summaryrefslogtreecommitdiff
path: root/source4/libcli/security
AgeCommit message (Collapse)AuthorFilesLines
2010-10-14libcli/auth Merge source4/libcli/security and util_sid.c into the common codeAndrew Bartlett4-854/+1
This should ensure we only have one copy of these core functions in the tree. Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-10-14s4-acl Merge sec_access_check() with se_access_check() from source3/Andrew Bartlett1-2/+16
Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-10-12libcli/security Provide a common, top level libcli/security/security.hAndrew Bartlett1-45/+0
This will reduce the noise from merges of the rest of the libcli/security code, without this commit changing what code is actually used. This includes (along with other security headers) dom_sid.h and security_token.h Andrew Bartlett Autobuild-User: Andrew Bartlett <abartlet@samba.org> Autobuild-Date: Tue Oct 12 05:54:10 UTC 2010 on sn-devel-104
2010-10-12s4-libcli/security Use seperate subsystem for session related functionsAndrew Bartlett4-12/+41
The merged I plan in this area require spliting security.h into two header files, a common header and a session.h for the remaining source4-specific code. Andrew Bartlett
2010-10-12libcli/security Move most of security_token.c to common code.Andrew Bartlett4-182/+66
The source4-specific session_info functions have been left in session.c Andrew Bartlett
2010-09-21s4-selftest: Move more tests to scripting/python, simplifies running of tests.Jelmer Vernooij1-143/+0
2010-09-11libcli/security Use talloc_zero when making a struct security_tokenAndrew Bartlett1-5/+1
2010-09-11libcli/security Move source4/ privileges code into the common libcli/securityAndrew Bartlett3-310/+2
Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-09-11s4-privs Add a lookup by index of privilagesAndrew Bartlett1-0/+11
Now that privileges are no longer given luid values sequentially, we need another way to look them up for enumeration. Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-09-11privs Add my CopyrightAndrew Bartlett1-0/+1
Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-09-11s4-privs Remove link between enum sec_privilege and the privilege bitmapAndrew Bartlett1-17/+69
This allows us to set the enum sec_privilege constants to the LUID values that are seen from windows, which we need to match, in order to preserve the support for the NT Print Migrator tool after a merge with the source3/ privileges code. Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-09-09s4:libcli/security/*.c - fix some wrong typed countersMatthias Dieter Wallnöfer3-10/+7
According to "librpc/gen_ndr/security.h" they need to be "uint32_t".
2010-08-23s4:security Change struct security_token->sids from struct dom_sid * to ↵Andrew Bartlett2-7/+7
struct dom_sid This makes the structure much more like NT_USER_TOKEN in the source3/ code. (The remaining changes are that privilages still need to be merged) Andrew Bartlett
2010-08-18s4:security Remove use of user_sid and group_sid from struct security_tokenAndrew Bartlett2-8/+7
This makes the structure more like Samba3's NT_USER_TOKEN
2010-08-18s4:security Bring in #defines for the user and primary group token locationAndrew Bartlett1-0/+3
This will allow us to stop duplicating the user and primary group SID in the struct security_token, and therefore make it more like the NT_USER_TOKEN in Samba3. Andrew Bartlett
2010-08-17s4-drs: fixed check for SECURITY_RO_DOMAIN_CONTROLLERAndrew Tridgell1-6/+6
check more than the user_sid, and also check for the right rid value Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-06-19python: Use samba.tests.TestCase, make sure base class tearDown andJelmer Vernooij1-10/+18
setUp methods are called, fix formatting.
2010-04-22s4-drs: added new SECURITY_RO_DOMAIN_CONTROLLER levelAndrew Tridgell2-6/+18
This is used for allowing operations by RODCs, and denying them operations that should only be allowed for a full DC This required a new domain_sid argument to security_session_user_level() Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org> Pair-Programmed-With: Rusty Russell <rusty@samba.org>
2010-04-20Removed more excess looping and fixed problem with incorrect IO flag handling.Nadezhda Ivanova1-126/+81
2010-04-15A bit of refactoring in the SD creation code.Nadezhda Ivanova1-127/+71
2010-04-06s4-waf: removed the AUTOGENERATED markersAndrew Tridgell1-4/+0
we won't be using the mk -> wscript generator again
2010-04-06s4-waf: mark the wscript files as python so vim/emacs knows how to highlight ↵Andrew Tridgell1-0/+2
them
2010-04-06build: waf quicktest nearly worksAndrew Tridgell1-1/+1
Rewrote wafsamba using a new dependency handling system, and started adding the waf test code
2010-04-06build: commit all the waf build files in the treeAndrew Tridgell1-0/+10
2010-03-25python: use '#!/usr/bin/env python' to cope with varying install locationsAndrew Tridgell1-1/+1
this should be much more portable
2010-03-24Missing include guard in source4/libcli/security/security.hJeremy Allison1-0/+5
Jeremy.
