Age | Commit message (Collapse) | Author | Files | Lines |
|
Guenther
|
|
Changes to the s3 epmapper behaviour seem to have fixed the rest of these
tests.
Andrew Bartlett
|
|
There is no longer any theft of memory as the underlying routines now
produce a new auth_session_info for this caller, allocating it
on the supplied memory context.
Andrew Bartlett
|
|
Signed-off-by: Andrew Tridgell <tridge@samba.org>
|
|
Rather than passing this value around the callers, and eventually
setting it in register_existing_vuid(), we simply pass it to
create_local_token(). This also removes the need for
auth_ntlmssp_get_username().
Andrew Bartlett
Signed-off-by: Andrew Tridgell <tridge@samba.org>
|
|
This helps map on to the GENSEC semantics better, and ensures that the
full set of desired features are set before the mechanism starts.
Andrew Bartlett
Signed-off-by: Andrew Tridgell <tridge@samba.org>
|
|
This means we no longer need two different map to guest functions
and have consistent logic with fewer layering violations.
Andrew Bartlett
Signed-off-by: Andrew Tridgell <tridge@samba.org>
|
|
|
|
This patch finally has the same structure being used to describe the
authorization data of a user across the whole codebase.
This will allow of our session handling to be accomplished with common code.
Andrew Bartlett
Signed-off-by: Andrew Tridgell <tridge@samba.org>
|
|
Signed-off-by: Andrew Tridgell <tridge@samba.org>
|
|
This seperation between the structure used inside the auth modules and
in the wider codebase allows for a gradual migration from struct
auth_serversupplied_info -> struct auth_session_info (from auth.idl)
The idea here is that we keep a clear seperation between the structure
before and after the local groups, local user lookup and the session
key modifications have been processed, as the lack of this seperation
has caused issues in the past.
Andrew Bartlett
Signed-off-by: Andrew Tridgell <tridge@samba.org>
|
|
This will allow a gradual conversion of the required elements from the
current struct auth_serversupplied_info.
This commit adds the structure definition and some helper functions to
copy between the two structures.
At this stage these structures and functions are IDENTICAL to the
existing code, and so show the past history of that code. The plan is
to slowly modify them over the course of the patch series, so that the
changes being made a clear.
By using a seperate structure to auth_serversupplied_info we can
remove elements that are not needed after the authentication, and we
can choose a layout that best reflects the needs of runtime users,
rather than the internals of the authentication subsystem.
By eventually using the auth_session_info from auth.idl, we will gain
a single session authorization structure across the whole codebase,
allowing more code to be shared, and a much more transparent process
for forwarding authorization credentials over the named pipe proxy.
Andrew Bartlett
Signed-off-by: Andrew Tridgell <tridge@samba.org>
|
|
Signed-off-by: Andrew Tridgell <tridge@samba.org>
|
|
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
|
|
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
|
|
|
|
|
|
Andreas Schneider <asn@samba.org> correctly points out that this input
parameter should now be const, and that found a bug where I used then
used it incorrectly as a talloc context.
Andrew Bartlett
Autobuild-User: Andrew Bartlett <abartlet@samba.org>
Autobuild-Date: Wed Apr 6 00:33:31 CEST 2011 on sn-devel-104
|
|
Before a auth_serversupplied_info struct can be used for
authorization, the local groups and privileges must be calculated.
create_local_token() now copies the server_info, and then sets the
calulated token and unix groups.
Soon, it will also transform the result into an expanded struct
auth_session_info. Until then, the variable name (server_info vs
session_info provides a clue to the developer about what information
has been entered in the structure).
By moving the calls to create_local_token within the codebase, we
remove duplication, and ensure that the session key (where modified)
is consistently copied into the new structure.
Andrew Bartlett
|
|
This ensures that all callers don't need to each add builtin groups
and privileges to the user's token
Andrew Bartlett
|
|
Guenther
|
|
Guenther
|