summaryrefslogtreecommitdiff
path: root/source3/smbd/password.c
Commit message (Collapse)AuthorAgeFilesLines
* smbd: RIP user_structRalph Boehme2020-01-131-37/+0
| | | | | | | | | | At last, the nail in the coffin. :) Signed-off-by: Ralph Boehme <slow@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> Autobuild-User(master): Jeremy Allison <jra@samba.org> Autobuild-Date(master): Mon Jan 13 21:09:01 UTC 2020 on sn-devel-184
* smbd: remove enum server_allocated_state magic from get_valid_user_struct()Ralph Boehme2020-01-131-36/+9
| | | | | | | | This has been obsoleted a long time ago by a129e271b5385853fb39a8e54b56b508b00a3e41. Signed-off-by: Ralph Boehme <slow@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* smbd: use get_valid_smbXsrv_session() in invalidate_vuid()Ralph Boehme2020-01-131-1/+8
| | | | | Signed-off-by: Ralph Boehme <slow@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* smbd: use session->global->session_wire_id instead of session->compat->vuidRalph Boehme2020-01-131-1/+1
| | | | | | | | | session->compat->vuid is set to session->global->session_wire_id after a successful session setup, so both variables will always carry the same value. Cf the next commit which removes vuid from user_struct. Signed-off-by: Ralph Boehme <slow@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* smbdotconf: mark "path" with substitution="1"Ralph Boehme2019-11-271-1/+3
| | | | | Signed-off-by: Ralph Boehme <slow@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
* s3:smbd: Make sure we do not export "/" (root) as home dirAndreas Schneider2018-12-051-0/+7
| | | | | | | | | If "/" (root) is returned as the home directory, prevent exporting it. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13699 Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Ralph Böhme <slow@samba.org>
* wscript: drop checks for setnetgrent/endnetgrent/getnetgrentBjörn Jacke2018-02-211-11/+0
| | | | | | | | we don't use setnetgrent/endnetgrent/getnetgrent since security share passed away. Signed-off-by: Bjoern Jacke <bjacke@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
* loadparm: rename lp[cfg]_pathname to lp[cfg]_path for consistency with docsMichael Adam2014-02-031-1/+1
| | | | | | | Signed-off-by: Michael Adam <obnox@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Garming Sam <garming@catalyst.net.nz>
* s3:smbd: pass smbXsrv_session instead of user_struct to session_claim() and ↵Gregor Beck2012-10-191-1/+1
| | | | | | | session_yield() Signed-off-by: Stefan Metzmacher <metze@samba.org> Signed-off-by: Michael Adam <obnox@samba.org>
* loadparm: make the source3/ lp_ functions take an explicit TALLOC_CTX *.Rusty Russell2012-07-181-1/+1
| | | | | | | | | | They use talloc_tos() internally: hoist that up to the callers, some of whom don't want to us talloc_tos(). A simple patch, but hits a lot of files. Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
* s3:smbd: remove now unused invalidate_all_vuids()Stefan Metzmacher2012-06-251-9/+0
| | | | | | Pair-Programmed-With: Michael Adam <obnox@samba.org> metze
* s3:smbd: make use of smbXsrv_session for smb1Stefan Metzmacher2012-06-251-193/+1
| | | | | | Pair-Programmed-With: Michael Adam <obnox@samba.org> metze
* s3:smbd: make use of smbXsrv_tcon and smbXsrv_session for smb2Stefan Metzmacher2012-06-251-0/+1
| | | | | | | | | The removes the protocol specific smbd_smb2_session and smbd_smb2_tcon. Pair-Programmed-With: Michael Adam <obnox@samba.org> metze
* s3:smbd: change user_struct->vuid to uint64_tStefan Metzmacher2012-06-061-14/+15
| | | | | | | | | | Only sconn->smb1.sessions.next_vuid remains as uint16_t, so that we do not generate larger values yet. metze Autobuild-User: Stefan Metzmacher <metze@samba.org> Autobuild-Date: Wed Jun 6 12:07:33 CEST 2012 on sn-devel-104
* s3:smbd: use 'struct user_struct' instead of typedef'ed 'user_struct'Stefan Metzmacher2012-06-061-8/+8
| | | | metze
* s3: Fix a segfault with debug level 3 on SolarisVolker Lendecke2012-04-121-1/+2
| | | | printf can not deal with NULL strings
* s3:smbd: keep 'num_users' and 'users' directly under smbd_server_connectionStefan Metzmacher2012-03-061-11/+11
| | | | | | | The plan is to have users_struct as some kind of low level abstraction for a smb1/smb2 session, that can be used by SMB_VFS modules. metze
* s3-auth: Remove security=share (depricated since 3.6).Andrew Bartlett2012-03-041-397/+0
