svn commit: samba r5204 - in branches/SAMBA_3_0_RELEASE: . packaging/Fedora packaging/RedHat source/include source/lib source/rpc_server source/utils source/web

jerry at samba.org jerry at samba.org
Thu Feb 3 15:28:52 GMT 2005 

Author: jerry
Date: 2005-02-03 15:28:51 +0000 (Thu, 03 Feb 2005)
New Revision: 5204

WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=5204

Log:
More merges for 3.0.11-final...

svn merge -r5176:5179 $SVNURL/branches/SAMBA_3_0
svn merge -r5179:5180 $SVNURL/branches/SAMBA_3_0
svn merge -r5183:5191 $SVNURL/branches/SAMBA_3_0
svn merge -r5191:5192 $SVNURL/branches/SAMBA_3_0
svn merge -r5192:5203 $SVNURL/branches/SAMBA_3_0


Modified:
   branches/SAMBA_3_0_RELEASE/WHATSNEW.txt
   branches/SAMBA_3_0_RELEASE/packaging/Fedora/samba.log
   branches/SAMBA_3_0_RELEASE/packaging/Fedora/smb.conf
   branches/SAMBA_3_0_RELEASE/packaging/RedHat/samba.log
   branches/SAMBA_3_0_RELEASE/packaging/RedHat/smb.conf
   branches/SAMBA_3_0_RELEASE/source/include/privileges.h
   branches/SAMBA_3_0_RELEASE/source/include/smb.h
   branches/SAMBA_3_0_RELEASE/source/lib/privileges.c
   branches/SAMBA_3_0_RELEASE/source/rpc_server/srv_samr_nt.c
   branches/SAMBA_3_0_RELEASE/source/utils/net_rpc_join.c
   branches/SAMBA_3_0_RELEASE/source/web/swat.c


Changeset:
Modified: branches/SAMBA_3_0_RELEASE/WHATSNEW.txt
===================================================================
--- branches/SAMBA_3_0_RELEASE/WHATSNEW.txt	2005-02-03 15:14:54 UTC (rev 5203)
+++ branches/SAMBA_3_0_RELEASE/WHATSNEW.txt	2005-02-03 15:28:51 UTC (rev 5204)
@@ -69,9 +69,6 @@
 
 commits
 -------
-o   Jeremy Allison <jra at samba.org>
-
-
 o   Timur Bakeyev <timur at com.bat.ru>
     * BUG 2263: Guard base64_encode_data_blob() against empty blobs.
 
@@ -87,14 +84,25 @@
     * Fix bug enumerating domain trusts in security = ads.
     * Fix segv in rpcclient's dsenumdomtrusts.
     * Fix bug in expansion of %U and %G in included filesnames.
+    * BUG 2291: Restrict creation of server trust and domain trust
+      accounts to members of the "Domain Admins" group.
     
 
 o   Guenther Deschner <gd at samba.org>
+    * BUG 2291: Call the 'add machine script' for server trust and 
+      domain trust accounts as well as workstation accounts.
 
 
-o   Volker Lendecke <vl at samba.org>
+o   Levente Farkas <lfarkas at lfarkas.org>
+    * BUG 2299: Better logrotate scripts for RedHat and Fedora 
+      packages.
 
 
+o   Deryck Hodge <deryck at samba.org>
+    * Add -P (--password-only-menu) to SWAT for displaying only the
+      password change page to non-root users.
+
+
 o   Jason Mader <jason at ncac.gwu.edu>
     * BUG 2113, 2289: Remove dead code.
 

Modified: branches/SAMBA_3_0_RELEASE/packaging/Fedora/samba.log
===================================================================
--- branches/SAMBA_3_0_RELEASE/packaging/Fedora/samba.log	2005-02-03 15:14:54 UTC (rev 5203)
+++ branches/SAMBA_3_0_RELEASE/packaging/Fedora/samba.log	2005-02-03 15:28:51 UTC (rev 5204)
@@ -1,4 +1,4 @@
-/var/log/samba/*.log {
+/var/log/samba/*.log /var/log/samba/log.smbd /var/log/samba/log.nmbd {
     notifempty
     missingok
     sharedscripts

Modified: branches/SAMBA_3_0_RELEASE/packaging/Fedora/smb.conf
===================================================================
--- branches/SAMBA_3_0_RELEASE/packaging/Fedora/smb.conf	2005-02-03 15:14:54 UTC (rev 5203)
+++ branches/SAMBA_3_0_RELEASE/packaging/Fedora/smb.conf	2005-02-03 15:28:51 UTC (rev 5204)
@@ -43,7 +43,7 @@
 
 # this tells Samba to use a separate log file for each machine
 # that connects
-   #log file = /var/log/samba/log.%m
+   #log file = /var/log/samba/%m.log
 # all information in one file
    log file = /var/log/samba/log.smbd
 

