summaryrefslogtreecommitdiff
path: root/source4/libcli
AgeCommit message (Collapse)AuthorFilesLines
2007-10-10r4151: added privilege attribute handling on samdb.Andrew Tridgell2-5/+20
pvfs will now honor some privileges on ACLs, and it will be quite easy to add the checks for more privileges in the necessary places, by making calls to sec_privilege_check(). (This used to be commit 3549039d0fbc54f87ae679e7288b82b28713e487)
2007-10-10r4150: - add fns for manipulating the privilege_mask in a security_tokenAndrew Tridgell2-6/+33
- add the hooks in access_check that check the privilege bitmasks for SEC_STD_DELETE and SEC_FLAG_SYSTEM_SECURITY (This used to be commit 0fa3764edcabffe8f7d5e40f0097f97d0c4519c4)
2007-10-10r4147: converted from NT_USER_TOKEN to struct security_tokenAndrew Tridgell5-34/+111
this is mostly just a tidyup, but also adds the privilege_mask, which I will be using shortly in ACL checking. note that I had to move the definition of struct security_token out of security.idl as pidl doesn't yet handle arrays of pointers, and the usual workaround (to use a intermediate structure) would make things too cumbersome for this structure, especially given we never encode it to NDR. (This used to be commit 7b446af09b8050746bfc2c50e9d56aa94397cc1a)
2007-10-10r4084: add some more error codesStefan Metzmacher1-0/+2
metze (This used to be commit e5db58526825476fd6d8d80c8ee6c3bca0e23c84)
2007-10-10r4080: missing file from the last commitStefan Metzmacher1-1/+1
metze (This used to be commit ea7b496995573426486b7eab5de822d5602d7368)
2007-10-10r4079: implement the gensec_have_feature() correctly by askingStefan Metzmacher4-25/+42
the backend what is actually in use metze (This used to be commit 6f3eb7bc03609108b9e0ea5676fca3d04140e737)
2007-10-10r4077: don't add wrapping to empty blobsStefan Metzmacher1-1/+5
metze (This used to be commit e6d83d019dc46ff7ae32e7c8f9f7a3ab7d0cdcf3)
2007-10-10r4073: - added a set of lsa helper routines to make lsa lookups that areAndrew Tridgell3-1/+304
related to filesharing. For example, in order to manipulate ACLs properly its important to be able to call LookupSids, and to be able to lookup what privileges a SID has. - added 3 new commands to smbclient "lookupname", "lookupsid" and "privileges" (This used to be commit 8780c40f0539da72652d17455e98fcaee6d197d1)
2007-10-10r4070: move some defines from asn_1.h to the places they belong toStefan Metzmacher8-17/+28
metze (This used to be commit ab2c2f27e1c61516e885f02bf26350f97209057a)
2007-10-10r4066: add a mapping for NT_STATUS_NO_MORE_ENTRIESAndrew Tridgell1-0/+1
(This used to be commit 335b1c6a52b2e437e7f16a84ba547e5387ef64d1)
2007-10-10r4065: fixed ntstatus->dos error code for NT_STATUS_NO_SUCH_FILEAndrew Tridgell1-1/+1
(This used to be commit 19efd83b863a8c94f509d6a933a7d5de43aa95e9)
2007-10-10r4063: - change char * -> uint8_t in struct request_bufferStefan Metzmacher14-37/+40
- change smbcli_read/write to take void * for the buffers to match read(2)/write(2) all this fixes a lot of gcc-4 warnings metze (This used to be commit b94f92bc6637f748d6f7049f4f9a30b0b8d18a7a)
2007-10-10r4062: the RAW-ACLS test now passes. The SEC_STD_DELETE bit is rather strangeAndrew Tridgell1-4/+7
though - I expect we'll need to tweak that some more. (This used to be commit e3500811b90b8423ee7694609340f394957d1160)
2007-10-10r4056: modified the access check code based on results from RAW-ACLSAndrew Tridgell1-26/+19
test. Also added generic mapping bits for pvfs. We don't pass RAW-ACLS yet, but its close. (This used to be commit c7cbd966d49a5345ea326732587555d209c531fc)
2007-10-10r4055: fixed more places to use type safe allocation macrosAndrew Tridgell6-14/+12
(This used to be commit eec698254f67365f27b4b7569fa982e22472aca1)
