summaryrefslogtreecommitdiff
path: root/source3/lib/util_sid.c
AgeCommit message (Collapse)AuthorFilesLines
2010-09-14s3-util_sid Use the NDR parser to parse struct dom_sidAndrew Bartlett1-14/+8
The manual parser failed to constrain the maximum number of sub-authorities to 15, allowing an overflow of the array. Andrew Bartlett
2010-09-14libcli/security Merge source3/ string_to_sid() to common codeAndrew Bartlett1-106/+0
The source3 code repsects the limit of a maximum of 15 subauths, while the source4 code does not, creating a security issue as we parse string-form SIDs from clients. Andrew Bartlett
2010-09-14s3-util_sid use ARRAY_SIZE() to ensure we never overflow the dom_sidAndrew Bartlett1-1/+1
This ensures that this, unlike the MAXSUBAUTHS macro, can't get out of sync with the structure. Andrew Bartlett
2010-09-14s3-util_sid Accept S-1-5 as a SIDAndrew Bartlett1-2/+10
2010-09-14s3-dom_sid Use C99 types in dom_sid handlingAndrew Bartlett1-7/+7
Andrew Bartlett
2010-09-11s3-util_sid Tidy up global struct security_tokenAndrew Bartlett1-12/+6
This no longer needs to be global, and should be const. We now also init it with the C99 style initialisers. Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-09-11s3:auth Remove NT_USER_TOKENAndrew Bartlett1-4/+4
The all UPPER case typedef is no longer the preferred Samba style and this makes it easier to see that this is the IDL-derivied structure Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-09-11s3-auth Change type of num_sids to uint32_tAndrew Bartlett1-4/+4
size_t is overkill here, and in struct security_token in the num_sids is uint32_t. This includes a change to the prototype of add_sid_to_array() and add_sid_to_array_unique(), which has had a number of consequnetial changes as I try to sort out all the callers using a pointer to the number of sids. Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-08-31s3-auth Rename NT_USER_TOKEN user_sids -> sidsAndrew Bartlett1-1/+1
This is closer to the struct security_token from security.idl
2010-08-06s3-netlogon: remove global include of netlogon.h.Günther Deschner1-0/+1
This reduces precompiled headers by another 4 MB and also slightly speeds up the build. Guenther
2010-06-21s3:fix an outdated comment.Michael Adam1-5/+2
2010-06-03s3: remove unused librpc/ndr/sid.c.Günther Deschner1-0/+1
Guenther
2010-05-31s3-build: only use ndr_security.h where needed.Günther Deschner1-0/+1
Guenther
2010-05-28s3:lib s3:lib move get_global_sam_name to util_names.cAndrew Bartlett1-13/+0
This doesn't really belong in util_sid.c, and has much more in common with the other functions in util_names.c Andrew Bartlett Signed-off-by: Stefan Metzmacher <metze@samba.org>
2010-05-21s3:dom_sid Global replace of DOM_SID with struct dom_sidAndrew Bartlett1-64/+64
This matches the structure that new code is being written to, and removes one more of the old-style named structures, and the need to know that is is just an alias for struct dom_sid. Andrew Bartlett Signed-off-by: Günther Deschner <gd@samba.org>
2010-05-18s3: Remove use of iconv_convenience.Jelmer Vernooij1-3/+3
2010-04-10s3: Use IS_DC macro in get_global_sam_name()Volker Lendecke1-1/+1
Much as I dislike macros, this one is there. So why not use it...
2010-02-20s3: Make string_to_sid survive the LOCAL-string_to_sid testVolker Lendecke1-13/+40
2010-01-25Revert "s3: Make string_to_sid a wrapper around dom_sid_parse"Volker Lendecke1-7/+50
This reverts commit dff03b61fd5d923562711b38cc7dbe996dc07283.
2010-01-23s3: Make string_to_sid a wrapper around dom_sid_parseVolker Lendecke1-50/+7
2010-01-23s3: Remove string_sid_tallocVolker Lendecke1-13/+0
All but one call were pointless, so I think this API should go
2010-01-23s3: Fix some nonempty blank linesVolker Lendecke1-11/+11
2010-01-02s3: Adapt sid_dup_talloc to README.CodingVolker Lendecke1-8/+9
2009-11-03s3: Remove debug_ctx()Volker Lendecke1-1/+1
smbd just crashed on me: In a debug message I called a routine preparing a string that itself used debug_ctx. The outer routine also used it after the inner routine had returned. It was still referencing the talloc context that the outer debug_ctx() had given us, which the inner DEBUG had already freed.
2009-05-28Make sid_binstring & friends take a talloc contextVolker Lendecke1-7/+9
2009-01-01Add iconv_convenience argument to size functions.Jelmer Vernooij1-3/+3
2008-10-21Cope with MAXIMUM_ALLOWED_ACCESS requests when opening handles.Jeremy Allison1-0/+11
Jeremy.
