Simo Sorce [Wed, 2 Feb 2005 16:22:59 +0000 (16:22 +0000)]
r5176: Warn the user that print command is ignored when using cups libraries
Gerald Carter [Wed, 2 Feb 2005 16:05:55 +0000 (16:05 +0000)]
r5174: ensure that we consistently use the current_user_info.smb_name vs. smb_name when parsing smb.conf and reloading config files
Jeremy Allison [Wed, 2 Feb 2005 01:58:18 +0000 (01:58 +0000)]
r5166: From James Peach - remove minor C99-isms.
Jeremy.
Gerald Carter [Tue, 1 Feb 2005 20:43:14 +0000 (20:43 +0000)]
r5165: BUG 2295: always use get_local_machine_name() rather than digging in the gloval variable 'local_machine'
Jim McDonough [Tue, 1 Feb 2005 19:32:54 +0000 (19:32 +0000)]
r5163: Fix bugzilla 2062:
turn off broadcast for all 390 NICs.
Gerald Carter [Tue, 1 Feb 2005 19:04:13 +0000 (19:04 +0000)]
r5162: BUG 2264: remove shutdown and abortshurn commands from rpcclient since they are stable in 'net rpc' (to avoid fixing portability bugs)
Jeremy Allison [Tue, 1 Feb 2005 18:33:50 +0000 (18:33 +0000)]
r5160: First cut at refactoring of directory code to handle non-wildcard
directory match more efficiently. Passes RAW-SEARCH under valgrind but needs more
testing (which I'll do later today :-).
Jeremy.
Gerald Carter [Tue, 1 Feb 2005 18:29:14 +0000 (18:29 +0000)]
r5159: BUG 2262: add support to detect *freebsd6* (same as *freebsd5* currently)
Gerald Carter [Tue, 1 Feb 2005 18:24:39 +0000 (18:24 +0000)]
r5158: BUG 2263: patch from Timur Bakeyev <timur@com.bat.ru> to guard base64_encode_data_blob() against empty blobs
Gerald Carter [Tue, 1 Feb 2005 18:14:15 +0000 (18:14 +0000)]
r5157: BUG 2266: conditionally include rpc/nettype.h to work around missing header onf FreeBSD4
Jeremy Allison [Tue, 1 Feb 2005 02:06:00 +0000 (02:06 +0000)]
r5154: Tidy up interface a little.
Jeremy.
Jeremy Allison [Tue, 1 Feb 2005 00:28:20 +0000 (00:28 +0000)]
r5152: Restructure the directory handling code, stop using void * pointers
that just allow the wrong pointer to be assigned :-) and make the
interface more consistent. Fix the FreeBSD directory problem. Last
thing to do is to add the "singleton" directory concept from James
Peach's code.
Jeremy.
Gerald Carter [Mon, 31 Jan 2005 22:42:30 +0000 (22:42 +0000)]
r5150: consolidate the samr_make.*obj_sd() functions to share code
Gerald Carter [Mon, 31 Jan 2005 16:32:14 +0000 (16:32 +0000)]
r5140: (a) fix problem with enumerating domain trusts in security = ads; (b) fix a segfault in rpcclient's dsenumdomtrusts
Gerald Carter [Mon, 31 Jan 2005 13:26:00 +0000 (13:26 +0000)]
r5132: netscape DS 5.2 schema update from Richard Renard <rrenard@idealx.com>
Gerald Carter [Mon, 31 Jan 2005 13:17:49 +0000 (13:17 +0000)]
r5131: BUG 2290: don;t call mkversion.sh since we don't have it in this directory
Volker Lendecke [Mon, 31 Jan 2005 09:27:12 +0000 (09:27 +0000)]
r5127: Fix Bug 2289 -- thanks to jason@ncac.gwu.edu
Volker Lendecke [Mon, 31 Jan 2005 08:29:51 +0000 (08:29 +0000)]
r5125: Fix bug 2113 -- thanks to jason@ncac.gwu.edu
Tim Potter [Sun, 30 Jan 2005 22:47:26 +0000 (22:47 +0000)]
r5112: Fix for shared object creation in examples. Bugzilla #2058.
Tim Potter [Sun, 30 Jan 2005 22:45:46 +0000 (22:45 +0000)]
r5111: Fix up changed prototype for setsampwent pdb function.
