1
0
mirror of https://github.com/samba-team/samba.git synced 2025-01-19 10:03:58 +03:00

105 Commits

Author SHA1 Message Date
Jelmer Vernooij
4db7642caa r18745: Use the Samba4 data structures for security descriptors and security descriptor
buffers.

Make security access masks simply a uint32 rather than a structure
with a uint32 in it.
(This used to be commit b41c52b9db5fc4a553b20a7a5a051a4afced9366)
2007-10-10 12:00:54 -05:00
Gerald Carter
2b27c93a9a r18271: Big change:
* autogenerate lsa ndr code
* rename 'enum SID_NAME_USE' to 'enum lsa_SidType'
* merge a log more security descriptor functions from
  gen_ndr/ndr_security.c in SAMBA_4_0

The most embarassing thing is the "#define strlen_m strlen"
We need a real implementation in SAMBA_3_0 which I'll work on
after this code is in.
(This used to be commit 3da9f80c28b1e75ef6d46d38fbb81ade6b9fa951)
2007-10-10 11:51:18 -05:00
Jeremy Allison
2b8abc030b r16644: Fix bug reported by jason@ncac.gwu.edu
by converting the lookup_XX functions to correctly
return SID_NAME_TYPE enums.
Jeremy.
(This used to be commit ee2b2d96b60c668e37592c79e86c2fd851e15f69)
2007-10-10 11:19:05 -05:00
Volker Lendecke
3c34f6085a r16409: Fix Klocwork ID's.
1177

In reg_perfcount.c: 1200 1202 1203 1204
In regfio.c: 1243 1245 1246 1247 1251

Jerry, the reg_perfcount and regfio.c ones, can you take a look please? This
is really your code, and I'm not sure I did the right thing to return an
error.

smbcacls.c: 1377
srv_eventlog_nt.c: 1415 1416 1417
srv_lsa_nt.c: 1420 1421
srv_netlog_nt.c: 1429
srv_samr_nt: 1458 1459 1460

Volker

Volker
(This used to be commit d6547d12b1c9f9454876665a5bdb010f46b9f5ff)
2007-10-10 11:18:52 -05:00
Jim McDonough
e0793b1b28 r14278: Remainder of fix for Coverity #79,80,81: only allow GROUP or OWNER to be
specified once in an ACL, so it can be allocated a second time,
overwriting the first
(This used to be commit 1804a8a01ebf3353574a2c5b26a1746b34715737)
2007-10-10 11:15:22 -05:00
Jim McDonough
30e751c56b r14272: Fix Coverity # 81: free alloc'ed storage before returning
(This used to be commit 1899d8ea283845141b24d91d230248009744fe1a)
2007-10-10 11:15:22 -05:00
Gerald Carter
0af1500fc0 r13316: Let the carnage begin....
Sync with trunk as off r13315
(This used to be commit 17e63ac4ed8325c0d44fe62b2442449f3298559f)
2007-10-10 11:06:23 -05:00
Derrell Lipman
9c15bd311d r13212: r12414@cabra: derrell | 2006-01-28 17:52:17 -0500
lp_load() could not be called multiple times to modify parameter settings based
 on reading from multiple configuration settings.  Each time, it initialized all
 of the settings back to their defaults before reading the specified
 configuration file.

