summaryrefslogtreecommitdiff
path: root/source3/include/rpc_secdes.h
AgeCommit message (Collapse)AuthorFilesLines
2007-10-10r25534: Apply some constVolker Lendecke1-4/+4
Why? It moves these structs from the data into the text segment, so they will never been copy-on-write copied. Not much, but as in German you say "Kleinvieh macht auch Mist...." (This used to be commit 0141e64ad4972232de867137064d0dae62da22ee)
2007-10-10r23826: Fix gpo security filtering by matching the security descriptor ace's ↵Günther Deschner1-1/+0
for the extended apply group policy right. Guenther (This used to be commit d832014a6fef657f484412372b5d09047552b183)
2007-10-10r23784: use the GPLv3 boilerplate as recommended by the FSF and the license textAndrew Tridgell1-2/+1
(This used to be commit b0132e94fc5fef936aa766fb99a306b3628e9f07)
2007-10-10r23779: Change from v2 or later to v3 or later.Jeremy Allison1-1/+1
Jeremy. (This used to be commit 407e6e695b8366369b7c76af1ff76869b45347b3)
2007-10-10r22798: Add the "apply group policy" access bit (as seen in type 0x05 ↵Günther Deschner1-0/+1
ALLOWED OBJECT ACEs). Guenther (This used to be commit e138cbc876e50ae25cb15c5109a42bc8b800c1ba)
2007-10-10r21705: add modify rights definesHerb Lewis1-1/+15
(This used to be commit 06c777529f62b29edda4e9820426117ec4a3546d)
2007-10-10r18745: Use the Samba4 data structures for security descriptors and security ↵Jelmer Vernooij1-56/+5
descriptor buffers. Make security access masks simply a uint32 rather than a structure with a uint32 in it. (This used to be commit b41c52b9db5fc4a553b20a7a5a051a4afced9366)
2007-10-10r18654: Rename "struct uuid" => "struct GUID" for consistency.Jelmer Vernooij1-2/+2
(This used to be commit 5de76767e857e9d159ea46e2ded612ccd6d6bf19)
2007-10-10r16945: Sync trunk -> 3.0 for 3.0.24 code. Still needJeremy Allison1-36/+0
to do the upper layer directories but this is what everyone is waiting for.... Jeremy. (This used to be commit 9dafb7f48ca3e7af956b0a7d1720c2546fc4cfb8)
2007-10-10r10656: BIG merge from trunk. Features not copied overGerald Carter1-2/+7
* \PIPE\unixinfo * winbindd's {group,alias}membership new functions * winbindd's lookupsids() functionality * swat (trunk changes to be reverted as per discussion with Deryck) (This used to be commit 939c3cb5d78e3a2236209b296aa8aba8bdce32d3)
2007-10-10r7691: * add .gdbinit to the svn:ignore filesGerald Carter1-1/+1
* start adding write support to the Samba registry Flesh out the server implementations of RegCreateKey(), RegSetValue(), RegDeleteKey() and RegDeleteValue() I can create a new key using regedit.exe now but the 'New Key #1' key cannot be deleted yet. (This used to be commit e188fdbef8f0ad202b0ecf3c30be2941ebe6d5b1)
2007-10-10r7603: * fix a bug in the SERVICE_ALL_ACCESS security maskGerald Carter1-1/+2
* add calls to start and stop a service (to be filled in by the backend routines in services/svc_*.c (This used to be commit 793d28a946d83beb2576c5c8ce808d32c71c880a)
2007-10-10r7576: implement access checks for open_scm and open_serviceGerald Carter1-10/+24
according to default security descriptor described in MSDN. no one can get in to due to the permissions, but i'll fix that next. (This used to be commit 11902e503ed4f6d6991a9fe7521fe44168274ec8)
2007-10-10r6942: * merging the registry changes back to the 3.0 treeGerald Carter1-10/+34
* removing the testprns tool (This used to be commit 81ffb0dbbbd244623507880c323a3c37e2b8dc4d)
2007-10-10r6038: adding more flesh to 'net rpc service'Gerald Carter1-0/+47
open and close the service control manager. Also experimenting with ideas for cli_xxx() interface. (This used to be commit 4da89ef17b8c4644b97b923cebfe8e446b508b4d)
2007-10-10r5056: * correct STANDARD_RIGHTS_WRITE_ACCESS bitmask defineGerald Carter1-1/+4
