summaryrefslogtreecommitdiff
AgeCommit message (Collapse)AuthorFilesLines
2010-09-11s3-privs Rework access_check_object() to take two privilegesAndrew Bartlett3-68/+60
This allows the privileges bitmap to be used only when setting privileges, and uses an the LUID constant for all 'does this user have this privilege' operations. The advantage is that we now only need one API to determine if a token has a privilege, and much less code needs to know what type is used for the underlying bitmap. Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-09-11libcli/security Rename all privilege bitmaps constantsAndrew Bartlett2-59/+59
The idea here to to make it very clear how they differ from the enumerated LUID values. Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-09-11s3-privs Rework privilege enumeration to also use new DB formatAndrew Bartlett1-5/+18
Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-09-11libcli/security Remove luid_to_se_priv() and luid_to_privilege_name()Andrew Bartlett2-46/+13
These functions duplicate other functions in the merged code. Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-09-11s3-privs Directly manipulate the privileges bitmap.Andrew Bartlett3-14/+7
There is no longer any reason to go via the se_ functions to manipulate this bitmap. Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-09-11libcli/security Add an invalid LUID privilege valueAndrew Bartlett1-0/+1
This helps code that may not want to specify any privilege Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-09-11libcli/security Improve dump of privileges: Just walk the tableAndrew Bartlett1-5/+4
This removes some logic recently added that was just too smart - it is easier to just walk the table and do a bit match here. Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-09-11s3-privs Convert from user_has_privileges() -> security_token_has_privilege()Andrew Bartlett9-47/+28
This new call is available in the merged privileges code, and takes an enum as the parameter, rather than a bitmask. Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-09-11s3-privs Remove a pointer from grant_privilege()Andrew Bartlett4-10/+10
Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-09-11s3-privs Remove pointer indirection from se_priv_to_privilege_set()Andrew Bartlett3-5/+5
Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-09-11s3-privs Call security_token_set_privilege() rather than manual assignmentAndrew Bartlett2-2/+3
This avoids as much direct modifiction of the bitmask as possible. Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-09-11s3-privs Remove a pointer indirection from revoke_privilege()Andrew Bartlett4-7/+7
Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-09-11libcli/security Don't export privs[] as a global variableAndrew Bartlett4-50/+31
Instead, provide access functions for the LSA and net sam callers for the information they need. They still only enumerate the first 8 privileges that have traditionally been exposed. Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-09-11s3-lsa Use sec_privilege_id() to lookup name to LUIDAndrew Bartlett1-9/+4
Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-09-11libcli/security Merge privilege lists from source3 and source4Andrew Bartlett1-169/+126
The LSA enumeration in source3 will not show the new privileges, but otherwise, they are now in common, and can be set by name. Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-09-11libcli/security Return number of entries in the old source3 listAndrew Bartlett2-4/+5
This ensures there isn't a behaviour change when the source3 list is combined with the longer source4 list. Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-09-11libcli/privileges Simplify get_privilege_luid() to return just the enumAndrew Bartlett3-13/+6
As Samba only deals with the lower 32 bits of the LUID, just return those and let the LSA layer deal with the upper 0 bits. Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-09-11libcli/security Don't memcpy a uint64_t value, just assign it.Andrew Bartlett1-1/+1
Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-09-11libcli/security Use ARRAY_SIZE() consistantly.Andrew Bartlett1-15/+16
This avoids the use of SE_END, and has all callers walking the array using the same termination condition. Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-09-11libcli/security Fix and clarify privilege manipulation function commentsAndrew Bartlett1-9/+9
Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-09-11libcli/security Make the two privileges tables share a common struct definitionAndrew Bartlett2-27/+22
Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-09-11libcli/security Move source4/ privileges code into the common libcli/securityAndrew Bartlett6-314/+333
Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-09-11s3-privs Move manual prototypes to common privileges.hAndrew Bartlett2-20/+88
Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-09-11s3-privs Inline dump_se_priv into callers now that it's just a uint64_tAndrew Bartlett4-24/+9
The previous 128 bit structure needed this helper function. Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-09-11libcli/security Use talloc_realloc() not TALLOC_REALLOC_ARRAY()Andrew Bartlett1-1/+1
Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-09-11libcli/security Use C99 typesAndrew Bartlett1-3/+3
Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-09-11libcli/security Use true and false, not True and FalseAndrew Bartlett1-22/+22
Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-09-11s3-privs Move source3/ privileges implmentation into commonAndrew Bartlett4-7/+6
Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-09-11s3-privs Rename structure elements for greater clarityAndrew Bartlett3-12/+12
It is important to make clear which is the LUID and which is the Samba-only bitmap mask. Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-09-11s3-privs More clarity in variable namesAndrew Bartlett1-4/+4
Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-09-11s3-privs Rename mask -> privilege_mask to be more clearAndrew Bartlett1-26/+26
After SE_PRIV was removed, it became less clear what these parameters were for. Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-09-11s3:auth Remove NT_USER_TOKENAndrew Bartlett32-121/+119
The all UPPER case typedef is no longer the preferred Samba style and this makes it easier to see that this is the IDL-derivied structure Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-09-11s3-auth Change struct nt_user_token -> struct security_tokenAndrew Bartlett23-87/+84
This common structure is defined in security.idl Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-09-11s3-auth Change type of num_sids to uint32_tAndrew Bartlett16-38/+48
size_t is overkill here, and in struct security_token in the num_sids is uint32_t. This includes a change to the prototype of add_sid_to_array() and add_sid_to_array_unique(), which has had a number of consequnetial changes as I try to sort out all the callers using a pointer to the number of sids. Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-09-11security.idl Add commentsAndrew Bartlett1-1/+3
Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-09-11security.idl Update Windows privileges list to Win2008R2Andrew Bartlett1-30/+35
Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-09-11s3-privs Only store low bits of luid in privileges tableAndrew Bartlett2-18/+20
Samba only uses the low bits, and this makes the code simpler. Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-09-11s4-privs Add a lookup by index of privilagesAndrew Bartlett2-3/+14
Now that privileges are no longer given luid values sequentially, we need another way to look them up for enumeration. Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-09-11privs Add my CopyrightAndrew Bartlett3-0/+3
Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-09-11security.idl clarify which privilages are LUID and bitmap valuesAndrew Bartlett1-6/+10
Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-09-11s3-privs Remove comment already moved to security.idlAndrew Bartlett1-41/+0
Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-09-11s3-privs Use constants from security.idlAndrew Bartlett1-9/+9
The values in security.idl have been updated to match these. Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-09-11s4-privs Remove link between enum sec_privilege and the privilege bitmapAndrew Bartlett2-46/+140
This allows us to set the enum sec_privilege constants to the LUID values that are seen from windows, which we need to match, in order to preserve the support for the NT Print Migrator tool after a merge with the source3/ privileges code. Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-09-11s3-privs Further changes to remove SE_PRIVAndrew Bartlett10-110/+108
Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-09-11privs Move privilege bitmasks to security.idlAndrew Bartlett2-19/+40
Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-09-11s3:privs Change to new host endian neutral privilages tdb formatAndrew Bartlett1-3/+16
These values are stored in account_policy.tdb, and the old format, using a 128 bit bitmap was not endian neutral. The previous endian-dependent format was introduced in 46e5effea948931509283cb84b27007d34b521c8 replacing a 32 bit number which was used at the time. Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-09-11s3:Change SE_PRIV to uint64_tAndrew Bartlett1-20/+20
This removes the SE_PRIV typedef Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-09-11s3:privileges Change SE_PRIV to be just a uint64_tAndrew Bartlett2-46/+22
We don't need 128 possible privileges here, as we only use 12. This reverts some of 46e5effea948931509283cb84b27007d34b521c8 by Jerry back in 2005, where he introduced the SE_PRIV structure to replace the uint32_t used at the time. Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-09-11lib/replace:wscript - don't check twice for type "bool"Matthias Dieter Wallnöfer1-2/+1
2010-09-11lib/replace:wscript - attempt to fix the features detection on Tru64Matthias Dieter Wallnöfer1-2/+2
Hopefully now we detect the built-in "socklen_t" https://bugs.internet2.edu/jira/browse/SSPCPP-114 http://h30097.www3.hp.com/docs/base_doc/DOCUMENTATION/V50_HTML/MAN/MAN5/0001____.HTM