summaryrefslogtreecommitdiff
path: root/source3/smbd/uid.c
AgeCommit message (Collapse)AuthorFilesLines
2002-04-11Much better support for both non-algorithic RIDs (where the RID is stored inAndrew Bartlett1-5/+15
the passdb) and RIDs not in the passdb, due to being NIS users etc. The main fix here is to add become_root()/unbecome_root() at critical places. This (finally) fixes the bug where you could not see local users's names in a file's security properties as non-root. Tested. The similar bug in uid_to_sid is also fixed, but is not (yet) Tested. Andrew Bartlett (This used to be commit 79327a305e20d78ab5ca21d01c39b5f49dc0d632)
2002-03-13if we know that the SID is local then don't try via winbinddAndrew Tridgell1-0/+5
(This used to be commit 1a8f3ba3ab7717c481e3fb4f1ea8938461160d09)
2002-03-13fixed mapping of SIDs for local usersAndrew Tridgell1-1/+1
(This used to be commit df9e345366078ccaa94df7c2f2e33b292605e88a)
2002-03-05Fixed compiler warning about unused variables.Tim Potter1-5/+5
(This used to be commit 7bb0dda8ee1d61a0e8448070f1a71fcd13be5d40)
2002-02-27this allows us to support foreign SIDs in winbindd and smbdAndrew Tridgell1-2/+13
this means "xcopy /o" has a chance of working with ACLs that contain ACEs that use SIDs that the Samba server has no knowledge of. It's a bit hackish, Tim, can you look at my uid.c changes? (This used to be commit fe2db3148587937aa7b674c1c99036d42a3776b3)
2002-01-30Removed version number from file header.Tim Potter1-2/+1
Changed "SMB/Netbios" to "SMB/CIFS" in file header. (This used to be commit 6a58c9bd06d0d7502a24bf5ce5a2faf0a146edfa)
2002-01-26 - Provide sid->name lookup support for non-unix accounts.Andrew Bartlett1-36/+33
- Rework the name -> sid lookup function to always try local lookup first (for local domain names) before trying winbind. This seems to eliminate my winbind feedback loop problems. (I don't use winbind for nsswitch, where there are almost certainly further issues). Andrew Bartlett (This used to be commit 25cadce67bc8effd4248ab993ae78e1d8511d994)
2002-01-26Rework lookup_name() to take seperate username/domain args, and to removeAndrew Bartlett1-31/+24
varioius crazy 'if winbind didn't find it' cases. This makes winbind default domain support easier to intergrate with smbd. (This used to be commit 3e71521957d579f00249679de837490aca5ba92f)
2002-01-20This patch makes the 'winbind use default domain' code interact better withAndrew Bartlett1-1/+1
smbd, and also makes it much cleaner inside winbindd. It is mostly my code, with a few changes and testing performed by Alexander Bokovoy <a.bokovoy@sam-solutions.net>. ab has tested it in security=domain and security=ads, but more testing is always appricatiated. The idea is that we no longer cart around a 'domain\user' string, we keep them seperate until the last moment - when we push that string into a pwent on onto the socket. This removes the need to be constantly parsing that string - the domain prefix is almost always already provided, (only a couple of functions actually changed arguments in all this). Some consequential changes to the RPC client code, to stop it concatonating the two strings (it now passes them both back as params). I havn't changed the cache code, however the usernames will no longer have a double domain prefix in the key string. The actual structures are unchanged - but the meaning of 'username' in the 'rid' will have changed. (The cache is invalidated at startup, so on-disk formats are not an issue here). Andrew Bartlett (This used to be commit e870f0e727952aeb8599cf93ad2650ae56eca033)
2002-01-17A nice *big* change to the fundemental way we do things.Andrew Bartlett1-9/+4
Samba (ab)uses the returns from getpwnam() a lot - in particular it keeps them around for a long time - often past the next call... This adds a getpwnam_alloc and a getpwuid_alloc to the collection. These function as expected, returning a malloced structure that can be free()ed with passwd_free(&passwd). This patch also cuts down on the number of calls to getpwnam - mostly by taking advantage of the fact that the passdb interface is already case-insensiteve. With this patch most of the recursive cases have been removed (that I know of) and the problems are reduced further by not using the sys_ interface in the new code. This means that pointers to the cache won't be