IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
The source3 code repsects the limit of a maximum of 15 subauths,
while the source4 code does not, creating a security issue as
we parse string-form SIDs from clients.
Andrew Bartlett
These functions work on the bitmap, and are only exposed because
the source3/ privileges storage uses the bitmap in account_policy.tdb
Andrew Bartlett
Signed-off-by: Andrew Tridgell <tridge@samba.org>
This no longer needs to be global, and should be const. We now also
init it with the C99 style initialisers.
Andrew Bartlett
Signed-off-by: Andrew Tridgell <tridge@samba.org>
We update privileges on a per-record basis instead of all at once, as
this maintains maximum compatibility is someone uses old tools with a
new version of Samba. The also auto-detects the byte order of the old
entries in the database, and copes with either native or reversed byte
order.
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
This avoids us dealing with the privilege bitmap in the LSA server, and
overhauls much of the rest of the handling to be currnet with the modern
world of talloc.
Andrew Bartlett
Signed-off-by: Andrew Tridgell <tridge@samba.org>
The new wrappers avoid anything but the core privileges code
dealing with the bitmap values directly.
Andrew Bartlett
Signed-off-by: Andrew Tridgell <tridge@samba.org>
This new call is available in the merged privileges code, and
takes an enum as the parameter, rather than a bitmask.
Andrew Bartlett
Signed-off-by: Andrew Tridgell <tridge@samba.org>
It is important to make clear which is the LUID and which
is the Samba-only bitmap mask.
Andrew Bartlett
Signed-off-by: Andrew Tridgell <tridge@samba.org>
The all UPPER case typedef is no longer the preferred Samba style
and this makes it easier to see that this is the IDL-derivied structure
Andrew Bartlett
Signed-off-by: Andrew Tridgell <tridge@samba.org>
size_t is overkill here, and in struct security_token in the num_sids
is uint32_t.
This includes a change to the prototype of add_sid_to_array()
and add_sid_to_array_unique(), which has had a number of
consequnetial changes as I try to sort out all the callers using
a pointer to the number of sids.
Andrew Bartlett
Signed-off-by: Andrew Tridgell <tridge@samba.org>
These values are stored in account_policy.tdb, and the old format,
using a 128 bit bitmap was not endian neutral.
The previous endian-dependent format was introduced in
46e5effea948931509283cb84b27007d34b521c8
replacing a 32 bit number which was used at the time.
Andrew Bartlett
Signed-off-by: Andrew Tridgell <tridge@samba.org>
We don't need 128 possible privileges here, as we only use 12.
This reverts some of 46e5effea948931509283cb84b27007d34b521c8
by Jerry back in 2005, where he introduced the SE_PRIV structure
to replace the uint32_t used at the time.
Andrew Bartlett
Signed-off-by: Andrew Tridgell <tridge@samba.org>
tevent would need monotonic clock features to make also smbldap's idle handling
aware of backward clock jumps. Other areas in smbldap are clock jump save now.
If we call messaging_ctdbd_connection() we end up with the wrong vnn in our
messaging context.
This is a bit of a hack, get_my_vnn() needs to go eventually along with
procid_self()
