1
0
mirror of https://github.com/samba-team/samba.git synced 2025-01-12 09:18:10 +03:00
Commit Graph

153 Commits

Author SHA1 Message Date
Herb Lewis
63ff9e0081 I think the problem with these functions is that lookup_usergroups
should never include the user SID.
The comment for the function in winbindd/winbindd_ads.c says
/* Lookup groups a user is a member of. */
The following patch makes the wbinfo calls return the correct data
before and after a login.
wbinfo --user-domgroups and --user-sids
(This used to be commit 7849938906)
2008-08-15 15:28:23 -07:00
Günther Deschner
bea4541e11 Use sid_array_from_info3 in lookup_usergroups_cached().
Guenther
(This used to be commit 65b4cb20ea)
2008-04-04 02:53:40 +02:00
Günther Deschner
b1d09a82f4 Use netr_SamInfo3 in sid_array_from_info3.
Guenther
(This used to be commit 06095e8c70)
2008-02-17 02:11:58 +01:00
Michael Adam
f3603d5a5a Convert add_sid_to_array() add_sid_to_array_unique() to return NTSTATUS.
Michael
(This used to be commit 6b2b9a60ef)
2008-01-09 01:47:10 +01:00
Volker Lendecke
a59280792c Remove tiny code duplication
sid_size did the same as ndr_size_dom_sid
(This used to be commit 8aec5d09ba)
2007-12-29 23:12:51 +01:00
Volker Lendecke
2e07c2ade8 s/sid_to_string/sid_to_fstring/
least surprise for callers
(This used to be commit eb523ba776)
2007-12-15 22:47:30 +01:00
Volker Lendecke
79cd97cc3f Use dom_sid_string for sid_string_talloc
Remove some code duplication, but introduce one more dependency on librpc/ndr.
Easily turned around so that librpc/ndr depends on lib/util_sid if necessary
(This used to be commit 3a0b1b2060)
2007-12-15 22:33:52 +01:00
Volker Lendecke
4312ad8b98 sid_string_static is no more :-)
We now have four ways to do sid_to_string:

sid_to_string: Convert it into an existing fstring, when you have one

sid_string_talloc: The obvious thing

sid_string_tos: For the lazy, use only with care

sid_string_dbg: The one to use in DEBUG statements
(This used to be commit 7b8276aaa4)
2007-12-15 22:09:37 +01:00
Volker Lendecke
900288a2b8 Replace sid_string_static by sid_string_dbg in DEBUGs
(This used to be commit bb35e794ec)
2007-12-15 22:09:36 +01:00
Volker Lendecke
f498f661bc Add sid_string_dbg
This makes use of the just added debug_ctx and will kill many
sid_string_static() calls
(This used to be commit 3e4148c280)
2007-12-15 22:09:35 +01:00
Volker Lendecke
2cb7f5f632 add sid_string_talloc
(This used to be commit 9e3ef0923d)
2007-12-15 22:09:35 +01:00
Jeremy Allison
30191d1a57 RIP BOOL. Convert BOOL -> bool. I found a few interesting
bugs in various places whilst doing this (places that assumed
BOOL == int). I also need to fix the Samba4 pidl generation
(next checkin).
Jeremy.
(This used to be commit f35a266b3c)
2007-10-18 17:40:25 -07:00
Günther Deschner
52ef68ad4b r25575: Document S-1-5-12 (restriced code sid).
Guenther
(This used to be commit 109b09edef)
2007-10-10 12:31:16 -05:00
Volker Lendecke
54d3c7f61d r25040: Add "net sam rights"
Not strictly in the SAM, but close enough. This command acts directly on
the local tdb, no running smbd required

This also changes the root-only check to a warning
(This used to be commit 0c5657b5ef)
2007-10-10 12:30:36 -05:00
Günther Deschner
4b4a3c7df1 r23928: Merge all "copy-info3-groups-to-sid-array" blocks to a sid_array_from_info3()
function.

