summaryrefslogtreecommitdiff
path: root/source3
AgeCommit message (Collapse)AuthorFilesLines
2007-10-10r4875: Fix for bugid #221, inspired by Mrinal Kalakrishnan <mail@mrinal.net>.Jeremy Allison1-13/+69
NT sometimes send garbage bytes in NT security descriptor linearizations when sending well-known sids. Cope with these. Jeremy. (This used to be commit 51b34bb536fdb18c99da1e151eba03ea634e0449)
2007-10-10r4874: add DOmain Admins (Full Control) to the default printer sd if we are a DCGerald Carter1-5/+24
(This used to be commit 8971a8544274a7f3643ae67be744d7dab181973d)
2007-10-10r4871: BUG 603: patch by Daniel Beschorner <db@unit-netz.de>. Correct ↵Gerald Carter1-1/+4
access mask check for _samr_lookup_domain() to work with Windows RAS server (This used to be commit 2e7a5608ac6a11f4e9e8bda69abb984fb4f86eb8)
2007-10-10r4870: Make multi-domain-mode in idmap_rid accessible from outside (can beGünther Deschner1-8/+20
compiled with -DIDMAP_RID_SUPPORT_TRUSTED_DOMAINS) as requested by Lars Mueller <lmuelle-at-suse.de>. Allow to map ID's for a local SAM and add some more debugging-information. Guenther (This used to be commit 4d8e7c9ff00417b2ebae0c5faccfe9c2c9c44f2e)
2007-10-10r4869: Display sam_user_info_7 in rpcclient.Günther Deschner1-1/+22
Guenther (This used to be commit 30e808ca07bec66d5ecd81cc8c86bb4a98874bc4)
2007-10-10r4868: Add "net rpc user RENAME"-command.Günther Deschner4-2/+190
Note that Samba3 does not yet support it server-side. Guenther (This used to be commit b2c8220931733593fd312fc25b6c73f440b4567a)
2007-10-10r4866: Add createdomgroup to rpcclient (needed to generate huge amounts ofGünther Deschner1-0/+52
groups when 'net rpc group add' is just to slow). Guenther (This used to be commit 88572efdea1bfd32478b33564a85485222731901)
2007-10-10r4864: Remove unused var.Jeremy Allison1-2/+2
Jeremy. (This used to be commit 9fd5d633e65e00a44ba0136ee91170edcecfae24)
2007-10-10r4860: fix silly limitation in ldapsam and tdbsam. Expand variables in the ↵Gerald Carter2-16/+27
profile path, logon home and logon script values (This used to be commit 504ea4ac68f47b71542a88b17cbb6b546e1cb881)
2007-10-10r4856: after testing a simple add printer script, i realized that you still ↵Gerald Carter2-21/+21
have to be root to send the message to all smbds that the config file has been updated (This used to be commit 6409de1a1ef34bb41c3efeebfabdf13be5e08613)
2007-10-10r4852: merge simo changes to srv_srvsvc_nt.c from trunkGerald Carter1-30/+13
that allows the add/change share command to create the directory passed in as an arguement and not require that it pre-exist. Also finish testing of SeDiskOperatorPrivilege via srvmgr.exe (This used to be commit 9af83a7d70324846e6a2660c73589ee68340b4aa)
2007-10-10r4851: Preleminary fix for ldapsam_enum_group_memberships whenGünther Deschner1-3/+3
ldapsam:trusted=True. Don't bail out when ldap-search returns pure posixgroups (w.o. samba group-mapping). This way those unix-memberships do not appear in user and nt user token. Volker, could you please look over that one? Guenther (This used to be commit 853a8b7f1c0b00b2e4433d1281f3c9bfcaf980a6)
2007-10-10r4850: Fix remaining pdb_setsampwent-calls.Günther Deschner1-3/+2
To get all entries use a 0 acb_mask. Guenther (This used to be commit bc729f8fd877236a503cc9df64138b2be2e1a91d)
2007-10-10r4849: * finish SeAddUsers support in srv_samr_nt.cGerald Carter6-159/+346
