summaryrefslogtreecommitdiffstats
path: root/source3/auth
Commit message (Collapse)AuthorAgeFilesLines
* s3: Use wbcSidsToUnixIds in create_local_tokenVolker Lendecke2011-04-131-6/+20
| | | | Signed-off-by: Jeremy Allison <jra@samba.org>
* s3-auth: Make server_info const in create_local_token()Andrew Bartlett2011-04-062-5/+5
| | | | | | | | | | | Andreas Schneider <asn@samba.org> correctly points out that this input parameter should now be const, and that found a bug where I used then used it incorrectly as a talloc context. Andrew Bartlett Autobuild-User: Andrew Bartlett <abartlet@samba.org> Autobuild-Date: Wed Apr 6 00:33:31 CEST 2011 on sn-devel-104
* s3-auth Rename user_session_key -> session_key to match auth_session_infoAndrew Bartlett2011-04-054-27/+27
|
* s3-auth use create_local_token() to transform server_info -> session_infoAndrew Bartlett2011-04-054-116/+152
| | | | | | | | | | | | | | | | | | Before a auth_serversupplied_info struct can be used for authorization, the local groups and privileges must be calculated. create_local_token() now copies the server_info, and then sets the calulated token and unix groups. Soon, it will also transform the result into an expanded struct auth_session_info. Until then, the variable name (server_info vs session_info provides a clue to the developer about what information has been entered in the structure). By moving the calls to create_local_token within the codebase, we remove duplication, and ensure that the session key (where modified) is consistently copied into the new structure. Andrew Bartlett
* s3-auth consolidate create_local_token() into make_server_info_krb5()Andrew Bartlett2011-04-042-3/+13
| | | | | | | This ensures that all callers don't need to each add builtin groups and privileges to the user's token Andrew Bartlett
* s3: try to fix the build on some non-linux buildfarm machines.Günther Deschner2011-03-301-0/+1
| | | | | | | Guenther Autobuild-User: Günther Deschner <gd@samba.org> Autobuild-Date: Wed Mar 30 11:39:31 CEST 2011 on sn-devel-104
* s3: only include lib/privileges.h where needed.Günther Deschner2011-03-301-0/+1
| | | | | | This finally removes the global lsa.h inclusion. Guenther
* s3-prototyes: user_in_netgroup and user_in_list moved to auth, out of smbd.Günther Deschner2011-03-301-0/+2
| | | | Guenther
* s3-auth: use auth.h where needed.Günther Deschner2011-03-3022-0/+22
| | | | Guenther
* s3-auth: move auth prototypes to auth/proto.h.Günther Deschner2011-03-301-0/+266
| | | | Guenther
* s3: auth also needs parts of smbd.Günther Deschner2011-03-302-0/+2
| | | | Guenther
* s3-passdb: use passdb headers where needed.Günther Deschner2011-03-304-0/+4
| | | | Guenther
* s3-passdb: add passdb.h where needed.Günther Deschner2011-03-303-0/+3
| | | | Guenther
* s3: create_builtin_users/administrators belongs to passdb not auth.Günther Deschner2011-03-301-130/+0
| | | | Guenther
* s3-includes: only include system/filesys.h when needed.Günther Deschner2011-03-301-0/+1
| | | | Guenther
* s3-includes: only include system/passwd.h when needed.Günther Deschner2011-03-302-0/+2
| | | | Guenther
* s3-winbind: remove global inclusion of libwbclient.Günther Deschner2011-03-306-0/+6
| | | | Guenther
* lib/util/util_pw: share more code between lib/util/util_pw.c and ↵Günther Deschner2011-03-301-0/+1
| | | | | | source3/lib/username.c Guenther
* lib/util/util_pw: share sys_get{pw,gr} group of calls.Günther Deschner2011-03-301-0/+1
| | | | Guenther
* s3: Fix Coverity ID 2188: MISSING_BREAKVolker Lendecke2011-03-271-0/+2
| | | | | Autobuild-User: Volker Lendecke <vlendec@samba.org> Autobuild-Date: Sun Mar 27 23:11:10 CEST 2011 on sn-devel-104
* s3: Fix Coverity ID 2189: MISSING_BREAKVolker Lendecke2011-03-271-1/+3
|
