summaryrefslogtreecommitdiff
path: root/source3/smbd/uid.c
AgeCommit message (Collapse)AuthorFilesLines
2010-10-12libcli/security Provide a common, top level libcli/security/security.hAndrew Bartlett1-0/+1
This will reduce the noise from merges of the rest of the libcli/security code, without this commit changing what code is actually used. This includes (along with other security headers) dom_sid.h and security_token.h Andrew Bartlett Autobuild-User: Andrew Bartlett <abartlet@samba.org> Autobuild-Date: Tue Oct 12 05:54:10 UTC 2010 on sn-devel-104
2010-09-26s3: Remove talloc_autofree_context() from change_to_guest()Volker Lendecke1-1/+1
pass is freed at the exit of this routine
2010-09-11s3:auth Remove NT_USER_TOKENAndrew Bartlett1-1/+1
The all UPPER case typedef is no longer the preferred Samba style and this makes it easier to see that this is the IDL-derivied structure Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-08-31s3-auth Rename NT_USER_TOKEN user_sids -> sidsAndrew Bartlett1-2/+2
This is closer to the struct security_token from security.idl
2010-08-06s3-netlogon: remove global include of netlogon.h.Günther Deschner1-0/+1
This reduces precompiled headers by another 4 MB and also slightly speeds up the build. Guenther
2010-07-28s3-uid: Use struct pipes_struct.Andreas Schneider1-1/+1
2010-06-12s3: Remove smbd_server_conn from change_to_userVolker Lendecke1-2/+1
2010-05-28s3:auth use info3 in auth_serversupplied_infoSimo Sorce1-3/+3
Signed-off-by: Günther Deschner <gd@samba.org>
2010-03-15Remove the bool admin_user from conn struct. We no longer look at this to ↵Jeremy Allison1-5/+5
make access decisions. Jeremy.
2010-03-15Simplify processing of "admin user". If a user is an admin_user ensure their ↵Jeremy Allison1-15/+14
conn token is uid 0. This simplifies change_to_user() and removes special processing of the assignments we pass to set_sec_ctx(). Jeremy.
2010-03-15Add accessor functions for current uid, gid, unix token, NT token and vuid.Jeremy Allison1-0/+43
Jeremy.
2010-03-15Rever e80ceb1d7355c8c46a2ed90d5721cf367640f4e8 "Remove more uses of "extern ↵Jeremy Allison1-57/+15
struct current_user current_user;"." As requested by Volker, split this into smaller commits. Jeremy.
2010-03-12Remove more uses of "extern struct current_user current_user;".Jeremy Allison1-16/+58
Use accessor functions to get to this value. Tidies up much of the user context code. Volker, please look at the changes in smbd/uid.c to familiarize yourself with these changes as I think they make the logic in there cleaner. Cause smbd/posix_acls.c code to look at current user context, not stored context on the conn struct - allows correct use of these function calls under a become_root()/unbecome_root() pair. Jeremy.
2009-06-03s3:smbd: move more session specific globals to struct smbd_server_connectionStefan Metzmacher1-1/+2
metze
2009-05-04Fix bug #6315 smbd crashes doing vfs_full_audit on IPC$ close event.Jeremy Allison1-3/+44
The underlying problem is that once SMBulogoff is called, all server_info contexts associated with the vuid should become invalid, even if that's the context being currently used by the connection struct (tid). When the SMBtdis comes in it doesn't need a valid vuid value, but the code called inside vfs_full_audit always assumes that there is one (and hence a valid conn->server_info pointer) available. This is actually a bug inside the vfs_full_audit and other code inside Samba, which should only indirect conn->server_info on calls which require AS_USER to be set in our process table. I could fix all these issues, but there's no guarentee that someone might not add more code that fails this assumption, as it's a hard assumption to break (it's usually true). So what I've done is to ensure that on SMBulogoff the previously used conn->server_info struct is kept around to be used for print debugging purposes (it won't be used to change to an invalid user context, as such calls need AS_USER set). This isn't strictly correct, as there's no association with the (now invalid) context being freed and the call that causes conn->server_info to be indirected, but it's good enough for most cases. The hard part was to ensure that once a valid context is used again (via new sessionsetupX calls, or new calls on a still valid vuid on this tid) that we don't leak memory by simply replacing the stored conn->server_info pointer. We would never actually leak the memory (as all conn->server_info pointers are talloc children of conn), but with the previous patch a malicious client could cause many server_info structs to be talloced by the right combination of SMB calls. This new patch introduces free_conn_server_info_if_unused(), which protects against the above. Jeremy.
