summaryrefslogtreecommitdiff
path: root/source3/smbd/sec_ctx.c
AgeCommit message (Collapse)AuthorFilesLines
2007-10-10r25161: Don't panic if setgroups fails in non-root mode.James Peach1-2/+2
(This used to be commit ea226c5ed97d47649833546d5499213093d1925e)
2007-10-10r25142: Panic if setting the group list fails while switching securityJames Peach1-1/+4
contexts. Patch from Tim Prouty <tim.prouty@isilon.com>. (This used to be commit a136de663f122603e8d34e06027896ff39b35e11)
2007-10-10r23784: use the GPLv3 boilerplate as recommended by the FSF and the license textAndrew Tridgell1-2/+1
(This used to be commit b0132e94fc5fef936aa766fb99a306b3628e9f07)
2007-10-10r23779: Change from v2 or later to v3 or later.Jeremy Allison1-1/+1
Jeremy. (This used to be commit 407e6e695b8366369b7c76af1ff76869b45347b3)
2007-10-10r23510: Tidy calls to smb_panic by removing trailing newlines. Print theJames Peach1-2/+2
failed expression in SMB_ASSERT. (This used to be commit 171dc060e2a576d724eed1ca65636bdafffd7713)
2007-10-10r23398: Support membership of >16 groups on Darwin by making sure we opt in ↵James Peach1-0/+49
to the dynamic group resolution mechanism when switching UNIX credentials. (This used to be commit b5cb21e951550fe836b0ef5febc037af9a7f51ec)
2007-10-10r23393: Support BSD group semantics by making sure that the effective GID is ↵James Peach1-1/+1
always passed as the first GID when calling setgroups(2). (This used to be commit 6ebaf856c1d27f2fbfa0444a5c6c17c4331d2780)
2007-10-10r23391: Second part of the patch for Apple.Jeremy Allison1-14/+22
Change the sequence : gain_root(); sys_setgroups(ngroups, groups); become_id(uid, gid); to a function call : set_unix_security_ctx(uid_t uid, gid_t gid, int ngroups, gid_t *groups) James - should be safe for you to create a Darwin-specific version of this function now. Jeremy. (This used to be commit 8ee982b3678be41ce8b4f4c1df428dcbf897ccbe)
2007-10-10r23390: First part of the patch to make Apple's life easier.Jeremy Allison1-6/+6
Doing this in two stages to make it very easy to review. Context switching must look like : gain_root(); sys_setgroups(ngroups, groups); become_id(uid, gid); Re-arrange order so these three calls are always seen together. Next will be to turn these into a function. Jeremy. (This used to be commit eb537185ee4a3f460709267c843c9303a9bb61b5)
2007-10-10r17348: Some C++ warningsVolker Lendecke1-1/+2
(This used to be commit ae6b9b34e59167e3958bfdb9997fa25340b9a0a3)
2007-10-10r16582: Fix Klocwork #1997 and all generic class of problemsJeremy Allison1-3/+19
where we don't correctly check the return from memdup. Jeremy. (This used to be commit ce14daf51c7ee2f9c68c77f7f4674e6f0e35c9ca)
2007-10-10r13571: Replace all calls to talloc_free() with thye TALLOC_FREE()Gerald Carter1-3/+3
macro which sets the freed pointer to NULL. (This used to be commit b65be8874a2efe5a4b167448960a4fcf6bd995e2)
2007-10-10r13316: Let the carnage begin....Gerald Carter1-51/+7
Sync with trunk as off r13315 (This used to be commit 17e63ac4ed8325c0d44fe62b2442449f3298559f)
2007-10-10r13293: Rather a big patch I'm afraid, but this should fix bug #3347Jeremy Allison1-43/+40
by saving the UNIX token used to set a delete on close flag, and using it when doing the delete. libsmbsharemodes.so still needs updating to cope with this change. Samba4 torture tests to follow. Jeremy. (This used to be commit 23f16cbc2e8cde97c486831e26bcafd4ab4a9654)
2007-10-10r4088: Get medieval on our ass about malloc.... :-). Take control of all our ↵Jeremy Allison1-2/+2
allocation functions so we can funnel through some well known functions. Should help greatly with malloc checking. HEAD patch to follow. Jeremy. (This used to be commit 620f2e608f70ba92f032720c031283d295c5c06a)
2003-08-09fix for BUG #267 (problem with supplementary groups).Gerald Carter1-1/+1
Use winbindd to get the group list if possible since we already know it from netsamlogon_cache.tdb. More effecient than letting libc call getgrent() to get seconary groups. Tested by Ken Cross. (This used to be commit 3c537c906f29a08e75895c8c8e3ed5c5abaaa940)
2002-09-25sync'ing up for 3.0alpha20 releaseGerald Carter1-11/+2
(This used to be commit 65e7b5273bb58802bf0c389b77f7fcae0a1f6139)
2002-07-15updated the 3.0 branch from the head branch - ready for alpha18Andrew Tridgell1-12/+27
