summaryrefslogtreecommitdiffstats
path: root/source/smbd/uid.c
Commit message (Collapse)AuthorAgeFilesLines
* Wrap the unix token info in a unix_user_token in auth_serversupplied_infoVolker Lendecke2008-06-191-13/+14
| | | | No functional change, this is a preparation for more current_user ref removal
* Move connection-specific vuid cache clear to uid.cVolker Lendecke2008-06-141-0/+22
|
* Slight refactoring for check_user_ok: It only needs vuid and server_infoVolker Lendecke2008-06-141-20/+18
|
* Group the access checks together in check_user_ok()Volker Lendecke2008-06-141-6/+8
|
* Consistently use snum in check_user_okVolker Lendecke2008-06-141-2/+2
| | | | | Most already used it, these two still used SNUM(conn), where the only caller of this routine (change_to_user) had set snum = SNUM(conn).
* Compare the pointer "vuser" to NULL, not 0Volker Lendecke2008-06-141-1/+1
|
* Remove the reference to current_user_info from share_access.cVolker Lendecke2008-05-251-2/+7
| | | | This required to pass around the domain a bit
* With force user, we have the same base token for all vuidsVolker Lendecke2008-05-111-1/+9
|
* Remove the unix token info from connection_structVolker Lendecke2008-05-101-8/+8
|
* Replace nt_user_token with server_info in connection_structVolker Lendecke2008-05-101-30/+28
|
* Empty some nonempty blank linesVolker Lendecke2008-05-101-18/+18
|
* Make use of talloc_tos() in change_to_user()Volker Lendecke2008-05-101-1/+1
|
* Next try at making the vuid cache circularVolker Lendecke2008-05-101-7/+7
| | | | Jeremy, please check!
* Remove some unused codeVolker Lendecke2008-05-061-23/+0
|
* Remove "userdom_struct user" from "struct user_struct"Volker Lendecke2008-05-051-4/+7
|
* Remove the unix token info from "struct user_struct"Volker Lendecke2008-05-051-5/+5
|
* Remove "nt_user_token" from "struct user_struct"Volker Lendecke2008-05-051-7/+7
|
* Revert "Fix allocation of conn->vuid_cache entries"Volker Lendecke2008-05-051-3/+3
| | | | | | This reverts commit 50c891d3dfb75c9f607f7ad2a578aa3ba5d91988. There's more to this code -- sorry for the spam
* Fix allocation of conn->vuid_cache entriesVolker Lendecke2008-05-051-3/+3
| | | | | | | With the old code, if more than VUID_CACHE_SIZE elements were used all new entries ended up in slot 0. With this checkin we do cycle. Jeremy, please revert if the old behaviour was intentional
* Some simplificationsVolker Lendecke2008-03-171-2/+3
|
* Coverity fixesMarc VanHeyningen2008-03-171-1/+6
|
* RIP BOOL. Convert BOOL -> bool. I found a few interestingJeremy Allison2007-10-181-10/+10
| | | | | | | bugs in various places whilst doing this (places that assumed BOOL == int). I also need to fix the Samba4 pidl generation (next checkin). Jeremy.
* r23784: use the GPLv3 boilerplate as recommended by the FSF and the license textAndrew Tridgell2007-10-101-2/+1
|
* r23779: Change from v2 or later to v3 or later.Jeremy Allison2007-10-101-1/+1
| | | | Jeremy.
* r22978: Don't use current_user to prep the security ctx in change_to_userGerald Carter2007-10-101-7/+15
| | | | | | since any SID/uid/gid translation calls will reset the struct when popping the security ctx. This should fix the standalone server configuration issues reported by David Rankin (thanks for the logs).
* r17295: Back out the become_root_uid_only change on the POSIXJeremy Allison2007-10-101-1/+0
| | | | | | | | acls code. I'm pretty sure this was safe, but become_root() does other things to the token stack that become_root_uid_only() does not, and as we're going into a vfs redirectred function I decided it wasn't safe for now. Jeremy.
* r17096: Simplify share_access_check a bit: It takes the sharename instead of ↵Volker Lendecke2007-10-101-2/+7
| | | | | | | | | the snum, and the decision which token to use (conn or vuser) does not really belong here, it is better done in the two places where this is called. Volker
* r16945: Sync trunk -> 3.0 for 3.0.24 code. Still needJeremy Allison2007-10-101-2/+2
| | | | | | | to do the upper layer directories but this is what everyone is waiting for.... Jeremy.
* r13571: Replace all calls to talloc_free() with thye TALLOC_FREE()Gerald Carter2007-10-101-2/+2
| | | | macro which sets the freed pointer to NULL.
* r13316: Let the carnage begin....Gerald Carter2007-10-101-91/+40
| | | | Sync with trunk as off r13315
* r13293: Rather a big patch I'm afraid, but this should fix bug #3347Jeremy Allison2007-10-101-15/+15
| | | | | | | | by saving the UNIX token used to set a delete on close flag, and using it when doing the delete. libsmbsharemodes.so still needs updating to cope with this change. Samba4 torture tests to follow. Jeremy.
