summaryrefslogtreecommitdiff
AgeCommit message (Collapse)AuthorFilesLines
2010-09-11s3-lsa Use sec_privilege_id() to lookup name to LUIDAndrew Bartlett1-9/+4
Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-09-11libcli/security Merge privilege lists from source3 and source4Andrew Bartlett1-169/+126
The LSA enumeration in source3 will not show the new privileges, but otherwise, they are now in common, and can be set by name. Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-09-11libcli/security Return number of entries in the old source3 listAndrew Bartlett2-4/+5
This ensures there isn't a behaviour change when the source3 list is combined with the longer source4 list. Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-09-11libcli/privileges Simplify get_privilege_luid() to return just the enumAndrew Bartlett3-13/+6
As Samba only deals with the lower 32 bits of the LUID, just return those and let the LSA layer deal with the upper 0 bits. Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-09-11libcli/security Don't memcpy a uint64_t value, just assign it.Andrew Bartlett1-1/+1
Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-09-11libcli/security Use ARRAY_SIZE() consistantly.Andrew Bartlett1-15/+16
This avoids the use of SE_END, and has all callers walking the array using the same termination condition. Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-09-11libcli/security Fix and clarify privilege manipulation function commentsAndrew Bartlett1-9/+9
Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-09-11libcli/security Make the two privileges tables share a common struct definitionAndrew Bartlett2-27/+22
Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-09-11libcli/security Move source4/ privileges code into the common libcli/securityAndrew Bartlett6-314/+333
Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-09-11s3-privs Move manual prototypes to common privileges.hAndrew Bartlett2-20/+88
Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-09-11s3-privs Inline dump_se_priv into callers now that it's just a uint64_tAndrew Bartlett4-24/+9
The previous 128 bit structure needed this helper function. Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-09-11libcli/security Use talloc_realloc() not TALLOC_REALLOC_ARRAY()Andrew Bartlett1-1/+1
Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-09-11libcli/security Use C99 typesAndrew Bartlett1-3/+3
Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-09-11libcli/security Use true and false, not True and FalseAndrew Bartlett1-22/+22
Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-09-11s3-privs Move source3/ privileges implmentation into commonAndrew Bartlett4-7/+6
Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-09-11s3-privs Rename structure elements for greater clarityAndrew Bartlett3-12/+12
It is important to make clear which is the LUID and which is the Samba-only bitmap mask. Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-09-11s3-privs More clarity in variable namesAndrew Bartlett1-4/+4
Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-09-11s3-privs Rename mask -> privilege_mask to be more clearAndrew Bartlett1-26/+26
After SE_PRIV was removed, it became less clear what these parameters were for. Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-09-11s3:auth Remove NT_USER_TOKENAndrew Bartlett32-121/+119
The all UPPER case typedef is no longer the preferred Samba style and this makes it easier to see that this is the IDL-derivied structure Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-09-11s3-auth Change struct nt_user_token -> struct security_tokenAndrew Bartlett23-87/+84
This common structure is defined in security.idl Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-09-11s3-auth Change type of num_sids to uint32_tAndrew Bartlett16-38/+48
size_t is overkill here, and in struct security_token in the num_sids is uint32_t. This includes a change to the prototype of add_sid_to_array() and add_sid_to_array_unique(), which has had a number of consequnetial changes as I try to sort out all the callers using a pointer to the number of sids. Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-09-11security.idl Add commentsAndrew Bartlett1-1/+3
Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-09-11security.idl Update Windows privileges list to Win2008R2Andrew Bartlett1-30/+35
Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-09-11s3-privs Only store low bits of luid in privileges tableAndrew Bartlett2-18/+20
