summaryrefslogtreecommitdiffstats
path: root/source3/auth/server_info.c
Commit message (Collapse)AuthorAgeFilesLines
* auth: Move wbcAuthUserInfo_to_netr_SamInfo3 to the top levelAndrew Bartlett2014-04-181-190/+0
| | | | | | | | | This allows auth_winbind in source4 to use this more correct conversion routine. Andrew Bartlett Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* s3-auth: Make is_null_sid() check easier to read.Simo Sorce2014-03-131-2/+3
| | | | | | Signed-off-by: Simo Sorce <idra@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org> Reviewed-by: Guenther Deschner <gd@samba.org>
* s3-auth: Add passwd_to_SamInfo3().Andreas Schneider2014-02-051-2/+20
| | | | | | | | | | | | | | | | | | Correctly lookup users which come from smb.conf. passwd_to_SamInfo3() tries to contact winbind if the user is a domain user to get valid information about it. If winbind isn't running it will try to create everything from the passwd struct. This is not always reliable but works in most cases. It improves the current situation which doesn't talk to winbind at all. BUG: https://bugzilla.samba.org/show_bug.cgi?id=8598 Pair-Programmed-With: Guenther Deschner <gd@samba.org> Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Autobuild-User(master): Andrew Bartlett <abartlet@samba.org> Autobuild-Date(master): Wed Feb 5 01:40:38 CET 2014 on sn-devel-104
* s3-auth: Add passwd_to_SamInfo3().Andreas Schneider2014-02-051-0/+116
| | | | | | | | | | | | | First this function tries to contacts winbind if the user is a domain user to get valid information about it. If winbind isn't running it will try to create everything from the passwd struct. This is not always reliable but works in most cases. It improves the current situation which doesn't talk to winbind at all. Pair-Programmed-With: Guenther Deschner <gd@samba.org> Signed-off-by: Guenther Deschner <gd@samba.org> Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* s3:auth: wbcAuthenticateEx gives unix times (bug #9625)Stefan Metzmacher2013-02-011-3/+3
| | | | | | | | | | | | | | | We also need to convert last_logon, last_logoff and acct_expiry from unix time to nt time. Otherwise a windows member server will reject clients using CAP_DYNAMIC_REAUTH or smb2) with STATUS_NETWORK_SESSION_EXPIRED, if the logoff and kickoff time is expired. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Michael Adam <obnox@samba.org> Autobuild-User(master): Stefan Metzmacher <metze@samba.org> Autobuild-Date(master): Fri Feb 1 18:42:42 CET 2013 on sn-devel-104
* s3-auth: remove crypto from serverinfo_to_SamInfoX calls.Günther Deschner2012-12-091-22/+0
| | | | | | | | | All crypto is dealt with within the netlogon samlogon server now. Guenther Signed-off-by: Günther Deschner <gd@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
* s3-auth: session keys in validation level 6 samlogon replies are *not* ↵Günther Deschner2012-12-091-8/+0
| | | | | | | | | encrypted. Guenther Signed-off-by: Günther Deschner <gd@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
* s3:auth/server_info: the primary rid should be in the groups rid array (bug ↵Alejandro Escanero Blanco2012-05-091-5/+0
| | | | | | | | | #8798) Signed-off-by: Stefan Metzmacher <metze@samba.org> Autobuild-User: Stefan Metzmacher <metze@samba.org> Autobuild-Date: Wed May 9 19:36:01 CEST 2012 on sn-devel-104
* s3:auth: fill the sids array of the info3 in ↵Stefan Metzmacher2012-02-021-0/+53
| | | | | | | | | | | | | wbcAuthUserInfo_to_netr_SamInfo3() (bug #8739) Originally, only the rid array was filled and foreign domain sids were omitted. Pair-Programmed-With: Michael Adam <obnox@samba.org> metze Autobuild-User: Stefan Metzmacher <metze@samba.org> Autobuild-Date: Thu Feb 2 12:59:32 CET 2012 on sn-devel-104
* s3:auth: fix potential gap creation in wbcsids_to_samr_RidWithAttributeArray()Stefan Metzmacher2012-02-021-4/+5
| | | | | | Pair-Programmed-With: Michael Adam <obnox@samba.org> metze
* idl: Improve MS-PAC IDLSimo Sorce2011-10-241-10/+10
