Age | Commit message (Collapse) | Author | Files | Lines | |
---|---|---|---|---|---|
2010-06-19 | python: Use samba.tests.TestCase, make sure base class tearDown and | Jelmer Vernooij | 1 | -10/+18 | |
setUp methods are called, fix formatting. | |||||
2010-04-22 | s4-drs: added new SECURITY_RO_DOMAIN_CONTROLLER level | Andrew Tridgell | 2 | -6/+18 | |
This is used for allowing operations by RODCs, and denying them operations that should only be allowed for a full DC This required a new domain_sid argument to security_session_user_level() Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org> Pair-Programmed-With: Rusty Russell <rusty@samba.org> | |||||
2010-04-20 | Removed more excess looping and fixed problem with incorrect IO flag handling. | Nadezhda Ivanova | 1 | -126/+81 | |
2010-04-15 | A bit of refactoring in the SD creation code. | Nadezhda Ivanova | 1 | -127/+71 | |
2010-04-06 | s4-waf: removed the AUTOGENERATED markers | Andrew Tridgell | 1 | -4/+0 | |
we won't be using the mk -> wscript generator again | |||||
2010-04-06 | s4-waf: mark the wscript files as python so vim/emacs knows how to highlight ↵ | Andrew Tridgell | 1 | -0/+2 | |
them | |||||
2010-04-06 | build: waf quicktest nearly works | Andrew Tridgell | 1 | -1/+1 | |
Rewrote wafsamba using a new dependency handling system, and started adding the waf test code | |||||
2010-04-06 | build: commit all the waf build files in the tree | Andrew Tridgell | 1 | -0/+10 | |
2010-03-25 | python: use '#!/usr/bin/env python' to cope with varying install locations | Andrew Tridgell | 1 | -1/+1 | |
this should be much more portable | |||||
2010-03-24 | Missing include guard in source4/libcli/security/security.h | Jeremy Allison | 1 | -0/+5 | |
Jeremy. | |||||
2010-03-03 | s4:move the sddl code down to the top level | Michael Adam | 3 | -627/+2 | |
Michael | |||||
2010-02-02 | Change uint_t to unsigned int in source4 | Matt Kraai | 1 | -1/+1 | |
Signed-off-by: Stefan Metzmacher <metze@samba.org> | |||||
2010-01-02 | s4-sddl: DRS replication needs REVISION_ADS for SDs | Andrew Tridgell | 1 | -1/+1 | |
DRS replication with w2k8-r2 fails with a schema mismatch error if we set the revision to NT4 | |||||
2009-12-31 | py/security: Add test for dom_sid.split. | Jelmer Vernooij | 1 | -3/+8 | |
Signed-off-by: Andrew Tridgell <tridge@samba.org> | |||||
2009-12-17 | Fixed incorrect checking of PRINCIPAL_SELF permissions. | Nadezhda Ivanova | 1 | -3/+12 | |
If an ace has the PRINCIPAL_SELF as trustee, this sid has to be replaced with the onjectSid of the object being checked. PRINCIPAL_SELF is the way to grant rights to an account over itself. | |||||
2009-11-27 | s4:security/sddl - rework of the security descriptor abbreviations | Matthias Dieter Wallnöfer | 1 | -28/+33 | |
- Reoder them - Add some new ones (needed for the security descriptor in the provision script) | |||||
2009-11-17 | Fixed incorrect SID for RAS Servers. | Nadezhda Ivanova | 2 | -1/+2 | |
2009-11-15 | Fixed some major bugs in inheritance and access checks. | Nadezhda Ivanova | 1 | -13/+16 | |
Fixed sd creation not working on LDAP modify. Fixed incorrect replacement of CO and CG. Fixed incorrect access check on modify for SD modification. Fixed failing sec_descriptor test and enabled it. Fixed failing sd add test in ldap.python | |||||
2009-11-05 | Version 1.0 of the directory service acls module. | Nadezhda Ivanova | 2 | -47/+60 | |
At this point, support for checks on LDAP add, delete, rename and modify. Old kludge_acl is still there to handle the searches. This module is synchronous as the async version was impossible to debug, will be converted to async after some user testing. | |||||
2009-11-03 | Fixed some missing flags and bugs in the security creation. | Nadezhda Ivanova | 1 | -11/+47 | |
Also, added some logging. It needs improvement, possibly ability to turn in on and off via configuration file. | |||||
2009-11-03 | Fixed a bug in object specific access checks. | Nadezhda Ivanova | 1 | -2/+4 | |
