IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
r22412 | obnox | 2007-04-20 14:23:36 +0200 (Fr, 20 Apr 2007) | 5 lines
Add a "deletelocalgroup" subcommand to net sam.
Thanks to Karolin Seeger <ks@sernet.de>.
(This used to be commit fb6ac8a5b2)
and connections_forall. This centralizes all the routines that did individual
tdb_open("connections.tdb") and direct tdb_traverse.
Volker
(This used to be commit e43e94cda1)
This changes "struct process_id" to "struct server_id", keeping both is
just too much hassle. No functional change (I hope ;-))
Volker
(This used to be commit 0ad4b1226c)
when the add_sid_to_array_XX code was moved
from malloc to talloc. Found running valgrind
and rpcclient. Needs merging for 3.0.25 final.
Jeremy.
(This used to be commit 8af56dbd00)
Allows authorized users (e.g. BUILTIN\Administrators members) to
set attributes on an account, particularly "user cannot change
password".
add become_root() around updating attributes, after checking that
access has been granted.
(This used to be commit b1ab360519)
"host msdfs = true" to be set in the [global] section
and allow Vista to see shares with "msdfs root = yes"
and "msdfs root = no" off the same server. Down
to an error message really :-).
Jeremy.
(This used to be commit 1a0f69bb21)
works from smbclient and Windows, and I am promising to
support and fix both client and server code moving forward.
Still need to test the RPC admin support but I haven't
changed that code.
Jeremy.
(This used to be commit 7a7862c01d)
them. It just does not make sense to do a querydispinfo on an alias handle...
This fixes a memleak: Every samr_connect*() call leaked a DISP_INFO for the
(NULL) sid.
More cleanup pending: Essentially, we only need the DISP_INFO cache for the
get_global_sam_sid() domain. BUILTIN is fixed and small enough, and there are
no other domains around where enumerations could happen.
This also removes the explicit builtin_domain flags. I don't think this is
worth it. If this makes a significant difference, then we have a *VERY* tuned
RPC layer...
Jeremy, please check this. If it's ok, we might want to merge it across.
Volker
(This used to be commit 0aceda68a8)
Move more error code returns to NTSTATUS.
Client test code to follow... See if this
passes the build-farm before I add it into
3.0.25.
Jeremy.
(This used to be commit 83dbbdff34)
it needs the specific error message.
Make messages.c return NTSTATUS and specificially NT_STATUS_INVALID_HANDLE if
sending to a non-existent process.
Volker
(This used to be commit 3f620d181d)
the correct fix for the Vista bug, but it needed as
protection against invalid RPC. Thanks to Martin Zielinski <mz@seh.de>
for pointing this out.
Jeremy.
(This used to be commit fbab8e4ba9)
void message_register(int msg_type,
void (*fn)(int msg_type, struct process_id pid,
- void *buf, size_t len))
+ void *buf, size_t len,
+ void *private_data),
+ void *private_data)
{
struct dispatch_fns *dfn;
So this adds a (so far unused) private pointer that is passed from
message_register to the message handler. A prerequisite to implement a tiny
samba4-API compatible wrapper around our messaging system. That itself is
necessary for the Samba4 notify system.
Yes, I know, I could import the whole Samba4 messaging system, but I want to
do it step by step and I think getting notify in is more important in this
step.
Volker
(This used to be commit c8ae60ed65)
to allow Vista to upload printer drivers (it wants level 8
which we don't support yet). Downgrade in the same way
that Windows servers do.
Jeremy.
(This used to be commit 01c659692c)
watch carefully - so I'm doing it in one transaction so I can
roll back).
Change check_name(), reduce_name() and dptr_create() to
return NTSTATUS. This helps a lot in error path processing
and especially in reduce_name() allows us to ditch the flaky
and error-prone saving of errno and return errors directly.
Jeremy.
(This used to be commit 6133a694aa)
add [ref] pointers where necessary (top-level [ref] pointers,
by spec, don't appear on the wire).
This brings us closer to the DCE/RPC standard again.
(This used to be commit 580f2a7197)
in the next step we can store them in LDAP to be replicated across DCs.
Thanks to Michael Adam <ma@sernet.de>
Volker
(This used to be commit 3c879745cf)
The only difference between the two trees now w.r.t file
serving are the changes to smbd/open.c in this branch I need
to review.
Jeremy.
(This used to be commit f4474edf6a)
The main thing here is a rewrite of srv_winreg_nt.c. The core functionality
has moved to registry/reg_api.c which is then usable by the rest of Samba as
well.
On that way it fixes creating keys with more than one element in the
path. This did not work before.
Two things that sneaked in (sorry :-) is the change of some routines from
NTSTATUS to WERROR the removed "parent" argument to regkey_open_internal.
Volker
(This used to be commit fea52801de)
With more than 5 different trees I can't swear that I did test this properly
yesterday. Sorry for the noise.
Volker
(This used to be commit 978a6196bf)
other StringBufs, otherwise clicking on a key with this value being set leads
to regedit.exe on w2k3 chew all memory.
