1
0
mirror of https://github.com/samba-team/samba.git synced 2024-12-24 21:34:56 +03:00
Commit Graph

1919 Commits

Author SHA1 Message Date
Gerald Carter
2bdbd3fa6d r15380: default eventlog tdbs to mode 0660 to allow easier access by BUILTIN\Administrators
(This used to be commit a02933c958)
2007-10-10 11:16:38 -05:00
Jeremy Allison
1f3fe6a504 r15334: Fix warning. This table and function not used anymore. Jerry please
check.
Jeremy.
(This used to be commit 9f676603aa)
2007-10-10 11:16:36 -05:00
Gerald Carter
d4a51cc500 r15309: normalize printing keys when deleting
(This used to be commit 037f9f831e)
2007-10-10 11:16:34 -05:00
Jeremy Allison
0498f3b889 r15129: Separate out mechanism and policy for NTLMSSP auth/sign/seal.
With this change (and setting lanman auth = no in smb.conf)
we have *identical* NTLMSSP flags to W2K3 in SPNEGO auth.
Jeremy
(This used to be commit 93ca3eee55)
2007-10-10 11:16:25 -05:00
Volker Lendecke
e17302200c r15101: Little step towards getting Samba4 tdb into 3: tdb_lock_bystring does not
have the timeout argument in Samba4. Add a new routine
tdb_lock_bystring_with_timeout.

Volker
(This used to be commit b9c6e3f556)
2007-10-10 11:16:23 -05:00
Günther Deschner
3f2b06d614 r15044: Fix the build. (void returning non-void).
Guenther
(This used to be commit 3ff278b852)
2007-10-10 11:15:59 -05:00
Günther Deschner
655b04e4f8 r15041: Adding rpc client calls to manipulate auditing policies on remote CIFS
servers. Also add a new "net rpc audit" tool. The lsa query infolevels
were taken from samb4 IDL, the lsa policy flags and categories are
partly documented on msdn. I need to cleanup the double
lsa_query_info_policy{2}{_new} calls next.

Guenther
(This used to be commit 0fed66926f)
2007-10-10 11:15:59 -05:00
Jeremy Allison
2178bcaa39 r14788: Fix coverity bug #276. null deref.
Jeremy.
(This used to be commit 0217f7d7bf)
2007-10-10 11:15:48 -05:00
Jeremy Allison
00fb5e431d r14786: Fix coverity #275. null deref.
Jeremy.
(This used to be commit 363d31c9ec)
2007-10-10 11:15:48 -05:00
Günther Deschner
20204ab040 r14646: Adding samr querygroup infolevels 2 & 5.
Guenther
(This used to be commit 6c4fe819c6)
2007-10-10 11:15:42 -05:00
Gerald Carter
1839b4be14 r14634: Many bug fixes thanks to train rides and overnight stays in airports
* Finally fix parsing idmap uid/gid ranges not to break with spaces
  surrounding the '-'
* Allow local groups to renamed by adding info level 2 to
  _samr_set_aliasinfo()
* Fix parsing bug in _samr_del_dom_alias() reply
* Prevent root from being deleted via Samba
* Prevent builting groups from being renamed or deleted
* Fix bug in pdb_tdb that broke renaming user accounts
* Make sure winbindd is running when trying to create the Administrators
  and Users BUILTIN groups automatically from smbd (and not just check the
  winbind nexted groups parameter value).
* Have the top level rid allocator verify that the RID it is about to
  grant is not already assigned in our own SAM (retries up to 250 times).
  This fixes passdb with existing SIDs assigned to users from the RID algorithm
  but not monotonically allocating the RIDs from passdb.
(This used to be commit db1162241f)
2007-10-10 11:15:41 -05:00
Günther Deschner
1d5ab8fd05 r14597: Merge DCERPC_FAULT constants from Samba 4.
Guenther
(This used to be commit 3f195f8248)
2007-10-10 11:15:38 -05:00
Gerald Carter
f4a5c016e3 r14482: Fixes for spoolss code (after coverity fixes) when the
client sends a NULL RPC_BUFFER*
(This used to be commit 69f816e9f8)
2007-10-10 11:15:33 -05:00
Gerald Carter
36f622acea r14450: Fix more get_md4pw() breakage caused by missing "breaks"
in the switch statement which matched the schannel type
against the account type.
(This used to be commit 57c705ea63)
2007-10-10 11:15:30 -05:00
Gerald Carter
0f0ad2992e r14448: * protect against NULL cli_state* pointers in cli_rpc_pipe_open()
* Fix inverted logic check for machine accounts in get_md4pw()
(This used to be commit a36529535d)
2007-10-10 11:15:30 -05:00
Günther Deschner
24961b173b r14443: rework get_md4pw() to ease debugging. The only functional change is that
we now check wheter the sec_channel_type matches the trust account type.

Guenther
(This used to be commit c35eb44937)
2007-10-10 11:15:30 -05:00
Gerald Carter
0ce53f8ba5 r14403: * modifies create_local_nt_token() to create a BUILTIN\Administrators
group IFF sid_to_gid(S-1-5-32-544) fails and 'winbind nested groups = yes'

* Add a SID domain to the group mapping enumeration passdb call
  to fix the checks for local and builtin groups.  The SID can be
  NULL if you want the old semantics for internal maintenance.
  I only updated the tdb group mapping code.

* remove any group mapping from the tdb that have a
  gid of -1 for better consistency with pdb_ldap.c.
  The fixes the problem with calling add_group_map() in
  the tdb code for unmapped groups which might have had
  a record present.

* Ensure that we distinguish between groups in the
  BUILTIN and local machine domains via getgrnam()
  Other wise BUILTIN\Administrators & SERVER\Administrators
  would resolve to the same gid.

* Doesn't strip the global_sam_name() from groups in the
  local machine's domain (this is required to work with
  'winbind default domain' code)

Still todo.

* Fix fallback Administrators membership for root and domain Admins
  if nested groups = no or winbindd is not running

* issues with "su - user -c 'groups'" command

* There are a few outstanding issues with BUILTIN\Users that
  Windows apparently tends to assume.  I worked around this
  presently with a manual group mapping but I do not think
  this is a good solution.  So I'll probably add some similar
  as I did for Administrators.
(This used to be commit 612979476a)
2007-10-10 11:15:28 -05:00
Jeremy Allison
be2bc3147c r14395: Fix coverity bug #55. Ensure no unsigned/signed comparisons.
Jeremy.
(This used to be commit cd3ad3f1a6)
2007-10-10 11:15:28 -05:00
Jeremy Allison
e6676a9a69 r14387: Try and fix the coverity issues (#53, #54) with negative
sink by ensuring all uses of rpcstr_push are consistent
with a size_t dest size arg.
Jeremy.
(This used to be commit f65d7afe19)
2007-10-10 11:15:27 -05:00
Jeremy Allison
d1684fa82e r14353: Fix coverity bugs #61 and #62. Remember to divide by
the size of the data table. Clean up the struct a little.
Jeremy.
(This used to be commit 338538410d)
2007-10-10 11:15:26 -05:00
Jeremy Allison
bd1e853c19 r14338: Fix coverity #55 by explicit cast.
Jeremy.
(This used to be commit 1fece52da4)
2007-10-10 11:15:25 -05:00
Jeremy Allison
d72bb5627c r14303: Fix coverity #223. In a loop we were forgetting to free
resources on error exit path.
Jeremy.
(This used to be commit f71aa3ab8f)
2007-10-10 11:15:24 -05:00
Jeremy Allison
ad838bf65e r14301: Fix coverity #224. In a loop we were forgetting to free
resources on error exit path.
Jeremy.
(This used to be commit f1a5e5aefe)
2007-10-10 11:15:24 -05:00
Jeremy Allison
860015db1f r14299: Fix coverity #225. In a loop we were forgetting to free
resources on error exit path.
Jeremy.
(This used to be commit 1c0b4ed0ac)
2007-10-10 11:15:24 -05:00
Jeremy Allison
19879eba83 r14289: Fix coverity #101, resource leak on error code path.
Jeremy.
(This used to be commit d9e1d6fed0)
2007-10-10 11:15:23 -05:00
Jeremy Allison
acc651a31b r14286: Similar clarifiction fix for coverity #102.
Jeremy.
(This used to be commit f458596b0e)
2007-10-10 11:15:23 -05:00
Jeremy Allison
e4600491cf r14284: Fix coverity bug #103. Make code clearer - probably
not a real issue but this code is easier to read.
Jeremy.
(This used to be commit 6621acc68f)
2007-10-10 11:15:23 -05:00
Jeremy Allison
bb0d6f0459 r14268: Fix coverity error #204. Resource leak on error path.
Jeremy.
(This used to be commit 5f74e56b86)
2007-10-10 11:15:22 -05:00
Jeremy Allison
88dda37184 r14266: Fix coverity #205. Resource leak on error path.
Jeremy.
(This used to be commit 23d69758bb)
2007-10-10 11:15:21 -05:00
Jeremy Allison
65eb331afc r14264: Fix coverity #207. Resource leak on error path.
Jeremy.
(This used to be commit 0429b6e8c3)
2007-10-10 11:15:21 -05:00
Jeremy Allison
05b4d0b38e r14250: Fix coverity bug #107. Resource leak on error path.
Jeremy.
(This used to be commit ca96c7be77)
2007-10-10 11:15:20 -05:00
Volker Lendecke
71bf1be099 r14233: Fix Coverity bug # 206
(This used to be commit 0dc3030bce)
2007-10-10 11:15:18 -05:00
Volker Lendecke
c9f256cb6c r14226: Fix Coverity bug # 109
(This used to be commit e9a63e3b35)
2007-10-10 11:15:18 -05:00
Jeremy Allison
dd728b4712 r14182: Ensure we know that dom_sid cannot be null.
Jeremy.
(This used to be commit e3a28bf4c8)
2007-10-10 11:15:15 -05:00
Jeremy Allison
5a1c225c18 r14178: Clarify code for Coverity #49. Ensure we know we
can't have an uninitialized *returned val.
Jeremy.
(This used to be commit e83515afd2)
2007-10-10 11:15:15 -05:00
Jeremy Allison
77709e58ad r14031: Coverity bug CID #110. Free all resources correctly
on pipe initialization failure.
Jeremy.
(This used to be commit daa919a94b)
2007-10-10 11:11:06 -05:00
Jeremy Allison
f7bf439030 r13994: Belt and braces - ensure RPC_BUFFER is valid.
Jeremy.
(This used to be commit d993797191)
2007-10-10 11:11:03 -05:00
Jeremy Allison
894358a8f3 r13915: Fixed a very interesting class of realloc() bugs found by Coverity.
realloc can return NULL in one of two cases - (1) the realloc failed,
(2) realloc succeeded but the new size requested was zero, in which
case this is identical to a free() call.

