summaryrefslogtreecommitdiff
path: root/libcli/security
AgeCommit message (Collapse)AuthorFilesLines
2011-05-31Tiny simplification to dom_sid_string_bufVolker Lendecke1-2/+1
Autobuild-User: Volker Lendecke <vlendec@samba.org> Autobuild-Date: Tue May 31 23:16:31 CEST 2011 on sn-devel-104
2011-05-31libcli/security: move secdesc.c to the top level libcli/securityAndrew Bartlett4-1/+823
This code does not rely on lp_ or other source3 only functions, so can be part of the common library. Andrew Bartlett
2011-05-06libcli/security: fix build warning, cr_descr_log_acl() is not used currently.Günther Deschner1-0/+2
Guenther
2011-04-13Add dom_sid_parse_endpVolker Lendecke2-2/+14
This returns a pointer to the first non-parsed character, along the lines of strtoul for example. Signed-off-by: Jeremy Allison <jra@samba.org>
2011-04-05auth: Move auth_session_info into IDLAndrew Bartlett1-10/+1
This changes auth_session_info_transport to just be a wrapper, rather than a copy that has to be kept in sync. As auth_session_info was already wrapped in python, this required changes to the existing pyauth wrapper and it's users. Andrew Bartlett
2011-03-21libcli/security: make sure that we don't grant SEC_STD_DELETE to the owner ↵Stefan Metzmacher1-28/+30
by default In the file server SEC_STD_DELETE is granted on the file/directory or by FILE_DELETE_CHILD on the parent directory. metze Autobuild-User: Stefan Metzmacher <metze@samba.org> Autobuild-Date: Mon Mar 21 23:25:05 CET 2011 on sn-devel-104
2011-03-19libcli/: Fix prototypes for all functions.Jelmer Vernooij2-0/+3
2011-03-16libcli/security: move display_sec headers to own header file and add toGünther Deschner3-0/+36
security.h grouping header. Guenther
2011-03-16libcli: openchange doesn't need these headers any moreAndrew Tridgell1-2/+0
thanks to Simo for pointing this out Autobuild-User: Andrew Tridgell <tridge@samba.org> Autobuild-Date: Wed Mar 16 00:25:10 CET 2011 on sn-devel-104
2011-03-15libcli: protect access_check.h against double inclusionAndrew Tridgell1-0/+3
Autobuild-User: Andrew Tridgell <tridge@samba.org> Autobuild-Date: Tue Mar 15 05:07:01 CET 2011 on sn-devel-104
2011-03-15waf: build substituted public headers in build treeAndrew Tridgell1-0/+2
the bin/default/include/public directory will contain headers that are ready to install
2011-03-10Quite some callers of sid_split_rid do not care about the ridVolker Lendecke1-1/+3
2011-03-03Add dom_sid_string_bufVolker Lendecke2-12/+40
This prints into a fixed buffer with the same overflow semantics as snprintf has: Return required string length, regardless of whether it fit or not.
2011-03-01libcli/security Add unix_token and unix_info to auth_session_info tooAndrew Bartlett1-0/+2
Autobuild-User: Andrew Bartlett <abartlet@samba.org> Autobuild-Date: Tue Mar 1 07:13:43 CET 2011 on sn-devel-104
2011-02-22s4-auth Move libcli/security/session.c to the top levelAndrew Bartlett4-1/+116
This code is now useful in common, as the elements of the auth_session_info structure have now been defined in common IDL. Andrew Bartlett
2011-02-21libcli/security/security_descriptor.c - fix three wrong counter variablesMatthias Dieter Wallnöfer1-3/+3
These strictly need to be "uint32_t" since "acl*->num_aces" has been defined by this type. This counter patchset has been reviewed by Andrew Bartlett.
2011-02-21libcli/security/privileges.c - fix wrong counter typeMatthias Dieter Wallnöfer1-1/+1
This strictly needs to be from type "uint32_t" since "privset->count" is defined with this type.
