summaryrefslogtreecommitdiffstats
path: root/source3/smbd/smb2_sesssetup.c
Commit message (Collapse)AuthorAgeFilesLines
* ntlmssp: Add ntlmssp_blob_matches_magic()Andrew Bartlett2011-08-031-1/+1
| | | | | | | | | This avoids having the same check in 3 different parts of the code Andrew Bartlett Autobuild-User: Andrew Bartlett <abartlet@samba.org> Autobuild-Date: Wed Aug 3 12:45:04 CEST 2011 on sn-devel-104
* s3-auth rename auth_ntlmssp_steal_session_info()Andrew Bartlett2011-08-031-6/+6
| | | | | | | | There is no longer any theft of memory as the underlying routines now produce a new auth_session_info for this caller, allocating it on the supplied memory context. Andrew Bartlett
* s3-auth use auth_generic_start to get full GENSEC in Samba3 session setupAndrew Bartlett2011-08-031-7/+18
| | | | | | | | | | This tests if the auth_generic_start() hook is available on the auth context during the negprot, and if so it uses auth_generic_start() to hook to GENSEC to handle the full SPNEGO blob. Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org>
* s3-smbd Ensure we do not read past the end of a possible NTLMSSP blobAndrew Bartlett2011-08-031-1/+1
| | | | Signed-off-by: Andrew Tridgell <tridge@samba.org>
* s3-auth set session_info->sanitized_username in create_local_token()Andrew Bartlett2011-08-031-16/+0
| | | | | | | | | | | Rather than passing this value around the callers, and eventually setting it in register_existing_vuid(), we simply pass it to create_local_token(). This also removes the need for auth_ntlmssp_get_username(). Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org>
* s3-ntlmssp Split auth_ntlmssp_start into two functionsAndrew Bartlett2011-08-031-3/+25
| | | | | | | | | This helps map on to the GENSEC semantics better, and ensures that the full set of desired features are set before the mechanism starts. Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org>
* s3-ntlmssp Remove calls to auth_ntlmssp_and_flags from the serverAndrew Bartlett2011-08-031-0/+2
| | | | | | | | | | | | This is changed so that the callers ask for the additional flags that they need, starting with no additional flags. This helps to create a proper abstraction layer in ntlmssp_wrap/auth_ntlmssp. Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org>
* s3-ntlmssp Add mem_ctx argument to auth_ntlmssp_updateAndrew Bartlett2011-08-031-15/+4
| | | | | | | | This clarifies the lifetime of the returned token. Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org>
* s3-auth Move map to guest to directly after the check_password callsAndrew Bartlett2011-08-031-26/+9
| | | | | | | | | This means we no longer need two different map to guest functions and have consistent logic with fewer layering violations. Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org>
* s3-auth Remove seperate guest booleanAndrew Bartlett2011-07-201-4/+5
| | | | | | | | | | Instead, we base our guest calculations on the presence or absense of the authenticated users group in the token, ensuring that we have only one canonical source of this important piece of authorization data Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org>
* s3-auth Use guest boolean in auth_user_info_unixAndrew Bartlett2011-07-201-4/+4
| | | | Signed-off-by: Andrew Tridgell <tridge@samba.org>
* s3-auth Use struct auth_user_info_unix for unix_name and sanitized_usernameAndrew Bartlett2011-07-201-4/+4
| | | | | | | | This is closer to the layout of struct auth_session_info in auth.idl Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org>
* Move smbd_smb2_request_check_tcon() smbd_smb2_request_check_session() next ↵Jeremy Allison2011-07-081-58/+0
| | | | | | | to their only user and make them static. Add comments. Autobuild-User: Jeremy Allison <jra@samba.org> Autobuild-Date: Fri Jul 8 21:01:40 CEST 2011 on sn-devel-104
* s3-smbd: Replace client_id in smbd session setup.Andreas Schneider2011-07-041-1/+2
| | | | Signed-off-by: Andrew Bartlett <abartlet@samba.org>
* s3-auth: Added remote_address to ntlmssp server.Andreas Schneider2011-07-041-3/+6
