15 years agor4846: do not keep outdated files here.
Simo Sorce [Wed, 19 Jan 2005 16:09:59 +0000 (16:09 +0000)]
r4846: do not keep outdated files here.
the updated file is in the Release branch and in the official tarballs
(This used to be commit f77939c65cc4ae4e0bb9504f700b50d6601bd031)

15 years agor4845: Correct my name.
Simo Sorce [Wed, 19 Jan 2005 15:04:56 +0000 (15:04 +0000)]
r4845: Correct my name.
Jerry this file seem old and not updated.
We should either update it or remove it imho.

(This used to be commit 7c88ecf6bb6f341f5ed7c35011a1a9bc2daf34e0)

15 years agor4840: * Add more generic root-dse inspection function to check for given
Günther Deschner [Wed, 19 Jan 2005 09:58:29 +0000 (09:58 +0000)]
r4840: * Add more generic root-dse inspection function to check for given
controls or extensions.
* Check and remember if ldapsam's LDAP Server support paged results
(in preparation of adding async paged-results to set|get|end-sampwent in

(This used to be commit ced58bd8849cdef78513674dff1b1ec331945aa9)

15 years agor4839: Allow to set acb_mask in rpcclient's enumdomusers (for debugging).
Günther Deschner [Wed, 19 Jan 2005 09:36:27 +0000 (09:36 +0000)]
r4839: Allow to set acb_mask in rpcclient's enumdomusers (for debugging).

(This used to be commit 92851def70914af1aa501857c6346ca6ae6fc010)

15 years agor4830: Fix for problem noticed by Guy Harris <>, return
Jeremy Allison [Tue, 18 Jan 2005 22:40:49 +0000 (22:40 +0000)]
r4830: Fix for problem noticed by Guy Harris <>, return
correct DOS/NT error code on transact named pipe on closed pipe
(This used to be commit 599c281464fa96725c3ee6dd3c5ee03ea81314ea)

15 years agor4827: add 'net rpc rights list accounts' & update help text
Gerald Carter [Tue, 18 Jan 2005 20:51:06 +0000 (20:51 +0000)]
r4827: add 'net rpc rights list accounts' & update help text
(This used to be commit 002ece931917e2952ed795939384764d14f93ce9)

15 years agor4825: Printing changes
Gerald Carter [Tue, 18 Jan 2005 19:51:36 +0000 (19:51 +0000)]
r4825: Printing changes

* bracket the add/delete/set printer scripts with checks for se_print_op
* slight change to the add/set printer script semantics.  smbd no longer
  relies on output from the script (on stdout) to re-read smb.conf
* remove SIGHUP from set/add/delete printin script code and now just

* bracket the add/delete/set share scripts with checks for se_print_op
  (this includes setting share ACLs)
(This used to be commit 8ab8113d2e1bec6a1dbf464882ad724c7c591be4)

15 years agor4824: wrap the shutdown and abort_shutdown calls in check for the SE_REMOTE_SHUTDOWN...
Gerald Carter [Tue, 18 Jan 2005 18:30:32 +0000 (18:30 +0000)]
r4824: wrap the shutdown and abort_shutdown calls in check for the SE_REMOTE_SHUTDOWN privilege
(This used to be commit d11339b7e3b890b8e01744b6b309efaa7ad328e1)

15 years agor4823: remove -O1 from --with-developer
Gerald Carter [Tue, 18 Jan 2005 18:29:55 +0000 (18:29 +0000)]
r4823: remove -O1 from --with-developer
(This used to be commit a1fb1cb019804446a093d7d0d7b1952cc538f9cc)

15 years agor4822: fix return code when you ask for a non-privileged SID via one of the privilege...
Gerald Carter [Tue, 18 Jan 2005 18:29:28 +0000 (18:29 +0000)]
r4822: fix return code when you ask for a non-privileged SID via one of the privileges RPC calls
(This used to be commit 3f4f2c80fd157796a7ba56f31f921e8a3ce46bc3)

15 years agor4821: finish off 'net rpc rights [list|grant|revoke]'
Gerald Carter [Tue, 18 Jan 2005 18:28:34 +0000 (18:28 +0000)]
r4821: finish off 'net rpc rights [list|grant|revoke]'
one small todo item is to add a 'accounts' sub option
to 'net rpc list' so enumerate all privileged SIDs
and their associated rights.
(This used to be commit bf4385c79a0ce2e4983ffa11d39367dbf1d4dcfd)

15 years agor4820: add beginnings of 'net rpc rights' for managing privilege assignments
Gerald Carter [Tue, 18 Jan 2005 14:46:24 +0000 (14:46 +0000)]
r4820: add beginnings of 'net rpc rights' for managing privilege assignments
(This used to be commit 164f94e52929330bd638f19bcf3bfce50303269e)

15 years agor4809: * include SeDiskOperatorPrivilege and SeRemoteShutdownPrivilege
Gerald Carter [Mon, 17 Jan 2005 20:27:29 +0000 (20:27 +0000)]
r4809: * include SeDiskOperatorPrivilege and SeRemoteShutdownPrivilege
  (noty enfornced yet though)
* add 'enable privileges (off by default) to control whether or
  not any privuleges can be assigned to SIDs
(This used to be commit cf63519169d2f3c56a6acf46b9257f4c11d5ea74)

15 years agor4805: Last planned change to the privileges infrastructure:
Gerald Carter [Mon, 17 Jan 2005 15:23:11 +0000 (15:23 +0000)]
r4805: Last planned change to the privileges infrastructure:

* rewrote the tdb layout of privilege records in account_pol.tdb
  (allow for 128 bits instead of 32 bit flags)
* migrated to using SE_PRIV structure instead of the PRIVILEGE_SET
  structure.  The latter is now used for parsing routines mainly.

