summaryrefslogtreecommitdiffstats
path: root/source
Commit message (Collapse)AuthorAgeFilesLines
...
* r5077: Use correct type for rr record on negative name query reply.Jeremy Allison2005-01-291-0/+3
| | | | Jeremy.
* r5076: Ensure that WINS negative name query responses and WACK packetsJeremy Allison2005-01-291-1/+10
| | | | | | | use the correct RR type of 0xA instead of reflecting back what the query RR type was (0x20). See rfc1002 sections 4.2.14 and 4.2.16. Jeremy.
* r5069: Ensure we return the correct errors for old-style search requests.Jeremy Allison2005-01-281-6/+9
| | | | Jeremy.
* r5066: A couple of small fixes from James Peach @ SGI.Jeremy Allison2005-01-282-2/+7
| | | | Jeremy.
* r5063: Shamelessly steal the Samba4 logic (and some code :-) for directoryJeremy Allison2005-01-285-221/+251
| | | | | | | | | | evaluation. This stops us from reading the entire directory into memory at one go, and allows partial reads. It also keeps almost the same interface to the OpenDir/ReadDir etc. code (sorry James :-). Next I will optimise the findfirst with exact match code. This speeds up our interactive response for large directories, but not when a missing (ie. negative) findfirst is done. Jeremy
* r5058: Due to the fragileness how windows reacts on unmapped sids sometimes,Günther Deschner2005-01-281-0/+6
| | | | | | don't leave administator-sid unmapped. Simply return "Administrator" Guenther
* r5056: * correct STANDARD_RIGHTS_WRITE_ACCESS bitmask defineGerald Carter2005-01-285-13/+26
| | | | | | | | | | | | * make sure to apply the rights_mask and not just the saved bits from the mask in access_check_samr_object() * allow root to grant/revoke privileges (in addition to Domain Admins) as suggested by Volker. Tested machine joins from XP, 2K, and NT4 with and without pre-existing machine trust accounts. Also tested basic file operations using cmd.exe and explorer.exe after changing the STANDARD_RIGHTS_WRITE_ACCESS bitmask.
* r5046: mark 'winbind enable local accounts' and testprns as depcrecatedGerald Carter2005-01-272-1/+4
|
* r5029: after talking to Rob, ensure that we set the NETIOSNAME.domainnameGerald Carter2005-01-271-1/+10
| | | | | | | as the longname in the published printer information since this is what we will have used when we joined the domain. More testing on this tomorrow.
* r5028: * check acb_info mask in _samr_create_user instead of the last characterGerald Carter2005-01-271-36/+21
| | | | | | of the user name * fix some access_mask checks in _samr_set_userinfo2 (getting join from XP without being a member of domain admins working)
* r5020: bumping the 3.0 tree to 3.0.12pre1 since there will not be a full ↵Gerald Carter2005-01-261-2/+2
| | | | sync for the 3.0.11rc1 release
* r5015: (based on abartlet's original patch to restrict password changes)Gerald Carter2005-01-264-342/+486
| | | | | | | | | * added SE_PRIV checks to access_check_samr_object() in order to deal with the run-time security descriptor and their interaction with user rights * Reordered original patch in _samr_set_userinfo[2] to still allow root/administrative password changes for users and machines.
* r5014: Split out the request to send an async level II oplock break into aJeremy Allison2005-01-262-18/+59
| | | | | | | new function to make it clear when it's called. Remove async parameter that had been overloaded into request_oplock_break. Inspired by work from Nadav Danieli <nadavd@exanet.com>. Jeremy.
* r5012: fix segfault caused by using a ipp_t * after calling cupsDoRequest()Gerald Carter2005-01-261-0/+2
|
* r5002: Ensure we can't remove a level II oplock without having theJeremy Allison2005-01-261-17/+19
| | | | | | shared memory area locked. This need to be in 3.0.11. Pointed out by Nadav Danieli <nadavd@exanet.com>. Jeremy.
* r4996: sync up copytights with trunkGerald Carter2005-01-251-0/+1
|
* r4995: fail set_privileges() if 'enable privileges = no' to prevent confused ↵Gerald Carter2005-01-251-0/+3
| | | | admins who never read what I write :-)
* r4994: Patch from abartlet:Günther Deschner2005-01-251-13/+26
| | | | | | | | When migrating account policies to ldapsam, handle the fact that an admin might have changed the default location of the sambaDomain-object after installation. Guenther
* r4989: Display failed LDAP-server-uri.Günther Deschner2005-01-251-1/+2
| | | | Guenther
* r4988: After speaking with Jerry, remove old lp_admin_users toGünther Deschner2005-01-251-14/+0
| | | | | | administrator-sid mapping completely. Guenther
* r4976: Try to scare people off from trying to write authentication modulesAndrew Bartlett2005-01-251-0/+4
| | | | | | that only acheive as much as 'security=server' does. Andrew Bartlett
* r4972: Fix a warning and some debugging-outputs.Günther Deschner2005-01-255-8/+8
| | | | Guenther
* r4970: Fix for bug 2092, allowing fallback after kerberos and allowJeremy Allison2005-01-244-4/+23
| | | | | gnome vfs to prevent auto-anonymous logon. Jeremy.
