Age | Commit message (Collapse) | Author | Files | Lines | |
---|---|---|---|---|---|
2009-12-31 | py/security: Add test for dom_sid.split. | Jelmer Vernooij | 1 | -3/+8 | |
Signed-off-by: Andrew Tridgell <tridge@samba.org> | |||||
2009-12-17 | Fixed incorrect checking of PRINCIPAL_SELF permissions. | Nadezhda Ivanova | 1 | -3/+12 | |
If an ace has the PRINCIPAL_SELF as trustee, this sid has to be replaced with the onjectSid of the object being checked. PRINCIPAL_SELF is the way to grant rights to an account over itself. | |||||
2009-11-27 | s4:security/sddl - rework of the security descriptor abbreviations | Matthias Dieter Wallnöfer | 1 | -28/+33 | |
- Reoder them - Add some new ones (needed for the security descriptor in the provision script) | |||||
2009-11-17 | Fixed incorrect SID for RAS Servers. | Nadezhda Ivanova | 2 | -1/+2 | |
2009-11-15 | Fixed some major bugs in inheritance and access checks. | Nadezhda Ivanova | 1 | -13/+16 | |
Fixed sd creation not working on LDAP modify. Fixed incorrect replacement of CO and CG. Fixed incorrect access check on modify for SD modification. Fixed failing sec_descriptor test and enabled it. Fixed failing sd add test in ldap.python | |||||
2009-11-05 | Version 1.0 of the directory service acls module. | Nadezhda Ivanova | 2 | -47/+60 | |
At this point, support for checks on LDAP add, delete, rename and modify. Old kludge_acl is still there to handle the searches. This module is synchronous as the async version was impossible to debug, will be converted to async after some user testing. | |||||
2009-11-03 | Fixed some missing flags and bugs in the security creation. | Nadezhda Ivanova | 1 | -11/+47 | |
Also, added some logging. It needs improvement, possibly ability to turn in on and off via configuration file. | |||||
2009-11-03 | Fixed a bug in object specific access checks. | Nadezhda Ivanova | 1 | -2/+4 | |
2009-10-22 | s4:libcli/security/access_check - Add "const" in front of "type" | Matthias Dieter Wallnöfer | 1 | -1/+1 | |
Signed-off-by: Andrew Bartlett <abartlet@samba.org> | |||||
2009-10-17 | s4-acl: SEC_FLAG_MAXIMUM_ALLOWED doesn't auto-apply privilege access masks | Andrew Tridgell | 1 | -6/+2 | |
2009-10-17 | s4-security: honor more of the privilege access bits | Andrew Tridgell | 1 | -4/+12 | |
2009-10-02 | s4: fix various warnings (not "const" related ones) | Matthias Dieter Wallnöfer | 1 | -3/+3 | |
2009-09-28 | s4-acl: fixed SD creation | Andrew Tridgell | 1 | -12/+22 | |
Thanks for Nadya and Metze for this. The SDs were being created with invalid fields (noticed by w2k8-r2 client when joining our domain) | |||||
2009-09-24 | Fixed a dereferenced null pointer. | Nadezhda Ivanova | 1 | -16/+14 | |
2009-09-21 | Initial Implementation of the DS objects access checks. | Nadezhda Ivanova | 4 | -1/+252 | |
Currently disabled. The search will be greatly modified, also the object tree stuff will be simplified. | |||||
2009-09-20 | Initial implementation of security descriptor creation in DS | Nadezhda Ivanova | 1 | -4/+348 | |
TODO's: ACE sorting and clarifying the inheritance of object specific ace's. | |||||
2009-09-17 | pyldb: Don't segfault when invalid type is specified to as_sddl and from_sddl. | Matthieu Patou | 1 | -0/+17 | |
Fix bug #6723 | |||||
2009-09-16 | Owner and group defaulting. | Nadezhda Ivanova | 2 | -1/+118 | |
Signed-off-by: Andrew Bartlett <abartlet@samba.org> | |||||
2009-09-15 | s4-security: added a new security level SECURITY_DOMAIN_CONTROLLER | Andrew Tridgell | 2 | -0/+10 | |
This will be used as a simple way to lock down DRS replication to administrators and domain controllers | |||||
2009-07-19 | Fix typo | Matthias Dieter Wallnöfer | 1 | -1/+1 | |
2009-05-29 | s4: Add additional 2-letter SID/RID mappings. | Andrew Kroeger | 1 | -0/+23 | |
Information from http://msdn.microsoft.com/en-us/library/aa379602(VS.85).aspx | |||||
