Age | Commit message (Collapse) | Author | Files | Lines | |
---|---|---|---|---|---|
2010-10-14 | libcli/auth Merge source4/libcli/security and util_sid.c into the common code | Andrew Bartlett | 4 | -854/+1 | |
This should ensure we only have one copy of these core functions in the tree. Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org> | |||||
2010-10-14 | s4-acl Merge sec_access_check() with se_access_check() from source3/ | Andrew Bartlett | 1 | -2/+16 | |
Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org> | |||||
2010-10-12 | libcli/security Provide a common, top level libcli/security/security.h | Andrew Bartlett | 1 | -45/+0 | |
This will reduce the noise from merges of the rest of the libcli/security code, without this commit changing what code is actually used. This includes (along with other security headers) dom_sid.h and security_token.h Andrew Bartlett Autobuild-User: Andrew Bartlett <abartlet@samba.org> Autobuild-Date: Tue Oct 12 05:54:10 UTC 2010 on sn-devel-104 | |||||
2010-10-12 | s4-libcli/security Use seperate subsystem for session related functions | Andrew Bartlett | 4 | -12/+41 | |
The merged I plan in this area require spliting security.h into two header files, a common header and a session.h for the remaining source4-specific code. Andrew Bartlett | |||||
2010-10-12 | libcli/security Move most of security_token.c to common code. | Andrew Bartlett | 4 | -182/+66 | |
The source4-specific session_info functions have been left in session.c Andrew Bartlett | |||||
2010-09-21 | s4-selftest: Move more tests to scripting/python, simplifies running of tests. | Jelmer Vernooij | 1 | -143/+0 | |
2010-09-11 | libcli/security Use talloc_zero when making a struct security_token | Andrew Bartlett | 1 | -5/+1 | |
2010-09-11 | libcli/security Move source4/ privileges code into the common libcli/security | Andrew Bartlett | 3 | -310/+2 | |
Signed-off-by: Andrew Tridgell <tridge@samba.org> | |||||
2010-09-11 | s4-privs Add a lookup by index of privilages | Andrew Bartlett | 1 | -0/+11 | |
Now that privileges are no longer given luid values sequentially, we need another way to look them up for enumeration. Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org> | |||||
2010-09-11 | privs Add my Copyright | Andrew Bartlett | 1 | -0/+1 | |
Signed-off-by: Andrew Tridgell <tridge@samba.org> | |||||
2010-09-11 | s4-privs Remove link between enum sec_privilege and the privilege bitmap | Andrew Bartlett | 1 | -17/+69 | |
This allows us to set the enum sec_privilege constants to the LUID values that are seen from windows, which we need to match, in order to preserve the support for the NT Print Migrator tool after a merge with the source3/ privileges code. Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org> | |||||
2010-09-09 | s4:libcli/security/*.c - fix some wrong typed counters | Matthias Dieter Wallnöfer | 3 | -10/+7 | |
According to "librpc/gen_ndr/security.h" they need to be "uint32_t". | |||||
2010-08-23 | s4:security Change struct security_token->sids from struct dom_sid * to ↵ | Andrew Bartlett | 2 | -7/+7 | |
struct dom_sid This makes the structure much more like NT_USER_TOKEN in the source3/ code. (The remaining changes are that privilages still need to be merged) Andrew Bartlett | |||||
2010-08-18 | s4:security Remove use of user_sid and group_sid from struct security_token | Andrew Bartlett | 2 | -8/+7 | |
This makes the structure more like Samba3's NT_USER_TOKEN | |||||
2010-08-18 | s4:security Bring in #defines for the user and primary group token location | Andrew Bartlett | 1 | -0/+3 | |
This will allow us to stop duplicating the user and primary group SID in the struct security_token, and therefore make it more like the NT_USER_TOKEN in Samba3. Andrew Bartlett | |||||
2010-08-17 | s4-drs: fixed check for SECURITY_RO_DOMAIN_CONTROLLER | Andrew Tridgell | 1 | -6/+6 | |
check more than the user_sid, and also check for the right rid value Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org> | |||||
2010-06-19 | python: Use samba.tests.TestCase, make sure base class tearDown and | Jelmer Vernooij | 1 | -10/+18 | |
setUp methods are called, fix formatting. | |||||
2010-04-22 | s4-drs: added new SECURITY_RO_DOMAIN_CONTROLLER level | Andrew Tridgell | 2 | -6/+18 | |
This is used for allowing operations by RODCs, and denying them operations that should only be allowed for a full DC This required a new domain_sid argument to security_session_user_level() Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org> Pair-Programmed-With: Rusty Russell <rusty@samba.org> | |||||
2010-04-20 | Removed more excess looping and fixed problem with incorrect IO flag handling. | Nadezhda Ivanova | 1 | -126/+81 | |
2010-04-15 | A bit of refactoring in the SD creation code. | Nadezhda Ivanova | 1 | -127/+71 | |
2010-04-06 | s4-waf: removed the AUTOGENERATED markers | Andrew Tridgell | 1 | -4/+0 | |
we won't be using the mk -> wscript generator again | |||||
