summaryrefslogtreecommitdiffstats
path: root/source3/auth/auth_util.c
Commit message (Collapse)AuthorAgeFilesLines
...
* s3-auth use auth_user_info not netr_SamInfo3 in auth3_session_infoAndrew Bartlett2011-07-201-7/+20
| | | | | | | | | | | | This makes auth3_session_info identical to auth_session_info The logic to convert the info3 to a struct auth_user_info is essentially moved up the stack from the named pipe proxy in source3/rpc_server to create_local_token(). Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org>
* s3-auth reimplement copy_session_info via NDR pull/pushAndrew Bartlett2011-07-201-57/+23
| | | | | | | | This ensures we do not miss elements. Pattern copied from auth_netlogond. Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org>
* s3-auth Avoid redundant copies in create_local_token()Andrew Bartlett2011-07-201-20/+20
| | | | | | | | These values were not read before being overwritten again. Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org>
* s3-auth Add comments to copy_session_info_serverinfo_guest()Andrew Bartlett2011-07-201-2/+5
| | | | Signed-off-by: Andrew Tridgell <tridge@samba.org>
* s3-auth inline copy_serverinfo_session_info into only callerAndrew Bartlett2011-07-201-72/+56
| | | | Signed-off-by: Andrew Tridgell <tridge@samba.org>
* s3-auth use a cached auth_serversupplied_info in make_server_info_guest()Andrew Bartlett2011-07-201-11/+19
| | | | Signed-off-by: Andrew Tridgell <tridge@samba.org>
* s3-auth remove extra from auth3_session_infoAndrew Bartlett2011-07-201-4/+5
| | | | Signed-off-by: Andrew Tridgell <tridge@samba.org>
* s3-auth Clarify inputs and ouptuts by using elements from server_infoAndrew Bartlett2011-07-201-5/+5
| | | | | | | | | This allows us not the put all of these elements into the auth3_session_info if they are only used as inputs to these functions. Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org>
* s3-auth assert that security_token is present in the copy, and explain why ↵Andrew Bartlett2011-07-201-7/+16
| | | | | | nss_token can be skipped Signed-off-by: Andrew Tridgell <tridge@samba.org>
* s3-auth: Remove unused lm_session_key from auth3_session_infoAndrew Bartlett2011-07-201-10/+5
| | | | | | | | | | | | The long term authorization state needs only the final, negotiated session key, and not the original LM key that may possibly have been an input. The special case of the guest account simply needs both values filled back in with the zeros to avoid changing behaviour in the cached server_info. Signed-off-by: Andrew Tridgell <tridge@samba.org>
* s3-auth remove unused copy_serverinfoAndrew Bartlett2011-07-201-59/+0
| | | | Signed-off-by: Andrew Tridgell <tridge@samba.org>
* s3-auth Use system boolean in auth_user_info_unixAndrew Bartlett2011-07-201-6/+4
| | | | Signed-off-by: Andrew Tridgell <tridge@samba.org>
* s3-auth Use guest boolean in auth_user_info_unixAndrew Bartlett2011-07-201-7/+10
| | | | Signed-off-by: Andrew Tridgell <tridge@samba.org>
* s3-auth Use struct auth_user_info_unix for unix_name and sanitized_usernameAndrew Bartlett2011-07-201-18/+34
| | | | | | | | This is closer to the layout of struct auth_session_info in auth.idl Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org>
* s3-auth Use *unix_token rather than utok in struct auth3_session_infoAndrew Bartlett2011-07-201-33/+52
| | | | | | | | | | | | | | | | This brings this structure one step closer to the struct auth_session_info. A few SMB_ASSERT calls are added in some key places to ensure that this pointer is initialised, to make tracing any bugs here easier in future. NOTE: Many of the users of this structure should be reviewed, as unix and NT access checks are mixed in a way that should just be done using the NT ACL. This patch has not changed this behaviour however. Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org>
* s3-auth Use struct auth3_session_info outside the auth subsystemAndrew Bartlett2011-07-201-15/+22
| | | | | | | | | | | | | | | This seperation between the structure used inside the auth modules and in the wider codebase allows for a gradual migration from struct auth_serversupplied_info -> struct auth_session_info (from auth.idl) The idea here is that we keep a clear seperation between the structure before and after the local groups, local user lookup and the session key modifications have been processed, as the lack of this seperation has caused issues in the past. Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org>
