summaryrefslogtreecommitdiff
path: root/source3/libads
AgeCommit message (Collapse)AuthorFilesLines
2003-02-15Antti Andreimann <Antti.Andreimann@mail.ee> has done some changes to enableAndrew Bartlett4-132/+337
users w/o full administrative access on computer accounts to join a computer into AD domain. The patch and detailed changelog is available at: http://www.itcollege.ee/~aandreim/samba This is a list of changes in general: 1. When creating machine account do not fail if SD cannot be changed. setting SD is not mandatory and join will work perfectly without it. 2. Implement KPASSWD CHANGEPW protocol for changing trust password so machine account does not need to have reset password right for itself. 3. Command line utilities no longer interfere with user's existing kerberos ticket cache. 4. Command line utilities can do kerberos authentication even if username is specified (-U). Initial TGT will be requested in this case. I've modified the patch to share the kinit code, rather than copying it, and updated it to current CVS. The other change included in the original patch (local realms) has been left out for now. Andrew Bartlett (This used to be commit ce52f1c2ed4d3ddafe8ae6258c90b90fa434fe43)
2003-02-14Ensure that only parse_prs.c access internal members of the prs_struct.Jeremy Allison1-5/+11
Needed to move to disk based i/o later. Jeremy. (This used to be commit 4c3ee228fcdb089eaeead95e79532a9cf6cb0de6)
2003-02-12add a note about a better method for finding netbios name of workgroupAndrew Tridgell1-0/+7
(not implemented yet) (This used to be commit 8a8cca78adebba640c6ce971d8888515bf0ea4be)
2003-02-04Mem alloc failure checks.Jeremy Allison3-23/+59
Jeremy. (This used to be commit 4e33e3f37fd548b9b1ed3c84f673a853b0dc4818)
2003-02-01Always escape ldap filter strings. Escaping code was from pam_ldap, but I'm toAndrew Bartlett3-10/+39
blame for the realloc() stuff. Plus a couple of minor updates to libads. Andrew Bartlett (This used to be commit 34b2e558a4b3cfd753339bb228a9799e27ed8170)
2003-01-21More fixes getting us closer to full Heimdal compile....Jeremy Allison1-11/+7
Jeremy. (This used to be commit 193cc4f4fc876c66e97ea6b82bae431d0247c1fa)
2003-01-21sanity checks from Ken CrossGerald Carter2-3/+7
(This used to be commit ec26877f0b4fbe2c651a6069d22b9ac0637aa2d1)
2003-01-15* removed unused variable from rpcclient codeGerald Carter1-5/+5
* added container option to net command (patch from SuSE) * Makefile patch for examples/VFS from SuSE (This used to be commit 4a6d8280ea27ca7a6998219aacc4b15b1227a659)
2003-01-11Patch from Nik Conwell <nik@bu.edu>. Don't reference free()ed data when tryingAndrew Bartlett1-1/+3
to figure out if we have got our ticket yet. Andrew Bartlett (This used to be commit a66ced2cf69145c0a5be5ed91ac306db50c313d1)
2003-01-02BIG patch...Andrew Bartlett3-8/+8
This patch makes Samba compile cleanly with -Wwrite-strings. - That is, all string literals are marked as 'const'. These strings are always read only, this just marks them as such for passing to other functions. What is most supprising is that I didn't need to change more than a few lines of code (all in 'net', which got a small cleanup of net.h and extern variables). The rest is just adding a lot of 'const'. As far as I can tell, I have not added any new warnings - apart from making all of tdbutil.c's function const (so they warn for adding that const string to struct). Andrew Bartlett (This used to be commit 92a777d0eaa4fb3a1c7835816f93c6bdd456816d)
2002-12-30Catching up with old patches. Add define for VERITAS quota support.Jeremy Allison1-0/+2
Check return in ldap. Jeremy. (This used to be commit e789edbb287319f52f49f2999917a610565144d9)
2002-12-20Forward port the change to talloc_init() to make all talloc contextsJeremy Allison2-9/+9
