summaryrefslogtreecommitdiff
path: root/source3/lib
AgeCommit message (Collapse)AuthorFilesLines
2007-10-10r5203: additional changes for BUG 2291 to restrict who can join a BDC and ↵Gerald Carter1-1/+1
add domain trusts (This used to be commit 5ec1faa2ad33772fb48c3863e67d2ce4be726bb2)
2007-10-10r5174: ensure that we consistently use the current_user_info.smb_name vs. ↵Gerald Carter1-0/+12
smb_name when parsing smb.conf and reloading config files (This used to be commit be537eaebe84b2ccae089e5982263df8a96e7a5b)
2007-10-10r5163: Fix bugzilla 2062:Jim McDonough1-1/+6
turn off broadcast for all 390 NICs. (This used to be commit d159a5013e96a1188599a3fa0bff108fa6f6679b)
2007-10-10r5158: BUG 2263: patch from Timur Bakeyev <timur@com.bat.ru> to guard ↵Gerald Carter1-4/+10
base64_encode_data_blob() against empty blobs (This used to be commit 17239d609f63ae5bd6826e580876c27e8c92d6fa)
2007-10-10r5150: consolidate the samr_make.*obj_sd() functions to share codeGerald Carter1-39/+0
(This used to be commit 5bd03d59263ab619390062c1d023ad1ba54dce6a)
2007-10-10r5127: Fix Bug 2289 -- thanks to jason@ncac.gwu.eduVolker Lendecke1-2/+1
(This used to be commit 8c35c3bf2ed65d2b93feb0f419e1c7785fba7764)
2007-10-10r5100: We should only care about case-sensitivity when *reading* an incomingJeremy Allison1-2/+2
filename, not returning one. Makes us pass one more Samba4 RAW-SEARCH test. Jeremy. (This used to be commit 228d1e1649a0b4952eb5603cb5e1851cdc8f0c72)
2007-10-10r5066: A couple of small fixes from James Peach @ SGI.Jeremy Allison2-2/+7
Jeremy. (This used to be commit 9d131e94195df79e07c8fad20e12ba1b67441a81)
2007-10-10r5015: (based on abartlet's original patch to restrict password changes)Gerald Carter1-4/+74
* added SE_PRIV checks to access_check_samr_object() in order to deal with the run-time security descriptor and their interaction with user rights * Reordered original patch in _samr_set_userinfo[2] to still allow root/administrative password changes for users and machines. (This used to be commit f9f9e6039bd9443d54445e41c3783a2be18925fb)
2007-10-10r4995: fail set_privileges() if 'enable privileges = no' to prevent confused ↵Gerald Carter1-0/+3
admins who never read what I write :-) (This used to be commit 1d7a636e0e7f8a0bc3d3ae04b40f79db7f08d619)
2007-10-10r4989: Display failed LDAP-server-uri.Günther Deschner1-1/+2
Guenther (This used to be commit d433c7b476005064b9cfd339bbd8a25b40de59c1)
2007-10-10r4925: Migrate Account Policies to passdb (esp. replicating ldapsam).Günther Deschner2-100/+412
Does automated migration from account_policy.tdb v1 and v2 and offers a pdbedit-Migration interface. Jerry, please feel free to revert that if you have other plans. Guenther (This used to be commit 75af83dfcd8ef365b4b1180453060ae5176389f5)
2007-10-10r4917: Merge some of Derrell.Lipman@UnwiredUniverse.com obvious fixes.Jeremy Allison1-2/+2
Added text explaining units in pdbedit time fields. Jeremy. (This used to be commit 3d09c15d8f06ad06fae362291a6c986f7b6107e6)
2007-10-10r4849: * finish SeAddUsers support in srv_samr_nt.cGerald Carter1-7/+18
* define some const SE_PRIV structure for use when you need a SE_PRIV* to a privilege * fix an annoying compiler warngin in smbfilter.c * translate SIDs to names in 'net rpc rights list accounts' * fix a seg fault in cli_lsa_enum_account_rights caused by me forgetting the precedence of * vs. [] (This used to be commit d25fc84bc2b14da9fcc0f3c8d7baeca83f0ea708)
