Age | Commit message (Collapse) | Author | Files | Lines | |
---|---|---|---|---|---|
2010-11-30 | s3-waf: convert TOKEN_UTIL into a subsystem. | Günther Deschner | 1 | -2/+6 | |
Guenther | |||||
2010-11-10 | Fix memleak I accidently introduced when reading from tdb. | Jeremy Allison | 1 | -0/+1 | |
Autobuild-User: Jeremy Allison <jra@samba.org> Autobuild-Date: Wed Nov 10 01:56:21 UTC 2010 on sn-devel-104 | |||||
2010-11-10 | Ensure we check the return from make_user_info before dereferencing the ↵ | Jeremy Allison | 1 | -2/+2 | |
value returned by it. Jeremy. | |||||
2010-11-10 | Remove fstring from map_username. Create a more sane interface than the ↵ | Jeremy Allison | 4 | -77/+155 | |
called-parameter-is-modified. Jeremy. | |||||
2010-11-09 | s3: Quieten a bogus error message | Volker Lendecke | 1 | -3/+1 | |
This happens if you set "auth methods = winbind" without a fallback method. The return NT_STATUS_LOGON_FAILURE; is not strictly require here, because we fall through to the equivalent statement a few lines down, but it makes the code a bit clearer IMO. Autobuild-User: Volker Lendecke <vlendec@samba.org> Autobuild-Date: Tue Nov 9 20:15:59 UTC 2010 on sn-devel-104 | |||||
2010-11-05 | s3: Make proper use of sid_check_is_in_xx routines | Volker Lendecke | 1 | -2/+2 | |
Autobuild-User: Volker Lendecke <vlendec@samba.org> Autobuild-Date: Fri Nov 5 15:35:59 UTC 2010 on sn-devel-104 | |||||
2010-11-05 | s3: Fix a typo | Volker Lendecke | 1 | -1/+1 | |
2010-10-20 | Make getpwnam_alloc() static to lib/username.c, and ensure all username ↵ | Jeremy Allison | 3 | -6/+6 | |
lookups go through Get_Pwnam_alloc(), which is the correct wrapper function. We were using it *some* of the time anyway, so this just makes us properly consistent. Jeremy. Autobuild-User: Jeremy Allison <jra@samba.org> Autobuild-Date: Wed Oct 20 16:02:12 UTC 2010 on sn-devel-104 | |||||
2010-10-20 | s3-waf: move RPC_CLIENT_SCHANNEL into a subsystem. | Günther Deschner | 1 | -0/+1 | |
Guenther | |||||
2010-10-15 | s3-rpc_server: Make auth_serversupplied_info const. | Andreas Schneider | 1 | -1/+1 | |
2010-10-14 | s3-auth Use security_token_debug() from common code | Andrew Bartlett | 2 | -27/+1 | |
This prints the security token including the privileges as strings instead of just a bitmap. Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org> | |||||
2010-10-14 | s3-auth use security_token_has_sid() from the common code | Andrew Bartlett | 1 | -9/+2 | |
The wrapper call is left here to avoid changing semantics for the NULL parameter case. Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org> | |||||
2010-10-12 | libcli/security Provide a common, top level libcli/security/security.h | Andrew Bartlett | 3 | -3/+3 | |
This will reduce the noise from merges of the rest of the libcli/security code, without this commit changing what code is actually used. This includes (along with other security headers) dom_sid.h and security_token.h Andrew Bartlett Autobuild-User: Andrew Bartlett <abartlet@samba.org> Autobuild-Date: Tue Oct 12 05:54:10 UTC 2010 on sn-devel-104 | |||||
2010-10-08 | s3-waf: slowly getting modules to match how they look like in old build. | Günther Deschner | 1 | -19/+19 | |
Guenther Autobuild-User: Günther Deschner <gd@samba.org> Autobuild-Date: Fri Oct 8 09:31:01 UTC 2010 on sn-devel-104 | |||||
2010-09-28 | s3-waf: add AUTH_SCRIPT module to AUTH subsystem (which is build as shared | Günther Deschner | 1 | -0/+7 | |
module by default). Guenther | |||||
2010-09-28 | s3-waf: fix dependencies in most of our module subsystems. | Günther Deschner | 1 | -6/+2 | |
Guenther | |||||
2010-09-28 | s3-auth_util: make sure the system server info actually contains S-1-5-18. | Günther Deschner | 1 | -0/+9 | |
Without this, all security descriptor checks for the winreg spoolss backend fail and make our spoolss system in its current shape basically unusable. Andreas, please check. Guenther | |||||
2010-09-27 | s3-waf: move auth subsystem to auth/wscript_build. | Günther Deschner | 1 | -0/+84 | |
Guenther | |||||
2010-09-26 | s3: Remove talloc_autofree_context() from get_root_nt_token() | Volker Lendecke | 1 | -1/+1 | |
The memcache_add_talloc() later on steals it anyway | |||||
2010-09-26 | s3: Lift talloc_autofree_context() from make_auth_context_fixed() | Volker Lendecke | 1 | -3/+4 | |
2010-09-26 | s3: Lift talloc_autofree_context() from make_auth_context_subsystem() | Volker Lendecke | 3 | -6/+11 | |
2010-09-26 | s3: Lift talloc_autofree_context() from make_auth_context_text_list() | Volker Lendecke | 1 | -3/+6 | |
