From 0053bd8b80cc08d65948c97f8ab0b4e2b829f083 Mon Sep 17 00:00:00 2001 From: Jean-François Micouleau Date: Fri, 23 Mar 2001 00:50:31 +0000 Subject: first pass of the new group mapping code J.F. (This used to be commit 7154deb026d53cb0cd503562174c3332a372be63) --- source3/include/mapping.h | 44 ++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 44 insertions(+) create mode 100644 source3/include/mapping.h (limited to 'source3/include/mapping.h') diff --git a/source3/include/mapping.h b/source3/include/mapping.h new file mode 100644 index 0000000000..2543f6e42a --- /dev/null +++ b/source3/include/mapping.h @@ -0,0 +1,44 @@ +/* + * Unix SMB/Netbios implementation. + * Version 1.9. + * RPC Pipe client / server routines + * Copyright (C) Andrew Tridgell 1992-2000, + * Copyright (C) Jean François Micouleau 1998-2001. + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. + */ + +typedef struct _GROUP_MAP { + gid_t gid; + DOM_SID sid; + enum SID_NAME_USE sid_name_use; + fstring nt_name; + fstring comment; + uint32 privilege; +} GROUP_MAP; + +typedef struct _PRIVS { + uint32 se_priv; + char *priv; + char *description; +} PRIVS; + +#define SE_PRIV_NONE 0x0000 +#define SE_PRIV_ADD_USERS 0x0001 +#define SE_PRIV_ADD_MACHINES 0x0002 +#define SE_PRIV_PRINT_OPERATOR 0x0004 +#define SE_PRIV_ALL 0xffff + +#define PRIV_ALL_INDEX 4 -- cgit From f35157f39293f9fa240a28642c41708b55d301c8 Mon Sep 17 00:00:00 2001 From: Jean-François Micouleau Date: Fri, 4 May 2001 15:44:27 +0000 Subject: Big cleanup of passdb and backends. I did some basic tests but I have probably broken something. Notably the password changing. So don't cry ;-) J.F. (This used to be commit a4a4c02b12f030a3b9e6225b999c90689dfc4719) --- source3/include/mapping.h | 4 ++++ 1 file changed, 4 insertions(+) (limited to 'source3/include/mapping.h') diff --git a/source3/include/mapping.h b/source3/include/mapping.h index 2543f6e42a..f3e0be6e4a 100644 --- a/source3/include/mapping.h +++ b/source3/include/mapping.h @@ -42,3 +42,7 @@ typedef struct _PRIVS { #define SE_PRIV_ALL 0xffff #define PRIV_ALL_INDEX 4 + + +#define ENUM_ONLY_MAPPED True +#define ENUM_ALL_MAPPED False -- cgit From fbfd27a495afa8673d472957867e58b34499760e Mon Sep 17 00:00:00 2001 From: Jean-François Micouleau Date: Thu, 22 Nov 2001 23:50:16 +0000 Subject: added lsa_enum_sids to rpcclient fixed lsa_enum_rpivs server code. This time it works as W2K. fixed smbgroupedit to compile and work. J.F. (This used to be commit 646651018a2736833e49e76f6ca735a4647d9746) --- source3/include/mapping.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source3/include/mapping.h') diff --git a/source3/include/mapping.h b/source3/include/mapping.h index f3e0be6e4a..f016e148ba 100644 --- a/source3/include/mapping.h +++ b/source3/include/mapping.h @@ -41,7 +41,7 @@ typedef struct _PRIVS { #define SE_PRIV_PRINT_OPERATOR 0x0004 #define SE_PRIV_ALL 0xffff -#define PRIV_ALL_INDEX 4 +#define PRIV_ALL_INDEX 3 #define ENUM_ONLY_MAPPED True -- cgit From 2527f5ef52400294c98b4f4345a4f18b981ff22f Mon Sep 17 00:00:00 2001 From: Jean-François Micouleau Date: Fri, 23 Nov 2001 15:11:22 +0000 Subject: Changed how the privileges are stored in the group mapping code. It's now an array of uint32. That's not perfect but that's better. Added more privileges too. Changed the local_lookup_rid/name functions in passdb.c to check if the group is mapped. Makes the LSA rpc calls return correct groups Corrected the return code in the LSA server code enum_sids. Only enumerate well known aliases if they are mapped to real unix groups. Won't confuse user seeing groups not available. Added a short/long view to smbgroupedit. now decoding rpc calls to add/remove privileges to sid. J.F. (This used to be commit f29774e58973f421bfa163c45bfae201a140f28c) --- source3/include/mapping.h | 26 ++++++++++++++------------ 1 file changed, 14 insertions(+), 12 