Age | Commit message (Collapse) | Author | Files | Lines |
|
Guenther
|
|
Guenther
|
|
Guenther
|
|
Guenther
|
|
Guenther
|
|
Guenther
|
|
Jeremy.
|
|
The manual parser failed to constrain the maximum number of
sub-authorities to 15, allowing an overflow of the array.
Andrew Bartlett
|
|
The source3 code repsects the limit of a maximum of 15 subauths,
while the source4 code does not, creating a security issue as
we parse string-form SIDs from clients.
Andrew Bartlett
|
|
This ensures that this, unlike the MAXSUBAUTHS macro, can't get
out of sync with the structure.
Andrew Bartlett
|
|
|
|
Andrew Bartlett
|
|
that clock is a CPU burnometer but we need a chronometer for profiling.
|
|
These functions work on the bitmap, and are only exposed because
the source3/ privileges storage uses the bitmap in account_policy.tdb
Andrew Bartlett
Signed-off-by: Andrew Tridgell <tridge@samba.org>
|
|
Andrew Bartlett
Signed-off-by: Andrew Tridgell <tridge@samba.org>
|
|
This no longer needs to be global, and should be const. We now also
init it with the C99 style initialisers.
Andrew Bartlett
Signed-off-by: Andrew Tridgell <tridge@samba.org>
|
|
Signed-off-by: Andrew Tridgell <tridge@samba.org>
|
|
Now that this is a scalar, this isn't required.
Signed-off-by: Andrew Tridgell <tridge@samba.org>
|
|
We update privileges on a per-record basis instead of all at once, as
this maintains maximum compatibility is someone uses old tools with a
new version of Samba. The also auto-detects the byte order of the old
entries in the database, and copes with either native or reversed byte
order.
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
|
Signed-off-by: Andrew Tridgell <tridge@samba.org>
|
|
This avoids us dealing with the privilege bitmap in the LSA server, and
overhauls much of the rest of the handling to be currnet with the modern
world of talloc.
Andrew Bartlett
Signed-off-by: Andrew Tridgell <tridge@samba.org>
|
|
The new wrappers avoid anything but the core privileges code
dealing with the bitmap values directly.
Andrew Bartlett
Signed-off-by: Andrew Tridgell <tridge@samba.org>
|
|
This moves one more privileges call away from direct bitmap manipuation.
Andrew Bartlett
Signed-off-by: Andrew Tridgell <tridge@samba.org>
|
|
Andrew Bartlett
Signed-off-by: Andrew Tridgell <tridge@samba.org>
|
|
There is no longer any reason to go via the se_ functions to
manipulate this bitmap.
Andrew Bartlett
Signed-off-by: Andrew Tridgell <tridge@samba.org>
|
|
This new call is available in the merged privileges code, and
takes an enum as the parameter, rather than a bitmask.
Andrew Bartlett
Signed-off-by: Andrew Tridgell <tridge@samba.org>
|
|
Andrew Bartlett
Signed-off-by: Andrew Tridgell <tridge@samba.org>
|
|
Signed-off-by: Andrew Tridgell <tridge@samba.org>
|
|
The previous 128 bit structure needed this helper function.
Andrew Bartlett
Signed-off-by: Andrew Tridgell <tridge@samba.org>
|
|
Andrew Bartlett
Signed-off-by: Andrew Tridgell <tridge@samba.org>
|
|
It is important to make clear which is the LUID and which
is the Samba-only bitmap mask.
Andrew Bartlett
Signed-off-by: Andrew Tridgell <tridge@samba.org>
|
|
Signed-off-by: Andrew Tridgell <tridge@samba.org>
|
|
After SE_PRIV was removed, it became less clear what these
parameters were for.
Andrew Bartlett
Signed-off-by: Andrew Tridgell <tridge@samba.org>
|
|
The all UPPER case typedef is no longer the preferred Samba style
and this makes it easier to see that this is the IDL-derivied structure
Andrew Bartlett
Signed-off-by: Andrew Tridgell <tridge@samba.org>
|
|
This common structure is defined in security.idl
Andrew Bartlett
Signed-off-by: Andrew Tridgell <tridge@samba.org>
|
|
size_t is overkill here, and in struct security_token in the num_sids
is uint32_t.
This includes a change to the prototype of add_sid_to_array()
and add_sid_to_array_unique(), which has had a number of
consequnetial changes as I try to sort out all the callers using
a pointer to the number of sids.
Andrew Bartlett
Signed-off-by: Andrew Tridgell <tridge@samba.org>
|
|
Samba only uses the low bits, and this makes the code simpler.
Andrew Bartlett
Signed-off-by: Andrew Tridgell <tridge@samba.org>
|
|
Signed-off-by: Andrew Tridgell <tridge@samba.org>
|
|
Signed-off-by: Andrew Tridgell <tridge@samba.org>
|
|
The values in security.idl have been updated to match these.
Andrew Bartlett
Signed-off-by: Andrew Tridgell <tridge@samba.org>
|
|
Signed-off-by: Andrew Tridgell <tridge@samba.org>
|
|
These values are stored in account_policy.tdb, and the old format,
using a 128 bit bitmap was not endian neutral.
The previous endian-dependent format was introduced in
46e5effea948931509283cb84b27007d34b521c8
replacing a 32 bit number which was used at the time.
Andrew Bartlett
Signed-off-by: Andrew Tridgell <tridge@samba.org>
|
|
This removes the SE_PRIV typedef
Andrew Bartlett
Signed-off-by: Andrew Tridgell <tridge@samba.org>
|
|
We don't need 128 possible privileges here, as we only use 12.
This reverts some of 46e5effea948931509283cb84b27007d34b521c8
by Jerry back in 2005, where he introduced the SE_PRIV structure
to replace the uint32_t used at the time.
Andrew Bartlett
Signed-off-by: Andrew Tridgell <tridge@samba.org>
|
|
<andreas.moroder@gmx.net>".
Jeremy.
|
|
|
|
tevent would need monotonic clock features to make also smbldap's idle handling
aware of backward clock jumps. Other areas in smbldap are clock jump save now.
|
|
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
|
Guenther
|
|
Eventually we'll get this right...
|