samba - Unnamed repository; edit this file 'description' to name the repository.

Age	Commit message (Collapse)	Author	Files	Lines
2007-10-10	r5037: got rid of all of the TALLOC_DEPRECATED stuff. My apologies for the	Andrew Tridgell	3	-13/+13
	large commit. I thought this was worthwhile to get done for consistency. (This used to be commit ec32b22ed5ec224f6324f5e069d15e92e38e15c0)
2007-10-10	r4620: - add interface functions to the auth subsystem so that callers ↵	Stefan Metzmacher	1	-20/+25
	doesn't need to use function pointers anymore - make the module init much easier - a lot of cleanups don't try to read the diff in auth/ better read the new files it passes test_echo.sh and test_rpc.sh abartlet: please fix spelling fixes metze (This used to be commit 3c0d16b8236451f2cfd38fc3db8ae2906106d847)
2007-10-10	r4549: got rid of a lot more uses of plain talloc(), instead using	Andrew Tridgell	1	-1/+1
	talloc_size() or talloc_array_p() where appropriate. also fixed a memory leak in pvfs_copy_file() (failed to free a memory context) (This used to be commit 89b74b53546e1570b11b3702f40bee58aed8c503)
2007-10-10	r4429: the owner of a file always gets SEC_STD_DELETE	Andrew Tridgell	1	-6/+5
	(This used to be commit 81630d3014c8cbd970bc917e3e9aef337fa211cd)
2007-10-10	r4419: move security_token stuff to the libcli/security/	Stefan Metzmacher	6	-5/+158
	and debug privileges metze (This used to be commit c981808ed4cfa63c7ba7c4f9190b6b14f74bab40)
2007-10-10	r4404: check for SEC_ACE_FLAG_INHERIT_ONLY in the "maximum allowed" logic	Andrew Tridgell	1	-0/+4
	(This used to be commit e4ee8b776ba164a89afca43de20c166ccbfddb99)
2007-10-10	r4388: - allow ACE flags to be specified in security_descriptor_create()	Andrew Tridgell	1	-1/+2
	- added a test for all combinations of the inheritance ACE flags and how they are propogated to child directories and files (This used to be commit fdb38c8e4b6279137892402b21d2d52e1921e456)
2007-10-10	r4196: - added server side code for lsa_LookupPrivDisplayName	Andrew Tridgell	1	-24/+112
	- added english descriptions of privileges. We should add other languages in the future. (This used to be commit 3eee8b7c13de3ffe7c5a87d6f1ebdcc66ff391eb)
2007-10-10	r4151: added privilege attribute handling on samdb.	Andrew Tridgell	1	-5/+13
	pvfs will now honor some privileges on ACLs, and it will be quite easy to add the checks for more privileges in the necessary places, by making calls to sec_privilege_check(). (This used to be commit 3549039d0fbc54f87ae679e7288b82b28713e487)
2007-10-10	r4150: - add fns for manipulating the privilege_mask in a security_token	Andrew Tridgell	2	-6/+33
	- add the hooks in access_check that check the privilege bitmasks for SEC_STD_DELETE and SEC_FLAG_SYSTEM_SECURITY (This used to be commit 0fa3764edcabffe8f7d5e40f0097f97d0c4519c4)
2007-10-10	r4147: converted from NT_USER_TOKEN to struct security_token	Andrew Tridgell	4	-21/+95
	this is mostly just a tidyup, but also adds the privilege_mask, which I will be using shortly in ACL checking. note that I had to move the definition of struct security_token out of security.idl as pidl doesn't yet handle arrays of pointers, and the usual workaround (to use a intermediate structure) would make things too cumbersome for this structure, especially given we never encode it to NDR. (This used to be commit 7b446af09b8050746bfc2c50e9d56aa94397cc1a)
2007-10-10	r4062: the RAW-ACLS test now passes. The SEC_STD_DELETE bit is rather strange	Andrew Tridgell	1	-4/+7
