summaryrefslogtreecommitdiff
path: root/source3/auth
AgeCommit message (Collapse)AuthorFilesLines
2007-10-10r17022: Fix the build farm -- maybe this is the real fix, testing moreVolker Lendecke1-1/+2
(This used to be commit 19d02690002a35cb6e0204db236d2b768e48c6d8)
2007-10-10r17016: Different and smaller fix for the valid users = username problem.Volker Lendecke1-1/+7
If no winbind is around, the best we can do to get the user's token correct is to ask unix via create_token_from_username. More investigation is needed if this also fixes the +groupname for unmapped groups problems more cleanly. Volker (This used to be commit f6e3ee147ffde572532fb44b619dda01388d4a31)
2007-10-10r17011: Back out r17010 after talking to Jerry. Another fix pending...Volker Lendecke1-34/+9
Volker (This used to be commit 7a629118ee6f468505172147724f7f532f0f4a4f)
2007-10-10r17010: If winbind is not around, add S-1-22-1-<uid> to the user's token.Volker Lendecke1-9/+34
See the comment in the patch for the reason. Volker (This used to be commit 5e07ab750af3744e1ee5bfc813d5c6532aff4ecb)
2007-10-10r16945: Sync trunk -> 3.0 for 3.0.24 code. Still needJeremy Allison3-29/+95
to do the upper layer directories but this is what everyone is waiting for.... Jeremy. (This used to be commit 9dafb7f48ca3e7af956b0a7d1720c2546fc4cfb8)
2007-10-10r16865: This is a proposal to fix bug 3915. Before sending patches around, ↵Volker Lendecke1-6/+17
this is what svn is for. The idea is that we fall back to a pure unix user with S-1-22 SIDs in the token in case anything weird is going on with the 'force user'. Volker (This used to be commit 9ec5ccfe851ac8a1f88b88c8c8461a5cf75b4c57)
2007-10-10r16864: Intermediate checkin -- swap the sid_check_is_in_unix_users andVolker Lendecke1-38/+38
sid_check_is_in_our_domain cases. Volker (This used to be commit dc403cec88d91fdeb09cbd04321d88bbdc0f490c)
2007-10-10r16766: A warning found by RHEL3. This might actually be 3.0.23 code, maybe ↵Volker Lendecke1-1/+1
there are vasprintf implementations that don't like a NULL format. Volker (This used to be commit 03c665c307e518c9ff66096904873266b145637c)
2007-10-10r16749: BUG 3905: don't fail in create_local_nt_token() when aGerald Carter1-3/+4
checking for the builtin Administrators group membership. security = server has no domain info in secrets.tdb (This used to be commit fa477969fbbcd9f707461a2d9015bebf719ddfbb)
2007-10-10r16632: Fix bug #3882 reported by jason@ncac.gwu.edu.Jeremy Allison1-1/+1
Jeremy. (This used to be commit 6b39f53e43572fe29fc037a36328387a0b1bb423)
2007-10-10r16471: Bug reported by Vitaly Protsko <villy@sft.ru> in 3.0.23rc1.Gerald Carter1-0/+25
Add missing automatic add of the Administrators SID in the absence of winbindd and precense of Domain Admins SID in the user's token. (This used to be commit ce7846d6f19f63ca99179b75e6f2195cc593795f)
2007-10-10r16241: Fix Klocwork #106 and others like it.Jeremy Allison1-10/+30
Make 2 important changes. pdb_get_methods() returning NULL is a *fatal* error. Don't try and cope with it just call smb_panic. This removes a *lot* of pointless "if (!pdb)" handling code. Secondly, ensure that if samu_init() fails we *always* back out of a function. That way we are never in a situation where the pdb_XXX() functions need to start with a "if (sampass)" test - this was just bad design, not defensive programming. Jeremy. (This used to be commit a0d368197d6ae6777b7c2c3c6e970ab8ae7ca2ae)
2007-10-10r16230: Fix Klocwork #861 and others. localtime and asctimeJeremy Allison2-5/+26
can return NULL. Ensure we check all returns correctly. Jeremy. (This used to be commit 6c61dc8ed6d84f310ef391fb7700e93ef42c4afc)
2007-10-10r16209: Klocwork bug #66, ensure no null deref.Jeremy Allison1-1/+8