2010-09-26 | s3: Lift talloc_autofree_context() from make_auth_context() | Volker Lendecke | 1 | -3/+7 | |
2010-09-26 | s3: Fix a memleak in make_new_server_info_system() | Volker Lendecke | 1 | -0/+1 | |
2010-09-26 | s3: Remove talloc_autofree_context() from init_system_info() | Volker Lendecke | 1 | -1/+2 | |
2010-09-25 | s3: Fix a typo | Volker Lendecke | 1 | -1/+1 | |
2010-09-20 | s3-util: use shared dom_sid_dup. | Günther Deschner | 2 | -6/+7 | |
Guenther | |||||
2010-09-20 | s3-util_sid: use shared dom_sid_compare_auth and dom_sid_equal_X functions. | Günther Deschner | 2 | -4/+5 | |
Guenther | |||||
2010-09-16 | libcli/auth/ntlmssp Be clear about talloc parents for session keys | Andrew Bartlett | 1 | -9/+16 | |
The previous API was not clear as to who owned the returned session key. This fixes a valgrind-found use-after-free in the NTLMSSP key derivation code, and avoids making allocations - we steal and zero instead. Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org> | |||||
2010-09-11 | s3-privs Call security_token_set_privilege() rather than manual assignment | Andrew Bartlett | 1 | -1/+1 | |
This avoids as much direct modifiction of the bitmask as possible. Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org> | |||||
2010-09-11 | s3-privs Inline dump_se_priv into callers now that it's just a uint64_t | Andrew Bartlett | 1 | -1/+1 | |
The previous 128 bit structure needed this helper function. Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org> | |||||
2010-09-11 | s3:auth Remove NT_USER_TOKEN | Andrew Bartlett | 2 | -8/+8 | |
The all UPPER case typedef is no longer the preferred Samba style and this makes it easier to see that this is the IDL-derivied structure Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org> | |||||
2010-09-11 | s3-auth Change struct nt_user_token -> struct security_token | Andrew Bartlett | 1 | -14/+14 | |
This common structure is defined in security.idl Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org> | |||||
2010-09-11 | s3-auth Change type of num_sids to uint32_t | Andrew Bartlett | 1 | -5/+7 | |
size_t is overkill here, and in struct security_token in the num_sids is uint32_t. This includes a change to the prototype of add_sid_to_array() and add_sid_to_array_unique(), which has had a number of consequnetial changes as I try to sort out all the callers using a pointer to the number of sids. Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org> | |||||
2010-09-09 | s3-auth: Added get_server_info_system function. | Andreas Schneider | 1 | -0/+5 | |
2010-09-01 | s3-auth: fix uninitialized error code in get_guest_info3(). | Günther Deschner | 1 | -2/+1 | |
Guenther | |||||
2010-08-31 | s3-auth: remove global include of krb5pac.h. | Günther Deschner | 2 | -0/+2 | |
Guenther | |||||
2010-08-31 | s3-auth: remove unused variable in check_sam_security(). | Günther Deschner | 1 | -1/+1 | |
Guenther | |||||
2010-08-31 | s3-auth Rename NT_USER_TOKEN privileges -> privilege_mask | Andrew Bartlett | 1 | -3/+3 | |
This is closer to the struct security_token from security.idl Andrew Bartlett | |||||
2010-08-31 | s3-auth Rename NT_USER_TOKEN user_sids -> sids | Andrew Bartlett | 2 | -29/+29 | |
This is closer to the struct security_token from security.idl | |||||
2010-08-30 | s3-auth: The unlock of the account is now done by the get_sampwnam call. | Andreas Schneider | 1 | -5/+2 | |
Signed-off-by: Simo Sorce <idra@samba.org> | |||||
2010-08-30 | s3-auth: Use SamInfo3_for_guest to create guest server_info. | Andreas Schneider | 1 | -19/+70 | |
Signed-off-by: Simo Sorce <idra@samba.org> | |||||
2010-08-30 | s3-auth: add helper to get server_info out of kerberos info | Simo Sorce | 1 | -0/+100 | |
Signed-off-by: Günther Deschner <gd@samba.org> | |||||
2010-08-30 | s3-auth: Add helper function to retrieve the unix user from a kerberos ticket | Simo Sorce | 1 | -0/+172 | |
Signed-off-by: Günther Deschner <gd@samba.org> | |||||
2010-08-29 | s3: Remove a use of smbd_server_fd | Volker Lendecke | 1 | -1/+1 | |
This disables different socket options per user for ntlmssp authentiation, a change in behaviour which is exotic enough I believe. | |||||
2010-08-28 | s3: Remove smbd_server_conn() from check_unix_security | Volker Lendecke | 1 | -7/+2 | |
2010-08-28 | s3: Lift smbd_server_fd() from pass_check() | Volker Lendecke | 2 | -7/+8 | |
2010-08-28 | s3: Lift smbd_server_fd() from password_check() | Volker Lendecke | 1 | -11/+13 | |
2010-08-28 | s3: Fix some nonempty blank lines | Volker Lendecke | 1 | -15/+15 | |
2010-08-28 | s3: Fix smb_pam_passcheck | Volker Lendecke | 1 | -2/+2 | |