2010-04-06 | s4-waf: mark the wscript files as python so vim/emacs knows how to highlight ↵ | Andrew Tridgell | 1 | -0/+2 | |
them | |||||
2010-04-06 | build: waf quicktest nearly works | Andrew Tridgell | 1 | -1/+1 | |
Rewrote wafsamba using a new dependency handling system, and started adding the waf test code | |||||
2010-04-06 | build: commit all the waf build files in the tree | Andrew Tridgell | 1 | -0/+10 | |
2010-03-25 | python: use '#!/usr/bin/env python' to cope with varying install locations | Andrew Tridgell | 1 | -1/+1 | |
this should be much more portable | |||||
2010-03-24 | Missing include guard in source4/libcli/security/security.h | Jeremy Allison | 1 | -0/+5 | |
Jeremy. | |||||
2010-03-03 | s4:move the sddl code down to the top level | Michael Adam | 3 | -627/+2 | |
Michael | |||||
2010-02-02 | Change uint_t to unsigned int in source4 | Matt Kraai | 1 | -1/+1 | |
Signed-off-by: Stefan Metzmacher <metze@samba.org> | |||||
2010-01-02 | s4-sddl: DRS replication needs REVISION_ADS for SDs | Andrew Tridgell | 1 | -1/+1 | |
DRS replication with w2k8-r2 fails with a schema mismatch error if we set the revision to NT4 | |||||
2009-12-31 | py/security: Add test for dom_sid.split. | Jelmer Vernooij | 1 | -3/+8 | |
Signed-off-by: Andrew Tridgell <tridge@samba.org> | |||||
2009-12-17 | Fixed incorrect checking of PRINCIPAL_SELF permissions. | Nadezhda Ivanova | 1 | -3/+12 | |
If an ace has the PRINCIPAL_SELF as trustee, this sid has to be replaced with the onjectSid of the object being checked. PRINCIPAL_SELF is the way to grant rights to an account over itself. | |||||
2009-11-27 | s4:security/sddl - rework of the security descriptor abbreviations | Matthias Dieter Wallnöfer | 1 | -28/+33 | |
- Reoder them - Add some new ones (needed for the security descriptor in the provision script) | |||||
2009-11-17 | Fixed incorrect SID for RAS Servers. | Nadezhda Ivanova | 2 | -1/+2 | |
2009-11-15 | Fixed some major bugs in inheritance and access checks. | Nadezhda Ivanova | 1 | -13/+16 | |
Fixed sd creation not working on LDAP modify. Fixed incorrect replacement of CO and CG. Fixed incorrect access check on modify for SD modification. Fixed failing sec_descriptor test and enabled it. Fixed failing sd add test in ldap.python | |||||
2009-11-05 | Version 1.0 of the directory service acls module. | Nadezhda Ivanova | 2 | -47/+60 | |
At this point, support for checks on LDAP add, delete, rename and modify. Old kludge_acl is still there to handle the searches. This module is synchronous as the async version was impossible to debug, will be converted to async after some user testing. | |||||
2009-11-03 | Fixed some missing flags and bugs in the security creation. | Nadezhda Ivanova | 1 | -11/+47 | |
Also, added some logging. It needs improvement, possibly ability to turn in on and off via configuration file. | |||||
2009-11-03 | Fixed a bug in object specific access checks. | Nadezhda Ivanova | 1 | -2/+4 | |
2009-10-22 | s4:libcli/security/access_check - Add "const" in front of "type" | Matthias Dieter Wallnöfer | 1 | -1/+1 | |
Signed-off-by: Andrew Bartlett <abartlet@samba.org> | |||||
2009-10-17 | s4-acl: SEC_FLAG_MAXIMUM_ALLOWED doesn't auto-apply privilege access masks | Andrew Tridgell | 1 | -6/+2 | |
2009-10-17 | s4-security: honor more of the privilege access bits | Andrew Tridgell | 1 | -4/+12 | |
2009-10-02 | s4: fix various warnings (not "const" related ones) | Matthias Dieter Wallnöfer | 1 | -3/+3 | |
2009-09-28 | s4-acl: fixed SD creation | Andrew Tridgell | 1 | -12/+22 | |
Thanks for Nadya and Metze for this. The SDs were being created with invalid fields (noticed by w2k8-r2 client when joining our domain) | |||||
2009-09-24 | Fixed a dereferenced null pointer. | Nadezhda Ivanova | 1 | -16/+14 | |
2009-09-21 | Initial Implementation of the DS objects access checks. | Nadezhda Ivanova | 4 | -1/+252 | |
Currently disabled. The search will be greatly modified, also the object tree stuff will be simplified. | |||||
2009-09-20 | Initial implementation of security descriptor creation in DS | Nadezhda Ivanova | 1 | -4/+348 | |
TODO's: ACE sorting and clarifying the inheritance of object specific ace's. | |||||
2009-09-17 | pyldb: Don't segfault when invalid type is specified to as_sddl and from_sddl. | Matthieu Patou | 1 | -0/+17 | |
Fix bug #6723 | |||||
2009-09-16 | Owner and group defaulting. | Nadezhda Ivanova | 2 | -1/+118 | |
Signed-off-by: Andrew Bartlett <abartlet@samba.org> | |||||
2009-09-15 | s4-security: added a new security level SECURITY_DOMAIN_CONTROLLER | Andrew Tridgell | 2 | -0/+10 | |
This will be used as a simple way to lock down DRS replication to administrators and domain controllers | |||||
2009-07-19 | Fix typo | Matthias Dieter Wallnöfer | 1 | -1/+1 | |
2009-05-29 | s4: Add additional 2-letter SID/RID mappings. | Andrew Kroeger | 1 | -0/+23 | |
Information from http://msdn.microsoft.com/en-us/library/aa379602(VS.85).aspx |