summaryrefslogtreecommitdiff
path: root/source3/smbd/password.c
AgeCommit message (Collapse)AuthorFilesLines
2012-01-05s3-auth use gensec directly rather than via auth_generic_stateAndrew Bartlett1-2/+2
This is possible because the s3 gensec modules are started as normal gensec modules, so we do not need a wrapper any more. Andrew Bartlett Signed-off-by: Stefan Metzmacher <metze@samba.org>
2011-08-03s3-auth set session_info->sanitized_username in create_local_token()Andrew Bartlett1-9/+1
Rather than passing this value around the callers, and eventually setting it in register_existing_vuid(), we simply pass it to create_local_token(). This also removes the need for auth_ntlmssp_get_username(). Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org>
2011-07-20s3-auth Remove seperate guest booleanAndrew Bartlett1-3/+6
Instead, we base our guest calculations on the presence or absense of the authenticated users group in the token, ensuring that we have only one canonical source of this important piece of authorization data Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org>
2011-07-20s3-auth Use the common auth_session_infoAndrew Bartlett1-1/+1
This patch finally has the same structure being used to describe the authorization data of a user across the whole codebase. This will allow of our session handling to be accomplished with common code. Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org>
2011-07-20s3-auth use auth_user_info not netr_SamInfo3 in auth3_session_infoAndrew Bartlett1-3/+3
This makes auth3_session_info identical to auth_session_info The logic to convert the info3 to a struct auth_user_info is essentially moved up the stack from the named pipe proxy in source3/rpc_server to create_local_token(). Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org>
2011-07-20s3-auth Use guest boolean in auth_user_info_unixAndrew Bartlett1-3/+3
Signed-off-by: Andrew Tridgell <tridge@samba.org>
2011-07-20s3-auth Use struct auth_user_info_unix for unix_name and sanitized_usernameAndrew Bartlett1-9/+10
This is closer to the layout of struct auth_session_info in auth.idl Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org>
2011-07-20s3-auth Use *unix_token rather than utok in struct auth3_session_infoAndrew Bartlett1-3/+9
This brings this structure one step closer to the struct auth_session_info. A few SMB_ASSERT calls are added in some key places to ensure that this pointer is initialised, to make tracing any bugs here easier in future. NOTE: Many of the users of this structure should be reviewed, as unix and NT access checks are mixed in a way that should just be done using the NT ACL. This patch has not changed this behaviour however. Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org>
2011-07-20s3-auth Use struct auth3_session_info outside the auth subsystemAndrew Bartlett1-1/+1
This seperation between the structure used inside the auth modules and in the wider codebase allows for a gradual migration from struct auth_serversupplied_info -> struct auth_session_info (from auth.idl) The idea here is that we keep a clear seperation between the structure before and after the local groups, local user lookup and the session key modifications have been processed, as the lack of this seperation has caused issues in the past. Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org>
2011-07-04s3-auth: Pass the remote_address down to user_info.Andreas Schneider1-4/+12
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
2011-05-06s3-auth: fixed bug with usernames longer than sizeof(char *)Andrew Tridgell1-3/+3
using sizeof(user) when user is "fstring user" as a C parameter actually returns sizeof(char *), which means that long usernames aren't allowed. Jeremy, you need a longer username :-) Cheers, Tridge Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2011-05-04Fix warning messages caused by addition of null check in fstrcpy macro.Jeremy Allison1-3/+3
2011-05-04Fix off-by-one when used with safe_strcpy.Jeremy Allison1-1/+1
2011-04-05s3-auth Rename user_session_key -> session_key to match auth_session_infoAndrew Bartlett1-1/+1
2011-03-30s3-auth: smbd needs auth.hGünther Deschner1-0/+1
Guenther
2011-03-30s3: include smbd/smbd.h where needed.Günther Deschner1-0/+1
Guenther
2011-03-30s3-includes: only include system/passwd.h when needed.Günther Deschner1-0/+1
Guenther
2011-02-22s3-auth Rename auth_serversupplied_info varaiables: server_info -> session_infoAndrew Bartlett1-26/+26
These variables, of type struct auth_serversupplied_info were poorly named when added into 2001, and in good consistant practice, this has extended all over the codebase in the years since. The structure is also not ideal for it's current purpose. Originally intended to convey the results of the authentication modules, it really describes all the essential attributes of a session. This rename will reduce the volume of a future patch to replaced these with a struct auth_session_info, with auth_serversupplied_info confined to the lower levels of the auth subsystem, and then eliminated. (The new structure will be the output of create_local_token(), and the change in struct definition will ensure that this is always run, populating local groups and privileges). Andrew Bartlett Signed-off-by: Stefan Metzmacher <metze@samba.org>
2011-02-10s3-auth Rename cryptic 'ptok' to security_tokenAndrew Bartlett1-1/+1
This will allow the auth_serversupplied_info struct to be migrated to auth_session_info easier. Adnrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-11-10Remove fstring from map_username. Create a more sane interface than the ↵Jeremy Allison1-3/+3
called-parameter-is-modified. Jeremy.
