Andrew Bartlett
2387e3bcfe
s3-privs Call security_token_set_privilege() rather than manual assignment
...
This avoids as much direct modifiction of the bitmask as possible.
Andrew Bartlett
Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-09-11 18:46:09 +10:00
Andrew Bartlett
b29b6c13a3
s3-privs Inline dump_se_priv into callers now that it's just a uint64_t
...
The previous 128 bit structure needed this helper function.
Andrew Bartlett
Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-09-11 18:46:07 +10:00
Andrew Bartlett
d1bb21b0d5
s3:auth Remove NT_USER_TOKEN
...
The all UPPER case typedef is no longer the preferred Samba style
and this makes it easier to see that this is the IDL-derivied structure
Andrew Bartlett
Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-09-11 18:46:06 +10:00
Andrew Bartlett
4bfc8d3b1a
s3-auth Change struct nt_user_token -> struct security_token
...
This common structure is defined in security.idl
Andrew Bartlett
Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-09-11 18:46:05 +10:00
Andrew Bartlett
4bf783d4d6
s3-auth Change type of num_sids to uint32_t
...
size_t is overkill here, and in struct security_token in the num_sids
is uint32_t.
This includes a change to the prototype of add_sid_to_array()
and add_sid_to_array_unique(), which has had a number of
consequnetial changes as I try to sort out all the callers using
a pointer to the number of sids.
Andrew Bartlett
Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-09-11 18:46:05 +10:00
Andreas Schneider
669213e812
s3-auth: Added get_server_info_system function.
2010-09-09 16:00:07 +02:00
Günther Deschner
7afa6675ee
s3-auth: fix uninitialized error code in get_guest_info3().
...
Guenther
2010-09-01 10:51:13 +02:00
Günther Deschner
95f9542e05
s3-auth: remove global include of krb5pac.h.
...
Guenther
2010-08-31 23:17:40 +02:00
Günther Deschner
d5436c650c
s3-auth: remove unused variable in check_sam_security().
...
Guenther
2010-08-31 23:17:39 +02:00
Andrew Bartlett
eee63b7e75
s3-auth Rename NT_USER_TOKEN privileges -> privilege_mask
...
This is closer to the struct security_token from security.idl
Andrew Bartlett
2010-08-31 11:25:41 +10:00
Andrew Bartlett
8c15cf54ae
s3-auth Rename NT_USER_TOKEN user_sids -> sids
...
This is closer to the struct security_token from security.idl
2010-08-31 10:20:14 +10:00
Andreas Schneider
20e7b4ec74
s3-auth: The unlock of the account is now done by the get_sampwnam call.
...
Signed-off-by: Simo Sorce <idra@samba.org>
2010-08-30 10:43:54 -04:00
Andreas Schneider
9dd7e7fc2d
s3-auth: Use SamInfo3_for_guest to create guest server_info.
...
Signed-off-by: Simo Sorce <idra@samba.org>
2010-08-30 10:43:20 -04:00
Simo Sorce
08a8e25d6b
s3-auth: add helper to get server_info out of kerberos info
...
Signed-off-by: Günther Deschner <gd@samba.org>
2010-08-30 14:24:30 +02:00
Simo Sorce
b9772a4886
s3-auth: Add helper function to retrieve the unix user from a kerberos ticket
...
Signed-off-by: Günther Deschner <gd@samba.org>
2010-08-30 14:17:06 +02:00
Volker Lendecke
291526b9cf
s3: Remove a use of smbd_server_fd
...
This disables different socket options per user for ntlmssp authentiation, a
change in behaviour which is exotic enough I believe.
2010-08-29 21:55:23 +02:00
Volker Lendecke
520c5aae40
s3: Remove smbd_server_conn() from check_unix_security
2010-08-28 11:12:13 +02:00
Volker Lendecke
92fd03c5f0
s3: Lift smbd_server_fd() from pass_check()
2010-08-28 11:12:13 +02:00
Volker Lendecke
a3995ef31c
s3: Lift smbd_server_fd() from password_check()
2010-08-28 11:12:13 +02:00
Volker Lendecke
2257a0cd86
s3: Fix some nonempty blank lines
2010-08-28 11:12:13 +02:00
Volker Lendecke
636d107989
s3: Fix smb_pam_passcheck
2010-08-28 11:05:22 +02:00
Volker Lendecke
67522702ac
s3: Those functions are no macros anymore :-)
2010-08-28 10:54:39 +02:00
Volker Lendecke
9322fa4077
s3: Lift smbd_server_fd() from smb_pam_passcheck
2010-08-27 21:59:09 +02:00
Volker Lendecke
26ee30585d
s3: Lift smbd_server_fd() from smb_pam_start
...
