summaryrefslogtreecommitdiff
path: root/source4/libcli/security/security_descriptor.c
AgeCommit message (Collapse)AuthorFilesLines
2008-12-23Fix more compiler warnings in various places.Jelmer Vernooij1-1/+0
2008-12-12Manually marshall dom_sid, so we can use a fixed size array forJelmer Vernooij1-20/+0
dom_sid.sub_auths rather than a dynamically allocated one. This makes it possible to use the same DCE/RPC object code for Samba 3 and Samba 4's DCE/RPC parsers and allows copying sids more easily (since they no longer contain any pointers). The cost of having additional manual marshalling code is limited (~35 additional lines of C code).
2007-12-24r26572: Fix warnings in the Python code.Jelmer Vernooij1-3/+3
(This used to be commit 15038d9586d0b58f301ca8c39c21ef10c4283f28)
2007-12-21r25803: Make our security descriptor acl manipulation methods more generic ↵Günther Deschner1-73/+174
so that we can add and delete ACEs for SACLs as well as for DACLs. Guenther (This used to be commit 947fff994181f0ae50ac76d09621ddd684873112)
2007-12-21r25801: Add security_ace_create() function.Günther Deschner1-0/+29
Guenther (This used to be commit 0306e0183d4db0da331449b411814e7a93b6db2d)
2007-12-21r25739: We forgot to copy revision and type flags in security_descriptor_copy().Günther Deschner1-0/+3
Guenther (This used to be commit 2e028503a36acd12009a4d2f0d217b2d940c9c30)
2007-12-21r25610: Add security_descriptor_appendv() which takes va_list directly.Günther Deschner1-9/+14
Guenther (This used to be commit 99408cf20c6feb745cd2dd56c37015cfa11e9b3d)
2007-12-21r25608: Call security_descriptor_append from within security_descriptor_create.Günther Deschner1-29/+1
Guenther (This used to be commit 1ebcceb922bdb566e6a548aa1ad816eb8e9e26e9)
2007-12-21r25607: Allow to set security descriptor type flags at creation time withGünther Deschner1-0/+4
security_descriptor_create(). Guenther (This used to be commit 7dd0d28d254f78891b0807492baafa188b42df16)
2007-12-21r25604: Add security_descriptor_append() helper function.Günther Deschner1-0/+42
Guenther (This used to be commit 7d8f53b1c73dc4025821d96d8f675b6866407acb)
2007-10-10r25554: Convert last instances of BOOL, True and False to the standard types.Jelmer Vernooij1-36/+36
(This used to be commit 566aa14139510788548a874e9213d91317f83ca9)
2007-10-10r25027: Fix more warnings.Jelmer Vernooij1-3/+3
(This used to be commit 5085c53fcfade614e83d21fc2c1a5bc43bb2a729)
2007-10-10r23792: convert Samba4 to GPLv3Andrew Tridgell1-3/+2
There are still a few tidyups of old FSF addresses to come (in both s3 and s4). More commits soon. (This used to be commit fcf38a38ac691abd0fa51b89dc951a08e89fdafa)
2007-10-10r20801: try to always fix up the acl revision when we add or removeStefan Metzmacher1-4/+37
an ace metze (This used to be commit 18cc56be6a7c21e5b19d0826aca6ae2416c116b8)
2007-10-10r14860: create libcli/security/security.hStefan Metzmacher1-2/+1
metze (This used to be commit 9ec706238c173992dc938d537bdf1103bf519dbf)
2007-10-10r14542: Remove librpc, libndr and libnbt from includes.hJelmer Vernooij1-0/+1
(This used to be commit 51b4270513752d2eafbe77f9de598de16ef84a1f)
2007-10-10r13924: Split more prototypes out of include/proto.h + initial work on headerJelmer Vernooij1-0/+1
file dependencies (This used to be commit 122835876748a3eaf5e8d31ad1abddab9acb8781)
2007-10-10r12608: Remove some unused #include lines.Jelmer Vernooij1-1/+0
(This used to be commit 70e7449318aa0e9d2639c76730a7d1683b2f4981)
2007-10-10r9573: fixed a commentAndrew Tridgell1-1/+1
(This used to be commit d151a9459dcbfc88b0dc2ec9dd1cafa18ad5b8f8)
2007-10-10r9511: - fix the memory treesStefan Metzmacher1-2/+3
- add a note about a possible talloc_free() metze (This used to be commit 550e3030f0e02720b527f3b4923457f05f484e6e)
2007-10-10r9240: - move struct security_token to the idl file, with this we canStefan Metzmacher1-1/+1
the ndr_pull/push/print functions for it in the ntacl-lsm module - fix compiler warnings in the ldap_encode_ndr_* code metze (This used to be commit 83d65d0d7ed9c240ad44aa2c881c1f07212bfda4)
