1
0
mirror of https://github.com/samba-team/samba.git synced 2024-12-24 21:34:56 +03:00
Commit Graph

860 Commits

Author SHA1 Message Date
Andrew Bartlett
2387e3bcfe s3-privs Call security_token_set_privilege() rather than manual assignment
This avoids as much direct modifiction of the bitmask as possible.

Andrew Bartlett

Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-09-11 18:46:09 +10:00
Andrew Bartlett
b29b6c13a3 s3-privs Inline dump_se_priv into callers now that it's just a uint64_t
The previous 128 bit structure needed this helper function.

Andrew Bartlett

Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-09-11 18:46:07 +10:00
Andrew Bartlett
d1bb21b0d5 s3:auth Remove NT_USER_TOKEN
The all UPPER case typedef is no longer the preferred Samba style
and this makes it easier to see that this is the IDL-derivied structure

Andrew Bartlett

Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-09-11 18:46:06 +10:00
Andrew Bartlett
4bfc8d3b1a s3-auth Change struct nt_user_token -> struct security_token
This common structure is defined in security.idl

Andrew Bartlett

Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-09-11 18:46:05 +10:00
Andrew Bartlett
4bf783d4d6 s3-auth Change type of num_sids to uint32_t
size_t is overkill here, and in struct security_token in the num_sids
is uint32_t.

This includes a change to the prototype of add_sid_to_array()
and add_sid_to_array_unique(), which has had a number of
consequnetial changes as I try to sort out all the callers using
a pointer to the number of sids.

Andrew Bartlett

Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-09-11 18:46:05 +10:00
Andreas Schneider
669213e812 s3-auth: Added get_server_info_system function. 2010-09-09 16:00:07 +02:00
Günther Deschner
7afa6675ee s3-auth: fix uninitialized error code in get_guest_info3().
Guenther
2010-09-01 10:51:13 +02:00
Günther Deschner
95f9542e05 s3-auth: remove global include of krb5pac.h.
Guenther
2010-08-31 23:17:40 +02:00
Günther Deschner
d5436c650c s3-auth: remove unused variable in check_sam_security().
Guenther
2010-08-31 23:17:39 +02:00
Andrew Bartlett
eee63b7e75 s3-auth Rename NT_USER_TOKEN privileges -> privilege_mask
This is closer to the struct security_token from security.idl

