summaryrefslogtreecommitdiffstats
path: root/source/lib/util_sid.c
Commit message (Collapse)AuthorAgeFilesLines
* Cleanup bogus initialisation in SID_NAME_USE enum.Tim Potter2003-03-201-1/+2
| | | | Added new sid type = 9 for "computer" from MSDN.
* Some progress towards gums and tdbsam2Simo Sorce2003-03-071-0/+18
| | | | genparser works fine, and it is a marvelous tool to store objects in tdb :)
* BIG patch...Andrew Bartlett2003-01-021-3/+4
| | | | | | | | | | | | | | | | This patch makes Samba compile cleanly with -Wwrite-strings. - That is, all string literals are marked as 'const'. These strings are always read only, this just marks them as such for passing to other functions. What is most supprising is that I didn't need to change more than a few lines of code (all in 'net', which got a small cleanup of net.h and extern variables). The rest is just adding a lot of 'const'. As far as I can tell, I have not added any new warnings - apart from making all of tdbutil.c's function const (so they warn for adding that const string to struct). Andrew Bartlett
* Removed global_myworkgroup, global_myname, global_myscope. Added liberalJeremy Allison2002-11-121-7/+5
| | | | | | dashes of const. This is a rather large check-in, some things may break. It does compile though :-). Jeremy.
* First cut of new ACL mapping code from Andreas Gruenbacher <agruen@suse.de>.Jeremy Allison2002-10-231-92/+108
| | | | | | | This is not 100% the same as what SuSE shipped in their Samba, there is a crash bug fix, a race condition fix, and a few logic changes I'd like to discuss with Andreas. Added Andreas to (C) notices for posix_acls.c Jeremy.
* Start to merge the new ACL mapping code from Andreas Gruenbacher ↵Jeremy Allison2002-10-181-38/+68
| | | | | | <agruen@suse.de>. Jeremy.
* try to put every security descriptors related definitions in the same file.Simo Sorce2002-10-061-12/+28
| | | | | | also try to uniform names to a clean scheme. first part.
* Fix the compile issue in bin/samtest, and make the 'system' token just have theAndrew Bartlett2002-09-301-5/+2
| | | | | System sid. This avoids comparing with ACEs that we don't yet support in the ADS Domain security descriptor.
* Remove sam/api.c.Andrew Bartlett2002-09-291-0/+26
| | | | | | | | | | | | | | | | | | | | | | | | | | In order to reduce complexity, this patch removes the upper layer of the SAM API. Also, we remove the function pointers on the sam context - there really is no point making these replaceable - that's for the modules. Move a number of functions in include/interface.c around to allow for use of 'static' and to keep the external API in one chunk, at the bottem. All these functions were renamed to remove the context_sam -> sam Consequential changes in the samtest module, and back out metze's change for ACB filtering, becouse I think it belongs in the SAM backeds. (But I will take debate on this one). Changes to the lib/util_sid.c code to create a 'system' token, and make it a SAM_ASSERT() enforced requirement to have a token on those calls that specify it. samtest now uses this. We should have a samtest call to set your own token. We also need to extend our se_access code to cover the things that Win2k is returning in it's access tokens. Currently our system token doesn't pass, due to unexpected flags. (When running sam_ads against Win2k) Andrew Bartlett
* Add const.Andrew Bartlett2002-09-281-4/+4
|
* Merge of "profile acls" code.Jeremy Allison2002-09-251-2/+7
| | | | Jeremy.
