Gerald Carter [Tue, 25 Jan 2005 23:33:18 +0000 (23:33 +0000)]
r4996: sync up copytights with trunk
(This used to be commit
8946efe102f7a8a9b5a8059a80666b782159e7b8)
Gerald Carter [Tue, 25 Jan 2005 23:32:19 +0000 (23:32 +0000)]
r4995: fail set_privileges() if 'enable privileges = no' to prevent confused admins who never read what I write :-)
(This used to be commit
1d7a636e0e7f8a0bc3d3ae04b40f79db7f08d619)
Günther Deschner [Tue, 25 Jan 2005 23:30:05 +0000 (23:30 +0000)]
r4994: Patch from abartlet:
When migrating account policies to ldapsam, handle the fact that an
admin might have changed the default location of the sambaDomain-object
after installation.
Guenther
(This used to be commit
78c3c7127444b8f9959f4d6ce9e540271869d70f)
Günther Deschner [Tue, 25 Jan 2005 20:36:24 +0000 (20:36 +0000)]
r4989: Display failed LDAP-server-uri.
Guenther
(This used to be commit
d433c7b476005064b9cfd339bbd8a25b40de59c1)
Günther Deschner [Tue, 25 Jan 2005 19:56:01 +0000 (19:56 +0000)]
r4988: After speaking with Jerry, remove old lp_admin_users to
administrator-sid mapping completely.
Guenther
(This used to be commit
4cbe37ecd544b01c57c7fce5b3be28669f4ba6c3)
Andrew Bartlett [Tue, 25 Jan 2005 02:58:31 +0000 (02:58 +0000)]
r4976: Try to scare people off from trying to write authentication modules
that only acheive as much as 'security=server' does.
Andrew Bartlett
(This used to be commit
fb694f2b1a809d221f48f9b9b0e54e9512325bae)
Günther Deschner [Tue, 25 Jan 2005 01:19:02 +0000 (01:19 +0000)]
r4972: Fix a warning and some debugging-outputs.
Guenther
(This used to be commit
1eabfa050b661168b42892c2d841c7891e59cf5f)
Jeremy Allison [Mon, 24 Jan 2005 20:21:15 +0000 (20:21 +0000)]
r4970: Fix for bug 2092, allowing fallback after kerberos and allow
gnome vfs to prevent auto-anonymous logon.
Jeremy.
(This used to be commit
843e85bcd978d025964c4d45d9a3886c7cf7f63c)
Volker Lendecke [Mon, 24 Jan 2005 19:33:20 +0000 (19:33 +0000)]
r4967: Not being in any domain local groups is obviously valid...
Volker
(This used to be commit
78975ab9a996ac61be37410f18ddedb9df58d04b)
Gerald Carter [Mon, 24 Jan 2005 18:42:33 +0000 (18:42 +0000)]
r4966: don't enumerate the drivers for the same architecture string more than once
(This used to be commit
c488ce9934aaf640c3f63cbdabc3110b8cf70fae)
Gerald Carter [Mon, 24 Jan 2005 17:42:19 +0000 (17:42 +0000)]
r4965: comment out some unused attributes and oc's
(This used to be commit
d95c9c4d74ea2fb7e5aac4a58888ab6fbc571dfb)
Günther Deschner [Mon, 24 Jan 2005 17:29:12 +0000 (17:29 +0000)]
r4964: Fix our lsa lookupsid $OURDOMAINSID-500.
Give the admin-user (rid 500) a chance to be found in passdb, not
returning the (possibly obscure) first entry of "admin users" before
that.
Guenther
(This used to be commit
d319c0e189bc67a4552dafaff80113603b551eb3)
Günther Deschner [Mon, 24 Jan 2005 16:30:46 +0000 (16:30 +0000)]
r4963: It is actually a very bad idea to use KRB5_CONFIG in the
configure-checks (At least Heimdal uses KRB5_CONFIG for locating it's
configuration-file (usually /etc/krb5.conf)). Renaming it to KRB5CONFIG
prevents configure-checks that use heimdal-libs from segfaulting while
the lib reads the krb5-config binary as a configuration file...
Vendors that used the KRB5_CONFIG-variable to let configure find a
custom krb5-config binary have to use KRB5CONFIG now.
Guenther
(This used to be commit
95edb3c67f330afd8dbb8268f3f8ecaf1732c238)
Volker Lendecke [Sun, 23 Jan 2005 14:10:57 +0000 (14:10 +0000)]
r4946: Our notion the other_sids in the info3 SamLogon struct was
...hmmm... completely bogus. This does not affect us as a domain controller,
as we never set other_sids, but I have *no* idea how winbind got away with it.
