summaryrefslogtreecommitdiff
path: root/source3/auth/auth_util.c
AgeCommit message (Collapse)AuthorFilesLines
2011-04-13s3: Use wbcSidsToUnixIds in create_local_tokenVolker Lendecke1-6/+20
Signed-off-by: Jeremy Allison <jra@samba.org>
2011-04-06s3-auth: Make server_info const in create_local_token()Andrew Bartlett1-4/+4
Andreas Schneider <asn@samba.org> correctly points out that this input parameter should now be const, and that found a bug where I used then used it incorrectly as a talloc context. Andrew Bartlett Autobuild-User: Andrew Bartlett <abartlet@samba.org> Autobuild-Date: Wed Apr 6 00:33:31 CEST 2011 on sn-devel-104
2011-04-05s3-auth Rename user_session_key -> session_key to match auth_session_infoAndrew Bartlett1-11/+11
2011-04-05s3-auth use create_local_token() to transform server_info -> session_infoAndrew Bartlett1-62/+110
Before a auth_serversupplied_info struct can be used for authorization, the local groups and privileges must be calculated. create_local_token() now copies the server_info, and then sets the calulated token and unix groups. Soon, it will also transform the result into an expanded struct auth_session_info. Until then, the variable name (server_info vs session_info provides a clue to the developer about what information has been entered in the structure). By moving the calls to create_local_token within the codebase, we remove duplication, and ensure that the session key (where modified) is consistently copied into the new structure. Andrew Bartlett
2011-03-30s3-auth: use auth.h where needed.Günther Deschner1-0/+1
Guenther
2011-03-30s3-passdb: use passdb headers where needed.Günther Deschner1-0/+1
Guenther
2011-03-30s3-winbind: remove global inclusion of libwbclient.Günther Deschner1-0/+1
Guenther
2011-03-30lib/util/util_pw: share more code between lib/util/util_pw.c and ↵Günther Deschner1-0/+1
source3/lib/username.c Guenther
2011-03-16s3: Fix Coverity ID 1018, CHECKED_RETURNVolker Lendecke1-3/+5
2011-02-22s3-auth Rename auth_serversupplied_info varaiables: server_info -> session_infoAndrew Bartlett1-16/+16
These variables, of type struct auth_serversupplied_info were poorly named when added into 2001, and in good consistant practice, this has extended all over the codebase in the years since. The structure is also not ideal for it's current purpose. Originally intended to convey the results of the authentication modules, it really describes all the essential attributes of a session. This rename will reduce the volume of a future patch to replaced these with a struct auth_session_info, with auth_serversupplied_info confined to the lower levels of the auth subsystem, and then eliminated. (The new structure will be the output of create_local_token(), and the change in struct definition will ensure that this is always run, populating local groups and privileges). Andrew Bartlett Signed-off-by: Stefan Metzmacher <metze@samba.org>
2011-02-20s3: NO_SUCH_USER is a lot more likely than NO_MEMORYVolker Lendecke1-1/+1
2011-02-20s3: Convert init_system_info to NTSTATUSVolker Lendecke1-4/+3
2011-02-16s3-auth Fix memory leak in security=share and force user =Andrew Bartlett1-1/+1
In these cases, the server_info was not stolen onto a long term memory context, and so remained on the NULL context where it was created. Andrew Bartlett Autobuild-User: Andrew Bartlett <abartlet@samba.org> Autobuild-Date: Wed Feb 16 01:08:19 CET 2011 on sn-devel-104
2011-02-10s3-auth Remove unused pam_handleAndrew Bartlett1-1/+0
Signed-off-by: Andrew Tridgell <tridge@samba.org>
2011-02-10s3-auth Rename cryptic 'ptok' to security_tokenAndrew Bartlett1-18/+18
This will allow the auth_serversupplied_info struct to be migrated to auth_session_info easier. Adnrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-11-10Remove fstring from map_username. Create a more sane interface than the ↵Jeremy Allison1-28/+59
called-parameter-is-modified. Jeremy.
