summaryrefslogtreecommitdiff
path: root/source3/auth/auth_util.c
AgeCommit message (Collapse)AuthorFilesLines
2008-08-14Fix show-stopper for 3.2. Smbd depends on group SIDJeremy Allison1-0/+34
position zero being the primary group sid. Authenicating via winbindd call returned a non-sorted sid list. This fixes is for both a winbindd call and a pac list from an info3 struct. Without this we mess up the primary group associated with created files. Found by Herb. Jeremy. (This used to be commit cb925dec85cfc4cfc194c3ff76dbeba2bd2178d7)
2008-08-14Make it clear that this is a temporary context byusing a talloc stackframe ↵Jeremy Allison1-22/+16
instead. Jeremy (This used to be commit 7f7dd5e8883e23d7fe3f9cb804905c5b23a5a41c)
2008-06-26Fix the non-LDAP, non-krb5 build, fix gcc -O3 warnings.Jeremy Allison1-1/+1
Jeremy. (This used to be commit 9e2ab30d3cf6950fc79152b2169e7aeae8d6a366)
2008-06-26Add server_info to pipes_structVolker Lendecke1-0/+16
(This used to be commit d621867bb8767e1c4236d28dd9294a61db6cbb10)
2008-06-24Fix for bug #5551, smbd recursing back into winbindd from a winbindd call.Jeremy Allison1-13/+66
Jeremy. (This used to be commit a07fe72538e8e724b9736d5a85cc590864c5cab2)
2008-06-19Wrap the unix token info in a unix_user_token in auth_serversupplied_infoVolker Lendecke1-23/+25
No functional change, this is a preparation for more current_user ref removal (This used to be commit dcaedf345e62ab74ea87f0a3fa1e3199c75c5445)
2008-05-11Make sure we have serversupplied_info->sanitized_username everywhereVolker Lendecke1-10/+53
(This used to be commit 88423a17b966652eba4085e88f7ddb5c86b463dd)
2008-05-10Add function make_serverinfo_from_username()Volker Lendecke1-0/+38
This will be used for 'security=share' and 'force user' (This used to be commit 88e43097cafcd2849d9f1200a377357fde4cce99)
2008-05-10Add a mem_ctx argument to make_server_info_guest()Volker Lendecke1-4/+5
(This used to be commit e4a9492967f3d2b64f27943f99414608e0c03d21)
2008-05-10Make copy_serverinfo non-static, add mem_ctxVolker Lendecke1-3/+4
(This used to be commit a3651ced9e0859578df8cc44da64e7a8066bde76)
2008-05-07Rename server_info->was_mapped to server_info->nss_tokenVolker Lendecke1-3/+3
"nss_token" from my point of view much better reflects what this flag actually represents (This used to be commit b121a5acb2ef0bb3067d953b028696175432f10d)
2008-05-05Remove "userdom_struct user" from "struct user_struct"Volker Lendecke1-0/+10
(This used to be commit 420de035237bb08bc470c9eb820f3da2edaa6805)
2008-05-05Fix a typoVolker Lendecke1-1/+1
(This used to be commit 964bd02220c04030d8cb0f97ca9b409400d1238c)
2008-05-05Remove unused set_current_user_guest()Volker Lendecke1-33/+0
(This used to be commit a33e8d2ffa4daea1deba13b3571cb0b36d521476)
2008-04-04Use sid_array_from_info3 in lookup_usergroups_cached().Günther Deschner1-1/+1
Guenther (This used to be commit 65b4cb20ea3fb806cfd50281e08f32bea70fafce)
2008-02-17Use netr_SamInfo3 in make_server_info_info3().Günther Deschner1-25/+27
Guenther (This used to be commit 5866c11b288c217f0c38240c44f8bfeff185890d)
2008-02-13auth_winbind: use wbcAuthenticateUserEx()Stefan Metzmacher1-0/+233
smbd doesn't need $(WBCOMMON_OBJ) anymore, it works with any libwbclient.so now and may talk to an older winbindd. metze (This used to be commit e3435930a307cff3066fe2047ed8c5c48911f001)
2008-01-09Convert add_sid_to_array() add_sid_to_array_unique() to return NTSTATUS.Michael Adam1-10/+13
Michael (This used to be commit 6b2b9a60ef857ec31da5fea631535205fbdede4a)
2007-12-28Remove static zerosVolker Lendecke1-3/+6
(This used to be commit dbcc213710a9af31b6094d4741a6f68f573dcdad)
2007-12-22Fix "may be used uninitialized" compiler warnings.James Peach1-3/+3
(This used to be commit 22ac34a329c9be9cf7d1e6749ebcfb50215378e4)
2007-12-21De-couple smbd from staticly linking against winbindd client files.Gerald (Jerry) Carter1-3/+3
Implements a wrapper layer in winbind_util.c which are just stubs if compiled --without-winbind. When building with winbindd, it is now required to build the libwbclient DSO first (in the Makefile) and then either set LD_LIBRARY_PATH or /etc/ld.so.conf to pick up the library PATH. (This used to be commit 42787bccff4fcffafc7aae6a678e792604ecaaa5)
