summaryrefslogtreecommitdiffstats
path: root/source
Commit message (Collapse)AuthorAgeFilesLines
* r4925: Migrate Account Policies to passdb (esp. replicating ldapsam).Günther Deschner2007-10-1014-171/+840
| | | | | | | | Does automated migration from account_policy.tdb v1 and v2 and offers a pdbedit-Migration interface. Jerry, please feel free to revert that if you have other plans. Guenther
* r4921: Typo.Jeremy Allison2007-10-101-2/+2
|
* r4917: Merge some of Derrell.Lipman@UnwiredUniverse.com obvious fixes.Jeremy Allison2007-10-104-7/+17
| | | | | Added text explaining units in pdbedit time fields. Jeremy.
* r4907: remove unreached codeGerald Carter2007-10-101-1/+0
|
* r4905: patch from abartlet to remove storing the auth-user credentials from ↵Gerald Carter2007-10-101-4/+0
| | | | the cli* in cm_prepare_connection(). using credentials from a domain other thanour primary domain will cause the schannel setup to fail
* r4902: please note that cupsDoRequest() deletes the request* so don't call ↵Gerald Carter2007-10-101-32/+2
| | | | ippDelete(request) *ever*
* r4882: Fix for #2255. Debug should have been 10 not 0.Jeremy Allison2007-10-101-1/+1
| | | | Jeremy.
* r4881: Varient of Lar's patch for #2270. Jerry promises to test :-).Jeremy Allison2007-10-101-258/+274
| | | | Jeremy.
* r4879: Fix rewinddir -> rewind_dir. Noticed by James Peach.Jeremy Allison2007-10-101-2/+2
| | | | Jeremy
* r4877: When vampiring account policy AP_LOCK_ACCOUNT_DURATION honour "LockoutGünther Deschner2007-10-101-1/+4
| | | | | | Duration: Forever". Guenther
* r4875: Fix for bugid #221, inspired by Mrinal Kalakrishnan <mail@mrinal.net>.Jeremy Allison2007-10-101-13/+69
| | | | | | NT sometimes send garbage bytes in NT security descriptor linearizations when sending well-known sids. Cope with these. Jeremy.
* r4874: add DOmain Admins (Full Control) to the default printer sd if we are a DCGerald Carter2007-10-101-5/+24
|
* r4871: BUG 603: patch by Daniel Beschorner <db@unit-netz.de>. Correct ↵Gerald Carter2007-10-101-1/+4
| | | | access mask check for _samr_lookup_domain() to work with Windows RAS server
* r4870: Make multi-domain-mode in idmap_rid accessible from outside (can beGünther Deschner2007-10-101-8/+20
| | | | | | | | | | compiled with -DIDMAP_RID_SUPPORT_TRUSTED_DOMAINS) as requested by Lars Mueller <lmuelle-at-suse.de>. Allow to map ID's for a local SAM and add some more debugging-information. Guenther
* r4869: Display sam_user_info_7 in rpcclient.Günther Deschner2007-10-101-1/+22
| | | | Guenther
* r4868: Add "net rpc user RENAME"-command.Günther Deschner2007-10-104-2/+190
| | | | | | Note that Samba3 does not yet support it server-side. Guenther
* r4866: Add createdomgroup to rpcclient (needed to generate huge amounts ofGünther Deschner2007-10-101-0/+52
| | | | | | groups when 'net rpc group add' is just to slow). Guenther
* r4864: Remove unused var.Jeremy Allison2007-10-101-2/+2
| | | | Jeremy.
* r4860: fix silly limitation in ldapsam and tdbsam. Expand variables in the ↵Gerald Carter2007-10-102-16/+27
| | | | profile path, logon home and logon script values
* r4856: after testing a simple add printer script, i realized that you still ↵Gerald Carter2007-10-102-21/+21
| | | | have to be root to send the message to all smbds that the config file has been updated
* r4852: merge simo changes to srv_srvsvc_nt.c from trunkGerald Carter2007-10-101-30/+13
| | | | | | | that allows the add/change share command to create the directory passed in as an arguement and not require that it pre-exist. Also finish testing of SeDiskOperatorPrivilege via srvmgr.exe
* r4851: Preleminary fix for ldapsam_enum_group_memberships whenGünther Deschner2007-10-101-3/+3
| | | | | | | | | | ldapsam:trusted=True. Don't bail out when ldap-search returns pure posixgroups (w.o. samba group-mapping). This way those unix-memberships do not appear in user and nt user token. Volker, could you please look over that one? Guenther
* r4850: Fix remaining pdb_setsampwent-calls.Günther Deschner2007-10-101-3/+2
| | | | | | To get all entries use a 0 acb_mask. Guenther
* r4849: * finish SeAddUsers support in srv_samr_nt.cGerald Carter2007-10-106-159/+346
| | | | | | | | | * define some const SE_PRIV structure for use when you need a SE_PRIV* to a privilege * fix an annoying compiler warngin in smbfilter.c * translate SIDs to names in 'net rpc rights list accounts' * fix a seg fault in cli_lsa_enum_account_rights caused by me forgetting the precedence of * vs. []
* r4848: fix build; gd please check and make sure this is okGerald Carter2007-10-101-1/+2
|
* r4847: Hand over a acb_mask to pdb_setsampwent in load_sampwd_entries().Günther Deschner2007-10-1011-33/+54
| | | | | | | | | | | | | | | | | This allows the ldap-backend to search much more effeciently. Machines will be searched in the ldap_machine_suffix and users in the ldap_users_suffix. (Note that we already use the ldap_group_suffix in ldapsam_setsamgrent for quite some time). Using the specific ldap-bases becomes notably important in large domains: On my testmachine "net rpc trustdom list" has to search through 40k accounts just to list 3 interdomain-trust-accounts, similiar effects show up the non-user query_dispinfo-calls, etc. Also renamed all_machines to only_machines in load_sampwd_entries() since that reflects better what is really meant. Guenther
* r4840: * Add more generic root-dse inspection function to check for givenGünther Deschner2007-10-103-58/+103
| | | | | | | | | controls or extensions. * Check and remember if ldapsam's LDAP Server support paged results (in preparation of adding async paged-results to set|get|end-sampwent in ldapsam). Guenther
* r4839: Allow to set acb_mask in rpcclient's enumdomusers (for debugging).Günther Deschner2007-10-101-2/+5
| | | | Guenther
* r4830: Fix for problem noticed by Guy Harris <gharris@apple.com>, returnJeremy Allison2007-10-101-2/+4
| | | | | | correct DOS/NT error code on transact named pipe on closed pipe handle. Jeremy.
