summaryrefslogtreecommitdiff
path: root/source3/smbd/smb2_sesssetup.c
Commit message (Collapse)AuthorAgeFilesLines
* s3:smb2_sesssetup: check that the connection belongs to the session in ↵Michael Adam2015-07-291-0/+8
| | | | | | | sess.setup Signed-off-by: Michael Adam <obnox@samba.org> Reviewed-by: Michael Adam <obnox@samba.org>
* smbd:smb2: only enable encryption in session if desiredMichael Adam2015-07-071-3/+4
| | | | | | | | | | Don't enforce it but only announce ENCRYPT_DATA, using the encryption_desired flag in session setup. BUG: https://bugzilla.samba.org/show_bug.cgi?id=11372 Signed-off-by: Michael Adam <obnox@samba.org> Reviewed-by: Guenther Deschner <gd@samba.org>
* smbd: Fix clients connecting unencrypted with PROTOCOL_SMB2_24 or higher.Jeremy Allison2015-06-171-2/+2
| | | | | | | | | | | | Nonce code was terminating connections where xconn->smb2.server.cipher == 0. If no negotiated cipher (smb2.server.cipher is zero) set nonce_high_max to zero. smb2_get_new_nonce() returns NT_STATUS_ENCRYPTION_FAILED if it is ever called with session->nonce_high_max == 0. Bug: https://bugzilla.samba.org/show_bug.cgi?id=11300 Signed-off-by: Jeremy Allison <jra@samba.org>
* s3:smb2_server: In CCM and GCM mode we can't reuse noncesSimo Sorce2015-05-291-2/+29
| | | | | | | | | | | | | | | Reuse of nonces with AES-CCM and AES-GCM leads to catastrophic failure, so make sure the server drops the connection if that ever happens. Bug: https://bugzilla.samba.org/show_bug.cgi?id=11300 Pair-Programmed-With: Stefan Metzmacher <metze@samba.org> Signed-off-by: Simo Sorce <simo@redhat.com> Signed-off-by: Stefan Metzmacher <metze@samba.org> Autobuild-User(master): Simo Sorce <idra@samba.org> Autobuild-Date(master): Fri May 29 22:38:50 CEST 2015 on sn-devel-104
* s3:smb2_sesssetup.c: For SMB >= 3.1, derive crypto keys from preauthStefan Metzmacher2015-05-081-16/+82
| | | | | | | | | | | This protects the full connection setup including a posteriori verification of the negotiate messages, by signing the final session setup response with a signing key derived from the preauth hash and the authentication session key. Pair-Programmed-With: Michael Adam <obnox@samba.org> Signed-off-by: Stefan Metzmacher <metze@samba.org> Signed-off-by: Michael Adam <obnox@samba.org>
* s3:smb2_sesssetup: remove unused smbd_smb2_session_setup_* destructorsStefan Metzmacher2015-05-061-98/+0
| | | | | | | | | | The cleanup of a failing session setup is now handled in smbd_smb2_session_setup_wrap_*(). Bug: https://bugzilla.samba.org/show_bug.cgi?id=11182 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* s3:smb2_sesssetup: add smbd_smb2_session_setup_wrap_send/recv()Stefan Metzmacher2015-05-061-15/+171
| | | | | | | | | | The wrapper calls smbXsrv_session_shutdown_send/recv() in case of an error, this makes sure a failing reauth shuts down the session like an explicit logoff. Bug: https://bugzilla.samba.org/show_bug.cgi?id=11182 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* s3:smb2_sesssetup: always assign smb2req->session when a session was created.Stefan Metzmacher2015-05-061-1/+1
| | | | | | | Bug: https://bugzilla.samba.org/show_bug.cgi?id=11182 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* s3:smb2_sesssetup: let smbd_smb2_logoff_* use smbXsrv_session_shutdown_*Stefan Metzmacher2015-05-061-60/+15
| | | | | | | Bug: https://bugzilla.samba.org/show_bug.cgi?id=11182 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* smbd: Make SMB3 clients use encryption with "smb encrypt = auto"Volker Lendecke2015-03-031-0/+5
| | | | | | | | Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org> Autobuild-User(master): Volker Lendecke <vl@samba.org> Autobuild-Date(master): Tue Mar 3 10:40:42 CET 2015 on sn-devel-104
