summaryrefslogtreecommitdiff
AgeCommit message (Collapse)AuthorFilesLines
2007-10-10r4805: Last planned change to the privileges infrastructure:Gerald Carter9-194/+406
* rewrote the tdb layout of privilege records in account_pol.tdb (allow for 128 bits instead of 32 bit flags) * migrated to using SE_PRIV structure instead of the PRIVILEGE_SET structure. The latter is now used for parsing routines mainly. Still need to incorporate some client support into 'net' so for setting privileges. And make use of the SeAddUserPrivilege right. (This used to be commit 41dc7f7573c6d637e19a01e7ed0e716ac0f1fb15)
2007-10-10r4802: Don't try to update a column with the name "NULL"Jelmer Vernooij1-1/+7
(This used to be commit ed38e6026494a2b58c70cc175c6e210bea454e5c)
2007-10-10r4788: Don't log mysql password at debug level 1.Jelmer Vernooij1-2/+1
(This used to be commit 760455875f78a29c3fedd7de3671d6ae537c1d1a)
2007-10-10r4760: Make wbinfo --user-sids expand domain local groups. Andrew B., my testingVolker Lendecke6-0/+206
shows that this info is correctly returned to us in to info3 struct, so check_info3_in_group does not need to be adapted. Volker (This used to be commit a84e778cafcefdc1809474c2123e757c8c9d9b70)
2007-10-10r4751: This is a domain policy, not a user oneVolker Lendecke1-2/+2
(This used to be commit a24df21e66aeafb15e22f9ed4df7d9dded3e3b52)
2007-10-10r4750: Fix cli_samr_queryuseraliases. There can be more than one sid, thus ↵Volker Lendecke1-2/+10
more than one pointer... Volker (This used to be commit f2f08b64a53f6efd3154ff2656ecacc86872a18c)
2007-10-10r4749: Fix memleakVolker Lendecke1-0/+2
(This used to be commit a8aab6de7516b70cae6c096883874fa152777b13)
2007-10-10r4746: add server support for lsa_enum_acct_rights(); last checkin for the nightGerald Carter5-19/+105
(This used to be commit ccdff4a998405544433aa32938963e4c37962fcc)
2007-10-10r4742: add server support for lsa_add/remove_account_rights() and fix some ↵Gerald Carter5-18/+247
parsing bugs related to that code (This used to be commit 7bf1312287cc1ec6b97917ba25fc60d6db09f26c)
2007-10-10r4740: allow SE_PRINT_OPERATORS to have printer admin accessGerald Carter2-5/+18
(This used to be commit 85731706c9d794e8bd3f26ce9b1f881c1ee6a3ba)
2007-10-10r4739: require membership in Domain Admins to be able to set privilegesGerald Carter1-0/+25
(This used to be commit e8b4cedc2081eeff53d86c2d894632e57a17926f)
2007-10-10r4738: Fix for bug #2238 - memory leak in shadow copy vfs.Jeremy Allison1-0/+1
Jeremy. (This used to be commit fb7f1aff7c96e4672641f80b74a058abf25d0d6d)
2007-10-10r4736: small set of merges from rtunk to minimize the diffsGerald Carter10-24/+112
(This used to be commit 4b351f2fcc365a7b7f8c22b5139c299aa54c9458)
2007-10-10r4732: Even if we have 'password server' set, we need to look up the native ↵Volker Lendecke1-0/+6
DC name via netbios, as the user might have set an IP address or a fqdn. Volker (This used to be commit 61466f38429ba67ace3e84c870a0f913f64d122c)
2007-10-10r4731: Fix the buildVolker Lendecke1-1/+2
(This used to be commit 340d7f317332f159460d04db8ccc75116c83d234)
2007-10-10r4724: Add support for Windows privileges in Samba 3.0Gerald Carter18-825/+937
(based on Simo's code in trunk). Rewritten with the following changes: * privilege set is based on a 32-bit mask instead of strings (plans are to extend this to a 64 or 128-bit mask before the next 3.0.11preX release). * Remove the privilege code from the passdb API (replication to come later) * Only support the minimum amount of privileges that make sense. * Rewrite the domain join checks to use the SeMachineAccountPrivilege instead of the 'is a member of "Domain Admins"?' check that started all this. Still todo: * Utilize the SePrintOperatorPrivilege in addition to the 'printer admin' parameter * Utilize the SeAddUserPrivilege for adding users and groups * Fix some of the hard coded _lsa_*() calls * Start work on enough of SAM replication to get privileges from one Samba DC to another. * Come up with some management tool for manipultaing privileges instead of user manager since it is buggy when run on a 2k client (haven't tried xp). Works ok on NT4. (This used to be commit 77c10ff9aa6414a31eece6dfec00793f190a9d6c)
