1
0
mirror of https://github.com/samba-team/samba.git synced 2024-12-24 21:34:56 +03:00
Commit Graph

74449 Commits

Author SHA1 Message Date
Andrew Bartlett
128ae06a61 s3-auth use auth_user_info not netr_SamInfo3 in auth3_session_info
This makes auth3_session_info identical to auth_session_info

The logic to convert the info3 to a struct auth_user_info is
essentially moved up the stack from the named pipe proxy in
source3/rpc_server to create_local_token().

Andrew Bartlett

Signed-off-by: Andrew Tridgell <tridge@samba.org>
2011-07-20 09:17:13 +10:00
Andrew Bartlett
8d72e612ac s3-rpc_server read and write the unix_token and unix_info across named_pipe_auth
This ensures that the exact same token is used on both sides of the
pipe, when a full token is passed (ie, source3 to source3, but not yet
source4 to to source3 as the unix info isn't calculated there yet).

If we do not have unix_token, we fall back to the old behaviour and go
via create_local_token().  (However, in this case the security_token
is now overwritten, as it is better to have it match the rest of the
session_info create_local_token() builds).

Andrew Bartlett

Signed-off-by: Andrew Tridgell <tridge@samba.org>
2011-07-20 09:17:13 +10:00
Andrew Bartlett
594597eb65 s3-auth reimplement copy_session_info via NDR pull/push
This ensures we do not miss elements.  Pattern copied from auth_netlogond.

Andrew Bartlett

Signed-off-by: Andrew Tridgell <tridge@samba.org>
2011-07-20 09:17:13 +10:00
Andrew Bartlett
92f28e7fe9 auth: use char * pointers in auth.idl
We need to use this, and not utf8string because we need to
transport NULL pointers correctly.

Andrew Bartlett

Signed-off-by: Andrew Tridgell <tridge@samba.org>
2011-07-20 09:17:13 +10:00
Andrew Bartlett
9d96b78f31 s3-auth Remove pointless destructor
All the users of this structure allocate info3 on the session_info

Andrew Bartlett

Signed-off-by: Andrew Tridgell <tridge@samba.org>
2011-07-20 09:17:13 +10:00
Andrew Bartlett
7b273df175 s3-auth import auth3_session_info into IDL
Signed-off-by: Andrew Tridgell <tridge@samba.org>
2011-07-20 09:17:12 +10:00
Andrew Bartlett
86f2a197df s3-auth Avoid redundant copies in create_local_token()
These values were not read before being overwritten again.

Andrew Bartlett

Signed-off-by: Andrew Tridgell <tridge@samba.org>
2011-07-20 09:17:12 +10:00
Andrew Bartlett
4363b71f62 s3-auth Add comments to copy_session_info_serverinfo_guest()
Signed-off-by: Andrew Tridgell <tridge@samba.org>
2011-07-20 09:17:12 +10:00
Andrew Bartlett
74815e08d9 s3-auth inline copy_serverinfo_session_info into only caller
Signed-off-by: Andrew Tridgell <tridge@samba.org>
2011-07-20 09:17:12 +10:00
Andrew Bartlett
140435f399 s3-auth use a cached auth_serversupplied_info in make_server_info_guest()
Signed-off-by: Andrew Tridgell <tridge@samba.org>
2011-07-20 09:17:12 +10:00
Andrew Bartlett
fc19c699a9 s3-auth remove extra from auth3_session_info
Signed-off-by: Andrew Tridgell <tridge@samba.org>
2011-07-20 09:17:12 +10:00
Andrew Bartlett
894fc14a2e s3-auth Clarify inputs and ouptuts by using elements from server_info
This allows us not the put all of these elements into the auth3_session_info
if they are only used as inputs to these functions.