 This patch adds a parameter to lp_load() specifying whether the settings should
 be initialized.  It does, however, still force the settings to be initialized
 the first time, even if the request was to not initialize them.  (Not doing so
 could wreak havoc due to uninitialized values.)
(This used to be commit f2a24de769d1b2266e576597c57a8e3b1e2a2b51)
2007-10-10 11:06:18 -05:00
Jeremy Allison
c8f28c92a7 r12555: Fix more load_case_table swegfaults. Arggg.
What I'd give for a global constructor...
Jeremy.
(This used to be commit c970d7d0a5ba225465dfb0980989b8817b17c643)
2007-10-10 11:05:59 -05:00
Jeremy Allison
3a1623c940 r11506: Added description of ACL in usage message.
Jeremy.
(This used to be commit 7795fce24e1e6dfe55360bb62617b922973f5f95)
2007-10-10 11:05:18 -05:00
Jeremy Allison
446463e910 r11482: Arrg. Can't believe this code was in this state. If you
don't initialize the mask then setting "special" access
gets set to *random* permissions !
Jeremy.
(This used to be commit f1616911a858886da0a635a2f9b95d471215e84c)
2007-10-10 11:05:18 -05:00
Jeremy Allison
af3b6bec1f r11464: Allow smbcacls to modify a SD on W2K3. This may fix several
bugzilla bugs - I need to go through and check. I also
need to test against WNT/W2K and WXP.
Jeremy.
(This used to be commit 881dd7dbf6de0e11a3703afd2a1ba286ff0d62ad)
2007-10-10 11:05:18 -05:00
Jeremy Allison
a306447aa4 r11460: Improve error messages in parsing security descriptors.
Jeremy.
(This used to be commit 385f128de716b62bdfc82627a403fe6dd69bd39d)
2007-10-10 11:05:17 -05:00
Gerald Carter
54abd2aa66 r10656: BIG merge from trunk. Features not copied over
* \PIPE\unixinfo
* winbindd's {group,alias}membership new functions
* winbindd's lookupsids() functionality
* swat (trunk changes to be reverted as per discussion with Deryck)
(This used to be commit 939c3cb5d78e3a2236209b296aa8aba8bdce32d3)
2007-10-10 11:04:48 -05:00
Jeremy Allison
19ca97a70f r7882: Looks like a large patch - but what it actually does is make Samba
safe for using our headers and linking with C++ modules. Stops us
from using C++ reserved keywords in our code.
Jeremy
(This used to be commit 9506b8e145982b1160a2f0aee5c9b7a54980940a)
2007-10-10 10:58:00 -05:00
Jeremy Allison
acf9d61421 r4088: Get medieval on our ass about malloc.... :-). Take control of all our allocation
functions so we can funnel through some well known functions. Should help greatly with
malloc checking.
HEAD patch to follow.
Jeremy.
(This used to be commit 620f2e608f70ba92f032720c031283d295c5c06a)
2007-10-10 10:53:32 -05:00
Günther Deschner
76a1bcd655 r3918: Allow to set OWNER- and GROUP-entries while setting security descriptors
with smbcacls and using with the -S or -M switch. Fixes  and .

Guenther
(This used to be commit 13d32519e3806d7c080a0ac3c5ba196868ed2581)
2007-10-10 10:53:24 -05:00
Volker Lendecke
84b2403241 r3846: Typo fix. Bug 2055. Lars, I'm available on irc.... :-)
Volker
(This used to be commit 78ab68367d437cd5f84d46ac96fcaf9ebb3305b8)
2007-10-10 10:53:20 -05:00
Stefan Metzmacher
fe69a5e28d r2348: fix segmention faults
in smbcquotas and smbcacls caused by setup_logging() (-r 1425)

metze
(This used to be commit 39f3f76ea2097c10799f0bef8717d3ac71cacaa8)
2007-10-10 10:52:40 -05:00
Herb Lewis
8018892b3c r1103: need to leave empty dacl so we can remove last ACE
(This used to be commit d8a545368c8111fddcfdd423c4d6fcbab65e96d6)
2007-10-10 10:51:55 -05:00
Jeremy Allison
0551426657 Ensure that dup_sec_desc copies the 'type' field correctly. This caused
me to expose a type arguement to make_sec_desc(). We weren't copying
the SE_DESC_DACL_AUTO_INHERITED flag which could cause errors on
auto inherited checks.
Jeremy.
(This used to be commit 28b315a7501f42928d73efaa75f74146ba95cf2d)
2003-09-19 21:57:43 +00:00
Tim Potter
0869073b7b Fix bug 342. Short version of --add now -a instead of -A.
(This used to be commit 233568dd6b08d3dfb48a712b763dfc31c03b229d)
2003-09-01 10:43:21 +00:00
Jeremy Allison
29ca70cd34 Add a command line option (-S on|off|required) to enable signing on client
connections. Overrides smb.conf parameter if set.
Jeremy.
(This used to be commit 879309671df6b530e0bff69559422a417da4a307)
2003-07-30 23:49:29 +00:00
Jeremy Allison
98689251bb Fixes from Martin Dorey <mdorey@bluearc.com> to only ask for and change
the requested parts of the ACL.
Jeremy.
(This used to be commit c35a88201c619f0ebbaf38adbd0ec2af77e23981)
2003-06-24 01:09:36 +00:00
Jelmer Vernooij
0914e541f5 Reverse previous patch from Stefan and me after comments by Andrew Bartlett
(This used to be commit d817eaf0ecca2d878ab1ffcf7a747a02d71c811e)
2003-05-10 11:49:51 +00:00
Jelmer Vernooij
c507ebe567 Patch from metze and me that adds dummy smb_register_*() functions so
that is now possible to, for example, load a module which contains
an auth method into a binary without the auth/ subsystem built in.
(This used to be commit 74d9ecfe2dd7364643d32acb62ade957bd71cd0d)
2003-05-10 10:53:48 +00:00
Tim Potter
5f82e261c6 Merge:
- Jelmer's latest popt changes
(This used to be commit 6a54d9a0a77c71664dc6cdbed1adf492c28c0cce)
2003-04-14 03:59:04 +00:00
Jelmer Vernooij
427fb4a281 Use fprintf(f, ...) instead of plain printf() - patch by Ronan Waide
(This used to be commit 890cc17c41b3940dcb7d4c2a52ab292bca7d18be)
2003-04-09 14:34:53 +00:00
Andrew Bartlett
d5ee9b2f48 Jeremy merged across my string parinoia fixes, but forgot to enable them! :-)
This patch catches up on the rest of the work - as much string checking
as is possible is done at compile time, and the rest at runtime.

