diff options
author | Gerald Carter <jerry@samba.org> | 2005-01-31 17:18:01 +0000 |
---|---|---|
committer | Gerald Carter <jerry@samba.org> | 2005-01-31 17:18:01 +0000 |
commit | b59908e48e06253cf3f8663059f65a79bd07c811 (patch) | |
tree | 74dd5549a8dca5d2d30772bd4ed572f58abec82f | |
parent | a1ade5089c73dc7c4b34ce92d87bf7c8598c9b99 (diff) | |
download | samba-b59908e48e06253cf3f8663059f65a79bd07c811.tar.gz samba-b59908e48e06253cf3f8663059f65a79bd07c811.tar.xz samba-b59908e48e06253cf3f8663059f65a79bd07c811.zip |
r5146: starting draft of release notes for 3.0.11
merges from SAMBA_3_0
svn merge -r5100:5111 $SVNURL/branches/SAMBA_3_0
svn merge -r5113:5125 $SVNURL/branches/SAMBA_3_0
svn merge -r5125:5127 $SVNURL/branches/SAMBA_3_0
svn merge -r5127:5131 $SVNURL/branches/SAMBA_3_0
svn merge -r5131:5132 $SVNURL/branches/SAMBA_3_0
svn merge -r5132:5140 $SVNURL/branches/SAMBA_3_0
-rw-r--r-- | WHATSNEW.txt | 431 | ||||
-rw-r--r-- | examples/LDAP/samba-schema-netscapeds5.x | 40 | ||||
-rwxr-xr-x | examples/VFS/autogen.sh | 3 | ||||
-rw-r--r-- | examples/pdb/test.c | 2 | ||||
-rw-r--r-- | source/lib/system_smbd.c | 3 | ||||
-rw-r--r-- | source/rpc_client/cli_ds.c | 2 | ||||
-rw-r--r-- | source/rpc_parse/parse_lsa.c | 13 | ||||
-rw-r--r-- | source/rpcclient/cmd_ds.c | 6 |
8 files changed, 199 insertions, 301 deletions
diff --git a/WHATSNEW.txt b/WHATSNEW.txt index 2702749505d..7915112f89c 100644 --- a/WHATSNEW.txt +++ b/WHATSNEW.txt @@ -1,109 +1,33 @@ - ================================= - Release Notes for Samba 3.0.11rc1 - Jan 28, 2005 - ================================== + ============================== + Release Notes for Samba 3.0.11 + XXX XX, 2005 + ============================== -This is a release candidate of the Samba 3.0.11 code base and is -provided for testing only. While close to the final stable release, -this snapshot is *not* intended for production servers. If all -goes well, this this version will become the final 3.0.11 stable -release (with possible minor changes). +This is the latest stable release of Samba. This is the version +that production Samba servers should be running for all current +bug-fixes. Please read the following important changes in this +release. -Common bugs fixed in 3.0.11rc1 include: +Common bugs fixed in 3.0.11 include: o Crash in smbd when using CUPS printing. o Parsing error of other SIDs included in the user_info_3 structure returned from domain controllers. - - -###################################################################### -Changes -####### - -Changes since 3.0.11pre2 ------------------------- - -smb.conf changes ----------------- - - Parameter Name Action - -------------- ------ - winbind enable local accounts Deprecated - - -commits -------- -o Jeremy Allison <jra@samba.org> - * BUG 2092: Prevent auto-anonymous logins via libsmbclient - for better use by desktop environments such as GNOME. - * Ensure we can't remove a level II oplock without having the - shared memory area locked. - - -o Gerald (Jerry) Carter <jerry@samba.org> - * RedHat and Fedora Packaging fixes for perl dependencies. - * Remove unused schema items from OpenLDAP schema file. - * Remove duplicate enumeration of "Windows x86" architecture - when listing printer drivers via rpcclient. - * Fail set_privileges() if 'enable privileges = no' to prevent - confused admins. - * Fix segfault in cups_queue_get(). - * Tighten restrictions on changing user passwords when - the connected user possesses the SeMachineAccountPrivilege. - * Ensure we set NETBIOSNAME.domainname for the long machine name - when publishing printers in AD (based on input from Rob Foehl). - * Mark 'winbind enable local accounts' as deprecated. - * Mark testprns tool as deprecated. - * Allow root to grant/revoke privilege assignments. - * Correct interaction between user rights and se_access_check() on - SAMR objects. - * BUG 2286: Fix typo OpenLDAP schema file for sambaConfig object - class. - - -o Guenther Deschner <gd@samba.org> - * Fix