summaryrefslogtreecommitdiff
path: root/source3/lib/util_sid.c
AgeCommit message (Collapse)AuthorFilesLines
2007-10-10r11230: Remove the '//' i was using to test something...oopsJim McDonough1-1/+1
(This used to be commit cda5a81bbe52308a81a79eb0354aea63027a9701)
2007-10-10r11229: an even bigger speedup spotted by Volker. string_to_sid() is now ↵Jim McDonough1-2/+2
taking 1/5th the time it used to. Replace strcasecmp with invididual char checks for "S-" sid prefix. (This used to be commit de3d0094b78cb20da7ed958e8d3a428583694309)
2007-10-10r11228: Speed up string_to_sid by removing next_token calls, thus eliminatingJim McDonough1-34/+27
the need for allocating memory to duplicate the string. (This used to be commit e5cc94f13ff2dacb219c8a56fa13853d620ecda6)
2007-10-10r11137: Compile with only 2 warnings (I'm still working on that code) on a gcc4Jeremy Allison1-6/+5
x86_64 box. Jeremy. (This used to be commit d720867a788c735e56d53d63265255830ec21208)
2007-10-10r7415: * big change -- volker's new async winbindd from trunkGerald Carter1-1/+7
(This used to be commit a0ac9a8ffd4af31a0ebc423b4acbb2f043d865b8)
2007-10-10r6263: Get rid of generate_wellknown_sids, they are const static and ↵Volker Lendecke1-88/+53
initializable statically. Volker (This used to be commit 3493d9f383567d286e69c0e60c0708ed400a04d9)
2007-10-10r6080: Port some of the non-critical changes from HEAD to 3_0. The main one ↵Volker Lendecke1-4/+23
is the change in pdb_enum_alias_memberships to match samr.idl a bit closer. Volker (This used to be commit 3a6786516957d9f67af6d53a3167c88aa272972f)
2007-10-10r4724: Add support for Windows privileges in Samba 3.0Gerald Carter1-0/+64
(based on Simo's code in trunk). Rewritten with the following changes: * privilege set is based on a 32-bit mask instead of strings (plans are to extend this to a 64 or 128-bit mask before the next 3.0.11preX release). * Remove the privilege code from the passdb API (replication to come later) * Only support the minimum amount of privileges that make sense. * Rewrite the domain join checks to use the SeMachineAccountPrivilege instead of the 'is a member of "Domain Admins"?' check that started all this. Still todo: * Utilize the SePrintOperatorPrivilege in addition to the 'printer admin' parameter * Utilize the SeAddUserPrivilege for adding users and groups * Fix some of the hard coded _lsa_*() calls * Start work on enough of SAM replication to get privileges from one Samba DC to another. * Come up with some management tool for manipultaing privileges instead of user manager since it is buggy when run on a 2k client (haven't tried xp). Works ok on NT4. (This used to be commit 77c10ff9aa6414a31eece6dfec00793f190a9d6c)
2007-10-10r4088: Get medieval on our ass about malloc.... :-). Take control of all our ↵Jeremy Allison1-3/+3
allocation functions so we can funnel through some well known functions. Should help greatly with malloc checking. HEAD patch to follow. Jeremy. (This used to be commit 620f2e608f70ba92f032720c031283d295c5c06a)
2007-10-10r316: Fix split_domain_name. This defaulted to get_myname() instead ofVolker Lendecke1-8/+14
get_global_sam_name(). Error case: Adding a domain user to a XP local group did a lsalookupname on the user without domain prefix, and this then failed. Jerry: This is a must-fix before 3.0.3. Volker (This used to be commit f35e353454b6825da1de138a3f0d8106787e938b)
2007-10-10r196: merging struct uuid from trunkGerald Carter1-17/+0
(This used to be commit 911a28361b9d8dd50597627f245ebfb57c6294fb)
2007-10-10r91: Fix lsalookupnames. Previously we'd fail if we didn't find the name, butJim McDonough1-0/+7
we never checked if it was a domain user and didn't find a local one. (This used to be commit 68022f5ebc55d1f3403dee5198d364cff300baf5)
2003-10-06split some security related functions in their own files.Simo Sorce1-1/+1
(no need to include all of smbd files to use some basic sec functions) also minor compile fixes couldn't compile to test these due to some kerberos problems wirh 3.0, but on HEAD they're working well, so I suppose it's ok to commit (This used to be commit c78f2d0bd15ecd2ba643bb141cc35a3405787aa1)
2003-08-15get rid of compiler warningsHerb Lewis1-1/+1
(This used to be commit ae25e7746e87409aae554d390753c7a3e3717052)
2003-05-09When checking if a SID is in a domain, make sure that indeed the user RID isAndrew Bartlett1-0/+3