* added a generic print_guid utility, and get the byte order handingAndrew Tridgell2002-08-191-0/+15
| | | | right
* make sure we zero the unusued elements in a SID when parsingAndrew Tridgell2002-07-311-0/+3
|
* make this a ZERO_STRUCTP for consitancy with the rest of Samba.Andrew Bartlett2002-07-131-1/+1
|
* (this should have been part of the previous commit)Andrew Bartlett2002-07-081-1/+37
| | | | | | | | | | Add a function to display 'sid types' as strings - makes rpcclient outptut and DEBUG() logs much eaiser to understand. Move the enum for SID types to smb.h, becouse is really isn't LSA specific any more. Andrew Bartlett
* used findstatic.pl to make some variables static and remove some deadAndrew Tridgell2002-07-011-23/+5
| | | | code
* Patch from ctrlsoft to make the pluggable passdb subsystem use an lp_listAndrew Bartlett2002-06-141-2/+2
| | | | | | | | | | | | | rather than a string when configuring mulitple backends. Also adjust some of the users of get_global_sam_sid() to cope with the fact that it just might not exist (uninitialised, can't access secrets.tdb). More places need conversion. Add some const and remove silly casts. Andrew Bartlett
* Add const, kill of useless casts and therefore eliminate warnings.Andrew Bartlett2002-06-141-3/+3
| | | | Andrew Bartlett
* Latest patch from metze <metze@metzemix.de> to move most of samba acrossAndrew Bartlett2002-06-131-4/+27
| | | | | | | | | | | to using SIDs instead of RIDs. The new funciton sid_peek_check_rid() takes an 'expected domain sid' argument. The idea here is to prevent mistakes where the SID is implict, but isn't the same one that we have in the struct. Andrew Bartlett
* Globally replace 'global_sam_sid' with get_global_sam_sid(), a selfAndrew Bartlett2002-06-071-4/+0
| | | | | | | | | initialising function. This patch thanks to the work of "Stefan (metze) Metzmacher" <metze@metzemix.de> This is partly to enable the transition to SIDs in the the passdb. Andrew Bartlett
* Move the code from lib/util_sid.c that deals with the global_sam_sid intoAndrew Bartlett2002-06-071-241/+1
| | | | | | | a file that is linked with the passdb. This is to avoid linking insanity when this global becomes a self-initing function.
* Better handling of uid/gid -> RID and RID -> uid/gid code.Andrew Bartlett2002-04-131-5/+12
| | | | | | | | | | | | | | | | | | | All uids and gids must create valid RIDs, becouse other code expects this, and can't handle the failure case. (ACL code in particular) Allow admins to adjust the base of the RID algorithm, so avoid clashes with users brought in from NT (for example). Put all the algorithm code back in one place, so that this change is global. Better coping with NULL sid pointers - but it still breaks a lot of stuff. BONUS: manpage entry for new paramater :-) counter based rids for normal users in tdbsam is disabled for the timebeing, idra and I will work out some things here soon I hope. Andrew Bartlett
* Add "Creator Group" - was in 2.2.x and I'm syncing up the two.Jeremy Allison2002-03-131-0/+2
| | | | Jeremy.
* add a note about the meaning of global_sam_sidAndrew Tridgell2002-03-101-0/+3
|
* this fixes the problem of not being able to add a SD to a file on aAndrew Tridgell2002-01-311-2/+0
| | | | | | | | | | | | | non-domain Samba server from a NT4 client. Note that this exactly reverses a change by Jeremy on the 18th of December 2001, reverting the code back to what JF originally wrote. I have looked carefully with a sniffer and JFs original NULL sid is correct (ie. it matches what NT4 does) and also fixes the problem. Sending a blank sid (which is what jeremy's patch did) causes NT4 to give a classic "parameter is incorrect error" and prevents the addition of new ACLs.
* Removed version number from file header.Tim Potter2002-01-301-2/+1
| | | | Changed "SMB/Netbios" to "SMB/CIFS" in file header.
* freeing the wrong pointer, sorry my mistake.Simo Sorce2001-12-301-5/+5
|
* util_sid.c - respect a const variabile (addedd strdup)Simo Sorce2001-12-301-4/+12
| | | | | | cli_reg.c - indentation pdb_ldap.c - some checks on init fns parameters pdb_tdb.c - some checks on init fns parameters + make sure we close the db on failure
* fixed sid_compare_domain()Andrew Tridgell2001-12-191-3/+29
|
* Fixup JF's weird SID return :-).Jeremy Allison2001-12-181-2/+4
| | | | Jeremy
* make sid_binstring available without HAVE_ADSAndrew Tridgell2001-12-101-0/+17
|
* added a boolean to the group mapping functions to specify if we need orJean-François Micouleau2001-12-041-1/+48
| | | | | | | | | | | | | | | | | | | | | not the privileges. Usually we don't need them, so the memory is free early. lib/util_sid.c: added some helper functions to check an SID. passdb/passdb.c: renamed local_lookup_rid() to local_lookup_sid() and pass an RID all the way. If the group doesn't exist on the domain SID, don't return a faked one as it can collide with a builtin one. Some rpc structures have been badly designed, they return only rids and force the client to do subsequent lsa_lookup_sid() on the domain sid and the builtin sid ! rpc_server/srv_util.c: wrote a new version of get_domain_user_groups(). Only the samr code uses it atm. It uses the group mapping code instead of a bloody hard coded crap. The netlogon code will use it too, but I have to do some test first. J.F.
