Volker Lendecke [Sun, 20 Feb 2005 14:26:58 +0000 (14:26 +0000)]
r5469: Fix error codes of samr_lookup_rids: There's also STATUS_SOME_UNMAPPED.
Thanks,
Volker
Volker Lendecke [Sun, 20 Feb 2005 13:47:16 +0000 (13:47 +0000)]
r5467: Optimize _samr_query_groupmem with LDAP backend for large domains.
Could someone else please look at this patch, verifying that I did not break
the ldapsam:trusted = False fallback to the old behaviour? It works fine for
me, but you never know. You're certainly free to review the new code as well :-)
Thanks,
Volker
Gerald Carter [Sat, 19 Feb 2005 16:40:19 +0000 (16:40 +0000)]
r5462: BUG 1549: patch from SATOH Fumiyasu <fumiya@samba.gr.jp> to fix trunction of service names
Jim McDonough [Sat, 19 Feb 2005 11:09:52 +0000 (11:09 +0000)]
r5460: Fix "restrict anonymous = 1". If we have schannel connection, we must be
validated with a user, so allow it even if pipe itself had an anonymous
connection.
Jim McDonough [Sat, 19 Feb 2005 10:56:40 +0000 (10:56 +0000)]
r5458: Generate a sane response to exceeding lookupsids limit. Truncate list to zero
and return NT_STATUS_NONE_MAPPED. This does not crash windows and maintains
the benefit of not overallocating memory. The previous response of
truncating to the MAX limit was not useful because it crashed lsass.exe on
windows (bug opened with MS), and it was also misleading the client to
believe that a complete answer was received.
Jim McDonough [Sat, 19 Feb 2005 10:41:51 +0000 (10:41 +0000)]
r5456: Increase limit of mapped SIDS to 0x5000, which is what 2k and later do.
NT has no limit. We still don't respond the way 2k would to requests
larger, which is to actually allocate the memory and send back the entire
response, plus a return status of NT_STATUS_NONE_MAPPED. Still looking
into ways of doing this without crashing windows.
Andrew Bartlett [Sat, 19 Feb 2005 09:27:06 +0000 (09:27 +0000)]
r5455: Remove bogus DEBUG messages (dump for a failure to parse NTLMSSP,
before trying the alternate format).
This only caused confusion and bug reports...
Andrew Bartlett
Günther Deschner [Fri, 18 Feb 2005 16:43:20 +0000 (16:43 +0000)]
r5444: Add adssearch.pl utility (on volkers request).
Added to samba3 due to some header and machine-account dependencies,
although it's possibly of more interest to samba4 developers.
adssearch.pl is a kind of ldapsearch + dump-filters for various
ADS-attributes. It can also register asynchronous change notifications.
./adssearch.pl -h w2k3host -D administrator@MY.REALM.NET -x -w mypass -n
and *any* change in your entire DIT will show up immediately (after a
second change of an object even as object diff). It's very interesting
to see the interaction of GPOs, the various steps of account
modification with dsa.msc, etc.
Gracefully ignore some parts of adssearch.pl that are rather immature...
Guenther
Gerald Carter [Thu, 17 Feb 2005 22:46:41 +0000 (22:46 +0000)]
r5436: small merges from trunk
Gerald Carter [Thu, 17 Feb 2005 15:32:19 +0000 (15:32 +0000)]
r5432: compile fixes from Jason Mader <jason@ncac.gwu.edu> -- BUGS 2340
Gerald Carter [Thu, 17 Feb 2005 15:17:16 +0000 (15:17 +0000)]
r5431: couple of cimpile fixes from Jason Mader <jason@ncac.gwu.edu> -- BUGS 2341 & 2342
Volker Lendecke [Thu, 17 Feb 2005 14:27:34 +0000 (14:27 +0000)]
r5428: Apply some const. LDAP attribs should now be declared const char *attr[]. This
gives some new warnings in smbldap.c, but a the callers are cleaned up.
