Age | Commit message (Collapse) | Author | Files | Lines |
|
(This used to be commit 7c9a5c2a3f012a06e9550dc0de7df460c2fd943b)
|
|
* autogenerate lsa ndr code
* rename 'enum SID_NAME_USE' to 'enum lsa_SidType'
* merge a log more security descriptor functions from
gen_ndr/ndr_security.c in SAMBA_4_0
The most embarassing thing is the "#define strlen_m strlen"
We need a real implementation in SAMBA_3_0 which I'll work on
after this code is in.
(This used to be commit 3da9f80c28b1e75ef6d46d38fbb81ade6b9fa951)
|
|
when using smbpasswd
(This used to be commit dde552336c732ddd6076a6a32575a37cb51aa94c)
|
|
(This used to be commit 761cbd52f0cff6b864c506ec03c94039b6101ef9)
|
|
entries to the group mapping db. Ensure this can't happen.
Jeremy.
(This used to be commit 2ba0d93d53868c8b28dccf91dfa26e86817da511)
|
|
independently: Change
internal mapping.c functions to return NTSTATUS instead of BOOL.
Volker
(This used to be commit 4ebfc30a28a6f48613098176c5acdfdafbd2941a)
|
|
seemed a
bit pointless to me.
Volker
(This used to be commit 244b25ae49d3c635fc54498dbee29f5b649ea1fa)
|
|
Remove some unused code: pdb_find_alias is not used anymore, and nobody I
think has ever used the pdb_nop operations for group mapping. smbpasswd and
tdb use the default ones and ldap has its own.
Make the functions pdb_getgr* return NTSTATUS instead of BOOL. Nobody right
now really makes use of it, but it feels wrong to throw away information so
early.
Volker
(This used to be commit f9856f6490fe44fdba97ea86062237d8c74d4bdc)
|
|
argument.
Volker
(This used to be commit 873a5a1211d185fd50e7167d88cbc869f70dfd3f)
|
|
group IFF sid_to_gid(S-1-5-32-544) fails and 'winbind nested groups = yes'
* Add a SID domain to the group mapping enumeration passdb call
to fix the checks for local and builtin groups. The SID can be
NULL if you want the old semantics for internal maintenance.
I only updated the tdb group mapping code.
* remove any group mapping from the tdb that have a
gid of -1 for better consistency with pdb_ldap.c.
The fixes the problem with calling add_group_map() in
the tdb code for unmapped groups which might have had
a record present.
* Ensure that we distinguish between groups in the
BUILTIN and local machine domains via getgrnam()
Other wise BUILTIN\Administrators & SERVER\Administrators
would resolve to the same gid.
* Doesn't strip the global_sam_name() from groups in the
local machine's domain (this is required to work with
'winbind default domain' code)
Still todo.
* Fix fallback Administrators membership for root and domain Admins
if nested groups = no or winbindd is not running
* issues with "su - user -c 'groups'" command
* There are a few outstanding issues with BUILTIN\Users that
Windows apparently tends to assume. I worked around this
presently with a manual group mapping but I do not think
this is a good solution. So I'll probably add some similar
as I did for Administrators.
(This used to be commit 612979476aef62e8e8eef632fa6be7d30282bb83)
|
|
(This used to be commit 48cd81074e5a7cbba5892eedd62fff4ce0d826b5)
|
|
Volker
(This used to be commit bb40e544de68f01a6e774753f508e69373b39899)
|
|
Sync with trunk as off r13315
(This used to be commit 17e63ac4ed8325c0d44fe62b2442449f3298559f)
|
|
All 'usage' messages are still printed to stdout.
Fix some compiler warnings for system() calls where we didn't used the
return code. Add appropriate error messages and return with the error
code we got from system() or NT_STATUS_UNSUCCESSFUL.
(This used to be commit f650e3bdafc4c6bcd7eb4bcf8b6b885b979919eb)
|
|
(This used to be commit d1e8f9afffecf986a428bfac29b22dcbce610016)
|
|
(This used to be commit 81c358b511457fbc6304845acb4bfbf1b4adf062)
|
|
Volker
(This used to be commit 8a7d6eb2c081c0d74b62aa76dc243946df62ced2)
|
|
x86_64 box.
Jeremy.
(This used to be commit d720867a788c735e56d53d63265255830ec21208)
|
|
version to 3.0.20pre1
(This used to be commit 9727d05241574042dd3aa8844ae5c701d22e2da1)
|
|
on non-dfs paths
* add patch from James Peach to remove use of uninitialized
variables
(This used to be commit c71f20f1ae5ccfd49cf81af0299c96fe27351222)
|
|
is the
change in pdb_enum_alias_memberships to match samr.idl a bit closer.
Volker
(This used to be commit 3a6786516957d9f67af6d53a3167c88aa272972f)
|
|
(This used to be commit 0d38d5f610a280a29617f887329d9084f0be6203)
|
|
group-mappings.
Guenther
(This used to be commit 2556e6570ec8074bb67827f95eb365800c5c9827)
|
|
"verbose".