one element longer than the domain sid. Andrew Bartlett (This used to be commit c61e5e38776d2de53d120b592a6685158e79ebb8)
2003-04-23Merge HEAD's winbind into 3.0.Andrew Bartlett1-0/+18
This includes the 'SIDs Rule' patch, mimir's trusted domains cacheing code, the winbind_idmap abstraction (not idmap proper, but the stuff that held up the winbind LDAP backend in HEAD). Andrew Bartlett (This used to be commit d4d5e6c2ee6383c6cceb5d449aa2ba6c83eb0666)
2003-04-14Merge of new sid type (SID_NAME_COMPUTER) and tidyup.Tim Potter1-1/+2
(This used to be commit c91cf2b38df9f51dd6cb46f0742e1c57bb36b508)
2003-01-03Merge from HEAD - make Samba compile with -Wwrite-strings without additionalAndrew Bartlett1-3/+4
warnings. (Adds a lot of const). Andrew Bartlett (This used to be commit 3a7458f9472432ef12c43008414925fd1ce8ea0c)
2002-11-12Removed global_myworkgroup, global_myname, global_myscope. Added liberalJeremy Allison1-7/+5
dashes of const. This is a rather large check-in, some things may break. It does compile though :-). Jeremy. (This used to be commit f755711df8f74f9b8e8c1a2b0d07d02a931eeb89)
2002-10-23First cut of new ACL mapping code from Andreas Gruenbacher <agruen@suse.de>.Jeremy Allison1-92/+108
This is not 100% the same as what SuSE shipped in their Samba, there is a crash bug fix, a race condition fix, and a few logic changes I'd like to discuss with Andreas. Added Andreas to (C) notices for posix_acls.c Jeremy. (This used to be commit 40eafb9dde113af9f7f1808fda22908953f7e8c3)
2002-10-18Start to merge the new ACL mapping code from Andreas Gruenbacher ↵Jeremy Allison1-51/+97
<agruen@suse.de>. Jeremy. (This used to be commit 597c4610090d711fd30c1ffacc97212cf399a264)
2002-10-01syncing up with HEAD. Seems to be a lot of differences creeping inGerald Carter1-4/+27
(i ignored the new SAMBA stuff, but the rest of this looks like it should have been merged already). (This used to be commit 3de09e5cf1f667e410ee8b9516a956860ce7290f)
2002-09-25sync'ing up for 3.0alpha20 releaseGerald Carter1-2/+22
(This used to be commit 65e7b5273bb58802bf0c389b77f7fcae0a1f6139)
2002-08-17sync 3.0 branch with headJelmer Vernooij1-0/+3
(This used to be commit 3928578b52cfc949be5e0ef444fce1558d75f290)
2002-07-15updated the 3.0 branch from the head branch - ready for alpha18Andrew Tridgell1-270/+74
(This used to be commit 03ac082dcb375b6f3ca3d810a6a6367542bc23ce)
2002-03-13Add "Creator Group" - was in 2.2.x and I'm syncing up the two.Jeremy Allison1-0/+2
Jeremy. (This used to be commit bcf38961a7786c5cf1eb7568b87c19712c3ea9cc)
2002-03-10add a note about the meaning of global_sam_sidAndrew Tridgell1-0/+3
(This used to be commit 3db97530b62ac12d334d0244ea52db8750cebf2e)
2002-01-31this fixes the problem of not being able to add a SD to a file on aAndrew Tridgell1-2/+0
non-domain Samba server from a NT4 client. Note that this exactly reverses a change by Jeremy on the 18th of December 2001, reverting the code back to what JF originally wrote. I have looked carefully with a sniffer and JFs original NULL sid is correct (ie. it matches what NT4 does) and also fixes the problem. Sending a blank sid (which is what jeremy's patch did) causes NT4 to give a classic "parameter is incorrect error" and prevents the addition of new ACLs. (This used to be commit 9930cf97330dd93985c5558cec6b24406e90c228)
2002-01-30Removed version number from file header.Tim Potter1-2/+1
Changed "SMB/Netbios" to "SMB/CIFS" in file header. (This used to be commit 6a58c9bd06d0d7502a24bf5ce5a2faf0a146edfa)
2001-12-30freeing the wrong pointer, sorry my mistake.Simo Sorce1-5/+5
(This used to be commit ce7e89949ae1755f9faa008784a5b1a9b137945e)
2001-12-30util_sid.c - respect a const variabile (addedd strdup)Simo Sorce1-4/+12
cli_reg.c - indentation pdb_ldap.c - some checks on init fns parameters pdb_tdb.c - some checks on init fns parameters + make sure we close the db on failure (This used to be commit 49f5cb7a3df6d673f86e6769319aa657e30d8380)
2001-12-19fixed sid_compare_domain()Andrew Tridgell1-3/+29
(This used to be commit c11c27b2812ceb06a52afbb7662f82a8676b1707)
2001-12-18Fixup JF's weird SID return :-).Jeremy Allison1-2/+4
Jeremy (This used to be commit 7b8fb8d85c406b8755f60cf14dc2377bc59eda53)
2001-12-10make sid_binstring available without HAVE_ADSAndrew Tridgell1-0/+17
(This used to be commit 4a6d29768665f71b72cf48ee34ee9a9c451232f6)
2001-12-04added a boolean to the group mapping functions to specify if we need orJean-François Micouleau1-1/+48
