summaryrefslogtreecommitdiff
path: root/libcli/security
AgeCommit message (Collapse)AuthorFilesLines
2012-03-14Fix bug #8811 - sd_has_inheritable_components segfaults on an SD that ↵Jeremy Allison1-0/+4
se_access_check accepts. Autobuild-User: Jeremy Allison <jra@samba.org> Autobuild-Date: Wed Mar 14 05:08:03 CET 2012 on sn-devel-104
2012-03-14Fix bug #8795 - Samba does not handle the Owner Rights permissions at allRichard Sharpe3-6/+49
Signed-off-by: Jeremy Allison <jra@samba.org> Autobuild-User: Jeremy Allison <jra@samba.org> Autobuild-Date: Wed Mar 14 02:26:34 CET 2012 on sn-devel-104
2012-03-10Fix bug #8797 - Samba does not correctly handle DENY ACEs when privileges apply.Richard Sharpe1-26/+28
Signed-off-by: Jeremy Allison <jra@samba.org> Autobuild-User: Jeremy Allison <jra@samba.org> Autobuild-Date: Sat Mar 10 01:33:45 CET 2012 on sn-devel-104
2012-02-22Honor SeTakeOwnershiPrivilege when client asks for SEC_STD_WRITE_OWNER but ↵Richard Sharpe1-0/+5
has no permission for that, but token has SeTakeOwnershipPrivilege Autobuild-User: Richard Sharpe <sharpe@samba.org> Autobuild-Date: Wed Feb 22 19:19:32 CET 2012 on sn-devel-104
2012-01-11Second part of fix for bug #8673 - NT ACL issue.Jeremy Allison1-3/+4
Ensure we process the entire ACE list instead of returning ACCESS_DENIED and terminating the walk - ensure we only return the exact bits that cause the access to be denied. Some of the S3 fileserver needs to know if we are only denied DELETE access before overriding it by looking at the containing directory ACL. Autobuild-User: Jeremy Allison <jra@samba.org> Autobuild-Date: Wed Jan 11 19:24:53 CET 2012 on sn-devel-104
2011-11-24security: add local authority well-known SIDsChristian Ambach2-0/+3
add the S-1-2 well-known SID family Autobuild-User: Christian Ambach <ambi@samba.org> Autobuild-Date: Thu Nov 24 19:01:08 CET 2011 on sn-devel-104
2011-10-07build: Reduce build systems to just top level waf and autoconfAndrew Bartlett1-6/+5
The s3-waf build system is a key component of the top level build, but with this commit is is no longer available directly. This reduces the number of build system combinations in master as we prepare for the Samba 4.0 release. Andrew Bartlett
2011-08-17Adapt del_sid_from_array to Samba coding styleVolker Lendecke1-1/+2
Autobuild-User: Volker Lendecke <vlendec@samba.org> Autobuild-Date: Wed Aug 17 16:46:24 CEST 2011 on sn-devel-104
2011-08-17Fix a typoVolker Lendecke1-1/+1
2011-08-17Remove unused "sid_equal"Volker Lendecke2-10/+0
2011-08-17Replace calls to sid_equal with calls to dom_sid_equalVolker Lendecke1-2/+2
2011-08-10pytalloc: Use consistent prefix for functions, add ABI file.Jelmer Vernooij1-4/+4
2011-07-23libcli/security: add some const to marshall_sec_desc[_buf]()Stefan Metzmacher2-4/+4
metze
2011-06-18s3: Allow NULL sd_size in make_sec_descVolker Lendecke1-2/+10
Autobuild-User: Volker Lendecke <vlendec@samba.org> Autobuild-Date: Sat Jun 18 22:26:15 CEST 2011 on sn-devel-104
2011-06-10libcli/security/secdesc.h: fix licence/copyrightGünther Deschner1-0/+22
Guenther
2011-05-31Tiny simplification to dom_sid_string_bufVolker Lendecke1-2/+1
Autobuild-User: Volker Lendecke <vlendec@samba.org> Autobuild-Date: Tue May 31 23:16:31 CEST 2011 on sn-devel-104
2011-05-31libcli/security: move secdesc.c to the top level libcli/securityAndrew Bartlett4-1/+823
