1
0
mirror of https://github.com/samba-team/samba.git synced 2024-12-27 03:21:53 +03:00
Commit Graph

186 Commits

Author SHA1 Message Date
Andrew Bartlett
f16d8f4eb8 s3-auth Use struct auth3_session_info outside the auth subsystem
This seperation between the structure used inside the auth modules and
in the wider codebase allows for a gradual migration from struct
auth_serversupplied_info -> struct auth_session_info (from auth.idl)

The idea here is that we keep a clear seperation between the structure
before and after the local groups, local user lookup and the session
key modifications have been processed, as the lack of this seperation
has caused issues in the past.

Andrew Bartlett

Signed-off-by: Andrew Tridgell <tridge@samba.org>
2011-07-20 09:17:10 +10:00
Volker Lendecke
1c022d2e41 s3: Return "granted" from share_access_check
Signed-off-by: Stefan Metzmacher <metze@samba.org>
2011-07-05 13:28:03 +02:00
Andrew Bartlett
b373d0e777 s3-build: Provide a run-time shim to work around duplicate symbols
The become_root() and similar 'smbd' functions that are used widely in
Samba libraries had 'dummy' copies in dummysmbd.c and dummyroot.c.

These have been replaced by a runtime plugin mechanim, which ensures
that standlone binaries still do nothing, while in smbd the correct
function is used.

This avoids having these as duplicate symbols in the smbd binary,
which can cause unpredictable behaviour.

Andrew Bartlett

Signed-off-by: Andrew Tridgell <tridge@samba.org>
2011-06-21 15:54:51 +10:00
Andrew Bartlett
ade01f083c s3-smbd Split conn.c into 3 files
The idea with this split is to make it easier to handle dependencies,
avoiding having the loadparm code depend on the global server
variables, without resorting to dummy functions and linker tricks.

conn_clear_vuid_cache() is brought in from uid.c to make it static

Andrew Bartlett
2011-05-31 00:32:07 +02:00
Günther Deschner
61cd1067ef s3-smbd: avoid using pipes_struct when only session_info is needed.
Guenther
2011-05-02 15:03:43 +02:00
Andreas Schneider
b137156acb s3-smbd: Added a become_user_by_session() function.
This uses the provided session_info instead of searching the user via
the vuid. This is useful to work with fake connnection you need to
create if someone connects directly to a rpc service.

Signed-off-by: Jeremy Allison <jra@samba.org>
2011-04-11 22:10:22 +02:00
Andreas Schneider
27cb378283 s3-smbd: Added a change_to_user_by_session() function.
Signed-off-by: Jeremy Allison <jra@samba.org>
2011-04-11 22:10:21 +02:00
Günther Deschner
6e3f0d28a4 s3-includes: only include ntdomain.h where needed.
Guenther
2011-03-30 01:13:09 +02:00
Günther Deschner
af300a9fcb s3-auth: smbd needs auth.h
Guenther
2011-03-30 01:13:09 +02:00
Günther Deschner
8c24ebf371 s3: include smbd/smbd.h where needed.
Guenther
2011-03-30 01:13:08 +02:00
Günther Deschner
235f148590 s3-passdb: use passdb headers where needed.
Guenther
2011-03-30 01:13:08 +02:00
Günther Deschner
49fcf653b1 s3-includes: only include system/passwd.h when needed.
Guenther
2011-03-30 01:13:07 +02:00
Andreas Schneider
b181cd8465 s3-smbd: Increase debug level von context messages. 2011-03-09 09:28:42 +01:00
Andrew Bartlett
04f5ef83b9 s3-auth struct security_unix_token replaces UNIX_USER_TOKEN 2011-03-01 06:29:04 +01:00
Andrew Bartlett
2e69e89456 s3-auth Rename auth_serversupplied_info varaiables: server_info -> session_info
These variables, of type struct auth_serversupplied_info were poorly
named when added into 2001, and in good consistant practice, this has
extended all over the codebase in the years since.

The structure is also not ideal for it's current purpose.  Originally
intended to convey the results of the authentication modules, it
really describes all the essential attributes of a session.  This
rename will reduce the volume of a future patch to replaced these with
a struct auth_session_info, with auth_serversupplied_info confined to
the lower levels of the auth subsystem, and then eliminated.

(The new structure will be the output of create_local_token(), and the
change in struct definition will ensure that this is always run, populating
local groups and privileges).

Andrew Bartlett

Signed-off-by: Stefan Metzmacher <metze@samba.org>
2011-02-22 16:20:10 +11:00
Andrew Bartlett
2b05ba77b4 s3-auth Rename cryptic 'ptok' to security_token
This will allow the auth_serversupplied_info struct to be migrated
to auth_session_info easier.