not the privileges. Usually we don't need them, so the memory is free early. lib/util_sid.c: added some helper functions to check an SID. passdb/passdb.c: renamed local_lookup_rid() to local_lookup_sid() and pass an RID all the way. If the group doesn't exist on the domain SID, don't return a faked one as it can collide with a builtin one. Some rpc structures have been badly designed, they return only rids and force the client to do subsequent lsa_lookup_sid() on the domain sid and the builtin sid ! rpc_server/srv_util.c: wrote a new version of get_domain_user_groups(). Only the samr code uses it atm. It uses the group mapping code instead of a bloody hard coded crap. The netlogon code will use it too, but I have to do some test first. J.F. (This used to be commit 6c87e96149101995b7d049657d5c26eefef37d8c)
2001-12-03put sid_to_name behind the winbindd backend interfaceAndrew Tridgell1-12/+26
I spent quite a while trying to work out how to make this call via ldap and failed. I then found that MS servers seem use rpc for sid_to_name, and it works even when in native mode, I ended up just implementing it via rpc (This used to be commit 789833b44e342c0b5de463ed8f9b5f7474a99f27)
2001-12-03added a basic ADS backend to winbind. More work needed, but atAndrew Tridgell1-1/+17
least basic operations work (This used to be commit 88241cab983b2c7db7d477c6c4654694a7a56cd3)
2001-11-05Removed totally annoying verbose debug in sid_to_string()Tim Potter1-2/+0
(This used to be commit 4f21ddb8737d3f72a84465d3384351ccd2b07d15)
2001-10-02Removed 'extern int DEBUGLEVEL' as it is now in the smb.h header.Tim Potter1-2/+0
(This used to be commit 2d0922b0eabfdc0aaf1d0797482fef47ed7fde8e)
2001-09-22Ignore unmappable (NT Authority, BUILTIN etc.) SIDs in an ACL set.Jeremy Allison1-0/+24
Jeremy. (This used to be commit bc7963bd643422cce081b6284e3bdd49ae3a02ab)
2001-07-04strchr and strrchr are macros when compiling with optimisation in gcc, so we ↵Andrew Tridgell1-2/+2
can't redefine them. damn. (This used to be commit c41fc06376d1a2b83690612304e85010b5e5f3cf)
2001-05-10Added sid_peek_rid() function to return the rid of a sid. Saves muckingTim Potter1-0/+13
around with copying a sid to a temporary variable and using sid_split_rid(). (This used to be commit 9ee43d61be1284b72fd04054c44545847c73120f)
2001-05-03Merging Gerald's PDC SAM name fix.Jeremy Allison1-13/+76
Jeremy. (This used to be commit d31799850440c6c2267a4edb217d447df75aab5a)
2001-02-23- fixed the sort_acl bug, sorting now works rightAndrew Tridgell1-9/+20
- don't allow setting of duplicate ACEs - fixed a ACE delete bug (This used to be commit 61293979ce2aded58a5ef2a54b3b05d1d278f7cf)
2001-01-15Changes from APPLIANCE_HEAD:David O'Neill1-4/+9
source/rpc_parse/parse_lsa.c - off by one unistr length bug in init_lsa_trans_name() source/lib/util_sid.c - resolve more BUILTIN sid values to names. source/nsswitch/wb_client.c - fix typo in debug message - set errno on error so we don't get bogus value from last failure. source/rpc_server/srv_spoolss_nt.c - add debug to track number of open printer handles for ease of tracking handle leaks in the future. source/rpc_server/srv_lsa.c - fix off-by-one string bug. This was preventing NT from displaying names for well-know SIDs in printer permissions dialog. (This used to be commit 59229b9025cff54cbdd05e374616ffbf9c6fee33)
2000-12-12Removed the special casing of SIDs in se_access_check. This is now done ↵Jeremy Allison1-10/+43
(correctly) when the NT_USER_TOKEN is *created*. Jeremy. (This used to be commit 27d72ed1cf8ece2bede812341279ba5a7262ace4)
2000-10-04Adding Herb's compile warning fixes to HEAD.Jeremy Allison1-3/+7
Jeremy. (This used to be commit d131ad1ce3f6e72e295f865a463f8dcbfa6f8d42)
2000-09-28Removed annoying unecessary debug message.Tim Potter1-1/+0
(This used to be commit b1a893b74114ee4ab6a295ac0cb0e8fdccda3f53)
2000-08-23Added code to do SID to uid/gid conversion. Needed for ACL support.Jeremy Allison1-2/+2
Jeremy. (This used to be commit 81c5380f91839b6416c8a42739dadf00e7388528)
2000-08-03Added an NT_USER_TOKEN structure that is copied/passed around associatedJeremy Allison1-3/+5
with the current user. This will allow se_access_check() to quickly do a SD check without having to translate uid/gid's to SIDs. Still needs work on pipe calls. Jeremy. (This used to be commit e28d01b744b3dbd33e0e54af4e7f426fa8c082b8)
generated by cgit (git 2.34.1) at 2024-07-21 00:03:17 +0000