1
0
mirror of https://github.com/samba-team/samba.git synced 2024-12-27 03:21:53 +03:00
Commit Graph

379 Commits

Author SHA1 Message Date
Stefan Metzmacher
02d9ba6ee1 s3:smbd: change user_struct->vuid to uint64_t
Only sconn->smb1.sessions.next_vuid remains as uint16_t,
so that we do not generate larger values yet.

metze

Autobuild-User: Stefan Metzmacher <metze@samba.org>
Autobuild-Date: Wed Jun  6 12:07:33 CEST 2012 on sn-devel-104
2012-06-06 12:07:33 +02:00
Stefan Metzmacher
f52e5738a2 s3:smbd: use 'struct user_struct' instead of typedef'ed 'user_struct'
metze
2012-06-06 10:18:39 +02:00
Volker Lendecke
6742aa1fb6 s3: Fix a segfault with debug level 3 on Solaris
printf can not deal with NULL strings
2012-04-12 21:49:32 +02:00
Stefan Metzmacher
6ce72a01ab s3:smbd: keep 'num_users' and 'users' directly under smbd_server_connection
The plan is to have users_struct as some kind of low level
abstraction for a smb1/smb2 session, that can be used by SMB_VFS modules.

metze
2012-03-06 21:26:05 +01:00
Andrew Bartlett
d7bb961859 s3-auth: Remove security=share (depricated since 3.6).
This patch removes security=share, which Samba implemented by matching
the per-share password provided by the client in the Tree Connect with
a selection of usernames supplied by the client, the smb.conf or
guessed from the environment.

The rationale for the removal is that for the bulk of security=share
users, we just we need a very simple way to run a 'trust the network'
Samba server, where users mark shares as guest ok.  This is still
supported, and the smb.conf options are documented at
https://wiki.samba.org/index.php/Public_Samba_Server

At the same time, this closes the door on one of the most arcane areas
of Samba authentication.

Naturally, full user-name/password authentication remain available in
security=user and above.

This includes documentation updates for username and only user, which
now only do a small amount of what they used to do.

Andrew Bartlett

                       --------------
                      /              \
                     /      REST      \
                    /        IN        \
                   /       PEACE        \
                  /                      \
                  |      SEC_SHARE       |
                  |    security=share    |
                  |                      |
                  |                      |
                  |       5 March        |
                  |                      |
                  |        2012          |
                 *|     *  *  *          | *
        _________)/\\_//(\/(/\)/\//\/\///|_)_______
2012-03-04 23:33:05 +01:00
Andrew Bartlett
3042e38d51 s3-auth use gensec directly rather than via auth_generic_state
This is possible because the s3 gensec modules are started as
normal gensec modules, so we do not need a wrapper any more.

Andrew Bartlett

Signed-off-by: Stefan Metzmacher <metze@samba.org>
2012-01-05 17:17:28 +01:00
Andrew Bartlett
9a45bf3952 s3-auth set session_info->sanitized_username in create_local_token()
Rather than passing this value around the callers, and eventually
setting it in register_existing_vuid(), we simply pass it to
create_local_token().  This also removes the need for
auth_ntlmssp_get_username().

Andrew Bartlett

Signed-off-by: Andrew Tridgell <tridge@samba.org>
2011-08-03 18:48:04 +10:00
Andrew Bartlett
6622821063 s3-auth Remove seperate guest boolean
Instead, we base our guest calculations on the presence or absense of the
authenticated users group in the token, ensuring that we have only
one canonical source of this important piece of authorization data

Andrew Bartlett

Signed-off-by: Andrew Tridgell <tridge@samba.org>
2011-07-20 09:17:14 +10:00
Andrew Bartlett
9fcc617ff5 s3-auth Use the common auth_session_info
This patch finally has the same structure being used to describe the
authorization data of a user across the whole codebase.

This will allow of our session handling to be accomplished with common code.

Andrew Bartlett

Signed-off-by: Andrew Tridgell <tridge@samba.org>
2011-07-20 09:17:13 +10:00
Andrew Bartlett
128ae06a61 s3-auth use auth_user_info not netr_SamInfo3 in auth3_session_info
This makes auth3_session_info identical to auth_session_info

The logic to convert the info3 to a struct auth_user_info is
essentially moved up the stack from the named pipe proxy in
source3/rpc_server to create_local_token().