2007-10-10r4840: * Add more generic root-dse inspection function to check for givenGünther Deschner1-0/+101
controls or extensions. * Check and remember if ldapsam's LDAP Server support paged results (in preparation of adding async paged-results to set|get|end-sampwent in ldapsam). Guenther (This used to be commit ced58bd8849cdef78513674dff1b1ec331945aa9)
2007-10-10r4822: fix return code when you ask for a non-privileged SID via one of the ↵Gerald Carter1-0/+9
privileges RPC calls (This used to be commit 3f4f2c80fd157796a7ba56f31f921e8a3ce46bc3)
2007-10-10r4809: * include SeDiskOperatorPrivilege and SeRemoteShutdownPrivilegeGerald Carter1-88/+25
(noty enfornced yet though) * add 'enable privileges (off by default) to control whether or not any privuleges can be assigned to SIDs (This used to be commit cf63519169d2f3c56a6acf46b9257f4c11d5ea74)
2007-10-10r4805: Last planned change to the privileges infrastructure:Gerald Carter1-120/+309
* rewrote the tdb layout of privilege records in account_pol.tdb (allow for 128 bits instead of 32 bit flags) * migrated to using SE_PRIV structure instead of the PRIVILEGE_SET structure. The latter is now used for parsing routines mainly. Still need to incorporate some client support into 'net' so for setting privileges. And make use of the SeAddUserPrivilege right. (This used to be commit 41dc7f7573c6d637e19a01e7ed0e716ac0f1fb15)
2007-10-10r4746: add server support for lsa_enum_acct_rights(); last checkin for the nightGerald Carter1-0/+16
(This used to be commit ccdff4a998405544433aa32938963e4c37962fcc)
2007-10-10r4742: add server support for lsa_add/remove_account_rights() and fix some ↵Gerald Carter1-12/+65
parsing bugs related to that code (This used to be commit 7bf1312287cc1ec6b97917ba25fc60d6db09f26c)
2007-10-10r4736: small set of merges from rtunk to minimize the diffsGerald Carter1-1/+1
(This used to be commit 4b351f2fcc365a7b7f8c22b5139c299aa54c9458)
2007-10-10r4731: Fix the buildVolker Lendecke1-1/+2
(This used to be commit 340d7f317332f159460d04db8ccc75116c83d234)
2007-10-10r4724: Add support for Windows privileges in Samba 3.0Gerald Carter3-219/+526
(based on Simo's code in trunk). Rewritten with the following changes: * privilege set is based on a 32-bit mask instead of strings (plans are to extend this to a 64 or 128-bit mask before the next 3.0.11preX release). * Remove the privilege code from the passdb API (replication to come later) * Only support the minimum amount of privileges that make sense. * Rewrite the domain join checks to use the SeMachineAccountPrivilege instead of the 'is a member of "Domain Admins"?' check that started all this. Still todo: * Utilize the SePrintOperatorPrivilege in addition to the 'printer admin' parameter * Utilize the SeAddUserPrivilege for adding users and groups * Fix some of the hard coded _lsa_*() calls * Start work on enough of SAM replication to get privileges from one Samba DC to another. * Come up with some management tool for manipultaing privileges instead of user manager since it is buggy when run on a 2k client (haven't tried xp). Works ok on NT4. (This used to be commit 77c10ff9aa6414a31eece6dfec00793f190a9d6c)
2007-10-10r4651: Add "refuse machine password change" policy field. This update will justJim McDonough1-14/+52
return the appropriate reg value. Enforcement to be added soon. Also, fix account policy tdb upgrade so it doesn't just wipe out everything that was in there from a a previous version. (This used to be commit ccae934cf9de4b234bac324b8d878c8ec7862f67)
