summaryrefslogtreecommitdiffstats
path: root/source3/lib/util_seaccess.c
Commit message (Collapse)AuthorAgeFilesLines
* libcli/security Move source3/lib/util_seaccess.c into the common codeAndrew Bartlett2010-10-141-251/+0
| | | | Signed-off-by: Andrew Tridgell <tridge@samba.org>
* s3-acl Use uint32_t for counting the ACEsAndrew Bartlett2010-10-141-1/+1
| | | | Signed-off-by: Andrew Tridgell <tridge@samba.org>
* s3-acl Merge source4-supported privileges into se_access_checkAndrew Bartlett2010-10-141-5/+9
| | | | | | | | This will shortly be the common se_access_check function. Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org>
* s3 Replace is_sid_in_token() with security_token_has_sid() from common codeAndrew Bartlett2010-10-141-4/+4
| | | | | | | | The two routines are identical, so there is no need to keep both. Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org>
* libcli/security Provide a common, top level libcli/security/security.hAndrew Bartlett2010-10-121-0/+1
| | | | | | | | | | | | | | This will reduce the noise from merges of the rest of the libcli/security code, without this commit changing what code is actually used. This includes (along with other security headers) dom_sid.h and security_token.h Andrew Bartlett Autobuild-User: Andrew Bartlett <abartlet@samba.org> Autobuild-Date: Tue Oct 12 05:54:10 UTC 2010 on sn-devel-104
* s3-util_sid Tidy up global struct security_tokenAndrew Bartlett2010-09-111-2/+0
| | | | | | | | | This no longer needs to be global, and should be const. We now also init it with the C99 style initialisers. Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org>
* s3-privs Convert from user_has_privileges() -> security_token_has_privilege()Andrew Bartlett2010-09-111-2/+2
| | | | | | | | | This new call is available in the merged privileges code, and takes an enum as the parameter, rather than a bitmask. Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org>
* s3:auth Remove NT_USER_TOKENAndrew Bartlett2010-09-111-3/+3
| | | | | | | | | The all UPPER case typedef is no longer the preferred Samba style and this makes it easier to see that this is the IDL-derivied structure Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org>
* s3-lib: Make the standard_mapping parameter const.Andreas Schneider2010-07-271-1/+1
| | | | Signed-off-by: Jim McDonough <jmcd@samba.org>
* s3: Remove unused samr_make_sam_obj_sdVolker Lendecke2010-01-101-40/+0
|
* Fix bug #6082 - smbd_gpfs_getacl failed: Windows client can´t rename or ↵Jeremy Allison2009-02-021-1/+4
| | | | | | | | | delete file This fixes the generic rename/delete problem for 3.3.0 and above. Fixed slightly differently to discussions, user viewable modified ACLs are not a good idea :-). Jeremy.
* Pass all the non-inherited S4 RAW-ACL tests.Jeremy Allison2008-11-031-0/+7
| | | | Jeremy.
* Get closer to passing S4 RAW-ACLs.Jeremy Allison2008-10-311-2/+2
| | | | Jeremy.
* Unify se_access_check with the S4 code. Will makeJeremy Allison2008-10-311-220/+121
| | | | | | calculation of SEC_FLAG_MAXIMUM_ALLOWED much easier for files. Jeremy.
* Remove SEC_ACCESS. It's a uint32_t.Jeremy Allison2008-10-091-7/+7
| | | | Jeremy.
* For the vfs_acl_xattr.c module, make sure we map GENERIC file and directory bitsJeremy Allison2008-10-081-0/+18
| | | | | | | to specific bits every time a security descriptor is set. The S4 torture suite proves that generic bits are not returned when querying an ACL set using them (ie. only the specific bits are stored on disk). Jeremy.