* Revert "s3: smbd: signing. Ensure we respond correctly to an SMB2 negprot ↵Jeremy Allison2015-02-231-3/+1
| | | | | | | | | | | | with SMB2_NEGOTIATE_SIGNING_REQUIRED." Even though the MS-SMB2 spec says so, Windows doesn't behave like this. This reverts commit 1cea6e5b6f8c0e28d5ba2d296c831c4878fca304. Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: "Stefan (metze) Metzmacher" <metze@samba.org>
* s3: smbd: signing. Ensure we respond correctly to an SMB2 negprot with ↵Jeremy Allison2015-02-191-1/+3
| | | | | | | | | | | SMB2_NEGOTIATE_SIGNING_REQUIRED. Bug 11103: - Samba does not set the required flags in the SMB2/SMB3 Negotiate Protocol Response when signing required by client https://bugzilla.samba.org/show_bug.cgi?id=11103 Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Steve French <smfrench@gmail.com>
* s3:smb2_server: allow reauthentication without signingStefan Metzmacher2014-12-121-0/+4
| | | | | | | | | | If signing is not required we should not require it for reauthentication. Windows clients would otherwise fail to reauthenticate. Bug: https://bugzilla.samba.org/show_bug.cgi?id=10958 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* s3:smb2_server: check xconn->smb2.server.cipher instead of ↵Stefan Metzmacher2014-10-161-1/+1
| | | | | | | | | | | xconn->smb2.server.capabilities SMB 3.10 and later won't have SMB2_CAP_ENCRYPTION anymore. xconn->smb2.server.cipher == 0 is the indication that we don't support encryption on the connection. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* s3:smb2_sesssetup: we don't need to do a 2nd smb2srv_session_lookup()Stefan Metzmacher2014-09-191-3/+7
| | | | | | | | For the continuation of a SMB2 SessionSetup we already have the smb2req->session (with NT_STATUS_MORE_PROCESSING_REQUIRED). Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Michael Adam <obnox@samba.org>
* s3:smb2_sesssetup: use smb2req->sconn in smbd_smb2_reauth_generic_return()Stefan Metzmacher2014-09-191-2/+1
| | | | | | | xconn->sconn will go away soon. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Michael Adam <obnox@samba.org>
* s3: smbd: smb2-sessionsetup. Fix use after free when the sessionsetup ↵Jeremy Allison2014-09-081-0/+6
| | | | | | | | | | request state is freed before struct smbXsrv_session struct. Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Autobuild-User(master): Andrew Bartlett <abartlet@samba.org> Autobuild-Date(master): Mon Sep 8 09:52:23 CEST 2014 on sn-devel-104
* s3:smbd: remember the time of the session setup auth_timeStefan Metzmacher2014-08-061-0/+2
| | | | | | | | This is the time of the last reauth. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Volker Lendecke <vl@samba.org> Reviewed-by: Michael Adam <obnox@samba.org>
* s3:smb2_sesssetup: make use of smb2req->xconnStefan Metzmacher2014-08-061-11/+11
| | | | | | | | We should use stuff relative to the current request. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Volker Lendecke <vl@samba.org> Reviewed-by: Michael Adam <obnox@samba.org>
* s3:smb2_sesssetup: split out smbd_smb2_session_setup_auth_return()Stefan Metzmacher2014-08-061-34/+12
| | | | | | Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Volker Lendecke <vl@samba.org> Reviewed-by: Michael Adam <obnox@samba.org>
* s3:smb2_server: pass smbXsrv_connection to smbd_server_connection_terminate*()Stefan Metzmacher2014-08-061-6/+6
| | | | | | Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Volker Lendecke <vl@samba.org> Reviewed-by: Michael Adam <obnox@samba.org>
* s3:smb2_*: make use of smb2req->xconn where possibleStefan Metzmacher2014-08-061-5/+5
