Age | Commit message (Collapse) | Author | Files | Lines | |
---|---|---|---|---|---|
2010-03-03 | s4:move the sddl code down to the top level | Michael Adam | 3 | -627/+2 | |
Michael | |||||
2010-02-02 | Change uint_t to unsigned int in source4 | Matt Kraai | 1 | -1/+1 | |
Signed-off-by: Stefan Metzmacher <metze@samba.org> | |||||
2010-01-02 | s4-sddl: DRS replication needs REVISION_ADS for SDs | Andrew Tridgell | 1 | -1/+1 | |
DRS replication with w2k8-r2 fails with a schema mismatch error if we set the revision to NT4 | |||||
2009-12-31 | py/security: Add test for dom_sid.split. | Jelmer Vernooij | 1 | -3/+8 | |
Signed-off-by: Andrew Tridgell <tridge@samba.org> | |||||
2009-12-17 | Fixed incorrect checking of PRINCIPAL_SELF permissions. | Nadezhda Ivanova | 1 | -3/+12 | |
If an ace has the PRINCIPAL_SELF as trustee, this sid has to be replaced with the onjectSid of the object being checked. PRINCIPAL_SELF is the way to grant rights to an account over itself. | |||||
2009-11-27 | s4:security/sddl - rework of the security descriptor abbreviations | Matthias Dieter Wallnöfer | 1 | -28/+33 | |
- Reoder them - Add some new ones (needed for the security descriptor in the provision script) | |||||
2009-11-17 | Fixed incorrect SID for RAS Servers. | Nadezhda Ivanova | 2 | -1/+2 | |
2009-11-15 | Fixed some major bugs in inheritance and access checks. | Nadezhda Ivanova | 1 | -13/+16 | |
Fixed sd creation not working on LDAP modify. Fixed incorrect replacement of CO and CG. Fixed incorrect access check on modify for SD modification. Fixed failing sec_descriptor test and enabled it. Fixed failing sd add test in ldap.python | |||||
2009-11-05 | Version 1.0 of the directory service acls module. | Nadezhda Ivanova | 2 | -47/+60 | |
At this point, support for checks on LDAP add, delete, rename and modify. Old kludge_acl is still there to handle the searches. This module is synchronous as the async version was impossible to debug, will be converted to async after some user testing. | |||||
2009-11-03 | Fixed some missing flags and bugs in the security creation. | Nadezhda Ivanova | 1 | -11/+47 | |
Also, added some logging. It needs improvement, possibly ability to turn in on and off via configuration file. | |||||
2009-11-03 | Fixed a bug in object specific access checks. | Nadezhda Ivanova | 1 | -2/+4 | |
2009-10-22 | s4:libcli/security/access_check - Add "const" in front of "type" | Matthias Dieter Wallnöfer | 1 | -1/+1 | |
Signed-off-by: Andrew Bartlett <abartlet@samba.org> | |||||
2009-10-17 | s4-acl: SEC_FLAG_MAXIMUM_ALLOWED doesn't auto-apply privilege access masks | Andrew Tridgell | 1 | -6/+2 | |
2009-10-17 | s4-security: honor more of the privilege access bits | Andrew Tridgell | 1 | -4/+12 | |
2009-10-02 | s4: fix various warnings (not "const" related ones) | Matthias Dieter Wallnöfer | 1 | -3/+3 | |
2009-09-28 | s4-acl: fixed SD creation | Andrew Tridgell | 1 | -12/+22 | |
Thanks for Nadya and Metze for this. The SDs were being created with invalid fields (noticed by w2k8-r2 client when joining our domain) | |||||
2009-09-24 | Fixed a dereferenced null pointer. | Nadezhda Ivanova | 1 | -16/+14 | |
2009-09-21 | Initial Implementation of the DS objects access checks. | Nadezhda Ivanova | 4 | -1/+252 | |
Currently disabled. The search will be greatly modified, also the object tree stuff will be simplified. | |||||
2009-09-20 | Initial implementation of security descriptor creation in DS | Nadezhda Ivanova | 1 | -4/+348 | |
TODO's: ACE sorting and clarifying the inheritance of object specific ace's. | |||||
2009-09-17 | pyldb: Don't segfault when invalid type is specified to as_sddl and from_sddl. | Matthieu Patou | 1 | -0/+17 | |
Fix bug #6723 | |||||
2009-09-16 | Owner and group defaulting. | Nadezhda Ivanova | 2 | -1/+118 | |
Signed-off-by: Andrew Bartlett <abartlet@samba.org> | |||||
2009-09-15 | s4-security: added a new security level SECURITY_DOMAIN_CONTROLLER | Andrew Tridgell | 2 | -0/+10 | |