Volker
Volker Lendecke [Wed, 16 Feb 2005 21:31:40 +0000 (21:31 +0000)]
r5421: Fix a memleak
Volker Lendecke [Wed, 16 Feb 2005 19:51:16 +0000 (19:51 +0000)]
r5419: Fix some unitialized variable warnings
Gerald Carter [Mon, 14 Feb 2005 02:41:34 +0000 (02:41 +0000)]
r5385: when operating in security = domain, allow domain admins to manage rigths assignments
Gerald Carter [Mon, 14 Feb 2005 01:13:14 +0000 (01:13 +0000)]
r5383: add missing checks to allow root to manage user rights
Günther Deschner [Sun, 13 Feb 2005 22:56:42 +0000 (22:56 +0000)]
r5379: Build-Fix (#2343)
Guenther
Gerald Carter [Sat, 12 Feb 2005 14:41:00 +0000 (14:41 +0000)]
r5359: BUG 2333: use the lpq command to pass in the correct printer name for cups_queue_get(). See comments in code for details
Jeremy Allison [Sat, 12 Feb 2005 01:05:49 +0000 (01:05 +0000)]
r5355: Fill in the access check code for POSIX ACLs to *really* fix bug #2227.
Jeremy.
Günther Deschner [Sat, 12 Feb 2005 00:51:31 +0000 (00:51 +0000)]
r5349: After talking with Jerry, reverted the addition of account policies to
passdb in 3_0 (they are still in trunk).
Guenther
Jeremy Allison [Fri, 11 Feb 2005 20:00:30 +0000 (20:00 +0000)]
r5343: Fix for bug#1525. Timestamps interpreted incorrectly on 64-bit time_t values.
Jeremy.
Jeremy Allison [Fri, 11 Feb 2005 19:31:48 +0000 (19:31 +0000)]
r5342: Reformat some very old code.
Jeremy.
Jim McDonough [Fri, 11 Feb 2005 16:03:40 +0000 (16:03 +0000)]
r5339: Fix 'net rpc trustdom establish'. Use the right pipe name, therefore the
right pipe FID. Fixes NT_STATUS_INVALID_HANDLE error.
Gerald Carter [Fri, 11 Feb 2005 14:58:33 +0000 (14:58 +0000)]
r5337: BUG 1439: make sure to initialize pointer to prevent invalide free()'s on exit
Gerald Carter [Fri, 11 Feb 2005 14:31:14 +0000 (14:31 +0000)]
r5336: BUG 2329: fix to re-enable winbindd to locate DC's when 'disable netbios = yes'
Volker Lendecke [Fri, 11 Feb 2005 10:32:46 +0000 (10:32 +0000)]
r5331: Support SIDs as %s replacements in the afs username map parameter.
Add 'log nt token command' parameter. If set, %s is replaced with the user
sid, and %t takes all the group sids.
Volker
Jeremy Allison [Fri, 11 Feb 2005 02:14:49 +0000 (02:14 +0000)]
r5324: In order to process DELETE_ACCESS correctly and return access denied
to a WXPSP2 client we must do permission checking in userspace first
(this is a race condition but what can you do...). Needed for bugid #2227.
Jeremy.
Richard Sharpe [Thu, 10 Feb 2005 18:27:23 +0000 (18:27 +0000)]
r5318: Fix a small problem in where we ignore the response from a SamrGetGroupsForUser
that says the user is in 0 groups, and we issue an RPC to LookupIds for 0 RIDs.
The printing that there are no groups the user is a member of might be overkill
in that it might upset existing scripts that don't expect that output.
Volker Lendecke [Thu, 10 Feb 2005 17:38:49 +0000 (17:38 +0000)]
r5316: Get 'net afskey' into a subcommand of its own, 'net afs key'.
Implement 'net afs impersonate', generate a token for a specified user. You
obviously need to be root for this operation.
Volker
Volker Lendecke [Thu, 10 Feb 2005 13:36:18 +0000 (13:36 +0000)]
r5314: Some const, and an uninitialized variable fix.
