Age | Commit message (Collapse) | Author | Files | Lines |
|
|
|
Some tests showed that these ACEs are not removed if the DACL_PROTECTED flag is provided at the same time.
This is not documented but tests prove it and it has been observerd in deployment.
|
|
Autobuild-User: Jelmer Vernooij <jelmer@samba.org>
Autobuild-Date: Tue Feb 8 13:16:43 CET 2011 on sn-devel-104
|
|
Logical consequence of the previous commit
Signed-off-by: Michael Adam <obnox@samba.org>
Autobuild-User: Michael Adam <obnox@samba.org>
Autobuild-Date: Mon Feb 7 19:24:19 CET 2011 on sn-devel-104
|
|
This aligns it with add_sid_to_array
Signed-off-by: Michael Adam <obnox@samba.org>
|
|
They should be inherited without the IO flag unless they contain generic information.
|
|
Andrew Bartlett
|
|
Autobuild-User: Nadezhda Ivanova <nivanova@samba.org>
Autobuild-Date: Thu Jan 13 15:53:16 CET 2011 on sn-devel-104
|
|
When an ACE gontaining GA, GE, GR, GW, CO or CG is provided by a user or inherited
the final SD actually has to have 2 ACEs, one is an effective expanded one, and the
original one with IO flag added.
|
|
It *always* returned "SID *TYPE* is INVALID".
Guenther
Autobuild-User: Günther Deschner <gd@samba.org>
Autobuild-Date: Mon Jan 10 12:47:00 CET 2011 on sn-devel-104
|
|
Guenther
Autobuild-User: Günther Deschner <gd@samba.org>
Autobuild-Date: Fri Dec 17 13:56:27 CET 2010 on sn-devel-104
|
|
|
|
|
|
here can be NULL (become_root() sets the current security token to
NULL for example). Ensure we don't crash.
Jeremy.
Autobuild-User: Jeremy Allison <jra@samba.org>
Autobuild-Date: Thu Dec 2 03:26:03 CET 2010 on sn-devel-104
|
|
|
|
The new waf-based build system now has all the same functionality, and
the old build system has been broken for quite some time.
Autobuild-User: Jelmer Vernooij <jelmer@samba.org>
Autobuild-Date: Sun Oct 31 02:01:44 UTC 2010 on sn-devel-104
|
|
|
|
|
|
This was orphaned by changing sec_desc_equal() to the stricter
security_descriptor_equal() by
f4195183a47b0e7c8bc9644d62b123f7880f3fcd in 2009.
(The difference here was that sec_acl_equal allowed for equivilent ordering. I've checked the callers, and this function is only used to skip actual ACL sets, or to reference a cache, so this seems
Autobuild-User: Andrew Bartlett <abartlet@samba.org>
Autobuild-Date: Sun Oct 24 22:21:23 UTC 2010 on sn-devel-104
|
|
|
|
The location in MS-DTYPE changed.
Autobuild-User: Matthias Dieter Wallnöfer <mdw@samba.org>
Autobuild-Date: Sat Oct 23 21:33:46 UTC 2010 on sn-devel-104
|
|
|
|
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
|
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
|
Jeremy.
Autobuild-User: Jeremy Allison <jra@samba.org>
Autobuild-Date: Thu Oct 21 01:35:00 UTC 2010 on sn-devel-104
|
|
open and get/set NT security descriptor code.
Jeremy.
Autobuild-User: Jeremy Allison <jra@samba.org>
Autobuild-Date: Thu Oct 21 00:15:57 UTC 2010 on sn-devel-104
|
|
|
|
Autobuild-User: Jeremy Allison <jra@samba.org>
Autobuild-Date: Tue Oct 19 22:53:38 UTC 2010 on sn-devel-104
|
|
Jeremy, you put a #if 0 around this logic in this commit:
8344e945 (Jeremy Allison 2008-10-31 10:51:45 -0700 181)
is this still needed?
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
Autobuild-User: Andrew Tridgell <tridge@samba.org>
Autobuild-Date: Thu Oct 14 03:16:41 UTC 2010 on sn-devel-104
|
|
This should make the security_token_is_*() calls a little faster.
Andrew Bartlett
Signed-off-by: Andrew Tridgell <tridge@samba.org>
|
|
This should ensure we only have one copy of these core functions
in the tree.
Andrew Bartlett
Signed-off-by: Andrew Tridgell <tridge@samba.org>
|
|
The source3/ code uses these constants in a lot of places, and it will
take time and care to rename them, if that is desired. Linking the
macros here will at least allow common code to use the IDL based macros,
and preserve a documentary link between the constants (other than just their value)
Andrew Bartlett
Signed-off-by: Andrew Tridgell <tridge@samba.org>
|
|
Signed-off-by: Andrew Tridgell <tridge@samba.org>
|
|
This will reduce the noise from merges of the rest of the
libcli/security code, without this commit changing what code
is actually used.
This includes (along with other security headers) dom_sid.h and
security_token.h
Andrew Bartlett
Autobuild-User: Andrew Bartlett <abartlet@samba.org>
Autobuild-Date: Tue Oct 12 05:54:10 UTC 2010 on sn-devel-104
|
|
This will allow it to replace functions in source3 that use debug classes.
Andrew Bartlett
|
|
The source4-specific session_info functions have been left in session.c
Andrew Bartlett
|
|
|
|
Jeremy
|
|
Guenther
|
|
string_to_sid() to be used in formatted strings like FOO/S-1-5-XXXX-YYYY/BAR.
Jeremy.
|
|
This ensures that the maximum number of sub-authorities is respected,
otherwise we may run off the end of the array.
Andrew Bartlett
|
|
The source3 code repsects the limit of a maximum of 15 subauths,
while the source4 code does not, creating a security issue as
we parse string-form SIDs from clients.
Andrew Bartlett
|
|
|
|
These are related, but slightly different concepts. The biggest difference
is that rights are not enumerated as a system-wide list.
This moves the rights to security.idl due to dependencies.
Andrew Bartlett
|
|
Signed-off-by: Andrew Tridgell <tridge@samba.org>
|
|
These functions work on the bitmap, and are only exposed because
the source3/ privileges storage uses the bitmap in account_policy.tdb
Andrew Bartlett
Signed-off-by: Andrew Tridgell <tridge@samba.org>
|
|
Andrew Bartlett
Signed-off-by: Andrew Tridgell <tridge@samba.org>
|
|
the ones brought across from s3 have higher values
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
|
failure
This is clearer and more consistent than using a magic -1 return
Andrew Bartlett
Signed-off-by: Andrew Tridgell <tridge@samba.org>
|
|
Signed-off-by: Andrew Tridgell <tridge@samba.org>
|