summaryrefslogtreecommitdiff
path: root/source3/smbd/sec_ctx.c
AgeCommit message (Collapse)AuthorFilesLines
2012-10-29Fix bug #9329 - Directory listing with SeBackup can crash smbd.Jeremy Allison1-0/+25
When we do a become_root()/unbecome_root() pair to temporarily raise privilege, this NULLs out the NT token. If we're within a become_root()/unbecome_root() pair then return the previous token on the stack as our NT token. This is what we should be using to check against NT ACLs in the file server. This copes with security context changing when removing a file on close under the context of another user (when 2 users have a file open, one sets delete on close and then the other user has to actually do the delete). Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Michael Adam <obnox@samba.org> Autobuild-User(master): Michael Adam <obnox@samba.org> Autobuild-Date(master): Mon Oct 29 16:26:20 CET 2012 on sn-devel-104
2012-09-10uid_t is a synonym for int on osXMatthieu Patou1-1/+1
This function is clearly osX oriented so we adapt the modifier to the target
2012-06-28Replace all uses of setXX[ug]id() and setgroups with samba_setXX[ug]id() calls.Jeremy Allison1-1/+2
Will allow thread-specific credentials to be added by modifying the central definitions. Deliberately left the setXX[ug]id() call in popt as this is not used in Samba.
2012-04-04First part of fix for bug 8837 - smbd crashes when deleting directory and ↵Jeremy Allison1-1/+1
veto files are enabled. Add some const to the sec_ctx code.
2011-10-27Include uid_wrapper correctly.Andreas Schneider1-1/+1
2011-10-06s3: Use the uid_wrapperVolker Lendecke1-0/+1
Signed-off-by: Stefan Metzmacher <metze@samba.org> Signed-off-by: Andreas Schneider <asn@samba.org>
2011-04-14s3: only include smb profiling where needed.Günther Deschner1-0/+1
Guenther Autobuild-User: Günther Deschner <gd@samba.org> Autobuild-Date: Thu Apr 14 01:31:39 CEST 2011 on sn-devel-104
2011-03-30s3-auth: smbd needs auth.hGünther Deschner1-0/+1
Guenther
2011-03-30s3: include smbd/smbd.h where needed.Günther Deschner1-0/+1
Guenther
2011-03-09s3-smbd: Increase debug level von context messages.Andreas Schneider1-6/+6
2011-03-01s3-auth struct security_unix_token replaces UNIX_USER_TOKENAndrew Bartlett1-1/+1
2011-02-28Fix warning introduced by changing the size of UNIX_USER_TOKEN->ngroups from ↵Jeremy Allison1-1/+1
size_t to uint32_t.
2011-02-20s3: Fix some nonempty blank linesVolker Lendecke1-6/+6
2010-10-14s3-auth Use security_token_debug() from common codeAndrew Bartlett1-1/+2
This prints the security token including the privileges as strings instead of just a bitmap. Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-09-11s3:auth Remove NT_USER_TOKENAndrew Bartlett1-1/+1
The all UPPER case typedef is no longer the preferred Samba style and this makes it easier to see that this is the IDL-derivied structure Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org>
2009-01-08s3:smbd: move all globals and static variables in globals.[ch]Stefan Metzmacher1-19/+5
The goal is to move all this variables into a big context structure. metze
2008-06-19Wrap the unix token info in a unix_user_token in auth_serversupplied_infoVolker Lendecke1-1/+1
No functional change, this is a preparation for more current_user ref removal (This used to be commit dcaedf345e62ab74ea87f0a3fa1e3199c75c5445)
2008-01-10Don't switch user contexts unless you have to. SavesJeremy Allison1-0/+17
a bunch of syscalls on close. Noticed by Volker. Jeremy. (This used to be commit 3caeeaea162e2083a087c242b850c107a3be1bf9)
2007-10-18RIP BOOL. Convert BOOL -> bool. I found a few interestingJeremy Allison1-5/+5
