Andrew Bartlett
46f585e364
libcli/security Use sid_append_rid() in dom_sid_append_rid()
...
This ensures that the maximum number of sub-authorities is respected,
otherwise we may run off the end of the array.
Andrew Bartlett
2010-09-14 14:48:49 -07:00
Andrew Bartlett
51ecf79654
libcli/security Merge source3/ string_to_sid() to common code
...
The source3 code repsects the limit of a maximum of 15 subauths,
while the source4 code does not, creating a security issue as
we parse string-form SIDs from clients.
Andrew Bartlett
2010-09-14 14:48:49 -07:00
Andrew Bartlett
fdcadb5c3c
libcli/privileges Fix comment
2010-09-11 18:46:13 +10:00
Andrew Bartlett
0eea8ecfe2
s4-privs Seperate rights and privileges
...
These are related, but slightly different concepts. The biggest difference
is that rights are not enumerated as a system-wide list.
This moves the rights to security.idl due to dependencies.
Andrew Bartlett
2010-09-11 18:46:13 +10:00
Andrew Bartlett
ee943fb2bf
libcli/security Remove unused SE_NONE define
...
Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-09-11 18:46:13 +10:00
Andrew Bartlett
eb6a0cc326
libcli/security Move 'private' privileges functions to another header
...
These functions work on the bitmap, and are only exposed because
the source3/ privileges storage uses the bitmap in account_policy.tdb
Andrew Bartlett
Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-09-11 18:46:13 +10:00
Andrew Bartlett
6d2b1ef71d
libcli/security Remove 'always true' return from se_priv_put_all_privileges
...
Andrew Bartlett
Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-09-11 18:46:13 +10:00
Andrew Tridgell
382e2b321b
privileges: privilege luids are not all below 64
...
the ones brought across from s3 have higher values
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-09-11 18:46:12 +10:00
Andrew Bartlett
a32cdadb7c
libcli/security Make sec_privilege_from_index() return SEC_PRIV_INVALID on failure
...
This is clearer and more consistent than using a magic -1 return
Andrew Bartlett
Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-09-11 18:46:11 +10:00
Andrew Bartlett
0b41ef7895
libcli/security Remove unused declarations from privileges.h
...
Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-09-11 18:46:11 +10:00
Andrew Bartlett
71832a404e
libcli/security Expose sec_privilege_mask()
...
Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-09-11 18:46:11 +10:00
Andrew Bartlett
6d78e11e17
libcli/security make sec_privilege_id() return SEC_PRIV_INVALID on failure.
...
Andrew Bartlett
Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-09-11 18:46:10 +10:00
Andrew Bartlett
8ff6bc2350
libcli/security Remove unused functions and constants.
...
All the callers to these functions have been removed or reworked.
Andrew Bartlett
Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-09-11 18:46:10 +10:00
Andrew Bartlett
a53a42ffb8
libcli/security Rename all privilege bitmaps constants
...
The idea here to to make it very clear how they differ from the
enumerated LUID values.
Andrew Bartlett
Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-09-11 18:46:10 +10:00
Andrew Bartlett
2bb7b827d6
libcli/security Remove luid_to_se_priv() and luid_to_privilege_name()
...
These functions duplicate other functions in the merged code.
Andrew Bartlett
Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-09-11 18:46:10 +10:00
Andrew Bartlett
aab0b557b9
libcli/security Improve dump of privileges: Just walk the table
...
This removes some logic recently added that was just too smart - it
is easier to just walk the table and do a bit match here.
Andrew Bartlett
Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-09-11 18:46:09 +10:00
Andrew Bartlett
0e2142a927
s3-privs Remove pointer indirection from se_priv_to_privilege_set()
...
Andrew Bartlett
Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-09-11 18:46:09 +10:00
Andrew Bartlett
cbd72ab93b
libcli/security Don't export privs[] as a global variable
...
Instead, provide access functions for the LSA and net sam callers
for the information they need.
They still only enumerate the first 8 privileges that have traditionally
been exposed.
Andrew Bartlett
Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-09-11 18:46:08 +10:00
Andrew Bartlett
3c93d1ecbf
libcli/security Merge privilege lists from source3 and source4
...
The LSA enumeration in source3 will not show the new privileges,
but otherwise, they are now in common, and can be set by name.
Andrew Bartlett
Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-09-11 18:46:08 +10:00
Andrew Bartlett
d2e41105e2
libcli/security Return number of entries in the old source3 list
...
This ensures there isn't a behaviour change when the source3 list is combined
with the longer source4 list.
Andrew Bartlett
Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-09-11 18:46:08 +10:00
Andrew Bartlett
eb8e3155de
libcli/privileges Simplify get_privilege_luid() to return just the enum
...
As Samba only deals with the lower 32 bits of the LUID, just return those
and let the LSA layer deal with the upper 0 bits.
Andrew Bartlett
Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-09-11 18:46:08 +10:00
Andrew Bartlett
cdda15c062
libcli/security Don't memcpy a uint64_t value, just assign it.
...
Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-09-11 18:46:08 +10:00
Andrew Bartlett
780de03f00
libcli/security Use ARRAY_SIZE() consistantly.
...
This avoids the use of SE_END, and has all callers walking the
array using the same termination condition.
Andrew Bartlett
Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-09-11 18:46:08 +10:00
Andrew Bartlett
66ac968dd5
libcli/security Fix and clarify privilege manipulation function comments
...
Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-09-11 18:46:07 +10:00
Andrew Bartlett
9fb92c6014
libcli/security Make the two privileges tables share a common struct definition
...
Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-09-11 18:46:07 +10:00
Andrew Bartlett
dbee98d30f
libcli/security Move source4/ privileges code into the common libcli/security
...
Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-09-11 18:46:07 +10:00
Andrew Bartlett
0d25212cc1
s3-privs Move manual prototypes to common privileges.h
...
Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-09-11 18:46:07 +10:00
Andrew Bartlett
b29b6c13a3
s3-privs Inline dump_se_priv into callers now that it's just a uint64_t
...
The previous 128 bit structure needed this helper function.
Andrew Bartlett
Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-09-11 18:46:07 +10:00
Andrew Bartlett
f85b822bd4
libcli/security Use talloc_realloc() not TALLOC_REALLOC_ARRAY()
...
Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-09-11 18:46:07 +10:00
Andrew Bartlett
3f589c2155
libcli/security Use C99 types
...
Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-09-11 18:46:07 +10:00
Andrew Bartlett
b0690d6da7
libcli/security Use true and false, not True and False
...
Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-09-11 18:46:06 +10:00
Andrew Bartlett
f20bba97d8
s3-privs Move source3/ privileges implmentation into common
...
Andrew Bartlett
Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-09-11 18:46:06 +10:00
Matthias Dieter Wallnöfer
276a1a7fec
s3/s4 - remove "talloc_tos()" from common code since s4 doesn't support it
...
Please don't use this in common code parts until we change the policy regarding
it.
2010-06-21 12:35:51 +02:00
Brendan Powers
d3a99579f6
libcli: Fixed a segfault in security_acl_dup when the acl is NULL.
...
This can happen when duplicating a security descriptor that is missing either sacls or dacls.
Signed-off-by: Matthias Dieter Wallnöfer <mdw@samba.org>
2010-06-19 22:20:48 +02:00
Jelmer Vernooij
f9ca9e46ad
Finish removal of iconv_convenience in public API's.
2010-05-18 11:45:30 +02:00
Andrew Tridgell
b690fedef5
s4-waf: removed the AUTOGENERATED markers
...
we won't be using the mk -> wscript generator again
2010-04-06 20:27:16 +10:00
Andrew Tridgell
f9eae32f4b
s4-waf: mark the wscript files as python so vim/emacs knows how to highlight them
2010-04-06 20:27:11 +10:00
Andrew Tridgell
844acb2260
build: waf quicktest nearly works
...
Rewrote wafsamba using a new dependency handling system, and started
adding the waf test code
2010-04-06 20:26:48 +10:00
Andrew Tridgell
845e0cbe6f
build: commit all the waf build files in the tree
2010-04-06 20:26:48 +10:00
Volker Lendecke
c377a91373
Attempt to fix the build on AIX, that system seems to have a #define for s_type
2010-03-28 16:23:24 +02:00
Michael Adam
f37030b33a
libcli/security: fix sddl.c to be able to build it from source3
2010-03-03 09:16:34 +01:00
Michael Adam
15b60a7e3f
s4:move the sddl code down to the top level
...
Michael
2010-03-03 09:16:34 +01:00
Andrew Tridgell
76a7382346
lib: use TYPESAFE_QSORT() in lib/ and libcli/
2010-02-14 18:44:20 +11:00
Matt Kraai
aa6a507e76
Change uint_t to unsigned int in libcli
...
Signed-off-by: Stefan Metzmacher <metze@samba.org>
2010-02-02 07:18:17 +01:00
Volker Lendecke
005bbd0826
Revert "libcli/security: Remove a call to strncasecmp"
...
This reverts commit 7c687665ea
.
2010-01-25 16:45:32 +01:00
Volker Lendecke
d86d5be636
Revert "libcli/security: Convert some strtol calls to strtoul"
...
This reverts commit 7fe66e06c4
.
2010-01-25 16:45:32 +01:00
Volker Lendecke
fa47dbb57a
Revert "libcli/security: Fix a valgrind error in dom_sid_parse"
...
This reverts commit f1c889a4e6
.
2010-01-25 16:45:31 +01:00
Volker Lendecke
a53a8ec452
Revert "libcli/security: Prohibit SID formats like S-1-5-32-+545"
...
This reverts commit 1fbeae4165
.
Apparently this breaks the build of Samba4
2010-01-25 12:40:51 +01:00
Volker Lendecke
1fbeae4165
libcli/security: Prohibit SID formats like S-1-5-32-+545
2010-01-23 16:28:11 +01:00
Volker Lendecke
f1c889a4e6
libcli/security: Fix a valgrind error in dom_sid_parse
2010-01-23 16:28:11 +01:00