named. Ensure we can query them. Jeremy. (This used to be commit 842e08e52a665ae678eea239759bb2de1a0d7b33)
2002-12-13More printer publishing code.Jim McDonough1-0/+26
- Add published attribute to info2, needed for win clients to work properly - Return proper info on getprinter 7 This means you can now look at the sharing tab of a printer and get correct info about whether it is published or not, and change it. (This used to be commit adda04379ee46f105436262663652f3f576fa3cf)
2002-12-05More printer data to publishJim McDonough1-0/+1
(This used to be commit 82f3a786bf01878629fe4c05b028ae8d58eb4394)
2002-12-03Stop using hardcoded key/value strings, be more forgiving of ↵Jim McDonough1-70/+74
dsspooler/dsdriver info existence. (This used to be commit ca8735532cb656a09c1586326cdce33984fe38b4)
2002-11-23[merge from APP_HEAD]Gerald Carter1-1/+2
90% fix for CR 1076. The password server parameter will no take things like password server = DC1 * which means to contact DC1 first and the go to auto lookup if it fails. jerry (This used to be commit c31a17889e3e4daf7c1e807038efc2c0fba78be3)
2002-11-18Don't pass a function to ADS_ERR_OK().Jim McDonough1-6/+13
(This used to be commit a148e4c290820a48c8b51e0e0459b2171b32c258)
2002-11-18Next step of printer publishing.Jim McDonough1-106/+242
net ads printer publish <printername> [servername] Will retreive the DsSpooler and DsDriver info by rpc for a remote server then publish it. Next comes doing it within smbd (This used to be commit 64951938cc5666a757683cbe9bee3a2c20a05323)
2002-11-15Include the hostname we are trying to match with $@, to allow easier debugging.Andrew Bartlett1-1/+1
(This used to be commit f5d8afc626b8f7792aa7dd7fa7082f55725b539c)
2002-11-12Removed global_myworkgroup, global_myname, global_myscope. Added liberalJeremy Allison4-27/+26
dashes of const. This is a rather large check-in, some things may break. It does compile though :-). Jeremy. (This used to be commit 82b8f749a36b42e22186297482aad2abb04fab8a)
2002-11-10make sure that if kerberos fails we can fall back on NTLMSSP for SASLAndrew Tridgell1-2/+5
(This used to be commit 69dba08c40c9739137b4f01d38be5228edc6dd6e)
2002-11-06Merge of get_dc_list() api change. This was slightly more intrusiveTim Potter1-12/+7
than the version in APPLIANCE so watch out for boogs. (This used to be commit 1e054e3db654801fbb5580211529cdfdea9ed686)
2002-10-31Re-enable use of existing kerberos tickets.Jim McDonough1-2/+6
(This used to be commit 6ec5dce69834e72e458a8acff7d1790cbdd46d67)
2002-10-23fixed a possible segv when dealing with a blank passwordAndrew Tridgell1-2/+6
(This used to be commit d5d0d0de50482ed16c594b1cc4cc113e2526a915)
2002-10-18Format objectGUIDs on ads dumps.Jim McDonough1-1/+18
(This used to be commit 7eaf7e7115c75e682b1b9368c6f28c60429885e5)
2002-10-04only set UF_USE_DES_KEY_ONLY if we are using krb5 libraries that can'tAndrew Tridgell1-3/+7
do type 23 (This used to be commit c0612272e8eea3d741854c0b4834bc687d787218)
2002-10-04support all permitted encoding types in tickets. This allows us toAndrew Tridgell1-15/+29
decode a type 23 ticket when the machine account is setup for non-DES tickets (This used to be commit 144d4429d7d91e8597263da6abc8041098f2a4c3)
2002-10-03.NET likes both forms of servicePrincipalName in the machine accountAndrew Tridgell1-1/+8
record (This used to be commit 8ff6d40d7fe4dc11e9ba194a55995c0926202df9)
2002-09-28Try to compile as much as possible with only ldap, but not kerberos.Andrew Bartlett4-36/+35
(This used to be commit 9615ab10c006d8027f6a8b7dd3770eb77304dbdc)
2002-09-28Add the beginings of sam_ads to the tree.Andrew Bartlett4-3/+46