Please review thoroughly, samba4 idl looks closer to reality here.
Test case: Member of w2k3 domain, authenticate as a user who is member of one
or more domain local groups. Easiest review with 'client schannel = no'.
Thanks,
Volker
(This used to be commit
a0a6388830d9457de3e42686c64bddeba42954f8)
Volker Lendecke [Sat, 22 Jan 2005 17:12:19 +0000 (17:12 +0000)]
r4933: List not only the first 10 trusts with rpcclient -c enumtrust.
Volker
(This used to be commit
9ca6cfcf1e4a905d47429a6dc18e2bd7ad5fe1e3)
Günther Deschner [Sat, 22 Jan 2005 12:02:13 +0000 (12:02 +0000)]
r4932: Forgot to increase version with the account-policy-commit.
Guenther
(This used to be commit
42e380303ddce890f313c221a766dc1e1ee972fb)
Günther Deschner [Sat, 22 Jan 2005 11:26:13 +0000 (11:26 +0000)]
r4931: Add get_user_info_7 in SAMR. This just gives out the username. (In
preparation of adding the ability of renaming users via setuserinfo
level 7).
Guenther
(This used to be commit
6f34ed6c203fa11182640da97581075612d26c0e)
Günther Deschner [Sat, 22 Jan 2005 04:09:21 +0000 (04:09 +0000)]
r4926: Use LDAP_SCOPE_ONELEVEL instead of OpenLDAP's LDAP_SCOPE_ONE-scope.
Guenther
(This used to be commit
eee0bd806b4fd4558f9c48c09f7e85274e2b807f)
Günther Deschner [Sat, 22 Jan 2005 03:37:09 +0000 (03:37 +0000)]
r4925: Migrate Account Policies to passdb (esp. replicating ldapsam).
Does automated migration from account_policy.tdb v1 and v2 and offers a
pdbedit-Migration interface. Jerry, please feel free to revert that if
you have other plans.
Guenther
(This used to be commit
75af83dfcd8ef365b4b1180453060ae5176389f5)
Jeremy Allison [Sat, 22 Jan 2005 01:38:42 +0000 (01:38 +0000)]
Jeremy Allison [Sat, 22 Jan 2005 01:22:39 +0000 (01:22 +0000)]
r4917: Merge some of Derrell.Lipman@UnwiredUniverse.com obvious fixes.
Added text explaining units in pdbedit time fields.
Jeremy.
(This used to be commit
3d09c15d8f06ad06fae362291a6c986f7b6107e6)
Gerald Carter [Fri, 21 Jan 2005 23:06:27 +0000 (23:06 +0000)]
r4913: fixing 'perl requires' filters for RPM packaging on RedHat/Fedora
(This used to be commit
6b38a3923c403562c26642f24477c607a4295878)
Gerald Carter [Fri, 21 Jan 2005 19:09:51 +0000 (19:09 +0000)]
r4907: remove unreached code
(This used to be commit
15fd4a05ec2439f41591ee8a1c30021d9a34371b)
Gerald Carter [Fri, 21 Jan 2005 19:08:17 +0000 (19:08 +0000)]
r4905: patch from abartlet to remove storing the auth-user credentials from the cli* in cm_prepare_connection(). using credentials from a domain other thanour primary domain will cause the schannel setup to fail
(This used to be commit
a13e29b5f2f1e48225b5b5964bc0777948f16622)
Gerald Carter [Fri, 21 Jan 2005 18:14:31 +0000 (18:14 +0000)]
r4902: please note that cupsDoRequest() deletes the request* so don't call ippDelete(request) *ever*
(This used to be commit
f65598b3b0dc99900d547eb67473cca5d371614f)
Jeremy Allison [Fri, 21 Jan 2005 01:42:45 +0000 (01:42 +0000)]
r4882: Fix for #2255. Debug should have been 10 not 0.
Jeremy.
(This used to be commit
5557e1409a9a22759ca3bea021d4a662099e683a)
Jeremy Allison [Fri, 21 Jan 2005 00:29:38 +0000 (00:29 +0000)]
r4881: Varient of Lar's patch for #2270. Jerry promises to test :-).
Jeremy.