configure.in tests using KRB5_CONFIG variable and krb5- - config utility. - * Require assignment of Administrator SID in the passdb - backend. Fall back to the default name of 'Administrator' if - the lookup fails rather than using the first name in the - default 'admin users' list. - * Enhance LDAP failure debug messages. - - -o Volker Lendecke <vl@samba.org> - * Allow 'rpcclient -c enumtrust' to enumerate more than 10 trusts. - * Fix parsing of other_sids in net_user_info3. - * Correct bad failure logic when user was not a member of any - domain local groups. - - -Changes for older versions follow below: - - -------------------------------------------------- - - ================================== - Release Notes for Samba 3.0.11pre2 - Jan 21, 2005 - =================================== - -This is a preview release of the Samba 3.0.11 code base and -is provided for testing only. This release is *not* intended -for production servers. However, there have been several bug -fixes since 3.0.10 that we feel are important to make available -to the Samba community for wider testing. - -Common bugs fixed in 3.0.11pre2 include: - o Inefficiencies when searching non-AD LDAP directories. o Failure to expand variables in user domain attributes in tdbsam and ldapsam. o Memory leaks. o Failure to retrieve certain attribute when migrating from a Windows DC to a Samba DC via 'net rpc vampire'. + o Numerous printing bugs bugs including memory + bloating on large/busy print servers. + o Compatibility issues with Exchange 5.5 SP4. + o sendfile fixes. -Additional features introduced in Samba 3.0.11pre1: +Additional features introduced in Samba 3.0.11: + o Winbindd performance improvements. + o More 'net rpc vampire' functionality. o Support for the Windows privilege model to assign rights to specific SIDs. o New administrative options to the 'net rpc' command. @@ -134,186 +58,42 @@ These rights can be assigned to arbitrary users or groups via the 'net rpc rights grant/revoke' command. More details of Samba's privilege implementation can be found in the Samba-HOWTO-Collection. - + ###################################################################### Changes ####### -Changes since 3.0.11pre1 ------------------------- +Changes since 3.0.11rc1 +----------------------- -smb.conf changes ----------------- - Parameter Name Action - -------------- ------ - enable privileges New - ldap password sync Alias - - commits ------- o Jeremy Allison <jra@samba.org> - * Fixes for libsmbclient to ensure that interrupted system calls - are restarted minus the already expired portion of the timeout - (based on work by Derrell Lipman). - * More Unicode string parsing fixes. - * Convert the winreg pipe to use WERROR returns. - * Make all LDAP timeouts consistent (input from Joe Meadows - <jameadows@webopolis.com>). - * BUG 2231: Remove double "\\" from client findfirst. - * BUG 2238: Fix memory leak in shadow copy vfs. - * Return correct DOS/NT error code on transact named pipe on - closed pipe handle. - * BUG 2211: Fix security descriptor parsing bug (based on work by - Mrinal Kalakrishnan <mail@mrinal.net>). - * BUG 2270: Fix memory leaks in cups printing backend support - (based on work by Lars Mueller). - * BUG 2255: Fix debug level in kerberos error messages. - - -o Andrew Bartlett <abartlet@samba.org> - * Don't store the auth-user credentials with the cli_state* as - this can cause the schannel setup to fail when the auth-user - domain is not our primary domain. - - -o Grigory Batalov <bga@altlinux.org> - * Fix encoding while receiving of a message which was actually - sent using STR_ASCII. - - -o Daniel Beschorner <db@unit-netz.de> - * BUG 603: Correct access mask check for _samr_lookup_domain() - to work with Windows RAS server - - -o Jerome Borsboom <j.borsboom@erasmusmc.nl> - * Fix missing printer_tdb reference decrement. - - +o Timur Bakeyev <timur@com.bat.ru> o Gerald (Jerry) Carter <jerry@samba.org> - * Re-instantiate previous