summaryrefslogtreecommitdiff
path: root/source3/lib/util_sid.c
AgeCommit message (Collapse)AuthorFilesLines
2007-10-10r18271: Big change:Gerald Carter1-2/+2
* autogenerate lsa ndr code * rename 'enum SID_NAME_USE' to 'enum lsa_SidType' * merge a log more security descriptor functions from gen_ndr/ndr_security.c in SAMBA_4_0 The most embarassing thing is the "#define strlen_m strlen" We need a real implementation in SAMBA_3_0 which I'll work on after this code is in. (This used to be commit 3da9f80c28b1e75ef6d46d38fbb81ade6b9fa951)
2007-10-10r17316: More C++ warnings -- 456 leftVolker Lendecke1-2/+2
(This used to be commit 1e4ee728df7eeafc1b4d533240acb032f73b4f5c)
2007-10-10r16350: Fix the build.Günther Deschner1-0/+19
GUenther (This used to be commit 3203ce3b49e6f21ed690e9d7393e98419de54c27)
2007-10-10r15305: Let winbind search by sid directly (or in windows terms: "bind to aGünther Deschner1-0/+18
sid"); works in all AD versions I tested. Also add "net ads sid" search tool. Guenther (This used to be commit 5557ada6943b817d28a5471c613c7291febe2ad5)
2007-10-10r15251: Adding PreWin2kAccess builtin sid.Günther Deschner1-0/+2
Guenther (This used to be commit 4330d1b74cba14501c2864105b2fae53ccf9475f)
2007-10-10r13915: Fixed a very interesting class of realloc() bugs found by Coverity.Jeremy Allison1-3/+5
realloc can return NULL in one of two cases - (1) the realloc failed, (2) realloc succeeded but the new size requested was zero, in which case this is identical to a free() call. The error paths dealing with these two cases should be different, but mostly weren't. Secondly the standard idiom for dealing with realloc when you know the new size is non-zero is the following : tmp = realloc(p, size); if (!tmp) { SAFE_FREE(p); return error; } else { p = tmp; } However, there were *many* *many* places in Samba where we were using the old (broken) idiom of : p = realloc(p, size) if (!p) { return error; } which will leak the memory pointed to by p on realloc fail. This commit (hopefully) fixes all these cases by moving to a standard idiom of : p = SMB_REALLOC(p, size) if (!p) { return error; } Where if the realloc returns null due to the realloc failing or size == 0 we *guarentee* that the storage pointed to by p has been freed. This allows me to remove a lot of code that was dealing with the standard (more verbose) method that required a tmp pointer. This is almost always what you want. When a realloc fails you never usually want the old memory, you want to free it and get into your error processing asap. For the 11 remaining cases where we really do need to keep the old pointer I have invented the new macro SMB_REALLOC_KEEP_OLD_ON_ERROR, which can be used as follows : tmp = SMB_REALLOC_KEEP_OLD_ON_ERROR(p, size); if (!tmp) { SAFE_FREE(p); return error; } else { p = tmp; } SMB_REALLOC_KEEP_OLD_ON_ERROR guarentees never to free the pointer p, even on size == 0 or realloc fail. All this is done by a hidden extra argument to Realloc(), BOOL free_old_on_error which is set appropriately by the SMB_REALLOC and SMB_REALLOC_KEEP_OLD_ON_ERROR macros (and their array counterparts). It remains to be seen what this will do to our Coverity bug count :-). Jeremy. (This used to be commit 1d710d06a214f3f1740e80e0bffd6aab44aac2b0)
2007-10-10r13316: Let the carnage begin....Gerald Carter1-0/+5
Sync with trunk as off r13315 (This used to be commit 17e63ac4ed8325c0d44fe62b2442449f3298559f)
2007-10-10r13024: Add is_null_sid.Günther Deschner1-0/+6
GUenther (This used to be commit 3a6e41a0cb2872a656ea79c8d4fc4b8bce436492)
2007-10-10r12387: Make string_to_sid a little more silent.Jeremy Allison1-2/+2
