svn commit: samba r5204 - in branches/SAMBA_3_0_RELEASE: .
packaging/Fedora packaging/RedHat source/include source/lib
source/rpc_server source/utils source/web
jerry at samba.org
jerry at samba.org
Thu Feb 3 15:28:52 GMT 2005
Author: jerry
Date: 2005-02-03 15:28:51 +0000 (Thu, 03 Feb 2005)
New Revision: 5204
WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=5204
Log:
More merges for 3.0.11-final...
svn merge -r5176:5179 $SVNURL/branches/SAMBA_3_0
svn merge -r5179:5180 $SVNURL/branches/SAMBA_3_0
svn merge -r5183:5191 $SVNURL/branches/SAMBA_3_0
svn merge -r5191:5192 $SVNURL/branches/SAMBA_3_0
svn merge -r5192:5203 $SVNURL/branches/SAMBA_3_0
Modified:
branches/SAMBA_3_0_RELEASE/WHATSNEW.txt
branches/SAMBA_3_0_RELEASE/packaging/Fedora/samba.log
branches/SAMBA_3_0_RELEASE/packaging/Fedora/smb.conf
branches/SAMBA_3_0_RELEASE/packaging/RedHat/samba.log
branches/SAMBA_3_0_RELEASE/packaging/RedHat/smb.conf
branches/SAMBA_3_0_RELEASE/source/include/privileges.h
branches/SAMBA_3_0_RELEASE/source/include/smb.h
branches/SAMBA_3_0_RELEASE/source/lib/privileges.c
branches/SAMBA_3_0_RELEASE/source/rpc_server/srv_samr_nt.c
branches/SAMBA_3_0_RELEASE/source/utils/net_rpc_join.c
branches/SAMBA_3_0_RELEASE/source/web/swat.c
Changeset:
Modified: branches/SAMBA_3_0_RELEASE/WHATSNEW.txt
===================================================================
--- branches/SAMBA_3_0_RELEASE/WHATSNEW.txt 2005-02-03 15:14:54 UTC (rev 5203)
+++ branches/SAMBA_3_0_RELEASE/WHATSNEW.txt 2005-02-03 15:28:51 UTC (rev 5204)
@@ -69,9 +69,6 @@
commits
-------
-o Jeremy Allison <jra at samba.org>
-
-
o Timur Bakeyev <timur at com.bat.ru>
* BUG 2263: Guard base64_encode_data_blob() against empty blobs.
@@ -87,14 +84,25 @@
* Fix bug enumerating domain trusts in security = ads.
* Fix segv in rpcclient's dsenumdomtrusts.
* Fix bug in expansion of %U and %G in included filesnames.
+ * BUG 2291: Restrict creation of server trust and domain trust
+ accounts to members of the "Domain Admins" group.
o Guenther Deschner <gd at samba.org>
+ * BUG 2291: Call the 'add machine script' for server trust and
+ domain trust accounts as well as workstation accounts.
-o Volker Lendecke <vl at samba.org>
+o Levente Farkas <lfarkas at lfarkas.org>
+ * BUG 2299: Better logrotate scripts for RedHat and Fedora
+ packages.
+o Deryck Hodge <deryck at samba.org>
+ * Add -P (--password-only-menu) to SWAT for displaying only the
+ password change page to non-root users.
+
+
o Jason Mader <jason at ncac.gwu.edu>
* BUG 2113, 2289: Remove dead code.