Volker
Gerald Carter [Thu, 10 Feb 2005 03:34:25 +0000 (03:34 +0000)]
r5295: fix compile issue with MIT 1.4 due to broken gssapi.h
Jeremy Allison [Wed, 9 Feb 2005 23:46:14 +0000 (23:46 +0000)]
r5290: Fix for bug #2323 - plaintext problem with WinXP.
Jeremy.
Herb Lewis [Wed, 9 Feb 2005 21:23:33 +0000 (21:23 +0000)]
r5287: fix build problem when HAVE_POSIX_ACL not defined
Tim Potter [Tue, 8 Feb 2005 23:17:44 +0000 (23:17 +0000)]
r5283: Merge -r5279 and-r5280 from trunk.
Gerald Carter [Tue, 8 Feb 2005 19:27:18 +0000 (19:27 +0000)]
r5278: BUG 2327: fix compile bug in idmap_rid.c
Gerald Carter [Mon, 7 Feb 2005 22:42:43 +0000 (22:42 +0000)]
r5272: BUG 2132, 2134: patch from Jason Mader <jason@ncac.gwu.edu> to remove unused variables
Gerald Carter [Mon, 7 Feb 2005 22:30:56 +0000 (22:30 +0000)]
r5271: patch from S Murthy Kambhampaty <smk_va@yahoo.com> to add idmap_rid.so to the Fedora and RedHat packaging
Gerald Carter [Mon, 7 Feb 2005 22:21:49 +0000 (22:21 +0000)]
r5270: fixing some bashism's in autogen.sh
Gerald Carter [Mon, 7 Feb 2005 22:20:03 +0000 (22:20 +0000)]
r5269: BUG 858: fix order of popt args evalution so we don't crash when given no command line args
Jeremy Allison [Mon, 7 Feb 2005 22:06:49 +0000 (22:06 +0000)]
r5268: Fix bug #2310, only do 16-bit normalization on small dfree
request.
Jeremy.
Gerald Carter [Mon, 7 Feb 2005 19:39:15 +0000 (19:39 +0000)]
r5265: ensure that the Fedora RPMS build with cups support
Günther Deschner [Mon, 7 Feb 2005 18:20:06 +0000 (18:20 +0000)]
r5264: Log with loglevel 0 when account-administration scripts fail.
Guenther
Gerald Carter [Mon, 7 Feb 2005 15:35:42 +0000 (15:35 +0000)]
r5263: bug 2249: patch from Manuel Baena <mbaena@lcc.uma.es> to print error message in fullpath()
Günther Deschner [Mon, 7 Feb 2005 14:14:44 +0000 (14:14 +0000)]
r5262: Fix server_role in the samr_query_dom_info calls. When we are a BDC we
should not say we are a PDC.
Guenther
Simo Sorce [Mon, 7 Feb 2005 08:43:18 +0000 (08:43 +0000)]
r5257: Upadate patches and control files
Sync up with 3.0.11
Tim Potter [Sun, 6 Feb 2005 01:12:15 +0000 (01:12 +0000)]
r5246: We can't use a pointer to struct lsa_info until is has been
initialised. Fix for bugzilla #2315. Can the privileges dude(s)
please verify this?
Steve French [Fri, 4 Feb 2005 23:30:27 +0000 (23:30 +0000)]
r5236: Ignore users mount parm (since unneeded by cifs kernel code). Suggested by Dirk Jagdmann.
Günther Deschner [Fri, 4 Feb 2005 23:01:52 +0000 (23:01 +0000)]
r5235: Fix compile warning.
Günther Deschner [Fri, 4 Feb 2005 22:27:14 +0000 (22:27 +0000)]
r5234: Do not use the "Local Unix Group"-default description for all kinds of
group-mappings.
