Age | Commit message (Collapse) | Author | Files | Lines | |
---|---|---|---|---|---|
2012-11-20 | librpc/idl: teach ndrdump about dumping security.idl structures | Stefan Metzmacher | 1 | -0/+21 | |
Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Michael Adam <obnox@samba.org> | |||||
2012-08-31 | SEC_RIGHTS_DIR_PRIV_BACKUP and SEC_RIGHTS_DIR_PRIV_RESTORE aren't used ↵ | Jeremy Allison | 1 | -8/+7 | |
anywhere. Remove (can re-add if needed). Ensure the privilege rights are always specific rights, not generic. By the time the privilege rights are examined, we've already mapped from generic to specific in the access_mask. | |||||
2011-09-21 | Fix bug #8458] - IE9 on Windows 7 cannot download files to samba 3.5.11 share | Jeremy Allison | 1 | -0/+1 | |
Handle the SECINFO_LABEL flag in the same was as Win2k3. | |||||
2011-08-31 | security.idl add new well-known SIDs | Christian Ambach | 1 | -0/+8 | |
http://support.microsoft.com/kb/243330/en-us lists some new well-known SIDS in the BUILTIN domain | |||||
2011-07-20 | security.idl: Use gid_t for gid in security_unix_token | Andrew Bartlett | 1 | -1/+1 | |
2011-03-01 | librpc/idl Add helper structures for use by samba3 in auth_session_info | Andrew Bartlett | 1 | -0/+8 | |
The unix info and in particular unix token needs to be preserved into the struct auth_session_info. Andrew Bartlett | |||||
2010-09-11 | security.idl Clarify that this is not a network structure | Andrew Bartlett | 1 | -0/+1 | |
2010-09-11 | s4-privs Seperate rights and privileges | Andrew Bartlett | 1 | -13/+22 | |
These are related, but slightly different concepts. The biggest difference is that rights are not enumerated as a system-wide list. This moves the rights to security.idl due to dependencies. Andrew Bartlett | |||||
2010-09-11 | libcli/security Rename all privilege bitmaps constants | Andrew Bartlett | 1 | -31/+31 | |
The idea here to to make it very clear how they differ from the enumerated LUID values. Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org> | |||||
2010-09-11 | libcli/security Add an invalid LUID privilege value | Andrew Bartlett | 1 | -0/+1 | |
This helps code that may not want to specify any privilege Signed-off-by: Andrew Tridgell <tridge@samba.org> | |||||
2010-09-11 | security.idl Add comments | Andrew Bartlett | 1 | -1/+3 | |
Signed-off-by: Andrew Tridgell <tridge@samba.org> | |||||
2010-09-11 | security.idl Update Windows privileges list to Win2008R2 | Andrew Bartlett | 1 | -30/+35 | |
Signed-off-by: Andrew Tridgell <tridge@samba.org> | |||||
2010-09-11 | security.idl clarify which privilages are LUID and bitmap values | Andrew Bartlett | 1 | -6/+10 | |
Signed-off-by: Andrew Tridgell <tridge@samba.org> | |||||
2010-09-11 | s4-privs Remove link between enum sec_privilege and the privilege bitmap | Andrew Bartlett | 1 | -29/+71 | |
This allows us to set the enum sec_privilege constants to the LUID values that are seen from windows, which we need to match, in order to preserve the support for the NT Print Migrator tool after a merge with the source3/ privileges code. Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org> | |||||
2010-09-11 | privs Move privilege bitmasks to security.idl | Andrew Bartlett | 1 | -0/+39 | |
Signed-off-by: Andrew Tridgell <tridge@samba.org> | |||||
2010-08-23 | s4:security Change struct security_token->sids from struct dom_sid * to ↵ | Andrew Bartlett | 1 | -1/+1 | |
struct dom_sid This makes the structure much more like NT_USER_TOKEN in the source3/ code. (The remaining changes are that privilages still need to be merged) Andrew Bartlett | |||||
2010-08-20 | idl: added the RODC allow/deny secrets RIDs | Andrew Tridgell | 1 | -0/+2 | |
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org> | |||||
2010-08-18 | s4:security Remove use of user_sid and group_sid from struct security_token | Andrew Bartlett | 1 | -2/+0 | |
This makes the structure more like Samba3's NT_USER_TOKEN | |||||
2010-07-05 | s4-dsdb: Implementation of User-Change-Password and User-Force-Password-Change | Nadezhda Ivanova | 1 | -0/+2 | |
These CARs need to be checked on password change and password reset operations. Apparently the password attributes are not influenced by Write Property. Single detele operations and modifications of dBCSPwd are let through to the password_hash module. This is determined experimentally. | |||||
2010-06-09 | Added guids for the validated writes. | Nadezhda Ivanova | 1 | -0/+7 | |