2007-10-10r4054: got rid of Realloc(), replacing it with the type safe macro realloc_p()Andrew Tridgell2-4/+7
(This used to be commit b0f6e21481745d1b2ced28d9ed6f09f6ffd99562)
2007-10-10r4052: fixed a bunch of code to use the type safe _p allocation macrosAndrew Tridgell3-16/+12
(This used to be commit 80d15fa3402a9d1183467463f6b21c0b674bc442)
2007-10-10r4045: readd krb5 support defaulted to disableStefan Metzmacher6-5/+17
use: gensec:krb5=yes gensec:ms_krb5=yes to enable it or -k on the client tools on the command line metze (This used to be commit 0ae5794cf44933d2554e0356baaca24c7a784f71)
2007-10-10r4044: only send supportedMech when we also send other dataStefan Metzmacher1-5/+8
metze (This used to be commit 1e0483a8482574fa0f8d7ad31cc4bf4a6155ec52)
2007-10-10r4037: fixed a bunch of "might be uninitialised" warnings after enabling -O1 ↵Andrew Tridgell2-1/+3
in my compile (This used to be commit 0928b1f5b68c858922c3ea6c27ed03b5091c6221)
2007-10-10r4034: add a function security_descriptor_create() which can be used toAndrew Tridgell1-0/+79
easily create complex security descriptors for testing. This greatly simplifies the smbtorture code I am writing for testing our new access_check code. (This used to be commit 891a8bc16af3c6ce5800e793ce4ec8b0078e444f)
2007-10-10r4025: added a sec_access_check() function for checking security descriptorsAndrew Tridgell3-39/+163
against a users security token and access_mask (This used to be commit c4d21cd4b1ccffd5aaa70a551c57f6eab1ca9c6d)
2007-10-10r4015: correct copyright attributionsAndrew Tridgell1-3/+2
(This used to be commit 078d9ab05bffc79e4f329ea18fe3dafd144d989c)
2007-10-10r4013: got rid of a bunch of unused or unmaintained codeAndrew Tridgell3-590/+25
- removed the clitar code. It is unmaintained, and a horribly badly done hack - removed client.h as it contained mostly unused definitions - removed the unused clidfs.c code (This used to be commit 31a7bddbb3815b4d625e993dbce4805dae1c18f8)
2007-10-10r4001: fix segfault fix auth failedStefan Metzmacher1-0/+3
metze (This used to be commit 6a7eee1d9917e0884072354dddae568645798da5)
2007-10-10r4000: DATA_BLOB.data is uint8_t * not void * :-)Stefan Metzmacher1-1/+1
(thanks abartlet for telling me) metze (This used to be commit 2783bf393f6310f9d827538329d619dad5b02dd0)
2007-10-10r3988: made dom_sid_add_rid() allocate the new sid with proper parent/child ↵Andrew Tridgell1-3/+5
talloc relationship (This used to be commit 5db0eb1fe3abb5150bef27bfed4b7da723e4a287)
2007-10-10r3979: added server side code for lsa_LookupSids2() and fixed authority_nameAndrew Tridgell1-0/+26
return code to include our own domain. editing of ACLs via the w2k3 GUI works nicely (and faster) with these changes (This used to be commit a3f7f34b3965ddbd89b06334e03d2e1bb6aa364b)
2007-10-10r3971: fix compiler warningsStefan Metzmacher3-4/+4
metze (This used to be commit 234166606dc86b9e98226cff94b3869ec173671e)
2007-10-10r3967: fix compiler warningsStefan Metzmacher1-2/+2
metze (This used to be commit 3f2c3ce2f0d11ea9f3c058690e0bb14d590c714c)
2007-10-10r3960: fix compiler warningsStefan Metzmacher1-4/+4
metze (This used to be commit 54d5b418a75d421a9c6c09bc084454f11e9b7b44)
2007-10-10r3959: fix compiler warningsStefan Metzmacher2-8/+8
metze (This used to be commit e28351f710525ca9863210974544a8b1a537e63a)
2007-10-10r3910: add some error codesStefan Metzmacher1-0/+6
metze (This used to be commit 64570b7a4734ec1cc56a07e6bd9b20a155a876c0)
2007-10-10r3906: fix compiler warningsStefan Metzmacher1-1/+1
metze (This used to be commit df924e18220aedbfbfae569e1fb37da652914c0b)
2007-10-10r3903: better fix for -r 3902Stefan Metzmacher1-2/+2
(not introduce new warnings:-) metze (This used to be commit 36b11992dc3b08914db24ec23f10cc8b3eb55320)
2007-10-10r3902: fix compiler warningsStefan Metzmacher1-2/+2