* define some const SE_PRIV structure for use when you need a SE_PRIV* to a privilege * fix an annoying compiler warngin in smbfilter.c * translate SIDs to names in 'net rpc rights list accounts' * fix a seg fault in cli_lsa_enum_account_rights caused by me forgetting the precedence of * vs. [] (This used to be commit d25fc84bc2b14da9fcc0f3c8d7baeca83f0ea708)
2007-10-10r4848: fix build; gd please check and make sure this is okGerald Carter1-1/+2
(This used to be commit f1d59c3a2693fe36b9abe9c1da4b703c5543f938)
2007-10-10r4847: Hand over a acb_mask to pdb_setsampwent in load_sampwd_entries().Günther Deschner11-33/+54
This allows the ldap-backend to search much more effeciently. Machines will be searched in the ldap_machine_suffix and users in the ldap_users_suffix. (Note that we already use the ldap_group_suffix in ldapsam_setsamgrent for quite some time). Using the specific ldap-bases becomes notably important in large domains: On my testmachine "net rpc trustdom list" has to search through 40k accounts just to list 3 interdomain-trust-accounts, similiar effects show up the non-user query_dispinfo-calls, etc. Also renamed all_machines to only_machines in load_sampwd_entries() since that reflects better what is really meant. Guenther (This used to be commit 6394257cc721ca739bda0e320375f04506913533)
2007-10-10r4840: * Add more generic root-dse inspection function to check for givenGünther Deschner3-58/+103
controls or extensions. * Check and remember if ldapsam's LDAP Server support paged results (in preparation of adding async paged-results to set|get|end-sampwent in ldapsam). Guenther (This used to be commit ced58bd8849cdef78513674dff1b1ec331945aa9)
2007-10-10r4839: Allow to set acb_mask in rpcclient's enumdomusers (for debugging).Günther Deschner1-2/+5
Guenther (This used to be commit 92851def70914af1aa501857c6346ca6ae6fc010)
2007-10-10r4830: Fix for problem noticed by Guy Harris <gharris@apple.com>, returnJeremy Allison1-2/+4
correct DOS/NT error code on transact named pipe on closed pipe handle. Jeremy. (This used to be commit 599c281464fa96725c3ee6dd3c5ee03ea81314ea)
2007-10-10r4827: add 'net rpc rights list accounts' & update help textGerald Carter1-15/+60
(This used to be commit 002ece931917e2952ed795939384764d14f93ce9)
2007-10-10r4825: Printing changesGerald Carter2-45/+136
---------------- * bracket the add/delete/set printer scripts with checks for se_print_op * slight change to the add/set printer script semantics. smbd no longer relies on output from the script (on stdout) to re-read smb.conf * remove SIGHUP from set/add/delete printin script code and now just use MSG_SMB_CONF_UPDATED * bracket the add/delete/set share scripts with checks for se_print_op (this includes setting share ACLs) (This used to be commit 8ab8113d2e1bec6a1dbf464882ad724c7c591be4)
2007-10-10r4824: wrap the shutdown and abort_shutdown calls in check for the ↵Gerald Carter1-1/+24
SE_REMOTE_SHUTDOWN privilege (This used to be commit d11339b7e3b890b8e01744b6b309efaa7ad328e1)
2007-10-10r4823: remove -O1 from --with-developerGerald Carter1-1/+1
(This used to be commit a1fb1cb019804446a093d7d0d7b1952cc538f9cc)
2007-10-10r4822: fix return code when you ask for a non-privileged SID via one of the ↵Gerald Carter2-0/+12
privileges RPC calls (This used to be commit 3f4f2c80fd157796a7ba56f31f921e8a3ce46bc3)
