Age | Commit message (Collapse) | Author | Files | Lines |
|
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
|
|
|
Before a auth_serversupplied_info struct can be used for
authorization, the local groups and privileges must be calculated.
create_local_token() now copies the server_info, and then sets the
calulated token and unix groups.
Soon, it will also transform the result into an expanded struct
auth_session_info. Until then, the variable name (server_info vs
session_info provides a clue to the developer about what information
has been entered in the structure).
By moving the calls to create_local_token within the codebase, we
remove duplication, and ensure that the session key (where modified)
is consistently copied into the new structure.
Andrew Bartlett
|
|
Guenther
|
|
Guenther
|
|
These variables, of type struct auth_serversupplied_info were poorly
named when added into 2001, and in good consistant practice, this has
extended all over the codebase in the years since.
The structure is also not ideal for it's current purpose. Originally
intended to convey the results of the authentication modules, it
really describes all the essential attributes of a session. This
rename will reduce the volume of a future patch to replaced these with
a struct auth_session_info, with auth_serversupplied_info confined to
the lower levels of the auth subsystem, and then eliminated.
(The new structure will be the output of create_local_token(), and the
change in struct definition will ensure that this is always run, populating
local groups and privileges).
Andrew Bartlett
Signed-off-by: Stefan Metzmacher <metze@samba.org>
|
|
value returned by it.
Jeremy.
|
|
|
|
The previous API was not clear as to who owned the returned session key.
This fixes a valgrind-found use-after-free in the NTLMSSP key derivation code,
and avoids making allocations - we steal and zero instead.
Andrew Bartlett
Signed-off-by: Andrew Tridgell <tridge@samba.org>
|
|
This disables different socket options per user for ntlmssp authentiation, a
change in behaviour which is exotic enough I believe.
|
|
|
|
This common structure will make it much easier to produce an auth
module for s3compat that calls Samba4's auth subsystem.
In order the make the link work properly (and not map twice), we mark
both that we did try and map the user, as well as if we changed the
user during the mapping.
Andrew Bartlett
Signed-off-by: Andrew Tridgell <tridge@samba.org>
|
|
|
|
This reduces precompiled headers by another 4 MB and also slightly speeds up the
build.
Guenther
|
|
|
|
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
|
|
Rename it to auth_ntlmssp_steal_server_info() to make it clear that
the server_info struct is stolen from the auth_ntlmssp_state structure.
Use talloc_move instead of manual steal&clear
Add comments to explain what is going on.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
|
|
It was a spurious remnant after a rebase.
|
|
Turn auth_ntlmssp_end into a destructor and attach it to auth_ntlmssp_state.
Remote auth_ntlmssp_end and use TALLOC_FREE in the callers.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
|
|
There is no need for a separate mem_ctx member.
Also make the ntlmssp_state a children of auth_ntlmssp_state
Also cleanup auth_ntlmssp_end to free only what is not automatically freed
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
|
|
Turn the freeing function into a destructor and attach it to the
auth_context.
Make all callers TALLOC_FREE() the auth_context instead of calling
the free function.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
|
|
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
|
|
All the members are children of ntlmssp_state anyway.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
|
|
This fixes a bug where register_existing_vuid() could be called with a
NULL server_info if the alloction failed.
Andrew Bartlett
Signed-off-by: Andrew Tridgell <tridge@samba.org>
|
|
This reverts commit edba46ce94c335411ab337eeb4ef6f88fb3aae80.
Conflicts:
source3/auth/auth_ntlmssp.c
|
|
This allows the right hooks to be called in GENSEC when s3compat
implements the auth_ntlmssp interface. Otherwise, we can't do the
signing or sealing as we have not negoitated it's use.
Andrew Bartlett
|
|
It's nicer to have an NTSTATUS return, and in s3compat there may be a
reason other than 'no memory' why this can fail.
Andrew Bartlett
|
|
This ensures the results can't be easily left to leak.
Andrew Bartlett
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Günther Deschner <gd@samba.org>
|
|
The code is not yet in common, but I hope to fix that soon.
Andrew Bartlett
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Günther Deschner <gd@samba.org>
|
|
typedefs are no longer preferred Samba style.
Andrew Bartlett
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Günther Deschner <gd@samba.org>
|
|
This makes it a little easier for it to writen in terms of GENSEC in future.
Andrew Bartlett
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Günther Deschner <gd@samba.org>
|
|
Remove "mem_ctx" from "struct auth_context"
|
|
metze
Signed-off-by: Günther Deschner <gd@samba.org>
|
|
metze
Signed-off-by: Günther Deschner <gd@samba.org>
|
|
Inspired by the NTLMSSP merge work by Andrew Bartlett.
metze
Signed-off-by: Günther Deschner <gd@samba.org>
|
|
Inspired by the NTLMSSP merge work by Andrew Bartlett.
metze
Signed-off-by: Günther Deschner <gd@samba.org>
|
|
|
|
metze
|
|
Andrew Bartlett
|
|
|
|
|
|
"nss_token" from my point of view much better reflects what this flag actually
represents
(This used to be commit b121a5acb2ef0bb3067d953b028696175432f10d)
|
|
NTLMSSP and Kerberos session setup
Guenther
(This used to be commit 18b8c2c19e50aee8fc900c7507244cb95014a4fa)
|
|
Jeremy.
(This used to be commit b7628f3a47166791db4cd6451d52ea3881a45bed)
|
|
bugs in various places whilst doing this (places that assumed
BOOL == int). I also need to fix the Samba4 pidl generation
(next checkin).
Jeremy.
(This used to be commit f35a266b3cbb3e5fa6a86be60f34fe340a3ca71f)
|
|
(This used to be commit b0132e94fc5fef936aa766fb99a306b3628e9f07)
|
|
Jeremy.
(This used to be commit 407e6e695b8366369b7c76af1ff76869b45347b3)
|
|
which matches what samba4 has.
also fix all the callers to prevent compiler warnings
metze
(This used to be commit fa322f0cc9c26a9537ba3f0a7d4e4a25941317e7)
|
|
(This used to be commit 09e7c010f03ac3c621f7a7fad44685d278c1481a)
|
|
Jeremy.
(This used to be commit 6b39f53e43572fe29fc037a36328387a0b1bb423)
|