summaryrefslogtreecommitdiff
path: root/source4/auth/system_session.c
Commit message (Collapse)AuthorAgeFilesLines
* s4: auth: Remove a talloc_autofree_context() use.Jeremy Allison2017-05-111-1/+6
| | | | | | | | | Use NULL here, not the autofree context for this static pointer. The destructor prevents freeing this memory anyway. Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
* s4: fix wrong index usage PRIMARY_USER_SID_INDEX when it should have been ↵Matthieu Patou2011-06-191-1/+1
| | | | | | | | | | PRIMARY_GROUP_SID_INDEX The system account was instanciated with wrong user an group SIDs, group sid resulted being just the domain SID. Bug seems to date from fbe6d155bf177c610ee549cc534650b0f0700e8a. Andrew (B.) please check.
* s4:auth/system_session.c - check for OOMMatthias Dieter Wallnöfer2011-03-221-0/+2
| | | | Reviewed-by: Jelmer
* s4-auth Rework auth subsystem to remove struct auth_serversupplied_infoAndrew Bartlett2011-02-091-151/+163
| | | | | | | | | | | | | This changes auth_serversupplied_info into the IDL-defined struct auth_user_info_dc. This then in turn contains a struct auth_user_info, which is the only part of the structure that is mainted into the struct session_info. The idea here is to avoid keeping the incomplete results of the authentication (such as session keys, lists of SID memberships etc) in a namespace where it may be confused for the finalised results. Andrew Barltett
* s4-auth Remove special case for account_sid from auth_serversupplied_infoAndrew Bartlett2011-01-201-30/+26
| | | | | | | | | | | | This makes everything reference a server_info->sids list, which is now a struct dom_sid *, not a struct dom_sid **. This is in keeping with the other sid lists in the security_token etc. In the process, I also tidy up the talloc tree (move more structures under their logical parents) and check for some possible overflows in situations with a pathological number of sids. Andrew Bartlett
* s4-auth Remove duplicate copies of session_info creation codeAndrew Bartlett2010-12-211-145/+11
| | | | | | | | | We now just do or do not call into LDB based on some flags. This means there may be some more link time dependencies, but we seem to deal with those better now. Andrew Bartlett
* s4-auth rework session_info handling not to require an auth contextAndrew Bartlett2010-12-211-2/+2
| | | | | | | This reverts a previous move to have this based around the auth subsystem, which just spread auth deps all over unrelated code. Andrew Bartlett
* s4:security Change struct security_token->sids from struct dom_sid * to ↵Andrew Bartlett2010-08-231-11/+15
| | | | | | | | | struct dom_sid This makes the structure much more like NT_USER_TOKEN in the source3/ code. (The remaining changes are that privilages still need to be merged) Andrew Bartlett
* s4:auth Change {anonymous,system}_session to use common session_info generationAndrew Bartlett2010-08-181-4/+4
| | | | | | | This also changes the primary group for anonymous to be the anonymous SID, and adds code to detect and ignore this when constructing the token. Andrew Bartlett
* s4:auth Remove system_session_anon() from python bindingsAndrew Bartlett2010-08-181-28/+3
|
* s4:auth Remove the system:anonymous parameter used for the LDAP backendAndrew Bartlett2010-08-181-10/+4
| | | | This isn't needed any more, and just introduces complexity.
* s4:auth Remove special case constructor for admin_session()Andrew Bartlett2010-08-181-63/+13
| | | | | | There isn't a good reason why this code is duplicated. Andrew Bartlett
* s4:security Remove use of user_sid and group_sid from struct security_tokenAndrew Bartlett2010-08-181-10/+5
| | | | This makes the structure more like Samba3's NT_USER_TOKEN
* s4-loadparm: 2nd half of lp_ to lpcfg_ conversionAndrew Tridgell2010-07-161-7/+7
| | | | | | | this converts all callers that use the Samba4 loadparm lp_ calling convention to use the lpcfg_ prefix. Signed-off-by: Andrew Bartlett <abartlet@samba.org>
* Fixed system_session_anon to actually make an anonymous sessionNadezhda Ivanova2010-07-141-1/+1
| | | | | It seems that because the flag is false, this always used the supplied credentials rhather than establish anonymous connection.