2011-02-21libcli/security/privileges.c - fix the counting of privilegesMatthias Dieter Wallnöfer1-9/+4
Since the privileges are always counted with a signed integer, there is no reason to specify the upper limit with a "uint32_t".
2011-02-21libcli/security/sddl.c - fix wrong counter typeMatthias Dieter Wallnöfer1-1/+1
This strictly needs to be from type "uint32_t" since "acl->num_aces" is defined of this type.
2011-02-21libcli/security/display_sec.c - fix wrong counter typeMatthias Dieter Wallnöfer1-1/+1
This strictly needs to be of type "uint32_t" due to "sec_acl->num_aces" which is of type "uint32_t".
2011-02-15libcli/security - fix two output format specifiersMatthias Dieter Wallnöfer2-2/+2
2011-02-10security: Fixed some handling of ACEs with INHERITED flag provided by the userNadezhda Ivanova1-5/+16
Some tests showed that these ACEs are not removed if the DACL_PROTECTED flag is provided at the same time. This is not documented but tests prove it and it has been observerd in deployment.
2011-02-08pysecurity: Add missing dependency on pytalloc-util.Jelmer Vernooij1-1/+1
Autobuild-User: Jelmer Vernooij <jelmer@samba.org> Autobuild-Date: Tue Feb 8 13:16:43 CET 2011 on sn-devel-104
2011-02-07libcli/security: Make add_sid_to_array_unique use a uin32_t counterVolker Lendecke1-1/+1
Logical consequence of the previous commit Signed-off-by: Michael Adam <obnox@samba.org> Autobuild-User: Michael Adam <obnox@samba.org> Autobuild-Date: Mon Feb 7 19:24:19 CET 2011 on sn-devel-104
2011-02-07libcli/security: Make del_sid_from_array take a uint32_tVolker Lendecke2-3/+5
This aligns it with add_sid_to_array Signed-off-by: Michael Adam <obnox@samba.org>
2011-01-18s4-security: Fixed incorrect inheritance of IO flagged ACESNadezhda Ivanova1-0/+5
They should be inherited without the IO flag unless they contain generic information.
2011-01-14libcli/security Add python bindings for se_access_checkAndrew Bartlett2-0/+89
Andrew Bartlett
2011-01-13security: Fixed incorrect indentation in create_descriptor.cNadezhda Ivanova1-12/+12
Autobuild-User: Nadezhda Ivanova <nivanova@samba.org> Autobuild-Date: Thu Jan 13 15:53:16 CET 2011 on sn-devel-104
2011-01-11security: Fixed bugs in expansion of generic information ACEsNadezhda Ivanova1-38/+82
When an ACE gontaining GA, GE, GR, GW, CO or CG is provided by a user or inherited the final SD actually has to have 2 ACEs, one is an effective expanded one, and the original one with IO flag added.
