Age | Commit message (Collapse) | Author | Files | Lines |
|
(This used to be commit aa2abacaf48924797b6803786c14c9f303185e4a)
|
|
to lookup what SIDs have a particular privilege (that is how
privileges are stored).
(This used to be commit 3ddb5fb0dd33992b7db54a661752551a3fefc0b4)
|
|
what was requested.
(This used to be commit 64ac6c2bcb729c4658de48e929cc792681903ecc)
|
|
this now gives us complete remove privileges control in the client
libs, so we are in good shape for starting on the server side.
(This used to be commit bf99440398db86f46233eb2f5adddffb61280a1b)
|
|
lsa_add_acct_rights function.
This allows us to add privileges remotely to accounts using rpcclient.
(This used to be commit 2e5e659e095a94b0716d97f673f993f0af99aabe)
|
|
(This used to be commit e3d00fa47d38cd214f5e350e1d6b30d90ed8a52c)
|
|
calls to init_unistr2() in the code and every one of them got the 3rd
argument incorrect, so I thought it best just to remove the argument.
The incorrect usage was caused by callers using strlen() to determine
the length of the string. The 3rd argument to init_unistr2() was
supposed to be the character length, not the byte length of the
string, so for non-english this could come out wrong.
I also removed the bogus 'always allocate at least 256 bytes'
hack. There may be some code that relies on this, but if there is then
the code is broken and needs fixing.
(This used to be commit b9eff31b1433c81fbff733e194914a40f25e3bda)
|
|
principal similar to the existing cli_lsa_enum_privsaccount() call,
except that cli_lsa_enum_account_rights() doesn't require a call to
open_account first. There is also the minor matter that
cli_lsa_enum_account_rights() works whereas
cli_lsa_enum_privsaccount() doesn't!
this call can be used to find what privileges an account or group
has. This is a first step towards proper privileges support in Samba.
(This used to be commit 65bac11d716f873dcdbda528313c33634c26a072)
|
|
This patch makes Samba compile cleanly with -Wwrite-strings.
- That is, all string literals are marked as 'const'. These strings are
always read only, this just marks them as such for passing to other functions.
What is most supprising is that I didn't need to change more than a few lines of code (all
in 'net', which got a small cleanup of net.h and extern variables). The rest
is just adding a lot of 'const'.
As far as I can tell, I have not added any new warnings - apart from making all
of tdbutil.c's function const (so they warn for adding that const string to
struct).
Andrew Bartlett
(This used to be commit 92a777d0eaa4fb3a1c7835816f93c6bdd456816d)
|
|
(This used to be commit c3b05b21a0340d8ff02a79401399e3d43d9e759a)
|
|
is netbios and dns domain info. Also add code to set/fetch the domain GUID
from secrets.tdb (although set is not yet called by anyone).
(This used to be commit 31d7168530ccce2c5e9e7f96464b47f4d9771a25)
|
|
code
(This used to be commit 91ad9041e9507d36eb3f40c23c5d4df61f139ef0)
|
|
(This used to be commit 897e64d2e0c1d04ab93441ccaffe369bf43be46e)
|
|
I think we may still need to look at our server enumeration code, but
other than that, its much better in the tree than out.
Andrew Bartlett
(This used to be commit d57a1b4629d12a0374cc6d74dfc6f5d4793fcef8)
|
|
<mimir@diament.ists.pwr.wroc.pl>) this patch allows samba to correctly
enumerate its trusted domains - by exaimining the keys in the secrets.tdb file.
This patch has been tested with both NT4 and rpcclient/wbinfo, and adds
some extra functionality to talloc and rpc_parse to allow it to deal with
already unicode strings.
Finally, this cleans up some const warnings that were in net_rpc.c by pushing
another dash of const into the rpc client code.
Andrew Bartlett
(This used to be commit 0bdd94cb992b40942aaf2e5e0efd2868b4686296)
|
|
and should be rewritten, just not now... :-).
Jeremy.
(This used to be commit 5de792e7e9c2ad1422ac146caba632baa3f4e5c5)
|
|
Changed "SMB/Netbios" to "SMB/CIFS" in file header.
