summaryrefslogtreecommitdiffstats
path: root/source/include
Commit message (Collapse)AuthorAgeFilesLines
...
* r5968: derrell's large file fix for libsmbclient (BUG 2505)Gerald Carter2005-03-221-1/+1
|
* r5965: Apply Volker's patch for "ldapsam trusted = yes" for ↵Jim McDonough2005-03-221-0/+15
| | | | | | samr_lookup_rids. Gives us again up to ~6x improvement on group membership lookups.
* r5953: more compiler cleanups; moved SID_LIST from smb.h to privileges.c to ↵Gerald Carter2005-03-221-4/+0
| | | | cleanup the name space
* r5916: Only one C++ guard is necessary, not one around each smbc function.Tim Potter2005-03-201-261/+34
|
* r5864: Stop using 'INFO' names on find calls. Getting ready to fixup OS/2 EAJeremy Allison2005-03-171-0/+3
| | | | | support. Jeremy.
* r5808: removing unneeded structure field from RPC_BUFFERGerald Carter2005-03-151-3/+0
|
* r5805: merging spoolss parsing changes from trunk and cleaning up resulting ↵Gerald Carter2005-03-153-42/+71
| | | | segvs
* r5786: Bugzilla #2443. Fix gcc4 compile found by Mark Loeser.Tim Potter2005-03-141-0/+2
|
* r5752: implement derrell's solution for binary compatibilty in the _SMBCCTX ↵Gerald Carter2005-03-112-65/+63
| | | | structure; note that we break compat with 3.0.11 but are ok with earlier versions
* r5735: rest of derrel's patch for BUG 2308; had to move the options ↵Gerald Carter2005-03-102-4/+160
| | | | structure from the _SMBCCTX to the internals structure to maintain binary compatibility (derrel, we should talk more about this)
* r5731: Get delayed write semantics closer to W2K3. We need to store 2 times.Jeremy Allison2005-03-101-0/+2
| | | | | This may fix bug #2382. Jeremy.
* r5726: merge LsaLookupPrivValue() code from trunkGerald Carter2005-03-102-11/+10
|
* r5715: Update for new CIFS POSIX info levelsSteve French2005-03-091-0/+25
|
* r5707: BUG 2425: remove ubran legend wrt to win98 and the DFS_PATHNAMES ↵Gerald Carter2005-03-091-8/+0
| | | | capability bit
* r5685: BUG 1881: only define PRINT_SPOOL_PREFIX if it is not already definedGerald Carter2005-03-071-0/+2
|
* r5655: Added support for Novell NDS universal password. Code donated byJeremy Allison2005-03-052-1/+30
| | | | | | | | Vince Brimhall <vbrimhall@novell.com> - slight tidyup by me to use Samba conventions. Vince - thanks a *lot* for this code - please test to make sure I haven't messed anything up. Jeremy.
* r5639: update smb.h with missing definesSteve French2005-03-031-0/+3
|
* r5636: Re-add the allocation size - parameterized by share asJeremy Allison2005-03-032-0/+5
| | | | | | | "allocation roundup size", by default set as 1Mb. From advice by BlueArc about Windows client behaviour. VC++ people can set this to zero to turn it off. Jeremy.
* r5580: Fix "net rpc trustdom add". Much closer to what windows does. Also stopJim McDonough2005-02-261-6/+2
| | | | | referencing unknown_6 from sam, because it's just fixed at 1260, the max len of LOGON_HRS. Need to go in and mark it as "remove me" from passdb.
* r5548: Stop lying about allocation sizes to Windows clients. It was a niceJeremy Allison2005-02-252-5/+0
| | | | | | idea, and aparently improved performance in some circumstances, but it breaks the VC++ compiler :-(. Not cool. Fix bug #2146. Jeremy.
* r5518: Add initial msdfs support to smbclient. Currently I can only Gerald Carter2005-02-232-0/+7
| | | | | | | | | | | | cd up and down the tree and get directory listings. Still have to figure out how to get a directory listing on a 2k dfs root. Also have to work out some issues with relative paths that cross dfs mount points. We're protected from the new code paths when connecting to a non-dfs root share ( the flag from the tcon&X is stored in the struct cli_state* )
* r5517: code cleanup; rename the sorted_tree to pathtree (used by registry code) Gerald Carter2005-02-232-1/+29
| | | | | | I was going to use this for tracking dfs mounts in smbclient but found another way. Still the cleanup is valid so commiting it. should be minimally disruptive since it is not widely used.
