Age | Commit message (Collapse) | Author | Files | Lines |
|
Reuse can_create() to prevent renameing a group to
an existing user or group.
(This used to be commit ce7091fda1eb3c7ea0900f455cec48c3b95a17f6)
|
|
(This used to be commit 7d619f127ee70fdd486ffaab4546a53d76a2288c)
|
|
to do the upper layer directories but this is what
everyone is waiting for....
Jeremy.
(This used to be commit 9dafb7f48ca3e7af956b0a7d1720c2546fc4cfb8)
|
|
dfs_Enum.
Guenther
(This used to be commit 4e5ea585c3482c38f2624e45f1268d3864a99faa)
|
|
password changes
Jeremy, please review.
(This used to be commit 154e4a281503f0cbc2e654640f1dfa4b4d35a3cd)
|
|
Jeremy.
(This used to be commit 5c5ea3152f8dbdfd7717b65e035191ffed3ec548)
|
|
Jeremy.
(This used to be commit 433d7a1bc91ff479934a256ff84e6866e16d1f85)
|
|
where we don't correctly check the return from memdup.
Jeremy.
(This used to be commit ce14daf51c7ee2f9c68c77f7f4674e6f0e35c9ca)
|
|
Jeremy.
(This used to be commit 16e42b446bea171c3ad848aefaa92c7404aade42)
|
|
Jeremy.
(This used to be commit cde8323fdc4d4ddaa30e8c59bec89dc130fe26a6)
|
|
I think). If a alloc fails just return NT_STATUS_NO_MEMORY,
don't go to "done" label and deref pointers.
Jeremy.
(This used to be commit 490c7c84674860ecd9daa24341edb427b9fe0aa5)
|
|
1177
In reg_perfcount.c: 1200 1202 1203 1204
In regfio.c: 1243 1245 1246 1247 1251
Jerry, the reg_perfcount and regfio.c ones, can you take a look please? This
is really your code, and I'm not sure I did the right thing to return an
error.
smbcacls.c: 1377
srv_eventlog_nt.c: 1415 1416 1417
srv_lsa_nt.c: 1420 1421
srv_netlog_nt.c: 1429
srv_samr_nt: 1458 1459 1460
Volker
Volker
(This used to be commit d6547d12b1c9f9454876665a5bdb010f46b9f5ff)
|
|
(This used to be commit 21aaede518503e6722ba5ccfdb2c77007d12ddee)
|
|
Make 2 important changes. pdb_get_methods()
returning NULL is a *fatal* error. Don't try
and cope with it just call smb_panic. This
removes a *lot* of pointless "if (!pdb)" handling
code. Secondly, ensure that if samu_init()
fails we *always* back out of a function. That
way we are never in a situation where the pdb_XXX()
functions need to start with a "if (sampass)"
test - this was just bad design, not defensive
programming.
Jeremy.
(This used to be commit a0d368197d6ae6777b7c2c3c6e970ab8ae7ca2ae)
|
|
reason but to increase fidelity with W2k3. Tom Bork has raised valid concerns
that Unix scripts might rely on the account names being lower-case, so keep
that. We might later decide to only lower-case the unix name passed to
'add [user|group] script' but keep the passdb entry upper-case. But there are
enough user-visible changes in 3_0 already so that we should push this off to
a later date.
Tom, waiting for more bug reports from you ;-))
Thanks for insisting!
Volker
(This used to be commit bc78cca290559c5ca7623b9f6d9933e32668b9c4)
|
|
enough of
SetUserInfo level 25 to survive the join method XP uses if the user did not
exist before. For good taste this contains way too much cut&paste, but for a
real fix there is just not enough time.
Up to 3.0.22 we completely ignored that a full level 21 is being sent together
with level 25, but we got away with that because on creation we did not set
the "disabled" flag on the workstation account. Now we correctly follow W2k3
in this regard, and we end up with a disabled workstation after join.
Man, I hate rpc_parse/. The correct fix would be to import PIDL generated samr
parsing, but this is would probably be a bit too much for .23...
Thanks to Tom Bork for finding this one.
Volker
(This used to be commit 5a37aba10551456042266443cc0a92f28f8c3d0d)
|
|
fix this in 3.0 ?
Jeremy.
We had no way to return NT_STATUS_OK from the netlogon serverpwset,
although
we successfully set the machine password...
One thing the samba3 join test found.
Volker
(This used to be commit e5b7acc9b5cb6e8cf3d03c9d392fad06e0d282d9)
|
|
(prevent a segv)
(This used to be commit a2ef525d9e3b4f050cb4e02fad67808d3e916373)
|
|
this one.
Volker
(This used to be commit c6bf2c8922e612278349fe53ca11f6be6c819009)
|
|
samr_query_domain_info(2) for consistency reasons.
Guenther
(This used to be commit 870495e2c8628deee0498e68cc1d93abfbc56da4)
|
|
difference between samr_query_domain_info and samr_query_domain_info2,
wrap the info2 call around the info call. There have been various "could
not access LDAP when not root" bugs lurking around in
samr_query_domain_info2 anyway.
Guenther
(This used to be commit 3e181b46bea87797d654d57a6c8231cba6ff5a7b)
|
|
Guenther
(This used to be commit 6ed7d7fa70e3f750f921192c0f75594d608875b7)
|
|
Also return the hostname for the level 6 call (to be consistent with the
server name in level 2).
Guenther
(This used to be commit 41b72e77ae70c96de4659af6b4b6bd842dd67981)
|
|
name eversince instead of the domain name when we are a DC.
Yes, there are applications relying on this call to be correct.
Guenther
(This used to be commit 26dd22c9af8caf3db236984e4683ba210376ca59)
|
|
BUILTIN\Administrators
(This used to be commit a02933c9589e34488f289cbc40f77f6864a58367)
|
|
check.