bugs in various places whilst doing this (places that assumed BOOL == int). I also need to fix the Samba4 pidl generation (next checkin). Jeremy. (This used to be commit f35a266b3cbb3e5fa6a86be60f34fe340a3ca71f)
2007-10-10r25161: Don't panic if setgroups fails in non-root mode.James Peach1-2/+2
(This used to be commit ea226c5ed97d47649833546d5499213093d1925e)
2007-10-10r25142: Panic if setting the group list fails while switching securityJames Peach1-1/+4
contexts. Patch from Tim Prouty <tim.prouty@isilon.com>. (This used to be commit a136de663f122603e8d34e06027896ff39b35e11)
2007-10-10r23784: use the GPLv3 boilerplate as recommended by the FSF and the license textAndrew Tridgell1-2/+1
(This used to be commit b0132e94fc5fef936aa766fb99a306b3628e9f07)
2007-10-10r23779: Change from v2 or later to v3 or later.Jeremy Allison1-1/+1
Jeremy. (This used to be commit 407e6e695b8366369b7c76af1ff76869b45347b3)
2007-10-10r23510: Tidy calls to smb_panic by removing trailing newlines. Print theJames Peach1-2/+2
failed expression in SMB_ASSERT. (This used to be commit 171dc060e2a576d724eed1ca65636bdafffd7713)
2007-10-10r23398: Support membership of >16 groups on Darwin by making sure we opt in ↵James Peach1-0/+49
to the dynamic group resolution mechanism when switching UNIX credentials. (This used to be commit b5cb21e951550fe836b0ef5febc037af9a7f51ec)
2007-10-10r23393: Support BSD group semantics by making sure that the effective GID is ↵James Peach1-1/+1
always passed as the first GID when calling setgroups(2). (This used to be commit 6ebaf856c1d27f2fbfa0444a5c6c17c4331d2780)
2007-10-10r23391: Second part of the patch for Apple.Jeremy Allison1-14/+22
Change the sequence : gain_root(); sys_setgroups(ngroups, groups); become_id(uid, gid); to a function call : set_unix_security_ctx(uid_t uid, gid_t gid, int ngroups, gid_t *groups) James - should be safe for you to create a Darwin-specific version of this function now. Jeremy. (This used to be commit 8ee982b3678be41ce8b4f4c1df428dcbf897ccbe)
2007-10-10r23390: First part of the patch to make Apple's life easier.Jeremy Allison1-6/+6
Doing this in two stages to make it very easy to review. Context switching must look like : gain_root(); sys_setgroups(ngroups, groups); become_id(uid, gid); Re-arrange order so these three calls are always seen together. Next will be to turn these into a function. Jeremy. (This used to be commit eb537185ee4a3f460709267c843c9303a9bb61b5)
2007-10-10r17348: Some C++ warningsVolker Lendecke1-1/+2
(This used to be commit ae6b9b34e59167e3958bfdb9997fa25340b9a0a3)
2007-10-10r16582: Fix Klocwork #1997 and all generic class of problemsJeremy Allison1-3/+19
where we don't correctly check the return from memdup. Jeremy. (This used to be commit ce14daf51c7ee2f9c68c77f7f4674e6f0e35c9ca)
2007-10-10r13571: Replace all calls to talloc_free() with thye TALLOC_FREE()Gerald Carter1-3/+3
macro which sets the freed pointer to NULL. (This used to be commit b65be8874a2efe5a4b167448960a4fcf6bd995e2)
2007-10-10r13316: Let the carnage begin....Gerald Carter1-51/+7
Sync with trunk as off r13315 (This used to be commit 17e63ac4ed8325c0d44fe62b2442449f3298559f)
2007-10-10r13293: Rather a big patch I'm afraid, but this should fix bug #3347Jeremy Allison1-43/+40
by saving the UNIX token used to set a delete on close flag, and using it when doing the delete. libsmbsharemodes.so still needs updating to cope with this change. Samba4 torture tests to follow. Jeremy. (This used to be commit 23f16cbc2e8cde97c486831e26bcafd4ab4a9654)
2007-10-10r4088: Get medieval on our ass about malloc.... :-). Take control of all our ↵Jeremy Allison1-2/+2