The error paths dealing with these two cases should be different,
but mostly weren't. Secondly the standard idiom for dealing with
realloc when you know the new size is non-zero is the following :

 tmp = realloc(p, size);
 if (!tmp) {
    SAFE_FREE(p);
    return error;
 } else {
    p = tmp;
 }

However, there were *many* *many* places in Samba where we were
using the old (broken) idiom of :

 p = realloc(p, size)
 if (!p) {
    return error;
 }

which will leak the memory pointed to by p on realloc fail.

This commit (hopefully) fixes all these cases by moving to
a standard idiom of :

 p = SMB_REALLOC(p, size)
 if (!p) {
    return error;
 }

Where if the realloc returns null due to the realloc failing
or size == 0 we *guarentee* that the storage pointed to by p
has been freed. This allows me to remove a lot of code that
was dealing with the standard (more verbose) method that required
a tmp pointer. This is almost always what you want. When a
realloc fails you never usually want the old memory, you
want to free it and get into your error processing asap.

For the 11 remaining cases where we really do need to keep the
old pointer I have invented the new macro SMB_REALLOC_KEEP_OLD_ON_ERROR,
which can be used as follows :

 tmp = SMB_REALLOC_KEEP_OLD_ON_ERROR(p, size);
 if (!tmp) {
    SAFE_FREE(p);
    return error;
 } else {
    p = tmp;
 }

SMB_REALLOC_KEEP_OLD_ON_ERROR guarentees never to free the
pointer p, even on size == 0 or realloc fail. All this is
done by a hidden extra argument to Realloc(), BOOL free_old_on_error
which is set appropriately by the SMB_REALLOC and SMB_REALLOC_KEEP_OLD_ON_ERROR
macros (and their array counterparts).

It remains to be seen what this will do to our Coverity bug count :-).

Jeremy.
(This used to be commit 1d710d06a2)
2007-10-10 11:10:59 -05:00
Gerald Carter
129fd6c5c6 r13878: move PORT_DATA_1 to use static sized UNICODE strings as per MSDN
(This used to be commit c803e1b2af)
2007-10-10 11:10:57 -05:00
Gerald Carter
5df58c38f3 r13829: From the "It's not pretty but it works" category
* Finish prototype of the "add port command" implementation
  Format is "addportcommand portname deviceURI"

* DeviceURI is either
  - socket://hostname:port/
  - lpr://hostname/queue
  depending on what the client sent in the request
(This used to be commit 6d74de7a67)
2007-10-10 11:10:56 -05:00
Gerald Carter
889ff32b5e r13824: * add api table for Xcv TCPMON and LOCALMON calls starting
with the "MonitorUI" call
* Fix some parsing errors

This gets us to the Add Port Wizard dialog.
(This used to be commit a444aa7f00)
2007-10-10 11:10:56 -05:00
Gerald Carter
2a7847ea37 r13821: replacing some strings with macros
(This used to be commit a34ab5c827)
2007-10-10 11:10:56 -05:00
Gerald Carter
354c24d525 r13820: * Start fleshing out the XcvDataPort() server implementation
* Add support for the "Local Port" monitor as well through this API
(This used to be commit ba9cdd88a0)
2007-10-10 11:10:55 -05:00
Gerald Carter
e33b728c7b r13815: "Into the blind world let us now descend,"
Began the poet, his face as pale as death.
"I will go first, and you will follow me."
---

Adding XcvDataPort() to the spoolss code for remotely
add ports.  The design is to allow an intuitive means
of creating a new CUPS print queue from the Windows 2000/XP
APW without hacks like specifying the deviceURI in the
location field of the printer properties dialog.

Also set 'default devmode = yes' as the new default
since it causes no harm and only is executed when you
have a NULL devmode anyways.
(This used to be commit 123e478ce5)
2007-10-10 11:10:55 -05:00
Jeremy Allison
1b456f2894 r13778: When deleting machine accounts it's the SeMachineAccountPrivilege
that counts.
Jeremy.
(This used to be commit aa85ba4f37)
2007-10-10 11:10:53 -05:00
Gerald Carter
a2327fc688 r13766: Patch from Arek Glabek <aglabek@centeris.com>:
* Fix parsing error in eventlogadm caused by log entries
  with no DAT: line.
(This used to be commit f0a8f43879)
2007-10-10 11:10:53 -05:00
Simo Sorce
aec8de1703 r13715: Put back the code that actually modify the account,
removed, I presume by mistake, by Jerry in the recent
patch the removes the primary group SID stuff.

set_user_info_21 is called to update many other things
like the description of a user for example (that's what
failed on me).

Jerry, please review this one.
(This used to be commit 239a37d201)
2007-10-10 11:10:50 -05:00
Günther Deschner
e54786b535 r13711: * Correctly handle acb_info/acct_flags as uint32 not as uint16.
* Fix a couple of related parsing issues.
* in the info3 reply in a samlogon, return the ACB-flags (instead of
  returning zero)

Guenther
(This used to be commit 5b89e8bc24)
2007-10-10 11:10:25 -05:00
Gerald Carter
d95e13e68f r13679: Commiting the rm_primary_group.patch posted on samba-technical
* ignore the primary group SID attribute from struct samu*
* generate the primary group SID strictlky from the Unix
  primary group when dealing with passdb users
* Fix memory leak in original patch caused by failing to free a
  talloc *
* add wrapper around samu_set_unix() to prevent exposing the create
  BOOL to callers.  Wrappers are samu_set_unix() and samu-allic_rid_unix()
(This used to be commit bcf269e2ec)
2007-10-10 11:10:23 -05:00
Günther Deschner
cab298856a r13622: Allow to rename machine accounts in a Samba Domain. This still uses the
"rename user script" to do the rename of the posix machine account (this
might be changed later). Fixes #2331.

Guenther
(This used to be commit b2eac2e6eb)
2007-10-10 11:10:19 -05:00
Gerald Carter
cd55919263 r13590: * replace all pdb_init_sam[_talloc]() calls with samu_new()
* replace all pdb_{init,fill}_sam_pw() calls with samu_set_unix()
(This used to be commit 6f1afa4acc)
2007-10-10 11:10:16 -05:00
Gerald Carter
2203bed32c r13576: This is the beginnings of moving the SAM_ACCOUNT data structure
to make full use of the new talloc() interface.  Discussed with Volker
and Jeremy.

* remove the internal mem_ctx and simply use the talloc()
  structure as the context.
* replace the internal free_fn() with a talloc_destructor() function
* remove the unnecessary private nested structure
* rename SAM_ACCOUNT to 'struct samu' to indicate the current an
  upcoming changes.  Groups will most likely be replaced with a
  'struct samg' in the future.

Note that there are now passbd API changes.  And for the most
part, the wrapper functions remain the same.

While this code has been tested on tdb and ldap based Samba PDC's
as well as Samba member servers, there are probably still
some bugs.  The code also needs more testing under valgrind to
ensure it's not leaking memory.

