summaryrefslogtreecommitdiff
path: root/libcli/security
AgeCommit message (Collapse)AuthorFilesLines
2015-08-26lib: Remove unused sid_blob_parseVolker Lendecke2-15/+6
Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
2015-08-26lib: Make sid_parse take a uint8_tVolker Lendecke2-2/+2
sid_parse takes a binary blob, uint8_t reflects this a bit better than char * does Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
2015-08-20lib: Use dom_sid_equal where appropriateVolker Lendecke1-1/+2
Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Ira Cooper <ira@samba.org>
2015-08-14lib: Remove some unused codeVolker Lendecke2-20/+0
Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Martin Schwenke <martin@meltin.net>
2015-08-14lib: Remove some unused codeVolker Lendecke2-24/+0
Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Martin Schwenke <martin@meltin.net>
2015-04-29s4: Fix bad review I did in dom_sid_parse_length() code.Jeremy Allison1-1/+2
Volker, apologies for the mistake. Spotted by Andrew Bartlett <abartlet@samba.org> Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Autobuild-User(master): Andrew Bartlett <abartlet@samba.org> Autobuild-Date(master): Wed Apr 29 08:20:23 CEST 2015 on sn-devel-104
2015-04-28lib: Simplify dom_sid_parse_lengthVolker Lendecke1-8/+3
Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
2015-03-30libcli/security: add security_descriptor_for_client() helper functionStefan Metzmacher2-0/+75
This prepares a possibly stripped security descriptor for a client. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Guenther Deschner <gd@samba.org>
2015-03-30libcli/security: support "IS" in SDDL for SID_NT_IUSRStefan Metzmacher1-0/+1
TODO: we should import the whole lists from [MS-DTYP]. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Guenther Deschner <gd@samba.org>
2015-02-26Fix whitespaceVolker Lendecke1-7/+7
Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
2014-12-04libcli/security: add a function that checks for MS NFS ACEsRalph Boehme2-0/+24
Signed-off-by: Ralph Boehme <slow@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
2014-12-04libcli/security: add NFS SID mappingsRalph Boehme2-0/+22
Signed-off-by: Ralph Boehme <slow@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
2014-08-22libcli/security: add better detection of SECINFO_[UN]PROTECTED_[D|S]ACL in ↵Stefan Metzmacher1-16/+20
get_sec_info() Bug: https://bugzilla.samba.org/show_bug.cgi?id=10773 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org> Autobuild-User(master): Stefan Metzmacher <metze@samba.org> Autobuild-Date(master): Fri Aug 22 02:52:50 CEST 2014 on sn-devel-104
2014-06-10libcli: Add a NULL check in dom_sid_stringVolker Lendecke1-0/+3
Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> Autobuild-User(master): Jeremy Allison <jra@samba.org> Autobuild-Date(master): Tue Jun 10 21:46:15 CEST 2014 on sn-devel-104
2014-05-29libcli/security: remove sec_ace_equalDavid Disseldorp2-33/+0
This function is a duplicate of security_ace_equal(), and is no longer used. Signed-off-by: David Disseldorp <ddiss@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Autobuild-User(master): Andrew Bartlett <abartlet@samba.org> Autobuild-Date(master): Thu May 29 03:34:38 CEST 2014 on sn-devel-104
2014-05-29secdesc: use security_ace_equal instead of sec_ace_equalDavid Disseldorp1-1/+1
Both offer the same functionality, sec_ace_equal() will be removed. Signed-off-by: David Disseldorp <ddiss@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2014-05-29libcli/security: cleanup security_ace_equal()David Disseldorp1-8/+20
This change cleans up the white-space damage, and converts the single line if-then statements to match Samba's coding conventions. Signed-off-by: David Disseldorp <ddiss@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2014-05-29libcli/security: remove unused sec_ace_del_sid()David Disseldorp2-33/+0
With sec_desc_del_sid() now gone, this can also be removed. Signed-off-by: David Disseldorp <ddiss@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2014-05-29libcli/security: remove unused sec_desc_del_sid()David Disseldorp2-37/+0