allocation functions so we can funnel through some well known functions. Should help greatly with malloc checking. HEAD patch to follow. Jeremy. (This used to be commit 620f2e608f70ba92f032720c031283d295c5c06a)
2003-08-09fix for BUG #267 (problem with supplementary groups).Gerald Carter1-1/+1
Use winbindd to get the group list if possible since we already know it from netsamlogon_cache.tdb. More effecient than letting libc call getgrent() to get seconary groups. Tested by Ken Cross. (This used to be commit 3c537c906f29a08e75895c8c8e3ed5c5abaaa940)
2002-09-25sync'ing up for 3.0alpha20 releaseGerald Carter1-11/+2
(This used to be commit 65e7b5273bb58802bf0c389b77f7fcae0a1f6139)
2002-07-15updated the 3.0 branch from the head branch - ready for alpha18Andrew Tridgell1-12/+27
(This used to be commit 03ac082dcb375b6f3ca3d810a6a6367542bc23ce)
2002-01-30Removed version number from file header.Tim Potter1-2/+1
Changed "SMB/Netbios" to "SMB/CIFS" in file header. (This used to be commit 6a58c9bd06d0d7502a24bf5ce5a2faf0a146edfa)
2002-01-27Some more 'winbind default domain' support patches from Alexander BokovoyAndrew Bartlett1-1/+1
<a.bokovoy@sam-solutions.net>. This patch is designed to remove the 'special cases' required for this support. In particular this now kills off winbind_initgroups, as it appears no longer to be required. Andrew Bartlett (This used to be commit f1d8d509766e9169d39332559162cfec249bfc70)
2001-11-03Added NT_USER_TOKEN into server_info to fix extra groups problem.Jeremy Allison1-40/+0
Got "medieval on our ass" about const warnings (as many as I could :-). Jeremy. (This used to be commit ee5e7ca547eff016818ba5c43b8ea0c9fa69b808)
2001-10-29Fixed confusing debug message - it was always printing uid 0 instead of theTim Potter1-1/+1
correct uid. (This used to be commit ad30a35ebc04f6a56c3ffb28bfb793557cf1fdf7)
2001-10-18Merge the become_XXX -> change_to_XXX fixes from 2.2.2 to HEAD.Jeremy Allison1-4/+0
Ensure make_conection() can only be called as root. Jeremy. (This used to be commit 8d23a7441b4687458ee021bfe8880558506eddba)
2001-10-02Removed 'extern int DEBUGLEVEL' as it is now in the smb.h header.Tim Potter1-1/+0
(This used to be commit 2d0922b0eabfdc0aaf1d0797482fef47ed7fde8e)
2001-09-19don't try to initgroups in non root modeAndrew Tridgell1-0/+4
(This used to be commit 1a04ea247680fa7ad1ae7dc3f9953f753d8cf955)
2001-09-17move to SAFE_FREE()Simo Sorce1-9/+7
(This used to be commit a95943fde0ad89ae3f2deca2f7ba9cb5ab612b74)
2001-07-25Excellent patch from Anselm Kruis <A.Kruis@science-computing.de> to fixJeremy Allison1-1/+1
problem with wrong token being used in current_user. Jeremy. (This used to be commit 2c7d2a1d533052d3556715439fcd66c5233d3137)
2001-06-26Remove warning about trapdoor systems for non-root mode.Andrew Bartlett1-0/+4
Andrew Bartlett (This used to be commit b33000cdc0cafd4888c3f07c56050626743abd14)
2001-04-28rpcclient/rpcclient.c: Non-void return in void function.Jeremy Allison1-1/+3
smbd/sec_ctx.c: Fixed potential memory leak spotted by Kenichi Okuyama@Tokyo Research Lab, IBM-Japan, Co. utils/nmblookup.c: gcc warning on Solaris fix. Jeremy. (This used to be commit 1be60597cd62af2b30a1496d06ea5704e87d3b7d)
2001-04-27Tidy up args to DEBUG Statements - found by gcc on Solaris.Jeremy Allison1-5/+7
Jeremy. (This used to be commit a60ecb4e53a6c8a3a6a37a89042ae943202263fe)
2001-03-11Merge of new 2.2 code into HEAD (Gerald I hate you :-) :-). Allows new SAMRJeremy Allison1-2/+0
RPC code to merge with new passdb code. Currently rpcclient doesn't compile. I'm working on it... Jeremy. (This used to be commit 0be41d5158ea4e645e93e8cd30617c038416e549)
generated by cgit (git 2.34.1) at 2024-11-01 06:40:08 +0000