But it's a start......
(This used to be commit 19b7593972)
2007-10-10 11:10:15 -05:00
Gerald Carter
fb5362c069 r13571: Replace all calls to talloc_free() with thye TALLOC_FREE()
macro which sets the freed pointer to NULL.
(This used to be commit b65be8874a)
2007-10-10 11:10:14 -05:00
Jeremy Allison
0bc643620b r13557: (Hopefully) get the creds store/restore key right from
the correct part of the netlogon and schannel packets.
Jeremy.
(This used to be commit 4877f336b2)
2007-10-10 11:10:13 -05:00
Jeremy Allison
5539d3d5a8 r13556: Ensure that any potential creds operation are protected
by schannel if "server schannel = true" was set.
Jeremy.
(This used to be commit fd84d9703e)
2007-10-10 11:10:13 -05:00
Jeremy Allison
9132acff08 r13553: Fix all our warnings at -O6 on an x86_64 box.
Jeremy.
(This used to be commit ea82958349)
2007-10-10 11:10:13 -05:00
Jeremy Allison
3403fc2d49 r13552: Make sure we're using the same name to load the stored
creds under all circumstances. This may be wrong, but
at least we're now consistent.
Jeremy.
(This used to be commit 09f0b3e1a3)
2007-10-10 11:10:13 -05:00
Jeremy Allison
952a631d5d r13548: Always use the get_remote_macinhe_name() as the key
for the creds store. This should fix the problems
Jerry reported (but I have still to run tests :-).
Jeremy.
(This used to be commit 43f095a38d)
2007-10-10 11:10:13 -05:00
Gerald Carter
b2ae6e08da r13547: add earlier checks to deny deleting a printer driver. The previous
code relied upon file permissions alone.  Now we check that
the user is a printer administrator and that the share has not been
marked read only for that user.
(This used to be commit 117d9fd9e1)
2007-10-10 11:10:12 -05:00
Volker Lendecke
a2f2a1d9f8 r13544: -O1 janitor work :-)
(This used to be commit a95d7d7222)
2007-10-10 11:10:12 -05:00
Jeremy Allison
39a572e010 r13539: Add 128 bit creds processing client and server. Thanks to Andrew Bartlett's
Samba4 code.
Jeremy.
(This used to be commit a2fb436fc5)
2007-10-10 11:10:11 -05:00
Jeremy Allison
8d5ef34aa3 r13521: Implement LOOKUPNAME3 and 4.
Jeremy.
(This used to be commit 6ec0e9124a)
2007-10-10 11:10:09 -05:00
Jeremy Allison
3e4cf56fa3 r13519: Fix the credentials chaining across netlogon pipe disconnects.
I mean it this time :-).
Jeremy.
(This used to be commit 80f4868944)
2007-10-10 11:10:09 -05:00
Gerald Carter
87d23f263f r13511: Fix bug in the samr dispinfo enumeration code.
Make sure to associate the DOMAIN dispinfo cache
with a User/Group SAMR handle (not the SID of the user or group).
Ensure that enumeration after deleting a user works.
(This used to be commit 7967f89caa)
2007-10-10 11:10:08 -05:00
Volker Lendecke
301d51e13a r13494: Merge the stuff I've done in head the last days.
Volker
(This used to be commit bb40e544de)
2007-10-10 11:10:06 -05:00
Jeremy Allison
85160e654e r13458: Add parsing functions - but stub internals for lookupnames3 and 4.
Jeremy.
(This used to be commit f1a362580a)
2007-10-10 11:10:04 -05:00
Jeremy Allison
785c78b795 r13456: Add lsa_lookup_names2.
Jeremy.
(This used to be commit b57406c89f)
2007-10-10 11:10:04 -05:00
Jeremy Allison
e22d38bdde r13455: Prepare to add lookupnames2.
Jeremy.
(This used to be commit 2274709587)
2007-10-10 11:10:04 -05:00
Jeremy Allison
acc4a837aa r13449: Ensure we don't crash if no dc struct on pipe.
Jeremy.
(This used to be commit a9e1d0f3b4)
2007-10-10 11:10:04 -05:00
Jeremy Allison
06cf1e18e5 r13447: Added LSA_LOOKUPSIDS2 and LSA_LOOKUPSIDS3.
Jeremy.
(This used to be commit a164cfab42)
2007-10-10 11:10:03 -05:00
Günther Deschner
72b30eba64 r13444: Add REJECT_REASON_OTHER for samr_chgpasswd_user3
Guenther
(This used to be commit 58baf718be)
2007-10-10 11:10:03 -05:00
Günther Deschner
e83c7d0141 r13442: Implement samr_chgpasswd_user3 server-side.
Guenther
(This used to be commit f60eddc0a4)
2007-10-10 11:10:03 -05:00
Jeremy Allison
e493d32912 r13439: Fix NET_SAM_LOGON_EX.
Jeremy.
(This used to be commit 9437ffc84f)
2007-10-10 11:10:02 -05:00
Jeremy Allison
e19ae28581 r13436: Add in NET_SAM_LOGON_EX. Still needs testing.
Jeremy
(This used to be commit f58d0ebf74)
2007-10-10 11:10:02 -05:00
Jeremy Allison
4d2b4c92d2 r13434: Add stub for NET_SAM_LOGON_EX.
Jeremy.
(This used to be commit 58544eb3c8)
2007-10-10 11:10:02 -05:00
Jeremy Allison
ad8b47a2ba r13407: Change the credentials code to be more like the Samba4 structure,
makes fixes much easier to port. Fix the size of dc->sess_key to
be 16 bytes, not 8 bytes - only store 8 bytes in the inter-smbd
store in secrets.tdb though. Should fix some uses of the dc->sess_key
where we where assuming we could read 16 bytes.
Jeremy.
(This used to be commit 5b3c2e63c7)
2007-10-10 11:09:59 -05:00
Jeremy Allison
cf7c47aac9 r13399: Get closer to passing RPC-SCHANNEL test.
Jeremy.
(This used to be commit 8ae70122b7)
2007-10-10 11:09:59 -05:00
Jeremy Allison
86358fc10b r13396: Add in userinfo26, re-enable userinfo25 - took the knowledge
from Samba4 on how to decode the 532 byte password buffers.
Getting closer to passing samba4 RPC-SCHANNEL test.
Jeremy.
(This used to be commit 205db6968a)
2007-10-10 11:09:59 -05:00
Gerald Carter
ef3f2c9675 r13393: Do not initialize the lp_svcctl_list() value since it is handled
internally in services_db.c now.  This prevents internal services from
being listed twice (one internal and one external) when no
'svcctl list' parameter is explcitly set in smb.conf
(This used to be commit 6c4ede6cee)
2007-10-10 11:09:58 -05:00
Gerald Carter
0af1500fc0 r13316: Let the carnage begin....
Sync with trunk as off r13315
(This used to be commit 17e63ac4ed)
2007-10-10 11:06:23 -05:00
Jeremy Allison
d14af63e6a r13293: Rather a big patch I'm afraid, but this should fix bug #3347
by saving the UNIX token used to set a delete on close flag,
and using it when doing the delete. libsmbsharemodes.so still
needs updating to cope with this change.
Samba4 torture tests to follow.
Jeremy.
(This used to be commit 23f16cbc2e)
2007-10-10 11:06:21 -05:00
Jeremy Allison
f1022af07b r13176: Fix show-stopper bug for 3.0.21b where 4 leg NTLMSSP SPNEGO
auth was not generating the correct auth header on the 4th
packet. This may fix a lot of Windows client complaints and
is essential for release.
Jeremy.
(This used to be commit 48dd8c732b)
2007-10-10 11:06:16 -05:00
Jeremy Allison
60bcd1bd77 r13147: Raise creds_server_step fail log messages to debug level 2.
These can happen in normal operation (I think - not 100%
sure) and don't want to alarm admins. Jerry please add this
to 3.0.21b.
Jeremy.
(This used to be commit 47178b1b5a)
2007-10-10 11:06:15 -05:00
Simo Sorce
77965f6cf6 r13138: old fix I forgot to commit
need to access info when using the ldap backend
(This used to be commit 80c0625667)
2007-10-10 11:06:15 -05:00
Gerald Carter
e5d1583c59 r13086: hooking max connections into 'add share' as well (although the WinXP UI doesn't give you a way to set the value on add
(This used to be commit e6afdf1df5)
2007-10-10 11:06:13 -05:00
Gerald Carter
9ededd3151 r13085: hook the max connections spin box in the share properties MMC plugin
dialog to the 'max connections' smb.conf parameter.  Also added the max
uses int from the SHARE_INFO_2 structure to the 'modify share command'
(This used to be commit af68748baa)
2007-10-10 11:06:13 -05:00
Gerald Carter
0773e79761 r13082: revert an accidentally commited patch (still in progress)
(This used to be commit e43775fb31)
2007-10-10 11:06:12 -05:00
Gerald Carter
e95e6044b0 r13081: correct fix for the segv in nmbd caused by a double free on namerec.
(This used to be commit c908dbc4b2)
2007-10-10 11:06:12 -05:00
Alexander Bokovoy
a02415bf36 r12935: After discussion with Volker fix bug #3397 using a variant of the patch by Alex Deiter (tiamat@komi.mts.ru).
Introduces level 9 of getuserinfo and allows to successfully install MS SMS2003
on a member of a Samba domain. Also added support for this level in rpcclient.

The code for infolevel 9 is modelled upon Samba-TNG by Alex Deiter.