Guenther
(This used to be commit 1e1e480115)
2007-10-10 12:28:45 -05:00
Andrew Tridgell
5e54558c6d r23784: use the GPLv3 boilerplate as recommended by the FSF and the license text
(This used to be commit b0132e94fc)
2007-10-10 12:28:22 -05:00
Jeremy Allison
d824b98f80 r23779: Change from v2 or later to v3 or later.
Jeremy.
(This used to be commit 407e6e695b)
2007-10-10 12:28:20 -05:00
Jeremy Allison
f5d6c8e0d7 r22611: Fix from Jens Nissen <jens.nissen@gmx.net>. Fix bad
memory leak I introduced into acl code, also remove
redundent extra check for global_sid_System :

global_sid_System == S-1-5-18 which is already
included in the check for a domain of
global_sid_NT_Authority == S-1-5

Jeremy.
(This used to be commit 10649540ac)
2007-10-10 12:19:50 -05:00
Jeremy Allison
5e7174a2c8 r22481: Move check for non-mappable SIDs to after sid_to_uid,
sid_to_gid mapping, add LocalSystem to non-mappable
list.
Jeremy.
(This used to be commit 805f01464f)
2007-10-10 12:19:38 -05:00
Jeremy Allison
63609fbb04 r20090: Fix a class of bugs found by James Peach. Ensure
we never mix malloc and talloc'ed contexts in the
add_XX_to_array() and add_XX_to_array_unique()
calls. Ensure that these calls always return
False on out of memory, True otherwise and always
check them. Ensure that the relevent parts of
the conn struct and the nt_user_tokens are
TALLOC_DESTROYED not SAFE_FREE'd.
James - this should fix your crash bug in both
branches.
Jeremy.
(This used to be commit 0ffca7559e)
2007-10-10 12:16:24 -05:00
Gerald Carter
2b27c93a9a r18271: Big change:
* autogenerate lsa ndr code
* rename 'enum SID_NAME_USE' to 'enum lsa_SidType'
* merge a log more security descriptor functions from
  gen_ndr/ndr_security.c in SAMBA_4_0

The most embarassing thing is the "#define strlen_m strlen"
We need a real implementation in SAMBA_3_0 which I'll work on
after this code is in.
(This used to be commit 3da9f80c28)
2007-10-10 11:51:18 -05:00
Volker Lendecke
e23781b3b3 r17316: More C++ warnings -- 456 left
(This used to be commit 1e4ee728df)
2007-10-10 11:38:25 -05:00
Günther Deschner
17cbb65317 r16350: Fix the build.
GUenther
(This used to be commit 3203ce3b49)
2007-10-10 11:17:37 -05:00
Günther Deschner
34e810076d r15305: Let winbind search by sid directly (or in windows terms: "bind to a
sid"); works in all AD versions I tested. Also add "net ads sid" search
tool.

Guenther
(This used to be commit 5557ada694)
2007-10-10 11:16:33 -05:00
Günther Deschner
7588769316 r15251: Adding PreWin2kAccess builtin sid.
Guenther
(This used to be commit 4330d1b74c)
2007-10-10 11:16:30 -05:00
Jeremy Allison
894358a8f3 r13915: Fixed a very interesting class of realloc() bugs found by Coverity.
realloc can return NULL in one of two cases - (1) the realloc failed,
(2) realloc succeeded but the new size requested was zero, in which
case this is identical to a free() call.

The error paths dealing with these two cases should be different,
but mostly weren't. Secondly the standard idiom for dealing with
realloc when you know the new size is non-zero is the following :

 tmp = realloc(p, size);
 if (!tmp) {
    SAFE_FREE(p);
    return error;
 } else {
    p = tmp;
 }

However, there were *many* *many* places in Samba where we were
using the old (broken) idiom of :

 p = realloc(p, size)
 if (!p) {
    return error;
 }

which will leak the memory pointed to by p on realloc fail.

