Age | Commit message (Collapse) | Author | Files | Lines |
|
(This used to be commit b0132e94fc5fef936aa766fb99a306b3628e9f07)
|
|
Jeremy.
(This used to be commit 407e6e695b8366369b7c76af1ff76869b45347b3)
|
|
ALLOWED OBJECT
ACEs).
Guenther
(This used to be commit e138cbc876e50ae25cb15c5109a42bc8b800c1ba)
|
|
(This used to be commit 06c777529f62b29edda4e9820426117ec4a3546d)
|
|
descriptor
buffers.
Make security access masks simply a uint32 rather than a structure
with a uint32 in it.
(This used to be commit b41c52b9db5fc4a553b20a7a5a051a4afced9366)
|
|
(This used to be commit 5de76767e857e9d159ea46e2ded612ccd6d6bf19)
|
|
to do the upper layer directories but this is what
everyone is waiting for....
Jeremy.
(This used to be commit 9dafb7f48ca3e7af956b0a7d1720c2546fc4cfb8)
|
|
* \PIPE\unixinfo
* winbindd's {group,alias}membership new functions
* winbindd's lookupsids() functionality
* swat (trunk changes to be reverted as per discussion with Deryck)
(This used to be commit 939c3cb5d78e3a2236209b296aa8aba8bdce32d3)
|
|
* start adding write support to the Samba registry
Flesh out the server implementations of
RegCreateKey(), RegSetValue(), RegDeleteKey() and RegDeleteValue()
I can create a new key using regedit.exe now but the 'New Key #1'
key cannot be deleted yet.
(This used to be commit e188fdbef8f0ad202b0ecf3c30be2941ebe6d5b1)
|
|
* add calls to start and stop a service (to be filled
in by the backend routines in services/svc_*.c
(This used to be commit 793d28a946d83beb2576c5c8ce808d32c71c880a)
|
|
according to default security descriptor described in MSDN.
no one can get in to due to the permissions, but i'll fix
that next.
(This used to be commit 11902e503ed4f6d6991a9fe7521fe44168274ec8)
|
|
* removing the testprns tool
(This used to be commit 81ffb0dbbbd244623507880c323a3c37e2b8dc4d)
|
|
open and close the service control manager.
Also experimenting with ideas for cli_xxx() interface.
(This used to be commit 4da89ef17b8c4644b97b923cebfe8e446b508b4d)
|
|
* make sure to apply the rights_mask and not just the saved
bits from the mask in access_check_samr_object()
* allow root to grant/revoke privileges (in addition to Domain
Admins) as suggested by Volker.
Tested machine joins from XP, 2K, and NT4 with and without
pre-existing machine trust accounts. Also tested basic file
operations using cmd.exe and explorer.exe after changing the
STANDARD_RIGHTS_WRITE_ACCESS bitmask.
(This used to be commit c0e7f7ff60a4110809b8f500fdc68a1bf963da36)
|
|
* added SE_PRIV checks to access_check_samr_object() in order
to deal with the run-time security descriptor and their
interaction with user rights
* Reordered original patch in _samr_set_userinfo[2] to still
allow root/administrative password changes for users and machines.
(This used to be commit f9f9e6039bd9443d54445e41c3783a2be18925fb)
|
|
(This used to be commit 911a28361b9d8dd50597627f245ebfb57c6294fb)
|
|
discover names for the SAMR specific permissions that were previously unknown.
The existing constant names differ from what win2k calls them but since they
aren't heavily used in Samba at the moment I'll leave them as they are.
Jean-Baptiste's data is at:
http://ethereal.ntop.org/lists/ethereal-dev/200307/msg00314.html
(This used to be commit ae77e9e55438a9807da3696fd0d31fba6d0f7370)
|
|
Jeremy.
(This used to be commit 48853140749b74053f1a7857a983397b6e9a0234)
|
|
(This used to be commit 3ac622532a27659b9f9e26b1aa6858ce156641ac)
|
|
allow them to be changed. Works well with W2K and above.
Jeremy.
(This used to be commit 685e4e518236079f201650f26152f6f9ad3c61ab)
|
|
Thanks to Andrew Brtlet for the diff :-)
(This used to be commit cf67981e73cf52803eae589a6b86e1274bf72d2c)
|
|
in the reverse).