Jeremy Allison [Sun, 30 Jan 2005 00:36:19 +0000 (00:36 +0000)]
r5100: We should only care about case-sensitivity when *reading* an incoming
filename, not returning one. Makes us pass one more Samba4 RAW-SEARCH test.
Jeremy.
Volker Lendecke [Sat, 29 Jan 2005 10:05:46 +0000 (10:05 +0000)]
r5098: Next round build-fixing
Volker Lendecke [Sat, 29 Jan 2005 09:38:15 +0000 (09:38 +0000)]
r5096: Attempt to fix the build
Jeremy Allison [Sat, 29 Jan 2005 02:49:01 +0000 (02:49 +0000)]
r5082: Don't blindly copy question rr_type and class, set correctly as required
by rfc1002.
Jeremy.
Jeremy Allison [Sat, 29 Jan 2005 02:18:01 +0000 (02:18 +0000)]
r5077: Use correct type for rr record on negative name query reply.
Jeremy.
Jeremy Allison [Sat, 29 Jan 2005 02:03:46 +0000 (02:03 +0000)]
r5076: Ensure that WINS negative name query responses and WACK packets
use the correct RR type of 0xA instead of reflecting back what
the query RR type was (0x20). See rfc1002 sections 4.2.14 and
4.2.16.
Jeremy.
Jeremy Allison [Fri, 28 Jan 2005 23:17:12 +0000 (23:17 +0000)]
r5069: Ensure we return the correct errors for old-style search requests.
Jeremy.
Jeremy Allison [Fri, 28 Jan 2005 21:55:45 +0000 (21:55 +0000)]
r5066: A couple of small fixes from James Peach @ SGI.
Jeremy.
Jeremy Allison [Fri, 28 Jan 2005 21:01:58 +0000 (21:01 +0000)]
r5063: Shamelessly steal the Samba4 logic (and some code :-) for directory
evaluation. This stops us from reading the entire directory into
memory at one go, and allows partial reads. It also keeps almost
the same interface to the OpenDir/ReadDir etc. code (sorry James :-).
Next I will optimise the findfirst with exact match code. This speeds
up our interactive response for large directories, but not when a
missing (ie. negative) findfirst is done.
Jeremy
Gerald Carter [Fri, 28 Jan 2005 17:36:41 +0000 (17:36 +0000)]
r5060: BUG 2286: fix typoe on sambaConfig oc definition
Günther Deschner [Fri, 28 Jan 2005 17:05:55 +0000 (17:05 +0000)]
r5058: Due to the fragileness how windows reacts on unmapped sids sometimes,
don't leave administator-sid unmapped. Simply return "Administrator"
Guenther
Gerald Carter [Fri, 28 Jan 2005 16:55:09 +0000 (16:55 +0000)]
r5056: * correct STANDARD_RIGHTS_WRITE_ACCESS bitmask define
* make sure to apply the rights_mask and not just the saved
bits from the mask in access_check_samr_object()
* allow root to grant/revoke privileges (in addition to Domain
Admins) as suggested by Volker.
Tested machine joins from XP, 2K, and NT4 with and without
pre-existing machine trust accounts. Also tested basic file
operations using cmd.exe and explorer.exe after changing the
STANDARD_RIGHTS_WRITE_ACCESS bitmask.
Gerald Carter [Thu, 27 Jan 2005 15:13:16 +0000 (15:13 +0000)]
r5046: mark 'winbind enable local accounts' and testprns as depcrecated
Gerald Carter [Thu, 27 Jan 2005 02:56:18 +0000 (02:56 +0000)]
r5029: after talking to Rob, ensure that we set the NETIOSNAME.domainname
as the longname in the published printer information since this
is what we will have used when we joined the domain.
More testing on this tomorrow.