This code does not rely on lp_ or other source3 only functions, so can be part of the common library. Andrew Bartlett
2011-05-06libcli/security: fix build warning, cr_descr_log_acl() is not used currently.Günther Deschner1-0/+2
Guenther
2011-04-13Add dom_sid_parse_endpVolker Lendecke2-2/+14
This returns a pointer to the first non-parsed character, along the lines of strtoul for example. Signed-off-by: Jeremy Allison <jra@samba.org>
2011-04-05auth: Move auth_session_info into IDLAndrew Bartlett1-10/+1
This changes auth_session_info_transport to just be a wrapper, rather than a copy that has to be kept in sync. As auth_session_info was already wrapped in python, this required changes to the existing pyauth wrapper and it's users. Andrew Bartlett
2011-03-21libcli/security: make sure that we don't grant SEC_STD_DELETE to the owner ↵Stefan Metzmacher1-28/+30
by default In the file server SEC_STD_DELETE is granted on the file/directory or by FILE_DELETE_CHILD on the parent directory. metze Autobuild-User: Stefan Metzmacher <metze@samba.org> Autobuild-Date: Mon Mar 21 23:25:05 CET 2011 on sn-devel-104
2011-03-19libcli/: Fix prototypes for all functions.Jelmer Vernooij2-0/+3
2011-03-16libcli/security: move display_sec headers to own header file and add toGünther Deschner3-0/+36
security.h grouping header. Guenther
2011-03-16libcli: openchange doesn't need these headers any moreAndrew Tridgell1-2/+0
thanks to Simo for pointing this out Autobuild-User: Andrew Tridgell <tridge@samba.org> Autobuild-Date: Wed Mar 16 00:25:10 CET 2011 on sn-devel-104
2011-03-15libcli: protect access_check.h against double inclusionAndrew Tridgell1-0/+3
Autobuild-User: Andrew Tridgell <tridge@samba.org> Autobuild-Date: Tue Mar 15 05:07:01 CET 2011 on sn-devel-104
2011-03-15waf: build substituted public headers in build treeAndrew Tridgell1-0/+2
the bin/default/include/public directory will contain headers that are ready to install
2011-03-10Quite some callers of sid_split_rid do not care about the ridVolker Lendecke1-1/+3
2011-03-03Add dom_sid_string_bufVolker Lendecke2-12/+40
This prints into a fixed buffer with the same overflow semantics as snprintf has: Return required string length, regardless of whether it fit or not.
2011-03-01libcli/security Add unix_token and unix_info to auth_session_info tooAndrew Bartlett1-0/+2
Autobuild-User: Andrew Bartlett <abartlet@samba.org> Autobuild-Date: Tue Mar 1 07:13:43 CET 2011 on sn-devel-104
2011-02-22s4-auth Move libcli/security/session.c to the top levelAndrew Bartlett4-1/+116
This code is now useful in common, as the elements of the auth_session_info structure have now been defined in common IDL. Andrew Bartlett
2011-02-21libcli/security/security_descriptor.c - fix three wrong counter variablesMatthias Dieter Wallnöfer1-3/+3
These strictly need to be "uint32_t" since "acl*->num_aces" has been defined by this type. This counter patchset has been reviewed by Andrew Bartlett.
2011-02-21libcli/security/privileges.c - fix wrong counter typeMatthias Dieter Wallnöfer1-1/+1
This strictly needs to be from type "uint32_t" since "privset->count" is defined with this type.
2011-02-21libcli/security/privileges.c - fix the counting of privilegesMatthias Dieter Wallnöfer1-9/+4
Since the privileges are always counted with a signed integer, there is no reason to specify the upper limit with a "uint32_t".
