summaryrefslogtreecommitdiff
path: root/source3/auth
AgeCommit message (Collapse)AuthorFilesLines
2010-11-09s3: Quieten a bogus error messageVolker Lendecke1-3/+1
This happens if you set "auth methods = winbind" without a fallback method. The return NT_STATUS_LOGON_FAILURE; is not strictly require here, because we fall through to the equivalent statement a few lines down, but it makes the code a bit clearer IMO. Autobuild-User: Volker Lendecke <vlendec@samba.org> Autobuild-Date: Tue Nov 9 20:15:59 UTC 2010 on sn-devel-104
2010-11-05s3: Make proper use of sid_check_is_in_xx routinesVolker Lendecke1-2/+2
Autobuild-User: Volker Lendecke <vlendec@samba.org> Autobuild-Date: Fri Nov 5 15:35:59 UTC 2010 on sn-devel-104
2010-11-05s3: Fix a typoVolker Lendecke1-1/+1
2010-10-20Make getpwnam_alloc() static to lib/username.c, and ensure all username ↵Jeremy Allison3-6/+6
lookups go through Get_Pwnam_alloc(), which is the correct wrapper function. We were using it *some* of the time anyway, so this just makes us properly consistent. Jeremy. Autobuild-User: Jeremy Allison <jra@samba.org> Autobuild-Date: Wed Oct 20 16:02:12 UTC 2010 on sn-devel-104
2010-10-20s3-waf: move RPC_CLIENT_SCHANNEL into a subsystem.Günther Deschner1-0/+1
Guenther
2010-10-15s3-rpc_server: Make auth_serversupplied_info const.Andreas Schneider1-1/+1
2010-10-14s3-auth Use security_token_debug() from common codeAndrew Bartlett2-27/+1
This prints the security token including the privileges as strings instead of just a bitmap. Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-10-14s3-auth use security_token_has_sid() from the common codeAndrew Bartlett1-9/+2
The wrapper call is left here to avoid changing semantics for the NULL parameter case. Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-10-12libcli/security Provide a common, top level libcli/security/security.hAndrew Bartlett3-3/+3
This will reduce the noise from merges of the rest of the libcli/security code, without this commit changing what code is actually used. This includes (along with other security headers) dom_sid.h and security_token.h Andrew Bartlett Autobuild-User: Andrew Bartlett <abartlet@samba.org> Autobuild-Date: Tue Oct 12 05:54:10 UTC 2010 on sn-devel-104
2010-10-08s3-waf: slowly getting modules to match how they look like in old build.Günther Deschner1-19/+19
Guenther Autobuild-User: Günther Deschner <gd@samba.org> Autobuild-Date: Fri Oct 8 09:31:01 UTC 2010 on sn-devel-104
2010-09-28s3-waf: add AUTH_SCRIPT module to AUTH subsystem (which is build as sharedGünther Deschner1-0/+7
module by default). Guenther
2010-09-28s3-waf: fix dependencies in most of our module subsystems.Günther Deschner1-6/+2
Guenther
2010-09-28s3-auth_util: make sure the system server info actually contains S-1-5-18.Günther Deschner1-0/+9
Without this, all security descriptor checks for the winreg spoolss backend fail and make our spoolss system in its current shape basically unusable. Andreas, please check. Guenther
2010-09-27s3-waf: move auth subsystem to auth/wscript_build.Günther Deschner1-0/+84
Guenther
2010-09-26s3: Remove talloc_autofree_context() from get_root_nt_token()Volker Lendecke1-1/+1
The memcache_add_talloc() later on steals it anyway
2010-09-26s3: Lift talloc_autofree_context() from make_auth_context_fixed()Volker Lendecke1-3/+4
2010-09-26s3: Lift talloc_autofree_context() from make_auth_context_subsystem()Volker Lendecke3-6/+11
2010-09-26s3: Lift talloc_autofree_context() from make_auth_context_text_list()Volker Lendecke1-3/+6
2010-09-26s3: Lift talloc_autofree_context() from make_auth_context()Volker Lendecke1-3/+7
2010-09-26s3: Fix a memleak in make_new_server_info_system()Volker Lendecke1-0/+1
2010-09-26s3: Remove talloc_autofree_context() from init_system_info()Volker Lendecke1-1/+2
2010-09-25s3: Fix a typoVolker Lendecke1-1/+1
2010-09-20s3-util: use shared dom_sid_dup.Günther Deschner2-6/+7
Guenther