Still need to incorporate some client support into 'net' so
for setting privileges.  And make use of the SeAddUserPrivilege
(This used to be commit 41dc7f7573c6d637e19a01e7ed0e716ac0f1fb15)

15 years agor4802: Don't try to update a column with the name "NULL"
Jelmer Vernooij [Mon, 17 Jan 2005 14:25:58 +0000 (14:25 +0000)]
r4802: Don't try to update a column with the name "NULL"
(This used to be commit ed38e6026494a2b58c70cc175c6e210bea454e5c)

15 years agor4788: Don't log mysql password at debug level 1.
Jelmer Vernooij [Sun, 16 Jan 2005 23:09:56 +0000 (23:09 +0000)]
r4788: Don't log mysql password at debug level 1.
(This used to be commit 760455875f78a29c3fedd7de3671d6ae537c1d1a)

15 years agor4760: Make wbinfo --user-sids expand domain local groups. Andrew B., my testing
Volker Lendecke [Sat, 15 Jan 2005 19:00:18 +0000 (19:00 +0000)]
r4760: Make wbinfo --user-sids expand domain local groups. Andrew B., my testing
shows that this info is correctly returned to us in to info3 struct, so
check_info3_in_group does not need to be adapted.

(This used to be commit a84e778cafcefdc1809474c2123e757c8c9d9b70)

15 years agor4751: This is a domain policy, not a user one
Volker Lendecke [Sat, 15 Jan 2005 09:26:21 +0000 (09:26 +0000)]
r4751: This is a domain policy, not a user one
(This used to be commit a24df21e66aeafb15e22f9ed4df7d9dded3e3b52)

15 years agor4750: Fix cli_samr_queryuseraliases. There can be more than one sid, thus more than
Volker Lendecke [Sat, 15 Jan 2005 09:15:28 +0000 (09:15 +0000)]
r4750: Fix cli_samr_queryuseraliases. There can be more than one sid, thus more than
one pointer...

(This used to be commit f2f08b64a53f6efd3154ff2656ecacc86872a18c)

15 years agor4749: Fix memleak
Volker Lendecke [Sat, 15 Jan 2005 09:10:47 +0000 (09:10 +0000)]
r4749: Fix memleak
(This used to be commit a8aab6de7516b70cae6c096883874fa152777b13)

15 years agor4746: add server support for lsa_enum_acct_rights(); last checkin for the night
Gerald Carter [Sat, 15 Jan 2005 03:54:03 +0000 (03:54 +0000)]
r4746: add server support for lsa_enum_acct_rights(); last checkin for the night
(This used to be commit ccdff4a998405544433aa32938963e4c37962fcc)

15 years agor4742: add server support for lsa_add/remove_account_rights() and fix some parsing...
Gerald Carter [Sat, 15 Jan 2005 02:20:30 +0000 (02:20 +0000)]
r4742: add server support for lsa_add/remove_account_rights() and fix some parsing bugs related to that code
(This used to be commit 7bf1312287cc1ec6b97917ba25fc60d6db09f26c)

15 years agor4740: allow SE_PRINT_OPERATORS to have printer admin access
Gerald Carter [Fri, 14 Jan 2005 21:24:15 +0000 (21:24 +0000)]
r4740: allow SE_PRINT_OPERATORS to have printer admin access
(This used to be commit 85731706c9d794e8bd3f26ce9b1f881c1ee6a3ba)

15 years agor4739: require membership in Domain Admins to be able to set privileges
Gerald Carter [Fri, 14 Jan 2005 21:05:54 +0000 (21:05 +0000)]
r4739: require membership in Domain Admins to be able to set privileges
(This used to be commit e8b4cedc2081eeff53d86c2d894632e57a17926f)

15 years agor4738: Fix for bug #2238 - memory leak in shadow copy vfs.
Jeremy Allison [Fri, 14 Jan 2005 20:23:22 +0000 (20:23 +0000)]
r4738: Fix for bug #2238 - memory leak in shadow copy vfs.
(This used to be commit fb7f1aff7c96e4672641f80b74a058abf25d0d6d)

15 years agor4736: small set of merges from rtunk to minimize the diffs
Gerald Carter [Fri, 14 Jan 2005 19:26:13 +0000 (19:26 +0000)]
r4736: small set of merges from rtunk to minimize the diffs
(This used to be commit 4b351f2fcc365a7b7f8c22b5139c299aa54c9458)

15 years agor4732: Even if we have 'password server' set, we need to look up the native DC name
Volker Lendecke [Fri, 14 Jan 2005 12:17:18 +0000 (12:17 +0000)]
r4732: Even if we have 'password server' set, we need to look up the native DC name
via netbios, as the user might have set an IP address or a fqdn.

