Age | Commit message (Collapse) | Author | Files | Lines |
|
Signed-off-by: Stefan Metzmacher <metze@samba.org>
|
|
The become_root() and similar 'smbd' functions that are used widely in
Samba libraries had 'dummy' copies in dummysmbd.c and dummyroot.c.
These have been replaced by a runtime plugin mechanim, which ensures
that standlone binaries still do nothing, while in smbd the correct
function is used.
This avoids having these as duplicate symbols in the smbd binary,
which can cause unpredictable behaviour.
Andrew Bartlett
Signed-off-by: Andrew Tridgell <tridge@samba.org>
|
|
The idea with this split is to make it easier to handle dependencies,
avoiding having the loadparm code depend on the global server
variables, without resorting to dummy functions and linker tricks.
conn_clear_vuid_cache() is brought in from uid.c to make it static
Andrew Bartlett
|
|
Guenther
|
|
This uses the provided session_info instead of searching the user via
the vuid. This is useful to work with fake connnection you need to
create if someone connects directly to a rpc service.
Signed-off-by: Jeremy Allison <jra@samba.org>
|
|
Signed-off-by: Jeremy Allison <jra@samba.org>
|
|
Guenther
|
|
Guenther
|
|
Guenther
|
|
Guenther
|
|
Guenther
|
|
|
|
|
|
These variables, of type struct auth_serversupplied_info were poorly
named when added into 2001, and in good consistant practice, this has
extended all over the codebase in the years since.
The structure is also not ideal for it's current purpose. Originally
intended to convey the results of the authentication modules, it
really describes all the essential attributes of a session. This
rename will reduce the volume of a future patch to replaced these with
a struct auth_session_info, with auth_serversupplied_info confined to
the lower levels of the auth subsystem, and then eliminated.
(The new structure will be the output of create_local_token(), and the
change in struct definition will ensure that this is always run, populating
local groups and privileges).
Andrew Bartlett
Signed-off-by: Stefan Metzmacher <metze@samba.org>
|
|
This will allow the auth_serversupplied_info struct to be migrated
to auth_session_info easier.
Adnrew Bartlett
Signed-off-by: Andrew Tridgell <tridge@samba.org>
|
|
|
|
lookups go
through Get_Pwnam_alloc(), which is the correct wrapper function. We were using
it *some* of the time anyway, so this just makes us properly consistent.
Jeremy.
Autobuild-User: Jeremy Allison <jra@samba.org>
Autobuild-Date: Wed Oct 20 16:02:12 UTC 2010 on sn-devel-104
|
|
This will reduce the noise from merges of the rest of the
libcli/security code, without this commit changing what code
is actually used.
This includes (along with other security headers) dom_sid.h and
security_token.h
Andrew Bartlett
Autobuild-User: Andrew Bartlett <abartlet@samba.org>
Autobuild-Date: Tue Oct 12 05:54:10 UTC 2010 on sn-devel-104
|
|
pass is freed at the exit of this routine
|
|
The all UPPER case typedef is no longer the preferred Samba style
and this makes it easier to see that this is the IDL-derivied structure
Andrew Bartlett
Signed-off-by: Andrew Tridgell <tridge@samba.org>
|
|
This is closer to the struct security_token from security.idl
|
|
This reduces precompiled headers by another 4 MB and also slightly speeds up the
build.
Guenther
|
|
|
|
|
|
Signed-off-by: Günther Deschner <gd@samba.org>
|
|
make access decisions.
Jeremy.
|
|
conn token is uid 0.
This simplifies change_to_user() and removes special processing of the assignments
we pass to set_sec_ctx().
Jeremy.
|
|
Jeremy.
|
|
struct current_user current_user;"."
As requested by Volker, split this into smaller commits.
Jeremy.
|
|
Use accessor functions to get to this value. Tidies up much of
the user context code. Volker, please look at the changes in smbd/uid.c
to familiarize yourself with these changes as I think they make the
logic in there cleaner.