(This used to be commit
2afe2a16c92bb2500854b8e288c1d7704ede704a)
Jeremy Allison [Thu, 20 Jan 2005 22:42:08 +0000 (22:42 +0000)]
r4879: Fix rewinddir -> rewind_dir. Noticed by James Peach.
Jeremy
(This used to be commit
79f54d12759f9161dc5837a090391cd0cf6471f5)
Günther Deschner [Thu, 20 Jan 2005 21:42:05 +0000 (21:42 +0000)]
r4877: When vampiring account policy AP_LOCK_ACCOUNT_DURATION honour "Lockout
Duration: Forever".
Guenther
(This used to be commit
aecacf4d9cc5e2aa69b358292b9d591ade696500)
Jeremy Allison [Thu, 20 Jan 2005 18:31:11 +0000 (18:31 +0000)]
r4875: Fix for bugid #221, inspired by Mrinal Kalakrishnan <mail@mrinal.net>.
NT sometimes send garbage bytes in NT security descriptor linearizations
when sending well-known sids. Cope with these.
Jeremy.
(This used to be commit
51b34bb536fdb18c99da1e151eba03ea634e0449)
Gerald Carter [Thu, 20 Jan 2005 17:42:15 +0000 (17:42 +0000)]
r4874: add DOmain Admins (Full Control) to the default printer sd if we are a DC
(This used to be commit
8971a8544274a7f3643ae67be744d7dab181973d)
Gerald Carter [Thu, 20 Jan 2005 17:17:29 +0000 (17:17 +0000)]
r4873: example delete printer script for use with cups
(This used to be commit
c646829e3231d5e4e8c030bb084920fadaafb983)
Gerald Carter [Thu, 20 Jan 2005 17:05:10 +0000 (17:05 +0000)]
r4871: BUG 603: patch by Daniel Beschorner <db@unit-netz.de>. Correct access mask check for _samr_lookup_domain() to work with Windows RAS server
(This used to be commit
2e7a5608ac6a11f4e9e8bda69abb984fb4f86eb8)
Günther Deschner [Thu, 20 Jan 2005 17:04:16 +0000 (17:04 +0000)]
r4870: Make multi-domain-mode in idmap_rid accessible from outside (can be
compiled with -DIDMAP_RID_SUPPORT_TRUSTED_DOMAINS) as requested by Lars
Mueller <lmuelle-at-suse.de>.
Allow to map ID's for a local SAM and add some more
debugging-information.
Guenther
(This used to be commit
4d8e7c9ff00417b2ebae0c5faccfe9c2c9c44f2e)
Günther Deschner [Thu, 20 Jan 2005 16:55:55 +0000 (16:55 +0000)]
r4869: Display sam_user_info_7 in rpcclient.
Guenther
(This used to be commit
30e808ca07bec66d5ecd81cc8c86bb4a98874bc4)
Günther Deschner [Thu, 20 Jan 2005 16:51:24 +0000 (16:51 +0000)]
r4868: Add "net rpc user RENAME"-command.
Note that Samba3 does not yet support it server-side.
Guenther
(This used to be commit
b2c8220931733593fd312fc25b6c73f440b4567a)
Gerald Carter [Thu, 20 Jan 2005 16:31:42 +0000 (16:31 +0000)]
r4867: Removing smbldap-tools from the svn tree. I'll include
the latest version in the actual release tarballs.
Have spoken to the idealx developers about this.
Updated README to reflect the changte for people using svn.
Removed ldapsync.pl since it is no longer needed when using
the smbldap-tools (only keep things you support).
(This used to be commit
f745e5119f420d4826ac395037880666761e05e8)
Günther Deschner [Thu, 20 Jan 2005 13:49:34 +0000 (13:49 +0000)]
r4866: Add createdomgroup to rpcclient (needed to generate huge amounts of
groups when 'net rpc group add' is just to slow).
Guenther
(This used to be commit
88572efdea1bfd32478b33564a85485222731901)
Jeremy Allison [Thu, 20 Jan 2005 01:19:57 +0000 (01:19 +0000)]
r4864: Remove unused var.
Jeremy.