(This used to be commit 61466f38429ba67ace3e84c870a0f913f64d122c)

15 years agor4731: Fix the build
Volker Lendecke [Fri, 14 Jan 2005 08:14:22 +0000 (08:14 +0000)]
r4731: Fix the build
(This used to be commit 340d7f317332f159460d04db8ccc75116c83d234)

15 years agor4724: Add support for Windows privileges in Samba 3.0
Gerald Carter [Thu, 13 Jan 2005 18:20:37 +0000 (18:20 +0000)]
r4724: Add support for Windows privileges in Samba 3.0
(based on Simo's code in trunk).  Rewritten with the
following changes:

* privilege set is based on a 32-bit mask instead of strings
  (plans are to extend this to a 64 or 128-bit mask before
   the next 3.0.11preX release).
* Remove the privilege code from the passdb API
  (replication to come later)
* Only support the minimum amount of privileges that make
* Rewrite the domain join checks to use the SeMachineAccountPrivilege
  instead of the 'is a member of "Domain Admins"?' check that started
  all this.

Still todo:

* Utilize the SePrintOperatorPrivilege in addition to the 'printer admin'
* Utilize the SeAddUserPrivilege for adding users and groups
* Fix some of the hard coded _lsa_*() calls
* Start work on enough of SAM replication to get privileges from one
  Samba DC to another.
* Come up with some management tool for manipultaing privileges
  instead of user manager since it is buggy when run on a 2k client
  (haven't tried xp).  Works ok on NT4.
(This used to be commit 77c10ff9aa6414a31eece6dfec00793f190a9d6c)

15 years agor4704: Fix encoding while receiving of a message which was actually sent using STR_AS...
Alexander Bokovoy [Wed, 12 Jan 2005 09:54:50 +0000 (09:54 +0000)]
r4704: Fix encoding while receiving of a message which was actually sent using STR_ASCII. Patch from Grigory Batalov <>
(This used to be commit dddd5726462c13374788713ad5ddcbdf9ee7b439)

15 years agor4697: Fix for bug #2231 inspired by
Jeremy Allison [Wed, 12 Jan 2005 01:25:14 +0000 (01:25 +0000)]
r4697: Fix for bug #2231 inspired by
Remove double "\\" from findfirst.
(This used to be commit 88a89b31059ac21e09d283f8795cd6ea88c4315c)

15 years agor4668: allow the caller to invoke init_unistr2() with a NULL buffer to match previous...
Gerald Carter [Tue, 11 Jan 2005 02:53:00 +0000 (02:53 +0000)]
r4668: allow the caller to invoke init_unistr2() with a NULL buffer to match previous behavior; more checks to come tomorrow
(This used to be commit 9a29bef056f92ef6f1df01f56c121088f84be16b)

15 years agor4665: Fix inspired by posting from Joe Meadows <>.
Jeremy Allison [Tue, 11 Jan 2005 02:13:03 +0000 (02:13 +0000)]
r4665: Fix inspired by posting from Joe Meadows <>.
Make all LDAP timeouts consistent.
(This used to be commit 0f0281c2348b10ffdea744ecade6b2be0814c872)

15 years agor4662: Fix from "Jerome Borsboom" <> to fix
Jeremy Allison [Tue, 11 Jan 2005 01:39:06 +0000 (01:39 +0000)]
r4662: Fix from "Jerome Borsboom" <> to fix
missing release reference for printer tdb.
(This used to be commit 5942bb7737fe8efc452d59cda0d6e35e309c97b7)

15 years agor4656: Convert the winreg pipe to use WERROR returns (as it should).
Jeremy Allison [Mon, 10 Jan 2005 20:33:41 +0000 (20:33 +0000)]
r4656: Convert the winreg pipe to use WERROR returns (as it should).
Also fix return of NT_STATUS_NO_MORE_ENTRIES should be
ERROR_NO_MORE_ITEMS reported by "Marcin Porwit" <>.
(This used to be commit 511cdec60d431d767fb02f68ca5ddd4ddb59e64a)

15 years agor4653: Output file of "test" pdb backend should be called
Jelmer Vernooij [Mon, 10 Jan 2005 19:27:24 +0000 (19:27 +0000)]
r4653: Output file of "test" pdb backend should be called
(This used to be commit 95c8727045fab0c6aa3446871e19e7b29c20382d)

15 years agor4651: Add "refuse machine password change" policy field. This update will just
Jim McDonough [Mon, 10 Jan 2005 18:29:52 +0000 (18:29 +0000)]
r4651: Add "refuse machine password change" policy field.  This update will just
return the appropriate reg value.  Enforcement to be added soon.