affected. (This is a tempoary HACK, I intend to kill the password cache entirly). The only change I'm a little worried about is the change to rpc_server/srv_samr_nt.c for private groups. In this case we are getting groups from the new group mapping DB. Do we still need to check for private groups? I've toned down the check to a case sensitve match with the new code, but we might be able to kill it entirly. I've also added a make_modifyable_passwd() function, that copies a passwd struct into the form that the old sys_getpw* code provided. As far as I can tell this is only actually used in the pass_check.c crazies, where I moved the final 'special case' for shadow passwords (out of _Get_Pwnam()). The matching case for getpwent() is dealt with already, in lib/util_getent.c Also included in here is a small change to register the [homes] share at vuid creation rather than just in one varient of the session setup. (This picks up the SPNEGO cases). The home directory is now stored on the vuid, and I am hoping this might provide a saner way to do %H substitions. TODO: Kill off remaining Get_Pwnam_Modify calls (they are not needed), change the remaining sys_getpwnam() callers to use getpwnam_alloc() and move Get_Pwnam to return an allocated struct. Andrew Bartlett (This used to be commit 1d86c7f94230bc53daebd4d2cd829da6292e05da)
2001-12-04added a boolean to the group mapping functions to specify if we need orJean-François Micouleau1-1/+1
not the privileges. Usually we don't need them, so the memory is free early. lib/util_sid.c: added some helper functions to check an SID. passdb/passdb.c: renamed local_lookup_rid() to local_lookup_sid() and pass an RID all the way. If the group doesn't exist on the domain SID, don't return a faked one as it can collide with a builtin one. Some rpc structures have been badly designed, they return only rids and force the client to do subsequent lsa_lookup_sid() on the domain sid and the builtin sid ! rpc_server/srv_util.c: wrote a new version of get_domain_user_groups(). Only the samr code uses it atm. It uses the group mapping code instead of a bloody hard coded crap. The netlogon code will use it too, but I have to do some test first. J.F. (This used to be commit 6c87e96149101995b7d049657d5c26eefef37d8c)
2001-12-04Moved name_is_local to the correct place. Ooops.Jeremy Allison1-10/+0
Jeremy. (This used to be commit 708c0a8d16ca86439e451def5f8d37f600ff15f1)
2001-12-04Tidyup of lib/username. Add name_is_local fn to determine if name isJeremy Allison1-0/+10
winbindd. Getting ready for efficiency fix in group lookups. Jeremy. (This used to be commit 8d41dfd149625e8ac53ab5e90a96e9a2daf9a629)
2001-11-28space -> tab.Jeremy Allison1-24/+20
Jeremy. (This used to be commit c7dd0364f2b084d9a372ac885fd788bbb5113125)
2001-11-26Another merge from appliance-head: in [ug]id_to_sid don't call theTim Potter1-14/+30
winbind function if the id is obviously going to be local. Cleanup of winbind [ug]id parameter handling. (This used to be commit 4ab9ca31a02b3388aa89a00e0390ea9e4c76283a)
2001-11-09This change updates lp_guestaccount() to be a *global* paramater, rather thanAndrew Bartlett1-1/+1
per-share. I beleive that almost all the things that this could have done on a per-share basis can be done with other tools, like 'force user'. Almost all the user's of this paramater used it as a global anyway... While this is one step at a time, I hope it will allow me to considerably simplfy the make_connection() code, particularly for the user-level security case. This already removes an absolute truckload of extra attempted password lookups on the guest account. Andrew Bartlett (This used to be commit 8e708332eded210c1d1fe0cebca3c9c19f054b71)
2001-11-08Fixed incorrect debug message. )-:Tim Potter1-1/+1
(This used to be commit a99d9cec7e090736ab49c91720cfd2b43e2a6f00)
2001-11-03Added NT_USER_TOKEN into server_info to fix extra groups problem.Jeremy Allison1-1/+70
Got "medieval on our ass" about const warnings (as many as I could :-). Jeremy. (This used to be commit ee5e7ca547eff016818ba5c43b8ea0c9fa69b808)
2001-10-29This commit is number 3 of 4.Andrew Bartlett1-1/+1
