1
0
mirror of https://github.com/samba-team/samba.git synced 2024-12-27 03:21:53 +03:00
Commit Graph

34 Commits

Author SHA1 Message Date
Andrew Bartlett
266ec4aac0 Merge doxygen, signed/unsigned, const and other small fixes from HEAD to 3.0.
Andrew Bartlett
(This used to be commit 9ef0d40c3f)
2003-02-24 03:09:08 +00:00
Simo Sorce
d12baf7bf7 port sec_desc headers reordering from HEAD.
Thanks to Andrew Brtlet for the diff :-)
(This used to be commit cf67981e73)
2002-11-02 12:53:13 +00:00
Gerald Carter
f2d1f19a66 syncing up with HEAD. Seems to be a lot of differences creeping in
(i ignored the new SAMBA stuff, but the rest of this looks like it should
have been merged already).
(This used to be commit 3de09e5cf1)
2002-10-01 18:26:00 +00:00
Gerald Carter
a834a73e34 sync'ing up for 3.0alpha20 release
(This used to be commit 65e7b5273b)
2002-09-25 15:19:00 +00:00
Andrew Tridgell
e90b652848 updated the 3.0 branch from the head branch - ready for alpha18
(This used to be commit 03ac082dcb)
2002-07-15 10:35:28 +00:00
Tim Potter
ab13654dc9 Renamed get_nt_error_msg() to nt_errstr().
(This used to be commit 1f007d3ed4)
2002-03-17 04:36:35 +00:00
Gerald Carter
65c007b583 syncing up printing code with SAMBA_2_2 (already done some merges
in the reverse).

  * add in new printer change notify code from SAMBA_2_2

  * add in se_map_standard() from 2.2 in _spoolss_open_printer_ex()

  * sync up the _print_queue_struct in smb.h (why did someone change the
    user/file names in fs_user/fs_file (or vice-versa) ? )

  * sync up some cli_spoolss_XXX functions
(This used to be commit 5760315c1d)
2002-03-15 08:14:10 +00:00
Tim Potter
cd68afe312 Removed version number from file header.
Changed "SMB/Netbios" to "SMB/CIFS" in file header.
(This used to be commit 6a58c9bd06)
2002-01-30 06:08:46 +00:00
Jean-François Micouleau
a081ad3dae tidy up debug
J.F.
(This used to be commit c44f4e9e33)
2001-12-17 22:57:06 +00:00
Tim Potter
6d9adfe73c Renamed sid field in SEC_ACE to trustee to be more in line with MS's
definitions.
(This used to be commit 9712d3f15a)
2001-11-30 01:04:15 +00:00
Jeremy Allison
e74c51dfeb I *love* removing code :-). Removed 4 files that weren't being used.
All this stuff was being pulled in due to *one* unneeded call to
fetch a domain SID which smbpasswd already puts in the database...
Jeremy.
(This used to be commit 6bf2505cce)
2001-11-16 18:32:32 +00:00
Tim Potter
dc1fc3ee8e Removed 'extern int DEBUGLEVEL' as it is now in the smb.h header.
(This used to be commit 2d0922b0ea)
2001-10-02 04:29:50 +00:00
Jeremy Allison
0f4281b9b4 Added Elrond patch to make se_access_check use NT datastructures, not Samba.
Jeremy.
(This used to be commit bca6419447)
2001-09-26 00:05:03 +00:00
Andrew Tridgell
b031af348c converted another bunch of stuff to NTSTATUS
(This used to be commit 1d36250e33)
2001-08-27 19:46:22 +00:00
Andrew Tridgell
ee5f7237de started converting NTSTATUS to be a structure on systems with gcc in order to make it type incompatible with BOOL so we catch errors sooner. This has already found a number of bugs
(This used to be commit 1b778bc7d2)
2001-08-27 17:52:23 +00:00
Jeremy Allison
c08fc869ce Don't use variables called "acl" as it's the name of a function in Solaris.
Jeremy.
(This used to be commit 277eb517e2)
2001-04-27 21:20:20 +00:00
Jeremy Allison
0f2799aaf1 Move to talloc control of SPOOL_XXX structs. Move to talloc control of
security descriptors and pointers. Syncup with 2.2 tree.
Jeremy.
(This used to be commit 14d5997dc8)
2001-02-28 00:51:02 +00:00
David O'Neill
a4c22506ef Changes from APPLIANCE_HEAD:
source/lib/util_seaccess.c
        - added se_create_child_secdesc() function  which takes a parent
          (container) security descriptor and creates a security descriptor
          which has the inheritance flags for each ACE applied.  In NT a
          print job is a child object of a printer so deleting and
          pausing/resuming jobs requires a check against the child security
          descriptor, not the parent.  The values seen in NT printer
          security descriptors now all fit together in a natural and
          elegant way which is always nice.
        - Removed #ifdef'ed out portion of check_ace() when the
          INHERIT_ONLY flag is set as the se_create_child_secdesc()
          function now creates a security descriptor which can be used
          without this hack.
(This used to be commit f125b9a944)
2001-01-19 16:56:58 +00:00
David O'Neill
23807f2b30 Changes from APPLIANCE_HEAD:
source/Makefile.in
        - changes to ctags and etags rules that somehow got lost along the way.