2007-10-10r4581: From Derrell.Lipman@UnwiredUniverse.com. Use nanosleep instead of selectJeremy Allison1-1/+14
when we have it in smb_msleep. Jeremy. (This used to be commit 465c207ffbcd5ee859faee282ef220a6c72e4eeb)
2007-10-10r4545: Fix based on work by Derrell.Lipman@UnwiredUniverse.com :Jeremy Allison1-4/+26
* In an application with signals, it was possible for functions to block indefinitely while awaiting timeouts. This patch ensures that if a system call with a timeout is aborted and needs to be restarted, it is restarted with a timeout which is adjusted for the amount of time already waited. Jeremy. (This used to be commit 3a0d426764ab8bac561a47329500a03a52a00fa3)
2007-10-10r4334: Fix for bugid #2186 - from Buck Huppmann <buckh@pobox.com>Jeremy Allison1-0/+8
to prevent uninitialized creds being freed. Jeremy. (This used to be commit c3f9c81a8fcb26f7110f75b3096d5d1eb30aac13)
2007-10-10r4306: Couple more MALLOC fixes from albert chin (china@thewrittenword.com).Jeremy Allison1-1/+1
Jeremy. (This used to be commit c5a8bf3335606c070e1c74f339ea4c22d0adfa57)
2007-10-10r4305: Fix from Albert Chin (china@thewrittenword.com) to fix theJeremy Allison2-6/+6
earlier malloc changes. Jeremy. (This used to be commit da7ef2517162740bc61a81ae814d48348aa513d5)
2007-10-10r4296: Patch from William Jojo <jojowil@hvcc.edu> to fix HPUX sendfile and addJeremy Allison1-1/+57
configure.in tests and code for sendfile on AIX. Jeremy. (This used to be commit f08aceb9882fb1df1e1e28179f87ac5c3d5afa45)
2007-10-10r4291: More *alloc fixes inspired by Albert Chin (china@thewrittenword.com).Jeremy Allison3-35/+34
Jeremy (This used to be commit efc1b688cf9b1a17f1a6bf46d481280ed8bd0c46)
2007-10-10r4289: Close LDAP-Connection before retrying to open a new connection in theGünther Deschner1-0/+1
retry-loop. This fixes a deadlock-situation when ldapsam is used with the ldapi interface: getpeername won't fail while trying to detect dead connections on unix domain sockets. When the ldapi-connection was closed server-side (due to OpenLDAP's idletimeout) we *never* got a new LDAP connection. Guenther (This used to be commit ac8032bacff10451fa03f155d43f0d20389512fa)
2007-10-10r4270: Add some const as a fix for bugzilla #2135.Tim Potter1-1/+1
(This used to be commit ad8fdcc6fdb08d206d324a152300933661c72c4b)
2007-10-10r4256: Add a patch from kllin@it.su.se: New Parameter 'afs token lifetime' ↵Volker Lendecke1-1/+5
tells the AFS client when to throw away a token. Thanks, Volker (This used to be commit 836a8277b2281bcdb6eab8339b05bec61b49eb74)
2007-10-10r4252: Comment clarification from Love Hörnquist Åstrand <lha@stacken.kth.se>.Volker Lendecke1-3/+7
Thanks, Volker (This used to be commit 207625c7ab8ce41d7b59981e6a767dc299178335)
2007-10-10r4241: More *alloc fixes.Jeremy Allison1-2/+7
Jeremy. (This used to be commit ec9606f00b52eb0d3a1a4c5eb98d171660ef19ad)
2007-10-10r4236: More *alloc fixes.Jeremy Allison1-6/+6
Jeremy. (This used to be commit 6b25a6e088390d33314ca69c8f17c869cec3904b)
2007-10-10r4217: Fix open_any_socket_out.Volker Lendecke1-13/+27
This was a missing merge from HEAD or rather a commit to 3_0 from the wrong source. Fixed slightly over HEAD, HEAD merge will follow. Deal with connection refused according to the specs. Volker (This used to be commit 7230cb87eba2c296217bb0255893c55ae5d695d3)
2007-10-10r4126: Fix from Björn Jacke <bjoern@j3e.de> for bugid #2040 - ensure the localeJeremy Allison1-0/+9