* s3-auth Add struct auth3_session_info to aid transition to auth_session infoAndrew Bartlett2011-07-201-0/+180
| | | | | | | | | | | | | | | | | | | | | | | | | | | This will allow a gradual conversion of the required elements from the current struct auth_serversupplied_info. This commit adds the structure definition and some helper functions to copy between the two structures. At this stage these structures and functions are IDENTICAL to the existing code, and so show the past history of that code. The plan is to slowly modify them over the course of the patch series, so that the changes being made a clear. By using a seperate structure to auth_serversupplied_info we can remove elements that are not needed after the authentication, and we can choose a layout that best reflects the needs of runtime users, rather than the internals of the authentication subsystem. By eventually using the auth_session_info from auth.idl, we will gain a single session authorization structure across the whole codebase, allowing more code to be shared, and a much more transparent process for forwarding authorization credentials over the named pipe proxy. Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org>
* auth: Preserve guest flag on transition via netr_SamInfo3Andrew Bartlett2011-07-201-0/+2
| | | | Signed-off-by: Andrew Tridgell <tridge@samba.org>
* s3-auth Restore nss_token behaviour by reading from server_infoAndrew Bartlett2011-07-201-1/+1
| | | | | | | | | | The implementation of copy_serverinfo(), used to copy server_info into session_info never copied the nss_token variable, and so 17d8f0ad30847bb940f645ee1817d782ddaaee74 introduced this regression. Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org>
* Add my copyrightAndrew Bartlett2011-07-201-1/+1
| | | | Signed-off-by: Andrew Tridgell <tridge@samba.org>
* s3-auth: Pass the remote_address down to user_info.Andreas Schneider2011-07-041-4/+15
| | | | Signed-off-by: Andrew Bartlett <abartlet@samba.org>
* s3: Add debug level 0 warnings to make_new_server_info_guestVolker Lendecke2011-06-151-2/+6
| | | | | | | | I've got a backtrace where this must have failed, but it is not clear why. If this fails, we should really complain because we can't start up. Autobuild-User: Volker Lendecke <vlendec@samba.org> Autobuild-Date: Wed Jun 15 15:20:49 CEST 2011 on sn-devel-104
* s3: Fix the return of make_new_server_info_guestVolker Lendecke2011-06-151-1/+1
|
* s3-param Remove special case for global_myname(), rename to lp_netbios_name()Andrew Bartlett2011-06-091-2/+2
| | | | | | | | There is no reason this can't be a normal constant string in the loadparm system, now that we have lp_set_cmdline() to handle overrides correctly. Andrew Bartlett
* s3-talloc Change TALLOC_MEMDUP() to talloc_memdup()Andrew Bartlett2011-06-091-1/+1
| | | | | Using the standard macro makes it easier to move code into common, as TALLOC_MEMDUP isn't standard talloc.
* s3-talloc Change TALLOC_ARRAY() to talloc_array()Andrew Bartlett2011-06-091-1/+1
| | | | | Using the standard macro makes it easier to move code into common, as TALLOC_ARRAY isn't standard talloc.
* s3-auth: run minimal_includes.plGünther Deschner2011-05-051-1/+0
| | | | Guenther
* s3: Use wbcSidsToUnixIds in create_local_tokenVolker Lendecke2011-04-131-6/+20
| | | | Signed-off-by: Jeremy Allison <jra@samba.org>
* s3-auth: Make server_info const in create_local_token()Andrew Bartlett2011-04-061-4/+4
| | | | | | | | | | | Andreas Schneider <asn@samba.org> correctly points out that this input parameter should now be const, and that found a bug where I used then used it incorrectly as a talloc context. Andrew Bartlett Autobuild-User: Andrew Bartlett <abartlet@samba.org> Autobuild-Date: Wed Apr 6 00:33:31 CEST 2011 on sn-devel-104
* s3-auth Rename user_session_key -> session_key to match auth_session_infoAndrew Bartlett2011-04-051-11/+11
|
* s3-auth use create_local_token() to transform server_info -> session_infoAndrew Bartlett2011-04-051-62/+110
| | | | | | | | | | | | | | | | | | Before a auth_serversupplied_info struct can be used for authorization, the local groups and privileges must be calculated. create_local_token() now copies the server_info, and then sets the calulated token and unix groups. Soon, it will also transform the result into an expanded struct auth_session_info. Until then, the variable name (server_info vs session_info provides a clue to the developer about what information has been entered in the structure). By moving the calls to create_local_token within the codebase, we remove duplication, and ensure that the session key (where modified) is consistently copied into the new structure. Andrew Bartlett