* s4:auth Remove un-needed headers.Andrew Bartlett2010-05-211-1/+0
|
* s4:auth Change auth_generate_session_info to take flagsAndrew Bartlett2010-05-201-6/+6
| | | | | | | | | | | | | | This allows us to control what groups should be added in what use cases, and in particular to more carefully control the introduction of the 'authenticated' group. In particular, in the 'service_named_pipe' protocol, we do not have control over the addition of the authenticated users group, so we key of 'is this user the anonymous SID'. This also takes more care to allocate the right length ptoken->sids Andrew Bartlett
* s4:auth Change auth_generate_session_info to take an auth contextAndrew Bartlett2010-04-141-5/+5
| | | | | | | | | | | | | | | | | | The auth context was in the past only for NTLM authentication, but we need a SAM, an event context and and loadparm context for calculating the local groups too, so re-use that infrustructure we already have in place. However, to avoid problems where we may not have an auth_context (in torture tests, for example), allow a simpler 'session_info' to be generated, by passing this via an indirection in gensec and an generate_session_info() function pointer in the struct auth_context. In the smb_server (for old-style session setups) we need to change the async context to a new 'struct sesssetup_context'. This allows us to use the auth_context in processing the authentication reply . Andrew Bartlett
* s4:auth Allow the simple 'struct auth_session_info' generator for all usersAndrew Bartlett2010-04-141-3/+3
| | | | | | | This code isn't ideal, but it is better than needing to consult the main SamDB in things like a torture test. Andrew Bartlett
* s4:auth Remove event context from anonymous_session()Andrew Bartlett2010-04-111-5/+114
| | | | | | | | This should always return a simple structure with no need to consult a DB, so remove the event context, and simplfy to call helper functions that don't look at privilages. Andrew Bartlett
* s4:auth - make some parts "signed-safe"Matthias Dieter Wallnöfer2010-02-251-4/+4
| | | | Signed-off-by: Andrew Bartlett <abartlet@samba.org>
* s4-dsdb: create a static system_session contextAndrew Tridgell2009-10-231-5/+20
| | | | | | This patch adds a system_session cache, preventing us from having to recreate it on every ldb open, and allowing us to detect when the same session is being used in ldb_wrap
* Added "admin_session" method.Nadezhda Ivanova2009-09-091-0/+191
| | | | | | The purpose of admin_session is to be able to execute parts of provisioning as the user Administrator in order to have the correct group and owner in the security descriptors. To be used for provisioning and tests only.
* Fix the build.Jelmer Vernooij2008-11-021-0/+1
|
* Add documentation to session token functions.Andrew Bartlett2008-04-241-3/+4
| | | | (This used to be commit ec4a108d1d35cd4bb2170f1bb122546266b9b745)
* r26430: require explicit specification of loadparm context.Jelmer Vernooij2007-12-211-1/+1
| | | | (This used to be commit 1b947fe0e6e16318e5a8127bb4932d6b5d20bcf6)
* r26252: Specify loadparm_context explicitly when creating sessions.Jelmer Vernooij2007-12-211-5/+7
| | | | (This used to be commit 7280c1e9415daabb2712db1372e23f9846272ede)
* r26235: Avoid global_loadparm.Jelmer Vernooij2007-12-211-3/+5
| | | | (This used to be commit e9039782204389cc827e76da319d5ccf6d33be46)
* r26234: More global_loadparm fixes.Jelmer Vernooij2007-12-211-4/+4
| | | | (This used to be commit 84892d030de6266fc0f3a699cade960dd5dc37bc)
* r26134: Avoid using samdb-dependent functions in auth_system_session.Jelmer Vernooij2007-12-211-2/+118
| | | | (This used to be commit 29c1c96fe0f8cd90ef936fcccef0adf8c09f9b46)
* r26127: Move session code out of auth_util.c. No longer making it part of ↵Jelmer Vernooij2007-12-211-0/+183
auth but making it usable independently will be the next step. (This used to be commit b3fcb8e8103304fede865b02ca5169d5793a571d)
View Lorry Controller Status