sin/samba-mirror
1
0
Fork 0
mirror of https://github.com/samba-team/samba.git synced 2025-02-04 17:47:26 +03:00
Code
66,220 Commits 60 Branches 1,146 Tags
Commit Graph

182 Commits

Author SHA1 Message Date
Matthias Dieter Wallnöfer
59559bd02f s4:libcli/security/*.c - fix some wrong typed counters 
According to "librpc/gen_ndr/security.h" they need to be "uint32_t".
 2010-09-09 20:35:43 +02:00
Andrew Bartlett
6cf29b3e4f s4:security Change struct security_token->sids from struct dom_sid * to struct dom_sid 
This makes the structure much more like NT_USER_TOKEN in the source3/
code.  (The remaining changes are that privilages still need to be merged)

Andrew Bartlett
 2010-08-23 08:50:55 +10:00
Andrew Bartlett
7c6ca95bec s4:security Remove use of user_sid and group_sid from struct security_token 
This makes the structure more like Samba3's NT_USER_TOKEN
 2010-08-18 09:50:38 +10:00
Andrew Bartlett
e229f68b3e s4:security Bring in #defines for the user and primary group token location 
This will allow us to stop duplicating the user and primary group SID in the
struct security_token, and therefore make it more like the NT_USER_TOKEN
in Samba3.

Andrew Bartlett
 2010-08-18 09:30:08 +10:00
Andrew Tridgell
84bedf4028 s4-drs: fixed check for SECURITY_RO_DOMAIN_CONTROLLER 
check more than the user_sid, and also check for the right rid value

Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
 2010-08-17 21:21:50 +10:00
Jelmer Vernooij
c92db7b6dc python: Use samba.tests.TestCase, make sure base class tearDown and 
setUp methods are called, fix formatting.
 2010-06-19 22:46:45 +02:00
Andrew Tridgell
bb1ba4ff76 s4-drs: added new SECURITY_RO_DOMAIN_CONTROLLER level 
This is used for allowing operations by RODCs, and denying them
operations that should only be allowed for a full DC

This required a new domain_sid argument to
security_session_user_level()

Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
Pair-Programmed-With: Rusty Russell <rusty@samba.org>
 2010-04-22 19:36:16 +10:00
Nadezhda Ivanova
4fc59089c8 Removed more excess looping and fixed problem with incorrect IO flag handling. 2010-04-20 00:23:42 +03:00
Nadezhda Ivanova
205c826611 A bit of refactoring in the SD creation code. 2010-04-15 14:44:34 +03:00
Andrew Tridgell
b690fedef5 s4-waf: removed the AUTOGENERATED markers 
we won't be using the mk -> wscript generator again
 2010-04-06 20:27:16 +10:00
Andrew Tridgell
f9eae32f4b s4-waf: mark the wscript files as python so vim/emacs knows how to highlight them 2010-04-06 20:27:11 +10:00
Andrew Tridgell
844acb2260 build: waf quicktest nearly works 
Rewrote wafsamba using a new dependency handling system, and started
adding the waf test code
 2010-04-06 20:26:48 +10:00
Andrew Tridgell
845e0cbe6f build: commit all the waf build files in the tree 2010-04-06 20:26:48 +10:00
Andrew Tridgell
088096d1ba python: use '#!/usr/bin/env python' to cope with varying install locations 
this should be much more portable
 2010-03-25 14:37:19 +11:00
Jeremy Allison
c2d1b01103 Missing include guard in source4/libcli/security/security.h 
Jeremy.
 2010-03-24 12:20:03 -07:00
Michael Adam
15b60a7e3f s4:move the sddl code down to the top level 
Michael
 2010-03-03 09:16:34 +01:00
Matt Kraai
d8071e7ed7 Change uint_t to unsigned int in source4 
Signed-off-by: Stefan Metzmacher <metze@samba.org>
 2010-02-02 07:18:18 +01:00
Andrew Tridgell
0bc902ac84 s4-sddl: DRS replication needs REVISION_ADS for SDs 
DRS replication with w2k8-r2 fails with a schema mismatch error if we
set the revision to NT4
 2010-01-02 17:28:35 +11:00
Jelmer Vernooij
dbd7a62baa py/security: Add test for dom_sid.split. 
Signed-off-by: Andrew Tridgell <tridge@samba.org>
 2009-12-31 17:33:33 +11:00
Nadezhda Ivanova
c0883fb451 Fixed incorrect checking of PRINCIPAL_SELF permissions. 
If an ace has the PRINCIPAL_SELF as trustee, this sid has to be replaced with
the onjectSid of the object being checked. PRINCIPAL_SELF is the way to grant rights
to an account over itself.
 2009-12-17 17:25:11 +02:00
Matthias Dieter Wallnöfer
207067d1a8 s4:security/sddl - rework of the security descriptor abbreviations 
- Reoder them
- Add some new ones (needed for the security descriptor in the provision script)
 2009-11-27 22:45:43 +01:00
Nadezhda Ivanova
a97460d657 Fixed incorrect SID for RAS Servers. 2009-11-17 17:10:23 +02:00
Nadezhda Ivanova
55d2cec640 Fixed some major bugs in inheritance and access checks. 
Fixed sd creation not working on LDAP modify.
Fixed incorrect replacement of CO and CG.
Fixed incorrect access check on modify for SD modification.
Fixed failing sec_descriptor test and enabled it.
Fixed failing sd add test in ldap.python
 2009-11-15 22:31:44 +02:00
Nadezhda Ivanova
1fc47e1228 Version 1.0 of the directory service acls module. 
At this point, support for checks on LDAP add, delete, rename and modify.
Old kludge_acl is still there to handle the searches.
This module is synchronous as the async version was impossible to debug,
will be converted to async after some user testing.
 2009-11-05 17:34:12 +02:00
Nadezhda Ivanova
25d9cc8383 Fixed some missing flags and bugs in the security creation. 
Also, added some logging. It needs improvement, possibly ability to
turn in on and off via configuration file.
 2009-11-03 13:33:30 +02:00
Nadezhda Ivanova
0abfc90ac9 Fixed a bug in object specific access checks. 2009-11-03 12:43:51 +02:00
Matthias Dieter Wallnöfer
0defcfb4f7 s4:libcli/security/access_check - Add "const" in front of "type" 
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
 2009-10-22 10:02:38 +11:00
Andrew Tridgell
c3b09d18a8 s4-acl: SEC_FLAG_MAXIMUM_ALLOWED doesn't auto-apply privilege access masks 2009-10-17 13:01:03 +11:00
Andrew Tridgell
9da4af062b s4-security: honor more of the privilege access bits 2009-10-17 13:01:03 +11:00
Matthias Dieter Wallnöfer
44df2488e3 s4: fix various warnings (not "const" related ones) 2009-10-02 15:33:48 +02:00
Andrew Tridgell
5acd8bc01b s4-acl: fixed SD creation 
Thanks for Nadya and Metze for this. The SDs were being created with
invalid fields (noticed by w2k8-r2 client when joining our domain)
 2009-09-28 10:21:33 +10:00
Nadezhda Ivanova
df0d629f37 Fixed a dereferenced null pointer. 2009-09-24 18:54:14 -07:00
Nadezhda Ivanova
10c6f3f71a Initial Implementation of the DS objects access checks. 
Currently disabled. The search will be greatly modified,
also the object tree stuff will be simplified.
 2009-09-21 17:27:50 -07:00
Nadezhda Ivanova
6283f2caaa Initial implementation of security descriptor creation in DS 
TODO's:
ACE sorting and clarifying the inheritance of object specific ace's.
 2009-09-20 15:16:17 -07:00
Matthieu Patou
aadf5e3910 pyldb: Don't segfault when invalid type is specified to as_sddl and from_sddl. 
Fix bug #6723
 2009-09-17 19:36:32 +02:00
Nadezhda Ivanova
d70e171719 Owner and group defaulting. 
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
 2009-09-16 07:52:05 -07:00
Andrew Tridgell
7ded0741d9 s4-security: added a new security level SECURITY_DOMAIN_CONTROLLER 
This will be used as a simple way to lock down DRS replication to
administrators and domain controllers
 2009-09-15 19:25:45 -07:00
Matthias Dieter Wallnöfer
295c3724a3 Fix typo 2009-07-19 16:00:14 +02:00
Andrew Kroeger
554923ce1b s4: Add additional 2-letter SID/RID mappings. 
Information from http://msdn.microsoft.com/en-us/library/aa379602(VS.85).aspx
 2009-05-29 12:37:26 +10:00
Günther Deschner
9a13af9a99 s4: try to fix privileges implementation in order to pass the RPC-SAMR-USERS-PRIVILEGES test. 
Guenther
 2009-05-20 13:35:05 +02:00
nadezhda ivanova
90cc5e72ba Fix of a bug in the security.descriptor.as_sddl() method 
security.descriptor.as_sddl() method did not work correctly when invoked without
supplying the domain sid. Returned the same value as when the sid was provided.
Test added for this case in  libcli/security/tests/bindings.py

Signed-off-by: Jelmer Vernooij <jelmer@samba.org>
 2009-04-23 18:21:25 +02:00
Jelmer Vernooij
2eff2de2f8 Move the security_descriptor utility code to the top-level. 2009-04-21 15:14:35 +02:00
Jelmer Vernooij
5df2795ffc Add a unit test for security_descriptor.as_sddl() without arguments. 2009-04-20 15:10:29 +02:00
Jelmer Vernooij
c42fc5e103 display_sec: Move to common libcli/security directory. 2009-03-25 21:29:13 +01:00
Jelmer Vernooij
8568b4fa9f Add header files for secace and secacl. 2009-03-01 20:06:55 +01:00
Jelmer Vernooij
da6721e323 Move secacl to top-level. 2009-03-01 18:15:36 +01:00
Jelmer Vernooij
99b288156f Move secace.c to top-level. 2009-03-01 18:00:26 +01:00
Kai Blin
07aa05f678 shared: Move dom_sid_* utility functions to top level 2009-02-01 19:42:30 +01:00
Simo Sorce
380874ef86 Fix the mess with ldb includes. 
Separate again the public from the private headers.

Add a new header specific for modules.
Also add service function for modules as now ldb_context and ldb_module are
opaque structures for them.
 2009-01-30 01:02:03 -05:00
Jelmer Vernooij
a4afed1e9a Implement as_sddl. 2009-01-22 14:49:51 +01:00