| | | | Signed-off-by: Andrew Bartlett <abartlet@samba.org>
* More simple const fixes.Jeremy Allison2011-05-051-1/+1
|
* s3-auth Rename user_session_key -> session_key to match auth_session_infoAndrew Bartlett2011-04-051-2/+2
|
* s3-auth use create_local_token() to transform server_info -> session_infoAndrew Bartlett2011-04-051-17/+6
| | | | | | | | | | | | | | | | | | Before a auth_serversupplied_info struct can be used for authorization, the local groups and privileges must be calculated. create_local_token() now copies the server_info, and then sets the calulated token and unix groups. Soon, it will also transform the result into an expanded struct auth_session_info. Until then, the variable name (server_info vs session_info provides a clue to the developer about what information has been entered in the structure). By moving the calls to create_local_token within the codebase, we remove duplication, and ensure that the session key (where modified) is consistently copied into the new structure. Andrew Bartlett
* s3-auth consolidate create_local_token() into make_server_info_krb5()Andrew Bartlett2011-04-041-18/+4
| | | | | | | This ensures that all callers don't need to each add builtin groups and privileges to the user's token Andrew Bartlett
* s3-auth: smbd needs auth.hGünther Deschner2011-03-301-0/+1
| | | | Guenther
* s3: include smbd/smbd.h where needed.Günther Deschner2011-03-301-0/+1
| | | | Guenther
* s3-build: only include asn1 headers where actually needed.Günther Deschner2011-03-161-0/+1
| | | | Guenther
* s3-auth Rename auth_serversupplied_info varaiables: server_info -> session_infoAndrew Bartlett2011-02-221-34/+34
| | | | | | | | | | | | | | | | | | | | | These variables, of type struct auth_serversupplied_info were poorly named when added into 2001, and in good consistant practice, this has extended all over the codebase in the years since. The structure is also not ideal for it's current purpose. Originally intended to convey the results of the authentication modules, it really describes all the essential attributes of a session. This rename will reduce the volume of a future patch to replaced these with a struct auth_session_info, with auth_serversupplied_info confined to the lower levels of the auth subsystem, and then eliminated. (The new structure will be the output of create_local_token(), and the change in struct definition will ensure that this is always run, populating local groups and privileges). Andrew Bartlett Signed-off-by: Stefan Metzmacher <metze@samba.org>
* s3-auth Rename cryptic 'ptok' to security_tokenAndrew Bartlett2011-02-101-1/+1
| | | | | | | | | This will allow the auth_serversupplied_info struct to be migrated to auth_session_info easier. Adnrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org>
* s3-smbd: use make_server_info_krb5() in smb2 too.Simo Sorce2010-08-301-75/+8
| | | | Signed-off-by: Günther Deschner <gd@samba.org>
* s3-smbd: User helper function to resolve kerberos user for smb2Simo Sorce2010-08-301-125/+30
| | | | Signed-off-by: Günther Deschner <gd@samba.org>
* s3: Pass the rhost through smb_pam_accountcheckVolker Lendecke2010-08-221-1/+2
|
* s3: Lift smbd_server_fd from reload_services()Volker Lendecke2010-08-181-1/+1
|
* s3: Remove smbd_server_fd() from session_claimVolker Lendecke2010-08-171-4/+2
|
* Fix bug #7608 - Win7 SMB2 authentication causes smbd panicJeremy Allison2010-08-091-2/+4
| | | | | | | | We need to call setup_ntlmssp_server_info() if status==NT_STATUS_OK, or if status is anything except NT_STATUS_MORE_PROCESSING_REQUIRED, as this can trigger map to guest. Jeremy.
* s3: Lift the smbd_messaging_context from reload_servicesVolker Lendecke2010-08-081-1/+1
|
* s3-krb5: include krb5pac.h where needed.Günther Deschner2010-08-061-0/+1
| | | | Guenther
* s3: avoid global include of ads.h.Günther Deschner2010-08-051-0/+1
| | | | Guenther
* Add approriate TALLOC_CTX's thoughout the spnego code. No more implicit NULL ↵Jeremy Allison2010-07-201-17/+11
| | | | | | contexts. Jeremy.