Also, fix account policy tdb upgrade so it doesn't just wipe out everything
that was in there from a a previous version.
(This used to be commit ccae934cf9de4b234bac324b8d878c8ec7862f67)

15 years agor4646: Allow Account Lockout with Lockout Duration "forever" (until admin
Günther Deschner [Mon, 10 Jan 2005 15:28:07 +0000 (15:28 +0000)]
r4646: Allow Account Lockout with Lockout Duration "forever" (until admin
unlocks) to be set and displayed in User Manager.

(This used to be commit 8fd7e26fa12a4102def630efa421fad70f3affb1)

15 years agor4645: patch from Rob to fix the build breakage in vfstest after the reload_printers...
Gerald Carter [Mon, 10 Jan 2005 13:17:36 +0000 (13:17 +0000)]
r4645: patch from Rob to fix the build breakage in vfstest after the reload_printers() cleanup
(This used to be commit 054b64fb86328556288d097e1201a24d53d0bec9)

15 years agor4633: Finally give rpcclient a port-command.
Günther Deschner [Mon, 10 Jan 2005 10:23:57 +0000 (10:23 +0000)]
r4633: Finally give rpcclient a port-command.

(This used to be commit c39c447a5de75d15d17bb65227ebc5eb1355e4e1)

15 years agor4604: Attempt to fix the buildfarm build.
Volker Lendecke [Sat, 8 Jan 2005 13:33:19 +0000 (13:33 +0000)]
r4604: Attempt to fix the buildfarm build.

vfstest refers to reload_printers, only defined in smbd/server.c. Jerry, could
you take a look at that?


(This used to be commit a83e5c113257a8bd6a2842e5ba09006e710bfbbf)

15 years agor4601: Removed any use of the MAX_XXX_STR style definitions. A little larger
Jeremy Allison [Sat, 8 Jan 2005 00:51:12 +0000 (00:51 +0000)]
r4601: Removed any use of the MAX_XXX_STR style definitions. A little larger
change than I'd hoped for due to formating changes to tidy up code.
(This used to be commit a348f9221a9fe719dc6f0db6eb295575c2f95e1e)

15 years agor4581: From Use nanosleep instead of select
Jeremy Allison [Thu, 6 Jan 2005 23:45:53 +0000 (23:45 +0000)]
r4581: From Use nanosleep instead of select
when we have it in smb_msleep.
(This used to be commit 465c207ffbcd5ee859faee282ef220a6c72e4eeb)

15 years agor4579: small changes to allow the members og the Domain Admins group on the Samba...
Gerald Carter [Thu, 6 Jan 2005 23:27:28 +0000 (23:27 +0000)]
r4579: small changes to allow the members og the Domain Admins group on the Samba DC to join clients to the domain -- needs more testing and security review but does work with initial testing
(This used to be commit 9ade9bf49c7125fb29658f943e9ebb6be9496180)

15 years agor4577: Fix from William Jojo <> for AIX 5.3 compile.
Jeremy Allison [Thu, 6 Jan 2005 19:32:39 +0000 (19:32 +0000)]
r4577: Fix from William Jojo <> for AIX 5.3 compile.
(This used to be commit 80e7c6c312eb0bdb93fe381e7ce3a24a21dd9cf0)

15 years agor4575: adding extra debug to cm_prepare_connection()
Gerald Carter [Thu, 6 Jan 2005 17:50:51 +0000 (17:50 +0000)]
r4575: adding extra debug to cm_prepare_connection()
(This used to be commit 13a2aa50ea203cee9c2323bb0428f8c50a3c0f77)

15 years agor4573: merge -r 4572 from SAMBA_4_0:
Stefan Metzmacher [Thu, 6 Jan 2005 17:25:34 +0000 (17:25 +0000)]
r4573: merge -r 4572 from SAMBA_4_0:
remove configure and include/config.h*
before running autoheader && autoconf

this fixes bug where configure didn't get correctly updated
(I assume autoconf uses some caching...)

(This used to be commit 40d7d419dd0067e11c10c7c532c3ec0de5d7cfeb)

15 years agor4570: Replace cli->nt_pipe_fnum with an array of NT file numbers, one for each
Volker Lendecke [Thu, 6 Jan 2005 15:35:02 +0000 (15:35 +0000)]
r4570: Replace cli->nt_pipe_fnum with an array of NT file numbers, one for each
supported pipe. Netlogon is still special, as we open that twice, one to do
the auth2, the other one with schannel.

The client interface is completely unchanged for those who only use a single
pie. cli->pipe_idx is used as the index for everything except the "real"
client rpc calls, which have been explicitly converted in my last commit. Next
step is to get winbind to just use a single smb connection for multiple pipes.

(This used to be commit dc294c52e0216424236057ca6cd35e1ebf51d0da)

15 years agor4561: This looks a lot larger than it is, this is to reduce the clutter on future
Volker Lendecke [Thu, 6 Jan 2005 11:42:40 +0000 (11:42 +0000)]
r4561: This looks a lot larger than it is, this is to reduce the clutter on future

Pass down the pipe_idx down to all functions in cli_pipe where nt_pipe_fnum is
referenced. First step towards having multiple pipes on a cli_struct. The idea
is to not have a single nt_pipe_fnum but an array for the pipes we support.

