summaryrefslogtreecommitdiff
path: root/source3/smbd/uid.c
AgeCommit message (Collapse)AuthorFilesLines
2008-05-05Remove "userdom_struct user" from "struct user_struct"Volker Lendecke1-4/+7
(This used to be commit 420de035237bb08bc470c9eb820f3da2edaa6805)
2008-05-05Remove the unix token info from "struct user_struct"Volker Lendecke1-5/+5
(This used to be commit aa2299d42adf4d27e707ac755e07be70d0af1bb4)
2008-05-05Remove "nt_user_token" from "struct user_struct"Volker Lendecke1-7/+7
(This used to be commit 51d5d512f28eadc74eced43e5e7f4e5bdff3ff69)
2008-05-05Revert "Fix allocation of conn->vuid_cache entries"Volker Lendecke1-3/+3
This reverts commit 50c891d3dfb75c9f607f7ad2a578aa3ba5d91988. There's more to this code -- sorry for the spam (This used to be commit 6e0e0cb8dd6f57de36c041e2ba4b82feeb357ce8)
2008-05-05Fix allocation of conn->vuid_cache entriesVolker Lendecke1-3/+3
With the old code, if more than VUID_CACHE_SIZE elements were used all new entries ended up in slot 0. With this checkin we do cycle. Jeremy, please revert if the old behaviour was intentional (This used to be commit 50c891d3dfb75c9f607f7ad2a578aa3ba5d91988)
2008-03-17Some simplificationsVolker Lendecke1-2/+3
(This used to be commit b59b436997fba47afd02ffb6f1194dfaef229d44)
2008-03-17Coverity fixesMarc VanHeyningen1-1/+6
(This used to be commit 3fc85d22590550f0539215d020e4411bf5b14363)
2007-10-18RIP BOOL. Convert BOOL -> bool. I found a few interestingJeremy Allison1-10/+10
bugs in various places whilst doing this (places that assumed BOOL == int). I also need to fix the Samba4 pidl generation (next checkin). Jeremy. (This used to be commit f35a266b3cbb3e5fa6a86be60f34fe340a3ca71f)
2007-10-10r23784: use the GPLv3 boilerplate as recommended by the FSF and the license textAndrew Tridgell1-2/+1
(This used to be commit b0132e94fc5fef936aa766fb99a306b3628e9f07)
2007-10-10r23779: Change from v2 or later to v3 or later.Jeremy Allison1-1/+1
Jeremy. (This used to be commit 407e6e695b8366369b7c76af1ff76869b45347b3)
2007-10-10r22978: Don't use current_user to prep the security ctx in change_to_userGerald Carter1-7/+15
since any SID/uid/gid translation calls will reset the struct when popping the security ctx. This should fix the standalone server configuration issues reported by David Rankin (thanks for the logs). (This used to be commit 63cb25bad19d9600399a6ee2221497d71e805320)
2007-10-10r17295: Back out the become_root_uid_only change on the POSIXJeremy Allison1-1/+0
acls code. I'm pretty sure this was safe, but become_root() does other things to the token stack that become_root_uid_only() does not, and as we're going into a vfs redirectred function I decided it wasn't safe for now. Jeremy. (This used to be commit b3e0f45488595aa96c852dab8e1349631a85dded)
2007-10-10r17096: Simplify share_access_check a bit: It takes the sharename instead of ↵Volker Lendecke1-2/+7
the snum, and the decision which token to use (conn or vuser) does not really belong here, it is better done in the two places where this is called. Volker (This used to be commit 0a138888adf7a0f04a38cd911e797e1a379e908b)
2007-10-10r16945: Sync trunk -> 3.0 for 3.0.24 code. Still needJeremy Allison1-2/+2
to do the upper layer directories but this is what everyone is waiting for.... Jeremy. (This used to be commit 9dafb7f48ca3e7af956b0a7d1720c2546fc4cfb8)
2007-10-10r13571: Replace all calls to talloc_free() with thye TALLOC_FREE()Gerald Carter1-2/+2
macro which sets the freed pointer to NULL. (This used to be commit b65be8874a2efe5a4b167448960a4fcf6bd995e2)
2007-10-10r13316: Let the carnage begin....Gerald Carter1-91/+40
Sync with trunk as off r13315 (This used to be commit 17e63ac4ed8325c0d44fe62b2442449f3298559f)
2007-10-10r13293: Rather a big patch I'm afraid, but this should fix bug #3347Jeremy Allison1-15/+15
by saving the UNIX token used to set a delete on close flag, and using it when doing the delete. libsmbsharemodes.so still needs updating to cope with this change. Samba4 torture tests to follow. Jeremy. (This used to be commit 23f16cbc2e8cde97c486831e26bcafd4ab4a9654)
2007-10-10r12916: use rpcstr_pull() instead of unistr_to_ascii() when validating share ↵Gerald Carter1-1/+1
names (This used to be commit c08bc30698eac2f3f5dd8257b4fd7c3e23e6de39)
2007-10-10r12312: Reformatting and a trivial change: is_share_read_only_for_user only usesVolker Lendecke1-14/+22
conn->service, so there's no point in passing down the whole conn struct. Volker (This used to be commit 39041297c771795efaa4292bc6e8020c1a047f32)