Guenther
(This used to be commit 0760d07b4c6f15489bea2f0fb4f1b0084bd62301)
|
|
implementation does
not exactly match what you would expect.
XP workstations during login actually do this, so we should better become a
bit more correct. The LDAP query issued is not really fully optimal, but it is
a lot faster and more correct than what was there before. The change in
passdb.h makes it possible that queryuseraliases is done with a single ldap
query.
Volker
(This used to be commit 2508d4ed1e16c268fc9f3676b0c6a122e070f93d)
|
|
'..' from all #include preprocessor commands. This fixes bugzilla #1880
where OpenVMS gets confused about the '.' characters.
(This used to be commit 7f161702fa4916979602cc0295919b541912acd6)
|
|
Guenther
(This used to be commit 3677c6a8f67628d5bea0764f84e624730d57b423)
|
|
(This used to be commit b393469d9581f20e4d4c52633b952ee984cca36f)
|
|
I was rather annoyed by the net groupmap syntax, I could never get it
right.
net groupmap set "domain admins" domadm
creates a mapping,
net groupmap set "domain admins" -C "Comment" -N "newntname"
should also do what you expect. I'd like to have some feedback on the usability
of this.
net groupmap cleanup
solves a problem I've had two times now: Our SID changed, and a user's primary
group was mapped to a SID that is not ours. net groupmap cleanup removes all
mappings that are not from our domain sid.
Volker
(This used to be commit eb4d4faff8c14e999f414ca5b6e8c25a558859c8)
|
|
Volker
(This used to be commit 19b30334a7c0f6abde6dfc81550e50aa823117c2)
|
|
(This used to be commit e1fac713e25692a5790c3261ba323732930f5249)
|
|
exists.
Jeremy.
(This used to be commit c8bfde5be9f0a3603f7333ff4266ad19c20cb9f9)
|
|
entry. Bug #431.
(This used to be commit bc8a181477866d0d97324bf45431bcdff895ad18)
|
|
Actually let the user explicitly specify a rid...
Volker
(This used to be commit 3aed9c8a4ac97ef55772ddae1e1cb0a5a1a15767)
|
|
Volker
(This used to be commit 7ce94d39add6e056e3b1deea21bf0438ba61e4cc)
|
|
(This used to be commit 517bb4d0df4cd120ef0ffc3cd879897971f0982e)
|
|
This isn't C++ - start your code *after* all the variables are declared...
Andrew Bartlett
(This used to be commit b7760faedc2181538ffc325e727808e6df8f943f)
|
|
groupmap'. The correct way to implement this stuff is via a function
table, as exampled in all the other parts of 'net'.
This also moves the idmap code into a new file. Volker, is this your
code? You might want to put your name on it.
Andrew Bartlett
(This used to be commit 477f2d9e390bb18d4f08d1cac9c981b73d628c4f)
|
|
The code was nice, but put in the wrong place (group mapping) and not
supported by most of the code, thus useless.
We will put back most of the code when our infrastructure will be changed
so that privileges actually really make sense to be set.
This is a first patch of a set to enhance all our mapping code cleaness and
stability towards a sane next beta for 3.0 code base
Simo.
(This used to be commit e341e7c49f8c17a9ee30ca3fab3aa0397c1f0c7e)
|
|
Jeremy.
(This used to be commit 43ca4b8a8425b97a6bea08b91420bac6cde807b3)
|
|
(This used to be commit 82f024723c5312fe2b6a57915de8e78c96f80ef0)
|
|
(This used to be commit d9277bd06401cb040390739ae730c8991736c886)
|
|
right now but should be ok with tdb's
(This used to be commit fdacad185c4f78958d56bccbd69a0f2628f1b792)
|
|
(This used to be commit 541f40a144461ca139ac53837d3f31ce6972d18c)
|
|
(This used to be commit 665d21b8656bf85f9b372b44ff1f4af414551e5a)
|
|
changed
(This used to be commit b6ccdb8f7b72eed4c4248db43fefa09b6f084852)
|
|
(This used to be commit 43942398af7e7589fcf8534099eccf277f6e4295)
|
|
Jeremy.
(This used to be commit 1e5fe87d75ef4bb9d6af787abc501dcf105c9c6c)
|
|
* add "sid=..." to 'net groupmap add'
(This used to be commit e5f6676639b5552f7dec90091c53cf14e78088ee)
|
|
Need to check on where the privilege code is sitting
and update the docs.
Examples:
root# bin/net help groupmap
net groupmap add
Create a new group mapping
net groupmap modify
Update a group mapping
net groupmap delete
Remove a group mapping
net groupmap list
List current group map
# bin/net groupmap add
Usage: net groupmap add rid=<int> name=<string> type=<domain|local|builtin> [comment=<string>]
# bin/net groupmap delete
Usage: net groupmap delete name=<string|SID>
# bin/net groupmap modify
Usage: net groupmap modify name=<string|SID> [comment=<string>] [type=<domain|local>
(This used to be commit f2fd0ab41ffbc0355db95529b6bda1b21aa4860a)
|