2010-06-03 | security: move generic_mapping and standard_mapping to security.idl. | Günther Deschner | 1 | -0/+18 | |
Guenther | |||||
2010-05-18 | Finish removal of iconv_convenience in public API's. | Jelmer Vernooij | 1 | -3/+3 | |
2010-05-18 | security: merge builtin rid tables. | Günther Deschner | 1 | -0/+19 | |
Guenther | |||||
2010-03-23 | security.idl: Add missing builtin groups. | Karolin Seeger | 1 | -0/+4 | |
Karolin | |||||
2010-03-16 | security.idl - push generated code diff | Matthias Dieter Wallnöfer | 1 | -1/+1 | |
2010-03-16 | Added a net acl ds command for modification of ACLs on directory objects | Nadezhda Ivanova | 1 | -1/+18 | |
At present the command supports only addition of control access rigts, done so DRS access checks can be tested. It will be expanded to deal with most ways to modify and view a DS ACL. Shifted commands a bit. What used to be net acl is now "net acl nt" as apposed to this, which is "net acl ds" ./bin/net acl ds set --help Usage: set --objectdn=objectdn --car=control right --action=[deny|allow] --trusteedn=trustee-dn Options: -h, --help show this help message and exit --host=HOST LDB URL for database or target server --car=CAR The access control right to allow or deny --action=ACTION Deny or allow access --objectdn=OBJECTDN DN of the object whose SD to modify --trusteedn=TRUSTEEDN DN of the entity that gets access Samba Common Options: -s FILE, --configfile=FILE Configuration file Credentials Options: --simple-bind-dn=DN DN to use for a simple bind --password=PASSWORD Password -U USERNAME, --username=USERNAME Username -W WORKGROUP, --workgroup=WORKGROUP Workgroup -N, --no-pass Don't ask for a password -k KERBEROS, --kerberos=KERBEROS Use Kerberos | |||||
2010-02-18 | security: make two bitmaps public. | Günther Deschner | 1 | -2/+2 | |
Guenther | |||||
2010-01-29 | security.idl: add wellknown TrustedInstaller SID | Stefan Metzmacher | 1 | -0/+7 | |
metze | |||||
2009-11-27 | security.idl - Add some more wellknown SIDs/RIDs | Matthias Dieter Wallnöfer | 1 | -14/+17 | |
2009-11-17 | Fixed incorrect SID for RAS Servers. | Nadezhda Ivanova | 1 | -0/+1 | |
2009-11-03 | Removed the default DACL from token, as we will not be using it. | Nadezhda Ivanova | 1 | -1/+0 | |
2009-10-16 | idl: added bit definition for privilege masks | Andrew Tridgell | 1 | -0/+15 | |
When you have backup or restore privileges, you automatically get extra access bits in ACL interpretation. This adds definitions for the bits you get. | |||||
2009-09-16 | Owner and group defaulting. | Nadezhda Ivanova | 1 | -0/+34 | |
Signed-off-by: Andrew Bartlett <abartlet@samba.org> | |||||
2009-05-29 | s4: Add additional well-known SID's/RID's. | Andrew Kroeger | 1 | -0/+4 | |
Information was found at http://support.microsoft.com/kb/243330 Not all well-known identifiers were included - only those necessary for enhancing the 2-letter mappings used in SDDL strings were added. | |||||
2009-05-29 | Fix incorrect RID for KRBTGT. (was incorectly 514, should be 502) | Andrew Bartlett | 1 | -1/+1 | |
Requires recompile of source4/kdc/* Found by Andrew Kroeger <andrew@id10ts.net> Andrew Bartlett | |||||
2009-05-27 | Add DOMAIN_RID_KRBTGT define to security.idl | Andrew Bartlett | 1 | -0/+1 | |
2009-05-20 | s4: try to fix privileges implementation in order to pass the ↵ | Günther Deschner | 1 | -1/+2 | |
RPC-SAMR-USERS-PRIVILEGES test. Guenther | |||||
2009-01-01 | Add iconv_convenience argument to size functions. | Jelmer Vernooij | 1 | -3/+3 | |
2008-12-16 | Rename dom_sid.idl -> server_id.idl (since it no longer actually contains ↵ | Jelmer Vernooij | 1 | -2/+0 | |
the dom_sid). No longer include it from security.idl. | |||||
2008-12-16 | Add python extensions for dom_sid. | Jelmer Vernooij | 1 | -2/+1 | |
2008-12-12 | Move dom_sid to the Samba 3 IDL file, remove the old definition. | Jelmer Vernooij | 1 | -0/+29 | |
2008-11-08 | s3: make idl | Stefan Metzmacher | 1 | -3/+3 | |
metze | |||||
2008-11-08 | security.idl: sometimes ACEs have some padding at the end | Stefan Metzmacher | 1 | -1/+1 | |
metze | |||||
2008-11-08 | s3: security.idl: split of dom_sid stuff into dom_sid.idl | Stefan Metzmacher | 1 | -19/+2 | |
And use the toplevel ndr_sec_helper.c metze | |||||
2008-11-01 | security-idl: fix typo. | Günther Deschner | 1 | -3/+3 | |
Guenther | |||||
2008-10-31 | security-idl: add STANDARD_RIGHTS_X bits. | Günther Deschner | 1 | -0/+14 | |
Guenther | |||||
2008-10-15 | Share security.idl. | Jelmer Vernooij | 1 | -0/+394 | |