summaryrefslogtreecommitdiff
path: root/source4/libcli/security
AgeCommit message (Collapse)AuthorFilesLines
2008-03-20More kludge ACLs!Andrew Bartlett2-0/+35
Rather than killing off the nasty 'kludge ACLs' stuff, this patch extends it, to ensure that LSA secrets and the registry are also protected. Andrew Bartlett (This used to be commit 2f2b110fb870132099bad1d4c16ed8962affb3ce)
2008-03-14swig: regenerate _wrap.c filesStefan Metzmacher1-4/+4
metze (This used to be commit 08b41e10699c7bb8058ab0ab61f17a1bbfcc1ce4)
2008-03-04Fix includes.Jelmer Vernooij1-0/+2
(This used to be commit 99e61dade2bd9ae2a5dfe17f766528012c09e46c)
2008-03-03Move object file lists to the Makefile.Jelmer Vernooij1-6/+5
(This used to be commit a7e6d2a1832db388fdafa1279f84c9a8bbfc87d6)
2007-12-26r26588: Janitorial: Rename torture_*_add_*test to torture_*_add_*test_const.Kai Blin1-3/+3
Also rename the corresponding wrap_ functions. (This used to be commit e59c2eaf681f076d175b9779d1c27b5f74a57c96)
2007-12-24r26572: Fix warnings in the Python code.Jelmer Vernooij3-21/+21
(This used to be commit 15038d9586d0b58f301ca8c39c21ef10c4283f28)
2007-12-24r26570: - Trim size of the swig-generated Python bindings by removing a ↵Jelmer Vernooij1-43/+29
bunch of {}'s. - Start working on Python equivalents for various EJS tests. - Fix regression in argument order for reg_diff_apply() in EJS bindings. (This used to be commit c550c03372cb260b78f6a6c132e70571bc4cb852)
2007-12-21r26464: Tighten dependencies.Jelmer Vernooij1-1/+1
(This used to be commit 2b7cfa5d9ab94e1ff2d60719cd3749810463ab15)
2007-12-21r26454: Add simple SWIG macro for wrapping talloced types.Jelmer Vernooij2-77/+80
(This used to be commit 760fcc8bfa2a7cd7641465cb3bae889e9e0fbc75)
2007-12-21r26399: Use -O option for SWIG (less evil generated code).Jelmer Vernooij2-85/+112
(This used to be commit 3378b6a559272cb702b52966692bf423f67a2b41)
2007-12-21r26248: Check in SWIG output so SWIG is not required when running out of svn.Jelmer Vernooij2-0/+4271
(This used to be commit 08501fbef38f81ce5ff4885a1696f9cb392fd631)
2007-12-21r26199: Allow constructing new sids, implement __eq__ for sids.Jelmer Vernooij2-3/+18
(This used to be commit 87472e35c04fdf0c61c9133bab3c05bda11eba00)
2007-12-21r26197: Add bindings for libsecurity.Jelmer Vernooij3-4/+190
(This used to be commit 8625cd403ba3a7d2b1b1fccfeb5efd7e21de0135)
2007-12-21r25903: Move more files out of torture/Jelmer Vernooij1-0/+105
(This used to be commit f734df3144cdd9ff280ee1cac2c3a7f972716f5d)
2007-12-21r25803: Make our security descriptor acl manipulation methods more generic ↵Günther Deschner1-73/+174
so that we can add and delete ACEs for SACLs as well as for DACLs. Guenther (This used to be commit 947fff994181f0ae50ac76d09621ddd684873112)
2007-12-21r25801: Add security_ace_create() function.Günther Deschner1-0/+29
Guenther (This used to be commit 0306e0183d4db0da331449b411814e7a93b6db2d)
2007-12-21r25739: We forgot to copy revision and type flags in security_descriptor_copy().Günther Deschner1-0/+3
Guenther (This used to be commit 2e028503a36acd12009a4d2f0d217b2d940c9c30)
2007-12-21r25610: Add security_descriptor_appendv() which takes va_list directly.Günther Deschner1-9/+14
Guenther (This used to be commit 99408cf20c6feb745cd2dd56c37015cfa11e9b3d)
2007-12-21r25608: Call security_descriptor_append from within security_descriptor_create.Günther Deschner1-29/+1
Guenther (This used to be commit 1ebcceb922bdb566e6a548aa1ad816eb8e9e26e9)
2007-12-21r25607: Allow to set security descriptor type flags at creation time withGünther Deschner1-0/+4
security_descriptor_create(). Guenther (This used to be commit 7dd0d28d254f78891b0807492baafa188b42df16)
2007-12-21r25604: Add security_descriptor_append() helper function.Günther Deschner1-0/+42
Guenther (This used to be commit 7d8f53b1c73dc4025821d96d8f675b6866407acb)
2007-10-10r25554: Convert last instances of BOOL, True and False to the standard types.Jelmer Vernooij5-80/+80
(This used to be commit 566aa14139510788548a874e9213d91317f83ca9)
2007-10-10r25175: Change to talloc_asprintf_append_buffer().Jeremy Allison1-6/+6
