| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
source/rpc_parse/parse_lsa.c
- off by one unistr length bug in init_lsa_trans_name()
source/lib/util_sid.c
- resolve more BUILTIN sid values to names.
source/nsswitch/wb_client.c
- fix typo in debug message
- set errno on error so we don't get bogus value from last failure.
source/rpc_server/srv_spoolss_nt.c
- add debug to track number of open printer handles for ease of
tracking handle leaks in the future.
source/rpc_server/srv_lsa.c
- fix off-by-one string bug. This was preventing NT from
displaying names for well-know SIDs in printer permissions
dialog.
(This used to be commit 59229b9025cff54cbdd05e374616ffbf9c6fee33)
|
|
source/Makefile.in
- changes to ctags and etags rules that somehow got lost along the way.
source/include/proto.h
- make proto
source/smbd/sec_ctx.c
source/smbd/password.c
- merge debugs for debugging user groups and NT token stuff.
source/lib/util_str.c
- capitalise domain name returned from parse_domain_user()
source/nsswitch/wb_client.c
- fix broken conditional in debug statement.
source/include/rpc_secdes.h
source/include/rpc_spoolss.h
source/printing/nt_printing.c
source/lib/util_seaccess.c
- fix printer permission bugs related to ACE masks for printers.
This adds mapping of generic access rights to object specific
rights for NT printers. Still need to work out whether or not to
ignore ACEs with certain flags set, though. See comments in
util_seaccess.c:check_ace() for details.
source/printing/nt_printing.c
source/printing/printing.c
- use PRINTER_ACCESS_ADMINISTER instead of JOB_ACCESS_ADMINISTER
until we sort out printer/printjob permission stuff.
(This used to be commit 1dba9c5cd1e6389734c648f6903abcb7c8d5b2f0)
|
|
printer_access_check to break in a domain environment.
Jeremy.
(This used to be commit 0fc1a461504f87c145f5f91189bd767989c488f2)
|
|
falling back to the UNIX calls on error. This should fix all problems with
smbd enumerating all users in all groups in all trusted domains via winbindd.
Also changed GETDC to query 1C name rather than 1b name as only the PDC
registers 1b.
Jeremy.
(This used to be commit 5b0038a2afd8abbd6fd4a58f5477a40d1926d498)
|
|
Jeremy.
(This used to be commit c7c90c83372df53eac0f3779dffedd4b28c8c757)
|
|
(This used to be commit 5f3cf2eb78bfa6fb00890d449d38e9f13964712c)
|
|
functionality. This is much faster than inverting the group database.
Added client side command for this to wbinfo.
(This used to be commit e87b2d3d1fb84311d83d21a76900f994e4ff71dd)
|
|
Jeremy.
(This used to be commit 6696bf203c90dc20c00b47737f5ea1d9b8e23d75)
|
|
(This used to be commit 178e6971005505d2debd74b761ecfaa982336a53)
|
|
(This used to be commit ec7f7e350dc1dfa757436cb0efe777c3e0719877)
|
|
Jeremy.
(This used to be commit 8317d70a35086c5539e67d60cbcf937b6ce0932c)
|
|
Jeremy.
(This used to be commit 81c5380f91839b6416c8a42739dadf00e7388528)
|
|
get ready and fix se_access_check().
Added cannonical lookup_name(), lookup_sid(), uid_to_sid(), gid_to_sid()
functions that look via winbind first the fall back on local lookup.
All Samba should use these rather than trying to call winbindd code
directly.
Added NT_USER_TOKEN struct in user_struct, contains list of NT sids
associated with this user.
se_access_check() should use this (cached) value rather than attempting
to do the same thing itself when given a uid/gid pair.
More work needs to be done to preserve these things accross security
context changes (especially with the tricky pipe problem) but I'm
beginning to see how this will be done..... probably by registering
a new vuid for an authenticated RPC pipe and not treating the
pipe calls specially.
More thoughts needed - but we're almost there...
Jeremy.
(This used to be commit 5e5cc6efe2e4687be59085f562caea1e2e05d0a8)
|
|
Jeremy.
(This used to be commit d85deb9e4e9c9784006292d3cb5a6b7b408ff972)
|
|
nsswitch/wb_client.c
Merge of nsswitch/common.c rename to nsswitch/wb_common.c from TNG.
(This used to be commit f866c18f6be65db67d9d2a6c0b42e1af3b421e6c)
|