This commit (hopefully) fixes all these cases by moving to
a standard idiom of :

 p = SMB_REALLOC(p, size)
 if (!p) {
    return error;
 }

Where if the realloc returns null due to the realloc failing
or size == 0 we *guarentee* that the storage pointed to by p
has been freed. This allows me to remove a lot of code that
was dealing with the standard (more verbose) method that required
a tmp pointer. This is almost always what you want. When a
realloc fails you never usually want the old memory, you
want to free it and get into your error processing asap.

For the 11 remaining cases where we really do need to keep the
old pointer I have invented the new macro SMB_REALLOC_KEEP_OLD_ON_ERROR,
which can be used as follows :

 tmp = SMB_REALLOC_KEEP_OLD_ON_ERROR(p, size);
 if (!tmp) {
    SAFE_FREE(p);
    return error;
 } else {
    p = tmp;
 }

SMB_REALLOC_KEEP_OLD_ON_ERROR guarentees never to free the
pointer p, even on size == 0 or realloc fail. All this is
done by a hidden extra argument to Realloc(), BOOL free_old_on_error
which is set appropriately by the SMB_REALLOC and SMB_REALLOC_KEEP_OLD_ON_ERROR
macros (and their array counterparts).

It remains to be seen what this will do to our Coverity bug count :-).

Jeremy.
(This used to be commit 1d710d06a2)
2007-10-10 11:10:59 -05:00
Gerald Carter
0af1500fc0 r13316: Let the carnage begin....
Sync with trunk as off r13315
(This used to be commit 17e63ac4ed)
2007-10-10 11:06:23 -05:00
Günther Deschner
7b575d7cc5 r13024: Add is_null_sid.
GUenther
(This used to be commit 3a6e41a0cb)
2007-10-10 11:06:11 -05:00
Jeremy Allison
894979c69b r12387: Make string_to_sid a little more silent.
Jeremy.
(This used to be commit 7ccff8071a)
2007-10-10 11:05:54 -05:00
Volker Lendecke
c911ac23a9 r12169: Remove an unused function
(This used to be commit 209e4f8793)
2007-10-10 11:05:47 -05:00
Volker Lendecke
05ac2de0df r12051: Merge across the lookup_name and lookup_sid work. Lets see how the build farm
reacts :-)

Volker
(This used to be commit 9f99d04a54)
2007-10-10 11:05:43 -05:00
Jim McDonough
fc8292f381 r11230: Remove the '//' i was using to test something...oops
(This used to be commit cda5a81bbe)
2007-10-10 11:05:08 -05:00
Jim McDonough
46c6d81a4a r11229: an even bigger speedup spotted by Volker. string_to_sid() is now taking 1/5th
the time it used to.  Replace strcasecmp with invididual char checks for
"S-" sid prefix.
(This used to be commit de3d0094b7)
2007-10-10 11:05:07 -05:00
Jim McDonough
87d6e590f2 r11228: Speed up string_to_sid by removing next_token calls, thus eliminating
the need for allocating memory to duplicate the string.
(This used to be commit e5cc94f13f)
2007-10-10 11:05:07 -05:00
Jeremy Allison
8d7c886671 r11137: Compile with only 2 warnings (I'm still working on that code) on a gcc4
x86_64 box.
Jeremy.
(This used to be commit d720867a78)
2007-10-10 11:05:02 -05:00
Gerald Carter
fed660877c r7415: * big change -- volker's new async winbindd from trunk
(This used to be commit a0ac9a8ffd)
2007-10-10 10:57:08 -05:00
Volker Lendecke
83e11ba86c r6263: Get rid of generate_wellknown_sids, they are const static and initializable
statically.

Volker
(This used to be commit 3493d9f383)
2007-10-10 10:56:33 -05:00
Volker Lendecke
e84ead0cfd r6080: Port some of the non-critical changes from HEAD to 3_0. The main one is the
change in pdb_enum_alias_memberships to match samr.idl a bit closer.

