| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
Guenther
(This used to be commit 3ff278b852b4085461127bc7ccb2c5dba81fb3c8)
|
|
servers. Also add a new "net rpc audit" tool. The lsa query infolevels
were taken from samb4 IDL, the lsa policy flags and categories are
partly documented on msdn. I need to cleanup the double
lsa_query_info_policy{2}{_new} calls next.
Guenther
(This used to be commit 0fed66926f4b72444abfc8ffb8c46cca8d0600aa)
|
|
group IFF sid_to_gid(S-1-5-32-544) fails and 'winbind nested groups = yes'
* Add a SID domain to the group mapping enumeration passdb call
to fix the checks for local and builtin groups. The SID can be
NULL if you want the old semantics for internal maintenance.
I only updated the tdb group mapping code.
* remove any group mapping from the tdb that have a
gid of -1 for better consistency with pdb_ldap.c.
The fixes the problem with calling add_group_map() in
the tdb code for unmapped groups which might have had
a record present.
* Ensure that we distinguish between groups in the
BUILTIN and local machine domains via getgrnam()
Other wise BUILTIN\Administrators & SERVER\Administrators
would resolve to the same gid.
* Doesn't strip the global_sam_name() from groups in the
local machine's domain (this is required to work with
'winbind default domain' code)
Still todo.
* Fix fallback Administrators membership for root and domain Admins
if nested groups = no or winbindd is not running
* issues with "su - user -c 'groups'" command
* There are a few outstanding issues with BUILTIN\Users that
Windows apparently tends to assume. I worked around this
presently with a manual group mapping but I do not think
this is a good solution. So I'll probably add some similar
as I did for Administrators.
(This used to be commit 612979476aef62e8e8eef632fa6be7d30282bb83)
|
|
Jeremy.
(This used to be commit e3a28bf4c8064f7053b7d1a25a2f087ac2095fcd)
|
|
Jeremy.
(This used to be commit ea82958349a57ef4b7ce9638eec5f1388b0fba2a)
|
|
Jeremy.
(This used to be commit 6ec0e9124a1a7b19c9853b8e26075cbbb8751f10)
|
|
Jeremy.
(This used to be commit f1a362580ae37730dc8393a79f832aed5d0ea4be)
|
|
Jeremy.
(This used to be commit b57406c89feaf550f6c2d29ef0ed73a935908add)
|
|
Jeremy.
(This used to be commit 2274709587bd1f27bea2eacf633182f20cd07b1e)
|
|
Jeremy.
(This used to be commit a9e1d0f3b4fd7a0732a5023d0b4dcc2c4b1b03f8)
|
|
Jeremy.
(This used to be commit a164cfab420a2439dad8fd85f8b4d652087fa6b9)
|
|
Sync with trunk as off r13315
(This used to be commit 17e63ac4ed8325c0d44fe62b2442449f3298559f)
|
|
by saving the UNIX token used to set a delete on close flag,
and using it when doing the delete. libsmbsharemodes.so still
needs updating to cope with this change.
Samba4 torture tests to follow.
Jeremy.
(This used to be commit 23f16cbc2e8cde97c486831e26bcafd4ab4a9654)
|
|
char *,
use a temporary talloc_ctx for clarity.
Volker
(This used to be commit b15815c804bf3e558ed6357b5e9a6e3e0fac777f)
|
|
build farm
reacts :-)
Volker
(This used to be commit 9f99d04a54588cd9d1a1ab163ebb304437f932f7)
|
|
box with gcc4 and -O6...
Fix a bunch of C99 dereferencing type-punned pointer will break
strict-aliasing rules errors. Also added prs_int32 (not uint32...)
as it's needed in one place. Find places where prs_uint32 was being
used to marshall/unmarshall a time_t (a big no no on 64-bits).
More warning fixes to come.
Thanks to Volker for nudging me to compile like this.
Jeremy.
(This used to be commit c65b752604f8f58abc4e7ae8514dc2c7f086271c)
|
|
* \PIPE\unixinfo
* winbindd's {group,alias}membership new functions
* winbindd's lookupsids() functionality
* swat (trunk changes to be reverted as per discussion with Deryck)
(This used to be commit 939c3cb5d78e3a2236209b296aa8aba8bdce32d3)
|
|
(This used to be commit 3a633a509e8e8e5239d456960f3014172f1e4b3d)
|
|
(This used to be commit ff6e3464a2df7fd8a79da8f059a080934d9b3749)
|
|
printmig.exe assumes that the LUID of the SeBackupPrivlege
on the target server matches the LUID of the privilege
on the local client. Even though an LUID is never guaranteed
to be the same across reboots. How *awful*! My cat could
write better code! (more on my cat later....)
* Set the privelege LUID in the global PRIVS[] array
* Rename RegCreateKey() to RegCreateKeyEx() to better match MSDN
* Rename the unknown field in RegCreateKeyEx() to disposition
(guess according to MSDN)
* Add the capability to define REG_TDB_ONLY for using the reg_db.c
functions and stress the RegXXX() rpc functions.
(This used to be commit 0d6352da4800aabc04dfd7c65a6afe6af7cd2d4b)
|
|
version to 3.0.20pre1
(This used to be commit 9727d05241574042dd3aa8844ae5c701d22e2da1)
|
|
tested that
Windows 2003 returns "4 (Local Group)" for
rpcclient -c 'lookupnames "System Operators"'
Before #ifdef'ing that out again I would like to see a sniff how you get a "5"
(WKN_GRP) out of lsa_lookupnames.
Volker
(This used to be commit f6e27305101ab0c7e04e55b4905e91c19b31f9ef)
|
|
initializable
statically.
Volker
(This used to be commit 3493d9f383567d286e69c0e60c0708ed400a04d9)
|
|
Tested client and server code.