* s3: Fix a (invalid) uninitialized variable warningVolker Lendecke2011-03-231-1/+1
| | | | | Autobuild-User: Volker Lendecke <vlendec@samba.org> Autobuild-Date: Wed Mar 23 11:13:14 CET 2011 on sn-devel-104
* s3: Fix Coverity ID 1018, CHECKED_RETURNVolker Lendecke2011-03-161-3/+5
|
* Quite some callers of sid_split_rid do not care about the ridVolker Lendecke2011-03-101-3/+1
|
* s3: Fix a memory leak in check_sam_security_info3Volker Lendecke2011-03-051-10/+12
| | | | | | | | | | | | | | | | | | | | | Abartlet, this commit makes check_sam_security_info3 use talloc_tos() and also cleans up the temporary talloc stackframe. The old code created a temporary talloc context off "mem_ctx" but failed to clean up the tmp_ctx in all but one return paths. talloc_stackframe()/talloc_tos() is designed as a defense against exactly this error: Even if we failed to free the frame when returning from the routine, it would be cleaned up very soon, in our main event loop. Please check this patch! Thanks, Volker Autobuild-User: Volker Lendecke <vlendec@samba.org> Autobuild-Date: Sat Mar 5 14:08:37 CET 2011 on sn-devel-104
* s3-rpc_client: Move client pipe functions to own header.Andreas Schneider2011-02-282-0/+2
|
* s3-waf: move some parts of auth to AUTH_COMMON to avoid duplicate symbols ↵Günther Deschner2011-02-231-7/+13
| | | | | | | | | with winbindd. Guenther Autobuild-User: Günther Deschner <gd@samba.org> Autobuild-Date: Wed Feb 23 02:16:23 CET 2011 on sn-devel-104
* s3-includes: move some chgpasswd related defines to the locations where they ↵Günther Deschner2011-02-221-0/+6
| | | | | | are used. Guenther
* s3:auth: change num_groups to from size_t to uint32_tStefan Metzmacher2011-02-222-5/+5
| | | | | | This will help with the change from UNIX_USER_TOKEN to security_unix_token metze
* s3-auth Rename auth_serversupplied_info varaiables: server_info -> session_infoAndrew Bartlett2011-02-222-21/+21
| | | | | | | | | | | | | | | | | | | | | These variables, of type struct auth_serversupplied_info were poorly named when added into 2001, and in good consistant practice, this has extended all over the codebase in the years since. The structure is also not ideal for it's current purpose. Originally intended to convey the results of the authentication modules, it really describes all the essential attributes of a session. This rename will reduce the volume of a future patch to replaced these with a struct auth_session_info, with auth_serversupplied_info confined to the lower levels of the auth subsystem, and then eliminated. (The new structure will be the output of create_local_token(), and the change in struct definition will ensure that this is always run, populating local groups and privileges). Andrew Bartlett Signed-off-by: Stefan Metzmacher <metze@samba.org>
* s3: NO_SUCH_USER is a lot more likely than NO_MEMORYVolker Lendecke2011-02-201-1/+1
|
* s3: Convert init_system_info to NTSTATUSVolker Lendecke2011-02-201-4/+3
|
* s3-waf: use SAMBA3_*() build rules in source3/buildAndrew Tridgell2011-02-181-11/+11
| | | | | | | | | | this brings the s3 waf build much closer to the proposed s3build top level build, using the same bld.SAMBA3_*() rules There are a few renames of subsystems in here, with a 3 suffix where it would create a conflict. Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
* s3-auth Fix memory leak in security=share and force user =Andrew Bartlett2011-02-161-1/+1
| | | | | | | | | | In these cases, the server_info was not stolen onto a long term memory context, and so remained on the NULL context where it was created. Andrew Bartlett Autobuild-User: Andrew Bartlett <abartlet@samba.org> Autobuild-Date: Wed Feb 16 01:08:19 CET 2011 on sn-devel-104
* s3-auth Remove unused pam_handleAndrew Bartlett2011-02-101-1/+0