Modified: branches/SAMBA_3_0_RELEASE/packaging/Fedora/samba.log
===================================================================
--- branches/SAMBA_3_0_RELEASE/packaging/Fedora/samba.log 2005-02-03 15:14:54 UTC (rev 5203)
+++ branches/SAMBA_3_0_RELEASE/packaging/Fedora/samba.log 2005-02-03 15:28:51 UTC (rev 5204)
@@ -1,4 +1,4 @@
-/var/log/samba/*.log {
+/var/log/samba/*.log /var/log/samba/log.smbd /var/log/samba/log.nmbd {
notifempty
missingok
sharedscripts
Modified: branches/SAMBA_3_0_RELEASE/packaging/Fedora/smb.conf
===================================================================
--- branches/SAMBA_3_0_RELEASE/packaging/Fedora/smb.conf 2005-02-03 15:14:54 UTC (rev 5203)
+++ branches/SAMBA_3_0_RELEASE/packaging/Fedora/smb.conf 2005-02-03 15:28:51 UTC (rev 5204)
@@ -43,7 +43,7 @@
# this tells Samba to use a separate log file for each machine
# that connects
- #log file = /var/log/samba/log.%m
+ #log file = /var/log/samba/%m.log
# all information in one file
log file = /var/log/samba/log.smbd
Modified: branches/SAMBA_3_0_RELEASE/packaging/RedHat/samba.log
===================================================================
--- branches/SAMBA_3_0_RELEASE/packaging/RedHat/samba.log 2005-02-03 15:14:54 UTC (rev 5203)
+++ branches/SAMBA_3_0_RELEASE/packaging/RedHat/samba.log 2005-02-03 15:28:51 UTC (rev 5204)
@@ -1,11 +1,9 @@
-/var/log/samba/log.nmbd {
+/var/log/samba/*.log /var/log/samba/log.smbd /var/log/samba/log.nmbd {
+ notifempty
+ missingok
+ sharedscripts
+ copytruncate
postrotate
- /usr/bin/killall -HUP nmbd
+ /bin/kill -HUP `cat /var/run/smbd.pid /var/run/nmbd.pid /var/run/winbindd.pid 2> /dev/null` 2> /dev/null || true
endscript
}
-
-/var/log/samba/log.smbd {
- postrotate
- /usr/bin/killall -HUP smbd
- endscript
-}
Modified: branches/SAMBA_3_0_RELEASE/packaging/RedHat/smb.conf
===================================================================
--- branches/SAMBA_3_0_RELEASE/packaging/RedHat/smb.conf 2005-02-03 15:14:54 UTC (rev 5203)
+++ branches/SAMBA_3_0_RELEASE/packaging/RedHat/smb.conf 2005-02-03 15:28:51 UTC (rev 5204)
@@ -43,9 +43,9 @@
# this tells Samba to use a separate log file for each machine
# that connects
- # log file = /var/log/samba/log.%m
+ # log file = /var/log/samba/%m.log
# all log information in one file
- log file = /var/log/samba/smbd.log
+ log file = /var/log/samba/log.smbd
# Put a capping on the size of the log files (in Kb).
max log size = 50
Modified: branches/SAMBA_3_0_RELEASE/source/include/privileges.h
===================================================================
--- branches/SAMBA_3_0_RELEASE/source/include/privileges.h 2005-02-03 15:14:54 UTC (rev 5203)
+++ branches/SAMBA_3_0_RELEASE/source/include/privileges.h 2005-02-03 15:28:51 UTC (rev 5204)
@@ -1,3 +1,4 @@
+
/*
Unix SMB/CIFS implementation.
SMB parameters and setup
@@ -59,6 +60,7 @@
/* defined in lib/privilegs.c */
+extern const SE_PRIV se_priv_none;
extern const SE_PRIV se_machine_account;
extern const SE_PRIV se_print_operator;
extern const SE_PRIV se_add_users;
Modified: branches/SAMBA_3_0_RELEASE/source/include/smb.h
===================================================================
--- branches/SAMBA_3_0_RELEASE/source/include/smb.h 2005-02-03 15:14:54 UTC (rev 5203)
+++ branches/SAMBA_3_0_RELEASE/source/include/smb.h 2005-02-03 15:28:51 UTC (rev 5204)
@@ -226,7 +226,7 @@
#define ACB_MNS 0x0020 /* 1 = MNS logon user account */
#define ACB_DOMTRUST 0x0040 /* 1 = Interdomain trust account */
#define ACB_WSTRUST 0x0080 /* 1 = Workstation trust account */
-#define ACB_SVRTRUST 0x0100 /* 1 = Server trust account */
+#define ACB_SVRTRUST 0x0100 /* 1 = Server trust account (BDC) */
#define ACB_PWNOEXP 0x0200 /* 1 = User password does not expire */
#define ACB_AUTOLOCK 0x0400 /* 1 = Account auto locked */
Modified: branches/SAMBA_3_0_RELEASE/source/lib/privileges.c
===================================================================
--- branches/SAMBA_3_0_RELEASE/source/lib/privileges.c 2005-02-03 15:14:54 UTC (rev 5203)
+++ branches/SAMBA_3_0_RELEASE/source/lib/privileges.c 2005-02-03 15:28:51 UTC (rev 5204)
