summaryrefslogtreecommitdiff
path: root/libcli/security
AgeCommit message (Collapse)AuthorFilesLines
2011-03-10Quite some callers of sid_split_rid do not care about the ridVolker Lendecke1-1/+3
2011-03-03Add dom_sid_string_bufVolker Lendecke2-12/+40
This prints into a fixed buffer with the same overflow semantics as snprintf has: Return required string length, regardless of whether it fit or not.
2011-03-01libcli/security Add unix_token and unix_info to auth_session_info tooAndrew Bartlett1-0/+2
Autobuild-User: Andrew Bartlett <abartlet@samba.org> Autobuild-Date: Tue Mar 1 07:13:43 CET 2011 on sn-devel-104
2011-02-22s4-auth Move libcli/security/session.c to the top levelAndrew Bartlett4-1/+116
This code is now useful in common, as the elements of the auth_session_info structure have now been defined in common IDL. Andrew Bartlett
2011-02-21libcli/security/security_descriptor.c - fix three wrong counter variablesMatthias Dieter Wallnöfer1-3/+3
These strictly need to be "uint32_t" since "acl*->num_aces" has been defined by this type. This counter patchset has been reviewed by Andrew Bartlett.
2011-02-21libcli/security/privileges.c - fix wrong counter typeMatthias Dieter Wallnöfer1-1/+1
This strictly needs to be from type "uint32_t" since "privset->count" is defined with this type.
2011-02-21libcli/security/privileges.c - fix the counting of privilegesMatthias Dieter Wallnöfer1-9/+4
Since the privileges are always counted with a signed integer, there is no reason to specify the upper limit with a "uint32_t".
2011-02-21libcli/security/sddl.c - fix wrong counter typeMatthias Dieter Wallnöfer1-1/+1
This strictly needs to be from type "uint32_t" since "acl->num_aces" is defined of this type.
2011-02-21libcli/security/display_sec.c - fix wrong counter typeMatthias Dieter Wallnöfer1-1/+1
This strictly needs to be of type "uint32_t" due to "sec_acl->num_aces" which is of type "uint32_t".
2011-02-15libcli/security - fix two output format specifiersMatthias Dieter Wallnöfer2-2/+2
2011-02-10security: Fixed some handling of ACEs with INHERITED flag provided by the userNadezhda Ivanova1-5/+16
Some tests showed that these ACEs are not removed if the DACL_PROTECTED flag is provided at the same time. This is not documented but tests prove it and it has been observerd in deployment.
2011-02-08pysecurity: Add missing dependency on pytalloc-util.Jelmer Vernooij1-1/+1
Autobuild-User: Jelmer Vernooij <jelmer@samba.org> Autobuild-Date: Tue Feb 8 13:16:43 CET 2011 on sn-devel-104
2011-02-07libcli/security: Make add_sid_to_array_unique use a uin32_t counterVolker Lendecke1-1/+1
Logical consequence of the previous commit Signed-off-by: Michael Adam <obnox@samba.org> Autobuild-User: Michael Adam <obnox@samba.org> Autobuild-Date: Mon Feb 7 19:24:19 CET 2011 on sn-devel-104
2011-02-07libcli/security: Make del_sid_from_array take a uint32_tVolker Lendecke2-3/+5
This aligns it with add_sid_to_array Signed-off-by: Michael Adam <obnox@samba.org>
2011-01-18s4-security: Fixed incorrect inheritance of IO flagged ACESNadezhda Ivanova1-0/+5
They should be inherited without the IO flag unless they contain generic information.
2011-01-14libcli/security Add python bindings for se_access_checkAndrew Bartlett2-0/+89
Andrew Bartlett
2011-01-13security: Fixed incorrect indentation in create_descriptor.cNadezhda Ivanova1-12/+12
Autobuild-User: Nadezhda Ivanova <nivanova@samba.org> Autobuild-Date: Thu Jan 13 15:53:16 CET 2011 on sn-devel-104
2011-01-11security: Fixed bugs in expansion of generic information ACEsNadezhda Ivanova1-38/+82
When an ACE gontaining GA, GE, GR, GW, CO or CG is provided by a user or inherited the final SD actually has to have 2 ACEs, one is an effective expanded one, and the original one with IO flag added.
