summaryrefslogtreecommitdiff
AgeCommit message (Collapse)AuthorFilesLines
2010-09-11libcli/security Remove unused declarations from privileges.hAndrew Bartlett1-51/+1
Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-09-11s3-privs Remove unused functionAndrew Bartlett2-31/+0
Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-09-11s3-privs Overhaul PRIVILEGE_SET handling, avoid dealing with the bitmapAndrew Bartlett3-106/+36
This avoids us dealing with the privilege bitmap in the LSA server, and overhauls much of the rest of the handling to be currnet with the modern world of talloc. Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-09-11s3-privs Hide the bitmap-based grant_privilege and revoke_privilegeAndrew Bartlett4-28/+44
The new wrappers avoid anything but the core privileges code dealing with the bitmap values directly. Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-09-11s3-privs Make privilege_enum_sids() take an LUID, not a bitmapAndrew Bartlett4-9/+12
This moves one more privileges call away from direct bitmap manipuation. Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-09-11libcli/security Expose sec_privilege_mask()Andrew Bartlett2-1/+6
Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-09-11libcli/security make sec_privilege_id() return SEC_PRIV_INVALID on failure.Andrew Bartlett4-8/+8
Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-09-11libcli/security Remove unused functions and constants.Andrew Bartlett2-242/+14
All the callers to these functions have been removed or reworked. Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-09-11s3-privs Rework access_check_object() to take two privilegesAndrew Bartlett3-68/+60
This allows the privileges bitmap to be used only when setting privileges, and uses an the LUID constant for all 'does this user have this privilege' operations. The advantage is that we now only need one API to determine if a token has a privilege, and much less code needs to know what type is used for the underlying bitmap. Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-09-11libcli/security Rename all privilege bitmaps constantsAndrew Bartlett2-59/+59
The idea here to to make it very clear how they differ from the enumerated LUID values. Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-09-11s3-privs Rework privilege enumeration to also use new DB formatAndrew Bartlett1-5/+18
Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-09-11libcli/security Remove luid_to_se_priv() and luid_to_privilege_name()Andrew Bartlett2-46/+13
These functions duplicate other functions in the merged code. Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-09-11s3-privs Directly manipulate the privileges bitmap.Andrew Bartlett3-14/+7
There is no longer any reason to go via the se_ functions to manipulate this bitmap. Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-09-11libcli/security Add an invalid LUID privilege valueAndrew Bartlett1-0/+1
This helps code that may not want to specify any privilege Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-09-11libcli/security Improve dump of privileges: Just walk the tableAndrew Bartlett1-5/+4
This removes some logic recently added that was just too smart - it is easier to just walk the table and do a bit match here. Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-09-11s3-privs Convert from user_has_privileges() -> security_token_has_privilege()Andrew Bartlett9-47/+28
This new call is available in the merged privileges code, and takes an enum as the parameter, rather than a bitmask. Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-09-11s3-privs Remove a pointer from grant_privilege()Andrew Bartlett4-10/+10
Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-09-11s3-privs Remove pointer indirection from se_priv_to_privilege_set()Andrew Bartlett3-5/+5
Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-09-11s3-privs Call security_token_set_privilege() rather than manual assignmentAndrew Bartlett2-2/+3
This avoids as much direct modifiction of the bitmask as possible. Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-09-11s3-privs Remove a pointer indirection from revoke_privilege()Andrew Bartlett4-7/+7
Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-09-11libcli/security Don't export privs[] as a global variableAndrew Bartlett4-50/+31
Instead, provide access functions for the LSA and net sam callers for the information they need. They still only enumerate the first 8 privileges that have traditionally been exposed. Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-09-11s3-lsa Use sec_privilege_id() to lookup name to LUIDAndrew Bartlett1-9/+4
Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-09-11libcli/security Merge privilege lists from source3 and source4Andrew Bartlett1-169/+126
The LSA enumeration in source3 will not show the new privileges, but otherwise, they are now in common, and can be set by name. Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-09-11libcli/security Return number of entries in the old source3 listAndrew Bartlett2-4/+5
