1
0
mirror of https://github.com/samba-team/samba.git synced 2024-12-24 21:34:56 +03:00
Commit Graph

61 Commits

Author SHA1 Message Date
Volker Lendecke
242e329610 s3: Lift talloc_autofree_context() from make_auth_context_subsystem() 2010-09-26 01:12:37 +02:00
Andrew Bartlett
6832d5e933 libcli/auth/ntlmssp Be clear about talloc parents for session keys
The previous API was not clear as to who owned the returned session key.
This fixes a valgrind-found use-after-free in the NTLMSSP key derivation code,
and avoids making allocations - we steal and zero instead.

Andrew Bartlett

Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-09-16 21:09:17 +10:00
Volker Lendecke
291526b9cf s3: Remove a use of smbd_server_fd
This disables different socket options per user for ntlmssp authentiation, a
change in behaviour which is exotic enough I believe.
2010-08-29 21:55:23 +02:00
Volker Lendecke
ac7b63384d s3: Lift smbd_server_fd from reload_services() 2010-08-18 11:18:21 +02:00
Andrew Bartlett
23994e1b53 s3:auth Make Samba3 use the new common struct auth_usersupplied_info
This common structure will make it much easier to produce an auth
module for s3compat that calls Samba4's auth subsystem.

In order the make the link work properly (and not map twice), we mark
both that we did try and map the user, as well as if we changed the
user during the mapping.

Andrew Bartlett

Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-08-14 11:58:13 +10:00
Volker Lendecke
39da717fe1 s3: Lift the smbd_messaging_context from reload_services 2010-08-08 18:09:33 +02:00
Günther Deschner
0f8e032628 s3-netlogon: remove global include of netlogon.h.
This reduces precompiled headers by another 4 MB and also slightly speeds up the
build.

Guenther
2010-08-06 15:46:16 +02:00
Simo Sorce
3c3237dd0a s3-auth: Remove unimplemented functions 2010-07-28 12:18:28 -04:00
Simo Sorce
e958b39042 s3-auth: Move auth_ntlmssp wrappers in their own file
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
2010-07-20 15:52:31 +10:00
Simo Sorce
a04bbd281c s3-auth: Refactor and rename auth_ntlmssp_server_info()
Rename it to auth_ntlmssp_steal_server_info() to make it clear that
the server_info struct is stolen from the auth_ntlmssp_state structure.
Use talloc_move instead of manual steal&clear
Add comments to explain what is going on.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
2010-07-20 15:52:24 +10:00
Simo Sorce
944494d350 s3-auth: Remove unused variable.
It was a spurious remnant after a rebase.
2010-07-19 13:53:34 -04:00
Simo Sorce
c09dcb903c s3-auth: Use talloc hierarchies to properly free auth_ntlmssp_state contexts
Turn auth_ntlmssp_end into a destructor and attach it to auth_ntlmssp_state.
Remote auth_ntlmssp_end and use TALLOC_FREE in the callers.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
2010-07-19 14:20:04 +10:00
Simo Sorce
673fcfa377 s3-auth: auth_make ntlmssp_state the parent context
There is no need for a separate mem_ctx member.
Also make the ntlmssp_state a children of auth_ntlmssp_state
Also cleanup auth_ntlmssp_end to free only what is not automatically freed

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
2010-07-19 14:20:02 +10:00
Simo Sorce
e60ed80754 s3-auth: Simplify how we free the auth_context
Turn the freeing function into a destructor and attach it to the
auth_context.
Make all callers TALLOC_FREE() the auth_context instead of calling
the free function.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
2010-07-19 14:20:00 +10:00
Simo Sorce
e4bd6eb72f s3-auth: Cleanup and readability fixes
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
2010-07-19 14:19:58 +10:00
Simo Sorce
cdcdaaa6dd s3-ntlmssp: Remove ntlmssp_end and let the talloc hierarchy handle it.
All the members are children of ntlmssp_state anyway.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
2010-07-19 14:19:47 +10:00
Andrew Bartlett
0d95cee58f s3:auth Change auth_ntlmssp_server_info API to return NTSTATUS
This fixes a bug where register_existing_vuid() could be called with a
NULL server_info if the alloction failed.

Andrew Bartlett

Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-07-14 16:22:49 +10:00
Volker Lendecke
34b29b1198 Revert "s3:auth Change auth_ntlmssp_server_info API to return NTSTATUS"
This reverts commit edba46ce94.

