summaryrefslogtreecommitdiff
path: root/source3/auth/server_info.c
AgeCommit message (Collapse)AuthorFilesLines
2012-02-02s3:auth: fill the sids array of the info3 in ↵Stefan Metzmacher1-0/+53
wbcAuthUserInfo_to_netr_SamInfo3() (bug #8739) Originally, only the rid array was filled and foreign domain sids were omitted. Pair-Programmed-With: Michael Adam <obnox@samba.org> metze Autobuild-User: Stefan Metzmacher <metze@samba.org> Autobuild-Date: Thu Feb 2 12:59:32 CET 2012 on sn-devel-104
2012-02-02s3:auth: fix potential gap creation in wbcsids_to_samr_RidWithAttributeArray()Stefan Metzmacher1-4/+5
Pair-Programmed-With: Michael Adam <obnox@samba.org> metze
2011-10-24idl: Improve MS-PAC IDLSimo Sorce1-10/+10
Change some misleading variable names to reflect the actual function. Add missing field name/types previously marked as unkown. Signed-off-by: Günther Deschner <gd@samba.org> Autobuild-User: Günther Deschner <gd@samba.org> Autobuild-Date: Mon Oct 24 19:19:28 CEST 2011 on sn-devel-104
2011-10-17Fix uninitialized memory problem in group_sids_to_info3 (fixes bug #8455).Wilco Baan Hofman1-2/+2
Autobuild-User: Jeremy Allison <jra@samba.org> Autobuild-Date: Mon Oct 17 23:32:58 CEST 2011 on sn-devel-104
2011-09-17s3: Fix bug 8455 -- Samba PDC is looking up only primary user groupVolker Lendecke1-7/+7
group_sids_to_info3 does a sid_peek_check_rid on the domain sid before adding the rids to the array. If the domain sid is 0x0, then the check will always fail. Autobuild-User: Volker Lendecke <vlendec@samba.org> Autobuild-Date: Sat Sep 17 00:51:27 CEST 2011 on sn-devel-104
2011-07-20s3-auth Remove pointless destructor in make_server_infoAndrew Bartlett1-10/+0
All the callers allocate ->info3 as a talloc child already. As regardes the TALLOC_ZERO(), I added this originally out of parinoia many years ago. We do not consistantly zero session keys in memory, and for NTLMv2 and Kerberos they are random for each sesssion, so breaking into smbd far enough to read an old session key isn't a particularly interesting attack, compared with (say) reading the keytab or the password database. (NTLM and LM session keys are fixed derivitives of the passwords however). Andrew Bartlett
2011-07-20s3-auth inline make_auth_session_info into only callerAndrew Bartlett1-23/+0
2011-07-20s3-auth Use the common auth_session_infoAndrew Bartlett1-3/+3
This patch finally has the same structure being used to describe the authorization data of a user across the whole codebase. This will allow of our session handling to be accomplished with common code. Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org>
2011-07-20s3-auth Remove pointless destructorAndrew Bartlett1-10/+0
All the users of this structure allocate info3 on the session_info Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org>
2011-07-20s3-auth Use *unix_token rather than utok in struct auth3_session_infoAndrew Bartlett1-5/+4
This brings this structure one step closer to the struct auth_session_info. A few SMB_ASSERT calls are added in some key places to ensure that this pointer is initialised, to make tracing any bugs here easier in future. NOTE: Many of the users of this structure should be reviewed, as unix and NT access checks are mixed in a way that should just be done using the NT ACL. This patch has not changed this behaviour however. Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org>
2011-07-20s3-auth Add struct auth3_session_info to aid transition to auth_session infoAndrew Bartlett1-0/+34
This will allow a gradual conversion of the required elements from the current struct auth_serversupplied_info. This commit adds the structure definition and some helper functions to copy between the two structures. At this stage these structures and functions are IDENTICAL to the existing code, and so show the past history of that code. The plan is to slowly modify them over the course of the patch series, so that the changes being made a clear. By using a seperate structure to auth_serversupplied_info we can remove elements that are not needed after the authentication, and we can choose a layout that best reflects the needs of runtime users, rather than the internals of the authentication subsystem. By eventually using the auth_session_info from auth.idl, we will gain a single session authorization structure across the whole codebase, allowing more code to be shared, and a much more transparent process for forwarding authorization credentials over the named pipe proxy. Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org>
2011-06-09s3-talloc Change TALLOC_ZERO_P() to talloc_zero()Andrew Bartlett1-1/+1
Using the standard macro makes it easier to move code into common, as TALLOC_ZERO_P isn't standard talloc.