(This used to be commit
9fd5d633e65e00a44ba0136ee91170edcecfae24)
Gerald Carter [Wed, 19 Jan 2005 22:50:27 +0000 (22:50 +0000)]
r4860: fix silly limitation in ldapsam and tdbsam. Expand variables in the profile path, logon home and logon script values
(This used to be commit
504ea4ac68f47b71542a88b17cbb6b546e1cb881)
Gerald Carter [Wed, 19 Jan 2005 21:10:56 +0000 (21:10 +0000)]
r4856: after testing a simple add printer script, i realized that you still have to be root to send the message to all smbds that the config file has been updated
(This used to be commit
6409de1a1ef34bb41c3efeebfabdf13be5e08613)
Gerald Carter [Wed, 19 Jan 2005 20:44:00 +0000 (20:44 +0000)]
r4855: add some smb.conf script for add/delete/change share and addprinter hooks
(This used to be commit
073592b7ad539138763c457fe58c1d82b2daa9c1)
Gerald Carter [Wed, 19 Jan 2005 18:28:55 +0000 (18:28 +0000)]
r4852: merge simo changes to srv_srvsvc_nt.c from trunk
that allows the add/change share command to create the directory
passed in as an arguement and not require that it pre-exist.
Also finish testing of SeDiskOperatorPrivilege via srvmgr.exe
(This used to be commit
9af83a7d70324846e6a2660c73589ee68340b4aa)
Günther Deschner [Wed, 19 Jan 2005 17:42:33 +0000 (17:42 +0000)]
r4851: Preleminary fix for ldapsam_enum_group_memberships when
ldapsam:trusted=True. Don't bail out when ldap-search returns pure
posixgroups (w.o. samba group-mapping).
This way those unix-memberships do not appear in user and nt user token.
Volker, could you please look over that one?
Guenther
(This used to be commit
853a8b7f1c0b00b2e4433d1281f3c9bfcaf980a6)
Günther Deschner [Wed, 19 Jan 2005 17:08:36 +0000 (17:08 +0000)]
r4850: Fix remaining pdb_setsampwent-calls.
To get all entries use a 0 acb_mask.
Guenther
(This used to be commit
bc729f8fd877236a503cc9df64138b2be2e1a91d)
Gerald Carter [Wed, 19 Jan 2005 16:52:19 +0000 (16:52 +0000)]
r4849: * finish SeAddUsers support in srv_samr_nt.c
* define some const SE_PRIV structure for use when
you need a SE_PRIV* to a privilege
* fix an annoying compiler warngin in smbfilter.c
* translate SIDs to names in 'net rpc rights list accounts'
* fix a seg fault in cli_lsa_enum_account_rights caused by
me forgetting the precedence of * vs. []
(This used to be commit
d25fc84bc2b14da9fcc0f3c8d7baeca83f0ea708)
Gerald Carter [Wed, 19 Jan 2005 16:44:53 +0000 (16:44 +0000)]
r4848: fix build; gd please check and make sure this is ok
(This used to be commit
f1d59c3a2693fe36b9abe9c1da4b703c5543f938)
Günther Deschner [Wed, 19 Jan 2005 16:13:26 +0000 (16:13 +0000)]
r4847: Hand over a acb_mask to pdb_setsampwent in load_sampwd_entries().
This allows the ldap-backend to search much more effeciently. Machines
will be searched in the ldap_machine_suffix and users in the
ldap_users_suffix. (Note that we already use the ldap_group_suffix in
ldapsam_setsamgrent for quite some time).
Using the specific ldap-bases becomes notably important in large
domains: On my testmachine "net rpc trustdom list" has to search through
40k accounts just to list 3 interdomain-trust-accounts, similiar effects
show up the non-user query_dispinfo-calls, etc.
Also renamed all_machines to only_machines in load_sampwd_entries()
since that reflects better what is really meant.
Guenther
(This used to be commit
6394257cc721ca739bda0e320375f04506913533)
Simo Sorce [Wed, 19 Jan 2005 16:09:59 +0000 (16:09 +0000)]
r4846: do not keep outdated files here.
the updated file is in the Release branch and in the official tarballs
(This used to be commit
f77939c65cc4ae4e0bb9504f700b50d6601bd031)
Simo Sorce [Wed, 19 Jan 2005 15:04:56 +0000 (15:04 +0000)]
r4845: Correct my name.
Jerry this file seem old and not updated.
We should either update it or remove it imho.
Simo.
(This used to be commit
7c88ecf6bb6f341f5ed7c35011a1a9bc2daf34e0)
Günther Deschner [Wed, 19 Jan 2005 09:58:29 +0000 (09:58 +0000)]
r4840: * Add more generic root-dse inspection function to check for given
controls or extensions.
* Check and remember if ldapsam's LDAP Server support paged results
(in preparation of adding async paged-results to set|get|end-sampwent in
ldapsam).
