| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
----------------
* bracket the add/delete/set printer scripts with checks for se_print_op
* slight change to the add/set printer script semantics. smbd no longer
relies on output from the script (on stdout) to re-read smb.conf
* remove SIGHUP from set/add/delete printin script code and now just
use MSG_SMB_CONF_UPDATED
* bracket the add/delete/set share scripts with checks for se_print_op
(this includes setting share ACLs)
(This used to be commit 8ab8113d2e1bec6a1dbf464882ad724c7c591be4)
|
|
SE_REMOTE_SHUTDOWN privilege
(This used to be commit d11339b7e3b890b8e01744b6b309efaa7ad328e1)
|
|
privileges RPC calls
(This used to be commit 3f4f2c80fd157796a7ba56f31f921e8a3ce46bc3)
|
|
* rewrote the tdb layout of privilege records in account_pol.tdb
(allow for 128 bits instead of 32 bit flags)
* migrated to using SE_PRIV structure instead of the PRIVILEGE_SET
structure. The latter is now used for parsing routines mainly.
Still need to incorporate some client support into 'net' so
for setting privileges. And make use of the SeAddUserPrivilege
right.
(This used to be commit 41dc7f7573c6d637e19a01e7ed0e716ac0f1fb15)
|
|
(This used to be commit ccdff4a998405544433aa32938963e4c37962fcc)
|
|
parsing bugs related to that code
(This used to be commit 7bf1312287cc1ec6b97917ba25fc60d6db09f26c)
|
|
(This used to be commit 85731706c9d794e8bd3f26ce9b1f881c1ee6a3ba)
|
|
(This used to be commit e8b4cedc2081eeff53d86c2d894632e57a17926f)
|
|
(This used to be commit 4b351f2fcc365a7b7f8c22b5139c299aa54c9458)
|
|
(based on Simo's code in trunk). Rewritten with the
following changes:
* privilege set is based on a 32-bit mask instead of strings
(plans are to extend this to a 64 or 128-bit mask before
the next 3.0.11preX release).
* Remove the privilege code from the passdb API
(replication to come later)
* Only support the minimum amount of privileges that make
sense.
* Rewrite the domain join checks to use the SeMachineAccountPrivilege
instead of the 'is a member of "Domain Admins"?' check that started
all this.
Still todo:
* Utilize the SePrintOperatorPrivilege in addition to the 'printer admin'
parameter
* Utilize the SeAddUserPrivilege for adding users and groups
* Fix some of the hard coded _lsa_*() calls
* Start work on enough of SAM replication to get privileges from one
Samba DC to another.
* Come up with some management tool for manipultaing privileges
instead of user manager since it is buggy when run on a 2k client
(haven't tried xp). Works ok on NT4.
(This used to be commit 77c10ff9aa6414a31eece6dfec00793f190a9d6c)
|
|
Also fix return of NT_STATUS_NO_MORE_ENTRIES should be
ERROR_NO_MORE_ITEMS reported by "Marcin Porwit" <mporwit@centeris.com>.
Jeremy.
(This used to be commit 511cdec60d431d767fb02f68ca5ddd4ddb59e64a)
|
|
return the appropriate reg value. Enforcement to be added soon.
Also, fix account policy tdb upgrade so it doesn't just wipe out everything
that was in there from a a previous version.
(This used to be commit ccae934cf9de4b234bac324b8d878c8ec7862f67)
|
|
unlocks) to be set and displayed in User Manager.
Guenther
(This used to be commit 8fd7e26fa12a4102def630efa421fad70f3affb1)
|
|
Samba DC to join clients to the domain -- needs more testing and security review but does work with initial testing
(This used to be commit 9ade9bf49c7125fb29658f943e9ebb6be9496180)
|
|
(This used to be commit 7fa2caec5ec2de4c5e7359621745a65ca9df255c)
|
|
Guenther
(This used to be commit 0930ad662770278cbe9fd4e3deaa523957b96697)
|
|
Guenther
(This used to be commit 5e6ce9a6e3d62190da5427ed7b5e2f2ac22a0c34)
|
|
set the value "forcibly disconnect remote users from server when logon
hours expire" to "no", instead take the value from our account-policy
storage.
Guenther
(This used to be commit e3bd2a22a5cebc4adf6910d3ec31bc6fada8cd35)
|
|
based on samba4-idl.
This saves us an enormous amount of totally unnecessary ldap-traffic
when several hundreds of winbind-daemons query a Samba3 DC just to get
the fake SAM-sequence-number (time(NULL)) by enumerating all users, all
groups and all aliases when query-dom-info level 2 is used.
Note that we apparently never get the sequence number right (we parse a
uint32, although it's a uint64, at least in samba4 idl). For the time
being, I would propose to stay with that behaviour.