Conflicts:

	source3/auth/auth_ntlmssp.c
2010-06-08 11:38:08 +02:00
Andrew Bartlett
9a747d500f s3:auth add hooks to indicate if signing or sealing is desired with NTLMSSP
This allows the right hooks to be called in GENSEC when s3compat
implements the auth_ntlmssp interface.  Otherwise, we can't do the
signing or sealing as we have not negoitated it's use.

Andrew Bartlett
2010-06-07 23:34:29 +10:00
Andrew Bartlett
edba46ce94 s3:auth Change auth_ntlmssp_server_info API to return NTSTATUS
It's nicer to have an NTSTATUS return, and in s3compat there may be a
reason other than 'no memory' why this can fail.

Andrew Bartlett
2010-06-07 23:34:29 +10:00
Andrew Bartlett
d6fa371b92 s3:ntlmssp Use a TALLOC_CTX for ntlmssp_sign_packet() and ntlmssp_seal_packet()
This ensures the results can't be easily left to leak.

Andrew Bartlett

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Günther Deschner <gd@samba.org>
2010-05-31 15:11:27 +02:00
Andrew Bartlett
ebae21f023 ntlmssp: Make the ntlmssp.h from source3/ a common header
The code is not yet in common, but I hope to fix that soon.

Andrew Bartlett

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Günther Deschner <gd@samba.org>
2010-05-31 15:10:56 +02:00
Andrew Bartlett
723ea68d3b s3:auth Remove AUTH_NTLMSSP_STATE typedef.
typedefs are no longer preferred Samba style.

Andrew Bartlett

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Günther Deschner <gd@samba.org>
2010-05-31 15:10:44 +02:00
Andrew Bartlett
3b706865f6 s3:auth Make AUTH_NTLMSSP_STATE a private structure.
This makes it a little easier for it to writen in terms of GENSEC in future.

Andrew Bartlett

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Günther Deschner <gd@samba.org>
2010-05-31 15:10:33 +02:00
Volker Lendecke
c5c40f2648 s3: Make "auth_context" its own talloc parent
Remove "mem_ctx" from "struct auth_context"
2010-04-11 13:53:19 +02:00
Stefan Metzmacher
dee63fe4ca s3:ntlmssp: use client.netbios_name instead of workstation
metze

Signed-off-by: Günther Deschner <gd@samba.org>
2010-03-24 17:34:56 +01:00
Stefan Metzmacher
ca2a5693bf s3:ntlmssp: rename void *auth_context; into void *callback_private;
metze

Signed-off-by: Günther Deschner <gd@samba.org>
2010-03-24 17:34:55 +01:00
Stefan Metzmacher
eb17809812 s3:ntlmssp: pass names to ntlmssp_server_start() and store them in ntlmssp_state
Inspired by the NTLMSSP merge work by Andrew Bartlett.

metze

Signed-off-by: Günther Deschner <gd@samba.org>
2010-03-24 17:34:54 +01:00
Stefan Metzmacher
eca118614c s3:ntlmssp: replace server_role by a server.is_standalone in ntlmssp_state
Inspired by the NTLMSSP merge work by Andrew Bartlett.

metze

Signed-off-by: Günther Deschner <gd@samba.org>
2010-03-24 17:34:54 +01:00
Volker Lendecke
9bb4766bba s3: Remove the typedef for "auth_usersupplied_info" 2010-01-10 20:56:16 +01:00
Stefan Metzmacher
c9b6ad2500 s3:ntlmssp: change get_challange() to return NTSTATUS
metze
2009-12-29 17:06:22 +01:00
Andrew Bartlett
802e9328ed s3:ntlmssp: only include ntlmssp.h where actually needed
Andrew Bartlett
2009-12-22 21:07:53 +01:00
Volker Lendecke
4a2e2c0c12 Fix the build on Solaris 2009-02-21 18:55:35 +01:00
Volker Lendecke
4aed9abbf8 Remove the static "chal" from ntlmssp.c:get_challenge() 2009-02-21 14:04:14 +01:00
Volker Lendecke
64ddd381b7 Rename server_info->was_mapped to server_info->nss_token
"nss_token" from my point of view much better reflects what this flag actually
represents
(This used to be commit b121a5acb2)
2008-05-07 14:47:29 +02:00
Günther Deschner
23cd8e5ea7 Be more verbose why create local token has failed during
NTLMSSP and Kerberos session setup

