Age | Commit message (Collapse) | Author | Files | Lines |
|
* autogenerate lsa ndr code
* rename 'enum SID_NAME_USE' to 'enum lsa_SidType'
* merge a log more security descriptor functions from
gen_ndr/ndr_security.c in SAMBA_4_0
The most embarassing thing is the "#define strlen_m strlen"
We need a real implementation in SAMBA_3_0 which I'll work on
after this code is in.
(This used to be commit 3da9f80c28b1e75ef6d46d38fbb81ade6b9fa951)
|
|
(This used to be commit 1115745caed3093c25d6be01ffee21819fb0a675)
|
|
Jeremy.
(This used to be commit ac06fc42cb9b1e2304d44653614aeaa7c537f34b)
|
|
(This used to be commit e6e54125003373f83e6900668ceb9981e8620776)
|
|
(This used to be commit 761cbd52f0cff6b864c506ec03c94039b6101ef9)
|
|
independently: Change
internal mapping.c functions to return NTSTATUS instead of BOOL.
Volker
(This used to be commit 4ebfc30a28a6f48613098176c5acdfdafbd2941a)
|
|
Remove some unused code: pdb_find_alias is not used anymore, and nobody I
think has ever used the pdb_nop operations for group mapping. smbpasswd and
tdb use the default ones and ldap has its own.
Make the functions pdb_getgr* return NTSTATUS instead of BOOL. Nobody right
now really makes use of it, but it feels wrong to throw away information so
early.
Volker
(This used to be commit f9856f6490fe44fdba97ea86062237d8c74d4bdc)
|
|
* Remove "unknown" from dfs_Enum (samba4 dfs IDL updates to follow).
* When encountering an unsupported infolevel the rpc server must reply
with a dfs_info_0 structure and WERR_OK (observed from w2k3 when talking
to nt4).
Guenther
(This used to be commit f9bef1f08f7d2a4c95c28329ac73e8646f033998)
|
|
argument.
Volker
(This used to be commit 873a5a1211d185fd50e7167d88cbc869f70dfd3f)
|
|
Jeremy.
(This used to be commit 06aea05c52ee770a2dd6465e9e2fcd0ccd8c811d)
|
|
return access denied if the printer still exists after the delete_printer_hook() is called
(This used to be commit c05e2bdc0c068eb832035daea7962ab1a9e787b2)
|
|
and if we do
an update_sam_account later on, we want to also set it using the delete/add
method. As the idealx tools use the replace method, they don't care about what
has been in there before.
Jerry, this is a likely 3.0.23b candidate. Not merging, it's your call :-)
Volker
(This used to be commit f002a3633892fc040f0a6d076723c660bb82a41a)
|
|
(This used to be commit ae6b9b34e59167e3958bfdb9997fa25340b9a0a3)
|
|
we don't get the chainlock when getting the byte range
lock record read-only.
Jeremy.
(This used to be commit fcd798ca0c1b76adb2bcda4a99c40c7aacb0addb)
|
|
(This used to be commit 1e4ee728df7eeafc1b4d533240acb032f73b4f5c)
|
|
fix the messaging code to call the efficient calls :
save_re_uid()
set_effective_uid(0);
messaging_op
restore_re_uid();
instead of using heavyweight become_root()/unbecome_root()
pairs around all messaging code. Fixup the messaging
code to ensure sec_init() is called (only once) so that non-root
processes still work when sending messages.
This is a lighter weight solution to become_root()/unbecome_root()
(which swaps all the supplemental groups) and should be more
efficient. I will migrate all server code over to using this
(a similar technique should be used in the passdb backend
where needed).
Jeremy.
(This used to be commit 4ace291278d9a44f5c577bdd3b282c1231e543df)
|
|
free in the infolevel2 case. Free both queue and
NT_PRINTER_INFO_LEVEL in the same place.
Jeremy.
