summaryrefslogtreecommitdiffstats
path: root/libcli/security
Commit message (Collapse)AuthorAgeFilesLines
* libcli/security: Ensure to fill in remaining_access for the initial case ↵Andrew Bartlett2013-01-151-0/+1
| | | | | | | | | | | | (bug #9554 - CVE-2013-0172) It is critically important that we initialise this element as otherwise all access is permitted. Andrew Bartlett Reviewed-by: Stefan Metzmacher <metze@samba.org> (cherry picked from commit a75805490d96a85786287f5d0522dd7671d6816e)
* libcli/security: calculate the correct inherited_object GUIDStefan Metzmacher2012-12-111-1/+7
| | | | | Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Michael Adam <obnox@samba.org>
* libcli/security: implement object_in_list()Stefan Metzmacher2012-12-111-2/+23
| | | | | Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Michael Adam <obnox@samba.org>
* libcli/security: remove duplicate aces in se_create_child_secdesc()Stefan Metzmacher2012-12-021-0/+34
| | | | | Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Michael Adam <obnox@samba.org>
* Factor out privilege checking code into se_file_access_check() which takes a ↵Jeremy Allison2012-08-312-10/+87
| | | | bool priv_open_requested parameter.
* Fix bug #9124 - Samba fails to set "inherited" bit on inherited ACE's.Jeremy Allison2012-08-301-3/+7
| | | | Change se_create_child_secdesc() to handle inheritance correctly.
* build: rename security → samba-securityBjörn Jacke2012-08-101-2/+2
| | | | | | | | | there is a libsecurity on OSF1 which clasheѕ with our security lib. see bug #9023. Signed-off-by: Stefan Metzmacher <metze@samba.org> Autobuild-User(master): Björn Jacke <bj@sernet.de> Autobuild-Date(master): Fri Aug 10 14:22:21 CEST 2012 on sn-devel-104
* Fix warning: variable ‘XX’ set but not used.Jeremy Allison2012-06-191-7/+0
|
* Fix bug #8811 - sd_has_inheritable_components segfaults on an SD that ↵Jeremy Allison2012-03-141-0/+4
| | | | | | | se_access_check accepts. Autobuild-User: Jeremy Allison <jra@samba.org> Autobuild-Date: Wed Mar 14 05:08:03 CET 2012 on sn-devel-104
* Fix bug #8795 - Samba does not handle the Owner Rights permissions at allRichard Sharpe2012-03-143-6/+49
| | | | | | | Signed-off-by: Jeremy Allison <jra@samba.org> Autobuild-User: Jeremy Allison <jra@samba.org> Autobuild-Date: Wed Mar 14 02:26:34 CET 2012 on sn-devel-104
* Fix bug #8797 - Samba does not correctly handle DENY ACEs when privileges apply.Richard Sharpe2012-03-101-26/+28
| | | | | | | Signed-off-by: Jeremy Allison <jra@samba.org> Autobuild-User: Jeremy Allison <jra@samba.org> Autobuild-Date: Sat Mar 10 01:33:45 CET 2012 on sn-devel-104
* Honor SeTakeOwnershiPrivilege when client asks for SEC_STD_WRITE_OWNER but ↵Richard Sharpe2012-02-221-0/+5
| | | | | | | has no permission for that, but token has SeTakeOwnershipPrivilege Autobuild-User: Richard Sharpe <sharpe@samba.org> Autobuild-Date: Wed Feb 22 19:19:32 CET 2012 on sn-devel-104
* Second part of fix for bug #8673 - NT ACL issue.Jeremy Allison2012-01-111-3/+4
| | | | | | | | | | | Ensure we process the entire ACE list instead of returning ACCESS_DENIED and terminating the walk - ensure we only return the exact bits that cause the access to be denied. Some of the S3 fileserver needs to know if we are only denied DELETE access before overriding it by looking at the containing directory ACL. Autobuild-User: Jeremy Allison <jra@samba.org> Autobuild-Date: Wed Jan 11 19:24:53 CET 2012 on sn-devel-104
* security: add local authority well-known SIDsChristian Ambach2011-11-242-0/+3
| | | | | | | add the S-1-2 well-known SID family Autobuild-User: Christian Ambach <ambi@samba.org> Autobuild-Date: Thu Nov 24 19:01:08 CET 2011 on sn-devel-104
* build: Reduce build systems to just top level waf and autoconfAndrew Bartlett2011-10-071-6/+5
