Age | Commit message (Collapse) | Author | Files | Lines |
|
Abartlet, this commit makes check_sam_security_info3 use talloc_tos() and also
cleans up the temporary talloc stackframe.
The old code created a temporary talloc context off "mem_ctx" but failed to
clean up the tmp_ctx in all but one return paths.
talloc_stackframe()/talloc_tos() is designed as a defense against exactly this
error: Even if we failed to free the frame when returning from the routine, it
would be cleaned up very soon, in our main event loop.
Please check this patch!
Thanks,
Volker
Autobuild-User: Volker Lendecke <vlendec@samba.org>
Autobuild-Date: Sat Mar 5 14:08:37 CET 2011 on sn-devel-104
|
|
|
|
with winbindd.
Guenther
Autobuild-User: Günther Deschner <gd@samba.org>
Autobuild-Date: Wed Feb 23 02:16:23 CET 2011 on sn-devel-104
|
|
are used.
Guenther
|
|
This will help with the change from UNIX_USER_TOKEN to security_unix_token
metze
|
|
These variables, of type struct auth_serversupplied_info were poorly
named when added into 2001, and in good consistant practice, this has
extended all over the codebase in the years since.
The structure is also not ideal for it's current purpose. Originally
intended to convey the results of the authentication modules, it
really describes all the essential attributes of a session. This
rename will reduce the volume of a future patch to replaced these with
a struct auth_session_info, with auth_serversupplied_info confined to
the lower levels of the auth subsystem, and then eliminated.
(The new structure will be the output of create_local_token(), and the
change in struct definition will ensure that this is always run, populating
local groups and privileges).
Andrew Bartlett
Signed-off-by: Stefan Metzmacher <metze@samba.org>
|
|
|
|
|
|
this brings the s3 waf build much closer to the proposed s3build top
level build, using the same bld.SAMBA3_*() rules
There are a few renames of subsystems in here, with a 3 suffix where
it would create a conflict.
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
|
In these cases, the server_info was not stolen onto a long term memory
context, and so remained on the NULL context where it was created.
Andrew Bartlett
Autobuild-User: Andrew Bartlett <abartlet@samba.org>
Autobuild-Date: Wed Feb 16 01:08:19 CET 2011 on sn-devel-104
|
|
Signed-off-by: Andrew Tridgell <tridge@samba.org>
|
|
This will allow the auth_serversupplied_info struct to be migrated
to auth_session_info easier.
Adnrew Bartlett
Signed-off-by: Andrew Tridgell <tridge@samba.org>
|
|
Guenther
|
|
Autobuild-User: Volker Lendecke <vlendec@samba.org>
Autobuild-Date: Sun Feb 6 20:43:03 CET 2011 on sn-devel-104
|
|
Autobuild-User: Volker Lendecke <vlendec@samba.org>
Autobuild-Date: Sun Feb 6 17:30:48 CET 2011 on sn-devel-104
|
|
|
|
The benefit of this that it makes us more robust to secure channel resets
triggered from tools outside the winbind process. Long term we need to have a
shared tdb secure channel store though as well.
Guenther
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User: Stefan Metzmacher <metze@samba.org>
Autobuild-Date: Fri Feb 4 18:11:04 CET 2011 on sn-devel-104
|
|
Guenther
Signed-off-by: Stefan Metzmacher <metze@samba.org>
|
|
There are cases where we fill in params.password.response.lm_data with non-NULL
where params.password.response.lm_length is 0. wbcAuthenticateUserEx does not
like that.
I haven't been able to reproduce this with smbclient yet, I've seen it with a
proprietary smb client implementation.
Autobuild-User: Volker Lendecke <vlendec@samba.org>
Autobuild-Date: Mon Jan 17 16:30:11 CET 2011 on sn-devel-104
|
|
Autobuild-User: Volker Lendecke <vlendec@samba.org>
Autobuild-Date: Mon Jan 17 08:47:25 CET 2011 on sn-devel-104
|
|
|
|
The only condition that cli_full_connection marks as non-retryable is the basic
name lookup and TCP connect. To me this is pretty fishy. For example if the
negprot fails, this is supposed to be more retryable than a NetBIOS name lookup
failure? I'd rather think the opposite is true.
Jeremy, this is code from 2002, 389a16d9d533. If you have any comments from
back then, let me know :-)
Volker
|
|
We might eventually want to change this, but right now we get unix times
out of the winbind pipe struct
|
|
This finally allows mixed case module names like the classic build
(./configure --shared_modules=charset_CP850)
Guenther
Autobuild-User: Günther Deschner <gd@samba.org>
Autobuild-Date: Wed Dec 1 18:39:14 CET 2010 on sn-devel-104
|
|
Guenther
|
|
Autobuild-User: Jeremy Allison <jra@samba.org>
Autobuild-Date: Wed Nov 10 01:56:21 UTC 2010 on sn-devel-104
|
|
value returned by it.
Jeremy.
|
|
called-parameter-is-modified.
Jeremy.
|
|
This happens if you set "auth methods = winbind" without a fallback method.
The return NT_STATUS_LOGON_FAILURE; is not strictly require here, because we
fall through to the equivalent statement a few lines down, but it makes the
code a bit clearer IMO.
Autobuild-User: Volker Lendecke <vlendec@samba.org>
Autobuild-Date: Tue Nov 9 20:15:59 UTC 2010 on sn-devel-104
|
|
Autobuild-User: Volker Lendecke <vlendec@samba.org>
Autobuild-Date: Fri Nov 5 15:35:59 UTC 2010 on sn-devel-104
|
|
|
|
lookups go
through Get_Pwnam_alloc(), which is the correct wrapper function. We were using
it *some* of the time anyway, so this just makes us properly consistent.
Jeremy.
Autobuild-User: Jeremy Allison <jra@samba.org>
Autobuild-Date: Wed Oct 20 16:02:12 UTC 2010 on sn-devel-104
|
|
Guenther
|
|
|
|
This prints the security token including the privileges as strings
instead of just a bitmap.
Andrew Bartlett
Signed-off-by: Andrew Tridgell <tridge@samba.org>
|
|
The wrapper call is left here to avoid changing semantics for
the NULL parameter case.
Andrew Bartlett
Signed-off-by: Andrew Tridgell <tridge@samba.org>
|
|
This will reduce the noise from merges of the rest of the
libcli/security code, without this commit changing what code
is actually used.
This includes (along with other security headers) dom_sid.h and
security_token.h
Andrew Bartlett
Autobuild-User: Andrew Bartlett <abartlet@samba.org>
Autobuild-Date: Tue Oct 12 05:54:10 UTC 2010 on sn-devel-104
|
|
Guenther
Autobuild-User: Günther Deschner <gd@samba.org>
Autobuild-Date: Fri Oct 8 09:31:01 UTC 2010 on sn-devel-104
|
|
module by default).
Guenther
|
|
Guenther
|
|
Without this, all security descriptor checks for the winreg spoolss backend fail
and make our spoolss system in its current shape basically unusable.
Andreas, please check.
Guenther
|
|
Guenther
|
|
The memcache_add_talloc() later on steals it anyway
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|