samba-mirror

mirror of https://github.com/samba-team/samba.git synced 2025-01-06 13:18:07 +03:00

Ignoring revisions in .git-blame-ignore-revs. Click here to bypass and see the normal blame view.

104 lines

3.0 KiB

C

Raw Normal View History

r23485: This checkin consists mostly of refactorings in preparation of the activation of global registry options in loadparm.c, mainly to extract functionality from net_conf.c to be made availabel elsewhere and to minimize linker dependencies. In detail: * move functions registry_push/pull_value from lib/util_reg.c to new file lib/util_reg_api.c * create a fake user token consisting of builtin administrators sid and se_disk_operators privilege by hand instead of using get_root_nt_token() to minimize linker deps for bin/net. + new function registry_create_admin_token() in new lib/util_reg_smbconf.c + move dup_nt_token from auth/token_util.c to new file lib/util_nttoken.c + adapt net_conf.c and Makefile.in accordingly. * split lib/profiles.c into two parts: new file lib/profiles_basic.c takes all the low level mask manipulation and format conversion functions (se_priv, privset, luid). the privs array is completely hidden from profiles.c by adding some access-functions. some mask-functions are not static anymore. Generally, SID- and LUID-related stuff that has more dependencies is kept in lib/profiles.c * Move initialization of regdb from net_conf.c into a function registry_init_regdb() in lib/util_reg_smbconf.c. Michael (This used to be commit efd3e2bfb756ac5c4df7984791c67e7ae20a582e) 2007-06-14 15:29:35 +04:00			`/*`
			`* Unix SMB/CIFS implementation.`
			`* Authentication utility functions`
			`* Copyright (C) Andrew Tridgell 1992-1998`
s3-lib/util_nttoken: Reimplement dup_nt_token() with NDR pull/push The struct security_token can now contain complex claims as well as SIDs so we can no longer just duplicate it by hand. Instead let PIDL and libndr do the hard work for us. Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> 2023-09-14 09:24:36 +03:00			`* Copyright (C) Andrew Bartlett 2001-2023`
r23485: This checkin consists mostly of refactorings in preparation of the activation of global registry options in loadparm.c, mainly to extract functionality from net_conf.c to be made availabel elsewhere and to minimize linker dependencies. In detail: * move functions registry_push/pull_value from lib/util_reg.c to new file lib/util_reg_api.c * create a fake user token consisting of builtin administrators sid and se_disk_operators privilege by hand instead of using get_root_nt_token() to minimize linker deps for bin/net. + new function registry_create_admin_token() in new lib/util_reg_smbconf.c + move dup_nt_token from auth/token_util.c to new file lib/util_nttoken.c + adapt net_conf.c and Makefile.in accordingly. * split lib/profiles.c into two parts: new file lib/profiles_basic.c takes all the low level mask manipulation and format conversion functions (se_priv, privset, luid). the privs array is completely hidden from profiles.c by adding some access-functions. some mask-functions are not static anymore. Generally, SID- and LUID-related stuff that has more dependencies is kept in lib/profiles.c * Move initialization of regdb from net_conf.c into a function registry_init_regdb() in lib/util_reg_smbconf.c. Michael (This used to be commit efd3e2bfb756ac5c4df7984791c67e7ae20a582e) 2007-06-14 15:29:35 +04:00			`* Copyright (C) Jeremy Allison 2000-2001`
			`* Copyright (C) Rafal Szczesniak 2002`
			`* Copyright (C) Volker Lendecke 2006`
			`* Copyright (C) Michael Adam 2007`
Add gp_get_machine_token(). Guenther (This used to be commit 2f1bc7ddad97b9137ae4cce696bf4e08f9b7ca20) 2008-02-29 20:23:53 +03:00			`* Copyright (C) Guenther Deschner 2007`
