14 years agor5176: Warn the user that print command is ignored when using cups libraries
Simo Sorce [Wed, 2 Feb 2005 16:22:59 +0000 (16:22 +0000)]
r5176: Warn the user that print command is ignored when using cups libraries
(This used to be commit 142461204718d489bbeff451878a52208b9891bc)

14 years agor5174: ensure that we consistently use the current_user_info.smb_name vs. smb_name...
Gerald Carter [Wed, 2 Feb 2005 16:05:55 +0000 (16:05 +0000)]
r5174: ensure that we consistently use the current_user_info.smb_name vs. smb_name when parsing smb.conf and reloading config files
(This used to be commit be537eaebe84b2ccae089e5982263df8a96e7a5b)

14 years agor5166: From James Peach - remove minor C99-isms.
Jeremy Allison [Wed, 2 Feb 2005 01:58:18 +0000 (01:58 +0000)]
r5166: From James Peach - remove minor C99-isms.
(This used to be commit 54ac409d4fd3b6e8e2bd338dabed446a92507811)

14 years agor5165: BUG 2295: always use get_local_machine_name() rather than digging in the glova...
Gerald Carter [Tue, 1 Feb 2005 20:43:14 +0000 (20:43 +0000)]
r5165: BUG 2295: always use get_local_machine_name() rather than digging in the gloval variable 'local_machine'
(This used to be commit 6a6e4af46a5c0a693a3dd9d558a4d1c1e5d72d95)

14 years agor5163: Fix bugzilla 2062:
Jim McDonough [Tue, 1 Feb 2005 19:32:54 +0000 (19:32 +0000)]
r5163: Fix bugzilla 2062:
turn off broadcast for all 390 NICs.
(This used to be commit d159a5013e96a1188599a3fa0bff108fa6f6679b)

14 years agor5162: BUG 2264: remove shutdown and abortshurn commands from rpcclient since they...
Gerald Carter [Tue, 1 Feb 2005 19:04:13 +0000 (19:04 +0000)]
r5162: BUG 2264: remove shutdown and abortshurn commands from rpcclient since they are stable in 'net rpc' (to avoid fixing portability bugs)
(This used to be commit 0a1f9703a1fe5dec80d76db6736c43e19fea9c3f)

14 years agor5160: First cut at refactoring of directory code to handle non-wildcard
Jeremy Allison [Tue, 1 Feb 2005 18:33:50 +0000 (18:33 +0000)]
r5160: First cut at refactoring of directory code to handle non-wildcard
directory match more efficiently. Passes RAW-SEARCH under valgrind but needs more
testing (which I'll do later today :-).
(This used to be commit 0b04dd9d0c6d1fe02d1b5e43f203577bf5466f33)

14 years agor5159: BUG 2262: add support to detect *freebsd6* (same as *freebsd5* currently)
Gerald Carter [Tue, 1 Feb 2005 18:29:14 +0000 (18:29 +0000)]
r5159: BUG 2262: add support to detect *freebsd6* (same as *freebsd5* currently)
(This used to be commit d6c7de240885be00149fd00b47f229a59f150b3e)

14 years agor5158: BUG 2263: patch from Timur Bakeyev <> to guard base64_encode_d...
Gerald Carter [Tue, 1 Feb 2005 18:24:39 +0000 (18:24 +0000)]
r5158: BUG 2263: patch from Timur Bakeyev <> to guard base64_encode_data_blob() against empty blobs
(This used to be commit 17239d609f63ae5bd6826e580876c27e8c92d6fa)

14 years agor5157: BUG 2266: conditionally include rpc/nettype.h to work around missing header...
Gerald Carter [Tue, 1 Feb 2005 18:14:15 +0000 (18:14 +0000)]
r5157: BUG 2266: conditionally include rpc/nettype.h to work around missing header onf FreeBSD4
(This used to be commit 314da604735696da4cf350f35d84592356e31861)

14 years agor5154: Tidy up interface a little.
Jeremy Allison [Tue, 1 Feb 2005 02:06:00 +0000 (02:06 +0000)]
r5154: Tidy up interface a little.
(This used to be commit a38eeb765f4c744ca7bf0aca86bb448240ad295d)

14 years agor5152: Restructure the directory handling code, stop using void * pointers
Jeremy Allison [Tue, 1 Feb 2005 00:28:20 +0000 (00:28 +0000)]
r5152: Restructure the directory handling code, stop using void * pointers
that just allow the wrong pointer to be assigned :-) and make the
interface more consistent. Fix the FreeBSD directory problem. Last
thing to do is to add the "singleton" directory concept from James
Peach's code.
(This used to be commit cfa8150fd9932470cb8f3b5e14c0156dda67125d)

14 years agor5150: consolidate the samr_make.*obj_sd() functions to share code
Gerald Carter [Mon, 31 Jan 2005 22:42:30 +0000 (22:42 +0000)]
r5150: consolidate the samr_make.*obj_sd() functions to share code
(This used to be commit 5bd03d59263ab619390062c1d023ad1ba54dce6a)