Jeremy. (This used to be commit 7ccff8071abf2bd85f4022abace1f96c7f7f0d29)
2007-10-10r12169: Remove an unused functionVolker Lendecke1-35/+0
(This used to be commit 209e4f8793fe9375fc6af1aedb5bd1fe57193bbc)
2007-10-10r12051: Merge across the lookup_name and lookup_sid work. Lets see how the ↵Volker Lendecke1-42/+3
build farm reacts :-) Volker (This used to be commit 9f99d04a54588cd9d1a1ab163ebb304437f932f7)
2007-10-10r11230: Remove the '//' i was using to test something...oopsJim McDonough1-1/+1
(This used to be commit cda5a81bbe52308a81a79eb0354aea63027a9701)
2007-10-10r11229: an even bigger speedup spotted by Volker. string_to_sid() is now ↵Jim McDonough1-2/+2
taking 1/5th the time it used to. Replace strcasecmp with invididual char checks for "S-" sid prefix. (This used to be commit de3d0094b78cb20da7ed958e8d3a428583694309)
2007-10-10r11228: Speed up string_to_sid by removing next_token calls, thus eliminatingJim McDonough1-34/+27
the need for allocating memory to duplicate the string. (This used to be commit e5cc94f13ff2dacb219c8a56fa13853d620ecda6)
2007-10-10r11137: Compile with only 2 warnings (I'm still working on that code) on a gcc4Jeremy Allison1-6/+5
x86_64 box. Jeremy. (This used to be commit d720867a788c735e56d53d63265255830ec21208)
2007-10-10r7415: * big change -- volker's new async winbindd from trunkGerald Carter1-1/+7
(This used to be commit a0ac9a8ffd4af31a0ebc423b4acbb2f043d865b8)
2007-10-10r6263: Get rid of generate_wellknown_sids, they are const static and ↵Volker Lendecke1-88/+53
initializable statically. Volker (This used to be commit 3493d9f383567d286e69c0e60c0708ed400a04d9)
2007-10-10r6080: Port some of the non-critical changes from HEAD to 3_0. The main one ↵Volker Lendecke1-4/+23
is the change in pdb_enum_alias_memberships to match samr.idl a bit closer. Volker (This used to be commit 3a6786516957d9f67af6d53a3167c88aa272972f)
2007-10-10r4724: Add support for Windows privileges in Samba 3.0Gerald Carter1-0/+64
(based on Simo's code in trunk). Rewritten with the following changes: * privilege set is based on a 32-bit mask instead of strings (plans are to extend this to a 64 or 128-bit mask before the next 3.0.11preX release). * Remove the privilege code from the passdb API (replication to come later) * Only support the minimum amount of privileges that make sense. * Rewrite the domain join checks to use the SeMachineAccountPrivilege instead of the 'is a member of "Domain Admins"?' check that started all this. Still todo: * Utilize the SePrintOperatorPrivilege in addition to the 'printer admin' parameter * Utilize the SeAddUserPrivilege for adding users and groups * Fix some of the hard coded _lsa_*() calls * Start work on enough of SAM replication to get privileges from one Samba DC to another. * Come up with some management tool for manipultaing privileges instead of user manager since it is buggy when run on a 2k client (haven't tried xp). Works ok on NT4. (This used to be commit 77c10ff9aa6414a31eece6dfec00793f190a9d6c)
2007-10-10r4088: Get medieval on our ass about malloc.... :-). Take control of all our ↵Jeremy Allison1-3/+3
allocation functions so we can funnel through some well known functions. Should help greatly with malloc checking. HEAD patch to follow. Jeremy. (This used to be commit 620f2e608f70ba92f032720c031283d295c5c06a)
2007-10-10r316: Fix split_domain_name. This defaulted to get_myname() instead ofVolker Lendecke1-8/+14
get_global_sam_name(). Error case: Adding a domain user to a XP local group did a lsalookupname on the user without domain prefix, and this then failed. Jerry: This is a must-fix before 3.0.3. Volker (This used to be commit f35e353454b6825da1de138a3f0d8106787e938b)
