcddb596139240dd762e70d4ac3)
* reply_spnego_kerberos did not set the domain of the user handed toVolker Lendecke2004-01-151-0/+7
| | | | | | | | | | | register_vuid correctly. We ended up with the local netbios name in substitutions for %D later. Volker P.S: Tridge, I can *really* see why you want to get rid of global variables :-) (This used to be commit 3d9931fe291559a907c3e172a66fbce1155497a3)
* Fix from Luke Howard <lukeh@PADL.COM> for incorrect early free().Jeremy Allison2004-01-071-5/+7
| | | | | Jeremy. (This used to be commit 8e20c06ed31d9ec10ff0155b1624eee3d60cd006)
* Commit the translation of the realm to the netbios domain name in the kerberosVolker Lendecke2004-01-041-3/+41
| | | | | | | | | | session setup. After talking to jht and abartlet I made this unconditional, no additional parameter. Jerry: This is a change in behaviour, but I think it is necessary. Volker (This used to be commit 3ce6c9f27368cfb278007fe660a0e44a84d67f8f)
* Fix for bug #815. Make plaintext unicode passwords work with NT4.xJeremy Allison2003-12-121-5/+11
| | | | | Jeremy. (This used to be commit ba0b5b8c9be9bfeba5e0b3f930ca0463d1e78c9c)
* fix %a variable for Windows 2003 -> Win2K3Gerald Carter2003-12-051-9/+39
| | | | (This used to be commit 2f43a1c166dfc8679a9d03bd0f3cf9303aafcf74)
* Subtract NT_STATUS from common flag, don't add it...Jeremy Allison2003-12-011-4/+4
| | | | | Jeremy. (This used to be commit 4e73faa7b4af7f73bdce9fcc2ee1825249dc7da7)
* Don't automatically set nt status code flag unless client tells us it canJeremy Allison2003-12-011-9/+19
| | | | | | cope. Jeremy. (This used to be commit 0d82ac57a59276adb403f8e023578c2d6d5136e4)
* Changes all over the shop, but all towards:Andrew Bartlett2003-11-221-11/+21
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | - NTLM2 support in the server - KEY_EXCH support in the server - variable length session keys. In detail: - NTLM2 is an extension of NTLMv1, that is compatible with existing domain controllers (unlike NTLMv2, which requires a DC upgrade). * This is known as 'NTLMv2 session security' * (This is not yet implemented on the RPC pipes however, so there may well still be issues for PDC setups, particuarly around password changes. We do not fully understand the sign/seal implications of NTLM2 on RPC pipes.) This requires modifications to our authentication subsystem, as we must handle the 'challege' input into the challenge-response algorithm being changed. This also needs to be turned off for 'security=server', which does not support this. - KEY_EXCH is another 'security' mechanism, whereby the session key actually used by the server is sent by the client, rather than being the shared-secret directly or indirectly. - As both these methods change the session key, the auth subsystem needed to be changed, to 'override' session keys provided by the backend. - There has also been a major overhaul of the NTLMSSP subsystem, to merge the 'client' and 'server' functions, so they both operate on a single structure. This should help the SPNEGO implementation. - The 'names blob' in NTLMSSP is always in unicode - never in ascii. Don't make an ascii version ever. - The other big change is to allow variable length session keys. We have always assumed that session keys are 16 bytes long - and padded to this length if shorter. However, Kerberos session keys are 8 bytes long, when the krb5 login uses DES. * This fix allows SMB signging on machines not yet running MIT KRB5 1.3.1. * - Add better DEBUG() messages to ntlm_auth, warning administrators of misconfigurations that prevent access to the privileged pipe. This should help reduce some of the 'it just doesn't work' issues. - Fix data_blob_talloc() to behave the same way data_blob() does when passed a NULL data pointer. (just allocate) REMEMBER to make clean after this commit - I have changed plenty of data structures... (This used to be commit f3bbc87b0dac63426cda6fac7a295d3aad810ecc)
* Put strcasecmp/strncasecmp on the banned list (except for needed callsJeremy Allison2003-10-221-1/+1