Volker
(This used to be commit 3a67865169)
2007-10-10 10:56:20 -05:00
Gerald Carter
d94d87472c r4724: Add support for Windows privileges in Samba 3.0
(based on Simo's code in trunk).  Rewritten with the
following changes:

* privilege set is based on a 32-bit mask instead of strings
  (plans are to extend this to a 64 or 128-bit mask before
   the next 3.0.11preX release).
* Remove the privilege code from the passdb API
  (replication to come later)
* Only support the minimum amount of privileges that make
  sense.
* Rewrite the domain join checks to use the SeMachineAccountPrivilege
  instead of the 'is a member of "Domain Admins"?' check that started
  all this.

Still todo:

* Utilize the SePrintOperatorPrivilege in addition to the 'printer admin'
  parameter
* Utilize the SeAddUserPrivilege for adding users and groups
* Fix some of the hard coded _lsa_*() calls
* Start work on enough of SAM replication to get privileges from one
  Samba DC to another.
* Come up with some management tool for manipultaing privileges
  instead of user manager since it is buggy when run on a 2k client
  (haven't tried xp).  Works ok on NT4.
(This used to be commit 77c10ff9aa)
2007-10-10 10:53:51 -05:00
Jeremy Allison
acf9d61421 r4088: Get medieval on our ass about malloc.... :-). Take control of all our allocation
functions so we can funnel through some well known functions. Should help greatly with
malloc checking.
HEAD patch to follow.
Jeremy.
(This used to be commit 620f2e608f)
2007-10-10 10:53:32 -05:00
Volker Lendecke
0d6acfe19a r316: Fix split_domain_name. This defaulted to get_myname() instead of
get_global_sam_name().

Error case: Adding a domain user to a XP local group did a lsalookupname on
the user without domain prefix, and this then failed.

Jerry: This is a must-fix before 3.0.3.

Volker
(This used to be commit f35e353454)
2007-10-10 10:51:18 -05:00
Gerald Carter
8ad3d8c9b0 r196: merging struct uuid from trunk
(This used to be commit 911a28361b)
2007-10-10 10:51:13 -05:00
Jim McDonough
ddc0716fa8 r91: Fix lsalookupnames. Previously we'd fail if we didn't find the name, but
we never checked if it was a domain user and didn't find a local one.
(This used to be commit 68022f5ebc)
2007-10-10 10:51:08 -05:00
Simo Sorce
b1f610ebb1 split some security related functions in their own files.
(no need to include all of smbd files to use some basic sec functions)

also minor compile fixes
couldn't compile to test these due to some kerberos problems wirh 3.0,
but on HEAD they're working well, so I suppose it's ok to commit
(This used to be commit c78f2d0bd1)
2003-10-06 01:38:46 +00:00
Herb Lewis
937041e3fd get rid of compiler warnings
(This used to be commit ae25e7746e)
2003-08-15 02:28:13 +00:00
Andrew Bartlett
cfe8b79c77 When checking if a SID is in a domain, make sure that indeed the user RID is
one element longer than the domain sid.

Andrew Bartlett
(This used to be commit c61e5e3877)
2003-05-09 09:33:51 +00:00
Andrew Bartlett
1a9394195d Merge HEAD's winbind into 3.0.
This includes the 'SIDs Rule' patch, mimir's trusted domains cacheing code,
the winbind_idmap abstraction (not idmap proper, but the stuff that held up
the winbind LDAP backend in HEAD).

Andrew Bartlett
(This used to be commit d4d5e6c2ee)
2003-04-23 11:54:56 +00:00
Tim Potter
886d4e6fe2 Merge of new sid type (SID_NAME_COMPUTER) and tidyup.
(This used to be commit c91cf2b38d)
2003-04-14 02:26:41 +00:00
Andrew Bartlett
634c54310c Merge from HEAD - make Samba compile with -Wwrite-strings without additional
warnings.  (Adds a lot of const).