Jerry, we need this in 3.0.21b.
(This used to be commit 93461646ce)
2007-10-10 11:06:08 -05:00
Gerald Carter
005c88054f r12916: use rpcstr_pull() instead of unistr_to_ascii() when validating share names
(This used to be commit c08bc30698)
2007-10-10 11:06:07 -05:00
Gerald Carter
bb59be3e0d r12915: protect against changing the SCM security descriptor
(This used to be commit 5842da9968)
2007-10-10 11:06:07 -05:00
Gerald Carter
e7a1a0ead2 r12914: adding query/set ops for security descriptors on services.
(This used to be commit cefd2d7cb6)
2007-10-10 11:06:07 -05:00
Gerald Carter
6f91e3a862 r12262: * patch from Brian Moran to fix segv in eventlogadm when not eventlogs
are listed in smb.conf
* initialize the local group description in set_alias_info()
(This used to be commit 58f8b42069)
2007-10-10 11:05:51 -05:00
Gerald Carter
728e527d2c r12224: adding more characters to the invalid share name string
(This used to be commit e461143639)
2007-10-10 11:05:50 -05:00
Gerald Carter
2c0114d211 r12177: last of outstanding patches in my queue to deal with MMC.
Validate the share name and fail when trying to creating
a share with bad characters.
(This used to be commit 174fe494f9)
2007-10-10 11:05:48 -05:00
Gerald Carter
a489553067 r12173: doing some service control work
* Add a few new error codes for disabled services
* dump some more details about service status in 'net rpc service'
* disable the WINS and NetLogon services if not configured in smb.conf

Still trying to figure out how to disable the start button
on the NetLogon and WINS services.
(This used to be commit c0f54eeebc)
2007-10-10 11:05:47 -05:00
Volker Lendecke
661c5c741a r12163: Change lookup_sid and lookup_name to return const char * instead of char *,
use a temporary talloc_ctx for clarity.

Volker
(This used to be commit b15815c804)
2007-10-10 11:05:46 -05:00
Volker Lendecke
6a92f418ea r12133: Fix an uninitialized variable in new code in rpc_server/srv_samr_nt.c.
Fix winbind_lookup_name for the local domain, ie for aliases on a member
server.

Volker
(This used to be commit 4ba50c823e)
2007-10-10 11:05:46 -05:00
Volker Lendecke
05ac2de0df r12051: Merge across the lookup_name and lookup_sid work. Lets see how the build farm
reacts :-)

Volker
(This used to be commit 9f99d04a54)
2007-10-10 11:05:43 -05:00
Jeremy Allison
d1f91f7c72 r12043: It's amazing the warnings you find when compiling on a 64-bit
box with gcc4 and -O6...
Fix a bunch of C99 dereferencing type-punned pointer will break
strict-aliasing rules errors. Also added prs_int32 (not uint32...)
as it's needed in one place. Find places where prs_uint32 was being
used to marshall/unmarshall a time_t (a big no no on 64-bits).
More warning fixes to come.
Thanks to Volker for nudging me to compile like this.
Jeremy.
(This used to be commit c65b752604)
2007-10-10 11:05:42 -05:00
Günther Deschner
6ffd82ea77 r11964: rename flag to password_properties in SAM_UNK_INFO_1 because that's what
it is. (SAM_UNK_INFO_1 should get a better name as well).

Guenther
(This used to be commit d94aaeb625)
2007-10-10 11:05:40 -05:00
Jeremy Allison
05fafb8396 r11950: If we got a connection oriented cancel pdu we would spin processing it.
Fix that, and also add in comments for all possible CL and CO PDU
types. Make sure we process them correctly.
Jeremy.
(This used to be commit 672113a627)
2007-10-10 11:05:39 -05:00
Jeremy Allison
add7cff520 r11936: Fix bug in returning remote time found by Thomas Bork <tombork@web.de>.
get_time_zone() was overwriting static buffer returned by
gmtime(). Lars - this is a mandatory fix for the next patch...
Jeremy.
(This used to be commit 68d03a7a74)
2007-10-10 11:05:37 -05:00
Jeremy Allison
d9f26f78f6 r11927: No users or groups to return in BUILTIN domain.
Jeremy.
(This used to be commit 908e671c75)
2007-10-10 11:05:36 -05:00
Jeremy Allison
48c2f9fc72 r11924: Added Volkers's (C) to srv_samr_nt.c, removed separate "builtin"
search enumeration, fixed count of groups and users to return
zero if we're getting domain info on the builtin domain (need
to fix the enumgroup and enumuser calls also). Added count_sam_aliases
to return the correct alias count. Need to push the SID arg
down into the group mapping interface so we only return the
correct aliases. Upped passdb version numer for Volkers
changes. SAM-MYSQL guys - you will need to fix your backend
now. More tests needed.
Jeremy.
(This used to be commit b53d5cd565)
2007-10-10 11:05:36 -05:00
Volker Lendecke
10bc204efb r11923: Add samr_lookup_rids for the builtin domain. Doing it this way feels a bit
wrong, but so far we don't have proper multi-domain support in passdb yet...

Volker
(This used to be commit c917cfc320)
2007-10-10 11:05:36 -05:00
Volker Lendecke
046a8873b9 r11922: Looks bigger than it is: There's no point in allocating arrays in
samr_lookup_rids twice. It was done in the srv_samr_nt.c code as well as in
the pdb module. Remove the latter, this might happen more often.

Volker
(This used to be commit 57f0cf8cdd)
2007-10-10 11:05:36 -05:00
Volker Lendecke
fcf14ebee2 r11921: samr_open_domain can only open "our" domain and BUILTIN.
Volker
(This used to be commit 049920ce4f)
2007-10-10 11:05:36 -05:00
Volker Lendecke
add1493a86 r11919: The generic mappings in srv_samr_nt.c are only used there -- make them
static.

One long overdue simplification: Change local_lookup_sid to local_lookup_rid
its responsible for "our" domain only, in fact it checked for it.

Volker
(This used to be commit 35ba5e083c)
2007-10-10 11:05:35 -05:00
Volker Lendecke
5976053f05 r11918: Remove two unused variables
(This used to be commit 5524d66295)
2007-10-10 11:05:35 -05:00
Volker Lendecke
4ce6499849 r11917: Move nt_token_to_group_list to srv_netlog_nt.c. srv_util.c is empty now.
Volker
(This used to be commit ae4ffc1cfb)
2007-10-10 11:05:35 -05:00
Volker Lendecke
3088a85c62 r11915: Remove unused extern declarations
(This used to be commit 3c35fb642a)
2007-10-10 11:05:35 -05:00
Volker Lendecke
ed6936598e r11898: Add a missing become_root().
Volker
(This used to be commit efb7576d4e)
2007-10-10 11:05:33 -05:00
Jeremy Allison
a509c20eb6 r11865: The only way to stop multiple LDAP searches is to agressively cache
results. We now cache them for 10 seconds, down from 30 seconds
(however each re-use will refresh the idle timeout). Any set calls
will flush the cache.
Jeremy.
(This used to be commit c9a0720f55)
2007-10-10 11:05:32 -05:00
Gerald Carter
f2ecd4fed0 r11860: BUG 3156: don't use find_service() when explicitly looking for a printer as the username map might get in the way
(This used to be commit 46bf28c81c)
2007-10-10 11:05:31 -05:00
Günther Deschner
4826f9d413 r11859: Another place where the SE_GROUP constants read better then "7".
Guenther
(This used to be commit 4c4b209645)
2007-10-10 11:05:31 -05:00
Günther Deschner
2770e98aec r11856: Replace unknown1 with group_attr.
Can anyone remember why we initialize groups only with 0x03 instead of 0x07 ?

Guenther
(This used to be commit 3282c7c458)
2007-10-10 11:05:30 -05:00
Jeremy Allison
9be0ce4422 r11793: Fix the SAMR cache so it works across completely insane
client behaviour (ie.:
open pipe/open SAMR handle/enumerate 0 - 1024
close SAMR handle, close pipe.
open pipe/open SAMR handle/enumerate 1024 - 2048...
close SAMR handle, close pipe.
And on ad-nausium. Amazing.... probably object-oriented
client side programming in action yet again.
This change should *massively* improve performance when
enumerating users from an LDAP database.
Jeremy.
(This used to be commit 8ce705d9cc)
2007-10-10 11:05:28 -05:00
Jeremy Allison
d09beee040 r11769: Looking at a performance problem enumerating accounts, wondered
if changing to support samr_connect5 might help so quickly coded
it up. No it doesn't :-(. Don't merge this for 3.0.21 please.
Jeremy.
(This used to be commit bff1df678a)
2007-10-10 11:05:27 -05:00
Gerald Carter
1ce2883865 r11762: fix my build breakage
(This used to be commit 9ee851630e)
2007-10-10 11:05:26 -05:00
Gerald Carter
5251618c7f r11761: * fix clearing of event logs by truncating the tdb.
This feature got broken in some of the other updates.
  Now each open handle stores an pointer to an open tdb
  data structure (not the tdb pointer itself).
  Clearing can be done with a simple elog_close_tdb( elog, True )
  to force a close and then calling elog_open_tdb( logname, True )
  to force an tdb truncate.  Permissions on existing tdbs are
  maintained which is important.