2007-10-10r7679: update the documentation of security_description_create()Stefan Metzmacher1-2/+5
metze (This used to be commit 6ad7ffab043c3b510f4dff052973a054e5a75779)
2007-10-10r6352: Two new composite calls:Alexander Bokovoy1-3/+77
- qfsinfo (query file system information) - appendacl (append an ACL to existing file's security descriptor and get new full ACL) The second one also includes an improvement to security descriptor handling which allows to copy security descriptor. Written by Peter Novodvorsky <peter.novodvorsky@ru.ibm.com> Both functions have corresponding torture tests added. Tested under valgrind and work against Samba 4 and Windows XP. ToDo: document composite call creation process in prog_guide.txt (This used to be commit 441cff62ac75ed16851ce7b8daf9d03eb4c3ec79)
2007-10-10r5137: fix typesStefan Metzmacher1-1/+1
metze (This used to be commit add1c579375d08040f722946da31ee3862f9e7ac)
2007-10-10r5037: got rid of all of the TALLOC_DEPRECATED stuff. My apologies for theAndrew Tridgell1-4/+4
large commit. I thought this was worthwhile to get done for consistency. (This used to be commit ec32b22ed5ec224f6324f5e069d15e92e38e15c0)
2007-10-10r4419: move security_token stuff to the libcli/security/Stefan Metzmacher1-1/+1
and debug privileges metze (This used to be commit c981808ed4cfa63c7ba7c4f9190b6b14f74bab40)
2007-10-10r4388: - allow ACE flags to be specified in security_descriptor_create()Andrew Tridgell1-1/+2
- added a test for all combinations of the inheritance ACE flags and how they are propogated to child directories and files (This used to be commit fdb38c8e4b6279137892402b21d2d52e1921e456)
2007-10-10r4034: add a function security_descriptor_create() which can be used toAndrew Tridgell1-0/+79
easily create complex security descriptors for testing. This greatly simplifies the smbtorture code I am writing for testing our new access_check code. (This used to be commit 891a8bc16af3c6ce5800e793ce4ec8b0078e444f)
2007-10-10r4025: added a sec_access_check() function for checking security descriptorsAndrew Tridgell1-39/+0
against a users security token and access_mask (This used to be commit c4d21cd4b1ccffd5aaa70a551c57f6eab1ca9c6d)
2007-10-10r3885: Add security descriptor comparison to our RPC-SAMSYNC test. We nowAndrew Bartlett1-0/+21
verify that the security descriptor found in the SamSync is the same as what is available over SAMR. Unfortunately, the administrator seems unable to retrieve the SACL on the security descriptor, so I've added a new function to compare with a mask. Andrew Bartlett (This used to be commit 39ae5e1dac31a22086be50fb23261e02be877f3f)
2007-10-10r3836: - fixed the handling of NT_STATUS_BUFFER_TOO_SMALL in nttrans serverAndrew Tridgell1-1/+1
- fixed revision number on default DACL - fixed DACL_PRESENT bit in acl query with these fixes cacls.exe and the GUI ACL editor in w2k both work against pvfs. The GUI editor is slow as it times out looking up the SID -> name mappings. (This used to be commit 4468018cb63fd884920c2b0f5235bded50c6b5db)
2007-10-10r3832: added NT ACL query/set to the posix NTVFS backend. The default ACL isAndrew Tridgell1-1/+1
based on the current nttoken, which is completely wrong, but works as a start. The ACL is stored in the xattr system.DosAcl, using a NDR encoded IDL union with a version number to allow for future expansion. pvfs does not yet check the ACL for file access. At the moment the ACL is just query/set. We also need to do some RPC work to allow the windows ACL editor to be used. At the moment is queries the ACL fine, but displays an error when it fails to map the SIDs via rpc. (This used to be commit 3a1f20d874ab2d8b2a2f2485b7a705847abf1263)
2007-10-10r3829: added a RAW-ACLS test suite that tests query/set of ACLs on a fileAndrew Tridgell1-2/+126
(This used to be commit 2ff9816ae0ae41e0e63e4276a70d292888346dc7)
2007-10-10r3810: create a LIB_SECURITY subsystemStefan Metzmacher1-0/+102
- move dom_sid, security_descriptor, security_* funtions to one place and rename some of them metze (This used to be commit b620bdd672cfdf0e009492e648b0709e6b6d8596)