sin/samba-mirror
1
0
Fork 0
mirror of https://github.com/samba-team/samba.git synced 2024-12-27 03:21:53 +03:00
Code
68,634 Commits 60 Branches 1,144 Tags 452 MiB
57b3d32c8d
Commit Graph

884 Commits

Author SHA1 Message Date
Volker Lendecke
097be4b101 s3: Make proper use of sid_check_is_in_xx routines 
Autobuild-User: Volker Lendecke <vlendec@samba.org>
Autobuild-Date: Fri Nov  5 15:35:59 UTC 2010 on sn-devel-104
 2010-11-05 15:35:59 +00:00
Volker Lendecke
26b2a132ff s3: Fix a typo 2010-11-05 15:54:05 +01:00
Jeremy Allison
e1cfca1e2e Make getpwnam_alloc() static to lib/username.c, and ensure all username lookups go 
through Get_Pwnam_alloc(), which is the correct wrapper function. We were using
it *some* of the time anyway, so this just makes us properly consistent.

Jeremy.

Autobuild-User: Jeremy Allison <jra@samba.org>
Autobuild-Date: Wed Oct 20 16:02:12 UTC 2010 on sn-devel-104
 2010-10-20 16:02:12 +00:00
Günther Deschner
4a2e47b74a s3-waf: move RPC_CLIENT_SCHANNEL into a subsystem. 
Guenther
 2010-10-20 16:21:12 +02:00
Andreas Schneider
f22e6cf3b7 s3-rpc_server: Make auth_serversupplied_info const. 2010-10-15 11:34:03 +00:00
Andrew Bartlett
170b345e0c s3-auth Use security_token_debug() from common code 
This prints the security token including the privileges as strings
instead of just a bitmap.

Andrew Bartlett

Signed-off-by: Andrew Tridgell <tridge@samba.org>
 2010-10-14 02:35:04 +00:00
Andrew Bartlett
58cf83732a s3-auth use security_token_has_sid() from the common code 
The wrapper call is left here to avoid changing semantics for
the NULL parameter case.

Andrew Bartlett

Signed-off-by: Andrew Tridgell <tridge@samba.org>
 2010-10-14 02:35:04 +00:00
Andrew Bartlett
f768b32e37 libcli/security Provide a common, top level libcli/security/security.h 
This will reduce the noise from merges of the rest of the
libcli/security code, without this commit changing what code
is actually used.

This includes (along with other security headers) dom_sid.h and
security_token.h

Andrew Bartlett

Autobuild-User: Andrew Bartlett <abartlet@samba.org>
Autobuild-Date: Tue Oct 12 05:54:10 UTC 2010 on sn-devel-104
 2010-10-12 05:54:10 +00:00
Günther Deschner
4e9508172d s3-waf: slowly getting modules to match how they look like in old build. 
Guenther

Autobuild-User: Günther Deschner <gd@samba.org>
Autobuild-Date: Fri Oct  8 09:31:01 UTC 2010 on sn-devel-104
 2010-10-08 09:31:01 +00:00
Günther Deschner
9d3046f098 s3-waf: add AUTH_SCRIPT module to AUTH subsystem (which is build as shared 
module by default).

Guenther
 2010-09-28 20:03:54 +02:00
Günther Deschner
2a1891a9d6 s3-waf: fix dependencies in most of our module subsystems. 
Guenther
 2010-09-28 09:41:54 +02:00
Günther Deschner
07697fa053 s3-auth_util: make sure the system server info actually contains S-1-5-18. 
Without this, all security descriptor checks for the winreg spoolss backend fail
and make our spoolss system in its current shape basically unusable.

Andreas, please check.

Guenther
 2010-09-28 09:40:57 +02:00
Günther Deschner
fa8971d90f s3-waf: move auth subsystem to auth/wscript_build. 
Guenther
 2010-09-27 00:39:37 +02:00
Volker Lendecke
86919606c7 s3: Remove talloc_autofree_context() from get_root_nt_token() 
The memcache_add_talloc() later on steals it anyway
 2010-09-26 03:29:27 +02:00
Volker Lendecke
6ee0d866c2 s3: Lift talloc_autofree_context() from make_auth_context_fixed() 2010-09-26 01:12:37 +02:00
Volker Lendecke
242e329610 s3: Lift talloc_autofree_context() from make_auth_context_subsystem() 2010-09-26 01:12:37 +02:00
Volker Lendecke
2d8be31e88 s3: Lift talloc_autofree_context() from make_auth_context_text_list() 2010-09-26 01:12:37 +02:00
Volker Lendecke
61861e4b7d s3: Lift talloc_autofree_context() from make_auth_context() 2010-09-26 01:12:37 +02:00
Volker Lendecke
b12744513e s3: Fix a memleak in make_new_server_info_system() 2010-09-26 01:12:37 +02:00
Volker Lendecke
15a3afbd19 s3: Remove talloc_autofree_context() from init_system_info() 2010-09-26 01:12:37 +02:00
Volker Lendecke
e4591eb8c1 s3: Fix a typo 2010-09-25 15:45:09 -07:00
Günther Deschner
102a70e809 s3-util: use shared dom_sid_dup. 
Guenther
 2010-09-20 14:05:07 -07:00
Günther Deschner
4dbd743e46 s3-util_sid: use shared dom_sid_compare_auth and dom_sid_equal_X functions. 
Guenther
 2010-09-20 14:04:37 -07:00
Andrew Bartlett
6832d5e933 libcli/auth/ntlmssp Be clear about talloc parents for session keys 
The previous API was not clear as to who owned the returned session key.
This fixes a valgrind-found use-after-free in the NTLMSSP key derivation code,
and avoids making allocations - we steal and zero instead.