Jeremy.
(This used to be commit 9f676603aaf84829d52dc8d0e0872a058a4d3d4e)
|
|
(This used to be commit 037f9f831e001a12261419e37c725558dd717af9)
|
|
With this change (and setting lanman auth = no in smb.conf)
we have *identical* NTLMSSP flags to W2K3 in SPNEGO auth.
Jeremy
(This used to be commit 93ca3eee55297eb7fdd38fca38103ce129987e2a)
|
|
does not
have the timeout argument in Samba4. Add a new routine
tdb_lock_bystring_with_timeout.
Volker
(This used to be commit b9c6e3f55602fa505859a4b2cd137b74105d685f)
|
|
Guenther
(This used to be commit 3ff278b852b4085461127bc7ccb2c5dba81fb3c8)
|
|
servers. Also add a new "net rpc audit" tool. The lsa query infolevels
were taken from samb4 IDL, the lsa policy flags and categories are
partly documented on msdn. I need to cleanup the double
lsa_query_info_policy{2}{_new} calls next.
Guenther
(This used to be commit 0fed66926f4b72444abfc8ffb8c46cca8d0600aa)
|
|
Jeremy.
(This used to be commit 0217f7d7bf4c8b5b7de2433485fb6f78b62ac817)
|
|
Jeremy.
(This used to be commit 363d31c9ec2d2a4429ab4d26b3d7c78b76f60626)
|
|
Guenther
(This used to be commit 6c4fe819c69f281915ad0f4c3bde4dfb194aa33a)
|
|
* Finally fix parsing idmap uid/gid ranges not to break with spaces
surrounding the '-'
* Allow local groups to renamed by adding info level 2 to
_samr_set_aliasinfo()
* Fix parsing bug in _samr_del_dom_alias() reply
* Prevent root from being deleted via Samba
* Prevent builting groups from being renamed or deleted
* Fix bug in pdb_tdb that broke renaming user accounts
* Make sure winbindd is running when trying to create the Administrators
and Users BUILTIN groups automatically from smbd (and not just check the
winbind nexted groups parameter value).
* Have the top level rid allocator verify that the RID it is about to
grant is not already assigned in our own SAM (retries up to 250 times).
This fixes passdb with existing SIDs assigned to users from the RID algorithm
but not monotonically allocating the RIDs from passdb.
(This used to be commit db1162241f79c2af8afb7d8c26e8ed1c4a4b476f)
|
|
Guenther
(This used to be commit 3f195f8248c88ec8bf8ceb195575ce6bb49d7fc4)
|
|
client sends a NULL RPC_BUFFER*
(This used to be commit 69f816e9f885bdeb6e8c67222b6fdca76d9d1025)
|
|
in the switch statement which matched the schannel type
against the account type.
(This used to be commit 57c705ea63381ed9ab09145b4f57a736931fa6ca)
|
|
* Fix inverted logic check for machine accounts in get_md4pw()
(This used to be commit a36529535dcb5a262e7627b80fb62a31240dc8ad)
|
|
we now check wheter the sec_channel_type matches the trust account type.
Guenther
(This used to be commit c35eb449375d53ffa0815897e7723c203be1f732)
|
|
group IFF sid_to_gid(S-1-5-32-544) fails and 'winbind nested groups = yes'
* Add a SID domain to the group mapping enumeration passdb call
to fix the checks for local and builtin groups. The SID can be
NULL if you want the old semantics for internal maintenance.
I only updated the tdb group mapping code.
* remove any group mapping from the tdb that have a
gid of -1 for better consistency with pdb_ldap.c.
The fixes the problem with calling add_group_map() in
the tdb code for unmapped groups which might have had
a record present.
* Ensure that we distinguish between groups in the
BUILTIN and local machine domains via getgrnam()
Other wise BUILTIN\Administrators & SERVER\Administrators
would resolve to the same gid.
* Doesn't strip the global_sam_name() from groups in the
local machine's domain (this is required to work with
'winbind default domain' code)
Still todo.
* Fix fallback Administrators membership for root and domain Admins
if nested groups = no or winbindd is not running
* issues with "su - user -c 'groups'" command
* There are a few outstanding issues with BUILTIN\Users that
Windows apparently tends to assume. I worked around this
presently with a manual group mapping but I do not think
this is a good solution. So I'll probably add some similar
as I did for Administrators.
(This used to be commit 612979476aef62e8e8eef632fa6be7d30282bb83)
|
|
Jeremy.
(This used to be commit cd3ad3f1a6f622b4bad5cb21b132de4cc476e03f)
|
|
sink by ensuring all uses of rpcstr_push are consistent
with a size_t dest size arg.
Jeremy.
(This used to be commit f65d7afe1977d9d85046732842f9643716c15088)
|
|
the size of the data table. Clean up the struct a little.
Jeremy.
(This used to be commit 338538410d484a9358b60b05a86180275344ffa4)
|
|
Jeremy.
(This used to be commit 1fece52da4d667fa182aa9a87aaee3917860448b)
|
|
resources on error exit path.
Jeremy.
(This used to be commit f71aa3ab8fdfd08c1bec57b6506ead7c4af7299d)
|
|
resources on error exit path.
Jeremy.
(This used to be commit f1a5e5aefeeb78512c41cc8fc075b240696a3eb7)
|
|
resources on error exit path.
Jeremy.
(This used to be commit 1c0b4ed0acdb7fccb148d714796752fefc6dd78c)
|
|
Jeremy.
(This used to be commit d9e1d6fed099e7651807aa839a743fc7756ee326)
|
|
Jeremy.
(This used to be commit f458596b0edd958321c5d4061f034846348a3fe6)
|