Age | Commit message (Collapse) | Author | Files | Lines |
|
This is not required any more now that they are the same structure,
and shows the value in having a common structure across the codebase.
In particular, now any additional state that needs to be added to the
auth_session_info will be transparently available across the named
pipe proxy, without a need to modify the mapping layer.
Andrew Bartlett
Signed-off-by: Andrew Tridgell <tridge@samba.org>
|
|
This patch finally has the same structure being used to describe the
authorization data of a user across the whole codebase.
This will allow of our session handling to be accomplished with common code.
Andrew Bartlett
Signed-off-by: Andrew Tridgell <tridge@samba.org>
|
|
This makes auth3_session_info identical to auth_session_info
The logic to convert the info3 to a struct auth_user_info is
essentially moved up the stack from the named pipe proxy in
source3/rpc_server to create_local_token().
Andrew Bartlett
Signed-off-by: Andrew Tridgell <tridge@samba.org>
|
|
This ensures that the exact same token is used on both sides of the
pipe, when a full token is passed (ie, source3 to source3, but not yet
source4 to to source3 as the unix info isn't calculated there yet).
If we do not have unix_token, we fall back to the old behaviour and go
via create_local_token(). (However, in this case the security_token
is now overwritten, as it is better to have it match the rest of the
session_info create_local_token() builds).
Andrew Bartlett
Signed-off-by: Andrew Tridgell <tridge@samba.org>
|
|
This seperation between the structure used inside the auth modules and
in the wider codebase allows for a gradual migration from struct
auth_serversupplied_info -> struct auth_session_info (from auth.idl)
The idea here is that we keep a clear seperation between the structure
before and after the local groups, local user lookup and the session
key modifications have been processed, as the lack of this seperation
has caused issues in the past.
Andrew Bartlett
Signed-off-by: Andrew Tridgell <tridge@samba.org>
|
|
Signed-off-by: Andrew Tridgell <tridge@samba.org>
|
|
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
|
|
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
|
|
Using the standard macro makes it easier to move code into common, as
TALLOC_ZERO_P isn't standard talloc.
|
|
For me this fixes
==1950== Invalid read of size 4
==1950== at 0x81EBED5: GUID_equal (uuid.c:239)
==1950== by 0x81E51AB: ndr_syntax_id_equal (ndr_misc.c:35)
==1950== by 0x82EB0D1: get_iface_from_syntax (rpc_common.c:160)
==1950== by 0x82EB25E: get_pipe_name_from_syntax (rpc_common.c:179)
==1950== by 0x8509E4F: close_policy_by_pipe (rpc_handles.c:322)
==1950== by 0x8507941: close_internal_rpc_pipe_hnd (rpc_ncacn_np.c:109)
==1950== by 0x468270: _talloc_free_internal (talloc.c:826)
==1950== by 0x467EE0: _talloc_free_internal (talloc.c:1268)
==1950== by 0x467EE0: _talloc_free_internal (talloc.c:1268)
==1950== by 0x467EE0: _talloc_free_internal (talloc.c:1268)
==1950== by 0x467EE0: _talloc_free_internal (talloc.c:1268)
==1950== by 0x80E6487: sam_trusted_domains (winbindd_samr.c:406)
==1950== Address 0x687ea4 is 20 bytes inside a block of size 40 free'd
==1950== at 0x58CDC: free (in /usr/local/lib/valgrind/vgpreload_memcheck-x86-freebsd.so)
==1950== by 0x8507812: free_pipe_rpc_context_internal (rpc_ncacn_np.c:74)
==1950== by 0x8507936: close_internal_rpc_pipe_hnd (rpc_ncacn_np.c:106)
==1950== by 0x468270: _talloc_free_internal (talloc.c:826)
==1950== by 0x467EE0: _talloc_free_internal (talloc.c:1268)
==1950== by 0x467EE0: _talloc_free_internal (talloc.c:1268)
==1950== by 0x467EE0: _talloc_free_internal (talloc.c:1268)
==1950== by 0x467EE0: _talloc_free_internal (talloc.c:1268)
==1950== by 0x80E6487: sam_trusted_domains (winbindd_samr.c:406)
==1950== by 0x80C2F85: trusted_domains (winbindd_cache.c:2820)
==1950== by 0x80D5188: winbindd_dual_list_trusted_domains (winbindd_misc.c:162)
==1950== by 0x80E987F: wb_child_request_trigger (winbindd_dual.c:437)
==1950==
Andreas, Guenther, please check!