Gerald Carter [Thu, 27 Jan 2005 02:16:02 +0000 (02:16 +0000)]
r5028: * check acb_info mask in _samr_create_user instead of the last character
of the user name
* fix some access_mask checks in _samr_set_userinfo2 (getting join from
XP without being a member of domain admins working)
Gerald Carter [Wed, 26 Jan 2005 20:48:21 +0000 (20:48 +0000)]
r5020: bumping the 3.0 tree to 3.0.12pre1 since there will not be a full sync for the 3.0.11rc1 release
Gerald Carter [Wed, 26 Jan 2005 20:36:44 +0000 (20:36 +0000)]
r5015: (based on abartlet's original patch to restrict password changes)
* added SE_PRIV checks to access_check_samr_object() in order
to deal with the run-time security descriptor and their
interaction with user rights
* Reordered original patch in _samr_set_userinfo[2] to still
allow root/administrative password changes for users and machines.
Jeremy Allison [Wed, 26 Jan 2005 20:01:21 +0000 (20:01 +0000)]
r5014: Split out the request to send an async level II oplock break into a
new function to make it clear when it's called. Remove async parameter
that had been overloaded into request_oplock_break.
Inspired by work from Nadav Danieli <nadavd@exanet.com>.
Jeremy.
Gerald Carter [Wed, 26 Jan 2005 14:46:54 +0000 (14:46 +0000)]
r5012: fix segfault caused by using a ipp_t * after calling cupsDoRequest()
Jeremy Allison [Wed, 26 Jan 2005 00:13:15 +0000 (00:13 +0000)]
r5002: Ensure we can't remove a level II oplock without having the
shared memory area locked. This need to be in 3.0.11. Pointed
out by Nadav Danieli <nadavd@exanet.com>.
Jeremy.
Gerald Carter [Tue, 25 Jan 2005 23:34:39 +0000 (23:34 +0000)]
r5000: 5000th post! w00tsvn diffsvn diff :-)
Gerald Carter [Tue, 25 Jan 2005 23:33:18 +0000 (23:33 +0000)]
r4996: sync up copytights with trunk
Gerald Carter [Tue, 25 Jan 2005 23:32:19 +0000 (23:32 +0000)]
r4995: fail set_privileges() if 'enable privileges = no' to prevent confused admins who never read what I write :-)
Günther Deschner [Tue, 25 Jan 2005 23:30:05 +0000 (23:30 +0000)]
r4994: Patch from abartlet:
When migrating account policies to ldapsam, handle the fact that an
admin might have changed the default location of the sambaDomain-object
after installation.
Guenther
Günther Deschner [Tue, 25 Jan 2005 20:36:24 +0000 (20:36 +0000)]
r4989: Display failed LDAP-server-uri.
Guenther
Günther Deschner [Tue, 25 Jan 2005 19:56:01 +0000 (19:56 +0000)]
r4988: After speaking with Jerry, remove old lp_admin_users to
administrator-sid mapping completely.
Guenther
Andrew Bartlett [Tue, 25 Jan 2005 02:58:31 +0000 (02:58 +0000)]
r4976: Try to scare people off from trying to write authentication modules
that only acheive as much as 'security=server' does.
Andrew Bartlett
Günther Deschner [Tue, 25 Jan 2005 01:19:02 +0000 (01:19 +0000)]
r4972: Fix a warning and some debugging-outputs.
Guenther
Jeremy Allison [Mon, 24 Jan 2005 20:21:15 +0000 (20:21 +0000)]
r4970: Fix for bug 2092, allowing fallback after kerberos and allow
gnome vfs to prevent auto-anonymous logon.
Jeremy.
Volker Lendecke [Mon, 24 Jan 2005 19:33:20 +0000 (19:33 +0000)]
r4967: Not being in any domain local groups is obviously valid...
Volker
Gerald Carter [Mon, 24 Jan 2005 18:42:33 +0000 (18:42 +0000)]
r4966: don't enumerate the drivers for the same architecture string more than once
Gerald Carter [Mon, 24 Jan 2005 17:42:19 +0000 (17:42 +0000)]
r4965: comment out some unused attributes and oc's
Günther Deschner [Mon, 24 Jan 2005 17:29:12 +0000 (17:29 +0000)]
r4964: Fix our lsa lookupsid $OURDOMAINSID-500.
Give the admin-user (rid 500) a chance to be found in passdb, not
returning the (possibly obscure) first entry of "admin users" before
that.