Andrew Bartlett
(This used to be commit 3a7458f947)
2003-01-03 08:28:12 +00:00
Jeremy Allison
2f194322d4 Removed global_myworkgroup, global_myname, global_myscope. Added liberal
dashes of const. This is a rather large check-in, some things may break.
It does compile though :-).
Jeremy.
(This used to be commit f755711df8)
2002-11-12 23:20:50 +00:00
Jeremy Allison
f735551b9e First cut of new ACL mapping code from Andreas Gruenbacher <agruen@suse.de>.
This is not 100% the same as what SuSE shipped in their Samba, there is
a crash bug fix, a race condition fix, and a few logic changes I'd like to
discuss with Andreas. Added Andreas to (C) notices for posix_acls.c
Jeremy.
(This used to be commit 40eafb9dde)
2002-10-23 01:22:32 +00:00
Jeremy Allison
e9cc37b0bb Start to merge the new ACL mapping code from Andreas Gruenbacher <agruen@suse.de>.
Jeremy.
(This used to be commit 597c461009)
2002-10-18 19:46:32 +00:00
Gerald Carter
f2d1f19a66 syncing up with HEAD. Seems to be a lot of differences creeping in
(i ignored the new SAMBA stuff, but the rest of this looks like it should
have been merged already).
(This used to be commit 3de09e5cf1)
2002-10-01 18:26:00 +00:00
Gerald Carter
a834a73e34 sync'ing up for 3.0alpha20 release
(This used to be commit 65e7b5273b)
2002-09-25 15:19:00 +00:00
Jelmer Vernooij
b2edf254ed sync 3.0 branch with head
(This used to be commit 3928578b52)
2002-08-17 17:00:51 +00:00
Andrew Tridgell
e90b652848 updated the 3.0 branch from the head branch - ready for alpha18
(This used to be commit 03ac082dcb)
2002-07-15 10:35:28 +00:00
Jeremy Allison
dac047366a Add "Creator Group" - was in 2.2.x and I'm syncing up the two.
Jeremy.
(This used to be commit bcf38961a7)
2002-03-13 01:29:30 +00:00
Andrew Tridgell
683ba419ff add a note about the meaning of global_sam_sid
(This used to be commit 3db97530b6)
2002-03-10 01:51:15 +00:00
Andrew Tridgell
b48750fba6 this fixes the problem of not being able to add a SD to a file on a
non-domain Samba server from a NT4 client.

Note that this exactly reverses a change by Jeremy on the 18th of
December 2001, reverting the code back to what JF originally wrote. I
have looked carefully with a sniffer and JFs original NULL sid is
correct (ie. it matches what NT4 does) and also fixes the problem.

Sending a blank sid (which is what jeremy's patch did) causes NT4 to
give a classic "parameter is incorrect error" and prevents the
addition of new ACLs.
(This used to be commit 9930cf9733)
2002-01-31 09:37:26 +00:00
Tim Potter
cd68afe312 Removed version number from file header.
Changed "SMB/Netbios" to "SMB/CIFS" in file header.
(This used to be commit 6a58c9bd06)
2002-01-30 06:08:46 +00:00
Simo Sorce
78528b4ec6 freeing the wrong pointer, sorry my mistake.
(This used to be commit ce7e89949a)
2001-12-30 22:55:04 +00:00
Simo Sorce
0608a60390 util_sid.c - respect a const variabile (addedd strdup)
cli_reg.c  - indentation
pdb_ldap.c - some checks on init fns parameters
pdb_tdb.c  - some checks on init fns parameters + make sure we close the db on failure
(This used to be commit 49f5cb7a3d)
2001-12-30 19:21:25 +00:00
Andrew Tridgell
279276c9ca fixed sid_compare_domain()
(This used to be commit c11c27b281)
2001-12-19 08:37:03 +00:00
Jeremy Allison
dccc1ed3f8 Fixup JF's weird SID return :-).
Jeremy
(This used to be commit 7b8fb8d85c)
2001-12-18 19:44:14 +00:00
Andrew Tridgell
e051c2c430 make sid_binstring available without HAVE_ADS
(This used to be commit 4a6d297686)
2001-12-10 00:39:01 +00:00
Jean-François Micouleau
922eb763d7 added a boolean to the group mapping functions to specify if we need or
not the privileges. Usually we don't need them, so the memory is free
early.