(This used to be commit 03ac082dcb375b6f3ca3d810a6a6367542bc23ce)
2002-01-30Removed version number from file header.Tim Potter1-2/+1
Changed "SMB/Netbios" to "SMB/CIFS" in file header. (This used to be commit 6a58c9bd06d0d7502a24bf5ce5a2faf0a146edfa)
2002-01-27Some more 'winbind default domain' support patches from Alexander BokovoyAndrew Bartlett1-1/+1
<a.bokovoy@sam-solutions.net>. This patch is designed to remove the 'special cases' required for this support. In particular this now kills off winbind_initgroups, as it appears no longer to be required. Andrew Bartlett (This used to be commit f1d8d509766e9169d39332559162cfec249bfc70)
2001-11-03Added NT_USER_TOKEN into server_info to fix extra groups problem.Jeremy Allison1-40/+0
Got "medieval on our ass" about const warnings (as many as I could :-). Jeremy. (This used to be commit ee5e7ca547eff016818ba5c43b8ea0c9fa69b808)
2001-10-29Fixed confusing debug message - it was always printing uid 0 instead of theTim Potter1-1/+1
correct uid. (This used to be commit ad30a35ebc04f6a56c3ffb28bfb793557cf1fdf7)
2001-10-18Merge the become_XXX -> change_to_XXX fixes from 2.2.2 to HEAD.Jeremy Allison1-4/+0
Ensure make_conection() can only be called as root. Jeremy. (This used to be commit 8d23a7441b4687458ee021bfe8880558506eddba)
2001-10-02Removed 'extern int DEBUGLEVEL' as it is now in the smb.h header.Tim Potter1-1/+0
(This used to be commit 2d0922b0eabfdc0aaf1d0797482fef47ed7fde8e)
2001-09-19don't try to initgroups in non root modeAndrew Tridgell1-0/+4
(This used to be commit 1a04ea247680fa7ad1ae7dc3f9953f753d8cf955)
2001-09-17move to SAFE_FREE()Simo Sorce1-9/+7
(This used to be commit a95943fde0ad89ae3f2deca2f7ba9cb5ab612b74)
2001-07-25Excellent patch from Anselm Kruis <A.Kruis@science-computing.de> to fixJeremy Allison1-1/+1
problem with wrong token being used in current_user. Jeremy. (This used to be commit 2c7d2a1d533052d3556715439fcd66c5233d3137)
2001-06-26Remove warning about trapdoor systems for non-root mode.Andrew Bartlett1-0/+4
Andrew Bartlett (This used to be commit b33000cdc0cafd4888c3f07c56050626743abd14)
2001-04-28rpcclient/rpcclient.c: Non-void return in void function.Jeremy Allison1-1/+3
smbd/sec_ctx.c: Fixed potential memory leak spotted by Kenichi Okuyama@Tokyo Research Lab, IBM-Japan, Co. utils/nmblookup.c: gcc warning on Solaris fix. Jeremy. (This used to be commit 1be60597cd62af2b30a1496d06ea5704e87d3b7d)
2001-04-27Tidy up args to DEBUG Statements - found by gcc on Solaris.Jeremy Allison1-5/+7
Jeremy. (This used to be commit a60ecb4e53a6c8a3a6a37a89042ae943202263fe)
2001-03-11Merge of new 2.2 code into HEAD (Gerald I hate you :-) :-). Allows new SAMRJeremy Allison1-2/+0
RPC code to merge with new passdb code. Currently rpcclient doesn't compile. I'm working on it... Jeremy. (This used to be commit 0be41d5158ea4e645e93e8cd30617c038416e549)
2001-01-04Changes from APPLIANCE_HEAD:David O'Neill1-1/+13
source/Makefile.in - changes to ctags and etags rules that somehow got lost along the way. source/include/proto.h - make proto source/smbd/sec_ctx.c source/smbd/password.c - merge debugs for debugging user groups and NT token stuff. source/lib/util_str.c - capitalise domain name returned from parse_domain_user() source/nsswitch/wb_client.c - fix broken conditional in debug statement. source/include/rpc_secdes.h source/include/rpc_spoolss.h source/printing/nt_printing.c source/lib/util_seaccess.c - fix printer permission bugs related to ACE masks for printers. This adds mapping of generic access rights to object specific rights for NT printers. Still need to work out whether or not to ignore ACEs with certain flags set, though. See comments in util_seaccess.c:check_ace() for details. source/printing/nt_printing.c source/printing/printing.c - use PRINTER_ACCESS_ADMINISTER instead of JOB_ACCESS_ADMINISTER until we sort out printer/printjob permission stuff. (This used to be commit 1dba9c5cd1e6389734c648f6903abcb7c8d5b2f0)
2000-12-08Added OLD_NTDOMAIN to remove warnings about undefined functions.Jeremy Allison1-0/+2
Jeremy. (This used to be commit f4c32a75e6e60eae6078449478d04ff22373d817)
2000-11-14Merge from appliance head of JR's changes for driver versioning.Jeremy Allison1-1/+1
Jeremy. (This used to be commit cdbd2e99775642dc2e92004be9014bf38a92d80f)