| | | | | | | | We need to use the connection that is used by the current request. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Volker Lendecke <vl@samba.org> Reviewed-by: Michael Adam <obnox@samba.org>
* s3:smb2_server: move sconn->smb2.requests to xconn->smb2.requestsStefan Metzmacher2014-08-061-2/+5
| | | | | | | | This prepares the structures for multi-channel support. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Volker Lendecke <vl@samba.org> Reviewed-by: Michael Adam <obnox@samba.org>
* s3:smb2_sesssetup: cancel and wait for pending requests on logoffStefan Metzmacher2014-03-121-4/+78
| | | | | | | Bug: https://bugzilla.samba.org/show_bug.cgi?id=10344 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* s3:smb2_sesssetup: split smbd_smb2_logoff into an async *_send/recv pair.Jeremy Allison2014-03-121-20/+92
| | | | | | | | | Bug: https://bugzilla.samba.org/show_bug.cgi?id=10344 Pair-Programmed-With: Stefan Metzmacher <metze@samba.org> Signed-off-by: Jeremy Allison <jra@samba.org> Signed-off-by: Stefan Metzmacher <metze@samba.org>
* s3:smb2_sesssetup: make use of smbd_smb2_generate_outbody()Stefan Metzmacher2014-03-051-2/+2
| | | | | Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* s3:smbd/smb2 fix compiler warningsChristian Ambach2013-12-121-2/+2
| | | | | | | about a potentially uninitialized variables Signed-off-by: Christian Ambach <ambi@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* smbd: Invalidate the session correctly.Jeremy Allison2013-11-041-0/+23
| | | | | | | | When a session is invalidated then we must also ensure it isn't used in any pending requests being processed. Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
* smbd:smb2: fix crash when smb2 session reauth failsMichael Adam2013-10-151-3/+17
| | | | | | | | | | | | | | | | | | | https://bugzilla.samba.org/show_bug.cgi?id=10208 Authentication error in smb2 session reauth invalidates the session. In this case the session must in contrast to successful session setup requests be torn down and live no longer than the request. The talloc move of the session from the global session table to the request ensures that the session setup reply can still be correctly signed, but subsequent requests on the connection don't find a session any more. Pair-Programmed-With: Jeremy Allison <jra@samba.org> Pair-Programmed-With: Stefan Metzmacher <metze@samba.org> Signed-off-by: Michael Adam <obnox@samba.org>
* s3:smbd: initialize session->global before calling session_claimGregor Beck2012-10-191-7/+7
| | | | | Signed-off-by: Stefan Metzmacher <metze@samba.org> Signed-off-by: Michael Adam <obnox@samba.org>
* s3:smbd: remove smbd_server_connection argument from session_claim()Gregor Beck2012-10-191-1/+1
| | | | | | | retrieve the server connection from the smbXsrv_session argument instead. Signed-off-by: Stefan Metzmacher <metze@samba.org> Signed-off-by: Michael Adam <obnox@samba.org>
* s3:smbd: pass smbXsrv_session instead of user_struct to session_claim() and ↵Gregor Beck2012-10-191-1/+1
| | | | | | | session_yield() Signed-off-by: Stefan Metzmacher <metze@samba.org> Signed-off-by: Michael Adam <obnox@samba.org>
* Revert "Fix bug #9222 - smbd ignores the "server signing = no" setting for ↵Jeremy Allison2012-10-031-6/+0
| | | | | | | | | | | | | | | | | | SMB2." This reverts commit dfd3c31a3f9eea96854b2d22574856368e86b245. As Metze pointed out: From MS-SMB2 section 2.2.4: SMB2_NEGOTIATE_SIGNING_ENABLED When set, indicates that security signatures are enabled on the server. The server MUST set this bit, and the client MUST return STATUS_INVALID_NETWORK_RESPONSE if the flag is missing. I'll submit a documentation bug to fix #9222 that way.