2009-04-16Fix bug found by Tim Prouty, logging off and then re-using a vuid can cause ↵Jeremy Allison1-0/+11
smbd to access a freed structure. Jeremy.
2009-03-03Fix bug #6155 - "force group" is no longer working as expected.Jeremy Allison1-3/+8
We need to store the "force group" uid separately from the conn->server_info token as we need to apply it separately also. Volker PLEASE CHECK ! Jeremy.
2009-01-08s3:smbd: move all globals and static variables in globals.[ch]Stefan Metzmacher1-10/+1
The goal is to move all this variables into a big context structure. metze
2009-01-08s3:smbd: remove pointless static variable in uid.cStefan Metzmacher1-7/+4
We always free the value at the end of the function, so we don't need a static variable to hold just NULL for the time the function isn't executed. metze
2008-12-04Fix bug #1254 - write list not working under share-level securityJeremy Allison1-35/+46
A somewhat more elegant fix than I could use for 3.2.x or 3.0.x. Turns out the only part of check_user_ok() that needs to change for share level security is the VUID cache pieces, so I can just always use check_user_ok() for all lp_security() cases. Jeremy
2008-11-24Get rid of pipes_struct->pipe_user, we have server_info now --- YESSS!Volker Lendecke1-3/+3
2008-11-17Fix bug #5900 reported by monyo@samba.gr.jp - vfs_readonly.so does not work.Jeremy Allison1-1/+2
Jeremy.
2008-11-06Make us clean under valgrind --leak-check=full by using ↵Jeremy Allison1-1/+1
talloc_autofree_context() instead of NULL. Remove the code in memcache that does a TALLOC_FREE on stored pointers. That's a disaster waiting to happen. If you're storing talloc'ed pointers, you can't know their lifecycle and they should be deleted when their parent context is deleted, so freeing them at some arbitrary point later will be a double-free. Jeremy.
2008-06-19Wrap the unix token info in a unix_user_token in auth_serversupplied_infoVolker Lendecke1-13/+14
No functional change, this is a preparation for more current_user ref removal (This used to be commit dcaedf345e62ab74ea87f0a3fa1e3199c75c5445)
2008-06-14Move connection-specific vuid cache clear to uid.cVolker Lendecke1-0/+22
(This used to be commit 1025f687910ce40283c7344ed67ebd5bf31217b7)
2008-06-14Slight refactoring for check_user_ok: It only needs vuid and server_infoVolker Lendecke1-20/+18
(This used to be commit 68944ea1ea7a0a63b08cbfc703f5ee29d2627696)
2008-06-14Group the access checks together in check_user_ok()Volker Lendecke1-6/+8
(This used to be commit 45662b5e8b3c7bc39cb33c5d7deb7e9a91f30a8b)
2008-06-14Consistently use snum in check_user_okVolker Lendecke1-2/+2
Most already used it, these two still used SNUM(conn), where the only caller of this routine (change_to_user) had set snum = SNUM(conn). (This used to be commit b14e59bfdbfb62494002e22d0665c4d420484245)
2008-06-14Compare the pointer "vuser" to NULL, not 0Volker Lendecke1-1/+1
(This used to be commit 5c916549f002d5e4e06f24d396a2bdca73d384c7)
2008-05-25Remove the reference to current_user_info from share_access.cVolker Lendecke1-2/+7
This required to pass around the domain a bit (This used to be commit 17b0db20d28d1b737c5e86b78106657e8ca5ce9c)
2008-05-11With force user, we have the same base token for all vuidsVolker Lendecke1-1/+9
(This used to be commit 0f19bc3f65bfc132aea1de1e76fcb4ee625a050f)
2008-05-10Remove the unix token info from connection_structVolker Lendecke1-8/+8
(This used to be commit 2834dacc8d49f77fe55fb5d7e3eb2dda431d1d3d)
2008-05-10Replace nt_user_token with server_info in connection_structVolker Lendecke1-30/+28