2000-10-28David Lee's utmp patch (finally). Thanks David !Jeremy Allison1-1/+1
Jeremy. (This used to be commit b809a2d0c81c54e917ccc0c99b3e70ea8d7ceab1)
2000-10-26Sorry JF - no billable hours :-). I fixed the "stream of events" problemJeremy Allison1-2/+0
with PCL drivers. The problem was we were updating the changeid on every SETPRINTERDATA/DELETEPRINTERDATA call. We should not do this, we should just update the 'setprinter' called count. We update the changeid on calls to SETPRINTER/ADDPRINTER/ADDPRINTEREX etc. Also fixed the correct returning of the create time on printers. Jeremy. (This used to be commit 521f09829fd329f87b3d19e8871e2b989c98a58e)
2000-10-12use macros for incrementing profile countersHerb Lewis1-3/+1
(This used to be commit cae5eeb16e81b6aa95c68223268513c32aed7056)
2000-10-05Added uid and gid to push_sec_ctx() debug.Tim Potter1-2/+3
(This used to be commit 2817b6cc8af3edbaa63b5db67689ab94cb240d4f)
2000-08-28Oops - missed a file.Tim Potter1-0/+42
(This used to be commit 5aed84b74981a4f4fcc4d466ef03178eff22ba85)
2000-08-09Fixed memory leak with NT tokens.Jeremy Allison1-5/+12
Added debug messages to se_access_check(). Added FULL_ACCESS acl to default acl on printers. Jeremy. (This used to be commit 7507f6f408cf8b0f8d7e2b3da54ce5fb5ef5343b)
2000-08-03Added an NT_USER_TOKEN structure that is copied/passed around associatedJeremy Allison1-13/+85
with the current user. This will allow se_access_check() to quickly do a SD check without having to translate uid/gid's to SIDs. Still needs work on pipe calls. Jeremy. (This used to be commit e28d01b744b3dbd33e0e54af4e7f426fa8c082b8)
2000-08-02Started to canonicalize our handling of uid -> sid code in order toJeremy Allison1-7/+27
get ready and fix se_access_check(). Added cannonical lookup_name(), lookup_sid(), uid_to_sid(), gid_to_sid() functions that look via winbind first the fall back on local lookup. All Samba should use these rather than trying to call winbindd code directly. Added NT_USER_TOKEN struct in user_struct, contains list of NT sids associated with this user. se_access_check() should use this (cached) value rather than attempting to do the same thing itself when given a uid/gid pair. More work needs to be done to preserve these things accross security context changes (especially with the tricky pipe problem) but I'm beginning to see how this will be done..... probably by registering a new vuid for an authenticated RPC pipe and not treating the pipe calls specially. More thoughts needed - but we're almost there... Jeremy. (This used to be commit 5e5cc6efe2e4687be59085f562caea1e2e05d0a8)
2000-06-23Fix a malloc of zero problem.Jeremy Allison1-38/+49
Jeremy. (This used to be commit 2aa21db960666736331b18956422b7c13aad0f0f)
2000-06-23lib/util_unistr.c: Off-by-one fix for dos_PutUniStr from John Reilly ↵Jeremy Allison1-1/+5
jreilly@hp.com. Memory leak fix for new sec_ctx code (sorry Tim :-). Jeremy. (This used to be commit edaf49c66d5a5ccf6689b358c301e208599a468f)
2000-06-23I've been working on refactoring some of the mess that is the become_user()Tim Potter1-0/+295
code. This code is now implemented as a stack of security contexts, where a security context is defined as a set of effective user, group and supplementary group ids. The following functions are implemented: BOOL push_sec_ctx(void); Create a new security context on the stack which is the same as the current security context. void set_sec_ctx(uid_t uid, gid_t gid, int ngroups, gid_t *groups); Set the current security context to a given set of user and group ids. void set_root_sec_ctx(void); Set to uid = gid = 0. No supplementary groups are set. BOOL pop_sec_ctx(void); Pop a security context from the stack and restore the user and group permissions of the previous context. void init_sec_ctx(void); Initialise the security context stack. This must be called before any of the other operations are used or weird things may happen. The idea is that there is a base security context which is either root or some authenticated unix user. Other security contexts can be pushed and popped as needed for things like changing passwords, or rpc pipe operations where the rpc pipe user is different from the smb user. (This used to be commit 87c78d6d5a6bf8d0907d6f8ef5ee0d642946cad3)