	though - I expect we'll need to tweak that some more. (This used to be commit e3500811b90b8423ee7694609340f394957d1160)
2007-10-10	r4056: modified the access check code based on results from RAW-ACLS	Andrew Tridgell	1	-26/+19
	test. Also added generic mapping bits for pvfs. We don't pass RAW-ACLS yet, but its close. (This used to be commit c7cbd966d49a5345ea326732587555d209c531fc)
2007-10-10	r4034: add a function security_descriptor_create() which can be used to	Andrew Tridgell	1	-0/+79
	easily create complex security descriptors for testing. This greatly simplifies the smbtorture code I am writing for testing our new access_check code. (This used to be commit 891a8bc16af3c6ce5800e793ce4ec8b0078e444f)
2007-10-10	r4025: added a sec_access_check() function for checking security descriptors	Andrew Tridgell	3	-39/+163
	against a users security token and access_mask (This used to be commit c4d21cd4b1ccffd5aaa70a551c57f6eab1ca9c6d)
2007-10-10	r3988: made dom_sid_add_rid() allocate the new sid with proper parent/child ↵	Andrew Tridgell	1	-3/+5
	talloc relationship (This used to be commit 5db0eb1fe3abb5150bef27bfed4b7da723e4a287)
2007-10-10	r3979: added server side code for lsa_LookupSids2() and fixed authority_name	Andrew Tridgell	1	-0/+26
	return code to include our own domain. editing of ACLs via the w2k3 GUI works nicely (and faster) with these changes (This used to be commit a3f7f34b3965ddbd89b06334e03d2e1bb6aa364b)
2007-10-10	r3885: Add security descriptor comparison to our RPC-SAMSYNC test. We now	Andrew Bartlett	1	-0/+21
	verify that the security descriptor found in the SamSync is the same as what is available over SAMR. Unfortunately, the administrator seems unable to retrieve the SACL on the security descriptor, so I've added a new function to compare with a mask. Andrew Bartlett (This used to be commit 39ae5e1dac31a22086be50fb23261e02be877f3f)
2007-10-10	r3836: - fixed the handling of NT_STATUS_BUFFER_TOO_SMALL in nttrans server	Andrew Tridgell	1	-1/+1
	- fixed revision number on default DACL - fixed DACL_PRESENT bit in acl query with these fixes cacls.exe and the GUI ACL editor in w2k both work against pvfs. The GUI editor is slow as it times out looking up the SID -> name mappings. (This used to be commit 4468018cb63fd884920c2b0f5235bded50c6b5db)
2007-10-10	r3832: added NT ACL query/set to the posix NTVFS backend. The default ACL is	Andrew Tridgell	1	-1/+1
	based on the current nttoken, which is completely wrong, but works as a start. The ACL is stored in the xattr system.DosAcl, using a NDR encoded IDL union with a version number to allow for future expansion. pvfs does not yet check the ACL for file access. At the moment the ACL is just query/set. We also need to do some RPC work to allow the windows ACL editor to be used. At the moment is queries the ACL fine, but displays an error when it fails to map the SIDs via rpc. (This used to be commit 3a1f20d874ab2d8b2a2f2485b7a705847abf1263)
2007-10-10	r3829: added a RAW-ACLS test suite that tests query/set of ACLs on a file	Andrew Tridgell	2	-4/+128
	(This used to be commit 2ff9816ae0ae41e0e63e4276a70d292888346dc7)
2007-10-10	r3827: fixed copyright notices to remove simo and lkcl who have no code left ↵	Andrew Tridgell	1	-3/+2
	in this file (This used to be commit c75eb859391f747abc3fe513166c9f8d73ca349c)
2007-10-10	r3810: create a LIB_SECURITY subsystem	Stefan Metzmacher	4	-0/+418
	- move dom_sid, security_descriptor, security_* funtions to one place and rename some of them metze (This used to be commit b620bdd672cfdf0e009492e648b0709e6b6d8596)