Guenther
(This used to be commit
ced58bd8849cdef78513674dff1b1ec331945aa9)
Günther Deschner [Wed, 19 Jan 2005 09:36:27 +0000 (09:36 +0000)]
r4839: Allow to set acb_mask in rpcclient's enumdomusers (for debugging).
Guenther
(This used to be commit
92851def70914af1aa501857c6346ca6ae6fc010)
Jeremy Allison [Tue, 18 Jan 2005 22:40:49 +0000 (22:40 +0000)]
r4830: Fix for problem noticed by Guy Harris <gharris@apple.com>, return
correct DOS/NT error code on transact named pipe on closed pipe
handle.
Jeremy.
(This used to be commit
599c281464fa96725c3ee6dd3c5ee03ea81314ea)
Gerald Carter [Tue, 18 Jan 2005 20:51:06 +0000 (20:51 +0000)]
r4827: add 'net rpc rights list accounts' & update help text
(This used to be commit
002ece931917e2952ed795939384764d14f93ce9)
Gerald Carter [Tue, 18 Jan 2005 19:51:36 +0000 (19:51 +0000)]
r4825: Printing changes
----------------
* bracket the add/delete/set printer scripts with checks for se_print_op
* slight change to the add/set printer script semantics. smbd no longer
relies on output from the script (on stdout) to re-read smb.conf
* remove SIGHUP from set/add/delete printin script code and now just
use MSG_SMB_CONF_UPDATED
* bracket the add/delete/set share scripts with checks for se_print_op
(this includes setting share ACLs)
(This used to be commit
8ab8113d2e1bec6a1dbf464882ad724c7c591be4)
Gerald Carter [Tue, 18 Jan 2005 18:30:32 +0000 (18:30 +0000)]
r4824: wrap the shutdown and abort_shutdown calls in check for the SE_REMOTE_SHUTDOWN privilege
(This used to be commit
d11339b7e3b890b8e01744b6b309efaa7ad328e1)
Gerald Carter [Tue, 18 Jan 2005 18:29:55 +0000 (18:29 +0000)]
r4823: remove -O1 from --with-developer
(This used to be commit
a1fb1cb019804446a093d7d0d7b1952cc538f9cc)
Gerald Carter [Tue, 18 Jan 2005 18:29:28 +0000 (18:29 +0000)]
r4822: fix return code when you ask for a non-privileged SID via one of the privileges RPC calls
(This used to be commit
3f4f2c80fd157796a7ba56f31f921e8a3ce46bc3)
Gerald Carter [Tue, 18 Jan 2005 18:28:34 +0000 (18:28 +0000)]
r4821: finish off 'net rpc rights [list|grant|revoke]'
one small todo item is to add a 'accounts' sub option
to 'net rpc list' so enumerate all privileged SIDs
and their associated rights.
(This used to be commit
bf4385c79a0ce2e4983ffa11d39367dbf1d4dcfd)
Gerald Carter [Tue, 18 Jan 2005 14:46:24 +0000 (14:46 +0000)]
r4820: add beginnings of 'net rpc rights' for managing privilege assignments
(This used to be commit
164f94e52929330bd638f19bcf3bfce50303269e)
Gerald Carter [Mon, 17 Jan 2005 20:27:29 +0000 (20:27 +0000)]
r4809: * include SeDiskOperatorPrivilege and SeRemoteShutdownPrivilege
(noty enfornced yet though)
* add 'enable privileges (off by default) to control whether or
not any privuleges can be assigned to SIDs
(This used to be commit
cf63519169d2f3c56a6acf46b9257f4c11d5ea74)
Gerald Carter [Mon, 17 Jan 2005 15:23:11 +0000 (15:23 +0000)]
r4805: Last planned change to the privileges infrastructure:
* rewrote the tdb layout of privilege records in account_pol.tdb
(allow for 128 bits instead of 32 bit flags)
* migrated to using SE_PRIV structure instead of the PRIVILEGE_SET
structure. The latter is now used for parsing routines mainly.
Still need to incorporate some client support into 'net' so
for setting privileges. And make use of the SeAddUserPrivilege
right.
(This used to be commit
41dc7f7573c6d637e19a01e7ed0e716ac0f1fb15)
Jelmer Vernooij [Mon, 17 Jan 2005 14:25:58 +0000 (14:25 +0000)]
r4802: Don't try to update a column with the name "NULL"
(This used to be commit
ed38e6026494a2b58c70cc175c6e210bea454e5c)
Jelmer Vernooij [Sun, 16 Jan 2005 23:09:56 +0000 (23:09 +0000)]
r4788: Don't log mysql password at debug level 1.