semantics for calling init_unistr2() - with a NULL source buffer. - * Support Windows privilege model for assigning rights - to specific SIDs. Based on work by Simo Sorce in the trunk - svn branch. This feature is controlled by the 'enable - privileges = [yes|no]' smb.conf(5) option. - * Add some smb.conf scripts for add/delete/change shares and - deleting cups printers. - * Expand variables in the profile path, logon home and logon script - values when using either tdbsam or ldapsam. - * Add Domain Admins (Full Control) to the default printer security - descriptor if we are a DC. - - o Guenther Deschner <gd@samba.org> - * Allow rpcclient to define a port to use when connecting - to a remote server. - * Allow Account Lockout with Lockout Duration "forever" (until - admin unlocks) to be set and displayed in User Manager. - * Allow to set acb_mask in rpcclient's enumdomusers. - * Add more generic rootDSE inspection function to check - for given controls or extensions and remember these on a - per server basis. - * Improve LDAP search efficiency by passing the acb_mask to - pdb_setsampwent(). - * Fixes for ldapsam_enum_group_memberships(). - * Add createdomgroup to rpcclient. - * Add "net rpc user RENAME"-command. - * Display sam_user_info_7 in rpcclient. - * Make multi-domain-mode in idmap_rid accessible from outside - (can be compiled with -DIDMAP_RID_SUPPORT_TRUSTED_DOMAINS). - * When vampiring account policy AP_LOCK_ACCOUNT_DURATION honor - "Lockout Duration: Forever". - - -o Rob Foehl <rwf@loonybin.net> - * Implement caching of names from printcap to support a true - 'printcap cache time'. - - -o Jeff Hardy <hardyjm@potsdam.edu> - * Example script for 'add print command' when using CUPS. - - -o William Jojo <jojowil@hvcc.edu> - * AIX 5.3 compile fixes. - - o Volker Lendecke <vl@samba.org> - * Initial work to allow support for multiple pipe opens on a - single cli_state*. - * Ensure that we still retrieve the netbios name of any DC - listed as a 'password server' to work around cases where the - DC was defined using an IP address or fqdn. - * Fix memleak in winbindd connection code. - * Fix cli_samr_queryuseraliases. - * Allow wbinfo --user-sids to expand expand domain local groups. - - -o Jim McDonough <jmcd@us.ibm.com> - * BUG 2198: Set password last change time when running 'net rpc - vampire'. - * Add "refuse machine password change" policy field. - - -o Stefan Metzmacher <metze@samba.org> - * autogen.sh fixes. - - -o James Peach <jpeach@sgi.com> - * Fix rewinddir -> rewind_dir when using VFS macros. - - -o Simo Sorce <idra@samba.org> - * Allows the add/change share command to create the shared - directory directory on disk. - -o Jelmer Vernooij <jelmer@samba.org> - * Fixes for pdb_mysql. - - - -------------------------------------------------- - - ================================== - Release Notes for Samba 3.0.11pre1 - Jan 4, 2005 - =================================== - -Common bugs fixed in 3.0.11pre1 include: - - o Numerous printing bugs bugs including memory - bloating on large/busy print servers. - o Compatibility issues with Exchange 5.5 SP4. - o sendfile fixes. - -Additional features introduced in Samba 3.0.11pre1: - - o Winbindd performance improvements. - o More 'net rpc vampire' functionality. - - - +o Tim Potter <tpot@samba.org> -###################################################################### -Changes -####### Changes since 3.0.10 -------------------- smb.conf changes ---------------- - Parameter Name Action - -------------- ------ + + Parameter Name Action + -------------- ------ afs token lifetime New + enable privileges New + ldap password sync Alias min password length Deprecated + winbind enable local accounts Deprecated + - commits ------- - o Jeremy Allison <jra@samba.org> * Extend vfs to add seekdir/telldir/rewinddir. * Fix dirent return. @@ -333,6 +113,22 @@ o Jeremy Allison <jra@samba.org> file, not an existing one. * Don't go fishing for the krb5 authorization data