* r4827: add 'net rpc rights list accounts' & update help textGerald Carter2007-10-101-15/+60
|
* r4825: Printing changesGerald Carter2007-10-102-45/+136
| | | | | | | | | | | | | ---------------- * bracket the add/delete/set printer scripts with checks for se_print_op * slight change to the add/set printer script semantics. smbd no longer relies on output from the script (on stdout) to re-read smb.conf * remove SIGHUP from set/add/delete printin script code and now just use MSG_SMB_CONF_UPDATED * bracket the add/delete/set share scripts with checks for se_print_op (this includes setting share ACLs)
* r4824: wrap the shutdown and abort_shutdown calls in check for the ↵Gerald Carter2007-10-101-1/+24
| | | | SE_REMOTE_SHUTDOWN privilege
* r4823: remove -O1 from --with-developerGerald Carter2007-10-101-1/+1
|
* r4822: fix return code when you ask for a non-privileged SID via one of the ↵Gerald Carter2007-10-102-0/+12
| | | | privileges RPC calls
* r4821: finish off 'net rpc rights [list|grant|revoke]'Gerald Carter2007-10-104-45/+271
| | | | | | one small todo item is to add a 'accounts' sub option to 'net rpc list' so enumerate all privileged SIDs and their associated rights.
* r4820: add beginnings of 'net rpc rights' for managing privilege assignmentsGerald Carter2007-10-104-8/+134
|
* r4809: * include SeDiskOperatorPrivilege and SeRemoteShutdownPrivilegeGerald Carter2007-10-103-88/+36
| | | | | | (noty enfornced yet though) * add 'enable privileges (off by default) to control whether or not any privuleges can be assigned to SIDs
* r4805: Last planned change to the privileges infrastructure:Gerald Carter2007-10-109-194/+406
| | | | | | | | | | | * rewrote the tdb layout of privilege records in account_pol.tdb (allow for 128 bits instead of 32 bit flags) * migrated to using SE_PRIV structure instead of the PRIVILEGE_SET structure. The latter is now used for parsing routines mainly. Still need to incorporate some client support into 'net' so for setting privileges. And make use of the SeAddUserPrivilege right.
* r4802: Don't try to update a column with the name "NULL"Jelmer Vernooij2007-10-101-1/+7
|
* r4788: Don't log mysql password at debug level 1.Jelmer Vernooij2007-10-101-2/+1
|
* r4760: Make wbinfo --user-sids expand domain local groups. Andrew B., my testingVolker Lendecke2007-10-106-0/+206
| | | | | | | shows that this info is correctly returned to us in to info3 struct, so check_info3_in_group does not need to be adapted. Volker
* r4751: This is a domain policy, not a user oneVolker Lendecke2007-10-101-2/+2
|
* r4750: Fix cli_samr_queryuseraliases. There can be more than one sid, thus ↵Volker Lendecke2007-10-101-2/+10
| | | | | | | | more than one pointer... Volker
* r4749: Fix memleakVolker Lendecke2007-10-101-0/+2
|
* r4746: add server support for lsa_enum_acct_rights(); last checkin for the nightGerald Carter2007-10-105-19/+105
|
* r4742: add server support for lsa_add/remove_account_rights() and fix some ↵Gerald Carter2007-10-105-18/+247
| | | | parsing bugs related to that code
* r4740: allow SE_PRINT_OPERATORS to have printer admin accessGerald Carter2007-10-102-5/+18
|
* r4739: require membership in Domain Admins to be able to set privilegesGerald Carter2007-10-101-0/+25
|
* r4738: Fix for bug #2238 - memory leak in shadow copy vfs.Jeremy Allison2007-10-101-0/+1
| | | | Jeremy.
* r4736: small set of merges from rtunk to minimize the diffsGerald Carter2007-10-1010-24/+112
|
generated by cgit (git 2.34.1) at 2024-11-08 00:24:05 +0000