(This used to be commit
760455875f78a29c3fedd7de3671d6ae537c1d1a)
Volker Lendecke [Sat, 15 Jan 2005 19:00:18 +0000 (19:00 +0000)]
r4760: Make wbinfo --user-sids expand domain local groups. Andrew B., my testing
shows that this info is correctly returned to us in to info3 struct, so
check_info3_in_group does not need to be adapted.
Volker
(This used to be commit
a84e778cafcefdc1809474c2123e757c8c9d9b70)
Volker Lendecke [Sat, 15 Jan 2005 09:26:21 +0000 (09:26 +0000)]
r4751: This is a domain policy, not a user one
(This used to be commit
a24df21e66aeafb15e22f9ed4df7d9dded3e3b52)
Volker Lendecke [Sat, 15 Jan 2005 09:15:28 +0000 (09:15 +0000)]
r4750: Fix cli_samr_queryuseraliases. There can be more than one sid, thus more than
one pointer...
Volker
(This used to be commit
f2f08b64a53f6efd3154ff2656ecacc86872a18c)
Volker Lendecke [Sat, 15 Jan 2005 09:10:47 +0000 (09:10 +0000)]
r4749: Fix memleak
(This used to be commit
a8aab6de7516b70cae6c096883874fa152777b13)
Gerald Carter [Sat, 15 Jan 2005 03:54:03 +0000 (03:54 +0000)]
r4746: add server support for lsa_enum_acct_rights(); last checkin for the night
(This used to be commit
ccdff4a998405544433aa32938963e4c37962fcc)
Gerald Carter [Sat, 15 Jan 2005 02:20:30 +0000 (02:20 +0000)]
r4742: add server support for lsa_add/remove_account_rights() and fix some parsing bugs related to that code
(This used to be commit
7bf1312287cc1ec6b97917ba25fc60d6db09f26c)
Gerald Carter [Fri, 14 Jan 2005 21:24:15 +0000 (21:24 +0000)]
r4740: allow SE_PRINT_OPERATORS to have printer admin access
(This used to be commit
85731706c9d794e8bd3f26ce9b1f881c1ee6a3ba)
Gerald Carter [Fri, 14 Jan 2005 21:05:54 +0000 (21:05 +0000)]
r4739: require membership in Domain Admins to be able to set privileges
(This used to be commit
e8b4cedc2081eeff53d86c2d894632e57a17926f)
Jeremy Allison [Fri, 14 Jan 2005 20:23:22 +0000 (20:23 +0000)]
r4738: Fix for bug #2238 - memory leak in shadow copy vfs.
Jeremy.
(This used to be commit
fb7f1aff7c96e4672641f80b74a058abf25d0d6d)
Gerald Carter [Fri, 14 Jan 2005 19:26:13 +0000 (19:26 +0000)]
r4736: small set of merges from rtunk to minimize the diffs
(This used to be commit
4b351f2fcc365a7b7f8c22b5139c299aa54c9458)
Volker Lendecke [Fri, 14 Jan 2005 12:17:18 +0000 (12:17 +0000)]
r4732: Even if we have 'password server' set, we need to look up the native DC name
via netbios, as the user might have set an IP address or a fqdn.
Volker
(This used to be commit
61466f38429ba67ace3e84c870a0f913f64d122c)
Volker Lendecke [Fri, 14 Jan 2005 08:14:22 +0000 (08:14 +0000)]
r4731: Fix the build
(This used to be commit
340d7f317332f159460d04db8ccc75116c83d234)
Gerald Carter [Thu, 13 Jan 2005 18:20:37 +0000 (18:20 +0000)]
r4724: Add support for Windows privileges in Samba 3.0
(based on Simo's code in trunk). Rewritten with the
following changes:
* privilege set is based on a 32-bit mask instead of strings
(plans are to extend this to a 64 or 128-bit mask before
the next 3.0.11preX release).
* Remove the privilege code from the passdb API
(replication to come later)
* Only support the minimum amount of privileges that make
sense.
* Rewrite the domain join checks to use the SeMachineAccountPrivilege
instead of the 'is a member of "Domain Admins"?' check that started
all this.
