summaryrefslogtreecommitdiff
path: root/source3
AgeCommit message (Collapse)AuthorFilesLines
2007-10-10r5058: Due to the fragileness how windows reacts on unmapped sids sometimes,Günther Deschner1-0/+6
don't leave administator-sid unmapped. Simply return "Administrator" Guenther (This used to be commit 168ddf31d1af49d52d17dd09c9653d3deafb9442)
2007-10-10r5056: * correct STANDARD_RIGHTS_WRITE_ACCESS bitmask defineGerald Carter5-13/+26
* make sure to apply the rights_mask and not just the saved bits from the mask in access_check_samr_object() * allow root to grant/revoke privileges (in addition to Domain Admins) as suggested by Volker. Tested machine joins from XP, 2K, and NT4 with and without pre-existing machine trust accounts. Also tested basic file operations using cmd.exe and explorer.exe after changing the STANDARD_RIGHTS_WRITE_ACCESS bitmask. (This used to be commit c0e7f7ff60a4110809b8f500fdc68a1bf963da36)
2007-10-10r5046: mark 'winbind enable local accounts' and testprns as depcrecatedGerald Carter2-1/+4
(This used to be commit 17bc42b4c2e21004adaeac78db6231a384fda16c)
2007-10-10r5029: after talking to Rob, ensure that we set the NETIOSNAME.domainnameGerald Carter1-1/+10
as the longname in the published printer information since this is what we will have used when we joined the domain. More testing on this tomorrow. (This used to be commit d64fd1116d5fe29807be29c73809317f88fdb033)
2007-10-10r5028: * check acb_info mask in _samr_create_user instead of the last characterGerald Carter1-36/+21
of the user name * fix some access_mask checks in _samr_set_userinfo2 (getting join from XP without being a member of domain admins working) (This used to be commit 04030534ffd35f8ebc997d9403fd87309403dcbf)
2007-10-10r5020: bumping the 3.0 tree to 3.0.12pre1 since there will not be a full ↵Gerald Carter1-2/+2
sync for the 3.0.11rc1 release (This used to be commit c0e292e491c684b8ce19096e55338a27161c0a49)
2007-10-10r5015: (based on abartlet's original patch to restrict password changes)Gerald Carter4-342/+486
* added SE_PRIV checks to access_check_samr_object() in order to deal with the run-time security descriptor and their interaction with user rights * Reordered original patch in _samr_set_userinfo[2] to still allow root/administrative password changes for users and machines. (This used to be commit f9f9e6039bd9443d54445e41c3783a2be18925fb)
2007-10-10r5014: Split out the request to send an async level II oplock break into aJeremy Allison2-18/+59
new function to make it clear when it's called. Remove async parameter that had been overloaded into request_oplock_break. Inspired by work from Nadav Danieli <nadavd@exanet.com>. Jeremy. (This used to be commit 05697fb50236dfc28e81f8b3900eac17cace57c1)
2007-10-10r5012: fix segfault caused by using a ipp_t * after calling cupsDoRequest()Gerald Carter1-0/+2
(This used to be commit 0ac3c4c5a231c314213dbce29e25911ddb04de2d)
2007-10-10r5002: Ensure we can't remove a level II oplock without having theJeremy Allison1-17/+19
shared memory area locked. This need to be in 3.0.11. Pointed out by Nadav Danieli <nadavd@exanet.com>. Jeremy. (This used to be commit 47ed16aefbdcb6257101c6b78c93eeb7cf048185)
2007-10-10r4996: sync up copytights with trunkGerald Carter1-0/+1
(This used to be commit 8946efe102f7a8a9b5a8059a80666b782159e7b8)
2007-10-10r4995: fail set_privileges() if 'enable privileges = no' to prevent confused ↵Gerald Carter1-0/+3
admins who never read what I write :-) (This used to be commit 1d7a636e0e7f8a0bc3d3ae04b40f79db7f08d619)
2007-10-10r4994: Patch from abartlet:Günther Deschner1-13/+26
When migrating account policies to ldapsam, handle the fact that an admin might have changed the default location of the sambaDomain-object after installation. Guenther (This used to be commit 78c3c7127444b8f9959f4d6ce9e540271869d70f)
2007-10-10r4989: Display failed LDAP-server-uri.Günther Deschner1-1/+2
Guenther (This used to be commit d433c7b476005064b9cfd339bbd8a25b40de59c1)
2007-10-10r4988: After speaking with Jerry, remove old lp_admin_users toGünther Deschner1-14/+0
administrator-sid mapping completely. Guenther (This used to be commit 4cbe37ecd544b01c57c7fce5b3be28669f4ba6c3)