14 years agor5140: (a) fix problem with enumerating domain trusts in security = ads; (b) fix...
Gerald Carter [Mon, 31 Jan 2005 16:32:14 +0000 (16:32 +0000)]
r5140: (a) fix problem with enumerating domain trusts in security = ads; (b) fix a segfault in rpcclient's dsenumdomtrusts
(This used to be commit 558525abf14432bd5527e5578ce18d128627dabb)

14 years agor5132: netscape DS 5.2 schema update from Richard Renard <>
Gerald Carter [Mon, 31 Jan 2005 13:26:00 +0000 (13:26 +0000)]
r5132: netscape DS 5.2 schema update from Richard Renard <>
(This used to be commit 33ac88c6a7bfe4e6d391b841bd4461086af27e4e)

14 years agor5131: BUG 2290: don;t call since we don't have it in this directory
Gerald Carter [Mon, 31 Jan 2005 13:17:49 +0000 (13:17 +0000)]
r5131: BUG 2290: don;t call since we don't have it in this directory
(This used to be commit 2ddcb643819bcb0f33c14fc22117d98ea2bcc132)

14 years agor5127: Fix Bug 2289 -- thanks to
Volker Lendecke [Mon, 31 Jan 2005 09:27:12 +0000 (09:27 +0000)]
r5127: Fix Bug 2289 -- thanks to
(This used to be commit 8c35c3bf2ed65d2b93feb0f419e1c7785fba7764)

14 years agor5125: Fix bug 2113 -- thanks to
Volker Lendecke [Mon, 31 Jan 2005 08:29:51 +0000 (08:29 +0000)]
r5125: Fix bug 2113 -- thanks to
(This used to be commit 0c205bcc864c8dc01124a5d654792de0cbf79a63)

14 years agor5112: Fix for shared object creation in examples. Bugzilla #2058.
Tim Potter [Sun, 30 Jan 2005 22:47:26 +0000 (22:47 +0000)]
r5112: Fix for shared object creation in examples.  Bugzilla #2058.
(This used to be commit 8e5db6f08ceb969bd2580558031f3737b32f10b1)

14 years agor5111: Fix up changed prototype for setsampwent pdb function.
Tim Potter [Sun, 30 Jan 2005 22:45:46 +0000 (22:45 +0000)]
r5111: Fix up changed prototype for setsampwent pdb function.
(This used to be commit 331748202077ce9e0b5dcf3ed9b3ab6f89e9c0e4)

14 years agor5100: We should only care about case-sensitivity when *reading* an incoming
Jeremy Allison [Sun, 30 Jan 2005 00:36:19 +0000 (00:36 +0000)]
r5100: We should only care about case-sensitivity when *reading* an incoming
filename, not returning one. Makes us pass one more Samba4 RAW-SEARCH test.
(This used to be commit 228d1e1649a0b4952eb5603cb5e1851cdc8f0c72)

14 years agor5098: Next round build-fixing
Volker Lendecke [Sat, 29 Jan 2005 10:05:46 +0000 (10:05 +0000)]
r5098: Next round build-fixing
(This used to be commit 175ec3ed518704920c7c55b050ec1cc00da7f560)

14 years agor5096: Attempt to fix the build
Volker Lendecke [Sat, 29 Jan 2005 09:38:15 +0000 (09:38 +0000)]
r5096: Attempt to fix the build
(This used to be commit 5f34139b68460f6fb1046e2b97f16dbeff3fb136)

14 years agor5082: Don't blindly copy question rr_type and class, set correctly as required
Jeremy Allison [Sat, 29 Jan 2005 02:49:01 +0000 (02:49 +0000)]
r5082: Don't blindly copy question rr_type and class, set correctly as required
by rfc1002.
(This used to be commit 422fb43dda13e0840245ae272b7621640b8ad220)

14 years agor5077: Use correct type for rr record on negative name query reply.
Jeremy Allison [Sat, 29 Jan 2005 02:18:01 +0000 (02:18 +0000)]
r5077: Use correct type for rr record on negative name query reply.
(This used to be commit 86c5548d272c0804c0188ae744ae1bb17eb817f6)

14 years agor5076: Ensure that WINS negative name query responses and WACK packets
Jeremy Allison [Sat, 29 Jan 2005 02:03:46 +0000 (02:03 +0000)]
r5076: Ensure that WINS negative name query responses and WACK packets
use the correct RR type of 0xA instead of reflecting back what
the query RR type was (0x20). See rfc1002 sections 4.2.14 and
(This used to be commit ab8c9240044f1ef3d5c6ac4850c8ec615c2e32fd)

14 years agor5069: Ensure we return the correct errors for old-style search requests.
Jeremy Allison [Fri, 28 Jan 2005 23:17:12 +0000 (23:17 +0000)]
r5069: Ensure we return the correct errors for old-style search requests.
(This used to be commit ef73dfe0d6c3b7f71109e32115d528ecdbe562ea)

14 years agor5066: A couple of small fixes from James Peach @ SGI.
Jeremy Allison [Fri, 28 Jan 2005 21:55:45 +0000 (21:55 +0000)]
r5066: A couple of small fixes from James Peach @ SGI.
(This used to be commit 9d131e94195df79e07c8fad20e12ba1b67441a81)

