summaryrefslogtreecommitdiff
path: root/source4/auth/system_session.c
AgeCommit message (Collapse)AuthorFilesLines
2011-06-19s4: fix wrong index usage PRIMARY_USER_SID_INDEX when it should have been ↵Matthieu Patou1-1/+1
PRIMARY_GROUP_SID_INDEX The system account was instanciated with wrong user an group SIDs, group sid resulted being just the domain SID. Bug seems to date from fbe6d155bf177c610ee549cc534650b0f0700e8a. Andrew (B.) please check.
2011-03-22s4:auth/system_session.c - check for OOMMatthias Dieter Wallnöfer1-0/+2
Reviewed-by: Jelmer
2011-02-09s4-auth Rework auth subsystem to remove struct auth_serversupplied_infoAndrew Bartlett1-151/+163
This changes auth_serversupplied_info into the IDL-defined struct auth_user_info_dc. This then in turn contains a struct auth_user_info, which is the only part of the structure that is mainted into the struct session_info. The idea here is to avoid keeping the incomplete results of the authentication (such as session keys, lists of SID memberships etc) in a namespace where it may be confused for the finalised results. Andrew Barltett
2011-01-20s4-auth Remove special case for account_sid from auth_serversupplied_infoAndrew Bartlett1-30/+26
This makes everything reference a server_info->sids list, which is now a struct dom_sid *, not a struct dom_sid **. This is in keeping with the other sid lists in the security_token etc. In the process, I also tidy up the talloc tree (move more structures under their logical parents) and check for some possible overflows in situations with a pathological number of sids. Andrew Bartlett
2010-12-21s4-auth Remove duplicate copies of session_info creation codeAndrew Bartlett1-145/+11
We now just do or do not call into LDB based on some flags. This means there may be some more link time dependencies, but we seem to deal with those better now. Andrew Bartlett
2010-12-21s4-auth rework session_info handling not to require an auth contextAndrew Bartlett1-2/+2
This reverts a previous move to have this based around the auth subsystem, which just spread auth deps all over unrelated code. Andrew Bartlett
2010-08-23s4:security Change struct security_token->sids from struct dom_sid * to ↵Andrew Bartlett1-11/+15
struct dom_sid This makes the structure much more like NT_USER_TOKEN in the source3/ code. (The remaining changes are that privilages still need to be merged) Andrew Bartlett
2010-08-18s4:auth Change {anonymous,system}_session to use common session_info generationAndrew Bartlett1-4/+4
This also changes the primary group for anonymous to be the anonymous SID, and adds code to detect and ignore this when constructing the token. Andrew Bartlett
2010-08-18s4:auth Remove system_session_anon() from python bindingsAndrew Bartlett1-28/+3
2010-08-18s4:auth Remove the system:anonymous parameter used for the LDAP backendAndrew Bartlett1-10/+4
This isn't needed any more, and just introduces complexity.
2010-08-18s4:auth Remove special case constructor for admin_session()Andrew Bartlett1-63/+13
There isn't a good reason why this code is duplicated. Andrew Bartlett
2010-08-18s4:security Remove use of user_sid and group_sid from struct security_tokenAndrew Bartlett1-10/+5
This makes the structure more like Samba3's NT_USER_TOKEN
2010-07-16s4-loadparm: 2nd half of lp_ to lpcfg_ conversionAndrew Tridgell1-7/+7
this converts all callers that use the Samba4 loadparm lp_ calling convention to use the lpcfg_ prefix. Signed-off-by: Andrew Bartlett <abartlet@samba.org>
2010-07-14Fixed system_session_anon to actually make an anonymous sessionNadezhda Ivanova1-1/+1
It seems that because the flag is false, this always used the supplied credentials rhather than establish anonymous connection.
2010-05-21s4:auth Remove un-needed headers.Andrew Bartlett1-1/+0
2010-05-20s4:auth Change auth_generate_session_info to take flagsAndrew Bartlett1-6/+6
This allows us to control what groups should be added in what use cases, and in particular to more carefully control the introduction of the 'authenticated' group. In particular, in the 'service_named_pipe' protocol, we do not have control over the addition of the authenticated users group, so we key of 'is this user the anonymous SID'. This also takes more care to allocate the right length ptoken->sids Andrew Bartlett
2010-04-14s4:auth Change auth_generate_session_info to take an auth contextAndrew Bartlett1-5/+5
The auth context was in the past only for NTLM authentication, but we need a SAM, an event context and and loadparm context for calculating the local groups too, so re-use that infrustructure we already have in place. However, to avoid problems where we may not have an auth_context (in torture tests, for example), allow a simpler 'session_info' to be generated, by passing this via an indirection in gensec and an generate_session_info() function pointer in the struct auth_context. In the smb_server (for old-style session setups) we need to change the async context to a new 'struct sesssetup_context'. This allows us to use the auth_context in processing the authentication reply . Andrew Bartlett
2010-04-14s4:auth Allow the simple 'struct auth_session_info' generator for all usersAndrew Bartlett1-3/+3
This code isn't ideal, but it is better than needing to consult the main SamDB in things like a torture test. Andrew Bartlett
2010-04-11s4:auth Remove event context from anonymous_session()Andrew Bartlett1-5/+114
This should always return a simple structure with no need to consult a DB, so remove the event context, and simplfy to call helper functions that don't look at privilages. Andrew Bartlett
2010-02-25s4:auth - make some parts "signed-safe"Matthias Dieter Wallnöfer1-4/+4
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
2009-10-23s4-dsdb: create a static system_session contextAndrew Tridgell1-5/+20
This patch adds a system_session cache, preventing us from having to recreate it on every ldb open, and allowing us to detect when the same session is being used in ldb_wrap
2009-09-09Added "admin_session" method.Nadezhda Ivanova1-0/+191
The purpose of admin_session is to be able to execute parts of provisioning as the user Administrator in order to have the correct group and owner in the security descriptors. To be used for provisioning and tests only.
2008-11-02Fix the build.Jelmer Vernooij1-0/+1
2008-04-24Add documentation to session token functions.Andrew Bartlett1-3/+4
(This used to be commit ec4a108d1d35cd4bb2170f1bb122546266b9b745)
2007-12-21r26430: require explicit specification of loadparm context.Jelmer Vernooij1-1/+1
(This used to be commit 1b947fe0e6e16318e5a8127bb4932d6b5d20bcf6)
2007-12-21r26252: Specify loadparm_context explicitly when creating sessions.Jelmer Vernooij1-5/+7
(This used to be commit 7280c1e9415daabb2712db1372e23f9846272ede)
2007-12-21r26235: Avoid global_loadparm.Jelmer Vernooij1-3/+5
(This used to be commit e9039782204389cc827e76da319d5ccf6d33be46)
2007-12-21r26234: More global_loadparm fixes.Jelmer Vernooij1-4/+4
(This used to be commit 84892d030de6266fc0f3a699cade960dd5dc37bc)
2007-12-21r26134: Avoid using samdb-dependent functions in auth_system_session.Jelmer Vernooij1-2/+118
(This used to be commit 29c1c96fe0f8cd90ef936fcccef0adf8c09f9b46)
2007-12-21r26127: Move session code out of auth_util.c. No longer making it part of ↵Jelmer Vernooij1-0/+183
auth but making it usable independently will be the next step. (This used to be commit b3fcb8e8103304fede865b02ca5169d5793a571d)