2011-04-05s3-auth Rename user_session_key -> session_key to match auth_session_infoAndrew Bartlett1-9/+9
2011-03-30s3-auth: use auth.h where needed.Günther Deschner1-0/+1
Guenther
2011-03-30s3-passdb: add passdb.h where needed.Günther Deschner1-0/+1
Guenther
2011-03-30s3-winbind: remove global inclusion of libwbclient.Günther Deschner1-0/+1
Guenther
2011-02-22s3:auth: change num_groups to from size_t to uint32_tStefan Metzmacher1-1/+1
This will help with the change from UNIX_USER_TOKEN to security_unix_token metze
2011-02-04s3-auth: add copy_netr_SamBaseInfo().Günther Deschner1-56/+6
Guenther Signed-off-by: Stefan Metzmacher <metze@samba.org>
2010-12-19s3: Fix bug 7066 -- wbcAuthenticateEx gives unix timesVolker Lendecke1-3/+5
We might eventually want to change this, but right now we get unix times out of the winbind pipe struct
2010-11-05s3: Make proper use of sid_check_is_in_xx routinesVolker Lendecke1-2/+2
Autobuild-User: Volker Lendecke <vlendec@samba.org> Autobuild-Date: Fri Nov 5 15:35:59 UTC 2010 on sn-devel-104
2010-11-05s3: Fix a typoVolker Lendecke1-1/+1
2010-10-15s3-rpc_server: Make auth_serversupplied_info const.Andreas Schneider1-1/+1
2010-10-12libcli/security Provide a common, top level libcli/security/security.hAndrew Bartlett1-1/+1
This will reduce the noise from merges of the rest of the libcli/security code, without this commit changing what code is actually used. This includes (along with other security headers) dom_sid.h and security_token.h Andrew Bartlett Autobuild-User: Andrew Bartlett <abartlet@samba.org> Autobuild-Date: Tue Oct 12 05:54:10 UTC 2010 on sn-devel-104
2010-09-20s3-util: use shared dom_sid_dup.Günther Deschner1-5/+5
Guenther
2010-09-20s3-util_sid: use shared dom_sid_compare_auth and dom_sid_equal_X functions.Günther Deschner1-2/+3
Guenther
2010-08-06s3-netlogon: remove global include of netlogon.h.Günther Deschner1-0/+1
This reduces precompiled headers by another 4 MB and also slightly speeds up the build. Guenther
2010-07-24s3: Fix a typo (missing space)Volker Lendecke1-1/+1
2010-06-25s3: In copy_netr_SamInfo3 copy all of the sids arrayVolker Lendecke1-0/+3
2010-06-11s3-auth: Fix valgrind warning (unitialized var) in samu_to_SamInfo3().Günther Deschner1-5/+7
Guenther s3:auth do not fail if there are 0 group sids Signed-off-by: Günther Deschner <gd@samba.org>
2010-06-11s3:auth fix samu->info3 conversionSimo Sorce1-0/+3
Some pdb_get_ functions where missing because of previous mis-patching
2010-06-07s3:auth handle unix domain sids in samuSimo Sorce1-34/+124
When we generate a user out of thin air we may end up adding sids that are not part of the sam domain (unix domain sids). Handle the case and preserve these sids as extra sids. Signed-off-by: Andrew Bartlett <abartlet@samba.org>
2010-05-29s3:auth fix info3 duplication functionSimo Sorce1-3/+8
2010-05-28s3-auth: fix c++ buildwarnings.Günther Deschner1-2/+2
Guenther
2010-05-27Fix Out of memory checksSimo Sorce1-37/+59
Günther pushed an older version of the patch "s3:auth add function to copy a netr_SamInfo3 structure" that was missing these fixes.
2010-05-28s3:auth add function to convert wbcAuthUserInfo to netr_SamInfo3Simo Sorce1-0/+135
Signed-off-by: Günther Deschner <gd@samba.org>
2010-05-28s3:auth use info3 in auth_serversupplied_infoSimo Sorce1-202/+75
Signed-off-by: Günther Deschner <gd@samba.org>
2010-05-28s3:auth add function to copy a netr_SamInfo3 structureSimo Sorce1-0/+61
Signed-off-by: Günther Deschner <gd@samba.org>
2010-05-28s3:auth: add function to convert samu to netr_SamInfo3Simo Sorce1-0/+166
Signed-off-by: Günther Deschner <gd@samba.org>
2010-05-21s3:dom_sid Global replace of DOM_SID with struct dom_sidAndrew Bartlett1-5/+5
This matches the structure that new code is being written to, and removes one more of the old-style named structures, and the need to know that is is just an alias for struct dom_sid. Andrew Bartlett Signed-off-by: Günther Deschner <gd@samba.org>
2010-05-18s3-crypto: only include crypto headers when crypto is done.Günther Deschner1-0/+1
Guenther
2010-04-12s3/s4:netlogon IDL - fix up "struct netr_SamInfo6" regarding the "forest" ↵Matthias Dieter Wallnöfer1-3/+3
attribute According to MS-NRPC 2.2.1.4.13 this should be the DNS domainname, not the forest one.
2010-04-11s3: Move serverinfo_to_SamInfoX to auth/server_info.cVolker Lendecke1-0/+287
2010-04-11s3: Move make_server_info to auth/server_info.cVolker Lendecke1-0/+55