Jeremy. (This used to be commit 0844dbf597191b3e4d35a696695b229e986daec4)
2007-10-10r25027: Fix more warnings.Jelmer Vernooij3-4/+6
(This used to be commit 5085c53fcfade614e83d21fc2c1a5bc43bb2a729)
2007-10-10r25000: Fix some more C++ compatibility warnings.Jelmer Vernooij1-1/+1
(This used to be commit 08bb1ef643ab906f1645cf6f32763dc73b1884e4)
2007-10-10r23792: convert Samba4 to GPLv3Andrew Tridgell7-21/+14
There are still a few tidyups of old FSF addresses to come (in both s3 and s4). More commits soon. (This used to be commit fcf38a38ac691abd0fa51b89dc951a08e89fdafa)
2007-10-10r21307: make it possible to pass in NULL for domain or rid,Stefan Metzmacher1-4/+10
if someone isn't interessted in one of it metze (This used to be commit 1fdc71918a430c35af91fa7788e191d381f76d56)
2007-10-10r20801: try to always fix up the acl revision when we add or removeStefan Metzmacher1-4/+37
an ace metze (This used to be commit 18cc56be6a7c21e5b19d0826aca6ae2416c116b8)
2007-10-10r20800: fix compiler warningsStefan Metzmacher1-0/+2
metze (This used to be commit 6ce994720cdd8b7dd0b789460b5ae7da19261696)
2007-10-10r20799: if any ace has the optional sub object, the acl revision needsStefan Metzmacher1-0/+8
to be SECURITY_ACL_REVISION_ADS (4) metze (This used to be commit a67bb4365958f4bfadbf47b2231992e2aadd26a1)
2007-10-10r20795: dom_sid_parse_talloc() gets an null terminated string as input,Stefan Metzmacher1-1/+9
the SDDL string has the sid strings embedded, so we need to create a null terminated string... metze (This used to be commit 532395a18db84affa8a743b995e9fae2e3c312f2)
2007-10-10r17848: Ok, this did not do it. Still got the same problem.Volker Lendecke1-8/+1
(This used to be commit bb393603707ada3d4b917f8374b7738f16c78f46)
2007-10-10r17846: Ok, this is a patch that needs further discussion. On Solaris, ↵Volker Lendecke1-1/+8
snprintf seems to be broken. The %lu modifies apparently can not cope with the high bit==1. In dom_sid_string I added some printfs and got: auth: 21 auth: 2666793276 auth: 679821296 auth: 2310223117 auth: 1206 sid=S-1-5-21-8446744072081377596-679821296-8446744071724807437-1206 The "auth:" values are direct printfs, the sid= is the resulting code from dom_sid_string. I could not reproduce it with a simple test program, and #ifdef'ing out HAVE_SNPRINTF in config.h manually does not help either, probably because the dynamic linker overwrites the symbol in lib/replace. Checking it in because it fixes the RPC-SAMBA3-SHARESEC test directly on host "sunx", I would like to see whether it also fixes IRIX and AIX. Volker (This used to be commit 1a9401738f652a87d377a32086342f5f98525fc2)
2007-10-10r17082: Add a test that walks and tests denying tconX access via the share ↵Volker Lendecke1-0/+18
security descriptor. This is something that W2k3 does _not_ pass and probably is not expected to, it seems the don't check access at tconX time. Thanks to metze for the hint how in the srvsvc_NetShareInfo1501 struct the length of the sd can be encoded in idl. As metze says, there's probably more to the share secdesc, this needs more testing. This one is here to walk the samba3 code. Volker (This used to be commit 67185508229a8d7f144c22cb194f573c932d6de5)
2007-10-10r15573: Fix build of systems that have iconv headers in non-standard locationsJelmer Vernooij1-1/+1
Split of system/locale.h header from system/iconv.h Previously, iconv wasn't being used on these systems (This used to be commit aa6d66fda69779d1c2948a1aca85dbd5208f1cba)
2007-10-10r15457: Get rid of more usages of uint_tJelmer Vernooij1-1/+1
(This used to be commit 849818dcdeb8eaf2eb22fea3896a4f7c777d8c5f)
2007-10-10r15328: Move some functions around, remove dependencies.Jelmer Vernooij4-3/+34
Remove some autogenerated headers (which had prototypes now autogenerated by pidl) Remove ndr_security.h from a few places - it's no longer necessary (This used to be commit c19c2b51d3e1ad347120b06a22bda5ec586c22e8)
2007-10-10r15297: Move create_security_token() to samdb as it requires SAMDB (and the ↵Jelmer Vernooij2-78/+4