(This used to be commit 6a58c9bd06d0d7502a24bf5ce5a2faf0a146edfa)
|
|
winbind default domains, particulary now I understand whats going on a lot
better. This ensures that the RPC client code does as little 'magic' as
possible - this is up to the application/user. (Where - for to name->sid code
- it was all along). This leaves the change that allows the sid->name code to
return domains and usernames in seperate paramaters.
Andrew Bartlett
(This used to be commit 5dfba2cf536f761b0aee314ed9e30dc53900b691)
|
|
just make it harder to debug (gcc stips optomises them away).
(This used to be commit 100d2705ddfa1fde73a0bb06e8e097b2b1cbf36a)
|
|
smbd, and also makes it much cleaner inside winbindd.
It is mostly my code, with a few changes and testing performed by Alexander
Bokovoy <a.bokovoy@sam-solutions.net>. ab has tested it in security=domain and
security=ads, but more testing is always appricatiated.
The idea is that we no longer cart around a 'domain\user' string, we keep them
seperate until the last moment - when we push that string into a pwent on onto
the socket.
This removes the need to be constantly parsing that string - the domain prefix
is almost always already provided, (only a couple of functions actually changed
arguments in all this).
Some consequential changes to the RPC client code, to stop it concatonating the
two strings (it now passes them both back as params).
I havn't changed the cache code, however the usernames will no longer have a
double domain prefix in the key string. The actual structures are unchanged
- but the meaning of 'username' in the 'rid' will have changed. (The cache is
invalidated at startup, so on-disk formats are not an issue here).
Andrew Bartlett
(This used to be commit e870f0e727952aeb8599cf93ad2650ae56eca033)
|
|
some cleanup of the lsa_open_policy and lsa_open_policy2 parser. the
length fields are not correct but that's what NT send. We don't anymore
underflow or overflow the decoding.
added the domain admins group to the default SD.
we are now checking the desired access flag in the lsa_open_policy_X()
calls and in most functions also.
J.F.
(This used to be commit a217c4e4ff4d13122703d22258792fe5e8e9f02f)
|
|
(This used to be commit 359ca8f246c46b1700418fe0226458023f808d67)
|
|
This time it's a PRIVILEGE_SET struct instead of a simple uint32 array. It
makes much more sense. Also added a uint32 systemaccount to the GROUP_MAP
struct as some privilege showing in USRMGR.EXE are not real privs but a
bitmask flag. I guess it's an heritage from NT 3.0 ! I could setup an NT
3.1 box to verify, but I'm too lazy (yes I still have my CDs).
Added 3 more LSA calls: SetSystemAccount, AddPrivileges and
RemovePrivileges, we can manage all this privilege from UserManager.
Time to change the NT_USER_TOKEN struct and add checks in all the rpc
functions. Fun, fun, fun.
J.F.
(This used to be commit 3f0a9ef2b8c626cfa2878394bb7b642342342bf3)
|
|
(This used to be commit 3f1cfb62e85343a45817651f111f01051fc66b18)
|
|
and more to come ...
J.F.
(This used to be commit 1748d5a2af1f2dcf718d6f162ed483b001542494)
|
|
an array of uint32. That's not perfect but that's better.
Added more privileges too.
Changed the local_lookup_rid/name functions in passdb.c to check if the
group is mapped. Makes the LSA rpc calls return correct groups
Corrected the return code in the LSA server code enum_sids.
Only enumerate well known aliases if they are mapped to real unix groups.
Won't confuse user seeing groups not available.
Added a short/long view to smbgroupedit.
now decoding rpc calls to add/remove privileges to sid.
J.F.
(This used to be commit f29774e58973f421bfa163c45bfae201a140f28c)
|
|
fixed lsa_enum_rpivs server code. This time it works as W2K.
fixed smbgroupedit to compile and work.
J.F.
(This used to be commit 646651018a2736833e49e76f6ca735a4647d9746)
|
|
of a privilege.
J.F.
(This used to be commit 84035ae72f422edadd9fa7e493c3d8176bb6a53d)
|
|
J.F.