@@ -29,11 +29,11 @@
static SE_PRIV se_priv_all = SE_ALL_PRIVS;
static SE_PRIV se_priv_end = SE_END;
-static SE_PRIV se_priv_none = SE_NONE;
/* Define variables for all privileges so we can use the
SE_PRIV* in the various se_priv_XXX() functions */
+const SE_PRIV se_priv_none = SE_NONE;
const SE_PRIV se_machine_account = SE_MACHINE_ACCOUNT;
const SE_PRIV se_print_operator = SE_PRINT_OPERATOR;
const SE_PRIV se_add_users = SE_ADD_USERS;
Modified: branches/SAMBA_3_0_RELEASE/source/rpc_server/srv_samr_nt.c
===================================================================
--- branches/SAMBA_3_0_RELEASE/source/rpc_server/srv_samr_nt.c 2005-02-03 15:14:54 UTC (rev 5203)
+++ branches/SAMBA_3_0_RELEASE/source/rpc_server/srv_samr_nt.c 2005-02-03 15:28:51 UTC (rev 5204)
@@ -2333,17 +2333,27 @@
pw = Get_Pwnam(account);
/* determine which user right we need to check based on the acb_info */
- if ( acb_info == ACB_WSTRUST ) {
+
+ if ( (acb_info & ACB_WSTRUST) == ACB_WSTRUST )
+ {
+ pstrcpy(add_script, lp_addmachine_script());
se_priv_copy( &se_rights, &se_machine_account );
+ can_add_account = user_has_privileges( p->pipe_user.nt_user_token, &se_rights );
+ }
+ else if ( (acb_info & ACB_WSTRUST) == ACB_NORMAL )
+ {
+ pstrcpy(add_script, lp_adduser_script());
+ se_priv_copy( &se_rights, &se_add_users );
+ can_add_account = user_has_privileges( p->pipe_user.nt_user_token, &se_rights );
+ }
+ else if ( ((acb_info & ACB_SVRTRUST) == ACB_SVRTRUST) || ((acb_info & ACB_DOMTRUST) == ACB_DOMTRUST) )
+ {
pstrcpy(add_script, lp_addmachine_script());
+ /* only Domain Admins can add a BDC or domain trust */
+ se_priv_copy( &se_rights, &se_priv_none );
+ can_add_account = nt_token_check_domain_rid( p->pipe_user.nt_user_token, DOMAIN_GROUP_RID_ADMINS );
}
- else {
- se_priv_copy( &se_rights, &se_add_users );
- pstrcpy(add_script, lp_adduser_script());
- }
-
- can_add_account = user_has_privileges( p->pipe_user.nt_user_token, &se_rights );
-
+
DEBUG(5, ("_samr_create_user: %s can add this account : %s\n",
p->pipe_user_name, can_add_account ? "True":"False" ));
Modified: branches/SAMBA_3_0_RELEASE/source/utils/net_rpc_join.c
===================================================================
--- branches/SAMBA_3_0_RELEASE/source/utils/net_rpc_join.c 2005-02-03 15:14:54 UTC (rev 5203)
+++ branches/SAMBA_3_0_RELEASE/source/utils/net_rpc_join.c 2005-02-03 15:28:51 UTC (rev 5204)
@@ -212,7 +212,7 @@
if (!NT_STATUS_IS_OK(result) &&
!NT_STATUS_EQUAL(result, NT_STATUS_USER_EXISTS)) {
- d_printf("Create of workstation account failed\n");
+ d_printf("Creation of workstation account failed\n");
/* If NT_STATUS_ACCESS_DENIED then we have a valid
username/password combo but the user does not have
Modified: branches/SAMBA_3_0_RELEASE/source/web/swat.c
===================================================================
--- branches/SAMBA_3_0_RELEASE/source/web/swat.c 2005-02-03 15:14:54 UTC (rev 5203)
+++ branches/SAMBA_3_0_RELEASE/source/web/swat.c 2005-02-03 15:28:51 UTC (rev 5204)
@@ -32,6 +32,7 @@
#include "web/swat_proto.h"
static BOOL demo_mode = False;
+static BOOL passwd_only = False;
static BOOL have_write_access = False;
static BOOL have_read_access = False;
static int iNumNonAutoPrintServices = 0;
@@ -530,7 +531,8 @@
image_link(_("Printers"), "printers", "images/printers.gif");
image_link(_("Wizard"), "wizard", "images/wizard.gif");
}
- if (have_read_access) {
+ /* root always gets all buttons, otherwise look for -P */
+ if ( have_write_access || (!passwd_only && have_read_access) ) {
image_link(_("Status"), "status", "images/status.gif");
image_link(_("View Config"), "viewconfig", "images/viewconfig.gif");
}
@@ -1315,6 +1317,7 @@
struct poptOption long_options[] = {
POPT_AUTOHELP
{ "disable-authentication", 'a', POPT_ARG_VAL, &demo_mode, True, "Disable authentication (demo mode)" },
+ { "password-menu-only", 'P', POPT_ARG_VAL, &passwd_only, True, "Show only change password menu" },
POPT_COMMON_SAMBA
POPT_TABLEEND
};
More information about the samba-cvs
mailing list