2007-10-10r6385: Convert checking of egid and secondary egid list intoJeremy Allison1-0/+23
iterator functions so it can be used easily in a for loop. Drops duplicated code from posix_acls.c Jeremy. (This used to be commit 81f30bf5985f5c6dc8399c4695dfa6f14140fde1)
2007-10-10r2016: Add message to ease access-control-debugging.Günther Deschner1-0/+1
Guenther (This used to be commit bc64bb0d206c54487e372824a14c38a4ba8f3c5a)
2007-10-10r1375: When setting writable=yes in smb.conf and only allow read access in theVolker Lendecke1-0/+7
security descriptor, allow read access. The code failed in this case. Jeremy, could you please cross-check this? The way I understood your code it could only work if smb.conf and secdesc said the same. This made the use of srvmgr a bit difficult.... What was your intention on how to use the share_info.tdb? The current code might check the secdesc twice, but I don't see any decent way around it that does not completely clutter the code. Volker (This used to be commit 7c673bd910e1fcbbf07198f38ceddd81e9064c11)
2007-10-10r762: Fix for #1319 when security > share.Jeremy Allison1-2/+8
Jeremy. (This used to be commit 9fe2240d6b68a2f8a495df585d69ae20c9825d77)
2004-02-13Fixup the 'multiple-vuids' bugs.Jeremy Allison1-12/+76
Jeremy. (This used to be commit f0f7a48327ba1808088bc8c4e5d48b5cbeaeb4e3)
2004-02-08nsswitch/winbindd_util.c:Andrew Bartlett1-11/+0
add static smbd/uid.c: remove unused function Andrew Bartlett (This used to be commit ab25af0e18d883757775a85f005775a79a86dcc8)
2004-02-08Samba hasn't used this function for ages - it's now handled deep in theAndrew Bartlett1-69/+0
auth subsystem. Andrew Bartlett (This used to be commit 5693730594b1a861c7916cac7d156cf6a9d913cd)
2003-08-27Fix bug 327 (again and I think for the last time). Make sure thatGerald Carter1-463/+0
pam_smbpass.so will load ok. Had to move some functions around to work around dependency problems (hence the new passdb/lookup_sid.c) Also make sure that libsmbclient.a is built and installed when we support shared libraries. (This used to be commit 780055f4422f11fb0524ac1f003cdc5f317f8b19)
2003-08-06Spelling.Tim Potter1-1/+1
(This used to be commit 7d009ebf66c82b254828bac267102eb6e6a4a75e)
2003-07-11fix sid_to_[uid|gid] (spotted by Volker).Gerald Carter1-87/+37
Still testing this, but I'm checking it in so Volker can test it as well. Should be right. (This used to be commit 8edf193722f699cc33baed410917a78a5e28d0a4)
2003-07-09Large set of changes to add UNIX account/group managementGerald Carter1-6/+17
to winbindd. See README.idmap-and-winbind-changes for details. (This used to be commit 1111bc7b0c7165e1cdf8d90eb49f4c368d2eded6)
2003-07-09Get rid of DISP_USER_INFO/DISP_GROUP_INFO as they serve no usefulJeremy Allison1-0/+4
purpose. Replace with an array of SAM_ACCOUNT/DOMAIN_GRP entries. ZERO struct's in smbd/uid.c stops core dumps when sid_to_XX functions fail. Getting ready to add caching. Jeremy. (This used to be commit 9d0692a54fe2cb087f25796ec2ab5e1d8433e388)
2003-07-09Ensure we correctly test for errors in uid/gid_to sid.Jeremy Allison1-15/+14
Jeremy. (This used to be commit f3c2e73a8c1c592d407542c12c0a445103415bc0)
2003-07-07Fixed a couple of const issues with the new code.Jeremy Allison1-1/+1
Jeremy. (This used to be commit e9fb6e45086a6170b6f6d5d3295398708ab1af58)
2003-07-07and so it begins....Gerald Carter1-0/+408
* remove idmap_XX_to_XX calls from smbd. Move back to the the winbind_XXX and local_XXX calls used in 2.2 * all uid/gid allocation must involve winbindd now * move flags field around in winbindd_request struct * add WBFLAG_QUERY_ONLY option to winbindd_sid_to_[ug]id() to prevent automatic allocation for unknown SIDs * add 'winbind trusted domains only' parameter to force a domain member server to use matching users names from /etc/passwd for its domain (needed for domain member of a Samba domain) * rename 'idmap only' to 'enable rid algorithm' for better clarity (defaults to "yes") code has been tested on * domain member of native mode 2k domain * ads domain member of native mode 2k domain * domain member of NT4 domain * domain member of Samba domain * Samba PDC running winbindd with trusts Logons tested using 2k clients and smbclient as domain users and trusted users. Tested both 'winbind trusted domains only = [yes|no]' This will be a long week of changes. The next item on the list is winbindd_passdb.c & machine trust accounts not in /etc/passwd (done via winbindd_passdb) (This used to be commit 8266dffab4aedba12a33289ff32880037ce950a8)
