summaryrefslogtreecommitdiff
path: root/source3/lib/util_sid.c
AgeCommit message (Collapse)AuthorFilesLines
2002-01-31this fixes the problem of not being able to add a SD to a file on aAndrew Tridgell1-2/+0
non-domain Samba server from a NT4 client. Note that this exactly reverses a change by Jeremy on the 18th of December 2001, reverting the code back to what JF originally wrote. I have looked carefully with a sniffer and JFs original NULL sid is correct (ie. it matches what NT4 does) and also fixes the problem. Sending a blank sid (which is what jeremy's patch did) causes NT4 to give a classic "parameter is incorrect error" and prevents the addition of new ACLs. (This used to be commit 9930cf97330dd93985c5558cec6b24406e90c228)
2002-01-30Removed version number from file header.Tim Potter1-2/+1
Changed "SMB/Netbios" to "SMB/CIFS" in file header. (This used to be commit 6a58c9bd06d0d7502a24bf5ce5a2faf0a146edfa)
2001-12-30freeing the wrong pointer, sorry my mistake.Simo Sorce1-5/+5
(This used to be commit ce7e89949ae1755f9faa008784a5b1a9b137945e)
2001-12-30util_sid.c - respect a const variabile (addedd strdup)Simo Sorce1-4/+12
cli_reg.c - indentation pdb_ldap.c - some checks on init fns parameters pdb_tdb.c - some checks on init fns parameters + make sure we close the db on failure (This used to be commit 49f5cb7a3df6d673f86e6769319aa657e30d8380)
2001-12-19fixed sid_compare_domain()Andrew Tridgell1-3/+29
(This used to be commit c11c27b2812ceb06a52afbb7662f82a8676b1707)
2001-12-18Fixup JF's weird SID return :-).Jeremy Allison1-2/+4
Jeremy (This used to be commit 7b8fb8d85c406b8755f60cf14dc2377bc59eda53)
2001-12-10make sid_binstring available without HAVE_ADSAndrew Tridgell1-0/+17
(This used to be commit 4a6d29768665f71b72cf48ee34ee9a9c451232f6)
2001-12-04added a boolean to the group mapping functions to specify if we need orJean-François Micouleau1-1/+48
not the privileges. Usually we don't need them, so the memory is free early. lib/util_sid.c: added some helper functions to check an SID. passdb/passdb.c: renamed local_lookup_rid() to local_lookup_sid() and pass an RID all the way. If the group doesn't exist on the domain SID, don't return a faked one as it can collide with a builtin one. Some rpc structures have been badly designed, they return only rids and force the client to do subsequent lsa_lookup_sid() on the domain sid and the builtin sid ! rpc_server/srv_util.c: wrote a new version of get_domain_user_groups(). Only the samr code uses it atm. It uses the group mapping code instead of a bloody hard coded crap. The netlogon code will use it too, but I have to do some test first. J.F. (This used to be commit 6c87e96149101995b7d049657d5c26eefef37d8c)
2001-12-03put sid_to_name behind the winbindd backend interfaceAndrew Tridgell1-12/+26
I spent quite a while trying to work out how to make this call via ldap and failed. I then found that MS servers seem use rpc for sid_to_name, and it works even when in native mode, I ended up just implementing it via rpc (This used to be commit 789833b44e342c0b5de463ed8f9b5f7474a99f27)
2001-12-03added a basic ADS backend to winbind. More work needed, but atAndrew Tridgell1-1/+17
least basic operations work (This used to be commit 88241cab983b2c7db7d477c6c4654694a7a56cd3)
2001-11-05Removed totally annoying verbose debug in sid_to_string()Tim Potter1-2/+0
(This used to be commit 4f21ddb8737d3f72a84465d3384351ccd2b07d15)
2001-10-02Removed 'extern int DEBUGLEVEL' as it is now in the smb.h header.Tim Potter1-2/+0
(This used to be commit 2d0922b0eabfdc0aaf1d0797482fef47ed7fde8e)
2001-09-22Ignore unmappable (NT Authority, BUILTIN etc.) SIDs in an ACL set.Jeremy Allison1-0/+24
Jeremy. (This used to be commit bc7963bd643422cce081b6284e3bdd49ae3a02ab)
2001-07-04strchr and strrchr are macros when compiling with optimisation in gcc, so we ↵Andrew Tridgell1-2/+2
can't redefine them. damn. (This used to be commit c41fc06376d1a2b83690612304e85010b5e5f3cf)
2001-05-10Added sid_peek_rid() function to return the rid of a sid. Saves muckingTim Potter1-0/+13
around with copying a sid to a temporary variable and using sid_split_rid(). (This used to be commit 9ee43d61be1284b72fd04054c44545847c73120f)
2001-05-03Merging Gerald's PDC SAM name fix.Jeremy Allison1-13/+76
Jeremy. (This used to be commit d31799850440c6c2267a4edb217d447df75aab5a)
2001-02-23- fixed the sort_acl bug, sorting now works rightAndrew Tridgell1-9/+20
