summaryrefslogtreecommitdiff
path: root/source3/lib
AgeCommit message (Collapse)AuthorFilesLines
2010-09-15s3-nltest: convert server input argument into --server.Günther Deschner1-24/+19
Guenther
2010-09-15s3-nltest: rename print_result to print_netlogon_info_result.Günther Deschner1-4/+17
Guenther
2010-09-14Ensure incoming timespec values correctly wrap at nsecs.Jeremy Allison1-0/+4
Jeremy.
2010-09-14s3-util_sid Use the NDR parser to parse struct dom_sidAndrew Bartlett1-14/+8
The manual parser failed to constrain the maximum number of sub-authorities to 15, allowing an overflow of the array. Andrew Bartlett
2010-09-14libcli/security Merge source3/ string_to_sid() to common codeAndrew Bartlett1-106/+0
The source3 code repsects the limit of a maximum of 15 subauths, while the source4 code does not, creating a security issue as we parse string-form SIDs from clients. Andrew Bartlett
2010-09-14s3-util_sid use ARRAY_SIZE() to ensure we never overflow the dom_sidAndrew Bartlett1-1/+1
This ensures that this, unlike the MAXSUBAUTHS macro, can't get out of sync with the structure. Andrew Bartlett
2010-09-14s3-util_sid Accept S-1-5 as a SIDAndrew Bartlett1-2/+10
2010-09-14s3-dom_sid Use C99 types in dom_sid handlingAndrew Bartlett1-7/+7
Andrew Bartlett
2010-09-14s3/profiling: don't use CLOCK_PROCESS_CPUTIME_IDBjörn Jacke1-17/+0
that clock is a CPU burnometer but we need a chronometer for profiling.
2010-09-11libcli/security Move 'private' privileges functions to another headerAndrew Bartlett1-0/+1
These functions work on the bitmap, and are only exposed because the source3/ privileges storage uses the bitmap in account_policy.tdb Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-09-11libcli/security Remove 'always true' return from se_priv_put_all_privilegesAndrew Bartlett1-3/+1
Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-09-11s3-util_sid Tidy up global struct security_tokenAndrew Bartlett2-14/+6
This no longer needs to be global, and should be const. We now also init it with the C99 style initialisers. Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-09-11s3-privs Add constAndrew Bartlett1-3/+3
Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-09-11s3-privs Remove extra pointer on privilege maskAndrew Bartlett1-4/+4
Now that this is a scalar, this isn't required. Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-09-11s3-privileges: add handling of both old and new formats in databaseAndrew Tridgell1-28/+48
We update privileges on a per-record basis instead of all at once, as this maintains maximum compatibility is someone uses old tools with a new version of Samba. The also auto-detects the byte order of the old entries in the database, and copes with either native or reversed byte order. Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-09-11s3-privs Remove unused functionAndrew Bartlett1-30/+0
Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-09-11s3-privs Overhaul PRIVILEGE_SET handling, avoid dealing with the bitmapAndrew Bartlett1-50/+17
This avoids us dealing with the privilege bitmap in the LSA server, and overhauls much of the rest of the handling to be currnet with the modern world of talloc. Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-09-11s3-privs Hide the bitmap-based grant_privilege and revoke_privilegeAndrew Bartlett1-7/+33
The new wrappers avoid anything but the core privileges code dealing with the bitmap values directly. Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-09-11s3-privs Make privilege_enum_sids() take an LUID, not a bitmapAndrew Bartlett1-2/+2
This moves one more privileges call away from direct bitmap manipuation. Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-09-11s3-privs Rework privilege enumeration to also use new DB formatAndrew Bartlett1-5/+18
Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-09-11s3-privs Directly manipulate the privileges bitmap.Andrew Bartlett2-13/+6
There is no longer any reason to go via the se_ functions to manipulate this bitmap. Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-09-11s3-privs Convert from user_has_privileges() -> security_token_has_privilege()Andrew Bartlett1-2/+2
This new call is available in the merged privileges code, and takes an enum as the parameter, rather than a bitmask. Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-09-11s3-privs Remove a pointer from grant_privilege()Andrew Bartlett1-7/+7
Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-09-11s3-privs Remove a pointer indirection from revoke_privilege()Andrew Bartlett1-4/+4
Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-09-11s3-privs Inline dump_se_priv into callers now that it's just a uint64_tAndrew Bartlett1-10/+6