14 years agor5063: Shamelessly steal the Samba4 logic (and some code :-) for directory
Jeremy Allison [Fri, 28 Jan 2005 21:01:58 +0000 (21:01 +0000)]
r5063: Shamelessly steal the Samba4 logic (and some code :-) for directory
evaluation. This stops us from reading the entire directory into
memory at one go, and allows partial reads. It also keeps almost
the same interface to the OpenDir/ReadDir etc. code (sorry James :-).
Next I will optimise the findfirst with exact match code. This speeds
up our interactive response for large directories, but not when a
missing (ie. negative) findfirst is done.
(This used to be commit 0af1d2f6f24f238cb05e10d7d53dcd5b5e0f5f5d)

14 years agor5060: BUG 2286: fix typoe on sambaConfig oc definition
Gerald Carter [Fri, 28 Jan 2005 17:36:41 +0000 (17:36 +0000)]
r5060: BUG 2286: fix typoe on sambaConfig oc definition
(This used to be commit e2ce048654fdb98a50622ac60abae18c6b6ba4d2)

14 years agor5058: Due to the fragileness how windows reacts on unmapped sids sometimes,
Günther Deschner [Fri, 28 Jan 2005 17:05:55 +0000 (17:05 +0000)]
r5058: Due to the fragileness how windows reacts on unmapped sids sometimes,
don't leave administator-sid unmapped. Simply return "Administrator"

(This used to be commit 168ddf31d1af49d52d17dd09c9653d3deafb9442)

14 years agor5056: * correct STANDARD_RIGHTS_WRITE_ACCESS bitmask define
Gerald Carter [Fri, 28 Jan 2005 16:55:09 +0000 (16:55 +0000)]
r5056: * correct STANDARD_RIGHTS_WRITE_ACCESS bitmask define
* make sure to apply the rights_mask and not just the saved
  bits from the mask in access_check_samr_object()
* allow root to grant/revoke privileges (in addition to Domain
  Admins) as suggested by Volker.

Tested machine joins from XP, 2K, and NT4 with and without
pre-existing machine trust accounts.  Also tested basic file
operations using cmd.exe and explorer.exe after changing the
(This used to be commit c0e7f7ff60a4110809b8f500fdc68a1bf963da36)

14 years agor5046: mark 'winbind enable local accounts' and testprns as depcrecated
Gerald Carter [Thu, 27 Jan 2005 15:13:16 +0000 (15:13 +0000)]
r5046: mark 'winbind enable local accounts' and testprns as depcrecated
(This used to be commit 17bc42b4c2e21004adaeac78db6231a384fda16c)

14 years agor5029: after talking to Rob, ensure that we set the NETIOSNAME.domainname
Gerald Carter [Thu, 27 Jan 2005 02:56:18 +0000 (02:56 +0000)]
r5029: after talking to Rob, ensure that we set the NETIOSNAME.domainname
as the longname in the published printer information since this
is what we will have used when we joined the domain.

More testing on this tomorrow.
(This used to be commit d64fd1116d5fe29807be29c73809317f88fdb033)

14 years agor5028: * check acb_info mask in _samr_create_user instead of the last character
Gerald Carter [Thu, 27 Jan 2005 02:16:02 +0000 (02:16 +0000)]
r5028: * check acb_info mask in _samr_create_user instead of the last character
  of the user name
* fix some access_mask checks in _samr_set_userinfo2 (getting join from
  XP without being a member of domain admins working)
(This used to be commit 04030534ffd35f8ebc997d9403fd87309403dcbf)

14 years agor5020: bumping the 3.0 tree to 3.0.12pre1 since there will not be a full sync for...
Gerald Carter [Wed, 26 Jan 2005 20:48:21 +0000 (20:48 +0000)]
r5020: bumping the 3.0 tree to 3.0.12pre1 since there will not be a full sync for the 3.0.11rc1 release
(This used to be commit c0e292e491c684b8ce19096e55338a27161c0a49)

14 years agor5015: (based on abartlet's original patch to restrict password changes)
Gerald Carter [Wed, 26 Jan 2005 20:36:44 +0000 (20:36 +0000)]
r5015: (based on abartlet's original patch to restrict password changes)

* added SE_PRIV checks to access_check_samr_object() in order
  to deal with the run-time security descriptor and their
  interaction with user rights

* Reordered original patch in _samr_set_userinfo[2] to still
  allow root/administrative password changes for users and machines.
(This used to be commit f9f9e6039bd9443d54445e41c3783a2be18925fb)

14 years agor5014: Split out the request to send an async level II oplock break into a
Jeremy Allison [Wed, 26 Jan 2005 20:01:21 +0000 (20:01 +0000)]
r5014: Split out the request to send an async level II oplock break into a
new function to make it clear when it's called. Remove async parameter
that had been overloaded into request_oplock_break.
Inspired by work from Nadav Danieli <>.
(This used to be commit 05697fb50236dfc28e81f8b3900eac17cace57c1)