* We don't currently handle backup.  Haven't looked at the
  format of a backuped up eventlog to know what the deal is.
(This used to be commit 2df34c9403)
2007-10-10 11:05:26 -05:00
Gerald Carter
70cac98b6e r11760: fix sequential reads in the eventlog; event viewer is behaving better now as well but needs more testing
(This used to be commit ba2f94aeae)
2007-10-10 11:05:26 -05:00
Gerald Carter
c672a17ff0 r11617: fix typo
(This used to be commit 37d2bf02f3)
2007-10-10 11:05:22 -05:00
Jeremy Allison
fcceedd67c r11573: Adding Andrew Bartlett's patch to make machine account
logons work if the client gives the MSV1_0_ALLOW_SERVER_TRUST_ACCOUNT
or MSV1_0_ALLOW_WORKSTATION_TRUST_ACCOUNT flags. This changes
the auth module interface to 2 (from 1). The effect of this is
that clients can access resources as a machine account if they
set these flags. This is the same as Windows (think of a VPN
where the vpn client authenticates itself to a VPN server
using machine account credentials - the vpn server checks
that the machine password was valid by performing a machine
account check with the PDC in the same was as it would a
user account check. I may add in a restriction (parameter)
to allow this behaviour to be turned off (as it was previously).
That may be on by default.
Andrew Bartlett please review this change carefully.
Jeremy.
(This used to be commit d1caef8663)
2007-10-10 11:05:20 -05:00
Jeremy Allison
6d5757395a r11511: A classic "friday night check-in" :-). This moves much
of the Samba4 timezone handling code back into Samba3.
Gets rid of "kludge-gmt" and removes the effectiveness
of the parameter "time offset" (I can add this back
in very easily if needed) - it's no longer being
looked at. I'm hoping this will fix the problems people
have been having with DST transitions. I'll start comprehensive
testing tomorrow, but for now all modifications are done.
Splits time get/set functions into srv_XXX and cli_XXX
as they need to look at different timezone offsets.
Get rid of much of the "efficiency" cruft that was
added to Samba back in the day when the C library
timezone handling functions were slow.
Jeremy.
(This used to be commit 414303bc02)
2007-10-10 11:05:19 -05:00
Jeremy Allison
c9effb004c r11451: Fix -O1 "might be using uninitialized" errors.
Jeremy.
(This used to be commit cab76c3c33)
2007-10-10 11:05:16 -05:00
Jeremy Allison
a656626d0f r11433: Fix for bug #3223 - ensure we're root before doing
any potential lib/smbldap.c calls.
Jeremy.
(This used to be commit 915cfb48f0)
2007-10-10 11:05:16 -05:00
Gerald Carter
e1ffd2d612 r11332: eventlog API uses NTSTATUS, not WERROR for return codes
(This used to be commit f5f40633bc)
2007-10-10 11:05:13 -05:00
Gerald Carter
90b1ca2597 r11292: Missed merge from Samba 2.2 many years ago....
Don't count open pipes in the num_files_open on a connection.
conn_idle_all() handles this by looking for open rpc handles
If there are no open handles, we can close the IPC$ share.
(This used to be commit 747fba4dbf)
2007-10-10 11:05:10 -05:00
Gerald Carter
cd310c19ce r11240: * fix invalid read reported by valgrind in the
spoolss backchannel connection by rewriting
  spoolss_connect_to_client().  Ensure that we
  save the cli_state* in the rpc_pipe_client struct.

* fix typo in debug message in cli_start_connection"
(This used to be commit 18400f9662)
2007-10-10 11:05:09 -05:00
Jim McDonough
1113cad9c0 r11236: Implement user rename for smbpasswd and ldap backends. Some cleanup on
tdb as well to make naming consistent.
(This used to be commit ee91eb9a39)
2007-10-10 11:05:08 -05:00
Gerald Carter
6fc9098dcc r11235: fix segfault in addprinter due to mixing talloc() and malloc()'d memory
(This used to be commit f6f78877b4)
2007-10-10 11:05:08 -05:00
Gerald Carter
39be2680e0 r11170: root free pass on eventlog open access check
(This used to be commit 4e3ff41e1e)
2007-10-10 11:05:05 -05:00
Jeremy Allison
8d7c886671 r11137: Compile with only 2 warnings (I'm still working on that code) on a gcc4
x86_64 box.
Jeremy.
(This used to be commit d720867a78)
2007-10-10 11:05:02 -05:00
Gerald Carter
6f72169c7c r11135: should fix seg fault in addprinter code reported by Marcin. Allocate memory in convert_printer_info() if necessary
(This used to be commit 7ada5da8e9)
2007-10-10 11:05:02 -05:00
Gerald Carter
5b52e4a0eb r11072: add routines for converting REG_MULTI_SZ to and from char**
(This used to be commit e858eed813)
2007-10-10 11:05:00 -05:00
Gerald Carter
1b91229435 r11069: make sure to zero memory when allocating a a REGVAL_CTR struct
(This used to be commit bfdcbb7572)
2007-10-10 11:05:00 -05:00
Gerald Carter
bb68761a50 r11060: merging new eventlog code from trunk
(This used to be commit 1bcf7e82ed)
2007-10-10 11:04:59 -05:00
Gerald Carter
b9ae4455fd r11054: patch from Brian Moran; fix error code return in _srv_net_name_validate()
(This used to be commit b4e78520cc)
2007-10-10 11:04:59 -05:00
Jim McDonough
254938c636 r10911: part of #2861: add rename support for usrmgr.exe when using tdbsam
This gets it working before replacing tdb with the samba4 version.
(This used to be commit 8210b0503a)
2007-10-10 11:04:56 -05:00
Gerald Carter
01a1e5cdb0 r10819: merging a couple of fixes from trunk
* only keep the registry,tdb file open when we have an open key handle
* tpot's setup.py fix
* removing files that no longer exist in trunk and copying some
  that were missing in 3.0
(This used to be commit 6c6bf6ca5f)
2007-10-10 11:04:54 -05:00
Jeremy Allison
c226b7d4be r10795: Fix code before decl error.
Jeremy.
(This used to be commit 30bd894ee6)
2007-10-10 11:04:54 -05:00
Jeremy Allison
e127501d45 r10792: Fix the "schannel not stored across client disconnects" problem.
Based on the Samba4 solution - stores data in
$samba/private/schannel_store.tdb.
This tdb is not left open but open and closed on demand.
Jeremy.
(This used to be commit a6d8a4b1ff)
2007-10-10 11:04:54 -05:00
Gerald Carter
0bf72b6e33 r10781: merging eventlog and svcctl code from trunk
(This used to be commit f10aa9fb84)
2007-10-10 11:04:53 -05:00
Jeremy Allison
2237bc6a42 r10724: Got a little ahead of myself...
Jeremy.
(This used to be commit 86ffef8162)
2007-10-10 11:04:51 -05:00
Jeremy Allison
ac34076306 r10722: Remove unused BOOL in struct dcinfo.
Ensure that the mach_acct and remote machine entries are
set correctly in struct dcinfo - we'll need this as a key
for a persistent schannel state later.
Jeremy.
(This used to be commit 47269b5c71)
2007-10-10 11:04:51 -05:00
Gerald Carter
54abd2aa66 r10656: BIG merge from trunk. Features not copied over
* \PIPE\unixinfo
* winbindd's {group,alias}membership new functions
* winbindd's lookupsids() functionality
* swat (trunk changes to be reverted as per discussion with Deryck)
(This used to be commit 939c3cb5d7)
2007-10-10 11:04:48 -05:00
Gerald Carter
1896d77fe5 r10585: variation of fix in trunk for root-free-pass in registry access checks
(This used to be commit b41f997a2a)
2007-10-10 11:04:47 -05:00
Jeremy Allison
c2e5ce1501 r10269: Server-side fix for creds change - revert jcmd's change.
Jeremy.
(This used to be commit e1c9813d63)
2007-10-10 11:03:40 -05:00
Gerald Carter
fbcaef3bf6 r10264: reverse order of 'root free pass' checks in service and registry access_checks()
(This used to be commit 35b338a4fc)
2007-10-10 11:03:39 -05:00
Gerald Carter
a9b96c6b3d r10221: add "free pass for root" in svcctl and default winreg access checks
(This used to be commit 2490118796)
2007-10-10 11:03:38 -05:00
Gerald Carter
d4f2df5d5c r9956: Ensure accounts with the SeAddUsersPrivilege can modify domain and local group attributes (posted to samba ml and confirmed fix)
(This used to be commit 005d4cb3c6)
2007-10-10 11:03:29 -05:00
Günther Deschner
513e81458f r9945: fix typos.
Guenther
(This used to be commit 12029e9022)
2007-10-10 11:03:28 -05:00
Gerald Carter
a206a5efdd r9788: more compiler warnings from Jason Mader
(This used to be commit 9c51aa5bd2)
2007-10-10 11:03:26 -05:00
James Peach
8c072021ef r9780: Clean up a bunch of compiler warnings.
(This used to be commit 623d2e6931)
2007-10-10 11:03:26 -05:00
Gerald Carter
c53e760ea5 r9752: figured out why talloc_steal() is a bad idea for SEC_DESC*
Add a comment so someone else doesn't get bitten by this as well.
(This used to be commit 050364ef34)
2007-10-10 11:03:25 -05:00
Gerald Carter
44707ad2e0 r9739: conver the reg_objects (REGSUBKEY_CTR & REGVAL_CTR) to use
the new talloc() features:

 Note that the REGSUB_CTR and REGVAL_CTR objects *must* be talloc()'d
 since the methods use the object pointer as the talloc context for
 internal private data.