* r12916: use rpcstr_pull() instead of unistr_to_ascii() when validating share ↵Gerald Carter2007-10-101-1/+1
| | | | names
* r12312: Reformatting and a trivial change: is_share_read_only_for_user only usesVolker Lendecke2007-10-101-14/+22
| | | | | | conn->service, so there's no point in passing down the whole conn struct. Volker
* r6385: Convert checking of egid and secondary egid list intoJeremy Allison2007-10-101-0/+23
| | | | | | iterator functions so it can be used easily in a for loop. Drops duplicated code from posix_acls.c Jeremy.
* r2016: Add message to ease access-control-debugging.Günther Deschner2007-10-101-0/+1
| | | | Guenther
* r1375: When setting writable=yes in smb.conf and only allow read access in theVolker Lendecke2007-10-101-0/+7
| | | | | | | | | | | | | | security descriptor, allow read access. The code failed in this case. Jeremy, could you please cross-check this? The way I understood your code it could only work if smb.conf and secdesc said the same. This made the use of srvmgr a bit difficult.... What was your intention on how to use the share_info.tdb? The current code might check the secdesc twice, but I don't see any decent way around it that does not completely clutter the code. Volker
* r762: Fix for #1319 when security > share.Jeremy Allison2007-10-101-2/+8
| | | | Jeremy.
* Fixup the 'multiple-vuids' bugs.Jeremy Allison2004-02-131-12/+76
| | | | Jeremy.
* nsswitch/winbindd_util.c:Andrew Bartlett2004-02-081-11/+0
| | | | | | | | | add static smbd/uid.c: remove unused function Andrew Bartlett
* Samba hasn't used this function for ages - it's now handled deep in theAndrew Bartlett2004-02-081-69/+0
| | | | | | auth subsystem. Andrew Bartlett
* Fix bug 327 (again and I think for the last time). Make sure thatGerald Carter2003-08-271-463/+0
| | | | | | | | pam_smbpass.so will load ok. Had to move some functions around to work around dependency problems (hence the new passdb/lookup_sid.c) Also make sure that libsmbclient.a is built and installed when we support shared libraries.
* Spelling.Tim Potter2003-08-061-1/+1
|
* fix sid_to_[uid|gid] (spotted by Volker).Gerald Carter2003-07-111-87/+37
| | | | | Still testing this, but I'm checking it in so Volker can test it as well. Should be right.
* Large set of changes to add UNIX account/group managementGerald Carter2003-07-091-6/+17
| | | | to winbindd. See README.idmap-and-winbind-changes for details.
* Get rid of DISP_USER_INFO/DISP_GROUP_INFO as they serve no usefulJeremy Allison2003-07-091-0/+4
| | | | | | | purpose. Replace with an array of SAM_ACCOUNT/DOMAIN_GRP entries. ZERO struct's in smbd/uid.c stops core dumps when sid_to_XX functions fail. Getting ready to add caching. Jeremy.
* Ensure we correctly test for errors in uid/gid_to sid.Jeremy Allison2003-07-091-15/+14
| | | | Jeremy.
* Fixed a couple of const issues with the new code.Jeremy Allison2003-07-071-1/+1
| | | | Jeremy.
* and so it begins....Gerald Carter2003-07-071-0/+408
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * remove idmap_XX_to_XX calls from smbd. Move back to the the winbind_XXX and local_XXX calls used in 2.2 * all uid/gid allocation must involve winbindd now * move flags field around in winbindd_request struct * add WBFLAG_QUERY_ONLY option to winbindd_sid_to_[ug]id() to prevent automatic allocation for unknown SIDs * add 'winbind trusted domains only' parameter to force a domain member server to use matching users names from /etc/passwd for its domain (needed for domain member of a Samba domain) * rename 'idmap only' to 'enable rid algorithm' for better clarity (defaults to "yes") code has been tested on * domain member of native mode 2k domain * ads domain member of native mode 2k domain * domain member of NT4 domain * domain member of Samba domain * Samba PDC running winbindd with trusts Logons tested using 2k clients and smbclient as domain users and trusted users. Tested both 'winbind trusted domains only = [yes|no]' This will be a long week of changes. The next item on the list is winbindd_passdb.c & machine trust accounts not in /etc/passwd (done via winbindd_passdb)
* And finally IDMAP in 3_0Simo Sorce2003-05-121-418/+1
| | | | | | | | | | | | | | | | | | | | We really need idmap_ldap to have a good solution with ldapsam, porting it from the prvious code is beeing made, the code is really simple to do so I am confident it is not a problem to commit this code in. Not committing it would have been worst. I really would have been able to finish also the group code, maybe we can put it into a followin release after 3.0.0 even if it may be an upgrade problem. The code has been tested and seem to work right, more testing is needed for corner cases. Currently winbind pdc (working only for users and not for groups) is disabled as I was not able to make a complete group code replacement that works somewhat in a week (I have a complete patch, but there are bugs) Simo.
* pdb_ldap may require ROOT privilages to access the group mapping. (yes, it's ↵Andrew Bartlett2003-03-271-0/+2
| | | | | | ugly :-) Andrew Bartlett
generated by cgit (git 2.34.1) at 2025-08-29 15:10:56 +0000