s3-rpc_server: move services into individual directories. Guenther Autobuild-User: Günther Deschner <gd@samba.org> Autobuild-Date: Thu Feb 10 22:13:17 CET 2011 on sn-devel-104
s3-auth Rename cryptic 'ptok' to security_token This will allow the auth_serversupplied_info struct to be migrated to auth_session_info easier. Adnrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org>
libcli/security Provide a common, top level libcli/security/security.h This will reduce the noise from merges of the rest of the libcli/security code, without this commit changing what code is actually used. This includes (along with other security headers) dom_sid.h and security_token.h Andrew Bartlett Autobuild-User: Andrew Bartlett <abartlet@samba.org> Autobuild-Date: Tue Oct 12 05:54:10 UTC 2010 on sn-devel-104
s3-lsa: Fix sid in DEBUG in_lsa_EnumAccountRights. Andrew, you removed the sid_copy buit forgot the sid, please check. Guenther
s3-util: use shared dom_sid_dup. Guenther
s3-util_sid: use shared dom_sid_compare_auth and dom_sid_equal_X functions. Guenther
s3-privs Overhaul PRIVILEGE_SET handling, avoid dealing with the bitmap This avoids us dealing with the privilege bitmap in the LSA server, and overhauls much of the rest of the handling to be currnet with the modern world of talloc. Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org>
s3-privs Hide the bitmap-based grant_privilege and revoke_privilege The new wrappers avoid anything but the core privileges code dealing with the bitmap values directly. Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org>
s3-privs Make privilege_enum_sids() take an LUID, not a bitmap This moves one more privileges call away from direct bitmap manipuation. Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org>
libcli/security make sec_privilege_id() return SEC_PRIV_INVALID on failure. Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org>
s3-privs Rework access_check_object() to take two privileges This allows the privileges bitmap to be used only when setting privileges, and uses an the LUID constant for all 'does this user have this privilege' operations. The advantage is that we now only need one API to determine if a token has a privilege, and much less code needs to know what type is used for the underlying bitmap. Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org>
libcli/security Remove luid_to_se_priv() and luid_to_privilege_name() These functions duplicate other functions in the merged code. Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org>
s3-privs Remove a pointer from grant_privilege() Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org>
s3-privs Remove pointer indirection from se_priv_to_privilege_set() Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org>
s3-privs Remove a pointer indirection from revoke_privilege() Signed-off-by: Andrew Tridgell <tridge@samba.org>
libcli/security Don't export privs[] as a global variable Instead, provide access functions for the LSA and net sam callers for the information they need. They still only enumerate the first 8 privileges that have traditionally been exposed. Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org>
s3-lsa Use sec_privilege_id() to lookup name to LUID Signed-off-by: Andrew Tridgell <tridge@samba.org>
libcli/security Return number of entries in the old source3 list This ensures there isn't a behaviour change when the source3 list is combined with the longer source4 list. Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org>
libcli/privileges Simplify get_privilege_luid() to return just the enum As Samba only deals with the lower 32 bits of the LUID, just return those and let the LSA layer deal with the upper 0 bits. Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org>
s3-privs Inline dump_se_priv into callers now that it's just a uint64_t The previous 128 bit structure needed this helper function. Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org>