2010-09-20s3-util_sid: use shared dom_sid_compare_auth and dom_sid_equal_X functions.Günther Deschner2-4/+5
Guenther
2010-09-16libcli/auth/ntlmssp Be clear about talloc parents for session keysAndrew Bartlett1-9/+16
The previous API was not clear as to who owned the returned session key. This fixes a valgrind-found use-after-free in the NTLMSSP key derivation code, and avoids making allocations - we steal and zero instead. Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-09-11s3-privs Call security_token_set_privilege() rather than manual assignmentAndrew Bartlett1-1/+1
This avoids as much direct modifiction of the bitmask as possible. Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-09-11s3-privs Inline dump_se_priv into callers now that it's just a uint64_tAndrew Bartlett1-1/+1
The previous 128 bit structure needed this helper function. Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-09-11s3:auth Remove NT_USER_TOKENAndrew Bartlett2-8/+8
The all UPPER case typedef is no longer the preferred Samba style and this makes it easier to see that this is the IDL-derivied structure Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-09-11s3-auth Change struct nt_user_token -> struct security_tokenAndrew Bartlett1-14/+14
This common structure is defined in security.idl Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-09-11s3-auth Change type of num_sids to uint32_tAndrew Bartlett1-5/+7
size_t is overkill here, and in struct security_token in the num_sids is uint32_t. This includes a change to the prototype of add_sid_to_array() and add_sid_to_array_unique(), which has had a number of consequnetial changes as I try to sort out all the callers using a pointer to the number of sids. Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-09-09s3-auth: Added get_server_info_system function.Andreas Schneider1-0/+5
2010-09-01s3-auth: fix uninitialized error code in get_guest_info3().Günther Deschner1-2/+1
Guenther
2010-08-31s3-auth: remove global include of krb5pac.h.Günther Deschner2-0/+2
Guenther
2010-08-31s3-auth: remove unused variable in check_sam_security().Günther Deschner1-1/+1
Guenther
2010-08-31s3-auth Rename NT_USER_TOKEN privileges -> privilege_maskAndrew Bartlett1-3/+3
This is closer to the struct security_token from security.idl Andrew Bartlett
2010-08-31s3-auth Rename NT_USER_TOKEN user_sids -> sidsAndrew Bartlett2-29/+29
This is closer to the struct security_token from security.idl
2010-08-30s3-auth: The unlock of the account is now done by the get_sampwnam call.Andreas Schneider1-5/+2
Signed-off-by: Simo Sorce <idra@samba.org>
2010-08-30s3-auth: Use SamInfo3_for_guest to create guest server_info.Andreas Schneider1-19/+70
Signed-off-by: Simo Sorce <idra@samba.org>
2010-08-30s3-auth: add helper to get server_info out of kerberos infoSimo Sorce1-0/+100
Signed-off-by: Günther Deschner <gd@samba.org>
2010-08-30s3-auth: Add helper function to retrieve the unix user from a kerberos ticketSimo Sorce1-0/+172
Signed-off-by: Günther Deschner <gd@samba.org>
2010-08-29s3: Remove a use of smbd_server_fdVolker Lendecke1-1/+1
This disables different socket options per user for ntlmssp authentiation, a change in behaviour which is exotic enough I believe.
2010-08-28s3: Remove smbd_server_conn() from check_unix_securityVolker Lendecke1-7/+2
2010-08-28s3: Lift smbd_server_fd() from pass_check()Volker Lendecke2-7/+8
2010-08-28s3: Lift smbd_server_fd() from password_check()Volker Lendecke1-11/+13
2010-08-28s3: Fix some nonempty blank linesVolker Lendecke1-15/+15
2010-08-28s3: Fix smb_pam_passcheckVolker Lendecke1-2/+2
2010-08-28s3: Those functions are no macros anymore :-)Volker Lendecke1-4/+0
2010-08-27s3: Lift smbd_server_fd() from smb_pam_passcheckVolker Lendecke2-8/+10
2010-08-27s3: Lift smbd_server_fd() from smb_pam_startVolker Lendecke1-16/+9
smb_pam_passcheck() is the only caller that fills in NULL, all other callers now properly fill rhost
2010-08-27s3: Pass "private_data" through string_combinations()Volker Lendecke1-12/+24