The function is unused, and shares mostly the same behaviour as security_descriptor_acl_del(). Signed-off-by: David Disseldorp <ddiss@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2014-05-29libcli/security: remove dup_sec_acl()David Disseldorp2-13/+0
With make_sec_desc() converted to use security_acl_dup(), which offers the same behaviour, this function is no longer needed. Signed-off-by: David Disseldorp <ddiss@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2014-05-29libcli/security: clean up and fix make_sec_descDavid Disseldorp1-48/+29
It currently leaks memory onto the provided talloc context on error, fix this. Use X_acl_dup() functions provided by secuity_descriptor.c, rather than the redundant secdesc.c calls. Also, use the IDL generated functions to calculate the security descriptor structure size. Signed-off-by: David Disseldorp <ddiss@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2014-05-28libcli/secdesc: remove dup_sec_desc()David Disseldorp2-21/+0
With all callers converted to use security_descriptor_copy(), this function can be removed. Signed-off-by: David Disseldorp <ddiss@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> Reviewed-by: Volker Lendecke <vl@samba.org>
2014-05-28libcli/secdesc: replace dup_sec_desc() usageDavid Disseldorp1-2/+5
Use security_descriptor_copy() instead, which is also provided by libcli. Signed-off-by: David Disseldorp <ddiss@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> Reviewed-by: Volker Lendecke <vl@samba.org>
2014-05-28libcli/sd: remove redundant sec_ace_add_sid()David Disseldorp2-27/+0
This function adds a new allow-type ACE to an existing ACE list. With the removal of sec_desc_add_sid(), this is no longer used internally. The same behaviour can be achieved via the much cleaner security_ace_create() function. Signed-off-by: David Disseldorp <ddiss@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> Reviewed-by: Volker Lendecke <vl@samba.org>
2014-05-28libcli/sd: remove redundant sec_desc_add_sid()David Disseldorp2-38/+0
This function adds an ACE to a security descriptor DACL. The same can be achieved via the more flexible and much cleaner security_ace_create() and security_descriptor_dacl_add() functions. Signed-off-by: David Disseldorp <ddiss@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> Reviewed-by: Volker Lendecke <vl@samba.org>
2014-05-27libcli: Simplify desc_ace_has_generic()Volker Lendecke1-9/+6
Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: David Disseldorp <ddiss@samba.org>
2014-05-27libcli: Simplify desc_expand_generic()Volker Lendecke1-13/+6
Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: David Disseldorp <ddiss@samba.org>
2014-05-27libcli: Avoid an explicit memset callVolker Lendecke1-4/+4
On x86 with -O3, this saves surprising 160 bytes .text Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: David Disseldorp <ddiss@samba.org>
2014-05-27libcli: Avoid a talloc/freeVolker Lendecke1-4/+6
Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: David Disseldorp <ddiss@samba.org>
2014-05-27libcli: Avoid a talloc/freeVolker Lendecke1-4/+6
Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: David Disseldorp <ddiss@samba.org>
2014-05-27libcli: Fix a memleakVolker Lendecke1-5/+3
struct security_ace has a struct dom_sid, not a pointer to it. So we don't have to talloc it first and then not free it. Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org> Autobuild-User(master): Volker Lendecke <vl@samba.org> Autobuild-Date(master): Tue May 27 12:54:55 CEST 2014 on sn-devel-104
2014-04-02libcli/security: s/remove/remove_ace/Stefan Metzmacher1-3/+3
Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2013-12-14secacl: Slightly simplify make_sec_aclVolker Lendecke1-3/+6
This avoids a complex if-expression Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> Autobuild-User(master): Jeremy Allison <jra@samba.org> Autobuild-Date(master): Sat Dec 14 00:10:21 CET 2013 on sn-devel-104
2013-12-13secacl: Fix a memleak in an error pathVolker Lendecke1-0/+1
Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