Guenther
Günther Deschner [Mon, 24 Jan 2005 16:30:46 +0000 (16:30 +0000)]
r4963: It is actually a very bad idea to use KRB5_CONFIG in the
configure-checks (At least Heimdal uses KRB5_CONFIG for locating it's
configuration-file (usually /etc/krb5.conf)). Renaming it to KRB5CONFIG
prevents configure-checks that use heimdal-libs from segfaulting while
the lib reads the krb5-config binary as a configuration file...
Vendors that used the KRB5_CONFIG-variable to let configure find a
custom krb5-config binary have to use KRB5CONFIG now.
Guenther
Volker Lendecke [Sun, 23 Jan 2005 14:10:57 +0000 (14:10 +0000)]
r4946: Our notion the other_sids in the info3 SamLogon struct was
...hmmm... completely bogus. This does not affect us as a domain controller,
as we never set other_sids, but I have *no* idea how winbind got away with it.
Please review thoroughly, samba4 idl looks closer to reality here.
Test case: Member of w2k3 domain, authenticate as a user who is member of one
or more domain local groups. Easiest review with 'client schannel = no'.
Thanks,
Volker
Volker Lendecke [Sat, 22 Jan 2005 17:12:19 +0000 (17:12 +0000)]
r4933: List not only the first 10 trusts with rpcclient -c enumtrust.
Volker
Günther Deschner [Sat, 22 Jan 2005 12:02:13 +0000 (12:02 +0000)]
r4932: Forgot to increase version with the account-policy-commit.
Guenther
Günther Deschner [Sat, 22 Jan 2005 11:26:13 +0000 (11:26 +0000)]
r4931: Add get_user_info_7 in SAMR. This just gives out the username. (In
preparation of adding the ability of renaming users via setuserinfo
level 7).
Guenther
Günther Deschner [Sat, 22 Jan 2005 04:09:21 +0000 (04:09 +0000)]
r4926: Use LDAP_SCOPE_ONELEVEL instead of OpenLDAP's LDAP_SCOPE_ONE-scope.
Guenther
Günther Deschner [Sat, 22 Jan 2005 03:37:09 +0000 (03:37 +0000)]
r4925: Migrate Account Policies to passdb (esp. replicating ldapsam).
Does automated migration from account_policy.tdb v1 and v2 and offers a
pdbedit-Migration interface. Jerry, please feel free to revert that if
you have other plans.
Guenther
Jeremy Allison [Sat, 22 Jan 2005 01:38:42 +0000 (01:38 +0000)]
r4921: Typo.
Jeremy Allison [Sat, 22 Jan 2005 01:22:39 +0000 (01:22 +0000)]
r4917: Merge some of Derrell.Lipman@UnwiredUniverse.com obvious fixes.
Added text explaining units in pdbedit time fields.
Jeremy.
Gerald Carter [Fri, 21 Jan 2005 23:06:27 +0000 (23:06 +0000)]
r4913: fixing 'perl requires' filters for RPM packaging on RedHat/Fedora
Gerald Carter [Fri, 21 Jan 2005 19:09:51 +0000 (19:09 +0000)]
r4907: remove unreached code
Gerald Carter [Fri, 21 Jan 2005 19:08:17 +0000 (19:08 +0000)]
r4905: patch from abartlet to remove storing the auth-user credentials from the cli* in cm_prepare_connection(). using credentials from a domain other thanour primary domain will cause the schannel setup to fail
Gerald Carter [Fri, 21 Jan 2005 18:14:31 +0000 (18:14 +0000)]
r4902: please note that cupsDoRequest() deletes the request* so don't call ippDelete(request) *ever*
Jeremy Allison [Fri, 21 Jan 2005 01:42:45 +0000 (01:42 +0000)]
r4882: Fix for #2255. Debug should have been 10 not 0.
Jeremy.
Jeremy Allison [Fri, 21 Jan 2005 00:29:38 +0000 (00:29 +0000)]
r4881: Varient of Lar's patch for #2270. Jerry promises to test :-).
Jeremy.
Jeremy Allison [Thu, 20 Jan 2005 22:42:08 +0000 (22:42 +0000)]
r4879: Fix rewinddir -> rewind_dir. Noticed by James Peach.
Jeremy
Günther Deschner [Thu, 20 Jan 2005 21:42:05 +0000 (21:42 +0000)]
r4877: When vampiring account policy AP_LOCK_ACCOUNT_DURATION honour "Lockout
Duration: Forever".