* make sure to apply the rights_mask and not just the saved bits from the mask in access_check_samr_object() * allow root to grant/revoke privileges (in addition to Domain Admins) as suggested by Volker. Tested machine joins from XP, 2K, and NT4 with and without pre-existing machine trust accounts. Also tested basic file operations using cmd.exe and explorer.exe after changing the STANDARD_RIGHTS_WRITE_ACCESS bitmask. (This used to be commit c0e7f7ff60a4110809b8f500fdc68a1bf963da36)
2007-10-10r5015: (based on abartlet's original patch to restrict password changes)Gerald Carter1-1/+4
* added SE_PRIV checks to access_check_samr_object() in order to deal with the run-time security descriptor and their interaction with user rights * Reordered original patch in _samr_set_userinfo[2] to still allow root/administrative password changes for users and machines. (This used to be commit f9f9e6039bd9443d54445e41c3783a2be18925fb)
2007-10-10r196: merging struct uuid from trunkGerald Carter1-9/+2
(This used to be commit 911a28361b9d8dd50597627f245ebfb57c6294fb)
2003-07-25Jean-Baptiste Marchand on the ethereal list used some auditing tricks toTim Potter1-10/+10
discover names for the SAMR specific permissions that were previously unknown. The existing constant names differ from what win2k calls them but since they aren't heavily used in Samba at the moment I'll leave them as they are. Jean-Baptiste's data is at: http://ethereal.ntop.org/lists/ethereal-dev/200307/msg00314.html (This used to be commit ae77e9e55438a9807da3696fd0d31fba6d0f7370)
2003-06-05Get ready for EA code... Add Linux interface.Jeremy Allison1-1/+7
Jeremy. (This used to be commit 48853140749b74053f1a7857a983397b6e9a0234)
2003-05-31Fix compile.Volker Lendecke1-1/+1
(This used to be commit 3ac622532a27659b9f9e26b1aa6858ce156641ac)
2003-05-30Ensure 'blank' entries show up in both default and normal entries toJeremy Allison1-1/+10
allow them to be changed. Works well with W2K and above. Jeremy. (This used to be commit 685e4e518236079f201650f26152f6f9ad3c61ab)
2002-11-02port sec_desc headers reordering from HEAD.Simo Sorce1-0/+247
Thanks to Andrew Brtlet for the diff :-) (This used to be commit cf67981e73cf52803eae589a6b86e1274bf72d2c)
2002-03-15syncing up printing code with SAMBA_2_2 (already done some mergesGerald Carter1-0/+7
in the reverse). * add in new printer change notify code from SAMBA_2_2 * add in se_map_standard() from 2.2 in _spoolss_open_printer_ex() * sync up the _print_queue_struct in smb.h (why did someone change the user/file names in fs_user/fs_file (or vice-versa) ? ) * sync up some cli_spoolss_XXX functions (This used to be commit 5760315c1de4033fdc22684c940f18010010924f)
2002-03-10yipee! Finally put in the patch from Alexey KotovichAndrew Tridgell1-40/+73
<a.kotovich@sam-solutions.net> that adds the security decsriptor code for ADS workstation accounts thanks for your patience Cat, and thanks to Andrew Bartlett for extensive reviews and suggestions about this code. (This used to be commit 6891393b5db868246fe52ff62b3dc6aa5ca6f726)
2002-01-30Removed version number from file header.Tim Potter1-2/+1
Changed "SMB/Netbios" to "SMB/CIFS" in file header. (This used to be commit 6a58c9bd06d0d7502a24bf5ce5a2faf0a146edfa)
2001-11-30Renamed sid field in SEC_ACE to trustee to be more in line with MS'sTim Potter1-1/+1
definitions. (This used to be commit 9712d3f15a47155f558d0034ef71fd06afb11301)
2001-02-28Move to talloc control of SPOOL_XXX structs. Move to talloc control ofJeremy Allison1-1/+5
security descriptors and pointers. Syncup with 2.2 tree. Jeremy. (This used to be commit 14d5997dc841e78a619e865288486d50c245896d)
2001-01-31lib/system.c: Fix for pw caching.Jeremy Allison1-0/+2