unless we know it's there. + * Fixes for libsmbclient to ensure that interrupted system calls + are restarted minus the already expired portion of the timeout + (based on work by Derrell Lipman). + * More Unicode string parsing fixes. + * Convert the winreg pipe to use WERROR returns. + * Make all LDAP timeouts consistent (input from Joe Meadows + <jameadows@webopolis.com>). + * BUG 2231: Remove double "\\" from client findfirst. + * BUG 2238: Fix memory leak in shadow copy vfs. + * Return correct DOS/NT error code on transact named pipe on + closed pipe handle. + * BUG 2211: Fix security descriptor parsing bug (based on work by + Mrinal Kalakrishnan <mail@mrinal.net>). + * BUG 2270: Fix memory leaks in cups printing backend support + (based on work by Lars Mueller). + * BUG 2255: Fix debug level in kerberos error messages. * BUG 2110: Ensure we convert to ucs2 correctly after the CAN-2004-0930 patch. * Make strict locking an enum. Auto means use oplock optimization. @@ -340,7 +136,11 @@ o Jeremy Allison <jra@samba.org> * More *alloc fixes (includes additional fixes by Albert Chin. * Catch sendfile errors correctly and return the correct values we want the caller to return. - + * BUG 2092: Prevent auto-anonymous logins via libsmbclient + for better use by desktop environments such as GNOME. + * Ensure we can't remove a level II oplock without having the + shared memory area locked. + o Timur Bakeyev <timur@com.bat.ru> * BUG 2100: change the way we check for errors after a dlopen(). @@ -350,6 +150,23 @@ o Andrew Bartlett <abartlet@samba.org> * Clarify error message when 'lanman auth = no'. * Remove the unnecessary UTF-8 conversion calls in the calls to auth_winbind from smbd. + * Don't store the auth-user credentials with the cli_state* as + this can cause the schannel setup to fail when the auth-user + domain is not our primary domain. + + +o Grigory Batalov <bga@altlinux.org> + * Fix encoding while receiving of a message which was actually + sent using STR_ASCII. + + +o Daniel Beschorner <db@unit-netz.de> + * BUG 603: Correct access mask check for _samr_lookup_domain() + to work with Windows RAS server + + +o Jerome Borsboom <j.borsboom@erasmusmc.nl> + * Fix missing printer_tdb reference decrement. o Gerald (Jerry) Carter <jerry@samba.org> @@ -372,13 +189,43 @@ o Gerald (Jerry) Carter <jerry@samba.org> print_queue_updates() requests sent via messages.tdb. * Check the setprinter(3) based on the access permissions on the handle and avoid the call to print_access_check(). - + * Re-instantiate previous semantics for calling init_unistr2() + with a NULL source buffer. + * Support Windows privilege model for assigning rights + to specific SIDs. Based on work by Simo Sorce in the trunk + svn branch. This feature is controlled by the 'enable + privileges = [yes|no]' smb.conf(5) option. + * Add some smb.conf scripts for add/delete/change shares and + deleting cups printers. + * Expand variables in the profile path, logon home and logon script + values when using either tdbsam or ldapsam. + * Add Domain Admins (Full Control) to the default printer security + descriptor if we are a DC. + * RedHat and Fedora Packaging fixes for perl dependencies. + * Remove unused schema items from OpenLDAP schema file. + * Remove duplicate enumeration of "Windows x86" architecture + when listing printer drivers via rpcclient. + * Fail set_privileges() if 'enable privileges = no' to prevent + confused admins. + * Fix segfault in cups_queue_get(). + * Tighten restrictions on changing user passwords when + the connected user possesses the SeMachineAccountPrivilege. + * Ensure we set NETBIOSNAME.domainname for the long machine name + when publishing printers in AD (based on input from Rob Foehl). + * Mark 'winbind enable local accounts' as deprecated. + * Mark testprns tool as deprecated. + * Allow root to grant/revoke privilege assignments. + * Correct interaction between user rights and se_access_check() on + SAMR objects. + * BUG 2286: Fix typo OpenLDAP schema file for sambaConfig object + class. + o Nadav Danieli <nadavd@exanet.com> * Short circuit some is_locked() tests if we are oplocked. -o Guenther Deschner <gd@samba.org> +o Guenther Deschner <gd@samba.org> * Allow 'localhost' as a valid server name in the smbd for the spoolss calls. * Fix KRB5_SETPW-defines, no change in behavior (Thanks to Luke @@ -408,9 +255,33 @@ o Guenther Deschner <gd@samba.org> * Marking "min password length" as depreciated. * Implement SAMR query_dom_info-call info-level 8 server- and client-side, based on samba4-idl. - - - + * Allow rpcclient to define a port to use when connecting + to a remote server. + * Allow Account Lockout with Lockout Duration "forever" (until + admin unlocks) to be set and displayed in User Manager. + * Allow to set acb_mask in rpcclient's enumdomusers. + * Add more generic rootDSE inspection function to check + for given controls or extensions and remember these on a + per server basis. + * Improve LDAP search efficiency by passing the acb_mask to + pdb_setsampwent(). + * Fixes for ldapsam_enum_group_memberships(). + * Add createdomgroup to rpcclient. + * Add "net rpc user RENAME"-command. + * Display sam_user_info_7 in rpcclient. + * Make multi-domain-mode in idmap_rid accessible from outside + (can be compiled with -DIDMAP_RID_SUPPORT_TRUSTED_DOMAINS). + * When vampiring account policy AP_LOCK_ACCOUNT_DURATION honor + "Lockout Duration: Forever". + * Fix configure.in tests using KRB5_CONFIG variable and krb5- + config utility. + * Require assignment of Administrator SID in the passdb + backend. Fall back to the default name of 'Administrator' if + the lookup fails rather than using the first name in the + default 'admin users' list. + * Enhance LDAP failure debug messages. + + o Jay Fenlason <fenlason@redhat.com> * Fix crash in 'net join' due to calling free on static buffers. @@ -423,12 +294,18 @@ o Rob Foehl <rwf@loonybin.net>. * Solaris packaging fixes. * Don't force the cups printer-make-and-model tag as the comment for autoloaded printers. - + * Implement caching of names from printcap to support a true + 'printcap cache time'. + o Johann Hanne <jhml@gmx.net> * BUG 2038: Only fail winbindd_getgroups() if all lookups fail. +o Jeff Hardy <hardyjm@potsdam.edu> + * Example script for 'add print command' when using CUPS. + + o David Hu <david.hu@hp.com> * Copy structure from print_queue_update() message rather than referencing it. Fixes seg fault on HP-UX. @@ -448,7 +325,8 @@ o Björn Jacke <bjoern@j3e.de> o William Jojo <jojowil@hvcc.edu> * Fix HPUX sendfile and add configure.in tests and code for sendfile on AIX. - + * AIX 5.3 compile fixes. + o Volker Lendecke <vl@samba.org> * Optimize anonymous session setups by workstations in a @@ -475,12 +353,27 @@ o Volker Lendecke <vl@samba.org> * Add support for 'net idmap delete <idmap-file> <SID>'. * Add new parameter 'afs token lifetime' tells the AFS client when to throw away a token (patch from kllin@it.su.se). - + * Initial work to allow support for multiple pipe opens on a + single cli_state*. + * Ensure that we still retrieve the netbios name of any DC + listed as a 'password server' to work around cases where the + DC was defined using an IP address or fqdn. + * Fix memleak in winbindd connection code. + * Fix cli_samr_queryuseraliases. + * Allow wbinfo --user-sids to expand expand domain local groups. + * Allow 'rpcclient -c enumtrust' to enumerate more than 10 trusts. + * Fix parsing of other_sids in net_user_info3. + * Correct bad failure logic when user was not a member of any + domain local groups. + o Jim McDonough <jmcd@us.ibm.com> * BUG 1952: Try INITSHUTDOWN pipe first, used by newer clients. If it fails, fall back to WINREG. * BUG 1770: Remove READ_ATTRIBUTES from GENERIC_EXECUTE. + * BUG 2198: Set password last change time when running 'net rpc + vampire'. + * Add "refuse machine password change" policy field. o Luke Mewburn <lukem@NetBSD.org> @@ -488,9 +381,13 @@ o Luke Mewburn <lukem@NetBSD.org> standard SHM_. +o Stefan Metzmacher <metze@samba.org> + * autogen.sh fixes. + + o Buchan Milne <bgmilne@mandrake.org> * Mandrake packaging fixes. - + o Lars Mueller <lmuelle@suse.de> * Fix build of libsmbclient on x86_64. @@ -507,6 +404,10 @@ o Jason Mader <jason@ncac.gwu.edu> * BUG 2083: Fix compiler warnings caused by bad type casts. +o James Peach <jpeach@sgi.com> + * Fix rewinddir -> rewind_dir when using VFS macros. + + o Gavrie Philipson <gavrie@disksites.com> * BUG 1838: Remove stale printers imeeddiately when processing a SIGHUP and during smb.conf reload. @@ -519,24 +420,28 @@ o Tim Potter <tpot@samba.org> more liberal. * HP-UX compile fixes. - + o Simo Sorce <idra@samba.org> * Backport pdbedit changes from trunk. + * Allows the add/change share command to create the shared + directory directory on disk. + +o Jelmer Vernooij <jelmer@samba.org> + * Bug fixes for pdb_{xml,pqsql,xml} + * Fixes for pdb_mysql. o Andrew Tridgell <tridge@samba.org> * Bring Samba3 into line with the Samba4 password change code. -o Jelmer Vernooij <jelmer@samba.org> - * Bug fixes for pdb_{xml,pqsql,xml} - - o Shiro Yamada <shiro@miraclelinux.com> * BUG 2190: Force SWAT to display parameters in unix charset and not UTF-8. +Release Notes for older release follow: + -------------------------------------------------- ============================== Release Notes for Samba 3.0.10 diff --git a/examples/LDAP/samba-schema-netscapeds5.x b/examples/LDAP/samba-schema-netscapeds5.x index 56f66a54a5b..1e0d18b6ba4 100644 --- a/examples/LDAP/samba-schema-netscapeds5.x +++ b/examples/LDAP/samba-schema-netscapeds5.x @@ -2,6 +2,9 @@ ## Darren Chew <darren.chew at vicscouts dot asn dot au> ## Andre Fiebach <andre dot fiebach at stud dot uni-rostock dot de> ## Thomas Mueller 12.04.2003, thomas.mueller@christ-wasser.de +## Richard Renard rrenard@idealx.com 2005-01-28 +## - added support for MungedDial, BadPasswordCount, BadPasswordTime, PasswordHistory, LogonHours +## - in Sun One 5.2 copy it as 99samba-schema-netscapeds5.ldif ## ## Samba 3.0 schema file for Netscape DS 5.x ## @@ -9,22 +12,22 @@ #################################################################### # Sun One DS do not load the schema without this lines # André Fiebach <af123@uni-rostock.de> -dn: cn=schema
-objectClass: top
-objectClass: ldapSubentry
-objectClass: subschema
-cn: schema
-aci: (target="ldap:///cn=schema")(targetattr !="aci")(version 3.0;acl "anonymo
- us, no acis"; allow (read, search, compare) userdn = "ldap:///anyone";)
-aci: (targetattr = "*")(version 3.0; acl "Configuration Administrator"; allow
- (all) userdn = "ldap:///uid=admin,ou=Administrators, ou=TopologyManagement,
- o=NetscapeRoot";)
-aci: (targetattr = "*")(version 3.0; acl "Local Directory Administrators Group
- "; allow (all) groupdn = "ldap:///cn=Directory Administrators, dc=samba,dc=org";)
-aci: (targetattr = "*")(version 3.0; acl "SIE Group"; allow (all)groupdn = "ld
- ap:///cn=slapd-sambaldap, cn=iPlanet Directory Server, cn=Server Group, cn=iPlanetDirectory.samba.org, ou=samba.org, o=NetscapeRoot";)
-####################################################################
-objectClasses: ( 1.3.6.1.4.1.7165.2.2.6 NAME 'sambaSamAccount' SUP top AUXILIARY DESC 'Samba 3.0 Auxilary SAM Account' MUST ( uid $ sambaSID ) MAY ( cn $ sambaLMPassword $ sambaNTPassword $ sambaPwdLastSet $ sambaLogonTime $ sambaLogoffTime $ sambaKickoffTime $ sambaPwdCanChange $ sambaPwdMustChange $ sambaAcctFlags $ displayName $ sambaHomePath $ sambaHomeDrive $ sambaLogonScript $ sambaProfilePath $ description $ sambaUserWorkstations $ sambaPrimaryGroupSID $ sambaDomainName ) X-ORIGIN 'user defined' ) +dn: cn=schema +objectClass: top +objectClass: ldapSubentry +objectClass: subschema +cn: schema +aci: (target="ldap:///cn=schema")(targetattr !