Age | Commit message (Collapse) | Author | Files | Lines | |
---|---|---|---|---|---|
2010-09-14 | libcli/security Merge source3/ string_to_sid() to common code | Andrew Bartlett | 1 | -37/+92 | |
The source3 code repsects the limit of a maximum of 15 subauths, while the source4 code does not, creating a security issue as we parse string-form SIDs from clients. Andrew Bartlett | |||||
2010-09-11 | libcli/privileges Fix comment | Andrew Bartlett | 1 | -1/+1 | |
2010-09-11 | s4-privs Seperate rights and privileges | Andrew Bartlett | 2 | -14/+60 | |
These are related, but slightly different concepts. The biggest difference is that rights are not enumerated as a system-wide list. This moves the rights to security.idl due to dependencies. Andrew Bartlett | |||||
2010-09-11 | libcli/security Remove unused SE_NONE define | Andrew Bartlett | 1 | -1/+0 | |
Signed-off-by: Andrew Tridgell <tridge@samba.org> | |||||
2010-09-11 | libcli/security Move 'private' privileges functions to another header | Andrew Bartlett | 3 | -24/+42 | |
These functions work on the bitmap, and are only exposed because the source3/ privileges storage uses the bitmap in account_policy.tdb Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org> | |||||
2010-09-11 | libcli/security Remove 'always true' return from se_priv_put_all_privileges | Andrew Bartlett | 2 | -3/+2 | |
Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org> | |||||
2010-09-11 | privileges: privilege luids are not all below 64 | Andrew Tridgell | 1 | -3/+0 | |
the ones brought across from s3 have higher values Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org> | |||||
2010-09-11 | libcli/security Make sec_privilege_from_index() return SEC_PRIV_INVALID on ↵ | Andrew Bartlett | 1 | -1/+1 | |
failure This is clearer and more consistent than using a magic -1 return Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org> | |||||
2010-09-11 | libcli/security Remove unused declarations from privileges.h | Andrew Bartlett | 1 | -51/+1 | |
Signed-off-by: Andrew Tridgell <tridge@samba.org> | |||||
2010-09-11 | libcli/security Expose sec_privilege_mask() | Andrew Bartlett | 2 | -1/+6 | |
Signed-off-by: Andrew Tridgell <tridge@samba.org> | |||||
2010-09-11 | libcli/security make sec_privilege_id() return SEC_PRIV_INVALID on failure. | Andrew Bartlett | 1 | -1/+1 | |
Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org> | |||||
2010-09-11 | libcli/security Remove unused functions and constants. | Andrew Bartlett | 2 | -242/+14 | |
All the callers to these functions have been removed or reworked. Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org> | |||||
2010-09-11 | libcli/security Rename all privilege bitmaps constants | Andrew Bartlett | 1 | -28/+28 | |
The idea here to to make it very clear how they differ from the enumerated LUID values. Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org> | |||||
2010-09-11 | libcli/security Remove luid_to_se_priv() and luid_to_privilege_name() | Andrew Bartlett | 1 | -43/+4 | |
These functions duplicate other functions in the merged code. Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org> | |||||
2010-09-11 | libcli/security Improve dump of privileges: Just walk the table | Andrew Bartlett | 1 | -5/+4 | |
This removes some logic recently added that was just too smart - it is easier to just walk the table and do a bit match here. Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org> | |||||
2010-09-11 | s3-privs Remove pointer indirection from se_priv_to_privilege_set() | Andrew Bartlett | 2 | -3/+3 | |
Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org> | |||||
2010-09-11 | libcli/security Don't export privs[] as a global variable | Andrew Bartlett | 2 | -41/+27 | |
Instead, provide access functions for the LSA and net sam callers for the information they need. They still only enumerate the first 8 privileges that have traditionally been exposed. Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org> | |||||
2010-09-11 | libcli/security Merge privilege lists from source3 and source4 | Andrew Bartlett | 1 | -169/+126 | |
The LSA enumeration in source3 will not show the new privileges, but otherwise, they are now in common, and can be set by name. Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org> | |||||
2010-09-11 | libcli/security Return number of entries in the old source3 list | Andrew Bartlett | 1 | -3/+4 | |
This ensures there isn't a behaviour change when the source3 list is combined with the longer source4 list. Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org> | |||||
2010-09-11 | libcli/privileges Simplify get_privilege_luid() to return just the enum | Andrew Bartlett | 2 | -9/+4 | |
As Samba only deals with the lower 32 bits of the LUID, just return those and let the LSA layer deal with the upper 0 bits. Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org> | |||||