Modified: branches/SAMBA_3_0_RELEASE/packaging/RedHat/samba.log
===================================================================
--- branches/SAMBA_3_0_RELEASE/packaging/RedHat/samba.log	2005-02-03 15:14:54 UTC (rev 5203)
+++ branches/SAMBA_3_0_RELEASE/packaging/RedHat/samba.log	2005-02-03 15:28:51 UTC (rev 5204)
@@ -1,11 +1,9 @@
-/var/log/samba/log.nmbd {
+/var/log/samba/*.log /var/log/samba/log.smbd /var/log/samba/log.nmbd {
+    notifempty
+    missingok
+    sharedscripts
+    copytruncate
     postrotate
-	/usr/bin/killall -HUP nmbd
+	/bin/kill -HUP `cat /var/run/smbd.pid /var/run/nmbd.pid /var/run/winbindd.pid 2> /dev/null` 2> /dev/null || true
     endscript
 }
-
-/var/log/samba/log.smbd {
-    postrotate
-	/usr/bin/killall -HUP smbd
-    endscript
-}

Modified: branches/SAMBA_3_0_RELEASE/packaging/RedHat/smb.conf
===================================================================
--- branches/SAMBA_3_0_RELEASE/packaging/RedHat/smb.conf	2005-02-03 15:14:54 UTC (rev 5203)
+++ branches/SAMBA_3_0_RELEASE/packaging/RedHat/smb.conf	2005-02-03 15:28:51 UTC (rev 5204)
@@ -43,9 +43,9 @@
 
 # this tells Samba to use a separate log file for each machine
 # that connects
-   # log file = /var/log/samba/log.%m
+   # log file = /var/log/samba/%m.log
 # all log information in one file
-   log file = /var/log/samba/smbd.log
+   log file = /var/log/samba/log.smbd
 
 # Put a capping on the size of the log files (in Kb).
    max log size = 50

Modified: branches/SAMBA_3_0_RELEASE/source/include/privileges.h
===================================================================
--- branches/SAMBA_3_0_RELEASE/source/include/privileges.h	2005-02-03 15:14:54 UTC (rev 5203)
+++ branches/SAMBA_3_0_RELEASE/source/include/privileges.h	2005-02-03 15:28:51 UTC (rev 5204)
@@ -1,3 +1,4 @@
+
 /* 
    Unix SMB/CIFS implementation.
    SMB parameters and setup
@@ -59,6 +60,7 @@
 
 /* defined in lib/privilegs.c */
 
+extern const SE_PRIV se_priv_none;
 extern const SE_PRIV se_machine_account;
 extern const SE_PRIV se_print_operator;
 extern const SE_PRIV se_add_users;

Modified: branches/SAMBA_3_0_RELEASE/source/include/smb.h
===================================================================
--- branches/SAMBA_3_0_RELEASE/source/include/smb.h	2005-02-03 15:14:54 UTC (rev 5203)
+++ branches/SAMBA_3_0_RELEASE/source/include/smb.h	2005-02-03 15:28:51 UTC (rev 5204)
@@ -226,7 +226,7 @@
 #define ACB_MNS        0x0020  /* 1 = MNS logon user account */
 #define ACB_DOMTRUST   0x0040  /* 1 = Interdomain trust account */
 #define ACB_WSTRUST    0x0080  /* 1 = Workstation trust account */
-#define ACB_SVRTRUST   0x0100  /* 1 = Server trust account */
+#define ACB_SVRTRUST   0x0100  /* 1 = Server trust account (BDC) */
 #define ACB_PWNOEXP    0x0200  /* 1 = User password does not expire */
 #define ACB_AUTOLOCK   0x0400  /* 1 = Account auto locked */
  

Modified: branches/SAMBA_3_0_RELEASE/source/lib/privileges.c
===================================================================
--- branches/SAMBA_3_0_RELEASE/source/lib/privileges.c	2005-02-03 15:14:54 UTC (rev 5203)
+++ branches/SAMBA_3_0_RELEASE/source/lib/privileges.c	2005-02-03 15:28:51 UTC (rev 5204)
@@ -29,11 +29,11 @@
 
 static SE_PRIV se_priv_all  = SE_ALL_PRIVS;
 static SE_PRIV se_priv_end  = SE_END;
-static SE_PRIV se_priv_none = SE_NONE;
 
 /* Define variables for all privileges so we can use the
    SE_PRIV* in the various se_priv_XXX() functions */
 
+const SE_PRIV se_priv_none       = SE_NONE;
 const SE_PRIV se_machine_account = SE_MACHINE_ACCOUNT;
 const SE_PRIV se_print_operator  = SE_PRINT_OPERATOR;
 const SE_PRIV se_add_users       = SE_ADD_USERS;

