summaryrefslogtreecommitdiff
path: root/source4/smb_server/smb2
Commit message (Collapse)AuthorAgeFilesLines
* s4:smb_server: avoid using gensec_update_ev() for the negotiate blobStefan Metzmacher2017-05-211-1/+2
| | | | | | | | | Getting the SPNEGO mech type blob, we don't expect to block for any network io, so we can also use gensec_update() which creates a temporary event context. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* auth: Log the transport connection for the authorizationAndrew Bartlett2017-03-291-0/+1
| | | | | | | We also log if a simple bind was over TLS, as this particular case matters to a lot of folks Signed-off-by: Andrew Bartlett <abartlet@samba.org> Signed-off-by: Andrew Bartlett <abartlet@samba.org>
* auth: Always supply both the remote and local address to the auth subsystemAndrew Bartlett2017-03-291-0/+39
| | | | | | | | | | | This ensures that gensec, and then the NTLM auth subsystem under it, always gets the remote and local address pointers for potential logging. The local address allows us to know which interface an authentication is on Signed-off-by: Andrew Bartlett <abartlet@samba.org> Pair-Programmed-by: Gary Lockyer <gary@catalyst.net.nz> Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
* pvfs_open win10 fix, need return SMB2_CREATE_TAG_QFIDouyang.xu2016-08-191-0/+5
| | | | | | | | | | Signed-off-by: kkhaike <kkhaike@gmail.com> Reviewed-by: Jeremy Allison <jra@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Uri Simchoni <uri@samba.org> Autobuild-User(master): Uri Simchoni <uri@samba.org> Autobuild-Date(master): Fri Aug 19 09:35:15 CEST 2016 on sn-devel-144
* CVE-2016-2115: s3:libsmb: add signing constant SMB_SIGNING_IPC_DEFAULTRalph Boehme2016-04-121-0/+1
| | | | | | | | | | SMB_SIGNING_IPC_DEFAULT must be used from s3 client code when opening RPC connections. BUG: https://bugzilla.samba.org/show_bug.cgi?id=11756 Signed-off-by: Ralph Boehme <slow@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
* CVE-2016-2114: s4:smb2_server: fix session setup with required signingStefan Metzmacher2016-04-121-8/+0
| | | | | | | | | The client can't sign the session setup request... BUG: https://bugzilla.samba.org/show_bug.cgi?id=11687 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Günther Deschner <gd@samba.org>
* s4-smb_server: check for return code of cli_credentials_set_machine_account().Günther Deschner2016-03-171-2/+4
| | | | | | | | | | We keep anonymous server_credentials structure in order to let the rpc.spoolss.notify start it's test server. Pair-Programmed-With: Stefan Metzmacher <metze@samba.org> Signed-off-by: Günther Deschner <gd@samba.org> Signed-off-by: Stefan Metzmacher <metze@samba.org>
* dlist: remove unneeded type argument from DLIST_ADD_END()Michael Adam2016-02-061-1/+1
| | | | | Signed-off-by: Michael Adam <obnox@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* build: Enable NTVFS file server to be omittedAndrew Bartlett2015-10-231-1/+1
| | | | | | | | | | | | | | We now only build it by default with --enable-sefltest, or otherwise if requested. The NTVFS file server still has features not present in the smbd file server, such as a CIFS/SMB proxy, and a radically different design, but it is also not undergoing any ongoing development so this keeps it in a safe state for care and maintaince, with less of a security risk if such an issue were to come up. Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* Introduce setting "desired" for 'smb encrypt' and 'client/server signing'Michael Adam2015-07-071-0/+1
| | | | | | | | | | | This should trigger the behaviour where the server requires signing when the client supports it, but does not reject clients that don't support it. BUG: https://bugzilla.samba.org/show_bug.cgi?id=11372 Signed-off-by: Michael Adam <obnox@samba.org> Reviewed-by: Guenther Deschner <gd@samba.org>
* Rename SMB2_OP_FIND to SMB2_OP_QUERY_DIRECTORY so that it conforms with the ↵Richard Sharpe2015-03-271-1/+1
| | | | | | | | | | MS document MS-SMB2. Signed-off-by: Richard Sharpe <rsharpe@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> Autobuild-User(master): Jeremy Allison <jra@samba.org> Autobuild-Date(master): Fri Mar 27 01:24:47 CET 2015 on sn-devel-104