(This used to be commit fa63cb78e326040f68d858d593ba98e06c26c92e)
|
|
(This used to be commit 2d0922b0eabfdc0aaf1d0797482fef47ed7fde8e)
|
|
the client code still needs some work
(This used to be commit dcd6e735f709a9231860ceb9682db40ff26c9a66)
|
|
(This used to be commit 1d36250e338ae0ff9fbbf86019809205dd97d05e)
|
|
Jeremy
(This used to be commit 0f5b187387fb536a6866d9109eff82411798f79e)
|
|
LSA_ENUM_PRIVS
LSA_PRIV_GET_DISPNAME
LSA_ENUM_ACCOUNTS
LSA_OPENACCOUNT
LSA_ENUMPRIVSACCOUNT
LSA_GETSYSTEMACCOUNT
It's a work in progress. nobody should expect it to work
J.F.
(This used to be commit 3056357cd8d4b2460f73ba8a8931a143f07fa2a6)
|
|
Jeremy.
(This used to be commit 7079300da6dbd950e55dc5871851250d5a3717ff)
|
|
Jeremy.
(This used to be commit 54ea00fa870f258b885b18e8684caa8488948607)
|
|
(This used to be commit a8c49d1e608b178bcc53725d4a26cebb799fc6eb)
|
|
RPC code to merge with new passdb code.
Currently rpcclient doesn't compile. I'm working on it...
Jeremy.
(This used to be commit 0be41d5158ea4e645e93e8cd30617c038416e549)
|
|
pool is getting bloated. Also added a talloc_zero function to return zeroed memory.
Added debug in rpc_server/srv_pipe_hnd.c so we know when a talloc pool is being
freed. Syncup with srv_pipe_hnd.c from 2.2 so we are freeing memory at the same time.
Jeremy.
(This used to be commit d3a56c6042acf037bbd53de88d7636a5803ead20)
|
|
srv_samr have been).
Jeremy.
(This used to be commit f434cda9774b4864321b37b0f8f42e6e8dee8d5b)
|
|
- fix typo in cast from talloc
(This used to be commit f24aa0b51f06b8181b46bb1d2e73d91e5159fe1c)
|
|
clients. Did this by importing Samba-TNG code that correctly handles LSA
lookups.
*MANY* thanks to Luke, Sander, Elrond and the rest of the TNG gang !
Jeremy
(This used to be commit f76dc952f70862a6a390e9f35edd651867842a01)
|
|
source/rpc_parse/parse_lsa.c
- off by one unistr length bug in init_lsa_trans_name()
source/lib/util_sid.c
- resolve more BUILTIN sid values to names.
source/nsswitch/wb_client.c
- fix typo in debug message
- set errno on error so we don't get bogus value from last failure.
source/rpc_server/srv_spoolss_nt.c
- add debug to track number of open printer handles for ease of
tracking handle leaks in the future.
source/rpc_server/srv_lsa.c
- fix off-by-one string bug. This was preventing NT from
displaying names for well-know SIDs in printer permissions
dialog.
(This used to be commit 59229b9025cff54cbdd05e374616ffbf9c6fee33)
|
|
(This used to be commit 793153ebde08db217a18882c5eec945b7b14de69)
|
|
(This used to be commit 54b34517ce5e51ac697eff4befdd313222b4fecd)
|
|
function.
lib/util_unistr.c: Check lengths *before* reading source - prevent uninitialised
memory reads.
Jeremy.
(This used to be commit ce4f461965c872fbfc9fe5f6b98aed58bb3dd67a)
|
|
in fixes from appliance-head and 2.2. Fixed multiple connection.tdb open
problem.
Jeremy.
(This used to be commit 0a40bc83e14c69a09948ec09bb6fc5026c4f4c14)
|
|
Removed some more static arrays and replaced with tallocated memory
blocks.
(This used to be commit 1db0f31ae00bf9c91eb7d02c96bf766d04c7bdef)
|
|
server and client
lsa_lookup_names() and lsa_lookup_sids().
Jeremy.
(This used to be commit 9e9c71c8b3194b7cd02fea0b6a000d4f2940d905)
|
|
TNG branch.
Re-instated lsa_lookup_sids and lsa_lookup_names functions in rpcclient.
This requires most samba binaries to link in another handful of object
files due to uncessary coupling between modules. )-:
(This used to be commit 817819d0cc3ecf642be5a1656be3b71bed260ee4)
|