Adnrew Bartlett

Signed-off-by: Andrew Tridgell <tridge@samba.org>
2011-02-10 06:51:06 +01:00
Andreas Schneider
7a97518e12 s3-smbd: Fixed a possible null pointer dereference. 2011-01-19 22:27:48 +01:00
Jeremy Allison
e1cfca1e2e Make getpwnam_alloc() static to lib/username.c, and ensure all username lookups go
through Get_Pwnam_alloc(), which is the correct wrapper function. We were using
it *some* of the time anyway, so this just makes us properly consistent.

Jeremy.

Autobuild-User: Jeremy Allison <jra@samba.org>
Autobuild-Date: Wed Oct 20 16:02:12 UTC 2010 on sn-devel-104
2010-10-20 16:02:12 +00:00
Andrew Bartlett
f768b32e37 libcli/security Provide a common, top level libcli/security/security.h
This will reduce the noise from merges of the rest of the
libcli/security code, without this commit changing what code
is actually used.

This includes (along with other security headers) dom_sid.h and
security_token.h

Andrew Bartlett

Autobuild-User: Andrew Bartlett <abartlet@samba.org>
Autobuild-Date: Tue Oct 12 05:54:10 UTC 2010 on sn-devel-104
2010-10-12 05:54:10 +00:00
Volker Lendecke
8a48ca4e3f s3: Remove talloc_autofree_context() from change_to_guest()
pass is freed at the exit of this routine
2010-09-26 03:29:29 +02:00
Andrew Bartlett
d1bb21b0d5 s3:auth Remove NT_USER_TOKEN
The all UPPER case typedef is no longer the preferred Samba style
and this makes it easier to see that this is the IDL-derivied structure

Andrew Bartlett

Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-09-11 18:46:06 +10:00
Andrew Bartlett
8c15cf54ae s3-auth Rename NT_USER_TOKEN user_sids -> sids
This is closer to the struct security_token from security.idl
2010-08-31 10:20:14 +10:00
Günther Deschner
0f8e032628 s3-netlogon: remove global include of netlogon.h.
This reduces precompiled headers by another 4 MB and also slightly speeds up the
build.

Guenther
2010-08-06 15:46:16 +02:00
Andreas Schneider
6457f814f5 s3-uid: Use struct pipes_struct. 2010-07-28 10:39:25 +02:00
Volker Lendecke
d04a89682a s3: Remove smbd_server_conn from change_to_user 2010-06-12 15:42:50 +02:00
Simo Sorce
d9cffc01be s3:auth use info3 in auth_serversupplied_info
Signed-off-by: Günther Deschner <gd@samba.org>
2010-05-28 00:55:53 +02:00
Jeremy Allison
c35c38075c Remove the bool admin_user from conn struct. We no longer look at this to make access decisions.
Jeremy.
2010-03-15 15:39:41 -07:00
Jeremy Allison
b32ce075f8 Simplify processing of "admin user". If a user is an admin_user ensure their conn token is uid 0.
This simplifies change_to_user() and removes special processing of the assignments
we pass to set_sec_ctx().

Jeremy.
2010-03-15 14:49:20 -07:00
Jeremy Allison
5d6610a215 Add accessor functions for current uid, gid, unix token, NT token and vuid.
Jeremy.
2010-03-15 14:49:06 -07:00
Jeremy Allison
4b85a0ea7f Rever e80ceb1d73 "Remove more uses of "extern struct current_user current_user;"."
As requested by Volker, split this into smaller commits.

Jeremy.
2010-03-15 14:48:54 -07:00
Jeremy Allison
e80ceb1d73 Remove more uses of "extern struct current_user current_user;".
Use accessor functions to get to this value. Tidies up much of
the user context code. Volker, please look at the changes in smbd/uid.c
to familiarize yourself with these changes as I think they make the
logic in there cleaner.

Cause smbd/posix_acls.c code to look at current user context, not
stored context on the conn struct - allows correct use of these
function calls under a become_root()/unbecome_root() pair.

Jeremy.
2010-03-12 13:56:51 -08:00
Stefan Metzmacher
75d03970b7 s3:smbd: move more session specific globals to struct smbd_server_connection
metze
2009-06-03 17:54:37 +02:00
Jeremy Allison
e46a88ce35 Fix bug #6315 smbd crashes doing vfs_full_audit on IPC$ close event.
The underlying problem
is that once SMBulogoff is called, all server_info contexts associated with the
vuid should become invalid, even if that's the context being currently used by
the connection struct (tid). When the SMBtdis comes in it doesn't need a valid
vuid value, but the code called inside vfs_full_audit always assumes that there
is one (and hence a valid conn->server_info pointer) available.

This is actually a bug inside the vfs_full_audit and other code inside Samba,
which should only indirect conn->server_info on calls which require AS_USER to
be set in our process table. I could fix all these issues, but there's no
guarentee that someone might not add more code that fails this assumption, as
it's a hard assumption to break (it's usually true).

