summaryrefslogtreecommitdiff
path: root/source3
AgeCommit message (Collapse)AuthorFilesLines
2010-09-11s3-privs Rework access_check_object() to take two privilegesAndrew Bartlett3-68/+60
This allows the privileges bitmap to be used only when setting privileges, and uses an the LUID constant for all 'does this user have this privilege' operations. The advantage is that we now only need one API to determine if a token has a privilege, and much less code needs to know what type is used for the underlying bitmap. Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-09-11s3-privs Rework privilege enumeration to also use new DB formatAndrew Bartlett1-5/+18
Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-09-11libcli/security Remove luid_to_se_priv() and luid_to_privilege_name()Andrew Bartlett1-3/+9
These functions duplicate other functions in the merged code. Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-09-11s3-privs Directly manipulate the privileges bitmap.Andrew Bartlett3-14/+7
There is no longer any reason to go via the se_ functions to manipulate this bitmap. Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-09-11s3-privs Convert from user_has_privileges() -> security_token_has_privilege()Andrew Bartlett9-47/+28
This new call is available in the merged privileges code, and takes an enum as the parameter, rather than a bitmask. Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-09-11s3-privs Remove a pointer from grant_privilege()Andrew Bartlett4-10/+10
Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-09-11s3-privs Remove pointer indirection from se_priv_to_privilege_set()Andrew Bartlett1-2/+2
Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-09-11s3-privs Call security_token_set_privilege() rather than manual assignmentAndrew Bartlett2-2/+3
This avoids as much direct modifiction of the bitmask as possible. Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-09-11s3-privs Remove a pointer indirection from revoke_privilege()Andrew Bartlett4-7/+7
Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-09-11libcli/security Don't export privs[] as a global variableAndrew Bartlett2-9/+4
Instead, provide access functions for the LSA and net sam callers for the information they need. They still only enumerate the first 8 privileges that have traditionally been exposed. Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-09-11s3-lsa Use sec_privilege_id() to lookup name to LUIDAndrew Bartlett1-9/+4
Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-09-11libcli/security Return number of entries in the old source3 listAndrew Bartlett1-1/+1
This ensures there isn't a behaviour change when the source3 list is combined with the longer source4 list. Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-09-11libcli/privileges Simplify get_privilege_luid() to return just the enumAndrew Bartlett1-4/+2
As Samba only deals with the lower 32 bits of the LUID, just return those and let the LSA layer deal with the upper 0 bits. Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-09-11s3-privs Move manual prototypes to common privileges.hAndrew Bartlett1-20/+0
Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-09-11s3-privs Inline dump_se_priv into callers now that it's just a uint64_tAndrew Bartlett3-15/+9
The previous 128 bit structure needed this helper function. Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-09-11s3-privs Move source3/ privileges implmentation into commonAndrew Bartlett4-534/+2
Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-09-11s3-privs Rename structure elements for greater clarityAndrew Bartlett3-12/+12
It is important to make clear which is the LUID and which is the Samba-only bitmap mask. Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-09-11s3-privs More clarity in variable namesAndrew Bartlett1-4/+4
Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-09-11s3-privs Rename mask -> privilege_mask to be more clearAndrew Bartlett1-26/+26
After SE_PRIV was removed, it became less clear what these parameters were for. Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-09-11s3:auth Remove NT_USER_TOKENAndrew Bartlett26-94/+92
The all UPPER case typedef is no longer the preferred Samba style and this makes it easier to see that this is the IDL-derivied structure Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-09-11s3-auth Change struct nt_user_token -> struct security_tokenAndrew Bartlett23-87/+84
This common structure is defined in security.idl Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-09-11s3-auth Change type of num_sids to uint32_tAndrew Bartlett15-37/+47
size_t is overkill here, and in struct security_token in the num_sids is uint32_t. This includes a change to the prototype of add_sid_to_array() and add_sid_to_array_unique(), which has had a number of consequnetial changes as I try to sort out all the callers using a pointer to the number of sids. Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-09-11s3-privs Only store low bits of luid in privileges tableAndrew Bartlett2-18/+20
Samba only uses the low bits, and this makes the code simpler. Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-09-11privs Add my CopyrightAndrew Bartlett2-0/+2
Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-09-11s3-privs Remove comment already moved to security.idlAndrew Bartlett1-41/+0
Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-09-11s3-privs Use constants from security.idlAndrew Bartlett1-9/+9
The values in security.idl have been updated to match these. Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-09-11s3-privs Further changes to remove SE_PRIVAndrew Bartlett10-110/+108
Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-09-11privs Move privilege bitmasks to security.idlAndrew Bartlett1-19/+1
Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-09-11s3:privs Change to new host endian neutral privilages tdb formatAndrew Bartlett1-3/+16
These values are stored in account_policy.tdb, and the old format, using a 128 bit bitmap was not endian neutral. The previous endian-dependent format was introduced in 46e5effea948931509283cb84b27007d34b521c8 replacing a 32 bit number which was used at the time. Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-09-11s3:Change SE_PRIV to uint64_tAndrew Bartlett1-20/+20
This removes the SE_PRIV typedef Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-09-11s3:privileges Change SE_PRIV to be just a uint64_tAndrew Bartlett2-46/+22
We don't need 128 possible privileges here, as we only use 12. This reverts some of 46e5effea948931509283cb84b27007d34b521c8 by Jerry back in 2005, where he introduced the SE_PRIV structure to replace the uint32_t used at the time. Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-09-10Add check missing from previous patch after talloc_strdup().Jeremy Allison1-0/+3
Jeremy.
