1
0
mirror of https://github.com/samba-team/samba.git synced 2024-12-25 23:21:54 +03:00
Commit Graph

21 Commits

Author SHA1 Message Date
Andrew Tridgell
3e9bcd111d don't try to initgroups in non root mode
(This used to be commit 1a04ea2476)
2001-09-19 03:30:20 +00:00
Simo Sorce
61b2794968 move to SAFE_FREE()
(This used to be commit a95943fde0)
2001-09-17 11:25:41 +00:00
Jeremy Allison
e662983fbe Excellent patch from Anselm Kruis <A.Kruis@science-computing.de> to fix
problem with wrong token being used in current_user.
Jeremy.
(This used to be commit 2c7d2a1d53)
2001-07-25 18:07:36 +00:00
Andrew Bartlett
90498a10c7 Remove warning about trapdoor systems for non-root mode.
Andrew Bartlett
(This used to be commit b33000cdc0)
2001-06-26 03:45:45 +00:00
Jeremy Allison
b238f4a2ff rpcclient/rpcclient.c: Non-void return in void function.
smbd/sec_ctx.c: Fixed potential memory leak spotted by
Kenichi Okuyama@Tokyo Research Lab, IBM-Japan, Co.
utils/nmblookup.c: gcc warning on Solaris fix.
Jeremy.
(This used to be commit 1be60597cd)
2001-04-28 00:05:11 +00:00
Jeremy Allison
38959a2105 Tidy up args to DEBUG Statements - found by gcc on Solaris.
Jeremy.
(This used to be commit a60ecb4e53)
2001-04-27 21:14:18 +00:00
Jeremy Allison
da3053048c Merge of new 2.2 code into HEAD (Gerald I hate you :-) :-). Allows new SAMR
RPC code to merge with new passdb code.
Currently rpcclient doesn't compile. I'm working on it...
Jeremy.
(This used to be commit 0be41d5158)
2001-03-11 00:32:10 +00:00
David O'Neill
23807f2b30 Changes from APPLIANCE_HEAD:
source/Makefile.in
        - changes to ctags and etags rules that somehow got lost along the way.

    source/include/proto.h
        - make proto

    source/smbd/sec_ctx.c
    source/smbd/password.c
        - merge debugs for debugging user groups and NT token stuff.

    source/lib/util_str.c
        - capitalise domain name returned from parse_domain_user()

    source/nsswitch/wb_client.c
        - fix broken conditional in debug statement.

    source/include/rpc_secdes.h
    source/include/rpc_spoolss.h
    source/printing/nt_printing.c
    source/lib/util_seaccess.c
        - fix printer permission bugs related to ACE masks for printers.
          This adds mapping of generic access rights to object specific
          rights for NT printers.  Still need to work out whether or not to
          ignore ACEs with certain flags set, though. See comments in
          util_seaccess.c:check_ace() for details.