="aci")(version 3.0;acl "anonymo + us, no acis"; allow (read, search, compare) userdn = "ldap:///anyone";) +aci: (targetattr = "*")(version 3.0; acl "Configuration Administrator"; allow + (all) userdn = "ldap:///uid=admin,ou=Administrators, ou=TopologyManagement, + o=NetscapeRoot";) +aci: (targetattr = "*")(version 3.0; acl "Local Directory Administrators Group + "; allow (all) groupdn = "ldap:///cn=Directory Administrators, dc=samba,dc=org";) +aci: (targetattr = "*")(version 3.0; acl "SIE Group"; allow (all)groupdn = "ld + ap:///cn=slapd-sambaldap, cn=iPlanet Directory Server, cn=Server Group, cn=iPlanetDirectory.samba.org, ou=samba.org, o=NetscapeRoot";) +#################################################################### +objectClasses: ( 1.3.6.1.4.1.7165.2.2.6 NAME 'sambaSamAccount' SUP top AUXILIARY DESC 'Samba 3.0 Auxilary SAM Account' MUST ( uid $ sambaSID ) MAY ( cn $ sambaLMPassword $ sambaNTPassword $ sambaPwdLastSet $ sambaLogonTime $ sambaLogoffTime $ sambaKickoffTime $ sambaPwdCanChange $ sambaPwdMustChange $ sambaAcctFlags $ displayName $ sambaHomePath $ sambaHomeDrive $ sambaLogonScript $ sambaProfilePath $ description $ sambaUserWorkstations $ sambaPrimaryGroupSID $ sambaDomainName $ sambaMungedDial $ sambaBadPasswordCount $ sambaBadPasswordTime $ sambaPasswordHistory $ sambaLogonHours) X-ORIGIN 'user defined' ) objectClasses: ( 1.3.6.1.4.1.7165.2.2.4 NAME 'sambaGroupMapping' SUP top AUXILIARY DESC 'Samba Group Mapping' MUST ( gidNumber $ sambaSID $ sambaGroupType ) MAY ( displayName $ description ) X-ORIGIN 'user defined' ) objectClasses: ( 1.3.6.1.4.1.7165.2.2.5 NAME 'sambaDomain' SUP top STRUCTURAL DESC 'Samba Domain Information' MUST ( sambaDomainName $ sambaSID ) MAY ( sambaNextRid $ sambaNextGroupRid $ sambaNextUserRid $ sambaAlgorithmicRidBase ) X-ORIGIN 'user defined' ) objectClasses: ( 1.3.6.1.4.1.7165.1.2.2.7 NAME 'sambaUnixIdPool' SUP top AUXILIARY DESC 'Pool for allocating UNIX uids/gids' MUST ( uidNumber $ gidNumber ) X-ORIGIN 'user defined' ) @@ -45,6 +48,11 @@ attributeTypes: ( 1.3.6.1.4.1.7165.2.1.35 NAME 'sambaProfilePath' DESC 'Roaming attributeTypes: ( 1.3.6.1.4.1.7165.2.1.36 NAME 'sambaUserWorkstations' DESC 'List of user workstations the user is allowed to logon to' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{255} SINGLE-VALUE X-ORIGIN 'user defined' ) attributeTypes: ( 1.3.6.1.4.1.7165.2.1.37 NAME 'sambaHomePath' DESC 'Home directory UNC path' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{128} ) attributeTypes: ( 1.3.6.1.4.1.7165.2.1.38 NAME 'sambaDomainName' DESC 'Windows NT domain to which the user belongs' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{128} ) +attributeTypes: ( 1.3.6.1.4.1.7165.2.1.47 NAME 'sambaMungedDial' DESC '' EQUALITY caseExactMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{1050} ) +attributeTypes: ( 1.3.6.1.4.1.7165.2.1.48 NAME 'sambaBadPasswordCount' DESC 'Bad password attempt count' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.7165.2.1.49 NAME 'sambaBadPasswordTime' DESC 'Time of the last bad password attempt' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.7165.2.1.54 NAME 'sambaPasswordHistory' DESC 'Concatenated MD4 hashes of the unicode passwords used on this account' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{32} ) +attributeTypes: ( 1.3.6.1.4.1.7165.2.1.55 NAME 'sambaLogonHours' DESC 'Logon Hours' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{42} SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.7165.2.1.20 NAME 'sambaSID' DESC 'Security ID' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{64} SINGLE-VALUE X-ORIGIN 'user defined' ) attributeTypes: ( 1.3.6.1.4.1.7165.2.1.23 NAME 'sambaPrimaryGroupSID' DESC 'Primary Group Security ID' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{64} SINGLE-VALUE X-ORIGIN 'user defined' ) attributeTypes: ( 1.3.6.1.4.1.7165.2.1.19 NAME 'sambaGroupType' DESC 'NT Group Type' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE X-ORIGIN 'user defined' ) diff --git a/examples/VFS/autogen.sh b/examples/VFS/autogen.sh index e8160d21731..223919890f1 100755 --- a/examples/VFS/autogen.sh +++ b/examples/VFS/autogen.sh @@ -47,9 +47,6 @@ if [ "$AUTOCONFFOUND" = "0" -o "$AUTOHEADERFOUND" = "0" ]; then exit 1 fi -echo "$0: running script/mkversion.sh" -./script/mkversion.sh || exit 1 - rm -rf autom4te*.cache echo "$0: running $AUTOHEADER" diff --git a/examples/pdb/test.c b/examples/pdb/test.c index a10d66005f5..63eb1eaaf97 100644 --- a/examples/pdb/test.c +++ b/examples/pdb/test.c @@ -29,7 +29,7 @@ static int testsam_debug_level = DBGC_ALL; Start enumeration of the passwd list. ****************************************************************/ -static NTSTATUS testsam_setsampwent(struct pdb_methods *methods, BOOL update) +static NTSTATUS testsam_setsampwent(struct pdb_methods *methods, BOOL update, uint16 acb_mask) { DEBUG(10, ("testsam_setsampwent called\n")); return NT_STATUS_NOT_IMPLEMENTED; diff --git a/source/lib/system_smbd.c b/source/lib/system_smbd.c index eed607ee8fb..c83eecf1733 100644 --- a/source/lib/system_smbd.c +++ b/source/lib/system_smbd.c @@ -111,13 +111,12 @@ static int getgrouplist_internals(const char *user, gid_t gid, gid_t *groups, in static int sys_getgrouplist(const char *user, gid_t gid, gid_t *groups, int *grpcnt) { - char *p; int retval; DEBUG(10,("sys_getgrouplist: user [%s]\n", user)); /* see if we should disable winbindd lookups for local users */ - if ( (p = strchr(user, *lp_winbind_separator())) == NULL ) { + if (strchr(user, *lp_winbind_separator()) == NULL) { if ( !winbind_off() ) DEBUG(0,("sys_getgroup_list: Insufficient environment space for %s\n", WINBINDD_DONT_ENV)); diff --git a/source/rpc_client/cli_ds.c b/source/rpc_client/cli_ds.c index 7719f97034e..40a32c7ee0c 100644 --- a/source/rpc_client/cli_ds.c +++ b/source/rpc_client/cli_ds.c @@ -110,7 +110,7 @@ NTSTATUS cli_ds_enum_domain_trusts(struct cli_state *cli, TALLOC_CTX *mem_ctx, init_q_ds_enum_domain_trusts( &q, server, flags ); if (!ds_io_q_enum_domain_trusts("", &qbuf, 0, &q) - || !rpc_api_pipe_req(cli, PI_LSARPC_DS, DS_ENUM_DOM_TRUSTS, &qbuf, &rbuf)) { + || !rpc_api_pipe_req(cli, PI_NETLOGON, DS_ENUM_DOM_TRUSTS, &qbuf, &rbuf)) { result = NT_STATUS_UNSUCCESSFUL; goto done; } diff --git a/source/rpc_parse/parse_lsa.c b/source/rpc_parse/parse_lsa.c index c4ff240cef8..e38197ddba1 100644 --- a/source/rpc_parse/parse_lsa.c +++ b/source/rpc_parse/parse_lsa.c @@ -214,16 +214,12 @@ static void init_lsa_obj_attr(LSA_OBJ_ATTR *attr, uint32 attributes, LSA_SEC_QOS static BOOL lsa_io_obj_attr(const char *desc, LSA_OBJ_ATTR *attr, prs_struct *ps, int depth) { - uint32 start; - prs_debug(ps, depth, desc, "lsa_io_obj_attr"); depth++; if(!prs_align(ps)) return False; - start = prs_offset(ps); - /* these pointers had _better_ be zero, because we don't know what they point to! */ @@ -240,15 +236,6 @@ static BOOL lsa_io_obj_attr(const char *desc, LSA_OBJ_ATTR *attr, prs_struct *ps if(!prs_uint32("ptr_sec_qos ", ps, depth, &attr->ptr_sec_qos )) /* security quality of service (pointer) */ return False; - /* code commented out as it's not necessary true (tested with hyena). JFM, 11/22/2001 */ -#if 0 - if (attr->len != prs_offset(ps) - start) { - DEBUG(3,("lsa_io_obj_attr: length %x does not match size %x\n", - attr->len, prs_offset(ps) - start)); - return False; - } -#endif - if (attr->ptr_sec_qos != 0) { if (UNMARSHALLING(ps)) if (!(attr->sec_qos = PRS_ALLOC_MEM(ps,LSA_SEC_QOS,1))) diff --git a/source/rpcclient/cmd_ds.c b/source/rpcclient/cmd_ds.c index c5b12ed1503..0a1fd7e012b 100644 --- a/source/rpcclient/cmd_ds.c +++ b/source/rpcclient/cmd_ds.c @@ -55,13 +55,15 @@ static NTSTATUS cmd_ds_enum_domain_trusts(struct cli_state *cli, uint32 flags = 0x1; struct ds_domain_trust *trusts = NULL; unsigned int num_domains = 0; + int i; result = cli_ds_enum_domain_trusts( cli, mem_ctx, cli->desthost, flags, &trusts, &num_domains ); printf( "%d domains returned\n", num_domains ); - - SAFE_FREE( trusts ); + + for (i=0; i<num_domains; i++ ) + printf("%s (%s)\n", trusts[i].dns_domain, trusts[i].netbios_domain); return result; } |