2009-10-22 | s4:libcli/security/access_check - Add "const" in front of "type" | Matthias Dieter Wallnöfer | 1 | -1/+1 | |
Signed-off-by: Andrew Bartlett <abartlet@samba.org> | |||||
2009-10-17 | s4-acl: SEC_FLAG_MAXIMUM_ALLOWED doesn't auto-apply privilege access masks | Andrew Tridgell | 1 | -6/+2 | |
2009-10-17 | s4-security: honor more of the privilege access bits | Andrew Tridgell | 1 | -4/+12 | |
2009-10-02 | s4: fix various warnings (not "const" related ones) | Matthias Dieter Wallnöfer | 1 | -3/+3 | |
2009-09-28 | s4-acl: fixed SD creation | Andrew Tridgell | 1 | -12/+22 | |
Thanks for Nadya and Metze for this. The SDs were being created with invalid fields (noticed by w2k8-r2 client when joining our domain) | |||||
2009-09-24 | Fixed a dereferenced null pointer. | Nadezhda Ivanova | 1 | -16/+14 | |
2009-09-21 | Initial Implementation of the DS objects access checks. | Nadezhda Ivanova | 4 | -1/+252 | |
Currently disabled. The search will be greatly modified, also the object tree stuff will be simplified. | |||||
2009-09-20 | Initial implementation of security descriptor creation in DS | Nadezhda Ivanova | 1 | -4/+348 | |
TODO's: ACE sorting and clarifying the inheritance of object specific ace's. | |||||
2009-09-17 | pyldb: Don't segfault when invalid type is specified to as_sddl and from_sddl. | Matthieu Patou | 1 | -0/+17 | |
Fix bug #6723 | |||||
2009-09-16 | Owner and group defaulting. | Nadezhda Ivanova | 2 | -1/+118 | |
Signed-off-by: Andrew Bartlett <abartlet@samba.org> | |||||
2009-09-15 | s4-security: added a new security level SECURITY_DOMAIN_CONTROLLER | Andrew Tridgell | 2 | -0/+10 | |
This will be used as a simple way to lock down DRS replication to administrators and domain controllers | |||||
2009-07-19 | Fix typo | Matthias Dieter Wallnöfer | 1 | -1/+1 | |
2009-05-29 | s4: Add additional 2-letter SID/RID mappings. | Andrew Kroeger | 1 | -0/+23 | |
Information from http://msdn.microsoft.com/en-us/library/aa379602(VS.85).aspx | |||||
2009-05-20 | s4: try to fix privileges implementation in order to pass the ↵ | Günther Deschner | 1 | -1/+5 | |
RPC-SAMR-USERS-PRIVILEGES test. Guenther | |||||
2009-04-23 | Fix of a bug in the security.descriptor.as_sddl() method | nadezhda ivanova | 1 | -0/+6 | |
security.descriptor.as_sddl() method did not work correctly when invoked without supplying the domain sid. Returned the same value as when the sid was provided. Test added for this case in libcli/security/tests/bindings.py Signed-off-by: Jelmer Vernooij <jelmer@samba.org> | |||||
2009-04-21 | Move the security_descriptor utility code to the top-level. | Jelmer Vernooij | 3 | -535/+2 | |
2009-04-20 | Add a unit test for security_descriptor.as_sddl() without arguments. | Jelmer Vernooij | 1 | -0/+10 | |
2009-03-25 | display_sec: Move to common libcli/security directory. | Jelmer Vernooij | 1 | -2/+0 | |
2009-03-01 | Add header files for secace and secacl. | Jelmer Vernooij | 1 | -1/+2 | |
2009-03-01 | Move secacl to top-level. | Jelmer Vernooij | 1 | -1/+2 | |
2009-03-01 | Move secace.c to top-level. | Jelmer Vernooij | 1 | -1/+2 | |
2009-02-01 | shared: Move dom_sid_* utility functions to top level | Kai Blin | 3 | -308/+5 | |
2009-01-30 | Fix the mess with ldb includes. | Simo Sorce | 1 | -1/+0 | |
Separate again the public from the private headers. Add a new header specific for modules. Also add service function for modules as now ldb_context and ldb_module are opaque structures for them. | |||||
2009-01-22 | Implement as_sddl. | Jelmer Vernooij | 1 | -0/+10 | |
2009-01-22 | Support parsing sddl for security descriptors. | Jelmer Vernooij | 1 | -0/+8 | |
2008-12-23 | Fix more compiler warnings in various places. | Jelmer Vernooij | 1 | -1/+0 | |
2008-12-21 | Fix comparison in tests now that we use __cmp__ rather than __eq__. | Jelmer Vernooij | 1 | -2/+2 | |
2008-12-21 | Fix more tests, improve repr() functions for various Python types. | Jelmer Vernooij | 2 | -8/+8 | |
2008-12-21 | Simplify customization of pidl-generated Python modules. | Jelmer Vernooij | 1 | -16/+24 | |