| | | | | | | | | The s3-waf build system is a key component of the top level build, but with this commit is is no longer available directly. This reduces the number of build system combinations in master as we prepare for the Samba 4.0 release. Andrew Bartlett
* Adapt del_sid_from_array to Samba coding styleVolker Lendecke2011-08-171-1/+2
| | | | | Autobuild-User: Volker Lendecke <vlendec@samba.org> Autobuild-Date: Wed Aug 17 16:46:24 CEST 2011 on sn-devel-104
* Fix a typoVolker Lendecke2011-08-171-1/+1
|
* Remove unused "sid_equal"Volker Lendecke2011-08-172-10/+0
|
* Replace calls to sid_equal with calls to dom_sid_equalVolker Lendecke2011-08-171-2/+2
|
* pytalloc: Use consistent prefix for functions, add ABI file.Jelmer Vernooij2011-08-101-4/+4
|
* libcli/security: add some const to marshall_sec_desc[_buf]()Stefan Metzmacher2011-07-232-4/+4
| | | | metze
* s3: Allow NULL sd_size in make_sec_descVolker Lendecke2011-06-181-2/+10
| | | | | Autobuild-User: Volker Lendecke <vlendec@samba.org> Autobuild-Date: Sat Jun 18 22:26:15 CEST 2011 on sn-devel-104
* libcli/security/secdesc.h: fix licence/copyrightGünther Deschner2011-06-101-0/+22
| | | | Guenther
* Tiny simplification to dom_sid_string_bufVolker Lendecke2011-05-311-2/+1
| | | | | Autobuild-User: Volker Lendecke <vlendec@samba.org> Autobuild-Date: Tue May 31 23:16:31 CEST 2011 on sn-devel-104
* libcli/security: move secdesc.c to the top level libcli/securityAndrew Bartlett2011-05-314-1/+823
| | | | | | | This code does not rely on lp_ or other source3 only functions, so can be part of the common library. Andrew Bartlett
* libcli/security: fix build warning, cr_descr_log_acl() is not used currently.Günther Deschner2011-05-061-0/+2
| | | | Guenther
* Add dom_sid_parse_endpVolker Lendecke2011-04-132-2/+14
| | | | | | | This returns a pointer to the first non-parsed character, along the lines of strtoul for example. Signed-off-by: Jeremy Allison <jra@samba.org>
* auth: Move auth_session_info into IDLAndrew Bartlett2011-04-051-10/+1
| | | | | | | | | | This changes auth_session_info_transport to just be a wrapper, rather than a copy that has to be kept in sync. As auth_session_info was already wrapped in python, this required changes to the existing pyauth wrapper and it's users. Andrew Bartlett
* libcli/security: make sure that we don't grant SEC_STD_DELETE to the owner ↵Stefan Metzmacher2011-03-211-28/+30
| | | | | | | | | | | | by default In the file server SEC_STD_DELETE is granted on the file/directory or by FILE_DELETE_CHILD on the parent directory. metze Autobuild-User: Stefan Metzmacher <metze@samba.org> Autobuild-Date: Mon Mar 21 23:25:05 CET 2011 on sn-devel-104
* libcli/: Fix prototypes for all functions.Jelmer Vernooij2011-03-192-0/+3
|
* libcli/security: move display_sec headers to own header file and add toGünther Deschner2011-03-163-0/+36
| | | | | | security.h grouping header. Guenther
* libcli: openchange doesn't need these headers any moreAndrew Tridgell2011-03-161-2/+0
| | | | | | | thanks to Simo for pointing this out Autobuild-User: Andrew Tridgell <tridge@samba.org> Autobuild-Date: Wed Mar 16 00:25:10 CET 2011 on sn-devel-104
* libcli: protect access_check.h against double inclusionAndrew Tridgell2011-03-151-0/+3
| | | | | Autobuild-User: Andrew Tridgell <tridge@samba.org> Autobuild-Date: Tue Mar 15 05:07:01 CET 2011 on sn-devel-104
* waf: build substituted public headers in build treeAndrew Tridgell2011-03-151-0/+2
| | | | | the bin/default/include/public directory will contain headers that are ready to install
* Quite some callers of sid_split_rid do not care about the ridVolker Lendecke2011-03-101-1/+3
|
* Add dom_sid_string_bufVolker Lendecke2011-03-032-12/+40
| | | | | This prints into a fixed buffer with the same overflow semantics as snprintf has: Return required string length, regardless of whether it fit or not.