2007-10-10r4821: finish off 'net rpc rights [list|grant|revoke]'Gerald Carter4-45/+271
one small todo item is to add a 'accounts' sub option to 'net rpc list' so enumerate all privileged SIDs and their associated rights. (This used to be commit bf4385c79a0ce2e4983ffa11d39367dbf1d4dcfd)
2007-10-10r4820: add beginnings of 'net rpc rights' for managing privilege assignmentsGerald Carter4-8/+134
(This used to be commit 164f94e52929330bd638f19bcf3bfce50303269e)
2007-10-10r4809: * include SeDiskOperatorPrivilege and SeRemoteShutdownPrivilegeGerald Carter3-88/+36
(noty enfornced yet though) * add 'enable privileges (off by default) to control whether or not any privuleges can be assigned to SIDs (This used to be commit cf63519169d2f3c56a6acf46b9257f4c11d5ea74)
2007-10-10r4805: Last planned change to the privileges infrastructure:Gerald Carter9-194/+406
* rewrote the tdb layout of privilege records in account_pol.tdb (allow for 128 bits instead of 32 bit flags) * migrated to using SE_PRIV structure instead of the PRIVILEGE_SET structure. The latter is now used for parsing routines mainly. Still need to incorporate some client support into 'net' so for setting privileges. And make use of the SeAddUserPrivilege right. (This used to be commit 41dc7f7573c6d637e19a01e7ed0e716ac0f1fb15)
2007-10-10r4802: Don't try to update a column with the name "NULL"Jelmer Vernooij1-1/+7
(This used to be commit ed38e6026494a2b58c70cc175c6e210bea454e5c)
2007-10-10r4788: Don't log mysql password at debug level 1.Jelmer Vernooij1-2/+1
(This used to be commit 760455875f78a29c3fedd7de3671d6ae537c1d1a)
2007-10-10r4760: Make wbinfo --user-sids expand domain local groups. Andrew B., my testingVolker Lendecke6-0/+206
shows that this info is correctly returned to us in to info3 struct, so check_info3_in_group does not need to be adapted. Volker (This used to be commit a84e778cafcefdc1809474c2123e757c8c9d9b70)
2007-10-10r4751: This is a domain policy, not a user oneVolker Lendecke1-2/+2
(This used to be commit a24df21e66aeafb15e22f9ed4df7d9dded3e3b52)
2007-10-10r4750: Fix cli_samr_queryuseraliases. There can be more than one sid, thus ↵Volker Lendecke1-2/+10
more than one pointer... Volker (This used to be commit f2f08b64a53f6efd3154ff2656ecacc86872a18c)
2007-10-10r4749: Fix memleakVolker Lendecke1-0/+2
(This used to be commit a8aab6de7516b70cae6c096883874fa152777b13)
2007-10-10r4746: add server support for lsa_enum_acct_rights(); last checkin for the nightGerald Carter5-19/+105
(This used to be commit ccdff4a998405544433aa32938963e4c37962fcc)
2007-10-10r4742: add server support for lsa_add/remove_account_rights() and fix some ↵Gerald Carter5-18/+247
parsing bugs related to that code (This used to be commit 7bf1312287cc1ec6b97917ba25fc60d6db09f26c)
2007-10-10r4740: allow SE_PRINT_OPERATORS to have printer admin accessGerald Carter2-5/+18
(This used to be commit 85731706c9d794e8bd3f26ce9b1f881c1ee6a3ba)
2007-10-10r4739: require membership in Domain Admins to be able to set privilegesGerald Carter1-0/+25
(This used to be commit e8b4cedc2081eeff53d86c2d894632e57a17926f)
2007-10-10r4738: Fix for bug #2238 - memory leak in shadow copy vfs.Jeremy Allison1-0/+1
Jeremy. (This used to be commit fb7f1aff7c96e4672641f80b74a058abf25d0d6d)
2007-10-10r4736: small set of merges from rtunk to minimize the diffsGerald Carter10-24/+112
