| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
| |
NT_TOKEN and the unix credentials - as we incresingly use the NT stuff we want
to make it easy to check they don't get out of wack.
Andrew Bartlett
|
| |
|
|
|
|
|
|
|
| |
effective gid which could mean that the user gets group 0 in their
group list for acl interpretation
this is a replacement fix for the one richard did in 2.2 (which didn't
cope wiith variable behaviour depending on which nss module was in
use)
|
| |
|
|
| |
Changed "SMB/Netbios" to "SMB/CIFS" in file header.
|
| |
|
|
|
|
|
|
|
|
|
| |
<a.bokovoy@sam-solutions.net>.
This patch is designed to remove the 'special cases' required for this support.
In particular this now kills off winbind_initgroups, as it appears no longer to
be required.
Andrew Bartlett
|
| |
|
|
|
| |
Got "medieval on our ass" about const warnings (as many as I could :-).
Jeremy.
|
| |
|
|
| |
correct uid.
|
| |
|
|
|
| |
Ensure make_conection() can only be called as root.
Jeremy.
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
| |
problem with wrong token being used in current_user.
Jeremy.
|
| |
|
|
| |
Andrew Bartlett
|
| |
|
|
|
|
|
| |
smbd/sec_ctx.c: Fixed potential memory leak spotted by
Kenichi Okuyama@Tokyo Research Lab, IBM-Japan, Co.
utils/nmblookup.c: gcc warning on Solaris fix.
Jeremy.
|
| |
|
|
| |
Jeremy.
|
| |
|
|
|
|
| |
RPC code to merge with new passdb code.
Currently rpcclient doesn't compile. I'm working on it...
Jeremy.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
source/Makefile.in
- changes to ctags and etags rules that somehow got lost along the way.
source/include/proto.h
- make proto
source/smbd/sec_ctx.c
source/smbd/password.c
- merge debugs for debugging user groups and NT token stuff.
source/lib/util_str.c
- capitalise domain name returned from parse_domain_user()
source/nsswitch/wb_client.c
- fix broken conditional in debug statement.
source/include/rpc_secdes.h
source/include/rpc_spoolss.h
source/printing/nt_printing.c
source/lib/util_seaccess.c
- fix printer permission bugs related to ACE masks for printers.
This adds mapping of generic access rights to object specific
rights for NT printers. Still need to work out whether or not to
ignore ACEs with certain flags set, though. See comments in
util_seaccess.c:check_ace() for details.
source/printing/nt_printing.c
source/printing/printing.c
- use PRINTER_ACCESS_ADMINISTER instead of JOB_ACCESS_ADMINISTER
until we sort out printer/printjob permission stuff.
|
| |
|
|
| |
Jeremy.
|
| |
|
|
| |
Jeremy.
|
| |
|
|
| |
Jeremy.
|
| |
|
|
|
|
|
|
|
| |
with PCL drivers. The problem was we were updating the changeid on every
SETPRINTERDATA/DELETEPRINTERDATA call. We should not do this, we should
just update the 'setprinter' called count. We update the changeid on calls
to SETPRINTER/ADDPRINTER/ADDPRINTEREX etc. Also fixed the correct returning
of the create time on printers.
Jeremy.
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
| |
Added debug messages to se_access_check().
Added FULL_ACCESS acl to default acl on printers.
Jeremy.
|
| |
|
|
|
|
|
| |
with the current user. This will allow se_access_check() to quickly do
a SD check without having to translate uid/gid's to SIDs.
Still needs work on pipe calls.
Jeremy.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
get ready and fix se_access_check().
Added cannonical lookup_name(), lookup_sid(), uid_to_sid(), gid_to_sid()
functions that look via winbind first the fall back on local lookup.
All Samba should use these rather than trying to call winbindd code
directly.
Added NT_USER_TOKEN struct in user_struct, contains list of NT sids
associated with this user.
se_access_check() should use this (cached) value rather than attempting
to do the same thing itself when given a uid/gid pair.
More work needs to be done to preserve these things accross security
context changes (especially with the tricky pipe problem) but I'm
beginning to see how this will be done..... probably by registering
a new vuid for an authenticated RPC pipe and not treating the
pipe calls specially.
More thoughts needed - but we're almost there...
Jeremy.
|
| |
|
|
| |
Jeremy.
|
| |
|
|
|
|
|
| |
jreilly@hp.com.
Memory leak fix for new sec_ctx code (sorry Tim :-).
Jeremy.
|
|
|
code. This code is now implemented as a stack of security contexts, where
a security context is defined as a set of effective user, group and
supplementary group ids.
The following functions are implemented:
BOOL push_sec_ctx(void);
Create a new security context on the stack which is the same as the
current security context.
void set_sec_ctx(uid_t uid, gid_t gid, int ngroups, gid_t *groups);
Set the current security context to a given set of user and group
ids.
void set_root_sec_ctx(void);
Set to uid = gid = 0. No supplementary groups are set.
BOOL pop_sec_ctx(void);
Pop a security context from the stack and restore the user and group
permissions of the previous context.
void init_sec_ctx(void);
Initialise the security context stack. This must be called before any
of the other operations are used or weird things may happen.
The idea is that there is a base security context which is either root or
some authenticated unix user. Other security contexts can be pushed and
popped as needed for things like changing passwords, or rpc pipe operations
where the rpc pipe user is different from the smb user.
|