    source/printing/nt_printing.c
    source/printing/printing.c
        - use PRINTER_ACCESS_ADMINISTER instead of JOB_ACCESS_ADMINISTER
          until we sort out printer/printjob permission stuff.
(This used to be commit 1dba9c5cd1)
2001-01-04 19:27:08 +00:00
Jeremy Allison
316cfee01c Added OLD_NTDOMAIN to remove warnings about undefined functions.
Jeremy.
(This used to be commit f4c32a75e6)
2000-12-08 19:35:58 +00:00
Jeremy Allison
4bce271e4f Merge from appliance head of JR's changes for driver versioning.
Jeremy.
(This used to be commit cdbd2e9977)
2000-11-14 21:56:32 +00:00
Jeremy Allison
1cb444057a David Lee's utmp patch (finally). Thanks David !
Jeremy.
(This used to be commit b809a2d0c8)
2000-10-28 19:38:39 +00:00
Jeremy Allison
b5ac72cc64 Sorry JF - no billable hours :-). I fixed the "stream of events" problem
with PCL drivers. The problem was we were updating the changeid on every
SETPRINTERDATA/DELETEPRINTERDATA call. We should not do this, we should
just update the 'setprinter' called count. We update the changeid on calls
to SETPRINTER/ADDPRINTER/ADDPRINTEREX etc. Also fixed the correct returning
of the create time on printers.
Jeremy.
(This used to be commit 521f09829f)
2000-10-26 21:43:13 +00:00
Herb Lewis
7a42a9da7d use macros for incrementing profile counters
(This used to be commit cae5eeb16e)
2000-10-12 15:41:16 +00:00
Tim Potter
f0af8acc9d Added uid and gid to push_sec_ctx() debug.
(This used to be commit 2817b6cc8a)
2000-10-05 03:28:58 +00:00
Tim Potter
8b889a84a2 Oops - missed a file.
(This used to be commit 5aed84b749)
2000-08-28 06:50:45 +00:00
Jeremy Allison
e3048cfc0b Fixed memory leak with NT tokens.
Added debug messages to se_access_check().
Added FULL_ACCESS acl to default acl on printers.
Jeremy.
(This used to be commit 7507f6f408)
2000-08-09 18:40:48 +00:00
Jeremy Allison
f87399915b Added an NT_USER_TOKEN structure that is copied/passed around associated
with the current user. This will allow se_access_check() to quickly do
a SD check without having to translate uid/gid's to SIDs.
Still needs work on pipe calls.
Jeremy.
(This used to be commit e28d01b744)
2000-08-03 22:38:43 +00:00
Jeremy Allison
17dcd9a834 Started to canonicalize our handling of uid -> sid code in order to
get ready and fix se_access_check().
Added cannonical lookup_name(), lookup_sid(), uid_to_sid(), gid_to_sid()
functions that look via winbind first the fall back on local lookup.

All Samba should use these rather than trying to call winbindd code
directly.

Added NT_USER_TOKEN struct in user_struct, contains list of NT sids
associated with this user.

se_access_check() should use this (cached) value rather than attempting
to do the same thing itself when given a uid/gid pair.

More work needs to be done to preserve these things accross security
context changes (especially with the tricky pipe problem) but I'm
beginning to see how this will be done..... probably by registering
a new vuid for an authenticated RPC pipe and not treating the
pipe calls specially.

More thoughts needed - but we're almost there...

Jeremy.
(This used to be commit 5e5cc6efe2)
2000-08-02 02:11:55 +00:00
Jeremy Allison
a8c21a8e6b Fix a malloc of zero problem.
Jeremy.
(This used to be commit 2aa21db960)
2000-06-23 19:57:42 +00:00
Jeremy Allison
5dd2bd5076 lib/util_unistr.c: Off-by-one fix for dos_PutUniStr from John Reilly jreilly@hp.com.
Memory leak fix for new sec_ctx code (sorry Tim :-).
Jeremy.
(This used to be commit edaf49c66d)
2000-06-23 17:31:38 +00:00
Tim Potter
8005c837f5 I've been working on refactoring some of the mess that is the become_user()
code.  This code is now implemented as a stack of security contexts, where
a security context is defined as a set of effective user, group and
supplementary group ids.

The following functions are implemented:

BOOL push_sec_ctx(void);

     Create a new security context on the stack which is the same as the
     current security context.

void set_sec_ctx(uid_t uid, gid_t gid, int ngroups, gid_t *groups);

     Set the current security context to a given set of user and group
     ids.

void set_root_sec_ctx(void);

     Set to uid = gid = 0.  No supplementary groups are set.

BOOL pop_sec_ctx(void);

     Pop a security context from the stack and restore the user and group
     permissions of the previous context.

void init_sec_ctx(void);

     Initialise the security context stack.  This must be called before any
     of the other operations are used or weird things may happen.

The idea is that there is a base security context which is either root or
some authenticated unix user.  Other security contexts can be pushed and
popped as needed for things like changing passwords, or rpc pipe operations
where the rpc pipe user is different from the smb user.
(This used to be commit 87c78d6d5a)
2000-06-23 05:49:11 +00:00