summaryrefslogtreecommitdiffstats
path: root/source/lib/util_seaccess.c
Commit message (Collapse)AuthorAgeFilesLines
* More signed/unsigned fixes (yes, I run with funny compiler options) andAndrew Bartlett2003-02-221-1/+1
| | | | | | make x_fwrite() match fwrite() in returning a size_t. Andrew Bartlett
* try to put every security descriptors related definitions in the same file.Simo Sorce2002-10-061-2/+2
| | | | | | also try to uniform names to a clean scheme. first part.
* Add const.Andrew Bartlett2002-09-281-1/+1
|
* Add a bit of 'const' and move a lot of our 'repeditive' DEBUG() statements toAndrew Bartlett2002-08-311-9/+10
| | | | | | | | 'DEBUGADD', so we don't repeat headers. (Makes them much easier to read). (Based on patch by kai) Andrew Bartlett
* Move samr_make_sam_obj_sd to lib/util_seaccess.c. samtest now compiles andJelmer Vernooij2002-08-291-0/+41
| | | | links successfully!
* Make constJelmer Vernooij2002-08-281-1/+1
|
* Remove "sids.h" as it really wasn't being used anywhere, and was exportingAndrew Bartlett2002-06-101-2/+0
| | | | | | | | | the (now static) global_sam_sid. The only place it was being used was to return global_sid_NULL to some uid->sid functions - and I'm not convinced this is correct in any case. Andrew Bartlett
* Renamed get_nt_error_msg() to nt_errstr().Tim Potter2002-03-171-1/+1
|
* syncing up printing code with SAMBA_2_2 (already done some mergesGerald Carter2002-03-151-0/+25
| | | | | | | | | | | | | in the reverse). * add in new printer change notify code from SAMBA_2_2 * add in se_map_standard() from 2.2 in _spoolss_open_printer_ex() * sync up the _print_queue_struct in smb.h (why did someone change the user/file names in fs_user/fs_file (or vice-versa) ? ) * sync up some cli_spoolss_XXX functions
* Removed version number from file header.Tim Potter2002-01-301-2/+1
| | | | Changed "SMB/Netbios" to "SMB/CIFS" in file header.
* tidy up debugJean-François Micouleau2001-12-171-1/+1
| | | | J.F.
* Renamed sid field in SEC_ACE to trustee to be more in line with MS'sTim Potter2001-11-301-4/+4
| | | | definitions.
* I *love* removing code :-). Removed 4 files that weren't being used.Jeremy Allison2001-11-161-1/+1
| | | | | | All this stuff was being pulled in due to *one* unneeded call to fetch a domain SID which smbpasswd already puts in the database... Jeremy.
* Removed 'extern int DEBUGLEVEL' as it is now in the smb.h header.Tim Potter2001-10-021-2/+0
|
* Added Elrond patch to make se_access_check use NT datastructures, not Samba.Jeremy Allison2001-09-261-5/+8
| | | | Jeremy.
* converted another bunch of stuff to NTSTATUSAndrew Tridgell2001-08-271-4/+4
|
* started converting NTSTATUS to be a structure on systems with gcc in order ↵Andrew Tridgell2001-08-271-6/+11
| | | | to make it type incompatible with BOOL so we catch errors sooner. This has already found a number of bugs
* Don't use variables called "acl" as it's the name of a function in Solaris.Jeremy Allison2001-04-271-13/+13
| | | | Jeremy.
* Move to talloc control of SPOOL_XXX structs. Move to talloc control ofJeremy Allison2001-02-281-10/+5
| | | | | security descriptors and pointers. Syncup with 2.2 tree. Jeremy.
* Changes from APPLIANCE_HEAD:David O'Neill2001-01-191-28/+119
| | | | | | | | | | | | | | | | source/lib/util_seaccess.c - added se_create_child_secdesc() function which takes a parent (container) security descriptor and creates a security descriptor which has the inheritance flags for each ACE applied. In NT a print job is a child object of a printer so deleting and pausing/resuming jobs requires a check against the child security descriptor, not the parent. The values seen in NT printer security descriptors now all fit together in a natural and elegant way which is always nice. - Removed #ifdef'ed out portion of check_ace() when the INHERIT_ONLY flag is set as the se_create_child_secdesc() function now creates a security descriptor which can be used without this hack.
