summaryrefslogtreecommitdiff
path: root/source3/lib/util_sid.c
AgeCommit message (Collapse)AuthorFilesLines
2002-11-12Removed global_myworkgroup, global_myname, global_myscope. Added liberalJeremy Allison1-7/+5
dashes of const. This is a rather large check-in, some things may break. It does compile though :-). Jeremy. (This used to be commit 82b8f749a36b42e22186297482aad2abb04fab8a)
2002-10-23First cut of new ACL mapping code from Andreas Gruenbacher <agruen@suse.de>.Jeremy Allison1-92/+108
This is not 100% the same as what SuSE shipped in their Samba, there is a crash bug fix, a race condition fix, and a few logic changes I'd like to discuss with Andreas. Added Andreas to (C) notices for posix_acls.c Jeremy. (This used to be commit a81d700ae9c82d4b7ea631ab7862162a2ed3d512)
2002-10-18Start to merge the new ACL mapping code from Andreas Gruenbacher ↵Jeremy Allison1-38/+68
<agruen@suse.de>. Jeremy. (This used to be commit f6103f866a5e698ab55fdab1444a14e3d8da16bb)
2002-10-06try to put every security descriptors related definitions in the same file.Simo Sorce1-12/+28
also try to uniform names to a clean scheme. first part. (This used to be commit a123e05877caf90c28980be2d84b1d0b46e4fd21)
2002-09-30Fix the compile issue in bin/samtest, and make the 'system' token just have theAndrew Bartlett1-5/+2
System sid. This avoids comparing with ACEs that we don't yet support in the ADS Domain security descriptor. (This used to be commit ace7738e123b28f69c290f9f1de50011d230e14b)
2002-09-29Remove sam/api.c.Andrew Bartlett1-0/+26
In order to reduce complexity, this patch removes the upper layer of the SAM API. Also, we remove the function pointers on the sam context - there really is no point making these replaceable - that's for the modules. Move a number of functions in include/interface.c around to allow for use of 'static' and to keep the external API in one chunk, at the bottem. All these functions were renamed to remove the context_sam -> sam Consequential changes in the samtest module, and back out metze's change for ACB filtering, becouse I think it belongs in the SAM backeds. (But I will take debate on this one). Changes to the lib/util_sid.c code to create a 'system' token, and make it a SAM_ASSERT() enforced requirement to have a token on those calls that specify it. samtest now uses this. We should have a samtest call to set your own token. We also need to extend our se_access code to cover the things that Win2k is returning in it's access tokens. Currently our system token doesn't pass, due to unexpected flags. (When running sam_ads against Win2k) Andrew Bartlett (This used to be commit b9036900d0bb227ec16c6a5792c18ef943dcf015)
2002-09-28Add const.Andrew Bartlett1-4/+4
(This used to be commit 0f5d18626bebaa0621ee703ea2cc8bf47e14ea3e)
2002-09-25Merge of "profile acls" code.Jeremy Allison1-2/+7
Jeremy. (This used to be commit cfd1bf250b417f3ba3ad21ff681ab282311bb7eb)
2002-08-19added a generic print_guid utility, and get the byte order handingAndrew Tridgell1-0/+15
right (This used to be commit ec2c17c56f06e122868b2a55bc7c292106ad3911)
2002-07-31make sure we zero the unusued elements in a SID when parsingAndrew Tridgell1-0/+3
(This used to be commit aa5beb63f1b1133c4ad28118ddd33e21198d79bb)
2002-07-13make this a ZERO_STRUCTP for consitancy with the rest of Samba.Andrew Bartlett1-1/+1
(This used to be commit 587a3d91b7226f4e96c4320322f62c6490a3c6ac)
2002-07-08(this should have been part of the previous commit)Andrew Bartlett1-1/+37