2009-05-20 | s4: try to fix privileges implementation in order to pass the ↵ | Günther Deschner | 1 | -1/+5 | |
RPC-SAMR-USERS-PRIVILEGES test. Guenther | |||||
2009-04-23 | Fix of a bug in the security.descriptor.as_sddl() method | nadezhda ivanova | 1 | -0/+6 | |
security.descriptor.as_sddl() method did not work correctly when invoked without supplying the domain sid. Returned the same value as when the sid was provided. Test added for this case in libcli/security/tests/bindings.py Signed-off-by: Jelmer Vernooij <jelmer@samba.org> | |||||
2009-04-21 | Move the security_descriptor utility code to the top-level. | Jelmer Vernooij | 3 | -535/+2 | |
2009-04-20 | Add a unit test for security_descriptor.as_sddl() without arguments. | Jelmer Vernooij | 1 | -0/+10 | |
2009-03-25 | display_sec: Move to common libcli/security directory. | Jelmer Vernooij | 1 | -2/+0 | |
2009-03-01 | Add header files for secace and secacl. | Jelmer Vernooij | 1 | -1/+2 | |
2009-03-01 | Move secacl to top-level. | Jelmer Vernooij | 1 | -1/+2 | |
2009-03-01 | Move secace.c to top-level. | Jelmer Vernooij | 1 | -1/+2 | |
2009-02-01 | shared: Move dom_sid_* utility functions to top level | Kai Blin | 3 | -308/+5 | |
2009-01-30 | Fix the mess with ldb includes. | Simo Sorce | 1 | -1/+0 | |
Separate again the public from the private headers. Add a new header specific for modules. Also add service function for modules as now ldb_context and ldb_module are opaque structures for them. | |||||
2009-01-22 | Implement as_sddl. | Jelmer Vernooij | 1 | -0/+10 | |
2009-01-22 | Support parsing sddl for security descriptors. | Jelmer Vernooij | 1 | -0/+8 | |
2008-12-23 | Fix more compiler warnings in various places. | Jelmer Vernooij | 1 | -1/+0 | |
2008-12-21 | Fix comparison in tests now that we use __cmp__ rather than __eq__. | Jelmer Vernooij | 1 | -2/+2 | |
2008-12-21 | Fix more tests, improve repr() functions for various Python types. | Jelmer Vernooij | 2 | -8/+8 | |
2008-12-21 | Simplify customization of pidl-generated Python modules. | Jelmer Vernooij | 1 | -16/+24 | |
2008-12-21 | Merge the rest of security.i into samba.dcerpc.security. | Jelmer Vernooij | 4 | -3701/+0 | |
2008-12-21 | Remove duplicate Python bindings for dom_sid, security_descriptor and | Jelmer Vernooij | 3 | -1022/+40 | |
security_token. | |||||
2008-12-21 | Include errors.i verbatim in security.i, as it's the only file still using it. | Jelmer Vernooij | 1 | -1/+33 | |
2008-12-20 | Fix compiler warning when parsing a SID in a data blob | Andrew Bartlett | 1 | -1/+1 | |
2008-12-12 | Manually marshall dom_sid, so we can use a fixed size array for | Jelmer Vernooij | 3 | -37/+1 | |
dom_sid.sub_auths rather than a dynamically allocated one. This makes it possible to use the same DCE/RPC object code for Samba 3 and Samba 4's DCE/RPC parsers and allows copying sids more easily (since they no longer contain any pointers). The cost of having additional manual marshalling code is limited (~35 additional lines of C code). | |||||
2008-11-16 | s4:librpc/ndr: integrate NDR_MISC into LIBNDR | Stefan Metzmacher | 1 | -1/+1 | |
metze | |||||
2008-10-28 | s4: libcli/security: a NULL DACL allows access | Stefan Metzmacher | 1 | -11/+2 | |
This fixes bug 4284. metze | |||||
2008-09-30 | Make Sid member variables accessible from Python. | Jelmer Vernooij | 3 | -0/+128 | |
2008-09-23 | fixed problem with ACLs with an empty DACL list | Andrew Tridgell | 1 | -1/+14 | |
2008-09-19 | Add test for Sid.__repr__. | Jelmer Vernooij | 1 | -0/+4 | |
2008-09-18 | Generate with 1.3.36. | Jelmer Vernooij | 2 | -31/+36 | |
2008-09-18 | Implement __repr__ for Sid. | Jelmer Vernooij | 1 | -2/+6 | |
2008-08-21 | Don't walk past the end of ldb values. | Andrew Bartlett | 1 | -0/+15 | |
This is a partial fix towards bugs due to us walking past the end of what we think are strings in ldb. There is much more work to do in this area. Andrew Bartlett (This used to be commit 5805a9a8f35fd90fa4f718f73534817fa3bbdfd2) |