samba - Unnamed repository; edit this file 'description' to name the repository.

Age	Commit message (Collapse)	Author	Files	Lines
2001-01-04	Changes from APPLIANCE_HEAD:	David O'Neill	1	-5/+74
	source/Makefile.in - changes to ctags and etags rules that somehow got lost along the way. source/include/proto.h - make proto source/smbd/sec_ctx.c source/smbd/password.c - merge debugs for debugging user groups and NT token stuff. source/lib/util_str.c - capitalise domain name returned from parse_domain_user() source/nsswitch/wb_client.c - fix broken conditional in debug statement. source/include/rpc_secdes.h source/include/rpc_spoolss.h source/printing/nt_printing.c source/lib/util_seaccess.c - fix printer permission bugs related to ACE masks for printers. This adds mapping of generic access rights to object specific rights for NT printers. Still need to work out whether or not to ignore ACEs with certain flags set, though. See comments in util_seaccess.c:check_ace() for details. source/printing/nt_printing.c source/printing/printing.c - use PRINTER_ACCESS_ADMINISTER instead of JOB_ACCESS_ADMINISTER until we sort out printer/printjob permission stuff. (This used to be commit 1dba9c5cd1e6389734c648f6903abcb7c8d5b2f0)
2000-12-12	Removed the special casing of SIDs in se_access_check. This is now done ↵	Jeremy Allison	1	-31/+2
	(correctly) when the NT_USER_TOKEN is created. Jeremy. (This used to be commit 27d72ed1cf8ece2bede812341279ba5a7262ace4)
2000-12-12	Owner always has READ_CONTROL and WRITE_DAC access.	Jeremy Allison	1	-1/+3
	Jeremy. (This used to be commit 05fcb124dfbb1a257828e9dc6a7793fc3dc73c4b)
2000-08-10	Tidied up security rights definitions.	Jeremy Allison	1	-4/+4
	Jeremy. (This used to be commit e466c863f5540e13776f4477b6d58e3fbfe7276d)
2000-08-10	Removed requirement that sid have an owner before being interpreted.	Jeremy Allison	1	-18/+9
	Thanks to Elrond for pointing this out. Jeremy. (This used to be commit 1d9a5494f8214b8d6171073f4090687a8535d78c)
2000-08-09	Fixed memory leak with NT tokens.	Jeremy Allison	1	-2/+15
	Added debug messages to se_access_check(). Added FULL_ACCESS acl to default acl on printers. Jeremy. (This used to be commit 7507f6f408cf8b0f8d7e2b3da54ce5fb5ef5343b)
2000-08-08	Added SID "Everyone" S-1-1-0 as always matching if present in an ACE.	Jeremy Allison	1	-4/+17
	Jeremy. (This used to be commit b3a1038ac1bfb0c32e64f6cb26e5e46fbda794a2)
2000-08-08	Changed the sec desc access checks to match the spec. Needs testing.	Jeremy Allison	1	-220/+149
	Jeremy. (This used to be commit 5a4a7cd4727df5d1b5e71d343e776c7df52dc515)
2000-08-04	Fixed up se_access_check() to use the token list from the user struct	Jeremy Allison	1	-82/+32
	as the SID list. Now to go through and tidy up the algorithm. Jeremy. (This used to be commit 1f7300df6713a6728feb1600ca7e62fc213232fc)
2000-08-02	Started to canonicalize our handling of uid -> sid code in order to	Jeremy Allison	1	-19/+27
	get ready and fix se_access_check(). Added cannonical lookup_name(), lookup_sid(), uid_to_sid(), gid_to_sid() functions that look via winbind first the fall back on local lookup. All Samba should use these rather than trying to call winbindd code directly. Added NT_USER_TOKEN struct in user_struct, contains list of NT sids associated with this user. se_access_check() should use this (cached) value rather than attempting to do the same thing itself when given a uid/gid pair. More work needs to be done to preserve these things accross security context changes (especially with the tricky pipe problem) but I'm beginning to see how this will be done..... probably by registering a new vuid for an authenticated RPC pipe and not treating the pipe calls specially. More thoughts needed - but we're almost there... Jeremy. (This used to be commit 5e5cc6efe2e4687be59085f562caea1e2e05d0a8)
2000-07-17	Added some debugs.	Tim Potter	1	-13/+27
	Changed interface to se_access_check to take a user struct instead of each bit as a separate parameter. (This used to be commit ff7938310d0636b165b03a2b0a15e51494b2459f)
2000-07-10	Fixes for various compile warnings on Solaris 8.	Tim Potter	1	-1/+2
	(This used to be commit 898a483cdab1ed7d8ff902c0dc0e0620440ae4cd)
2000-07-10	Moved winbind client functions from various odd locations to	Tim Potter	1	-64/+0
	nsswitch/wb_client.c Merge of nsswitch/common.c rename to nsswitch/wb_common.c from TNG. (This used to be commit f866c18f6be65db67d9d2a6c0b42e1af3b421e6c)
2000-07-10	Added some useful debugging stuff.	Tim Potter	1	-10/+66
	Fixes for se_access_check() when you are the owner of the object. (This used to be commit 1478198b709b26d0007a8ff0586c34fc6f37a9d2)
2000-07-06	Rewrite of se_access_check() function. Added comments and fixed a bunch of	Tim Potter	1	-189/+287
	bugs. I think there is a problem though with the permissions granted when SEC_RIGHTS_MAXIMUM_ALLOWED is passed as the permissions requested. (This used to be commit 27d821913c87dddd44a0690f4b191c9d2445817e)
2000-06-08	added se_access_check.	Luke Leighton	1	-0/+279
	(This used to be commit 6de329f6bf9c26e132869cf43d4976d4881e285c)