r23485: This checkin consists mostly of refactorings in preparation of the activation of global registry options in loadparm.c, mainly to extract functionality from net_conf.c to be made availabel elsewhere and to minimize linker dependencies. In detail: * move functions registry_push/pull_value from lib/util_reg.c to new file lib/util_reg_api.c * create a fake user token consisting of builtin administrators sid and se_disk_operators privilege by hand instead of using get_root_nt_token() to minimize linker deps for bin/net. + new function registry_create_admin_token() in new lib/util_reg_smbconf.c + move dup_nt_token from auth/token_util.c to new file lib/util_nttoken.c + adapt net_conf.c and Makefile.in accordingly. * split lib/profiles.c into two parts: new file lib/profiles_basic.c takes all the low level mask manipulation and format conversion functions (se_priv, privset, luid). the privs array is completely hidden from profiles.c by adding some access-functions. some mask-functions are not static anymore. Generally, SID- and LUID-related stuff that has more dependencies is kept in lib/profiles.c * Move initialization of regdb from net_conf.c into a function registry_init_regdb() in lib/util_reg_smbconf.c. Michael (This used to be commit efd3e2bfb756ac5c4df7984791c67e7ae20a582e) 2007-06-14 15:29:35 +04:00			`*`
			`* This program is free software; you can redistribute it and/or modify`
			`* it under the terms of the GNU General Public License as published by`
r23779: Change from v2 or later to v3 or later. Jeremy. (This used to be commit 407e6e695b8366369b7c76af1ff76869b45347b3) 2007-07-09 23:25:36 +04:00			`* the Free Software Foundation; either version 3 of the License, or`
r23485: This checkin consists mostly of refactorings in preparation of the activation of global registry options in loadparm.c, mainly to extract functionality from net_conf.c to be made availabel elsewhere and to minimize linker dependencies. In detail: * move functions registry_push/pull_value from lib/util_reg.c to new file lib/util_reg_api.c * create a fake user token consisting of builtin administrators sid and se_disk_operators privilege by hand instead of using get_root_nt_token() to minimize linker deps for bin/net. + new function registry_create_admin_token() in new lib/util_reg_smbconf.c + move dup_nt_token from auth/token_util.c to new file lib/util_nttoken.c + adapt net_conf.c and Makefile.in accordingly. * split lib/profiles.c into two parts: new file lib/profiles_basic.c takes all the low level mask manipulation and format conversion functions (se_priv, privset, luid). the privs array is completely hidden from profiles.c by adding some access-functions. some mask-functions are not static anymore. Generally, SID- and LUID-related stuff that has more dependencies is kept in lib/profiles.c * Move initialization of regdb from net_conf.c into a function registry_init_regdb() in lib/util_reg_smbconf.c. Michael (This used to be commit efd3e2bfb756ac5c4df7984791c67e7ae20a582e) 2007-06-14 15:29:35 +04:00			`* (at your option) any later version.`
			`*`
			`* This program is distributed in the hope that it will be useful,`
			`* but WITHOUT ANY WARRANTY; without even the implied warranty of`
			`* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the`
			`* GNU General Public License for more details.`
			`*`
			`* You should have received a copy of the GNU General Public License`
r23801: The FSF has moved around a lot. This fixes their Mass Ave address. (This used to be commit 87c91e4362c51819032bfbebbb273c52e203b227) 2007-07-10 09:23:25 +04:00			`* along with this program; if not, see <http://www.gnu.org/licenses/>.`
r23485: This checkin consists mostly of refactorings in preparation of the activation of global registry options in loadparm.c, mainly to extract functionality from net_conf.c to be made availabel elsewhere and to minimize linker dependencies. In detail: * move functions registry_push/pull_value from lib/util_reg.c to new file lib/util_reg_api.c * create a fake user token consisting of builtin administrators sid and se_disk_operators privilege by hand instead of using get_root_nt_token() to minimize linker deps for bin/net. + new function registry_create_admin_token() in new lib/util_reg_smbconf.c + move dup_nt_token from auth/token_util.c to new file lib/util_nttoken.c + adapt net_conf.c and Makefile.in accordingly. * split lib/profiles.c into two parts: new file lib/profiles_basic.c takes all the low level mask manipulation and format conversion functions (se_priv, privset, luid). the privs array is completely hidden from profiles.c by adding some access-functions. some mask-functions are not static anymore. Generally, SID- and LUID-related stuff that has more dependencies is kept in lib/profiles.c * Move initialization of regdb from net_conf.c into a function registry_init_regdb() in lib/util_reg_smbconf.c. Michael (This used to be commit efd3e2bfb756ac5c4df7984791c67e7ae20a582e) 2007-06-14 15:29:35 +04:00			`*/`