2007-10-10r4704: Fix encoding while receiving of a message which was actually sent ↵Alexander Bokovoy1-4/+4
using STR_ASCII. Patch from Grigory Batalov <bga@altlinux.org> (This used to be commit dddd5726462c13374788713ad5ddcbdf9ee7b439)
2007-10-10r4697: Fix for bug #2231 inspired by brad.ellis@its.monash.edu.au.Jeremy Allison1-3/+3
Remove double "\\" from findfirst. Jeremy. (This used to be commit 88a89b31059ac21e09d283f8795cd6ea88c4315c)
2007-10-10r4668: allow the caller to invoke init_unistr2() with a NULL buffer to match ↵Gerald Carter1-0/+8
previous behavior; more checks to come tomorrow (This used to be commit 9a29bef056f92ef6f1df01f56c121088f84be16b)
2007-10-10r4665: Fix inspired by posting from Joe Meadows <jameadows@webopolis.com>.Jeremy Allison2-13/+10
Make all LDAP timeouts consistent. Jeremy. (This used to be commit 0f0281c2348b10ffdea744ecade6b2be0814c872)
2007-10-10r4662: Fix from "Jerome Borsboom" <j.borsboom@erasmusmc.nl> to fixJeremy Allison1-0/+1
missing release reference for printer tdb. Jeremy. (This used to be commit 5942bb7737fe8efc452d59cda0d6e35e309c97b7)
2007-10-10r4656: Convert the winreg pipe to use WERROR returns (as it should).Jeremy Allison6-99/+99
Also fix return of NT_STATUS_NO_MORE_ENTRIES should be ERROR_NO_MORE_ITEMS reported by "Marcin Porwit" <mporwit@centeris.com>. Jeremy. (This used to be commit 511cdec60d431d767fb02f68ca5ddd4ddb59e64a)
2007-10-10r4653: Output file of "test" pdb backend should be called test.soJelmer Vernooij3-2/+2
(This used to be commit 95c8727045fab0c6aa3446871e19e7b29c20382d)
2007-10-10r4651: Add "refuse machine password change" policy field. This update will justJim McDonough3-16/+65
return the appropriate reg value. Enforcement to be added soon. Also, fix account policy tdb upgrade so it doesn't just wipe out everything that was in there from a a previous version. (This used to be commit ccae934cf9de4b234bac324b8d878c8ec7862f67)
2007-10-10r4646: Allow Account Lockout with Lockout Duration "forever" (until adminGünther Deschner1-3/+9
unlocks) to be set and displayed in User Manager. Guenther (This used to be commit 8fd7e26fa12a4102def630efa421fad70f3affb1)
2007-10-10r4645: patch from Rob to fix the build breakage in vfstest after the ↵Gerald Carter2-3/+6
reload_printers() cleanup (This used to be commit 054b64fb86328556288d097e1201a24d53d0bec9)
2007-10-10r4633: Finally give rpcclient a port-command.Günther Deschner1-1/+3
Guenther (This used to be commit c39c447a5de75d15d17bb65227ebc5eb1355e4e1)
2007-10-10r4604: Attempt to fix the buildfarm build.Volker Lendecke1-1/+1
vfstest refers to reload_printers, only defined in smbd/server.c. Jerry, could you take a look at that? Thanks, Volker (This used to be commit a83e5c113257a8bd6a2842e5ba09006e710bfbbf)
2007-10-10r4601: Removed any use of the MAX_XXX_STR style definitions. A little largerJeremy Allison3-84/+72
change than I'd hoped for due to formating changes to tidy up code. Jeremy. (This used to be commit a348f9221a9fe719dc6f0db6eb295575c2f95e1e)
2007-10-10r4581: From Derrell.Lipman@UnwiredUniverse.com. Use nanosleep instead of selectJeremy Allison2-1/+15
when we have it in smb_msleep. Jeremy. (This used to be commit 465c207ffbcd5ee859faee282ef220a6c72e4eeb)
2007-10-10r4579: small changes to allow the members og the Domain Admins group on the ↵Gerald Carter2-64/+163
Samba DC to join clients to the domain -- needs more testing and security review but does work with initial testing (This used to be commit 9ade9bf49c7125fb29658f943e9ebb6be9496180)
2007-10-10r4577: Fix from William Jojo <jojowil@hvcc.edu> for AIX 5.3 compile.Jeremy Allison1-2/+2
Jeremy. (This used to be commit 80e7c6c312eb0bdb93fe381e7ce3a24a21dd9cf0)
2007-10-10r4575: adding extra debug to cm_prepare_connection()Gerald Carter1-0/+3
(This used to be commit 13a2aa50ea203cee9c2323bb0428f8c50a3c0f77)
2007-10-10r4573: merge -r 4572 from SAMBA_4_0:Stefan Metzmacher1-0/+1
remove configure and include/config.h* before running autoheader && autoconf this fixes bug where configure didn't get correctly updated (I assume autoconf uses some caching...) metze (This used to be commit 40d7d419dd0067e11c10c7c532c3ec0de5d7cfeb)
