summaryrefslogtreecommitdiff
path: root/source4/smb_server
Commit message (Collapse)AuthorAgeFilesLines
* auth: Pass through entire PAC flags value in auth_user_infoJoseph Sutton2023-02-081-2/+2
| | | | | | | | | | Besides the NETLOGON_GUEST bit indicating whether the user has been authenticated, we now carry all of the other bits as well. This lets us match Windows' behaviour of simply passing these bits through to an updated PAC when processing a TGS-REQ. Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* lib: Remove idtree from samba_util.hVolker Lendecke2023-01-104-3/+4
| | | | | | | No need to recompile the world when only a few files need this. Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* lib: Add "starting_id" to idr_get_new_random()Volker Lendecke2023-01-102-2/+7
| | | | | | | To be used in smbXsrv_open.c, for this we need a lower bound. Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* s4:smb_server: don't set mapped_state explicitly in auth_usersupplied_infoStefan Metzmacher2022-03-101-2/+0
| | | | | | | | | | We already use talloc_zero() and mapped_state will be removed in the next commits. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13879 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* CVE-2020-25717: s4:smb_server: start with authoritative = 1Stefan Metzmacher2021-11-091-2/+2
| | | | | | | | | | This is not strictly needed, but makes it easier to audit that we don't miss important places. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14556 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* s4:samba: Migrate samba daemon to new cmdline option parserAndreas Schneider2021-04-292-3/+5
| | | | | Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* smb.conf: Remove "share backend" optionAndrew Bartlett2021-03-261-3/+3
| | | | | | | | This is a confusing hold-over from the NTVFS fileserver that never became part of the merged architecture. Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* s4: rename source4/smbd/ to source4/samba/Ralph Boehme2020-11-2714-18/+18
| | | | | | | | Signed-off-by: Ralph Boehme <slow@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Autobuild-User(master): Ralph Böhme <slow@samba.org> Autobuild-Date(master): Fri Nov 27 10:07:18 UTC 2020 on sn-devel-184
* s4:smb_server: Use cli_credentials_init_server() for negprotAndreas Schneider2020-09-072-26/+27
| | | | | | | Signed-off-by: Andreas Schneider <asn@samba.org> Autobuild-User(master): Stefan Metzmacher <metze@samba.org> Autobuild-Date(master): Mon Sep 7 13:22:26 UTC 2020 on sn-devel-184
* lib/util: remove extra safe_string.h fileMatthew DeVore2020-08-281-0/+2
| | | | | | | | | | | | | | | | | | lib/util/safe_string.h is similar to source3/include/safe_string.h, but the former has fewer checks. It is missing bcopy, strcasecmp, and strncasecmp. Add the missing elements to lib/util/safe_string.h remove the other safe_string.h which is in the source3-specific path. To accomodate existing uses of str(n?)casecmp, add #undef lines to source files where they are used. Signed-off-by: Matthew DeVore <matvore@google.com> Reviewed-by: David Mulder <dmulder@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> Autobuild-User(master): Jeremy Allison <jra@samba.org> Autobuild-Date(master): Fri Aug 28 02:18:40 UTC 2020 on sn-devel-184
* source4/smb_server: Use NT_STATUS_PENDING instead of STATUS_PENDINGChristof Schmitt2020-06-221-1/+1
| | | | Signed-off-by: Christof Schmitt <cs@samba.org> Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
* s4/smb_server: Fix handling of SMB2 messages after Netbios session setupNoel Power2019-12-051-1/+0
| | | | | | | | | | | | | | | | | | | | | On receiving a special NBT packet (e.g. session setup) the samba daemon effectively sets up SMB1 as the negotiated protocol (in terms of software handling of the messages) even though no SMB protocol has yet been negotiated. If the next message after the nbt session setup is a SMB2 message it will be handled by the SMB1 callbacks and will be rejected. This is evident when using smbclient (with -p 139) option in an env where SMB1 cannot be negotiated [*] This change doesn't set up the SMB1 callbacks on receipt of NBT special messages but lets the generic callback in place. Once either SMB1 (or) SMB2 is established (by receipt of a 'real' SMB or >=SMB2 message) then the proper callbacks will be set as normal. Signed-off-by: Noel Power <noel.power@suse.com> Reviewed-by: Ralph Boehme <slow@samba.org> Autobuild-User(master): Ralph Böhme <slow@samba.org> Autobuild-Date(master): Thu Dec 5 18:44:40 UTC 2019 on sn-devel-184
