1
0
mirror of https://github.com/samba-team/samba.git synced 2024-12-24 21:34:56 +03:00
Commit Graph

881 Commits

Author SHA1 Message Date
Günther Deschner
4a2e47b74a s3-waf: move RPC_CLIENT_SCHANNEL into a subsystem.
Guenther
2010-10-20 16:21:12 +02:00
Andreas Schneider
f22e6cf3b7 s3-rpc_server: Make auth_serversupplied_info const. 2010-10-15 11:34:03 +00:00
Andrew Bartlett
170b345e0c s3-auth Use security_token_debug() from common code
This prints the security token including the privileges as strings
instead of just a bitmap.

Andrew Bartlett

Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-10-14 02:35:04 +00:00
Andrew Bartlett
58cf83732a s3-auth use security_token_has_sid() from the common code
The wrapper call is left here to avoid changing semantics for
the NULL parameter case.

Andrew Bartlett

Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-10-14 02:35:04 +00:00
Andrew Bartlett
f768b32e37 libcli/security Provide a common, top level libcli/security/security.h
This will reduce the noise from merges of the rest of the
libcli/security code, without this commit changing what code
is actually used.

This includes (along with other security headers) dom_sid.h and
security_token.h

Andrew Bartlett

Autobuild-User: Andrew Bartlett <abartlet@samba.org>
Autobuild-Date: Tue Oct 12 05:54:10 UTC 2010 on sn-devel-104
2010-10-12 05:54:10 +00:00
Günther Deschner
4e9508172d s3-waf: slowly getting modules to match how they look like in old build.
Guenther

Autobuild-User: Günther Deschner <gd@samba.org>
Autobuild-Date: Fri Oct  8 09:31:01 UTC 2010 on sn-devel-104
2010-10-08 09:31:01 +00:00
Günther Deschner
9d3046f098 s3-waf: add AUTH_SCRIPT module to AUTH subsystem (which is build as shared
module by default).

Guenther
2010-09-28 20:03:54 +02:00
Günther Deschner
2a1891a9d6 s3-waf: fix dependencies in most of our module subsystems.
Guenther
2010-09-28 09:41:54 +02:00
Günther Deschner
07697fa053 s3-auth_util: make sure the system server info actually contains S-1-5-18.
Without this, all security descriptor checks for the winreg spoolss backend fail
and make our spoolss system in its current shape basically unusable.

Andreas, please check.

Guenther
2010-09-28 09:40:57 +02:00
Günther Deschner
fa8971d90f s3-waf: move auth subsystem to auth/wscript_build.
Guenther
2010-09-27 00:39:37 +02:00
Volker Lendecke
86919606c7 s3: Remove talloc_autofree_context() from get_root_nt_token()
The memcache_add_talloc() later on steals it anyway
2010-09-26 03:29:27 +02:00
Volker Lendecke
6ee0d866c2 s3: Lift talloc_autofree_context() from make_auth_context_fixed() 2010-09-26 01:12:37 +02:00
Volker Lendecke
242e329610 s3: Lift talloc_autofree_context() from make_auth_context_subsystem() 2010-09-26 01:12:37 +02:00
Volker Lendecke
2d8be31e88 s3: Lift talloc_autofree_context() from make_auth_context_text_list() 2010-09-26 01:12:37 +02:00
Volker Lendecke
61861e4b7d s3: Lift talloc_autofree_context() from make_auth_context() 2010-09-26 01:12:37 +02:00
Volker Lendecke
b12744513e s3: Fix a memleak in make_new_server_info_system() 2010-09-26 01:12:37 +02:00
Volker Lendecke
15a3afbd19 s3: Remove talloc_autofree_context() from init_system_info() 2010-09-26 01:12:37 +02:00
Volker Lendecke
e4591eb8c1 s3: Fix a typo 2010-09-25 15:45:09 -07:00
Günther Deschner
102a70e809 s3-util: use shared dom_sid_dup.
Guenther
2010-09-20 14:05:07 -07:00
Günther Deschner
4dbd743e46 s3-util_sid: use shared dom_sid_compare_auth and dom_sid_equal_X functions.
Guenther
2010-09-20 14:04:37 -07:00
Andrew Bartlett
6832d5e933 libcli/auth/ntlmssp Be clear about talloc parents for session keys
The previous API was not clear as to who owned the returned session key.
This fixes a valgrind-found use-after-free in the NTLMSSP key derivation code,
and avoids making allocations - we steal and zero instead.

Andrew Bartlett

Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-09-16 21:09:17 +10:00
Andrew Bartlett
2387e3bcfe s3-privs Call security_token_set_privilege() rather than manual assignment
This avoids as much direct modifiction of the bitmask as possible.

Andrew Bartlett

Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-09-11 18:46:09 +10:00
Andrew Bartlett
b29b6c13a3 s3-privs Inline dump_se_priv into callers now that it's just a uint64_t
The previous 128 bit structure needed this helper function.

