summaryrefslogtreecommitdiffstats
path: root/source/lib/privileges.c
Commit message (Collapse)AuthorAgeFilesLines
* r25040: Add "net sam rights"Volker Lendecke2007-09-081-1/+32
| | | | | | | Not strictly in the SAM, but close enough. This command acts directly on the local tdb, no running smbd required This also changes the root-only check to a warning
* r24435: Fix typo.Günther Deschner2007-08-141-1/+1
| | | | Guenther
* r23784: use the GPLv3 boilerplate as recommended by the FSF and the license textAndrew Tridgell2007-07-101-2/+1
|
* r23780: Find and fix more GPL2 -> GPL3.Jeremy Allison2007-07-091-1/+1
| | | | Jeremy.
* r23485: This checkin consists mostly of refactorings in preparation of theMichael Adam2007-06-141-487/+18
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | activation of global registry options in loadparm.c, mainly to extract functionality from net_conf.c to be made availabel elsewhere and to minimize linker dependencies. In detail: * move functions registry_push/pull_value from lib/util_reg.c to new file lib/util_reg_api.c * create a fake user token consisting of builtin administrators sid and se_disk_operators privilege by hand instead of using get_root_nt_token() to minimize linker deps for bin/net. + new function registry_create_admin_token() in new lib/util_reg_smbconf.c + move dup_nt_token from auth/token_util.c to new file lib/util_nttoken.c + adapt net_conf.c and Makefile.in accordingly. * split lib/profiles.c into two parts: new file lib/profiles_basic.c takes all the low level mask manipulation and format conversion functions (se_priv, privset, luid). the privs array is completely hidden from profiles.c by adding some access-functions. some mask-functions are not static anymore. Generally, SID- and LUID-related stuff that has more dependencies is kept in lib/profiles.c * Move initialization of regdb from net_conf.c into a function registry_init_regdb() in lib/util_reg_smbconf.c. Michael
* r22945: merge 22009 from SAMBA_3_0 + some warning fixes for new code:Stefan Metzmacher2007-05-161-3/+3
| | | | | | | | change TDB_DATA from char * to unsigned char * and fix all compiler warnings in the users metze
* r22936: merge 21973:21989 from SAMBA_3_0Stefan Metzmacher2007-05-161-8/+4
| | | | | | (use helper functions to create TDB_DATA elements) metze
* r22589: Make TALLOC_ARRAY consistent across all uses.Jeremy Allison2007-04-301-4/+8
| | | | Jeremy.
* r21197: const changesGerald Carter2007-02-061-2/+3
|
* r20090: Fix a class of bugs found by James Peach. EnsureJeremy Allison2006-12-091-1/+3
| | | | | | | | | | | | | we never mix malloc and talloc'ed contexts in the add_XX_to_array() and add_XX_to_array_unique() calls. Ensure that these calls always return False on out of memory, True otherwise and always check them. Ensure that the relevent parts of the conn struct and the nt_user_tokens are TALLOC_DESTROYED not SAFE_FREE'd. James - this should fix your crash bug in both branches. Jeremy.
* r19784: smbd compiles (still a few warning which are actual bugs)Gerald Carter2006-11-191-1/+1
|
* r16418: Pull in more Klocwork fixes (up to r16415)Gerald Carter2006-06-201-0/+4
|
* r14432: Give in and grant BUILT\Administrators all privilegesGerald Carter2006-03-151-1/+19
|
* r11137: Compile with only 2 warnings (I'm still working on that code) on a gcc4Jeremy Allison2005-10-181-1/+1
| | | | | x86_64 box. Jeremy.
* r10656: BIG merge from trunk. Features not copied overGerald Carter2005-09-301-2/+3
| | | | | | | * \PIPE\unixinfo * winbindd's {group,alias}membership new functions * winbindd's lookupsids() functionality * swat (trunk changes to be reverted as per discussion with Deryck)
* r10454: * prevent privilege code from storing an empty SIDGerald Carter2005-09-231-7/+31
| | | | | | (and filter it out if one is already there) * Fix LUID value match in privilege_set_to_se_priv() (fix jmcd's bug report).
* r9952: Adapt better to the Windows way of taking and assigning ownership:Günther Deschner2005-09-021-0/+1
| | | | | | | | | | | | * Users with SeRestorePrivilege may chown files to anyone (be it as a backup software or directly using the ownership-tab in the security acl editor on xp), while * Users with SeTakeOwnershipPrivilege only can chown to themselves. Simo, Jeremy. I think this is correct now. Guenther
* r9029: Another crash bug when enumerating privileges. Günther Deschner2005-08-041-1/+1
| | | | | | Thanks Volker! Guenther
* r8141: Update volker's valgrind fix in r8097. Same effect, just helps meGerald Carter2005-07-041-0/+3
| | | | to remember what is going on here better.
* r7995: * privileges are local except when they're *not*Gerald Carter2005-06-291-60/+64
| | | | | | | | | | | | | | | | | | printmig.exe assumes that the LUID of the SeBackupPrivlege on the target server matches the LUID of the privilege on the local client. Even though an LUID is never guaranteed to be the same across reboots. How *awful*! My cat could write better code! (more on my cat later....) * Set the privelege LUID in the global PRIVS[] array * Rename RegCreateKey() to RegCreateKeyEx() to better match MSDN * Rename the unknown field in RegCreateKeyEx() to disposition (guess according to MSDN) * Add the capability to define REG_TDB_ONLY for using the reg_db.c functions and stress the RegXXX() rpc functions.