metze (This used to be commit ce7686ac3e15b0d52ef01bd8bd773641c8ce2e35)
2007-10-10r3901: fix compiler warningsStefan Metzmacher1-2/+2
metze (This used to be commit efe840c8b0dd599d205068a4946ef587d542f2a5)
2007-10-10r3900: fix compiler warningStefan Metzmacher1-1/+1
metze (This used to be commit f2ff50dfc40f7bf329ab83eefcc2cff9e575a84e)
2007-10-10r3899: fix compiler warningsStefan Metzmacher1-2/+2
metze (This used to be commit b1b47bda0177c42687b9c291e4e28ae123fb4eac)
2007-10-10r3898: Work towards local/server DCOM support, start workingJelmer Vernooij1-6/+6
on Simple example server side implementation (This used to be commit 98afb504d95ccca4d6ec48273e10b52ccfa26ad0)
2007-10-10r3885: Add security descriptor comparison to our RPC-SAMSYNC test. We nowAndrew Bartlett1-0/+21
verify that the security descriptor found in the SamSync is the same as what is available over SAMR. Unfortunately, the administrator seems unable to retrieve the SACL on the security descriptor, so I've added a new function to compare with a mask. Andrew Bartlett (This used to be commit 39ae5e1dac31a22086be50fb23261e02be877f3f)
2007-10-10r3836: - fixed the handling of NT_STATUS_BUFFER_TOO_SMALL in nttrans serverAndrew Tridgell1-1/+1
- fixed revision number on default DACL - fixed DACL_PRESENT bit in acl query with these fixes cacls.exe and the GUI ACL editor in w2k both work against pvfs. The GUI editor is slow as it times out looking up the SID -> name mappings. (This used to be commit 4468018cb63fd884920c2b0f5235bded50c6b5db)
2007-10-10r3832: added NT ACL query/set to the posix NTVFS backend. The default ACL isAndrew Tridgell1-1/+1
based on the current nttoken, which is completely wrong, but works as a start. The ACL is stored in the xattr system.DosAcl, using a NDR encoded IDL union with a version number to allow for future expansion. pvfs does not yet check the ACL for file access. At the moment the ACL is just query/set. We also need to do some RPC work to allow the windows ACL editor to be used. At the moment is queries the ACL fine, but displays an error when it fails to map the SIDs via rpc. (This used to be commit 3a1f20d874ab2d8b2a2f2485b7a705847abf1263)
2007-10-10r3830: unified the query/set security descriptor code with the rest of theAndrew Tridgell3-17/+29
queryfileinfo/setfileinfo logic, so querying/setting a security descriptor is treated as just another file query/set operation. This will allow NTVFS backends to see the query/set security descriptor operations as RAW_FILEINFO_SEC_DESC and RAW_SFILEINFO_SEC_DESC operations. (This used to be commit f68a6b6b915c37e48c42390c1e74c2d1c2636fa9)
2007-10-10r3829: added a RAW-ACLS test suite that tests query/set of ACLs on a fileAndrew Tridgell3-6/+141
(This used to be commit 2ff9816ae0ae41e0e63e4276a70d292888346dc7)
2007-10-10r3827: fixed copyright notices to remove simo and lkcl who have no code left ↵Andrew Tridgell1-3/+2
in this file (This used to be commit c75eb859391f747abc3fe513166c9f8d73ca349c)
2007-10-10r3826: - added testing of ea lists in NTTRANS CREATEAndrew Tridgell4-11/+109
- fixed push/pull of chained ea lists - fixed a bug in the nttrans wire encoding (This used to be commit fcd09224076508f9c10095bf2e2c394232a4d297)
2007-10-10r3821: added client side code and test code for NTTRANS_CREATEAndrew Tridgell1-0/+133
(This used to be commit 8422789c06c203ea1c4761fecb16f79f99ac479b)
2007-10-10r3810: create a LIB_SECURITY subsystemStefan Metzmacher6-9/+247
- move dom_sid, security_descriptor, security_* funtions to one place and rename some of them metze (This used to be commit b620bdd672cfdf0e009492e648b0709e6b6d8596)
2007-10-10r3806: added support to smb_server and pvfs for the NTTRANS Create call. ThisAndrew Tridgell1-1/+1
call has an optional sec_desc and ea_list. (This used to be commit 8379ad14e3d51a848a99865d9ce8d56a301e8a3c)