rest of LIBSECURITY doesn't) Make the ldb password_hash module only depend on some keys manipulation code, not full heimdal Some other dependency fixes (This used to be commit 5b3ab728edfc9cdd9eee16ad0fe6dfd4b5ced630)
2007-10-10r15207: Introduce PRIVATE_DEPENDENCIES and PUBLIC_DEPENDENCIES as replacementJelmer Vernooij1-1/+1
for REQUIRED_SUBSYSTEMS. (This used to be commit adc8a019b6da256f104abed1b82bfde6998a2ac9)
2007-10-10r15079: w2k3 returns NT_STATUS_PRIVILEGE_NOT_HELD if SEC_FLAG_SYSTEM_SECURITY isStefan Metzmacher1-1/+1
desired but SeSecurityPrivilege isn't granted metze (This used to be commit be7285bdebd58e7a86fcc64f7b22b9f533bcc4f5)
2007-10-10r14894: - add some 'const'Stefan Metzmacher3-37/+21
- remove sid_active_in_token() was the same as security_token_has_sid() - rename some functions metze (This used to be commit 81390dcda50f53d61e70059fb33014de0d283dc5)
2007-10-10r14891: fix a bug found by the ibm checkerStefan Metzmacher2-24/+46
the problem was that we shift with <<= (privilege-1) and we called the function with privilege=0 add some checks to catch invalid privilege values and hide the mask representation in privilege.c metze (This used to be commit a69f000324764bcd4cf420f2ecba1aca788258e4)
2007-10-10r14860: create libcli/security/security.hStefan Metzmacher5-6/+26
metze (This used to be commit 9ec706238c173992dc938d537bdf1103bf519dbf)
2007-10-10r14840: - rename some functionsStefan Metzmacher1-31/+41
- stack specific functions on top of generic ones metze (This used to be commit e391f3c98aae600c5f64d5975dd55567a09c3100)
2007-10-10r14641: fix typoStefan Metzmacher1-2/+2
metze (This used to be commit 0ad464f686dddc5befdf1ec8d20101ee0ad83585)
2007-10-10r14542: Remove librpc, libndr and libnbt from includes.hJelmer Vernooij5-1/+5
(This used to be commit 51b4270513752d2eafbe77f9de598de16ef84a1f)
2007-10-10r14464: Don't include ndr_BASENAME.h files unless strictly required, insteadJelmer Vernooij2-0/+2
try to include just the BASENAME.h files (containing only structs) (This used to be commit 3dd477ca5147f28a962b8437e2611a8222d706bd)
2007-10-10r13924: Split more prototypes out of include/proto.h + initial work on headerJelmer Vernooij5-0/+5
file dependencies (This used to be commit 122835876748a3eaf5e8d31ad1abddab9acb8781)
2007-10-10r12858: This moves the libnet_LookupPdc code to use a GetDC request to findAndrew Bartlett1-0/+5
the remote server's name, or in the absence of a local nbt_server to communicate with (or without root access), a node status request. The result is that we are in a better position to use kerberos, as well as to remove the 'password server' mandatory parameter for the samsync and samdump commands. (I need this to put these into SWAT). The only problem I have is that I must create a messaging context, which requires a server ID. As a client process, I don't expect to get messages, but it is currently required for replies, so I generate a random() number. We probably need the servers to accept connections on streamed sockets too, for client-only tasks that want IRPC. Because I wanted to test this code, I have put the NET-API-* tests into our test scripts, to ensure they pass and keep passing. They are good frontends onto the libnet system, and I see no reason not to test them. In doing so the NET-API-RPCCONNECT test was simplified to take a binding string on the command line, removing duplicate code, and testing the combinations in the scripts instead. (I have done a bit of work on the list shares code in libnet_share.c to make it pass 'make test') In the future, I would like to extend the libcli/findds.c code (based off volker's winbind/wb_async_helpers.c, which is why it shows up a bit odd in the patch) to handle getting multiple name replies, sending a getdc request to each in turn. (posted to samba-technical for review, and I'll happily update with any comments) Andrew Bartlett (This used to be commit 7ccddfd3515fc2c0d6f447c768ccbf7a220c3380)
2007-10-10r12747: Add a couple more token tests, used by the kludge ACL module.Andrew Bartlett1-0/+30
Andrew Bartlett (This used to be commit 10eadf48124d61f2eb586fb277a66aa4b9e6cad3)