 There is no longer a regXXX_ctr_intit() and regXXX_ctr_destroy()
 pair of functions.  Simply TALLOC_ZERO_P() and TALLOC_FREE() the
 object.

Also had to convert the printer_info_2->NT_PRINTER_DATA field
to be talloc()'d as well.  This is just a stop on the road to
cleaning up the printer memory management.
(This used to be commit ef721333ab)
2007-10-10 11:03:25 -05:00
Gerald Carter
be0f3f159f r9660: real fix for group enumeration bug in 3.0.20; only affected the ldapsam code
(This used to be commit 62f9fb5e3a)
2007-10-10 11:03:24 -05:00
Gerald Carter
e76107dd9b r9594: return the mapped name in enum_dom_groups()
(This used to be commit a769aaec88)
2007-10-10 11:03:22 -05:00
Tim Potter
021892a6ce r9276: Fix another unused variable warning. Bugzilla #2981.
(This used to be commit abe2ab72e6)
2007-10-10 11:00:30 -05:00
Tim Potter
36115e7ebc r9275: Remove some dead code. Bugzilla #2982.
(This used to be commit e1fc7d89c2)
2007-10-10 11:00:30 -05:00
Gerald Carter
d04c1efd0f r9264: fix valgrind invalid write error in enumprinterdata()
(This used to be commit bfebbc86fc)
2007-10-10 11:00:29 -05:00
Jim McDonough
dcf2200411 r9261: Fix #2976: windows member servers wouldn't alloc connections from users
defined locally because if we didn't find them as a DC we were marking
the response as authoritative.  Now if it's not a domain we know, we
mark the response non-authoritative.

Fix from jpjanosi@us.ibm.com
(This used to be commit d522277b86)
2007-10-10 11:00:29 -05:00
Jim McDonough
d6403e7280 r9242: Fix my fix for #2953. I'd moved too much code until after we verify the user,
causing netlogon to return an invalid response for failed interactive logons.
(This used to be commit 4deb918b68)
2007-10-10 11:00:28 -05:00
Günther Deschner
3662fb6d3a r9229: merge from trunk:
allow admins to uncheck the "User must change Password at next Logon"
checkbox in Usermanager.

Guenther
(This used to be commit b1e4b72c1c)
2007-10-10 11:00:28 -05:00
Gerald Carter
fd6dde2161 r9195: setting log level to 2 instead of 0
(This used to be commit 3a633a509e)
2007-10-10 11:00:27 -05:00
Gerald Carter
617a99ec52 r9194: do not enumerate privileges when they are not enabled
(This used to be commit ff6e3464a2)
2007-10-10 11:00:27 -05:00
Gerald Carter
e93b4cedc3 r9114: removing gratuitous debug messages
(This used to be commit c3e1423038)
2007-10-10 11:00:26 -05:00
Jim McDonough
7fff6638fc r9112: Fix #2953 - credentials chain on DC gets out of sync with client when
NT_STATUS_NO_USER returned.  We were moving to the next step in the
chain when the client wasn't.  Only update when the user logs on.
(This used to be commit b01a3a4111)
2007-10-10 11:00:26 -05:00
Gerald Carter
6014bb000e r9098: fix another usrmgr.exe crash when viewing user properties at debuglevel 10
(This used to be commit f5756c2611)
2007-10-10 11:00:26 -05:00
Jeremy Allison
777422836c r9080: If we don't understand the auth, bind nak not pdu fault.
Should fix usermgr on W2K3 SP1.
Jeremy.
(This used to be commit 592ec9fbff)
2007-10-10 11:00:25 -05:00
Günther Deschner
fdc2ab72f7 r9021: Fix smbd-crash bug in openprinter (found by samba4 smbtorture
RPC-SPOOLSS).

Guenther
(This used to be commit 06bfe789d5)
2007-10-10 11:00:23 -05:00
Günther Deschner
3ada346cbe r8971: Fix querydispinfo (still need to look at enumdomusers) to allow to list
more then 511 users.

After the rewrite, the old NT_STATUS-semantics didn't fit any longer.

Guenther
(This used to be commit 690da51d83)
2007-10-10 11:00:23 -05:00
Jeremy Allison
abb81cfe26 r8959: Make msdfs code talloc based. Fix leaks.
Jeremy.
(This used to be commit 076023df8e)
2007-10-10 11:00:22 -05:00
Jeremy Allison
a4cdedcc08 r8950: Fix one more mem leak found by Gunther.
Jeremy.
(This used to be commit 547c6ee0a9)
2007-10-10 11:00:22 -05:00
Gerald Carter
191b5977d0 r8943: Fix segfault in enum_service_status
(This used to be commit 04a551f0a4)
2007-10-10 11:00:21 -05:00
Tim Potter
235644680f r8941: Fix unused variable warning. Bugzilla #2940.
(This used to be commit 6d0aafa599)
2007-10-10 11:00:21 -05:00
Gerald Carter
57939971b4 r8916: should fix the valgrind invalid read of size 1 onthe
GetPrinterData("OSVersion") abartlet saw when browsing from
Vista client.
(This used to be commit b527b86ae8)
2007-10-10 11:00:20 -05:00
Tim Potter
473cfa4c35 r8894: Fix a warning. Bugzilla #2939.
(This used to be commit 7648f6cef0)
2007-10-10 11:00:19 -05:00
Jeremy Allison
8b2b177a8e r8805: Merge a duplicate struct. Get ready to support SPNEGO rpc binds.
Jeremy.
(This used to be commit fd6e342746)
2007-10-10 11:00:18 -05:00
Jeremy Allison
ae64b2f2aa r8617: Be very explicit if addprinterex is called that the "addprinter command"
must be defined in smb.conf.
Jeremy.
(This used to be commit 86f8368c99)
2007-10-10 11:00:13 -05:00
Tim Potter
99478cd59b r8573: Fix set but not used warning in srvsvc server-side code.
Another bugzilla (#2891) from Jason Mader.
(This used to be commit ae6b4df7fe)
2007-10-10 11:00:11 -05:00
Jeremy Allison
263a51cd62 r8564: Sometimes we're too dumb to live... Fix samr calls where we were
using USER_INFO_XX structs and functions where XX was sometimes
in hex and sometimes in decimal. Now it's all in decimal (should
be no functionality change).
Jeremy.
(This used to be commit 84651aca04)
2007-10-10 11:00:09 -05:00
Gerald Carter
6fe5451543 r8501: * disable printer handle object cache (was mostly used
for NT4 clients enumerating printer data on slow CPUs)
* fix pinter and secdesc record upgrade to normalize the key
  (rev'd printer tdb version)
* fixed problem that was normalizing the printername name field

in general, this should fix the issues upgrading print servers
from 3.0.14a to 3.0.20
(This used to be commit d07179de2f)
2007-10-10 11:00:06 -05:00
Jim McDonough
e7c48884a5 r8432: Fix #2077 - login to trusted domain doesn't allow home drive map and login
scripts to be executed.

We were filling in our name as the server which processed the login, even
when it was done by a trusted DC.

Thanks to John Janosik <jpjanosi@us.ibm.com> for the fix.
(This used to be commit 0446319a3b)
2007-10-10 11:00:05 -05:00
Gerald Carter
f2ff8bed26 r8326: factor out the delete printer code to a delete_printer_hook() for reuse
(This used to be commit 0689851a90)
2007-10-10 10:58:20 -05:00
Gerald Carter
e574081ad9 r8324: * initial cut at creating printers via the registry API
Need to add delete_key support
(This used to be commit 9a27f7181a)
2007-10-10 10:58:19 -05:00
Gerald Carter
18609ce1af r8322: * get RegSetValue() working for printer subkey values
(not immediate values below the <printer name> key yet.
(This used to be commit a872ea5f0e)
2007-10-10 10:58:19 -05:00
Jeremy Allison
af8a691db1 r8219: Merge the new open code from HEAD to 3.0. Haven't yet run the torture
tests on this as it's very late NY time (just wanted to get this work
into the tree). I'll test this over the weekend....
Jerry - in looking at the difference between the two trees there
seem to be some printing/ntprinting.c and registry changes we might
want to examine to try keep in sync.
Jeremy.
(This used to be commit c7fe18761e)
2007-10-10 10:58:18 -05:00
Gerald Carter
c296f858ef r8066: * had to modify the printer data storage slightly in ntprinters.tdb
when packing values.  It is a compatible change though and will
  not require a tdb version upgrade
* Can successfully create new printer subkeys via winreg that
  are immediately available via spoolss calls.  Still cannot delete
  keys yet though.  That comes next.
(This used to be commit 00bce2b3bb)
2007-10-10 10:58:10 -05:00
Gerald Carter
c5a51f0273 r8027: driver information is now back via winreg
(This used to be commit f0a1c6b9ce)
2007-10-10 10:58:09 -05:00
Günther Deschner
d966feb9bc r8019: Better give a hint that we are failing share-manipulation due to missing
scripts.