Guenther
Gerald Carter [Fri, 4 Feb 2005 17:46:30 +0000 (17:46 +0000)]
r5233: fixing some typos
Volker Lendecke [Fri, 4 Feb 2005 14:38:12 +0000 (14:38 +0000)]
r5228: Fix typo, mention officially supported samba3/SLES8 packages on ftp.sernet.de.
Volker
Gerald Carter [Fri, 4 Feb 2005 14:03:57 +0000 (14:03 +0000)]
r5227: removed SuSE spec file @ Lars' request and updated read to point to package download areas
Stefan Metzmacher [Fri, 4 Feb 2005 07:01:33 +0000 (07:01 +0000)]
r5225: fix mem leak and debug message
metze
Gerald Carter [Fri, 4 Feb 2005 00:25:33 +0000 (00:25 +0000)]
r5207: patches from Jay Fenlason @ RedHat (scooped from their Fedora packages)
Gerald Carter [Thu, 3 Feb 2005 16:23:49 +0000 (16:23 +0000)]
r5205: more fixups for BUG 2291
Gerald Carter [Thu, 3 Feb 2005 15:14:54 +0000 (15:14 +0000)]
r5203: additional changes for BUG 2291 to restrict who can join a BDC and add domain trusts
Gerald Carter [Thu, 3 Feb 2005 04:40:52 +0000 (04:40 +0000)]
r5192: missed one packaging fix for BUG 2299
Gerald Carter [Thu, 3 Feb 2005 04:38:48 +0000 (04:38 +0000)]
r5191: BUG 2299: better logrotate configuration from Levente Farkas <lfarkas@lfarkas.org>
Jeremy Allison [Thu, 3 Feb 2005 02:02:54 +0000 (02:02 +0000)]
r5183: Ensure we correctly set the per-connection "case_sensitive" setting.
Rename dptrs_open to the more correct dirhandles_open.
Remove old #if 1.
Jeremy.
Günther Deschner [Wed, 2 Feb 2005 20:11:37 +0000 (20:11 +0000)]
r5180: Call the "add machine script" to create all kinds of trust accounts
(this restores old behaviour). Fixes #2291.
Guenther
Deryck Hodge [Wed, 2 Feb 2005 18:01:11 +0000 (18:01 +0000)]
r5179: Add -P (password-menu-only) option to swat. Admins can allow users
to use swat to change their password without allowing them to see
the "View" and "Status" buttons.
deryck
Simo Sorce [Wed, 2 Feb 2005 16:22:59 +0000 (16:22 +0000)]
r5176: Warn the user that print command is ignored when using cups libraries
Gerald Carter [Wed, 2 Feb 2005 16:05:55 +0000 (16:05 +0000)]
r5174: ensure that we consistently use the current_user_info.smb_name vs. smb_name when parsing smb.conf and reloading config files
Jeremy Allison [Wed, 2 Feb 2005 01:58:18 +0000 (01:58 +0000)]
r5166: From James Peach - remove minor C99-isms.
Jeremy.
Gerald Carter [Tue, 1 Feb 2005 20:43:14 +0000 (20:43 +0000)]
r5165: BUG 2295: always use get_local_machine_name() rather than digging in the gloval variable 'local_machine'
Jim McDonough [Tue, 1 Feb 2005 19:32:54 +0000 (19:32 +0000)]
r5163: Fix bugzilla 2062:
turn off broadcast for all 390 NICs.
Gerald Carter [Tue, 1 Feb 2005 19:04:13 +0000 (19:04 +0000)]
r5162: BUG 2264: remove shutdown and abortshurn commands from rpcclient since they are stable in 'net rpc' (to avoid fixing portability bugs)
Jeremy Allison [Tue, 1 Feb 2005 18:33:50 +0000 (18:33 +0000)]
r5160: First cut at refactoring of directory code to handle non-wildcard
directory match more efficiently. Passes RAW-SEARCH under valgrind but needs more
testing (which I'll do later today :-).
Jeremy.