* s4/smb_server/smb: cppcheck: Fix uninitvar & uninitStructMember errorsNoel Power2019-06-041-1/+1
| | | | | | | | | | | | | | | Fixes the following errors (note: existing code is safe the way it is currently all accesses to the structure are 'after' it is assigned) source4/smb_server/smb/negprot.c:447: error: uninitvar: Uninitialized variable: blob <--[cppcheck] source4/smb_server/smb/negprot.c:453: error: uninitStructMember: Uninitialized struct member: blob.data <--[cppcheck] source4/smb_server/smb/negprot.c:447: error: uninitStructMember: Uninitialized struct member: blob.length <--[cppcheck] source4/smb_server/smb/negprot.c:453: error: uninitStructMember: Uninitialized struct member: blob.length <--[cppcheck] source4/smb_server/smb/negprot.c:454: error: uninitStructMember: Uninitialized struct member: blob.length <--[cppcheck] source4/smb_server/smb/negprot.c:455: error: uninitStructMember: Uninitialized struct member: blob.length <--[cppcheck] Signed-off-by: Noel Power <noel.power@suse.com> Reviewed-by: Andreas Schneider <asn@samba.org>
* Fix ubsan null pointer passed as argument 2Gary Lockyer2019-05-271-2/+5
| | | | | | | | | | | | Fix ubsan warning null pointer passed as argument 2 when the source pointer is NULL. The calls to memcpy are now guarded by an if (len > 0) Signed-off-by: Gary Lockyer <gary@catalyst.net.nz> Reviewed-by: Andreas Schneider <asn@samba.org> Autobuild-User(master): Gary Lockyer <gary@samba.org> Autobuild-Date(master): Mon May 27 01:29:48 UTC 2019 on sn-devel-184
* libsmb: Rename InfoType from [MS-SMB2] according to the specVolker Lendecke2019-04-011-8/+8
| | | | | | | This makes it easier to find this via internet search Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* s4:libcli/smb2: align struct smb_ioctl.smb2 to [MS-SMB2] namesStefan Metzmacher2019-03-281-7/+8
| | | | | | | BUG: https://bugzilla.samba.org/show_bug.cgi?id=13863 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* s4:libcli/smb2: fix smb2_getinfo_send() marshallingStefan Metzmacher2019-03-281-1/+1
| | | | | | | BUG: https://bugzilla.samba.org/show_bug.cgi?id=13863 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* spelling of associatedDouglas Bagnall2019-02-131-3/+3
| | | | | Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* source4 smdb: Add a post fork hook to the service APIGary Lockyer2018-11-011-5/+9
| | | | | | | | | | | | | | | | | | | | | | | | | | Add a post fork hook to the service API this will be called: - standard process model immediately after the task_init. - single process model immediately after the task_init - prefork process model, inhibit_pre_fork = true immediately after the task_init - prefork process model, inhibit_pre_fork = false after each service worker has forked. It is not run on the service master process. The post fork hook is not called in the standard model if a new process is forked on a new connection. It is instead called immediately after the task_init. The task_init hook has been changed to return an error code. This ensures the post_fork code is only run if the task_init code completed successfully. Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
* source4 smbd: Make the service_details structure constant.Gary Lockyer2018-11-011-1/+1
| | | | | | Make the service_details structure a static const. Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
* samdb: Add remote address to connectGary Lockyer2018-05-101-1/+6
| | | | | Signed-off-by: Gary Lockyer <gary@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* Remove dead codeSimo Sorce2018-03-191-1/+0
| | | | | | | Signed-off-by: Simo Sorce <idra@samba.org> Autobuild-User(master): Simo Sorce <idra@samba.org> Autobuild-Date(master): Mon Mar 19 20:29:28 CET 2018 on sn-devel-144
* s4:smb_server: remove deprecated 'use spnego = no" handlingStefan Metzmacher2018-01-101-1/+0
| | | | | Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org>
* source4/smbd: refactor the process model for preforkGary Lockyer2017-10-193-6/+20
