IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
With this change (and setting lanman auth = no in smb.conf)
we have *identical* NTLMSSP flags to W2K3 in SPNEGO auth.
Jeremy
(This used to be commit 93ca3eee55)
servers. Also add a new "net rpc audit" tool. The lsa query infolevels
were taken from samb4 IDL, the lsa policy flags and categories are
partly documented on msdn. I need to cleanup the double
lsa_query_info_policy{2}{_new} calls next.
Guenther
(This used to be commit 0fed66926f)
* Fix a couple of related parsing issues.
* in the info3 reply in a samlogon, return the ACB-flags (instead of
returning zero)
Guenther
(This used to be commit 5b89e8bc24)
Implement 'net rpc shell account' -- An editor for account policies
nt_time_to_unix_abs changed its argument which to me seems wrong, and I could
not find a caller that depends on this. So I changed it. Applied some more
const in time.c.
Volker
(This used to be commit fc73690a70)
1. Fix a crash bug which should have reared its ugly head ages ago, but for
some reason, remained dormant until recently. The bug pertained to
libsmbclient doing a structure assignment of a cli after having opened a
pipe. The pipe open code makes a copy of the cli pointer that was passed
to it. If the cli is later copied (and that cli pointer that was saved
is no longer valid), the pipe code will cause a crash during shutdown or
when the copied cli is closed.
2. The 'type' field in enumerated shares was not being set correctly with
the new RPC-based mechanism for enumerating shares.
(This used to be commit 62a02b8f2a)
logons work if the client gives the MSV1_0_ALLOW_SERVER_TRUST_ACCOUNT
or MSV1_0_ALLOW_WORKSTATION_TRUST_ACCOUNT flags. This changes
the auth module interface to 2 (from 1). The effect of this is
that clients can access resources as a machine account if they
set these flags. This is the same as Windows (think of a VPN
where the vpn client authenticates itself to a VPN server
using machine account credentials - the vpn server checks
that the machine password was valid by performing a machine
account check with the PDC in the same was as it would a
user account check. I may add in a restriction (parameter)
to allow this behaviour to be turned off (as it was previously).
That may be on by default.
Andrew Bartlett please review this change carefully.
Jeremy.
(This used to be commit d1caef8663)
(this is the way it's been done in other functions). Instead
of moving this into the IDL, I think the best solution would
be to write a wrapper function around any call that needs
this (this is what we already do for many of the calls).
Jeremy.
(This used to be commit aeca4efa11)
* \PIPE\unixinfo
* winbindd's {group,alias}membership new functions
* winbindd's lookupsids() functionality
* swat (trunk changes to be reverted as per discussion with Deryck)
(This used to be commit 939c3cb5d7)
the new talloc() features:
Note that the REGSUB_CTR and REGVAL_CTR objects *must* be talloc()'d
since the methods use the object pointer as the talloc context for
internal private data.
There is no longer a regXXX_ctr_intit() and regXXX_ctr_destroy()
pair of functions. Simply TALLOC_ZERO_P() and TALLOC_FREE() the
object.
Also had to convert the printer_info_2->NT_PRINTER_DATA field
to be talloc()'d as well. This is just a stop on the road to
cleaning up the printer memory management.
(This used to be commit ef721333ab)
printmig.exe assumes that the LUID of the SeBackupPrivlege
on the target server matches the LUID of the privilege
on the local client. Even though an LUID is never guaranteed
to be the same across reboots. How *awful*! My cat could
write better code! (more on my cat later....)
* Set the privelege LUID in the global PRIVS[] array
* Rename RegCreateKey() to RegCreateKeyEx() to better match MSDN
* Rename the unknown field in RegCreateKeyEx() to disposition
(guess according to MSDN)
* Add the capability to define REG_TDB_ONLY for using the reg_db.c
functions and stress the RegXXX() rpc functions.
(This used to be commit 0d6352da48)
safe for using our headers and linking with C++ modules. Stops us
from using C++ reserved keywords in our code.
Jeremy
(This used to be commit 9506b8e145)
* start adding write support to the Samba registry
Flesh out the server implementations of
RegCreateKey(), RegSetValue(), RegDeleteKey() and RegDeleteValue()
I can create a new key using regedit.exe now but the 'New Key #1'
key cannot be deleted yet.
