diff options
| author | Gerald Carter <jerry@samba.org> | 2005-01-13 18:20:37 +0000 |
|---|---|---|
| committer | Gerald Carter <jerry@samba.org> | 2005-01-13 18:20:37 +0000 |
| commit | ff45d32927c5e3f0faddb664a24b27df1b70ede1 (patch) | |
| tree | b006c4b1f1207b09f17693a29c1baf2b94123f77 /source/groupdb | |
| parent | 27a5676e893324920129290d950acf10244fdf60 (diff) | |
| download | samba-ff45d32927c5e3f0faddb664a24b27df1b70ede1.tar.gz samba-ff45d32927c5e3f0faddb664a24b27df1b70ede1.tar.xz samba-ff45d32927c5e3f0faddb664a24b27df1b70ede1.zip | |
r4724: Add support for Windows privileges in Samba 3.0
(based on Simo's code in trunk). Rewritten with the
following changes:
* privilege set is based on a 32-bit mask instead of strings
(plans are to extend this to a 64 or 128-bit mask before
the next 3.0.11preX release).
* Remove the privilege code from the passdb API
(replication to come later)
* Only support the minimum amount of privileges that make
sense.
* Rewrite the domain join checks to use the SeMachineAccountPrivilege
instead of the 'is a member of "Domain Admins"?' check that started
all this.
Still todo:
* Utilize the SePrintOperatorPrivilege in addition to the 'printer admin'
parameter
* Utilize the SeAddUserPrivilege for adding users and groups
* Fix some of the hard coded _lsa_*() calls
* Start work on enough of SAM replication to get privileges from one
Samba DC to another.
* Come up with some management tool for manipultaing privileges
instead of user manager since it is buggy when run on a 2k client
(haven't tried xp). Works ok on NT4.
Diffstat (limited to 'source/groupdb')
| -rw-r--r-- | source/groupdb/mapping.c | 13 |
1 files changed, 1 insertions, 12 deletions
diff --git a/source/groupdb/mapping.c b/source/groupdb/mapping.c index 7095997dc8d..e574a7cf204 100644 --- a/source/groupdb/mapping.c +++ b/source/groupdb/mapping.c @@ -2,7 +2,7 @@ * Unix SMB/CIFS implementation. * RPC Pipe client / server routines * Copyright (C) Andrew Tridgell 1992-2000, - * Copyright (C) Jean François Micouleau 1998-2001. + * Copyright (C) Jean François Micouleau 1998-2001. * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -35,17 +35,6 @@ static TDB_CONTEXT *tdb; /* used for driver files */ */ #define MEMBEROF_PREFIX "MEMBEROF/" -PRIVS privs[] = { - {SE_PRIV_NONE, "no_privs", "No privilege" }, /* this one MUST be first */ - {SE_PRIV_ADD_MACHINES, "SeMachineAccountPrivilege", "Add workstations to the domain" }, - {SE_PRIV_SEC_PRIV, "SeSecurityPrivilege", "Manage the audit logs" }, - {SE_PRIV_TAKE_OWNER, "SeTakeOwnershipPrivilege", "Take ownership of file" }, - {SE_PRIV_ADD_USERS, "SaAddUsers", "Add users to the domain - Samba" }, - {SE_PRIV_PRINT_OPERATOR, "SaPrintOp", "Add or remove printers - Samba" }, - {SE_PRIV_ALL, "SaAllPrivs", "all privileges" } -}; - - /**************************************************************************** dump the mapping group mapping to a text file ****************************************************************************/ |