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This patch removes security=share, which Samba implemented by matching the per-share password provided by the client in the Tree Connect with a selection of usernames supplied by the client, the smb.conf or guessed from the environment. The rationale for the removal is that for the bulk of security=share users, we just we need a very simple way to run a 'trust the network' Samba server, where users mark shares as guest ok. This is still supported, and the smb.conf options are documented at https://wiki.samba.org/index.php/Public_Samba_Server At the same time, this closes the door on one of the most arcane areas of Samba authentication. Naturally, full user-name/password authentication remain available in security=user and above. This includes documentation updates for username and only user, which now only do a small amount of what they used to do. Andrew Bartlett -------------- / \ / REST \ / IN \ / PEACE \ / \ | SEC_SHARE | | security=share | | | | | | 5 March | | | | 2012 | *| * * * | * _________)/\\_//(\/(/\)/\//\/\///|_)_______
* s3-auth use gensec directly rather than via auth_generic_stateAndrew Bartlett2012-01-051-2/+2
| | | | | | | | | This is possible because the s3 gensec modules are started as normal gensec modules, so we do not need a wrapper any more. Andrew Bartlett Signed-off-by: Stefan Metzmacher <metze@samba.org>
* s3-auth set session_info->sanitized_username in create_local_token()Andrew Bartlett2011-08-031-9/+1
| | | | | | | | | | | Rather than passing this value around the callers, and eventually setting it in register_existing_vuid(), we simply pass it to create_local_token(). This also removes the need for auth_ntlmssp_get_username(). Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org>
* s3-auth Remove seperate guest booleanAndrew Bartlett2011-07-201-3/+6
| | | | | | | | | | Instead, we base our guest calculations on the presence or absense of the authenticated users group in the token, ensuring that we have only one canonical source of this important piece of authorization data Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org>
* s3-auth Use the common auth_session_infoAndrew Bartlett2011-07-201-1/+1
| | | | | | | | | | | This patch finally has the same structure being used to describe the authorization data of a user across the whole codebase. This will allow of our session handling to be accomplished with common code. Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org>
* s3-auth use auth_user_info not netr_SamInfo3 in auth3_session_infoAndrew Bartlett2011-07-201-3/+3
| | | | | | | | | | | | This makes auth3_session_info identical to auth_session_info The logic to convert the info3 to a struct auth_user_info is essentially moved up the stack from the named pipe proxy in source3/rpc_server to create_local_token(). Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org>
* s3-auth Use guest boolean in auth_user_info_unixAndrew Bartlett2011-07-201-3/+3
| | | | Signed-off-by: Andrew Tridgell <tridge@samba.org>
* s3-auth Use struct auth_user_info_unix for unix_name and sanitized_usernameAndrew Bartlett2011-07-201-9/+10
| | | | | | | | This is closer to the layout of struct auth_session_info in auth.idl Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org>
* s3-auth Use *unix_token rather than utok in struct auth3_session_infoAndrew Bartlett2011-07-201-3/+9
| | | | | | | | | | | | | | | | This brings this structure one step closer to the struct auth_session_info. A few SMB_ASSERT calls are added in some key places to ensure that this pointer is initialised, to make tracing any bugs here easier in future. NOTE: Many of the users of this structure should be reviewed, as unix and NT access checks are mixed in a way that should just be done using the NT ACL. This patch has not changed this behaviour however. Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org>
* s3-auth Use struct auth3_session_info outside the auth subsystemAndrew Bartlett2011-07-201-1/+1
| | | | | | | | | | | | | | | This seperation between the structure used inside the auth modules and in the wider codebase allows for a gradual migration from struct auth_serversupplied_info -> struct auth_session_info (from auth.idl) The idea here is that we keep a clear seperation between the structure before and after the local groups, local user lookup and the session key modifications have been processed, as the lack of this seperation has caused issues in the past. Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org>
