Age | Commit message (Collapse) | Author | Files | Lines |
|
Autobuild-User: Jeremy Allison <jra@samba.org>
Autobuild-Date: Mon Oct 17 23:32:58 CEST 2011 on sn-devel-104
|
|
group_sids_to_info3 does a sid_peek_check_rid on the domain sid before adding
the rids to the array. If the domain sid is 0x0, then the check will always
fail.
Autobuild-User: Volker Lendecke <vlendec@samba.org>
Autobuild-Date: Sat Sep 17 00:51:27 CEST 2011 on sn-devel-104
|
|
All the callers allocate ->info3 as a talloc child already.
As regardes the TALLOC_ZERO(), I added this originally out of parinoia
many years ago. We do not consistantly zero session keys in memory,
and for NTLMv2 and Kerberos they are random for each sesssion, so
breaking into smbd far enough to read an old session key isn't a
particularly interesting attack, compared with (say) reading the
keytab or the password database. (NTLM and LM session keys are fixed
derivitives of the passwords however).
Andrew Bartlett
|
|
|
|
This patch finally has the same structure being used to describe the
authorization data of a user across the whole codebase.
This will allow of our session handling to be accomplished with common code.
Andrew Bartlett
Signed-off-by: Andrew Tridgell <tridge@samba.org>
|
|
All the users of this structure allocate info3 on the session_info
Andrew Bartlett
Signed-off-by: Andrew Tridgell <tridge@samba.org>
|
|
This brings this structure one step closer to the struct auth_session_info.
A few SMB_ASSERT calls are added in some key places to ensure that
this pointer is initialised, to make tracing any bugs here easier in
future.
NOTE: Many of the users of this structure should be reviewed, as unix
and NT access checks are mixed in a way that should just be done using
the NT ACL. This patch has not changed this behaviour however.
Andrew Bartlett
Signed-off-by: Andrew Tridgell <tridge@samba.org>
|
|
This will allow a gradual conversion of the required elements from the
current struct auth_serversupplied_info.
This commit adds the structure definition and some helper functions to
copy between the two structures.
At this stage these structures and functions are IDENTICAL to the
existing code, and so show the past history of that code. The plan is
to slowly modify them over the course of the patch series, so that the
changes being made a clear.
By using a seperate structure to auth_serversupplied_info we can
remove elements that are not needed after the authentication, and we
can choose a layout that best reflects the needs of runtime users,
rather than the internals of the authentication subsystem.
By eventually using the auth_session_info from auth.idl, we will gain
a single session authorization structure across the whole codebase,
allowing more code to be shared, and a much more transparent process
for forwarding authorization credentials over the named pipe proxy.
Andrew Bartlett
Signed-off-by: Andrew Tridgell <tridge@samba.org>
|
|
Using the standard macro makes it easier to move code into common, as
TALLOC_ZERO_P isn't standard talloc.
|
|
|
|
Guenther
|
|
Guenther
|
|
Guenther
|
|
This will help with the change from UNIX_USER_TOKEN to security_unix_token
metze
|
|
Guenther
Signed-off-by: Stefan Metzmacher <metze@samba.org>
|
|
We might eventually want to change this, but right now we get unix times
out of the winbind pipe struct
|
|
Autobuild-User: Volker Lendecke <vlendec@samba.org>
Autobuild-Date: Fri Nov 5 15:35:59 UTC 2010 on sn-devel-104
|
|
|
|
|
|
This will reduce the noise from merges of the rest of the
libcli/security code, without this commit changing what code
is actually used.
This includes (along with other security headers) dom_sid.h and
security_token.h
Andrew Bartlett
Autobuild-User: Andrew Bartlett <abartlet@samba.org>
Autobuild-Date: Tue Oct 12 05:54:10 UTC 2010 on sn-devel-104
|
|
Guenther
|
|
Guenther
|
|
This reduces precompiled headers by another 4 MB and also slightly speeds up the
build.
Guenther
|
|
|
|
|
|
Guenther
s3:auth do not fail if there are 0 group sids
Signed-off-by: Günther Deschner <gd@samba.org>
|
|
Some pdb_get_ functions where missing because of previous mis-patching
|
|
When we generate a user out of thin air we may end up adding sids
that are not part of the sam domain (unix domain sids).
Handle the case and preserve these sids as extra sids.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
|
|
|
|
Guenther
|
|
Günther pushed an older version of the patch "s3:auth add function to copy a
netr_SamInfo3 structure" that was missing these fixes.
|
|
Signed-off-by: Günther Deschner <gd@samba.org>
|
|
Signed-off-by: Günther Deschner <gd@samba.org>
|
|
Signed-off-by: Günther Deschner <gd@samba.org>
|
|
Signed-off-by: Günther Deschner <gd@samba.org>
|
|
This matches the structure that new code is being written to,
and removes one more of the old-style named structures, and
the need to know that is is just an alias for struct dom_sid.
Andrew Bartlett
Signed-off-by: Günther Deschner <gd@samba.org>
|
|
Guenther
|
|
attribute
According to MS-NRPC 2.2.1.4.13 this should be the DNS domainname, not the
forest one.
|
|
|
|
|