Guenther
(This used to be commit 18b8c2c19e)
2008-03-06 12:27:11 +01:00
Jeremy Allison
4f1cc7b495 Allow auth_ntlmssp_end() to ignore null pointers passed in.
Jeremy.
(This used to be commit b7628f3a47)
2008-02-14 18:05:37 -08:00
Jeremy Allison
30191d1a57 RIP BOOL. Convert BOOL -> bool. I found a few interesting
bugs in various places whilst doing this (places that assumed
BOOL == int). I also need to fix the Samba4 pidl generation
(next checkin).
Jeremy.
(This used to be commit f35a266b3c)
2007-10-18 17:40:25 -07:00
Andrew Tridgell
5e54558c6d r23784: use the GPLv3 boilerplate as recommended by the FSF and the license text
(This used to be commit b0132e94fc)
2007-10-10 12:28:22 -05:00
Jeremy Allison
d824b98f80 r23779: Change from v2 or later to v3 or later.
Jeremy.
(This used to be commit 407e6e695b)
2007-10-10 12:28:20 -05:00
Stefan Metzmacher
56ba447668 r22001: change prototype of dump_data(), so that it takes unsigned char * now,
which matches what samba4 has.

also fix all the callers to prevent compiler warnings

metze
(This used to be commit fa322f0cc9)
2007-10-10 12:18:59 -05:00
Volker Lendecke
f852fdbe06 r17626: Some C++ Warnings
(This used to be commit 09e7c010f0)
2007-10-10 11:38:44 -05:00
Jeremy Allison
8322d26276 r16632: Fix bug #3882 reported by jason@ncac.gwu.edu.
Jeremy.
(This used to be commit 6b39f53e43)
2007-10-10 11:19:04 -05:00
Volker Lendecke
dc9f30b8b0 r15475: Ugly and disgusting patch to fix the username map problem I created by
changing the token generation. I *hate* this code!

Jerry, you have been looking at this as well, can you double-check that I did
not screw it up?

Thanks,

Volker
(This used to be commit 2765c4ff8d)
2007-10-10 11:16:52 -05:00
Gerald Carter
fb5362c069 r13571: Replace all calls to talloc_free() with thye TALLOC_FREE()
macro which sets the freed pointer to NULL.
(This used to be commit b65be8874a)
2007-10-10 11:10:14 -05:00
Gerald Carter
0af1500fc0 r13316: Let the carnage begin....
Sync with trunk as off r13315
(This used to be commit 17e63ac4ed)
2007-10-10 11:06:23 -05:00
Jeremy Allison
fcceedd67c r11573: Adding Andrew Bartlett's patch to make machine account
logons work if the client gives the MSV1_0_ALLOW_SERVER_TRUST_ACCOUNT
or MSV1_0_ALLOW_WORKSTATION_TRUST_ACCOUNT flags. This changes
the auth module interface to 2 (from 1). The effect of this is
that clients can access resources as a machine account if they
set these flags. This is the same as Windows (think of a VPN
where the vpn client authenticates itself to a VPN server
using machine account credentials - the vpn server checks
that the machine password was valid by performing a machine
account check with the PDC in the same was as it would a
user account check. I may add in a restriction (parameter)
to allow this behaviour to be turned off (as it was previously).
That may be on by default.
Andrew Bartlett please review this change carefully.
Jeremy.
(This used to be commit d1caef8663)
2007-10-10 11:05:20 -05:00
Gerald Carter
54abd2aa66 r10656: BIG merge from trunk. Features not copied over
* \PIPE\unixinfo
* winbindd's {group,alias}membership new functions
* winbindd's lookupsids() functionality
* swat (trunk changes to be reverted as per discussion with Deryck)
(This used to be commit 939c3cb5d7)
2007-10-10 11:04:48 -05:00
Jeremy Allison
a8961434c0 r7956: Spelling mistake.
Jeremy.
(This used to be commit f318c37107)
2007-10-10 10:58:04 -05:00
Jeremy Allison
acf9d61421 r4088: Get medieval on our ass about malloc.... :-). Take control of all our allocation
functions so we can funnel through some well known functions. Should help greatly with
malloc checking.
HEAD patch to follow.
Jeremy.
(This used to be commit 620f2e608f)
2007-10-10 10:53:32 -05:00