Andrew Bartlett

Signed-off-by: Andrew Tridgell <tridge@samba.org>
 2010-09-16 21:09:17 +10:00
Andrew Bartlett
2387e3bcfe s3-privs Call security_token_set_privilege() rather than manual assignment 
This avoids as much direct modifiction of the bitmask as possible.

Andrew Bartlett

Signed-off-by: Andrew Tridgell <tridge@samba.org>
 2010-09-11 18:46:09 +10:00
Andrew Bartlett
b29b6c13a3 s3-privs Inline dump_se_priv into callers now that it's just a uint64_t 
The previous 128 bit structure needed this helper function.

Andrew Bartlett

Signed-off-by: Andrew Tridgell <tridge@samba.org>
 2010-09-11 18:46:07 +10:00
Andrew Bartlett
d1bb21b0d5 s3:auth Remove NT_USER_TOKEN 
The all UPPER case typedef is no longer the preferred Samba style
and this makes it easier to see that this is the IDL-derivied structure

Andrew Bartlett

Signed-off-by: Andrew Tridgell <tridge@samba.org>
 2010-09-11 18:46:06 +10:00
Andrew Bartlett
4bfc8d3b1a s3-auth Change struct nt_user_token -> struct security_token 
This common structure is defined in security.idl

Andrew Bartlett

Signed-off-by: Andrew Tridgell <tridge@samba.org>
 2010-09-11 18:46:05 +10:00
Andrew Bartlett
4bf783d4d6 s3-auth Change type of num_sids to uint32_t 
size_t is overkill here, and in struct security_token in the num_sids
is uint32_t.

This includes a change to the prototype of add_sid_to_array()
and add_sid_to_array_unique(), which has had a number of
consequnetial changes as I try to sort out all the callers using
a pointer to the number of sids.

Andrew Bartlett

Signed-off-by: Andrew Tridgell <tridge@samba.org>
 2010-09-11 18:46:05 +10:00
Andreas Schneider
669213e812 s3-auth: Added get_server_info_system function. 2010-09-09 16:00:07 +02:00
Günther Deschner
7afa6675ee s3-auth: fix uninitialized error code in get_guest_info3(). 
Guenther
 2010-09-01 10:51:13 +02:00
Günther Deschner
95f9542e05 s3-auth: remove global include of krb5pac.h. 
Guenther
 2010-08-31 23:17:40 +02:00
Günther Deschner
d5436c650c s3-auth: remove unused variable in check_sam_security(). 
Guenther
 2010-08-31 23:17:39 +02:00
Andrew Bartlett
eee63b7e75 s3-auth Rename NT_USER_TOKEN privileges -> privilege_mask 
This is closer to the struct security_token from security.idl

Andrew Bartlett
 2010-08-31 11:25:41 +10:00
Andrew Bartlett
8c15cf54ae s3-auth Rename NT_USER_TOKEN user_sids -> sids 
This is closer to the struct security_token from security.idl
 2010-08-31 10:20:14 +10:00
Andreas Schneider
20e7b4ec74 s3-auth: The unlock of the account is now done by the get_sampwnam call. 
Signed-off-by: Simo Sorce <idra@samba.org>
 2010-08-30 10:43:54 -04:00
Andreas Schneider
9dd7e7fc2d s3-auth: Use SamInfo3_for_guest to create guest server_info. 
Signed-off-by: Simo Sorce <idra@samba.org>
 2010-08-30 10:43:20 -04:00
Simo Sorce
08a8e25d6b s3-auth: add helper to get server_info out of kerberos info 
Signed-off-by: Günther Deschner <gd@samba.org>
 2010-08-30 14:24:30 +02:00
Simo Sorce
b9772a4886 s3-auth: Add helper function to retrieve the unix user from a kerberos ticket 
Signed-off-by: Günther Deschner <gd@samba.org>
 2010-08-30 14:17:06 +02:00
Volker Lendecke
291526b9cf s3: Remove a use of smbd_server_fd 
This disables different socket options per user for ntlmssp authentiation, a
change in behaviour which is exotic enough I believe.
 2010-08-29 21:55:23 +02:00
Volker Lendecke
520c5aae40 s3: Remove smbd_server_conn() from check_unix_security 2010-08-28 11:12:13 +02:00
Volker Lendecke
92fd03c5f0 s3: Lift smbd_server_fd() from pass_check() 2010-08-28 11:12:13 +02:00
Volker Lendecke
a3995ef31c s3: Lift smbd_server_fd() from password_check() 2010-08-28 11:12:13 +02:00
Volker Lendecke
2257a0cd86 s3: Fix some nonempty blank lines 2010-08-28 11:12:13 +02:00
Volker Lendecke
636d107989 s3: Fix smb_pam_passcheck 2010-08-28 11:05:22 +02:00
Volker Lendecke
67522702ac s3: Those functions are no macros anymore :-) 2010-08-28 10:54:39 +02:00
Volker Lendecke
9322fa4077 s3: Lift smbd_server_fd() from smb_pam_passcheck 2010-08-27 21:59:09 +02:00
Volker Lendecke
26ee30585d s3: Lift smbd_server_fd() from smb_pam_start 
smb_pam_passcheck() is the only caller that fills in NULL, all other callers
now properly fill rhost
 2010-08-27 21:59:09 +02:00
Volker Lendecke
619c348ba3 s3: Pass "private_data" through string_combinations() 2010-08-27 21:10:14 +02:00
Volker Lendecke
8e1d3b5f8f s3: Pass rhost through to smb_pam_passchange 2010-08-27 12:53:17 +02:00