Age | Commit message (Collapse) | Author | Files | Lines |
|
The manual parser failed to constrain the maximum number of
sub-authorities to 15, allowing an overflow of the array.
Andrew Bartlett
|
|
The source3 code repsects the limit of a maximum of 15 subauths,
while the source4 code does not, creating a security issue as
we parse string-form SIDs from clients.
Andrew Bartlett
|
|
This ensures that this, unlike the MAXSUBAUTHS macro, can't get
out of sync with the structure.
Andrew Bartlett
|
|
|
|
Andrew Bartlett
|
|
This no longer needs to be global, and should be const. We now also
init it with the C99 style initialisers.
Andrew Bartlett
Signed-off-by: Andrew Tridgell <tridge@samba.org>
|
|
The all UPPER case typedef is no longer the preferred Samba style
and this makes it easier to see that this is the IDL-derivied structure
Andrew Bartlett
Signed-off-by: Andrew Tridgell <tridge@samba.org>
|
|
size_t is overkill here, and in struct security_token in the num_sids
is uint32_t.
This includes a change to the prototype of add_sid_to_array()
and add_sid_to_array_unique(), which has had a number of
consequnetial changes as I try to sort out all the callers using
a pointer to the number of sids.
Andrew Bartlett
Signed-off-by: Andrew Tridgell <tridge@samba.org>
|
|
This is closer to the struct security_token from security.idl
|
|
This reduces precompiled headers by another 4 MB and also slightly speeds up the
build.
Guenther
|
|
|
|
Guenther
|
|
Guenther
|
|
This doesn't really belong in util_sid.c, and has much more in common
with the other functions in util_names.c
Andrew Bartlett
Signed-off-by: Stefan Metzmacher <metze@samba.org>
|
|
This matches the structure that new code is being written to,
and removes one more of the old-style named structures, and
the need to know that is is just an alias for struct dom_sid.
Andrew Bartlett
Signed-off-by: Günther Deschner <gd@samba.org>
|
|
|
|
Much as I dislike macros, this one is there. So why not use it...
|
|
|
|
This reverts commit dff03b61fd5d923562711b38cc7dbe996dc07283.
|
|
|
|
All but one call were pointless, so I think this API should go
|
|
|
|
|
|
smbd just crashed on me: In a debug message I called a routine preparing a
string that itself used debug_ctx. The outer routine also used it after the
inner routine had returned. It was still referencing the talloc context
that the outer debug_ctx() had given us, which the inner DEBUG had already
freed.
|
|
|
|
|
|
Jeremy.
|
|
should never include the user SID.
The comment for the function in winbindd/winbindd_ads.c says
/* Lookup groups a user is a member of. */
The following patch makes the wbinfo calls return the correct data
before and after a login.
wbinfo --user-domgroups and --user-sids
(This used to be commit 7849938906a9c859805cbaeca66fae9d3c515aad)
|
|
Guenther
(This used to be commit 65b4cb20ea3fb806cfd50281e08f32bea70fafce)
|
|
Guenther
(This used to be commit 06095e8c705fc292323fa8d0110ae3aaeccab949)
|
|
Michael
(This used to be commit 6b2b9a60ef857ec31da5fea631535205fbdede4a)
|
|
sid_size did the same as ndr_size_dom_sid
(This used to be commit 8aec5d09ba023413bd8ecbdfbc7d23904df94389)
|
|
least surprise for callers
(This used to be commit eb523ba77697346a365589101aac379febecd546)
|
|
Remove some code duplication, but introduce one more dependency on librpc/ndr.
Easily turned around so that librpc/ndr depends on lib/util_sid if necessary
(This used to be commit 3a0b1b2060facd5f1ac1461b23dd86c75cdd9458)
|
|
We now have four ways to do sid_to_string:
sid_to_string: Convert it into an existing fstring, when you have one
sid_string_talloc: The obvious thing
sid_string_tos: For the lazy, use only with care
sid_string_dbg: The one to use in DEBUG statements
(This used to be commit 7b8276aaa48852270c6b70b081c3f28e316a7a2c)
|
|
(This used to be commit bb35e794ec129805e874ceba882bcc1e84791a09)
|
|
This makes use of the just added debug_ctx and will kill many
sid_string_static() calls
(This used to be commit 3e4148c280efe154c3f8d552731c8b29d6977507)
|
|
(This used to be commit 9e3ef0923d71cc06b8445be2625ebd8dfed1b42d)
|
|
bugs in various places whilst doing this (places that assumed
BOOL == int). I also need to fix the Samba4 pidl generation
(next checkin).
Jeremy.
(This used to be commit f35a266b3cbb3e5fa6a86be60f34fe340a3ca71f)
|
|
Guenther
(This used to be commit 109b09edef4bcad06c3b850edf7db74419c3ad78)
|
|
Not strictly in the SAM, but close enough. This command acts directly on
the local tdb, no running smbd required
This also changes the root-only check to a warning
(This used to be commit 0c5657b5eff60e3c52de8fbb4ce9346d0341854c)
|
|
sid_array_from_info3()
function.
Guenther
(This used to be commit 1e1e480115e37b3f4c85f979ddd800b8de0b9c57)
|
|
(This used to be commit b0132e94fc5fef936aa766fb99a306b3628e9f07)
|
|
Jeremy.
(This used to be commit 407e6e695b8366369b7c76af1ff76869b45347b3)
|
|
memory leak I introduced into acl code, also remove
redundent extra check for global_sid_System :
global_sid_System == S-1-5-18 which is already
included in the check for a domain of
global_sid_NT_Authority == S-1-5
Jeremy.
(This used to be commit 10649540ac11e679997f414d4a6b12d057bd7913)
|
|
sid_to_gid mapping, add LocalSystem to non-mappable
list.
Jeremy.
(This used to be commit 805f01464f3feb30725dbce1f90d4296380dd796)
|
|
we never mix malloc and talloc'ed contexts in the
add_XX_to_array() and add_XX_to_array_unique()
calls. Ensure that these calls always return
False on out of memory, True otherwise and always
check them. Ensure that the relevent parts of
the conn struct and the nt_user_tokens are
TALLOC_DESTROYED not SAFE_FREE'd.
James - this should fix your crash bug in both
branches.
Jeremy.
(This used to be commit 0ffca7559e07500bd09a64b775e230d448ce5c24)
|
|
* autogenerate lsa ndr code
* rename 'enum SID_NAME_USE' to 'enum lsa_SidType'
* merge a log more security descriptor functions from
gen_ndr/ndr_security.c in SAMBA_4_0
The most embarassing thing is the "#define strlen_m strlen"
We need a real implementation in SAMBA_3_0 which I'll work on
after this code is in.
(This used to be commit 3da9f80c28b1e75ef6d46d38fbb81ade6b9fa951)
|
|
(This used to be commit 1e4ee728df7eeafc1b4d533240acb032f73b4f5c)
|
|
GUenther
(This used to be commit 3203ce3b49e6f21ed690e9d7393e98419de54c27)
|