summaryrefslogtreecommitdiff
path: root/source3/rpc_server
AgeCommit message (Collapse)AuthorFilesLines
2007-10-10r4871: BUG 603: patch by Daniel Beschorner <db@unit-netz.de>. Correct ↵Gerald Carter1-1/+4
access mask check for _samr_lookup_domain() to work with Windows RAS server (This used to be commit 2e7a5608ac6a11f4e9e8bda69abb984fb4f86eb8)
2007-10-10r4856: after testing a simple add printer script, i realized that you still ↵Gerald Carter2-21/+21
have to be root to send the message to all smbds that the config file has been updated (This used to be commit 6409de1a1ef34bb41c3efeebfabdf13be5e08613)
2007-10-10r4852: merge simo changes to srv_srvsvc_nt.c from trunkGerald Carter1-30/+13
that allows the add/change share command to create the directory passed in as an arguement and not require that it pre-exist. Also finish testing of SeDiskOperatorPrivilege via srvmgr.exe (This used to be commit 9af83a7d70324846e6a2660c73589ee68340b4aa)
2007-10-10r4849: * finish SeAddUsers support in srv_samr_nt.cGerald Carter1-100/+258
* define some const SE_PRIV structure for use when you need a SE_PRIV* to a privilege * fix an annoying compiler warngin in smbfilter.c * translate SIDs to names in 'net rpc rights list accounts' * fix a seg fault in cli_lsa_enum_account_rights caused by me forgetting the precedence of * vs. [] (This used to be commit d25fc84bc2b14da9fcc0f3c8d7baeca83f0ea708)
2007-10-10r4847: Hand over a acb_mask to pdb_setsampwent in load_sampwd_entries().Günther Deschner1-7/+13
This allows the ldap-backend to search much more effeciently. Machines will be searched in the ldap_machine_suffix and users in the ldap_users_suffix. (Note that we already use the ldap_group_suffix in ldapsam_setsamgrent for quite some time). Using the specific ldap-bases becomes notably important in large domains: On my testmachine "net rpc trustdom list" has to search through 40k accounts just to list 3 interdomain-trust-accounts, similiar effects show up the non-user query_dispinfo-calls, etc. Also renamed all_machines to only_machines in load_sampwd_entries() since that reflects better what is really meant. Guenther (This used to be commit 6394257cc721ca739bda0e320375f04506913533)
2007-10-10r4825: Printing changesGerald Carter2-45/+136
---------------- * bracket the add/delete/set printer scripts with checks for se_print_op * slight change to the add/set printer script semantics. smbd no longer relies on output from the script (on stdout) to re-read smb.conf * remove SIGHUP from set/add/delete printin script code and now just use MSG_SMB_CONF_UPDATED * bracket the add/delete/set share scripts with checks for se_print_op (this includes setting share ACLs) (This used to be commit 8ab8113d2e1bec6a1dbf464882ad724c7c591be4)
2007-10-10r4824: wrap the shutdown and abort_shutdown calls in check for the ↵Gerald Carter1-1/+24
SE_REMOTE_SHUTDOWN privilege (This used to be commit d11339b7e3b890b8e01744b6b309efaa7ad328e1)
2007-10-10r4822: fix return code when you ask for a non-privileged SID via one of the ↵Gerald Carter1-0/+3
privileges RPC calls (This used to be commit 3f4f2c80fd157796a7ba56f31f921e8a3ce46bc3)
2007-10-10r4805: Last planned change to the privileges infrastructure:Gerald Carter3-47/+72
* rewrote the tdb layout of privilege records in account_pol.tdb (allow for 128 bits instead of 32 bit flags) * migrated to using SE_PRIV structure instead of the PRIVILEGE_SET structure. The latter is now used for parsing routines mainly. Still need to incorporate some client support into 'net' so for setting privileges. And make use of the SeAddUserPrivilege right. (This used to be commit 41dc7f7573c6d637e19a01e7ed0e716ac0f1fb15)
2007-10-10r4746: add server support for lsa_enum_acct_rights(); last checkin for the nightGerald Carter2-4/+62
(This used to be commit ccdff4a998405544433aa32938963e4c37962fcc)
2007-10-10r4742: add server support for lsa_add/remove_account_rights() and fix some ↵Gerald Carter2-1/+172
parsing bugs related to that code (This used to be commit 7bf1312287cc1ec6b97917ba25fc60d6db09f26c)
2007-10-10r4740: allow SE_PRINT_OPERATORS to have printer admin accessGerald Carter1-2/+4
(This used to be commit 85731706c9d794e8bd3f26ce9b1f881c1ee6a3ba)
