1
0
mirror of https://github.com/samba-team/samba.git synced 2024-12-23 17:34:34 +03:00
Commit Graph

76 Commits

Author SHA1 Message Date
Mathieu Parent
c315fce17e Fix various spelling errors
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>

Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Fri Nov  6 13:43:45 CET 2015 on sn-devel-104
2015-11-06 13:43:45 +01:00
Michael Adam
79a4911d75 s3:privileges: convert privileges.c to use dbwrap wrapper functions.
Avoid direct use of the db_record and db_context structs.
2011-10-11 14:17:57 +02:00
Michael Adam
0e28448a78 s3:dbwrap: convert dbwrap_fetch(), dbwrap_fetch_bystring() and dbwrap_fetch_bystring_upper() to NTSTATUS 2011-10-11 14:17:56 +02:00
Michael Adam
0b5c4a601a s3:dbwrap: move all .c and .h files of dbwrap to lib/dbwrap/
Autobuild-User: Michael Adam <obnox@samba.org>
Autobuild-Date: Fri Jul 29 13:34:22 CEST 2011 on sn-devel-104
2011-07-29 13:34:22 +02:00
Günther Deschner
c2d6260f10 s3: only include lib/privileges.h where needed.
This finally removes the global lsa.h inclusion.

Guenther
2011-03-30 01:13:10 +02:00
Günther Deschner
235f148590 s3-passdb: use passdb headers where needed.
Guenther
2011-03-30 01:13:08 +02:00
Andreas Schneider
b181cd8465 s3-smbd: Increase debug level von context messages. 2011-03-09 09:28:42 +01:00
Andrew Bartlett
f768b32e37 libcli/security Provide a common, top level libcli/security/security.h
This will reduce the noise from merges of the rest of the
libcli/security code, without this commit changing what code
is actually used.

This includes (along with other security headers) dom_sid.h and
security_token.h

Andrew Bartlett

Autobuild-User: Andrew Bartlett <abartlet@samba.org>
Autobuild-Date: Tue Oct 12 05:54:10 UTC 2010 on sn-devel-104
2010-10-12 05:54:10 +00:00
Andrew Bartlett
eb6a0cc326 libcli/security Move 'private' privileges functions to another header
These functions work on the bitmap, and are only exposed because
the source3/ privileges storage uses the bitmap in account_policy.tdb

Andrew Bartlett

Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-09-11 18:46:13 +10:00
Andrew Bartlett
6d2b1ef71d libcli/security Remove 'always true' return from se_priv_put_all_privileges
Andrew Bartlett

Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-09-11 18:46:13 +10:00
Andrew Bartlett
e3edd7ca3a s3-privs Add const
Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-09-11 18:46:12 +10:00
Andrew Bartlett
4bf09967a4 s3-privs Remove extra pointer on privilege mask
Now that this is a scalar, this isn't required.

Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-09-11 18:46:12 +10:00
Andrew Tridgell
86fdb4c152 s3-privileges: add handling of both old and new formats in database
We update privileges on a per-record basis instead of all at once, as
this maintains maximum compatibility is someone uses old tools with a
new version of Samba. The also auto-detects the byte order of the old
entries in the database, and copes with either native or reversed byte
order.

Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-09-11 18:46:12 +10:00
Andrew Bartlett
96e59faa62 s3-privs Remove unused function
Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-09-11 18:46:11 +10:00
Andrew Bartlett
9883993b66 s3-privs Overhaul PRIVILEGE_SET handling, avoid dealing with the bitmap
This avoids us dealing with the privilege bitmap in the LSA server, and
overhauls much of the rest of the handling to be currnet with the modern
world of talloc.

Andrew Bartlett

Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-09-11 18:46:11 +10:00
Andrew Bartlett
ad5ec58a71 s3-privs Hide the bitmap-based grant_privilege and revoke_privilege
The new wrappers avoid anything but the core privileges code
dealing with the bitmap values directly.

Andrew Bartlett

Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-09-11 18:46:11 +10:00
Andrew Bartlett
4080ff7af5 s3-privs Make privilege_enum_sids() take an LUID, not a bitmap
This moves one more privileges call away from direct bitmap manipuation.