Samba only uses the low bits, and this makes the code simpler. Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-09-11s4-privs Add a lookup by index of privilagesAndrew Bartlett2-3/+14
Now that privileges are no longer given luid values sequentially, we need another way to look them up for enumeration. Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-09-11privs Add my CopyrightAndrew Bartlett3-0/+3
Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-09-11security.idl clarify which privilages are LUID and bitmap valuesAndrew Bartlett1-6/+10
Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-09-11s3-privs Remove comment already moved to security.idlAndrew Bartlett1-41/+0
Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-09-11s3-privs Use constants from security.idlAndrew Bartlett1-9/+9
The values in security.idl have been updated to match these. Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-09-11s4-privs Remove link between enum sec_privilege and the privilege bitmapAndrew Bartlett2-46/+140
This allows us to set the enum sec_privilege constants to the LUID values that are seen from windows, which we need to match, in order to preserve the support for the NT Print Migrator tool after a merge with the source3/ privileges code. Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-09-11s3-privs Further changes to remove SE_PRIVAndrew Bartlett10-110/+108
Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-09-11privs Move privilege bitmasks to security.idlAndrew Bartlett2-19/+40
Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-09-11s3:privs Change to new host endian neutral privilages tdb formatAndrew Bartlett1-3/+16
These values are stored in account_policy.tdb, and the old format, using a 128 bit bitmap was not endian neutral. The previous endian-dependent format was introduced in 46e5effea948931509283cb84b27007d34b521c8 replacing a 32 bit number which was used at the time. Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-09-11s3:Change SE_PRIV to uint64_tAndrew Bartlett1-20/+20
This removes the SE_PRIV typedef Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-09-11s3:privileges Change SE_PRIV to be just a uint64_tAndrew Bartlett2-46/+22
We don't need 128 possible privileges here, as we only use 12. This reverts some of 46e5effea948931509283cb84b27007d34b521c8 by Jerry back in 2005, where he introduced the SE_PRIV structure to replace the uint32_t used at the time. Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-09-11lib/replace:wscript - don't check twice for type "bool"Matthias Dieter Wallnöfer1-2/+1
2010-09-11lib/replace:wscript - attempt to fix the features detection on Tru64Matthias Dieter Wallnöfer1-2/+2
Hopefully now we detect the built-in "socklen_t" https://bugs.internet2.edu/jira/browse/SSPCPP-114 http://h30097.www3.hp.com/docs/base_doc/DOCUMENTATION/V50_HTML/MAN/MAN5/0001____.HTM
2010-09-10Add check missing from previous patch after talloc_strdup().Jeremy Allison1-0/+3
Jeremy.
2010-09-10Factor out the recent changes into a function - check_parent_exists().Jeremy Allison1-77/+103
Fix this to ensure that if "start" is manipulated, then "dirpath" is changed also. Ensures that when the path: /a/long/file/name/path.txt is processed, we first stat: /a/long/file/name/path.txt and if this fails, we try to stat: /a/long/file/name if this path exists (the normal case when creating a new entry in a directory) then we no longer do the individual path name walk, but only do case insensitive lookup on the last component. If the stat fails we do the full pathname walk as normal in 3.5.x and below. Metze, examine this change for your back-port. Jeremy.
2010-09-11s3: Simplify the logic in generate_krb5_ccacheVolker Lendecke1-51/+28
gd, jra, others, please check!
2010-09-10s3/winbind: use mono time for startup timeout checkBjörn Jacke3-6/+6
2010-09-10libreplace: clock_gettime sets errnoBjörn Jacke1-1/+2
2010-09-10s4/pvfs: use monotonic time for this timeoutBjörn Jacke2-4/+4
2010-09-10s4/ldap: use time_mono for reconnect timeoutBjörn Jacke1-2/+2
2010-09-10s4/torture: use time_mono for timeoutsBjörn Jacke1-2/+2
2010-09-10s4/torture: use time_mono for delta timeBjörn Jacke1-2/+2
2010-09-10s3-selftest: add print_test_extended (as called from RPC-PRINTER) to ↵Günther Deschner1-0/+1
knownfail list. Guenther
2010-09-10s4:client/client.c - fix wrong return codes in "do_connect"Matthias Dieter Wallnöfer1-2/+2
Detected by the Solaris cc compiler.
2010-09-10s4:lib/policy/gp_filesys.c - remove dead codeMatthias Dieter Wallnöfer1-2/+0
Found out by Solaris cc
2010-09-10s4:torture/locktest.c - add a cast in order to quiet a warning on Solaris ccMatthias Dieter Wallnöfer1-1/+1