summaryrefslogtreecommitdiff
path: root/source4/libcli/security
AgeCommit message (Collapse)AuthorFilesLines
2009-12-17Fixed incorrect checking of PRINCIPAL_SELF permissions.Nadezhda Ivanova1-3/+12
If an ace has the PRINCIPAL_SELF as trustee, this sid has to be replaced with the onjectSid of the object being checked. PRINCIPAL_SELF is the way to grant rights to an account over itself.
2009-11-27s4:security/sddl - rework of the security descriptor abbreviationsMatthias Dieter Wallnöfer1-28/+33
- Reoder them - Add some new ones (needed for the security descriptor in the provision script)
2009-11-17Fixed incorrect SID for RAS Servers.Nadezhda Ivanova2-1/+2
2009-11-15Fixed some major bugs in inheritance and access checks.Nadezhda Ivanova1-13/+16
Fixed sd creation not working on LDAP modify. Fixed incorrect replacement of CO and CG. Fixed incorrect access check on modify for SD modification. Fixed failing sec_descriptor test and enabled it. Fixed failing sd add test in ldap.python
2009-11-05Version 1.0 of the directory service acls module.Nadezhda Ivanova2-47/+60
At this point, support for checks on LDAP add, delete, rename and modify. Old kludge_acl is still there to handle the searches. This module is synchronous as the async version was impossible to debug, will be converted to async after some user testing.
2009-11-03Fixed some missing flags and bugs in the security creation.Nadezhda Ivanova1-11/+47
Also, added some logging. It needs improvement, possibly ability to turn in on and off via configuration file.
2009-11-03Fixed a bug in object specific access checks.Nadezhda Ivanova1-2/+4
2009-10-22s4:libcli/security/access_check - Add "const" in front of "type"Matthias Dieter Wallnöfer1-1/+1
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
2009-10-17s4-acl: SEC_FLAG_MAXIMUM_ALLOWED doesn't auto-apply privilege access masksAndrew Tridgell1-6/+2
2009-10-17s4-security: honor more of the privilege access bitsAndrew Tridgell1-4/+12
2009-10-02s4: fix various warnings (not "const" related ones)Matthias Dieter Wallnöfer1-3/+3
2009-09-28s4-acl: fixed SD creationAndrew Tridgell1-12/+22
Thanks for Nadya and Metze for this. The SDs were being created with invalid fields (noticed by w2k8-r2 client when joining our domain)
2009-09-24Fixed a dereferenced null pointer.Nadezhda Ivanova1-16/+14
2009-09-21Initial Implementation of the DS objects access checks.Nadezhda Ivanova4-1/+252
Currently disabled. The search will be greatly modified, also the object tree stuff will be simplified.
2009-09-20Initial implementation of security descriptor creation in DSNadezhda Ivanova1-4/+348
TODO's: ACE sorting and clarifying the inheritance of object specific ace's.
