summaryrefslogtreecommitdiffstats
path: root/librpc/idl/security.idl
Commit message (Collapse)AuthorAgeFilesLines
* security.idl: add new security_secinfo bitsGregor Beck2013-08-011-0/+3
| | | | | | | | [MS-DTYP].pdf 2.4.7 Signed-off-by: Gregor Beck <gbeck@sernet.de> Reviewed-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* Fix bug #9932 - Currently the maximum number of aces in an SD is limited to ↵Partha Sarathi2013-06-121-1/+1
| | | | | | | | | | | | | | | | 1000, but Microsoft supports around 1800. Issue description: I was trying to add maximum number of aces on Microsoft share, where I was able to add nearly 1800 aces on a file/folder SD. But Samba does not support adding 1800 aces to SD instead it limited to 1000. Expected behavior: Ideally SAMBA should also support as like Windows to compare with Windows standard. Set to 2000 until we add EA limits in the server. Reviewed-by: Jeremy Allison <jra@samba.org> Autobuild-User(master): Andrew Bartlett <abartlet@samba.org> Autobuild-Date(master): Wed Jun 12 02:52:36 CEST 2013 on sn-devel-104
* librpc/idl: teach ndrdump about dumping security.idl structuresStefan Metzmacher2012-11-201-0/+21
| | | | | Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Michael Adam <obnox@samba.org>
* SEC_RIGHTS_DIR_PRIV_BACKUP and SEC_RIGHTS_DIR_PRIV_RESTORE aren't used ↵Jeremy Allison2012-08-311-8/+7
| | | | | | | | anywhere. Remove (can re-add if needed). Ensure the privilege rights are always specific rights, not generic. By the time the privilege rights are examined, we've already mapped from generic to specific in the access_mask.
* Fix bug #8458] - IE9 on Windows 7 cannot download files to samba 3.5.11 shareJeremy Allison2011-09-211-0/+1
| | | | Handle the SECINFO_LABEL flag in the same was as Win2k3.
* security.idl add new well-known SIDsChristian Ambach2011-08-311-0/+8
| | | | | http://support.microsoft.com/kb/243330/en-us lists some new well-known SIDS in the BUILTIN domain
* security.idl: Use gid_t for gid in security_unix_tokenAndrew Bartlett2011-07-201-1/+1
|
* librpc/idl Add helper structures for use by samba3 in auth_session_infoAndrew Bartlett2011-03-011-0/+8
| | | | | | | The unix info and in particular unix token needs to be preserved into the struct auth_session_info. Andrew Bartlett
* security.idl Clarify that this is not a network structureAndrew Bartlett2010-09-111-0/+1
|
* s4-privs Seperate rights and privilegesAndrew Bartlett2010-09-111-13/+22
| | | | | | | | | These are related, but slightly different concepts. The biggest difference is that rights are not enumerated as a system-wide list. This moves the rights to security.idl due to dependencies. Andrew Bartlett
* libcli/security Rename all privilege bitmaps constantsAndrew Bartlett2010-09-111-31/+31
| | | | | | | | | The idea here to to make it very clear how they differ from the enumerated LUID values. Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org>
* libcli/security Add an invalid LUID privilege valueAndrew Bartlett2010-09-111-0/+1
| | | | | | This helps code that may not want to specify any privilege Signed-off-by: Andrew Tridgell <tridge@samba.org>
* security.idl Add commentsAndrew Bartlett2010-09-111-1/+3
| | | | Signed-off-by: Andrew Tridgell <tridge@samba.org>
* security.idl Update Windows privileges list to Win2008R2Andrew Bartlett2010-09-111-30/+35
| | | | Signed-off-by: Andrew Tridgell <tridge@samba.org>
* security.idl clarify which privilages are LUID and bitmap valuesAndrew Bartlett2010-09-111-6/+10
| | | | Signed-off-by: Andrew Tridgell <tridge@samba.org>
* s4-privs Remove link between enum sec_privilege and the privilege bitmapAndrew Bartlett2010-09-111-29/+71
| | | | | | | | | | | This allows us to set the enum sec_privilege constants to the LUID values that are seen from windows, which we need to match, in order to preserve the support for the NT Print Migrator tool after a merge with the source3/ privileges code. Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org>
* privs Move privilege bitmasks to security.idlAndrew Bartlett2010-09-111-0/+39
| | | | Signed-off-by: Andrew Tridgell <tridge@samba.org>
* s4:security Change struct security_token->sids from struct dom_sid * to ↵Andrew Bartlett2010-08-231-1/+1
| | | | | | | | | struct dom_sid This makes the structure much more like NT_USER_TOKEN in the source3/ code. (The remaining changes are that privilages still need to be merged) Andrew Bartlett
* idl: added the RODC allow/deny secrets RIDsAndrew Tridgell2010-08-201-0/+2
| | | | Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
* s4:security Remove use of user_sid and group_sid from struct security_tokenAndrew Bartlett2010-08-181-2/+0
| | | | This makes the structure more like Samba3's NT_USER_TOKEN
* s4-dsdb: Implementation of User-Change-Password and User-Force-Password-ChangeNadezhda Ivanova2010-07-051-0/+2
| | | | | | | These CARs need to be checked on password change and password reset operations. Apparently the password attributes are not influenced by Write Property. Single detele operations and modifications of dBCSPwd are let through to the password_hash module. This is determined experimentally.
