Age | Commit message (Collapse) | Author | Files | Lines |
|
This is closer to the layout of struct auth_session_info in auth.idl
Andrew Bartlett
Signed-off-by: Andrew Tridgell <tridge@samba.org>
|
|
This brings this structure one step closer to the struct auth_session_info.
A few SMB_ASSERT calls are added in some key places to ensure that
this pointer is initialised, to make tracing any bugs here easier in
future.
NOTE: Many of the users of this structure should be reviewed, as unix
and NT access checks are mixed in a way that should just be done using
the NT ACL. This patch has not changed this behaviour however.
Andrew Bartlett
Signed-off-by: Andrew Tridgell <tridge@samba.org>
|
|
|
|
These variables, of type struct auth_serversupplied_info were poorly
named when added into 2001, and in good consistant practice, this has
extended all over the codebase in the years since.
The structure is also not ideal for it's current purpose. Originally
intended to convey the results of the authentication modules, it
really describes all the essential attributes of a session. This
rename will reduce the volume of a future patch to replaced these with
a struct auth_session_info, with auth_serversupplied_info confined to
the lower levels of the auth subsystem, and then eliminated.
(The new structure will be the output of create_local_token(), and the
change in struct definition will ensure that this is always run, populating
local groups and privileges).
Andrew Bartlett
Signed-off-by: Stefan Metzmacher <metze@samba.org>
|
|
This will allow the auth_serversupplied_info struct to be migrated
to auth_session_info easier.
Adnrew Bartlett
Signed-off-by: Andrew Tridgell <tridge@samba.org>
|
|
This matches the structure that new code is being written to,
and removes one more of the old-style named structures, and
the need to know that is is just an alias for struct dom_sid.
Andrew Bartlett
Signed-off-by: Günther Deschner <gd@samba.org>
|
|
Haven't checked this myself, but as I've already got several reports that Samba
won't compile against current OpenAFS anymore, I just believe Geza Gemes. This
patch only affects AFS code, so it should not hurt anything else.
Volker
|
|
(This used to be commit 344d69f95e217d16213eaa6b53141af6ab459708)
|
|
(This used to be commit c84d49429191423a81d558042fe949c26f5de5fe)
|
|
Thanks to vl for pointing this out.
(This used to be commit 76cf5a979bf3014b1de660520e538546b3676b23)
|
|
(This used to be commit ab0ee6e9a6a9eee317228f0c2bde254ad9a59b85)
|
|
(This used to be commit bb35e794ec129805e874ceba882bcc1e84791a09)
|
|
Remove all vestiges of pstring (except for smbctool as noted
in previous commit).
Jeremy
(This used to be commit 4c32a22ac50ada3275d2ffba3c1aa08bee7d1549)
|
|
one horror (pstring_clean_name()) which will have to
remain until I've removed all pstrings from the client code.
Jeremy.
(This used to be commit 1ea3ac80146b83c2522b69e7747c823366a2b47d)
|
|
(This used to be commit 5f205ab48d8ac3b7af573ea0be1ce095ab835448)
|
|
bugs in various places whilst doing this (places that assumed
BOOL == int). I also need to fix the Samba4 pidl generation
(next checkin).
Jeremy.
(This used to be commit f35a266b3cbb3e5fa6a86be60f34fe340a3ca71f)
|
|
(This used to be commit 87c91e4362c51819032bfbebbb273c52e203b227)
|
|
Jeremy.
(This used to be commit 407e6e695b8366369b7c76af1ff76869b45347b3)
|
|
to do the upper layer directories but this is what
everyone is waiting for....
Jeremy.
(This used to be commit 9dafb7f48ca3e7af956b0a7d1720c2546fc4cfb8)
|
|
Guenther
(This used to be commit 081409a724fce1f6e6f29bfcc824fd3f5ec6d9ff)
|
|
map'. This
fixes a rather weird problem where an algorithmic SID ended up as the
replacement for %s.
Volker
(This used to be commit 67dbc91b27aeeeab3cc1360137db1dd955728061)
|
|
Add 'log nt token command' parameter. If set, %s is replaced with the user
sid, and %t takes all the group sids.
Volker
(This used to be commit e7dc9fde45c750013ad07f584599dd51f8eb8a54)
|
|
tells the
AFS client when to throw away a token.
Thanks,
Volker
(This used to be commit 836a8277b2281bcdb6eab8339b05bec61b49eb74)
|
|
Thanks,
Volker
(This used to be commit 207625c7ab8ce41d7b59981e6a767dc299178335)
|
|
On systems with /dev/urandom, this avoids a change to secrets.tdb for every fork().
For other systems, we now only re-seed after a fork, and on startup.
No need to do it per-operation. This removes the 'need_reseed'
parameter from generate_random_buffer().
Andrew Bartlett
(This used to be commit 36741d3cf53a7bd17d361251f2bb50851cdb035f)
|
|
Split off the non-crypto related parts of lib/afs.c into
lib/afs_settoken.c. This makes wbinfo link without -lcrypto.
Commit vfs_afsacl.c, display & set AFS acls via the NT security editor.
Volker
(This used to be commit 43870a3fc1073cf7d60f1becae5c2ff98ab49439)
|
|
stream. This is to implement wbinfo -k that asks winbind for authentication
which then creates the AFS token for the authenticated user.
Volker
(This used to be commit 2df6750a079820826013360fb9e47f90bc8223a5)
|
|
is not significant in windows user names we should not lose information by
lower-casing the name before handing it to AFS.
Volker
(This used to be commit 6d2285b6d1599648661be47abaaa888419700d22)
|
|
This changes our behaviour when the setresuid call is available. We now not
only change the effective uid but also the real uid when becoming
unprivileged. This is mainly for improved AFS compatibility, as AFS selects
the token to send to the server based on the real uid of the process.
I tested this with a W2k server with two non-root 'runas' sessions. They come
in via a single smbd as two different users using two session setups. Samba on
Linux can still switch between the two uids, proved by two different files
created via those sessions.
Volker
(This used to be commit 556c62f93535c606122b22e7e843d9da9a1cd438)
|
|
afs share -- this is an AFS share, do AFS magic things
afs username map -- We need a way to specify the cell and possibly
weird username codings for several windows domains
in the afs cell
Volker
(This used to be commit 4a3f7a9356cd5068d9ed4fd6e2336d9bf7923fbd)
|
|
This implements some kind of improved AFS support for Samba on Linux with
OpenAFS 1.2.10. ./configure --with-fake-kaserver assumes that you have
OpenAFS on your machine. To use this, you have to put the AFS server's KeyFile
into secrets.tdb with 'net afskey'. If this is done, on each tree connect
smbd creates a Kerberos V4 ticket suitable for use by the AFS client and
gives it to the kernel via the AFS syscall. This is meant to be very
light-weight, so I did not link in a whole lot of libraries to be more
platform-independent using the ka_SetToken function call.
Volker
(This used to be commit 5775690ee8e17d3e98355b5147e4aed47e8dc213)
|