| | | | Signed-off-by: Andrew Tridgell <tridge@samba.org>
* s3-auth Rename cryptic 'ptok' to security_tokenAndrew Bartlett2011-02-101-18/+18
| | | | | | | | | This will allow the auth_serversupplied_info struct to be migrated to auth_session_info easier. Adnrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org>
* pam: share pam errors in a common location.Günther Deschner2011-02-081-0/+1
| | | | Guenther
* s3: Use the right credentials in check_netlogond_securityVolker Lendecke2011-02-061-1/+1
| | | | | Autobuild-User: Volker Lendecke <vlendec@samba.org> Autobuild-Date: Sun Feb 6 20:43:03 CET 2011 on sn-devel-104
* s3: Fix auth_netlogond to cope with netlogon_creds_CredentialStateVolker Lendecke2011-02-061-20/+69
| | | | | Autobuild-User: Volker Lendecke <vlendec@samba.org> Autobuild-Date: Sun Feb 6 17:30:48 CET 2011 on sn-devel-104
* s3: Fetch the machinepw via ldapi in pdb_adsVolker Lendecke2011-02-061-41/+112
|
* s3-winbindd: let winbind try to use samlogon validation level 6. (bug #7945)Günther Deschner2011-02-042-0/+2
| | | | | | | | | | | | | The benefit of this that it makes us more robust to secure channel resets triggered from tools outside the winbind process. Long term we need to have a shared tdb secure channel store though as well. Guenther Signed-off-by: Stefan Metzmacher <metze@samba.org> Autobuild-User: Stefan Metzmacher <metze@samba.org> Autobuild-Date: Fri Feb 4 18:11:04 CET 2011 on sn-devel-104
* s3-auth: add copy_netr_SamBaseInfo().Günther Deschner2011-02-041-56/+6
| | | | | | Guenther Signed-off-by: Stefan Metzmacher <metze@samba.org>
* s3: Make sure we call wbcAuthenticateUserEx correctlyVolker Lendecke2011-01-172-8/+29
| | | | | | | | | | | | There are cases where we fill in params.password.response.lm_data with non-NULL where params.password.response.lm_length is 0. wbcAuthenticateUserEx does not like that. I haven't been able to reproduce this with smbclient yet, I've seen it with a proprietary smb client implementation. Autobuild-User: Volker Lendecke <vlendec@samba.org> Autobuild-Date: Mon Jan 17 16:30:11 CET 2011 on sn-devel-104
* s3: Avoid a few calls to cli_errstrVolker Lendecke2011-01-171-3/+3
| | | | | Autobuild-User: Volker Lendecke <vlendec@samba.org> Autobuild-Date: Mon Jan 17 08:47:25 CET 2011 on sn-devel-104
* s3: Remove unused "retry" from cli_full_connectionVolker Lendecke2010-12-201-1/+1
|
* s3: Always retry the DC connection in auth_domainVolker Lendecke2010-12-201-8/+4
| | | | | | | | | | | | The only condition that cli_full_connection marks as non-retryable is the basic name lookup and TCP connect. To me this is pretty fishy. For example if the negprot fails, this is supposed to be more retryable than a NetBIOS name lookup failure? I'd rather think the opposite is true. Jeremy, this is code from 2002, 389a16d9d533. If you have any comments from back then, let me know :-) Volker
* s3: Fix bug 7066 -- wbcAuthenticateEx gives unix timesVolker Lendecke2010-12-191-3/+5
| | | | | We might eventually want to change this, but right now we get unix times out of the winbind pipe struct
* s3-waf: avoid module name uppercasing.Günther Deschner2010-12-011-18/+18
| | | | | | | | | | This finally allows mixed case module names like the classic build (./configure --shared_modules=charset_CP850) Guenther Autobuild-User: Günther Deschner <gd@samba.org> Autobuild-Date: Wed Dec 1 18:39:14 CET 2010 on sn-devel-104
* s3-waf: convert TOKEN_UTIL into a subsystem.Günther Deschner2010-11-301-2/+6
| | | | Guenther
* Fix memleak I accidently introduced when reading from tdb.Jeremy Allison2010-11-101-0/+1
| | | | | Autobuild-User: Jeremy Allison <jra@samba.org> Autobuild-Date: Wed Nov 10 01:56:21 UTC 2010 on sn-devel-104
generated by cgit (git 2.34.1) at 2024-10-10 19:19:31 +0000