(This used to be commit a3738aef59e97d4533010b048534d937d36c0950)
2008-05-10Empty some nonempty blank linesVolker Lendecke1-18/+18
(This used to be commit 1a406def02bf171b223467d6b76317586d6205fc)
2008-05-10Make use of talloc_tos() in change_to_user()Volker Lendecke1-1/+1
(This used to be commit c4bed3a48b86d44ad641250add2fc189af7e72f5)
2008-05-10Next try at making the vuid cache circularVolker Lendecke1-7/+7
Jeremy, please check! (This used to be commit a34f73521712e3820d417f0d9ed811723b7681d6)
2008-05-06Remove some unused codeVolker Lendecke1-23/+0
(This used to be commit 87383a4605ab99d32fccae7793dc5292b8f3e25b)
2008-05-05Remove "userdom_struct user" from "struct user_struct"Volker Lendecke1-4/+7
(This used to be commit 420de035237bb08bc470c9eb820f3da2edaa6805)
2008-05-05Remove the unix token info from "struct user_struct"Volker Lendecke1-5/+5
(This used to be commit aa2299d42adf4d27e707ac755e07be70d0af1bb4)
2008-05-05Remove "nt_user_token" from "struct user_struct"Volker Lendecke1-7/+7
(This used to be commit 51d5d512f28eadc74eced43e5e7f4e5bdff3ff69)
2008-05-05Revert "Fix allocation of conn->vuid_cache entries"Volker Lendecke1-3/+3
This reverts commit 50c891d3dfb75c9f607f7ad2a578aa3ba5d91988. There's more to this code -- sorry for the spam (This used to be commit 6e0e0cb8dd6f57de36c041e2ba4b82feeb357ce8)
2008-05-05Fix allocation of conn->vuid_cache entriesVolker Lendecke1-3/+3
With the old code, if more than VUID_CACHE_SIZE elements were used all new entries ended up in slot 0. With this checkin we do cycle. Jeremy, please revert if the old behaviour was intentional (This used to be commit 50c891d3dfb75c9f607f7ad2a578aa3ba5d91988)
2008-03-17Some simplificationsVolker Lendecke1-2/+3
(This used to be commit b59b436997fba47afd02ffb6f1194dfaef229d44)
2008-03-17Coverity fixesMarc VanHeyningen1-1/+6
(This used to be commit 3fc85d22590550f0539215d020e4411bf5b14363)
2007-10-18RIP BOOL. Convert BOOL -> bool. I found a few interestingJeremy Allison1-10/+10
bugs in various places whilst doing this (places that assumed BOOL == int). I also need to fix the Samba4 pidl generation (next checkin). Jeremy. (This used to be commit f35a266b3cbb3e5fa6a86be60f34fe340a3ca71f)
2007-10-10r23784: use the GPLv3 boilerplate as recommended by the FSF and the license textAndrew Tridgell1-2/+1
(This used to be commit b0132e94fc5fef936aa766fb99a306b3628e9f07)
2007-10-10r23779: Change from v2 or later to v3 or later.Jeremy Allison1-1/+1
Jeremy. (This used to be commit 407e6e695b8366369b7c76af1ff76869b45347b3)
2007-10-10r22978: Don't use current_user to prep the security ctx in change_to_userGerald Carter1-7/+15
since any SID/uid/gid translation calls will reset the struct when popping the security ctx. This should fix the standalone server configuration issues reported by David Rankin (thanks for the logs). (This used to be commit 63cb25bad19d9600399a6ee2221497d71e805320)
2007-10-10r17295: Back out the become_root_uid_only change on the POSIXJeremy Allison1-1/+0
acls code. I'm pretty sure this was safe, but become_root() does other things to the token stack that become_root_uid_only() does not, and as we're going into a vfs redirectred function I decided it wasn't safe for now. Jeremy. (This used to be commit b3e0f45488595aa96c852dab8e1349631a85dded)
2007-10-10r17096: Simplify share_access_check a bit: It takes the sharename instead of ↵Volker Lendecke1-2/+7
the snum, and the decision which token to use (conn or vuser) does not really belong here, it is better done in the two places where this is called. Volker (This used to be commit 0a138888adf7a0f04a38cd911e797e1a379e908b)