Jeremy. (This used to be commit 79e693798cf322071ea64a4014a01ad9eaba73e8)
2007-10-10r16204: Fix Klocwork # 14Volker Lendecke1-3/+5
localtime() can return NULL. Volker (This used to be commit 07c5dcb8633e6fadb596dc5a22d8d31b2e16a3ef)
2007-10-10r16150: Fix possible NULL dereference found by Klocwork ID # 17Volker Lendecke1-3/+2
(This used to be commit 3159bd3a4e3ad70c60fea4cacc892be9f1d71ab9)
2007-10-10r16141: Dummy commit to make the build farm re-test against Samba4 16140Volker Lendecke1-2/+1
(This used to be commit a1fcacf75683e4c08236bb4cc4164678ea1a1ce4)
2007-10-10r16076: Fix for machine password timeout overflow from Shlomi YaakobovichJeremy Allison1-1/+1
<Shlomi@exanet.com>. Jeremy. (This used to be commit 5cd234a1fff1e9d025eea6600649e56c997eafc2)
2007-10-10r15676: Fix meaningless debug statement from uninitialized variable.Jeremy Allison1-3/+1
Spotted by "John E. Malmberg" <wb8tyw@qsl.net>. Jeremy. (This used to be commit ff3fe39b837e0d0de2edaa284c2dd7d1c8161c46)
2007-10-10r15600: Correctly fill in the gid for local users.Volker Lendecke1-0/+6
Volker (This used to be commit 6071dd5db0dbb79a80b248ab93942911bf08fd2b)
2007-10-10r15549: removing rhosts and 'hosts equiv' authentication featuresGerald Carter1-293/+0
(This used to be commit d19dad88155f985f113c667b6bdad5a1b25eca18)
2007-10-10r15476: Transfer the was_mapped flag from user_info to server_info also in ↵Volker Lendecke2-0/+6
auth_sam and auth_domain. Thanks for Simo to point this out. Volker (This used to be commit 293b89dfb109d6e220ced433f025cf987aa1f500)
2007-10-10r15475: Ugly and disgusting patch to fix the username map problem I created byVolker Lendecke3-13/+46
changing the token generation. I *hate* this code! Jerry, you have been looking at this as well, can you double-check that I did not screw it up? Thanks, Volker (This used to be commit 2765c4ff8d44c970db3e075b0a2412662f1936c6)
2007-10-10r15472: Remove an unused function parameterVolker Lendecke3-3/+0
(This used to be commit d2f39ae7fe79fd31846c555849655023a2d1cbc7)
2007-10-10r15393: remove extra call to fallback user creation on member servers; it's ↵Gerald Carter1-7/+2
handled by the smb_getpwnam() call deeper in (This used to be commit 7433dba78bda27cd6366a49b0efc10a387439ccd)
2007-10-10r15368: Remove some dead code. -- paulgPaul Green1-8/+0
(This used to be commit e1bd357fe87a66861d092fcdbdde1ff6ffcc8cf2)
2007-10-10r15285: Fix the build.Paul Green1-1/+2
(This used to be commit 2270a5196db071bbf15aed92637a24f81d179cd5)
2007-10-10r15283: Oh yeah. The build farm doesn't do much with head. OK, here is the ↵Paul Green2-3/+3
patch to SAMBA_3_0 to declare prototypes for the initialization functions. These are the same changes I just made to head. --paulg (This used to be commit 17774387ad879b6a72dd1cf406326318add31b04)
2007-10-10r15088: Remove all time() and gettimeofday() calls out of the mainlineJeremy Allison1-3/+1
packet processing code. Only do these when needed (ie. in the idle timeout code). We drop an unneccessary global here too. Jeremy. (This used to be commit 8272a5ab0605fcf95527143c4f909aa1008e5b94)
2007-10-10r15086: Get defensive about creating user accounts when winbinddGerald Carter1-2/+5
fails (but is present). (This used to be commit 77fb19c45dcb07f5b675831979fbd74a99e30638)
2007-10-10r15053: fix portabilities issues between 32-bit winbind clients and a 64-bit ↵Gerald Carter1-3/+3
winbindd server (This used to be commit a95d11345e76948b147bbc1f29a05c978d99a47a)
2007-10-10r14634: Many bug fixes thanks to train rides and overnight stays in airportsGerald Carter1-2/+2
