1
0
mirror of https://github.com/samba-team/samba.git synced 2024-12-23 17:34:34 +03:00
Commit Graph

925 Commits

Author SHA1 Message Date
Günther Deschner
2f36ef7225 s3-passdb: add passdb.h where needed.
Guenther
2011-03-30 01:13:07 +02:00
Günther Deschner
03e6082e3c s3: create_builtin_users/administrators belongs to passdb not auth.
Guenther
2011-03-30 01:13:07 +02:00
Günther Deschner
0e771263ee s3-includes: only include system/filesys.h when needed.
Guenther
2011-03-30 01:13:07 +02:00
Günther Deschner
49fcf653b1 s3-includes: only include system/passwd.h when needed.
Guenther
2011-03-30 01:13:07 +02:00
Günther Deschner
d85f140826 s3-winbind: remove global inclusion of libwbclient.
Guenther
2011-03-30 01:13:06 +02:00
Günther Deschner
96487959e9 lib/util/util_pw: share more code between lib/util/util_pw.c and source3/lib/username.c
Guenther
2011-03-30 01:13:06 +02:00
Günther Deschner
64421129b6 lib/util/util_pw: share sys_get{pw,gr} group of calls.
Guenther
2011-03-30 01:13:06 +02:00
Volker Lendecke
a414356075 s3: Fix Coverity ID 2188: MISSING_BREAK
Autobuild-User: Volker Lendecke <vlendec@samba.org>
Autobuild-Date: Sun Mar 27 23:11:10 CEST 2011 on sn-devel-104
2011-03-27 23:11:10 +02:00
Volker Lendecke
ba92c45787 s3: Fix Coverity ID 2189: MISSING_BREAK 2011-03-27 22:22:12 +02:00
Volker Lendecke
429e84f0d4 s3: Fix a (invalid) uninitialized variable warning
Autobuild-User: Volker Lendecke <vlendec@samba.org>
Autobuild-Date: Wed Mar 23 11:13:14 CET 2011 on sn-devel-104
2011-03-23 11:13:14 +01:00
Volker Lendecke
920b2fddc6 s3: Fix Coverity ID 1018, CHECKED_RETURN 2011-03-16 21:14:58 +01:00
Volker Lendecke
16b007c223 Quite some callers of sid_split_rid do not care about the rid 2011-03-10 18:48:34 +01:00
Volker Lendecke
dcbfb6fc0b s3: Fix a memory leak in check_sam_security_info3
Abartlet, this commit makes check_sam_security_info3 use talloc_tos() and also
cleans up the temporary talloc stackframe.

The old code created a temporary talloc context off "mem_ctx" but failed to
clean up the tmp_ctx in all but one return paths.

talloc_stackframe()/talloc_tos() is designed as a defense against exactly this
error: Even if we failed to free the frame when returning from the routine, it
would be cleaned up very soon, in our main event loop.

Please check this patch!

Thanks,

Volker

Autobuild-User: Volker Lendecke <vlendec@samba.org>
Autobuild-Date: Sat Mar  5 14:08:37 CET 2011 on sn-devel-104
2011-03-05 14:08:37 +01:00
Andreas Schneider
bf18403c81 s3-rpc_client: Move client pipe functions to own header. 2011-02-28 18:15:04 +01:00
Günther Deschner
67e72f5204 s3-waf: move some parts of auth to AUTH_COMMON to avoid duplicate symbols with winbindd.
Guenther

Autobuild-User: Günther Deschner <gd@samba.org>
Autobuild-Date: Wed Feb 23 02:16:23 CET 2011 on sn-devel-104
2011-02-23 02:16:23 +01:00
Günther Deschner
28b4b05938 s3-includes: move some chgpasswd related defines to the locations where they are used.
Guenther
2011-02-22 21:52:19 +01:00
Stefan Metzmacher
d7fa349052 s3:auth: change num_groups to from size_t to uint32_t
This will help with the change from UNIX_USER_TOKEN to security_unix_token

metze
2011-02-22 16:20:11 +11:00
Andrew Bartlett
2e69e89456 s3-auth Rename auth_serversupplied_info varaiables: server_info -> session_info
These variables, of type struct auth_serversupplied_info were poorly
named when added into 2001, and in good consistant practice, this has
extended all over the codebase in the years since.

The structure is also not ideal for it's current purpose.  Originally
intended to convey the results of the authentication modules, it
really describes all the essential attributes of a session.  This
rename will reduce the volume of a future patch to replaced these with
a struct auth_session_info, with auth_serversupplied_info confined to
the lower levels of the auth subsystem, and then eliminated.

(The new structure will be the output of create_local_token(), and the
change in struct definition will ensure that this is always run, populating
local groups and privileges).