2003-05-12And finally IDMAP in 3_0Simo Sorce1-418/+1
We really need idmap_ldap to have a good solution with ldapsam, porting it from the prvious code is beeing made, the code is really simple to do so I am confident it is not a problem to commit this code in. Not committing it would have been worst. I really would have been able to finish also the group code, maybe we can put it into a followin release after 3.0.0 even if it may be an upgrade problem. The code has been tested and seem to work right, more testing is needed for corner cases. Currently winbind pdc (working only for users and not for groups) is disabled as I was not able to make a complete group code replacement that works somewhat in a week (I have a complete patch, but there are bugs) Simo. (This used to be commit 0e58085978f984436815114a2ec347cf7899a89d)
2003-03-27pdb_ldap may require ROOT privilages to access the group mapping. (yes, it's ↵Andrew Bartlett1-0/+2
ugly :-) Andrew Bartlett (This used to be commit 12579a62945d0d475b53c4ab49761a01be9e8394)
2003-02-24Merge of server-side authentication changes to 3.0:Andrew Bartlett1-2/+2
- user_ok() and user_in_group() now take a list of groups, instead of looking for the user in the members of all groups. - The 'server_info' returned from the authentication is now kept around - in future we won't copy the sesion key, username etc, we will just referece them directly. - rhosts upgraded to use the SAM if possible, otherwise fake up based on getpwnam(). - auth_util code to deal with groups upgraded to deal with non-winbind domain members again. Andrew Bartlett (This used to be commit 74b5436c75114170ce7c780c19226103d0df9060)
2003-02-19Fix inspired by Stefan (metze) Metzmacher - cache the sidtype also.Jeremy Allison1-19/+27
Jeremy. (This used to be commit efc92697801f5e62a89eda33e1826094c096900f)
2003-02-12Added code based on Michael Steffens <michael.steffens@hp.com> uid/gidJeremy Allison1-1/+205
caching code. Reduces load on winbindd. Probably should be moved to use gencache at some future date. Jeremy. (This used to be commit f2674d1ac94fd5928754b8176cdd65eda50bf66e)
2002-11-12Removed global_myworkgroup, global_myname, global_myscope. Added liberalJeremy Allison1-4/+2
dashes of const. This is a rather large check-in, some things may break. It does compile though :-). Jeremy. (This used to be commit f755711df8f74f9b8e8c1a2b0d07d02a931eeb89)
2002-11-01Merges from HEAD:Andrew Bartlett1-0/+2
- off-by-one fix - fixes warnings about insufficent space in buffer. - fix a memleak in uid.c - we forgot to free() the allocated struct. (This used to be commit b8951a6551b352e4aac7e8b0ecf7fec3f2d9634e)
2002-10-23First cut of new ACL mapping code from Andreas Gruenbacher <agruen@suse.de>.Jeremy Allison1-1/+1
This is not 100% the same as what SuSE shipped in their Samba, there is a crash bug fix, a race condition fix, and a few logic changes I'd like to discuss with Andreas. Added Andreas to (C) notices for posix_acls.c Jeremy. (This used to be commit 40eafb9dde113af9f7f1808fda22908953f7e8c3)
2002-09-25sync'ing up for 3.0alpha20 releaseGerald Carter1-18/+24
(This used to be commit 65e7b5273bb58802bf0c389b77f7fcae0a1f6139)
2002-08-17Sync 3.0 branch with headJelmer Vernooij1-39/+47
(This used to be commit 42615b945e2e48e53a21ea47f2e45407913a6a1e)
2002-07-15updated the 3.0 branch from the head branch - ready for alpha18Andrew Tridgell1-7/+8
(This used to be commit 03ac082dcb375b6f3ca3d810a6a6367542bc23ce)
2002-04-12merged the mangling test and passdb bugfixes into SAMBA_3_0Andrew Tridgell1-5/+15
(This used to be commit 97eb3a121d33200ee7559b2413d6252efc04ebaf)
2002-03-13if we know that the SID is local then don't try via winbinddAndrew Tridgell1-0/+5
(This used to be commit 1a8f3ba3ab7717c481e3fb4f1ea8938461160d09)
2002-03-13fixed mapping of SIDs for local usersAndrew Tridgell1-1/+1
(This used to be commit df9e345366078ccaa94df7c2f2e33b292605e88a)
2002-03-05Fixed compiler warning about unused variables.Tim Potter1-5/+5
(This used to be commit 7bb0dda8ee1d61a0e8448070f1a71fcd13be5d40)
2002-02-27this allows us to support foreign SIDs in winbindd and smbdAndrew Tridgell1-2/+13
this means "xcopy /o" has a chance of working with ACLs that contain ACEs that use SIDs that the Samba server has no knowledge of. It's a bit hackish, Tim, can you look at my uid.c changes? (This used to be commit fe2db3148587937aa7b674c1c99036d42a3776b3)