2013-12-13secacl: Don't use talloc_zeroVolker Lendecke1-1/+4
We initialize all but one field anyway Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
2013-12-13secacl: Fix whitespaceVolker Lendecke1-11/+11
Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
2013-10-25s4-dsacl: Fixed incorrect handling of privileges in sec_access_check_dsNadezhda Ivanova1-8/+4
Restore and backup privileges are not relevant to ldap access checks, and the TakeOwnership privilege should grant write_owner right Signed-off-by: Nadezhda Ivanova <nivanova@symas.com> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2013-08-06libcli: Add security_token_system_privilege().Andreas Schneider2-0/+23
Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Günther Deschner <gd@samba.org>
2013-07-31libcli: fix conversion logic in dom_sid_string_bufJeff Layton1-10/+18
Signed-off-by: Jeff Layton <jlayton@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
2013-07-31libcli: fix conversion logic in dom_sid_parse_endpJeff Layton1-14/+15
Signed-off-by: Jeff Layton <jlayton@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
2013-04-02Add a comment about why we are removing the INHERITED bit so people understand.Richard Sharpe1-0/+9
Signed-off-by: Richard Sharpe <realrichardsharpe@gmail.com> Reviewed-by: Andreas Schneider <asn@samba.org> Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org> Autobuild-Date(master): Tue Apr 2 20:05:13 CEST 2013 on sn-devel-104
2013-03-28Make sure that we only propogate the INHERITED flag when we are allowed to.Richard Sharpe1-1/+2
Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Richard Sharpe <realrichardsharpe@gmail.com> Autobuild-User(master): Jeremy Allison <jra@samba.org> Autobuild-Date(master): Thu Mar 28 19:43:41 CET 2013 on sn-devel-104
2013-02-23Fix bug #9674 - Samba denies owner Read Control when there is a DENY entry ↵Richard Sharpe1-3/+3
while W2K08 does not. Signed-off-by: Richard Sharpe <rsharpe@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> Autobuild-User(master): Jeremy Allison <jra@samba.org> Autobuild-Date(master): Sat Feb 23 19:28:15 CET 2013 on sn-devel-104
2013-01-27libcli/security: calculate INHERIT_ONLY correcty for AUDIT and ALARM aces ↵Stefan Metzmacher1-4/+16
(bug #9481) Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2013-01-22libcli-acl: add documentationMatthieu Patou1-1/+19
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2013-01-21security: Add documentationMatthieu Patou1-0/+9
Names seems to be a bit cryptic and misleading (at least for me). So documenting them should remove at least partially this problem. Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2013-01-21libcli-security: Add documentation for object_tree_modify_accessMatthieu Patou1-2/+12
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2013-01-21libcli/security: remove useless if (root->num_of_children > 0) statementsAndrew Bartlett1-8/+4
The for loop does this implicitly when comparing for (i = 0; i < root->num_of_children; i++) Andrew Bartlett Reviewed-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2013-01-21libcli/security: add init_mask to existing children in insert_in_object_treeStefan Metzmacher1-0/+1
Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2013-01-21libcli/security: handle node initialisation in one spot in ↵Andrew Bartlett2-38/+37
insert_in_object_tree() This removes special-case for initalising the children array in insert_in_object_tree(). talloc_realloc() handles the intial allocate case perfectly well, so there is no need to have this duplicated. This also restores having just one place were the rest of the elements are intialised, to ensure uniform behaviour. To do this, we have to rework insert_in_object_tree to have only one output variable, both because having both root and new_node as output variables was too confusing, and because otherwise the two pointers were being allowed to point at the same memory. Andrew Bartlett Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
generated by cgit v1.2.3 (git 2.25.1) at 2026-05-17 09:09:02 +0000