This will be used as a simple way to lock down DRS replication to administrators and domain controllers | |||||
2009-07-19 | Fix typo | Matthias Dieter Wallnöfer | 1 | -1/+1 | |
2009-05-29 | s4: Add additional 2-letter SID/RID mappings. | Andrew Kroeger | 1 | -0/+23 | |
Information from http://msdn.microsoft.com/en-us/library/aa379602(VS.85).aspx | |||||
2009-05-20 | s4: try to fix privileges implementation in order to pass the ↵ | Günther Deschner | 1 | -1/+5 | |
RPC-SAMR-USERS-PRIVILEGES test. Guenther | |||||
2009-04-23 | Fix of a bug in the security.descriptor.as_sddl() method | nadezhda ivanova | 1 | -0/+6 | |
security.descriptor.as_sddl() method did not work correctly when invoked without supplying the domain sid. Returned the same value as when the sid was provided. Test added for this case in libcli/security/tests/bindings.py Signed-off-by: Jelmer Vernooij <jelmer@samba.org> | |||||
2009-04-21 | Move the security_descriptor utility code to the top-level. | Jelmer Vernooij | 3 | -535/+2 | |
2009-04-20 | Add a unit test for security_descriptor.as_sddl() without arguments. | Jelmer Vernooij | 1 | -0/+10 | |
2009-03-25 | display_sec: Move to common libcli/security directory. | Jelmer Vernooij | 1 | -2/+0 | |
2009-03-01 | Add header files for secace and secacl. | Jelmer Vernooij | 1 | -1/+2 | |
2009-03-01 | Move secacl to top-level. | Jelmer Vernooij | 1 | -1/+2 | |
2009-03-01 | Move secace.c to top-level. | Jelmer Vernooij | 1 | -1/+2 | |
2009-02-01 | shared: Move dom_sid_* utility functions to top level | Kai Blin | 3 | -308/+5 | |
2009-01-30 | Fix the mess with ldb includes. | Simo Sorce | 1 | -1/+0 | |
Separate again the public from the private headers. Add a new header specific for modules. Also add service function for modules as now ldb_context and ldb_module are opaque structures for them. | |||||
2009-01-22 | Implement as_sddl. | Jelmer Vernooij | 1 | -0/+10 | |
2009-01-22 | Support parsing sddl for security descriptors. | Jelmer Vernooij | 1 | -0/+8 | |
2008-12-23 | Fix more compiler warnings in various places. | Jelmer Vernooij | 1 | -1/+0 | |
2008-12-21 | Fix comparison in tests now that we use __cmp__ rather than __eq__. | Jelmer Vernooij | 1 | -2/+2 | |
2008-12-21 | Fix more tests, improve repr() functions for various Python types. | Jelmer Vernooij | 2 | -8/+8 | |
2008-12-21 | Simplify customization of pidl-generated Python modules. | Jelmer Vernooij | 1 | -16/+24 | |
2008-12-21 | Merge the rest of security.i into samba.dcerpc.security. | Jelmer Vernooij | 4 | -3701/+0 | |
2008-12-21 | Remove duplicate Python bindings for dom_sid, security_descriptor and | Jelmer Vernooij | 3 | -1022/+40 | |
security_token. | |||||
2008-12-21 | Include errors.i verbatim in security.i, as it's the only file still using it. | Jelmer Vernooij | 1 | -1/+33 | |
2008-12-20 | Fix compiler warning when parsing a SID in a data blob | Andrew Bartlett | 1 | -1/+1 | |
2008-12-12 | Manually marshall dom_sid, so we can use a fixed size array for | Jelmer Vernooij | 3 | -37/+1 | |
dom_sid.sub_auths rather than a dynamically allocated one. This makes it possible to use the same DCE/RPC object code for Samba 3 and Samba 4's DCE/RPC parsers and allows copying sids more easily (since they no longer contain any pointers). The cost of having additional manual marshalling code is limited (~35 additional lines of C code). | |||||
2008-11-16 | s4:librpc/ndr: integrate NDR_MISC into LIBNDR | Stefan Metzmacher | 1 | -1/+1 | |
metze | |||||
2008-10-28 | s4: libcli/security: a NULL DACL allows access | Stefan Metzmacher | 1 | -11/+2 | |
This fixes bug 4284. metze | |||||
2008-09-30 | Make Sid member variables accessible from Python. | Jelmer Vernooij | 3 | -0/+128 | |
2008-09-23 | fixed problem with ACLs with an empty DACL list | Andrew Tridgell | 1 | -1/+14 | |
2008-09-19 | Add test for Sid.__repr__. | Jelmer Vernooij | 1 | -0/+4 | |