lib/util_sid.c: added some helper functions to check an SID.

passdb/passdb.c: renamed local_lookup_rid() to local_lookup_sid() and pass
an RID all the way. If the group doesn't exist on the domain SID,
don't return a faked one as it can collide with a builtin one. Some rpc
structures have been badly designed, they return only rids and force the
client to do subsequent lsa_lookup_sid() on the domain sid and the builtin
sid !

rpc_server/srv_util.c: wrote a new version of get_domain_user_groups().
Only the samr code uses it atm. It uses the group mapping code instead of
a bloody hard coded crap. The netlogon code will use it too, but I have to
do some test first.

	J.F.
(This used to be commit 6c87e96149)
2001-12-04 21:53:47 +00:00
Andrew Tridgell
6f907af4e7 put sid_to_name behind the winbindd backend interface
I spent quite a while trying to work out how to make this call
via ldap and failed. I then found that MS servers seem use rpc
for sid_to_name, and it works even when in native mode, I ended
up just implementing it via rpc
(This used to be commit 789833b44e)
2001-12-03 11:11:14 +00:00
Andrew Tridgell
2285b99cb1 added a basic ADS backend to winbind. More work needed, but at
least basic operations work
(This used to be commit 88241cab98)
2001-12-03 06:04:18 +00:00
Tim Potter
ade911c1c6 Removed totally annoying verbose debug in sid_to_string()
(This used to be commit 4f21ddb873)
2001-11-05 22:57:14 +00:00
Tim Potter
dc1fc3ee8e Removed 'extern int DEBUGLEVEL' as it is now in the smb.h header.
(This used to be commit 2d0922b0ea)
2001-10-02 04:29:50 +00:00
Jeremy Allison
0492effcf3 Ignore unmappable (NT Authority, BUILTIN etc.) SIDs in an ACL set.
Jeremy.
(This used to be commit bc7963bd64)
2001-09-22 06:45:24 +00:00
Andrew Tridgell
527e824293 strchr and strrchr are macros when compiling with optimisation in gcc, so we can't redefine them. damn.
(This used to be commit c41fc06376)
2001-07-04 07:36:09 +00:00
Tim Potter
281629ac06 Added sid_peek_rid() function to return the rid of a sid. Saves mucking
around with copying a sid to a temporary variable and using sid_split_rid().
(This used to be commit 9ee43d61be)
2001-05-10 00:48:06 +00:00
Jeremy Allison
c6e8e75a64 Merging Gerald's PDC SAM name fix.
Jeremy.
(This used to be commit d317998504)
2001-05-03 02:50:11 +00:00
Andrew Tridgell
8d070c60fc - fixed the sort_acl bug, sorting now works right
- don't allow setting of duplicate ACEs
- fixed a ACE delete bug
(This used to be commit 61293979ce)
2001-02-23 07:20:11 +00:00
David O'Neill
27922c0430 Changes from APPLIANCE_HEAD:
source/rpc_parse/parse_lsa.c
        - off by one unistr length bug in init_lsa_trans_name()

    source/lib/util_sid.c
        - resolve more BUILTIN sid values to names.

    source/nsswitch/wb_client.c
        - fix typo in debug message
        - set errno on error so we don't get bogus value from last failure.

    source/rpc_server/srv_spoolss_nt.c
        - add debug to track number of open printer handles for ease of
          tracking handle leaks in the future.