* r5467: Optimize _samr_query_groupmem with LDAP backend for large domains.Volker Lendecke2005-02-201-0/+12
| | | | | | | | | | Could someone else please look at this patch, verifying that I did not break the ldapsam:trusted = False fallback to the old behaviour? It works fine for me, but you never know. You're certainly free to review the new code as well :-) Thanks, Volker
* r5456: Increase limit of mapped SIDS to 0x5000, which is what 2k and later do. Jim McDonough2005-02-191-2/+2
| | | | | | | NT has no limit. We still don't respond the way 2k would to requests larger, which is to actually allocate the memory and send back the entire response, plus a return status of NT_STATUS_NONE_MAPPED. Still looking into ways of doing this without crashing windows.
* r5428: Apply some const. LDAP attribs should now be declared const char ↵Volker Lendecke2005-02-171-2/+2
| | | | | | | | *attr[]. This gives some new warnings in smbldap.c, but a the callers are cleaned up. Volker
* r5349: After talking with Jerry, reverted the addition of account policies toGünther Deschner2005-02-122-16/+0
| | | | | | passdb in 3_0 (they are still in trunk). Guenther
* r5262: Fix server_role in the samr_query_dom_info calls. When we are a BDC weGünther Deschner2005-02-071-2/+2
| | | | | | should not say we are a PDC. Guenther
* r5203: additional changes for BUG 2291 to restrict who can join a BDC and ↵Gerald Carter2005-02-032-1/+3
| | | | add domain trusts
* r5152: Restructure the directory handling code, stop using void * pointersJeremy Allison2005-02-011-1/+3
| | | | | | | | that just allow the wrong pointer to be assigned :-) and make the interface more consistent. Fix the FreeBSD directory problem. Last thing to do is to add the "singleton" directory concept from James Peach's code. Jeremy.
* r5056: * correct STANDARD_RIGHTS_WRITE_ACCESS bitmask defineGerald Carter2005-01-283-3/+6
| | | | | | | | | | | | * make sure to apply the rights_mask and not just the saved bits from the mask in access_check_samr_object() * allow root to grant/revoke privileges (in addition to Domain Admins) as suggested by Volker. Tested machine joins from XP, 2K, and NT4 with and without pre-existing machine trust accounts. Also tested basic file operations using cmd.exe and explorer.exe after changing the STANDARD_RIGHTS_WRITE_ACCESS bitmask.
* r5015: (based on abartlet's original patch to restrict password changes)Gerald Carter2005-01-261-1/+4
| | | | | | | | | * added SE_PRIV checks to access_check_samr_object() in order to deal with the run-time security descriptor and their interaction with user rights * Reordered original patch in _samr_set_userinfo[2] to still allow root/administrative password changes for users and machines.
* r4976: Try to scare people off from trying to write authentication modulesAndrew Bartlett2005-01-251-0/+4
| | | | | | that only acheive as much as 'security=server' does. Andrew Bartlett
* r4970: Fix for bug 2092, allowing fallback after kerberos and allowJeremy Allison2005-01-242-0/+7
| | | | | gnome vfs to prevent auto-anonymous logon. Jeremy.
* r4946: Our notion the other_sids in the info3 SamLogon struct wasVolker Lendecke2005-01-231-2/+1
| | | | | | | | | | | | | | ...hmmm... completely bogus. This does not affect us as a domain controller, as we never set other_sids, but I have *no* idea how winbind got away with it. Please review thoroughly, samba4 idl looks closer to reality here. Test case: Member of w2k3 domain, authenticate as a user who is member of one or more domain local groups. Easiest review with 'client schannel = no'. Thanks, Volker
* r4932: Forgot to increase version with the account-policy-commit.Günther Deschner2005-01-221-1/+1
| | | | Guenther
* r4925: Migrate Account Policies to passdb (esp. replicating ldapsam).Günther Deschner2005-01-222-0/+16
| | | | | | | | Does automated migration from account_policy.tdb v1 and v2 and offers a pdbedit-Migration interface. Jerry, please feel free to revert that if you have other plans. Guenther
* r4879: Fix rewinddir -> rewind_dir. Noticed by James Peach.Jeremy Allison2005-01-201-2/+2
| | | | Jeremy
* r4868: Add "net rpc user RENAME"-command.Günther Deschner2005-01-201-0/+8
| | | | | | Note that Samba3 does not yet support it server-side. Guenther
* r4849: * finish SeAddUsers support in srv_samr_nt.cGerald Carter2005-01-191-36/+17
| | | | | | | | | * define some const SE_PRIV structure for use when you need a SE_PRIV* to a privilege * fix an annoying compiler warngin in smbfilter.c * translate SIDs to names in 'net rpc rights list accounts' * fix a seg fault in cli_lsa_enum_account_rights caused by me forgetting the precedence of * vs. []
