summaryrefslogtreecommitdiff
path: root/source3
AgeCommit message (Collapse)AuthorFilesLines
2007-10-10r5015: (based on abartlet's original patch to restrict password changes)Gerald Carter4-342/+486
* added SE_PRIV checks to access_check_samr_object() in order to deal with the run-time security descriptor and their interaction with user rights * Reordered original patch in _samr_set_userinfo[2] to still allow root/administrative password changes for users and machines. (This used to be commit f9f9e6039bd9443d54445e41c3783a2be18925fb)
2007-10-10r5014: Split out the request to send an async level II oplock break into aJeremy Allison2-18/+59
new function to make it clear when it's called. Remove async parameter that had been overloaded into request_oplock_break. Inspired by work from Nadav Danieli <nadavd@exanet.com>. Jeremy. (This used to be commit 05697fb50236dfc28e81f8b3900eac17cace57c1)
2007-10-10r5012: fix segfault caused by using a ipp_t * after calling cupsDoRequest()Gerald Carter1-0/+2
(This used to be commit 0ac3c4c5a231c314213dbce29e25911ddb04de2d)
2007-10-10r5002: Ensure we can't remove a level II oplock without having theJeremy Allison1-17/+19
shared memory area locked. This need to be in 3.0.11. Pointed out by Nadav Danieli <nadavd@exanet.com>. Jeremy. (This used to be commit 47ed16aefbdcb6257101c6b78c93eeb7cf048185)
2007-10-10r4996: sync up copytights with trunkGerald Carter1-0/+1
(This used to be commit 8946efe102f7a8a9b5a8059a80666b782159e7b8)
2007-10-10r4995: fail set_privileges() if 'enable privileges = no' to prevent confused ↵Gerald Carter1-0/+3
admins who never read what I write :-) (This used to be commit 1d7a636e0e7f8a0bc3d3ae04b40f79db7f08d619)
2007-10-10r4994: Patch from abartlet:Günther Deschner1-13/+26
When migrating account policies to ldapsam, handle the fact that an admin might have changed the default location of the sambaDomain-object after installation. Guenther (This used to be commit 78c3c7127444b8f9959f4d6ce9e540271869d70f)
2007-10-10r4989: Display failed LDAP-server-uri.Günther Deschner1-1/+2
Guenther (This used to be commit d433c7b476005064b9cfd339bbd8a25b40de59c1)
2007-10-10r4988: After speaking with Jerry, remove old lp_admin_users toGünther Deschner1-14/+0
administrator-sid mapping completely. Guenther (This used to be commit 4cbe37ecd544b01c57c7fce5b3be28669f4ba6c3)
2007-10-10r4976: Try to scare people off from trying to write authentication modulesAndrew Bartlett1-0/+4
that only acheive as much as 'security=server' does. Andrew Bartlett (This used to be commit fb694f2b1a809d221f48f9b9b0e54e9512325bae)
2007-10-10r4972: Fix a warning and some debugging-outputs.Günther Deschner5-8/+8
Guenther (This used to be commit 1eabfa050b661168b42892c2d841c7891e59cf5f)
2007-10-10r4970: Fix for bug 2092, allowing fallback after kerberos and allowJeremy Allison4-4/+23
gnome vfs to prevent auto-anonymous logon. Jeremy. (This used to be commit 843e85bcd978d025964c4d45d9a3886c7cf7f63c)
2007-10-10r4967: Not being in any domain local groups is obviously valid...Volker Lendecke1-1/+1
Volker (This used to be commit 78975ab9a996ac61be37410f18ddedb9df58d04b)
2007-10-10r4966: don't enumerate the drivers for the same architecture string more ↵Gerald Carter1-0/+12
than once (This used to be commit c488ce9934aaf640c3f63cbdabc3110b8cf70fae)
2007-10-10r4964: Fix our lsa lookupsid $OURDOMAINSID-500.Günther Deschner1-14/+15
Give the admin-user (rid 500) a chance to be found in passdb, not returning the (possibly obscure) first entry of "admin users" before that. Guenther (This used to be commit d319c0e189bc67a4552dafaff80113603b551eb3)
2007-10-10r4963: It is actually a very bad idea to use KRB5_CONFIG in theGünther Deschner1-7/+7
configure-checks (At least Heimdal uses KRB5_CONFIG for locating it's configuration-file (usually /etc/krb5.conf)). Renaming it to KRB5CONFIG prevents configure-checks that use heimdal-libs from segfaulting while the lib reads the krb5-config binary as a configuration file... Vendors that used the KRB5_CONFIG-variable to let configure find a custom krb5-config binary have to use KRB5CONFIG now. Guenther (This used to be commit 95edb3c67f330afd8dbb8268f3f8ecaf1732c238)
2007-10-10r4946: Our notion the other_sids in the info3 SamLogon struct wasVolker Lendecke2-14/+34