- don't allow setting of duplicate ACEs - fixed a ACE delete bug (This used to be commit 61293979ce2aded58a5ef2a54b3b05d1d278f7cf)
2001-01-15Changes from APPLIANCE_HEAD:David O'Neill1-4/+9
source/rpc_parse/parse_lsa.c - off by one unistr length bug in init_lsa_trans_name() source/lib/util_sid.c - resolve more BUILTIN sid values to names. source/nsswitch/wb_client.c - fix typo in debug message - set errno on error so we don't get bogus value from last failure. source/rpc_server/srv_spoolss_nt.c - add debug to track number of open printer handles for ease of tracking handle leaks in the future. source/rpc_server/srv_lsa.c - fix off-by-one string bug. This was preventing NT from displaying names for well-know SIDs in printer permissions dialog. (This used to be commit 59229b9025cff54cbdd05e374616ffbf9c6fee33)
2000-12-12Removed the special casing of SIDs in se_access_check. This is now done ↵Jeremy Allison1-10/+43
(correctly) when the NT_USER_TOKEN is *created*. Jeremy. (This used to be commit 27d72ed1cf8ece2bede812341279ba5a7262ace4)
2000-10-04Adding Herb's compile warning fixes to HEAD.Jeremy Allison1-3/+7
Jeremy. (This used to be commit d131ad1ce3f6e72e295f865a463f8dcbfa6f8d42)
2000-09-28Removed annoying unecessary debug message.Tim Potter1-1/+0
(This used to be commit b1a893b74114ee4ab6a295ac0cb0e8fdccda3f53)
2000-08-23Added code to do SID to uid/gid conversion. Needed for ACL support.Jeremy Allison1-2/+2
Jeremy. (This used to be commit 81c5380f91839b6416c8a42739dadf00e7388528)
2000-08-03Added an NT_USER_TOKEN structure that is copied/passed around associatedJeremy Allison1-3/+5
with the current user. This will allow se_access_check() to quickly do a SD check without having to translate uid/gid's to SIDs. Still needs work on pipe calls. Jeremy. (This used to be commit e28d01b744b3dbd33e0e54af4e7f426fa8c082b8)
2000-07-25if the sids are not the same pointer and either of the sids are NULLAndrew Tridgell1-0/+3
then the two sids are not equal (This used to be commit 9ccf3b1dc5baf0e00d032d8b932ab0fb5b1e11b1)
2000-07-06Added global_sid_NULL S-1-0-0 to list of global sids.Tim Potter1-0/+2
(This used to be commit f49905e74c6e3891b5816b136fd1d0d77c392e2f)
2000-06-24lib/util_sid.c: Uninitialized memory read.Jeremy Allison1-0/+2
rpc_parse/parse_spoolss.c: Added note about prs_align when marshalling a SEC_DESC... rpc_server/srv_lsa.c: Tim - your changes broke the display of the 'everyone' group when doing file access with no winbindd running. This is a partial fix - more when I have analysed this more. rpc_server/srv_spoolss_nt.c: Fix for the 'change driver' problem ! Hurrah ! Jeremy. (This used to be commit 151b131ee01ef916c072bcdaa9943a2e984a0f45)
2000-06-08added se_access_check.Luke Leighton1-0/+2
(This used to be commit 6de329f6bf9c26e132869cf43d4976d4881e285c)
2000-05-29Fixed LsaQueryInformationPolicy level 3 to return primary domain info.Matthew Chapman1-9/+12
Domain SID is saved in secrets.tdb upon joining domain. Added "Authenticated Users" and "SYSTEM" well-known SIDs (under NT Authority). (This used to be commit 7710b4f48d3e8532df5e37f99a779758f750efdb)
2000-05-27fixed nttrans.cLuke Leighton1-1/+1
(This used to be commit 06cd46b0ec10b32af54edd8256d2fdbec45e1371)
2000-04-12Roll back to using static MACHINE.SID after consultation with Andrew. ThisJeremy Allison1-288/+0
code will be removed soon and a SID auto-generated from (probably) primary hostname and never stored in a file will replace it. Jeremy. (This used to be commit fbfe94a799cda7f728bc920d4f0655d4f537e3b6)
2000-01-03simple mods to add msrpc pipe redirection. default behaviour: fall backLuke Leighton1-1/+289
to using internal msrpc code in smbd. (This used to be commit 8976e26d46cb991710bc77463f7f928ac00dd4d8)
1999-12-13first pass at updating head branch to be to be the same as the SAMBA_2_0 branchAndrew Tridgell1-411/+297
(This used to be commit 453a822a76780063dff23526c35408866d0c0154)
1999-12-02default SID map now reads in "trusted domains" from smb.conf.Luke Leighton1-5/+2
(This used to be commit f0946d1ccafeb5f541935b41f2d54bcbc06797ed)
1999-11-20doing a code reshuffle. want to add code to establish trust relationships.Luke Leighton1-0/+296
(This used to be commit 3ec269b402ba6898d905ea1029c427e1b645faf4)
1999-11-01rewrote rpcclient enumaliases command.Luke Leighton1-1/+1
(This used to be commit 492fdaaf2009e7d7e840323357a333fdf9c4d2e1)
1999-10-25- typecast malloc / Realloc issues.Luke Leighton1-0/+20
- signed / unsigned issues. (This used to be commit c8fd555179314baf1672a23db34dc8ad9f2d02bf)
