summaryrefslogtreecommitdiff
path: root/source3/smbd/sec_ctx.c
AgeCommit message (Collapse)AuthorFilesLines
2001-03-11Merge of new 2.2 code into HEAD (Gerald I hate you :-) :-). Allows new SAMRJeremy Allison1-2/+0
RPC code to merge with new passdb code. Currently rpcclient doesn't compile. I'm working on it... Jeremy. (This used to be commit 0be41d5158ea4e645e93e8cd30617c038416e549)
2001-01-04Changes from APPLIANCE_HEAD:David O'Neill1-1/+13
source/Makefile.in - changes to ctags and etags rules that somehow got lost along the way. source/include/proto.h - make proto source/smbd/sec_ctx.c source/smbd/password.c - merge debugs for debugging user groups and NT token stuff. source/lib/util_str.c - capitalise domain name returned from parse_domain_user() source/nsswitch/wb_client.c - fix broken conditional in debug statement. source/include/rpc_secdes.h source/include/rpc_spoolss.h source/printing/nt_printing.c source/lib/util_seaccess.c - fix printer permission bugs related to ACE masks for printers. This adds mapping of generic access rights to object specific rights for NT printers. Still need to work out whether or not to ignore ACEs with certain flags set, though. See comments in util_seaccess.c:check_ace() for details. source/printing/nt_printing.c source/printing/printing.c - use PRINTER_ACCESS_ADMINISTER instead of JOB_ACCESS_ADMINISTER until we sort out printer/printjob permission stuff. (This used to be commit 1dba9c5cd1e6389734c648f6903abcb7c8d5b2f0)
2000-12-08Added OLD_NTDOMAIN to remove warnings about undefined functions.Jeremy Allison1-0/+2
Jeremy. (This used to be commit f4c32a75e6e60eae6078449478d04ff22373d817)
2000-11-14Merge from appliance head of JR's changes for driver versioning.Jeremy Allison1-1/+1
Jeremy. (This used to be commit cdbd2e99775642dc2e92004be9014bf38a92d80f)
2000-10-28David Lee's utmp patch (finally). Thanks David !Jeremy Allison1-1/+1
Jeremy. (This used to be commit b809a2d0c81c54e917ccc0c99b3e70ea8d7ceab1)
2000-10-26Sorry JF - no billable hours :-). I fixed the "stream of events" problemJeremy Allison1-2/+0
with PCL drivers. The problem was we were updating the changeid on every SETPRINTERDATA/DELETEPRINTERDATA call. We should not do this, we should just update the 'setprinter' called count. We update the changeid on calls to SETPRINTER/ADDPRINTER/ADDPRINTEREX etc. Also fixed the correct returning of the create time on printers. Jeremy. (This used to be commit 521f09829fd329f87b3d19e8871e2b989c98a58e)
2000-10-12use macros for incrementing profile countersHerb Lewis1-3/+1
(This used to be commit cae5eeb16e81b6aa95c68223268513c32aed7056)
2000-10-05Added uid and gid to push_sec_ctx() debug.Tim Potter1-2/+3
(This used to be commit 2817b6cc8af3edbaa63b5db67689ab94cb240d4f)
2000-08-28Oops - missed a file.Tim Potter1-0/+42
(This used to be commit 5aed84b74981a4f4fcc4d466ef03178eff22ba85)
2000-08-09Fixed memory leak with NT tokens.Jeremy Allison1-5/+12
Added debug messages to se_access_check(). Added FULL_ACCESS acl to default acl on printers. Jeremy. (This used to be commit 7507f6f408cf8b0f8d7e2b3da54ce5fb5ef5343b)
2000-08-03Added an NT_USER_TOKEN structure that is copied/passed around associatedJeremy Allison1-13/+85
with the current user. This will allow se_access_check() to quickly do a SD check without having to translate uid/gid's to SIDs. Still needs work on pipe calls. Jeremy. (This used to be commit e28d01b744b3dbd33e0e54af4e7f426fa8c082b8)
2000-08-02Started to canonicalize our handling of uid -> sid code in order toJeremy Allison1-7/+27
get ready and fix se_access_check(). Added cannonical lookup_name(), lookup_sid(), uid_to_sid(), gid_to_sid() functions that look via winbind first the fall back on local lookup. All Samba should use these rather than trying to call winbindd code directly. Added NT_USER_TOKEN struct in user_struct, contains list of NT sids associated with this user. se_access_check() should use this (cached) value rather than attempting to do the same thing itself when given a uid/gid pair. More work needs to be done to preserve these things accross security context changes (especially with the tricky pipe problem) but I'm beginning to see how this will be done..... probably by registering a new vuid for an authenticated RPC pipe and not treating the pipe calls specially. More thoughts needed - but we're almost there... Jeremy. (This used to be commit 5e5cc6efe2e4687be59085f562caea1e2e05d0a8)
2000-06-23Fix a malloc of zero problem.Jeremy Allison1-38/+49
Jeremy. (This used to be commit 2aa21db960666736331b18956422b7c13aad0f0f)
2000-06-23lib/util_unistr.c: Off-by-one fix for dos_PutUniStr from John Reilly ↵Jeremy Allison1-1/+5
jreilly@hp.com. Memory leak fix for new sec_ctx code (sorry Tim :-). Jeremy. (This used to be commit edaf49c66d5a5ccf6689b358c301e208599a468f)
2000-06-23I've been working on refactoring some of the mess that is the become_user()Tim Potter1-0/+295
code. This code is now implemented as a stack of security contexts, where a security context is defined as a set of effective user, group and supplementary group ids. The following functions are implemented: BOOL push_sec_ctx(void); Create a new security context on the stack which is the same as the current security context. void set_sec_ctx(uid_t uid, gid_t gid, int ngroups, gid_t *groups); Set the current security context to a given set of user and group ids. void set_root_sec_ctx(void); Set to uid = gid = 0. No supplementary groups are set. BOOL pop_sec_ctx(void); Pop a security context from the stack and restore the user and group permissions of the previous context. void init_sec_ctx(void); Initialise the security context stack. This must be called before any of the other operations are used or weird things may happen. The idea is that there is a base security context which is either root or some authenticated unix user. Other security contexts can be pushed and popped as needed for things like changing passwords, or rpc pipe operations where the rpc pipe user is different from the smb user. (This used to be commit 87c78d6d5a6bf8d0907d6f8ef5ee0d642946cad3)