So what I've done is to ensure that on SMBulogoff the previously used
conn->server_info struct is kept around to be used for print debugging purposes
(it won't be used to change to an invalid user context, as such calls need
AS_USER set). This isn't strictly correct, as there's no association with the
(now invalid) context being freed and the call that causes conn->server_info to
be indirected, but it's good enough for most cases.

The hard part was to ensure that once a valid context is used again (via new
sessionsetupX calls, or new calls on a still valid vuid on this tid) that we
don't leak memory by simply replacing the stored conn->server_info pointer. We
would never actually leak the memory (as all conn->server_info pointers are
talloc children of conn), but with the previous patch a malicious client could
cause many server_info structs to be talloced by the right combination of SMB
calls. This new patch introduces free_conn_server_info_if_unused(), which
protects against the above.
Jeremy.
2009-05-04 08:31:40 -07:00
Jeremy Allison
d55ec4fd23 Fix bug found by Tim Prouty, logging off and then re-using a vuid can cause smbd to
access a freed structure.
Jeremy.
2009-04-16 16:22:30 -07:00
Jeremy Allison
35f4ea221e Fix bug #6155 - "force group" is no longer working as expected.
We need to store the "force group" uid separately from the
conn->server_info token as we need to apply it separately also.
Volker PLEASE CHECK !
Jeremy.
2009-03-03 16:08:56 -08:00
Stefan Metzmacher
3dde0cbb76 s3:smbd: move all globals and static variables in globals.[ch]
The goal is to move all this variables into a big context structure.

metze
2009-01-08 12:22:21 +01:00
Stefan Metzmacher
0a0cd1396a s3:smbd: remove pointless static variable in uid.c
We always free the value at the end of the function,
so we don't need a static variable to hold just NULL
for the time the function isn't executed.

metze
2009-01-08 12:22:19 +01:00
Jeremy Allison
15e1fd7c54 Fix bug #1254 - write list not working under share-level security
A somewhat more elegant fix than I could use for 3.2.x or 3.0.x.
Turns out the only part of check_user_ok() that needs to change
for share level security is the VUID cache pieces, so I can just
always use check_user_ok() for all lp_security() cases.
Jeremy
2008-12-04 11:20:57 -08:00
Volker Lendecke
907f126d3e Get rid of pipes_struct->pipe_user, we have server_info now --- YESSS! 2008-11-24 11:39:03 +01:00
Jeremy Allison
d8df43e65d Fix bug #5900 reported by monyo@samba.gr.jp - vfs_readonly.so does not work.
Jeremy.
2008-11-17 14:13:20 -08:00
Jeremy Allison
8962be69c7 Make us clean under valgrind --leak-check=full by using talloc_autofree_context() instead of NULL.
Remove the code in memcache that does a TALLOC_FREE on stored pointers. That's a disaster waiting
to happen. If you're storing talloc'ed pointers, you can't know their lifecycle and they should
be deleted when their parent context is deleted, so freeing them at some arbitrary point later
will be a double-free.
Jeremy.
2008-11-06 20:48:13 -08:00
Volker Lendecke
40f5eab5eb Wrap the unix token info in a unix_user_token in auth_serversupplied_info
No functional change, this is a preparation for more current_user ref removal
(This used to be commit dcaedf345e)
2008-06-19 18:51:37 +02:00
Volker Lendecke
101162257c Move connection-specific vuid cache clear to uid.c
(This used to be commit 1025f68791)
2008-06-14 19:49:49 +02:00
Volker Lendecke
82d4806ce6 Slight refactoring for check_user_ok: It only needs vuid and server_info
(This used to be commit 68944ea1ea)
2008-06-14 19:49:49 +02:00
Volker Lendecke
ee6ee96af2 Group the access checks together in check_user_ok()
(This used to be commit 45662b5e8b)
2008-06-14 19:49:49 +02:00
Volker Lendecke
b935f4a2dc Consistently use snum in check_user_ok
Most already used it, these two still used SNUM(conn), where the only caller of
this routine (change_to_user) had set snum = SNUM(conn).
(This used to be commit b14e59bfdb)
2008-06-14 19:49:49 +02:00
Volker Lendecke
ad538bf0ab Compare the pointer "vuser" to NULL, not 0
(This used to be commit 5c916549f0)
2008-06-14 19:49:49 +02:00
Volker Lendecke
320fadd8fc Remove the reference to current_user_info from share_access.c
This required to pass around the domain a bit
(This used to be commit 17b0db20d2)
2008-05-25 11:43:57 +02:00
Volker Lendecke
aac9e7d1ca With force user, we have the same base token for all vuids
(This used to be commit 0f19bc3f65)
2008-05-11 00:25:27 +02:00
Volker Lendecke
53a623d8a6 Remove the unix token info from connection_struct
(This used to be commit 2834dacc8d)
2008-05-10 11:17:01 +02:00