1999-08-03reverted jeremy's c++-like security descriptor modifications as theLuke Leighton1-20/+0
simplest method to get rpcclient's reggetsec command working. the buffers passed as arguments in do_reg_get_key_sec() do need to be locally allocated not dynamically allocated, as two calls to reg_get_key_sec() are needed. on the first, the server fills in the size of the security descriptor buffer needed. on the second, the server fills in the security descriptor buffer. (This used to be commit b2d9cbef6f65bb696df8d8f49aa0c240e0bb1f50)
1999-02-23added jeremy's new c++-like code for parsing of security descriptors.Luke Leighton1-0/+20
(This used to be commit ec1b7000fd88c5a08e438c7033f60e49b9ec44a8)
1998-12-02string_to_sid was using next_token() this is bad as it stops you fromLuke Leighton1-43/+44
being able to use next_token() outside of string_to_sid calls. use strchr instead (This used to be commit 1c478ca1723558cc5dde693b4abacb56bd98cd43)
1998-11-29weekend work. user / group database API.Luke Leighton1-6/+31
- split sam_passwd and smb_passwd into separate higher-order function tables - renamed struct smb_passwd's "smb_user" to "unix_user". added "nt_user" plus user_rid, and added a "wrap" function in both sam_passwd and smb_passwd password databases to fill in the blank entries that are not obtained from whatever password database API instance is being used. NOTE: whenever a struct smb_passwd or struct sam_passwd is used, it MUST be initialised with pwdb_sam_init() or pwd_smb_init(), see chgpasswd.c for the only example outside of the password database APIs i could find. - added query_useraliases code to rpcclient. - dealt with some nasty interdependencies involving non-smbd programs and the password database API. this is still not satisfactorily resolved completelely, but it's the best i can do for now. - #ifdef'd out some password database options so that people don't mistakenly set them unless they recompile to _use_ those options. lots of debugging done, it's still not finished. the unix/NT uid/gid and user-rid/group-rid issues are better, but not perfect. the "BUILTIN" domain is still missing: users cannot be added to "BUILTIN" groups yet, as we only have an "alias" db API and a "group" db API but not "builtin-alias" db API... (This used to be commit 5d5d7e4de7d1514ab87b07ede629de8aa00519a1)
1998-11-25Makefile.in: Added maintainer mode fixes.Jeremy Allison1-5/+5
aclocal.m4: Added AC_LIBTESTFUNC. configure.in: Fixed -lsecurity -lsec problems. client.c: dos_ fixes. groupdb/aliasunix.c: Dead code removal. include/includes.h: Added default PRINTCAP_NAME. lib/genrand.c: dos_ fixes. lib/replace.c: Added strtoul. lib/system.c: dos_ fixes. lib/util.c: dos_ fixes. lib/util_sid.c: Signed/unsigned fixes. lib/util_str.c: removed bad const. locking/locking_slow.c: dos_ fixes. printing/printing.c: dos_ fixes. rpc_server/srv_samr.c: Dead code removal. rpc_server/srv_sid.c: global_myworkgroup defined with wrong size AGAIN ! smbd/dir.c: dos_ fixes. smbd/open.c: dos_ fixes. smbd/oplock.c: dos_ fixes. smbd/reply.c smbd/server.c smbd/service.c smbd/uid.c: dos_ fixes. Jeremy. (This used to be commit 6acb4b68f68d516e2ac3c47e500f5600d653435e)
1998-11-24sorting out difference between aliases and groups in the cases whereLuke Leighton1-1/+4
unix groups are not explicitly mapped. i.e as a PDC or BDC you can have domain groups, as a member of a domain you cannot. as a member of a domain, unmapped unix groups are assumed to be aliases, and as a PDC or BDC, unmapped unix groups are assumed to be unix groups. there is _one_ other check needed with aliases to be added: unmapped unix groups that have the same name as an NT group on the PDC (for which i will need to write an LsaLookupNames call) should be assumed to be domain groups on the PDC. (This used to be commit 53b49b44e13a4ca9818ebc947372b1374831b568)
1998-11-23unix instance of group database APILuke Leighton1-2/+9
(This used to be commit e76f593b3572ac881f1aa1fb3326d8b7169b0078)
1998-11-12security descriptors.Luke Leighton1-0/+13
kanji const char* warnings. (This used to be commit 06abdfd68e1d7fa8741afc3f56ec7a13b5fa4ccc)
1998-11-05util_file.c:Luke Leighton1-0/+178
split some routines out of various places (e.g smbpass.c) because they now get used in more than one location. util_sid.c: need sid_copy, compare, split rid, append rid etc etc... (This used to be commit 71dfaa307ec954041c09ed157594a46503fb6db8)