summaryrefslogtreecommitdiff
path: root/source4/libcli/security/access_check.c
AgeCommit message (Collapse)AuthorFilesLines
2007-10-10r9240: - move struct security_token to the idl file, with this we canStefan Metzmacher1-1/+1
the ndr_pull/push/print functions for it in the ntacl-lsm module - fix compiler warnings in the ldap_encode_ndr_* code metze (This used to be commit 83d65d0d7ed9c240ad44aa2c881c1f07212bfda4)
2007-10-10r4429: the owner of a file always gets SEC_STD_DELETEAndrew Tridgell1-6/+5
(This used to be commit 81630d3014c8cbd970bc917e3e9aef337fa211cd)
2007-10-10r4419: move security_token stuff to the libcli/security/Stefan Metzmacher1-1/+1
and debug privileges metze (This used to be commit c981808ed4cfa63c7ba7c4f9190b6b14f74bab40)
2007-10-10r4404: check for SEC_ACE_FLAG_INHERIT_ONLY in the "maximum allowed" logicAndrew Tridgell1-0/+4
(This used to be commit e4ee8b776ba164a89afca43de20c166ccbfddb99)
2007-10-10r4150: - add fns for manipulating the privilege_mask in a security_tokenAndrew Tridgell1-6/+9
- add the hooks in access_check that check the privilege bitmasks for SEC_STD_DELETE and SEC_FLAG_SYSTEM_SECURITY (This used to be commit 0fa3764edcabffe8f7d5e40f0097f97d0c4519c4)
2007-10-10r4147: converted from NT_USER_TOKEN to struct security_tokenAndrew Tridgell1-8/+8
this is mostly just a tidyup, but also adds the privilege_mask, which I will be using shortly in ACL checking. note that I had to move the definition of struct security_token out of security.idl as pidl doesn't yet handle arrays of pointers, and the usual workaround (to use a intermediate structure) would make things too cumbersome for this structure, especially given we never encode it to NDR. (This used to be commit 7b446af09b8050746bfc2c50e9d56aa94397cc1a)
2007-10-10r4062: the RAW-ACLS test now passes. The SEC_STD_DELETE bit is rather strangeAndrew Tridgell1-4/+7
though - I expect we'll need to tweak that some more. (This used to be commit e3500811b90b8423ee7694609340f394957d1160)
2007-10-10r4056: modified the access check code based on results from RAW-ACLSAndrew Tridgell1-26/+19
test. Also added generic mapping bits for pvfs. We don't pass RAW-ACLS yet, but its close. (This used to be commit c7cbd966d49a5345ea326732587555d209c531fc)
2007-10-10r4025: added a sec_access_check() function for checking security descriptorsAndrew Tridgell1-0/+162
against a users security token and access_mask (This used to be commit c4d21cd4b1ccffd5aaa70a551c57f6eab1ca9c6d)