14 years agor5012: fix segfault caused by using a ipp_t * after calling cupsDoRequest()
Gerald Carter [Wed, 26 Jan 2005 14:46:54 +0000 (14:46 +0000)]
r5012: fix segfault caused by using a ipp_t * after calling cupsDoRequest()
(This used to be commit 0ac3c4c5a231c314213dbce29e25911ddb04de2d)

14 years agor5002: Ensure we can't remove a level II oplock without having the
Jeremy Allison [Wed, 26 Jan 2005 00:13:15 +0000 (00:13 +0000)]
r5002: Ensure we can't remove a level II oplock without having the
shared memory area locked. This need to be in 3.0.11. Pointed
out by Nadav Danieli <>.
(This used to be commit 47ed16aefbdcb6257101c6b78c93eeb7cf048185)

14 years agor5000: 5000th post! w00tsvn diffsvn diff :-)
Gerald Carter [Tue, 25 Jan 2005 23:34:39 +0000 (23:34 +0000)]
r5000: 5000th post! w00tsvn diffsvn diff :-)
(This used to be commit 41d247d9643eb9cb9705f65f924e61c8dfbe6e00)

14 years agor4996: sync up copytights with trunk
Gerald Carter [Tue, 25 Jan 2005 23:33:18 +0000 (23:33 +0000)]
r4996: sync up copytights with trunk
(This used to be commit 8946efe102f7a8a9b5a8059a80666b782159e7b8)

14 years agor4995: fail set_privileges() if 'enable privileges = no' to prevent confused admins...
Gerald Carter [Tue, 25 Jan 2005 23:32:19 +0000 (23:32 +0000)]
r4995: fail set_privileges() if 'enable privileges = no' to prevent confused admins who never read what I write :-)
(This used to be commit 1d7a636e0e7f8a0bc3d3ae04b40f79db7f08d619)

14 years agor4994: Patch from abartlet:
Günther Deschner [Tue, 25 Jan 2005 23:30:05 +0000 (23:30 +0000)]
r4994: Patch from abartlet:

When migrating account policies to ldapsam, handle the fact that an
admin might have changed the default location of the sambaDomain-object
after installation.

(This used to be commit 78c3c7127444b8f9959f4d6ce9e540271869d70f)

14 years agor4989: Display failed LDAP-server-uri.
Günther Deschner [Tue, 25 Jan 2005 20:36:24 +0000 (20:36 +0000)]
r4989: Display failed LDAP-server-uri.

(This used to be commit d433c7b476005064b9cfd339bbd8a25b40de59c1)

14 years agor4988: After speaking with Jerry, remove old lp_admin_users to
Günther Deschner [Tue, 25 Jan 2005 19:56:01 +0000 (19:56 +0000)]
r4988: After speaking with Jerry, remove old lp_admin_users to
administrator-sid mapping completely.

(This used to be commit 4cbe37ecd544b01c57c7fce5b3be28669f4ba6c3)

14 years agor4976: Try to scare people off from trying to write authentication modules
Andrew Bartlett [Tue, 25 Jan 2005 02:58:31 +0000 (02:58 +0000)]
r4976: Try to scare people off from trying to write authentication modules
that only acheive as much as 'security=server' does.

Andrew Bartlett
(This used to be commit fb694f2b1a809d221f48f9b9b0e54e9512325bae)

14 years agor4972: Fix a warning and some debugging-outputs.
Günther Deschner [Tue, 25 Jan 2005 01:19:02 +0000 (01:19 +0000)]
r4972: Fix a warning and some debugging-outputs.

(This used to be commit 1eabfa050b661168b42892c2d841c7891e59cf5f)

14 years agor4970: Fix for bug 2092, allowing fallback after kerberos and allow
Jeremy Allison [Mon, 24 Jan 2005 20:21:15 +0000 (20:21 +0000)]
r4970: Fix for bug 2092, allowing fallback after kerberos and allow
gnome vfs to prevent auto-anonymous logon.
(This used to be commit 843e85bcd978d025964c4d45d9a3886c7cf7f63c)

14 years agor4967: Not being in any domain local groups is obviously valid...
Volker Lendecke [Mon, 24 Jan 2005 19:33:20 +0000 (19:33 +0000)]
r4967: Not being in any domain local groups is obviously valid...

(This used to be commit 78975ab9a996ac61be37410f18ddedb9df58d04b)

14 years agor4966: don't enumerate the drivers for the same architecture string more than once
Gerald Carter [Mon, 24 Jan 2005 18:42:33 +0000 (18:42 +0000)]
r4966: don't enumerate the drivers for the same architecture string more than once
(This used to be commit c488ce9934aaf640c3f63cbdabc3110b8cf70fae)

14 years agor4965: comment out some unused attributes and oc's
Gerald Carter [Mon, 24 Jan 2005 17:42:19 +0000 (17:42 +0000)]
r4965: comment out some unused attributes and oc's
(This used to be commit d95c9c4d74ea2fb7e5aac4a58888ab6fbc571dfb)

14 years agor4964: Fix our lsa lookupsid $OURDOMAINSID-500.
Günther Deschner [Mon, 24 Jan 2005 17:29:12 +0000 (17:29 +0000)]
r4964: Fix our lsa lookupsid $OURDOMAINSID-500.

