IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
* Add a few new error codes for disabled services
* dump some more details about service status in 'net rpc service'
* disable the WINS and NetLogon services if not configured in smb.conf
Still trying to figure out how to disable the start button
on the NetLogon and WINS services.
(This used to be commit c0f54eeebc)
We came to the conclusion that changing the default is something that has to
wait one or two more releases, but it will happen one way or the other.
Volker
(This used to be commit 30fcdf84d8)
talloc_describe_all() function. Fix smbcontrol <pid> pool-usage
as we desparately need it working in the field to track down
memory leaks. Seriously, when new functionality like the
Samba4 talloc is added, don't just disable working functionality
like "pool-usage", fix the damn thing first !
Jeremy.
(This used to be commit 2e262a75cc)
logons work if the client gives the MSV1_0_ALLOW_SERVER_TRUST_ACCOUNT
or MSV1_0_ALLOW_WORKSTATION_TRUST_ACCOUNT flags. This changes
the auth module interface to 2 (from 1). The effect of this is
that clients can access resources as a machine account if they
set these flags. This is the same as Windows (think of a VPN
where the vpn client authenticates itself to a VPN server
using machine account credentials - the vpn server checks
that the machine password was valid by performing a machine
account check with the PDC in the same was as it would a
user account check. I may add in a restriction (parameter)
to allow this behaviour to be turned off (as it was previously).
That may be on by default.
Andrew Bartlett please review this change carefully.
Jeremy.
(This used to be commit d1caef8663)
of the Samba4 timezone handling code back into Samba3.
Gets rid of "kludge-gmt" and removes the effectiveness
of the parameter "time offset" (I can add this back
in very easily if needed) - it's no longer being
looked at. I'm hoping this will fix the problems people
have been having with DST transitions. I'll start comprehensive
testing tomorrow, but for now all modifications are done.
Splits time get/set functions into srv_XXX and cli_XXX
as they need to look at different timezone offsets.
Get rid of much of the "efficiency" cruft that was
added to Samba back in the day when the C library
timezone handling functions were slow.
Jeremy.
(This used to be commit 414303bc02)
* \PIPE\unixinfo
* winbindd's {group,alias}membership new functions
* winbindd's lookupsids() functionality
* swat (trunk changes to be reverted as per discussion with Deryck)
(This used to be commit 939c3cb5d7)
the new talloc() features:
Note that the REGSUB_CTR and REGVAL_CTR objects *must* be talloc()'d
since the methods use the object pointer as the talloc context for
internal private data.
There is no longer a regXXX_ctr_intit() and regXXX_ctr_destroy()
pair of functions. Simply TALLOC_ZERO_P() and TALLOC_FREE() the
object.
Also had to convert the printer_info_2->NT_PRINTER_DATA field
to be talloc()'d as well. This is just a stop on the road to
cleaning up the printer memory management.
(This used to be commit ef721333ab)
accounts (accounts without AcctCtrl set) after a vampire-process.
New Accounts tend to hace no acb_info at all which means "0"
(ACB_NORMAL). Unless 0 becomes not 0 we don't do anything and set *no*
acctrl for normal users at all (!). Those crippled users now don't show
up in usrmgr since 3.0.20somethings ldap-routines now finally test if
the attribute is there.
Guenther
(This used to be commit c270ae79b5)
using USER_INFO_XX structs and functions where XX was sometimes
in hex and sometimes in decimal. Now it's all in decimal (should
be no functionality change).
Jeremy.
(This used to be commit 84651aca04)
tests on this as it's very late NY time (just wanted to get this work
into the tree). I'll test this over the weekend....
Jerry - in looking at the difference between the two trees there
seem to be some printing/ntprinting.c and registry changes we might
want to examine to try keep in sync.
Jeremy.
(This used to be commit c7fe18761e)
that's my copyright...that's just how we have to do things at big blue.
Adds subcommand to vampire to allow data to be put into an ldif file instead
of actually writing to the passdb. See "net rpc help vampire" for usage
info. This should be added to docs as well.
(This used to be commit cb5634a305)
safe for using our headers and linking with C++ modules. Stops us
from using C++ reserved keywords in our code.
Jeremy
(This used to be commit 9506b8e145)
* start adding write support to the Samba registry
Flesh out the server implementations of
RegCreateKey(), RegSetValue(), RegDeleteKey() and RegDeleteValue()
I can create a new key using regedit.exe now but the 'New Key #1'
key cannot be deleted yet.
(This used to be commit e188fdbef8)
* Allow to copy share security descriptors to already existing shares
separatly.
* Added abstraction function to enum all or a single share info
Guenther
(This used to be commit 97097497ae)
much straither.
copy_top_level_perms() is jra's work.
I modified the copy_top_level_perms() function to use the copy_clistate.
And I don't forget trunk.
Lars
(This used to be commit 2c68568e52)
dir of a share. Till now we excluded '.' and '..' in general. For the
fix the information about top or lower level dir is stored in the
copy_clistate. src and dst share are now also part of this struct and
we only pass a pointer to the struct to the functions.
This bug was found by Bill Calero of Novell. Thanks Bill!
With this checkin no new functionality was added. But the copy_clistate
already knows about a mode. Later beside the migrate an additional
report mode will be added.
This changes are coordinated with Günther <gd>.
Lars
(This used to be commit 506aaefa37)
--show-all-parameters
Enumerates all available parameters, grouped in to sections
[local] and [global] by the class of the parameter. Each line
is formated name=type[,enum values],flags
--parameter-name
Display the setting of the named parameter. The global section
is assumed if no other is set with --section-name
--section-name
Limit the view of testparm to the named section. Use 'global'
to only view the settings of the global section.
