Jeremy Allison [Sun, 30 Jan 2005 00:36:19 +0000 (00:36 +0000)]
r5100: We should only care about case-sensitivity when *reading* an incoming
filename, not returning one. Makes us pass one more Samba4 RAW-SEARCH test.
Jeremy.
Jeremy Allison [Sat, 29 Jan 2005 02:03:46 +0000 (02:03 +0000)]
r5076: Ensure that WINS negative name query responses and WACK packets
use the correct RR type of 0xA instead of reflecting back what
the query RR type was (0x20). See rfc1002 sections 4.2.14 and
4.2.16.
Jeremy.
Jeremy Allison [Fri, 28 Jan 2005 21:01:58 +0000 (21:01 +0000)]
r5063: Shamelessly steal the Samba4 logic (and some code :-) for directory
evaluation. This stops us from reading the entire directory into
memory at one go, and allows partial reads. It also keeps almost
the same interface to the OpenDir/ReadDir etc. code (sorry James :-).
Next I will optimise the findfirst with exact match code. This speeds
up our interactive response for large directories, but not when a
missing (ie. negative) findfirst is done.
Jeremy
Gerald Carter [Fri, 28 Jan 2005 16:55:09 +0000 (16:55 +0000)]
r5056: * correct STANDARD_RIGHTS_WRITE_ACCESS bitmask define
* make sure to apply the rights_mask and not just the saved
bits from the mask in access_check_samr_object()
* allow root to grant/revoke privileges (in addition to Domain
Admins) as suggested by Volker.
Tested machine joins from XP, 2K, and NT4 with and without
pre-existing machine trust accounts. Also tested basic file
operations using cmd.exe and explorer.exe after changing the
STANDARD_RIGHTS_WRITE_ACCESS bitmask.
Gerald Carter [Thu, 27 Jan 2005 02:56:18 +0000 (02:56 +0000)]
r5029: after talking to Rob, ensure that we set the NETIOSNAME.domainname
as the longname in the published printer information since this
is what we will have used when we joined the domain.
Gerald Carter [Thu, 27 Jan 2005 02:16:02 +0000 (02:16 +0000)]
r5028: * check acb_info mask in _samr_create_user instead of the last character
of the user name
* fix some access_mask checks in _samr_set_userinfo2 (getting join from
XP without being a member of domain admins working)
Jeremy Allison [Wed, 26 Jan 2005 20:01:21 +0000 (20:01 +0000)]
r5014: Split out the request to send an async level II oplock break into a
new function to make it clear when it's called. Remove async parameter
that had been overloaded into request_oplock_break.
Inspired by work from Nadav Danieli <nadavd@exanet.com>.
Jeremy.
Jeremy Allison [Wed, 26 Jan 2005 00:13:15 +0000 (00:13 +0000)]
r5002: Ensure we can't remove a level II oplock without having the
shared memory area locked. This need to be in 3.0.11. Pointed
out by Nadav Danieli <nadavd@exanet.com>.
Jeremy.
Günther Deschner [Tue, 25 Jan 2005 23:30:05 +0000 (23:30 +0000)]
r4994: Patch from abartlet:
When migrating account policies to ldapsam, handle the fact that an
admin might have changed the default location of the sambaDomain-object
after installation.
Günther Deschner [Mon, 24 Jan 2005 16:30:46 +0000 (16:30 +0000)]
r4963: It is actually a very bad idea to use KRB5_CONFIG in the
configure-checks (At least Heimdal uses KRB5_CONFIG for locating it's
configuration-file (usually /etc/krb5.conf)). Renaming it to KRB5CONFIG
prevents configure-checks that use heimdal-libs from segfaulting while
the lib reads the krb5-config binary as a configuration file...
Vendors that used the KRB5_CONFIG-variable to let configure find a
custom krb5-config binary have to use KRB5CONFIG now.
Volker Lendecke [Sun, 23 Jan 2005 14:10:57 +0000 (14:10 +0000)]
r4946: Our notion the other_sids in the info3 SamLogon struct was
...hmmm... completely bogus. This does not affect us as a domain controller,
as we never set other_sids, but I have *no* idea how winbind got away with it.
Please review thoroughly, samba4 idl looks closer to reality here.
Test case: Member of w2k3 domain, authenticate as a user who is member of one
or more domain local groups. Easiest review with 'client schannel = no'.
Günther Deschner [Sat, 22 Jan 2005 11:26:13 +0000 (11:26 +0000)]
r4931: Add get_user_info_7 in SAMR. This just gives out the username. (In
preparation of adding the ability of renaming users via setuserinfo
level 7).
Günther Deschner [Sat, 22 Jan 2005 03:37:09 +0000 (03:37 +0000)]
r4925: Migrate Account Policies to passdb (esp. replicating ldapsam).
Does automated migration from account_policy.tdb v1 and v2 and offers a
pdbedit-Migration interface. Jerry, please feel free to revert that if
you have other plans.
Gerald Carter [Fri, 21 Jan 2005 19:08:17 +0000 (19:08 +0000)]
r4905: patch from abartlet to remove storing the auth-user credentials from the cli* in cm_prepare_connection(). using credentials from a domain other thanour primary domain will cause the schannel setup to fail
Jeremy Allison [Thu, 20 Jan 2005 18:31:11 +0000 (18:31 +0000)]
r4875: Fix for bugid #221, inspired by Mrinal Kalakrishnan <mail@mrinal.net>.
NT sometimes send garbage bytes in NT security descriptor linearizations
when sending well-known sids. Cope with these.
Jeremy.