* put sid_to_name behind the winbindd backend interfaceAndrew Tridgell2001-12-031-12/+26
| | | | | | | I spent quite a while trying to work out how to make this call via ldap and failed. I then found that MS servers seem use rpc for sid_to_name, and it works even when in native mode, I ended up just implementing it via rpc
* added a basic ADS backend to winbind. More work needed, but atAndrew Tridgell2001-12-031-1/+17
| | | | least basic operations work
* Removed totally annoying verbose debug in sid_to_string()Tim Potter2001-11-051-2/+0
|
* Removed 'extern int DEBUGLEVEL' as it is now in the smb.h header.Tim Potter2001-10-021-2/+0
|
* Ignore unmappable (NT Authority, BUILTIN etc.) SIDs in an ACL set.Jeremy Allison2001-09-221-0/+24
| | | | Jeremy.
* strchr and strrchr are macros when compiling with optimisation in gcc, so we ↵Andrew Tridgell2001-07-041-2/+2
| | | | can't redefine them. damn.
* Added sid_peek_rid() function to return the rid of a sid. Saves muckingTim Potter2001-05-101-0/+13
| | | | around with copying a sid to a temporary variable and using sid_split_rid().
* Merging Gerald's PDC SAM name fix.Jeremy Allison2001-05-031-13/+76
| | | | Jeremy.
* - fixed the sort_acl bug, sorting now works rightAndrew Tridgell2001-02-231-9/+20
| | | | | - don't allow setting of duplicate ACEs - fixed a ACE delete bug
* Changes from APPLIANCE_HEAD:David O'Neill2001-01-151-4/+9
| | | | | | | | | | | | | | | | | | | | | source/rpc_parse/parse_lsa.c - off by one unistr length bug in init_lsa_trans_name() source/lib/util_sid.c - resolve more BUILTIN sid values to names. source/nsswitch/wb_client.c - fix typo in debug message - set errno on error so we don't get bogus value from last failure. source/rpc_server/srv_spoolss_nt.c - add debug to track number of open printer handles for ease of tracking handle leaks in the future. source/rpc_server/srv_lsa.c - fix off-by-one string bug. This was preventing NT from displaying names for well-know SIDs in printer permissions dialog.
* Removed the special casing of SIDs in se_access_check. This is now done ↵Jeremy Allison2000-12-121-10/+43
| | | | | | | (correctly) when the NT_USER_TOKEN is *created*. Jeremy.
* Adding Herb's compile warning fixes to HEAD.Jeremy Allison2000-10-041-3/+7
| | | | Jeremy.
* Removed annoying unecessary debug message.Tim Potter2000-09-281-1/+0
|
* Added code to do SID to uid/gid conversion. Needed for ACL support.Jeremy Allison2000-08-231-2/+2
| | | | Jeremy.
* Added an NT_USER_TOKEN structure that is copied/passed around associatedJeremy Allison2000-08-031-3/+5
| | | | | | | with the current user. This will allow se_access_check() to quickly do a SD check without having to translate uid/gid's to SIDs. Still needs work on pipe calls. Jeremy.
* if the sids are not the same pointer and either of the sids are NULLAndrew Tridgell2000-07-251-0/+3
| | | | then the two sids are not equal
* Added global_sid_NULL S-1-0-0 to list of global sids.Tim Potter2000-07-061-0/+2
|
* lib/util_sid.c: Uninitialized memory read.Jeremy Allison2000-06-241-0/+2
| | | | | | | | | | rpc_parse/parse_spoolss.c: Added note about prs_align when marshalling a SEC_DESC... rpc_server/srv_lsa.c: Tim - your changes broke the display of the 'everyone' group when doing file access with no winbindd running. This is a partial fix - more when I have analysed this more. rpc_server/srv_spoolss_nt.c: Fix for the 'change driver' problem ! Hurrah ! Jeremy.
generated by cgit (git 2.34.1) at 2025-09-26 04:42:14 +0000