summaryrefslogtreecommitdiff
path: root/source3/auth
AgeCommit message (Collapse)AuthorFilesLines
2010-08-14s3:auth Change 'make_user_info' to be talloc basedAndrew Bartlett1-72/+58
This is an ideal candidate, as it already uses a free function. It now uses talloc destructors to clear the passwords if required. Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-08-14s3:auth Whitespace fixes after auth mergeAndrew Bartlett3-20/+20
2010-08-14s3:auth Make Samba3 use the new common struct auth_usersupplied_infoAndrew Bartlett14-152/+191
This common structure will make it much easier to produce an auth module for s3compat that calls Samba4's auth subsystem. In order the make the link work properly (and not map twice), we mark both that we did try and map the user, as well as if we changed the user during the mapping. Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-08-08s3: Lift the smbd_messaging_context from reload_servicesVolker Lendecke1-1/+1
2010-08-06s3-netlogon: remove global include of netlogon.h.Günther Deschner3-0/+4
This reduces precompiled headers by another 4 MB and also slightly speeds up the build. Guenther
2010-08-06s3: remove global include of samr.hGünther Deschner1-0/+1
Guenther
2010-08-05s3-secrets: only include secrets.h when needed.Günther Deschner3-0/+3
Guenther
2010-07-28s3-auth: Remove unimplemented functionsSimo Sorce1-10/+0
2010-07-24s3: Fix a typo (missing space)Volker Lendecke1-1/+1
2010-07-20s3-dcerpc: Unifiy cli_pipe_auth_data and pipe_auth_dataSimo Sorce1-2/+2
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
2010-07-20s3-auth: Move auth_ntlmssp wrappers in their own fileSimo Sorce1-77/+1
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
2010-07-20s3-auth: Refactor and rename auth_ntlmssp_server_info()Simo Sorce1-11/+13
Rename it to auth_ntlmssp_steal_server_info() to make it clear that the server_info struct is stolen from the auth_ntlmssp_state structure. Use talloc_move instead of manual steal&clear Add comments to explain what is going on. Signed-off-by: Andrew Bartlett <abartlet@samba.org>
2010-07-19s3-auth: Remove unused variable.Simo Sorce1-2/+0
It was a spurious remnant after a rebase.
2010-07-19s3-auth: Use talloc hierarchies to properly free auth_ntlmssp_state contextsSimo Sorce1-6/+12
Turn auth_ntlmssp_end into a destructor and attach it to auth_ntlmssp_state. Remote auth_ntlmssp_end and use TALLOC_FREE in the callers. Signed-off-by: Andrew Bartlett <abartlet@samba.org>
2010-07-19s3-auth: auth_make ntlmssp_state the parent contextSimo Sorce1-29/+12
There is no need for a separate mem_ctx member. Also make the ntlmssp_state a children of auth_ntlmssp_state Also cleanup auth_ntlmssp_end to free only what is not automatically freed Signed-off-by: Andrew Bartlett <abartlet@samba.org>
2010-07-19s3-auth: Simplify how we free the auth_contextSimo Sorce3-18/+20
Turn the freeing function into a destructor and attach it to the auth_context. Make all callers TALLOC_FREE() the auth_context instead of calling the free function. Signed-off-by: Andrew Bartlett <abartlet@samba.org>
2010-07-19s3-auth: Cleanup and readability fixesSimo Sorce1-21/+23
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
2010-07-19s3-ntlmssp: Remove ntlmssp_end and let the talloc hierarchy handle it.Simo Sorce1-1/+1
All the members are children of ntlmssp_state anyway. Signed-off-by: Andrew Bartlett <abartlet@samba.org>
2010-07-14s3:auth Change auth_ntlmssp_server_info API to return NTSTATUSAndrew Bartlett1-4/+7
This fixes a bug where register_existing_vuid() could be called with a NULL server_info if the alloction failed. Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-07-11s3: [ug]id_to_unix_... can not failVolker Lendecke2-14/+5
Remove some silly failure checks
2010-07-08s3: Slightly simplify make_server_info_pwVolker Lendecke1-3/+1
2010-06-25s3: In make_server_info_info3, check the result of copy_netr_SamInfo3Volker Lendecke1-0/+4
2010-06-25s3: In copy_netr_SamInfo3 copy all of the sids arrayVolker Lendecke1-0/+3
2010-06-16s3-auth: in make_user_info_for_reply_enc make sure to check length and dataGünther Deschner1-2/+2
pointer of nt and lm hash. This fixes kernel cifs client with sec=ntlmv2. Guenther
2010-06-16s3-auth: fix debug message in check_winbind_security().Günther Deschner1-1/+1
Guenther
2010-06-16Revert "s4-smbtorture: only pull info when status code indicates success in ↵Günther Deschner1-11/+3
smbcli_rap_netprintqgetinfo()." This reverts commit 1f1c04010a55e67d8dc2110276eed4cf2a8a0afa.