* s3-auth: use auth.h where needed.Günther Deschner2011-03-301-0/+1
| | | | Guenther
* s3-passdb: use passdb headers where needed.Günther Deschner2011-03-301-0/+1
| | | | Guenther
* s3-winbind: remove global inclusion of libwbclient.Günther Deschner2011-03-301-0/+1
| | | | Guenther
* lib/util/util_pw: share more code between lib/util/util_pw.c and ↵Günther Deschner2011-03-301-0/+1
| | | | | | source3/lib/username.c Guenther
* s3: Fix Coverity ID 1018, CHECKED_RETURNVolker Lendecke2011-03-161-3/+5
|
* s3-auth Rename auth_serversupplied_info varaiables: server_info -> session_infoAndrew Bartlett2011-02-221-16/+16
| | | | | | | | | | | | | | | | | | | | | These variables, of type struct auth_serversupplied_info were poorly named when added into 2001, and in good consistant practice, this has extended all over the codebase in the years since. The structure is also not ideal for it's current purpose. Originally intended to convey the results of the authentication modules, it really describes all the essential attributes of a session. This rename will reduce the volume of a future patch to replaced these with a struct auth_session_info, with auth_serversupplied_info confined to the lower levels of the auth subsystem, and then eliminated. (The new structure will be the output of create_local_token(), and the change in struct definition will ensure that this is always run, populating local groups and privileges). Andrew Bartlett Signed-off-by: Stefan Metzmacher <metze@samba.org>
* s3: NO_SUCH_USER is a lot more likely than NO_MEMORYVolker Lendecke2011-02-201-1/+1
|
* s3: Convert init_system_info to NTSTATUSVolker Lendecke2011-02-201-4/+3
|
* s3-auth Fix memory leak in security=share and force user =Andrew Bartlett2011-02-161-1/+1
| | | | | | | | | | In these cases, the server_info was not stolen onto a long term memory context, and so remained on the NULL context where it was created. Andrew Bartlett Autobuild-User: Andrew Bartlett <abartlet@samba.org> Autobuild-Date: Wed Feb 16 01:08:19 CET 2011 on sn-devel-104
* s3-auth Remove unused pam_handleAndrew Bartlett2011-02-101-1/+0
| | | | Signed-off-by: Andrew Tridgell <tridge@samba.org>
* s3-auth Rename cryptic 'ptok' to security_tokenAndrew Bartlett2011-02-101-18/+18
| | | | | | | | | This will allow the auth_serversupplied_info struct to be migrated to auth_session_info easier. Adnrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org>
* Remove fstring from map_username. Create a more sane interface than the ↵Jeremy Allison2010-11-101-28/+59
| | | | | | called-parameter-is-modified. Jeremy.
* Make getpwnam_alloc() static to lib/username.c, and ensure all username ↵Jeremy Allison2010-10-201-2/+2
| | | | | | | | | | | | lookups go through Get_Pwnam_alloc(), which is the correct wrapper function. We were using it *some* of the time anyway, so this just makes us properly consistent. Jeremy. Autobuild-User: Jeremy Allison <jra@samba.org> Autobuild-Date: Wed Oct 20 16:02:12 UTC 2010 on sn-devel-104
* s3-auth Use security_token_debug() from common codeAndrew Bartlett2010-10-141-1/+1
| | | | | | | | | This prints the security token including the privileges as strings instead of just a bitmap. Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org>
* libcli/security Provide a common, top level libcli/security/security.hAndrew Bartlett2010-10-121-1/+1
| | | | | | | | | | | | | | This will reduce the noise from merges of the rest of the libcli/security code, without this commit changing what code is actually used. This includes (along with other security headers) dom_sid.h and security_token.h Andrew Bartlett Autobuild-User: Andrew Bartlett <abartlet@samba.org> Autobuild-Date: Tue Oct 12 05:54:10 UTC 2010 on sn-devel-104
* s3-auth_util: make sure the system server info actually contains S-1-5-18.Günther Deschner2010-09-281-0/+9
| | | | | | | | | Without this, all security descriptor checks for the winreg spoolss backend fail and make our spoolss system in its current shape basically unusable. Andreas, please check. Guenther
* s3: Fix a memleak in make_new_server_info_system()Volker Lendecke2010-09-261-0/+1
|
* s3: Remove talloc_autofree_context() from init_system_info()Volker Lendecke2010-09-261-1/+2
|
* s3-util: use shared dom_sid_dup.Günther Deschner2010-09-201-1/+2
| | | | Guenther
generated by cgit (git 2.34.1) at 2025-09-27 12:52:21 +0000