* Added guids for the validated writes.Nadezhda Ivanova2010-06-091-0/+7
|
* security: move generic_mapping and standard_mapping to security.idl.Günther Deschner2010-06-031-0/+18
| | | | Guenther
* Finish removal of iconv_convenience in public API's.Jelmer Vernooij2010-05-181-3/+3
|
* security: merge builtin rid tables.Günther Deschner2010-05-181-0/+19
| | | | Guenther
* security.idl: Add missing builtin groups.Karolin Seeger2010-03-231-0/+4
| | | | Karolin
* security.idl - push generated code diffMatthias Dieter Wallnöfer2010-03-161-1/+1
|
* Added a net acl ds command for modification of ACLs on directory objectsNadezhda Ivanova2010-03-161-1/+18
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | At present the command supports only addition of control access rigts, done so DRS access checks can be tested. It will be expanded to deal with most ways to modify and view a DS ACL. Shifted commands a bit. What used to be net acl is now "net acl nt" as apposed to this, which is "net acl ds" ./bin/net acl ds set --help Usage: set --objectdn=objectdn --car=control right --action=[deny|allow] --trusteedn=trustee-dn Options: -h, --help show this help message and exit --host=HOST LDB URL for database or target server --car=CAR The access control right to allow or deny --action=ACTION Deny or allow access --objectdn=OBJECTDN DN of the object whose SD to modify --trusteedn=TRUSTEEDN DN of the entity that gets access Samba Common Options: -s FILE, --configfile=FILE Configuration file Credentials Options: --simple-bind-dn=DN DN to use for a simple bind --password=PASSWORD Password -U USERNAME, --username=USERNAME Username -W WORKGROUP, --workgroup=WORKGROUP Workgroup -N, --no-pass Don't ask for a password -k KERBEROS, --kerberos=KERBEROS Use Kerberos
* security: make two bitmaps public.Günther Deschner2010-02-181-2/+2
| | | | Guenther
* security.idl: add wellknown TrustedInstaller SIDStefan Metzmacher2010-01-291-0/+7
| | | | metze
* security.idl - Add some more wellknown SIDs/RIDsMatthias Dieter Wallnöfer2009-11-271-14/+17
|
* Fixed incorrect SID for RAS Servers.Nadezhda Ivanova2009-11-171-0/+1
|
* Removed the default DACL from token, as we will not be using it.Nadezhda Ivanova2009-11-031-1/+0
|
* idl: added bit definition for privilege masksAndrew Tridgell2009-10-161-0/+15
| | | | | | When you have backup or restore privileges, you automatically get extra access bits in ACL interpretation. This adds definitions for the bits you get.
* Owner and group defaulting.Nadezhda Ivanova2009-09-161-0/+34
| | | | Signed-off-by: Andrew Bartlett <abartlet@samba.org>
* s4: Add additional well-known SID's/RID's.Andrew Kroeger2009-05-291-0/+4
| | | | | | | Information was found at http://support.microsoft.com/kb/243330 Not all well-known identifiers were included - only those necessary for enhancing the 2-letter mappings used in SDDL strings were added.
* Fix incorrect RID for KRBTGT. (was incorectly 514, should be 502)Andrew Bartlett2009-05-291-1/+1
| | | | | | | | Requires recompile of source4/kdc/* Found by Andrew Kroeger <andrew@id10ts.net> Andrew Bartlett
* Add DOMAIN_RID_KRBTGT define to security.idlAndrew Bartlett2009-05-271-0/+1
|
* s4: try to fix privileges implementation in order to pass the ↵Günther Deschner2009-05-201-1/+2
| | | | | | RPC-SAMR-USERS-PRIVILEGES test. Guenther
* Add iconv_convenience argument to size functions.Jelmer Vernooij2009-01-011-3/+3
|
* Rename dom_sid.idl -> server_id.idl (since it no longer actually contains ↵Jelmer Vernooij2008-12-161-2/+0
| | | | the dom_sid). No longer include it from security.idl.
* Add python extensions for dom_sid.Jelmer Vernooij2008-12-161-2/+1
|
* Move dom_sid to the Samba 3 IDL file, remove the old definition.Jelmer Vernooij2008-12-121-0/+29
|
* s3: make idlStefan Metzmacher2008-11-081-3/+3
| | | | metze
* security.idl: sometimes ACEs have some padding at the endStefan Metzmacher2008-11-081-1/+1
| | | | metze
* s3: security.idl: split of dom_sid stuff into dom_sid.idlStefan Metzmacher2008-11-081-19/+2
| | | | | | And use the toplevel ndr_sec_helper.c metze
* security-idl: fix typo.Günther Deschner2008-11-011-3/+3
| | | | Guenther
* security-idl: add STANDARD_RIGHTS_X bits.Günther Deschner2008-10-311-0/+14
| | | | Guenther
* Share security.idl.Jelmer Vernooij2008-10-151-0/+394
generated by cgit (git 2.34.1) at 2024-06-25 01:33:25 +0000