Andrew Bartlett

Signed-off-by: Andrew Tridgell <tridge@samba.org>
2011-07-20 09:17:13 +10:00
Andrew Bartlett
e2049e77e4 s3-auth Use guest boolean in auth_user_info_unix
Signed-off-by: Andrew Tridgell <tridge@samba.org>
2011-07-20 09:17:11 +10:00
Andrew Bartlett
9289537993 s3-auth Use struct auth_user_info_unix for unix_name and sanitized_username
This is closer to the layout of struct auth_session_info in auth.idl

Andrew Bartlett

Signed-off-by: Andrew Tridgell <tridge@samba.org>
2011-07-20 09:17:11 +10:00
Andrew Bartlett
6d741e918f s3-auth Use *unix_token rather than utok in struct auth3_session_info
This brings this structure one step closer to the struct auth_session_info.

A few SMB_ASSERT calls are added in some key places to ensure that
this pointer is initialised, to make tracing any bugs here easier in
future.

NOTE: Many of the users of this structure should be reviewed, as unix
and NT access checks are mixed in a way that should just be done using
the NT ACL.  This patch has not changed this behaviour however.

Andrew Bartlett

Signed-off-by: Andrew Tridgell <tridge@samba.org>
2011-07-20 09:17:10 +10:00
Andrew Bartlett
f16d8f4eb8 s3-auth Use struct auth3_session_info outside the auth subsystem
This seperation between the structure used inside the auth modules and
in the wider codebase allows for a gradual migration from struct
auth_serversupplied_info -> struct auth_session_info (from auth.idl)

The idea here is that we keep a clear seperation between the structure
before and after the local groups, local user lookup and the session
key modifications have been processed, as the lack of this seperation
has caused issues in the past.

Andrew Bartlett

Signed-off-by: Andrew Tridgell <tridge@samba.org>
2011-07-20 09:17:10 +10:00
Andreas Schneider
7e46a84bb7 s3-auth: Pass the remote_address down to user_info.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
2011-07-04 18:28:02 +10:00
Andrew Tridgell
2fc8ad8887 s3-auth: fixed bug with usernames longer than sizeof(char *)
using sizeof(user) when user is "fstring user" as a C parameter
actually returns sizeof(char *), which means that long usernames
aren't allowed.

Jeremy, you need a longer username :-)

Cheers, Tridge

Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2011-05-06 14:49:47 +10:00
Jeremy Allison
8380835fc6 Fix warning messages caused by addition of null check in fstrcpy macro. 2011-05-04 12:12:15 -07:00
Jeremy Allison
18582016d9 Fix off-by-one when used with safe_strcpy. 2011-05-04 12:12:14 -07:00
Andrew Bartlett
ff9b6682a0 s3-auth Rename user_session_key -> session_key to match auth_session_info 2011-04-05 06:32:07 +10:00
Günther Deschner
af300a9fcb s3-auth: smbd needs auth.h
Guenther
2011-03-30 01:13:09 +02:00
Günther Deschner
8c24ebf371 s3: include smbd/smbd.h where needed.
Guenther
2011-03-30 01:13:08 +02:00
Günther Deschner
49fcf653b1 s3-includes: only include system/passwd.h when needed.
Guenther
2011-03-30 01:13:07 +02:00
Andrew Bartlett
2e69e89456 s3-auth Rename auth_serversupplied_info varaiables: server_info -> session_info
These variables, of type struct auth_serversupplied_info were poorly
named when added into 2001, and in good consistant practice, this has
extended all over the codebase in the years since.

The structure is also not ideal for it's current purpose.  Originally
intended to convey the results of the authentication modules, it
really describes all the essential attributes of a session.  This
rename will reduce the volume of a future patch to replaced these with
a struct auth_session_info, with auth_serversupplied_info confined to
the lower levels of the auth subsystem, and then eliminated.

(The new structure will be the output of create_local_token(), and the
change in struct definition will ensure that this is always run, populating
local groups and privileges).

Andrew Bartlett

Signed-off-by: Stefan Metzmacher <metze@samba.org>
2011-02-22 16:20:10 +11:00
Andrew Bartlett
2b05ba77b4 s3-auth Rename cryptic 'ptok' to security_token
This will allow the auth_serversupplied_info struct to be migrated
to auth_session_info easier.

Adnrew Bartlett

Signed-off-by: Andrew Tridgell <tridge@samba.org>
2011-02-10 06:51:06 +01:00
Jeremy Allison
9997ee813b Remove fstring from map_username. Create a more sane interface than the called-parameter-is-modified.
Jeremy.
2010-11-10 01:14:17 +00:00
Jeremy Allison
e1cfca1e2e Make getpwnam_alloc() static to lib/username.c, and ensure all username lookups go
through Get_Pwnam_alloc(), which is the correct wrapper function. We were using
it *some* of the time anyway, so this just makes us properly consistent.

Jeremy.

Autobuild-User: Jeremy Allison <jra@samba.org>
Autobuild-Date: Wed Oct 20 16:02:12 UTC 2010 on sn-devel-104
2010-10-20 16:02:12 +00:00
Volker Lendecke
26ff858934 s3: Remove smbd_server_fd() from session_claim 2010-08-17 22:52:03 +02:00
Günther Deschner
0f8e032628 s3-netlogon: remove global include of netlogon.h.
This reduces precompiled headers by another 4 MB and also slightly speeds up the
build.