* Fix bug #9222 - smbd ignores the "server signing = no" setting for SMB2.Jeremy Allison2012-10-031-0/+6
| | | | | | | | Still sign if client request is signed, just don't negotiate it in negprot or sessionsetup. Autobuild-User(master): Jeremy Allison <jra@samba.org> Autobuild-Date(master): Wed Oct 3 00:59:42 CEST 2012 on sn-devel-104
* Make metze happy and the code clearer :-).Jeremy Allison2012-09-121-0/+6
| | | | | | | | Ensure we know after the destructor fires we're never going to look at this again. Autobuild-User(master): Jeremy Allison <jra@samba.org> Autobuild-Date(master): Wed Sep 12 03:00:21 CEST 2012 on sn-devel-104
* Fix talloc memory heirarchy bug. If there's an SMB2 sessionsetup in flight ↵Jeremy Allison2012-09-101-5/+36
| | | | | | | when we're shut down, we end up freeing the struct smbXsrv_session *session pointer twice. Autobuild-User(master): Jeremy Allison <jra@samba.org> Autobuild-Date(master): Mon Sep 10 23:34:06 CEST 2012 on sn-devel-104
* s3:smb2_server: use smbXsrv_session->nonce_*Stefan Metzmacher2012-08-231-0/+3
| | | | metze
* s3:smb2_sesssetup: setup global->[en|de]cryption_keyStefan Metzmacher2012-08-091-0/+36
| | | | | | | metze Autobuild-User(master): Stefan Metzmacher <metze@samba.org> Autobuild-Date(master): Thu Aug 9 09:59:02 CEST 2012 on sn-devel-104
* s3:smb2_sesssetup: set global->encryption_required and enforce itStefan Metzmacher2012-08-091-0/+22
| | | | | | | This the account or client doesn't support encryption we should reject the session setup. metze
* s3:smb2_sesssetup: remove unused code in smbd_smb2_reauth_generic_return()Stefan Metzmacher2012-08-081-9/+0
| | | | | | A reauth exchange is already signed, with the channel signing key. metze
* s3:smb2_sesssetup: remove TALLOC_FREE(session) from ↵Stefan Metzmacher2012-08-081-9/+0
| | | | | | | | smbd_smb2_[re]auth_generic_return The caller does this via the smbd_smb2_session_setup_state_destructor() metze
* s3:smb2_sesssetup: make use of SMBD_SMB2_* macrosStefan Metzmacher2012-08-051-8/+6
| | | | metze
* s3:smb2_sesssetup: reject SMB2_SESSION_FLAG_BINDING requestsStefan Metzmacher2012-07-261-0/+13
| | | | | | | metze Autobuild-User(master): Stefan Metzmacher <metze@samba.org> Autobuild-Date(master): Thu Jul 26 02:08:56 CEST 2012 on sn-devel-104
* s3:smb2_sesssetup: make use of smb2srv_session_close_previous_send/recvStefan Metzmacher2012-06-251-0/+66
| | | | metze
* s3:smb2_sesssetup: inline gensec_session_info() callStefan Metzmacher2012-06-251-25/+15
| | | | metze
* s3:smb2_sesssetup: make use of gensec_update_send/recvStefan Metzmacher2012-06-251-10/+35
| | | | metze
* s3:smb2_sesssetup: inline most of smbd_smb2_session_setup()Stefan Metzmacher2012-06-251-130/+99
| | | | metze
* s3:smb2_sesssetup: implement dynamic re-authentication and expire sessionsStefan Metzmacher2012-06-251-1/+85
| | | | metze
* s3:smbd: make use of smbXsrv_tcon and smbXsrv_session for smb2Stefan Metzmacher2012-06-251-112/+64
| | | | | | | | | The removes the protocol specific smbd_smb2_session and smbd_smb2_tcon. Pair-Programmed-With: Michael Adam <obnox@samba.org> metze
* s3:smb2_sesssetup: add support for SMB 2.24/3.00 signingStefan Metzmacher2012-06-251-0/+29
| | | | metze
View Lorry Controller Status