Andrew Bartlett

Signed-off-by: Stefan Metzmacher <metze@samba.org>
2011-02-22 16:20:10 +11:00
Volker Lendecke
3e4da94669 s3: NO_SUCH_USER is a lot more likely than NO_MEMORY 2011-02-20 10:23:29 +01:00
Volker Lendecke
51b84a9ed7 s3: Convert init_system_info to NTSTATUS 2011-02-20 10:23:29 +01:00
Andrew Tridgell
c8b2b10976 s3-waf: use SAMBA3_*() build rules in source3/build
this brings the s3 waf build much closer to the proposed s3build top
level build, using the same bld.SAMBA3_*() rules

There are a few renames of subsystems in here, with a 3 suffix where
it would create a conflict.

Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2011-02-18 16:46:41 +11:00
Andrew Bartlett
1354d3dc74 s3-auth Fix memory leak in security=share and force user =
In these cases, the server_info was not stolen onto a long term memory
context, and so remained on the NULL context where it was created.

Andrew Bartlett

Autobuild-User: Andrew Bartlett <abartlet@samba.org>
Autobuild-Date: Wed Feb 16 01:08:19 CET 2011 on sn-devel-104
2011-02-16 01:08:19 +01:00
Andrew Bartlett
cc77ea720b s3-auth Remove unused pam_handle
Signed-off-by: Andrew Tridgell <tridge@samba.org>
2011-02-10 06:51:07 +01:00
Andrew Bartlett
2b05ba77b4 s3-auth Rename cryptic 'ptok' to security_token
This will allow the auth_serversupplied_info struct to be migrated
to auth_session_info easier.

Adnrew Bartlett

Signed-off-by: Andrew Tridgell <tridge@samba.org>
2011-02-10 06:51:06 +01:00
Günther Deschner
34722c72f6 pam: share pam errors in a common location.
Guenther
2011-02-08 14:05:36 +01:00
Volker Lendecke
40a46a9cca s3: Use the right credentials in check_netlogond_security
Autobuild-User: Volker Lendecke <vlendec@samba.org>
Autobuild-Date: Sun Feb  6 20:43:03 CET 2011 on sn-devel-104
2011-02-06 20:43:03 +01:00
Volker Lendecke
d515c6cd5c s3: Fix auth_netlogond to cope with netlogon_creds_CredentialState
Autobuild-User: Volker Lendecke <vlendec@samba.org>
Autobuild-Date: Sun Feb  6 17:30:48 CET 2011 on sn-devel-104
2011-02-06 17:30:48 +01:00
Volker Lendecke
843825f567 s3: Fetch the machinepw via ldapi in pdb_ads 2011-02-06 16:44:56 +01:00
Günther Deschner
f60398d7b2 s3-winbindd: let winbind try to use samlogon validation level 6. (bug #7945)
The benefit of this that it makes us more robust to secure channel resets
triggered from tools outside the winbind process. Long term we need to have a
shared tdb secure channel store though as well.

Guenther

Signed-off-by: Stefan Metzmacher <metze@samba.org>

Autobuild-User: Stefan Metzmacher <metze@samba.org>
Autobuild-Date: Fri Feb  4 18:11:04 CET 2011 on sn-devel-104
2011-02-04 18:11:04 +01:00
Günther Deschner
ac4127a9f4 s3-auth: add copy_netr_SamBaseInfo().
Guenther

Signed-off-by: Stefan Metzmacher <metze@samba.org>
2011-02-04 16:57:32 +01:00
Volker Lendecke
9b94f36605 s3: Make sure we call wbcAuthenticateUserEx correctly
There are cases where we fill in params.password.response.lm_data with non-NULL
where params.password.response.lm_length is 0. wbcAuthenticateUserEx does not
like that.

I haven't been able to reproduce this with smbclient yet, I've seen it with a
proprietary smb client implementation.

Autobuild-User: Volker Lendecke <vlendec@samba.org>
Autobuild-Date: Mon Jan 17 16:30:11 CET 2011 on sn-devel-104
2011-01-17 16:30:11 +01:00
Volker Lendecke
d3abc90401 s3: Avoid a few calls to cli_errstr
Autobuild-User: Volker Lendecke <vlendec@samba.org>
Autobuild-Date: Mon Jan 17 08:47:25 CET 2011 on sn-devel-104
2011-01-17 08:47:25 +01:00
Volker Lendecke
d096de56b1 s3: Remove unused "retry" from cli_full_connection 2010-12-20 17:10:58 +01:00
Volker Lendecke
660190632e s3: Always retry the DC connection in auth_domain
The only condition that cli_full_connection marks as non-retryable is the basic
name lookup and TCP connect. To me this is pretty fishy. For example if the
negprot fails, this is supposed to be more retryable than a NetBIOS name lookup
failure? I'd rather think the opposite is true.