(This used to be commit 4b351f2fcc365a7b7f8c22b5139c299aa54c9458)
2007-10-10r4732: Even if we have 'password server' set, we need to look up the native ↵Volker Lendecke1-0/+6
DC name via netbios, as the user might have set an IP address or a fqdn. Volker (This used to be commit 61466f38429ba67ace3e84c870a0f913f64d122c)
2007-10-10r4731: Fix the buildVolker Lendecke1-1/+2
(This used to be commit 340d7f317332f159460d04db8ccc75116c83d234)
2007-10-10r4724: Add support for Windows privileges in Samba 3.0Gerald Carter18-825/+937
(based on Simo's code in trunk). Rewritten with the following changes: * privilege set is based on a 32-bit mask instead of strings (plans are to extend this to a 64 or 128-bit mask before the next 3.0.11preX release). * Remove the privilege code from the passdb API (replication to come later) * Only support the minimum amount of privileges that make sense. * Rewrite the domain join checks to use the SeMachineAccountPrivilege instead of the 'is a member of "Domain Admins"?' check that started all this. Still todo: * Utilize the SePrintOperatorPrivilege in addition to the 'printer admin' parameter * Utilize the SeAddUserPrivilege for adding users and groups * Fix some of the hard coded _lsa_*() calls * Start work on enough of SAM replication to get privileges from one Samba DC to another. * Come up with some management tool for manipultaing privileges instead of user manager since it is buggy when run on a 2k client (haven't tried xp). Works ok on NT4. (This used to be commit 77c10ff9aa6414a31eece6dfec00793f190a9d6c)
2007-10-10r4704: Fix encoding while receiving of a message which was actually sent ↵Alexander Bokovoy1-4/+4
using STR_ASCII. Patch from Grigory Batalov <bga@altlinux.org> (This used to be commit dddd5726462c13374788713ad5ddcbdf9ee7b439)
2007-10-10r4697: Fix for bug #2231 inspired by brad.ellis@its.monash.edu.au.Jeremy Allison1-3/+3
Remove double "\\" from findfirst. Jeremy. (This used to be commit 88a89b31059ac21e09d283f8795cd6ea88c4315c)
2007-10-10r4668: allow the caller to invoke init_unistr2() with a NULL buffer to match ↵Gerald Carter1-0/+8
previous behavior; more checks to come tomorrow (This used to be commit 9a29bef056f92ef6f1df01f56c121088f84be16b)
2007-10-10r4665: Fix inspired by posting from Joe Meadows <jameadows@webopolis.com>.Jeremy Allison2-13/+10
Make all LDAP timeouts consistent. Jeremy. (This used to be commit 0f0281c2348b10ffdea744ecade6b2be0814c872)
2007-10-10r4662: Fix from "Jerome Borsboom" <j.borsboom@erasmusmc.nl> to fixJeremy Allison1-0/+1
missing release reference for printer tdb. Jeremy. (This used to be commit 5942bb7737fe8efc452d59cda0d6e35e309c97b7)
2007-10-10r4656: Convert the winreg pipe to use WERROR returns (as it should).Jeremy Allison6-99/+99
Also fix return of NT_STATUS_NO_MORE_ENTRIES should be ERROR_NO_MORE_ITEMS reported by "Marcin Porwit" <mporwit@centeris.com>. Jeremy. (This used to be commit 511cdec60d431d767fb02f68ca5ddd4ddb59e64a)
2007-10-10r4651: Add "refuse machine password change" policy field. This update will justJim McDonough3-16/+65
return the appropriate reg value. Enforcement to be added soon. Also, fix account policy tdb upgrade so it doesn't just wipe out everything that was in there from a a previous version. (This used to be commit ccae934cf9de4b234bac324b8d878c8ec7862f67)
generated by cgit (git 2.34.1) at 2024-09-19 17:35:25 +0000