...hmmm... completely bogus. This does not affect us as a domain controller, as we never set other_sids, but I have *no* idea how winbind got away with it. Please review thoroughly, samba4 idl looks closer to reality here. Test case: Member of w2k3 domain, authenticate as a user who is member of one or more domain local groups. Easiest review with 'client schannel = no'. Thanks, Volker (This used to be commit a0a6388830d9457de3e42686c64bddeba42954f8)
2007-10-10r4933: List not only the first 10 trusts with rpcclient -c enumtrust.Volker Lendecke1-16/+22
Volker (This used to be commit 9ca6cfcf1e4a905d47429a6dc18e2bd7ad5fe1e3)
2007-10-10r4932: Forgot to increase version with the account-policy-commit.Günther Deschner1-1/+1
Guenther (This used to be commit 42e380303ddce890f313c221a766dc1e1ee972fb)
2007-10-10r4931: Add get_user_info_7 in SAMR. This just gives out the username. (InGünther Deschner1-0/+42
preparation of adding the ability of renaming users via setuserinfo level 7). Guenther (This used to be commit 6f34ed6c203fa11182640da97581075612d26c0e)
2007-10-10r4926: Use LDAP_SCOPE_ONELEVEL instead of OpenLDAP's LDAP_SCOPE_ONE-scope.Günther Deschner1-2/+2
Guenther (This used to be commit eee0bd806b4fd4558f9c48c09f7e85274e2b807f)
2007-10-10r4925: Migrate Account Policies to passdb (esp. replicating ldapsam).Günther Deschner14-171/+840
Does automated migration from account_policy.tdb v1 and v2 and offers a pdbedit-Migration interface. Jerry, please feel free to revert that if you have other plans. Guenther (This used to be commit 75af83dfcd8ef365b4b1180453060ae5176389f5)
2007-10-10r4921: Typo.Jeremy Allison1-2/+2
(This used to be commit 033105376ef4ed7d31ef7cab2442719ed57d29b9)
2007-10-10r4917: Merge some of Derrell.Lipman@UnwiredUniverse.com obvious fixes.Jeremy Allison4-7/+17
Added text explaining units in pdbedit time fields. Jeremy. (This used to be commit 3d09c15d8f06ad06fae362291a6c986f7b6107e6)
2007-10-10r4907: remove unreached codeGerald Carter1-1/+0
(This used to be commit 15fd4a05ec2439f41591ee8a1c30021d9a34371b)
2007-10-10r4905: patch from abartlet to remove storing the auth-user credentials from ↵Gerald Carter1-4/+0
the cli* in cm_prepare_connection(). using credentials from a domain other thanour primary domain will cause the schannel setup to fail (This used to be commit a13e29b5f2f1e48225b5b5964bc0777948f16622)
2007-10-10r4902: please note that cupsDoRequest() deletes the request* so don't call ↵Gerald Carter1-32/+2
ippDelete(request) *ever* (This used to be commit f65598b3b0dc99900d547eb67473cca5d371614f)
2007-10-10r4882: Fix for #2255. Debug should have been 10 not 0.Jeremy Allison1-1/+1
Jeremy. (This used to be commit 5557e1409a9a22759ca3bea021d4a662099e683a)
2007-10-10r4881: Varient of Lar's patch for #2270. Jerry promises to test :-).Jeremy Allison1-258/+274
Jeremy. (This used to be commit 2afe2a16c92bb2500854b8e288c1d7704ede704a)
2007-10-10r4879: Fix rewinddir -> rewind_dir. Noticed by James Peach.Jeremy Allison1-2/+2
Jeremy (This used to be commit 79f54d12759f9161dc5837a090391cd0cf6471f5)
2007-10-10r4877: When vampiring account policy AP_LOCK_ACCOUNT_DURATION honour "LockoutGünther Deschner1-1/+4
Duration: Forever". Guenther (This used to be commit aecacf4d9cc5e2aa69b358292b9d591ade696500)
2007-10-10r4875: Fix for bugid #221, inspired by Mrinal Kalakrishnan <mail@mrinal.net>.Jeremy Allison1-13/+69
NT sometimes send garbage bytes in NT security descriptor linearizations when sending well-known sids. Cope with these. Jeremy. (This used to be commit 51b34bb536fdb18c99da1e151eba03ea634e0449)
2007-10-10r4874: add DOmain Admins (Full Control) to the default printer sd if we are a DCGerald Carter1-5/+24
(This used to be commit 8971a8544274a7f3643ae67be744d7dab181973d)
2007-10-10r4871: BUG 603: patch by Daniel Beschorner <db@unit-netz.de>. Correct ↵Gerald Carter1-1/+4
access mask check for _samr_lookup_domain() to work with Windows RAS server (This used to be commit 2e7a5608ac6a11f4e9e8bda69abb984fb4f86eb8)
2007-10-10r4870: Make multi-domain-mode in idmap_rid accessible from outside (can beGünther Deschner1-8/+20
compiled with -DIDMAP_RID_SUPPORT_TRUSTED_DOMAINS) as requested by Lars Mueller <lmuelle-at-suse.de>. Allow to map ID's for a local SAM and add some more debugging-information. Guenther (This used to be commit 4d8e7c9ff00417b2ebae0c5faccfe9c2c9c44f2e)
2007-10-10r4869: Display sam_user_info_7 in rpcclient.Günther Deschner1-1/+22