is reset to C to get ASCII-compatible toupper/lower functions. Jeremy. (This used to be commit 8e1b1693abf1e6eb46b23a5fa56776fc2ede7982)
2007-10-10r4120: Never, ever, doubt valgrind :-). Fix order of evaluation bug that's ↵Jeremy Allison2-12/+6
been in the bitmap code for ever. Remove silly extra space in paranoid malloc. Jeremy. (This used to be commit 0a7d17bc9b178628da371e627014412e9bef5d42)
2007-10-10r4088: Get medieval on our ass about malloc.... :-). Take control of all our ↵Jeremy Allison36-192/+355
allocation functions so we can funnel through some well known functions. Should help greatly with malloc checking. HEAD patch to follow. Jeremy. (This used to be commit 620f2e608f70ba92f032720c031283d295c5c06a)
2007-10-10r4032: Fix bug #2110 - ensure we convert to ucs2 correctly.Jeremy Allison2-12/+11
Jeremy. (This used to be commit a1e5a2a6ab1abc9add7a606e2e3f2d6c88dcf96c)
2007-10-10r4009: Fix from Timur Bakeyev <timur@com.bat.ru> for bugid #2100,Jeremy Allison1-1/+4
change the way we check for errors after a dlopen (which may set internal warnings which get picked up by mistake in dlsym). Jeremy (This used to be commit 6711cb8b02f96d04af82d30b1274f76dc5461dc2)
2007-10-10r3946: Fix for bugid #2085 reported by Jason Mader <jason@ncac.gwu.edu>. Use ↵Jeremy Allison1-1/+1
consistent enum type for Protocol extern. Jeremy. (This used to be commit 65dfae7ea45d4c9452b2a08efa09b01d870142f3)
2007-10-10r3944: Fix the problem we get on Linux where sendfile fails, but we've ↵Jeremy Allison1-2/+26
already sent the header using send(). As our implementation of sendfile can't return EINTR (it restarts in that case) use an errno of EINTR to signal the linux sendfile fail after header case. When that happens send the rest of the data and then turn off sendfile. Sendfile should be safe to enable on all systems now (even though it may not help in all performance cases). Jeremy. (This used to be commit 78236382f7ffe08d7924907be49493779521837f)
2007-10-10r3940: typo.Günther Deschner1-1/+1
Guenther (This used to be commit 412ff4a129c5e719aa4d4e4856500ff59c82b939)
2007-10-10r3857: Shut up gcc about erroneous "used uninitialised" warning.Jeremy Allison1-3/+3
Jeremy. (This used to be commit ac9b91d805c3ee68119d4b25ab05ed043f0ab8f1)
2007-10-10r3843: If a connection to a DC is requested, open connections ↵Volker Lendecke1-0/+136
simultaeneously to all DCs found. The first one to reply wins. Volker (This used to be commit 84ac54aef2bd56b5c889d3b05b8828aceb8ae00e)
2007-10-10r3705: Nobody has commented, so I'll take this as an ack...Volker Lendecke2-13/+93
abartlet, I'd like to ask you to take a severe look at this! We have solved the problem to find the global groups a user is in twice: Once in auth_util.c and another time for the corresponding samr call. The attached patch unifies these and sends them through the passdb backend (new function pdb_enum_group_memberships). Thus it gives pdb_ldap.c the chance to further optimize the corresponding call if the samba and posix accounts are unified by issuing a specialized ldap query. The parameter to activate this ldapsam behaviour is ldapsam:trusted = yes Volker (This used to be commit b94838aff1a009f8d8c2c3efd48756a5b8f3f989)
2007-10-10r3702: This is a getpwnam-cache. It is mainly to speed up Samba with slow nssVolker Lendecke1-0/+43
backends such as nss_ldap. Volker (This used to be commit a8bd0b75042f73b753fc1cb8a52e6e90372fd1fe)