srv_samr.c: Fix for pw caching. smbd/nttrans.c: Fix to allow trans create to set ACL on open. Jeremy. (This used to be commit c4f810a7588a2faf41f4222dc77678c53ab1dec0)
2001-01-04Changes from APPLIANCE_HEAD:David O'Neill1-0/+10
source/Makefile.in - changes to ctags and etags rules that somehow got lost along the way. source/include/proto.h - make proto source/smbd/sec_ctx.c source/smbd/password.c - merge debugs for debugging user groups and NT token stuff. source/lib/util_str.c - capitalise domain name returned from parse_domain_user() source/nsswitch/wb_client.c - fix broken conditional in debug statement. source/include/rpc_secdes.h source/include/rpc_spoolss.h source/printing/nt_printing.c source/lib/util_seaccess.c - fix printer permission bugs related to ACE masks for printers. This adds mapping of generic access rights to object specific rights for NT printers. Still need to work out whether or not to ignore ACEs with certain flags set, though. See comments in util_seaccess.c:check_ace() for details. source/printing/nt_printing.c source/printing/printing.c - use PRINTER_ACCESS_ADMINISTER instead of JOB_ACCESS_ADMINISTER until we sort out printer/printjob permission stuff. (This used to be commit 1dba9c5cd1e6389734c648f6903abcb7c8d5b2f0)
2000-10-05Vector get_nt_acl/set_nt_acl via vfs. POSIX ACL support should be addedJeremy Allison1-1/+19
above this layer. Jeremy. (This used to be commit b90af886a951b7b049ed7a42e6d99c332e43897b)
2000-08-10Tidied up security rights definitions.Jeremy Allison1-4/+0
Jeremy. (This used to be commit e466c863f5540e13776f4477b6d58e3fbfe7276d)
2000-08-08Changed the sec desc access checks to match the spec. Needs testing.Jeremy Allison1-3/+0
Jeremy. (This used to be commit 5a4a7cd4727df5d1b5e71d343e776c7df52dc515)
2000-06-08Cause printer SD's to be displayed correctly (full control).Jeremy Allison1-2/+4
Jeremy. (This used to be commit 341d07c516865bdd9be99f98cd0754d12b25f9c0)
2000-05-27security descs in spoolss. needs parse_sec.c nttrans.c broken.Luke Leighton1-3/+3
(This used to be commit f9f2a04fdb7b2af1cfe5bf26ec6f0d955ea948b9)
2000-05-10more mergingAndrew Tridgell1-1/+6
it is now at the stage that winbindd can compile in the head branch, but not link (This used to be commit d178c00aae77710ae6ff20a7f54a30e3bd8232bb)
2000-02-29Fixes for strange Win2K attempts to auto-inherit ACLs.Jeremy Allison1-0/+11
Jeremy. (This used to be commit 41e37c51816ec048952ada1513c62f2689589001)
1999-12-13first pass at updating head branch to be to be the same as the SAMBA_2_0 branchAndrew Tridgell1-6/+1
(This used to be commit 453a822a76780063dff23526c35408866d0c0154)
1999-08-03reverted jeremy's c++-like security descriptor modifications as theLuke Leighton1-1/+2
simplest method to get rpcclient's reggetsec command working. the buffers passed as arguments in do_reg_get_key_sec() do need to be locally allocated not dynamically allocated, as two calls to reg_get_key_sec() are needed. on the first, the server fills in the size of the security descriptor buffer needed. on the second, the server fills in the security descriptor buffer. (This used to be commit b2d9cbef6f65bb696df8d8f49aa0c240e0bb1f50)
1999-02-23added jeremy's new c++-like code for parsing of security descriptors.Luke Leighton1-3/+1
(This used to be commit ec1b7000fd88c5a08e438c7033f60e49b9ec44a8)
1998-11-12security descriptors.Luke Leighton1-11/+17
kanji const char* warnings. (This used to be commit 06abdfd68e1d7fa8741afc3f56ec7a13b5fa4ccc)
1998-11-11security descriptor info, provided by jean-francoisLuke Leighton1-12/+41
(This used to be commit 719382a5579e8798812bbccd14a4c1ffd9003f7a)
1998-11-11clearing up security descriptorLuke Leighton1-3/+2
(This used to be commit abdc9d790b7d27b70aaf88451f5c82c99c94ca6e)
1998-11-10oops!Luke Leighton1-0/+102
(This used to be commit cad5b1f1fb03e7b064040b7c5bef5cd86dd0e1ba)