Age | Commit message (Collapse) | Author | Files | Lines |
|
as a uint32 - you'll just get it wrong (as I did :-).
Second attempt to fix the Apple client issues.
Jeremy.
(This used to be commit d2aa5bc7aaa9fe11fa4748f99e4ba49be08aa639)
|
|
* start adding write support to the Samba registry
Flesh out the server implementations of
RegCreateKey(), RegSetValue(), RegDeleteKey() and RegDeleteValue()
I can create a new key using regedit.exe now but the 'New Key #1'
key cannot be deleted yet.
(This used to be commit e188fdbef8f0ad202b0ecf3c30be2941ebe6d5b1)
|
|
to the reg_XXX backend. If the backend does not define
a regkey_access_check() function, we default to using the
standard registry_access_check()
(This used to be commit 2f08a904eee772e7d99ae6e3e4c922f74732284f)
|
|
last checking).
* rename unknown field in REG_GETVERSION
* add server stubs for RegDeleteKey() and RegDeleteValue()
(This used to be commit 023728c0595eaef60e357d32a25e2c4cee9e21f4)
|
|
(This used to be commit ce82566badfb907a2f72e2f7d90a7bbbe3811177)
|
|
the code in to snapshot it before I start changing more things
(This used to be commit 560ce111ce8de37d02bce64d2ca60a5f471d5477)
|
|
(This used to be commit a0ac9a8ffd4af31a0ebc423b4acbb2f043d865b8)
|
|
rpcclient-tester for some info-levels.
Jerry, I tried to adopt to prs_pointer() where possible and to not
interfere with your work for usrmgr.
- Add "net rpc trustdom vampire"-tool.
This allows to retrieve Interdomain Trust(ed)-Relationships from
NT4-Servers including cleartext-passwords (still stored in the local
secrets.tdb).
The net-hook was done in cooperation with Lars Mueller
<lmuelle@suse.de>.
To vampire trusted domains simply call:
net rpc trustdom vampire -S nt4dc -Uadmin%pass
Guenther
(This used to be commit 512585293963a1737f831af697ea1dc092d63cb0)
|
|
tested this so I may have screwed this up - however it now follows the
DCE spec. valgrinded tests to follow....
Jeremy.
(This used to be commit 877e0a61f5821c89149b1403d08675dd7db8039e)
|
|
version to 3.0.20pre1
(This used to be commit 9727d05241574042dd3aa8844ae5c701d22e2da1)
|
|
* add RegSaveKey() client function
* add 'net rpc registry save' subcommand
(This used to be commit f35e0a0a8d8df5c39e61ebd34c4aecbc5c9bb635)
|
|
* removing the testprns tool
(This used to be commit 81ffb0dbbbd244623507880c323a3c37e2b8dc4d)
|
|
fairly safe at this point
(This used to be commit 6eaefa1a9a47421e20e346c652c31fd524db8878)
|
|
(This used to be commit a71e104af84810f488f42cb0843976961e6f6ebe)
|
|
MMC manage computer plugin.
(This used to be commit c43c1ec80cb52569ccabcdf95e4004386ecb29d6)
|
|
Volker to commit. Woo Hoo !
Jeremy.
(This used to be commit 316df944a456f150944761dab34add5e8c4ab699)
|
|
for user1* in make_spoolss_q_open_printer_ex()
(This used to be commit f04232cce7f940814828caf80a2ecb8761146b14)
|
|
--enable-developer=yes?
Volker
(This used to be commit 61d40ac60dd9c8c9bbcf92e4fc57fe1d706bc721)
|
|
pieces that
can be taken out of it, so I decided to commit this in one lump. It changes
the passdb enumerating functions to use ldap paged results where possible. In
particular the samr calls querydispinfo, enumdomusers and friends have
undergone significant internal changes. I have tested this extensively with
rpcclient and a bit with usrmgr.exe. More tests and the merge to trunk will
follow later.
The code is based on a first implementation by Günther Deschner, but has
evolved quite a bit since then.