Autobuild-User: Volker Lendecke <vlendec@samba.org>
Autobuild-Date: Sun Jun 5 13:19:39 CEST 2011 on sn-devel-104
|
|
|
|
|
|
|
|
strcasecmp_m() never needs to call to talloc, and via next_codepoint()
still has an ASCII fast-path bypassing iconv() calls.
Andrew Bartlett
|
|
This way we can configure which rpc service we actually want to connect to.
By default it uses an "embedded" interface and calls rpc_pipe_open_internal()
Signed-off-by: Günther Deschner <gd@samba.org>
Autobuild-User: Günther Deschner <gd@samba.org>
Autobuild-Date: Fri May 13 14:40:26 CEST 2011 on sn-devel-104
|
|
Guenther
Autobuild-User: Günther Deschner <gd@samba.org>
Autobuild-Date: Fri Apr 29 14:00:30 CEST 2011 on sn-devel-104
|
|
Guenther
|
|
This changes auth_session_info_transport to just be a wrapper, rather
than a copy that has to be kept in sync.
As auth_session_info was already wrapped in python, this required
changes to the existing pyauth wrapper and it's users.
Andrew Bartlett
|
|
|
|
Guenther
|
|
Guenther
|
|
Signed-off-by: Günther Deschner <gd@samba.org>
|
|
Signed-off-by: Günther Deschner <gd@samba.org>
|
|
Signed-off-by: Günther Deschner <gd@samba.org>
|
|
|
|
These variables, of type struct auth_serversupplied_info were poorly
named when added into 2001, and in good consistant practice, this has
extended all over the codebase in the years since.
The structure is also not ideal for it's current purpose. Originally
intended to convey the results of the authentication modules, it
really describes all the essential attributes of a session. This
rename will reduce the volume of a future patch to replaced these with
a struct auth_session_info, with auth_serversupplied_info confined to
the lower levels of the auth subsystem, and then eliminated.
(The new structure will be the output of create_local_token(), and the
change in struct definition will ensure that this is always run, populating
local groups and privileges).
Andrew Bartlett
Signed-off-by: Stefan Metzmacher <metze@samba.org>
|
|
This will allow the auth_serversupplied_info struct to be migrated
to auth_session_info easier.
Adnrew Bartlett
Signed-off-by: Andrew Tridgell <tridge@samba.org>
|
|
This changes the structure being used to convey the current user state
from the netlogon-derived 'netr_SamInfo3' structure to a purpose-built
structure that matches the internals of the Samba auth subsystem and
contains the final group list, as well as the final privilege set and
session key.
These previously had to be re-created on the server side of the pipe
each time.
Andrew Bartlett
Signed-off-by: Andrew Tridgell <tridge@samba.org>
|
|
metze
Autobuild-User: Volker Lendecke <vlendec@samba.org>
Autobuild-Date: Wed Feb 9 12:30:50 CET 2011 on sn-devel-104
|
|
They are needed for the callers in rpc_server/srv_pipe_hnd.c.
It seems I only looked at the caller in rpc_server/rpc_ncacn_np.c
when I've done the change of commit e55426fe7926ae6f8afe5fa6cfc009e0c3b54e38.
Thanks Volker for finding this :-)
metze
Autobuild-User: Stefan Metzmacher <metze@samba.org>
Autobuild-Date: Mon Feb 7 11:40:20 CET 2011 on sn-devel-104
|
|
metze
|
|
Autobuild-User: Andreas Schneider <asn@samba.org>
Autobuild-Date: Fri Oct 15 12:15:45 UTC 2010 on sn-devel-104
|
|
|
|
Guenther
|
|
Everything is using a talloc pointer now, no need to have an
accessor function to free data anymore.
Signed-off-by: Günther Deschner <gd@samba.org>
|
|
|
|
Signed-off-by: Andreas Schneider <asn@samba.org>
|
|
Signed-off-by: Andreas Schneider <asn@samba.org>
|