Guenther
(This used to be commit 1f17b4f45e)
2007-10-10 10:58:08 -05:00
Gerald Carter
270b90e25f r7995: * privileges are local except when they're *not*
printmig.exe assumes that the LUID of the SeBackupPrivlege
  on the target server matches the LUID of the privilege
  on the local client.  Even though an LUID is never guaranteed
  to be the same across reboots.  How *awful*!  My cat could
  write better code! (more on my cat later....)

* Set the privelege LUID in the global PRIVS[] array

* Rename RegCreateKey() to RegCreateKeyEx() to better match MSDN

* Rename the unknown field in RegCreateKeyEx() to disposition
  (guess according to MSDN)

* Add the capability to define REG_TDB_ONLY for using the reg_db.c
  functions and stress the RegXXX() rpc functions.
(This used to be commit 0d6352da48)
2007-10-10 10:58:07 -05:00
Gerald Carter
e4a11ba585 r7987: map generic bits to specific bits in open requests
(This used to be commit 7764e8a677)
2007-10-10 10:58:06 -05:00
Jeremy Allison
bf547ff1ad r7981: MS-DFS tidyup patches from James Peach <jpeach@sgi.com>.
Looking forward to the day he can commit these himself :-).
Jeremy.
(This used to be commit 12ff297829)
2007-10-10 10:58:06 -05:00
Gerald Carter
ab0033d40a r7938: * move the hardcoded registry value names from _reg_query_value()
to a thin layer in fetch_reg_values().  Not entirely efficient
  seeing as the the dynamic value paths are stored in an unsorted
  array but it is one strequal() per path.  If this was really big
  it should be worked into the reghook_cache().
(This used to be commit 63b81ad3cb)
2007-10-10 10:58:03 -05:00
Gerald Carter
bd509a81cb r7908: * change REGISTRY_HOOK api to use const (fix compiler warning
in init_registry_data()
* Add means of storing registry values in registry.tdb
* add builtin_registry_values[] array for REG_DWORD and REG_SZ
  values needed during startup
* Finish up RegDeleteValue() and RegSetValue()
* Finish up regdb_store_reg_values() and regdb_fetch_reg_values()

I can now create and retrieve values using regedit.exe on Win2k.

bin/net -S rain -U% rpc registry enumerate 'hklm\software\samba'
Valuename  = Version
Type       = REG_SZ
Data       = 3.0.20

Next is to do the virtual writes in reg_printing.c and I'll be
done with Print Migrator (yeah!  finally)
(This used to be commit 3d837e58db)
2007-10-10 10:58:03 -05:00
Gerald Carter
b8e787bcac r7890: * add Reg[SG]etKeySec() server stubs
* merge a compile warning fix from trunk to SAMBA_3_0
(This used to be commit 71eb018a05)
2007-10-10 10:58:01 -05:00
Jeremy Allison
19ca97a70f r7882: Looks like a large patch - but what it actually does is make Samba
safe for using our headers and linking with C++ modules. Stops us
from using C++ reserved keywords in our code.
Jeremy
(This used to be commit 9506b8e145)
2007-10-10 10:58:00 -05:00
Gerald Carter
8387af752f r7880: fix a typo and memleak on failures cases (patch from marcin)
(This used to be commit 6ff0fa0b43)
2007-10-10 10:58:00 -05:00
Gerald Carter
2fb7ff7d9d r7878: mostly just a rename of REG_INFO to REG_QUERY_VALUE for better clarity
(This used to be commit d50f0ba07e)
2007-10-10 10:58:00 -05:00
Volker Lendecke
864ca4f051 r7836: Fix the bug where users show up as trusting domains.
Volker
(This used to be commit 61585fa56b)
2007-10-10 10:57:58 -05:00
Jeremy Allison
3b1f21b812 r7708: Hint from Luke Howard (thanks Luke). Ensure the schannel authenticator is 8
byte aligned, just like the NTLMSSP ones. Trying to fix 64-bit Windows domain
logon.
Jeremy.
(This used to be commit 475d5a277d)
2007-10-10 10:57:20 -05:00
Gerald Carter
c25b67b24d r7698: * clean upserver frontend for RegDeleteKey()
* implement RegDeleteKey() for reg_db backend
(This used to be commit 91b81a23b8)
2007-10-10 10:57:19 -05:00
Gerald Carter
2129d3c711 r7691: * add .gdbinit to the svn:ignore files
* start adding write support to the Samba registry
  Flesh out the server implementations of
  RegCreateKey(), RegSetValue(), RegDeleteKey() and RegDeleteValue()

I can create a new key using regedit.exe now but the 'New Key #1'
key cannot be deleted yet.
(This used to be commit e188fdbef8)
2007-10-10 10:57:19 -05:00
Gerald Carter
2102f6bff9 r7664: add access check hooks to _reg_open_entry which are passed off
to the reg_XXX backend.  If the backend does not define
a regkey_access_check() function, we default to using the
standard registry_access_check()
(This used to be commit 2f08a904ee)
2007-10-10 10:57:19 -05:00
Gerald Carter
b2db8a9bd3 r7649: * fix compile breakage (sorry, should have done a make clean before the
last checking).
* rename unknown field in REG_GETVERSION
* add server stubs for RegDeleteKey() and RegDeleteValue()
(This used to be commit 023728c059)
2007-10-10 10:57:18 -05:00
Gerald Carter
17eb05228e r7648: adding REGISTRY_HOOK->reg_access_check() for authprization checks on RegOpenKey(); passing it off to the backend code for a given path
(This used to be commit 867fd3052b)
2007-10-10 10:57:18 -05:00
Gerald Carter
2fbb43ad82 r7647: add access checks to the top level hive open calls; will need to pass the open request through the backend access check for the subkey open calls
(This used to be commit 23acef44e9)
2007-10-10 10:57:18 -05:00
Gerald Carter
bb2616d018 r7645: adding server stubs for RegCreateKey() and RegSetValue()
(This used to be commit ce82566bad)
2007-10-10 10:57:18 -05:00
Gerald Carter
b162a396fe r7624: * removed unmatched tdb_lock_by_string() call (should fix build farm issues)
* comment out services.tdb code until I finish rewriting it
(This used to be commit 707b782228)
2007-10-10 10:57:17 -05:00
Gerald Carter
f2f115c2a2 r7614: convert move_driver_to_download_area() to return WERROR in order to provide better error messages to clients when a AddPrinterDriver[Ex]() call fails
(This used to be commit c98e17446a)
2007-10-10 10:57:16 -05:00
Gerald Carter
9b43bd3b62 r7613: small changes to _svcctl_open_service() and create_open_service_handle() to prevent invalid service names from being accepted; printmig.exe now migrates drivers successfully
(This used to be commit dafb32c01f)
2007-10-10 10:57:16 -05:00
Gerald Carter
5b678f7a84 r7610: can successfully stop and start the 'spooler' service by setting the state for the 'disable spoolss' parameter in memory for an individual smbd
(This used to be commit f19c10d0c3)
2007-10-10 10:57:16 -05:00
Günther Deschner
3f657f41cc r7606: add WERR_NET_NAME_NOT_FOUND. This is what windows returns when
trying to manipulate non-existing shares.

Guenther
(This used to be commit 2e5cb531ab)
2007-10-10 10:57:15 -05:00
Gerald Carter
899bc3a07d r7603: * fix a bug in the SERVICE_ALL_ACCESS security mask
* add calls to start and stop a service (to be filled
  in by the backend routines in services/svc_*.c
(This used to be commit 793d28a946)
2007-10-10 10:57:15 -05:00
Gerald Carter
2851e43e48 r7595: start trying to split out the svcctl functions into separate files for better maintenance; add SERVICE_CONTROL_OPS for spoolss service
(This used to be commit 2b0ea30a1a)
2007-10-10 10:57:15 -05:00
Gerald Carter
b6153cb78b r7583: * more rearranging and renaming of functions
* add access checks to _svcctl_XXX() calls based on
  the access granted on the handle
(This used to be commit 82b76d4b34)
2007-10-10 10:57:15 -05:00
Gerald Carter
cfe8933754 r7581: fix bad merge
(This used to be commit 55d0831103)
2007-10-10 10:57:14 -05:00
Gerald Carter
6109b8ad9d r7578: use global well known DOM_SID objects when possible
(This used to be commit 643dc05eb5)
2007-10-10 10:57:14 -05:00
Gerald Carter
023ac1031b r7576: implement access checks for open_scm and open_service
according to default security descriptor described in MSDN.

no one can get in to due to the permissions, but i'll fix
that next.
(This used to be commit 11902e503e)
2007-10-10 10:57:14 -05:00
Gerald Carter
2265f5c9d7 r7573: you can't make an omlette without break a few eggs....start reworking the svcctl code
(This used to be commit 24b369d12f)
2007-10-10 10:57:14 -05:00
Gerald Carter
d559edcce2 r7563: svcctl patches from Marcin; have cleaned up formating and am checking the code in to snapshot it before I start changing more things
(This used to be commit 560ce111ce)
2007-10-10 10:57:14 -05:00
Gerald Carter
c7081a0acd r7547: removing unused fields in the REGISTRY_KEY structure associated with open handles
(This used to be commit ffc7bd87d8)
2007-10-10 10:57:13 -05:00
Gerald Carter
129b461673 r7440: * merge registry server changes from trunk (so far) for more
printmig.exe work
* merge the sys_select_signal(char c) change from trunk
  in order to keeo the winbind code in sync
(This used to be commit a112c5570a)
2007-10-10 10:57:09 -05:00
Jeremy Allison
04e07e8cc9 r7385: Rewrite the RPC bind parsing functions to follow the spec. I haven't yet
tested this so I may have screwed this up - however it now follows the
DCE spec. valgrinded tests to follow....
Jeremy.
(This used to be commit 877e0a61f5)
2007-10-10 10:57:07 -05:00
Volker Lendecke
a01de91394 r7217: Only allow schannel connections if a successful Auth2 has been done
before. Things tested: Domain join and subsequent interactive and network
logon to NT4, W2kSP and XPSP2 workstations and a NT4 domain trusting us. Right
now I've got problems with my W2k3 domain trusts. So this needs testing,
although I'm really confident that this does not break.