(This used to be commit 93eab050201d4e55096a8820226749f001597b5d)

15 years agor4545: Fix based on work by :
Jeremy Allison [Thu, 6 Jan 2005 00:45:39 +0000 (00:45 +0000)]
r4545: Fix based on work by :

  * In an application with signals, it was possible for functions to block
    indefinitely while awaiting timeouts.  This patch ensures that if a system
    call with a timeout is aborted and needs to be restarted, it is restarted
    with a timeout which is adjusted for the amount of time already waited.

(This used to be commit 3a0d426764ab8bac561a47329500a03a52a00fa3)

15 years agor4539: patch from Rob -- adding real printcap name cache function to speed up printca...
Gerald Carter [Wed, 5 Jan 2005 16:20:35 +0000 (16:20 +0000)]
r4539: patch from Rob -- adding real printcap name cache function to speed up printcap reloads
(This used to be commit 1cad5250932b963c2eb9b775221b13db386d601b)

15 years agor4538: Fix bugzilla 2198, accounts which have password last set to 0 are getting
Jim McDonough [Wed, 5 Jan 2005 16:02:56 +0000 (16:02 +0000)]
r4538: Fix bugzilla 2198, accounts which have password last set to 0 are getting
no passwords after vampire.  Set password last set field to now.
(This used to be commit 60c3a638e4e63d009728c2ce7a6264c3c120a9e5)

15 years agor4525: fix Fedora specfile to include pam_winbind(8) man page
Gerald Carter [Wed, 5 Jan 2005 01:54:58 +0000 (01:54 +0000)]
r4525: fix Fedora specfile to include pam_winbind(8) man page
(This used to be commit 0d8306c621a0fe96cf0fc3230062e7ee398302eb)

15 years agor4514: Fix for bugzilla 1770. Remove READ_ATTRIBUTES from GENERIC_EXECUTE, otherwise
Jim McDonough [Tue, 4 Jan 2005 20:02:56 +0000 (20:02 +0000)]
r4514: Fix for bugzilla 1770.  Remove READ_ATTRIBUTES from GENERIC_EXECUTE, otherwise
modification of an ACL that contains an ACE with execute only will cause
that to be upgraded to read/execute.  Side effect is that dirs/files with
execute only show up as special permissions, which is still correct.
(This used to be commit 8d9dc7d543fd347e47d04157064a2f92fb5c99db)

15 years agor4370: Don't assume the compiler supports declarations after statements.
Jelmer Vernooij [Sun, 26 Dec 2004 21:06:43 +0000 (21:06 +0000)]
r4370: Don't assume the compiler supports declarations after statements.
(This used to be commit 7fa2caec5ec2de4c5e7359621745a65ca9df255c)

15 years agor4369: Patch for bug #2190 (SWAT displaying parameters in UNIX charset)
Jeremy Allison [Sun, 26 Dec 2004 18:51:49 +0000 (18:51 +0000)]
r4369: Patch for bug #2190 (SWAT displaying parameters in UNIX charset)
not utf8. Fixed by Shiro Yamada <>.
(This used to be commit 8de04888097b3e125845340ba1a9a1bb79892e22)

15 years agor4353: Finally get length of munged_dial correct.
Günther Deschner [Fri, 24 Dec 2004 00:56:30 +0000 (00:56 +0000)]
r4353: Finally get length of munged_dial correct.

(This used to be commit b209f97f246cd65719f1000c7de368babec26d47)

15 years agor4352: Base64-encode munged-dial with correct length in 'net rpc vampire'.
Günther Deschner [Fri, 24 Dec 2004 00:38:22 +0000 (00:38 +0000)]
r4352: Base64-encode munged-dial with correct length in 'net rpc vampire'.

(This used to be commit 98f3e3353df988e819bc41d145b13c76e1b86b55)

15 years agor4351: Vampire Logon-Hours. Update Logon-Hours only when they have changed.
Günther Deschner [Fri, 24 Dec 2004 00:08:15 +0000 (00:08 +0000)]
r4351: Vampire Logon-Hours. Update Logon-Hours only when they have changed.

(This used to be commit 0930ad662770278cbe9fd4e3deaa523957b96697)

15 years agor4350: bumping version to 3.0.11pre2
Gerald Carter [Thu, 23 Dec 2004 22:03:29 +0000 (22:03 +0000)]
r4350: bumping version to 3.0.11pre2
(This used to be commit 8675b41d336df3030deeda45f1379835002f883c)

15 years agor4346: Fix cut-and-paste error - bugid #2189. Fixed by Buck Huppmann <buckh@pobox...
Jeremy Allison [Thu, 23 Dec 2004 18:40:50 +0000 (18:40 +0000)]
r4346: Fix cut-and-paste error - bugid #2189. Fixed by Buck Huppmann <>
(This used to be commit 5c22cb082c86088add0db21541a8079c516c9fd9)

15 years agor4343: forgot to add info-level 8 to SAMR_UNKNOWN_2E as well.
Günther Deschner [Thu, 23 Dec 2004 09:36:49 +0000 (09:36 +0000)]
r4343: forgot to add info-level 8 to SAMR_UNKNOWN_2E as well.