(This used to be commit e188fdbef8)
to the reg_XXX backend. If the backend does not define
a regkey_access_check() function, we default to using the
standard registry_access_check()
(This used to be commit 2f08a904ee)
last checking).
* rename unknown field in REG_GETVERSION
* add server stubs for RegDeleteKey() and RegDeleteValue()
(This used to be commit 023728c059)
* Allow to copy share security descriptors to already existing shares
separatly.
* Added abstraction function to enum all or a single share info
Guenther
(This used to be commit 97097497ae)
rpcclient-tester for some info-levels.
Jerry, I tried to adopt to prs_pointer() where possible and to not
interfere with your work for usrmgr.
- Add "net rpc trustdom vampire"-tool.
This allows to retrieve Interdomain Trust(ed)-Relationships from
NT4-Servers including cleartext-passwords (still stored in the local
secrets.tdb).
The net-hook was done in cooperation with Lars Mueller
<lmuelle@suse.de>.
To vampire trusted domains simply call:
net rpc trustdom vampire -S nt4dc -Uadmin%pass
Guenther
(This used to be commit 5125852939)
tested this so I may have screwed this up - however it now follows the
DCE spec. valgrinded tests to follow....
Jeremy.
(This used to be commit 877e0a61f5)
* add some backwards compatibility to 'net rpc rights list'
* verify privilege name in 'net rpc rights privileges <name>' in order
to give back better error messages.
(This used to be commit 0e29dc8aa3)
spooler service is SVCCTL_RUNNING.
Configuration details:
Service Type = 0x110
Start Type = 0x2
Error Control = 0x1
Tag ID = 0x0
Executable Path = C:\WINNT\system32\spoolsv.exe
Load Order Group = SpoolerGroup
Dependencies = RPCSS/
Start Name = LocalSystem
Display Name = Print Spooler
(This used to be commit b921bf5688)
pulling back all recent rpc changes from trunk into
3.0. I've tested a compile and so don't think I've missed
any files. But if so, just mail me and I'll clean backup
in a couple of hours.
Changes include \winreg, \eventlog, \svcctl, and
general parse_misc.c updates.
I am planning on bracketing the event code with an
#ifdef ENABLE_EVENTLOG until I finish merging Marcin's
changes (very soon).
(This used to be commit 4e0ac63c36)
* define some const SE_PRIV structure for use when
you need a SE_PRIV* to a privilege
* fix an annoying compiler warngin in smbfilter.c
* translate SIDs to names in 'net rpc rights list accounts'
* fix a seg fault in cli_lsa_enum_account_rights caused by
me forgetting the precedence of * vs. []
(This used to be commit d25fc84bc2)
one small todo item is to add a 'accounts' sub option
to 'net rpc list' so enumerate all privileged SIDs
and their associated rights.
(This used to be commit bf4385c79a)
(based on Simo's code in trunk). Rewritten with the
following changes:
* privilege set is based on a 32-bit mask instead of strings
(plans are to extend this to a 64 or 128-bit mask before
the next 3.0.11preX release).
* Remove the privilege code from the passdb API
(replication to come later)
* Only support the minimum amount of privileges that make
sense.
* Rewrite the domain join checks to use the SeMachineAccountPrivilege
instead of the 'is a member of "Domain Admins"?' check that started
all this.
Still todo:
* Utilize the SePrintOperatorPrivilege in addition to the 'printer admin'
parameter
* Utilize the SeAddUserPrivilege for adding users and groups
* Fix some of the hard coded _lsa_*() calls
* Start work on enough of SAM replication to get privileges from one
Samba DC to another.
* Come up with some management tool for manipultaing privileges
instead of user manager since it is buggy when run on a 2k client
(haven't tried xp). Works ok on NT4.
(This used to be commit 77c10ff9aa)
Also fix return of NT_STATUS_NO_MORE_ENTRIES should be
ERROR_NO_MORE_ITEMS reported by "Marcin Porwit" <mporwit@centeris.com>.
Jeremy.
(This used to be commit 511cdec60d)