* s3-auth: Pass the remote_address down to user_info.Andreas Schneider2011-07-041-4/+12
| | | | Signed-off-by: Andrew Bartlett <abartlet@samba.org>
* s3-auth: fixed bug with usernames longer than sizeof(char *)Andrew Tridgell2011-05-061-3/+3
| | | | | | | | | | | | using sizeof(user) when user is "fstring user" as a C parameter actually returns sizeof(char *), which means that long usernames aren't allowed. Jeremy, you need a longer username :-) Cheers, Tridge Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
* Fix warning messages caused by addition of null check in fstrcpy macro.Jeremy Allison2011-05-041-3/+3
|
* Fix off-by-one when used with safe_strcpy.Jeremy Allison2011-05-041-1/+1
|
* s3-auth Rename user_session_key -> session_key to match auth_session_infoAndrew Bartlett2011-04-051-1/+1
|
* s3-auth: smbd needs auth.hGünther Deschner2011-03-301-0/+1
| | | | Guenther
* s3: include smbd/smbd.h where needed.Günther Deschner2011-03-301-0/+1
| | | | Guenther
* s3-includes: only include system/passwd.h when needed.Günther Deschner2011-03-301-0/+1
| | | | Guenther
* s3-auth Rename auth_serversupplied_info varaiables: server_info -> session_infoAndrew Bartlett2011-02-221-26/+26
| | | | | | | | | | | | | | | | | | | | | These variables, of type struct auth_serversupplied_info were poorly named when added into 2001, and in good consistant practice, this has extended all over the codebase in the years since. The structure is also not ideal for it's current purpose. Originally intended to convey the results of the authentication modules, it really describes all the essential attributes of a session. This rename will reduce the volume of a future patch to replaced these with a struct auth_session_info, with auth_serversupplied_info confined to the lower levels of the auth subsystem, and then eliminated. (The new structure will be the output of create_local_token(), and the change in struct definition will ensure that this is always run, populating local groups and privileges). Andrew Bartlett Signed-off-by: Stefan Metzmacher <metze@samba.org>
* s3-auth Rename cryptic 'ptok' to security_tokenAndrew Bartlett2011-02-101-1/+1
| | | | | | | | | This will allow the auth_serversupplied_info struct to be migrated to auth_session_info easier. Adnrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org>
* Remove fstring from map_username. Create a more sane interface than the ↵Jeremy Allison2010-11-101-3/+3
| | | | | | called-parameter-is-modified. Jeremy.
* Make getpwnam_alloc() static to lib/username.c, and ensure all username ↵Jeremy Allison2010-10-201-1/+1
| | | | | | | | | | | | lookups go through Get_Pwnam_alloc(), which is the correct wrapper function. We were using it *some* of the time anyway, so this just makes us properly consistent. Jeremy. Autobuild-User: Jeremy Allison <jra@samba.org> Autobuild-Date: Wed Oct 20 16:02:12 UTC 2010 on sn-devel-104
* s3: Remove smbd_server_fd() from session_claimVolker Lendecke2010-08-171-1/+1
|
* s3-netlogon: remove global include of netlogon.h.Günther Deschner2010-08-061-0/+1
| | | | | | | This reduces precompiled headers by another 4 MB and also slightly speeds up the build. Guenther
* s3-auth: Use talloc hierarchies to properly free auth_ntlmssp_state contextsSimo Sorce2010-07-191-1/+1
| | | | | | | Turn auth_ntlmssp_end into a destructor and attach it to auth_ntlmssp_state. Remote auth_ntlmssp_end and use TALLOC_FREE in the callers. Signed-off-by: Andrew Bartlett <abartlet@samba.org>
* s3: Remove procid_self() from session_claim()Volker Lendecke2010-07-051-1/+1
|
* s3-waf: Work around missing *netgrent prototypes on OSX 10.4Kai Blin2010-06-171-0/+11
|
* s3: Remove smbd_server_conn from register_existing_vuidVolker Lendecke2010-06-121-2/+2
|
* Rename "allow_smb2" -> "using_smb2" and make the usage clearer.Jeremy Allison2010-06-091-1/+1
|
* s3-auth: Moved smbd user functions to a generic place.Andreas Schneider2010-06-041-133/+0
| | | | Reviewed-by: Simo Sorce <idra@samba.org>
* s3:smbd user_ok doesn't need sconn anymoreSimo Sorce2010-05-311-7/+6
| | | | Signed-off-by: Andreas Schneider <asn@samba.org>
* s3:smbd user_in_list() doesn't need sconn anymoreSimo Sorce2010-05-311-5/+4
| | | | Signed-off-by: Andreas Schneider <asn@samba.org>
* s3:smbd user_in_network() doesn't need sconn anymoreSimo Sorce2010-05-311-6/+5
| | | | Signed-off-by: Andreas Schneider <asn@samba.org>
View Lorry Controller Status