Add a function to display 'sid types' as strings - makes rpcclient outptut and DEBUG() logs much eaiser to understand. Move the enum for SID types to smb.h, becouse is really isn't LSA specific any more. Andrew Bartlett (This used to be commit fc9739861104df4ddc93efab3275275307e4fbb9)
2002-07-01used findstatic.pl to make some variables static and remove some deadAndrew Tridgell1-23/+5
code (This used to be commit 91ad9041e9507d36eb3f40c23c5d4df61f139ef0)
2002-06-14Patch from ctrlsoft to make the pluggable passdb subsystem use an lp_listAndrew Bartlett1-2/+2
rather than a string when configuring mulitple backends. Also adjust some of the users of get_global_sam_sid() to cope with the fact that it just might not exist (uninitialised, can't access secrets.tdb). More places need conversion. Add some const and remove silly casts. Andrew Bartlett (This used to be commit c264bf2ec93037d2a9927c00295fa60c88b7219d)
2002-06-14Add const, kill of useless casts and therefore eliminate warnings.Andrew Bartlett1-3/+3
Andrew Bartlett (This used to be commit 29490f214750acd44cee6c4ab1354722d82d853a)
2002-06-13Latest patch from metze <metze@metzemix.de> to move most of samba acrossAndrew Bartlett1-4/+27
to using SIDs instead of RIDs. The new funciton sid_peek_check_rid() takes an 'expected domain sid' argument. The idea here is to prevent mistakes where the SID is implict, but isn't the same one that we have in the struct. Andrew Bartlett (This used to be commit 04f9a8ff4c7982f6597c0f6748f85d66d4784901)
2002-06-07Globally replace 'global_sam_sid' with get_global_sam_sid(), a selfAndrew Bartlett1-4/+0
initialising function. This patch thanks to the work of "Stefan (metze) Metzmacher" <metze@metzemix.de> This is partly to enable the transition to SIDs in the the passdb. Andrew Bartlett (This used to be commit 96afea638e15d4cbadc57023a511094a770c6adc)
2002-06-07Move the code from lib/util_sid.c that deals with the global_sam_sid intoAndrew Bartlett1-241/+1
a file that is linked with the passdb. This is to avoid linking insanity when this global becomes a self-initing function. (This used to be commit 743afd96cb54b4966e3afad11ea987f968b98651)
2002-04-13Better handling of uid/gid -> RID and RID -> uid/gid code.Andrew Bartlett1-5/+12
All uids and gids must create valid RIDs, becouse other code expects this, and can't handle the failure case. (ACL code in particular) Allow admins to adjust the base of the RID algorithm, so avoid clashes with users brought in from NT (for example). Put all the algorithm code back in one place, so that this change is global. Better coping with NULL sid pointers - but it still breaks a lot of stuff. BONUS: manpage entry for new paramater :-) counter based rids for normal users in tdbsam is disabled for the timebeing, idra and I will work out some things here soon I hope. Andrew Bartlett (This used to be commit 5275c94cdf0c64f347d4282f47088d084b1a7ea5)
2002-03-13Add "Creator Group" - was in 2.2.x and I'm syncing up the two.Jeremy Allison1-0/+2
Jeremy. (This used to be commit bcf38961a7786c5cf1eb7568b87c19712c3ea9cc)
2002-03-10add a note about the meaning of global_sam_sidAndrew Tridgell1-0/+3
(This used to be commit 3db97530b62ac12d334d0244ea52db8750cebf2e)
2002-01-31this fixes the problem of not being able to add a SD to a file on aAndrew Tridgell1-2/+0
non-domain Samba server from a NT4 client. Note that this exactly reverses a change by Jeremy on the 18th of December 2001, reverting the code back to what JF originally wrote. I have looked carefully with a sniffer and JFs original NULL sid is correct (ie. it matches what NT4 does) and also fixes the problem. Sending a blank sid (which is what jeremy's patch did) causes NT4 to give a classic "parameter is incorrect error" and prevents the addition of new ACLs. (This used to be commit 9930cf97330dd93985c5558cec6b24406e90c228)
