summaryrefslogtreecommitdiff
path: root/source3/lib/util_sid.c
AgeCommit message (Collapse)AuthorFilesLines
2009-01-01Add iconv_convenience argument to size functions.Jelmer Vernooij1-3/+3
2008-10-21Cope with MAXIMUM_ALLOWED_ACCESS requests when opening handles.Jeremy Allison1-0/+11
Jeremy.
2008-08-15I think the problem with these functions is that lookup_usergroupsHerb Lewis1-17/+17
should never include the user SID. The comment for the function in winbindd/winbindd_ads.c says /* Lookup groups a user is a member of. */ The following patch makes the wbinfo calls return the correct data before and after a login. wbinfo --user-domgroups and --user-sids (This used to be commit 7849938906a9c859805cbaeca66fae9d3c515aad)
2008-04-04Use sid_array_from_info3 in lookup_usergroups_cached().Günther Deschner1-1/+8
Guenther (This used to be commit 65b4cb20ea3fb806cfd50281e08f32bea70fafce)
2008-02-17Use netr_SamInfo3 in sid_array_from_info3.Günther Deschner1-15/+15
Guenther (This used to be commit 06095e8c705fc292323fa8d0110ae3aaeccab949)
2008-01-09Convert add_sid_to_array() add_sid_to_array_unique() to return NTSTATUS.Michael Adam1-28/+42
Michael (This used to be commit 6b2b9a60ef857ec31da5fea631535205fbdede4a)
2007-12-29Remove tiny code duplicationVolker Lendecke1-15/+3
sid_size did the same as ndr_size_dom_sid (This used to be commit 8aec5d09ba023413bd8ecbdfbc7d23904df94389)
2007-12-15s/sid_to_string/sid_to_fstring/Volker Lendecke1-1/+1
least surprise for callers (This used to be commit eb523ba77697346a365589101aac379febecd546)
2007-12-15Use dom_sid_string for sid_string_tallocVolker Lendecke1-29/+12
Remove some code duplication, but introduce one more dependency on librpc/ndr. Easily turned around so that librpc/ndr depends on lib/util_sid if necessary (This used to be commit 3a0b1b2060facd5f1ac1461b23dd86c75cdd9458)
2007-12-15sid_string_static is no more :-)Volker Lendecke1-11/+8
We now have four ways to do sid_to_string: sid_to_string: Convert it into an existing fstring, when you have one sid_string_talloc: The obvious thing sid_string_tos: For the lazy, use only with care sid_string_dbg: The one to use in DEBUG statements (This used to be commit 7b8276aaa48852270c6b70b081c3f28e316a7a2c)
2007-12-15Replace sid_string_static by sid_string_dbg in DEBUGsVolker Lendecke1-1/+1
(This used to be commit bb35e794ec129805e874ceba882bcc1e84791a09)
2007-12-15Add sid_string_dbgVolker Lendecke1-0/+5
This makes use of the just added debug_ctx and will kill many sid_string_static() calls (This used to be commit 3e4148c280efe154c3f8d552731c8b29d6977507)
2007-12-15add sid_string_tallocVolker Lendecke1-2/+10
(This used to be commit 9e3ef0923d71cc06b8445be2625ebd8dfed1b42d)
2007-10-18RIP BOOL. Convert BOOL -> bool. I found a few interestingJeremy Allison1-15/+15
bugs in various places whilst doing this (places that assumed BOOL == int). I also need to fix the Samba4 pidl generation (next checkin). Jeremy. (This used to be commit f35a266b3cbb3e5fa6a86be60f34fe340a3ca71f)
2007-10-10r25575: Document S-1-5-12 (restriced code sid).Günther Deschner1-1/+7
Guenther (This used to be commit 109b09edef4bcad06c3b850edf7db74419c3ad78)
2007-10-10r25040: Add "net sam rights"Volker Lendecke1-0/+7
Not strictly in the SAM, but close enough. This command acts directly on the local tdb, no running smbd required This also changes the root-only check to a warning (This used to be commit 0c5657b5eff60e3c52de8fbb4ce9346d0341854c)
