summaryrefslogtreecommitdiff
path: root/source4/libcli/security/dom_sid.c
AgeCommit message (Collapse)AuthorFilesLines
2007-10-10r21307: make it possible to pass in NULL for domain or rid,Stefan Metzmacher1-4/+10
if someone isn't interessted in one of it metze (This used to be commit 1fdc71918a430c35af91fa7788e191d381f76d56)
2007-10-10r17848: Ok, this did not do it. Still got the same problem.Volker Lendecke1-8/+1
(This used to be commit bb393603707ada3d4b917f8374b7738f16c78f46)
2007-10-10r17846: Ok, this is a patch that needs further discussion. On Solaris, ↵Volker Lendecke1-1/+8
snprintf seems to be broken. The %lu modifies apparently can not cope with the high bit==1. In dom_sid_string I added some printfs and got: auth: 21 auth: 2666793276 auth: 679821296 auth: 2310223117 auth: 1206 sid=S-1-5-21-8446744072081377596-679821296-8446744071724807437-1206 The "auth:" values are direct printfs, the sid= is the resulting code from dom_sid_string. I could not reproduce it with a simple test program, and #ifdef'ing out HAVE_SNPRINTF in config.h manually does not help either, probably because the dynamic linker overwrites the symbol in lib/replace. Checking it in because it fixes the RPC-SAMBA3-SHARESEC test directly on host "sunx", I would like to see whether it also fixes IRIX and AIX. Volker (This used to be commit 1a9401738f652a87d377a32086342f5f98525fc2)
2007-10-10r17082: Add a test that walks and tests denying tconX access via the share ↵Volker Lendecke1-0/+18
security descriptor. This is something that W2k3 does _not_ pass and probably is not expected to, it seems the don't check access at tconX time. Thanks to metze for the hint how in the srvsvc_NetShareInfo1501 struct the length of the sd can be encoded in idl. As metze says, there's probably more to the share secdesc, this needs more testing. This one is here to walk the samba3 code. Volker (This used to be commit 67185508229a8d7f144c22cb194f573c932d6de5)
2007-10-10r15457: Get rid of more usages of uint_tJelmer Vernooij1-1/+1
(This used to be commit 849818dcdeb8eaf2eb22fea3896a4f7c777d8c5f)
2007-10-10r15328: Move some functions around, remove dependencies.Jelmer Vernooij1-0/+32
Remove some autogenerated headers (which had prototypes now autogenerated by pidl) Remove ndr_security.h from a few places - it's no longer necessary (This used to be commit c19c2b51d3e1ad347120b06a22bda5ec586c22e8)
2007-10-10r14542: Remove librpc, libndr and libnbt from includes.hJelmer Vernooij1-0/+1
(This used to be commit 51b4270513752d2eafbe77f9de598de16ef84a1f)
2007-10-10r12858: This moves the libnet_LookupPdc code to use a GetDC request to findAndrew Bartlett1-0/+5
the remote server's name, or in the absence of a local nbt_server to communicate with (or without root access), a node status request. The result is that we are in a better position to use kerberos, as well as to remove the 'password server' mandatory parameter for the samsync and samdump commands. (I need this to put these into SWAT). The only problem I have is that I must create a messaging context, which requires a server ID. As a client process, I don't expect to get messages, but it is currently required for replies, so I generate a random() number. We probably need the servers to accept connections on streamed sockets too, for client-only tasks that want IRPC. Because I wanted to test this code, I have put the NET-API-* tests into our test scripts, to ensure they pass and keep passing. They are good frontends onto the libnet system, and I see no reason not to test them. In doing so the NET-API-RPCCONNECT test was simplified to take a binding string on the command line, removing duplicate code, and testing the combinations in the scripts instead. (I have done a bit of work on the list shares code in libnet_share.c to make it pass 'make test') In the future, I would like to extend the libcli/findds.c code (based off volker's winbind/wb_async_helpers.c, which is why it shows up a bit odd in the patch) to handle getting multiple name replies, sending a getdc request to each in turn. (posted to samba-technical for review, and I'll happily update with any comments) Andrew Bartlett (This used to be commit 7ccddfd3515fc2c0d6f447c768ccbf7a220c3380)
2007-10-10r12608: Remove some unused #include lines.Jelmer Vernooij1-1/+0
(This used to be commit 70e7449318aa0e9d2639c76730a7d1683b2f4981)
2007-10-10r9510: fix the memory treeStefan Metzmacher1-1/+1
metze (This used to be commit 6d412cf0a4186ec04cee61dd5387903de051fde7)
2007-10-10r9240: - move struct security_token to the idl file, with this we canStefan Metzmacher1-1/+1
the ndr_pull/push/print functions for it in the ntacl-lsm module - fix compiler warnings in the ldap_encode_ndr_* code metze (This used to be commit 83d65d0d7ed9c240ad44aa2c881c1f07212bfda4)
2007-10-10r6287: sorted out a small but surprisingly tricky dependency problem with theAndrew Tridgell1-32/+0
ndr code for handling sids and security descriptors now that we have a sid in the nbt IDL (This used to be commit f8e77fcdeac704aed5e501aa9108f3ed0ab26ca4)
2007-10-10r5037: got rid of all of the TALLOC_DEPRECATED stuff. My apologies for theAndrew Tridgell1-6/+6
large commit. I thought this was worthwhile to get done for consistency. (This used to be commit ec32b22ed5ec224f6324f5e069d15e92e38e15c0)
2007-10-10r4549: got rid of a lot more uses of plain talloc(), instead usingAndrew Tridgell1-1/+1
talloc_size() or talloc_array_p() where appropriate. also fixed a memory leak in pvfs_copy_file() (failed to free a memory context) (This used to be commit 89b74b53546e1570b11b3702f40bee58aed8c503)
2007-10-10r4419: move security_token stuff to the libcli/security/Stefan Metzmacher1-1/+1
and debug privileges metze (This used to be commit c981808ed4cfa63c7ba7c4f9190b6b14f74bab40)
2007-10-10r3988: made dom_sid_add_rid() allocate the new sid with proper parent/child ↵Andrew Tridgell1-3/+5
talloc relationship (This used to be commit 5db0eb1fe3abb5150bef27bfed4b7da723e4a287)
2007-10-10r3979: added server side code for lsa_LookupSids2() and fixed authority_nameAndrew Tridgell1-0/+26
return code to include our own domain. editing of ACLs via the w2k3 GUI works nicely (and faster) with these changes (This used to be commit a3f7f34b3965ddbd89b06334e03d2e1bb6aa364b)
2007-10-10r3829: added a RAW-ACLS test suite that tests query/set of ACLs on a fileAndrew Tridgell1-2/+2
(This used to be commit 2ff9816ae0ae41e0e63e4276a70d292888346dc7)
2007-10-10r3827: fixed copyright notices to remove simo and lkcl who have no code left ↵Andrew Tridgell1-3/+2
in this file (This used to be commit c75eb859391f747abc3fe513166c9f8d73ca349c)
2007-10-10r3810: create a LIB_SECURITY subsystemStefan Metzmacher1-0/+242
- move dom_sid, security_descriptor, security_* funtions to one place and rename some of them metze (This used to be commit b620bdd672cfdf0e009492e648b0709e6b6d8596)