Give the admin-user (rid 500) a chance to be found in passdb, not
returning the (possibly obscure) first entry of "admin users" before

(This used to be commit d319c0e189bc67a4552dafaff80113603b551eb3)

14 years agor4963: It is actually a very bad idea to use KRB5_CONFIG in the
Günther Deschner [Mon, 24 Jan 2005 16:30:46 +0000 (16:30 +0000)]
r4963: It is actually a very bad idea to use KRB5_CONFIG in the
configure-checks (At least Heimdal uses KRB5_CONFIG for locating it's
configuration-file (usually /etc/krb5.conf)). Renaming it to KRB5CONFIG
prevents configure-checks that use heimdal-libs from segfaulting while
the lib reads the krb5-config binary as a configuration file...

Vendors that used the KRB5_CONFIG-variable to let configure find a
custom krb5-config binary have to use KRB5CONFIG now.

(This used to be commit 95edb3c67f330afd8dbb8268f3f8ecaf1732c238)

14 years agor4946: Our notion the other_sids in the info3 SamLogon struct was
Volker Lendecke [Sun, 23 Jan 2005 14:10:57 +0000 (14:10 +0000)]
r4946: Our notion the other_sids in the info3 SamLogon struct was
...hmmm... completely bogus. This does not affect us as a domain controller,
as we never set other_sids, but I have *no* idea how winbind got away with it.

Please review thoroughly, samba4 idl looks closer to reality here.

Test case: Member of w2k3 domain, authenticate as a user who is member of one
or more domain local groups. Easiest review with 'client schannel = no'.


(This used to be commit a0a6388830d9457de3e42686c64bddeba42954f8)

14 years agor4933: List not only the first 10 trusts with rpcclient -c enumtrust.
Volker Lendecke [Sat, 22 Jan 2005 17:12:19 +0000 (17:12 +0000)]
r4933: List not only the first 10 trusts with rpcclient -c enumtrust.

(This used to be commit 9ca6cfcf1e4a905d47429a6dc18e2bd7ad5fe1e3)

14 years agor4932: Forgot to increase version with the account-policy-commit.
Günther Deschner [Sat, 22 Jan 2005 12:02:13 +0000 (12:02 +0000)]
r4932: Forgot to increase version with the account-policy-commit.

(This used to be commit 42e380303ddce890f313c221a766dc1e1ee972fb)

14 years agor4931: Add get_user_info_7 in SAMR. This just gives out the username. (In
Günther Deschner [Sat, 22 Jan 2005 11:26:13 +0000 (11:26 +0000)]
r4931: Add get_user_info_7 in SAMR. This just gives out the username. (In
preparation of adding the ability of renaming users via setuserinfo
level 7).

(This used to be commit 6f34ed6c203fa11182640da97581075612d26c0e)

14 years agor4926: Use LDAP_SCOPE_ONELEVEL instead of OpenLDAP's LDAP_SCOPE_ONE-scope.
Günther Deschner [Sat, 22 Jan 2005 04:09:21 +0000 (04:09 +0000)]
r4926: Use LDAP_SCOPE_ONELEVEL instead of OpenLDAP's LDAP_SCOPE_ONE-scope.

(This used to be commit eee0bd806b4fd4558f9c48c09f7e85274e2b807f)

14 years agor4925: Migrate Account Policies to passdb (esp. replicating ldapsam).
Günther Deschner [Sat, 22 Jan 2005 03:37:09 +0000 (03:37 +0000)]
r4925: Migrate Account Policies to passdb (esp. replicating ldapsam).

Does automated migration from account_policy.tdb v1 and v2 and offers a
pdbedit-Migration interface. Jerry, please feel free to revert that if
you have other plans.

(This used to be commit 75af83dfcd8ef365b4b1180453060ae5176389f5)

14 years agor4921: Typo.
Jeremy Allison [Sat, 22 Jan 2005 01:38:42 +0000 (01:38 +0000)]
r4921: Typo.
(This used to be commit 033105376ef4ed7d31ef7cab2442719ed57d29b9)

14 years agor4917: Merge some of obvious fixes.
Jeremy Allison [Sat, 22 Jan 2005 01:22:39 +0000 (01:22 +0000)]
r4917: Merge some of obvious fixes.
Added text explaining units in pdbedit time fields.
(This used to be commit 3d09c15d8f06ad06fae362291a6c986f7b6107e6)

14 years agor4913: fixing 'perl requires' filters for RPM packaging on RedHat/Fedora
Gerald Carter [Fri, 21 Jan 2005 23:06:27 +0000 (23:06 +0000)]
r4913: fixing 'perl requires' filters for RPM packaging on RedHat/Fedora
(This used to be commit 6b38a3923c403562c26642f24477c607a4295878)

14 years agor4907: remove unreached code
Gerald Carter [Fri, 21 Jan 2005 19:09:51 +0000 (19:09 +0000)]
r4907: remove unreached code
(This used to be commit 15fd4a05ec2439f41591ee8a1c30021d9a34371b)

