Günther Deschner
4a2e47b74a
s3-waf: move RPC_CLIENT_SCHANNEL into a subsystem.
...
Guenther
2010-10-20 16:21:12 +02:00
Andreas Schneider
f22e6cf3b7
s3-rpc_server: Make auth_serversupplied_info const.
2010-10-15 11:34:03 +00:00
Andrew Bartlett
170b345e0c
s3-auth Use security_token_debug() from common code
...
This prints the security token including the privileges as strings
instead of just a bitmap.
Andrew Bartlett
Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-10-14 02:35:04 +00:00
Andrew Bartlett
58cf83732a
s3-auth use security_token_has_sid() from the common code
...
The wrapper call is left here to avoid changing semantics for
the NULL parameter case.
Andrew Bartlett
Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-10-14 02:35:04 +00:00
Andrew Bartlett
f768b32e37
libcli/security Provide a common, top level libcli/security/security.h
...
This will reduce the noise from merges of the rest of the
libcli/security code, without this commit changing what code
is actually used.
This includes (along with other security headers) dom_sid.h and
security_token.h
Andrew Bartlett
Autobuild-User: Andrew Bartlett <abartlet@samba.org>
Autobuild-Date: Tue Oct 12 05:54:10 UTC 2010 on sn-devel-104
2010-10-12 05:54:10 +00:00
Günther Deschner
4e9508172d
s3-waf: slowly getting modules to match how they look like in old build.
...
Guenther
Autobuild-User: Günther Deschner <gd@samba.org>
Autobuild-Date: Fri Oct 8 09:31:01 UTC 2010 on sn-devel-104
2010-10-08 09:31:01 +00:00
Günther Deschner
9d3046f098
s3-waf: add AUTH_SCRIPT module to AUTH subsystem (which is build as shared
...
module by default).
Guenther
2010-09-28 20:03:54 +02:00
Günther Deschner
2a1891a9d6
s3-waf: fix dependencies in most of our module subsystems.
...
Guenther
2010-09-28 09:41:54 +02:00
Günther Deschner
07697fa053
s3-auth_util: make sure the system server info actually contains S-1-5-18.
...
Without this, all security descriptor checks for the winreg spoolss backend fail
and make our spoolss system in its current shape basically unusable.
Andreas, please check.
Guenther
2010-09-28 09:40:57 +02:00
Günther Deschner
fa8971d90f
s3-waf: move auth subsystem to auth/wscript_build.
...
Guenther
2010-09-27 00:39:37 +02:00
Volker Lendecke
86919606c7
s3: Remove talloc_autofree_context() from get_root_nt_token()
...
The memcache_add_talloc() later on steals it anyway
2010-09-26 03:29:27 +02:00
Volker Lendecke
6ee0d866c2
s3: Lift talloc_autofree_context() from make_auth_context_fixed()
2010-09-26 01:12:37 +02:00
Volker Lendecke
242e329610
s3: Lift talloc_autofree_context() from make_auth_context_subsystem()
2010-09-26 01:12:37 +02:00
Volker Lendecke
2d8be31e88
s3: Lift talloc_autofree_context() from make_auth_context_text_list()
2010-09-26 01:12:37 +02:00
Volker Lendecke
61861e4b7d
s3: Lift talloc_autofree_context() from make_auth_context()
2010-09-26 01:12:37 +02:00
Volker Lendecke
b12744513e
s3: Fix a memleak in make_new_server_info_system()
2010-09-26 01:12:37 +02:00
Volker Lendecke
15a3afbd19
s3: Remove talloc_autofree_context() from init_system_info()
2010-09-26 01:12:37 +02:00
Volker Lendecke
e4591eb8c1
s3: Fix a typo
2010-09-25 15:45:09 -07:00
Günther Deschner
102a70e809
s3-util: use shared dom_sid_dup.
...
Guenther
2010-09-20 14:05:07 -07:00
Günther Deschner
4dbd743e46
s3-util_sid: use shared dom_sid_compare_auth and dom_sid_equal_X functions.
...
Guenther
2010-09-20 14:04:37 -07:00
Andrew Bartlett
6832d5e933
libcli/auth/ntlmssp Be clear about talloc parents for session keys
...
The previous API was not clear as to who owned the returned session key.
This fixes a valgrind-found use-after-free in the NTLMSSP key derivation code,
and avoids making allocations - we steal and zero instead.
Andrew Bartlett
Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-09-16 21:09:17 +10:00
Andrew Bartlett
2387e3bcfe
s3-privs Call security_token_set_privilege() rather than manual assignment
...
This avoids as much direct modifiction of the bitmask as possible.
Andrew Bartlett
Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-09-11 18:46:09 +10:00
Andrew Bartlett
b29b6c13a3
s3-privs Inline dump_se_priv into callers now that it's just a uint64_t
...
The previous 128 bit structure needed this helper function.
Andrew Bartlett
Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-09-11 18:46:07 +10:00
Andrew Bartlett
d1bb21b0d5
s3:auth Remove NT_USER_TOKEN
...
