summaryrefslogtreecommitdiff
path: root/source4/libcli/security/access_check.c
AgeCommit message (Collapse)AuthorFilesLines
2009-12-17Fixed incorrect checking of PRINCIPAL_SELF permissions.Nadezhda Ivanova1-3/+12
If an ace has the PRINCIPAL_SELF as trustee, this sid has to be replaced with the onjectSid of the object being checked. PRINCIPAL_SELF is the way to grant rights to an account over itself.
2009-11-03Fixed a bug in object specific access checks.Nadezhda Ivanova1-2/+4
2009-10-22s4:libcli/security/access_check - Add "const" in front of "type"Matthias Dieter Wallnöfer1-1/+1
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
2009-10-17s4-acl: SEC_FLAG_MAXIMUM_ALLOWED doesn't auto-apply privilege access masksAndrew Tridgell1-6/+2
2009-10-17s4-security: honor more of the privilege access bitsAndrew Tridgell1-4/+12
2009-09-21Initial Implementation of the DS objects access checks.Nadezhda Ivanova1-0/+135
Currently disabled. The search will be greatly modified, also the object tree stuff will be simplified.
2008-10-28s4: libcli/security: a NULL DACL allows accessStefan Metzmacher1-11/+2
This fixes bug 4284. metze
2008-09-23fixed problem with ACLs with an empty DACL listAndrew Tridgell1-1/+14
2007-10-10r23792: convert Samba4 to GPLv3Andrew Tridgell1-3/+2
There are still a few tidyups of old FSF addresses to come (in both s3 and s4). More commits soon. (This used to be commit fcf38a38ac691abd0fa51b89dc951a08e89fdafa)
2007-10-10r15079: w2k3 returns NT_STATUS_PRIVILEGE_NOT_HELD if SEC_FLAG_SYSTEM_SECURITY isStefan Metzmacher1-1/+1
desired but SeSecurityPrivilege isn't granted metze (This used to be commit be7285bdebd58e7a86fcc64f7b22b9f533bcc4f5)
2007-10-10r14894: - add some 'const'Stefan Metzmacher1-23/+7
- remove sid_active_in_token() was the same as security_token_has_sid() - rename some functions metze (This used to be commit 81390dcda50f53d61e70059fb33014de0d283dc5)
2007-10-10r14860: create libcli/security/security.hStefan Metzmacher1-2/+1
metze (This used to be commit 9ec706238c173992dc938d537bdf1103bf519dbf)
2007-10-10r14542: Remove librpc, libndr and libnbt from includes.hJelmer Vernooij1-0/+1
(This used to be commit 51b4270513752d2eafbe77f9de598de16ef84a1f)
2007-10-10r13924: Split more prototypes out of include/proto.h + initial work on headerJelmer Vernooij1-0/+1
file dependencies (This used to be commit 122835876748a3eaf5e8d31ad1abddab9acb8781)
2007-10-10r12608: Remove some unused #include lines.Jelmer Vernooij1-1/+0
(This used to be commit 70e7449318aa0e9d2639c76730a7d1683b2f4981)
2007-10-10r10185: Fix another two sets of unhandled enumeration warnings, plus correct ↵Tim Potter1-7/+11
some awful indentation. (-: (This used to be commit 2f24fc7a7a195c04f88a25d52efc02ddf491126c)
2007-10-10r9240: - move struct security_token to the idl file, with this we canStefan Metzmacher1-1/+1
the ndr_pull/push/print functions for it in the ntacl-lsm module - fix compiler warnings in the ldap_encode_ndr_* code metze (This used to be commit 83d65d0d7ed9c240ad44aa2c881c1f07212bfda4)
2007-10-10r4429: the owner of a file always gets SEC_STD_DELETEAndrew Tridgell1-6/+5
(This used to be commit 81630d3014c8cbd970bc917e3e9aef337fa211cd)
2007-10-10r4419: move security_token stuff to the libcli/security/Stefan Metzmacher1-1/+1
and debug privileges metze (This used to be commit c981808ed4cfa63c7ba7c4f9190b6b14f74bab40)
2007-10-10r4404: check for SEC_ACE_FLAG_INHERIT_ONLY in the "maximum allowed" logicAndrew Tridgell1-0/+4
(This used to be commit e4ee8b776ba164a89afca43de20c166ccbfddb99)
2007-10-10r4150: - add fns for manipulating the privilege_mask in a security_tokenAndrew Tridgell1-6/+9
- add the hooks in access_check that check the privilege bitmasks for SEC_STD_DELETE and SEC_FLAG_SYSTEM_SECURITY (This used to be commit 0fa3764edcabffe8f7d5e40f0097f97d0c4519c4)
2007-10-10r4147: converted from NT_USER_TOKEN to struct security_tokenAndrew Tridgell1-8/+8
this is mostly just a tidyup, but also adds the privilege_mask, which I will be using shortly in ACL checking. note that I had to move the definition of struct security_token out of security.idl as pidl doesn't yet handle arrays of pointers, and the usual workaround (to use a intermediate structure) would make things too cumbersome for this structure, especially given we never encode it to NDR. (This used to be commit 7b446af09b8050746bfc2c50e9d56aa94397cc1a)
2007-10-10r4062: the RAW-ACLS test now passes. The SEC_STD_DELETE bit is rather strangeAndrew Tridgell1-4/+7
though - I expect we'll need to tweak that some more. (This used to be commit e3500811b90b8423ee7694609340f394957d1160)
2007-10-10r4056: modified the access check code based on results from RAW-ACLSAndrew Tridgell1-26/+19
test. Also added generic mapping bits for pvfs. We don't pass RAW-ACLS yet, but its close. (This used to be commit c7cbd966d49a5345ea326732587555d209c531fc)
2007-10-10r4025: added a sec_access_check() function for checking security descriptorsAndrew Tridgell1-0/+162
against a users security token and access_mask (This used to be commit c4d21cd4b1ccffd5aaa70a551c57f6eab1ca9c6d)