(This used to be commit 6ac3a4ce78f42949013ae7bd675ff292fb0383ca)
|
|
wasn't being freed - also one enum jobs case where the
NT_PRINTER_INFO_LEVEL and queue weren't being freed.
Strange that Coverity or Klokwork didn't pick these up.
Hopefully will fix #3962.
Jeremy.
(This used to be commit bb264123872bfec42ad85ec0c8afa3a8c7d1811e)
|
|
when viewing or modifying local group membership.
(This used to be commit 41e30a9666e1fb736cd2ba8a5ad9285fcde50d47)
|
|
(This used to be commit 4c4ae01c671bd35687af686a34824a96828e6b25)
|
|
geteuid()==0. Adapt
it to other "Am I root?" checks.
Jerry, Jeremy, please check this!
Thanks,
Volker
(This used to be commit f777b2d294f7258e676976d7807adbb644c85a2f)
|
|
Maybe bzr is not such a bad idea, then you would probably see less spam on
samba-cvs, sorry for that... :-)
Volker
(This used to be commit 41456b498a181c70707ca1ea80288bd7bdcadcdf)
|
|
rpc-lsa test even considers NT_STATUS_RPC_PROTSEQ_NOT_SUPPORTED not to be an
error.
Before someone re-activates this, show me a working sniff please :-)
Volker
(This used to be commit b185fb9fa61d89b612870c2fdd9e112c9e7ae57c)
|
|
it cannot be mapped and not the hex of the RID. Who wrote that?
(This used to be commit 4e51cf34cf4cbe77957d754952369df3a180f974)
|
|
share_mode_forall().
Volker
(This used to be commit f97f6cedffdc4d10afcac90a163b93a801acf514)
|
|
* Make sure to lower case all usernames before
calling the create, delete, or rename hooks.
* Preserve case for usernames in passdb
* Flush the getpwnam cache after renaming a user
* Add become/unbecome root block in _samr_delete_dom_user()
when trying to verify the account's existence.
(This used to be commit bbe11b7a950e7d85001f042bbd1ea3bf33ecda7b)
|
|
lib/sharesec.c
(This used to be commit 220dd4333032aea238066e3fbec9fca51ed16ddf)
|
|
the snum,
and the decision which token to use (conn or vuser) does not really belong
here, it is better done in the two places where this is called.
Volker
(This used to be commit 0a138888adf7a0f04a38cd911e797e1a379e908b)
|
|
login.
Found that because I want to play around with setsharesecurity, for this I
need the "whoami" call figuring out the SID of the currently connected user.
Not activating this test yet until the build farm has picked up the new samba4
revision.
Volker
(This used to be commit 5cfe482841b77208b68376f9e2b8a4a62271f7c9)
|
|
pstrings.
Volker
(This used to be commit c5e393d5eda4e13a844171d9ff319d1f1bac3d84)
|
|
not a dozen
or so. Next step will be to eliminate the explicit snum reference.
Volker
(This used to be commit 6e98f8d6c6cc126b0d27ac574c128be96e50abf3)
|
|
> r16959 | vlendec | 2006-07-11 23:10:44 +0200 (Di, 11 Jul 2006) | 1 line
>
> get_share_security does not need snum, activate RPC-SAMBA3-SRVSVC
Volker
(This used to be commit c89471e15766fcdbfa4f40701e12c19f95c2d8ef)
|
|
Reuse can_create() to prevent renameing a group to
an existing user or group.
(This used to be commit ce7091fda1eb3c7ea0900f455cec48c3b95a17f6)
|
|
(This used to be commit 7d619f127ee70fdd486ffaab4546a53d76a2288c)
|
|
to do the upper layer directories but this is what
everyone is waiting for....
Jeremy.
(This used to be commit 9dafb7f48ca3e7af956b0a7d1720c2546fc4cfb8)
|
|
dfs_Enum.
Guenther
(This used to be commit 4e5ea585c3482c38f2624e45f1268d3864a99faa)
|
|
password changes
Jeremy, please review.