smb_pam_passcheck() is the only caller that fills in NULL, all other callers
now properly fill rhost
2010-08-27 21:59:09 +02:00
Volker Lendecke
619c348ba3
s3: Pass "private_data" through string_combinations()
2010-08-27 21:10:14 +02:00
Volker Lendecke
8e1d3b5f8f
s3: Pass rhost through to smb_pam_passchange
2010-08-27 12:53:17 +02:00
Volker Lendecke
33f9c078d3
s3: Fix typos
2010-08-26 22:57:13 +02:00
Günther Deschner
7ff7eb0b52
s3-build: only include nsswitch header where needed.
...
Guenther
2010-08-26 00:20:28 +02:00
Günther Deschner
aba1bf4b5e
s3-build: only include memcache.h where needed.
...
Guenther
2010-08-26 00:20:28 +02:00
Björn Jacke
aa830cde6a
pam: fix unused variable warning
2010-08-24 11:18:34 +02:00
Volker Lendecke
a16a56f601
s3: PAM_RHOST and PAM_TTY are enums on FreeBSD
2010-08-23 22:59:56 +02:00
Volker Lendecke
8531921e3d
s3: Turn two macros into functions
2010-08-22 22:42:21 +02:00
Volker Lendecke
177e394f93
s3: Pass the rhost through smb_pam_accountcheck
2010-08-22 22:42:21 +02:00
Volker Lendecke
265f0b7745
s3: Rename auth.c:backends to auth_backends
2010-08-22 22:42:21 +02:00
Volker Lendecke
6ff012a777
s3: Fix some nonemtpy blank lines
2010-08-22 22:42:21 +02:00
Jeremy Allison
22a0168504
Fix const warning.
2010-08-20 15:56:37 -07:00
Volker Lendecke
ba706d696b
s3: Remove smb_pam_accountcheck from the auth modules
...
We go through the same check in auth/auth.c line 287 after the module has done
its job. So we don't have to do that check twice.
2010-08-19 11:54:36 +02:00
Volker Lendecke
ac7b63384d
s3: Lift smbd_server_fd from reload_services()
2010-08-18 11:18:21 +02:00
Volker Lendecke
96ae457023
s3: Remove get_client_fd()
2010-08-16 13:13:10 +02:00
Andreas Schneider
66b6a8cf62
s3-auth: Remove obsolete 'update encrypted' option.
2010-08-16 12:48:27 +02:00
Andrew Bartlett
4f8ef205ac
s3:auth Add error paths for invalid password_state values
...
Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-08-14 11:58:13 +10:00
Andrew Bartlett
70211ea6a3
s3:auth Change winbindd -> auth interface to more standard structures
...
This removes conversions to and from the source3 varient of the
server_info structure when replaced in s3compat, and presents a tidier
interface to winbindd in any case.
Andrew Bartlett
Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-08-14 11:58:13 +10:00
Andrew Bartlett
b1b9752506
s3:auth Change 'make_user_info' to be talloc based
...
This is an ideal candidate, as it already uses a free function. It
now uses talloc destructors to clear the passwords if required.
Andrew Bartlett
Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-08-14 11:58:13 +10:00
Andrew Bartlett
e66f6e715f
s3:auth Whitespace fixes after auth merge
2010-08-14 11:58:13 +10:00
Andrew Bartlett
23994e1b53
s3:auth Make Samba3 use the new common struct auth_usersupplied_info
...
This common structure will make it much easier to produce an auth
module for s3compat that calls Samba4's auth subsystem.
In order the make the link work properly (and not map twice), we mark
both that we did try and map the user, as well as if we changed the
user during the mapping.
Andrew Bartlett
Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-08-14 11:58:13 +10:00
Volker Lendecke
39da717fe1
s3: Lift the smbd_messaging_context from reload_services
2010-08-08 18:09:33 +02:00
Günther Deschner
0f8e032628
s3-netlogon: remove global include of netlogon.h.
...
This reduces precompiled headers by another 4 MB and also slightly speeds up the
build.
Guenther
2010-08-06 15:46:16 +02:00
Günther Deschner
ccd4af271f
s3: remove global include of samr.h
...
Guenther
2010-08-06 15:43:38 +02:00
Günther Deschner
c136b84f0d
s3-secrets: only include secrets.h when needed.
...
Guenther
2010-08-05 10:12:25 +02:00
Simo Sorce
3c3237dd0a
s3-auth: Remove unimplemented functions
2010-07-28 12:18:28 -04:00