Andrew Bartlett

Signed-off-by: Andrew Tridgell <tridge@samba.org>
2011-07-20 09:17:12 +10:00
Andrew Bartlett
d22ff66afa s3-auth assert that security_token is present in the copy, and explain why nss_token can be skipped
Signed-off-by: Andrew Tridgell <tridge@samba.org>
2011-07-20 09:17:11 +10:00
Andrew Bartlett
ba53498c66 s3-auth Remove unused nss_token variable
Signed-off-by: Andrew Tridgell <tridge@samba.org>
2011-07-20 09:17:11 +10:00
Andrew Bartlett
eea444f465 s3-auth: Remove unused lm_session_key from auth3_session_info
The long term authorization state needs only the final, negotiated
session key, and not the original LM key that may possibly have been
an input.

The special case of the guest account simply needs both values filled
back in with the zeros to avoid changing behaviour in the cached
server_info.

Signed-off-by: Andrew Tridgell <tridge@samba.org>
2011-07-20 09:17:11 +10:00
Andrew Bartlett
058f5e60c5 s3-auth remove unused copy_serverinfo
Signed-off-by: Andrew Tridgell <tridge@samba.org>
2011-07-20 09:17:11 +10:00
Andrew Bartlett
ec5f1b78af s3-auth Use system boolean in auth_user_info_unix
Signed-off-by: Andrew Tridgell <tridge@samba.org>
2011-07-20 09:17:11 +10:00
Andrew Bartlett
e2049e77e4 s3-auth Use guest boolean in auth_user_info_unix
Signed-off-by: Andrew Tridgell <tridge@samba.org>
2011-07-20 09:17:11 +10:00
Andrew Bartlett
bf1dba03b2 auth: Put 'guest' and 'system' booleans into auth_user_info_unix
This will allow a transformation of auth3_session_info into
auth_session_info by substitution.

Andrew Bartlett

Signed-off-by: Andrew Tridgell <tridge@samba.org>
2011-07-20 09:17:11 +10:00
Andrew Bartlett
9289537993 s3-auth Use struct auth_user_info_unix for unix_name and sanitized_username
This is closer to the layout of struct auth_session_info in auth.idl

Andrew Bartlett

Signed-off-by: Andrew Tridgell <tridge@samba.org>
2011-07-20 09:17:11 +10:00
Andrew Bartlett
a39187f0f5 auth: include auth.idl structures into common_auth.h
Signed-off-by: Andrew Tridgell <tridge@samba.org>
2011-07-20 09:17:10 +10:00
Andrew Bartlett
6d741e918f s3-auth Use *unix_token rather than utok in struct auth3_session_info
This brings this structure one step closer to the struct auth_session_info.

A few SMB_ASSERT calls are added in some key places to ensure that
this pointer is initialised, to make tracing any bugs here easier in
future.

NOTE: Many of the users of this structure should be reviewed, as unix
and NT access checks are mixed in a way that should just be done using
the NT ACL.  This patch has not changed this behaviour however.

Andrew Bartlett

Signed-off-by: Andrew Tridgell <tridge@samba.org>
2011-07-20 09:17:10 +10:00
Andrew Bartlett
f16d8f4eb8 s3-auth Use struct auth3_session_info outside the auth subsystem
This seperation between the structure used inside the auth modules and
in the wider codebase allows for a gradual migration from struct
auth_serversupplied_info -> struct auth_session_info (from auth.idl)

The idea here is that we keep a clear seperation between the structure
before and after the local groups, local user lookup and the session
key modifications have been processed, as the lack of this seperation
has caused issues in the past.

Andrew Bartlett

Signed-off-by: Andrew Tridgell <tridge@samba.org>
2011-07-20 09:17:10 +10:00
Andrew Bartlett
d7d8a5ed94 s3-auth Add struct auth3_session_info to aid transition to auth_session info
This will allow a gradual conversion of the required elements from the
current struct auth_serversupplied_info.

This commit adds the structure definition and some helper functions to
copy between the two structures.

At this stage these structures and functions are IDENTICAL to the
existing code, and so show the past history of that code.  The plan is
to slowly modify them over the course of the patch series, so that the
changes being made a clear.