Cause smbd/posix_acls.c code to look at current user context, not
stored context on the conn struct - allows correct use of these
function calls under a become_root()/unbecome_root() pair.
Jeremy.
|
|
metze
|
|
The underlying problem
is that once SMBulogoff is called, all server_info contexts associated with the
vuid should become invalid, even if that's the context being currently used by
the connection struct (tid). When the SMBtdis comes in it doesn't need a valid
vuid value, but the code called inside vfs_full_audit always assumes that there
is one (and hence a valid conn->server_info pointer) available.
This is actually a bug inside the vfs_full_audit and other code inside Samba,
which should only indirect conn->server_info on calls which require AS_USER to
be set in our process table. I could fix all these issues, but there's no
guarentee that someone might not add more code that fails this assumption, as
it's a hard assumption to break (it's usually true).
So what I've done is to ensure that on SMBulogoff the previously used
conn->server_info struct is kept around to be used for print debugging purposes
(it won't be used to change to an invalid user context, as such calls need
AS_USER set). This isn't strictly correct, as there's no association with the
(now invalid) context being freed and the call that causes conn->server_info to
be indirected, but it's good enough for most cases.
The hard part was to ensure that once a valid context is used again (via new
sessionsetupX calls, or new calls on a still valid vuid on this tid) that we
don't leak memory by simply replacing the stored conn->server_info pointer. We
would never actually leak the memory (as all conn->server_info pointers are
talloc children of conn), but with the previous patch a malicious client could
cause many server_info structs to be talloced by the right combination of SMB
calls. This new patch introduces free_conn_server_info_if_unused(), which
protects against the above.
Jeremy.
|
|
smbd to
access a freed structure.
Jeremy.
|
|
We need to store the "force group" uid separately from the
conn->server_info token as we need to apply it separately also.
Volker PLEASE CHECK !
Jeremy.
|
|
The goal is to move all this variables into a big context structure.
metze
|
|
We always free the value at the end of the function,
so we don't need a static variable to hold just NULL
for the time the function isn't executed.
metze
|
|
A somewhat more elegant fix than I could use for 3.2.x or 3.0.x.
Turns out the only part of check_user_ok() that needs to change
for share level security is the VUID cache pieces, so I can just
always use check_user_ok() for all lp_security() cases.
Jeremy
|
|
|
|
Jeremy.
|
|
talloc_autofree_context() instead of NULL.
Remove the code in memcache that does a TALLOC_FREE on stored pointers. That's a disaster waiting
to happen. If you're storing talloc'ed pointers, you can't know their lifecycle and they should
be deleted when their parent context is deleted, so freeing them at some arbitrary point later
will be a double-free.
Jeremy.
|
|
No functional change, this is a preparation for more current_user ref removal
(This used to be commit dcaedf345e62ab74ea87f0a3fa1e3199c75c5445)
|
|
(This used to be commit 1025f687910ce40283c7344ed67ebd5bf31217b7)
|
|
(This used to be commit 68944ea1ea7a0a63b08cbfc703f5ee29d2627696)
|
|
(This used to be commit 45662b5e8b3c7bc39cb33c5d7deb7e9a91f30a8b)
|
|
Most already used it, these two still used SNUM(conn), where the only caller of
this routine (change_to_user) had set snum = SNUM(conn).
(This used to be commit b14e59bfdbfb62494002e22d0665c4d420484245)
|
|
(This used to be commit 5c916549f002d5e4e06f24d396a2bdca73d384c7)
|
|
This required to pass around the domain a bit
(This used to be commit 17b0db20d28d1b737c5e86b78106657e8ca5ce9c)
|
|
(This used to be commit 0f19bc3f65bfc132aea1de1e76fcb4ee625a050f)
|
|
(This used to be commit 2834dacc8d49f77fe55fb5d7e3eb2dda431d1d3d)
|
|
(This used to be commit a3738aef59e97d4533010b048534d937d36c0950)
|