Andrew Bartlett

Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-09-11 18:46:07 +10:00
Andrew Bartlett
d1bb21b0d5 s3:auth Remove NT_USER_TOKEN
The all UPPER case typedef is no longer the preferred Samba style
and this makes it easier to see that this is the IDL-derivied structure

Andrew Bartlett

Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-09-11 18:46:06 +10:00
Andrew Bartlett
4bfc8d3b1a s3-auth Change struct nt_user_token -> struct security_token
This common structure is defined in security.idl

Andrew Bartlett

Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-09-11 18:46:05 +10:00
Andrew Bartlett
4bf783d4d6 s3-auth Change type of num_sids to uint32_t
size_t is overkill here, and in struct security_token in the num_sids
is uint32_t.

This includes a change to the prototype of add_sid_to_array()
and add_sid_to_array_unique(), which has had a number of
consequnetial changes as I try to sort out all the callers using
a pointer to the number of sids.

Andrew Bartlett

Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-09-11 18:46:05 +10:00
Andreas Schneider
669213e812 s3-auth: Added get_server_info_system function. 2010-09-09 16:00:07 +02:00
Günther Deschner
7afa6675ee s3-auth: fix uninitialized error code in get_guest_info3().
Guenther
2010-09-01 10:51:13 +02:00
Günther Deschner
95f9542e05 s3-auth: remove global include of krb5pac.h.
Guenther
2010-08-31 23:17:40 +02:00
Günther Deschner
d5436c650c s3-auth: remove unused variable in check_sam_security().
Guenther
2010-08-31 23:17:39 +02:00
Andrew Bartlett
eee63b7e75 s3-auth Rename NT_USER_TOKEN privileges -> privilege_mask
This is closer to the struct security_token from security.idl

Andrew Bartlett
2010-08-31 11:25:41 +10:00
Andrew Bartlett
8c15cf54ae s3-auth Rename NT_USER_TOKEN user_sids -> sids
This is closer to the struct security_token from security.idl
2010-08-31 10:20:14 +10:00
Andreas Schneider
20e7b4ec74 s3-auth: The unlock of the account is now done by the get_sampwnam call.
Signed-off-by: Simo Sorce <idra@samba.org>
2010-08-30 10:43:54 -04:00
Andreas Schneider
9dd7e7fc2d s3-auth: Use SamInfo3_for_guest to create guest server_info.
Signed-off-by: Simo Sorce <idra@samba.org>
2010-08-30 10:43:20 -04:00
Simo Sorce
08a8e25d6b s3-auth: add helper to get server_info out of kerberos info
Signed-off-by: Günther Deschner <gd@samba.org>
2010-08-30 14:24:30 +02:00
Simo Sorce
b9772a4886 s3-auth: Add helper function to retrieve the unix user from a kerberos ticket
Signed-off-by: Günther Deschner <gd@samba.org>
2010-08-30 14:17:06 +02:00
Volker Lendecke
291526b9cf s3: Remove a use of smbd_server_fd
This disables different socket options per user for ntlmssp authentiation, a
change in behaviour which is exotic enough I believe.
2010-08-29 21:55:23 +02:00
Volker Lendecke
520c5aae40 s3: Remove smbd_server_conn() from check_unix_security 2010-08-28 11:12:13 +02:00
Volker Lendecke
92fd03c5f0 s3: Lift smbd_server_fd() from pass_check() 2010-08-28 11:12:13 +02:00
Volker Lendecke
a3995ef31c s3: Lift smbd_server_fd() from password_check() 2010-08-28 11:12:13 +02:00
Volker Lendecke
2257a0cd86 s3: Fix some nonempty blank lines 2010-08-28 11:12:13 +02:00
Volker Lendecke
636d107989 s3: Fix smb_pam_passcheck 2010-08-28 11:05:22 +02:00
Volker Lendecke
67522702ac s3: Those functions are no macros anymore :-) 2010-08-28 10:54:39 +02:00
Volker Lendecke
9322fa4077 s3: Lift smbd_server_fd() from smb_pam_passcheck 2010-08-27 21:59:09 +02:00
Volker Lendecke
26ee30585d s3: Lift smbd_server_fd() from smb_pam_start
smb_pam_passcheck() is the only caller that fills in NULL, all other callers
now properly fill rhost
2010-08-27 21:59:09 +02:00
Volker Lendecke
619c348ba3 s3: Pass "private_data" through string_combinations() 2010-08-27 21:10:14 +02:00
Volker Lendecke
8e1d3b5f8f s3: Pass rhost through to smb_pam_passchange 2010-08-27 12:53:17 +02:00
Volker Lendecke
33f9c078d3 s3: Fix typos 2010-08-26 22:57:13 +02:00
Günther Deschner
7ff7eb0b52 s3-build: only include nsswitch header where needed.
Guenther
2010-08-26 00:20:28 +02:00
Günther Deschner
aba1bf4b5e s3-build: only include memcache.h where needed.
Guenther
2010-08-26 00:20:28 +02:00