    source/include/proto.h
        - make proto

    source/smbd/sec_ctx.c
    source/smbd/password.c
        - merge debugs for debugging user groups and NT token stuff.

    source/lib/util_str.c
        - capitalise domain name returned from parse_domain_user()

    source/nsswitch/wb_client.c
        - fix broken conditional in debug statement.

    source/include/rpc_secdes.h
    source/include/rpc_spoolss.h
    source/printing/nt_printing.c
    source/lib/util_seaccess.c
        - fix printer permission bugs related to ACE masks for printers.
          This adds mapping of generic access rights to object specific
          rights for NT printers.  Still need to work out whether or not to
          ignore ACEs with certain flags set, though. See comments in
          util_seaccess.c:check_ace() for details.

    source/printing/nt_printing.c
    source/printing/printing.c
        - use PRINTER_ACCESS_ADMINISTER instead of JOB_ACCESS_ADMINISTER
          until we sort out printer/printjob permission stuff.
(This used to be commit 1dba9c5cd1)
2001-01-04 19:27:08 +00:00
Jeremy Allison
276364e2a4 Removed the special casing of SIDs in se_access_check. This is now done (correctly)
when the NT_USER_TOKEN is *created*.
Jeremy.
(This used to be commit 27d72ed1cf)
2000-12-12 02:36:14 +00:00
Jeremy Allison
57fcae402b Owner always has READ_CONTROL and WRITE_DAC access.
Jeremy.
(This used to be commit 05fcb124df)
2000-12-12 00:42:55 +00:00
Jeremy Allison
1e823bc781 Tidied up security rights definitions.
Jeremy.
(This used to be commit e466c863f5)
2000-08-10 19:51:45 +00:00
Jeremy Allison
1e46bde597 Removed requirement that sid have an owner before being interpreted.
Thanks to Elrond for pointing this out.
Jeremy.
(This used to be commit 1d9a5494f8)
2000-08-10 17:48:15 +00:00
Jeremy Allison
e3048cfc0b Fixed memory leak with NT tokens.
Added debug messages to se_access_check().
Added FULL_ACCESS acl to default acl on printers.
Jeremy.
(This used to be commit 7507f6f408)
2000-08-09 18:40:48 +00:00
Jeremy Allison
b4d1e192cd Added SID "Everyone" S-1-1-0 as always matching if present in an ACE.
Jeremy.
(This used to be commit b3a1038ac1)
2000-08-08 21:51:22 +00:00
Jeremy Allison
0cabe327ef Changed the sec desc access checks to match the spec. Needs testing.
Jeremy.
(This used to be commit 5a4a7cd472)
2000-08-08 19:34:34 +00:00
Jeremy Allison
b3b512264d Fixed up se_access_check() to use the token list from the user struct
as the SID list. Now to go through and tidy up the algorithm.
Jeremy.
(This used to be commit 1f7300df67)
2000-08-04 19:56:58 +00:00
Jeremy Allison
17dcd9a834 Started to canonicalize our handling of uid -> sid code in order to
get ready and fix se_access_check().
Added cannonical lookup_name(), lookup_sid(), uid_to_sid(), gid_to_sid()
functions that look via winbind first the fall back on local lookup.

All Samba should use these rather than trying to call winbindd code
directly.

Added NT_USER_TOKEN struct in user_struct, contains list of NT sids
associated with this user.

se_access_check() should use this (cached) value rather than attempting
to do the same thing itself when given a uid/gid pair.

More work needs to be done to preserve these things accross security
context changes (especially with the tricky pipe problem) but I'm
beginning to see how this will be done..... probably by registering
a new vuid for an authenticated RPC pipe and not treating the
pipe calls specially.

More thoughts needed - but we're almost there...

Jeremy.
(This used to be commit 5e5cc6efe2)
2000-08-02 02:11:55 +00:00
Tim Potter
c9dc68746b Added some debugs.
Changed interface to se_access_check to take a user struct instead of each
bit as a separate parameter.
(This used to be commit ff7938310d)
2000-07-17 02:36:19 +00:00
Tim Potter
b561c18597 Fixes for various compile warnings on Solaris 8.
(This used to be commit 898a483cda)
2000-07-10 06:41:04 +00:00
Tim Potter
64299375b5 Moved winbind client functions from various odd locations to
nsswitch/wb_client.c

Merge of nsswitch/common.c rename to nsswitch/wb_common.c from TNG.
(This used to be commit f866c18f6b)
2000-07-10 05:40:43 +00:00
Tim Potter
8c0bb0c241 Added some useful debugging stuff.
Fixes for se_access_check() when you are the owner of the object.
(This used to be commit 1478198b70)
2000-07-10 04:54:09 +00:00
Tim Potter
cfc7266a7b Rewrite of se_access_check() function. Added comments and fixed a bunch of
bugs.  I think there is a problem though with the permissions granted when
SEC_RIGHTS_MAXIMUM_ALLOWED is passed as the permissions requested.
(This used to be commit 27d821913c)
2000-07-06 06:57:22 +00:00
Luke Leighton
1bdbb4e601 added se_access_check.
(This used to be commit 6de329f6bf)
2000-06-08 08:41:28 +00:00