			`/* function(s) moved from auth/auth_util.c to minimize linker deps */`

			`#include "includes.h"`
libcli/security Provide a common, top level libcli/security/security.h This will reduce the noise from merges of the rest of the libcli/security code, without this commit changing what code is actually used. This includes (along with other security headers) dom_sid.h and security_token.h Andrew Bartlett Autobuild-User: Andrew Bartlett <abartlet@samba.org> Autobuild-Date: Tue Oct 12 05:54:10 UTC 2010 on sn-devel-104 2010-10-12 08:27:50 +04:00			`#include "../libcli/security/security.h"`
r23485: This checkin consists mostly of refactorings in preparation of the activation of global registry options in loadparm.c, mainly to extract functionality from net_conf.c to be made availabel elsewhere and to minimize linker dependencies. In detail: * move functions registry_push/pull_value from lib/util_reg.c to new file lib/util_reg_api.c * create a fake user token consisting of builtin administrators sid and se_disk_operators privilege by hand instead of using get_root_nt_token() to minimize linker deps for bin/net. + new function registry_create_admin_token() in new lib/util_reg_smbconf.c + move dup_nt_token from auth/token_util.c to new file lib/util_nttoken.c + adapt net_conf.c and Makefile.in accordingly. * split lib/profiles.c into two parts: new file lib/profiles_basic.c takes all the low level mask manipulation and format conversion functions (se_priv, privset, luid). the privs array is completely hidden from profiles.c by adding some access-functions. some mask-functions are not static anymore. Generally, SID- and LUID-related stuff that has more dependencies is kept in lib/profiles.c * Move initialization of regdb from net_conf.c into a function registry_init_regdb() in lib/util_reg_smbconf.c. Michael (This used to be commit efd3e2bfb756ac5c4df7984791c67e7ae20a582e) 2007-06-14 15:29:35 +04:00
Add gp_get_machine_token(). Guenther (This used to be commit 2f1bc7ddad97b9137ae4cce696bf4e08f9b7ca20) 2008-02-29 20:23:53 +03:00			`/****************************************************************************`
			`merge NT tokens`
			`****************************************************************************/`

s3-lib: Modify merge_nt_token() into a GPO-specifc merge with SYSTEM By making this specific to the only use case, merging with the SYSTEM token for GPOs, we avoid having to merge the claims, as there are none for SYSTEM. Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> 2023-09-15 03:08:20 +03:00			`NTSTATUS merge_with_system_token(TALLOC_CTX *mem_ctx,`
			`const struct security_token *token_1,`
			`struct security_token **token_out)`
Add gp_get_machine_token(). Guenther (This used to be commit 2f1bc7ddad97b9137ae4cce696bf4e08f9b7ca20) 2008-02-29 20:23:53 +03:00			`{`
s3-lib: Modify merge_nt_token() into a GPO-specifc merge with SYSTEM By making this specific to the only use case, merging with the SYSTEM token for GPOs, we avoid having to merge the claims, as there are none for SYSTEM. Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> 2023-09-15 03:08:20 +03:00			`const struct security_token *token_2 = get_system_token();`
s3-auth Change struct nt_user_token -> struct security_token This common structure is defined in security.idl Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org> 2010-08-26 14:04:11 +04:00			`struct security_token *token = NULL;`
Add gp_get_machine_token(). Guenther (This used to be commit 2f1bc7ddad97b9137ae4cce696bf4e08f9b7ca20) 2008-02-29 20:23:53 +03:00			`NTSTATUS status;`
lib: Align integer types Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> 2021-01-15 18:02:52 +03:00			`uint32_t i;`
Add gp_get_machine_token(). Guenther (This used to be commit 2f1bc7ddad97b9137ae4cce696bf4e08f9b7ca20) 2008-02-29 20:23:53 +03:00
			`if (!token_1 \|\| !token_2 \|\| !token_out) {`
			`return NT_STATUS_INVALID_PARAMETER;`
			`}`

s3-talloc Change TALLOC_ZERO_P() to talloc_zero() Using the standard macro makes it easier to move code into common, as TALLOC_ZERO_P isn't standard talloc. 2011-06-07 05:44:43 +04:00			`token = talloc_zero(mem_ctx, struct security_token);`
Add gp_get_machine_token(). Guenther (This used to be commit 2f1bc7ddad97b9137ae4cce696bf4e08f9b7ca20) 2008-02-29 20:23:53 +03:00			`NT_STATUS_HAVE_NO_MEMORY(token);`