* s4:smb_server/smb2: remove unused _pad variablesStefan Metzmacher2014-11-253-12/+0
| | | | | Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* s4:smb_server/smb2: avoid unused warnings in smb2srv_setinfo_send()Stefan Metzmacher2014-11-251-1/+1
| | | | | | | op->req and req have the same value. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* s4:smb_server: make use of gensec_update_ev()Stefan Metzmacher2014-03-271-1/+1
| | | | | Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* s4: pass down a memory context when performing share_string_option, to allow ↵Garming Sam2014-02-201-2/+3
| | | | | | | | | substitutions Signed-off-by: Garming Sam <garming@catalyst.net.nz> Change-Id: I24b36db3ac11834c3268b2da929e214c10268b16 Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Nadezhda Ivanova <nivanova@samba.org>
* lib/param: Create a seperate server role for "active directory domain ↵Andrew Bartlett2012-06-151-1/+1
| | | | | | | | | | | | | | | controller" This will allow us to detect from the smb.conf if this is a Samba4 AD DC which will allow smarter handling of (for example) accidentially starting smbd rather than samba. To cope with upgrades from existing Samba4 installs, 'domain controller' is a synonym of 'active directory domain controller' and new parameters 'classic primary domain controller' and 'classic backup domain controller' are added. Andrew Bartlett
* Introduce system MIT krb5 build with --with-system-mitkrb5 option.Alexander Bokovoy2012-05-231-1/+2
| | | | | | | | | | | | | | | | | System MIT krb5 build also enabled by specifying --without-ad-dc When --with-system-mitkrb5 (or --withou-ad-dc) option is passed to top level configure in WAF build we are trying to detect and use system-wide MIT krb5 libraries. As result, Samba 4 DC functionality will be disabled due to the fact that it is currently impossible to implement embedded KDC server with MIT krb5. Thus, --with-system-mitkrb5/--without-ad-dc build will only produce * Samba 4 client libraries and their Python bindings * Samba 3 server (smbd, nmbd, winbindd from source3/) * Samba 3 client libraries In addition, Samba 4 DC server-specific tests will not be compiled into smbtorture. This in particular affects spoolss_win, spoolss_notify, and remote_pac rpc tests.
* s4:smb_server/smb: only create a new session with vuid == 0Stefan Metzmacher2012-05-091-0/+5
| | | | metze
* s4-smb2: Fix a talloc crash bug.Andreas Schneider2012-04-111-2/+2
| | | | | | | | The talloc context needs to be initialzed or NULL. So move talloc_steal() to the position where req is initialized. Autobuild-User: Andreas Schneider <asn@cryptomilk.org> Autobuild-Date: Wed Apr 11 15:59:39 CEST 2012 on sn-devel-104
* s4:smb_server/smb2: add missing 'return;' statements in smb2srv_chain_reply()Stefan Metzmacher2012-04-021-0/+3
| | | | | | | metze Autobuild-User: Stefan Metzmacher <metze@samba.org> Autobuild-Date: Mon Apr 2 23:02:53 CEST 2012 on sn-devel-104
* s4:smb_server/smb2: after smbsrv_terminate_connection() we have to returnStefan Metzmacher2012-04-021-1/+0
| | | | | | req is a talloc child of the connection... metze
* s4:smb_server/smb2: fix memory leak in smb2srv_chain_reply()Stefan Metzmacher2012-04-021-0/+2
| | | | metze
* s4:smb_server/smb2: use helper variable smb2srv_chain_reply()Stefan Metzmacher2012-04-021-6/+7
| | | | metze
* s4-smb_server No longer follow the security=share smb.conf directiveAndrew Bartlett2011-11-081-1/+0
| | | | | | | | By ignoring the value of security= from the smb.conf, we can allow this to instead set the value of 'server role' in a manner compatible with the Samba 3.x release stream. Andrew Bartlett
* s4:smb_server: s/SMB_SIGNING_SUPPORTED/SMB_SIGNING_IF_REQUIRED/Stefan Metzmacher2011-11-031-1/+1
| | | | metze
* s4:smb_server: change the default for "server signing" to "default"Stefan Metzmacher2011-11-031-1/+4
| | | | metze
* s4:smb_server/smb2: add the same SMB_SIGNING_AUTO logic as for smb1Stefan Metzmacher2011-11-031-2/+25
| | | | metze