This ensures there isn't a behaviour change when the source3 list is combined with the longer source4 list. Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-09-11libcli/privileges Simplify get_privilege_luid() to return just the enumAndrew Bartlett3-13/+6
As Samba only deals with the lower 32 bits of the LUID, just return those and let the LSA layer deal with the upper 0 bits. Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-09-11libcli/security Don't memcpy a uint64_t value, just assign it.Andrew Bartlett1-1/+1
Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-09-11libcli/security Use ARRAY_SIZE() consistantly.Andrew Bartlett1-15/+16
This avoids the use of SE_END, and has all callers walking the array using the same termination condition. Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-09-11libcli/security Fix and clarify privilege manipulation function commentsAndrew Bartlett1-9/+9
Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-09-11libcli/security Make the two privileges tables share a common struct definitionAndrew Bartlett2-27/+22
Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-09-11libcli/security Move source4/ privileges code into the common libcli/securityAndrew Bartlett6-314/+333
Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-09-11s3-privs Move manual prototypes to common privileges.hAndrew Bartlett2-20/+88
Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-09-11s3-privs Inline dump_se_priv into callers now that it's just a uint64_tAndrew Bartlett4-24/+9
The previous 128 bit structure needed this helper function. Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-09-11libcli/security Use talloc_realloc() not TALLOC_REALLOC_ARRAY()Andrew Bartlett1-1/+1
Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-09-11libcli/security Use C99 typesAndrew Bartlett1-3/+3
Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-09-11libcli/security Use true and false, not True and FalseAndrew Bartlett1-22/+22
Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-09-11s3-privs Move source3/ privileges implmentation into commonAndrew Bartlett4-7/+6
Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-09-11s3-privs Rename structure elements for greater clarityAndrew Bartlett3-12/+12
It is important to make clear which is the LUID and which is the Samba-only bitmap mask. Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-09-11s3-privs More clarity in variable namesAndrew Bartlett1-4/+4
Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-09-11s3-privs Rename mask -> privilege_mask to be more clearAndrew Bartlett1-26/+26
After SE_PRIV was removed, it became less clear what these parameters were for. Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-09-11s3:auth Remove NT_USER_TOKENAndrew Bartlett32-121/+119
The all UPPER case typedef is no longer the preferred Samba style and this makes it easier to see that this is the IDL-derivied structure Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-09-11s3-auth Change struct nt_user_token -> struct security_tokenAndrew Bartlett23-87/+84
This common structure is defined in security.idl Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-09-11s3-auth Change type of num_sids to uint32_tAndrew Bartlett16-38/+48
size_t is overkill here, and in struct security_token in the num_sids is uint32_t. This includes a change to the prototype of add_sid_to_array() and add_sid_to_array_unique(), which has had a number of consequnetial changes as I try to sort out all the callers using a pointer to the number of sids. Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-09-11security.idl Add commentsAndrew Bartlett1-1/+3
Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-09-11security.idl Update Windows privileges list to Win2008R2Andrew Bartlett1-30/+35
Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-09-11s3-privs Only store low bits of luid in privileges tableAndrew Bartlett2-18/+20
Samba only uses the low bits, and this makes the code simpler. Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-09-11s4-privs Add a lookup by index of privilagesAndrew Bartlett2-3/+14
Now that privileges are no longer given luid values sequentially, we need another way to look them up for enumeration. Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-09-11privs Add my CopyrightAndrew Bartlett3-0/+3
Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-09-11security.idl clarify which privilages are LUID and bitmap valuesAndrew Bartlett1-6/+10
Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-09-11s3-privs Remove comment already moved to security.idlAndrew Bartlett1-41/+0
Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-09-11s3-privs Use constants from security.idlAndrew Bartlett1-9/+9
The values in security.idl have been updated to match these. Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org>