summaryrefslogtreecommitdiff
path: root/source3/include
AgeCommit message (Collapse)AuthorFilesLines
2010-09-11s3-util_sid Tidy up global struct security_tokenAndrew Bartlett1-1/+1
This no longer needs to be global, and should be const. We now also init it with the C99 style initialisers. Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-09-11s3-privs Add constAndrew Bartlett1-3/+3
Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-09-11s3-privs Remove unused functionAndrew Bartlett1-1/+0
Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-09-11s3-privs Overhaul PRIVILEGE_SET handling, avoid dealing with the bitmapAndrew Bartlett1-0/+1
This avoids us dealing with the privilege bitmap in the LSA server, and overhauls much of the rest of the handling to be currnet with the modern world of talloc. Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-09-11s3-privs Hide the bitmap-based grant_privilege and revoke_privilegeAndrew Bartlett1-2/+2
The new wrappers avoid anything but the core privileges code dealing with the bitmap values directly. Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-09-11s3-privs Make privilege_enum_sids() take an LUID, not a bitmapAndrew Bartlett1-1/+1
This moves one more privileges call away from direct bitmap manipuation. Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-09-11s3-privs Rework access_check_object() to take two privilegesAndrew Bartlett1-3/+4
This allows the privileges bitmap to be used only when setting privileges, and uses an the LUID constant for all 'does this user have this privilege' operations. The advantage is that we now only need one API to determine if a token has a privilege, and much less code needs to know what type is used for the underlying bitmap. Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-09-11s3-privs Remove a pointer from grant_privilege()Andrew Bartlett1-1/+1
Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-09-11s3-privs Remove a pointer indirection from revoke_privilege()Andrew Bartlett1-1/+1
Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-09-11s3-privs Move manual prototypes to common privileges.hAndrew Bartlett1-20/+0
Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-09-11s3-privs Move source3/ privileges implmentation into commonAndrew Bartlett2-75/+1
Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-09-11s3-privs Rename structure elements for greater clarityAndrew Bartlett1-2/+2
It is important to make clear which is the LUID and which is the Samba-only bitmap mask. Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-09-11s3:auth Remove NT_USER_TOKENAndrew Bartlett4-27/+25
The all UPPER case typedef is no longer the preferred Samba style and this makes it easier to see that this is the IDL-derivied structure Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-09-11s3-auth Change struct nt_user_token -> struct security_tokenAndrew Bartlett3-20/+17
This common structure is defined in security.idl Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-09-11s3-auth Change type of num_sids to uint32_tAndrew Bartlett2-4/+4
size_t is overkill here, and in struct security_token in the num_sids is uint32_t. This includes a change to the prototype of add_sid_to_array() and add_sid_to_array_unique(), which has had a number of consequnetial changes as I try to sort out all the callers using a pointer to the number of sids. Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-09-11s3-privs Only store low bits of luid in privileges tableAndrew Bartlett1-1/+1
Samba only uses the low bits, and this makes the code simpler. Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-09-11privs Add my CopyrightAndrew Bartlett1-0/+1
Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-09-11s3-privs Further changes to remove SE_PRIVAndrew Bartlett3-33/+31
Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-09-11privs Move privilege bitmasks to security.idlAndrew Bartlett1-19/+1
Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-09-11s3:privileges Change SE_PRIV to be just a uint64_tAndrew Bartlett1-22/+17
We don't need 128 possible privileges here, as we only use 12. This reverts some of 46e5effea948931509283cb84b27007d34b521c8 by Jerry back in 2005, where he introduced the SE_PRIV structure to replace the uint32_t used at the time. Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-09-10s3-spoolss: Don't leak memory on the session counter list.Andreas Schneider1-0/+1
Thanks Günther, please check.