2007-10-10r196: merging struct uuid from trunkGerald Carter1-17/+0
(This used to be commit 911a28361b9d8dd50597627f245ebfb57c6294fb)
2007-10-10r91: Fix lsalookupnames. Previously we'd fail if we didn't find the name, butJim McDonough1-0/+7
we never checked if it was a domain user and didn't find a local one. (This used to be commit 68022f5ebc55d1f3403dee5198d364cff300baf5)
2003-10-06split some security related functions in their own files.Simo Sorce1-1/+1
(no need to include all of smbd files to use some basic sec functions) also minor compile fixes couldn't compile to test these due to some kerberos problems wirh 3.0, but on HEAD they're working well, so I suppose it's ok to commit (This used to be commit c78f2d0bd15ecd2ba643bb141cc35a3405787aa1)
2003-08-15get rid of compiler warningsHerb Lewis1-1/+1
(This used to be commit ae25e7746e87409aae554d390753c7a3e3717052)
2003-05-09When checking if a SID is in a domain, make sure that indeed the user RID isAndrew Bartlett1-0/+3
one element longer than the domain sid. Andrew Bartlett (This used to be commit c61e5e38776d2de53d120b592a6685158e79ebb8)
2003-04-23Merge HEAD's winbind into 3.0.Andrew Bartlett1-0/+18
This includes the 'SIDs Rule' patch, mimir's trusted domains cacheing code, the winbind_idmap abstraction (not idmap proper, but the stuff that held up the winbind LDAP backend in HEAD). Andrew Bartlett (This used to be commit d4d5e6c2ee6383c6cceb5d449aa2ba6c83eb0666)
2003-04-14Merge of new sid type (SID_NAME_COMPUTER) and tidyup.Tim Potter1-1/+2
(This used to be commit c91cf2b38df9f51dd6cb46f0742e1c57bb36b508)
2003-01-03Merge from HEAD - make Samba compile with -Wwrite-strings without additionalAndrew Bartlett1-3/+4
warnings. (Adds a lot of const). Andrew Bartlett (This used to be commit 3a7458f9472432ef12c43008414925fd1ce8ea0c)
2002-11-12Removed global_myworkgroup, global_myname, global_myscope. Added liberalJeremy Allison1-7/+5
dashes of const. This is a rather large check-in, some things may break. It does compile though :-). Jeremy. (This used to be commit f755711df8f74f9b8e8c1a2b0d07d02a931eeb89)
2002-10-23First cut of new ACL mapping code from Andreas Gruenbacher <agruen@suse.de>.Jeremy Allison1-92/+108
This is not 100% the same as what SuSE shipped in their Samba, there is a crash bug fix, a race condition fix, and a few logic changes I'd like to discuss with Andreas. Added Andreas to (C) notices for posix_acls.c Jeremy. (This used to be commit 40eafb9dde113af9f7f1808fda22908953f7e8c3)
2002-10-18Start to merge the new ACL mapping code from Andreas Gruenbacher ↵Jeremy Allison1-51/+97
<agruen@suse.de>. Jeremy. (This used to be commit 597c4610090d711fd30c1ffacc97212cf399a264)
2002-10-01syncing up with HEAD. Seems to be a lot of differences creeping inGerald Carter1-4/+27
(i ignored the new SAMBA stuff, but the rest of this looks like it should have been merged already). (This used to be commit 3de09e5cf1f667e410ee8b9516a956860ce7290f)
2002-09-25sync'ing up for 3.0alpha20 releaseGerald Carter1-2/+22
(This used to be commit 65e7b5273bb58802bf0c389b77f7fcae0a1f6139)
2002-08-17sync 3.0 branch with headJelmer Vernooij1-0/+3
(This used to be commit 3928578b52cfc949be5e0ef444fce1558d75f290)
2002-07-15updated the 3.0 branch from the head branch - ready for alpha18Andrew Tridgell1-270/+74
(This used to be commit 03ac082dcb375b6f3ca3d810a6a6367542bc23ce)
2002-03-13Add "Creator Group" - was in 2.2.x and I'm syncing up the two.Jeremy Allison1-0/+2
Jeremy. (This used to be commit bcf38961a7786c5cf1eb7568b87c19712c3ea9cc)