This fixes bug #2767.
Lars
(This used to be commit a1b82624d7)
rpcclient-tester for some info-levels.
Jerry, I tried to adopt to prs_pointer() where possible and to not
interfere with your work for usrmgr.
- Add "net rpc trustdom vampire"-tool.
This allows to retrieve Interdomain Trust(ed)-Relationships from
NT4-Servers including cleartext-passwords (still stored in the local
secrets.tdb).
The net-hook was done in cooperation with Lars Mueller
<lmuelle@suse.de>.
To vampire trusted domains simply call:
net rpc trustdom vampire -S nt4dc -Uadmin%pass
Guenther
(This used to be commit 5125852939)
* add synonym for idmap_rid in better lining with
other idmap backend names
* remove old debug messages when idmap {uid|gid} options
are not defined
(This used to be commit 03ebf3ebfe)
modeled after query_displayinfo and should hide the differences between users,
groups and aliases while allowing a cache analog load_sampw_entries:
struct pdb_search *pdb_search_users(uint16 acct_flags);
struct pdb_search *pdb_search_groups(void);
struct pdb_search *pdb_search_aliases(const DOM_SID *sid);
uint32 pdb_search_entries(struct pdb_search *search, uint32 start_idx,
uint32 max_entries,
struct samr_displayentry **result);
void pdb_search_destroy(struct pdb_search *search);
Why this API? Eventually we will need to apply the work gd has started on
enumerating users with paged ldap searches to groups and aliases. Before doing
that I want to clean up the search routines we have.
The sample application (more to follow) is 'net maxrid'.
Volker
(This used to be commit 8b4f67a1e9)
this is to test future changes to enumeration functions...
This can successfully list users from nt4 and w2k3sp1.
Volker
(This used to be commit c73f2656fd)
1. using smbc_getxattr() et al, one may now request all access control
entities in the ACL without getting all other NT attributes.
2. added the ability to exclude specified attributes from the result set
provided by smbc_getxattr() et al, when requesting all attributes,
all NT attributes, or all DOS attributes.
3. eliminated all compiler warnings, including when --enable-developer
compiler flags are in use. removed -Wcast-qual flag from list, as that
is specifically to force warnings in the case of casting away qualifiers.
Note: In the process of eliminating compiler warnings, a few nasties were
discovered. In the file libads/sasl.c, PRIVATE kerberos interfaces
are being used; and in libsmb/clikrb5.c, both PRIAVE and DEPRECATED
kerberos interfaces are being used. Someone who knows kerberos
should look at these and determine if there is an alternate method
of accomplishing the task.
(This used to be commit 994694f7f2)
whole of samba comiles warning-free with the default compiler flags.
Temporarily defined -Wall to locate other potential problems. Found an
unused static function (#ifdefed out rather than deleted, in case it's
needed for something in progress).
There are also a number of uses of undeclared functions, mostly krb5_*.
Files with these problems need to have appropriate header files included,
but they are not fixed in this update.
oplock_linux.c.c has undefined functions capget() and capset(), which need
to have "#undef _POSIX_SOURCE" specified before including <sys/capability.h>,
but that could potentially have other side effects, so that remains uncorrected
as well.
The flag -Wall should be added permanently to CFLAGS, and all warnings then
generated should be eliminated.
(This used to be commit 5b19ede88e)
* add some backwards compatibility to 'net rpc rights list'
* verify privilege name in 'net rpc rights privileges <name>' in order
to give back better error messages.
(This used to be commit 0e29dc8aa3)
spooler service is SVCCTL_RUNNING.
Configuration details:
Service Type = 0x110
Start Type = 0x2
Error Control = 0x1
Tag ID = 0x0
Executable Path = C:\WINNT\system32\spoolsv.exe
Load Order Group = SpoolerGroup
Dependencies = RPCSS/
Start Name = LocalSystem
Display Name = Print Spooler
(This used to be commit b921bf5688)
- Make it possible to list users that are given a specific privilege
- Make the lisitng interface a bit more usable by distinguishing
between "keys" and "names", using user names directly still
supported for backward compatibility
(This used to be commit 9797b33f23)
bit more effort.
The real fix for this would be to open an schannel netlogon connection to the
remote DC and change the trust account password...
Volker
(This used to be commit ab8991c384)
referencing unknown_6 from sam, because it's just fixed at 1260, the max
len of LOGON_HRS. Need to go in and mark it as "remove me" from passdb.
(This used to be commit ffac752875)
With Windows2003 it's perfectly legal to receive no data when querying a
value-less subkey. Found while migrating printer settings.
Guenther
(This used to be commit 3e04def033)
that says the user is in 0 groups, and we issue an RPC to LookupIds for 0 RIDs.
The printing that there are no groups the user is a member of might be overkill
in that it might upset existing scripts that don't expect that output.
(This used to be commit d3482e118f)
Implement 'net afs impersonate', generate a token for a specified user. You
obviously need to be root for this operation.
Volker
(This used to be commit 5818b092e6)
Does automated migration from account_policy.tdb v1 and v2 and offers a
pdbedit-Migration interface. Jerry, please feel free to revert that if
you have other plans.
Guenther
(This used to be commit 75af83dfcd)
* define some const SE_PRIV structure for use when
you need a SE_PRIV* to a privilege
* fix an annoying compiler warngin in smbfilter.c
* translate SIDs to names in 'net rpc rights list accounts'
* fix a seg fault in cli_lsa_enum_account_rights caused by
me forgetting the precedence of * vs. []
(This used to be commit d25fc84bc2)