(This used to be commit efb3ac4c69c72c0fa01c558951fa357893562bce)
|
|
(This used to be commit efea76ac71412f8622cd233912309e91b9ea52da)
|
|
* add some backwards compatibility to 'net rpc rights list'
* verify privilege name in 'net rpc rights privileges <name>' in order
to give back better error messages.
(This used to be commit 0e29dc8aa384dfa6d2495beb8a9ffb5371e60a13)
|
|
(This used to be commit 277203b5356af58ce62eb4eec0db2eccadeeffd6)
|
|
list to zero
and return NT_STATUS_NONE_MAPPED. This does not crash windows and maintains
the benefit of not overallocating memory. The previous response of
truncating to the MAX limit was not useful because it crashed lsass.exe on
windows (bug opened with MS), and it was also misleading the client to
believe that a complete answer was received.
(This used to be commit c03a93957404663bbd026668fb95d6c253524fe9)
|
|
(This used to be commit ead54b14f6b34f087d3affc2853e16bbbaceb7cc)
|
|
initialised. Fix for bugzilla #2315. Can the privileges dude(s)
please verify this?
(This used to be commit bc4f884104c04f7c9ab7d370586115a9328ce9b1)
|
|
* make sure to apply the rights_mask and not just the saved
bits from the mask in access_check_samr_object()
* allow root to grant/revoke privileges (in addition to Domain
Admins) as suggested by Volker.
Tested machine joins from XP, 2K, and NT4 with and without
pre-existing machine trust accounts. Also tested basic file
operations using cmd.exe and explorer.exe after changing the
STANDARD_RIGHTS_WRITE_ACCESS bitmask.
(This used to be commit c0e7f7ff60a4110809b8f500fdc68a1bf963da36)
|
|
privileges RPC calls
(This used to be commit 3f4f2c80fd157796a7ba56f31f921e8a3ce46bc3)
|
|
* rewrote the tdb layout of privilege records in account_pol.tdb
(allow for 128 bits instead of 32 bit flags)
* migrated to using SE_PRIV structure instead of the PRIVILEGE_SET
structure. The latter is now used for parsing routines mainly.
Still need to incorporate some client support into 'net' so
for setting privileges. And make use of the SeAddUserPrivilege
right.
(This used to be commit 41dc7f7573c6d637e19a01e7ed0e716ac0f1fb15)
|
|
(This used to be commit ccdff4a998405544433aa32938963e4c37962fcc)
|
|
parsing bugs related to that code
(This used to be commit 7bf1312287cc1ec6b97917ba25fc60d6db09f26c)
|
|
(This used to be commit e8b4cedc2081eeff53d86c2d894632e57a17926f)
|
|
(based on Simo's code in trunk). Rewritten with the
following changes:
* privilege set is based on a 32-bit mask instead of strings
(plans are to extend this to a 64 or 128-bit mask before
the next 3.0.11preX release).
* Remove the privilege code from the passdb API
(replication to come later)
* Only support the minimum amount of privileges that make
sense.
* Rewrite the domain join checks to use the SeMachineAccountPrivilege
instead of the 'is a member of "Domain Admins"?' check that started
all this.
Still todo:
* Utilize the SePrintOperatorPrivilege in addition to the 'printer admin'
parameter
* Utilize the SeAddUserPrivilege for adding users and groups
* Fix some of the hard coded _lsa_*() calls
* Start work on enough of SAM replication to get privileges from one
Samba DC to another.
* Come up with some management tool for manipultaing privileges
instead of user manager since it is buggy when run on a 2k client
(haven't tried xp). Works ok on NT4.
(This used to be commit 77c10ff9aa6414a31eece6dfec00793f190a9d6c)
|
|
allocation
functions so we can funnel through some well known functions. Should help greatly with
malloc checking.
HEAD patch to follow.
Jeremy.
(This used to be commit 620f2e608f70ba92f032720c031283d295c5c06a)
|
|
This fixes Bugzilla #1076 and Exchange 5.5 SP4 can then be finally
installed on NT4 in a samba-controlled domain.
Guenther
(This used to be commit bb191c1098dea06bf2cd89276c74e32279fbb3d4)
|
|
happened because init_dom_ref did not find the domain in question in
the list of already mentioned domains.
Could others please double-check this?
Thanks,
Volker
(This used to be commit d7b2e41f00491ecf57db70e4da8cf8a3d2469c2b)
|
|
overwrite error code.
Jeremy.
(This used to be commit 735e49ddc3c4485c7b43208345d0e3e2b8960ad4)
|
|
status
codes don't get overwritten.
Jeremy.
(This used to be commit c179451b07c2315a667c2ff683cd30c4d224758e)
|
|
types.
Jeremy.
(This used to be commit d97b9146a137d43278f3125bafe8a453da82f4ce)
|
|
(This used to be commit 911a28361b9d8dd50597627f245ebfb57c6294fb)
|
|
(This used to be commit b393469d9581f20e4d4c52633b952ee984cca36f)
|
|
we never checked if it was a domain user and didn't find a local one.
(This used to be commit 68022f5ebc55d1f3403dee5198d364cff300baf5)
|
|
Inspired by Volkers patch.
Jeremy.
(This used to be commit a47127e90e7d0928b772ba45bd843eeeacc9ef8a)
|
|
on unmapped sids.
Jeremy.
(This used to be commit 37a52c31682fcf115eefc31381c02a3ec29c1f8d)
|
|
Remove source_env handler (no longer used in any codepath).
Jeremy.
(This used to be commit 3a3e33603084048e647af86a9badaaf49433c789)
|
|
on local files on on domain members; bug 875
(This used to be commit c6594e35573186966a4d57404f1c06b98670db06)
|