| | | | | | | in iconv.c and nsswitch/). Using them means you're not thinking about multibyte at all and I really want to discourage that. Jeremy. (This used to be commit d7e35dfb9283d560d0ed2ab231f36ed92767dace)
* more 2.2.x compatibility fixes - allow user looksup in the kerb5Gerald Carter2003-10-201-13/+10
| | | | | | | | sesssetup to fall back to 'user' instaed of failing is REA.LM\user doesn't exist. also fix include line in smb_acls.h as requested by metze (This used to be commit 62ed2598b3441b3c198872df8eb55e594332807b)
* Fix memleak.Volker Lendecke2003-08-251-1/+3
| | | | (This used to be commit afbf15f94189f50cd447d9bcdebbc4886800b05a)
* metze's autogenerate patch for version.hGerald Carter2003-08-201-1/+1
| | | | (This used to be commit ae452e51b02672a56adf18aa7a7e365eeaba9272)
* Win2k never returns 'no such user' here, so when we do it, the clients freakAndrew Bartlett2003-08-181-1/+1
| | | | | | | out. Return the standard 'logon failure' instead. Andrew Bartlett (This used to be commit a83506802fd331af78d2fd6e6a5cd507b5a40ca3)
* Fix memleaks.Volker Lendecke2003-08-151-0/+5
| | | | | | | | | | | | Currently I'm compiling against MIT Kerberos 1.2.8. Anthony, you said you have a heimdal installation available. Could you please compile this stuff with krb and check it with valgrind? Thanks, Volker (This used to be commit d8ab44685994b302bb46eed9001c72c194d13dc8)
* In ads_verify_realm, all we use in the ADS_STRUCT is theVolker Lendecke2003-08-141-15/+2
| | | | | | | | auth.realm. So directly pass that instead of setting up and tearing down the ADS_STRUCT. Volker (This used to be commit ce5b8d2ec20fe1f4d3d1956020d88272fb84124a)
* Update my copyrights according to my agreement with IBMJim McDonough2003-08-011-1/+1
| | | | (This used to be commit a2bd8f0bfa12f2a1e33c96bc9dabcc0e2171700d)
* only honor the first OID in the sessetup snego negotiate. DeviatesGerald Carter2003-07-311-4/+15
| | | | | | | | | | | | | | | from RFC but I'm smelling a client bug here. /* only look at the first OID for determining the mechToken -- accoirding to RFC2478, we should choose the one we want and renegotiate, but i smell a client bug here.. Problem observed when connecting to a member (samba box) of an AD domain as a user in a Samba domain. Samba member server sent back krb5/mskrb5/ntlmssp as mechtypes, but the client (2ksp3) replied with ntlmssp/mskrb5/krb5 and an NTLMSSP mechtoken. --jerry */ (This used to be commit 731420b03dbc15977822f74047e931dc62284fc0)
* Start the packet signing engine in the kerberos case in the same placeJeremy Allison2003-07-251-3/+8
| | | | | | as the ntlmssp case. Jeremy. (This used to be commit 79e0bf829875fc985f1940dc31ee418aad910ed6)
* More printf portability fixes. Got caught out by some gcc'isms lastTim Potter2003-07-251-1/+1
| | | | | time. )-: (This used to be commit 59dae1da66a5eb7e128263bd578f167d8746e9f0)
* More printf fixes - size_t is long on some architectures.Tim Potter2003-07-241-1/+1
| | | | (This used to be commit ba4d334b822248d8ab929c9568533431603d967e)
* Server side NTLM signing works - until the first async packet. Working on thisJeremy Allison2003-07-241-2/+8
| | | | | | next.... Jeremy. (This used to be commit eff74a1fcc597497a4c70589a44c1b70e93ab549)
* convert snprintf() calls using pstrings & fstringsGerald Carter2003-07-231-1/+1
| | | | | | | to pstr_sprintf() and fstr_sprintf() to try to standardize. lots of snprintf() calls were using len-1; some were using len. At least this helps to be consistent. (This used to be commit 9f835b85dd38cbe655eb19021ff763f31886ac00)
* Signing so far... the client code fails on a SMBtrans2 secondary transactionJeremy Allison2003-07-181-9/+26
| | | | | | | | I think (my changes haven't affected this I believe). Initial support on the server side for smbclient. Still doesn't work for w2k clients I think... Work in progress..... (don't change). Jeremy. (This used to be commit e5714edc233424c2f74edb6d658f32f8e0ec9275)
* Added the "required" keyword to the "client signing" parameter to force itJeremy Allison2003-07-151-12/+16
| | | | | | | on. Fail if missmatch. Small format tidyups in smbd/sesssetup.c. Preparing to add signing on server side. Jeremy. (This used to be commit c390b3e4cd68cfc233ddf14d139e25d40f050f27)
