| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| ... | |
| |
|
|
|
|
| |
correct DOS/NT error code on transact named pipe on closed pipe
handle.
Jeremy.
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
----------------
* bracket the add/delete/set printer scripts with checks for se_print_op
* slight change to the add/set printer script semantics. smbd no longer
relies on output from the script (on stdout) to re-read smb.conf
* remove SIGHUP from set/add/delete printin script code and now just
use MSG_SMB_CONF_UPDATED
* bracket the add/delete/set share scripts with checks for se_print_op
(this includes setting share ACLs)
|
| |
|
|
| |
SE_REMOTE_SHUTDOWN privilege
|
| | |
|
| |
|
|
| |
privileges RPC calls
|
| |
|
|
|
|
| |
one small todo item is to add a 'accounts' sub option
to 'net rpc list' so enumerate all privileged SIDs
and their associated rights.
|
| | |
|
| |
|
|
|
|
| |
(noty enfornced yet though)
* add 'enable privileges (off by default) to control whether or
not any privuleges can be assigned to SIDs
|
| |
|
|
|
|
|
|
|
|
|
| |
* rewrote the tdb layout of privilege records in account_pol.tdb
(allow for 128 bits instead of 32 bit flags)
* migrated to using SE_PRIV structure instead of the PRIVILEGE_SET
structure. The latter is now used for parsing routines mainly.
Still need to incorporate some client support into 'net' so
for setting privileges. And make use of the SeAddUserPrivilege
right.
|
| | |
|
| | |
|
| |
|
|
|
|
|
| |
shows that this info is correctly returned to us in to info3 struct, so
check_info3_in_group does not need to be adapted.
Volker
|
| | |
|
| |
|
|
|
|
|
|
| |
more than
one pointer...
Volker
|
| | |
|
| | |
|
| |
|
|
| |
parsing bugs related to that code
|
| | |
|
| | |
|
| |
|
|
| |
Jeremy.
|
| | |
|
| |
|
|
|
|
|
|
| |
DC name
via netbios, as the user might have set an IP address or a fqdn.
Volker
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
(based on Simo's code in trunk). Rewritten with the
following changes:
* privilege set is based on a 32-bit mask instead of strings
(plans are to extend this to a 64 or 128-bit mask before
the next 3.0.11preX release).
* Remove the privilege code from the passdb API
(replication to come later)
* Only support the minimum amount of privileges that make
sense.
* Rewrite the domain join checks to use the SeMachineAccountPrivilege
instead of the 'is a member of "Domain Admins"?' check that started
all this.
Still todo:
* Utilize the SePrintOperatorPrivilege in addition to the 'printer admin'
parameter
* Utilize the SeAddUserPrivilege for adding users and groups
* Fix some of the hard coded _lsa_*() calls
* Start work on enough of SAM replication to get privileges from one
Samba DC to another.
* Come up with some management tool for manipultaing privileges
instead of user manager since it is buggy when run on a 2k client
(haven't tried xp). Works ok on NT4.
|
| |
|
|
| |
using STR_ASCII. Patch from Grigory Batalov <bga@altlinux.org>
|
| |
|
|
|
| |
Remove double "\\" from findfirst.
Jeremy.
|
| |
|
|
| |
previous behavior; more checks to come tomorrow
|
| |
|
|
|
| |
Make all LDAP timeouts consistent.
Jeremy.
|
| |
|
|
|
| |
missing release reference for printer tdb.
Jeremy.
|
| |
|
|
|
|
| |
Also fix return of NT_STATUS_NO_MORE_ENTRIES should be
ERROR_NO_MORE_ITEMS reported by "Marcin Porwit" <mporwit@centeris.com>.
Jeremy.
|
| | |
|
| |
|
|
|
|
|
| |
return the appropriate reg value. Enforcement to be added soon.
Also, fix account policy tdb upgrade so it doesn't just wipe out everything
that was in there from a a previous version.
|
| |
|
|
|
|
| |
unlocks) to be set and displayed in User Manager.
Guenther
|
| |
|
|
| |
reload_printers() cleanup
|
| |
|
|
| |
Guenther
|
| |
|
|
|
|
|
|
|
| |
vfstest refers to reload_printers, only defined in smbd/server.c. Jerry, could
you take a look at that?
Thanks,
Volker
|
| |
|
|
|
| |
change than I'd hoped for due to formating changes to tidy up code.
Jeremy.
|
| |
|
|
|
| |
when we have it in smb_msleep.
Jeremy.
|
| |
|
|
| |
Samba DC to join clients to the domain -- needs more testing and security review but does work with initial testing
|
| |
|
|
| |
Jeremy.
|
| | |
|
| |
|
|
|
|
|
|
|
|
| |
remove configure and include/config.h*
before running autoheader && autoconf
this fixes bug where configure didn't get correctly updated
(I assume autoconf uses some caching...)
metze
|
| |
|
|
|
|
|
|
|
|
|
|
| |
supported pipe. Netlogon is still special, as we open that twice, one to do
the auth2, the other one with schannel.
The client interface is completely unchanged for those who only use a single
pie. cli->pipe_idx is used as the index for everything except the "real"
client rpc calls, which have been explicitly converted in my last commit. Next
step is to get winbind to just use a single smb connection for multiple pipes.
Volker
|
| |
|
|
|
|
|
|
|
|
|
|
| |
future
patches.
Pass down the pipe_idx down to all functions in cli_pipe where nt_pipe_fnum is
referenced. First step towards having multiple pipes on a cli_struct. The idea
is to not have a single nt_pipe_fnum but an array for the pipes we support.
Volker
|
| |
|
|
|
|
|
|
|
| |
* In an application with signals, it was possible for functions to block
indefinitely while awaiting timeouts. This patch ensures that if a system
call with a timeout is aborted and needs to be restarted, it is restarted
with a timeout which is adjusted for the amount of time already waited.
Jeremy.
|
| |
|
|
| |
up printcap reloads
|
| |
|
|
| |
no passwords after vampire. Set password last set field to now.
|
| | |
|
| |
|
|
|
|
|
|
| |
otherwise
modification of an ACL that contains an ACE with execute only will cause
that to be upgraded to read/execute. Side effect is that dirs/files with
execute only show up as special permissions, which is still correct.
|
