IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
* start adding write support to the Samba registry
Flesh out the server implementations of
RegCreateKey(), RegSetValue(), RegDeleteKey() and RegDeleteValue()
I can create a new key using regedit.exe now but the 'New Key #1'
key cannot be deleted yet.
(This used to be commit e188fdbef8f0ad202b0ecf3c30be2941ebe6d5b1)
* add calls to start and stop a service (to be filled
in by the backend routines in services/svc_*.c
(This used to be commit 793d28a946d83beb2576c5c8ce808d32c71c880a)
according to default security descriptor described in MSDN.
no one can get in to due to the permissions, but i'll fix
that next.
(This used to be commit 11902e503ed4f6d6991a9fe7521fe44168274ec8)
open and close the service control manager.
Also experimenting with ideas for cli_xxx() interface.
(This used to be commit 4da89ef17b8c4644b97b923cebfe8e446b508b4d)
* make sure to apply the rights_mask and not just the saved
bits from the mask in access_check_samr_object()
* allow root to grant/revoke privileges (in addition to Domain
Admins) as suggested by Volker.
Tested machine joins from XP, 2K, and NT4 with and without
pre-existing machine trust accounts. Also tested basic file
operations using cmd.exe and explorer.exe after changing the
STANDARD_RIGHTS_WRITE_ACCESS bitmask.
(This used to be commit c0e7f7ff60a4110809b8f500fdc68a1bf963da36)
* added SE_PRIV checks to access_check_samr_object() in order
to deal with the run-time security descriptor and their
interaction with user rights
* Reordered original patch in _samr_set_userinfo[2] to still
allow root/administrative password changes for users and machines.
(This used to be commit f9f9e6039bd9443d54445e41c3783a2be18925fb)
discover names for the SAMR specific permissions that were previously unknown.
The existing constant names differ from what win2k calls them but since they
aren't heavily used in Samba at the moment I'll leave them as they are.
Jean-Baptiste's data is at:
http://ethereal.ntop.org/lists/ethereal-dev/200307/msg00314.html
(This used to be commit ae77e9e55438a9807da3696fd0d31fba6d0f7370)
in the reverse).
* add in new printer change notify code from SAMBA_2_2
* add in se_map_standard() from 2.2 in _spoolss_open_printer_ex()
* sync up the _print_queue_struct in smb.h (why did someone change the
user/file names in fs_user/fs_file (or vice-versa) ? )
* sync up some cli_spoolss_XXX functions
(This used to be commit 5760315c1de4033fdc22684c940f18010010924f)
<a.kotovich@sam-solutions.net> that adds the security decsriptor code
for ADS workstation accounts
thanks for your patience Cat, and thanks to Andrew Bartlett for
extensive reviews and suggestions about this code.
(This used to be commit 6891393b5db868246fe52ff62b3dc6aa5ca6f726)
srv_samr.c: Fix for pw caching.
smbd/nttrans.c: Fix to allow trans create to set ACL on open.
Jeremy.
(This used to be commit c4f810a7588a2faf41f4222dc77678c53ab1dec0)
source/Makefile.in
- changes to ctags and etags rules that somehow got lost along the way.
source/include/proto.h
- make proto
source/smbd/sec_ctx.c
source/smbd/password.c
- merge debugs for debugging user groups and NT token stuff.
source/lib/util_str.c
- capitalise domain name returned from parse_domain_user()
source/nsswitch/wb_client.c
- fix broken conditional in debug statement.
source/include/rpc_secdes.h
source/include/rpc_spoolss.h
source/printing/nt_printing.c
source/lib/util_seaccess.c
- fix printer permission bugs related to ACE masks for printers.
This adds mapping of generic access rights to object specific
rights for NT printers. Still need to work out whether or not to
ignore ACEs with certain flags set, though. See comments in
util_seaccess.c:check_ace() for details.
source/printing/nt_printing.c
source/printing/printing.c
- use PRINTER_ACCESS_ADMINISTER instead of JOB_ACCESS_ADMINISTER
until we sort out printer/printjob permission stuff.
(This used to be commit 1dba9c5cd1e6389734c648f6903abcb7c8d5b2f0)
simplest method to get rpcclient's reggetsec command working. the
buffers passed as arguments in do_reg_get_key_sec() do need to be
locally allocated not dynamically allocated, as two calls to
reg_get_key_sec() are needed. on the first, the server fills in the
size of the security descriptor buffer needed. on the second, the
server fills in the security descriptor buffer.
(This used to be commit b2d9cbef6f65bb696df8d8f49aa0c240e0bb1f50)