2011-01-10libcli/security: fix sid_type_lookup().Günther Deschner1-7/+5
It *always* returned "SID *TYPE* is INVALID". Guenther Autobuild-User: Günther Deschner <gd@samba.org> Autobuild-Date: Mon Jan 10 12:47:00 CET 2011 on sn-devel-104
2010-12-17libcli/security: remove unused variable.Günther Deschner1-1/+0
Guenther Autobuild-User: Günther Deschner <gd@samba.org> Autobuild-Date: Fri Dec 17 13:56:27 CET 2010 on sn-devel-104
2010-12-16libcli/security Add sid_blob_parse() to directly parse a binary SID blobAndrew Bartlett2-3/+14
2010-12-06s4:fix some shadowed declaration warnings on Solaris by renaming the symbolsMatthias Dieter Wallnöfer1-1/+1
2010-12-02Turns out there are lots of places in S3 where token passed inJeremy Allison1-0/+4
here can be NULL (become_root() sets the current security token to NULL for example). Ensure we don't crash. Jeremy. Autobuild-User: Jeremy Allison <jra@samba.org> Autobuild-Date: Thu Dec 2 03:26:03 CET 2010 on sn-devel-104
2010-11-29libcli/security/object_tree.c - remove unreachable statementMatthias Dieter Wallnöfer1-1/+0
2010-10-31s4: Remove the old perl/m4/make/mk-based build system.Jelmer Vernooij1-5/+0
The new waf-based build system now has all the same functionality, and the old build system has been broken for quite some time. Autobuild-User: Jelmer Vernooij <jelmer@samba.org> Autobuild-Date: Sun Oct 31 02:01:44 UTC 2010 on sn-devel-104
2010-10-26waf: Remove lib prefix from libraries manually.Jelmer Vernooij1-1/+1
2010-10-26s4: Drop duplicate 'lib' prefix for private libraries.Jelmer Vernooij1-1/+1
2010-10-24libcli/security Remove unused sec_acl_equal()Andrew Bartlett2-47/+0
This was orphaned by changing sec_desc_equal() to the stricter security_descriptor_equal() by f4195183a47b0e7c8bc9644d62b123f7880f3fcd in 2009. (The difference here was that sec_acl_equal allowed for equivilent ordering. I've checked the callers, and this function is only used to skip actual ACL sets, or to reference a cache, so this seems Autobuild-User: Andrew Bartlett <abartlet@samba.org> Autobuild-Date: Sun Oct 24 22:21:23 UTC 2010 on sn-devel-104
2010-10-24s4: Rename LIBSECURITY{_SESSION,} to libsecurity{_session,}Jelmer Vernooij1-1/+1
2010-10-23create_descriptor.c - fix commentMatthias Dieter Wallnöfer1-1/+1
The location in MS-DTYPE changed. Autobuild-User: Matthias Dieter Wallnöfer <mdw@samba.org> Autobuild-Date: Sat Oct 23 21:33:46 UTC 2010 on sn-devel-104
2010-10-22Fix const warning. Allocate off NULL as we always talloc_free().Jeremy Allison1-1/+1
2010-10-21libcli: LIBSECURITY depends on NDR_SECURITYAndrew Tridgell1-1/+1
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-10-21libcli: make the LIBSECURITY subsystem into a private libraryAndrew Tridgell1-4/+5
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-10-21Now we have SeSystemSecurity, remove the source3-only #ifdef.Jeremy Allison1-2/+0
Jeremy. Autobuild-User: Jeremy Allison <jra@samba.org> Autobuild-Date: Thu Oct 21 01:35:00 UTC 2010 on sn-devel-104
2010-10-21Add code to implement SeSecurityPrivilege in net rpc rights, and in theJeremy Allison1-6/+3
open and get/set NT security descriptor code. Jeremy. Autobuild-User: Jeremy Allison <jra@samba.org> Autobuild-Date: Thu Oct 21 00:15:57 UTC 2010 on sn-devel-104
2010-10-20libcli/security/access_check.c - fix a memory leakMatthias Dieter Wallnöfer1-7/+12
2010-10-19Fix shadow warning for "access" variable.Jeremy Allison1-3/+3
Autobuild-User: Jeremy Allison <jra@samba.org> Autobuild-Date: Tue Oct 19 22:53:38 UTC 2010 on sn-devel-104
2010-10-14security: ensure the merge of libcli/security doesn't change s3 behaviourAndrew Tridgell1-0/+5
Jeremy, you put a #if 0 around this logic in this commit: 8344e945 (Jeremy Allison 2008-10-31 10:51:45 -0700 181) is this still needed? Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org> Autobuild-User: Andrew Tridgell <tridge@samba.org> Autobuild-Date: Thu Oct 14 03:16:41 UTC 2010 on sn-devel-104
2010-10-14libcli/security Use static SIDs rather than parsing from stringsAndrew Bartlett2-5/+6
This should make the security_token_is_*() calls a little faster. Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org>