Still todo:
* Utilize the SePrintOperatorPrivilege in addition to the 'printer admin'
parameter
* Utilize the SeAddUserPrivilege for adding users and groups
* Fix some of the hard coded _lsa_*() calls
* Start work on enough of SAM replication to get privileges from one
Samba DC to another.
* Come up with some management tool for manipultaing privileges
instead of user manager since it is buggy when run on a 2k client
(haven't tried xp). Works ok on NT4.
(This used to be commit
77c10ff9aa6414a31eece6dfec00793f190a9d6c)
Alexander Bokovoy [Wed, 12 Jan 2005 09:54:50 +0000 (09:54 +0000)]
r4704: Fix encoding while receiving of a message which was actually sent using STR_ASCII. Patch from Grigory Batalov <bga@altlinux.org>
(This used to be commit
dddd5726462c13374788713ad5ddcbdf9ee7b439)
Jeremy Allison [Wed, 12 Jan 2005 01:25:14 +0000 (01:25 +0000)]
r4697: Fix for bug #2231 inspired by brad.ellis@its.monash.edu.au.
Remove double "\\" from findfirst.
Jeremy.
(This used to be commit
88a89b31059ac21e09d283f8795cd6ea88c4315c)
Gerald Carter [Tue, 11 Jan 2005 02:53:00 +0000 (02:53 +0000)]
r4668: allow the caller to invoke init_unistr2() with a NULL buffer to match previous behavior; more checks to come tomorrow
(This used to be commit
9a29bef056f92ef6f1df01f56c121088f84be16b)
Jeremy Allison [Tue, 11 Jan 2005 02:13:03 +0000 (02:13 +0000)]
r4665: Fix inspired by posting from Joe Meadows <jameadows@webopolis.com>.
Make all LDAP timeouts consistent.
Jeremy.
(This used to be commit
0f0281c2348b10ffdea744ecade6b2be0814c872)
Jeremy Allison [Tue, 11 Jan 2005 01:39:06 +0000 (01:39 +0000)]
r4662: Fix from "Jerome Borsboom" <j.borsboom@erasmusmc.nl> to fix
missing release reference for printer tdb.
Jeremy.
(This used to be commit
5942bb7737fe8efc452d59cda0d6e35e309c97b7)
Jeremy Allison [Mon, 10 Jan 2005 20:33:41 +0000 (20:33 +0000)]
r4656: Convert the winreg pipe to use WERROR returns (as it should).
Also fix return of NT_STATUS_NO_MORE_ENTRIES should be
ERROR_NO_MORE_ITEMS reported by "Marcin Porwit" <mporwit@centeris.com>.
Jeremy.
(This used to be commit
511cdec60d431d767fb02f68ca5ddd4ddb59e64a)
Jelmer Vernooij [Mon, 10 Jan 2005 19:27:24 +0000 (19:27 +0000)]
r4653: Output file of "test" pdb backend should be called test.so
(This used to be commit
95c8727045fab0c6aa3446871e19e7b29c20382d)
Jim McDonough [Mon, 10 Jan 2005 18:29:52 +0000 (18:29 +0000)]
r4651: Add "refuse machine password change" policy field. This update will just
return the appropriate reg value. Enforcement to be added soon.
Also, fix account policy tdb upgrade so it doesn't just wipe out everything
that was in there from a a previous version.
(This used to be commit
ccae934cf9de4b234bac324b8d878c8ec7862f67)
Günther Deschner [Mon, 10 Jan 2005 15:28:07 +0000 (15:28 +0000)]
r4646: Allow Account Lockout with Lockout Duration "forever" (until admin
unlocks) to be set and displayed in User Manager.
Guenther
(This used to be commit
8fd7e26fa12a4102def630efa421fad70f3affb1)
Gerald Carter [Mon, 10 Jan 2005 13:17:36 +0000 (13:17 +0000)]
r4645: patch from Rob to fix the build breakage in vfstest after the reload_printers() cleanup
(This used to be commit
054b64fb86328556288d097e1201a24d53d0bec9)
Günther Deschner [Mon, 10 Jan 2005 10:23:57 +0000 (10:23 +0000)]
r4633: Finally give rpcclient a port-command.
Guenther
(This used to be commit
c39c447a5de75d15d17bb65227ebc5eb1355e4e1)
Volker Lendecke [Sat, 8 Jan 2005 13:33:19 +0000 (13:33 +0000)]
r4604: Attempt to fix the buildfarm build.
vfstest refers to reload_printers, only defined in smbd/server.c. Jerry, could
you take a look at that?