The previous 128 bit structure needed this helper function. Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-09-11s3-privs Move source3/ privileges implmentation into commonAndrew Bartlett1-458/+0
Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-09-11s3-privs Rename structure elements for greater clarityAndrew Bartlett1-9/+9
It is important to make clear which is the LUID and which is the Samba-only bitmap mask. Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-09-11s3-privs More clarity in variable namesAndrew Bartlett1-4/+4
Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-09-11s3-privs Rename mask -> privilege_mask to be more clearAndrew Bartlett1-26/+26
After SE_PRIV was removed, it became less clear what these parameters were for. Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-09-11s3:auth Remove NT_USER_TOKENAndrew Bartlett5-14/+14
The all UPPER case typedef is no longer the preferred Samba style and this makes it easier to see that this is the IDL-derivied structure Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-09-11s3-auth Change struct nt_user_token -> struct security_tokenAndrew Bartlett2-7/+7
This common structure is defined in security.idl Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-09-11s3-auth Change type of num_sids to uint32_tAndrew Bartlett3-7/+7
size_t is overkill here, and in struct security_token in the num_sids is uint32_t. This includes a change to the prototype of add_sid_to_array() and add_sid_to_array_unique(), which has had a number of consequnetial changes as I try to sort out all the callers using a pointer to the number of sids. Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-09-11s3-privs Only store low bits of luid in privileges tableAndrew Bartlett1-17/+19
Samba only uses the low bits, and this makes the code simpler. Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-09-11privs Add my CopyrightAndrew Bartlett1-0/+1
Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-09-11s3-privs Remove comment already moved to security.idlAndrew Bartlett1-41/+0
Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-09-11s3-privs Use constants from security.idlAndrew Bartlett1-9/+9
The values in security.idl have been updated to match these. Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-09-11s3-privs Further changes to remove SE_PRIVAndrew Bartlett1-48/+48
Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-09-11s3:privs Change to new host endian neutral privilages tdb formatAndrew Bartlett1-3/+16
These values are stored in account_policy.tdb, and the old format, using a 128 bit bitmap was not endian neutral. The previous endian-dependent format was introduced in 46e5effea948931509283cb84b27007d34b521c8 replacing a 32 bit number which was used at the time. Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-09-11s3:Change SE_PRIV to uint64_tAndrew Bartlett1-20/+20
This removes the SE_PRIV typedef Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-09-11s3:privileges Change SE_PRIV to be just a uint64_tAndrew Bartlett1-24/+5
We don't need 128 possible privileges here, as we only use 12. This reverts some of 46e5effea948931509283cb84b27007d34b521c8 by Jerry back in 2005, where he introduced the SE_PRIV structure to replace the uint32_t used at the time. Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-09-09Fox missing SMB_MALLOC return checks noticed by "Andreas Moroder ↵Jeremy Allison2-0/+13
<andreas.moroder@gmx.net>". Jeremy.
2010-09-08Fix warnings caused by double ";;" at the end of the time_mono() fixes.Jeremy Allison1-3/+3
2010-09-08s3/ldap: use monotonic clock for timeouts in smbldapBjörn Jacke1-17/+23
tevent would need monotonic clock features to make also smbldap's idle handling aware of backward clock jumps. Other areas in smbldap are clock jump save now.
2010-09-02s3-param: added lp_set_cmdline() and --option= parameterAndrew Tridgell1-0/+10
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-09-01s3-ctdb: ctdbd_init_connection() is static to this file.Günther Deschner1-8/+0
Guenther
2010-08-31s3: messaging_ctdbd_connection() was only called with procid_self()Volker Lendecke4-18/+12
Eventually we'll get this right...
2010-08-31s3: messaging_ctdbd_init potentially modifies my_vnnVolker Lendecke1-0/+1
If we call messaging_ctdbd_connection() we end up with the wrong vnn in our messaging context. This is a bit of a hack, get_my_vnn() needs to go eventually along with procid_self()
2010-08-31s3: Make ctdbd_init_connection staticVolker Lendecke1-2/+2
2010-08-31s3: use monotonic time in timeout of sys_select_intr()Björn Jacke1-10/+11
2010-08-31s3: use clock_gettime() in timespec_current()Björn Jacke1-4/+1