    source/rpc_server/srv_lsa.c
        - fix off-by-one string bug.  This was preventing NT from
          displaying names for well-know SIDs in printer permissions
          dialog.
(This used to be commit 59229b9025)
2001-01-15 18:36:50 +00:00
Jeremy Allison
276364e2a4 Removed the special casing of SIDs in se_access_check. This is now done (correctly)
when the NT_USER_TOKEN is *created*.
Jeremy.
(This used to be commit 27d72ed1cf)
2000-12-12 02:36:14 +00:00
Jeremy Allison
23f78fd7b9 Adding Herb's compile warning fixes to HEAD.
Jeremy.
(This used to be commit d131ad1ce3)
2000-10-04 01:03:23 +00:00
Tim Potter
1ef79dbcab Removed annoying unecessary debug message.
(This used to be commit b1a893b741)
2000-09-28 00:07:19 +00:00
Jeremy Allison
641d9e85ea Added code to do SID to uid/gid conversion. Needed for ACL support.
Jeremy.
(This used to be commit 81c5380f91)
2000-08-23 00:45:40 +00:00
Jeremy Allison
f87399915b Added an NT_USER_TOKEN structure that is copied/passed around associated
with the current user. This will allow se_access_check() to quickly do
a SD check without having to translate uid/gid's to SIDs.
Still needs work on pipe calls.
Jeremy.
(This used to be commit e28d01b744)
2000-08-03 22:38:43 +00:00
Andrew Tridgell
5a98f9cb35 if the sids are not the same pointer and either of the sids are NULL
then the two sids are not equal
(This used to be commit 9ccf3b1dc5)
2000-07-25 20:26:50 +00:00
Tim Potter
084af3c5be Added global_sid_NULL S-1-0-0 to list of global sids.
(This used to be commit f49905e74c)
2000-07-06 06:48:54 +00:00
Jeremy Allison
ec1c58fcc0 lib/util_sid.c: Uninitialized memory read.
rpc_parse/parse_spoolss.c: Added note about prs_align when marshalling a SEC_DESC...
rpc_server/srv_lsa.c: Tim - your changes broke the display of the 'everyone' group
						when doing file access with no winbindd running. This is a partial
						fix - more when I have analysed this more.
rpc_server/srv_spoolss_nt.c: Fix for the 'change driver' problem ! Hurrah !

Jeremy.
(This used to be commit 151b131ee0)
2000-06-24 00:15:08 +00:00
Luke Leighton
1bdbb4e601 added se_access_check.
(This used to be commit 6de329f6bf)
2000-06-08 08:41:28 +00:00
Matthew Chapman
badb7fc0d2 Fixed LsaQueryInformationPolicy level 3 to return primary domain info.
Domain SID is saved in secrets.tdb upon joining domain.

Added "Authenticated Users" and "SYSTEM" well-known SIDs (under
NT Authority).
(This used to be commit 7710b4f48d)
2000-05-29 01:23:48 +00:00
Luke Leighton
54695647ef fixed nttrans.c
(This used to be commit 06cd46b0ec)
2000-05-27 01:56:26 +00:00
Jeremy Allison
e1083ea7df Roll back to using static MACHINE.SID after consultation with Andrew. This
code will be removed soon and a SID auto-generated from (probably) primary
hostname and never stored in a file will replace it.
Jeremy.
(This used to be commit fbfe94a799)
2000-04-12 00:37:08 +00:00
Luke Leighton
fbd17c8daf simple mods to add msrpc pipe redirection. default behaviour: fall back
to using internal msrpc code in smbd.
(This used to be commit 8976e26d46)
2000-01-03 19:19:48 +00:00
Andrew Tridgell
3db52feb1f first pass at updating head branch to be to be the same as the SAMBA_2_0 branch
(This used to be commit 453a822a76)
1999-12-13 13:27:58 +00:00
Luke Leighton
e9b8c7743a default SID map now reads in "trusted domains" from smb.conf.
(This used to be commit f0946d1cca)
1999-12-02 16:31:24 +00:00
Luke Leighton
a56bea383b doing a code reshuffle. want to add code to establish trust relationships.
(This used to be commit 3ec269b402)
1999-11-20 19:43:37 +00:00
Luke Leighton
de573ca891 rewrote rpcclient enumaliases command.
(This used to be commit 492fdaaf20)
1999-11-01 21:09:24 +00:00
Luke Leighton
5612824426 - typecast malloc / Realloc issues.
- signed / unsigned issues.
(This used to be commit c8fd555179)
1999-10-25 19:03:27 +00:00
Luke Leighton
8598bf2a7f reverted jeremy's c++-like security descriptor modifications as the
simplest method to get rpcclient's reggetsec command working.  the
buffers passed as arguments in do_reg_get_key_sec() do need to be
locally allocated not dynamically allocated, as two calls to
reg_get_key_sec() are needed.  on the first, the server fills in the
size of the security descriptor buffer needed.  on the second, the
server fills in the security descriptor buffer.
(This used to be commit b2d9cbef6f)
1999-08-03 20:30:25 +00:00
Luke Leighton
1e71ecdcb2 added jeremy's new c++-like code for parsing of security descriptors.
(This used to be commit ec1b7000fd)
1999-02-23 22:39:54 +00:00
Luke Leighton
137f9c7042 string_to_sid was using next_token() this is bad as it stops you from
being able to use next_token() outside of string_to_sid calls.
use strchr instead
(This used to be commit 1c478ca172)
1998-12-02 16:01:40 +00:00
Luke Leighton
30038de462 weekend work. user / group database API.
- split sam_passwd and smb_passwd into separate higher-order function tables