14 years agor4905: patch from abartlet to remove storing the auth-user credentials from the cli...
Gerald Carter [Fri, 21 Jan 2005 19:08:17 +0000 (19:08 +0000)]
r4905: patch from abartlet to remove storing the auth-user credentials from the cli* in cm_prepare_connection().  using credentials from a domain other thanour primary domain will cause the schannel setup to fail
(This used to be commit a13e29b5f2f1e48225b5b5964bc0777948f16622)

14 years agor4902: please note that cupsDoRequest() deletes the request* so don't call ippDelete...
Gerald Carter [Fri, 21 Jan 2005 18:14:31 +0000 (18:14 +0000)]
r4902: please note that cupsDoRequest() deletes the request* so don't call ippDelete(request) *ever*
(This used to be commit f65598b3b0dc99900d547eb67473cca5d371614f)

14 years agor4882: Fix for #2255. Debug should have been 10 not 0.
Jeremy Allison [Fri, 21 Jan 2005 01:42:45 +0000 (01:42 +0000)]
r4882: Fix for #2255. Debug should have been 10 not 0.
(This used to be commit 5557e1409a9a22759ca3bea021d4a662099e683a)

14 years agor4881: Varient of Lar's patch for #2270. Jerry promises to test :-).
Jeremy Allison [Fri, 21 Jan 2005 00:29:38 +0000 (00:29 +0000)]
r4881: Varient of Lar's patch for #2270. Jerry promises to test :-).
(This used to be commit 2afe2a16c92bb2500854b8e288c1d7704ede704a)

14 years agor4879: Fix rewinddir -> rewind_dir. Noticed by James Peach.
Jeremy Allison [Thu, 20 Jan 2005 22:42:08 +0000 (22:42 +0000)]
r4879: Fix rewinddir -> rewind_dir. Noticed by James Peach.
(This used to be commit 79f54d12759f9161dc5837a090391cd0cf6471f5)

14 years agor4877: When vampiring account policy AP_LOCK_ACCOUNT_DURATION honour "Lockout
Günther Deschner [Thu, 20 Jan 2005 21:42:05 +0000 (21:42 +0000)]
r4877: When vampiring account policy AP_LOCK_ACCOUNT_DURATION honour "Lockout
Duration: Forever".

(This used to be commit aecacf4d9cc5e2aa69b358292b9d591ade696500)

14 years agor4875: Fix for bugid #221, inspired by Mrinal Kalakrishnan <>.
Jeremy Allison [Thu, 20 Jan 2005 18:31:11 +0000 (18:31 +0000)]
r4875: Fix for bugid #221, inspired by Mrinal Kalakrishnan <>.
NT sometimes send garbage bytes in NT security descriptor linearizations
when sending well-known sids. Cope with these.
(This used to be commit 51b34bb536fdb18c99da1e151eba03ea634e0449)

14 years agor4874: add DOmain Admins (Full Control) to the default printer sd if we are a DC
Gerald Carter [Thu, 20 Jan 2005 17:42:15 +0000 (17:42 +0000)]
r4874: add DOmain Admins (Full Control) to the default printer sd if we are a DC
(This used to be commit 8971a8544274a7f3643ae67be744d7dab181973d)

14 years agor4873: example delete printer script for use with cups
Gerald Carter [Thu, 20 Jan 2005 17:17:29 +0000 (17:17 +0000)]
r4873: example delete printer script for use with cups
(This used to be commit c646829e3231d5e4e8c030bb084920fadaafb983)

14 years agor4871: BUG 603: patch by Daniel Beschorner <>. Correct access mask...
Gerald Carter [Thu, 20 Jan 2005 17:05:10 +0000 (17:05 +0000)]
r4871: BUG 603: patch by Daniel Beschorner <>.  Correct access mask check for _samr_lookup_domain() to work with Windows RAS server
(This used to be commit 2e7a5608ac6a11f4e9e8bda69abb984fb4f86eb8)

14 years agor4870: Make multi-domain-mode in idmap_rid accessible from outside (can be
Günther Deschner [Thu, 20 Jan 2005 17:04:16 +0000 (17:04 +0000)]
r4870: Make multi-domain-mode in idmap_rid accessible from outside (can be
compiled with -DIDMAP_RID_SUPPORT_TRUSTED_DOMAINS) as requested by Lars
Mueller <>.

Allow to map ID's for a local SAM and add some more

(This used to be commit 4d8e7c9ff00417b2ebae0c5faccfe9c2c9c44f2e)

14 years agor4869: Display sam_user_info_7 in rpcclient.
Günther Deschner [Thu, 20 Jan 2005 16:55:55 +0000 (16:55 +0000)]
r4869: Display sam_user_info_7 in rpcclient.

(This used to be commit 30e808ca07bec66d5ecd81cc8c86bb4a98874bc4)

14 years agor4868: Add "net rpc user RENAME"-command.
Günther Deschner [Thu, 20 Jan 2005 16:51:24 +0000 (16:51 +0000)]
r4868: Add "net rpc user RENAME"-command.

Note that Samba3 does not yet support it server-side.