Guenther
Jeremy Allison [Thu, 20 Jan 2005 18:31:11 +0000 (18:31 +0000)]
r4875: Fix for bugid #221, inspired by Mrinal Kalakrishnan <mail@mrinal.net>.
NT sometimes send garbage bytes in NT security descriptor linearizations
when sending well-known sids. Cope with these.
Jeremy.
Gerald Carter [Thu, 20 Jan 2005 17:42:15 +0000 (17:42 +0000)]
r4874: add DOmain Admins (Full Control) to the default printer sd if we are a DC
Gerald Carter [Thu, 20 Jan 2005 17:17:29 +0000 (17:17 +0000)]
r4873: example delete printer script for use with cups
Gerald Carter [Thu, 20 Jan 2005 17:05:10 +0000 (17:05 +0000)]
r4871: BUG 603: patch by Daniel Beschorner <db@unit-netz.de>. Correct access mask check for _samr_lookup_domain() to work with Windows RAS server
Günther Deschner [Thu, 20 Jan 2005 17:04:16 +0000 (17:04 +0000)]
r4870: Make multi-domain-mode in idmap_rid accessible from outside (can be
compiled with -DIDMAP_RID_SUPPORT_TRUSTED_DOMAINS) as requested by Lars
Mueller <lmuelle-at-suse.de>.
Allow to map ID's for a local SAM and add some more
debugging-information.
Guenther
Günther Deschner [Thu, 20 Jan 2005 16:55:55 +0000 (16:55 +0000)]
r4869: Display sam_user_info_7 in rpcclient.
Guenther
Günther Deschner [Thu, 20 Jan 2005 16:51:24 +0000 (16:51 +0000)]
r4868: Add "net rpc user RENAME"-command.
Note that Samba3 does not yet support it server-side.
Guenther
Gerald Carter [Thu, 20 Jan 2005 16:31:42 +0000 (16:31 +0000)]
r4867: Removing smbldap-tools from the svn tree. I'll include
the latest version in the actual release tarballs.
Have spoken to the idealx developers about this.
Updated README to reflect the changte for people using svn.
Removed ldapsync.pl since it is no longer needed when using
the smbldap-tools (only keep things you support).
Günther Deschner [Thu, 20 Jan 2005 13:49:34 +0000 (13:49 +0000)]
r4866: Add createdomgroup to rpcclient (needed to generate huge amounts of
groups when 'net rpc group add' is just to slow).
Guenther
Jeremy Allison [Thu, 20 Jan 2005 01:19:57 +0000 (01:19 +0000)]
r4864: Remove unused var.
Jeremy.
Gerald Carter [Wed, 19 Jan 2005 22:50:27 +0000 (22:50 +0000)]
r4860: fix silly limitation in ldapsam and tdbsam. Expand variables in the profile path, logon home and logon script values
Gerald Carter [Wed, 19 Jan 2005 21:10:56 +0000 (21:10 +0000)]
r4856: after testing a simple add printer script, i realized that you still have to be root to send the message to all smbds that the config file has been updated
Gerald Carter [Wed, 19 Jan 2005 20:44:00 +0000 (20:44 +0000)]
r4855: add some smb.conf script for add/delete/change share and addprinter hooks
Gerald Carter [Wed, 19 Jan 2005 18:28:55 +0000 (18:28 +0000)]
r4852: merge simo changes to srv_srvsvc_nt.c from trunk
that allows the add/change share command to create the directory
passed in as an arguement and not require that it pre-exist.
Also finish testing of SeDiskOperatorPrivilege via srvmgr.exe
Günther Deschner [Wed, 19 Jan 2005 17:42:33 +0000 (17:42 +0000)]
r4851: Preleminary fix for ldapsam_enum_group_memberships when
ldapsam:trusted=True. Don't bail out when ldap-search returns pure
posixgroups (w.o. samba group-mapping).
This way those unix-memberships do not appear in user and nt user token.
Volker, could you please look over that one?
Guenther
Günther Deschner [Wed, 19 Jan 2005 17:08:36 +0000 (17:08 +0000)]
r4850: Fix remaining pdb_setsampwent-calls.
To get all entries use a 0 acb_mask.
