samba - Unnamed repository; edit this file 'description' to name the repository.

Age	Commit message (Collapse)	Author	Files	Lines
2010-08-17	s4-drs: fixed check for SECURITY_RO_DOMAIN_CONTROLLER	Andrew Tridgell	1	-6/+6
	check more than the user_sid, and also check for the right rid value Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-04-22	s4-drs: added new SECURITY_RO_DOMAIN_CONTROLLER level	Andrew Tridgell	1	-1/+12
	This is used for allowing operations by RODCs, and denying them operations that should only be allowed for a full DC This required a new domain_sid argument to security_session_user_level() Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org> Pair-Programmed-With: Rusty Russell <rusty@samba.org>
2009-09-15	s4-security: added a new security level SECURITY_DOMAIN_CONTROLLER	Andrew Tridgell	1	-0/+9
	This will be used as a simple way to lock down DRS replication to administrators and domain controllers
2009-07-19	Fix typo	Matthias Dieter Wallnöfer	1	-1/+1

2009-01-30	Fix the mess with ldb includes.	Simo Sorce	1	-1/+0
	Separate again the public from the private headers. Add a new header specific for modules. Also add service function for modules as now ldb_context and ldb_module are opaque structures for them.
2008-03-20	More kludge ACLs!	Andrew Bartlett	1	-0/+27
	Rather than killing off the nasty 'kludge ACLs' stuff, this patch extends it, to ensure that LSA secrets and the registry are also protected. Andrew Bartlett (This used to be commit 2f2b110fb870132099bad1d4c16ed8962affb3ce)
2007-10-10	r25554: Convert last instances of BOOL, True and False to the standard types.	Jelmer Vernooij	1	-16/+16
	(This used to be commit 566aa14139510788548a874e9213d91317f83ca9)
2007-10-10	r23792: convert Samba4 to GPLv3	Andrew Tridgell	1	-3/+2
	There are still a few tidyups of old FSF addresses to come (in both s3 and s4). More commits soon. (This used to be commit fcf38a38ac691abd0fa51b89dc951a08e89fdafa)
2007-10-10	r15328: Move some functions around, remove dependencies.	Jelmer Vernooij	1	-1/+0
	Remove some autogenerated headers (which had prototypes now autogenerated by pidl) Remove ndr_security.h from a few places - it's no longer necessary (This used to be commit c19c2b51d3e1ad347120b06a22bda5ec586c22e8)
2007-10-10	r15297: Move create_security_token() to samdb as it requires SAMDB (and the ↵	Jelmer Vernooij	1	-74/+0
	rest of LIBSECURITY doesn't) Make the ldb password_hash module only depend on some keys manipulation code, not full heimdal Some other dependency fixes (This used to be commit 5b3ab728edfc9cdd9eee16ad0fe6dfd4b5ced630)
2007-10-10	r14894: - add some 'const'	Stefan Metzmacher	1	-11/+11
	- remove sid_active_in_token() was the same as security_token_has_sid() - rename some functions metze (This used to be commit 81390dcda50f53d61e70059fb33014de0d283dc5)
2007-10-10	r14891: fix a bug found by the ibm checker	Stefan Metzmacher	1	-16/+1
	the problem was that we shift with <<= (privilege-1) and we called the function with privilege=0 add some checks to catch invalid privilege values and hide the mask representation in privilege.c metze (This used to be commit a69f000324764bcd4cf420f2ecba1aca788258e4)
2007-10-10	r14860: create libcli/security/security.h	Stefan Metzmacher	1	-1/+1
	metze (This used to be commit 9ec706238c173992dc938d537bdf1103bf519dbf)
2007-10-10	r14840: - rename some functions	Stefan Metzmacher	1	-31/+41
	- stack specific functions on top of generic ones metze (This used to be commit e391f3c98aae600c5f64d5975dd55567a09c3100)
2007-10-10	r14641: fix typo	Stefan Metzmacher	1	-2/+2
	metze (This used to be commit 0ad464f686dddc5befdf1ec8d20101ee0ad83585)
2007-10-10	r14464: Don't include ndr_BASENAME.h files unless strictly required, instead	Jelmer Vernooij	1	-0/+1