Günther Deschner [Thu, 20 Jan 2005 17:04:16 +0000 (17:04 +0000)]
r4870: Make multi-domain-mode in idmap_rid accessible from outside (can be
compiled with -DIDMAP_RID_SUPPORT_TRUSTED_DOMAINS) as requested by Lars
Mueller <lmuelle-at-suse.de>.
Allow to map ID's for a local SAM and add some more
debugging-information.
Gerald Carter [Thu, 20 Jan 2005 16:31:42 +0000 (16:31 +0000)]
r4867: Removing smbldap-tools from the svn tree. I'll include
the latest version in the actual release tarballs.
Have spoken to the idealx developers about this.
Updated README to reflect the changte for people using svn.
Removed ldapsync.pl since it is no longer needed when using
the smbldap-tools (only keep things you support).
Gerald Carter [Wed, 19 Jan 2005 21:10:56 +0000 (21:10 +0000)]
r4856: after testing a simple add printer script, i realized that you still have to be root to send the message to all smbds that the config file has been updated
Gerald Carter [Wed, 19 Jan 2005 18:28:55 +0000 (18:28 +0000)]
r4852: merge simo changes to srv_srvsvc_nt.c from trunk
that allows the add/change share command to create the directory
passed in as an arguement and not require that it pre-exist.
Also finish testing of SeDiskOperatorPrivilege via srvmgr.exe
Günther Deschner [Wed, 19 Jan 2005 17:42:33 +0000 (17:42 +0000)]
r4851: Preleminary fix for ldapsam_enum_group_memberships when
ldapsam:trusted=True. Don't bail out when ldap-search returns pure
posixgroups (w.o. samba group-mapping).
This way those unix-memberships do not appear in user and nt user token.
Volker, could you please look over that one?
Gerald Carter [Wed, 19 Jan 2005 16:52:19 +0000 (16:52 +0000)]
r4849: * finish SeAddUsers support in srv_samr_nt.c
* define some const SE_PRIV structure for use when
you need a SE_PRIV* to a privilege
* fix an annoying compiler warngin in smbfilter.c
* translate SIDs to names in 'net rpc rights list accounts'
* fix a seg fault in cli_lsa_enum_account_rights caused by
me forgetting the precedence of * vs. []
Günther Deschner [Wed, 19 Jan 2005 16:13:26 +0000 (16:13 +0000)]
r4847: Hand over a acb_mask to pdb_setsampwent in load_sampwd_entries().
This allows the ldap-backend to search much more effeciently. Machines
will be searched in the ldap_machine_suffix and users in the
ldap_users_suffix. (Note that we already use the ldap_group_suffix in
ldapsam_setsamgrent for quite some time).
Using the specific ldap-bases becomes notably important in large
domains: On my testmachine "net rpc trustdom list" has to search through
40k accounts just to list 3 interdomain-trust-accounts, similiar effects
show up the non-user query_dispinfo-calls, etc.
Also renamed all_machines to only_machines in load_sampwd_entries()
since that reflects better what is really meant.
Günther Deschner [Wed, 19 Jan 2005 09:58:29 +0000 (09:58 +0000)]
r4840: * Add more generic root-dse inspection function to check for given
controls or extensions.
* Check and remember if ldapsam's LDAP Server support paged results
(in preparation of adding async paged-results to set|get|end-sampwent in
ldapsam).
Jeremy Allison [Tue, 18 Jan 2005 22:40:49 +0000 (22:40 +0000)]
r4830: Fix for problem noticed by Guy Harris <gharris@apple.com>, return
correct DOS/NT error code on transact named pipe on closed pipe
handle.
Jeremy.
Gerald Carter [Tue, 18 Jan 2005 19:51:36 +0000 (19:51 +0000)]
r4825: Printing changes
----------------
* bracket the add/delete/set printer scripts with checks for se_print_op
* slight change to the add/set printer script semantics. smbd no longer
relies on output from the script (on stdout) to re-read smb.conf
* remove SIGHUP from set/add/delete printin script code and now just
use MSG_SMB_CONF_UPDATED
* bracket the add/delete/set share scripts with checks for se_print_op
(this includes setting share ACLs)
Gerald Carter [Tue, 18 Jan 2005 18:28:34 +0000 (18:28 +0000)]
r4821: finish off 'net rpc rights [list|grant|revoke]'
one small todo item is to add a 'accounts' sub option
to 'net rpc list' so enumerate all privileged SIDs
and their associated rights.
Gerald Carter [Mon, 17 Jan 2005 20:27:29 +0000 (20:27 +0000)]
r4809: * include SeDiskOperatorPrivilege and SeRemoteShutdownPrivilege
(noty enfornced yet though)
* add 'enable privileges (off by default) to control whether or
not any privuleges can be assigned to SIDs
Gerald Carter [Mon, 17 Jan 2005 15:23:11 +0000 (15:23 +0000)]
r4805: Last planned change to the privileges infrastructure:
* rewrote the tdb layout of privilege records in account_pol.tdb
(allow for 128 bits instead of 32 bit flags)
* migrated to using SE_PRIV structure instead of the PRIVILEGE_SET
structure. The latter is now used for parsing routines mainly.
Still need to incorporate some client support into 'net' so
for setting privileges. And make use of the SeAddUserPrivilege
right.
Volker Lendecke [Sat, 15 Jan 2005 19:00:18 +0000 (19:00 +0000)]
r4760: Make wbinfo --user-sids expand domain local groups. Andrew B., my testing
shows that this info is correctly returned to us in to info3 struct, so
check_info3_in_group does not need to be adapted.
projects / thirdparty / samba.git / log