* Finally fix parsing idmap uid/gid ranges not to break with spaces surrounding the '-' * Allow local groups to renamed by adding info level 2 to _samr_set_aliasinfo() * Fix parsing bug in _samr_del_dom_alias() reply * Prevent root from being deleted via Samba * Prevent builting groups from being renamed or deleted * Fix bug in pdb_tdb that broke renaming user accounts * Make sure winbindd is running when trying to create the Administrators and Users BUILTIN groups automatically from smbd (and not just check the winbind nexted groups parameter value). * Have the top level rid allocator verify that the RID it is about to grant is not already assigned in our own SAM (retries up to 250 times). This fixes passdb with existing SIDs assigned to users from the RID algorithm but not monotonically allocating the RIDs from passdb. (This used to be commit db1162241f79c2af8afb7d8c26e8ed1c4a4b476f)
2007-10-10r14578: fix incorrect comment in fill_sam_account(). This function is ↵Gerald Carter1-4/+1
called from multiple places now (krb5, winbindd auth and domain_client_validate() (This used to be commit ddad66ec58d09f89105ceb822b7bea534dafd9e6)
2007-10-10r14421: This does two thingsGerald Carter1-0/+49
* Automatically creates the BUILTIN\Users group similar to how BUILTIN\Administrators is done. This code does need to be cleaned up considerably. I'll continue to work on this. * The important fix is for getusergroups() when dealing with a local user and nested groups. Now I can run the following successfully: $ su - jerry -c groups users BUILTIN\users (This used to be commit f54d911e686ffd68ddc6dbc073987b9d8eb2fa5b)
2007-10-10r14403: * modifies create_local_nt_token() to create a BUILTIN\AdministratorsGerald Carter1-38/+97
group IFF sid_to_gid(S-1-5-32-544) fails and 'winbind nested groups = yes' * Add a SID domain to the group mapping enumeration passdb call to fix the checks for local and builtin groups. The SID can be NULL if you want the old semantics for internal maintenance. I only updated the tdb group mapping code. * remove any group mapping from the tdb that have a gid of -1 for better consistency with pdb_ldap.c. The fixes the problem with calling add_group_map() in the tdb code for unmapped groups which might have had a record present. * Ensure that we distinguish between groups in the BUILTIN and local machine domains via getgrnam() Other wise BUILTIN\Administrators & SERVER\Administrators would resolve to the same gid. * Doesn't strip the global_sam_name() from groups in the local machine's domain (this is required to work with 'winbind default domain' code) Still todo. * Fix fallback Administrators membership for root and domain Admins if nested groups = no or winbindd is not running * issues with "su - user -c 'groups'" command * There are a few outstanding issues with BUILTIN\Users that Windows apparently tends to assume. I worked around this presently with a manual group mapping but I do not think this is a good solution. So I'll probably add some similar as I did for Administrators. (This used to be commit 612979476aef62e8e8eef632fa6be7d30282bb83)
2007-10-10r14130: Remove make_server_info_pac alltogether, make_server_info_info3 doesGünther Deschner1-89/+0
already do what we need. Guenther (This used to be commit 773e33c9717ae04f48983ddc49f7619a97523603)
2007-10-10r14129: Add the group sids from the Kerberos PAC to the user token.Günther Deschner1-1/+28
Guenther (This used to be commit 1280d79111ae56c6a1b4daf7a1d6d413d1f4df64)
2007-10-10r14112: * fix checks on return code from register_vuid() which could actuallyGerald Carter1-2/+0
fail and we would still return success in the SMBsesssetup reply :-( * Make sure to create the local token for the server_fino struct in reply_spnego_kerberos() so that register_vuid() does not fail. (how did this ever work?) (This used to be commit 8dafa45b97020d1aceb027a85e18401c965bf402)
