Age | Commit message (Collapse) | Author | Files | Lines | |
---|---|---|---|---|---|
2010-09-11 | s3-auth Fix typo in comment | Andrew Bartlett | 1 | -1/+1 | |
2010-09-11 | s3-util_sid Tidy up global struct security_token | Andrew Bartlett | 1 | -1/+1 | |
This no longer needs to be global, and should be const. We now also init it with the C99 style initialisers. Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org> | |||||
2010-09-11 | s3-privs Add const | Andrew Bartlett | 1 | -3/+3 | |
Signed-off-by: Andrew Tridgell <tridge@samba.org> | |||||
2010-09-11 | s3-privs Remove unused function | Andrew Bartlett | 1 | -1/+0 | |
Signed-off-by: Andrew Tridgell <tridge@samba.org> | |||||
2010-09-11 | s3-privs Overhaul PRIVILEGE_SET handling, avoid dealing with the bitmap | Andrew Bartlett | 1 | -0/+1 | |
This avoids us dealing with the privilege bitmap in the LSA server, and overhauls much of the rest of the handling to be currnet with the modern world of talloc. Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org> | |||||
2010-09-11 | s3-privs Hide the bitmap-based grant_privilege and revoke_privilege | Andrew Bartlett | 1 | -2/+2 | |
The new wrappers avoid anything but the core privileges code dealing with the bitmap values directly. Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org> | |||||
2010-09-11 | s3-privs Make privilege_enum_sids() take an LUID, not a bitmap | Andrew Bartlett | 1 | -1/+1 | |
This moves one more privileges call away from direct bitmap manipuation. Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org> | |||||
2010-09-11 | s3-privs Rework access_check_object() to take two privileges | Andrew Bartlett | 1 | -3/+4 | |
This allows the privileges bitmap to be used only when setting privileges, and uses an the LUID constant for all 'does this user have this privilege' operations. The advantage is that we now only need one API to determine if a token has a privilege, and much less code needs to know what type is used for the underlying bitmap. Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org> | |||||
2010-09-11 | s3-privs Remove a pointer from grant_privilege() | Andrew Bartlett | 1 | -1/+1 | |
Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org> | |||||
2010-09-11 | s3-privs Remove a pointer indirection from revoke_privilege() | Andrew Bartlett | 1 | -1/+1 | |
Signed-off-by: Andrew Tridgell <tridge@samba.org> | |||||
2010-09-11 | s3-privs Move manual prototypes to common privileges.h | Andrew Bartlett | 1 | -20/+0 | |
Signed-off-by: Andrew Tridgell <tridge@samba.org> | |||||
2010-09-11 | s3-privs Move source3/ privileges implmentation into common | Andrew Bartlett | 2 | -75/+1 | |
Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org> | |||||
2010-09-11 | s3-privs Rename structure elements for greater clarity | Andrew Bartlett | 1 | -2/+2 | |
It is important to make clear which is the LUID and which is the Samba-only bitmap mask. Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org> | |||||
2010-09-11 | s3:auth Remove NT_USER_TOKEN | Andrew Bartlett | 4 | -27/+25 | |
The all UPPER case typedef is no longer the preferred Samba style and this makes it easier to see that this is the IDL-derivied structure Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org> | |||||
2010-09-11 | s3-auth Change struct nt_user_token -> struct security_token | Andrew Bartlett | 3 | -20/+17 | |
This common structure is defined in security.idl Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org> | |||||
2010-09-11 | s3-auth Change type of num_sids to uint32_t | Andrew Bartlett | 2 | -4/+4 | |
size_t is overkill here, and in struct security_token in the num_sids is uint32_t. This includes a change to the prototype of add_sid_to_array() and add_sid_to_array_unique(), which has had a number of consequnetial changes as I try to sort out all the callers using a pointer to the number of sids. Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org> | |||||
2010-09-11 | s3-privs Only store low bits of luid in privileges table | Andrew Bartlett | 1 | -1/+1 | |
Samba only uses the low bits, and this makes the code simpler. Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org> | |||||
2010-09-11 | privs Add my Copyright | Andrew Bartlett | 1 | -0/+1 | |
Signed-off-by: Andrew Tridgell <tridge@samba.org> | |||||
2010-09-11 | s3-privs Further changes to remove SE_PRIV | Andrew Bartlett | 3 | -33/+31 | |
Signed-off-by: Andrew Tridgell <tridge@samba.org> | |||||
2010-09-11 | privs Move privilege bitmasks to security.idl | Andrew Bartlett | 1 | -19/+1 | |