(This used to be commit 5e6ce9a6e3d62190da5427ed7b5e2f2ac22a0c34)

15 years agor4337: Produce a slightly different error message is lanman authentication is
Andrew Bartlett [Thu, 23 Dec 2004 02:16:57 +0000 (02:16 +0000)]
r4337: Produce a slightly different error message is lanman authentication is
disabled, rather than simply unavailable.

Andrew Bartlett
(This used to be commit 1c70583a19c9f741a41d08c0b994fccb66eeb0bf)

15 years agor4336: Apply some other samba4 SAMR idl that is just too obvious. Don't hard
Günther Deschner [Wed, 22 Dec 2004 23:50:31 +0000 (23:50 +0000)]
r4336: Apply some other samba4 SAMR idl that is just too obvious. Don't hard
set the value "forcibly disconnect remote users from server when logon
hours expire" to "no", instead take the value from our account-policy

(This used to be commit e3bd2a22a5cebc4adf6910d3ec31bc6fada8cd35)

15 years agor4334: Fix for bugid #2186 - from Buck Huppmann <>
Jeremy Allison [Wed, 22 Dec 2004 22:07:04 +0000 (22:07 +0000)]
r4334: Fix for bugid #2186 - from Buck Huppmann <>
to prevent uninitialized creds being freed.
(This used to be commit c3f9c81a8fcb26f7110f75b3096d5d1eb30aac13)

15 years agor4331: Implement SAMR query_dom_info-call info-level 8 server- and client-side,
Günther Deschner [Wed, 22 Dec 2004 16:58:43 +0000 (16:58 +0000)]
r4331: Implement SAMR query_dom_info-call info-level 8 server- and client-side,
based on samba4-idl.

This saves us an enormous amount of totally unnecessary ldap-traffic
when several hundreds of winbind-daemons query a Samba3 DC just to get
the fake SAM-sequence-number (time(NULL)) by enumerating all users, all
groups and all aliases when query-dom-info level 2 is used.

Note that we apparently never get the sequence number right (we parse a
uint32, although it's a uint64, at least in samba4 idl). For the time
being, I would propose to stay with that behaviour.

(This used to be commit f9ab15a986626581000d4b93961184c501f36b93)

15 years agor4330: Fix for bug found by Rob Foehl <>. Remember to
Jeremy Allison [Tue, 21 Dec 2004 23:14:20 +0000 (23:14 +0000)]
r4330: Fix for bug found by Rob Foehl <>. Remember to
add in the bcc length for readX on named pipes.
(This used to be commit 1168395e6a543c51f684280b00fb8c9b8bbc6ec0)

15 years agor4312: Marking "min password length" as depreciated (to be removed in one of
Günther Deschner [Tue, 21 Dec 2004 11:10:28 +0000 (11:10 +0000)]
r4312: Marking "min password length" as depreciated (to be removed in one of
the next releases). The corresponding functionality is better handled
with the account policy. See for details.

(This used to be commit 61204a267c3b1b024ba6cb2340317301210b4d90)

15 years agor4311: 'Document' the -L switch when adding groups with "net rpc group".
Günther Deschner [Tue, 21 Dec 2004 10:26:59 +0000 (10:26 +0000)]
r4311: 'Document' the -L switch when adding groups with "net rpc group".

(This used to be commit 4eec06b461c295f90c2ec01a0eef1e173eab22b3)

15 years agor4306: Couple more MALLOC fixes from albert chin (
Jeremy Allison [Tue, 21 Dec 2004 07:08:11 +0000 (07:08 +0000)]
r4306: Couple more MALLOC fixes from albert chin (
(This used to be commit c5a8bf3335606c070e1c74f339ea4c22d0adfa57)

15 years agor4305: Fix from Albert Chin ( to fix the
Jeremy Allison [Tue, 21 Dec 2004 04:34:14 +0000 (04:34 +0000)]
r4305: Fix from Albert Chin ( to fix the
earlier malloc changes.
(This used to be commit da7ef2517162740bc61a81ae814d48348aa513d5)

15 years agor4301: One more *alloc -> SMB_MALLOC (not compiled by default).
Jeremy Allison [Tue, 21 Dec 2004 01:04:11 +0000 (01:04 +0000)]
r4301: One more *alloc -> SMB_MALLOC (not compiled by default).
(This used to be commit 235a0c1698db48583a6860a3a9fca9f261544365)

15 years agor4296: Patch from William Jojo <> to fix HPUX sendfile and add
Jeremy Allison [Mon, 20 Dec 2004 22:33:37 +0000 (22:33 +0000)]
r4296: Patch from William Jojo <> to fix HPUX sendfile and add tests and code for sendfile on AIX.
(This used to be commit f08aceb9882fb1df1e1e28179f87ac5c3d5afa45)

15 years agor4295: Don't include header len in data write debug.
Jeremy Allison [Mon, 20 Dec 2004 22:04:53 +0000 (22:04 +0000)]
r4295: Don't include header len in data write debug.
(This used to be commit 473babfecac87a7e1068246bddc171a464be59e5)