(This used to be commit b2c8220931733593fd312fc25b6c73f440b4567a)

14 years agor4867: Removing smbldap-tools from the svn tree. I'll include
Gerald Carter [Thu, 20 Jan 2005 16:31:42 +0000 (16:31 +0000)]
r4867: Removing smbldap-tools from the svn tree.  I'll include
the latest version in the actual release tarballs.
Have spoken to the idealx developers about this.

Updated README to reflect the changte for people using svn.

Removed since it is no longer needed when using
the smbldap-tools (only keep things you support).
(This used to be commit f745e5119f420d4826ac395037880666761e05e8)

14 years agor4866: Add createdomgroup to rpcclient (needed to generate huge amounts of
Günther Deschner [Thu, 20 Jan 2005 13:49:34 +0000 (13:49 +0000)]
r4866: Add createdomgroup to rpcclient (needed to generate huge amounts of
groups when 'net rpc group add' is just to slow).

(This used to be commit 88572efdea1bfd32478b33564a85485222731901)

14 years agor4864: Remove unused var.
Jeremy Allison [Thu, 20 Jan 2005 01:19:57 +0000 (01:19 +0000)]
r4864: Remove unused var.
(This used to be commit 9fd5d633e65e00a44ba0136ee91170edcecfae24)

14 years agor4860: fix silly limitation in ldapsam and tdbsam. Expand variables in the profile...
Gerald Carter [Wed, 19 Jan 2005 22:50:27 +0000 (22:50 +0000)]
r4860: fix silly limitation in ldapsam and tdbsam.  Expand variables in the profile path, logon home and logon script values
(This used to be commit 504ea4ac68f47b71542a88b17cbb6b546e1cb881)

14 years agor4856: after testing a simple add printer script, i realized that you still have...
Gerald Carter [Wed, 19 Jan 2005 21:10:56 +0000 (21:10 +0000)]
r4856: after testing a simple add printer script, i realized that you still have to be root to send the message to all smbds that the config file has been updated
(This used to be commit 6409de1a1ef34bb41c3efeebfabdf13be5e08613)

14 years agor4855: add some smb.conf script for add/delete/change share and addprinter hooks
Gerald Carter [Wed, 19 Jan 2005 20:44:00 +0000 (20:44 +0000)]
r4855: add some smb.conf script for add/delete/change share and addprinter hooks
(This used to be commit 073592b7ad539138763c457fe58c1d82b2daa9c1)

14 years agor4852: merge simo changes to srv_srvsvc_nt.c from trunk
Gerald Carter [Wed, 19 Jan 2005 18:28:55 +0000 (18:28 +0000)]
r4852: merge simo changes to srv_srvsvc_nt.c from trunk
that allows the add/change share command to create the directory
passed in as an arguement and not require that it pre-exist.

Also finish testing of SeDiskOperatorPrivilege via srvmgr.exe
(This used to be commit 9af83a7d70324846e6a2660c73589ee68340b4aa)

14 years agor4851: Preleminary fix for ldapsam_enum_group_memberships when
Günther Deschner [Wed, 19 Jan 2005 17:42:33 +0000 (17:42 +0000)]
r4851: Preleminary fix for ldapsam_enum_group_memberships when
ldapsam:trusted=True. Don't bail out when ldap-search returns pure
posixgroups (w.o. samba group-mapping).

This way those unix-memberships do not appear in user and nt user token.
Volker, could you please look over that one?

(This used to be commit 853a8b7f1c0b00b2e4433d1281f3c9bfcaf980a6)

14 years agor4850: Fix remaining pdb_setsampwent-calls.
Günther Deschner [Wed, 19 Jan 2005 17:08:36 +0000 (17:08 +0000)]
r4850: Fix remaining pdb_setsampwent-calls.
To get all entries use a 0 acb_mask.

(This used to be commit bc729f8fd877236a503cc9df64138b2be2e1a91d)

14 years agor4849: * finish SeAddUsers support in srv_samr_nt.c
Gerald Carter [Wed, 19 Jan 2005 16:52:19 +0000 (16:52 +0000)]
r4849: * finish SeAddUsers support in srv_samr_nt.c
* define some const SE_PRIV structure for use when
  you need a SE_PRIV* to a privilege
* fix an annoying compiler warngin in smbfilter.c
* translate SIDs to names in 'net rpc rights list accounts'
* fix a seg fault in cli_lsa_enum_account_rights caused by
  me forgetting the precedence of * vs. []
(This used to be commit d25fc84bc2b14da9fcc0f3c8d7baeca83f0ea708)

14 years agor4848: fix build; gd please check and make sure this is ok
Gerald Carter [Wed, 19 Jan 2005 16:44:53 +0000 (16:44 +0000)]
r4848: fix build; gd please check and make sure this is ok
(This used to be commit f1d59c3a2693fe36b9abe9c1da4b703c5543f938)

14 years agor4847: Hand over a acb_mask to pdb_setsampwent in load_sampwd_entries().
Günther Deschner [Wed, 19 Jan 2005 16:13:26 +0000 (16:13 +0000)]
r4847: Hand over a acb_mask to pdb_setsampwent in load_sampwd_entries().