2007-10-10r4570: Replace cli->nt_pipe_fnum with an array of NT file numbers, one for eachVolker Lendecke8-46/+58
supported pipe. Netlogon is still special, as we open that twice, one to do the auth2, the other one with schannel. The client interface is completely unchanged for those who only use a single pie. cli->pipe_idx is used as the index for everything except the "real" client rpc calls, which have been explicitly converted in my last commit. Next step is to get winbind to just use a single smb connection for multiple pipes. Volker (This used to be commit dc294c52e0216424236057ca6cd35e1ebf51d0da)
2007-10-10r4561: This looks a lot larger than it is, this is to reduce the clutter on ↵Volker Lendecke13-145/+145
future patches. Pass down the pipe_idx down to all functions in cli_pipe where nt_pipe_fnum is referenced. First step towards having multiple pipes on a cli_struct. The idea is to not have a single nt_pipe_fnum but an array for the pipes we support. Volker (This used to be commit 93eab050201d4e55096a8820226749f001597b5d)
2007-10-10r4545: Fix based on work by Derrell.Lipman@UnwiredUniverse.com :Jeremy Allison1-4/+26
* In an application with signals, it was possible for functions to block indefinitely while awaiting timeouts. This patch ensures that if a system call with a timeout is aborted and needs to be restarted, it is restarted with a timeout which is adjusted for the amount of time already waited. Jeremy. (This used to be commit 3a0d426764ab8bac561a47329500a03a52a00fa3)
2007-10-10r4539: patch from Rob -- adding real printcap name cache function to speed ↵Gerald Carter12-566/+385
up printcap reloads (This used to be commit 1cad5250932b963c2eb9b775221b13db386d601b)
2007-10-10r4538: Fix bugzilla 2198, accounts which have password last set to 0 are gettingJim McDonough1-0/+3
no passwords after vampire. Set password last set field to now. (This used to be commit 60c3a638e4e63d009728c2ce7a6264c3c120a9e5)
2007-10-10r4525: fix Fedora specfile to include pam_winbind(8) man pageGerald Carter1-0/+1
(This used to be commit 0d8306c621a0fe96cf0fc3230062e7ee398302eb)
2007-10-10r4514: Fix for bugzilla 1770. Remove READ_ATTRIBUTES from GENERIC_EXECUTE, ↵Jim McDonough1-1/+1
otherwise modification of an ACL that contains an ACE with execute only will cause that to be upgraded to read/execute. Side effect is that dirs/files with execute only show up as special permissions, which is still correct. (This used to be commit 8d9dc7d543fd347e47d04157064a2f92fb5c99db)
2007-10-10r4370: Don't assume the compiler supports declarations after statements.Jelmer Vernooij1-1/+1
(This used to be commit 7fa2caec5ec2de4c5e7359621745a65ca9df255c)
2007-10-10r4369: Patch for bug #2190 (SWAT displaying parameters in UNIX charset)Jeremy Allison1-6/+18
not utf8. Fixed by Shiro Yamada <shiro@miraclelinux.com>. Jeremy. (This used to be commit 8de04888097b3e125845340ba1a9a1bb79892e22)
2007-10-10r4353: Finally get length of munged_dial correct.Günther Deschner1-1/+1
Guenther (This used to be commit b209f97f246cd65719f1000c7de368babec26d47)
2007-10-10r4352: Base64-encode munged-dial with correct length in 'net rpc vampire'.Günther Deschner1-1/+4
Guenther (This used to be commit 98f3e3353df988e819bc41d145b13c76e1b86b55)
2007-10-10r4351: Vampire Logon-Hours. Update Logon-Hours only when they have changed.Günther Deschner2-3/+26
Guenther (This used to be commit 0930ad662770278cbe9fd4e3deaa523957b96697)
2007-10-10r4350: bumping version to 3.0.11pre2Gerald Carter1-1/+1
(This used to be commit 8675b41d336df3030deeda45f1379835002f883c)
2007-10-10r4346: Fix cut-and-paste error - bugid #2189. Fixed by Buck Huppmann ↵Jeremy Allison1-1/+1
<buckh@pobox.com> Jeremy. (This used to be commit 5c22cb082c86088add0db21541a8079c516c9fd9)
2007-10-10r4343: forgot to add info-level 8 to SAMR_UNKNOWN_2E as well.Günther Deschner1-0/+3
Guenther (This used to be commit 5e6ce9a6e3d62190da5427ed7b5e2f2ac22a0c34)
2007-10-10r4337: Produce a slightly different error message is lanman authentication isAndrew Bartlett1-3/+8
disabled, rather than simply unavailable. Andrew Bartlett (This used to be commit 1c70583a19c9f741a41d08c0b994fccb66eeb0bf)