2007-10-10r4739: require membership in Domain Admins to be able to set privilegesGerald Carter1-0/+25
(This used to be commit e8b4cedc2081eeff53d86c2d894632e57a17926f)
2007-10-10r4736: small set of merges from rtunk to minimize the diffsGerald Carter1-2/+2
(This used to be commit 4b351f2fcc365a7b7f8c22b5139c299aa54c9458)
2007-10-10r4724: Add support for Windows privileges in Samba 3.0Gerald Carter3-181/+194
(based on Simo's code in trunk). Rewritten with the following changes: * privilege set is based on a 32-bit mask instead of strings (plans are to extend this to a 64 or 128-bit mask before the next 3.0.11preX release). * Remove the privilege code from the passdb API (replication to come later) * Only support the minimum amount of privileges that make sense. * Rewrite the domain join checks to use the SeMachineAccountPrivilege instead of the 'is a member of "Domain Admins"?' check that started all this. Still todo: * Utilize the SePrintOperatorPrivilege in addition to the 'printer admin' parameter * Utilize the SeAddUserPrivilege for adding users and groups * Fix some of the hard coded _lsa_*() calls * Start work on enough of SAM replication to get privileges from one Samba DC to another. * Come up with some management tool for manipultaing privileges instead of user manager since it is buggy when run on a 2k client (haven't tried xp). Works ok on NT4. (This used to be commit 77c10ff9aa6414a31eece6dfec00793f190a9d6c)
2007-10-10r4656: Convert the winreg pipe to use WERROR returns (as it should).Jeremy Allison1-45/+45
Also fix return of NT_STATUS_NO_MORE_ENTRIES should be ERROR_NO_MORE_ITEMS reported by "Marcin Porwit" <mporwit@centeris.com>. Jeremy. (This used to be commit 511cdec60d431d767fb02f68ca5ddd4ddb59e64a)
2007-10-10r4651: Add "refuse machine password change" policy field. This update will justJim McDonough1-1/+12
return the appropriate reg value. Enforcement to be added soon. Also, fix account policy tdb upgrade so it doesn't just wipe out everything that was in there from a a previous version. (This used to be commit ccae934cf9de4b234bac324b8d878c8ec7862f67)
2007-10-10r4646: Allow Account Lockout with Lockout Duration "forever" (until adminGünther Deschner1-3/+9
unlocks) to be set and displayed in User Manager. Guenther (This used to be commit 8fd7e26fa12a4102def630efa421fad70f3affb1)
2007-10-10r4579: small changes to allow the members og the Domain Admins group on the ↵Gerald Carter1-64/+134
Samba DC to join clients to the domain -- needs more testing and security review but does work with initial testing (This used to be commit 9ade9bf49c7125fb29658f943e9ebb6be9496180)
2007-10-10r4370: Don't assume the compiler supports declarations after statements.Jelmer Vernooij1-1/+1
(This used to be commit 7fa2caec5ec2de4c5e7359621745a65ca9df255c)
2007-10-10r4351: Vampire Logon-Hours. Update Logon-Hours only when they have changed.Günther Deschner1-2/+6
Guenther (This used to be commit 0930ad662770278cbe9fd4e3deaa523957b96697)
2007-10-10r4343: forgot to add info-level 8 to SAMR_UNKNOWN_2E as well.Günther Deschner1-0/+3
Guenther (This used to be commit 5e6ce9a6e3d62190da5427ed7b5e2f2ac22a0c34)
2007-10-10r4336: Apply some other samba4 SAMR idl that is just too obvious. Don't hardGünther Deschner1-3/+13
set the value "forcibly disconnect remote users from server when logon hours expire" to "no", instead take the value from our account-policy storage. Guenther (This used to be commit e3bd2a22a5cebc4adf6910d3ec31bc6fada8cd35)
2007-10-10r4331: Implement SAMR query_dom_info-call info-level 8 server- and client-side,Günther Deschner1-0/+3
based on samba4-idl. This saves us an enormous amount of totally unnecessary ldap-traffic when several hundreds of winbind-daemons query a Samba3 DC just to get the fake SAM-sequence-number (time(NULL)) by enumerating all users, all groups and all aliases when query-dom-info level 2 is used. Note that we apparently never get the sequence number right (we parse a uint32, although it's a uint64, at least in samba4 idl). For the time being, I would propose to stay with that behaviour. Guenther (This used to be commit f9ab15a986626581000d4b93961184c501f36b93)
2007-10-10r4222: Always compile before commit...Volker Lendecke1-1/+1
(This used to be commit 0f26ba5226fab5b86031a0df6fba16b8e6af6e7d)
