1
0
mirror of https://github.com/samba-team/samba.git synced 2025-02-21 01:59:07 +03:00

11046 Commits

Author SHA1 Message Date
Gerald Carter
42d8455a02 BUG 1129: patch from shiro@miraclelinux.com (Shiro Yamada) to install image files for SWAT -
Jim McDonough
c1b1a1961f fix typo for callback bit -
Simo Sorce
90640a523e Let's be polite with poorer backends ;-) -
Volker Lendecke
6cad5bcc28 This adds winbind-generated groups showing up in 'getent group'. It is not
very efficient though, it only does one group at a time. Needs improving, but
the structures are not particularly easy to set up, so check in the basically
working part for others to review.

I'm close to saying that I would like to remove aliases from general group
mapping. These can not be reflected correctly in /etc/group, winbind could do
a better job here.

And having aliases only on machines with nss_winbind at least for me is not a
too severe limitation.

Comments?

Volker
-
Gerald Carter
e721255e8f allow the 'printing' parameter to be set on a per share basis.
The problem was that the current_printif struct was set during
print_backend_init() based on the 'printcap name'.  So you could
not use cups and then override the setting for a specific printer
by setting 'printing = bsd' (a common setup for pdf generation
print services.

There is a subtle change in behavior in that the print
interface functions are selecting on the basis of lp_printing()
and not lp_printcap_name(), but the new behavior seems more
intuitive IMHO.
-
Volker Lendecke
b790753f44 Idra, your privileges patch allowed login only with tdbsam. The problem is
that pdb_default_get_privilege_set returns NOT_IMPLEMENTED and not a privilege
set that does not grant anything. I don't really understand privileges yet, so
work around that by not failing if pdb_get_privilege_set fails.

Volker
-
Simo Sorce
fa6500fe77 Sorry, forgot to commit an essential piece. -
Volker Lendecke
18e4819083 Expand aliases for winbind-generated groups.
Do:

wbinfo -C alias
net groupmap set alias alias -L
net rpc group addmem alias DOMAIN\\group -S localhost -Uroot%secret
getent group alias

And hopefully the members of domain\\group show up :-)

Still have to get them to show up in 'getent group'.

Volker
-
Gerald Carter
fae17e0f9d merging from 3.0 -
Gerald Carter
eb8a8c290f BUG 1147; bad pointer case in get_stored_queue_info() causing seg fault -
Simo Sorce
7a78c3605e Ok here it is my latest work on privileges
This patch add privilege support for samba
Currently it is implemented only for tdbsam backend but estending it to
other sam backends is straightforward.

I must make a big thank to JFM for his teachings on the matter and the
functions at the base of this work.

At thye moment only samr_create_user honours SeAddUsersPrivilege and
SeMachineAccountPrivilege to permit any user to add machines and/or users to
the server.

The command "net priv" has been provided to manipulate the privileges
database.

There are still many things to do (like support in "net rpc vampire") but
the working core is here.

Feel free to comment/extend on this work.

Of course I will deny that any bug may affect this code :-)
Simo.


This patch adds also my patch about add share command enhancements.
-
Volker Lendecke
eb18cb83d1 Fix Tim's fix for . Tim, could you look at that again?
With only your fix in for example smb.conf was expected in /smb.conf...

Thanks,

Volker
-
Volker Lendecke
f95a5d8147 When asked to delete an alias member, don't add it ...
Volker
-
Volker Lendecke
52dae45684 Add aliases to winbindd_getgroups().
su - WINDOWS\\vl

now includes the locally defined aliases I'm member of.

Next will be getent group.

Volker
-
Tim Potter
e0382635a5 Fix bugzilla where running configure --with-fhs=anything would
turn on fhs compliant paths.  Spotted by Timur Bakeyev.
-
Volker Lendecke
30ef8fe1e8 Apply my experimental aliases support to HEAD. This will be a bit difficult to
merge to 3_0, as the pdb interfaces has changed a bit between the two.

This has not been tested too severly (which means it's completely broken ;-),
but I want it in for review. Feel free to revert it :-)

TODO:

make 'net groupmap' a bit more friendly for alias members.

Put that stuff into pdb_ldap.

Getting the information over to winbind. One plan without linking pdb into
winbind would be to fill group_mapping.tdb with the membership information and
have that as a cache (or use gencache.tdb?). smbd on a PDC or stand-alone
could trigger that itself, the problem is a BDC using LDAP. This needs to do
it on a regular basis. The BDC smbd needs to be informed about SAM changes
somehow...

Volker
-
Volker Lendecke
26d99204b7 net_rpc.c: Don't complain if [add|del]mem was successful.
srv_samr_nt.c: Correctly report that a user is not member of an alias.

Volker
-
Volker Lendecke
73117f5e41 Trivial commit to make 'smbdiff 3_0/source head/source' two files smaller.
Volker
-
Volker Lendecke
9cfc97df45 Print an informative error message if trying to add/remove members from
something not a group.

Volker
-
Volker Lendecke
6785dc84ce Add 'net rpc group [add|del]mem' for domain groups and aliases.
Volker
-
Volker Lendecke
710969acaa Fix my fix to net rpc group list. We can certainly have more than a single
set of groups.

