summaryrefslogtreecommitdiff
path: root/source3/include
AgeCommit message (Collapse)AuthorFilesLines
2007-10-10r4847: Hand over a acb_mask to pdb_setsampwent in load_sampwd_entries().Günther Deschner1-3/+3
This allows the ldap-backend to search much more effeciently. Machines will be searched in the ldap_machine_suffix and users in the ldap_users_suffix. (Note that we already use the ldap_group_suffix in ldapsam_setsamgrent for quite some time). Using the specific ldap-bases becomes notably important in large domains: On my testmachine "net rpc trustdom list" has to search through 40k accounts just to list 3 interdomain-trust-accounts, similiar effects show up the non-user query_dispinfo-calls, etc. Also renamed all_machines to only_machines in load_sampwd_entries() since that reflects better what is really meant. Guenther (This used to be commit 6394257cc721ca739bda0e320375f04506913533)
2007-10-10r4840: * Add more generic root-dse inspection function to check for givenGünther Deschner1-0/+1
controls or extensions. * Check and remember if ldapsam's LDAP Server support paged results (in preparation of adding async paged-results to set|get|end-sampwent in ldapsam). Guenther (This used to be commit ced58bd8849cdef78513674dff1b1ec331945aa9)
2007-10-10r4809: * include SeDiskOperatorPrivilege and SeRemoteShutdownPrivilegeGerald Carter1-0/+2
(noty enfornced yet though) * add 'enable privileges (off by default) to control whether or not any privuleges can be assigned to SIDs (This used to be commit cf63519169d2f3c56a6acf46b9257f4c11d5ea74)
2007-10-10r4805: Last planned change to the privileges infrastructure:Gerald Carter2-13/+19
* rewrote the tdb layout of privilege records in account_pol.tdb (allow for 128 bits instead of 32 bit flags) * migrated to using SE_PRIV structure instead of the PRIVILEGE_SET structure. The latter is now used for parsing routines mainly. Still need to incorporate some client support into 'net' so for setting privileges. And make use of the SeAddUserPrivilege right. (This used to be commit 41dc7f7573c6d637e19a01e7ed0e716ac0f1fb15)
2007-10-10r4736: small set of merges from rtunk to minimize the diffsGerald Carter1-1/+1
(This used to be commit 4b351f2fcc365a7b7f8c22b5139c299aa54c9458)
2007-10-10r4724: Add support for Windows privileges in Samba 3.0Gerald Carter4-14/+88
(based on Simo's code in trunk). Rewritten with the following changes: * privilege set is based on a 32-bit mask instead of strings (plans are to extend this to a 64 or 128-bit mask before the next 3.0.11preX release). * Remove the privilege code from the passdb API (replication to come later) * Only support the minimum amount of privileges that make sense. * Rewrite the domain join checks to use the SeMachineAccountPrivilege instead of the 'is a member of "Domain Admins"?' check that started all this. Still todo: * Utilize the SePrintOperatorPrivilege in addition to the 'printer admin' parameter * Utilize the SeAddUserPrivilege for adding users and groups * Fix some of the hard coded _lsa_*() calls * Start work on enough of SAM replication to get privileges from one Samba DC to another. * Come up with some management tool for manipultaing privileges instead of user manager since it is buggy when run on a 2k client (haven't tried xp). Works ok on NT4. (This used to be commit 77c10ff9aa6414a31eece6dfec00793f190a9d6c)
2007-10-10r4665: Fix inspired by posting from Joe Meadows <jameadows@webopolis.com>.Jeremy Allison1-3/+0
Make all LDAP timeouts consistent. Jeremy. (This used to be commit 0f0281c2348b10ffdea744ecade6b2be0814c872)
2007-10-10r4656: Convert the winreg pipe to use WERROR returns (as it should).Jeremy Allison1-20/+20
Also fix return of NT_STATUS_NO_MORE_ENTRIES should be ERROR_NO_MORE_ITEMS reported by "Marcin Porwit" <mporwit@centeris.com>. Jeremy. (This used to be commit 511cdec60d431d767fb02f68ca5ddd4ddb59e64a)
2007-10-10r4651: Add "refuse machine password change" policy field. This update will justJim McDonough1-1/+1
return the appropriate reg value. Enforcement to be added soon. Also, fix account policy tdb upgrade so it doesn't just wipe out everything that was in there from a a previous version. (This used to be commit ccae934cf9de4b234bac324b8d878c8ec7862f67)
2007-10-10r4601: Removed any use of the MAX_XXX_STR style definitions. A little largerJeremy Allison1-6/+1
change than I'd hoped for due to formating changes to tidy up code. Jeremy. (This used to be commit a348f9221a9fe719dc6f0db6eb295575c2f95e1e)