(This used to be commit b148cde7f3)
considerably here.
This temporarily removes a cache for the tdb based registry, I'll re-add that
in srv_winreg_nt.c in the next step.
This fixes creating/renaming values from the windows regedit.exe, as "New
Value #1" was not entering the cache after being created.
Volker
(This used to be commit c8c81f0e86)
length in *bytes* for UTF-16, not the string length. This got lost during the
conversion.
This took a while to figure out :-)
Thanks to Chetan!
Volker
(This used to be commit 8df6544fa8)
Jerry, please check this. The way I understood alpha_strcpy the last arg needs
to be the size of the target, not of the source.
Thanks,
Volker
(This used to be commit 287d68daab)
Convert the low-hanging fruit of the LSA server. This provides a sample how
the server calls can be converted one by one, see the "proxy_lsa_call"
function.
Volker
(This used to be commit 99e54a213a)
password at next logon" code. The "password last set time" of zero now
means "user must change password", because that's how windows seems to
use it. The "can change" and "must change" times are now calculated
based on the "last set" time and policies.
We use the "can change" field now to indicate that a user cannot change
a password by putting MAX_TIME_T in it (so long as "last set" time isn't
zero). Based on this, we set the password-can-change bit in the
faked secdesc.
(This used to be commit 21abbeaee9)
getprinter calls. Survives the RPC-SAMBA3-SPOOLSS test which I will activate
when the Samba4 build farm has picked it up.
Volker
(This used to be commit d7248b6cfa)
in,out ref pointer
* Clarify variable names in EnumValue IDL
* Fix server code for _winreg_EnumValue() and _winreg_QueryInfoKe()
(This used to be commit f520a9d0fb)
This has had some basic testing. I'll do more during the next couple of days and hopefully also
make RPC-SRVSVC from Samba4 pass against it.
(This used to be commit ef10672399)
Many things work (OpenHKLM, etc...) but some still don't.
This shouldn't block anyone so I'm checking it in.
Will probably move to a bzr tree after this for
longer dev cycles between checkins.
(This used to be commit cf1404a0d7)
* Remove the old wkssvc server, client, & parsing code.
* Update srv_wkssvc_nt.c with stubs for the remaining
stubs
(This used to be commit 0cb79ee13f)
calculated based on the last change time, policies, and acb flags.
Next step will be to not bother storing them. Right now I'm just trying to
get them reported correctly.
(This used to be commit fd5761c9e5)
the flags determines what kind of share is this.
I suppose 0x80000000 means something like (legacy) as it will
fail for any share name longer then 13 chars (same size accepted
for old RAP calls that come from pre NT OSs.
Jerry,
let me know if you want me to commit this to 3_0_23
Simo.
(This used to be commit f09f8b2d82)
* autogenerate lsa ndr code
* rename 'enum SID_NAME_USE' to 'enum lsa_SidType'
* merge a log more security descriptor functions from
gen_ndr/ndr_security.c in SAMBA_4_0
The most embarassing thing is the "#define strlen_m strlen"
We need a real implementation in SAMBA_3_0 which I'll work on
after this code is in.
(This used to be commit 3da9f80c28)
Remove some unused code: pdb_find_alias is not used anymore, and nobody I
think has ever used the pdb_nop operations for group mapping. smbpasswd and
tdb use the default ones and ldap has its own.
Make the functions pdb_getgr* return NTSTATUS instead of BOOL. Nobody right
now really makes use of it, but it feels wrong to throw away information so
early.
Volker
(This used to be commit f9856f6490)
* Remove "unknown" from dfs_Enum (samba4 dfs IDL updates to follow).
* When encountering an unsupported infolevel the rpc server must reply
with a dfs_info_0 structure and WERR_OK (observed from w2k3 when talking
to nt4).
Guenther
(This used to be commit f9bef1f08f)
an update_sam_account later on, we want to also set it using the delete/add
method. As the idealx tools use the replace method, they don't care about what
has been in there before.
Jerry, this is a likely 3.0.23b candidate. Not merging, it's your call :-)
Volker
(This used to be commit f002a36338)
fix the messaging code to call the efficient calls :
save_re_uid()
set_effective_uid(0);
messaging_op
restore_re_uid();
instead of using heavyweight become_root()/unbecome_root()
pairs around all messaging code. Fixup the messaging
code to ensure sec_init() is called (only once) so that non-root
processes still work when sending messages.
This is a lighter weight solution to become_root()/unbecome_root()
(which swaps all the supplemental groups) and should be more
efficient. I will migrate all server code over to using this
(a similar technique should be used in the passdb backend
where needed).
Jeremy.
(This used to be commit 4ace291278)
wasn't being freed - also one enum jobs case where the
NT_PRINTER_INFO_LEVEL and queue weren't being freed.
Strange that Coverity or Klokwork didn't pick these up.
Hopefully will fix#3962.
Jeremy.
(This used to be commit bb26412387)
rpc-lsa test even considers NT_STATUS_RPC_PROTSEQ_NOT_SUPPORTED not to be an
error.
