summaryrefslogtreecommitdiff
path: root/source3/lib/privileges.c
AgeCommit message (Collapse)AuthorFilesLines
2007-10-10r6080: Port some of the non-critical changes from HEAD to 3_0. The main one ↵Volker Lendecke1-1/+1
is the change in pdb_enum_alias_memberships to match samr.idl a bit closer. Volker (This used to be commit 3a6786516957d9f67af6d53a3167c88aa272972f)
2007-10-10r5953: more compiler cleanups; moved SID_LIST from smb.h to privileges.c to ↵Gerald Carter1-1/+6
cleanup the name space (This used to be commit 7dfafa712deb115e425c7367296400c54827a217)
2007-10-10r5726: merge LsaLookupPrivValue() code from trunkGerald Carter1-59/+57
(This used to be commit 277203b5356af58ce62eb4eec0db2eccadeeffd6)
2007-10-10r5484: Fix a memleakVolker Lendecke1-2/+2
(This used to be commit 7b9cb0601ce465361618fcc2c88f8195d93f130a)
2007-10-10r5436: small merges from trunkGerald Carter1-5/+5
(This used to be commit f17ffdf805ef8afad2b8d63b619c52540001a546)
2007-10-10r5203: additional changes for BUG 2291 to restrict who can join a BDC and ↵Gerald Carter1-1/+1
add domain trusts (This used to be commit 5ec1faa2ad33772fb48c3863e67d2ce4be726bb2)
2007-10-10r5015: (based on abartlet's original patch to restrict password changes)Gerald Carter1-4/+74
* added SE_PRIV checks to access_check_samr_object() in order to deal with the run-time security descriptor and their interaction with user rights * Reordered original patch in _samr_set_userinfo[2] to still allow root/administrative password changes for users and machines. (This used to be commit f9f9e6039bd9443d54445e41c3783a2be18925fb)
2007-10-10r4995: fail set_privileges() if 'enable privileges = no' to prevent confused ↵Gerald Carter1-0/+3
admins who never read what I write :-) (This used to be commit 1d7a636e0e7f8a0bc3d3ae04b40f79db7f08d619)
2007-10-10r4849: * finish SeAddUsers support in srv_samr_nt.cGerald Carter1-7/+18
* define some const SE_PRIV structure for use when you need a SE_PRIV* to a privilege * fix an annoying compiler warngin in smbfilter.c * translate SIDs to names in 'net rpc rights list accounts' * fix a seg fault in cli_lsa_enum_account_rights caused by me forgetting the precedence of * vs. [] (This used to be commit d25fc84bc2b14da9fcc0f3c8d7baeca83f0ea708)
2007-10-10r4822: fix return code when you ask for a non-privileged SID via one of the ↵Gerald Carter1-0/+9
privileges RPC calls (This used to be commit 3f4f2c80fd157796a7ba56f31f921e8a3ce46bc3)
2007-10-10r4809: * include SeDiskOperatorPrivilege and SeRemoteShutdownPrivilegeGerald Carter1-88/+25
(noty enfornced yet though) * add 'enable privileges (off by default) to control whether or not any privuleges can be assigned to SIDs (This used to be commit cf63519169d2f3c56a6acf46b9257f4c11d5ea74)
2007-10-10r4805: Last planned change to the privileges infrastructure:Gerald Carter1-120/+309
* rewrote the tdb layout of privilege records in account_pol.tdb (allow for 128 bits instead of 32 bit flags) * migrated to using SE_PRIV structure instead of the PRIVILEGE_SET structure. The latter is now used for parsing routines mainly. Still need to incorporate some client support into 'net' so for setting privileges. And make use of the SeAddUserPrivilege right. (This used to be commit 41dc7f7573c6d637e19a01e7ed0e716ac0f1fb15)
2007-10-10r4742: add server support for lsa_add/remove_account_rights() and fix some ↵Gerald Carter1-12/+65
parsing bugs related to that code (This used to be commit 7bf1312287cc1ec6b97917ba25fc60d6db09f26c)
2007-10-10r4731: Fix the buildVolker Lendecke1-1/+2
(This used to be commit 340d7f317332f159460d04db8ccc75116c83d234)
2007-10-10r4724: Add support for Windows privileges in Samba 3.0Gerald Carter1-218/+429
(based on Simo's code in trunk). Rewritten with the following changes: * privilege set is based on a 32-bit mask instead of strings (plans are to extend this to a 64 or 128-bit mask before the next 3.0.11preX release). * Remove the privilege code from the passdb API (replication to come later) * Only support the minimum amount of privileges that make sense. * Rewrite the domain join checks to use the SeMachineAccountPrivilege instead of the 'is a member of "Domain Admins"?' check that started all this. Still todo: * Utilize the SePrintOperatorPrivilege in addition to the 'printer admin' parameter * Utilize the SeAddUserPrivilege for adding users and groups * Fix some of the hard coded _lsa_*() calls * Start work on enough of SAM replication to get privileges from one Samba DC to another. * Come up with some management tool for manipultaing privileges instead of user manager since it is buggy when run on a 2k client (haven't tried xp). Works ok on NT4. (This used to be commit 77c10ff9aa6414a31eece6dfec00793f190a9d6c)
2007-10-10r4088: Get medieval on our ass about malloc.... :-). Take control of all our ↵Jeremy Allison1-6/+6
allocation functions so we can funnel through some well known functions. Should help greatly with malloc checking. HEAD patch to follow. Jeremy. (This used to be commit 620f2e608f70ba92f032720c031283d295c5c06a)
2003-12-04don't crash on a NULL priviledge pointer; patch from Jianliang LuGerald Carter1-0/+6
(This used to be commit 2742e813fea2366f91bec62dca407f65ad5c4623)
2003-10-14Delete unused label to fix compiler warning.Tim Potter1-1/+0
(This used to be commit e34d21af3882a034810737039dbaae4d45e2645c)
2003-10-06split some security related functions in their own files.Simo Sorce1-0/+345
(no need to include all of smbd files to use some basic sec functions) also minor compile fixes (This used to be commit 66074d3b097d8cf2a231bf08c7f4db62da68189d)