15 years agor4293: Fix inspired by debug trace from Rob Foehl <> - catch sendfile
Jeremy Allison [Mon, 20 Dec 2004 22:01:42 +0000 (22:01 +0000)]
r4293: Fix inspired by debug trace from Rob Foehl <> - catch sendfile
errors correctly and return the correct values we want the caller to return (-1
meaning none in correct cases).
(This used to be commit 139c1c3488237d710ceda394c028b8dc9007bff1)

15 years agor4291: More *alloc fixes inspired by Albert Chin (
Jeremy Allison [Mon, 20 Dec 2004 21:14:28 +0000 (21:14 +0000)]
r4291: More *alloc fixes inspired by Albert Chin (
(This used to be commit efc1b688cf9b1a17f1a6bf46d481280ed8bd0c46)

15 years agor4289: Close LDAP-Connection before retrying to open a new connection in the
Günther Deschner [Mon, 20 Dec 2004 18:42:58 +0000 (18:42 +0000)]
r4289: Close LDAP-Connection before retrying to open a new connection in the

This fixes a deadlock-situation when ldapsam is used with the ldapi
interface: getpeername won't fail while trying to detect dead
connections on unix domain sockets. When the ldapi-connection was closed
server-side (due to OpenLDAP's idletimeout) we *never* got a new LDAP

(This used to be commit ac8032bacff10451fa03f155d43f0d20389512fa)

15 years agor4287: Vampire SAM_DELTA_DOMAIN_INFO.
Günther Deschner [Mon, 20 Dec 2004 12:52:33 +0000 (12:52 +0000)]

Based on samba4-idl. The decoding of account-lockout-string is somewhat
experimental though.

(This used to be commit 721bf50d7446b8ce18bc1d45e17d4214d5a43d26)

15 years agor4286: Give back 8 byte lm_session_key in Netrsamlogon-reply.
Günther Deschner [Mon, 20 Dec 2004 11:36:39 +0000 (11:36 +0000)]
r4286: Give back 8 byte lm_session_key in Netrsamlogon-reply.

The old #ifdef JRATEST-block was copying 16 bytes and thus overwriting
acct_flags with bizarre values, breaking a lot of things.

This patch is successfully running in a production environment for quite
some time now and is required to finally allow Exchange 5.5 to access
another Exchange Server when both are running on NT4 in a
samba-controlled domain. This also allows Exchange Replication to take
place, Exchange Administrator to access other Servers in the network,
etc. Fixes Bugzilla #1136.

Thanks abartlet for helping me with that one.

(This used to be commit bd4c5125d6989cebc90152a23e113b345806c660)

15 years agor4285: Allow -v or -l for displaying verbose groupmap-listing as well as
Günther Deschner [Mon, 20 Dec 2004 11:05:54 +0000 (11:05 +0000)]
r4285: Allow -v or -l for displaying verbose groupmap-listing as well as

(This used to be commit 0760d07b4c6f15489bea2f0fb4f1b0084bd62301)

15 years agor4273: Same fix for r4272 in SAMBA_3_0 branch.
Tim Potter [Sun, 19 Dec 2004 03:23:10 +0000 (03:23 +0000)]
r4273: Same fix for r4272 in SAMBA_3_0 branch.
(This used to be commit 4f1927acfa6569fc90317d76ed34e5ee088df7c1)

15 years agor4270: Add some const as a fix for bugzilla #2135.
Tim Potter [Sun, 19 Dec 2004 00:53:52 +0000 (00:53 +0000)]
r4270: Add some const as a fix for bugzilla #2135.
(This used to be commit ad8fdcc6fdb08d206d324a152300933661c72c4b)

15 years agor4268: Merge fix for bugzilla #2150.
Tim Potter [Sun, 19 Dec 2004 00:31:31 +0000 (00:31 +0000)]
r4268: Merge fix for bugzilla #2150.
(This used to be commit f00ae4ab0c36a623257861fb65373b39cf075921)

15 years agor4260: Change the license for the winbindd external interface more liberal.
Tim Potter [Fri, 17 Dec 2004 22:16:30 +0000 (22:16 +0000)]
r4260: Change the license for the winbindd external interface more liberal.
(This used to be commit 82b9faaaa2e1e2986a15102605739e7d13885ac6)

15 years agor4259: Fix cast in SMB_XMALLOC_ARRAY. Bugzilla #2168.
Tim Potter [Fri, 17 Dec 2004 21:59:47 +0000 (21:59 +0000)]
r4259: Fix cast in SMB_XMALLOC_ARRAY.  Bugzilla #2168.
(This used to be commit 0c3bb181e8f4d10d446f9211904d53f42ddcbaeb)

15 years agor4258: strlower username, not (non-existing) domain_username.
Günther Deschner [Fri, 17 Dec 2004 13:14:22 +0000 (13:14 +0000)]
r4258: strlower username, not (non-existing) domain_username.

(This used to be commit 4f10666295ff7c086ac2a38e0a5f0ac80b57b9a0)

15 years agor4256: Add a patch from New Parameter 'afs token lifetime' tells the
Volker Lendecke [Fri, 17 Dec 2004 11:42:10 +0000 (11:42 +0000)]
r4256: Add a patch from New Parameter 'afs token lifetime' tells the
AFS client when to throw away a token.