Guenther (This used to be commit 30e808ca07bec66d5ecd81cc8c86bb4a98874bc4)
2007-10-10r4868: Add "net rpc user RENAME"-command.Günther Deschner4-2/+190
Note that Samba3 does not yet support it server-side. Guenther (This used to be commit b2c8220931733593fd312fc25b6c73f440b4567a)
2007-10-10r4866: Add createdomgroup to rpcclient (needed to generate huge amounts ofGünther Deschner1-0/+52
groups when 'net rpc group add' is just to slow). Guenther (This used to be commit 88572efdea1bfd32478b33564a85485222731901)
2007-10-10r4864: Remove unused var.Jeremy Allison1-2/+2
Jeremy. (This used to be commit 9fd5d633e65e00a44ba0136ee91170edcecfae24)
2007-10-10r4860: fix silly limitation in ldapsam and tdbsam. Expand variables in the ↵Gerald Carter2-16/+27
profile path, logon home and logon script values (This used to be commit 504ea4ac68f47b71542a88b17cbb6b546e1cb881)
2007-10-10r4856: after testing a simple add printer script, i realized that you still ↵Gerald Carter2-21/+21
have to be root to send the message to all smbds that the config file has been updated (This used to be commit 6409de1a1ef34bb41c3efeebfabdf13be5e08613)
2007-10-10r4852: merge simo changes to srv_srvsvc_nt.c from trunkGerald Carter1-30/+13
that allows the add/change share command to create the directory passed in as an arguement and not require that it pre-exist. Also finish testing of SeDiskOperatorPrivilege via srvmgr.exe (This used to be commit 9af83a7d70324846e6a2660c73589ee68340b4aa)
2007-10-10r4851: Preleminary fix for ldapsam_enum_group_memberships whenGünther Deschner1-3/+3
ldapsam:trusted=True. Don't bail out when ldap-search returns pure posixgroups (w.o. samba group-mapping). This way those unix-memberships do not appear in user and nt user token. Volker, could you please look over that one? Guenther (This used to be commit 853a8b7f1c0b00b2e4433d1281f3c9bfcaf980a6)
2007-10-10r4850: Fix remaining pdb_setsampwent-calls.Günther Deschner1-3/+2
To get all entries use a 0 acb_mask. Guenther (This used to be commit bc729f8fd877236a503cc9df64138b2be2e1a91d)
2007-10-10r4849: * finish SeAddUsers support in srv_samr_nt.cGerald Carter6-159/+346
* define some const SE_PRIV structure for use when you need a SE_PRIV* to a privilege * fix an annoying compiler warngin in smbfilter.c * translate SIDs to names in 'net rpc rights list accounts' * fix a seg fault in cli_lsa_enum_account_rights caused by me forgetting the precedence of * vs. [] (This used to be commit d25fc84bc2b14da9fcc0f3c8d7baeca83f0ea708)
2007-10-10r4848: fix build; gd please check and make sure this is okGerald Carter1-1/+2
(This used to be commit f1d59c3a2693fe36b9abe9c1da4b703c5543f938)
2007-10-10r4847: Hand over a acb_mask to pdb_setsampwent in load_sampwd_entries().Günther Deschner11-33/+54
This allows the ldap-backend to search much more effeciently. Machines will be searched in the ldap_machine_suffix and users in the ldap_users_suffix. (Note that we already use the ldap_group_suffix in ldapsam_setsamgrent for quite some time). Using the specific ldap-bases becomes notably important in large domains: On my testmachine "net rpc trustdom list" has to search through 40k accounts just to list 3 interdomain-trust-accounts, similiar effects show up the non-user query_dispinfo-calls, etc. Also renamed all_machines to only_machines in load_sampwd_entries() since that reflects better what is really meant. Guenther (This used to be commit 6394257cc721ca739bda0e320375f04506913533)
2007-10-10r4840: * Add more generic root-dse inspection function to check for givenGünther Deschner3-58/+103
controls or extensions. * Check and remember if ldapsam's LDAP Server support paged results (in preparation of adding async paged-results to set|get|end-sampwent in ldapsam). Guenther (This used to be commit ced58bd8849cdef78513674dff1b1ec331945aa9)
2007-10-10r4839: Allow to set acb_mask in rpcclient's enumdomusers (for debugging).Günther Deschner1-2/+5
Guenther (This used to be commit 92851def70914af1aa501857c6346ca6ae6fc010)
2007-10-10r4830: Fix for problem noticed by Guy Harris <gharris@apple.com>, returnJeremy Allison1-2/+4
correct DOS/NT error code on transact named pipe on closed pipe handle. Jeremy. (This used to be commit 599c281464fa96725c3ee6dd3c5ee03ea81314ea)
generated by cgit (git 2.34.1) at 2024-07-31 23:28:53 +0000