	try to include just the BASENAME.h files (containing only structs) (This used to be commit 3dd477ca5147f28a962b8437e2611a8222d706bd)
2007-10-10	r13924: Split more prototypes out of include/proto.h + initial work on header	Jelmer Vernooij	1	-0/+1
	file dependencies (This used to be commit 122835876748a3eaf5e8d31ad1abddab9acb8781)
2007-10-10	r12747: Add a couple more token tests, used by the kludge ACL module.	Andrew Bartlett	1	-0/+30
	Andrew Bartlett (This used to be commit 10eadf48124d61f2eb586fb277a66aa4b9e6cad3)
2007-10-10	r12608: Remove some unused #include lines.	Jelmer Vernooij	1	-1/+0
	(This used to be commit 70e7449318aa0e9d2639c76730a7d1683b2f4981)
2007-10-10	r12542: Move some more prototypes out to seperate headers	Jelmer Vernooij	1	-0/+1
	(This used to be commit 0aca5fd5130d980d07398f3291d294202aefe3c2)
2007-10-10	r10810: This adds the hooks required to communicate the current user from the	Andrew Bartlett	1	-0/+25
	authenticated session down into LDB. This associates a session info structure with the open LDB, allowing a future ldb_ntacl module to allow/deny operations on that basis. Along the way, I cleaned up a few things, and added new helper functions to assist. In particular the LSA pipe uses simpler queries for some of the setup. In ldap_server, I have removed the 'ldasrv:hacked' module, which hasn't been worked on (other than making it continue to compile) since January, and I think the features of this module are being put into ldb anyway. I have also changed the partitions in ldap_server to be initialised after the connection, with the private pointer used to associate the ldb with the incoming session. Andrew Bartlett (This used to be commit fd7203789a2c0929eecea8125b57b833a67fed71)
2007-10-10	r9511: - fix the memory trees	Stefan Metzmacher	1	-5/+5
	- add a note about a possible talloc_free() metze (This used to be commit 550e3030f0e02720b527f3b4923457f05f484e6e)
2007-10-10	r9240: - move struct security_token to the idl file, with this we can	Stefan Metzmacher	1	-1/+1
	the ndr_pull/push/print functions for it in the ntacl-lsm module - fix compiler warnings in the ldap_encode_ndr_* code metze (This used to be commit 83d65d0d7ed9c240ad44aa2c881c1f07212bfda4)
2007-10-10	r5037: got rid of all of the TALLOC_DEPRECATED stuff. My apologies for the	Andrew Tridgell	1	-3/+3
	large commit. I thought this was worthwhile to get done for consistency. (This used to be commit ec32b22ed5ec224f6324f5e069d15e92e38e15c0)
2007-10-10	r4620: - add interface functions to the auth subsystem so that callers ↵	Stefan Metzmacher	1	-20/+25
	doesn't need to use function pointers anymore - make the module init much easier - a lot of cleanups don't try to read the diff in auth/ better read the new files it passes test_echo.sh and test_rpc.sh abartlet: please fix spelling fixes metze (This used to be commit 3c0d16b8236451f2cfd38fc3db8ae2906106d847)
2007-10-10	r4419: move security_token stuff to the libcli/security/	Stefan Metzmacher	1	-1/+118
	and debug privileges metze (This used to be commit c981808ed4cfa63c7ba7c4f9190b6b14f74bab40)
2007-10-10	r4147: converted from NT_USER_TOKEN to struct security_token	Andrew Tridgell	1	-13/+2
	this is mostly just a tidyup, but also adds the privilege_mask, which I will be using shortly in ACL checking. note that I had to move the definition of struct security_token out of security.idl as pidl doesn't yet handle arrays of pointers, and the usual workaround (to use a intermediate structure) would make things too cumbersome for this structure, especially given we never encode it to NDR. (This used to be commit 7b446af09b8050746bfc2c50e9d56aa94397cc1a)
2007-10-10	r3810: create a LIB_SECURITY subsystem	Stefan Metzmacher	1	-0/+56
	- move dom_sid, security_descriptor, security_* funtions to one place and rename some of them metze (This used to be commit b620bdd672cfdf0e009492e648b0709e6b6d8596)