2007-10-10r23928: Merge all "copy-info3-groups-to-sid-array" blocks to a ↵Günther Deschner1-0/+65
sid_array_from_info3() function. Guenther (This used to be commit 1e1e480115e37b3f4c85f979ddd800b8de0b9c57)
2007-10-10r23784: use the GPLv3 boilerplate as recommended by the FSF and the license textAndrew Tridgell1-2/+1
(This used to be commit b0132e94fc5fef936aa766fb99a306b3628e9f07)
2007-10-10r23779: Change from v2 or later to v3 or later.Jeremy Allison1-1/+1
Jeremy. (This used to be commit 407e6e695b8366369b7c76af1ff76869b45347b3)
2007-10-10r22611: Fix from Jens Nissen <jens.nissen@gmx.net>. Fix badJeremy Allison1-3/+0
memory leak I introduced into acl code, also remove redundent extra check for global_sid_System : global_sid_System == S-1-5-18 which is already included in the check for a domain of global_sid_NT_Authority == S-1-5 Jeremy. (This used to be commit 10649540ac11e679997f414d4a6b12d057bd7913)
2007-10-10r22481: Move check for non-mappable SIDs to after sid_to_uid,Jeremy Allison1-0/+3
sid_to_gid mapping, add LocalSystem to non-mappable list. Jeremy. (This used to be commit 805f01464f3feb30725dbce1f90d4296380dd796)
2007-10-10r20090: Fix a class of bugs found by James Peach. EnsureJeremy Allison1-16/+15
we never mix malloc and talloc'ed contexts in the add_XX_to_array() and add_XX_to_array_unique() calls. Ensure that these calls always return False on out of memory, True otherwise and always check them. Ensure that the relevent parts of the conn struct and the nt_user_tokens are TALLOC_DESTROYED not SAFE_FREE'd. James - this should fix your crash bug in both branches. Jeremy. (This used to be commit 0ffca7559e07500bd09a64b775e230d448ce5c24)
2007-10-10r18271: Big change:Gerald Carter1-2/+2
* autogenerate lsa ndr code * rename 'enum SID_NAME_USE' to 'enum lsa_SidType' * merge a log more security descriptor functions from gen_ndr/ndr_security.c in SAMBA_4_0 The most embarassing thing is the "#define strlen_m strlen" We need a real implementation in SAMBA_3_0 which I'll work on after this code is in. (This used to be commit 3da9f80c28b1e75ef6d46d38fbb81ade6b9fa951)
2007-10-10r17316: More C++ warnings -- 456 leftVolker Lendecke1-2/+2
(This used to be commit 1e4ee728df7eeafc1b4d533240acb032f73b4f5c)
2007-10-10r16350: Fix the build.Günther Deschner1-0/+19
GUenther (This used to be commit 3203ce3b49e6f21ed690e9d7393e98419de54c27)
2007-10-10r15305: Let winbind search by sid directly (or in windows terms: "bind to aGünther Deschner1-0/+18
sid"); works in all AD versions I tested. Also add "net ads sid" search tool. Guenther (This used to be commit 5557ada6943b817d28a5471c613c7291febe2ad5)
2007-10-10r15251: Adding PreWin2kAccess builtin sid.Günther Deschner1-0/+2
Guenther (This used to be commit 4330d1b74cba14501c2864105b2fae53ccf9475f)
2007-10-10r13915: Fixed a very interesting class of realloc() bugs found by Coverity.Jeremy Allison1-3/+5
realloc can return NULL in one of two cases - (1) the realloc failed, (2) realloc succeeded but the new size requested was zero, in which case this is identical to a free() call. The error paths dealing with these two cases should be different, but mostly weren't. Secondly the standard idiom for dealing with realloc when you know the new size is non-zero is the following : tmp = realloc(p, size); if (!tmp) { SAFE_FREE(p); return error; } else { p = tmp; } However, there were *many* *many* places in Samba where we were using the old (broken) idiom of : p = realloc(p, size) if (!p) { return error; } which will leak the memory