* r4847: Hand over a acb_mask to pdb_setsampwent in load_sampwd_entries(). Günther Deschner2005-01-191-3/+3
| | | | | | | | | | | | | | | | | This allows the ldap-backend to search much more effeciently. Machines will be searched in the ldap_machine_suffix and users in the ldap_users_suffix. (Note that we already use the ldap_group_suffix in ldapsam_setsamgrent for quite some time). Using the specific ldap-bases becomes notably important in large domains: On my testmachine "net rpc trustdom list" has to search through 40k accounts just to list 3 interdomain-trust-accounts, similiar effects show up the non-user query_dispinfo-calls, etc. Also renamed all_machines to only_machines in load_sampwd_entries() since that reflects better what is really meant. Guenther
* r4840: * Add more generic root-dse inspection function to check for givenGünther Deschner2005-01-191-0/+1
| | | | | | | | | controls or extensions. * Check and remember if ldapsam's LDAP Server support paged results (in preparation of adding async paged-results to set|get|end-sampwent in ldapsam). Guenther
* r4809: * include SeDiskOperatorPrivilege and SeRemoteShutdownPrivilegeGerald Carter2005-01-171-0/+2
| | | | | | (noty enfornced yet though) * add 'enable privileges (off by default) to control whether or not any privuleges can be assigned to SIDs
* r4805: Last planned change to the privileges infrastructure:Gerald Carter2005-01-172-13/+19
| | | | | | | | | | | * rewrote the tdb layout of privilege records in account_pol.tdb (allow for 128 bits instead of 32 bit flags) * migrated to using SE_PRIV structure instead of the PRIVILEGE_SET structure. The latter is now used for parsing routines mainly. Still need to incorporate some client support into 'net' so for setting privileges. And make use of the SeAddUserPrivilege right.
* r4736: small set of merges from rtunk to minimize the diffsGerald Carter2005-01-141-1/+1
|
* r4724: Add support for Windows privileges in Samba 3.0Gerald Carter2005-01-134-14/+88
| | | | | | | | | | | | | | | | | | | | | | | | | | | | (based on Simo's code in trunk). Rewritten with the following changes: * privilege set is based on a 32-bit mask instead of strings (plans are to extend this to a 64 or 128-bit mask before the next 3.0.11preX release). * Remove the privilege code from the passdb API (replication to come later) * Only support the minimum amount of privileges that make sense. * Rewrite the domain join checks to use the SeMachineAccountPrivilege instead of the 'is a member of "Domain Admins"?' check that started all this. Still todo: * Utilize the SePrintOperatorPrivilege in addition to the 'printer admin' parameter * Utilize the SeAddUserPrivilege for adding users and groups * Fix some of the hard coded _lsa_*() calls * Start work on enough of SAM replication to get privileges from one Samba DC to another. * Come up with some management tool for manipultaing privileges instead of user manager since it is buggy when run on a 2k client (haven't tried xp). Works ok on NT4.
* r4665: Fix inspired by posting from Joe Meadows <jameadows@webopolis.com>.Jeremy Allison2005-01-111-3/+0
| | | | | Make all LDAP timeouts consistent. Jeremy.
* r4656: Convert the winreg pipe to use WERROR returns (as it should).Jeremy Allison2005-01-101-20/+20
| | | | | | Also fix return of NT_STATUS_NO_MORE_ENTRIES should be ERROR_NO_MORE_ITEMS reported by "Marcin Porwit" <mporwit@centeris.com>. Jeremy.
* r4651: Add "refuse machine password change" policy field. This update will justJim McDonough2005-01-101-1/+1
| | | | | | | return the appropriate reg value. Enforcement to be added soon. Also, fix account policy tdb upgrade so it doesn't just wipe out everything that was in there from a a previous version.
* r4601: Removed any use of the MAX_XXX_STR style definitions. A little largerJeremy Allison2005-01-081-6/+1
| | | | | change than I'd hoped for due to formating changes to tidy up code. Jeremy.
* r4570: Replace cli->nt_pipe_fnum with an array of NT file numbers, one for eachVolker Lendecke2005-01-061-1/+1
| | | | | | | | | | | | supported pipe. Netlogon is still special, as we open that twice, one to do the auth2, the other one with schannel. The client interface is completely unchanged for those who only use a single pie. cli->pipe_idx is used as the index for everything except the "real" client rpc calls, which have been explicitly converted in my last commit. Next step is to get winbind to just use a single smb connection for multiple pipes. Volker
generated by cgit (git 2.34.1) at 2025-09-25 14:01:30 +0000