2007-10-10r14042: check that create_local_nt_token() succeeds before dereferncing the ↵Gerald Carter1-0/+4
NT_USER_TOKEN* (This used to be commit 4e5df4cb643886144d0fff4cac303e493c825955)
2007-10-10r13981: Fix Coverity bug # 138Volker Lendecke1-1/+1
(This used to be commit 303067ba3bdf34ab501f0d99e386cfdb6ab10233)
2007-10-10r13711: * Correctly handle acb_info/acct_flags as uint32 not as uint16.Günther Deschner2-2/+7
* Fix a couple of related parsing issues. * in the info3 reply in a samlogon, return the ACB-flags (instead of returning zero) Guenther (This used to be commit 5b89e8bc24f0fdc8b52d5c9e849aba723df34ea7)
2007-10-10r13706: Fix typo in typo fix. (-:Tim Potter1-1/+1
(This used to be commit 06be7711269acbcd481ebdef5b9493dab138c81c)
2007-10-10r13705: Fix a typo (and janitor for myself).Tim Potter1-1/+1
(This used to be commit 37b0166d3f15bfcf155b0c3d927cc838b8f55c3c)
2007-10-10r13679: Commiting the rm_primary_group.patch posted on samba-technicalGerald Carter1-5/+9
* ignore the primary group SID attribute from struct samu* * generate the primary group SID strictlky from the Unix primary group when dealing with passdb users * Fix memory leak in original patch caused by failing to free a talloc * * add wrapper around samu_set_unix() to prevent exposing the create BOOL to callers. Wrappers are samu_set_unix() and samu-allic_rid_unix() (This used to be commit bcf269e2ec6630b78d909010fabd3b69dd6dda84)
2007-10-10r13590: * replace all pdb_init_sam[_talloc]() calls with samu_new()Gerald Carter4-39/+46
* replace all pdb_{init,fill}_sam_pw() calls with samu_set_unix() (This used to be commit 6f1afa4acc93a07d0ee9940822d7715acaae634f)
2007-10-10r13576: This is the beginnings of moving the SAM_ACCOUNT data structureGerald Carter5-54/+55
to make full use of the new talloc() interface. Discussed with Volker and Jeremy. * remove the internal mem_ctx and simply use the talloc() structure as the context. * replace the internal free_fn() with a talloc_destructor() function * remove the unnecessary private nested structure * rename SAM_ACCOUNT to 'struct samu' to indicate the current an upcoming changes. Groups will most likely be replaced with a 'struct samg' in the future. Note that there are now passbd API changes. And for the most part, the wrapper functions remain the same. While this code has been tested on tdb and ldap based Samba PDC's as well as Samba member servers, there are probably still some bugs. The code also needs more testing under valgrind to ensure it's not leaking memory. But it's a start...... (This used to be commit 19b7593972480540283c5bf02c02e5ecd8d2c3f0)
2007-10-10r13571: Replace all calls to talloc_free() with thye TALLOC_FREE()Gerald Carter4-18/+18
macro which sets the freed pointer to NULL. (This used to be commit b65be8874a2efe5a4b167448960a4fcf6bd995e2)
2007-10-10r13541: we have to wrap pen_enum_group_memberships() in become/unbecome_root()Gerald Carter1-1/+5
blocks. This fixes the problem I had with missing groups in the net_samlogon() reply from a Samba PDC. (This used to be commit 06b83fe35048c84dfd68be2ee656317c51e89bce)
2007-10-10r13494: Merge the stuff I've done in head the last days.Volker Lendecke1-0/+66
Volker (This used to be commit bb40e544de68f01a6e774753f508e69373b39899)
2007-10-10r13460: by popular demand....Gerald Carter1-46/+8
* remove pdb_context data structure * set default group for DOMAIN_RID_GUEST user as RID 513 (just like Windows) * Allow RID 513 to resolve to always resolve to a name * Remove auto mapping of guest account primary group given the previous 2 changes (This used to be commit 7a2da5f0cc05c1920c664c9a690a23bdf854e285)