(This used to be commit 836a8277b2281bcdb6eab8339b05bec61b49eb74)

15 years agor4254: Add an undocumented hack. I had to delete a wrong mapping (a user that had
Volker Lendecke [Fri, 17 Dec 2004 10:20:53 +0000 (10:20 +0000)]
r4254: Add an undocumented hack. I had to delete a wrong mapping (a user that had
ended up as a gid in winbindd_idmap.tdb) from winbindd_idmap.tdb. Stopping
winbind was not an option on that machine....

net idmap delete <idmap-file> <SID>


(This used to be commit 27c16733c13bb1c91d356f1c9f5c1f069e24cca2)

15 years agor4252: Comment clarification from Love Hörnquist Åstrand <>.
Volker Lendecke [Fri, 17 Dec 2004 09:35:54 +0000 (09:35 +0000)]
r4252: Comment clarification from Love Hörnquist Åstrand <>.


(This used to be commit 207625c7ab8ce41d7b59981e6a767dc299178335)

15 years agor4251: AFS does not cope with spaces in file names. Implement a stupid mapping that
Volker Lendecke [Fri, 17 Dec 2004 09:05:41 +0000 (09:05 +0000)]
r4251: AFS does not cope with spaces in file names. Implement a stupid mapping that
maps the space to another character choosable by afsacl:space.


P.S: Who is "OH"? ;-)
(This used to be commit e717ff70c6ce15bad7a792a592b42ecd057acc01)

15 years agor4248: Implement smbstatus -n, don't lookup users and groups. On heavily loaded
Volker Lendecke [Fri, 17 Dec 2004 08:51:23 +0000 (08:51 +0000)]
r4248: Implement smbstatus -n, don't lookup users and groups. On heavily loaded
winbind systems, looking up hundreds of users can turn out to be a bit too
expensive if you just want to find out which smbd handles a particular IP


P.S: Who is "OH"? ;-)
(This used to be commit d878563ef0c9aa21a12cc5a88dcb17ef8c4bcf5a)

15 years agor4241: More *alloc fixes.
Jeremy Allison [Thu, 16 Dec 2004 21:16:48 +0000 (21:16 +0000)]
r4241: More *alloc fixes.
(This used to be commit ec9606f00b52eb0d3a1a4c5eb98d171660ef19ad)

15 years agor4238: More *alloc fixes.
Jeremy Allison [Thu, 16 Dec 2004 21:14:08 +0000 (21:14 +0000)]
r4238: More *alloc fixes.
(This used to be commit 4d971806f4e4f5523227e378125d5601a5df271d)

15 years agor4236: More *alloc fixes.
Jeremy Allison [Thu, 16 Dec 2004 21:12:29 +0000 (21:12 +0000)]
r4236: More *alloc fixes.
(This used to be commit 6b25a6e088390d33314ca69c8f17c869cec3904b)

15 years agor4234: More malloc fixes to use the macros.
Jeremy Allison [Thu, 16 Dec 2004 21:06:33 +0000 (21:06 +0000)]
r4234: More malloc fixes to use the macros.
(This used to be commit 61479f56be60a3c2ae0f7b931335cb1da77540c2)

15 years agor4226: display infolevel 12 in query_dom_info.
Günther Deschner [Wed, 15 Dec 2004 19:37:35 +0000 (19:37 +0000)]
r4226: display infolevel 12 in query_dom_info.

(This used to be commit d25f303f317ef6ec96799d396ca65ac500cae0ae)

15 years agor4224: Today is not my day ....
Volker Lendecke [Wed, 15 Dec 2004 15:39:23 +0000 (15:39 +0000)]
r4224: Today is not my day ....
(This used to be commit 40b208b25212f84faeb7d54b7dc0dbb9f925b651)

15 years agor4222: Always compile before commit...
Volker Lendecke [Wed, 15 Dec 2004 14:23:15 +0000 (14:23 +0000)]
r4222: Always compile before commit...
(This used to be commit 0f26ba5226fab5b86031a0df6fba16b8e6af6e7d)

15 years agor4221: when in the multi-mapping mode of idmap_rid:
Günther Deschner [Wed, 15 Dec 2004 14:16:12 +0000 (14:16 +0000)]
r4221: when in the multi-mapping mode of idmap_rid:
allow BUILTIN domain-mapping.

(This used to be commit e3b067ee99e304aa9e165dae5fcb0546cec711e2)

15 years agor4219: Fix samba3 samr "idl"... According to samba4 idl samr_DomInfo2 contains a
Volker Lendecke [Wed, 15 Dec 2004 13:13:15 +0000 (13:13 +0000)]
r4219: Fix samba3 samr "idl"... According to samba4 idl samr_DomInfo2 contains a
comment string and not an unknown 12 byte structure...

Found after abartlet's smbtorture extended this string to

"Tortured by Samba4: Fri Nov 26 15:40:18 2004 CET"


(This used to be commit b41d94d8186f66136918432cf32e9dcef5a8bd12)