Volker
(This used to be commit f0bb44ac58e190e19eb4e92928979b0446e611c9)
|
|
I need to gather some more information to know if these
extra context id's may be used later. But for now,
pw changes via CTL+ALT+DEL from win2k3sp1 clients work.
(This used to be commit e7189a4e4b2211ce396944559d38056fa5b57f65)
|
|
rename REG_CREATE_VALE -> REG_SET_VALUE
(This used to be commit 28d433351cf813c7fb57ebac0e0f4973c85f73e8)
|
|
Tested client and server code.
(This used to be commit efb3ac4c69c72c0fa01c558951fa357893562bce)
|
|
not provide an
RPC_BUFFER in the request
* add initial (but wire untested) support for RegRestoreKey()
(This used to be commit 22855c7aae940cc4082c231a470f612b8fc6fa0d)
|
|
* add some backwards compatibility to 'net rpc rights list'
* verify privilege name in 'net rpc rights privileges <name>' in order
to give back better error messages.
(This used to be commit 0e29dc8aa384dfa6d2495beb8a9ffb5371e60a13)
|
|
spooler service is SVCCTL_RUNNING.
Configuration details:
Service Type = 0x110
Start Type = 0x2
Error Control = 0x1
Tag ID = 0x0
Executable Path = C:\WINNT\system32\spoolsv.exe
Load Order Group = SpoolerGroup
Dependencies = RPCSS/
Start Name = LocalSystem
Display Name = Print Spooler
(This used to be commit b921bf568835042a43bb0bcb2abd9d36c9d2e43f)
|
|
open and close the service control manager.
Also experimenting with ideas for cli_xxx() interface.
(This used to be commit 4da89ef17b8c4644b97b923cebfe8e446b508b4d)
|
|
pulling back all recent rpc changes from trunk into
3.0. I've tested a compile and so don't think I've missed
any files. But if so, just mail me and I'll clean backup
in a couple of hours.
Changes include \winreg, \eventlog, \svcctl, and
general parse_misc.c updates.
I am planning on bracketing the event code with an
#ifdef ENABLE_EVENTLOG until I finish merging Marcin's
changes (very soon).
(This used to be commit 4e0ac63c36527cd8c52ef720cae17e84f67e7221)
|
|
This will send a shutdown command to the right process by pid read from the sessions list.
(This used to be commit 5d3d025db757f7d48f241142a60a93214f2b47ea)
|
|
all versions of a driver
(This used to be commit 1f0060278609a194b76872367530d2f7bcea7fa7)
|
|
(This used to be commit f9e9a42c0734129100e1cdd4a9ad1539b65ab5bc)
|
|
(This used to be commit 9b0bfd7e6fd1acc85ec53d2fa32d61cd34aa2345)
|
|
segvs
(This used to be commit 25121547caaaed0d60f4db7458570c14e7d21b2a)
|
|
(This used to be commit 277203b5356af58ce62eb4eec0db2eccadeeffd6)
|
|
referencing unknown_6 from sam, because it's just fixed at 1260, the max
len of LOGON_HRS. Need to go in and mark it as "remove me" from passdb.
(This used to be commit ffac752875938d510446ebbeba6fc983f65cda1e)
|
|
This copy was length-limited, which broke when the NTLMv2 response was
more than 128 bytes in length.
Andrew Bartlett
(This used to be commit bae18aaaff7f9eff90db566b9a254a11d281aa01)
|
|
should not say we are a PDC.
Guenther
(This used to be commit 6cdf3b97de2c28ac92f972621b0ce04c1c80cea5)
|
|
(This used to be commit 0c205bcc864c8dc01124a5d654792de0cbf79a63)
|
|
...hmmm... completely bogus. This does not affect us as a domain controller,
as we never set other_sids, but I have *no* idea how winbind got away with it.
Please review thoroughly, samba4 idl looks closer to reality here.
Test case: Member of w2k3 domain, authenticate as a user who is member of one
or more domain local groups. Easiest review with 'client schannel = no'.