* libcli/security Add unix_token and unix_info to auth_session_info tooAndrew Bartlett2011-03-011-0/+2
| | | | | Autobuild-User: Andrew Bartlett <abartlet@samba.org> Autobuild-Date: Tue Mar 1 07:13:43 CET 2011 on sn-devel-104
* s4-auth Move libcli/security/session.c to the top levelAndrew Bartlett2011-02-224-1/+116
| | | | | | | This code is now useful in common, as the elements of the auth_session_info structure have now been defined in common IDL. Andrew Bartlett
* libcli/security/security_descriptor.c - fix three wrong counter variablesMatthias Dieter Wallnöfer2011-02-211-3/+3
| | | | | | | These strictly need to be "uint32_t" since "acl*->num_aces" has been defined by this type. This counter patchset has been reviewed by Andrew Bartlett.
* libcli/security/privileges.c - fix wrong counter typeMatthias Dieter Wallnöfer2011-02-211-1/+1
| | | | | This strictly needs to be from type "uint32_t" since "privset->count" is defined with this type.
* libcli/security/privileges.c - fix the counting of privilegesMatthias Dieter Wallnöfer2011-02-211-9/+4
| | | | | Since the privileges are always counted with a signed integer, there is no reason to specify the upper limit with a "uint32_t".
* libcli/security/sddl.c - fix wrong counter typeMatthias Dieter Wallnöfer2011-02-211-1/+1
| | | | | This strictly needs to be from type "uint32_t" since "acl->num_aces" is defined of this type.
* libcli/security/display_sec.c - fix wrong counter typeMatthias Dieter Wallnöfer2011-02-211-1/+1
| | | | | This strictly needs to be of type "uint32_t" due to "sec_acl->num_aces" which is of type "uint32_t".
* libcli/security - fix two output format specifiersMatthias Dieter Wallnöfer2011-02-152-2/+2
|
* security: Fixed some handling of ACEs with INHERITED flag provided by the userNadezhda Ivanova2011-02-101-5/+16
| | | | | Some tests showed that these ACEs are not removed if the DACL_PROTECTED flag is provided at the same time. This is not documented but tests prove it and it has been observerd in deployment.
* pysecurity: Add missing dependency on pytalloc-util.Jelmer Vernooij2011-02-081-1/+1
| | | | | Autobuild-User: Jelmer Vernooij <jelmer@samba.org> Autobuild-Date: Tue Feb 8 13:16:43 CET 2011 on sn-devel-104
* libcli/security: Make add_sid_to_array_unique use a uin32_t counterVolker Lendecke2011-02-071-1/+1
| | | | | | | | | Logical consequence of the previous commit Signed-off-by: Michael Adam <obnox@samba.org> Autobuild-User: Michael Adam <obnox@samba.org> Autobuild-Date: Mon Feb 7 19:24:19 CET 2011 on sn-devel-104
* libcli/security: Make del_sid_from_array take a uint32_tVolker Lendecke2011-02-072-3/+5
| | | | | | This aligns it with add_sid_to_array Signed-off-by: Michael Adam <obnox@samba.org>
* s4-security: Fixed incorrect inheritance of IO flagged ACESNadezhda Ivanova2011-01-181-0/+5
| | | | They should be inherited without the IO flag unless they contain generic information.
* libcli/security Add python bindings for se_access_checkAndrew Bartlett2011-01-142-0/+89
| | | | Andrew Bartlett
generated by cgit (git 2.34.1) at 2025-02-01 02:46:19 +0000