The all UPPER case typedef is no longer the preferred Samba style
and this makes it easier to see that this is the IDL-derivied structure
Andrew Bartlett
Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-09-11 18:46:06 +10:00
Andrew Bartlett
4bfc8d3b1a
s3-auth Change struct nt_user_token -> struct security_token
...
This common structure is defined in security.idl
Andrew Bartlett
Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-09-11 18:46:05 +10:00
Andrew Bartlett
4bf783d4d6
s3-auth Change type of num_sids to uint32_t
...
size_t is overkill here, and in struct security_token in the num_sids
is uint32_t.
This includes a change to the prototype of add_sid_to_array()
and add_sid_to_array_unique(), which has had a number of
consequnetial changes as I try to sort out all the callers using
a pointer to the number of sids.
Andrew Bartlett
Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-09-11 18:46:05 +10:00
Andreas Schneider
669213e812
s3-auth: Added get_server_info_system function.
2010-09-09 16:00:07 +02:00
Günther Deschner
7afa6675ee
s3-auth: fix uninitialized error code in get_guest_info3().
...
Guenther
2010-09-01 10:51:13 +02:00
Günther Deschner
95f9542e05
s3-auth: remove global include of krb5pac.h.
...
Guenther
2010-08-31 23:17:40 +02:00
Günther Deschner
d5436c650c
s3-auth: remove unused variable in check_sam_security().
...
Guenther
2010-08-31 23:17:39 +02:00
Andrew Bartlett
eee63b7e75
s3-auth Rename NT_USER_TOKEN privileges -> privilege_mask
...
This is closer to the struct security_token from security.idl
Andrew Bartlett
2010-08-31 11:25:41 +10:00
Andrew Bartlett
8c15cf54ae
s3-auth Rename NT_USER_TOKEN user_sids -> sids
...
This is closer to the struct security_token from security.idl
2010-08-31 10:20:14 +10:00
Andreas Schneider
20e7b4ec74
s3-auth: The unlock of the account is now done by the get_sampwnam call.
...
Signed-off-by: Simo Sorce <idra@samba.org>
2010-08-30 10:43:54 -04:00
Andreas Schneider
9dd7e7fc2d
s3-auth: Use SamInfo3_for_guest to create guest server_info.
...
Signed-off-by: Simo Sorce <idra@samba.org>
2010-08-30 10:43:20 -04:00
Simo Sorce
08a8e25d6b
s3-auth: add helper to get server_info out of kerberos info
...
Signed-off-by: Günther Deschner <gd@samba.org>
2010-08-30 14:24:30 +02:00
Simo Sorce
b9772a4886
s3-auth: Add helper function to retrieve the unix user from a kerberos ticket
...
Signed-off-by: Günther Deschner <gd@samba.org>
2010-08-30 14:17:06 +02:00
Volker Lendecke
291526b9cf
s3: Remove a use of smbd_server_fd
...
This disables different socket options per user for ntlmssp authentiation, a
change in behaviour which is exotic enough I believe.
2010-08-29 21:55:23 +02:00
Volker Lendecke
520c5aae40
s3: Remove smbd_server_conn() from check_unix_security
2010-08-28 11:12:13 +02:00
Volker Lendecke
92fd03c5f0
s3: Lift smbd_server_fd() from pass_check()
2010-08-28 11:12:13 +02:00
Volker Lendecke
a3995ef31c
s3: Lift smbd_server_fd() from password_check()
2010-08-28 11:12:13 +02:00
Volker Lendecke
2257a0cd86
s3: Fix some nonempty blank lines
2010-08-28 11:12:13 +02:00
Volker Lendecke
636d107989
s3: Fix smb_pam_passcheck
2010-08-28 11:05:22 +02:00
Volker Lendecke
67522702ac
s3: Those functions are no macros anymore :-)
2010-08-28 10:54:39 +02:00
Volker Lendecke
9322fa4077
s3: Lift smbd_server_fd() from smb_pam_passcheck
2010-08-27 21:59:09 +02:00
Volker Lendecke
26ee30585d
s3: Lift smbd_server_fd() from smb_pam_start
...
smb_pam_passcheck() is the only caller that fills in NULL, all other callers
now properly fill rhost
2010-08-27 21:59:09 +02:00
Volker Lendecke
619c348ba3
s3: Pass "private_data" through string_combinations()
2010-08-27 21:10:14 +02:00
Volker Lendecke
8e1d3b5f8f
s3: Pass rhost through to smb_pam_passchange
2010-08-27 12:53:17 +02:00
Volker Lendecke
33f9c078d3
s3: Fix typos
2010-08-26 22:57:13 +02:00
Günther Deschner
7ff7eb0b52
s3-build: only include nsswitch header where needed.
...
Guenther
2010-08-26 00:20:28 +02:00
Günther Deschner
aba1bf4b5e
s3-build: only include memcache.h where needed.
...
Guenther
2010-08-26 00:20:28 +02:00