deletions(-) (limited to 'source3/include/mapping.h') diff --git a/source3/include/mapping.h b/source3/include/mapping.h index f016e148ba..9a64eefa56 100644 --- a/source3/include/mapping.h +++ b/source3/include/mapping.h @@ -20,13 +20,26 @@ * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. */ +#define PRIV_ALL_INDEX 5 + +#define SE_PRIV_NONE 0x0000 +#define SE_PRIV_ADD_MACHINES 0x0006 +#define SE_PRIV_SEC_PRIV 0x0008 +#define SE_PRIV_TAKE_OWNER 0x0009 +#define SE_PRIV_ADD_USERS 0xff01 +#define SE_PRIV_PRINT_OPERATOR 0xff03 +#define SE_PRIV_ALL 0xffff + +#define ENUM_ONLY_MAPPED True +#define ENUM_ALL_MAPPED False + typedef struct _GROUP_MAP { gid_t gid; DOM_SID sid; enum SID_NAME_USE sid_name_use; fstring nt_name; fstring comment; - uint32 privilege; + uint32 privileges[PRIV_ALL_INDEX]; } GROUP_MAP; typedef struct _PRIVS { @@ -35,14 +48,3 @@ typedef struct _PRIVS { char *description; } PRIVS; -#define SE_PRIV_NONE 0x0000 -#define SE_PRIV_ADD_USERS 0x0001 -#define SE_PRIV_ADD_MACHINES 0x0002 -#define SE_PRIV_PRINT_OPERATOR 0x0004 -#define SE_PRIV_ALL 0xffff - -#define PRIV_ALL_INDEX 3 - - -#define ENUM_ONLY_MAPPED True -#define ENUM_ALL_MAPPED False -- cgit From fac01bda8bb4f52b930496c362f55aca5b112240 Mon Sep 17 00:00:00 2001 From: Jean-François Micouleau Date: Thu, 29 Nov 2001 16:05:05 +0000 Subject: Changed again how the privilege list is handled in the group mapping code. This time it's a PRIVILEGE_SET struct instead of a simple uint32 array. It makes much more sense. Also added a uint32 systemaccount to the GROUP_MAP struct as some privilege showing in USRMGR.EXE are not real privs but a bitmask flag. I guess it's an heritage from NT 3.0 ! I could setup an NT 3.1 box to verify, but I'm too lazy (yes I still have my CDs). Added 3 more LSA calls: SetSystemAccount, AddPrivileges and RemovePrivileges, we can manage all this privilege from UserManager. Time to change the NT_USER_TOKEN struct and add checks in all the rpc functions. Fun, fun, fun. J.F. (This used to be commit 3f0a9ef2b8c626cfa2878394bb7b642342342bf3) --- source3/include/mapping.h | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) (limited to 'source3/include/mapping.h') diff --git a/source3/include/mapping.h b/source3/include/mapping.h index 9a64eefa56..4a7db6360d 100644 --- a/source3/include/mapping.h +++ b/source3/include/mapping.h @@ -33,13 +33,21 @@ #define ENUM_ONLY_MAPPED True #define ENUM_ALL_MAPPED False +#define PR_NONE 0x0000 +#define PR_LOG_ON_LOCALLY 0x0001 +#define PR_ACCESS_FROM_NETWORK 0x0002 +#define PR_LOG_ON_BATCH_JOB 0x0004 +#define PR_LOG_ON_SERVICE 0x0010 + + typedef struct _GROUP_MAP { gid_t gid; DOM_SID sid; enum SID_NAME_USE sid_name_use; fstring nt_name; fstring comment; - uint32 privileges[PRIV_ALL_INDEX]; + uint32 systemaccount; + PRIVILEGE_SET priv_set; } GROUP_MAP; typedef struct _PRIVS { -- cgit From 922eb763d7365716fd3c20aa069746fc9bfb8ab3 Mon Sep 17 00:00:00 2001 From: Jean-François Micouleau Date: Tue, 4 Dec 2001 21:53:47 +0000 Subject: added a boolean to the group mapping functions to specify if we need or not the privileges. Usually we don't need them, so the memory is free early. lib/util_sid.c: added some helper functions to check an SID. passdb/passdb.c: renamed local_lookup_rid() to local_lookup_sid() and pass an RID all the way. If the group doesn't exist on the domain SID, don't return a faked one as it can collide with a builtin one. Some rpc structures have been badly designed, they return only rids and force the client to do subsequent lsa_lookup_sid() on the domain sid and the builtin sid ! rpc_server/srv_util.c: wrote a new version of get_domain_user_groups(). Only the samr code uses it atm. It uses the group mapping code instead of a bloody hard coded crap. The netlogon code will use it too, but I have to do some test first. J.F. (This used to be commit 6c87e96149101995b7d049657d5c26eefef37d8c) --- source3/include/mapping.h | 3 +++ 1 file changed, 3 insertions(+) (limited to 'source3/include/mapping.h') diff --git a/source3/include/mapping.h b/source3/include/mapping.h index 4a7db6360d..9b46989ccb 100644 --- a/source3/include/mapping.h +++ b/source3/include/mapping.h @@ -33,6 +33,9 @@ #define ENUM_ONLY_MAPPED True #define ENUM_ALL_MAPPED False +#define MAPPING_WITH_PRIV True +#define MAPPING_WITHOUT_PRIV False + #define PR_NONE 0x0000 #define PR_LOG_ON_LOCALLY 0x0001 #define PR_ACCESS_FROM_NETWORK 0x0002 -- cgit From cd68afe31256ad60748b34f7318a180cfc2127cc Mon Sep 17 00:00:00 2001 From: Tim Potter Date: Wed, 30 Jan 2002 06:08:46 +0000 Subject: Removed version number from file header. Changed "SMB/Netbios" to "SMB/CIFS" in file header. (This used to be commit 6a58c9bd06d0d7502a24bf5ce5a2faf0a146edfa) --- source3/include/mapping.h | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) (limited to 'source3/include/mapping.h') diff --git a/source3/include/mapping.h b/source3/include/mapping.h index 9b46989ccb..5ef5c19dd2 100644 --- a/source3/include/mapping.h +++ b/source3/include/mapping.h @@ -1,6 +1,5 @@ /* - * Unix SMB/Netbios implementation. - * Version 1.9. + * Unix SMB/CIFS implementation. * RPC Pipe client / server routines * Copyright (C) Andrew Tridgell 1992-2000, * Copyright (C) Jean François Micouleau 1998-2001. -- cgit From 6d7195d1d79c43f5ccc8dc4a9215c02177d5fa89 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Sat, 2 Nov 2002 03:47:48 +0000 Subject: Merge passdb from HEAD -> 3.0 The work here includes: - metze' set/changed patch, which avoids making changes to ldap on unmodified attributes. - volker's group mapping in passdb patch - volker's samsync stuff - volkers SAMR changes. - mezte's connection caching patch - my recent changes (fix magic root check, ldap ssl) Andrew Bartlett (This used to be commit 2044d60bbe0043cdbb9aba931115672bde975d2f) --- source3/include/mapping.h | 1 + 1 file changed, 1 insertion(+) (limited to 'source3/include/mapping.h') diff --git a/source3/include/mapping.h b/source3/include/mapping.h index 5ef5c19dd2..d2fb89d1de 100644 --- a/source3/include/mapping.h +++ b/source3/include/mapping.h @@ -43,6 +43,7 @@ typedef struct _GROUP_MAP { + struct pdb_methods *methods; gid_t gid; DOM_SID sid; enum SID_NAME_USE sid_name_use; -- cgit From 634c54310c92c48dd4eceec602e230a021bdcfc5 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Fri, 3 Jan 2003 08:28:12 +0000 Subject: Merge from HEAD - make Samba compile with -Wwrite-strings without additional warnings. (Adds a lot of const). Andrew Bartlett (This used to be commit 3a7458f9472432ef12c43008414925fd1ce8ea0c) --- source3/include/mapping.h | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'source3/include/mapping.h') diff --git a/source3/include/mapping.h b/source3/include/mapping.h index d2fb89d1de..d4f2d28e6a 100644 --- a/source3/include/mapping.h +++ b/source3/include/mapping.h @@ -55,7 +55,7 @@ typedef struct _GROUP_MAP { typedef struct _PRIVS { uint32 se_priv; - char *priv; - char *description; + const char *priv; + const char *description; } PRIVS; -- cgit From 75a5c0b307a79536316b651273d3f6983323f5ce Mon Sep 17 00:00:00 2001 From: Simo Sorce Date: Wed, 18 Jun 2003 15:24:10 +0000 Subject: Ok, this patch removes the privilege stuff we had in, unused, for some time. The code was nice, but put in the wrong place (group mapping) and not supported by most of the code, thus useless. We will put back most of the code when our infrastructure will be changed so that privileges actually really make sense to be set. This is a first patch of a set to enhance all our mapping code cleaness and stability towards a sane next beta for 3.0 code base Simo. (This used to be commit e341e7c49f8c17a9ee30ca3fab3aa0397c1f0c7e) --- source3/include/mapping.h | 28 ---------------------------- 1 file changed, 28 deletions(-) (limited to 