- renamed struct smb_passwd's "smb_user" to "unix_user".  added "nt_user"
plus user_rid, and added a "wrap" function in both sam_passwd and smb_passwd
password databases to fill in the blank entries that are not obtained
from whatever password database API instance is being used.

NOTE: whenever a struct smb_passwd or struct sam_passwd is used, it MUST
be initialised with pwdb_sam_init() or pwd_smb_init(), see chgpasswd.c
for the only example outside of the password database APIs i could find.

- added query_useraliases code to rpcclient.

- dealt with some nasty interdependencies involving non-smbd programs
and the password database API.  this is still not satisfactorily
resolved completelely, but it's the best i can do for now.

- #ifdef'd out some password database options so that people don't
mistakenly set them unless they recompile to _use_ those options.

lots of debugging done, it's still not finished.  the unix/NT uid/gid
and user-rid/group-rid issues are better, but not perfect.  the "BUILTIN"
domain is still missing: users cannot be added to "BUILTIN" groups yet,
as we only have an "alias" db API and a "group" db API but not "builtin-alias"
db API...
(This used to be commit 5d5d7e4de7)
1998-11-29 20:03:33 +00:00
Jeremy Allison
bfc38ff872 Makefile.in: Added maintainer mode fixes.
aclocal.m4: Added AC_LIBTESTFUNC.
configure.in: Fixed -lsecurity -lsec problems.
client.c: dos_ fixes.
groupdb/aliasunix.c: Dead code removal.
include/includes.h: Added default PRINTCAP_NAME.
lib/genrand.c: dos_ fixes.
lib/replace.c: Added strtoul.
lib/system.c: dos_ fixes.
lib/util.c: dos_ fixes.
lib/util_sid.c: Signed/unsigned fixes.
lib/util_str.c: removed bad const.
locking/locking_slow.c: dos_ fixes.
printing/printing.c: dos_ fixes.
rpc_server/srv_samr.c: Dead code removal.
rpc_server/srv_sid.c: global_myworkgroup defined with wrong size AGAIN !
smbd/dir.c: dos_ fixes.
smbd/open.c: dos_ fixes.
smbd/oplock.c: dos_ fixes.
smbd/reply.c smbd/server.c smbd/service.c smbd/uid.c: dos_ fixes.

Jeremy.
(This used to be commit 6acb4b68f6)
1998-11-25 21:17:20 +00:00
Luke Leighton
ced486c841 sorting out difference between aliases and groups in the cases where
unix groups are not explicitly mapped.

i.e as a PDC or BDC you can have domain groups, as a member of a domain
you cannot.

as a member of a domain, unmapped unix groups are assumed to be aliases,
and as a PDC or BDC, unmapped unix groups are assumed to be unix groups.

there is _one_ other check needed with aliases to be added: unmapped unix
groups that have the same name as an NT group on the PDC (for which i will
need to write an LsaLookupNames call) should be assumed to be domain groups
on the PDC.
(This used to be commit 53b49b44e1)
1998-11-24 16:47:49 +00:00