In particular this commit focuses on: Changing the Get_Pwnam code so that it can work in a const-enforced environment. While these changes have been mildly tested, and are pretty small, any assistance in this is appreciated. ---- These changes allow for 'const' in the Samba tree. There are a number of good reasons to do this: - I want to allow the SAM_ACCOUNT structure to move from wasteful pstrings and fstrings to allocated strings. We can't do that if people are modifying these outputs, as they may well make assumptions about getting pstrings and fstrings - I want --with-pam_smbpass to compile with a slightly sane volume of warnings, currently its pretty bad, even in 2.2 where is compiles at all. - Tridge assures me that he no longer opposes 'const religion' based on the ability to #define const the problem away. - Changed Get_Pwnam(x,y) into two variants (so that the const parameter can work correctly): - Get_Pwnam(const x) and Get_Pwnam_Modify(x). - Reworked smbd/chgpasswd.c to work with these mods, passing around a 'struct passwd' rather than the modified username (This used to be commit e7634f81c5116ff4addfb7e495f54b6bb78e8f77)
2001-10-19client : Fixed error return.Jeremy Allison1-1/+1
uid.c: Added missing void. Jeremy. (This used to be commit c2e06ed2219860479868fd1ac18013ae4f891e10)
2001-10-18Merge the become_XXX -> change_to_XXX fixes from 2.2.2 to HEAD.Jeremy Allison1-20/+122
Ensure make_conection() can only be called as root. Jeremy. (This used to be commit 8d23a7441b4687458ee021bfe8880558506eddba)
2001-10-12fixed compiler warning.Tim Potter1-1/+1
(This used to be commit 2d5b0f7ad865f92668954f87fd3b116a7abffa10)
2001-10-09Fixes from John Trostel (modified somewhat by me) to ensure that all lookup_XXJeremy Allison1-14/+16
functions correctly deal with the SID_NAME_TYPE. One fix for connection user lookup in LSA. Jeremy. (This used to be commit 29730027d8118ec7d207c89d0fd7fb24ac173fde)
2001-10-02Removed 'extern int DEBUGLEVEL' as it is now in the smb.h header.Tim Potter1-2/+0
(This used to be commit 2d0922b0eabfdc0aaf1d0797482fef47ed7fde8e)
2001-07-28Fix invalid uid being used after logoff. Thanks to Nigel WilliamsJeremy Allison1-2/+1
for this bug report. Jeremy. (This used to be commit 50d8e5b22f2c2c792e3a2d33e00a1c9caab48981)
2001-07-04strchr and strrchr are macros when compiling with optimisation in gcc, so we ↵Andrew Tridgell1-1/+1
can't redefine them. damn. (This used to be commit c41fc06376d1a2b83690612304e85010b5e5f3cf)
2001-04-15Fixed potential bug in "become_guest" pointed out by elrond. Get_Pwnam()Jeremy Allison1-6/+13
returns a pointer to changable storage so ensure we save the details and don't use the pointer directly. Jeremy. (This used to be commit d9fdaae54ee3a267aebd02ff6058a98aefc084c2)
2001-03-20Fix for crash when doing name lookup with a quoted string. Part ofJeremy Allison1-2/+1
lookup_name was expecting to be able to write to the string. Changed lookup_name to use const. Jeremy. (This used to be commit 80c18d88491f1148ade623e81c33f84ba4f952f3)
2001-03-11Merge of new 2.2 code into HEAD (Gerald I hate you :-) :-). Allows new SAMRJeremy Allison1-4/+0
RPC code to merge with new passdb code. Currently rpcclient doesn't compile. I'm working on it... Jeremy. (This used to be commit 0be41d5158ea4e645e93e8cd30617c038416e549)
2001-02-16Excise snprintf -> slprintf.Jeremy Allison1-3/+12
srv_samr.c: duplicate gid fix. srv_spoolss_nt.c: Merge of JF's work. uid.c: Fix for returning names when a PDC. Jeremy. (This used to be commit d938ad6963a2dd4eda930d508600ec1902dc2b16)
2001-01-11rpc_server/srv_samr.c:Jeremy Allison1-1/+1
smbd/reply.c: Added fix needed for appliances. When using winbindd - a new user may exist (from winbind) but have no home directory. Extend add user script so it is called with a %H substitution when a user exists but their home directory does not. Thanks to Alex Win at VA Linux for finding this one and testing the fix. libsmb/clidgram.c: Fixed missing return statements. smbd/uid.c: Fixed typo in debug. Jeremy. (This used to be commit 7ba0a2192b89954604dd793c537b4a17c2d1ac07)
2000-12-12Removed the special casing of SIDs in se_access_check. This is now done ↵Jeremy Allison1-1/+6
(correctly) when the NT_USER_TOKEN is *created*. Jeremy. (This used to be commit 27d72ed1cf8ece2bede812341279ba5a7262ace4)
2000-11-14Merge from appliance head of JR's changes for driver versioning.Jeremy Allison1-13/+37
Jeremy. (This used to be commit cdbd2e99775642dc2e92004be9014bf38a92d80f)
2000-11-13Large commit which restructures the local password storage API.Gerald Carter1-1/+1
