Age | Commit message (Collapse) | Author | Files | Lines |
|
Instead, we base our guest calculations on the presence or absense of the
authenticated users group in the token, ensuring that we have only
one canonical source of this important piece of authorization data
Andrew Bartlett
Signed-off-by: Andrew Tridgell <tridge@samba.org>
|
|
Signed-off-by: Andrew Tridgell <tridge@samba.org>
|
|
This is closer to the layout of struct auth_session_info in auth.idl
Andrew Bartlett
Signed-off-by: Andrew Tridgell <tridge@samba.org>
|
|
to their only user and make them static. Add comments.
Autobuild-User: Jeremy Allison <jra@samba.org>
Autobuild-Date: Fri Jul 8 21:01:40 CEST 2011 on sn-devel-104
|
|
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
|
|
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
|
|
|
|
|
|
Before a auth_serversupplied_info struct can be used for
authorization, the local groups and privileges must be calculated.
create_local_token() now copies the server_info, and then sets the
calulated token and unix groups.
Soon, it will also transform the result into an expanded struct
auth_session_info. Until then, the variable name (server_info vs
session_info provides a clue to the developer about what information
has been entered in the structure).
By moving the calls to create_local_token within the codebase, we
remove duplication, and ensure that the session key (where modified)
is consistently copied into the new structure.
Andrew Bartlett
|
|
This ensures that all callers don't need to each add builtin groups
and privileges to the user's token
Andrew Bartlett
|
|
Guenther
|
|
Guenther
|
|
Guenther
|
|
These variables, of type struct auth_serversupplied_info were poorly
named when added into 2001, and in good consistant practice, this has
extended all over the codebase in the years since.
The structure is also not ideal for it's current purpose. Originally
intended to convey the results of the authentication modules, it
really describes all the essential attributes of a session. This
rename will reduce the volume of a future patch to replaced these with
a struct auth_session_info, with auth_serversupplied_info confined to
the lower levels of the auth subsystem, and then eliminated.
(The new structure will be the output of create_local_token(), and the
change in struct definition will ensure that this is always run, populating
local groups and privileges).
Andrew Bartlett
Signed-off-by: Stefan Metzmacher <metze@samba.org>
|
|
This will allow the auth_serversupplied_info struct to be migrated
to auth_session_info easier.
Adnrew Bartlett
Signed-off-by: Andrew Tridgell <tridge@samba.org>
|
|
Signed-off-by: Günther Deschner <gd@samba.org>
|
|
Signed-off-by: Günther Deschner <gd@samba.org>
|
|
|
|
|
|
|
|
We need to call setup_ntlmssp_server_info() if status==NT_STATUS_OK,
or if status is anything except NT_STATUS_MORE_PROCESSING_REQUIRED,
as this can trigger map to guest.
Jeremy.
|
|
|
|
Guenther
|
|
Guenther
|
|
contexts.
Jeremy.
|
|
use of malloc, and data_blob().
Jeremy.
|
|
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
|
|
Rename it to auth_ntlmssp_steal_server_info() to make it clear that
the server_info struct is stolen from the auth_ntlmssp_state structure.
Use talloc_move instead of manual steal&clear
Add comments to explain what is going on.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
|
|
Turn auth_ntlmssp_end into a destructor and attach it to auth_ntlmssp_state.
Remote auth_ntlmssp_end and use TALLOC_FREE in the callers.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
|
|
and raw) under SMB2. Still need to investigate fixing this with krb5
auth (does this make sense ?).
Jeremy.
|
|
This fixes a bug where register_existing_vuid() could be called with a
NULL server_info if the alloction failed.
Andrew Bartlett
Signed-off-by: Andrew Tridgell <tridge@samba.org>
|
|
|
|
This reverts commit edba46ce94c335411ab337eeb4ef6f88fb3aae80.
Conflicts:
source3/auth/auth_ntlmssp.c
|
|
It's nicer to have an NTSTATUS return, and in s3compat there may be a
reason other than 'no memory' why this can fail.
Andrew Bartlett
|
|
downgrading from krb5 to NTLMSSP over SMB2.
Jeremy.
|
|
using SMB2.
Jeremy.
|
|
Signed-off-by: Andreas Schneider <asn@samba.org>
|
|
The code is not yet in common, but I hope to fix that soon.
Andrew Bartlett
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Günther Deschner <gd@samba.org>
|
|
This makes it a little easier for it to writen in terms of GENSEC in future.
Andrew Bartlett
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Günther Deschner <gd@samba.org>
|
|
We don't keep sampass in server_info anymore
So it makes no sense to keep it around.
Signed-off-by: Günther Deschner <gd@samba.org>
|
|
Signed-off-by: Günther Deschner <gd@samba.org>
|
|
Jeremy.
|
|
Jeremy, please check
|
|
Jeremy.
|
|
krb5. Fix a memory leak in returning security blobs.
Jeremy
|
|
messages to SMB2 oplock levels.
Jeremy.
|
|
right.
Gets us handling SMB2 compound async requests similar to W2K8R2
(and triggers the same client bug in the Win7 redirector). Great
thanks to Ira Cooper <samba@ira.wakeful.net> for helping with
this and to Metze for the wonderful async framework. The one
thing I need to fix to make us identical to W2K8R2 is that
when a compound request goes async at the end W2K8R2 splits
the replies up into a compound non-async reply followed by
a separate async reply. Currently we're doing the whole thing
in a compound reply.
Jeremy.
|
|
tid and 0xFFFFFFFFFFFFFFFF for compound sessionid values. Cope with this.
Jeremy.
|
|
Andrew Bartlett
|
|
Guenther
|