* s4:smb_server/smb2: correctly implement related compound requestsStefan Metzmacher2011-10-312-0/+15
| | | | | | We need to remember the session id and tree id. metze
* s4:smb_server/smb2: always grant the requested creditsStefan Metzmacher2011-10-313-20/+20
| | | | | | At least one credit, if the client asked for 0. metze
* s4:smb_server/smb2: echo back more header fieldsStefan Metzmacher2011-10-311-3/+7
| | | | metze
* s4:smb_server/smb2: make use of _smb_setlen_tcp()Stefan Metzmacher2011-10-191-1/+1
| | | | metze
* gensec: move event context from gensec_*_init() to gensec_update()Andrew Bartlett2011-10-181-1/+1
| | | | | | | | | | | | This avoids keeping the event context around on a the gensec_security context structure long term. In the Samba3 server, the event context we either supply is a NULL pointer as no server-side modules currently use the event context. Andrew Bartlett Signed-off-by: Stefan Metzmacher <metze@samba.org>
* s4:smb_server/smb2: make sure we sign the final session setupStefan Metzmacher2011-09-291-3/+10
| | | | | | | metze Autobuild-User: Stefan Metzmacher <metze@samba.org> Autobuild-Date: Thu Sep 29 18:59:54 CEST 2011 on sn-devel-104
* s4:smb_server: make use of PROTOCOL_SMB2_02Stefan Metzmacher2011-09-051-1/+1
| | | | metze
* gensec: clarify memory ownership for gensec_session_info() and ↵Andrew Bartlett2011-08-031-1/+1
| | | | | | | | | | | | | | | gensec_session_key() This is slightly less efficient, because we no longer keep a cache on the gensec structures, but much clearer in terms of memory ownership. Both gensec_session_info() and gensec_session_key() now take a mem_ctx and put the result only on that context. Some duplication of memory in the callers (who were rightly uncertain about who was the rightful owner of the returned memory) has been removed to compensate for the internal copy. Andrew Bartlett
* s4-nterr: move auth_nt_status_squash to nt_status_squash and move to nterr.cGünther Deschner2011-03-041-2/+2
| | | | Guenther
* s4-smb_server Return why the ntvfs_connect() failed.Andrew Bartlett2010-12-011-1/+1
| | | | Andrew Bartlett
* s4: Remove the old perl/m4/make/mk-based build system.Jelmer Vernooij2010-10-311-19/+0
| | | | | | | | The new waf-based build system now has all the same functionality, and the old build system has been broken for quite some time. Autobuild-User: Jelmer Vernooij <jelmer@samba.org> Autobuild-Date: Sun Oct 31 02:01:44 UTC 2010 on sn-devel-104
* smb2: Add missing dependency on NDR_DFSBLOBS.Jelmer Vernooij2010-10-111-1/+1
|
* s4-smb: serialise session setup operationsAndrew Tridgell2010-09-151-0/+9
| | | | | | | the mixture of async and sync code in gensec makes a EOF on a socket during a session setup cause a crash. The simplest solution is to stop processing events on the socket until the session setup is complete.
* s4-loadparm: 2nd half of lp_ to lpcfg_ conversionAndrew Tridgell2010-07-162-5/+5
| | | | | | | this converts all callers that use the Samba4 loadparm lp_ calling convention to use the lpcfg_ prefix. Signed-off-by: Andrew Bartlett <abartlet@samba.org>
* s4:smb_server/smb2/find.c - remove unused codeMatthias Dieter Wallnöfer2010-06-291-3/+0
| | | | Spotted by the Solaris 10 compiler
* Finish removal of iconv_convenience in public API's.Jelmer Vernooij2010-05-182-3/+3
|
* s4:smb_server: pass tsocket_addresses to the ntvfs layerStefan Metzmacher2010-04-271-2/+4
| | | | metze
* s4-waf: removed the AUTOGENERATED markersAndrew Tridgell2010-04-061-4/+0
| | | | we won't be using the mk -> wscript generator again
* s4-waf: mark the wscript files as python so vim/emacs knows how to highlight ↵Andrew Tridgell2010-04-061-0/+2
| | | | them
* build: commit all the waf build files in the treeAndrew Tridgell2010-04-061-0/+10
|
* Change uint_t to unsigned int in source4Matt Kraai2010-02-021-2/+2
| | | | Signed-off-by: Stefan Metzmacher <metze@samba.org>
* s4:gensec: change gensec_update_send/recv to tevent_reqStefan Metzmacher2009-12-241-5/+12
| | | | metze
* s4-server: use GUID_to_ndr_blob() in cldap and smb serversAndrew Tridgell2009-12-101-3/+2
|
View Lorry Controller Status