2008-08-15I think the problem with these functions is that lookup_usergroupsHerb Lewis1-17/+17
should never include the user SID. The comment for the function in winbindd/winbindd_ads.c says /* Lookup groups a user is a member of. */ The following patch makes the wbinfo calls return the correct data before and after a login. wbinfo --user-domgroups and --user-sids (This used to be commit 7849938906a9c859805cbaeca66fae9d3c515aad)
2008-04-04Use sid_array_from_info3 in lookup_usergroups_cached().Günther Deschner1-1/+8
Guenther (This used to be commit 65b4cb20ea3fb806cfd50281e08f32bea70fafce)
2008-02-17Use netr_SamInfo3 in sid_array_from_info3.Günther Deschner1-15/+15
Guenther (This used to be commit 06095e8c705fc292323fa8d0110ae3aaeccab949)
2008-01-09Convert add_sid_to_array() add_sid_to_array_unique() to return NTSTATUS.Michael Adam1-28/+42
Michael (This used to be commit 6b2b9a60ef857ec31da5fea631535205fbdede4a)
2007-12-29Remove tiny code duplicationVolker Lendecke1-15/+3
sid_size did the same as ndr_size_dom_sid (This used to be commit 8aec5d09ba023413bd8ecbdfbc7d23904df94389)
2007-12-15s/sid_to_string/sid_to_fstring/Volker Lendecke1-1/+1
least surprise for callers (This used to be commit eb523ba77697346a365589101aac379febecd546)
2007-12-15Use dom_sid_string for sid_string_tallocVolker Lendecke1-29/+12
Remove some code duplication, but introduce one more dependency on librpc/ndr. Easily turned around so that librpc/ndr depends on lib/util_sid if necessary (This used to be commit 3a0b1b2060facd5f1ac1461b23dd86c75cdd9458)
2007-12-15sid_string_static is no more :-)Volker Lendecke1-11/+8
We now have four ways to do sid_to_string: sid_to_string: Convert it into an existing fstring, when you have one sid_string_talloc: The obvious thing sid_string_tos: For the lazy, use only with care sid_string_dbg: The one to use in DEBUG statements (This used to be commit 7b8276aaa48852270c6b70b081c3f28e316a7a2c)
2007-12-15Replace sid_string_static by sid_string_dbg in DEBUGsVolker Lendecke1-1/+1
(This used to be commit bb35e794ec129805e874ceba882bcc1e84791a09)
2007-12-15Add sid_string_dbgVolker Lendecke1-0/+5
This makes use of the just added debug_ctx and will kill many sid_string_static() calls (This used to be commit 3e4148c280efe154c3f8d552731c8b29d6977507)
2007-12-15add sid_string_tallocVolker Lendecke1-2/+10
(This used to be commit 9e3ef0923d71cc06b8445be2625ebd8dfed1b42d)
2007-10-18RIP BOOL. Convert BOOL -> bool. I found a few interestingJeremy Allison1-15/+15
bugs in various places whilst doing this (places that assumed BOOL == int). I also need to fix the Samba4 pidl generation (next checkin). Jeremy. (This used to be commit f35a266b3cbb3e5fa6a86be60f34fe340a3ca71f)
2007-10-10r25575: Document S-1-5-12 (restriced code sid).Günther Deschner1-1/+7
Guenther (This used to be commit 109b09edef4bcad06c3b850edf7db74419c3ad78)
2007-10-10r25040: Add "net sam rights"Volker Lendecke1-0/+7
Not strictly in the SAM, but close enough. This command acts directly on the local tdb, no running smbd required This also changes the root-only check to a warning (This used to be commit 0c5657b5eff60e3c52de8fbb4ce9346d0341854c)
2007-10-10r23928: Merge all "copy-info3-groups-to-sid-array" blocks to a ↵Günther Deschner1-0/+65
sid_array_from_info3() function. Guenther (This used to be commit 1e1e480115e37b3f4c85f979ddd800b8de0b9c57)
2007-10-10r23784: use the GPLv3 boilerplate as recommended by the FSF and the license textAndrew Tridgell1-2/+1
(This used to be commit b0132e94fc5fef936aa766fb99a306b3628e9f07)
2007-10-10r23779: Change from v2 or later to v3 or later.Jeremy Allison1-1/+1
Jeremy. (This used to be commit 407e6e695b8366369b7c76af1ff76869b45347b3)
2007-10-10r22611: Fix from Jens Nissen <jens.nissen@gmx.net>. Fix badJeremy Allison1-3/+0
memory leak I introduced into acl code, also remove redundent extra check for global_sid_System : global_sid_System == S-1-5-18 which is already included in the check for a domain of global_sid_NT_Authority == S-1-5 Jeremy. (This used to be commit 10649540ac11e679997f414d4a6b12d057bd7913)
2007-10-10r22481: Move check for non-mappable SIDs to after sid_to_uid,Jeremy Allison1-0/+3
sid_to_gid mapping, add LocalSystem to non-mappable list. Jeremy. (This used to be commit 805f01464f3feb30725dbce1f90d4296380dd796)
2007-10-10r20090: Fix a class of bugs found by James Peach. EnsureJeremy Allison1-16/+15
we never mix malloc and talloc'ed contexts in the add_XX_to_array() and add_XX_to_array_unique() calls. Ensure that these calls always return False on out of memory, True otherwise and always check them. Ensure that the relevent parts of the conn struct and the nt_user_tokens are TALLOC_DESTROYED not SAFE_FREE'd. James - this should fix your crash bug in both branches. Jeremy. (This used to be commit 0ffca7559e07500bd09a64b775e230d448ce5c24)
2007-10-10r18271: Big change:Gerald Carter1-2/+2
* autogenerate lsa ndr code * rename 'enum SID_NAME_USE' to 'enum lsa_SidType' * merge a log more security descriptor functions from gen_ndr/ndr_security.c in SAMBA_4_0 The most embarassing thing is the "#define strlen_m strlen" We need a real implementation in SAMBA_3_0 which I'll work on after this code is in. (This used to be commit 3da9f80c28b1e75ef6d46d38fbb81ade6b9fa951)
2007-10-10r17316: More C++ warnings -- 456 leftVolker Lendecke1-2/+2
(This used to be commit 1e4ee728df7eeafc1b4d533240acb032f73b4f5c)
2007-10-10r16350: Fix the build.Günther Deschner1-0/+19
GUenther (This used to be commit 3203ce3b49e6f21ed690e9d7393e98419de54c27)