2007-10-10r4570: Replace cli->nt_pipe_fnum with an array of NT file numbers, one for eachVolker Lendecke1-1/+1
supported pipe. Netlogon is still special, as we open that twice, one to do the auth2, the other one with schannel. The client interface is completely unchanged for those who only use a single pie. cli->pipe_idx is used as the index for everything except the "real" client rpc calls, which have been explicitly converted in my last commit. Next step is to get winbind to just use a single smb connection for multiple pipes. Volker (This used to be commit dc294c52e0216424236057ca6cd35e1ebf51d0da)
2007-10-10r4514: Fix for bugzilla 1770. Remove READ_ATTRIBUTES from GENERIC_EXECUTE, ↵Jim McDonough1-1/+1
otherwise modification of an ACL that contains an ACE with execute only will cause that to be upgraded to read/execute. Side effect is that dirs/files with execute only show up as special permissions, which is still correct. (This used to be commit 8d9dc7d543fd347e47d04157064a2f92fb5c99db)
2007-10-10r4336: Apply some other samba4 SAMR idl that is just too obvious. Don't hardGünther Deschner1-2/+1
set the value "forcibly disconnect remote users from server when logon hours expire" to "no", instead take the value from our account-policy storage. Guenther (This used to be commit e3bd2a22a5cebc4adf6910d3ec31bc6fada8cd35)
2007-10-10r4331: Implement SAMR query_dom_info-call info-level 8 server- and client-side,Günther Deschner1-2/+9
based on samba4-idl. This saves us an enormous amount of totally unnecessary ldap-traffic when several hundreds of winbind-daemons query a Samba3 DC just to get the fake SAM-sequence-number (time(NULL)) by enumerating all users, all groups and all aliases when query-dom-info level 2 is used. Note that we apparently never get the sequence number right (we parse a uint32, although it's a uint64, at least in samba4 idl). For the time being, I would propose to stay with that behaviour. Guenther (This used to be commit f9ab15a986626581000d4b93961184c501f36b93)
2007-10-10r4287: Vampire SAM_DELTA_DOMAIN_INFO.Günther Deschner2-5/+51
Based on samba4-idl. The decoding of account-lockout-string is somewhat experimental though. Guenther (This used to be commit 721bf50d7446b8ce18bc1d45e17d4214d5a43d26)
2007-10-10r4286: Give back 8 byte lm_session_key in Netrsamlogon-reply.Günther Deschner1-1/+3
The old #ifdef JRATEST-block was copying 16 bytes and thus overwriting acct_flags with bizarre values, breaking a lot of things. This patch is successfully running in a production environment for quite some time now and is required to finally allow Exchange 5.5 to access another Exchange Server when both are running on NT4 in a samba-controlled domain. This also allows Exchange Replication to take place, Exchange Administrator to access other Servers in the network, etc. Fixes Bugzilla #1136. Thanks abartlet for helping me with that one. Guenther (This used to be commit bd4c5125d6989cebc90152a23e113b345806c660)
2007-10-10r4268: Merge fix for bugzilla #2150.Tim Potter1-9/+0
(This used to be commit f00ae4ab0c36a623257861fb65373b39cf075921)
2007-10-10r4219: Fix samba3 samr "idl"... According to samba4 idl samr_DomInfo2 contains aVolker Lendecke1-3/+2
comment string and not an unknown 12 byte structure... Found after abartlet's smbtorture extended this string to "Tortured by Samba4: Fri Nov 26 15:40:18 2004 CET" ;-)) Volker (This used to be commit b41d94d8186f66136918432cf32e9dcef5a8bd12)
2007-10-10r4186: Fix client & server to allow 127k READX calls.Jeremy Allison1-1/+1
Jeremy. (This used to be commit 831cb21a874601e4536c2cf76c5351e1d0defcb5)
2007-10-10r4088: Get medieval on our ass about malloc.... :-). Take control of all our ↵Jeremy Allison2-4/+89
allocation functions so we can funnel through some well known functions. Should help greatly with malloc checking. HEAD patch to follow. Jeremy. (This used to be commit 620f2e608f70ba92f032720c031283d295c5c06a)
2007-10-10r3859: Ensure if num_acls is set to 0xFFFF this field is ignored.Jeremy Allison1-0/+6
Use def_acl everywhere instead of dir_acl. Jeremy. (This used to be commit d28611c960f87830aa8449725951984aa155b089)
2007-10-10r3844: Attempt to get the build farm in line. Some systems seem to have definedVolker Lendecke2-3/+3
rewinddir as a macro and don't like the construct to call a function pointer called rewinddir. Work around by renaming the function pointer... Volker (This used to be commit e547308d3ed307a242723076dff9974973fccc97)
