summaryrefslogtreecommitdiff
path: root/source4/libcli/security/security_token.c
AgeCommit message (Collapse)AuthorFilesLines
2010-04-22s4-drs: added new SECURITY_RO_DOMAIN_CONTROLLER levelAndrew Tridgell1-1/+12
This is used for allowing operations by RODCs, and denying them operations that should only be allowed for a full DC This required a new domain_sid argument to security_session_user_level() Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org> Pair-Programmed-With: Rusty Russell <rusty@samba.org>
2009-09-15s4-security: added a new security level SECURITY_DOMAIN_CONTROLLERAndrew Tridgell1-0/+9
This will be used as a simple way to lock down DRS replication to administrators and domain controllers
2009-07-19Fix typoMatthias Dieter Wallnöfer1-1/+1
2009-01-30Fix the mess with ldb includes.Simo Sorce1-1/+0
Separate again the public from the private headers. Add a new header specific for modules. Also add service function for modules as now ldb_context and ldb_module are opaque structures for them.
2008-03-20More kludge ACLs!Andrew Bartlett1-0/+27
Rather than killing off the nasty 'kludge ACLs' stuff, this patch extends it, to ensure that LSA secrets and the registry are also protected. Andrew Bartlett (This used to be commit 2f2b110fb870132099bad1d4c16ed8962affb3ce)
2007-10-10r25554: Convert last instances of BOOL, True and False to the standard types.Jelmer Vernooij1-16/+16
(This used to be commit 566aa14139510788548a874e9213d91317f83ca9)
2007-10-10r23792: convert Samba4 to GPLv3Andrew Tridgell1-3/+2
There are still a few tidyups of old FSF addresses to come (in both s3 and s4). More commits soon. (This used to be commit fcf38a38ac691abd0fa51b89dc951a08e89fdafa)
2007-10-10r15328: Move some functions around, remove dependencies.Jelmer Vernooij1-1/+0
Remove some autogenerated headers (which had prototypes now autogenerated by pidl) Remove ndr_security.h from a few places - it's no longer necessary (This used to be commit c19c2b51d3e1ad347120b06a22bda5ec586c22e8)
2007-10-10r15297: Move create_security_token() to samdb as it requires SAMDB (and the ↵Jelmer Vernooij1-74/+0
rest of LIBSECURITY doesn't) Make the ldb password_hash module only depend on some keys manipulation code, not full heimdal Some other dependency fixes (This used to be commit 5b3ab728edfc9cdd9eee16ad0fe6dfd4b5ced630)
2007-10-10r14894: - add some 'const'Stefan Metzmacher1-11/+11
- remove sid_active_in_token() was the same as security_token_has_sid() - rename some functions metze (This used to be commit 81390dcda50f53d61e70059fb33014de0d283dc5)
2007-10-10r14891: fix a bug found by the ibm checkerStefan Metzmacher1-16/+1
the problem was that we shift with <<= (privilege-1) and we called the function with privilege=0 add some checks to catch invalid privilege values and hide the mask representation in privilege.c metze (This used to be commit a69f000324764bcd4cf420f2ecba1aca788258e4)
2007-10-10r14860: create libcli/security/security.hStefan Metzmacher1-1/+1
metze (This used to be commit 9ec706238c173992dc938d537bdf1103bf519dbf)
2007-10-10r14840: - rename some functionsStefan Metzmacher1-31/+41
- stack specific functions on top of generic ones metze (This used to be commit e391f3c98aae600c5f64d5975dd55567a09c3100)
2007-10-10r14641: fix typoStefan Metzmacher1-2/+2
metze (This used to be commit 0ad464f686dddc5befdf1ec8d20101ee0ad83585)
2007-10-10r14464: Don't include ndr_BASENAME.h files unless strictly required, insteadJelmer Vernooij1-0/+1
try to include just the BASENAME.h files (containing only structs) (This used to be commit 3dd477ca5147f28a962b8437e2611a8222d706bd)