Lots of code converted to pstrcpy() etc, and other code reworked to correctly
call sizeof().

Andrew Bartlett
(This used to be commit c5b604e2ee67d74241ae2fa07ae904647d35a2be)
2003-03-18 11:22:52 +00:00
Andrew Bartlett
27b7e51a3c Merge from HEAD:
- fstring/pstring mixups
 - the detection code that found them (disabled)
 - a bit of whitespace
 - a static

Andrew Bartlett
(This used to be commit 9b70fa868e7d9481f584c83fc4046174e1dedfd9)
2003-01-14 08:53:59 +00:00
Andrew Bartlett
634c54310c Merge from HEAD - make Samba compile with -Wwrite-strings without additional
warnings.  (Adds a lot of const).

Andrew Bartlett
(This used to be commit 3a7458f9472432ef12c43008414925fd1ce8ea0c)
2003-01-03 08:28:12 +00:00
Jeremy Allison
ef8bd7c4f7 Forward port the change to talloc_init() to make all talloc contexts
named. Ensure we can query them.
Jeremy.
(This used to be commit 09a218a9f6fb0bd922940467bf8500eb4f1bcf84)
2002-12-20 20:21:31 +00:00
Tim Potter
8e5c9b0431 Merge from HEAD:
>Fix fnum leak under error condition in cacl_dump.
(This used to be commit cd11f10e841fd53538164f283dc81232ff36638a)
2002-12-20 01:35:21 +00:00
Jeremy Allison
2f194322d4 Removed global_myworkgroup, global_myname, global_myscope. Added liberal
dashes of const. This is a rather large check-in, some things may break.
It does compile though :-).
Jeremy.
(This used to be commit f755711df8f74f9b8e8c1a2b0d07d02a931eeb89)
2002-11-12 23:20:50 +00:00
Jeremy Allison
c53eb2ed54 Added new error codes. Fix up connection code to retry in the same way
that app-head does.
Jeremy.
(This used to be commit ec7953f20145799f6286a295472df4826bfdfb8f)
2002-10-17 17:10:24 +00:00
Gerald Carter
36ef82a529 merge of new client side support the Win2k LSARPC UUID in rpcbind
from APP_HEAD
(This used to be commit 1cfd2ee433305e91e87804dd55d10e025d30a69e)
2002-10-04 04:10:23 +00:00
Jelmer Vernooij
f0255b38bc sync 3.0 branch with HEAD
(This used to be commit 1b83b78e332b9d28914eff155530e81cf2073a58)
2002-08-17 14:45:04 +00:00
Andrew Tridgell
e90b652848 updated the 3.0 branch from the head branch - ready for alpha18
(This used to be commit 03ac082dcb375b6f3ca3d810a6a6367542bc23ce)
2002-07-15 10:35:28 +00:00
Tim Potter
d9cfe0f3eb Merge of lsa lookup names/sids patch from HEAD.
(This used to be commit e57c162897d4a7e66bb87091d179ac138f751c64)
2002-04-15 05:02:22 +00:00
Tim Potter
562f73d581 int -> uint32 fixes from andreas
(This used to be commit 84c811ca57f7e1b7d9ee498d95b3b21bea47eb5e)
2002-02-16 19:46:42 +00:00
Tim Potter
cd68afe312 Removed version number from file header.
Changed "SMB/Netbios" to "SMB/CIFS" in file header.
(This used to be commit 6a58c9bd06d0d7502a24bf5ce5a2faf0a146edfa)
2002-01-30 06:08:46 +00:00
Andrew Bartlett
ba8c1c6e45 Back out some of the less well thought out ideas from last weeks work on
winbind default domains, particulary now I understand whats going on a lot
better.  This ensures that the RPC client code does as little 'magic' as
possible - this is up to the application/user.  (Where - for to name->sid code
- it was all along).  This leaves the change that allows the sid->name code to
return domains and usernames in seperate paramaters.