Thanks,
Volker
(This used to be commit
a83e5c113257a8bd6a2842e5ba09006e710bfbbf)
Jeremy Allison [Sat, 8 Jan 2005 00:51:12 +0000 (00:51 +0000)]
r4601: Removed any use of the MAX_XXX_STR style definitions. A little larger
change than I'd hoped for due to formating changes to tidy up code.
Jeremy.
(This used to be commit
a348f9221a9fe719dc6f0db6eb295575c2f95e1e)
Jeremy Allison [Thu, 6 Jan 2005 23:45:53 +0000 (23:45 +0000)]
r4581: From Derrell.Lipman@UnwiredUniverse.com. Use nanosleep instead of select
when we have it in smb_msleep.
Jeremy.
(This used to be commit
465c207ffbcd5ee859faee282ef220a6c72e4eeb)
Gerald Carter [Thu, 6 Jan 2005 23:27:28 +0000 (23:27 +0000)]
r4579: small changes to allow the members og the Domain Admins group on the Samba DC to join clients to the domain -- needs more testing and security review but does work with initial testing
(This used to be commit
9ade9bf49c7125fb29658f943e9ebb6be9496180)
Jeremy Allison [Thu, 6 Jan 2005 19:32:39 +0000 (19:32 +0000)]
r4577: Fix from William Jojo <jojowil@hvcc.edu> for AIX 5.3 compile.
Jeremy.
(This used to be commit
80e7c6c312eb0bdb93fe381e7ce3a24a21dd9cf0)
Gerald Carter [Thu, 6 Jan 2005 17:50:51 +0000 (17:50 +0000)]
r4575: adding extra debug to cm_prepare_connection()
(This used to be commit
13a2aa50ea203cee9c2323bb0428f8c50a3c0f77)
Stefan Metzmacher [Thu, 6 Jan 2005 17:25:34 +0000 (17:25 +0000)]
r4573: merge -r 4572 from SAMBA_4_0:
remove configure and include/config.h*
before running autoheader && autoconf
this fixes bug where configure didn't get correctly updated
(I assume autoconf uses some caching...)
metze
(This used to be commit
40d7d419dd0067e11c10c7c532c3ec0de5d7cfeb)
Volker Lendecke [Thu, 6 Jan 2005 15:35:02 +0000 (15:35 +0000)]
r4570: Replace cli->nt_pipe_fnum with an array of NT file numbers, one for each
supported pipe. Netlogon is still special, as we open that twice, one to do
the auth2, the other one with schannel.
The client interface is completely unchanged for those who only use a single
pie. cli->pipe_idx is used as the index for everything except the "real"
client rpc calls, which have been explicitly converted in my last commit. Next
step is to get winbind to just use a single smb connection for multiple pipes.
Volker
(This used to be commit
dc294c52e0216424236057ca6cd35e1ebf51d0da)
Volker Lendecke [Thu, 6 Jan 2005 11:42:40 +0000 (11:42 +0000)]
r4561: This looks a lot larger than it is, this is to reduce the clutter on future
patches.
Pass down the pipe_idx down to all functions in cli_pipe where nt_pipe_fnum is
referenced. First step towards having multiple pipes on a cli_struct. The idea
is to not have a single nt_pipe_fnum but an array for the pipes we support.
Volker
(This used to be commit
93eab050201d4e55096a8820226749f001597b5d)
Jeremy Allison [Thu, 6 Jan 2005 00:45:39 +0000 (00:45 +0000)]
r4545: Fix based on work by Derrell.Lipman@UnwiredUniverse.com :
* In an application with signals, it was possible for functions to block
indefinitely while awaiting timeouts. This patch ensures that if a system
call with a timeout is aborted and needs to be restarted, it is restarted
with a timeout which is adjusted for the amount of time already waited.
Jeremy.
(This used to be commit
3a0d426764ab8bac561a47329500a03a52a00fa3)
Gerald Carter [Wed, 5 Jan 2005 16:20:35 +0000 (16:20 +0000)]
r4539: patch from Rob -- adding real printcap name cache function to speed up printcap reloads
(This used to be commit
1cad5250932b963c2eb9b775221b13db386d601b)
Jim McDonough [Wed, 5 Jan 2005 16:02:56 +0000 (16:02 +0000)]
r4538: Fix bugzilla 2198, accounts which have password last set to 0 are getting
no passwords after vampire. Set password last set field to now.
(This used to be commit
60c3a638e4e63d009728c2ce7a6264c3c120a9e5)