Guenther
Gerald Carter [Wed, 19 Jan 2005 16:52:19 +0000 (16:52 +0000)]
r4849: * finish SeAddUsers support in srv_samr_nt.c
* define some const SE_PRIV structure for use when
you need a SE_PRIV* to a privilege
* fix an annoying compiler warngin in smbfilter.c
* translate SIDs to names in 'net rpc rights list accounts'
* fix a seg fault in cli_lsa_enum_account_rights caused by
me forgetting the precedence of * vs. []
Gerald Carter [Wed, 19 Jan 2005 16:44:53 +0000 (16:44 +0000)]
r4848: fix build; gd please check and make sure this is ok
Günther Deschner [Wed, 19 Jan 2005 16:13:26 +0000 (16:13 +0000)]
r4847: Hand over a acb_mask to pdb_setsampwent in load_sampwd_entries().
This allows the ldap-backend to search much more effeciently. Machines
will be searched in the ldap_machine_suffix and users in the
ldap_users_suffix. (Note that we already use the ldap_group_suffix in
ldapsam_setsamgrent for quite some time).
Using the specific ldap-bases becomes notably important in large
domains: On my testmachine "net rpc trustdom list" has to search through
40k accounts just to list 3 interdomain-trust-accounts, similiar effects
show up the non-user query_dispinfo-calls, etc.
Also renamed all_machines to only_machines in load_sampwd_entries()
since that reflects better what is really meant.
Guenther
Simo Sorce [Wed, 19 Jan 2005 16:09:59 +0000 (16:09 +0000)]
r4846: do not keep outdated files here.
the updated file is in the Release branch and in the official tarballs
Simo Sorce [Wed, 19 Jan 2005 15:04:56 +0000 (15:04 +0000)]
r4845: Correct my name.
Jerry this file seem old and not updated.
We should either update it or remove it imho.
Simo.
Günther Deschner [Wed, 19 Jan 2005 09:58:29 +0000 (09:58 +0000)]
r4840: * Add more generic root-dse inspection function to check for given
controls or extensions.
* Check and remember if ldapsam's LDAP Server support paged results
(in preparation of adding async paged-results to set|get|end-sampwent in
ldapsam).
Guenther
Günther Deschner [Wed, 19 Jan 2005 09:36:27 +0000 (09:36 +0000)]
r4839: Allow to set acb_mask in rpcclient's enumdomusers (for debugging).
Guenther
Jeremy Allison [Tue, 18 Jan 2005 22:40:49 +0000 (22:40 +0000)]
r4830: Fix for problem noticed by Guy Harris <gharris@apple.com>, return
correct DOS/NT error code on transact named pipe on closed pipe
handle.
Jeremy.
Gerald Carter [Tue, 18 Jan 2005 20:51:06 +0000 (20:51 +0000)]
r4827: add 'net rpc rights list accounts' & update help text
Gerald Carter [Tue, 18 Jan 2005 19:51:36 +0000 (19:51 +0000)]
r4825: Printing changes
----------------
* bracket the add/delete/set printer scripts with checks for se_print_op
* slight change to the add/set printer script semantics. smbd no longer
relies on output from the script (on stdout) to re-read smb.conf
* remove SIGHUP from set/add/delete printin script code and now just
use MSG_SMB_CONF_UPDATED
* bracket the add/delete/set share scripts with checks for se_print_op
(this includes setting share ACLs)
Gerald Carter [Tue, 18 Jan 2005 18:30:32 +0000 (18:30 +0000)]
r4824: wrap the shutdown and abort_shutdown calls in check for the SE_REMOTE_SHUTDOWN privilege
Gerald Carter [Tue, 18 Jan 2005 18:29:55 +0000 (18:29 +0000)]
r4823: remove -O1 from --with-developer
Gerald Carter [Tue, 18 Jan 2005 18:29:28 +0000 (18:29 +0000)]
r4822: fix return code when you ask for a non-privileged SID via one of the privileges RPC calls
Gerald Carter [Tue, 18 Jan 2005 18:28:34 +0000 (18:28 +0000)]
r4821: finish off 'net rpc rights [list|grant|revoke]'
one small todo item is to add a 'accounts' sub option
to 'net rpc list' so enumerate all privileged SIDs
and their associated rights.