2007-10-10r13924: Split more prototypes out of include/proto.h + initial work on headerJelmer Vernooij1-0/+1
file dependencies (This used to be commit 122835876748a3eaf5e8d31ad1abddab9acb8781)
2007-10-10r12747: Add a couple more token tests, used by the kludge ACL module.Andrew Bartlett1-0/+30
Andrew Bartlett (This used to be commit 10eadf48124d61f2eb586fb277a66aa4b9e6cad3)
2007-10-10r12608: Remove some unused #include lines.Jelmer Vernooij1-1/+0
(This used to be commit 70e7449318aa0e9d2639c76730a7d1683b2f4981)
2007-10-10r12542: Move some more prototypes out to seperate headersJelmer Vernooij1-0/+1
(This used to be commit 0aca5fd5130d980d07398f3291d294202aefe3c2)
2007-10-10r10810: This adds the hooks required to communicate the current user from theAndrew Bartlett1-0/+25
authenticated session down into LDB. This associates a session info structure with the open LDB, allowing a future ldb_ntacl module to allow/deny operations on that basis. Along the way, I cleaned up a few things, and added new helper functions to assist. In particular the LSA pipe uses simpler queries for some of the setup. In ldap_server, I have removed the 'ldasrv:hacked' module, which hasn't been worked on (other than making it continue to compile) since January, and I think the features of this module are being put into ldb anyway. I have also changed the partitions in ldap_server to be initialised after the connection, with the private pointer used to associate the ldb with the incoming session. Andrew Bartlett (This used to be commit fd7203789a2c0929eecea8125b57b833a67fed71)
2007-10-10r9511: - fix the memory treesStefan Metzmacher1-5/+5
- add a note about a possible talloc_free() metze (This used to be commit 550e3030f0e02720b527f3b4923457f05f484e6e)
2007-10-10r9240: - move struct security_token to the idl file, with this we canStefan Metzmacher1-1/+1
the ndr_pull/push/print functions for it in the ntacl-lsm module - fix compiler warnings in the ldap_encode_ndr_* code metze (This used to be commit 83d65d0d7ed9c240ad44aa2c881c1f07212bfda4)
2007-10-10r5037: got rid of all of the TALLOC_DEPRECATED stuff. My apologies for theAndrew Tridgell1-3/+3
large commit. I thought this was worthwhile to get done for consistency. (This used to be commit ec32b22ed5ec224f6324f5e069d15e92e38e15c0)
2007-10-10r4620: - add interface functions to the auth subsystem so that callers ↵Stefan Metzmacher1-20/+25
doesn't need to use function pointers anymore - make the module init much easier - a lot of cleanups don't try to read the diff in auth/ better read the new files it passes test_echo.sh and test_rpc.sh abartlet: please fix spelling fixes metze (This used to be commit 3c0d16b8236451f2cfd38fc3db8ae2906106d847)
2007-10-10r4419: move security_token stuff to the libcli/security/Stefan Metzmacher1-1/+118
and debug privileges metze (This used to be commit c981808ed4cfa63c7ba7c4f9190b6b14f74bab40)
2007-10-10r4147: converted from NT_USER_TOKEN to struct security_tokenAndrew Tridgell1-13/+2
this is mostly just a tidyup, but also adds the privilege_mask, which I will be using shortly in ACL checking. note that I had to move the definition of struct security_token out of security.idl as pidl doesn't yet handle arrays of pointers, and the usual workaround (to use a intermediate structure) would make things too cumbersome for this structure, especially given we never encode it to NDR. (This used to be commit 7b446af09b8050746bfc2c50e9d56aa94397cc1a)
2007-10-10r3810: create a LIB_SECURITY subsystemStefan Metzmacher1-0/+56
- move dom_sid, security_descriptor, security_* funtions to one place and rename some of them metze (This used to be commit b620bdd672cfdf0e009492e648b0709e6b6d8596)