2007-10-10r3772: BUG 2006: patch from Michel Gravey <michel.gravey@optogone.com>; fix ↵Gerald Carter1-1/+1
build when using gcc 3.0 (This used to be commit 1bc79a28080f2ff783b49e5cf3adfdfc4a4940ee)
2007-10-10r3713: Implementation of get posix acls in UNIX extensions. Passes valgrind.Jeremy Allison1-0/+71
Need to add printout functions in client and set posix acl in server. SteveF - take a look at this for the cifsfs client ! Once this is working and tested the next step is to write this up for the UNIX extensions spec. documents. Jeremy. (This used to be commit 1bd3f133442a472b4718b94a636f2fec89a2e0dc)
2007-10-10r3705: Nobody has commented, so I'll take this as an ack...Volker Lendecke1-0/+12
abartlet, I'd like to ask you to take a severe look at this! We have solved the problem to find the global groups a user is in twice: Once in auth_util.c and another time for the corresponding samr call. The attached patch unifies these and sends them through the passdb backend (new function pdb_enum_group_memberships). Thus it gives pdb_ldap.c the chance to further optimize the corresponding call if the samba and posix accounts are unified by issuing a specialized ldap query. The parameter to activate this ldapsam behaviour is ldapsam:trusted = yes Volker (This used to be commit b94838aff1a009f8d8c2c3efd48756a5b8f3f989)
2007-10-10r3697: BUG 2027: fix multiple declaration of MD5_CTX (do we really care ↵Gerald Carter1-5/+0
about DOS compilers?). Will watch build farm though. (This used to be commit b59aeb12c86f3630eb40f033b8c2b70e9a57675c)
2007-10-10r3644: Fixup examples VFS compile.Jeremy Allison1-1/+1
Jeremy. (This used to be commit dfa910e4ab498100d0572838f2ac05faec3c917f)
2007-10-10r3642: Extend vfs to add seekdir/telldir/rewinddir. Yes I know I have toJeremy Allison4-4/+37
fix the modules too... First step in fixing out large directories problem. Jeremy. (This used to be commit 344e9dd33a936b429fefb67cd748ac009a1bab10)
2007-10-10r3566: Completely replace the queryuseraliases call. The previous ↵Volker Lendecke1-3/+5
implementation does not exactly match what you would expect. XP workstations during login actually do this, so we should better become a bit more correct. The LDAP query issued is not really fully optimal, but it is a lot faster and more correct than what was there before. The change in passdb.h makes it possible that queryuseraliases is done with a single ldap query. Volker (This used to be commit 2508d4ed1e16c268fc9f3676b0c6a122e070f93d)
2007-10-10r3563: During a typical logon a modern workstation makes a lot of anonymous ↵Volker Lendecke1-0/+1
session setups on its way to open a pipe. This gets rid of many round-trips to the LDAP server during logon by setting up the server_info_guest once and not asking the LDAP server and nss every time. Make sure that the ldap connection is reopened in the child. (I did not look at the sql backends.) Volker (This used to be commit 3298f6105e6a88c9390cac02245c8f2eee1e5046)
2007-10-10r3538: Fix the build with the latest Heimdal code.Jeremy Allison1-6/+2
Jeremy. (This used to be commit 34275bae787762646f02ea1dec19d7b3a9a733a3)
2007-10-10r3495: Fix the build (recent kerberos-changes).Günther Deschner1-1/+3
Guenther (This used to be commit c7eab285d967345510a15e83bce508edb8e06e99)
2007-10-10r3438: fix some kerberos-related prototype warningsGünther Deschner1-0/+3
Guenther (This used to be commit 43c8a9e25961f65677a55e701f54c0227329a756)
2007-10-10r3377: Merge in first part of modified patch from Nalin Dahyabhai ↵Jeremy Allison1-0/+3
<nalin@redhat.com> for bug #1717.The rest of the code needed to call this patch has not yet been checked in (that's my next task). This has not yet been tested - I'll do this once the rest of the patch is integrated. Jeremy. (This used to be commit 7565019286cf44f43c8066c005b1cd5c1556435f)
2007-10-10r3067: patch based on volker's initial work in trunk that fixes the queu ↵Gerald Carter1-1/+7
update problem when using the background daemon (This used to be commit de7af09e727e744aa27af85ef7c0f73ed5c1550a)
2007-10-10r3050: Steal from Samba4 :-). Make us pass most of the new lock tests ↵Jeremy Allison1-2/+1
(except for the cancel lock which I have to add). Jeremy. (This used to be commit cf7f89999e0c6becd4617c812400d1e71b9c0a30)
2007-10-10r2955: fixing a segfault uncovered by the changes for BUG 1519Gerald Carter1-0/+1