2010-06-16s4-smbtorture: only pull info when status code indicates success in ↵Günther Deschner1-3/+11
smbcli_rap_netprintqgetinfo(). Guenther
2010-06-11s3-auth: Fix valgrind warning (unitialized var) in samu_to_SamInfo3().Günther Deschner1-5/+7
Guenther s3:auth do not fail if there are 0 group sids Signed-off-by: Günther Deschner <gd@samba.org>
2010-06-11s3:auth fix samu->info3 conversionSimo Sorce1-0/+3
Some pdb_get_ functions where missing because of previous mis-patching
2010-06-10s3:misc make use of server_[event/messaging]_context directlyAndreas Schneider1-1/+1
Untangle these functions from smbd specific dependencies so they can be freely used in multiple servers.
2010-06-08Revert "s3:auth Change auth_ntlmssp_server_info API to return NTSTATUS"Volker Lendecke1-6/+4
This reverts commit edba46ce94c335411ab337eeb4ef6f88fb3aae80. Conflicts: source3/auth/auth_ntlmssp.c
2010-06-07s3:auth add hooks to indicate if signing or sealing is desired with NTLMSSPAndrew Bartlett1-0/+10
This allows the right hooks to be called in GENSEC when s3compat implements the auth_ntlmssp interface. Otherwise, we can't do the signing or sealing as we have not negoitated it's use. Andrew Bartlett
2010-06-07s3:auth Change auth_ntlmssp_server_info API to return NTSTATUSAndrew Bartlett1-4/+6
It's nicer to have an NTSTATUS return, and in s3compat there may be a reason other than 'no memory' why this can fail. Andrew Bartlett
2010-06-07s3:auth Rename user_info->domain -> user_info->mapped.domain_nameAndrew Bartlett9-37/+37
This is closer to the structure I want for a common struct auth_usersupplied_info. Andrew Bartlett
2010-06-07s3:auth Rename user_info->client_domain -> user_info->client.domain_nameAndrew Bartlett5-8/+8
This is closer to the structure I want for a common struct auth_usersupplied_info. Andrew Bartlett
2010-06-07s3:auth Rename user_info->internal_username -> user_info->mapped.account_nameAndrew Bartlett11-30/+30
This is closer to the structure I want for a common struct auth_usersupplied_info. Andrew Bartlett
2010-06-07s3:auth Rename user_info->smb_name -> user_info->client.account_nameAndrew Bartlett10-29/+29
This is closer to the structure I want for a common struct auth_usersupplied_info. Andrew Bartlett
2010-06-07s3:auth make sure the primary group sid is usableSimo Sorce1-13/+30
This function was previously performed under the cover by converting back and forth from info3 to samu and then later from samu to info3. Since we now shortcircuit that in some cases, check explicitly using get_primary_group_sid() Signed-off-by: Andrew Bartlett <abartlet@samba.org>
2010-06-07s3:auth return the full passwd struct from check_accountSimo Sorce1-12/+6
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
2010-06-07s3:auth remove unused structure memberSimo Sorce2-106/+2
sids are now completely handled using info3, remove dead code that fills server info sids and the structure members themselves Signed-off-by: Andrew Bartlett <abartlet@samba.org>
2010-06-07s3:auth create nt token from info3 directlySimo Sorce2-38/+162
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
2010-06-07s3:auth handle unix domain sids in samuSimo Sorce3-38/+129
When we generate a user out of thin air we may end up adding sids that are not part of the sam domain (unix domain sids). Handle the case and preserve these sids as extra sids. Signed-off-by: Andrew Bartlett <abartlet@samba.org>
2010-06-07s3:auth set the resolved user sid in the fake sam accountSimo Sorce1-0/+3
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
2010-06-07s3:auth check the user is valid firstSimo Sorce1-43/+39
It makes no sense to go through all the hoops to build samu and convert it to info3, just to discard them later if the user was not valid. Signed-off-by: Andrew Bartlett <abartlet@samba.org>
2010-06-07s3:auth make sure we set the right usernameSimo Sorce1-0/+5
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
2010-06-04s3-auth: Moved smbd user functions to a generic place.Andreas Schneider1-0/+406
Reviewed-by: Simo Sorce <idra@samba.org>
2010-06-01s3:auth Rename wksta_name -> workstation_name in auth_usersupplied_infoAndrew Bartlett8-29/+29
2010-05-31s3:smbd map_username() doesn't need sconn anymoreSimo Sorce1-4/+2
Signed-off-by: Andreas Schneider <asn@samba.org>
2010-05-31s3-auth: add "system" bool flag to auth_serversupplied_info.Günther Deschner1-1/+10
Guenther
2010-05-31s3:ntlmssp Use a TALLOC_CTX for ntlmssp_sign_packet() and ntlmssp_seal_packet()Andrew Bartlett1-2/+4
This ensures the results can't be easily left to leak. Andrew Bartlett Signed-off-by: Stefan Metzmacher <metze@samba.org> Signed-off-by: Günther Deschner <gd@samba.org>