diff options
| author | Gerald Carter <jerry@samba.org> | 2005-01-17 20:27:29 +0000 |
|---|---|---|
| committer | Gerald (Jerry) Carter <jerry@samba.org> | 2007-10-10 10:53:55 -0500 |
| commit | ade3ef6f0435a06d602519c012ffa6a0b0fbec71 (patch) | |
| tree | d9519f0f1bdcc18c2f3291e2895a7417513bf257 /source3/param | |
| parent | 46e5effea948931509283cb84b27007d34b521c8 (diff) | |
| download | samba-ade3ef6f0435a06d602519c012ffa6a0b0fbec71.tar.gz samba-ade3ef6f0435a06d602519c012ffa6a0b0fbec71.tar.bz2 samba-ade3ef6f0435a06d602519c012ffa6a0b0fbec71.zip | |
r4809: * include SeDiskOperatorPrivilege and SeRemoteShutdownPrivilege
(noty enfornced yet though)
* add 'enable privileges (off by default) to control whether or
not any privuleges can be assigned to SIDs
(This used to be commit cf63519169d2f3c56a6acf46b9257f4c11d5ea74)
Diffstat (limited to 'source3/param')
| -rw-r--r-- | source3/param/loadparm.c | 9 |
1 files changed, 9 insertions, 0 deletions
diff --git a/source3/param/loadparm.c b/source3/param/loadparm.c index e6beebedb8..8531b2fdd1 100644 --- a/source3/param/loadparm.c +++ b/source3/param/loadparm.c @@ -291,6 +291,7 @@ typedef struct BOOL bKernelChangeNotify; BOOL bUseKerberosKeytab; BOOL bDeferSharingViolations; + BOOL bEnablePrivileges; int restrict_anonymous; int name_cache_timeout; int client_signing; @@ -809,6 +810,7 @@ static struct parm_struct parm_table[] = { {"root dir", P_STRING, P_GLOBAL, &Globals.szRootdir, NULL, NULL, FLAG_HIDE}, {"root", P_STRING, P_GLOBAL, &Globals.szRootdir, NULL, NULL, FLAG_HIDE}, {"guest account", P_STRING, P_GLOBAL, &Globals.szGuestaccount, NULL, NULL, FLAG_BASIC | FLAG_ADVANCED}, + {"enable privileges", P_BOOL, P_GLOBAL, &Globals.bEnablePrivileges, NULL, NULL, FLAG_ADVANCED}, {"pam password change", P_BOOL, P_GLOBAL, &Globals.bPamPasswordChange, NULL, NULL, FLAG_ADVANCED}, {"passwd program", P_STRING, P_GLOBAL, &Globals.szPasswdProgram, NULL, NULL, FLAG_ADVANCED}, @@ -1538,6 +1540,12 @@ static void init_globals(void) Globals.bDeferSharingViolations = True; string_set(&Globals.smb_ports, SMB_PORTS); + + /* don't enable privileges by default since Domain + Admins can then assign thr rights to perform certain + operations as root */ + + Globals.bEnablePrivileges = False; } static TALLOC_CTX *lp_talloc; @@ -1775,6 +1783,7 @@ FN_GLOBAL_BOOL(lp_hostname_lookups, &Globals.bHostnameLookups) FN_GLOBAL_BOOL(lp_kernel_change_notify, &Globals.bKernelChangeNotify) FN_GLOBAL_BOOL(lp_use_kerberos_keytab, &Globals.bUseKerberosKeytab) FN_GLOBAL_BOOL(lp_defer_sharing_violations, &Globals.bDeferSharingViolations) +FN_GLOBAL_BOOL(lp_enable_privileges, &Globals.bEnablePrivileges) FN_GLOBAL_INTEGER(lp_os_level, &Globals.os_level) FN_GLOBAL_INTEGER(lp_max_ttl, &Globals.max_ttl) FN_GLOBAL_INTEGER(lp_max_wins_ttl, &Globals.max_wins_ttl) |