(This used to be commit 1664395257eb2425246e200ebde4384aa54484a4)
2007-10-10r2942: Add client-side support of triggering ads printer publishing over msrpcGünther Deschner1-0/+1
setprinter calls inside the net-tool. This is usefull to mimic the same queries a windows-client does. At least win2k returns WERR_IO_PENDING when printer is published via setprinter, samba returns WERR_OK but this does not hurt. Guenther (This used to be commit 69b745fb98b8054d1f52e8a3fe3b933fb04336db)
2007-10-10r2835: Since we always have -I. and -I$(srcdir) in CFLAGS, we can get rid ofTim Potter2-4/+4
'..' from all #include preprocessor commands. This fixes bugzilla #1880 where OpenVMS gets confused about the '.' characters. (This used to be commit 7f161702fa4916979602cc0295919b541912acd6)
2007-10-10r2832: Readd WKGUID-binding to match the correct default-locations of newGünther Deschner1-0/+3
User-, Group- and Machine-Accounts in Active Directory (this got lost during the last trunk-merge). This way we match e.g. default containers moved by redircmp.exe and redirusr.exe in Windows 2003 and don't blindly default to cn=Users or cn=Computers. Further wkguids can be examied via "net ads search wellknownobjects=*". This should still keep a samba3-client joining a samba4 dc. Fixes Bugzilla #1343. Guenther (This used to be commit 8836621694c95779475fa9a1acf158e5e0577288)
2007-10-10r2768: BUG 1519: save the hostname used in the open_printer_ex() for later ↵Gerald Carter1-4/+2
reuse when filling in the spolss replies (also gets rid of get_called_name() (This used to be commit 57db8ca91f52329c7f8985c04463b6b69015b0c4)
2007-10-10r2575: Return correct error codes on old SEARCH call (from Samba4 torture ↵Jeremy Allison1-1/+2
tester). Jeremy. (This used to be commit fc51c97ea86bd1a86830d4ab2c6c7c4ec9fccc88)
2007-10-10r2444: Based on jmcd's patch, implement special lists for the ldap user ↵Volker Lendecke1-0/+2
attributes to delete. Richard, IMHO this is the better solution to the problem you currently have. Please review. Thanks, Volker (This used to be commit 6957d6a8921fbd97747258249d99b505a79cfcb4)
2007-10-10r2388: fix client quota supportStefan Metzmacher1-2/+2
for the client we need the windows path and for server we need unix path metze (This used to be commit 54fd28f5e7b70ce2b192c2037ce28da3fea9ef92)
2007-10-10r2364: Include yp_prot.h before ypclnt.h as AIX 5.2 spits the dummy otherwise.Tim Potter1-3/+3
Bugzilla #1778. (This used to be commit 0f1ffe0f304d367fa5db1cfd92a8f5e365233c1f)
2007-10-10r2248: Merge of tridge's PRINTF_ATTRIBUTE fixes from samba4.Tim Potter1-2/+3
(This used to be commit 53bfb76608efa347d5fe154c5583a5e8e3d53740)
2007-10-10r2246: Some good fixes for HPUX from JBravo on #samba-technical:Tim Potter1-0/+39
- Fix linker options so that stuff actually builds (oops - part of this commit was accidentally made in -r2245) - Add some preprocessor magic to avoid warnings being printed for every single C file being compiled. This was due to a bug in the HPUX system header files. This should make the HPUX build farm machine build again. (This used to be commit 46b9d6dcb5bdd47ea82f904d8fac4efe8dc94c9f)
2007-10-10r2133: Several fixes:Gerald Carter2-3/+4
* BUG 1627: fix for NIS compiles on HPUX 11.00, AIX 4.3 and 5.1 patch from Olaf Flebbe <o.flebbe@science-computing.de>. Will need to watch this one in the build farm. * Fix bug found by rwf@loonybin.net where the PRINT_ATTRIBUTE_PUBLISHED was getting reset by attempts to sanitize the defined attributes (PRINTER_ATTRIBUTE_SAMBA) * Resolve name conflict on DEC OSF-5.1 (inspired by patch from Adharsh Praveen <rprav@india.hp.com>) * Work around parsing error in the print change notify code (not that the alignment bug is still there but reording the entries in the array works around it). * remove duplicate declaration of getprintprocdir from rpcclient. (This used to be commit 7474c6a446037f3ca2546cb6984d800bfc524029)
2007-10-10r2114: Shameless theft of iconv commit from Samba4 to keep the two libs more ↵Jeremy Allison2-8/+7
in sync :-). try to cope with a wider range of UTF-16 characters when we are using an external libiconv library. Jeremy. (This used to be commit 5d04cd6804f6fc3b556e7c3b53fa0d7af39797c1)
2007-10-10r2076: Removed old dir caching code - not being used now we have theJeremy Allison1-1/+0
statcache anyway. New dir caching will be done on nanosecond timestamps. Jeremy. (This used to be commit ba473a580245430009245a4c8b8dcaf9fc4b6406)