2007-12-15Replace sid_string_static by sid_string_dbg in DEBUGsVolker Lendecke1-4/+4
(This used to be commit bb35e794ec129805e874ceba882bcc1e84791a09)
2007-12-15Use sid_string_talloc where we have a tmp talloc ctxVolker Lendecke1-2/+2
(This used to be commit f00ab810d2540679bec109498ac89e1eafe18f03)
2007-11-27Remove pstrings from everything except srv_spoolss_nt.c.Jeremy Allison1-3/+3
Jeremy. (This used to be commit 0002a9e96b0ef78316295a6eb94ff29b64e2f988)
2007-11-14Remove pstring from auth/*Jeremy Allison1-14/+38
Jeremy. (This used to be commit 72c19d114b40ee307bbe45d9828667165a26d7a3)
2007-10-18RIP BOOL. Convert BOOL -> bool. I found a few interestingJeremy Allison1-25/+25
bugs in various places whilst doing this (places that assumed BOOL == int). I also need to fix the Samba4 pidl generation (next checkin). Jeremy. (This used to be commit f35a266b3cbb3e5fa6a86be60f34fe340a3ca71f)
2007-10-12Add become_root/unbecome_root around one call of getsampwsid()Michael Adam1-1/+6
in create_token_from_username(). This caused set_nt_acl to partially fail in certain circumstances. This is expected to bring an improvement to bug #4308. Michael (This used to be commit e68671b59500d7e1b645c80ee264c49893f8df84)
2007-10-10r23928: Merge all "copy-info3-groups-to-sid-array" blocks to a ↵Günther Deschner1-32/+6
sid_array_from_info3() function. Guenther (This used to be commit 1e1e480115e37b3f4c85f979ddd800b8de0b9c57)
2007-10-10r23784: use the GPLv3 boilerplate as recommended by the FSF and the license textAndrew Tridgell1-2/+1
(This used to be commit b0132e94fc5fef936aa766fb99a306b3628e9f07)
2007-10-10r23779: Change from v2 or later to v3 or later.Jeremy Allison1-1/+1
Jeremy. (This used to be commit 407e6e695b8366369b7c76af1ff76869b45347b3)
2007-10-10r23530: Fix bugs #4678 and #4697 which had the same root cause.Jeremy Allison1-0/+54
In make_server_info_pw() we assign a user SID in our authoritative SAM, even though this may be from a pure "Unix User" that doesn't exist in the SAM. This causes lookups on "[in]valid users" to fail as they will lookup this name as a "Unix User" SID to check against the user token. Fix this by adding the "Unix User"\unix_username SID to the sid array. The correct fix should probably be changing the server_info->sam_account user SID to be a S-1-22 Unix SID, but this might break old configs where plaintext passwords were used with no SAM backend. Jeremy (This used to be commit 80d1da7e6cce451d3934751feaa6ad60a337e3db)
2007-10-10r22844: Introduce const DATA_BLOB data_blob_null = { NULL, 0, NULL }; andVolker Lendecke1-5/+5
replace all data_blob(NULL, 0) calls. (This used to be commit 3d3d61687ef00181f4f04e001d42181d93ac931e)
2007-10-10r22819: Fix Bug 4613. We just dumped the must change & friends. With theVolker Lendecke1-0/+24
pass_last_changed == 0 we now return "Change now!" instead of "Change never" (This used to be commit 450e4d94f64f86a3dd709265d15ed5082d4b53e8)
2007-10-10r22740: Move debug_*_user_token to token_utils.cVolker Lendecke1-45/+0
(This used to be commit 4ad9f8aa61cef94be8d38c6e91aac3a5c848f81f)
2007-10-10r22589: Make TALLOC_ARRAY consistent across all uses.Jeremy Allison1-5/+9
Jeremy. (This used to be commit 8968808c3b5b0208cbad9ac92eaf948f2c546dd9)
2007-10-10r22542: Move over to using the _strict varients of the tallocJeremy Allison1-5/+5
calls. No functional changes. Looks bigger than it is :-). Jeremy. (This used to be commit f6fa3080fee1b20df9f1968500840a88cf0ee592)
2007-10-10r22390: Patchset sent to samba-technical to address the winbindGerald Carter1-38/+10
loop when allocating a new id for a SID: auth_util.patch Revert create_local_token() to the 3.0.24 codebase idmap_type.patch Have the caller fillin the id_map.xid.type field when resolving a SID so that if we allocate a new id, we know what type to use winbindd_api.patch Remove the WINBINDD_SIDS_TO_XIDS calls from the public winbindd interface for the 3.0.25 release idmap_rid.patch Cleanup the idmap_rid backend to not call back into winbindd to resolve the SID in order to verify it's type. (This used to be commit 3b24dae9e73b244540a68b631b428a4d0f57440b)