pointed to by p on realloc fail. This commit (hopefully) fixes all these cases by moving to a standard idiom of : p = SMB_REALLOC(p, size) if (!p) { return error; } Where if the realloc returns null due to the realloc failing or size == 0 we *guarentee* that the storage pointed to by p has been freed. This allows me to remove a lot of code that was dealing with the standard (more verbose) method that required a tmp pointer. This is almost always what you want. When a realloc fails you never usually want the old memory, you want to free it and get into your error processing asap. For the 11 remaining cases where we really do need to keep the old pointer I have invented the new macro SMB_REALLOC_KEEP_OLD_ON_ERROR, which can be used as follows : tmp = SMB_REALLOC_KEEP_OLD_ON_ERROR(p, size); if (!tmp) { SAFE_FREE(p); return error; } else { p = tmp; } SMB_REALLOC_KEEP_OLD_ON_ERROR guarentees never to free the pointer p, even on size == 0 or realloc fail. All this is done by a hidden extra argument to Realloc(), BOOL free_old_on_error which is set appropriately by the SMB_REALLOC and SMB_REALLOC_KEEP_OLD_ON_ERROR macros (and their array counterparts). It remains to be seen what this will do to our Coverity bug count :-). Jeremy. (This used to be commit 1d710d06a214f3f1740e80e0bffd6aab44aac2b0)
2007-10-10r13316: Let the carnage begin....Gerald Carter1-0/+5
Sync with trunk as off r13315 (This used to be commit 17e63ac4ed8325c0d44fe62b2442449f3298559f)
2007-10-10r13024: Add is_null_sid.Günther Deschner1-0/+6
GUenther (This used to be commit 3a6e41a0cb2872a656ea79c8d4fc4b8bce436492)
2007-10-10r12387: Make string_to_sid a little more silent.Jeremy Allison1-2/+2
Jeremy. (This used to be commit 7ccff8071abf2bd85f4022abace1f96c7f7f0d29)
2007-10-10r12169: Remove an unused functionVolker Lendecke1-35/+0
(This used to be commit 209e4f8793fe9375fc6af1aedb5bd1fe57193bbc)
2007-10-10r12051: Merge across the lookup_name and lookup_sid work. Lets see how the ↵Volker Lendecke1-42/+3
build farm reacts :-) Volker (This used to be commit 9f99d04a54588cd9d1a1ab163ebb304437f932f7)
2007-10-10r11230: Remove the '//' i was using to test something...oopsJim McDonough1-1/+1
(This used to be commit cda5a81bbe52308a81a79eb0354aea63027a9701)
2007-10-10r11229: an even bigger speedup spotted by Volker. string_to_sid() is now ↵Jim McDonough1-2/+2
taking 1/5th the time it used to. Replace strcasecmp with invididual char checks for "S-" sid prefix. (This used to be commit de3d0094b78cb20da7ed958e8d3a428583694309)
2007-10-10r11228: Speed up string_to_sid by removing next_token calls, thus eliminatingJim McDonough1-34/+27
the need for allocating memory to duplicate the string. (This used to be commit e5cc94f13ff2dacb219c8a56fa13853d620ecda6)
2007-10-10r11137: Compile with only 2 warnings (I'm still working on that code) on a gcc4Jeremy Allison1-6/+5
x86_64 box. Jeremy. (This used to be commit d720867a788c735e56d53d63265255830ec21208)
2007-10-10r7415: * big change -- volker's new async winbindd from trunkGerald Carter1-1/+7
(This used to be commit a0ac9a8ffd4af31a0ebc423b4acbb2f043d865b8)
2007-10-10r6263: Get rid of generate_wellknown_sids, they are const static and ↵Volker Lendecke1-88/+53
initializable statically. Volker (This used to be commit 3493d9f383567d286e69c0e60c0708ed400a04d9)
2007-10-10r6080: Port some of the non-critical changes from HEAD to 3_0. The main one ↵Volker Lendecke1-4/+23