Gerald Carter [Tue, 1 Feb 2005 18:29:14 +0000 (18:29 +0000)]
r5159: BUG 2262: add support to detect *freebsd6* (same as *freebsd5* currently)
Gerald Carter [Tue, 1 Feb 2005 18:24:39 +0000 (18:24 +0000)]
r5158: BUG 2263: patch from Timur Bakeyev <timur@com.bat.ru> to guard base64_encode_data_blob() against empty blobs
Gerald Carter [Tue, 1 Feb 2005 18:14:15 +0000 (18:14 +0000)]
r5157: BUG 2266: conditionally include rpc/nettype.h to work around missing header onf FreeBSD4
Jeremy Allison [Tue, 1 Feb 2005 02:06:00 +0000 (02:06 +0000)]
r5154: Tidy up interface a little.
Jeremy.
Jeremy Allison [Tue, 1 Feb 2005 00:28:20 +0000 (00:28 +0000)]
r5152: Restructure the directory handling code, stop using void * pointers
that just allow the wrong pointer to be assigned :-) and make the
interface more consistent. Fix the FreeBSD directory problem. Last
thing to do is to add the "singleton" directory concept from James
Peach's code.
Jeremy.
Gerald Carter [Mon, 31 Jan 2005 22:42:30 +0000 (22:42 +0000)]
r5150: consolidate the samr_make.*obj_sd() functions to share code
Gerald Carter [Mon, 31 Jan 2005 16:32:14 +0000 (16:32 +0000)]
r5140: (a) fix problem with enumerating domain trusts in security = ads; (b) fix a segfault in rpcclient's dsenumdomtrusts
Gerald Carter [Mon, 31 Jan 2005 13:26:00 +0000 (13:26 +0000)]
r5132: netscape DS 5.2 schema update from Richard Renard <rrenard@idealx.com>
Gerald Carter [Mon, 31 Jan 2005 13:17:49 +0000 (13:17 +0000)]
r5131: BUG 2290: don;t call mkversion.sh since we don't have it in this directory
Volker Lendecke [Mon, 31 Jan 2005 09:27:12 +0000 (09:27 +0000)]
r5127: Fix Bug 2289 -- thanks to jason@ncac.gwu.edu
Volker Lendecke [Mon, 31 Jan 2005 08:29:51 +0000 (08:29 +0000)]
r5125: Fix bug 2113 -- thanks to jason@ncac.gwu.edu
Tim Potter [Sun, 30 Jan 2005 22:47:26 +0000 (22:47 +0000)]
r5112: Fix for shared object creation in examples. Bugzilla #2058.
Tim Potter [Sun, 30 Jan 2005 22:45:46 +0000 (22:45 +0000)]
r5111: Fix up changed prototype for setsampwent pdb function.
Jeremy Allison [Sun, 30 Jan 2005 00:36:19 +0000 (00:36 +0000)]
r5100: We should only care about case-sensitivity when *reading* an incoming
filename, not returning one. Makes us pass one more Samba4 RAW-SEARCH test.
Jeremy.
Volker Lendecke [Sat, 29 Jan 2005 10:05:46 +0000 (10:05 +0000)]
r5098: Next round build-fixing
Volker Lendecke [Sat, 29 Jan 2005 09:38:15 +0000 (09:38 +0000)]
r5096: Attempt to fix the build
Jeremy Allison [Sat, 29 Jan 2005 02:49:01 +0000 (02:49 +0000)]
r5082: Don't blindly copy question rr_type and class, set correctly as required
by rfc1002.
Jeremy.
Jeremy Allison [Sat, 29 Jan 2005 02:18:01 +0000 (02:18 +0000)]
r5077: Use correct type for rr record on negative name query reply.
Jeremy.
Jeremy Allison [Sat, 29 Jan 2005 02:03:46 +0000 (02:03 +0000)]
r5076: Ensure that WINS negative name query responses and WACK packets
use the correct RR type of 0xA instead of reflecting back what
the query RR type was (0x20). See rfc1002 sections 4.2.14 and
4.2.16.