* r4967: Not being in any domain local groups is obviously valid...Volker Lendecke2005-01-241-1/+1
| | | | Volker
* r4966: don't enumerate the drivers for the same architecture string more ↵Gerald Carter2005-01-241-0/+12
| | | | than once
* r4964: Fix our lsa lookupsid $OURDOMAINSID-500.Günther Deschner2005-01-241-14/+15
| | | | | | | | Give the admin-user (rid 500) a chance to be found in passdb, not returning the (possibly obscure) first entry of "admin users" before that. Guenther
* r4963: It is actually a very bad idea to use KRB5_CONFIG in theGünther Deschner2005-01-241-7/+7
| | | | | | | | | | | | configure-checks (At least Heimdal uses KRB5_CONFIG for locating it's configuration-file (usually /etc/krb5.conf)). Renaming it to KRB5CONFIG prevents configure-checks that use heimdal-libs from segfaulting while the lib reads the krb5-config binary as a configuration file... Vendors that used the KRB5_CONFIG-variable to let configure find a custom krb5-config binary have to use KRB5CONFIG now. Guenther
* r4946: Our notion the other_sids in the info3 SamLogon struct wasVolker Lendecke2005-01-232-14/+34
| | | | | | | | | | | | | | ...hmmm... completely bogus. This does not affect us as a domain controller, as we never set other_sids, but I have *no* idea how winbind got away with it. Please review thoroughly, samba4 idl looks closer to reality here. Test case: Member of w2k3 domain, authenticate as a user who is member of one or more domain local groups. Easiest review with 'client schannel = no'. Thanks, Volker
* r4933: List not only the first 10 trusts with rpcclient -c enumtrust.Volker Lendecke2005-01-221-16/+22
| | | | Volker
* r4932: Forgot to increase version with the account-policy-commit.Günther Deschner2005-01-221-1/+1
| | | | Guenther
* r4931: Add get_user_info_7 in SAMR. This just gives out the username. (InGünther Deschner2005-01-221-0/+42
| | | | | | | preparation of adding the ability of renaming users via setuserinfo level 7). Guenther
* r4926: Use LDAP_SCOPE_ONELEVEL instead of OpenLDAP's LDAP_SCOPE_ONE-scope.Günther Deschner2005-01-221-2/+2
| | | | Guenther
* r4925: Migrate Account Policies to passdb (esp. replicating ldapsam).Günther Deschner2005-01-2214-171/+840
| | | | | | | | Does automated migration from account_policy.tdb v1 and v2 and offers a pdbedit-Migration interface. Jerry, please feel free to revert that if you have other plans. Guenther
* r4921: Typo.Jeremy Allison2005-01-221-2/+2
|
* r4917: Merge some of Derrell.Lipman@UnwiredUniverse.com obvious fixes.Jeremy Allison2005-01-224-7/+17
| | | | | Added text explaining units in pdbedit time fields. Jeremy.
* r4907: remove unreached codeGerald Carter2005-01-211-1/+0
|
* r4905: patch from abartlet to remove storing the auth-user credentials from ↵Gerald Carter2005-01-211-4/+0
| | | | the cli* in cm_prepare_connection(). using credentials from a domain other thanour primary domain will cause the schannel setup to fail
* r4902: please note that cupsDoRequest() deletes the request* so don't call ↵Gerald Carter2005-01-211-32/+2
| | | | ippDelete(request) *ever*
* r4882: Fix for #2255. Debug should have been 10 not 0.Jeremy Allison2005-01-211-1/+1
| | | | Jeremy.
* r4881: Varient of Lar's patch for #2270. Jerry promises to test :-).Jeremy Allison2005-01-211-258/+274
| | | | Jeremy.
* r4879: Fix rewinddir -> rewind_dir. Noticed by James Peach.Jeremy Allison2005-01-201-2/+2
| | | | Jeremy
* r4877: When vampiring account policy AP_LOCK_ACCOUNT_DURATION honour "LockoutGünther Deschner2005-01-201-1/+4
| | | | | | Duration: Forever". Guenther
* r4875: Fix for bugid #221, inspired by Mrinal Kalakrishnan <mail@mrinal.net>.Jeremy Allison2005-01-201-13/+69
| | | | | | NT sometimes send garbage bytes in NT security descriptor linearizations when sending well-known sids. Cope with these. Jeremy.
* r4874: add DOmain Admins (Full Control) to the default printer sd if we are a DCGerald Carter2005-01-201-5/+24
|
* r4871: BUG 603: patch by Daniel Beschorner <db@unit-netz.de>. Correct ↵Gerald Carter2005-01-201-1/+4
| | | | access mask check for _samr_lookup_domain() to work with Windows RAS server
* r4870: Make multi-domain-mode in idmap_rid accessible from outside (can beGünther Deschner2005-01-201-8/+20
| | | | | | | | | | compiled with -DIDMAP_RID_SUPPORT_TRUSTED_DOMAINS) as requested by Lars Mueller <lmuelle-at-suse.de>. Allow to map ID's for a local SAM and add some more debugging-information. Guenther
* r4869: Display sam_user_info_7 in rpcclient.Günther Deschner2005-01-201-1/+22
| | | | Guenther
* r4868: Add "net rpc user RENAME"-command.Günther Deschner2005-01-204-2/+190
| | | | | | Note that Samba3 does not yet support it server-side. Guenther
* r4866: Add createdomgroup to rpcclient (needed to generate huge amounts ofGünther Deschner2005-01-201-0/+52
| | | | | | groups when 'net rpc group add' is just to slow). Guenther
* r4864: Remove unused var.Jeremy Allison2005-01-201-2/+2
| | | | Jeremy.
generated by cgit (git 2.34.1) at 2025-09-28 04:16:08 +0000