| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
| |
Still todo:
* release notes
* few minor outstanding patches
* additional idmap man pages
|
| |
|
|
|
|
|
|
|
|
|
|
| |
* Users with SeRestorePrivilege may chown files to anyone (be it as a
backup software or directly using the ownership-tab in the security
acl editor on xp), while
* Users with SeTakeOwnershipPrivilege only can chown to themselves.
Simo, Jeremy. I think this is correct now.
Guenther
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
printmig.exe assumes that the LUID of the SeBackupPrivlege
on the target server matches the LUID of the privilege
on the local client. Even though an LUID is never guaranteed
to be the same across reboots. How *awful*! My cat could
write better code! (more on my cat later....)
* Set the privelege LUID in the global PRIVS[] array
* Rename RegCreateKey() to RegCreateKeyEx() to better match MSDN
* Rename the unknown field in RegCreateKeyEx() to disposition
(guess according to MSDN)
* Add the capability to define REG_TDB_ONLY for using the reg_db.c
functions and stress the RegXXX() rpc functions.
|
| |
|
|
|
|
| |
printmig.exe work
* merge the sys_select_signal(char c) change from trunk
in order to keeo the winbind code in sync
|
| | |
|
| |
|
|
| |
add domain trusts
|
| |
|
|
|
|
|
|
|
| |
* define some const SE_PRIV structure for use when
you need a SE_PRIV* to a privilege
* fix an annoying compiler warngin in smbfilter.c
* translate SIDs to names in 'net rpc rights list accounts'
* fix a seg fault in cli_lsa_enum_account_rights caused by
me forgetting the precedence of * vs. []
|
| |
|
|
|
|
| |
(noty enfornced yet though)
* add 'enable privileges (off by default) to control whether or
not any privuleges can be assigned to SIDs
|
| |
|
|
|
|
|
|
|
|
|
| |
* rewrote the tdb layout of privilege records in account_pol.tdb
(allow for 128 bits instead of 32 bit flags)
* migrated to using SE_PRIV structure instead of the PRIVILEGE_SET
structure. The latter is now used for parsing routines mainly.
Still need to incorporate some client support into 'net' so
for setting privileges. And make use of the SeAddUserPrivilege
right.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
(based on Simo's code in trunk). Rewritten with the
following changes:
* privilege set is based on a 32-bit mask instead of strings
(plans are to extend this to a 64 or 128-bit mask before
the next 3.0.11preX release).
* Remove the privilege code from the passdb API
(replication to come later)
* Only support the minimum amount of privileges that make
sense.
* Rewrite the domain join checks to use the SeMachineAccountPrivilege
instead of the 'is a member of "Domain Admins"?' check that started
all this.
Still todo:
* Utilize the SePrintOperatorPrivilege in addition to the 'printer admin'
parameter
* Utilize the SeAddUserPrivilege for adding users and groups
* Fix some of the hard coded _lsa_*() calls
* Start work on enough of SAM replication to get privileges from one
Samba DC to another.
* Come up with some management tool for manipultaing privileges
instead of user manager since it is buggy when run on a 2k client
(haven't tried xp). Works ok on NT4.
|
| |
|
|
|
|
|
|
| |
to checkout try this:
svn co svn+ssh://svn.samba.org/home/svn/samba/branches/SAMBA_3_0 samba-3_0-work
metze
|
|
|
metze
|
