summaryrefslogtreecommitdiff
path: root/librpc/idl/security.idl
AgeCommit message (Collapse)AuthorFilesLines
2012-11-20librpc/idl: teach ndrdump about dumping security.idl structuresStefan Metzmacher1-0/+21
Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Michael Adam <obnox@samba.org>
2012-08-31SEC_RIGHTS_DIR_PRIV_BACKUP and SEC_RIGHTS_DIR_PRIV_RESTORE aren't used ↵Jeremy Allison1-8/+7
anywhere. Remove (can re-add if needed). Ensure the privilege rights are always specific rights, not generic. By the time the privilege rights are examined, we've already mapped from generic to specific in the access_mask.
2011-09-21Fix bug #8458] - IE9 on Windows 7 cannot download files to samba 3.5.11 shareJeremy Allison1-0/+1
Handle the SECINFO_LABEL flag in the same was as Win2k3.
2011-08-31security.idl add new well-known SIDsChristian Ambach1-0/+8
http://support.microsoft.com/kb/243330/en-us lists some new well-known SIDS in the BUILTIN domain
2011-07-20security.idl: Use gid_t for gid in security_unix_tokenAndrew Bartlett1-1/+1
2011-03-01librpc/idl Add helper structures for use by samba3 in auth_session_infoAndrew Bartlett1-0/+8
The unix info and in particular unix token needs to be preserved into the struct auth_session_info. Andrew Bartlett
2010-09-11security.idl Clarify that this is not a network structureAndrew Bartlett1-0/+1
2010-09-11s4-privs Seperate rights and privilegesAndrew Bartlett1-13/+22
These are related, but slightly different concepts. The biggest difference is that rights are not enumerated as a system-wide list. This moves the rights to security.idl due to dependencies. Andrew Bartlett
2010-09-11libcli/security Rename all privilege bitmaps constantsAndrew Bartlett1-31/+31
The idea here to to make it very clear how they differ from the enumerated LUID values. Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-09-11libcli/security Add an invalid LUID privilege valueAndrew Bartlett1-0/+1
This helps code that may not want to specify any privilege Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-09-11security.idl Add commentsAndrew Bartlett1-1/+3
Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-09-11security.idl Update Windows privileges list to Win2008R2Andrew Bartlett1-30/+35
Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-09-11security.idl clarify which privilages are LUID and bitmap valuesAndrew Bartlett1-6/+10
Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-09-11s4-privs Remove link between enum sec_privilege and the privilege bitmapAndrew Bartlett1-29/+71
This allows us to set the enum sec_privilege constants to the LUID values that are seen from windows, which we need to match, in order to preserve the support for the NT Print Migrator tool after a merge with the source3/ privileges code. Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-09-11privs Move privilege bitmasks to security.idlAndrew Bartlett1-0/+39
Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-08-23s4:security Change struct security_token->sids from struct dom_sid * to ↵Andrew Bartlett1-1/+1
struct dom_sid This makes the structure much more like NT_USER_TOKEN in the source3/ code. (The remaining changes are that privilages still need to be merged) Andrew Bartlett
2010-08-20idl: added the RODC allow/deny secrets RIDsAndrew Tridgell1-0/+2
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-08-18s4:security Remove use of user_sid and group_sid from struct security_tokenAndrew Bartlett1-2/+0
This makes the structure more like Samba3's NT_USER_TOKEN
2010-07-05s4-dsdb: Implementation of User-Change-Password and User-Force-Password-ChangeNadezhda Ivanova1-0/+2
These CARs need to be checked on password change and password reset operations. Apparently the password attributes are not influenced by Write Property. Single detele operations and modifications of dBCSPwd are let through to the password_hash module. This is determined experimentally.