| | | | | | | | | | | | | | | | | | Refactor the process model code to allow the addition of a prefork process model. - Add a process context to contain process model specific state - Add a service details structure to allow service to indicate which process model options they can support. In the new code the services advertise the features they support to the process model. The process model context is plumbed through to allow the process model to keep track of the supported options, and any state the process model may require. Signed-off-by: Gary Lockyer <gary@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Garming Sam <garming@catalyst.net.nz>
* s4:smb_server: avoid using gensec_update_ev() for the negotiate blobStefan Metzmacher2017-05-212-2/+4
| | | | | | | | | Getting the SPNEGO mech type blob, we don't expect to block for any network io, so we can also use gensec_update() which creates a temporary event context. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* s4: Add TALLOC_CTX * to register_server_service().Jeremy Allison2017-05-111-1/+1
| | | | | | | | Use the passed in context from callers. Remove one talloc_autofree_context(). Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
* lib: modules: Change XXX_init interface from XXX_init(void) to ↵Jeremy Allison2017-04-221-1/+1
| | | | | | | | | | | | | | | | | | | | XXX_init(TALLOC_CTX *) Not currently used - no logic changes inside. This will make it possible to pass down a long-lived talloc context from the loading function for modules to use instead of having them internally all use talloc_autofree_context() which is a hidden global. Updated all known module interface numbers, and added a WHATSNEW. Signed-off-by: Jeremy Allison <jra@samba.org> Signed-off-by: Ralph Böhme <slow@samba.org> Autobuild-User(master): Jeremy Allison <jra@samba.org> Autobuild-Date(master): Sat Apr 22 01:17:00 CEST 2017 on sn-devel-144
* auth: Add hooks for notification of authentication events over the message busAndrew Bartlett2017-03-291-1/+3
| | | | | | | | This will allow tests to be written to confirm the correct events are triggered. We pass in a messaging context from the callers Signed-off-by: Andrew Bartlett <abartlet@samba.org>
* auth: Log the transport connection for the authorizationAndrew Bartlett2017-03-292-0/+3
| | | | | | | We also log if a simple bind was over TLS, as this particular case matters to a lot of folks Signed-off-by: Andrew Bartlett <abartlet@samba.org> Signed-off-by: Andrew Bartlett <abartlet@samba.org>
* s4-auth: Log SMB authorization for bare NTLM (NTLMSSP/krb5 already done)Andrew Bartlett2017-03-291-0/+32
| | | | | | | | gensec_session_info() is not called for bare NTLM, so we have to log manually Signed-off-by: Andrew Bartlett <abartlet@samba.org> Pair-Programmed-by: Gary Lockyer <gary@catalyst.net.nz> Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
* auth: Always supply both the remote and local address to the auth subsystemAndrew Bartlett2017-03-292-3/+89
| | | | | | | | | | | This ensures that gensec, and then the NTLM auth subsystem under it, always gets the remote and local address pointers for potential logging. The local address allows us to know which interface an authentication is on Signed-off-by: Andrew Bartlett <abartlet@samba.org> Pair-Programmed-by: Gary Lockyer <gary@catalyst.net.nz> Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
* auth: Fill in user_info->service_description from all callersAndrew Bartlett2017-03-291-0/+4
| | | | | | | | This will allow the logging code to make clear which protocol an authentication was for. Signed-off-by: Andrew Bartlett <abartlet@samba.org> Pair-Programmed-by: Gary Lockyer <gary@catalyst.net.nz> Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
* auth4: let auth_check_password* return pauthoritativeStefan Metzmacher2017-03-241-3/+6
| | | | | | | BUG: https://bugzilla.samba.org/show_bug.cgi?id=2976 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* lib: Add lib/util/server_id.hVolker Lendecke2017-01-221-0/+1
| | | | | Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org>
* pvfs_open win10 fix, need return SMB2_CREATE_TAG_QFIDouyang.xu2016-08-193-0/+7
| | | | | | | | | | Signed-off-by: kkhaike <kkhaike@gmail.com> Reviewed-by: Jeremy Allison <jra@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Uri Simchoni <uri@samba.org> Autobuild-User(master): Uri Simchoni <uri@samba.org> Autobuild-Date(master): Fri Aug 19 09:35:15 CEST 2016 on sn-devel-144
* build: Build less of Samba when building --without-ntvfs-fileserverAndrew Bartlett2016-06-022-2/+4