2009-09-17pyldb: Don't segfault when invalid type is specified to as_sddl and from_sddl.Matthieu Patou1-0/+17
Fix bug #6723
2009-09-16Owner and group defaulting.Nadezhda Ivanova2-1/+118
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
2009-09-15s4-security: added a new security level SECURITY_DOMAIN_CONTROLLERAndrew Tridgell2-0/+10
This will be used as a simple way to lock down DRS replication to administrators and domain controllers
2009-07-19Fix typoMatthias Dieter Wallnöfer1-1/+1
2009-05-29s4: Add additional 2-letter SID/RID mappings.Andrew Kroeger1-0/+23
Information from http://msdn.microsoft.com/en-us/library/aa379602(VS.85).aspx
2009-05-20s4: try to fix privileges implementation in order to pass the ↵Günther Deschner1-1/+5
RPC-SAMR-USERS-PRIVILEGES test. Guenther
2009-04-23Fix of a bug in the security.descriptor.as_sddl() methodnadezhda ivanova1-0/+6
security.descriptor.as_sddl() method did not work correctly when invoked without supplying the domain sid. Returned the same value as when the sid was provided. Test added for this case in libcli/security/tests/bindings.py Signed-off-by: Jelmer Vernooij <jelmer@samba.org>
2009-04-21Move the security_descriptor utility code to the top-level.Jelmer Vernooij3-535/+2
2009-04-20Add a unit test for security_descriptor.as_sddl() without arguments.Jelmer Vernooij1-0/+10
2009-03-25display_sec: Move to common libcli/security directory.Jelmer Vernooij1-2/+0
2009-03-01Add header files for secace and secacl.Jelmer Vernooij1-1/+2
2009-03-01Move secacl to top-level.Jelmer Vernooij1-1/+2
2009-03-01Move secace.c to top-level.Jelmer Vernooij1-1/+2
2009-02-01shared: Move dom_sid_* utility functions to top levelKai Blin3-308/+5
2009-01-30Fix the mess with ldb includes.Simo Sorce1-1/+0
Separate again the public from the private headers. Add a new header specific for modules. Also add service function for modules as now ldb_context and ldb_module are opaque structures for them.
2009-01-22Implement as_sddl.Jelmer Vernooij1-0/+10
2009-01-22Support parsing sddl for security descriptors.Jelmer Vernooij1-0/+8
2008-12-23Fix more compiler warnings in various places.Jelmer Vernooij1-1/+0
2008-12-21Fix comparison in tests now that we use __cmp__ rather than __eq__.Jelmer Vernooij1-2/+2
2008-12-21Fix more tests, improve repr() functions for various Python types.Jelmer Vernooij2-8/+8
2008-12-21Simplify customization of pidl-generated Python modules.Jelmer Vernooij1-16/+24
2008-12-21Merge the rest of security.i into samba.dcerpc.security.Jelmer Vernooij4-3701/+0
2008-12-21Remove duplicate Python bindings for dom_sid, security_descriptor andJelmer Vernooij3-1022/+40
security_token.
2008-12-21Include errors.i verbatim in security.i, as it's the only file still using it.Jelmer Vernooij1-1/+33
2008-12-20Fix compiler warning when parsing a SID in a data blobAndrew Bartlett1-1/+1
2008-12-12Manually marshall dom_sid, so we can use a fixed size array forJelmer Vernooij3-37/+1
dom_sid.sub_auths rather than a dynamically allocated one. This makes it possible to use the same DCE/RPC object code for Samba 3 and Samba 4's DCE/RPC parsers and allows copying sids more easily (since they no longer contain any pointers). The cost of having additional manual marshalling code is limited (~35 additional lines of C code).
2008-11-16s4:librpc/ndr: integrate NDR_MISC into LIBNDRStefan Metzmacher1-1/+1
metze
2008-10-28s4: libcli/security: a NULL DACL allows accessStefan Metzmacher1-11/+2
This fixes bug 4284. metze
2008-09-30Make Sid member variables accessible from Python.Jelmer Vernooij3-0/+128
2008-09-23fixed problem with ACLs with an empty DACL listAndrew Tridgell1-1/+14
2008-09-19Add test for Sid.__repr__.Jelmer Vernooij1-0/+4
2008-09-18Generate with 1.3.36.Jelmer Vernooij2-31/+36
2008-09-18Implement __repr__ for Sid.Jelmer Vernooij1-2/+6
2008-08-21Don't walk past the end of ldb values.Andrew Bartlett1-0/+15
This is a partial fix towards bugs due to us walking past the end of what we think are strings in ldb. There is much more work to do in this area. Andrew Bartlett (This used to be commit 5805a9a8f35fd90fa4f718f73534817fa3bbdfd2)
2008-05-24Add docstrings to a couple more python modules.Jelmer Vernooij3-7/+71
(This used to be commit b4560c90e5e8d3a35367d3a21d361dc4c9c0de23)