2010-09-11 | libcli/security Don't memcpy a uint64_t value, just assign it. | Andrew Bartlett | 1 | -1/+1 | |
Signed-off-by: Andrew Tridgell <tridge@samba.org> | |||||
2010-09-11 | libcli/security Use ARRAY_SIZE() consistantly. | Andrew Bartlett | 1 | -15/+16 | |
This avoids the use of SE_END, and has all callers walking the array using the same termination condition. Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org> | |||||
2010-09-11 | libcli/security Fix and clarify privilege manipulation function comments | Andrew Bartlett | 1 | -9/+9 | |
Signed-off-by: Andrew Tridgell <tridge@samba.org> | |||||
2010-09-11 | libcli/security Make the two privileges tables share a common struct definition | Andrew Bartlett | 2 | -27/+22 | |
Signed-off-by: Andrew Tridgell <tridge@samba.org> | |||||
2010-09-11 | libcli/security Move source4/ privileges code into the common libcli/security | Andrew Bartlett | 3 | -4/+331 | |
Signed-off-by: Andrew Tridgell <tridge@samba.org> | |||||
2010-09-11 | s3-privs Move manual prototypes to common privileges.h | Andrew Bartlett | 1 | -0/+88 | |
Signed-off-by: Andrew Tridgell <tridge@samba.org> | |||||
2010-09-11 | s3-privs Inline dump_se_priv into callers now that it's just a uint64_t | Andrew Bartlett | 1 | -9/+0 | |
The previous 128 bit structure needed this helper function. Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org> | |||||
2010-09-11 | libcli/security Use talloc_realloc() not TALLOC_REALLOC_ARRAY() | Andrew Bartlett | 1 | -1/+1 | |
Signed-off-by: Andrew Tridgell <tridge@samba.org> | |||||
2010-09-11 | libcli/security Use C99 types | Andrew Bartlett | 1 | -3/+3 | |
Signed-off-by: Andrew Tridgell <tridge@samba.org> | |||||
2010-09-11 | libcli/security Use true and false, not True and False | Andrew Bartlett | 1 | -22/+22 | |
Signed-off-by: Andrew Tridgell <tridge@samba.org> | |||||
2010-09-11 | s3-privs Move source3/ privileges implmentation into common | Andrew Bartlett | 2 | -0/+531 | |
Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org> | |||||
2010-06-21 | s3/s4 - remove "talloc_tos()" from common code since s4 doesn't support it | Matthias Dieter Wallnöfer | 1 | -4/+9 | |
Please don't use this in common code parts until we change the policy regarding it. | |||||
2010-06-19 | libcli: Fixed a segfault in security_acl_dup when the acl is NULL. | Brendan Powers | 1 | -0/+4 | |
This can happen when duplicating a security descriptor that is missing either sacls or dacls. Signed-off-by: Matthias Dieter Wallnöfer <mdw@samba.org> | |||||
2010-05-18 | Finish removal of iconv_convenience in public API's. | Jelmer Vernooij | 1 | -2/+2 | |
2010-04-06 | s4-waf: removed the AUTOGENERATED markers | Andrew Tridgell | 1 | -3/+0 | |
we won't be using the mk -> wscript generator again | |||||
2010-04-06 | s4-waf: mark the wscript files as python so vim/emacs knows how to highlight ↵ | Andrew Tridgell | 1 | -0/+2 | |
them | |||||
2010-04-06 | build: waf quicktest nearly works | Andrew Tridgell | 1 | -1/+1 | |
Rewrote wafsamba using a new dependency handling system, and started adding the waf test code | |||||
2010-04-06 | build: commit all the waf build files in the tree | Andrew Tridgell | 1 | -0/+9 | |
2010-03-28 | Attempt to fix the build on AIX, that system seems to have a #define for s_type | Volker Lendecke | 1 | -18/+35 | |
2010-03-03 | libcli/security: fix sddl.c to be able to build it from source3 | Michael Adam | 1 | -1/+1 | |
2010-03-03 | s4:move the sddl code down to the top level | Michael Adam | 3 | -1/+659 | |
Michael | |||||
2010-02-14 | lib: use TYPESAFE_QSORT() in lib/ and libcli/ | Andrew Tridgell | 1 | -5/+4 | |
2010-02-02 | Change uint_t to unsigned int in libcli | Matt Kraai | 1 | -1/+1 | |
Signed-off-by: Stefan Metzmacher <metze@samba.org> | |||||
2010-01-25 | Revert "libcli/security: Remove a call to strncasecmp" | Volker Lendecke | 1 | -1/+5 | |
This reverts commit 7c687665eaf16b0c6f83c130f6d9e5459e0b2a32. | |||||
2010-01-25 | Revert "libcli/security: Convert some strtol calls to strtoul" | Volker Lendecke | 1 | -2/+2 | |
This reverts commit 7fe66e06c4df575c410d4d70ff38f120c2f4363b. | |||||
2010-01-25 | Revert "libcli/security: Fix a valgrind error in dom_sid_parse" | Volker Lendecke | 1 | -4/+0 | |
This reverts commit f1c889a4e61d6d751cbabd8014b4345b8051b97c. | |||||
2010-01-25 | Revert "libcli/security: Prohibit SID formats like S-1-5-32-+545" | Volker Lendecke | 1 | -13/+0 | |
This reverts commit 1fbeae41655b8305834f2149b1268077eba8633d. Apparently this breaks the build of Samba4 | |||||
2010-01-23 | libcli/security: Prohibit SID formats like S-1-5-32-+545 | Volker Lendecke | 1 | -0/+13 | |
2010-01-23 | libcli/security: Fix a valgrind error in dom_sid_parse | Volker Lendecke | 1 | -0/+4 | |
2010-01-23 | libcli/security: Convert some strtol calls to strtoul | Volker Lendecke | 1 | -2/+2 | |
This tightens the dom_sid_parse syntax check a bit: "--" would have been allowed in sid string |