Andrew Bartlett
2010-08-31 11:25:41 +10:00
Andrew Bartlett
8c15cf54ae s3-auth Rename NT_USER_TOKEN user_sids -> sids
This is closer to the struct security_token from security.idl
2010-08-31 10:20:14 +10:00
Andreas Schneider
20e7b4ec74 s3-auth: The unlock of the account is now done by the get_sampwnam call.
Signed-off-by: Simo Sorce <idra@samba.org>
2010-08-30 10:43:54 -04:00
Andreas Schneider
9dd7e7fc2d s3-auth: Use SamInfo3_for_guest to create guest server_info.
Signed-off-by: Simo Sorce <idra@samba.org>
2010-08-30 10:43:20 -04:00
Simo Sorce
08a8e25d6b s3-auth: add helper to get server_info out of kerberos info
Signed-off-by: Günther Deschner <gd@samba.org>
2010-08-30 14:24:30 +02:00
Simo Sorce
b9772a4886 s3-auth: Add helper function to retrieve the unix user from a kerberos ticket
Signed-off-by: Günther Deschner <gd@samba.org>
2010-08-30 14:17:06 +02:00
Volker Lendecke
291526b9cf s3: Remove a use of smbd_server_fd
This disables different socket options per user for ntlmssp authentiation, a
change in behaviour which is exotic enough I believe.
2010-08-29 21:55:23 +02:00
Volker Lendecke
520c5aae40 s3: Remove smbd_server_conn() from check_unix_security 2010-08-28 11:12:13 +02:00
Volker Lendecke
92fd03c5f0 s3: Lift smbd_server_fd() from pass_check() 2010-08-28 11:12:13 +02:00
Volker Lendecke
a3995ef31c s3: Lift smbd_server_fd() from password_check() 2010-08-28 11:12:13 +02:00
Volker Lendecke
2257a0cd86 s3: Fix some nonempty blank lines 2010-08-28 11:12:13 +02:00
Volker Lendecke
636d107989 s3: Fix smb_pam_passcheck 2010-08-28 11:05:22 +02:00
Volker Lendecke
67522702ac s3: Those functions are no macros anymore :-) 2010-08-28 10:54:39 +02:00
Volker Lendecke
9322fa4077 s3: Lift smbd_server_fd() from smb_pam_passcheck 2010-08-27 21:59:09 +02:00
Volker Lendecke
26ee30585d s3: Lift smbd_server_fd() from smb_pam_start
smb_pam_passcheck() is the only caller that fills in NULL, all other callers
now properly fill rhost
2010-08-27 21:59:09 +02:00
Volker Lendecke
619c348ba3 s3: Pass "private_data" through string_combinations() 2010-08-27 21:10:14 +02:00
Volker Lendecke
8e1d3b5f8f s3: Pass rhost through to smb_pam_passchange 2010-08-27 12:53:17 +02:00
Volker Lendecke
33f9c078d3 s3: Fix typos 2010-08-26 22:57:13 +02:00
Günther Deschner
7ff7eb0b52 s3-build: only include nsswitch header where needed.
Guenther
2010-08-26 00:20:28 +02:00
Günther Deschner
aba1bf4b5e s3-build: only include memcache.h where needed.
Guenther
2010-08-26 00:20:28 +02:00
Björn Jacke
aa830cde6a pam: fix unused variable warning 2010-08-24 11:18:34 +02:00
Volker Lendecke
a16a56f601 s3: PAM_RHOST and PAM_TTY are enums on FreeBSD 2010-08-23 22:59:56 +02:00
Volker Lendecke
8531921e3d s3: Turn two macros into functions 2010-08-22 22:42:21 +02:00
Volker Lendecke
177e394f93 s3: Pass the rhost through smb_pam_accountcheck 2010-08-22 22:42:21 +02:00
Volker Lendecke
265f0b7745 s3: Rename auth.c:backends to auth_backends 2010-08-22 22:42:21 +02:00
Volker Lendecke
6ff012a777 s3: Fix some nonemtpy blank lines 2010-08-22 22:42:21 +02:00
Jeremy Allison
22a0168504 Fix const warning. 2010-08-20 15:56:37 -07:00
Volker Lendecke
ba706d696b s3: Remove smb_pam_accountcheck from the auth modules
We go through the same check in auth/auth.c line 287 after the module has done
its job. So we don't have to do that check twice.
2010-08-19 11:54:36 +02:00
Volker Lendecke
ac7b63384d s3: Lift smbd_server_fd from reload_services() 2010-08-18 11:18:21 +02:00
Volker Lendecke
96ae457023 s3: Remove get_client_fd() 2010-08-16 13:13:10 +02:00
Andreas Schneider
66b6a8cf62 s3-auth: Remove obsolete 'update encrypted' option. 2010-08-16 12:48:27 +02:00
Andrew Bartlett
4f8ef205ac s3:auth Add error paths for invalid password_state values
Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-08-14 11:58:13 +10:00
Andrew Bartlett
70211ea6a3 s3:auth Change winbindd -> auth interface to more standard structures
This removes conversions to and from the source3 varient of the
server_info structure when replaced in s3compat, and presents a tidier
interface to winbindd in any case.

Andrew Bartlett

Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-08-14 11:58:13 +10:00
Andrew Bartlett
b1b9752506 s3:auth Change 'make_user_info' to be talloc based
This is an ideal candidate, as it already uses a free function.  It
now uses talloc destructors to clear the passwords if required.

Andrew Bartlett

Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-08-14 11:58:13 +10:00
Andrew Bartlett
e66f6e715f s3:auth Whitespace fixes after auth merge 2010-08-14 11:58:13 +10:00
Andrew Bartlett
23994e1b53 s3:auth Make Samba3 use the new common struct auth_usersupplied_info
This common structure will make it much easier to produce an auth
module for s3compat that calls Samba4's auth subsystem.

In order the make the link work properly (and not map twice), we mark
both that we did try and map the user, as well as if we changed the
user during the mapping.

Andrew Bartlett

Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-08-14 11:58:13 +10:00
Volker Lendecke
39da717fe1 s3: Lift the smbd_messaging_context from reload_services 2010-08-08 18:09:33 +02:00
Günther Deschner
0f8e032628 s3-netlogon: remove global include of netlogon.h.
This reduces precompiled headers by another 4 MB and also slightly speeds up the
build.

Guenther
2010-08-06 15:46:16 +02:00
Günther Deschner
ccd4af271f s3: remove global include of samr.h
Guenther
2010-08-06 15:43:38 +02:00
Günther Deschner
c136b84f0d s3-secrets: only include secrets.h when needed.
Guenther
2010-08-05 10:12:25 +02:00
Simo Sorce
3c3237dd0a s3-auth: Remove unimplemented functions 2010-07-28 12:18:28 -04:00