(This used to be commit 154e4a281503f0cbc2e654640f1dfa4b4d35a3cd)
|
|
Jeremy.
(This used to be commit 5c5ea3152f8dbdfd7717b65e035191ffed3ec548)
|
|
Jeremy.
(This used to be commit 433d7a1bc91ff479934a256ff84e6866e16d1f85)
|
|
where we don't correctly check the return from memdup.
Jeremy.
(This used to be commit ce14daf51c7ee2f9c68c77f7f4674e6f0e35c9ca)
|
|
Jeremy.
(This used to be commit 16e42b446bea171c3ad848aefaa92c7404aade42)
|
|
Jeremy.
(This used to be commit cde8323fdc4d4ddaa30e8c59bec89dc130fe26a6)
|
|
I think). If a alloc fails just return NT_STATUS_NO_MEMORY,
don't go to "done" label and deref pointers.
Jeremy.
(This used to be commit 490c7c84674860ecd9daa24341edb427b9fe0aa5)
|
|
1177
In reg_perfcount.c: 1200 1202 1203 1204
In regfio.c: 1243 1245 1246 1247 1251
Jerry, the reg_perfcount and regfio.c ones, can you take a look please? This
is really your code, and I'm not sure I did the right thing to return an
error.
smbcacls.c: 1377
srv_eventlog_nt.c: 1415 1416 1417
srv_lsa_nt.c: 1420 1421
srv_netlog_nt.c: 1429
srv_samr_nt: 1458 1459 1460
Volker
Volker
(This used to be commit d6547d12b1c9f9454876665a5bdb010f46b9f5ff)
|
|
(This used to be commit 21aaede518503e6722ba5ccfdb2c77007d12ddee)
|
|
Make 2 important changes. pdb_get_methods()
returning NULL is a *fatal* error. Don't try
and cope with it just call smb_panic. This
removes a *lot* of pointless "if (!pdb)" handling
code. Secondly, ensure that if samu_init()
fails we *always* back out of a function. That
way we are never in a situation where the pdb_XXX()
functions need to start with a "if (sampass)"
test - this was just bad design, not defensive
programming.
Jeremy.
(This used to be commit a0d368197d6ae6777b7c2c3c6e970ab8ae7ca2ae)
|
|
reason but to increase fidelity with W2k3. Tom Bork has raised valid concerns
that Unix scripts might rely on the account names being lower-case, so keep
that. We might later decide to only lower-case the unix name passed to
'add [user|group] script' but keep the passdb entry upper-case. But there are
enough user-visible changes in 3_0 already so that we should push this off to
a later date.
Tom, waiting for more bug reports from you ;-))
Thanks for insisting!
Volker
(This used to be commit bc78cca290559c5ca7623b9f6d9933e32668b9c4)
|
|
enough of
SetUserInfo level 25 to survive the join method XP uses if the user did not
exist before. For good taste this contains way too much cut&paste, but for a
real fix there is just not enough time.
Up to 3.0.22 we completely ignored that a full level 21 is being sent together
with level 25, but we got away with that because on creation we did not set
the "disabled" flag on the workstation account. Now we correctly follow W2k3
in this regard, and we end up with a disabled workstation after join.
Man, I hate rpc_parse/. The correct fix would be to import PIDL generated samr
parsing, but this is would probably be a bit too much for .23...
Thanks to Tom Bork for finding this one.
Volker
(This used to be commit 5a37aba10551456042266443cc0a92f28f8c3d0d)
|
|
fix this in 3.0 ?
Jeremy.
We had no way to return NT_STATUS_OK from the netlogon serverpwset,
although
we successfully set the machine password...
One thing the samba3 join test found.
Volker
(This used to be commit e5b7acc9b5cb6e8cf3d03c9d392fad06e0d282d9)
|
|
(prevent a segv)
(This used to be commit a2ef525d9e3b4f050cb4e02fad67808d3e916373)
|