2010-09-10Factor out the recent changes into a function - check_parent_exists().Jeremy Allison1-77/+103
Fix this to ensure that if "start" is manipulated, then "dirpath" is changed also. Ensures that when the path: /a/long/file/name/path.txt is processed, we first stat: /a/long/file/name/path.txt and if this fails, we try to stat: /a/long/file/name if this path exists (the normal case when creating a new entry in a directory) then we no longer do the individual path name walk, but only do case insensitive lookup on the last component. If the stat fails we do the full pathname walk as normal in 3.5.x and below. Metze, examine this change for your back-port. Jeremy.
2010-09-11s3: Simplify the logic in generate_krb5_ccacheVolker Lendecke1-51/+28
gd, jra, others, please check!
2010-09-10s3/winbind: use mono time for startup timeout checkBjörn Jacke3-6/+6
2010-09-10s3-selftest: add print_test_extended (as called from RPC-PRINTER) to ↵Günther Deschner1-0/+1
knownfail list. Guenther
2010-09-10s3-printing: fix non-ads build after prototype changes.Günther Deschner1-1/+1
Guenther
2010-09-10s3: Simplify generate_krb5_ccache slightlyVolker Lendecke1-4/+0
strequal deals with a NULL string input just fine
2010-09-10Check all SMB_MALLOC returns correctly. Found by Andreas Moroder ↵Jeremy Allison2-3/+18
<andreas.moroder@gmx.net>. Jeremy
2010-09-10s3:torture: fix printf output, lines can't start with lower case "test"Stefan Metzmacher1-31/+30
metze
2010-09-10s3:torture: fix run_uid_regression_testStefan Metzmacher1-8/+20
metze
2010-09-10s3-errormap: map ERRSRV/ERRbaduid to NT_STATUS_USER_SESSION_DELETEDStefan Metzmacher1-0/+2
metze
2010-09-10s3-spoolss: Fix _spoolss_GetPrinter().Günther Deschner1-1/+2
In the error case, we need to TALLOC_FREE(r->out.info), don't ask :-) Guenther
2010-09-10s3-spoolss: Don't leak memory on the session counter list.Andreas Schneider3-1/+21
Thanks Günther, please check.
2010-09-10s3-spoolss: Allow multiple client backchannels.Simo Sorce1-77/+116
When we run spoolssd we need to support multiple clients connecting. Signed-off-by: Andreas Schneider <asn@samba.org>
2010-09-10s3-spoolss: Split function to send notification.Simo Sorce1-127/+162
More digestible this way. Signed-off-by: Andreas Schneider <asn@samba.org>
2010-09-10s3-spoolss: Use a single structure for all the back channel data.Simo Sorce1-14/+18
Signed-off-by: Andreas Schneider <asn@samba.org>
2010-09-10s3-spoolss: Rename Printer_entry to struct printer_handle.Simo Sorce1-53/+53
Signed-off-by: Andreas Schneider <asn@samba.org>
2010-09-10s3-spoolss: Move Printer_entry to srv_spoolss_nt.cSimo Sorce2-40/+44
It is used only there, and it is a good idea to make this one private and opaque to the rest of the code. Signed-off-by: Andreas Schneider <asn@samba.org>
2010-09-10s3-spoolss: Allocate printer entries on the pipe struct.Simo Sorce1-1/+2
Signed-off-by: Andreas Schneider <asn@samba.org>