Thanks,
Volker
(This used to be commit a0a6388830d9457de3e42686c64bddeba42954f8)
|
|
NT sometimes send garbage bytes in NT security descriptor linearizations
when sending well-known sids. Cope with these.
Jeremy.
(This used to be commit 51b34bb536fdb18c99da1e151eba03ea634e0449)
|
|
Note that Samba3 does not yet support it server-side.
Guenther
(This used to be commit b2c8220931733593fd312fc25b6c73f440b4567a)
|
|
(This used to be commit ccdff4a998405544433aa32938963e4c37962fcc)
|
|
parsing bugs related to that code
(This used to be commit 7bf1312287cc1ec6b97917ba25fc60d6db09f26c)
|
|
(based on Simo's code in trunk). Rewritten with the
following changes:
* privilege set is based on a 32-bit mask instead of strings
(plans are to extend this to a 64 or 128-bit mask before
the next 3.0.11preX release).
* Remove the privilege code from the passdb API
(replication to come later)
* Only support the minimum amount of privileges that make
sense.
* Rewrite the domain join checks to use the SeMachineAccountPrivilege
instead of the 'is a member of "Domain Admins"?' check that started
all this.
Still todo:
* Utilize the SePrintOperatorPrivilege in addition to the 'printer admin'
parameter
* Utilize the SeAddUserPrivilege for adding users and groups
* Fix some of the hard coded _lsa_*() calls
* Start work on enough of SAM replication to get privileges from one
Samba DC to another.
* Come up with some management tool for manipultaing privileges
instead of user manager since it is buggy when run on a 2k client
(haven't tried xp). Works ok on NT4.
(This used to be commit 77c10ff9aa6414a31eece6dfec00793f190a9d6c)
|
|
previous behavior; more checks to come tomorrow
(This used to be commit 9a29bef056f92ef6f1df01f56c121088f84be16b)
|
|
Also fix return of NT_STATUS_NO_MORE_ENTRIES should be
ERROR_NO_MORE_ITEMS reported by "Marcin Porwit" <mporwit@centeris.com>.
Jeremy.
(This used to be commit 511cdec60d431d767fb02f68ca5ddd4ddb59e64a)
|
|
change than I'd hoped for due to formating changes to tidy up code.
Jeremy.
(This used to be commit a348f9221a9fe719dc6f0db6eb295575c2f95e1e)
|
|
set the value "forcibly disconnect remote users from server when logon
hours expire" to "no", instead take the value from our account-policy
storage.
Guenther
(This used to be commit e3bd2a22a5cebc4adf6910d3ec31bc6fada8cd35)
|
|
based on samba4-idl.
This saves us an enormous amount of totally unnecessary ldap-traffic
when several hundreds of winbind-daemons query a Samba3 DC just to get
the fake SAM-sequence-number (time(NULL)) by enumerating all users, all
groups and all aliases when query-dom-info level 2 is used.
Note that we apparently never get the sequence number right (we parse a
uint32, although it's a uint64, at least in samba4 idl). For the time
being, I would propose to stay with that behaviour.
Guenther
(This used to be commit f9ab15a986626581000d4b93961184c501f36b93)
|
|
Based on samba4-idl. The decoding of account-lockout-string is somewhat
experimental though.
Guenther
(This used to be commit 721bf50d7446b8ce18bc1d45e17d4214d5a43d26)
|
|
The old #ifdef JRATEST-block was copying 16 bytes and thus overwriting
acct_flags with bizarre values, breaking a lot of things.
This patch is successfully running in a production environment for quite
some time now and is required to finally allow Exchange 5.5 to access
another Exchange Server when both are running on NT4 in a
samba-controlled domain. This also allows Exchange Replication to take
place, Exchange Administrator to access other Servers in the network,
etc. Fixes Bugzilla #1136.
Thanks abartlet for helping me with that one.
Guenther
(This used to be commit bd4c5125d6989cebc90152a23e113b345806c660)
|