Guenther
(This used to be commit f9ab15a986626581000d4b93961184c501f36b93)
|
|
(This used to be commit 0f26ba5226fab5b86031a0df6fba16b8e6af6e7d)
|
|
comment string and not an unknown 12 byte structure...
Found after abartlet's smbtorture extended this string to
"Tortured by Samba4: Fri Nov 26 15:40:18 2004 CET"
;-))
Volker
(This used to be commit b41d94d8186f66136918432cf32e9dcef5a8bd12)
|
|
Jeremy.
(This used to be commit 72e39041e9fbb7f252292182d56b1927a8133be0)
|
|
and avoid the call to print_access_chaeck()
(This used to be commit 426634df9c221fbe4f48b4ff9d1b4b8426a581f7)
|
|
allocation
functions so we can funnel through some well known functions. Should help greatly with
malloc checking.
HEAD patch to follow.
Jeremy.
(This used to be commit 620f2e608f70ba92f032720c031283d295c5c06a)
|
|
(This used to be commit 12440744ba36445186042c8c254785766cce5385)
|
|
Jeremy.
(This used to be commit 9d367ac636d7d88cd4756531bd8412f8d6d16d14)
|
|
This fixes Bugzilla #1076 and Exchange 5.5 SP4 can then be finally
installed on NT4 in a samba-controlled domain.
Guenther
(This used to be commit bb191c1098dea06bf2cd89276c74e32279fbb3d4)
|
|
abartlet, I'd like to ask you to take a severe look at this!
We have solved the problem to find the global groups a user is in twice: Once
in auth_util.c and another time for the corresponding samr call. The attached
patch unifies these and sends them through the passdb backend (new function
pdb_enum_group_memberships). Thus it gives pdb_ldap.c the chance to further
optimize the corresponding call if the samba and posix accounts are unified by
issuing a specialized ldap query.
The parameter to activate this ldapsam behaviour is
ldapsam:trusted = yes
Volker
(This used to be commit b94838aff1a009f8d8c2c3efd48756a5b8f3f989)
|
|
implementation does
not exactly match what you would expect.
XP workstations during login actually do this, so we should better become a
bit more correct. The LDAP query issued is not really fully optimal, but it is
a lot faster and more correct than what was there before. The change in
passdb.h makes it possible that queryuseraliases is done with a single ldap
query.
Volker
(This used to be commit 2508d4ed1e16c268fc9f3676b0c6a122e070f93d)
|
|
enforce printername == sharename for spoolss printing
(This used to be commit d47b8a0b4f348171df35b3b0028ce7d99fab8af3)
|
|
(This used to be commit 3760464193c540e82f0ba4e61d1d3b96a9803aca)
|
|
fill in the title bar of the port monitor window and unless we get it right, you cannot open the printer properties from the port monitor window
(This used to be commit fc691572c9ba5ae85c63db5202b7777efdbf7260)
|
|
standard_sub_snum() to use the current user's gid; add some (snum == -1) checks to standard_sub_advanced()
(This used to be commit 8c3fd1908d201e9891878ff4c3259ed9690dff97)
|
|
(This used to be commit 1664395257eb2425246e200ebde4384aa54484a4)
|
|
add unnecessary double slashes to the servername
(This used to be commit 859599dbcaa9e39a7902cc959955fcea2dad334b)
|
|
I've been grumbling about under-efficient calls in SAMR, and finally
got around to fixing some of them.
We now call sys_getgroups() (which in turn calls initgroups(), until
glibc 3.4 is released) to figure out a user's group membership. This
is far, far more efficient than scanning all the groups looking for a
match, and is still the 'posix way', just using an effiecient call.
The seperate issue of 'who is in this group' remains, but this one has
been biting some people.
I need to talk to VL about how best to exersise nasty corner cases,
but my initial tests hold strong. (The code is also much simpiler
than before, which has to count for something :-)
Andrew Bartlett
(This used to be commit dc19f161698dab5b71d61fa2bacc7e7b8da5fbba)
|
|
in finding out who is causing the massive performance problems with
large LDAP directories.
Andrew Bartlett
(This used to be commit f16ed2616a67c412bc9b78354a5faf673e64cf42)
|
|
64bit AMD platform.
(This used to be "Windows AMD64" and "AMD64" in one of the release
candidates of SP2 for Windows XP. AMD64 is obviously still supported but
not documented.)