2010-09-10s3-spoolss: Move Printer_entry to srv_spoolss_nt.cSimo Sorce1-40/+0
It is used only there, and it is a good idea to make this one private and opaque to the rest of the code. Signed-off-by: Andreas Schneider <asn@samba.org>
2010-09-09s3-printing: Make auth_serversupplied_info const.Andreas Schneider2-15/+15
2010-09-09s3-msdfs: Make auth_serversupplied_info const.Andreas Schneider1-1/+1
2010-09-09s3-rpcint: Make auth_serversupplied_info const.Andreas Schneider1-2/+2
2010-09-09s3-auth: Added get_server_info_system function.Andreas Schneider1-0/+1
2010-09-08s3/ldap: use monotonic clock for timeouts in smbldapBjörn Jacke1-3/+3
tevent would need monotonic clock features to make also smbldap's idle handling aware of backward clock jumps. Other areas in smbldap are clock jump save now.
2010-09-07s3/libads: use monotonic clock for ldap connection timeoutsBjörn Jacke1-1/+1
2010-09-04s3:rpc_server: make it possible to use rpcint_binding_handle() directlyStefan Metzmacher2-3/+6
metze
2010-09-02s3-param: added lp_set_cmdline() and --option= parameterAndrew Tridgell2-0/+3
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-08-31s3-auth: remove global include of krb5pac.h.Günther Deschner1-1/+1
Guenther
2010-08-31s3: messaging_ctdbd_connection() was only called with procid_self()Volker Lendecke1-1/+1
Eventually we'll get this right...
2010-08-31s3: Make ctdbd_init_connection staticVolker Lendecke1-2/+0
2010-08-31s3: add TspecDiff macroBjörn Jacke1-0/+9
2010-08-31s3: we have clock_gettime everywhere, remove ifdefsBjörn Jacke1-13/+0
2010-08-31s3-auth Rename NT_USER_TOKEN privileges -> privilege_maskAndrew Bartlett1-1/+1
This is closer to the struct security_token from security.idl Andrew Bartlett
2010-08-31s3-auth Rename NT_USER_TOKEN user_sids -> sidsAndrew Bartlett1-1/+1
This is closer to the struct security_token from security.idl
2010-08-30s3-auth: add helper to get server_info out of kerberos infoSimo Sorce1-0/+8
Signed-off-by: Günther Deschner <gd@samba.org>
2010-08-30s3-auth: Add helper function to retrieve the unix user from a kerberos ticketSimo Sorce1-1/+14
Signed-off-by: Günther Deschner <gd@samba.org>
2010-08-29s3: Remove smbd_server_fd()Volker Lendecke1-1/+0
This breaks the perfcol_onefs() build. Tim, Steve, this use of smbd_server_fd is replacable by calls into substitute.c. I don't have a onefs environment around to build a fix, so I've decided to insert an #error, making it not compile. The fix should be pretty obvious, you can get the socket data via "%I" and "%i" substitutions.
2010-08-29s3: Set the client_id in substitute.c onceVolker Lendecke1-0/+2
This never changes during a client connection's life, so we can set it once.
2010-08-28s3: Remove the dependency of g_lock on procid_selfVolker Lendecke1-1/+1
procid_self() references global vars, don't depend on them unnecessarily
2010-08-28s3: Lift smbd_server_fd() from pass_check()Volker Lendecke1-1/+4
2010-08-28s3: Fix smb_pam_passcheckVolker Lendecke1-2/+2
2010-08-27s3: Lift smbd_server_fd() from smb_pam_passcheckVolker Lendecke1-1/+2
2010-08-27s3: Pass rhost through to smb_pam_passchangeVolker Lendecke1-1/+2
2010-08-26s3-proto: remove obsolete prototypes.Günther Deschner1-14/+0
Guenther
2010-08-26s3-build: only include rpc_misc.h where needed.Günther Deschner2-3/+0
Guenther
2010-08-26s3-build: use talloc_dict.h only where needed.Günther Deschner1-1/+0
Guenther
2010-08-26s3-build: use dbwrap.h only where needed.Günther Deschner3-39/+38
Guenther