2011-01-10libcli/security: fix sid_type_lookup().Günther Deschner1-7/+5
It *always* returned "SID *TYPE* is INVALID". Guenther Autobuild-User: Günther Deschner <gd@samba.org> Autobuild-Date: Mon Jan 10 12:47:00 CET 2011 on sn-devel-104
2010-12-17libcli/security: remove unused variable.Günther Deschner1-1/+0
Guenther Autobuild-User: Günther Deschner <gd@samba.org> Autobuild-Date: Fri Dec 17 13:56:27 CET 2010 on sn-devel-104
2010-12-16libcli/security Add sid_blob_parse() to directly parse a binary SID blobAndrew Bartlett2-3/+14
2010-12-06s4:fix some shadowed declaration warnings on Solaris by renaming the symbolsMatthias Dieter Wallnöfer1-1/+1
2010-12-02Turns out there are lots of places in S3 where token passed inJeremy Allison1-0/+4
here can be NULL (become_root() sets the current security token to NULL for example). Ensure we don't crash. Jeremy. Autobuild-User: Jeremy Allison <jra@samba.org> Autobuild-Date: Thu Dec 2 03:26:03 CET 2010 on sn-devel-104
2010-11-29libcli/security/object_tree.c - remove unreachable statementMatthias Dieter Wallnöfer1-1/+0
2010-10-31s4: Remove the old perl/m4/make/mk-based build system.Jelmer Vernooij1-5/+0
The new waf-based build system now has all the same functionality, and the old build system has been broken for quite some time. Autobuild-User: Jelmer Vernooij <jelmer@samba.org> Autobuild-Date: Sun Oct 31 02:01:44 UTC 2010 on sn-devel-104
2010-10-26waf: Remove lib prefix from libraries manually.Jelmer Vernooij1-1/+1
2010-10-26s4: Drop duplicate 'lib' prefix for private libraries.Jelmer Vernooij1-1/+1
2010-10-24libcli/security Remove unused sec_acl_equal()Andrew Bartlett2-47/+0
This was orphaned by changing sec_desc_equal() to the stricter security_descriptor_equal() by f4195183a47b0e7c8bc9644d62b123f7880f3fcd in 2009. (The difference here was that sec_acl_equal allowed for equivilent ordering. I've checked the callers, and this function is only used to skip actual ACL sets, or to reference a cache, so this seems Autobuild-User: Andrew Bartlett <abartlet@samba.org> Autobuild-Date: Sun Oct 24 22:21:23 UTC 2010 on sn-devel-104
2010-10-24s4: Rename LIBSECURITY{_SESSION,} to libsecurity{_session,}Jelmer Vernooij1-1/+1
2010-10-23create_descriptor.c - fix commentMatthias Dieter Wallnöfer1-1/+1
The location in MS-DTYPE changed. Autobuild-User: Matthias Dieter Wallnöfer <mdw@samba.org> Autobuild-Date: Sat Oct 23 21:33:46 UTC 2010 on sn-devel-104
2010-10-22Fix const warning. Allocate off NULL as we always talloc_free().Jeremy Allison1-1/+1
2010-10-21libcli: LIBSECURITY depends on NDR_SECURITYAndrew Tridgell1-1/+1
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-10-21libcli: make the LIBSECURITY subsystem into a private libraryAndrew Tridgell1-4/+5
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-10-21Now we have SeSystemSecurity, remove the source3-only #ifdef.Jeremy Allison1-2/+0
Jeremy. Autobuild-User: Jeremy Allison <jra@samba.org> Autobuild-Date: Thu Oct 21 01:35:00 UTC 2010 on sn-devel-104
2010-10-21Add code to implement SeSecurityPrivilege in net rpc rights, and in theJeremy Allison1-6/+3
open and get/set NT security descriptor code. Jeremy. Autobuild-User: Jeremy Allison <jra@samba.org> Autobuild-Date: Thu Oct 21 00:15:57 UTC 2010 on sn-devel-104
2010-10-20libcli/security/access_check.c - fix a memory leakMatthias Dieter Wallnöfer1-7/+12
2010-10-19Fix shadow warning for "access" variable.Jeremy Allison1-3/+3
Autobuild-User: Jeremy Allison <jra@samba.org> Autobuild-Date: Tue Oct 19 22:53:38 UTC 2010 on sn-devel-104
2010-10-14security: ensure the merge of libcli/security doesn't change s3 behaviourAndrew Tridgell1-0/+5
Jeremy, you put a #if 0 around this logic in this commit: 8344e945 (Jeremy Allison 2008-10-31 10:51:45 -0700 181) is this still needed? Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org> Autobuild-User: Andrew Tridgell <tridge@samba.org> Autobuild-Date: Thu Oct 14 03:16:41 UTC 2010 on sn-devel-104
2010-10-14libcli/security Use static SIDs rather than parsing from stringsAndrew Bartlett2-5/+6
This should make the security_token_is_*() calls a little faster. Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-10-14libcli/auth Merge source4/libcli/security and util_sid.c into the common codeAndrew Bartlett10-9/+1139
This should ensure we only have one copy of these core functions in the tree. Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-10-14libcli/security Define traditional constants in terms of IDL macrosAndrew Bartlett1-0/+64
The source3/ code uses these constants in a lot of places, and it will take time and care to rename them, if that is desired. Linking the macros here will at least allow common code to use the IDL based macros, and preserve a documentary link between the constants (other than just their value) Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-10-14libcli/security Move source3/lib/util_seaccess.c into the common codeAndrew Bartlett3-0/+306
Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-10-12libcli/security Provide a common, top level libcli/security/security.hAndrew Bartlett5-7/+52
This will reduce the noise from merges of the rest of the libcli/security code, without this commit changing what code is actually used. This includes (along with other security headers) dom_sid.h and security_token.h Andrew Bartlett Autobuild-User: Andrew Bartlett <abartlet@samba.org> Autobuild-Date: Tue Oct 12 05:54:10 UTC 2010 on sn-devel-104
2010-10-12libcli/security Add debug class to security_token_debug() et alAndrew Bartlett4-16/+18
This will allow it to replace functions in source3 that use debug classes. Andrew Bartlett
2010-10-12libcli/security Move most of security_token.c to common code.Andrew Bartlett3-1/+203
The source4-specific session_info functions have been left in session.c Andrew Bartlett
2010-10-11libsecurity-common: Add missing dependency on libndr.Jelmer Vernooij1-1/+1
2010-10-08Add some const. Needed for my SD work.Jeremy Allison2-14/+14
Jeremy
2010-09-20libcli: add dom_sid_compare_domain()Günther Deschner2-0/+20
Guenther
2010-09-14Fix string_to_sid() to allow non '\0' termination of the string - allowsJeremy Allison1-11/+6
string_to_sid() to be used in formatted strings like FOO/S-1-5-XXXX-YYYY/BAR. Jeremy.
2010-09-14libcli/security Use sid_append_rid() in dom_sid_append_rid()Andrew Bartlett1-5/+5
This ensures that the maximum number of sub-authorities is respected, otherwise we may run off the end of the array. Andrew Bartlett