Currently the only backend which works is smbpasswd (tdb, LDAP, and NIS+) are broken, but they were somewhat broken before. :) The following functions implement the storage manipulation interface /*The following definitions come from passdb/pdb_smbpasswd.c */ BOOL pdb_setsampwent (BOOL update); void pdb_endsampwent (void); SAM_ACCOUNT* pdb_getsampwent (void); SAM_ACCOUNT* pdb_getsampwnam (char *username); SAM_ACCOUNT* pdb_getsampwuid (uid_t uid); SAM_ACCOUNT* pdb_getsampwrid (uint32 rid); BOOL pdb_add_sam_account (SAM_ACCOUNT *sampass); BOOL pdb_update_sam_account (SAM_ACCOUNT *sampass, BOOL override); BOOL pdb_delete_sam_account (char* username); There is also a host of pdb_set..() and pdb_get..() functions for manipulating SAM_ACCOUNT struct members. Note that the struct passdb_ops {} has gone away. Also notice that struct smb_passwd (formally in smb.h) has been moved to passdb/pdb_smbpasswd.c and is not accessed outisde of static internal functions in this file. All local password searches should make use of the the SAM_ACCOUNT struct and the previously mentioned functions. I'll write some documentation for this later. The next step is to fix the TDB passdb backend, then work on spliting the backends out into share libraries, and finally get the LDAP backend going. What works and may not: o domain logons from Win9x works o domain logons from WinNT 4 works o user and group enumeration as implemented by Tim works o file and print access works o changing password from Win9x & NT ummm...i'll fix this tonight :) If I broke anything else, just yell and I'll fix it. I think it should be fairly quite. -- jerry (This used to be commit 0b92d0838ebdbe24f34f17e313ecbf61a0301389)
2000-11-04Fix for admin user being ignored.Jeremy Allison1-0/+1
Jeremy. (This used to be commit f0dcc39d34202ed67d778ff40166856d4c2ad87b)
2000-10-13Fix to allow smbd to call winbindd if it is running for all group enumeration,Jeremy Allison1-0/+226
falling back to the UNIX calls on error. This should fix all problems with smbd enumerating all users in all groups in all trusted domains via winbindd. Also changed GETDC to query 1C name rather than 1b name as only the PDC registers 1b. Jeremy. (This used to be commit 5b0038a2afd8abbd6fd4a58f5477a40d1926d498)
2000-08-09Fixed memory leak with NT tokens.Jeremy Allison1-2/+20
Added debug messages to se_access_check(). Added FULL_ACCESS acl to default acl on printers. Jeremy. (This used to be commit 7507f6f408cf8b0f8d7e2b3da54ce5fb5ef5343b)
2000-08-04Fixed up the user/group contexts when using authenticated pipes.Jeremy Allison1-2/+1
Added a become_root()/unbecome_root() (push/pop security context) around the initgroups() call to ensure it would succeed. Hmmm - I wonder if this call being done as non-root might explain any "group access" bugs we've had in the past.... Jeremy. (This used to be commit 06a65972e872f37d88b84f22ea714feebd38f6c0)
2000-08-03Added an NT_USER_TOKEN structure that is copied/passed around associatedJeremy Allison1-3/+5
with the current user. This will allow se_access_check() to quickly do a SD check without having to translate uid/gid's to SIDs. Still needs work on pipe calls. Jeremy. (This used to be commit e28d01b744b3dbd33e0e54af4e7f426fa8c082b8)
2000-08-02Started to canonicalize our handling of uid -> sid code in order toJeremy Allison1-10/+13
get ready and fix se_access_check(). Added cannonical lookup_name(), lookup_sid(), uid_to_sid(), gid_to_sid() functions that look via winbind first the fall back on local lookup. All Samba should use these rather than trying to call winbindd code directly. Added NT_USER_TOKEN struct in user_struct, contains list of NT sids associated with this user. se_access_check() should use this (cached) value rather than attempting to do the same thing itself when given a uid/gid pair. More work needs to be done to preserve these things accross security context changes (especially with the tricky pipe problem) but I'm beginning to see how this will be done..... probably by registering a new vuid for an authenticated RPC pipe and not treating the pipe calls specially. More thoughts needed - but we're almost there... Jeremy. (This used to be commit 5e5cc6efe2e4687be59085f562caea1e2e05d0a8)
2000-07-06Moved authenticated pipe user details into a current_user struct.Tim Potter1-1/+1