			`for (i=0; i < token_1->num_sids; i++) {`
			`status = add_sid_to_array_unique(mem_ctx,`
s3-auth Rename NT_USER_TOKEN user_sids -> sids This is closer to the struct security_token from security.idl 2010-08-31 03:32:52 +04:00			`&token_1->sids[i],`
			`&token->sids,`
Add gp_get_machine_token(). Guenther (This used to be commit 2f1bc7ddad97b9137ae4cce696bf4e08f9b7ca20) 2008-02-29 20:23:53 +03:00			`&token->num_sids);`
			`if (!NT_STATUS_IS_OK(status)) {`
			`TALLOC_FREE(token);`
			`return status;`
			`}`
			`}`

			`for (i=0; i < token_2->num_sids; i++) {`
			`status = add_sid_to_array_unique(mem_ctx,`
s3-auth Rename NT_USER_TOKEN user_sids -> sids This is closer to the struct security_token from security.idl 2010-08-31 03:32:52 +04:00			`&token_2->sids[i],`
			`&token->sids,`
Add gp_get_machine_token(). Guenther (This used to be commit 2f1bc7ddad97b9137ae4cce696bf4e08f9b7ca20) 2008-02-29 20:23:53 +03:00			`&token->num_sids);`
			`if (!NT_STATUS_IS_OK(status)) {`
			`TALLOC_FREE(token);`
			`return status;`
			`}`
			`}`

s3-privs Directly manipulate the privileges bitmap. There is no longer any reason to go via the se_ functions to manipulate this bitmap. Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org> 2010-08-30 07:14:40 +04:00			`token->privilege_mask \|= token_1->privilege_mask;`
			`token->privilege_mask \|= token_2->privilege_mask;`
Add gp_get_machine_token(). Guenther (This used to be commit 2f1bc7ddad97b9137ae4cce696bf4e08f9b7ca20) 2008-02-29 20:23:53 +03:00
s3-util_nttoken.c Also copy the rights_mask when copying a security_token These are unused in source3/ code at the moment, but it would be unfortunate if that were to change, and this function not be updated. Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org> 2010-09-17 10:23:53 +04:00			`token->rights_mask \|= token_1->rights_mask;`
			`token->rights_mask \|= token_2->rights_mask;`

s3-lib: Modify merge_nt_token() into a GPO-specifc merge with SYSTEM By making this specific to the only use case, merging with the SYSTEM token for GPOs, we avoid having to merge the claims, as there are none for SYSTEM. Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> 2023-09-15 03:08:20 +03:00			`/*`
			`* We don't need to merge claims as the system token has no`
			`* claims`
			`*/`

Add gp_get_machine_token(). Guenther (This used to be commit 2f1bc7ddad97b9137ae4cce696bf4e08f9b7ca20) 2008-02-29 20:23:53 +03:00			`*token_out = token;`

			`return NT_STATUS_OK;`
			`}`
Move secace.c to top-level. 2009-03-01 19:59:30 +03:00
			`/*******************************************************************`
s3-secdesc: remove "typedef struct security_ace SEC_ACE". Guenther 2010-05-18 05:25:38 +04:00			`Check if this struct security_ace has a SID in common with the token.`
Move secace.c to top-level. 2009-03-01 19:59:30 +03:00			`********************************************************************/`

s3:auth Remove NT_USER_TOKEN The all UPPER case typedef is no longer the preferred Samba style and this makes it easier to see that this is the IDL-derivied structure Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org> 2010-08-26 16:08:22 +04:00			`bool token_sid_in_ace(const struct security_token token, const struct security_ace ace)`
Move secace.c to top-level. 2009-03-01 19:59:30 +03:00			`{`
			`size_t i;`

			`for (i = 0; i < token->num_sids; i++) {`
s3-util_sid: use shared dom_sid_compare_auth and dom_sid_equal_X functions. Guenther 2010-08-26 17:48:50 +04:00			`if (dom_sid_equal(&ace->trustee, &token->sids[i]))`
Move secace.c to top-level. 2009-03-01 19:59:30 +03:00			`return true;`
			`}`

			`return false;`
			`}`

104 lines 3.0 KiB C Raw Normal View History Unescape Escape

104 lines

3.0 KiB

C

Raw Normal View History