2002-03-10add a note about the meaning of global_sam_sidAndrew Tridgell1-0/+3
(This used to be commit 3db97530b62ac12d334d0244ea52db8750cebf2e)
2002-01-31this fixes the problem of not being able to add a SD to a file on aAndrew Tridgell1-2/+0
non-domain Samba server from a NT4 client. Note that this exactly reverses a change by Jeremy on the 18th of December 2001, reverting the code back to what JF originally wrote. I have looked carefully with a sniffer and JFs original NULL sid is correct (ie. it matches what NT4 does) and also fixes the problem. Sending a blank sid (which is what jeremy's patch did) causes NT4 to give a classic "parameter is incorrect error" and prevents the addition of new ACLs. (This used to be commit 9930cf97330dd93985c5558cec6b24406e90c228)
2002-01-30Removed version number from file header.Tim Potter1-2/+1
Changed "SMB/Netbios" to "SMB/CIFS" in file header. (This used to be commit 6a58c9bd06d0d7502a24bf5ce5a2faf0a146edfa)
2001-12-30freeing the wrong pointer, sorry my mistake.Simo Sorce1-5/+5
(This used to be commit ce7e89949ae1755f9faa008784a5b1a9b137945e)
2001-12-30util_sid.c - respect a const variabile (addedd strdup)Simo Sorce1-4/+12
cli_reg.c - indentation pdb_ldap.c - some checks on init fns parameters pdb_tdb.c - some checks on init fns parameters + make sure we close the db on failure (This used to be commit 49f5cb7a3df6d673f86e6769319aa657e30d8380)
2001-12-19fixed sid_compare_domain()Andrew Tridgell1-3/+29
(This used to be commit c11c27b2812ceb06a52afbb7662f82a8676b1707)
2001-12-18Fixup JF's weird SID return :-).Jeremy Allison1-2/+4
Jeremy (This used to be commit 7b8fb8d85c406b8755f60cf14dc2377bc59eda53)
2001-12-10make sid_binstring available without HAVE_ADSAndrew Tridgell1-0/+17
(This used to be commit 4a6d29768665f71b72cf48ee34ee9a9c451232f6)
2001-12-04added a boolean to the group mapping functions to specify if we need orJean-François Micouleau1-1/+48
not the privileges. Usually we don't need them, so the memory is free early. lib/util_sid.c: added some helper functions to check an SID. passdb/passdb.c: renamed local_lookup_rid() to local_lookup_sid() and pass an RID all the way. If the group doesn't exist on the domain SID, don't return a faked one as it can collide with a builtin one. Some rpc structures have been badly designed, they return only rids and force the client to do subsequent lsa_lookup_sid() on the domain sid and the builtin sid ! rpc_server/srv_util.c: wrote a new version of get_domain_user_groups(). Only the samr code uses it atm. It uses the group mapping code instead of a bloody hard coded crap. The netlogon code will use it too, but I have to do some test first. J.F. (This used to be commit 6c87e96149101995b7d049657d5c26eefef37d8c)
2001-12-03put sid_to_name behind the winbindd backend interfaceAndrew Tridgell1-12/+26
I spent quite a while trying to work out how to make this call via ldap and failed. I then found that MS servers seem use rpc for sid_to_name, and it works even when in native mode, I ended up just implementing it via rpc (This used to be commit 789833b44e342c0b5de463ed8f9b5f7474a99f27)
2001-12-03added a basic ADS backend to winbind. More work needed, but atAndrew Tridgell1-1/+17
least basic operations work (This used to be commit 88241cab983b2c7db7d477c6c4654694a7a56cd3)
2001-11-05Removed totally annoying verbose debug in sid_to_string()Tim Potter1-2/+0
(This used to be commit 4f21ddb8737d3f72a84465d3384351ccd2b07d15)
2001-10-02Removed 'extern int DEBUGLEVEL' as it is now in the smb.h header.Tim Potter1-2/+0
(This used to be commit 2d0922b0eabfdc0aaf1d0797482fef47ed7fde8e)