Volker
-
Jeremy Allison
4b12623229 Can't set allocation size on directories, return correct error code on
fail if file exists and target is a directory. gentest.
Jeremy.
-
Jeremy Allison
2a457e2e28 More gentest fixes. Fix up regression in IS_NAME_VALID and renames.
Jeremy.
-
Rafal Szczesniak
ed26b550b5 Added copyrights I forgot about looong ago...
rafal
-
Rafal Szczesniak
cfb1b7bda9 Adding ability to operate on trust passwords to pdbedit. This enables
new functionality and testing interface for new pdb functions.

Also, quite a bit of objects is being added to pdbedit in order to make
it able to find domain sid automatically (if not given explicitly).
If such amount of "wisdom" is not required to be in pdbedit, I'll move
it to 'net' which will have this new functionality, anyway.


rafal
-
Rafal Szczesniak
39bc55e4d4 Disabling GUMS (gums_tdbsam2) temporarily, to fix the build.
rafal
-
Tim Potter
892b164040 Fix for writable printerdata problem - bugzilla . -
Volker Lendecke
b9ae67a3a2 That const was one too many -
Volker Lendecke
69879ceffa Implement 'net groupmap set' and 'net groupmap cleanup'.
I was rather annoyed by the net groupmap syntax, I could never get it
right.

net groupmap set "domain admins" domadm

creates a mapping,

net groupmap set "domain admins" -C "Comment" -N "newntname"

should also do what you expect.

net groupmap cleanup

solves a problem I've had two times now: Our SID changed, and a user's primary
group was mapped to a SID that is not ours. net groupmap cleanup removes all
mappings that are not from our domain sid.

Volker
-
Volker Lendecke
a3a15be5a2 And another little const -
Volker Lendecke
f1b66461eb Apply some const
Volker
-
Jeremy Allison
17c88758ae Interesting fact found by IFSTEST /t LockOverlappedTest...
Even if it's our own lock context, we need to wait here as
there may be an unlock on the way.
So I removed a "&& !my_lock_ctx" from the following
if statement.

if ((lock_timeout != 0) && lp_blocking_locks(SNUM(conn)) && ERROR_WAS_LOCK_DENIED(status)) {

Jeremy.
-
Andrew Bartlett
af1b6447b8 (merge from 3.0)
Fix bug in previous global_sam_sid() commit.  I broke the 'read from
MACHINE.SID' file functionality.

Also, before we print out the results of 'net getlocalsid' and 'net
getdomainsid', ensure we have tried to read that file, or have
generated one.

Andrew Bartlett
-
Richard Sharpe
89d810d234 Adds some more tests of renaming an open file that has been opened with
different share modes. It also has a commented out test to see if we can
actually open a renamed file, and it turns out that we can, it seems. I am
not sure at this stage how long that is the case for, though.
-
Andrew Bartlett
f3ecdea56d (merge from 3.0)
I *hate* global variables...

OK, what was happening here was that we would invalidate global_sam_sid
when we set the sid into secrets.tdb, to force a re-read.

The problem was, we would do *two* writes into the TDB, and the second one
(in the PDC/BDC case) would be of a NULL pointer.  This caused smbd startups
to fail, on a blank TDB.

By using a local variable in the pdb_generate_sam_sid() code, we avoid this
particular trap.

I've also added better debugging for the case where this all matters, which
is particularly for LDAP, where it finds out a domain SID from the sambaDomain
object.

Andrew Bartlett
-
Jeremy Allison
e46aaffe97 Fixup strange rename error case (gentest).
Jeremy.
-
Jim McDonough
d02dd0e5f5 Do the query part of the previous fix...reset time and duration are set in minutes, not seconds. Works from usrmgr. -
Jim McDonough
08a7c9697d reset time and duration are set in minutes, not seconds. Works from usrmgr. -
Jeremy Allison
755b66303d Figured out a new flags bit with gentest and ethereal....
Jeremy.
-
Jeremy Allison
9aa37cb840 More gentest fun :-). NB. I'm not fixing OpenX breakage 'cos if you look
at what W2K3 accepts here it's COMPLETELY BROKEN ! :-).
Jeremy.
-
Jeremy Allison
fc98116939 More gentest fixes.
Jeremy.
-
Volker Lendecke
9cadd14aa5 Add 'net rpc group add'. For this parse_samr.c had to be changed: The
group_info4 in set_dom_group_info also has the level in the record
itself. This seems not to be an align. Tested with NT4 usrmgr.exe. It can
still create a domain group on a samba machine.

Volker
-
Volker Lendecke
f5af0326e6 Remove unused variable.
Volker
-
Volker Lendecke
efad125f40 'net idmap restore' is too useful to be left broken :-)
Set the HWM values correctly after having manipulated the tdb.

Volker
-
Jeremy Allison
c85b617aa0 Ensure '.' and '..' don't match in delete requests.
Jeremy.
-
Jeremy Allison
f353cafa9d More gentest error fixups.
Jeremy.
-
Jeremy Allison
55f13d743e Fixup bad-path error found by gentest.
Jeremy.
-
Jeremy Allison
d236372876 Added NTrename SMB (0xA5) - how did we miss this.... ?
Jeremy.
-
Jeremy Allison
6356b79268 Fixup correct timeout values for blocking lock timeouts (tested at connectathon
by Herb).
Jeremy.
-
Andrew Bartlett
2003cdc65e (merge from 3.0)
Found by Fabien Chevalier <fabien.chevalier@supelec.fr> and
JustFillBug <mozbugbox@yahoo.com.au> on the Samba lists - a 'max
password age' of zero should be considered as 'never expire'.

For the timebeing we just set it like -1, but we might revisit this
for closer-to-ms behaviour.

Andrew Bartlett
-