* Changes from APPLIANCE_HEAD:David O'Neill2001-01-041-5/+74
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | source/Makefile.in - changes to ctags and etags rules that somehow got lost along the way. source/include/proto.h - make proto source/smbd/sec_ctx.c source/smbd/password.c - merge debugs for debugging user groups and NT token stuff. source/lib/util_str.c - capitalise domain name returned from parse_domain_user() source/nsswitch/wb_client.c - fix broken conditional in debug statement. source/include/rpc_secdes.h source/include/rpc_spoolss.h source/printing/nt_printing.c source/lib/util_seaccess.c - fix printer permission bugs related to ACE masks for printers. This adds mapping of generic access rights to object specific rights for NT printers. Still need to work out whether or not to ignore ACEs with certain flags set, though. See comments in util_seaccess.c:check_ace() for details. source/printing/nt_printing.c source/printing/printing.c - use PRINTER_ACCESS_ADMINISTER instead of JOB_ACCESS_ADMINISTER until we sort out printer/printjob permission stuff.
* Removed the special casing of SIDs in se_access_check. This is now done ↵Jeremy Allison2000-12-121-31/+2
| | | | | | | (correctly) when the NT_USER_TOKEN is *created*. Jeremy.
* Owner always has READ_CONTROL and WRITE_DAC access.Jeremy Allison2000-12-121-1/+3
| | | | Jeremy.
* Tidied up security rights definitions.Jeremy Allison2000-08-101-4/+4
| | | | Jeremy.
* Removed requirement that sid have an owner before being interpreted.Jeremy Allison2000-08-101-18/+9
| | | | | Thanks to Elrond for pointing this out. Jeremy.
* Fixed memory leak with NT tokens.Jeremy Allison2000-08-091-2/+15
| | | | | | Added debug messages to se_access_check(). Added FULL_ACCESS acl to default acl on printers. Jeremy.
* Added SID "Everyone" S-1-1-0 as always matching if present in an ACE.Jeremy Allison2000-08-081-4/+17
| | | | Jeremy.
* Changed the sec desc access checks to match the spec. Needs testing.Jeremy Allison2000-08-081-220/+149
| | | | Jeremy.
* Fixed up se_access_check() to use the token list from the user structJeremy Allison2000-08-041-82/+32
| | | | | as the SID list. Now to go through and tidy up the algorithm. Jeremy.
* Started to canonicalize our handling of uid -> sid code in order toJeremy Allison2000-08-021-19/+27
| | | | | | | | | | | | | | | | | | | | | | | | | get ready and fix se_access_check(). Added cannonical lookup_name(), lookup_sid(), uid_to_sid(), gid_to_sid() functions that look via winbind first the fall back on local lookup. All Samba should use these rather than trying to call winbindd code directly. Added NT_USER_TOKEN struct in user_struct, contains list of NT sids associated with this user. se_access_check() should use this (cached) value rather than attempting to do the same thing itself when given a uid/gid pair. More work needs to be done to preserve these things accross security context changes (especially with the tricky pipe problem) but I'm beginning to see how this will be done..... probably by registering a new vuid for an authenticated RPC pipe and not treating the pipe calls specially. More thoughts needed - but we're almost there... Jeremy.
* Added some debugs.Tim Potter2000-07-171-13/+27
| | | | | Changed interface to se_access_check to take a user struct instead of each bit as a separate parameter.
* Fixes for various compile warnings on Solaris 8.Tim Potter2000-07-101-1/+2
|
* Moved winbind client functions from various odd locations toTim Potter2000-07-101-64/+0
| | | | | | nsswitch/wb_client.c Merge of nsswitch/common.c rename to nsswitch/wb_common.c from TNG.
* Added some useful debugging stuff.Tim Potter2000-07-101-10/+66
| | | | Fixes for se_access_check() when you are the owner of the object.
* Rewrite of se_access_check() function. Added comments and fixed a bunch ofTim Potter2000-07-061-189/+287
| | | | | bugs. I think there is a problem though with the permissions granted when SEC_RIGHTS_MAXIMUM_ALLOWED is passed as the permissions requested.
* added se_access_check.Luke Leighton2000-06-081-0/+279
generated by cgit (git 2.34.1) at 2025-09-25 07:23:12 +0000