Modified: branches/SAMBA_3_0_RELEASE/source/rpc_server/srv_samr_nt.c
===================================================================
--- branches/SAMBA_3_0_RELEASE/source/rpc_server/srv_samr_nt.c	2005-02-03 15:14:54 UTC (rev 5203)
+++ branches/SAMBA_3_0_RELEASE/source/rpc_server/srv_samr_nt.c	2005-02-03 15:28:51 UTC (rev 5204)
@@ -2333,17 +2333,27 @@
 	pw = Get_Pwnam(account);
 
 	/* determine which user right we need to check based on the acb_info */
-	if ( acb_info == ACB_WSTRUST ) {
+	
+	if ( (acb_info & ACB_WSTRUST) == ACB_WSTRUST ) 
+	{
+		pstrcpy(add_script, lp_addmachine_script());
 		se_priv_copy( &se_rights, &se_machine_account );
+		can_add_account = user_has_privileges( p->pipe_user.nt_user_token, &se_rights );
+	} 
+	else if ( (acb_info & ACB_WSTRUST) == ACB_NORMAL ) 
+	{
+		pstrcpy(add_script, lp_adduser_script());
+		se_priv_copy( &se_rights, &se_add_users );
+		can_add_account = user_has_privileges( p->pipe_user.nt_user_token, &se_rights );
+	} 
+	else if ( ((acb_info & ACB_SVRTRUST) == ACB_SVRTRUST) ||  ((acb_info & ACB_DOMTRUST) == ACB_DOMTRUST) ) 
+	{
 		pstrcpy(add_script, lp_addmachine_script());
+		/* only Domain Admins can add a BDC or domain trust */
+		se_priv_copy( &se_rights, &se_priv_none );
+		can_add_account = nt_token_check_domain_rid( p->pipe_user.nt_user_token, DOMAIN_GROUP_RID_ADMINS );
 	}
-	else {
-		se_priv_copy( &se_rights, &se_add_users );
-		pstrcpy(add_script, lp_adduser_script());
-	}
-		
-	can_add_account = user_has_privileges( p->pipe_user.nt_user_token, &se_rights );
-
+	
 	DEBUG(5, ("_samr_create_user: %s can add this account : %s\n",
 		p->pipe_user_name, can_add_account ? "True":"False" ));
 		

Modified: branches/SAMBA_3_0_RELEASE/source/utils/net_rpc_join.c
===================================================================
--- branches/SAMBA_3_0_RELEASE/source/utils/net_rpc_join.c	2005-02-03 15:14:54 UTC (rev 5203)
+++ branches/SAMBA_3_0_RELEASE/source/utils/net_rpc_join.c	2005-02-03 15:28:51 UTC (rev 5204)
@@ -212,7 +212,7 @@
 
 	if (!NT_STATUS_IS_OK(result) && 
 	    !NT_STATUS_EQUAL(result, NT_STATUS_USER_EXISTS)) {
-		d_printf("Create of workstation account failed\n");
+		d_printf("Creation of workstation account failed\n");
 
 		/* If NT_STATUS_ACCESS_DENIED then we have a valid
 		   username/password combo but the user does not have

Modified: branches/SAMBA_3_0_RELEASE/source/web/swat.c
===================================================================
--- branches/SAMBA_3_0_RELEASE/source/web/swat.c	2005-02-03 15:14:54 UTC (rev 5203)
+++ branches/SAMBA_3_0_RELEASE/source/web/swat.c	2005-02-03 15:28:51 UTC (rev 5204)
@@ -32,6 +32,7 @@
 #include "web/swat_proto.h"
 
 static BOOL demo_mode = False;
+static BOOL passwd_only = False;
 static BOOL have_write_access = False;
 static BOOL have_read_access = False;
 static int iNumNonAutoPrintServices = 0;
@@ -530,7 +531,8 @@
 		image_link(_("Printers"), "printers", "images/printers.gif");
 		image_link(_("Wizard"), "wizard", "images/wizard.gif");
 	}
-	if (have_read_access) {
+   /* root always gets all buttons, otherwise look for -P */
+	if ( have_write_access || (!passwd_only && have_read_access) ) {
 		image_link(_("Status"), "status", "images/status.gif");
 		image_link(_("View Config"), "viewconfig", "images/viewconfig.gif");
 	}
@@ -1315,6 +1317,7 @@
 	struct poptOption long_options[] = {
 		POPT_AUTOHELP
 		{ "disable-authentication", 'a', POPT_ARG_VAL, &demo_mode, True, "Disable authentication (demo mode)" },
+        { "password-menu-only", 'P', POPT_ARG_VAL, &passwd_only, True, "Show only change password menu" }, 
 		POPT_COMMON_SAMBA
 		POPT_TABLEEND
 	};

More information about the samba-cvs mailing list