* Some C++ fixesVolker Lendecke2007-12-211-1/+3
| | | | (This used to be commit 5c392c4c6e277a24d0d477902dc7856b2b46ee53)
* Replace sid_string_static by sid_string_dbg in DEBUGsVolker Lendecke2007-12-151-11/+14
| | | | (This used to be commit bb35e794ec129805e874ceba882bcc1e84791a09)
* RIP BOOL. Convert BOOL -> bool. I found a few interestingJeremy Allison2007-10-181-2/+2
| | | | | | | | bugs in various places whilst doing this (places that assumed BOOL == int). I also need to fix the Samba4 pidl generation (next checkin). Jeremy. (This used to be commit f35a266b3cbb3e5fa6a86be60f34fe340a3ca71f)
* r25534: Apply some constVolker Lendecke2007-10-101-1/+1
| | | | | | | Why? It moves these structs from the data into the text segment, so they will never been copy-on-write copied. Not much, but as in German you say "Kleinvieh macht auch Mist...." (This used to be commit 0141e64ad4972232de867137064d0dae62da22ee)
* r23784: use the GPLv3 boilerplate as recommended by the FSF and the license textAndrew Tridgell2007-10-101-2/+1
| | | | (This used to be commit b0132e94fc5fef936aa766fb99a306b3628e9f07)
* r23779: Change from v2 or later to v3 or later.Jeremy Allison2007-10-101-1/+1
| | | | | Jeremy. (This used to be commit 407e6e695b8366369b7c76af1ff76869b45347b3)
* r18745: Use the Samba4 data structures for security descriptors and security ↵Jelmer Vernooij2007-10-101-5/+5
| | | | | | | | | | descriptor buffers. Make security access masks simply a uint32 rather than a structure with a uint32 in it. (This used to be commit b41c52b9db5fc4a553b20a7a5a051a4afced9366)
* r6263: Get rid of generate_wellknown_sids, they are const static and ↵Volker Lendecke2007-10-101-2/+0
| | | | | | | | | initializable statically. Volker (This used to be commit 3493d9f383567d286e69c0e60c0708ed400a04d9)
* r6225: get rid of warnings from my compiler about nested externsHerb Lewis2007-10-101-2/+2
| | | | (This used to be commit efea76ac71412f8622cd233912309e91b9ea52da)
* r6014: rather large change set....Gerald Carter2007-10-101-0/+39
| | | | | | | | | | | | | | | pulling back all recent rpc changes from trunk into 3.0. I've tested a compile and so don't think I've missed any files. But if so, just mail me and I'll clean backup in a couple of hours. Changes include \winreg, \eventlog, \svcctl, and general parse_misc.c updates. I am planning on bracketing the event code with an #ifdef ENABLE_EVENTLOG until I finish merging Marcin's changes (very soon). (This used to be commit 4e0ac63c36527cd8c52ef720cae17e84f67e7221)
* r5150: consolidate the samr_make.*obj_sd() functions to share codeGerald Carter2007-10-101-39/+0
| | | | (This used to be commit 5bd03d59263ab619390062c1d023ad1ba54dce6a)
* split some security related functions in their own files.Simo Sorce2003-10-061-129/+0
| | | | | | | | | (no need to include all of smbd files to use some basic sec functions) also minor compile fixes couldn't compile to test these due to some kerberos problems wirh 3.0, but on HEAD they're working well, so I suppose it's ok to commit (This used to be commit c78f2d0bd15ecd2ba643bb141cc35a3405787aa1)
* Ensure that dup_sec_desc copies the 'type' field correctly. This causedJeremy Allison2003-09-191-2/+2
| | | | | | | | me to expose a type arguement to make_sec_desc(). We weren't copying the SE_DESC_DACL_AUTO_INHERITED flag which could cause errors on auto inherited checks. Jeremy. (This used to be commit 28b315a7501f42928d73efaa75f74146ba95cf2d)
* Merge doxygen, signed/unsigned, const and other small fixes from HEAD to 3.0.Andrew Bartlett2003-02-241-1/+1
| | | | | Andrew Bartlett (This used to be commit 9ef0d40c3f8aef52ab321dc065264c42065bc876)
* port sec_desc headers reordering from HEAD.Simo Sorce2002-11-021-2/+2
| | | | | Thanks to Andrew Brtlet for the diff :-) (This used to be commit cf67981e73cf52803eae589a6b86e1274bf72d2c)
* syncing up with HEAD. Seems to be a lot of differences creeping inGerald Carter2002-10-011-1/+1
| | | | | | (i ignored the new SAMBA stuff, but the rest of this looks like it should have been merged already). (This used to be commit 3de09e5cf1f667e410ee8b9516a956860ce7290f)
* sync'ing up for 3.0alpha20 releaseGerald Carter2002-09-251-10/+52
| | | | (This used to be commit 65e7b5273bb58802bf0c389b77f7fcae0a1f6139)
* updated the 3.0 branch from the head branch - ready for alpha18Andrew Tridgell2002-07-151-2/+0
| | | | (This used to be commit 03ac082dcb375b6f3ca3d810a6a6367542bc23ce)
* Renamed get_nt_error_msg() to nt_errstr().Tim Potter2002-03-171-1/+1
| | | | (This used to be commit 1f007d3ed41c1b71a89fa6be7d173e67e927c302)
* syncing up printing code with SAMBA_2_2 (already done some mergesGerald Carter2002-03-151-0/+25