Volker
(This used to be commit c25b4afda2)
2007-10-10 10:57:05 -05:00
Gerald Carter
f24d88cf9d r7139: trying to reduce the number of diffs between trunk and 3.0; changing version to 3.0.20pre1
(This used to be commit 9727d05241)
2007-10-10 10:57:02 -05:00
Gerald Carter
450e8d5749 r7130: remove 'winbind enable local accounts' code from the 3.0 tree
(This used to be commit 318c3db4cb)
2007-10-10 10:57:01 -05:00
Gerald Carter
f0c650a382 r6942: * merging the registry changes back to the 3.0 tree
* removing the testprns tool
(This used to be commit 81ffb0dbbb)
2007-10-10 10:56:57 -05:00
Jeremy Allison
fe0ce8dd8e r6890: Refactor printing interface to take offset into job. Fixes bug
where large print jobs can have out-of-order offsets. Bug found
by Arcady Chernyak <Arcady.Chernyak@efi.com>
Jeremy.
(This used to be commit 482f7e0e37)
2007-10-10 10:56:56 -05:00
Volker Lendecke
0e5aa494dd r6772: Fix a valgrind error for samr_open_alias uncovered by one of John's test.
Jerry, in query_aliasmem, set_aliasinfo and set_groupinfo (and possibly
others) need become_root()/unbecome_root() around the pdb calls. I'm not sure
I would do the access checks correctly, I would much rather leave that to
you.

Volker
(This used to be commit 88a67e96d1)
2007-10-10 10:56:54 -05:00
Gerald Carter
cf4005a78d r6680: event log patches from Marcin
(This used to be commit a71e104af8)
2007-10-10 10:56:51 -05:00
Gerald Carter
4f3c2d4424 r6679: BUG 2684: abartlett's patch for check the per service hosts allow/deny on printers when connecting via MS-RPC
(This used to be commit 80da9ca386)
2007-10-10 10:56:51 -05:00
Gerald Carter
03377b2a21 r6642: BUG 2686: shouold fix the group_setinfo() failures; similar to alias_setinfo() patch from last week
(This used to be commit 611cca473e)
2007-10-10 10:56:49 -05:00
Gerald Carter
28824fb197 r6601: fixing query and set alias info calls (level 1 from the
MMC manage computer plugin.
(This used to be commit c43c1ec80c)
2007-10-10 10:56:46 -05:00
Jeremy Allison
7b9d6ac23e r6595: This is Volkers new-talloc patch. Just got the go-ahead from
Volker to commit. Woo Hoo !
Jeremy.
(This used to be commit 316df944a4)
2007-10-10 10:56:46 -05:00
Gerald Carter
a7145e26c9 r6566: fix a couple of local group bugs.
* ensure that we set full access on the handle
  returned from _samr_create_dom_alias() so that
  future set_alias commands succeed

* fix bug when looking for internal domains in winbindd
  (caused winbindd_getgrgid() for local groups to fail).
(This used to be commit 4615c96ccb)
2007-10-10 10:56:45 -05:00
Volker Lendecke
0838e60486 r6536: Jeremy, did you actually test this part of revision 801? I just tested that
Windows 2003 returns "4 (Local Group)" for

rpcclient -c 'lookupnames "System Operators"'

Before #ifdef'ing that out again I would like to see a sniff how you get a "5"
(WKN_GRP) out of lsa_lookupnames.

Volker
(This used to be commit f6e2730510)
2007-10-10 10:56:44 -05:00
Gerald Carter
57eb9f47d0 r6421: use add machine script when creating a user (ACB_NORMAL)
who has a name ending in '$' (usrmgr.exe does this for
domain trusts (that's was jfm's original comment I think).

avoid an assert() call in libldap.
(This used to be commit 0ac57ae942)
2007-10-10 10:56:41 -05:00
Volker Lendecke
d3d6126d94 r6351: This is quite a large and intrusive patch, but there are not many pieces that
can be taken out of it, so I decided to commit this in one lump. It changes
the passdb enumerating functions to use ldap paged results where possible. In
particular the samr calls querydispinfo, enumdomusers and friends have
undergone significant internal changes. I have tested this extensively with
rpcclient and a bit with usrmgr.exe. More tests and the merge to trunk will
follow later.

The code is based on a first implementation by Günther Deschner, but has
evolved quite a bit since then.

Volker
(This used to be commit f0bb44ac58)
2007-10-10 10:56:38 -05:00
Volker Lendecke
110d86876e r6282: Before converting enum_dom_groups, better get the previous version a bit
closer to being correct. 'svn blame' shows CVSIN, but somehow I get the
feeling this is my code...

Volker
(This used to be commit 5d34bd6175)
2007-10-10 10:56:35 -05:00
Volker Lendecke
83e11ba86c r6263: Get rid of generate_wellknown_sids, they are const static and initializable
statically.

Volker
(This used to be commit 3493d9f383)
2007-10-10 10:56:33 -05:00
Gerald Carter
466a825ce7 r6232: more cleanups; remove BUFFER3; rename BUFFER4 -> RPC_DATA_BLOB; rename REG_CREATE_VALE -> REG_SET_VALUE
(This used to be commit 28d433351c)
2007-10-10 10:56:30 -05:00
Gerald Carter
b137b7cc47 r6228: remove BUFHDR2 and clean up LsaEnumTrustedDomains()
Tested client and server code.
(This used to be commit efb3ac4c69)
2007-10-10 10:56:30 -05:00
Herb Lewis
978ca84860 r6225: get rid of warnings from my compiler about nested externs
(This used to be commit efea76ac71)
2007-10-10 10:56:30 -05:00
Gerald Carter
b4c7204129 r6218: * fix a segv in EnumPrinters():rpc_buffer_alloc when the caller does not provide an
RPC_BUFFER in the request

* add initial (but wire untested) support for RegRestoreKey()
(This used to be commit 22855c7aae)
2007-10-10 10:56:29 -05:00
Derrell Lipman
9840db418b r6149: Fixes bugs #2498 and 2484.
1. using smbc_getxattr() et al, one may now request all access control
   entities in the ACL without getting all other NT attributes.
2. added the ability to exclude specified attributes from the result set
   provided by smbc_getxattr() et al, when requesting all attributes,
   all NT attributes, or all DOS attributes.
3. eliminated all compiler warnings, including when --enable-developer
   compiler flags are in use.  removed -Wcast-qual flag from list, as that
   is specifically to force warnings in the case of casting away qualifiers.

Note: In the process of eliminating compiler warnings, a few nasties were
      discovered.  In the file libads/sasl.c, PRIVATE kerberos interfaces
      are being used; and in libsmb/clikrb5.c, both PRIAVE and DEPRECATED
      kerberos interfaces are being used.  Someone who knows kerberos
      should look at these and determine if there is an alternate method
      of accomplishing the task.
(This used to be commit 994694f7f2)
2007-10-10 10:56:24 -05:00
Derrell Lipman
934d41d239 r6127: Eliminated all compiler warnings pertaining to mismatched "qualifiers". The
whole of samba comiles warning-free with the default compiler flags.

Temporarily defined -Wall to locate other potential problems.  Found an
unused static function (#ifdefed out rather than deleted, in case it's
needed for something in progress).

There are also a number of uses of undeclared functions, mostly krb5_*.
Files with these problems need to have appropriate header files included,
but they are not fixed in this update.

oplock_linux.c.c has undefined functions capget() and capset(), which need
to have "#undef _POSIX_SOURCE" specified before including <sys/capability.h>,
but that could potentially have other side effects, so that remains uncorrected
as well.

The flag -Wall should be added permanently to CFLAGS, and all warnings then
generated should be eliminated.
(This used to be commit 5b19ede88e)
2007-10-10 10:56:24 -05:00
Volker Lendecke
e84ead0cfd r6080: Port some of the non-critical changes from HEAD to 3_0. The main one is the
change in pdb_enum_alias_memberships to match samr.idl a bit closer.

Volker
(This used to be commit 3a67865169)
2007-10-10 10:56:20 -05:00