is the change in pdb_enum_alias_memberships to match samr.idl a bit closer. Volker (This used to be commit 3a6786516957d9f67af6d53a3167c88aa272972f)
2007-10-10r4724: Add support for Windows privileges in Samba 3.0Gerald Carter1-0/+64
(based on Simo's code in trunk). Rewritten with the following changes: * privilege set is based on a 32-bit mask instead of strings (plans are to extend this to a 64 or 128-bit mask before the next 3.0.11preX release). * Remove the privilege code from the passdb API (replication to come later) * Only support the minimum amount of privileges that make sense. * Rewrite the domain join checks to use the SeMachineAccountPrivilege instead of the 'is a member of "Domain Admins"?' check that started all this. Still todo: * Utilize the SePrintOperatorPrivilege in addition to the 'printer admin' parameter * Utilize the SeAddUserPrivilege for adding users and groups * Fix some of the hard coded _lsa_*() calls * Start work on enough of SAM replication to get privileges from one Samba DC to another. * Come up with some management tool for manipultaing privileges instead of user manager since it is buggy when run on a 2k client (haven't tried xp). Works ok on NT4. (This used to be commit 77c10ff9aa6414a31eece6dfec00793f190a9d6c)
2007-10-10r4088: Get medieval on our ass about malloc.... :-). Take control of all our ↵Jeremy Allison1-3/+3
allocation functions so we can funnel through some well known functions. Should help greatly with malloc checking. HEAD patch to follow. Jeremy. (This used to be commit 620f2e608f70ba92f032720c031283d295c5c06a)
2007-10-10r316: Fix split_domain_name. This defaulted to get_myname() instead ofVolker Lendecke1-8/+14
get_global_sam_name(). Error case: Adding a domain user to a XP local group did a lsalookupname on the user without domain prefix, and this then failed. Jerry: This is a must-fix before 3.0.3. Volker (This used to be commit f35e353454b6825da1de138a3f0d8106787e938b)
2007-10-10r196: merging struct uuid from trunkGerald Carter1-17/+0
(This used to be commit 911a28361b9d8dd50597627f245ebfb57c6294fb)
2007-10-10r91: Fix lsalookupnames. Previously we'd fail if we didn't find the name, butJim McDonough1-0/+7
we never checked if it was a domain user and didn't find a local one. (This used to be commit 68022f5ebc55d1f3403dee5198d364cff300baf5)
2003-10-06split some security related functions in their own files.Simo Sorce1-1/+1
(no need to include all of smbd files to use some basic sec functions) also minor compile fixes couldn't compile to test these due to some kerberos problems wirh 3.0, but on HEAD they're working well, so I suppose it's ok to commit (This used to be commit c78f2d0bd15ecd2ba643bb141cc35a3405787aa1)
2003-08-15get rid of compiler warningsHerb Lewis1-1/+1
(This used to be commit ae25e7746e87409aae554d390753c7a3e3717052)
2003-05-09When checking if a SID is in a domain, make sure that indeed the user RID isAndrew Bartlett1-0/+3
one element longer than the domain sid. Andrew Bartlett (This used to be commit c61e5e38776d2de53d120b592a6685158e79ebb8)
2003-04-23Merge HEAD's winbind into 3.0.Andrew Bartlett1-0/+18
This includes the 'SIDs Rule' patch, mimir's trusted domains cacheing code, the winbind_idmap abstraction (not idmap proper, but the stuff that held up the winbind LDAP backend in HEAD). Andrew Bartlett (This used to be commit d4d5e6c2ee6383c6cceb5d449aa2ba6c83eb0666)
2003-04-14Merge of new sid type (SID_NAME_COMPUTER) and tidyup.Tim Potter1-1/+2
(This used to be commit c91cf2b38df9f51dd6cb46f0742e1c57bb36b508)