* Add TALLOC_CTX argument to spnego_parse_negTokenInit, reduceJeremy Allison2010-07-201-5/+6
| | | | | | use of malloc, and data_blob(). Jeremy.
* s3-auth: Move auth_ntlmssp wrappers in their own fileSimo Sorce2010-07-201-0/+1
| | | | Signed-off-by: Andrew Bartlett <abartlet@samba.org>
* s3-auth: Refactor and rename auth_ntlmssp_server_info()Simo Sorce2010-07-201-1/+1
| | | | | | | | | Rename it to auth_ntlmssp_steal_server_info() to make it clear that the server_info struct is stolen from the auth_ntlmssp_state structure. Use talloc_move instead of manual steal&clear Add comments to explain what is going on. Signed-off-by: Andrew Bartlett <abartlet@samba.org>
* s3-auth: Use talloc hierarchies to properly free auth_ntlmssp_state contextsSimo Sorce2010-07-191-9/+9
| | | | | | | Turn auth_ntlmssp_end into a destructor and attach it to auth_ntlmssp_state. Remote auth_ntlmssp_end and use TALLOC_FREE in the callers. Signed-off-by: Andrew Bartlett <abartlet@samba.org>
* Make the "map to guest" parameter work correctly with NTLMSSP (spnegoJeremy Allison2010-07-161-7/+28
| | | | | | | and raw) under SMB2. Still need to investigate fixing this with krb5 auth (does this make sense ?). Jeremy.
* s3:auth Change auth_ntlmssp_server_info API to return NTSTATUSAndrew Bartlett2010-07-141-3/+4
| | | | | | | | | This fixes a bug where register_existing_vuid() could be called with a NULL server_info if the alloction failed. Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org>
* s3: Remove procid_self() from session_claim()Volker Lendecke2010-07-051-2/+4
|
* Revert "s3:auth Change auth_ntlmssp_server_info API to return NTSTATUS"Volker Lendecke2010-06-081-4/+3
| | | | | | | | This reverts commit edba46ce94c335411ab337eeb4ef6f88fb3aae80. Conflicts: source3/auth/auth_ntlmssp.c
* s3:auth Change auth_ntlmssp_server_info API to return NTSTATUSAndrew Bartlett2010-06-071-3/+4
| | | | | | | It's nicer to have an NTSTATUS return, and in s3compat there may be a reason other than 'no memory' why this can fail. Andrew Bartlett
* Allow us to cope correctly with NT_STATUS_MORE_PROCESSING_REQUIRED when ↵Jeremy Allison2010-06-031-1/+7
| | | | | | downgrading from krb5 to NTLMSSP over SMB2. Jeremy.
* Found by Guenther - fix up our fallback paths from krb5 to NTLMSSP when ↵Jeremy Allison2010-06-031-8/+29
| | | | | | using SMB2. Jeremy.
* s3:smbd map_username() doesn't need sconn anymoreSimo Sorce2010-05-311-2/+1
| | | | Signed-off-by: Andreas Schneider <asn@samba.org>
* ntlmssp: Make the ntlmssp.h from source3/ a common headerAndrew Bartlett2010-05-311-1/+1
| | | | | | | | | The code is not yet in common, but I hope to fix that soon. Andrew Bartlett Signed-off-by: Stefan Metzmacher <metze@samba.org> Signed-off-by: Günther Deschner <gd@samba.org>
* s3:auth Make AUTH_NTLMSSP_STATE a private structure.Andrew Bartlett2010-05-311-19/+11
| | | | | | | | | This makes it a little easier for it to writen in terms of GENSEC in future. Andrew Bartlett Signed-off-by: Stefan Metzmacher <metze@samba.org> Signed-off-by: Günther Deschner <gd@samba.org>
* s3:auth Free sampass as soon as we have server_infoSimo Sorce2010-05-281-0/+1
| | | | | | | We don't keep sampass in server_info anymore So it makes no sense to keep it around. Signed-off-by: Günther Deschner <gd@samba.org>
* s3:auth use info3 in auth_serversupplied_infoSimo Sorce2010-05-281-4/+4
| | | | Signed-off-by: Günther Deschner <gd@samba.org>
generated by cgit (git 2.34.1) at 2024-09-29 05:27:53 +0000