'source3/include/mapping.h') diff --git a/source3/include/mapping.h b/source3/include/mapping.h index d4f2d28e6a..fdaa2b0453 100644 --- a/source3/include/mapping.h +++ b/source3/include/mapping.h @@ -19,29 +19,9 @@ * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. */ -#define PRIV_ALL_INDEX 5 - -#define SE_PRIV_NONE 0x0000 -#define SE_PRIV_ADD_MACHINES 0x0006 -#define SE_PRIV_SEC_PRIV 0x0008 -#define SE_PRIV_TAKE_OWNER 0x0009 -#define SE_PRIV_ADD_USERS 0xff01 -#define SE_PRIV_PRINT_OPERATOR 0xff03 -#define SE_PRIV_ALL 0xffff - #define ENUM_ONLY_MAPPED True #define ENUM_ALL_MAPPED False -#define MAPPING_WITH_PRIV True -#define MAPPING_WITHOUT_PRIV False - -#define PR_NONE 0x0000 -#define PR_LOG_ON_LOCALLY 0x0001 -#define PR_ACCESS_FROM_NETWORK 0x0002 -#define PR_LOG_ON_BATCH_JOB 0x0004 -#define PR_LOG_ON_SERVICE 0x0010 - - typedef struct _GROUP_MAP { struct pdb_methods *methods; gid_t gid; @@ -49,13 +29,5 @@ typedef struct _GROUP_MAP { enum SID_NAME_USE sid_name_use; fstring nt_name; fstring comment; - uint32 systemaccount; - PRIVILEGE_SET priv_set; } GROUP_MAP; -typedef struct _PRIVS { - uint32 se_priv; - const char *priv; - const char *description; -} PRIVS; - -- cgit From 2b27c93a9a8471693d7dcb5fdbe8afe65b22ff66 Mon Sep 17 00:00:00 2001 From: Gerald Carter Date: Fri, 8 Sep 2006 14:28:06 +0000 Subject: r18271: Big change: * autogenerate lsa ndr code * rename 'enum SID_NAME_USE' to 'enum lsa_SidType' * merge a log more security descriptor functions from gen_ndr/ndr_security.c in SAMBA_4_0 The most embarassing thing is the "#define strlen_m strlen" We need a real implementation in SAMBA_3_0 which I'll work on after this code is in. (This used to be commit 3da9f80c28b1e75ef6d46d38fbb81ade6b9fa951) --- source3/include/mapping.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source3/include/mapping.h') diff --git a/source3/include/mapping.h b/source3/include/mapping.h index fdaa2b0453..8ba784e98c 100644 --- a/source3/include/mapping.h +++ b/source3/include/mapping.h @@ -26,7 +26,7 @@ typedef struct _GROUP_MAP { struct pdb_methods *methods; gid_t gid; DOM_SID sid; - enum SID_NAME_USE sid_name_use; + enum lsa_SidType sid_name_use; fstring nt_name; fstring comment; } GROUP_MAP; -- cgit From d824b98f80ba186030cbb70b3a1e5daf80469ecd Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Mon, 9 Jul 2007 19:25:36 +0000 Subject: r23779: Change from v2 or later to v3 or later. Jeremy. (This used to be commit 407e6e695b8366369b7c76af1ff76869b45347b3) --- source3/include/mapping.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source3/include/mapping.h') diff --git a/source3/include/mapping.h b/source3/include/mapping.h index 8ba784e98c..4b36abfebb 100644 --- a/source3/include/mapping.h +++ b/source3/include/mapping.h @@ -6,7 +6,7 @@ * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or + * the Free Software Foundation; either version 3 of the License, or * (at your option) any later version. * * This program is distributed in the hope that it will be useful, -- cgit From 153cfb9c83534b09f15cc16205d7adb19b394928 Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Tue, 10 Jul 2007 05:23:25 +0000 Subject: r23801: The FSF has moved around a lot. This fixes their Mass Ave address. (This used to be commit 87c91e4362c51819032bfbebbb273c52e203b227) --- source3/include/mapping.h | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) (limited to 'source3/include/mapping.h') diff --git a/source3/include/mapping.h b/source3/include/mapping.h index 4b36abfebb..75459fcebd 100644 --- a/source3/include/mapping.h +++ b/source3/include/mapping.h @@ -15,8 +15,7 @@ * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License - * along with this program; if not, write to the Free Software - * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. + * along with this program; if not, see . */ #define ENUM_ONLY_MAPPED True -- cgit