Jeremy.
Jeremy Allison [Fri, 28 Jan 2005 23:17:12 +0000 (23:17 +0000)]
r5069: Ensure we return the correct errors for old-style search requests.
Jeremy.
Jeremy Allison [Fri, 28 Jan 2005 21:55:45 +0000 (21:55 +0000)]
r5066: A couple of small fixes from James Peach @ SGI.
Jeremy.
Jeremy Allison [Fri, 28 Jan 2005 21:01:58 +0000 (21:01 +0000)]
r5063: Shamelessly steal the Samba4 logic (and some code :-) for directory
evaluation. This stops us from reading the entire directory into
memory at one go, and allows partial reads. It also keeps almost
the same interface to the OpenDir/ReadDir etc. code (sorry James :-).
Next I will optimise the findfirst with exact match code. This speeds
up our interactive response for large directories, but not when a
missing (ie. negative) findfirst is done.
Jeremy
Gerald Carter [Fri, 28 Jan 2005 17:36:41 +0000 (17:36 +0000)]
r5060: BUG 2286: fix typoe on sambaConfig oc definition
Günther Deschner [Fri, 28 Jan 2005 17:05:55 +0000 (17:05 +0000)]
r5058: Due to the fragileness how windows reacts on unmapped sids sometimes,
don't leave administator-sid unmapped. Simply return "Administrator"
Guenther
Gerald Carter [Fri, 28 Jan 2005 16:55:09 +0000 (16:55 +0000)]
r5056: * correct STANDARD_RIGHTS_WRITE_ACCESS bitmask define
* make sure to apply the rights_mask and not just the saved
bits from the mask in access_check_samr_object()
* allow root to grant/revoke privileges (in addition to Domain
Admins) as suggested by Volker.
Tested machine joins from XP, 2K, and NT4 with and without
pre-existing machine trust accounts. Also tested basic file
operations using cmd.exe and explorer.exe after changing the
STANDARD_RIGHTS_WRITE_ACCESS bitmask.
Gerald Carter [Thu, 27 Jan 2005 15:13:16 +0000 (15:13 +0000)]
r5046: mark 'winbind enable local accounts' and testprns as depcrecated
Gerald Carter [Thu, 27 Jan 2005 02:56:18 +0000 (02:56 +0000)]
r5029: after talking to Rob, ensure that we set the NETIOSNAME.domainname
as the longname in the published printer information since this
is what we will have used when we joined the domain.
More testing on this tomorrow.
Gerald Carter [Thu, 27 Jan 2005 02:16:02 +0000 (02:16 +0000)]
r5028: * check acb_info mask in _samr_create_user instead of the last character
of the user name
* fix some access_mask checks in _samr_set_userinfo2 (getting join from
XP without being a member of domain admins working)
Gerald Carter [Wed, 26 Jan 2005 20:48:21 +0000 (20:48 +0000)]
r5020: bumping the 3.0 tree to 3.0.12pre1 since there will not be a full sync for the 3.0.11rc1 release
Gerald Carter [Wed, 26 Jan 2005 20:36:44 +0000 (20:36 +0000)]
r5015: (based on abartlet's original patch to restrict password changes)
* added SE_PRIV checks to access_check_samr_object() in order
to deal with the run-time security descriptor and their
interaction with user rights
* Reordered original patch in _samr_set_userinfo[2] to still
allow root/administrative password changes for users and machines.
Jeremy Allison [Wed, 26 Jan 2005 20:01:21 +0000 (20:01 +0000)]
r5014: Split out the request to send an async level II oplock break into a
new function to make it clear when it's called. Remove async parameter
that had been overloaded into request_oplock_break.
Inspired by work from Nadav Danieli <nadavd@exanet.com>.
Jeremy.
Gerald Carter [Wed, 26 Jan 2005 14:46:54 +0000 (14:46 +0000)]
r5012: fix segfault caused by using a ipp_t * after calling cupsDoRequest()