This allows the ldap-backend to search much more effeciently. Machines
will be searched in the ldap_machine_suffix and users in the
ldap_users_suffix. (Note that we already use the ldap_group_suffix in
ldapsam_setsamgrent for quite some time).

Using the specific ldap-bases becomes notably important in large
domains: On my testmachine "net rpc trustdom list" has to search through
40k accounts just to list 3 interdomain-trust-accounts, similiar effects
show up the non-user query_dispinfo-calls, etc.

Also renamed all_machines to only_machines in load_sampwd_entries()
since that reflects better what is really meant.

(This used to be commit 6394257cc721ca739bda0e320375f04506913533)

14 years agor4846: do not keep outdated files here.
Simo Sorce [Wed, 19 Jan 2005 16:09:59 +0000 (16:09 +0000)]
r4846: do not keep outdated files here.
the updated file is in the Release branch and in the official tarballs
(This used to be commit f77939c65cc4ae4e0bb9504f700b50d6601bd031)

14 years agor4845: Correct my name.
Simo Sorce [Wed, 19 Jan 2005 15:04:56 +0000 (15:04 +0000)]
r4845: Correct my name.
Jerry this file seem old and not updated.
We should either update it or remove it imho.

(This used to be commit 7c88ecf6bb6f341f5ed7c35011a1a9bc2daf34e0)

14 years agor4840: * Add more generic root-dse inspection function to check for given
Günther Deschner [Wed, 19 Jan 2005 09:58:29 +0000 (09:58 +0000)]
r4840: * Add more generic root-dse inspection function to check for given
controls or extensions.
* Check and remember if ldapsam's LDAP Server support paged results
(in preparation of adding async paged-results to set|get|end-sampwent in

(This used to be commit ced58bd8849cdef78513674dff1b1ec331945aa9)

14 years agor4839: Allow to set acb_mask in rpcclient's enumdomusers (for debugging).
Günther Deschner [Wed, 19 Jan 2005 09:36:27 +0000 (09:36 +0000)]
r4839: Allow to set acb_mask in rpcclient's enumdomusers (for debugging).

(This used to be commit 92851def70914af1aa501857c6346ca6ae6fc010)

14 years agor4830: Fix for problem noticed by Guy Harris <>, return
Jeremy Allison [Tue, 18 Jan 2005 22:40:49 +0000 (22:40 +0000)]
r4830: Fix for problem noticed by Guy Harris <>, return
correct DOS/NT error code on transact named pipe on closed pipe
(This used to be commit 599c281464fa96725c3ee6dd3c5ee03ea81314ea)

14 years agor4827: add 'net rpc rights list accounts' & update help text
Gerald Carter [Tue, 18 Jan 2005 20:51:06 +0000 (20:51 +0000)]
r4827: add 'net rpc rights list accounts' & update help text
(This used to be commit 002ece931917e2952ed795939384764d14f93ce9)

14 years agor4825: Printing changes
Gerald Carter [Tue, 18 Jan 2005 19:51:36 +0000 (19:51 +0000)]
r4825: Printing changes

* bracket the add/delete/set printer scripts with checks for se_print_op
* slight change to the add/set printer script semantics.  smbd no longer
  relies on output from the script (on stdout) to re-read smb.conf
* remove SIGHUP from set/add/delete printin script code and now just

* bracket the add/delete/set share scripts with checks for se_print_op
  (this includes setting share ACLs)
(This used to be commit 8ab8113d2e1bec6a1dbf464882ad724c7c591be4)

14 years agor4824: wrap the shutdown and abort_shutdown calls in check for the SE_REMOTE_SHUTDOWN...
Gerald Carter [Tue, 18 Jan 2005 18:30:32 +0000 (18:30 +0000)]
r4824: wrap the shutdown and abort_shutdown calls in check for the SE_REMOTE_SHUTDOWN privilege
(This used to be commit d11339b7e3b890b8e01744b6b309efaa7ad328e1)

14 years agor4823: remove -O1 from --with-developer
Gerald Carter [Tue, 18 Jan 2005 18:29:55 +0000 (18:29 +0000)]
r4823: remove -O1 from --with-developer
(This used to be commit a1fb1cb019804446a093d7d0d7b1952cc538f9cc)

14 years agor4822: fix return code when you ask for a non-privileged SID via one of the privilege...
Gerald Carter [Tue, 18 Jan 2005 18:29:28 +0000 (18:29 +0000)]
r4822: fix return code when you ask for a non-privileged SID via one of the privileges RPC calls
(This used to be commit 3f4f2c80fd157796a7ba56f31f921e8a3ce46bc3)

14 years agor4821: finish off 'net rpc rights [list|grant|revoke]'
Gerald Carter [Tue, 18 Jan 2005 18:28:34 +0000 (18:28 +0000)]
r4821: finish off 'net rpc rights [list|grant|revoke]'
one small todo item is to add a 'accounts' sub option
to 'net rpc list' so enumerate all privileged SIDs
and their associated rights.
(This used to be commit bf4385c79a0ce2e4983ffa11d39367dbf1d4dcfd)