Before someone re-activates this, show me a working sniff please :-)
Volker
(This used to be commit b185fb9fa6)
* Make sure to lower case all usernames before
calling the create, delete, or rename hooks.
* Preserve case for usernames in passdb
* Flush the getpwnam cache after renaming a user
* Add become/unbecome root block in _samr_delete_dom_user()
when trying to verify the account's existence.
(This used to be commit bbe11b7a95)
and the decision which token to use (conn or vuser) does not really belong
here, it is better done in the two places where this is called.
Volker
(This used to be commit 0a138888ad)
Found that because I want to play around with setsharesecurity, for this I
need the "whoami" call figuring out the SID of the currently connected user.
Not activating this test yet until the build farm has picked up the new samba4
revision.
Volker
(This used to be commit 5cfe482841)
> r16959 | vlendec | 2006-07-11 23:10:44 +0200 (Di, 11 Jul 2006) | 1 line
>
> get_share_security does not need snum, activate RPC-SAMBA3-SRVSVC
Volker
(This used to be commit c89471e157)
1177
In reg_perfcount.c: 1200 1202 1203 1204
In regfio.c: 1243 1245 1246 1247 1251
Jerry, the reg_perfcount and regfio.c ones, can you take a look please? This
is really your code, and I'm not sure I did the right thing to return an
error.
smbcacls.c: 1377
srv_eventlog_nt.c: 1415 1416 1417
srv_lsa_nt.c: 1420 1421
srv_netlog_nt.c: 1429
srv_samr_nt: 1458 1459 1460
Volker
Volker
(This used to be commit d6547d12b1)
Make 2 important changes. pdb_get_methods()
returning NULL is a *fatal* error. Don't try
and cope with it just call smb_panic. This
removes a *lot* of pointless "if (!pdb)" handling
code. Secondly, ensure that if samu_init()
fails we *always* back out of a function. That
way we are never in a situation where the pdb_XXX()
functions need to start with a "if (sampass)"
test - this was just bad design, not defensive
programming.
Jeremy.
(This used to be commit a0d368197d)
reason but to increase fidelity with W2k3. Tom Bork has raised valid concerns
that Unix scripts might rely on the account names being lower-case, so keep
that. We might later decide to only lower-case the unix name passed to
'add [user|group] script' but keep the passdb entry upper-case. But there are
enough user-visible changes in 3_0 already so that we should push this off to
a later date.
Tom, waiting for more bug reports from you ;-))
Thanks for insisting!
Volker
(This used to be commit bc78cca290)
SetUserInfo level 25 to survive the join method XP uses if the user did not
exist before. For good taste this contains way too much cut&paste, but for a
real fix there is just not enough time.
Up to 3.0.22 we completely ignored that a full level 21 is being sent together
with level 25, but we got away with that because on creation we did not set
the "disabled" flag on the workstation account. Now we correctly follow W2k3
in this regard, and we end up with a disabled workstation after join.
Man, I hate rpc_parse/. The correct fix would be to import PIDL generated samr
parsing, but this is would probably be a bit too much for .23...
Thanks to Tom Bork for finding this one.
Volker
(This used to be commit 5a37aba105)
fix this in 3.0 ?
Jeremy.
We had no way to return NT_STATUS_OK from the netlogon serverpwset,
although
we successfully set the machine password...
One thing the samba3 join test found.
Volker
(This used to be commit e5b7acc9b5)
difference between samr_query_domain_info and samr_query_domain_info2,
wrap the info2 call around the info call. There have been various "could
not access LDAP when not root" bugs lurking around in
samr_query_domain_info2 anyway.
Guenther
(This used to be commit 3e181b46be)
name eversince instead of the domain name when we are a DC.
Yes, there are applications relying on this call to be correct.
Guenther
(This used to be commit 26dd22c9af)
With this change (and setting lanman auth = no in smb.conf)
we have *identical* NTLMSSP flags to W2K3 in SPNEGO auth.
Jeremy
(This used to be commit 93ca3eee55)
servers. Also add a new "net rpc audit" tool. The lsa query infolevels
were taken from samb4 IDL, the lsa policy flags and categories are
partly documented on msdn. I need to cleanup the double
lsa_query_info_policy{2}{_new} calls next.
Guenther
(This used to be commit 0fed66926f)
* Finally fix parsing idmap uid/gid ranges not to break with spaces
surrounding the '-'
* Allow local groups to renamed by adding info level 2 to
_samr_set_aliasinfo()
* Fix parsing bug in _samr_del_dom_alias() reply
* Prevent root from being deleted via Samba
* Prevent builting groups from being renamed or deleted
* Fix bug in pdb_tdb that broke renaming user accounts
* Make sure winbindd is running when trying to create the Administrators
and Users BUILTIN groups automatically from smbd (and not just check the
winbind nexted groups parameter value).
* Have the top level rid allocator verify that the RID it is about to
grant is not already assigned in our own SAM (retries up to 250 times).
This fixes passdb with existing SIDs assigned to users from the RID algorithm
but not monotonically allocating the RIDs from passdb.
(This used to be commit db1162241f)