Guenther
(This used to be commit cc5892f0411b8eb5daebe746164a2cf21d3d4c68)
|
|
reuse when filling in the spolss replies (also gets rid of get_called_name()
(This used to be commit 57db8ca91f52329c7f8985c04463b6b69015b0c4)
|
|
Andrew Bartlett
(This used to be commit 1833d0ab724d88411ebd79ac26f5642e7c8cfee3)
|
|
- fix typo in libads/ldap_printer.c:39, ads_find_printer_on_server()
(originally libads-typo.patch)
- fix leak in printing/nt_printing.c, is_printer_published()
(originally is_printer_published-leak.patch)
- fix double print_backend_init() calls, now only called from main()
- restructuring in printing/nt_printing.c
- replaced (un)publish_it() with ads-specific functions
- moved common code to nt_printer_publish()
- improved error handling in several places
- added check_published_printers() in printing/nt_printing.c, to verify
that each published printer is actually in the directory at startup
- changed calling semantics of mod_a_printer, dump_a_printer, and
update_driver_init to be more consistent with the rest of the api and
reduce some copying
(This used to be commit 50a5a3dbd02acb0d09133b6e42cc37d091ea901d)
|
|
user is deleted first before deleting UNIX user (LDAP backend
needs this ordering).
Jeremy.
(This used to be commit 2815b31e013e517a58027ba74f118209caf4d85f)
|
|
relationships.
Jeremy.
(This used to be commit b910e530027c19c4e505314a91ffcb72f20d8f09)
|
|
(This used to be commit f836be323a233f3a28cbaa04c532e83ea98ead89)
|
|
The purpose of this patch is to avoid changing the machine account
password, when it has 'already been changed'. This occours in
situations where the secure channel between the workstation and the DC
breaks down, such as occoured in the MS04-11 security patch. This
avoids LDAP replication load issues, due to the client changing the
password repeatedly.
We also now set the LM password to NULL explicitly, rather than the NT
password value, as this is what we get out of a vampire, or when a
long password is set (as XP seems to do these days).
Andrew Bartlett
(This used to be commit 1ad1317a815898b52b1803211ab7b502e331e782)
|
|
* BUG 1627: fix for NIS compiles on HPUX 11.00, AIX 4.3 and 5.1
patch from Olaf Flebbe <o.flebbe@science-computing.de>.
Will need to watch this one in the build farm.
* Fix bug found by rwf@loonybin.net where the PRINT_ATTRIBUTE_PUBLISHED
was getting reset by attempts to sanitize the defined attributes
(PRINTER_ATTRIBUTE_SAMBA)
* Resolve name conflict on DEC OSF-5.1 (inspired by patch from
Adharsh Praveen <rprav@india.hp.com>)
* Work around parsing error in the print change notify code
(not that the alignment bug is still there but reording the
entries in the array works around it).
* remove duplicate declaration of getprintprocdir from rpcclient.
(This used to be commit 7474c6a446037f3ca2546cb6984d800bfc524029)
|
|
Thanks to Jonas Olsson for the bug report & fix.
Volker
(This used to be commit de0eaf7be7d0c3aaf4e17b63653ca68b4332c982)
|
|
Jeremy.
(This used to be commit 77bddd40b0a3cb9d2a95b61c098468d3d98e41b0)
|
|
memory cache associated with open printer handles; also make sure that register_messages_flags() doesn't overwrite the originally registers flags
(This used to be commit 540daf71d8ad189af5dd6d45aa1ce2b3d67da752)
|
|
* add IA64 to the architecture table of printer-drivers
* add new "net"-subcommands:
net rpc printer migrate {drivers|printers|forms|security|settings|all}
[printer]
net rpc share migrate {shares|files|all} [share]
this is the first part of the migration suite. this will will (once
feature-complete) allow to do 1:1 server-cloning in the best possible way by
making heavy use of samba's rpc_client-functions. all migration-steps
are implemented as rpc/smb-client-calls; net communicates via rpc/smb
with two servers at the same time (a remote, source server and a
destination server that currently defaults to the local smbd). this
allows e. g. printer-driver migration including driverfiles, recursive
mirroring of file-shares including file-acls, etc. almost any migration
step can be called with a migrate-subcommand to provide more flexibility
during a migration process (at the cost of quite some redundancy :) ).
"net rpc printer migrate settings" is still in a bad condition (many
open questions that hopefully can be adressed soon).
"net rpc share migrate security" as an isolated call to just migrate
share-ACLs will be added later.
Before playing with it, make sure to use a test-server. Migration is a
serious business and this tool-set can perfectly overwrite your
existing file/print-shares.
* along with the migration functions had to make I the following
changes:
- implement setprinter level 3 client-side
- implement net_add_share level 502 client-side
- allow security descriptor to be set in setprinterdata level 2
serverside
guenther
(This used to be commit 8f1716a29b7e85baf738bc14df7dabf03762f723)
|