Andrew Bartlett

Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-09-11 18:46:11 +10:00
Andrew Bartlett
e0cbc68c0a s3-privs Rework privilege enumeration to also use new DB format
Andrew Bartlett

Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-09-11 18:46:10 +10:00
Andrew Bartlett
ed6b4ddd71 s3-privs Directly manipulate the privileges bitmap.
There is no longer any reason to go via the se_ functions to
manipulate this bitmap.

Andrew Bartlett

Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-09-11 18:46:10 +10:00
Andrew Bartlett
b057867de3 s3-privs Remove a pointer from grant_privilege()
Andrew Bartlett

Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-09-11 18:46:09 +10:00
Andrew Bartlett
a02ae674dd s3-privs Remove a pointer indirection from revoke_privilege()
Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-09-11 18:46:08 +10:00
Andrew Bartlett
b29b6c13a3 s3-privs Inline dump_se_priv into callers now that it's just a uint64_t
The previous 128 bit structure needed this helper function.

Andrew Bartlett

Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-09-11 18:46:07 +10:00
Andrew Bartlett
4bf783d4d6 s3-auth Change type of num_sids to uint32_t
size_t is overkill here, and in struct security_token in the num_sids
is uint32_t.

This includes a change to the prototype of add_sid_to_array()
and add_sid_to_array_unique(), which has had a number of
consequnetial changes as I try to sort out all the callers using
a pointer to the number of sids.

Andrew Bartlett

Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-09-11 18:46:05 +10:00
Andrew Bartlett
99aae4a0ee s3:privs Change to new host endian neutral privilages tdb format
These values are stored in account_policy.tdb, and the old format,
using a 128 bit bitmap was not endian neutral.

The previous endian-dependent format was introduced in
46e5effea9
replacing a 32 bit number which was used at the time.

Andrew Bartlett

Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-09-11 18:46:04 +10:00
Andrew Bartlett
c79336e48a s3:Change SE_PRIV to uint64_t
This removes the SE_PRIV typedef

Andrew Bartlett

Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-09-11 18:46:03 +10:00
Günther Deschner
7a05ca2c9c s3-build: use dbwrap.h only where needed.
Guenther
2010-08-26 00:25:55 +02:00
Günther Deschner
4591fdbc18 s3-privileges: use LUID defines from lsa IDL.
Guenther
2010-06-07 10:33:36 +02:00
Andrew Bartlett
cba7f8b827 s3:dom_sid Global replace of DOM_SID with struct dom_sid
This matches the structure that new code is being written to,
and removes one more of the old-style named structures, and
the need to know that is is just an alias for struct dom_sid.

Andrew Bartlett

Signed-off-by: Günther Deschner <gd@samba.org>
2010-05-21 10:39:59 +02:00
Günther Deschner
dccecdf338 s3-privileges: add privilege_delete_account().
Guenther
2009-05-16 01:27:51 +02:00
Günther Deschner
118f343b05 s3-privileges: remove trailing whitespace from privileges codes.
Guenther
2009-05-16 01:27:51 +02:00
Volker Lendecke
9aa8d0c627 Convert account_pol.tdb to dbwrap
Signed-off-by: Stefan Metzmacher <metze@samba.org>
(This used to be commit 0b36871a0d)
2008-04-01 14:04:23 +02:00
Michael Adam
f3603d5a5a Convert add_sid_to_array() add_sid_to_array_unique() to return NTSTATUS.
Michael
(This used to be commit 6b2b9a60ef)
2008-01-09 01:47:10 +01:00
Volker Lendecke
2e07c2ade8 s/sid_to_string/sid_to_fstring/
least surprise for callers
(This used to be commit eb523ba776)
2007-12-15 22:47:30 +01:00
Volker Lendecke
14ef4cdec1 Replace sid_string_static with sid_to_string
This adds 28 fstrings on the stack, but I think an fstring on the stack is
still far better than a static one.
(This used to be commit c7c885078b)
2007-12-15 22:09:37 +01:00
Volker Lendecke
900288a2b8 Replace sid_string_static by sid_string_dbg in DEBUGs
(This used to be commit bb35e794ec)
2007-12-15 22:09:36 +01:00
Jeremy Allison
30191d1a57 RIP BOOL. Convert BOOL -> bool. I found a few interesting
bugs in various places whilst doing this (places that assumed
BOOL == int). I also need to fix the Samba4 pidl generation
(next checkin).
Jeremy.
(This used to be commit f35a266b3c)
2007-10-18 17:40:25 -07:00
Volker Lendecke
54d3c7f61d r25040: Add "net sam rights"
Not strictly in the SAM, but close enough. This command acts directly on
the local tdb, no running smbd required