| | | | | | | | | We would build, but not use, many components of the NTVFS file server even when we asked not to. They would then consume disk, but not be of any use Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Garming Sam <garming@catalyst.net.nz>
* CVE-2016-2115: s3:libsmb: add signing constant SMB_SIGNING_IPC_DEFAULTRalph Boehme2016-04-121-0/+1
| | | | | | | | | | SMB_SIGNING_IPC_DEFAULT must be used from s3 client code when opening RPC connections. BUG: https://bugzilla.samba.org/show_bug.cgi?id=11756 Signed-off-by: Ralph Boehme <slow@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
* CVE-2016-2114: s4:smb2_server: fix session setup with required signingStefan Metzmacher2016-04-121-8/+0
| | | | | | | | | The client can't sign the session setup request... BUG: https://bugzilla.samba.org/show_bug.cgi?id=11687 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Günther Deschner <gd@samba.org>
* CVE-2016-2111: s4:smb_server: implement "raw NTLMv2 auth" checksStefan Metzmacher2016-04-121-0/+10
| | | | | | | BUG: https://bugzilla.samba.org/show_bug.cgi?id=11749 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Günther Deschner <gd@samba.org>
* s4-smb_server: check for return code of cli_credentials_set_machine_account().Günther Deschner2016-03-172-4/+8
| | | | | | | | | | We keep anonymous server_credentials structure in order to let the rpc.spoolss.notify start it's test server. Pair-Programmed-With: Stefan Metzmacher <metze@samba.org> Signed-off-by: Günther Deschner <gd@samba.org> Signed-off-by: Stefan Metzmacher <metze@samba.org>
* dlist: remove unneeded type argument from DLIST_ADD_END()Michael Adam2016-02-062-2/+2
| | | | | Signed-off-by: Michael Adam <obnox@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* build: Enable NTVFS file server to be omittedAndrew Bartlett2015-10-233-4/+4
| | | | | | | | | | | | | | We now only build it by default with --enable-sefltest, or otherwise if requested. The NTVFS file server still has features not present in the smbd file server, such as a CIFS/SMB proxy, and a radically different design, but it is also not undergoing any ongoing development so this keeps it in a safe state for care and maintaince, with less of a security risk if such an issue were to come up. Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* Introduce setting "desired" for 'smb encrypt' and 'client/server signing'Michael Adam2015-07-071-0/+1
| | | | | | | | | | | This should trigger the behaviour where the server requires signing when the client supports it, but does not reject clients that don't support it. BUG: https://bugzilla.samba.org/show_bug.cgi?id=11372 Signed-off-by: Michael Adam <obnox@samba.org> Reviewed-by: Guenther Deschner <gd@samba.org>
* lib: Remove server_id_str()Volker Lendecke2015-04-281-5/+5
| | | | | | | | | | Call server_id_str_buf instead Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> Autobuild-User(master): Jeremy Allison <jra@samba.org> Autobuild-Date(master): Tue Apr 28 20:48:01 CEST 2015 on sn-devel-104
* Rename SMB2_OP_FIND to SMB2_OP_QUERY_DIRECTORY so that it conforms with the ↵Richard Sharpe2015-03-271-1/+1
| | | | | | | | | | MS document MS-SMB2. Signed-off-by: Richard Sharpe <rsharpe@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> Autobuild-User(master): Jeremy Allison <jra@samba.org> Autobuild-Date(master): Fri Mar 27 01:24:47 CET 2015 on sn-devel-104
* s4/ntvfs: support FS_SECTOR_SIZE_INFORMATION query-infoDavid Disseldorp2015-03-181-0/+20
| | | | | | | Return the same values as used by s3fs. Signed-off-by: David Disseldorp <ddiss@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* s4:smb_server/smb2: remove unused _pad variablesStefan Metzmacher2014-11-253-12/+0
| | | | | Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* s4:smb_server/smb2: avoid unused warnings in smb2srv_setinfo_send()Stefan Metzmacher2014-11-251-1/+1
| | | | | | | op->req and req have the same value. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* lib: Move "large_file_support()" to the source4 smb serverVolker Lendecke2014-09-171-0/+21
| | | | | | | That's the only place where it's used, make it static there. Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* s4:smb_server/smb: fix invalid pointer type warnings in negprot.cStefan Metzmacher2014-04-021-3/+3
| | | | | Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
View Lorry Controller Status