By using a seperate structure to auth_serversupplied_info we can
remove elements that are not needed after the authentication, and we
can choose a layout that best reflects the needs of runtime users,
rather than the internals of the authentication subsystem.

By eventually using the auth_session_info from auth.idl, we will gain
a single session authorization structure across the whole codebase,
allowing more code to be shared, and a much more transparent process
for forwarding authorization credentials over the named pipe proxy.

Andrew Bartlett

Signed-off-by: Andrew Tridgell <tridge@samba.org>
2011-07-20 09:17:10 +10:00
Andrew Bartlett
e244319599 s3-auth Add const to indicate input elements
Signed-off-by: Andrew Tridgell <tridge@samba.org>
2011-07-20 09:17:10 +10:00
Andrew Bartlett
fa18267042 auth: Preserve guest flag on transition via netr_SamInfo3
Signed-off-by: Andrew Tridgell <tridge@samba.org>
2011-07-20 09:17:10 +10:00
Andrew Bartlett
f47662f363 s3-auth Restore nss_token behaviour by reading from server_info
The implementation of copy_serverinfo(), used to copy server_info into
session_info never copied the nss_token variable, and so
17d8f0ad30 introduced this regression.

Andrew Bartlett

Signed-off-by: Andrew Tridgell <tridge@samba.org>
2011-07-20 09:17:10 +10:00
Andrew Bartlett
55ad1da888 Add my copyright
Signed-off-by: Andrew Tridgell <tridge@samba.org>
2011-07-20 09:17:09 +10:00
Andrew Bartlett
d9c3cb1fb6 s4-param Handle P_CHAR and P_BOOLREV in pyparam
Signed-off-by: Andrew Tridgell <tridge@samba.org>
2011-07-20 09:17:09 +10:00
Andrew Bartlett
485898458a debug: log early messages to stdout, and keep it open
The --log-stdout option was compromised by the log file descriptors being
closed once the file process forked.

Andrew Bartlett

Signed-off-by: Andrew Tridgell <tridge@samba.org>
2011-07-20 09:17:09 +10:00
Andrew Bartlett
3c9d01e3e5 lib/util Change debug priority order: DEBUG_STDOUT now overrides DEBUG_FILE
Signed-off-by: Andrew Tridgell <tridge@samba.org>
2011-07-20 09:17:09 +10:00
Jeremy Allison
93dcfdea38 Second part of fix for bug 8310 - toupper_ascii() is broken on big-endian systems.
Re-add:
	smb_ucs2_t toupper_w(smb_ucs2_t v);

and ensure it is called whenever we are operating on smb_ucs2_t
variables. I'd like to make the definition of smb_ucs2_t incompatible
with int and codepoint_t so they can't be mixed, but that's a patch
for another time.

Autobuild-User: Jeremy Allison <jra@samba.org>
Autobuild-Date: Tue Jul 19 23:48:05 CEST 2011 on sn-devel-104
2011-07-19 23:48:05 +02:00
Jeremy Allison
ee34c25c8a First part of fix for bug 8310 - toupper_ascii() is broken on big-endian systems
Remove
int toupper_ascii(int c);
int tolower_ascii(int c);
int isupper_ascii(int c);
int islower_ascii(int c);

and replace with their _m equivalents, as they are identical.
2011-07-19 13:19:29 -07:00
Björn Baumbach
2052c2d6fa s3-libsmb: remove unused cli_lock()
Replaced with cli_lock32()