* r7440: * merge registry server changes from trunk (so far) for more Gerald Carter2005-06-091-0/+5
| | | | | | printmig.exe work * merge the sys_select_signal(char c) change from trunk in order to keeo the winbind code in sync
* r6080: Port some of the non-critical changes from HEAD to 3_0. The main one ↵Volker Lendecke2005-03-271-1/+1
| | | | | | | | is the change in pdb_enum_alias_memberships to match samr.idl a bit closer. Volker
* r5953: more compiler cleanups; moved SID_LIST from smb.h to privileges.c to ↵Gerald Carter2005-03-221-1/+6
| | | | cleanup the name space
* r5726: merge LsaLookupPrivValue() code from trunkGerald Carter2005-03-101-59/+57
|
* r5484: Fix a memleakVolker Lendecke2005-02-211-2/+2
|
* r5436: small merges from trunkGerald Carter2005-02-171-5/+5
|
* r5203: additional changes for BUG 2291 to restrict who can join a BDC and ↵Gerald Carter2005-02-031-1/+1
| | | | add domain trusts
* r5015: (based on abartlet's original patch to restrict password changes)Gerald Carter2005-01-261-4/+74
| | | | | | | | | * added SE_PRIV checks to access_check_samr_object() in order to deal with the run-time security descriptor and their interaction with user rights * Reordered original patch in _samr_set_userinfo[2] to still allow root/administrative password changes for users and machines.
* r4995: fail set_privileges() if 'enable privileges = no' to prevent confused ↵Gerald Carter2005-01-251-0/+3
| | | | admins who never read what I write :-)
* r4849: * finish SeAddUsers support in srv_samr_nt.cGerald Carter2005-01-191-7/+18
| | | | | | | | | * define some const SE_PRIV structure for use when you need a SE_PRIV* to a privilege * fix an annoying compiler warngin in smbfilter.c * translate SIDs to names in 'net rpc rights list accounts' * fix a seg fault in cli_lsa_enum_account_rights caused by me forgetting the precedence of * vs. []
* r4822: fix return code when you ask for a non-privileged SID via one of the ↵Gerald Carter2005-01-181-0/+9
| | | | privileges RPC calls
* r4809: * include SeDiskOperatorPrivilege and SeRemoteShutdownPrivilegeGerald Carter2005-01-171-88/+25
| | | | | | (noty enfornced yet though) * add 'enable privileges (off by default) to control whether or not any privuleges can be assigned to SIDs
* r4805: Last planned change to the privileges infrastructure:Gerald Carter2005-01-171-120/+309
| | | | | | | | | | | * rewrote the tdb layout of privilege records in account_pol.tdb (allow for 128 bits instead of 32 bit flags) * migrated to using SE_PRIV structure instead of the PRIVILEGE_SET structure. The latter is now used for parsing routines mainly. Still need to incorporate some client support into 'net' so for setting privileges. And make use of the SeAddUserPrivilege right.
* r4742: add server support for lsa_add/remove_account_rights() and fix some ↵Gerald Carter2005-01-151-12/+65
| | | | parsing bugs related to that code
* r4731: Fix the buildVolker Lendecke2005-01-141-1/+2
|
* r4724: Add support for Windows privileges in Samba 3.0Gerald Carter2005-01-131-218/+429
| | | | | | | | | | | | | | | | | | | | | | | | | | | | (based on Simo's code in trunk). Rewritten with the following changes: * privilege set is based on a 32-bit mask instead of strings (plans are to extend this to a 64 or 128-bit mask before the next 3.0.11preX release). * Remove the privilege code from the passdb API (replication to come later) * Only support the minimum amount of privileges that make sense. * Rewrite the domain join checks to use the SeMachineAccountPrivilege instead of the 'is a member of "Domain Admins"?' check that started all this. Still todo: * Utilize the SePrintOperatorPrivilege in addition to the 'printer admin' parameter * Utilize the SeAddUserPrivilege for adding users and groups * Fix some of the hard coded _lsa_*() calls * Start work on enough of SAM replication to get privileges from one Samba DC to another. * Come up with some management tool for manipultaing privileges instead of user manager since it is buggy when run on a 2k client (haven't tried xp). Works ok on NT4.
* r4088: Get medieval on our ass about malloc.... :-). Take control of all our ↵Jeremy Allison2004-12-071-6/+6
| | | | | | | | | allocation functions so we can funnel through some well known functions. Should help greatly with malloc checking. HEAD patch to follow. Jeremy.
* r4: merge in the SAMBA_3_0 branch from cvsCVS Import User2004-04-041-102/+10
| | | | | | | | to checkout try this: svn co svn+ssh://svn.samba.org/home/svn/samba/branches/SAMBA_3_0 samba-3_0-work metze
* r2: import HEAD into svn+ssh://svn.samba.org/home/svn/samba/trunkCVS Import User2004-04-041-0/+442
metze
generated by cgit (git 2.34.1) at 2025-09-25 22:54:40 +0000