2010-10-20Make getpwnam_alloc() static to lib/username.c, and ensure all username ↵Jeremy Allison1-2/+2
lookups go through Get_Pwnam_alloc(), which is the correct wrapper function. We were using it *some* of the time anyway, so this just makes us properly consistent. Jeremy. Autobuild-User: Jeremy Allison <jra@samba.org> Autobuild-Date: Wed Oct 20 16:02:12 UTC 2010 on sn-devel-104
2010-10-14s3-auth Use security_token_debug() from common codeAndrew Bartlett1-1/+1
This prints the security token including the privileges as strings instead of just a bitmap. Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-10-12libcli/security Provide a common, top level libcli/security/security.hAndrew Bartlett1-1/+1
This will reduce the noise from merges of the rest of the libcli/security code, without this commit changing what code is actually used. This includes (along with other security headers) dom_sid.h and security_token.h Andrew Bartlett Autobuild-User: Andrew Bartlett <abartlet@samba.org> Autobuild-Date: Tue Oct 12 05:54:10 UTC 2010 on sn-devel-104
2010-09-28s3-auth_util: make sure the system server info actually contains S-1-5-18.Günther Deschner1-0/+9
Without this, all security descriptor checks for the winreg spoolss backend fail and make our spoolss system in its current shape basically unusable. Andreas, please check. Guenther
2010-09-26s3: Fix a memleak in make_new_server_info_system()Volker Lendecke1-0/+1
2010-09-26s3: Remove talloc_autofree_context() from init_system_info()Volker Lendecke1-1/+2
2010-09-20s3-util: use shared dom_sid_dup.Günther Deschner1-1/+2
Guenther
2010-09-11s3:auth Remove NT_USER_TOKENAndrew Bartlett1-2/+2
The all UPPER case typedef is no longer the preferred Samba style and this makes it easier to see that this is the IDL-derivied structure Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-09-09s3-auth: Added get_server_info_system function.Andreas Schneider1-0/+5
2010-09-01s3-auth: fix uninitialized error code in get_guest_info3().Günther Deschner1-2/+1
Guenther
2010-08-31s3-auth Rename NT_USER_TOKEN user_sids -> sidsAndrew Bartlett1-5/+5
This is closer to the struct security_token from security.idl
2010-08-30s3-auth: Use SamInfo3_for_guest to create guest server_info.Andreas Schneider1-19/+70
Signed-off-by: Simo Sorce <idra@samba.org>
2010-08-20Fix const warning.Jeremy Allison1-1/+1
2010-08-14s3:auth Make Samba3 use the new common struct auth_usersupplied_infoAndrew Bartlett1-38/+41
This common structure will make it much easier to produce an auth module for s3compat that calls Samba4's auth subsystem. In order the make the link work properly (and not map twice), we mark both that we did try and map the user, as well as if we changed the user during the mapping. Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-07-11s3: [ug]id_to_unix_... can not failVolker Lendecke1-9/+3
Remove some silly failure checks
2010-07-08s3: Slightly simplify make_server_info_pwVolker Lendecke1-3/+1
2010-06-25s3: In make_server_info_info3, check the result of copy_netr_SamInfo3Volker Lendecke1-0/+4
2010-06-16s3-auth: in make_user_info_for_reply_enc make sure to check length and dataGünther Deschner1-2/+2
pointer of nt and lm hash. This fixes kernel cifs client with sec=ntlmv2. Guenther
2010-06-07s3:auth make sure the primary group sid is usableSimo Sorce1-13/+30
This function was previously performed under the cover by converting back and forth from info3 to samu and then later from samu to info3. Since we now shortcircuit that in some cases, check explicitly using get_primary_group_sid() Signed-off-by: Andrew Bartlett <abartlet@samba.org>
2010-06-07s3:auth return the full passwd struct from check_accountSimo Sorce1-12/+6
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
2010-06-07s3:auth remove unused structure memberSimo Sorce1-75/+1
sids are now completely handled using info3, remove dead code that fills server info sids and the structure members themselves Signed-off-by: Andrew Bartlett <abartlet@samba.org>
2010-06-07s3:auth create nt token from info3 directlySimo Sorce1-12/+5
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
2010-06-07s3:auth handle unix domain sids in samuSimo Sorce1-2/+3
When we generate a user out of thin air we may end up adding sids that are not part of the sam domain (unix domain sids). Handle the case and preserve these sids as extra sids. Signed-off-by: Andrew Bartlett <abartlet@samba.org>
2010-06-07s3:auth set the resolved user sid in the fake sam accountSimo Sorce1-0/+3
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
2010-06-07s3:auth check the user is valid firstSimo Sorce1-43/+39
It makes no sense to go through all the hoops to build samu and convert it to info3, just to discard them later if the user was not valid. Signed-off-by: Andrew Bartlett <abartlet@samba.org>
2010-06-07s3:auth make sure we set the right usernameSimo Sorce1-0/+5
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
2010-06-01s3:auth Rename wksta_name -> workstation_name in auth_usersupplied_infoAndrew Bartlett1-8/+8
2010-05-31s3:smbd map_username() doesn't need sconn anymoreSimo Sorce1-4/+2
Signed-off-by: Andreas Schneider <asn@samba.org>
2010-05-31s3-auth: add "system" bool flag to auth_serversupplied_info.Günther Deschner1-1/+10
Guenther
2010-05-29s3:auth Fix segfault when the user cannot be found by getpwnam()Andrew Bartlett1-3/+10
Add comment to notify when getpwnam() fails. Reviewed-by: Simo Sorce <idra@samba.org>
2010-05-28s3-auth: Added a function to get the server_info from the system user.Andreas Schneider1-0/+39
Signed-off-by: Günther Deschner <gd@samba.org>
2010-05-27s3:auth remove login_server from server infoSimo Sorce1-3/+0
It is not used anymore, we have that information in info3->base.logon_server already
2010-05-28s3:auth Free sampass as soon as we have server_infoSimo Sorce1-1/+4
We don't keep sampass in server_info anymore So it makes no sense to keep it around. Signed-off-by: Günther Deschner <gd@samba.org>
2010-05-28s3:auth use info3 in auth_serversupplied_infoSimo Sorce1-366/+41
Signed-off-by: Günther Deschner <gd@samba.org>