2007-10-10r4976: Try to scare people off from trying to write authentication modulesAndrew Bartlett1-0/+4
that only acheive as much as 'security=server' does. Andrew Bartlett (This used to be commit fb694f2b1a809d221f48f9b9b0e54e9512325bae)
2007-10-10r4972: Fix a warning and some debugging-outputs.Günther Deschner5-8/+8
Guenther (This used to be commit 1eabfa050b661168b42892c2d841c7891e59cf5f)
2007-10-10r4970: Fix for bug 2092, allowing fallback after kerberos and allowJeremy Allison4-4/+23
gnome vfs to prevent auto-anonymous logon. Jeremy. (This used to be commit 843e85bcd978d025964c4d45d9a3886c7cf7f63c)
2007-10-10r4967: Not being in any domain local groups is obviously valid...Volker Lendecke1-1/+1
Volker (This used to be commit 78975ab9a996ac61be37410f18ddedb9df58d04b)
2007-10-10r4966: don't enumerate the drivers for the same architecture string more ↵Gerald Carter1-0/+12
than once (This used to be commit c488ce9934aaf640c3f63cbdabc3110b8cf70fae)
2007-10-10r4964: Fix our lsa lookupsid $OURDOMAINSID-500.Günther Deschner1-14/+15
Give the admin-user (rid 500) a chance to be found in passdb, not returning the (possibly obscure) first entry of "admin users" before that. Guenther (This used to be commit d319c0e189bc67a4552dafaff80113603b551eb3)
2007-10-10r4963: It is actually a very bad idea to use KRB5_CONFIG in theGünther Deschner1-7/+7
configure-checks (At least Heimdal uses KRB5_CONFIG for locating it's configuration-file (usually /etc/krb5.conf)). Renaming it to KRB5CONFIG prevents configure-checks that use heimdal-libs from segfaulting while the lib reads the krb5-config binary as a configuration file... Vendors that used the KRB5_CONFIG-variable to let configure find a custom krb5-config binary have to use KRB5CONFIG now. Guenther (This used to be commit 95edb3c67f330afd8dbb8268f3f8ecaf1732c238)
2007-10-10r4946: Our notion the other_sids in the info3 SamLogon struct wasVolker Lendecke2-14/+34
...hmmm... completely bogus. This does not affect us as a domain controller, as we never set other_sids, but I have *no* idea how winbind got away with it. Please review thoroughly, samba4 idl looks closer to reality here. Test case: Member of w2k3 domain, authenticate as a user who is member of one or more domain local groups. Easiest review with 'client schannel = no'. Thanks, Volker (This used to be commit a0a6388830d9457de3e42686c64bddeba42954f8)
2007-10-10r4933: List not only the first 10 trusts with rpcclient -c enumtrust.Volker Lendecke1-16/+22
Volker (This used to be commit 9ca6cfcf1e4a905d47429a6dc18e2bd7ad5fe1e3)
2007-10-10r4932: Forgot to increase version with the account-policy-commit.Günther Deschner1-1/+1
Guenther (This used to be commit 42e380303ddce890f313c221a766dc1e1ee972fb)
2007-10-10r4931: Add get_user_info_7 in SAMR. This just gives out the username. (InGünther Deschner1-0/+42
preparation of adding the ability of renaming users via setuserinfo level 7). Guenther (This used to be commit 6f34ed6c203fa11182640da97581075612d26c0e)
2007-10-10r4926: Use LDAP_SCOPE_ONELEVEL instead of OpenLDAP's LDAP_SCOPE_ONE-scope.Günther Deschner1-2/+2
Guenther (This used to be commit eee0bd806b4fd4558f9c48c09f7e85274e2b807f)
2007-10-10r4925: Migrate Account Policies to passdb (esp. replicating ldapsam).Günther Deschner14-171/+840
Does automated migration from account_policy.tdb v1 and v2 and offers a pdbedit-Migration interface. Jerry, please feel free to revert that if you have other plans. Guenther (This used to be commit 75af83dfcd8ef365b4b1180453060ae5176389f5)
2007-10-10r4921: Typo.Jeremy Allison1-2/+2
(This used to be commit 033105376ef4ed7d31ef7cab2442719ed57d29b9)
2007-10-10r4917: Merge some of Derrell.Lipman@UnwiredUniverse.com obvious fixes.Jeremy Allison4-7/+17
Added text explaining units in pdbedit time fields. Jeremy. (This used to be commit 3d09c15d8f06ad06fae362291a6c986f7b6107e6)
2007-10-10r4907: remove unreached codeGerald Carter1-1/+0
(This used to be commit 15fd4a05ec2439f41591ee8a1c30021d9a34371b)
2007-10-10r4905: patch from abartlet to remove storing the auth-user credentials from ↵Gerald Carter1-4/+0
the cli* in cm_prepare_connection(). using credentials from a domain other thanour primary domain will cause the schannel setup to fail (This used to be commit a13e29b5f2f1e48225b5b5964bc0777948f16622)