2007-10-10r22135: Check in most of Michael Adam's net conf utility. A good share of ↵Volker Lendecke1-432/+0
this patch is moving functions around to fix some linker dependencies for the registry. Michael, I've renamed your auth_utils2.c to token_utils.c. Thanks! Volker (This used to be commit 9de16f25c1c3e0b203da47391772ef2e2fe291ac)
2007-10-10r22022: - Clarify the commentsAndrew Bartlett1-1/+1
- make sure never to free an uninitialised variable - ensure to free result on getpwnam_alloc failure Andrew Bartlett (This used to be commit 5fe3328e66661371182cc1c3b6e239797c3b4f93)
2007-10-10r22020: Make it more clear that both the vuser struct and it's contents areAndrew Bartlett1-7/+11
talloc_free()'ed at the end of a session. Rework the passwd cache code to use talloc_unlink and talloc_reference, to more carefully manage the cache. Andrew Bartlett (This used to be commit e3e0ec25e67308de314aa61852905ee42aa2c8fe)
2007-10-10r22001: change prototype of dump_data(), so that it takes unsigned char * now,Stefan Metzmacher1-2/+2
which matches what samba4 has. also fix all the callers to prevent compiler warnings metze (This used to be commit fa322f0cc9c26a9537ba3f0a7d4e4a25941317e7)
2007-10-10r21999: remove useless castsStefan Metzmacher1-6/+6
metze (This used to be commit f948005ca69c50b07fdbcf7801975676d19d1486)
2007-10-10r21536: Fix copy/paste typo.Günther Deschner1-1/+1
Guenther (This used to be commit 7edbb636f7caf43135f0320cc08ff18a34a80594)
2007-10-10r20824: Send access to the trusted domain passwords through the pdb backend, ↵Volker Lendecke1-2/+1
so that in the next step we can store them in LDAP to be replicated across DCs. Thanks to Michael Adam <ma@sernet.de> Volker (This used to be commit 3c879745cfc39be6128b63a88ecdbfa3d9ce6c2d)
2007-10-10r20774: I thought I committed this before Xmas holidays ...Simo Sorce1-1/+1
This change is needed to make it possible to not expire caches in disconnected mode. Jerry, please can you look at this and confirm it is ok? Simo. (This used to be commit 9e8715e4e15d9cede8f4aa9652642995392617e6)
2007-10-10r20169: Support for fallback to legacy mapping code was not completely tested.Simo Sorce1-10/+24
Add necessary fixes. (This used to be commit 4a81ee9608d45f95eaaccc78a080e717cb7d4682)
2007-10-10r20116: Start merging in the work done to create the new idmap subsystem.Simo Sorce1-7/+20
Simo. (This used to be commit 50cd8bffeeed2cac755f75fc3d76fe41c451976b)
2007-10-10r20098: Properly fix issues with create_token_from_username()Jeremy Allison1-6/+11
reported by James. Ensure that this function allocates everything on the temporary context except the return memory. Never call this with a null mem context, and now use conn->mem_ctx instead in smbd/service.c. Remove separate free functions for conn->ngroups and conn->nt_user_token as they are now always talloc'ed off the conn->mem_ctx. Future optimization will be to remove conn->mem_ctx and make all objects pointed to in the conn struct talloc'ed off conn itself. Easy to free then :-). Jeremy. (This used to be commit f83b6de44f1058811ff94ac72a8a71bd8e49e4e8)
2007-10-10r20090: Fix a class of bugs found by James Peach. EnsureJeremy Allison1-40/+77
we never mix malloc and talloc'ed contexts in the add_XX_to_array() and add_XX_to_array_unique() calls. Ensure that these calls always return False on out of memory, True otherwise and always check them. Ensure that the relevent parts of the conn struct and the nt_user_tokens are TALLOC_DESTROYED not SAFE_FREE'd. James - this should fix your crash bug in both branches. Jeremy. (This used to be commit 0ffca7559e07500bd09a64b775e230d448ce5c24)
2007-10-10r19991: Sorry for this 2000-liner...Volker Lendecke1-1/+1
The main thing here is a rewrite of srv_winreg_nt.c. The core functionality has moved to registry/reg_api.c which is then usable by the rest of Samba as well. On that way it fixes creating keys with more than one element in the path. This did not work before. Two things that sneaked in (sorry :-) is the change of some routines from NTSTATUS to WERROR the removed "parent" argument to regkey_open_internal. Volker (This used to be commit fea52801de8c7b85c578d200c599475680c5339f)