2010-10-20Make getpwnam_alloc() static to lib/username.c, and ensure all username ↵Jeremy Allison1-1/+1
lookups go through Get_Pwnam_alloc(), which is the correct wrapper function. We were using it *some* of the time anyway, so this just makes us properly consistent. Jeremy. Autobuild-User: Jeremy Allison <jra@samba.org> Autobuild-Date: Wed Oct 20 16:02:12 UTC 2010 on sn-devel-104
2010-08-17s3: Remove smbd_server_fd() from session_claimVolker Lendecke1-1/+1
2010-08-06s3-netlogon: remove global include of netlogon.h.Günther Deschner1-0/+1
This reduces precompiled headers by another 4 MB and also slightly speeds up the build. Guenther
2010-07-19s3-auth: Use talloc hierarchies to properly free auth_ntlmssp_state contextsSimo Sorce1-1/+1
Turn auth_ntlmssp_end into a destructor and attach it to auth_ntlmssp_state. Remote auth_ntlmssp_end and use TALLOC_FREE in the callers. Signed-off-by: Andrew Bartlett <abartlet@samba.org>
2010-07-05s3: Remove procid_self() from session_claim()Volker Lendecke1-1/+1
2010-06-17s3-waf: Work around missing *netgrent prototypes on OSX 10.4Kai Blin1-0/+11
2010-06-12s3: Remove smbd_server_conn from register_existing_vuidVolker Lendecke1-2/+2
2010-06-09Rename "allow_smb2" -> "using_smb2" and make the usage clearer.Jeremy Allison1-1/+1
2010-06-04s3-auth: Moved smbd user functions to a generic place.Andreas Schneider1-133/+0
Reviewed-by: Simo Sorce <idra@samba.org>
2010-05-31s3:smbd user_ok doesn't need sconn anymoreSimo Sorce1-7/+6
Signed-off-by: Andreas Schneider <asn@samba.org>
2010-05-31s3:smbd user_in_list() doesn't need sconn anymoreSimo Sorce1-5/+4
Signed-off-by: Andreas Schneider <asn@samba.org>
2010-05-31s3:smbd user_in_network() doesn't need sconn anymoreSimo Sorce1-6/+5
Signed-off-by: Andreas Schneider <asn@samba.org>
2010-05-31s3:smbd make yp cache local.Simo Sorce1-14/+8
The my_yp_domain variable is just a static cache needed to avoid making over and over expensive and potentially blocking calls to yp_get_default_domain(). Instead of keeping this onto the smbd_server_connection struct, just keep it local to the only function ever using this variable. This disentagle this function (and a number of calling functions) from having to pass around smbd_server_connection and thus having to link against smbd. It also removes a few ifdefs. Nothing changes from a global/local pov, as the smbd_server_connection variable passed around is also a global one. Signed-off-by: Andreas Schneider <asn@samba.org>
2010-05-28s3:auth use info3 in auth_serversupplied_infoSimo Sorce1-3/+3
Signed-off-by: Günther Deschner <gd@samba.org>
2010-05-17Plumb in krb5 to the SMB2 sessionsetup code. First cut of this code.Jeremy Allison1-1/+1
Jeremy.
2010-01-10s3: Remove the typedef for "auth_serversupplied_info"Volker Lendecke1-1/+1
2009-09-25s3:smbd/password - move list pointers into blocksMatthias Dieter Wallnöfer1-6/+6
2009-08-12s3:smbd: correctly invalidate vuids when SMB2 is usedStefan Metzmacher1-0/+4
metze
2009-07-14s3: make d9c0d58236 better readble and reduce indentationBjörn Jacke1-13/+13
2009-07-14s3: don't make same innetgr check twiceBjörn Jacke1-8/+11
2009-06-03s3:smbd: move tcon specific globals to struct smbd_server_connectionStefan Metzmacher1-1/+1
metze
2009-06-03s3:smbd: move more session specific globals to struct smbd_server_connectionStefan Metzmacher1-79/+112
metze
2009-06-03s3:smbd: move negprot related globals to struct smbd_server_connectionStefan Metzmacher1-4/+14
metze
2009-03-23s3:smbd: use new simplified snb_signing code in the serverStefan Metzmacher1-3/+5
We keep the seqnum/mid mapping in the smb_request structure. This also moves one global variable into the smbd_server_connection struct. metze
2009-01-20"userdom_struct" does not need "full_name" anymore -- unusedVolker Lendecke1-1/+0
2009-01-08s3:smbd: move all globals and static variables in globals.[ch]Stefan Metzmacher1-18/+8
The goal is to move all this variables into a big context structure. metze
2008-12-30Second part of the bugfix for #5933Volker Lendecke1-7/+13
Incrementing the next vuid did not correctly overflow Now we survive BENCH-SESSSETUP with -o 100000. Takes a while though :-) Thanks a lot to Ofer Tal <otsmb@shmoop.org> for reporting #5933
2008-12-30First part of bugfix for #5933Volker Lendecke1-3/+0
Ofer Tal <otsmb@shmoop.org> fully correctly noted that we're incrementing num_validated_vuids twice per session setup, but decrement it only once. Looking at sesssetup.c we always call register_initial_vuid() before register_existing_vuid(), so there's no point in incrementing it in register_existing_vuid(). Jeremy, please check!
2008-12-30Simplify invalidate_vuid slightlyVolker Lendecke1-4/+0
get_valid_user_struct_internal() checks for UID_FIELD_INVALID itself
2008-12-30Simplify is_partial_auth_vuid slightlyVolker Lendecke1-5/+1