2007-10-10r4902: please note that cupsDoRequest() deletes the request* so don't call ↵Gerald Carter1-32/+2
ippDelete(request) *ever* (This used to be commit f65598b3b0dc99900d547eb67473cca5d371614f)
2007-10-10r4882: Fix for #2255. Debug should have been 10 not 0.Jeremy Allison1-1/+1
Jeremy. (This used to be commit 5557e1409a9a22759ca3bea021d4a662099e683a)
2007-10-10r4881: Varient of Lar's patch for #2270. Jerry promises to test :-).Jeremy Allison1-258/+274
Jeremy. (This used to be commit 2afe2a16c92bb2500854b8e288c1d7704ede704a)
2007-10-10r4879: Fix rewinddir -> rewind_dir. Noticed by James Peach.Jeremy Allison1-2/+2
Jeremy (This used to be commit 79f54d12759f9161dc5837a090391cd0cf6471f5)
2007-10-10r4877: When vampiring account policy AP_LOCK_ACCOUNT_DURATION honour "LockoutGünther Deschner1-1/+4
Duration: Forever". Guenther (This used to be commit aecacf4d9cc5e2aa69b358292b9d591ade696500)
2007-10-10r4875: Fix for bugid #221, inspired by Mrinal Kalakrishnan <mail@mrinal.net>.Jeremy Allison1-13/+69
NT sometimes send garbage bytes in NT security descriptor linearizations when sending well-known sids. Cope with these. Jeremy. (This used to be commit 51b34bb536fdb18c99da1e151eba03ea634e0449)
2007-10-10r4874: add DOmain Admins (Full Control) to the default printer sd if we are a DCGerald Carter1-5/+24
(This used to be commit 8971a8544274a7f3643ae67be744d7dab181973d)
2007-10-10r4871: BUG 603: patch by Daniel Beschorner <db@unit-netz.de>. Correct ↵Gerald Carter1-1/+4
access mask check for _samr_lookup_domain() to work with Windows RAS server (This used to be commit 2e7a5608ac6a11f4e9e8bda69abb984fb4f86eb8)
2007-10-10r4870: Make multi-domain-mode in idmap_rid accessible from outside (can beGünther Deschner1-8/+20
compiled with -DIDMAP_RID_SUPPORT_TRUSTED_DOMAINS) as requested by Lars Mueller <lmuelle-at-suse.de>. Allow to map ID's for a local SAM and add some more debugging-information. Guenther (This used to be commit 4d8e7c9ff00417b2ebae0c5faccfe9c2c9c44f2e)
2007-10-10r4869: Display sam_user_info_7 in rpcclient.Günther Deschner1-1/+22
Guenther (This used to be commit 30e808ca07bec66d5ecd81cc8c86bb4a98874bc4)
2007-10-10r4868: Add "net rpc user RENAME"-command.Günther Deschner4-2/+190
Note that Samba3 does not yet support it server-side. Guenther (This used to be commit b2c8220931733593fd312fc25b6c73f440b4567a)
2007-10-10r4866: Add createdomgroup to rpcclient (needed to generate huge amounts ofGünther Deschner1-0/+52
groups when 'net rpc group add' is just to slow). Guenther (This used to be commit 88572efdea1bfd32478b33564a85485222731901)
2007-10-10r4864: Remove unused var.Jeremy Allison1-2/+2
Jeremy. (This used to be commit 9fd5d633e65e00a44ba0136ee91170edcecfae24)
2007-10-10r4860: fix silly limitation in ldapsam and tdbsam. Expand variables in the ↵Gerald Carter2-16/+27
profile path, logon home and logon script values (This used to be commit 504ea4ac68f47b71542a88b17cbb6b546e1cb881)
2007-10-10r4856: after testing a simple add printer script, i realized that you still ↵Gerald Carter2-21/+21
have to be root to send the message to all smbds that the config file has been updated (This used to be commit 6409de1a1ef34bb41c3efeebfabdf13be5e08613)
2007-10-10r4852: merge simo changes to srv_srvsvc_nt.c from trunkGerald Carter1-30/+13
that allows the add/change share command to create the directory passed in as an arguement and not require that it pre-exist. Also finish testing of SeDiskOperatorPrivilege via srvmgr.exe (This used to be commit 9af83a7d70324846e6a2660c73589ee68340b4aa)
2007-10-10r4851: Preleminary fix for ldapsam_enum_group_memberships whenGünther Deschner1-3/+3
ldapsam:trusted=True. Don't bail out when ldap-search returns pure posixgroups (w.o. samba group-mapping). This way those unix-memberships do not appear in user and nt user token. Volker, could you please look over that one? Guenther (This used to be commit 853a8b7f1c0b00b2e4433d1281f3c9bfcaf980a6)
2007-10-10r4850: Fix remaining pdb_setsampwent-calls.Günther Deschner1-3/+2
To get all entries use a 0 acb_mask. Guenther (This used to be commit bc729f8fd877236a503cc9df64138b2be2e1a91d)