| | | | | | | | | | | | | | in the reverse). * add in new printer change notify code from SAMBA_2_2 * add in se_map_standard() from 2.2 in _spoolss_open_printer_ex() * sync up the _print_queue_struct in smb.h (why did someone change the user/file names in fs_user/fs_file (or vice-versa) ? ) * sync up some cli_spoolss_XXX functions (This used to be commit 5760315c1de4033fdc22684c940f18010010924f)
* Removed version number from file header.Tim Potter2002-01-301-2/+1
| | | | | Changed "SMB/Netbios" to "SMB/CIFS" in file header. (This used to be commit 6a58c9bd06d0d7502a24bf5ce5a2faf0a146edfa)
* tidy up debugJean-François Micouleau2001-12-171-1/+1
| | | | | J.F. (This used to be commit c44f4e9e3368320b7559059dc214fa6c003d1187)
* Renamed sid field in SEC_ACE to trustee to be more in line with MS'sTim Potter2001-11-301-4/+4
| | | | | definitions. (This used to be commit 9712d3f15a47155f558d0034ef71fd06afb11301)
* I *love* removing code :-). Removed 4 files that weren't being used.Jeremy Allison2001-11-161-1/+1
| | | | | | | All this stuff was being pulled in due to *one* unneeded call to fetch a domain SID which smbpasswd already puts in the database... Jeremy. (This used to be commit 6bf2505cce7db770fd4db5b19999a78588e96b58)
* Removed 'extern int DEBUGLEVEL' as it is now in the smb.h header.Tim Potter2001-10-021-2/+0
| | | | (This used to be commit 2d0922b0eabfdc0aaf1d0797482fef47ed7fde8e)
* Added Elrond patch to make se_access_check use NT datastructures, not Samba.Jeremy Allison2001-09-261-5/+8
| | | | | Jeremy. (This used to be commit bca6419447e926e51aeecf3e484228f640cecb84)
* converted another bunch of stuff to NTSTATUSAndrew Tridgell2001-08-271-4/+4
| | | | (This used to be commit 1d36250e338ae0ff9fbbf86019809205dd97d05e)
* started converting NTSTATUS to be a structure on systems with gcc in order ↵Andrew Tridgell2001-08-271-6/+11
| | | | | | to make it type incompatible with BOOL so we catch errors sooner. This has already found a number of bugs (This used to be commit 1b778bc7d22efff3f90dc450eb12baa1241cf68f)
* Don't use variables called "acl" as it's the name of a function in Solaris.Jeremy Allison2001-04-271-13/+13
| | | | | Jeremy. (This used to be commit 277eb517e25eb3910057336b2bee18875dffe6cc)
* Move to talloc control of SPOOL_XXX structs. Move to talloc control ofJeremy Allison2001-02-281-10/+5
| | | | | | security descriptors and pointers. Syncup with 2.2 tree. Jeremy. (This used to be commit 14d5997dc841e78a619e865288486d50c245896d)
* Changes from APPLIANCE_HEAD:David O'Neill2001-01-191-28/+119
| | | | | | | | | | | | | | | | | source/lib/util_seaccess.c - added se_create_child_secdesc() function which takes a parent (container) security descriptor and creates a security descriptor which has the inheritance flags for each ACE applied. In NT a print job is a child object of a printer so deleting and pausing/resuming jobs requires a check against the child security descriptor, not the parent. The values seen in NT printer security descriptors now all fit together in a natural and elegant way which is always nice. - Removed #ifdef'ed out portion of check_ace() when the INHERIT_ONLY flag is set as the se_create_child_secdesc() function now creates a security descriptor which can be used without this hack. (This used to be commit f125b9a94413fd481ae9f05ec5096ef79f0d49e4)
* Changes from APPLIANCE_HEAD:David O'Neill2001-01-041-5/+74
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | source/Makefile.in - changes to ctags and etags rules that somehow got lost along the way. source/include/proto.h - make proto source/smbd/sec_ctx.c source/smbd/password.c - merge debugs for debugging user groups and NT token stuff. source/lib/util_str.c - capitalise domain name returned from parse_domain_user() source/nsswitch/wb_client.c - fix broken conditional in debug statement. source/include/rpc_secdes.h source/include/rpc_spoolss.h source/printing/nt_printing.c source/lib/util_seaccess.c - fix printer permission bugs related to ACE masks for printers. This adds mapping of generic access rights to object specific rights for NT printers. Still need to work out whether or not to ignore ACEs with certain flags set, though. See comments in util_seaccess.c:check_ace() for details. source/printing/nt_printing.c source/printing/printing.c - use PRINTER_ACCESS_ADMINISTER instead of JOB_ACCESS_ADMINISTER until we sort out printer/printjob permission stuff. (This used to be commit 1dba9c5cd1e6389734c648f6903abcb7c8d5b2f0)
* Removed the special casing of SIDs in se_access_check. This is now done ↵Jeremy Allison2000-12-121-31/+2
| | | | | | | | (correctly) when the NT_USER_TOKEN is *created*. Jeremy. (This used to be commit 27d72ed1cf8ece2bede812341279ba5a7262ace4)
* Owner always has READ_CONTROL and WRITE_DAC access.Jeremy Allison2000-12-121-1/+3
| | | | | Jeremy. (This used to be commit 05fcb124dfbb1a257828e9dc6a7793fc3dc73c4b)
generated by cgit (git 2.34.1) at 2025-09-25 22:54:58 +0000