2002-01-30Removed version number from file header.Tim Potter1-2/+1
Changed "SMB/Netbios" to "SMB/CIFS" in file header. (This used to be commit 6a58c9bd06d0d7502a24bf5ce5a2faf0a146edfa)
2001-12-30freeing the wrong pointer, sorry my mistake.Simo Sorce1-5/+5
(This used to be commit ce7e89949ae1755f9faa008784a5b1a9b137945e)
2001-12-30util_sid.c - respect a const variabile (addedd strdup)Simo Sorce1-4/+12
cli_reg.c - indentation pdb_ldap.c - some checks on init fns parameters pdb_tdb.c - some checks on init fns parameters + make sure we close the db on failure (This used to be commit 49f5cb7a3df6d673f86e6769319aa657e30d8380)
2001-12-19fixed sid_compare_domain()Andrew Tridgell1-3/+29
(This used to be commit c11c27b2812ceb06a52afbb7662f82a8676b1707)
2001-12-18Fixup JF's weird SID return :-).Jeremy Allison1-2/+4
Jeremy (This used to be commit 7b8fb8d85c406b8755f60cf14dc2377bc59eda53)
2001-12-10make sid_binstring available without HAVE_ADSAndrew Tridgell1-0/+17
(This used to be commit 4a6d29768665f71b72cf48ee34ee9a9c451232f6)
2001-12-04added a boolean to the group mapping functions to specify if we need orJean-François Micouleau1-1/+48
not the privileges. Usually we don't need them, so the memory is free early. lib/util_sid.c: added some helper functions to check an SID. passdb/passdb.c: renamed local_lookup_rid() to local_lookup_sid() and pass an RID all the way. If the group doesn't exist on the domain SID, don't return a faked one as it can collide with a builtin one. Some rpc structures have been badly designed, they return only rids and force the client to do subsequent lsa_lookup_sid() on the domain sid and the builtin sid ! rpc_server/srv_util.c: wrote a new version of get_domain_user_groups(). Only the samr code uses it atm. It uses the group mapping code instead of a bloody hard coded crap. The netlogon code will use it too, but I have to do some test first. J.F. (This used to be commit 6c87e96149101995b7d049657d5c26eefef37d8c)
2001-12-03put sid_to_name behind the winbindd backend interfaceAndrew Tridgell1-12/+26
I spent quite a while trying to work out how to make this call via ldap and failed. I then found that MS servers seem use rpc for sid_to_name, and it works even when in native mode, I ended up just implementing it via rpc (This used to be commit 789833b44e342c0b5de463ed8f9b5f7474a99f27)
2001-12-03added a basic ADS backend to winbind. More work needed, but atAndrew Tridgell1-1/+17
least basic operations work (This used to be commit 88241cab983b2c7db7d477c6c4654694a7a56cd3)
2001-11-05Removed totally annoying verbose debug in sid_to_string()Tim Potter1-2/+0
(This used to be commit 4f21ddb8737d3f72a84465d3384351ccd2b07d15)
2001-10-02Removed 'extern int DEBUGLEVEL' as it is now in the smb.h header.Tim Potter1-2/+0
(This used to be commit 2d0922b0eabfdc0aaf1d0797482fef47ed7fde8e)
2001-09-22Ignore unmappable (NT Authority, BUILTIN etc.) SIDs in an ACL set.Jeremy Allison1-0/+24
Jeremy. (This used to be commit bc7963bd643422cce081b6284e3bdd49ae3a02ab)
2001-07-04strchr and strrchr are macros when compiling with optimisation in gcc, so we ↵Andrew Tridgell1-2/+2
can't redefine them. damn. (This used to be commit c41fc06376d1a2b83690612304e85010b5e5f3cf)
2001-05-10Added sid_peek_rid() function to return the rid of a sid. Saves muckingTim Potter1-0/+13