| | | | | | | | | | Change some misleading variable names to reflect the actual function. Add missing field name/types previously marked as unkown. Signed-off-by: Günther Deschner <gd@samba.org> Autobuild-User: Günther Deschner <gd@samba.org> Autobuild-Date: Mon Oct 24 19:19:28 CEST 2011 on sn-devel-104
* Fix uninitialized memory problem in group_sids_to_info3 (fixes bug #8455).Wilco Baan Hofman2011-10-171-2/+2
| | | | | Autobuild-User: Jeremy Allison <jra@samba.org> Autobuild-Date: Mon Oct 17 23:32:58 CEST 2011 on sn-devel-104
* s3: Fix bug 8455 -- Samba PDC is looking up only primary user groupVolker Lendecke2011-09-171-7/+7
| | | | | | | | | group_sids_to_info3 does a sid_peek_check_rid on the domain sid before adding the rids to the array. If the domain sid is 0x0, then the check will always fail. Autobuild-User: Volker Lendecke <vlendec@samba.org> Autobuild-Date: Sat Sep 17 00:51:27 CEST 2011 on sn-devel-104
* s3-auth Remove pointless destructor in make_server_infoAndrew Bartlett2011-07-201-10/+0
| | | | | | | | | | | | | | All the callers allocate ->info3 as a talloc child already. As regardes the TALLOC_ZERO(), I added this originally out of parinoia many years ago. We do not consistantly zero session keys in memory, and for NTLMv2 and Kerberos they are random for each sesssion, so breaking into smbd far enough to read an old session key isn't a particularly interesting attack, compared with (say) reading the keytab or the password database. (NTLM and LM session keys are fixed derivitives of the passwords however). Andrew Bartlett
* s3-auth inline make_auth_session_info into only callerAndrew Bartlett2011-07-201-23/+0
|
* s3-auth Use the common auth_session_infoAndrew Bartlett2011-07-201-3/+3
| | | | | | | | | | | This patch finally has the same structure being used to describe the authorization data of a user across the whole codebase. This will allow of our session handling to be accomplished with common code. Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org>
* s3-auth Remove pointless destructorAndrew Bartlett2011-07-201-10/+0
| | | | | | | | All the users of this structure allocate info3 on the session_info Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org>
* s3-auth Use *unix_token rather than utok in struct auth3_session_infoAndrew Bartlett2011-07-201-5/+4
| | | | | | | | | | | | | | | | This brings this structure one step closer to the struct auth_session_info. A few SMB_ASSERT calls are added in some key places to ensure that this pointer is initialised, to make tracing any bugs here easier in future. NOTE: Many of the users of this structure should be reviewed, as unix and NT access checks are mixed in a way that should just be done using the NT ACL. This patch has not changed this behaviour however. Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org>
* s3-auth Add struct auth3_session_info to aid transition to auth_session infoAndrew Bartlett2011-07-201-0/+34
| | | | | | | | | | | | | | | | | | | | | | | | | | | This will allow a gradual conversion of the required elements from the current struct auth_serversupplied_info. This commit adds the structure definition and some helper functions to copy between the two structures. At this stage these structures and functions are IDENTICAL to the existing code, and so show the past history of that code. The plan is to slowly modify them over the course of the patch series, so that the changes being made a clear. By using a seperate structure to auth_serversupplied_info we can remove elements that are not needed after the authentication, and we can choose a layout that best reflects the needs of runtime users, rather than the internals of the authentication subsystem. By eventually using the auth_session_info from auth.idl, we will gain a single session authorization structure across the whole codebase, allowing more code to be shared, and a much more transparent process for forwarding authorization credentials over the named pipe proxy. Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org>
* s3-talloc Change TALLOC_ZERO_P() to talloc_zero()Andrew Bartlett2011-06-091-1/+1
| | | | | Using the standard macro makes it easier to move code into common, as TALLOC_ZERO_P isn't standard talloc.