Signed-off-by: Andrew Tridgell <tridge@samba.org> | |||||
2010-09-11 | s3:privileges Change SE_PRIV to be just a uint64_t | Andrew Bartlett | 1 | -22/+17 | |
We don't need 128 possible privileges here, as we only use 12. This reverts some of 46e5effea948931509283cb84b27007d34b521c8 by Jerry back in 2005, where he introduced the SE_PRIV structure to replace the uint32_t used at the time. Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org> | |||||
2010-09-10 | s3-spoolss: Don't leak memory on the session counter list. | Andreas Schneider | 1 | -0/+1 | |
Thanks Günther, please check. | |||||
2010-09-10 | s3-spoolss: Move Printer_entry to srv_spoolss_nt.c | Simo Sorce | 1 | -40/+0 | |
It is used only there, and it is a good idea to make this one private and opaque to the rest of the code. Signed-off-by: Andreas Schneider <asn@samba.org> | |||||
2010-09-09 | s3-printing: Make auth_serversupplied_info const. | Andreas Schneider | 2 | -15/+15 | |
2010-09-09 | s3-msdfs: Make auth_serversupplied_info const. | Andreas Schneider | 1 | -1/+1 | |
2010-09-09 | s3-rpcint: Make auth_serversupplied_info const. | Andreas Schneider | 1 | -2/+2 | |
2010-09-09 | s3-auth: Added get_server_info_system function. | Andreas Schneider | 1 | -0/+1 | |
2010-09-08 | s3/ldap: use monotonic clock for timeouts in smbldap | Björn Jacke | 1 | -3/+3 | |
tevent would need monotonic clock features to make also smbldap's idle handling aware of backward clock jumps. Other areas in smbldap are clock jump save now. | |||||
2010-09-07 | s3/libads: use monotonic clock for ldap connection timeouts | Björn Jacke | 1 | -1/+1 | |
2010-09-04 | s3:rpc_server: make it possible to use rpcint_binding_handle() directly | Stefan Metzmacher | 2 | -3/+6 | |
metze | |||||
2010-09-02 | s3-param: added lp_set_cmdline() and --option= parameter | Andrew Tridgell | 2 | -0/+3 | |
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org> | |||||
2010-08-31 | s3-auth: remove global include of krb5pac.h. | Günther Deschner | 1 | -1/+1 | |
Guenther | |||||
2010-08-31 | s3: messaging_ctdbd_connection() was only called with procid_self() | Volker Lendecke | 1 | -1/+1 | |
Eventually we'll get this right... | |||||
2010-08-31 | s3: Make ctdbd_init_connection static | Volker Lendecke | 1 | -2/+0 | |
2010-08-31 | s3: add TspecDiff macro | Björn Jacke | 1 | -0/+9 | |
2010-08-31 | s3: we have clock_gettime everywhere, remove ifdefs | Björn Jacke | 1 | -13/+0 | |
2010-08-31 | s3-auth Rename NT_USER_TOKEN privileges -> privilege_mask | Andrew Bartlett | 1 | -1/+1 | |
This is closer to the struct security_token from security.idl Andrew Bartlett | |||||
2010-08-31 | s3-auth Rename NT_USER_TOKEN user_sids -> sids | Andrew Bartlett | 1 | -1/+1 | |
This is closer to the struct security_token from security.idl | |||||
2010-08-30 | s3-auth: add helper to get server_info out of kerberos info | Simo Sorce | 1 | -0/+8 | |
Signed-off-by: Günther Deschner <gd@samba.org> | |||||
2010-08-30 | s3-auth: Add helper function to retrieve the unix user from a kerberos ticket | Simo Sorce | 1 | -1/+14 | |
Signed-off-by: Günther Deschner <gd@samba.org> | |||||
2010-08-29 | s3: Remove smbd_server_fd() | Volker Lendecke | 1 | -1/+0 | |
This breaks the perfcol_onefs() build. Tim, Steve, this use of smbd_server_fd is replacable by calls into substitute.c. I don't have a onefs environment around to build a fix, so I've decided to insert an #error, making it not compile. The fix should be pretty obvious, you can get the socket data via "%I" and "%i" substitutions. | |||||
2010-08-29 | s3: Set the client_id in substitute.c once | Volker Lendecke | 1 | -0/+2 | |
This never changes during a client connection's life, so we can set it once. | |||||
2010-08-28 | s3: Remove the dependency of g_lock on procid_self | Volker Lendecke | 1 | -1/+1 | |
procid_self() references global vars, don't depend on them unnecessarily | |||||
2010-08-28 | s3: Lift smbd_server_fd() from pass_check() | Volker Lendecke | 1 | -1/+4 | |
2010-08-28 | s3: Fix smb_pam_passcheck | Volker Lendecke | 1 | -2/+2 | |
2010-08-27 | s3: Lift smbd_server_fd() from smb_pam_passcheck | Volker Lendecke | 1 | -1/+2 | |
2010-08-27 | s3: Pass rhost through to smb_pam_passchange | Volker Lendecke | 1 | -1/+2 | |
2010-08-26 | s3-proto: remove obsolete prototypes. | Günther Deschner | 1 | -14/+0 | |
Guenther | |||||
2010-08-26 | s3-build: only include rpc_misc.h where needed. | Günther Deschner | 2 | -3/+0 | |
Guenther | |||||
2010-08-26 | s3-build: use talloc_dict.h only where needed. | Günther Deschner | 1 | -1/+0 | |
Guenther |