2007-10-10r4219: Fix samba3 samr "idl"... According to samba4 idl samr_DomInfo2 contains aVolker Lendecke1-1/+1
comment string and not an unknown 12 byte structure... Found after abartlet's smbtorture extended this string to "Tortured by Samba4: Fri Nov 26 15:40:18 2004 CET" ;-)) Volker (This used to be commit b41d94d8186f66136918432cf32e9dcef5a8bd12)
2007-10-10r4184: Removed unused extern.Jeremy Allison1-1/+0
Jeremy. (This used to be commit 72e39041e9fbb7f252292182d56b1927a8133be0)
2007-10-10r4134: check the setprinter(3) based on the access permissions on the handle ↵Gerald Carter1-14/+11
and avoid the call to print_access_chaeck() (This used to be commit 426634df9c221fbe4f48b4ff9d1b4b8426a581f7)
2007-10-10r4088: Get medieval on our ass about malloc.... :-). Take control of all our ↵Jeremy Allison14-219/+211
allocation functions so we can funnel through some well known functions. Should help greatly with malloc checking. HEAD patch to follow. Jeremy. (This used to be commit 620f2e608f70ba92f032720c031283d295c5c06a)
2007-10-10r4083: consolidate printer searches to use find_service rather than for loopsGerald Carter1-16/+6
(This used to be commit 12440744ba36445186042c8c254785766cce5385)
2007-10-10r3929: Dead code elimination fix for bug #2075 from jason@ncac.gwu.edu.Jeremy Allison1-6/+1
Jeremy. (This used to be commit 9d367ac636d7d88cd4756531bd8412f8d6d16d14)
2007-10-10r3875: Allow to look up at least or own sid in _lsa_lookup_sids.Günther Deschner1-2/+2
This fixes Bugzilla #1076 and Exchange 5.5 SP4 can then be finally installed on NT4 in a samba-controlled domain. Guenther (This used to be commit bb191c1098dea06bf2cd89276c74e32279fbb3d4)
2007-10-10r3705: Nobody has commented, so I'll take this as an ack...Volker Lendecke2-64/+44
abartlet, I'd like to ask you to take a severe look at this! We have solved the problem to find the global groups a user is in twice: Once in auth_util.c and another time for the corresponding samr call. The attached patch unifies these and sends them through the passdb backend (new function pdb_enum_group_memberships). Thus it gives pdb_ldap.c the chance to further optimize the corresponding call if the samba and posix accounts are unified by issuing a specialized ldap query. The parameter to activate this ldapsam behaviour is ldapsam:trusted = yes Volker (This used to be commit b94838aff1a009f8d8c2c3efd48756a5b8f3f989)
2007-10-10r3566: Completely replace the queryuseraliases call. The previous ↵Volker Lendecke2-219/+35
implementation does not exactly match what you would expect. XP workstations during login actually do this, so we should better become a bit more correct. The LDAP query issued is not really fully optimal, but it is a lot faster and more correct than what was there before. The change in passdb.h makes it possible that queryuseraliases is done with a single ldap query. Volker (This used to be commit 2508d4ed1e16c268fc9f3676b0c6a122e070f93d)
2007-10-10r3069: add 'force printername' service parameter for people that want to ↵Gerald Carter1-14/+30
enforce printername == sharename for spoolss printing (This used to be commit d47b8a0b4f348171df35b3b0028ce7d99fab8af3)
2007-10-10r3066: BUG 1519: fix segfault caused by double free of a printerGerald Carter1-1/+0
(This used to be commit 3760464193c540e82f0ba4e61d1d3b96a9803aca)
2007-10-10r3065: BUG 1519 (more): apparently the server_name notify request is used to ↵Gerald Carter1-13/+4
fill in the title bar of the port monitor window and unless we get it right, you cannot open the printer properties from the port monitor window (This used to be commit fc691572c9ba5ae85c63db5202b7777efdbf7260)
2007-10-10r3049: fixing some calls in the printing code to stanard_sub_basic(); fix ↵Gerald Carter1-3/+3
standard_sub_snum() to use the current user's gid; add some (snum == -1) checks to standard_sub_advanced() (This used to be commit 8c3fd1908d201e9891878ff4c3259ed9690dff97)
2007-10-10r2955: fixing a segfault uncovered by the changes for BUG 1519Gerald Carter1-1/+2
(This used to be commit 1664395257eb2425246e200ebde4384aa54484a4)
2007-10-10r2918: BUG 1907: fix getprinterdriverdir_1(). have to make sure we don't ↵Gerald Carter1-2/+11