around with copying a sid to a temporary variable and using sid_split_rid(). (This used to be commit 9ee43d61be1284b72fd04054c44545847c73120f)
2001-05-03Merging Gerald's PDC SAM name fix.Jeremy Allison1-13/+76
Jeremy. (This used to be commit d31799850440c6c2267a4edb217d447df75aab5a)
2001-02-23- fixed the sort_acl bug, sorting now works rightAndrew Tridgell1-9/+20
- don't allow setting of duplicate ACEs - fixed a ACE delete bug (This used to be commit 61293979ce2aded58a5ef2a54b3b05d1d278f7cf)
2001-01-15Changes from APPLIANCE_HEAD:David O'Neill1-4/+9
source/rpc_parse/parse_lsa.c - off by one unistr length bug in init_lsa_trans_name() source/lib/util_sid.c - resolve more BUILTIN sid values to names. source/nsswitch/wb_client.c - fix typo in debug message - set errno on error so we don't get bogus value from last failure. source/rpc_server/srv_spoolss_nt.c - add debug to track number of open printer handles for ease of tracking handle leaks in the future. source/rpc_server/srv_lsa.c - fix off-by-one string bug. This was preventing NT from displaying names for well-know SIDs in printer permissions dialog. (This used to be commit 59229b9025cff54cbdd05e374616ffbf9c6fee33)
2000-12-12Removed the special casing of SIDs in se_access_check. This is now done ↵Jeremy Allison1-10/+43
(correctly) when the NT_USER_TOKEN is *created*. Jeremy. (This used to be commit 27d72ed1cf8ece2bede812341279ba5a7262ace4)
2000-10-04Adding Herb's compile warning fixes to HEAD.Jeremy Allison1-3/+7
Jeremy. (This used to be commit d131ad1ce3f6e72e295f865a463f8dcbfa6f8d42)
2000-09-28Removed annoying unecessary debug message.Tim Potter1-1/+0
(This used to be commit b1a893b74114ee4ab6a295ac0cb0e8fdccda3f53)
2000-08-23Added code to do SID to uid/gid conversion. Needed for ACL support.Jeremy Allison1-2/+2
Jeremy. (This used to be commit 81c5380f91839b6416c8a42739dadf00e7388528)
2000-08-03Added an NT_USER_TOKEN structure that is copied/passed around associatedJeremy Allison1-3/+5
with the current user. This will allow se_access_check() to quickly do a SD check without having to translate uid/gid's to SIDs. Still needs work on pipe calls. Jeremy. (This used to be commit e28d01b744b3dbd33e0e54af4e7f426fa8c082b8)
2000-07-25if the sids are not the same pointer and either of the sids are NULLAndrew Tridgell1-0/+3
then the two sids are not equal (This used to be commit 9ccf3b1dc5baf0e00d032d8b932ab0fb5b1e11b1)
2000-07-06Added global_sid_NULL S-1-0-0 to list of global sids.Tim Potter1-0/+2
(This used to be commit f49905e74c6e3891b5816b136fd1d0d77c392e2f)
2000-06-24lib/util_sid.c: Uninitialized memory read.Jeremy Allison1-0/+2
rpc_parse/parse_spoolss.c: Added note about prs_align when marshalling a SEC_DESC... rpc_server/srv_lsa.c: Tim - your changes broke the display of the 'everyone' group when doing file access with no winbindd running. This is a partial fix - more when I have analysed this more. rpc_server/srv_spoolss_nt.c: Fix for the 'change driver' problem ! Hurrah ! Jeremy. (This used to be commit 151b131ee01ef916c072bcdaa9943a2e984a0f45)
2000-06-08added se_access_check.Luke Leighton1-0/+2
(This used to be commit 6de329f6bf9c26e132869cf43d4976d4881e285c)
2000-05-29Fixed LsaQueryInformationPolicy level 3 to return primary domain info.Matthew Chapman1-9/+12
Domain SID is saved in secrets.tdb upon joining domain. Added "Authenticated Users" and "SYSTEM" well-known SIDs (under NT Authority). (This used to be commit 7710b4f48d3e8532df5e37f99a779758f750efdb)
2000-05-27fixed nttrans.cLuke Leighton1-1/+1
(This used to be commit 06cd46b0ec10b32af54edd8256d2fdbec45e1371)