Jeremy, this is code from 2002, 389a16d9d5. If you have any comments from
back then, let me know :-)

Volker
2010-12-20 17:10:57 +01:00
Volker Lendecke
c6b5136f02 s3: Fix bug 7066 -- wbcAuthenticateEx gives unix times
We might eventually want to change this, but right now we get unix times
out of the winbind pipe struct
2010-12-19 23:25:06 +01:00
Günther Deschner
133a2ffd00 s3-waf: avoid module name uppercasing.
This finally allows mixed case module names like the classic build
(./configure --shared_modules=charset_CP850)

Guenther

Autobuild-User: Günther Deschner <gd@samba.org>
Autobuild-Date: Wed Dec  1 18:39:14 CET 2010 on sn-devel-104
2010-12-01 18:39:14 +01:00
Günther Deschner
33c82cd5dd s3-waf: convert TOKEN_UTIL into a subsystem.
Guenther
2010-11-30 18:12:29 +01:00
Jeremy Allison
a95970d3b7 Fix memleak I accidently introduced when reading from tdb.
Autobuild-User: Jeremy Allison <jra@samba.org>
Autobuild-Date: Wed Nov 10 01:56:21 UTC 2010 on sn-devel-104
2010-11-10 01:56:21 +00:00
Jeremy Allison
3878fa4c43 Ensure we check the return from make_user_info before dereferencing the value returned by it.
Jeremy.
2010-11-10 01:14:17 +00:00
Jeremy Allison
9997ee813b Remove fstring from map_username. Create a more sane interface than the called-parameter-is-modified.
Jeremy.
2010-11-10 01:14:17 +00:00
Volker Lendecke
c83a40ddbf s3: Quieten a bogus error message
This happens if you set "auth methods = winbind" without a fallback method.

The return NT_STATUS_LOGON_FAILURE; is not strictly require here, because we
fall through to the equivalent statement a few lines down, but it makes the
code a bit clearer IMO.

Autobuild-User: Volker Lendecke <vlendec@samba.org>
Autobuild-Date: Tue Nov  9 20:15:59 UTC 2010 on sn-devel-104
2010-11-09 20:15:59 +00:00
Volker Lendecke
097be4b101 s3: Make proper use of sid_check_is_in_xx routines
Autobuild-User: Volker Lendecke <vlendec@samba.org>
Autobuild-Date: Fri Nov  5 15:35:59 UTC 2010 on sn-devel-104
2010-11-05 15:35:59 +00:00
Volker Lendecke
26b2a132ff s3: Fix a typo 2010-11-05 15:54:05 +01:00
Jeremy Allison
e1cfca1e2e Make getpwnam_alloc() static to lib/username.c, and ensure all username lookups go
through Get_Pwnam_alloc(), which is the correct wrapper function. We were using
it *some* of the time anyway, so this just makes us properly consistent.

Jeremy.

Autobuild-User: Jeremy Allison <jra@samba.org>
Autobuild-Date: Wed Oct 20 16:02:12 UTC 2010 on sn-devel-104
2010-10-20 16:02:12 +00:00
Günther Deschner
4a2e47b74a s3-waf: move RPC_CLIENT_SCHANNEL into a subsystem.
Guenther
2010-10-20 16:21:12 +02:00
Andreas Schneider
f22e6cf3b7 s3-rpc_server: Make auth_serversupplied_info const. 2010-10-15 11:34:03 +00:00
Andrew Bartlett
170b345e0c s3-auth Use security_token_debug() from common code
This prints the security token including the privileges as strings
instead of just a bitmap.

Andrew Bartlett

Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-10-14 02:35:04 +00:00
Andrew Bartlett
58cf83732a s3-auth use security_token_has_sid() from the common code
The wrapper call is left here to avoid changing semantics for
the NULL parameter case.

Andrew Bartlett

Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-10-14 02:35:04 +00:00
Andrew Bartlett
f768b32e37 libcli/security Provide a common, top level libcli/security/security.h
This will reduce the noise from merges of the rest of the
libcli/security code, without this commit changing what code
is actually used.

This includes (along with other security headers) dom_sid.h and
security_token.h

Andrew Bartlett

Autobuild-User: Andrew Bartlett <abartlet@samba.org>
Autobuild-Date: Tue Oct 12 05:54:10 UTC 2010 on sn-devel-104
2010-10-12 05:54:10 +00:00
Günther Deschner
4e9508172d s3-waf: slowly getting modules to match how they look like in old build.
Guenther

Autobuild-User: Günther Deschner <gd@samba.org>
Autobuild-Date: Fri Oct  8 09:31:01 UTC 2010 on sn-devel-104
2010-10-08 09:31:01 +00:00