(This used to be commit 3c4a5f624bfa69eb81d998530d9227e158edd109)
2000-07-03Some more sec_ctx changes. Modified some fields in the pipe_structTim Potter1-1/+2
structure so authenticated pipe users can have their unix groups set when become_authenticated_pipe_user() is called. (This used to be commit 55c9bf124dc661df43bfe582ef14b1297aeaf0fa)
2000-06-23Added return for become_authenticated_pipe_user() function.Tim Potter1-0/+2
(This used to be commit d0f55e04c9400481e4a981431715e167a8246e45)
2000-06-23Moved some static functions to sec_ctx.cTim Potter1-222/+30
Implemented become_root() and friends in terms of push/pop/set security contexts. (This used to be commit 0bcdcd0606fc2b6aba35b03255aad5bb2bd8e848)
2000-05-10more merging voodooAndrew Tridgell1-0/+4
this adds "#define OLD_NTDOMAIN 1" in lots of places. Don't panic - this isn't permanent, it should go after another few merge steps have been done (This used to be commit 92109d7b3c06f240452d39f669ecb8c9c86ab610)
2000-05-02split the username in the vuser structure into a separateAndrew Tridgell1-1/+1
userdom_struct. As the name implies this also contains a domain (unused at the moment). This will be important shortly, as operation in appliance mode needs the domain to be always carried with the username. (This used to be commit ee8546342d5be90e730372b985710d764564b124)
1999-12-13first pass at updating head branch to be to be the same as the SAMBA_2_0 branchAndrew Tridgell1-273/+161
(This used to be commit 453a822a76780063dff23526c35408866d0c0154)
1999-12-12delineation between smb and msrpc more marked. smbd now constructsLuke Leighton1-9/+115
pdus, and then feeds them over either a "local" function call or a "remote" function call to an msrpc service. the "remote" msrpc daemon, on the other side of a unix socket, then calls the same "local" function that smbd would, if the msrpc service were being run from inside smbd. this allows a transition from local msrpc services (inside the same smbd process) to remote (over a unix socket). removed reference to pipes_struct in msrpc services. all msrpc processing functions take rpcsrv_struct which is a structure containing state info for the msrpc functions to decode and create pdus. created become_vuser() which does everything not related to connection_struct that become_user() does. removed, as best i could, connection_struct dependencies from the nt spoolss printing code. todo: remove dcinfo from rpcsrv_struct because this stores NETLOGON-specific info on a per-connection basis, and if the connection dies then so does the info, and that's a fairly serious problem. had to put pretty much everything that is in user_struct into parse_creds.c to feed unix user info over to the msrpc daemons. why? because it's expensive to do unix password/group database lookups, and it's definitely expensive to do nt user profile lookups, not to mention pretty difficult and if you did either of these it would introduce a complication / unnecessary interdependency. so, send uid/gid/num_groups/gid_t* + SID+num_rids+domain_group_rids* + unix username + nt username + nt domain + user session key etc. this is the MINIMUM info identified so far that's actually implemented. missing bits include the called and calling netbios names etc. (basically, anything that can be loaded into standard_sub() and standard_sub_basic()...) (This used to be commit aa3c659a8dba0437c17c60055a6ed30fdfecdb6d)
1999-06-13Moved code that changes the pw_passwd entry (i.e shadow password andTim Potter1-1/+1
weird unixware stuff) into _Get_Pwnam() to fix a memory allocation bug. Note that the Get_Pwnam() function now returns a const struct passwd * as a hint to other developers not to change entries in the struct passwd. (This used to be commit 36d7cb4ccc42268e8e6a7b783c945d1853624958)
1999-04-01Ken McDonell from SGI was interested in adding some profilingAndrew Tridgell1-0/+4
capabilities to Samba so that Samba could talk to the SGI PCP (Performance Co-Pilot) apps. This change adds a profiling shared memory area and uses it to count two fairly trivial things, the number of uid switches and the number of SMB packets processes. To add more just edit include/profile.h and then increment it at the right place. I've also added a -P switch to smbstatus to dump the profile area. (This used to be commit ef3d61a80ad0b87c196a63ef2bd4fe8fc3863bd0)