* It seems only NT4 does the VC == 0 session drop code.Jeremy Allison2003-05-281-1/+5
| | | | | Jeremy. (This used to be commit 30bbf4c8c4cbed0f7980237ea9b78baa785dec3d)
* Correct (?) handling for VC = 0. Trying to fix XP logoff leaving resourcesJeremy Allison2003-05-271-1/+18
| | | | | | around. Jeremy. (This used to be commit bf0916e1da442606311c74ac73ccec2e9710d663)
* volker's add_signature() fix; must pass the beginning on the outbuf to get ↵Gerald Carter2003-05-271-5/+5
| | | | | | the flags field (This used to be commit 48c8211084503172f053ad23b308901628f8a978)
* fix for UNICODE plaintext passwords (bug #59) and fix smbclient to send the ↵Gerald Carter2003-05-211-1/+4
| | | | | | unicode plain text password if negoitated (This used to be commit e7d635af80c844f17ff9f34c26c1e9c978951ce1)
* really make sure to include the version in the lanman string; tested spnego ↵Gerald Carter2003-05-201-8/+9
| | | | | | using smbclient (This used to be commit d7ca85613b6acf60e29cc118435db2c075995edb)
* spellingTim Potter2003-05-141-1/+1
| | | | (This used to be commit 865c11275685c85124b506c9bbd2a8bde2e760b9)
* Fix uninitialized blobs reported by Luke Howard.Jeremy Allison2003-05-011-0/+6
| | | | | Jeremy. (This used to be commit 8dcc00899977a126d5782e44bdae74175ecc0d93)
* add version back to lanman string in sessetup replyGerald Carter2003-04-291-1/+5
| | | | (This used to be commit dade462a168abe721c70022546109074961969b6)
* Merge comment with HEADAndrew Bartlett2003-04-221-3/+3
| | | | (This used to be commit 8f8d819d5814c2a538b5b906014ff0c354625450)
* Merge from HEAD - sync up SessionSetup code to HEAD, including Luke Howard'sAndrew Bartlett2003-03-171-27/+55
| | | | | | | session key and auth verifier patches. Andrew Bartlett (This used to be commit 3f9616a68a855acbae3f405c27ee2358fbe7ba2c)
* fix WinXP & Win2K3 remote_arch and check pointer in ntlmssp code before ↵Gerald Carter2003-03-141-19/+20
| | | | | | dereferencing (This used to be commit 7bc5fc729f67ae16e09ea67efa9e2b8e2ba41c8f)
* adding some initiaial code to sert %a to Win2K3 (using Native LanMan string ↵Gerald Carter2003-03-121-0/+2
| | | | | | from .NET RC2) (This used to be commit e074cab810f9299d0b27881cddf8a74f10fe233e)
* additional fix for CR 601Gerald Carter2003-02-271-0/+15
| | | | | | | | * distinguish WinXP from Win2k * add a 1/3 of a second delay in OpenPrinter in order to trigger a LAN/WAN optimization in 2k clients. (This used to be commit c7712fa054d21b4884a78b7ea6c0fb8b3d637c6b)
* Merge of server-side authentication changes to 3.0:Andrew Bartlett2003-02-241-35/+25
| | | | | | | | | | | | | | | | | | - user_ok() and user_in_group() now take a list of groups, instead of looking for the user in the members of all groups. - The 'server_info' returned from the authentication is now kept around - in future we won't copy the sesion key, username etc, we will just referece them directly. - rhosts upgraded to use the SAM if possible, otherwise fake up based on getpwnam(). - auth_util code to deal with groups upgraded to deal with non-winbind domain members again. Andrew Bartlett (This used to be commit 74b5436c75114170ce7c780c19226103d0df9060)
* check pointer before dereferencing itGerald Carter2003-02-071-1/+1
| | | | (This used to be commit 8712bd1f8eb5321278e7c57bfdc7bdddbdaf1424)
* Merge from HEAD:Andrew Bartlett2003-01-281-262/+109
| | | | | | | | | | | | | | | - NTLMSSP over SPENGO (sesssion-setup-and-x) cleanup and code refactor. - also consequential changes to the NTLMSSP and SPNEGO parsing functions - and the client code that uses the same functions - Add ntlm_auth, a NTLMSSP authentication interface for use by applications like Squid and Apache. - also consquential changes to use common code for base64 encode/decode. - Winbind changes to support ntlm_auth (I don't want this program to need to read smb.conf, instead getting all it's details over the pipe). - nmbd changes for fstrcat() instead of fstrcpy(). Andrew Bartlett (This used to be commit fbb46da79cf322570a7e3318100c304bbf33409e)
generated by cgit (git 2.34.1) at 2025-09-25 19:48:25 +0000