add unnecessary double slashes to the servername (This used to be commit 859599dbcaa9e39a7902cc959955fcea2dad334b)
2007-10-10r2868: Well, I'm not quite sure what I'm doing back in Samba 3.0, but anyway...Andrew Bartlett1-112/+41
I've been grumbling about under-efficient calls in SAMR, and finally got around to fixing some of them. We now call sys_getgroups() (which in turn calls initgroups(), until glibc 3.4 is released) to figure out a user's group membership. This is far, far more efficient than scanning all the groups looking for a match, and is still the 'posix way', just using an effiecient call. The seperate issue of 'who is in this group' remains, but this one has been biting some people. I need to talk to VL about how best to exersise nasty corner cases, but my initial tests hold strong. (The code is also much simpiler than before, which has to count for something :-) Andrew Bartlett (This used to be commit dc19f161698dab5b71d61fa2bacc7e7b8da5fbba)
2007-10-10r2865: Add static and remove unused functions that only cload the blame-gameAndrew Bartlett1-167/+3
in finding out who is causing the massive performance problems with large LDAP directories. Andrew Bartlett (This used to be commit f16ed2616a67c412bc9b78354a5faf673e64cf42)
2007-10-10r2821: Adding "Windows x64" as architecture string and driverdir "x64" for theGünther Deschner1-0/+1
64bit AMD platform. (This used to be "Windows AMD64" and "AMD64" in one of the release candidates of SP2 for Windows XP. AMD64 is obviously still supported but not documented.) Guenther (This used to be commit cc5892f0411b8eb5daebe746164a2cf21d3d4c68)
2007-10-10r2768: BUG 1519: save the hostname used in the open_printer_ex() for later ↵Gerald Carter1-113/+164
reuse when filling in the spolss replies (also gets rid of get_called_name() (This used to be commit 57db8ca91f52329c7f8985c04463b6b69015b0c4)
2007-10-10r2761: Print the decrypted, not encrypted key.Andrew Bartlett1-2/+2
Andrew Bartlett (This used to be commit 1833d0ab724d88411ebd79ac26f5642e7c8cfee3)
2007-10-10r2569: Patch from Rob Foehl <rwf@loonybin.net>:Gerald Carter1-12/+12
- fix typo in libads/ldap_printer.c:39, ads_find_printer_on_server() (originally libads-typo.patch) - fix leak in printing/nt_printing.c, is_printer_published() (originally is_printer_published-leak.patch) - fix double print_backend_init() calls, now only called from main() - restructuring in printing/nt_printing.c - replaced (un)publish_it() with ads-specific functions - moved common code to nt_printer_publish() - improved error handling in several places - added check_published_printers() in printing/nt_printing.c, to verify that each published printer is actually in the directory at startup - changed calling semantics of mod_a_printer, dump_a_printer, and update_driver_init to be more consistent with the rest of the api and reduce some copying (This used to be commit 50a5a3dbd02acb0d09133b6e42cc37d091ea901d)
2007-10-10r2481: Patch from Igor Belyi <sambauser@katehok.ac93.org>. Ensure pdbJeremy Allison1-8/+9
user is deleted first before deleting UNIX user (LDAP backend needs this ordering). Jeremy. (This used to be commit 2815b31e013e517a58027ba74f118209caf4d85f)
2007-10-10r2369: Fix from Richard Renard <rrenard@idealx.com> to fix usermgr and trust ↵Jeremy Allison1-1/+11
relationships. Jeremy. (This used to be commit b910e530027c19c4e505314a91ffcb72f20d8f09)
2007-10-10r2331: check password script code and example from trunkSimo Sorce1-2/+2
(This used to be commit f836be323a233f3a28cbaa04c532e83ea98ead89)
2007-10-10r2137: This is a patch I've been running at Hawker for a while.Andrew Bartlett1-19/+29
The purpose of this patch is to avoid changing the machine account password, when it has 'already been changed'. This occours in situations where the secure channel between the workstation and the DC breaks down, such as occoured in the MS04-11 security patch. This avoids LDAP replication load issues, due to the client changing the password repeatedly. We also now set the LM password to NULL explicitly, rather than the NT password value, as this is what we get out of a vampire, or when a long password is set (as XP seems to do these days). Andrew Bartlett (This used to be commit 1ad1317a815898b52b1803211ab7b502e331e782)