2010-06-09Added guids for the validated writes.Nadezhda Ivanova1-0/+7
2010-06-03security: move generic_mapping and standard_mapping to security.idl.Günther Deschner1-0/+18
Guenther
2010-05-18Finish removal of iconv_convenience in public API's.Jelmer Vernooij1-3/+3
2010-05-18security: merge builtin rid tables.Günther Deschner1-0/+19
Guenther
2010-03-23security.idl: Add missing builtin groups.Karolin Seeger1-0/+4
Karolin
2010-03-16security.idl - push generated code diffMatthias Dieter Wallnöfer1-1/+1
2010-03-16Added a net acl ds command for modification of ACLs on directory objectsNadezhda Ivanova1-1/+18
At present the command supports only addition of control access rigts, done so DRS access checks can be tested. It will be expanded to deal with most ways to modify and view a DS ACL. Shifted commands a bit. What used to be net acl is now "net acl nt" as apposed to this, which is "net acl ds" ./bin/net acl ds set --help Usage: set --objectdn=objectdn --car=control right --action=[deny|allow] --trusteedn=trustee-dn Options: -h, --help show this help message and exit --host=HOST LDB URL for database or target server --car=CAR The access control right to allow or deny --action=ACTION Deny or allow access --objectdn=OBJECTDN DN of the object whose SD to modify --trusteedn=TRUSTEEDN DN of the entity that gets access Samba Common Options: -s FILE, --configfile=FILE Configuration file Credentials Options: --simple-bind-dn=DN DN to use for a simple bind --password=PASSWORD Password -U USERNAME, --username=USERNAME Username -W WORKGROUP, --workgroup=WORKGROUP Workgroup -N, --no-pass Don't ask for a password -k KERBEROS, --kerberos=KERBEROS Use Kerberos
2010-02-18security: make two bitmaps public.Günther Deschner1-2/+2
Guenther
2010-01-29security.idl: add wellknown TrustedInstaller SIDStefan Metzmacher1-0/+7
metze
2009-11-27security.idl - Add some more wellknown SIDs/RIDsMatthias Dieter Wallnöfer1-14/+17
2009-11-17Fixed incorrect SID for RAS Servers.Nadezhda Ivanova1-0/+1
2009-11-03Removed the default DACL from token, as we will not be using it.Nadezhda Ivanova1-1/+0
2009-10-16idl: added bit definition for privilege masksAndrew Tridgell1-0/+15
When you have backup or restore privileges, you automatically get extra access bits in ACL interpretation. This adds definitions for the bits you get.
2009-09-16Owner and group defaulting.Nadezhda Ivanova1-0/+34
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
2009-05-29s4: Add additional well-known SID's/RID's.Andrew Kroeger1-0/+4
Information was found at http://support.microsoft.com/kb/243330 Not all well-known identifiers were included - only those necessary for enhancing the 2-letter mappings used in SDDL strings were added.
2009-05-29Fix incorrect RID for KRBTGT. (was incorectly 514, should be 502)Andrew Bartlett1-1/+1
Requires recompile of source4/kdc/* Found by Andrew Kroeger <andrew@id10ts.net> Andrew Bartlett
2009-05-27Add DOMAIN_RID_KRBTGT define to security.idlAndrew Bartlett1-0/+1
2009-05-20s4: try to fix privileges implementation in order to pass the ↵Günther Deschner1-1/+2
RPC-SAMR-USERS-PRIVILEGES test. Guenther
2009-01-01Add iconv_convenience argument to size functions.Jelmer Vernooij1-3/+3
2008-12-16Rename dom_sid.idl -> server_id.idl (since it no longer actually contains ↵Jelmer Vernooij1-2/+0
the dom_sid). No longer include it from security.idl.
2008-12-16Add python extensions for dom_sid.Jelmer Vernooij1-2/+1
2008-12-12Move dom_sid to the Samba 3 IDL file, remove the old definition.Jelmer Vernooij1-0/+29
2008-11-08s3: make idlStefan Metzmacher1-3/+3
metze
2008-11-08security.idl: sometimes ACEs have some padding at the endStefan Metzmacher1-1/+1
metze
2008-11-08s3: security.idl: split of dom_sid stuff into dom_sid.idlStefan Metzmacher1-19/+2
And use the toplevel ndr_sec_helper.c metze
2008-11-01security-idl: fix typo.Günther Deschner1-3/+3
Guenther
2008-10-31security-idl: add STANDARD_RIGHTS_X bits.Günther Deschner1-0/+14
Guenther
2008-10-15Share security.idl.Jelmer Vernooij1-0/+394