* add in new printer change notify code from SAMBA_2_2
* add in se_map_standard() from 2.2 in _spoolss_open_printer_ex()
* sync up the _print_queue_struct in smb.h (why did someone change the
user/file names in fs_user/fs_file (or vice-versa) ? )
* sync up some cli_spoolss_XXX functions
(This used to be commit 5760315c1de4033fdc22684c940f18010010924f)
|
|
<a.kotovich@sam-solutions.net> that adds the security decsriptor code
for ADS workstation accounts
thanks for your patience Cat, and thanks to Andrew Bartlett for
extensive reviews and suggestions about this code.
(This used to be commit 6891393b5db868246fe52ff62b3dc6aa5ca6f726)
|
|
Changed "SMB/Netbios" to "SMB/CIFS" in file header.
(This used to be commit 6a58c9bd06d0d7502a24bf5ce5a2faf0a146edfa)
|
|
definitions.
(This used to be commit 9712d3f15a47155f558d0034ef71fd06afb11301)
|
|
security descriptors and pointers. Syncup with 2.2 tree.
Jeremy.
(This used to be commit 14d5997dc841e78a619e865288486d50c245896d)
|
|
srv_samr.c: Fix for pw caching.
smbd/nttrans.c: Fix to allow trans create to set ACL on open.
Jeremy.
(This used to be commit c4f810a7588a2faf41f4222dc77678c53ab1dec0)
|
|
source/Makefile.in
- changes to ctags and etags rules that somehow got lost along the way.
source/include/proto.h
- make proto
source/smbd/sec_ctx.c
source/smbd/password.c
- merge debugs for debugging user groups and NT token stuff.
source/lib/util_str.c
- capitalise domain name returned from parse_domain_user()
source/nsswitch/wb_client.c
- fix broken conditional in debug statement.
source/include/rpc_secdes.h
source/include/rpc_spoolss.h
source/printing/nt_printing.c
source/lib/util_seaccess.c
- fix printer permission bugs related to ACE masks for printers.
This adds mapping of generic access rights to object specific
rights for NT printers. Still need to work out whether or not to
ignore ACEs with certain flags set, though. See comments in
util_seaccess.c:check_ace() for details.
source/printing/nt_printing.c
source/printing/printing.c
- use PRINTER_ACCESS_ADMINISTER instead of JOB_ACCESS_ADMINISTER
until we sort out printer/printjob permission stuff.
(This used to be commit 1dba9c5cd1e6389734c648f6903abcb7c8d5b2f0)
|
|
above this layer.
Jeremy.
(This used to be commit b90af886a951b7b049ed7a42e6d99c332e43897b)
|
|
Jeremy.
(This used to be commit e466c863f5540e13776f4477b6d58e3fbfe7276d)
|
|
Jeremy.
(This used to be commit 5a4a7cd4727df5d1b5e71d343e776c7df52dc515)
|
|
Jeremy.
(This used to be commit 341d07c516865bdd9be99f98cd0754d12b25f9c0)
|
|
(This used to be commit f9f2a04fdb7b2af1cfe5bf26ec6f0d955ea948b9)
|
|
it is now at the stage that winbindd can compile in the head branch,
but not link
(This used to be commit d178c00aae77710ae6ff20a7f54a30e3bd8232bb)
|
|
Jeremy.
(This used to be commit 41e37c51816ec048952ada1513c62f2689589001)
|
|
(This used to be commit 453a822a76780063dff23526c35408866d0c0154)
|
|
simplest method to get rpcclient's reggetsec command working. the
buffers passed as arguments in do_reg_get_key_sec() do need to be
locally allocated not dynamically allocated, as two calls to
reg_get_key_sec() are needed. on the first, the server fills in the
size of the security descriptor buffer needed. on the second, the
server fills in the security descriptor buffer.
(This used to be commit b2d9cbef6f65bb696df8d8f49aa0c240e0bb1f50)
|
|
(This used to be commit ec1b7000fd88c5a08e438c7033f60e49b9ec44a8)
|
|
kanji const char* warnings.
(This used to be commit 06abdfd68e1d7fa8741afc3f56ec7a13b5fa4ccc)
|
|
(This used to be commit 719382a5579e8798812bbccd14a4c1ffd9003f7a)
|
|
(This used to be commit abdc9d790b7d27b70aaf88451f5c82c99c94ca6e)
|
|
(This used to be commit cad5b1f1fb03e7b064040b7c5bef5cd86dd0e1ba)
|