2011-02-21libcli/security/sddl.c - fix wrong counter typeMatthias Dieter Wallnöfer1-1/+1
This strictly needs to be from type "uint32_t" since "acl->num_aces" is defined of this type.
2011-02-21libcli/security/display_sec.c - fix wrong counter typeMatthias Dieter Wallnöfer1-1/+1
This strictly needs to be of type "uint32_t" due to "sec_acl->num_aces" which is of type "uint32_t".
2011-02-15libcli/security - fix two output format specifiersMatthias Dieter Wallnöfer2-2/+2
2011-02-10security: Fixed some handling of ACEs with INHERITED flag provided by the userNadezhda Ivanova1-5/+16
Some tests showed that these ACEs are not removed if the DACL_PROTECTED flag is provided at the same time. This is not documented but tests prove it and it has been observerd in deployment.
2011-02-08pysecurity: Add missing dependency on pytalloc-util.Jelmer Vernooij1-1/+1
Autobuild-User: Jelmer Vernooij <jelmer@samba.org> Autobuild-Date: Tue Feb 8 13:16:43 CET 2011 on sn-devel-104
2011-02-07libcli/security: Make add_sid_to_array_unique use a uin32_t counterVolker Lendecke1-1/+1
Logical consequence of the previous commit Signed-off-by: Michael Adam <obnox@samba.org> Autobuild-User: Michael Adam <obnox@samba.org> Autobuild-Date: Mon Feb 7 19:24:19 CET 2011 on sn-devel-104
2011-02-07libcli/security: Make del_sid_from_array take a uint32_tVolker Lendecke2-3/+5
This aligns it with add_sid_to_array Signed-off-by: Michael Adam <obnox@samba.org>
2011-01-18s4-security: Fixed incorrect inheritance of IO flagged ACESNadezhda Ivanova1-0/+5
They should be inherited without the IO flag unless they contain generic information.
2011-01-14libcli/security Add python bindings for se_access_checkAndrew Bartlett2-0/+89
Andrew Bartlett
2011-01-13security: Fixed incorrect indentation in create_descriptor.cNadezhda Ivanova1-12/+12
Autobuild-User: Nadezhda Ivanova <nivanova@samba.org> Autobuild-Date: Thu Jan 13 15:53:16 CET 2011 on sn-devel-104
2011-01-11security: Fixed bugs in expansion of generic information ACEsNadezhda Ivanova1-38/+82
When an ACE gontaining GA, GE, GR, GW, CO or CG is provided by a user or inherited the final SD actually has to have 2 ACEs, one is an effective expanded one, and the original one with IO flag added.
2011-01-10libcli/security: fix sid_type_lookup().Günther Deschner1-7/+5
It *always* returned "SID *TYPE* is INVALID". Guenther Autobuild-User: Günther Deschner <gd@samba.org> Autobuild-Date: Mon Jan 10 12:47:00 CET 2011 on sn-devel-104
2010-12-17libcli/security: remove unused variable.Günther Deschner1-1/+0
Guenther Autobuild-User: Günther Deschner <gd@samba.org> Autobuild-Date: Fri Dec 17 13:56:27 CET 2010 on sn-devel-104
2010-12-16libcli/security Add sid_blob_parse() to directly parse a binary SID blobAndrew Bartlett2-3/+14
2010-12-06s4:fix some shadowed declaration warnings on Solaris by renaming the symbolsMatthias Dieter Wallnöfer1-1/+1
2010-12-02Turns out there are lots of places in S3 where token passed inJeremy Allison1-0/+4
here can be NULL (become_root() sets the current security token to NULL for example). Ensure we don't crash. Jeremy. Autobuild-User: Jeremy Allison <jra@samba.org> Autobuild-Date: Thu Dec 2 03:26:03 CET 2010 on sn-devel-104
2010-11-29libcli/security/object_tree.c - remove unreachable statementMatthias Dieter Wallnöfer1-1/+0