This also changes the root-only check to a warning
(This used to be commit 0c5657b5ef)
2007-10-10 12:30:36 -05:00
Günther Deschner
9888ecedd8 r24435: Fix typo.
Guenther
(This used to be commit 8705f890b1)
2007-10-10 12:29:47 -05:00
Andrew Tridgell
5e54558c6d r23784: use the GPLv3 boilerplate as recommended by the FSF and the license text
(This used to be commit b0132e94fc)
2007-10-10 12:28:22 -05:00
Jeremy Allison
d824b98f80 r23779: Change from v2 or later to v3 or later.
Jeremy.
(This used to be commit 407e6e695b)
2007-10-10 12:28:20 -05:00
Michael Adam
6090601c8b r23485: This checkin consists mostly of refactorings in preparation of the
activation of global registry options in loadparm.c, mainly to
extract functionality from net_conf.c to be made availabel elsewhere
and to minimize linker dependencies.

In detail:

* move functions registry_push/pull_value from lib/util_reg.c to new file
  lib/util_reg_api.c

* create a fake user token consisting of builtin administrators sid and
  se_disk_operators privilege by hand instead of using get_root_nt_token()
  to minimize linker deps for bin/net.

  + new function registry_create_admin_token() in new lib/util_reg_smbconf.c
  + move dup_nt_token from auth/token_util.c to new file lib/util_nttoken.c
  + adapt net_conf.c and Makefile.in accordingly.

* split lib/profiles.c into two parts: new file lib/profiles_basic.c
  takes all the low level mask manipulation and format conversion functions
  (se_priv, privset, luid). the privs array is completely hidden from
  profiles.c by adding some access-functions. some mask-functions are not
  static anymore.

  Generally, SID- and LUID-related stuff that has more dependencies
  is kept in lib/profiles.c

* Move initialization of regdb from net_conf.c into a function
  registry_init_regdb() in lib/util_reg_smbconf.c.

Michael
(This used to be commit efd3e2bfb7)
2007-10-10 12:23:21 -05:00
Jeremy Allison
be8b0685a5 r22589: Make TALLOC_ARRAY consistent across all uses.
Jeremy.
(This used to be commit 8968808c3b)
2007-10-10 12:19:49 -05:00
Stefan Metzmacher
bc2b6436d0 r22009: change TDB_DATA from char * to unsigned char *
and fix all compiler warnings in the users

metze
(This used to be commit 3a28443079)
2007-10-10 12:19:00 -05:00
Stefan Metzmacher
8960af9558 r21976: make use of tdb_*_bystring() and string_term_tdb_data() in lib/
to avoid creating the TDB_DATA struct from strings "by hand"

metze
(This used to be commit c22b86595a)
2007-10-10 12:18:54 -05:00
Jeremy Allison
63609fbb04 r20090: Fix a class of bugs found by James Peach. Ensure
we never mix malloc and talloc'ed contexts in the
add_XX_to_array() and add_XX_to_array_unique()
calls. Ensure that these calls always return
False on out of memory, True otherwise and always
check them. Ensure that the relevent parts of
the conn struct and the nt_user_tokens are
TALLOC_DESTROYED not SAFE_FREE'd.
James - this should fix your crash bug in both
branches.
Jeremy.
(This used to be commit 0ffca7559e)
2007-10-10 12:16:24 -05:00
Volker Lendecke
15974508e8 r19932: Add some const
(This used to be commit be3c444c37)
2007-10-10 12:16:11 -05:00
Volker Lendecke
1cf1e648fe r17334: Some C++ warnings
(This used to be commit 8ae7ed1f3c)
2007-10-10 11:38:26 -05:00
Jeremy Allison
69678ce983 r16396: Klocwork #1170. Null deref.
Jeremy.
(This used to be commit 220627ab70)
2007-10-10 11:18:51 -05:00
Gerald Carter
f39c02e945 r14432: Give in and grant BUILT\Administrators all privileges
(This used to be commit b617091060)
2007-10-10 11:15:30 -05:00
Jeremy Allison
8d7c886671 r11137: Compile with only 2 warnings (I'm still working on that code) on a gcc4
x86_64 box.
Jeremy.
(This used to be commit d720867a78)
2007-10-10 11:05:02 -05:00