Andrew Bartlett
(This used to be commit 5dfba2cf536f761b0aee314ed9e30dc53900b691)
2002-01-26 11:48:42 +00:00
Andrew Bartlett
93a8358910 This patch makes the 'winbind use default domain' code interact better with
smbd, and also makes it much cleaner inside winbindd.

It is mostly my code, with a few changes and testing performed by Alexander
Bokovoy <a.bokovoy@sam-solutions.net>.  ab has tested it in security=domain and
security=ads, but more testing is always appricatiated.

The idea is that we no longer cart around a 'domain\user' string, we keep them
seperate until the last moment - when we push that string into a pwent on onto
the socket.

This removes the need to be constantly parsing that string - the domain prefix
is almost always already provided, (only a couple of functions actually changed
arguments in all this).

Some consequential changes to the RPC client code, to stop it concatonating the
two strings (it now passes them both back as params).

I havn't changed the cache code, however the usernames will no longer have a
double domain prefix in the key string.  The actual structures are unchanged
 - but the meaning of 'username' in the 'rid' will have changed.  (The cache is
invalidated at startup, so on-disk formats are not an issue here).

Andrew Bartlett
(This used to be commit e870f0e727952aeb8599cf93ad2650ae56eca033)
2002-01-20 01:24:59 +00:00
Jeremy Allison
dccc1ed3f8 Fixup JF's weird SID return :-).
Jeremy
(This used to be commit 7b8fb8d85c406b8755f60cf14dc2377bc59eda53)
2001-12-18 19:44:14 +00:00
Tim Potter
6d9adfe73c Renamed sid field in SEC_ACE to trustee to be more in line with MS's
definitions.
(This used to be commit 9712d3f15a47155f558d0034ef71fd06afb11301)
2001-11-30 01:04:15 +00:00
Andrew Tridgell
eec9e8a052 fix a bunch of places where we can double-free a cli structure
(This used to be commit e2ba2383c9f679c076749a8f4fccefc3559e37ec)
2001-11-28 03:56:30 +00:00
Tim Potter
585d0efbc6 Got medieval on another pointless extern. Removed extern struct ipzero
and replaced with two functions:

	void zero_ip(struct in_adder *ip);
	BOOL is_zero_ip(struct in_addr ip);
(This used to be commit 778f5f77a66cda76348a7c6f64cd63afe2bfe077)
2001-11-26 03:11:44 +00:00
Tim Potter
79b34d1b11 Removed TimeInit() call from every client program (except for one place
in smbd/process.c where the timezone is reinitialised.  Was replaced with
check for a static is_initialised boolean.
(This used to be commit 8fc772c9e5770cd3a8857670214dcff033ebae32)
2001-11-23 00:52:29 +00:00
Martin Pool
f741f65673 Store some path names in global variables initialized to configure
default, rather than in preprocessor macros.
(This used to be commit 79ec88f0da40faebe1e587f1b3e87b5f2b184f58)
2001-11-19 02:49:53 +00:00
Simo Sorce
c0ef0e113e move to SAFE_FREE()
(This used to be commit 67db8f03c5c9e81e11b5f3276b50ee23e09a2659)
2001-09-17 11:48:29 +00:00