Signed-off-by: Stefan Metzmacher <metze@samba.org>

Autobuild-User: Stefan Metzmacher <metze@samba.org>
Autobuild-Date: Tue Jul 19 00:43:03 CEST 2011 on sn-devel-104
2011-07-19 00:43:03 +02:00
Björn Baumbach
d29f8491bd s3-torture: run_locktest5(): replace cli_lock() with cli_lock32()
Signed-off-by: Stefan Metzmacher <metze@samba.org>
2011-07-18 23:27:55 +02:00
Björn Baumbach
8f7b7d7aa2 s3-torture: run_locktest4(): replace cli_lock() with cli_lock32()
Signed-off-by: Stefan Metzmacher <metze@samba.org>
2011-07-18 23:27:54 +02:00
Björn Baumbach
69ed3a780e s3-torture: run_oplock2(): replace cli_lock() with cli_lock32()
Signed-off-by: Stefan Metzmacher <metze@samba.org>
2011-07-18 23:27:54 +02:00
Björn Baumbach
4dbdaa6608 s3-torture: run_locktest9(): replace cli_lock() with cli_lock32()
Signed-off-by: Stefan Metzmacher <metze@samba.org>
2011-07-18 23:27:53 +02:00
Björn Baumbach
ae92edc46b s3-torture: run_locktest8(): replace cli_lock() with cli_lock32()
Signed-off-by: Stefan Metzmacher <metze@samba.org>
2011-07-18 23:27:53 +02:00
Björn Baumbach
a5d5308073 s3-torture: run_locktest7(): replace cli_lock() with cli_lock32()
Signed-off-by: Stefan Metzmacher <metze@samba.org>
2011-07-18 23:27:53 +02:00
Björn Baumbach
b0faf0bd26 s3-torture: run_locktest3(): replace cli_lock() with cli_lock32()
Signed-off-by: Stefan Metzmacher <metze@samba.org>
2011-07-18 23:27:52 +02:00
Andreas Schneider
df09511cf2 s3-rpc_server: Fixed segfaults in rpc daemons.
Autobuild-User: Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date: Mon Jul 18 14:01:02 CEST 2011 on sn-devel-104
2011-07-18 14:01:02 +02:00
Jeremy Allison
73bfd16bd5 Fix bug #8307 - brl_close_fnum does not call SMB_VFS_BRL_UNLOCK_WINDOWS on all locks
Reported by herb@samba.org. Remove the (premature) optimization
on file close.

Autobuild-User: Jeremy Allison <jra@samba.org>
Autobuild-Date: Sat Jul 16 02:32:02 CEST 2011 on sn-devel-104
2011-07-16 02:32:02 +02:00
Günther Deschner
e898ad3ffe s4-lsa: prepare dcesrv_lsa_CreateTrustedDomain_base() to deal with unencrypted auth info.
Guenther

Autobuild-User: Günther Deschner <gd@samba.org>
Autobuild-Date: Fri Jul 15 19:57:48 CEST 2011 on sn-devel-104
2011-07-15 19:57:48 +02:00
Günther Deschner
7f52cd3b35 s4-smbtorture: add very basic tests for lsa_CreateTrustedDomainEx.
Guenther
2011-07-15 17:56:41 +02:00
Günther Deschner
ee1f25dc2a lsa: lsa_CreateTrustedDomainEx takes lsa_TrustDomainInfoAuthInfo, not
lsa_TrustDomainInfoAuthInfoInternal.

Guenther
2011-07-15 17:56:39 +02:00
Günther Deschner
3af3e4843f lsa: rename auth info argument in lsa_CreateTrustedDomainEx2
Guenther
2011-07-15 17:55:20 +02:00
Stefan Metzmacher
7acc1a7a2f s4:kdc: set *_strongest_*_key to true to restore the old behavior
TODO: check why this is needed.

metze

Autobuild-User: Stefan Metzmacher <metze@samba.org>
Autobuild-Date: Fri Jul 15 12:26:25 CEST 2011 on sn-devel-104
2011-07-15 12:26:25 +02:00
Stefan Metzmacher
e0541ed98d s4:auth/credentials: with the build after heimdal import
metze
2011-07-15 11:15:05 +02:00
Stefan Metzmacher
dcf197fc8c s4:heimdal_build: define HAVE_KRB5_PDU_NONE_DECL
metze
2011-07-15 11:15:05 +02:00