Guenther
2010-08-06 15:46:16 +02:00
Simo Sorce
c09dcb903c s3-auth: Use talloc hierarchies to properly free auth_ntlmssp_state contexts
Turn auth_ntlmssp_end into a destructor and attach it to auth_ntlmssp_state.
Remote auth_ntlmssp_end and use TALLOC_FREE in the callers.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
2010-07-19 14:20:04 +10:00
Volker Lendecke
13441a9e18 s3: Remove procid_self() from session_claim() 2010-07-05 11:06:25 +02:00
Kai Blin
7a1c24705d s3-waf: Work around missing *netgrent prototypes on OSX 10.4 2010-06-17 08:09:49 +02:00
Volker Lendecke
29f716971a s3: Remove smbd_server_conn from register_existing_vuid 2010-06-12 15:42:53 +02:00
Jeremy Allison
d28fa8faab Rename "allow_smb2" -> "using_smb2" and make the usage clearer. 2010-06-09 19:12:02 -07:00
Andreas Schneider
9097bdddd0 s3-auth: Moved smbd user functions to a generic place.
Reviewed-by: Simo Sorce <idra@samba.org>
2010-06-04 12:12:37 -04:00
Simo Sorce
6a25668e55 s3:smbd user_ok doesn't need sconn anymore
Signed-off-by: Andreas Schneider <asn@samba.org>
2010-05-31 18:21:29 +02:00
Simo Sorce
94bf9ce48a s3:smbd user_in_list() doesn't need sconn anymore
Signed-off-by: Andreas Schneider <asn@samba.org>
2010-05-31 18:21:29 +02:00
Simo Sorce
7747dd82f7 s3:smbd user_in_network() doesn't need sconn anymore
Signed-off-by: Andreas Schneider <asn@samba.org>
2010-05-31 18:21:29 +02:00
Simo Sorce
b32b59d47f s3:smbd make yp cache local.
The my_yp_domain variable is just a static cache needed to avoid
making over and over expensive and potentially blocking calls to
yp_get_default_domain().
Instead of keeping this onto the smbd_server_connection struct, just
keep it local to the only function ever using this variable.

This disentagle this function (and a number of calling functions)
from having to pass around smbd_server_connection and thus having
to link against smbd. It also removes a few ifdefs.

Nothing changes from a global/local pov, as the smbd_server_connection
variable passed around is also a global one.

Signed-off-by: Andreas Schneider <asn@samba.org>
2010-05-31 18:21:29 +02:00
Simo Sorce
d9cffc01be s3:auth use info3 in auth_serversupplied_info
Signed-off-by: Günther Deschner <gd@samba.org>
2010-05-28 00:55:53 +02:00
Jeremy Allison
285b628327 Plumb in krb5 to the SMB2 sessionsetup code. First cut of this code.
Jeremy.
2010-05-17 18:22:19 -07:00
Volker Lendecke
081573091b s3: Remove the typedef for "auth_serversupplied_info" 2010-01-10 20:56:16 +01:00
Matthias Dieter Wallnöfer
fb1eb11267 s3:smbd/password - move list pointers into blocks 2009-09-25 10:59:13 +02:00
Stefan Metzmacher
d30b1c9fa9 s3:smbd: correctly invalidate vuids when SMB2 is used
metze
2009-08-12 13:27:58 +02:00
Björn Jacke
99c7ee3c91 s3: make d9c0d58236 better readble and reduce indentation 2009-07-14 17:55:50 +02:00
Björn Jacke
d9c0d58236 s3: don't make same innetgr check twice 2009-07-14 17:42:05 +02:00
Stefan Metzmacher
c862018008 s3:smbd: move tcon specific globals to struct smbd_server_connection
metze
2009-06-03 17:54:38 +02:00
Stefan Metzmacher
75d03970b7 s3:smbd: move more session specific globals to struct smbd_server_connection
metze
2009-06-03 17:54:37 +02:00
Stefan Metzmacher
e16e7146b3 s3:smbd: move negprot related globals to struct smbd_server_connection
metze
2009-06-03 17:54:37 +02:00
Stefan Metzmacher
c16c90a1cb s3:smbd: use new simplified snb_signing code in the server
We keep the seqnum/mid mapping in the smb_request structure.

This also moves one global variable into the
smbd_server_connection struct.

metze
2009-03-23 12:21:13 +01:00
Volker Lendecke
55dfad40af "userdom_struct" does not need "full_name" anymore -- unused 2009-01-20 23:10:16 +01:00