* s3-auth Rename user_session_key -> session_key to match auth_session_infoAndrew Bartlett2011-04-051-9/+9
|
* s3-auth: use auth.h where needed.Günther Deschner2011-03-301-0/+1
| | | | Guenther
* s3-passdb: add passdb.h where needed.Günther Deschner2011-03-301-0/+1
| | | | Guenther
* s3-winbind: remove global inclusion of libwbclient.Günther Deschner2011-03-301-0/+1
| | | | Guenther
* s3:auth: change num_groups to from size_t to uint32_tStefan Metzmacher2011-02-221-1/+1
| | | | | | This will help with the change from UNIX_USER_TOKEN to security_unix_token metze
* s3-auth: add copy_netr_SamBaseInfo().Günther Deschner2011-02-041-56/+6
| | | | | | Guenther Signed-off-by: Stefan Metzmacher <metze@samba.org>
* s3: Fix bug 7066 -- wbcAuthenticateEx gives unix timesVolker Lendecke2010-12-191-3/+5
| | | | | We might eventually want to change this, but right now we get unix times out of the winbind pipe struct
* s3: Make proper use of sid_check_is_in_xx routinesVolker Lendecke2010-11-051-2/+2
| | | | | Autobuild-User: Volker Lendecke <vlendec@samba.org> Autobuild-Date: Fri Nov 5 15:35:59 UTC 2010 on sn-devel-104
* s3: Fix a typoVolker Lendecke2010-11-051-1/+1
|
* s3-rpc_server: Make auth_serversupplied_info const.Andreas Schneider2010-10-151-1/+1
|
* libcli/security Provide a common, top level libcli/security/security.hAndrew Bartlett2010-10-121-1/+1
| | | | | | | | | | | | | | This will reduce the noise from merges of the rest of the libcli/security code, without this commit changing what code is actually used. This includes (along with other security headers) dom_sid.h and security_token.h Andrew Bartlett Autobuild-User: Andrew Bartlett <abartlet@samba.org> Autobuild-Date: Tue Oct 12 05:54:10 UTC 2010 on sn-devel-104
* s3-util: use shared dom_sid_dup.Günther Deschner2010-09-201-5/+5
| | | | Guenther
* s3-util_sid: use shared dom_sid_compare_auth and dom_sid_equal_X functions.Günther Deschner2010-09-201-2/+3
| | | | Guenther
* s3-netlogon: remove global include of netlogon.h.Günther Deschner2010-08-061-0/+1
| | | | | | | This reduces precompiled headers by another 4 MB and also slightly speeds up the build. Guenther
* s3: Fix a typo (missing space)Volker Lendecke2010-07-241-1/+1
|
* s3: In copy_netr_SamInfo3 copy all of the sids arrayVolker Lendecke2010-06-251-0/+3
|
* s3-auth: Fix valgrind warning (unitialized var) in samu_to_SamInfo3().Günther Deschner2010-06-111-5/+7
| | | | | | | | Guenther s3:auth do not fail if there are 0 group sids Signed-off-by: Günther Deschner <gd@samba.org>
* s3:auth fix samu->info3 conversionSimo Sorce2010-06-111-0/+3
| | | | Some pdb_get_ functions where missing because of previous mis-patching
* s3:auth handle unix domain sids in samuSimo Sorce2010-06-071-34/+124
| | | | | | | | When we generate a user out of thin air we may end up adding sids that are not part of the sam domain (unix domain sids). Handle the case and preserve these sids as extra sids. Signed-off-by: Andrew Bartlett <abartlet@samba.org>
* s3:auth fix info3 duplication functionSimo Sorce2010-05-291-3/+8
|
* s3-auth: fix c++ buildwarnings.Günther Deschner2010-05-281-2/+2
| | | | Guenther
* Fix Out of memory checksSimo Sorce2010-05-271-37/+59
| | | | | Günther pushed an older version of the patch "s3:auth add function to copy a netr_SamInfo3 structure" that was missing these fixes.
* s3:auth add function to convert wbcAuthUserInfo to netr_SamInfo3Simo Sorce2010-05-281-0/+135
| | | | Signed-off-by: Günther Deschner <gd@samba.org>
* s3:auth use info3 in auth_serversupplied_infoSimo Sorce2010-05-281-202/+75
| | | | Signed-off-by: Günther Deschner <gd@samba.org>
* s3:auth add function to copy a netr_SamInfo3 structureSimo Sorce2010-05-281-0/+61
| | | | Signed-off-by: Günther Deschner <gd@samba.org>
* s3:auth: add function to convert samu to netr_SamInfo3Simo Sorce2010-05-281-0/+166
| | | | Signed-off-by: Günther Deschner <gd@samba.org>
* s3:dom_sid Global replace of DOM_SID with struct dom_sidAndrew Bartlett2010-05-211-5/+5
| | | | | | | | | | This matches the structure that new code is being written to, and removes one more of the old-style named structures, and the need to know that is is just an alias for struct dom_sid. Andrew Bartlett Signed-off-by: Günther Deschner <gd@samba.org>
* s3-crypto: only include crypto headers when crypto is done.Günther Deschner2010-05-181-0/+1
| | | | Guenther
* s3/s4:netlogon IDL - fix up "struct netr_SamInfo6" regarding the "forest" ↵Matthias Dieter Wallnöfer2010-04-121-3/+3
| | | | | | | attribute According to MS-NRPC 2.2.1.4.13 this should be the DNS domainname, not the forest one.
* s3: Move serverinfo_to_SamInfoX to auth/server_info.cVolker Lendecke2010-04-111-0/+287
|
generated by cgit (git 2.34.1) at 2024-06-23 13:01:50 +0000