2010-03-03s4:move the sddl code down to the top levelMichael Adam3-627/+2
Michael
2010-02-02Change uint_t to unsigned int in source4Matt Kraai1-1/+1
Signed-off-by: Stefan Metzmacher <metze@samba.org>
2010-01-02s4-sddl: DRS replication needs REVISION_ADS for SDsAndrew Tridgell1-1/+1
DRS replication with w2k8-r2 fails with a schema mismatch error if we set the revision to NT4
2009-12-31py/security: Add test for dom_sid.split.Jelmer Vernooij1-3/+8
Signed-off-by: Andrew Tridgell <tridge@samba.org>
2009-12-17Fixed incorrect checking of PRINCIPAL_SELF permissions.Nadezhda Ivanova1-3/+12
If an ace has the PRINCIPAL_SELF as trustee, this sid has to be replaced with the onjectSid of the object being checked. PRINCIPAL_SELF is the way to grant rights to an account over itself.
2009-11-27s4:security/sddl - rework of the security descriptor abbreviationsMatthias Dieter Wallnöfer1-28/+33
- Reoder them - Add some new ones (needed for the security descriptor in the provision script)
2009-11-17Fixed incorrect SID for RAS Servers.Nadezhda Ivanova2-1/+2
2009-11-15Fixed some major bugs in inheritance and access checks.Nadezhda Ivanova1-13/+16
Fixed sd creation not working on LDAP modify. Fixed incorrect replacement of CO and CG. Fixed incorrect access check on modify for SD modification. Fixed failing sec_descriptor test and enabled it. Fixed failing sd add test in ldap.python
2009-11-05Version 1.0 of the directory service acls module.Nadezhda Ivanova2-47/+60
At this point, support for checks on LDAP add, delete, rename and modify. Old kludge_acl is still there to handle the searches. This module is synchronous as the async version was impossible to debug, will be converted to async after some user testing.
2009-11-03Fixed some missing flags and bugs in the security creation.Nadezhda Ivanova1-11/+47
Also, added some logging. It needs improvement, possibly ability to turn in on and off via configuration file.
2009-11-03Fixed a bug in object specific access checks.Nadezhda Ivanova1-2/+4
2009-10-22s4:libcli/security/access_check - Add "const" in front of "type"Matthias Dieter Wallnöfer1-1/+1
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
2009-10-17s4-acl: SEC_FLAG_MAXIMUM_ALLOWED doesn't auto-apply privilege access masksAndrew Tridgell1-6/+2
2009-10-17s4-security: honor more of the privilege access bitsAndrew Tridgell1-4/+12
2009-10-02s4: fix various warnings (not "const" related ones)Matthias Dieter Wallnöfer1-3/+3
2009-09-28s4-acl: fixed SD creationAndrew Tridgell1-12/+22
Thanks for Nadya and Metze for this. The SDs were being created with invalid fields (noticed by w2k8-r2 client when joining our domain)
2009-09-24Fixed a dereferenced null pointer.Nadezhda Ivanova1-16/+14
2009-09-21Initial Implementation of the DS objects access checks.Nadezhda Ivanova4-1/+252
Currently disabled. The search will be greatly modified, also the object tree stuff will be simplified.
2009-09-20Initial implementation of security descriptor creation in DSNadezhda Ivanova1-4/+348
TODO's: ACE sorting and clarifying the inheritance of object specific ace's.
2009-09-17pyldb: Don't segfault when invalid type is specified to as_sddl and from_sddl.Matthieu Patou1-0/+17
Fix bug #6723
2009-09-16Owner and group defaulting.Nadezhda Ivanova2-1/+118
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
2009-09-15s4-security: added a new security level SECURITY_DOMAIN_CONTROLLERAndrew Tridgell2-0/+10
This will be used as a simple way to lock down DRS replication to administrators and domain controllers
2009-07-19Fix typoMatthias Dieter Wallnöfer1-1/+1
2009-05-29s4: Add additional 2-letter SID/RID mappings.Andrew Kroeger1-0/+23
Information from http://msdn.microsoft.com/en-us/library/aa379602(VS.85).aspx