This module, primarilly the work of "Stefan (metze) Metzmacher" <metze@metzemix.de>, uses the Active Directory schema to store the user/group/other information. I've been testing it against a real AD server, and it is intended to work with OpenLDAP as well. I've moved a few functions around in our other libads code, which has made it easier to tap into that existing code. Also, I've made some changes to the SAM interface, I hope there are not too many objections... To ensure we don't get silly bugs in the skel module, it is now in the default compile. This way you should not forget to update it :-) Andrew Bartlett (This used to be commit 24fb0cde2f0b657df1c99474cd694438c94a566e)
2002-09-28This needs to be #ifdef HAVE_LDAP.Andrew Bartlett1-0/+3
(This used to be commit 2b54a2fc2c85ea139e2acdbbc2f14b969c0c6315)
2002-09-27Move a number of ADS related functions out into utility libs, so that thingsAndrew Bartlett5-31/+332
like metze's sam_ads can also use them. Also add error checking etc to a few more functions. Andrew Bartlett (This used to be commit c864edf4fbf8a6c37888a14b861d7c12cf503d4f)
2002-09-27Some small cleanups to the libads code (mainly error checking), and give aAndrew Bartlett2-5/+28
sane prototype for the push_utf8_allocate code. Andrew Bartlett (This used to be commit ce00a3238ed8a82639c4d0ee3e960f7000b1a7b0)
2002-09-25Another patch from metze, towards his work on sam_ads.Andrew Bartlett2-2/+98
See mx-ldap.sf.net for his current progress. (This used to be commit 9c62d1312fdf0aa7b1978e8bbb56fc076ba7e9d0)
2002-09-25Avoid a segfault in net join when you have not done an kinit, and it's fallingAndrew Bartlett1-0/+5
back to NTLMSSP. We need to get the password out of the user, and this eventually does. Andrew Bartlett (This used to be commit bb518a3bae3bf91a589021fcc5b1e715247c5ded)
2002-09-17Add clock skew handling to our kerberos code. This allows us to cope withAndrew Tridgell5-22/+75
the DC being out of sync with the local machine. (This used to be commit 0d28d769472ea3b98ae4c8757093dfd4499f6dd1)
2002-09-17another const cleanupAndrew Tridgell1-1/+1
(This used to be commit 443d5ebafad46a9a62527642628aff8e5d9dc10c)
2002-09-06Seems I missed commiting this when I added the rest of metze's ADS patch.Andrew Bartlett1-0/+75
Oh well, here it is... Andrew Bartlett (This used to be commit 7c2a667640b01a0f19ddc3515c5ca7ac43d26e25)
2002-09-06Patch from "Stefan (metze) Metzmacher" <metze@metzemix.de>Andrew Bartlett2-8/+42
to extend the ADS_STATUS system to include NTSTATUS, and to provide a better general infrustructure for his sam_ads work. I've also added some extra failure mode DEBUG()s to parts of the code. NOTE: The ADS_ERR_OK() macro is rather sensitive to braketing issues - without the final set of brakets, the test is essentially inverted - causing some intersting 'error = success' messages... Andrew Bartlett (This used to be commit 5b9a7ab901bc311f3ad08462a8a68d133c34a8b4)
2002-09-06Add some DEBUG()s to some libads failure modes.Andrew Bartlett1-1/+5
(This used to be commit ad3c8da13b9d510f78fd56364cd0987de88a9b9f)
2002-08-30convert the LDAP/SASL code to use GSS-SPNEGO if possibleAndrew Tridgell2-34/+221
we now do this: - look for suported SASL mechanisms on the LDAP server - choose GSS-SPNEGO if possible - within GSS-SPNEGO choose KRB5 if we can do a kinit - otherwise use NTLMSSP This change also means that we no longer rely on having a gssapi library to do ADS. todo: - add TLS/SSL support over LDAP - change to using LDAP/SSL for password change in ADS (This used to be commit b04e91f660d3b26d23044075d4a7e707eb41462d)
2002-08-20fix irix compile errors - cannot initialize array in declaration statementHerb Lewis1-2/+9
with non-const values - strsep not defined (This used to be commit a5c59b2cd10016ecbd931531602ad1cb3660bbf9)
2002-08-06when using netbios lookup methods make sure we try any BDCs even ifAndrew Tridgell1-9/+21
we get a response from WINS for a PDC, if the PDC isn't responding. (This used to be commit 57916316ffc70b0b6659f3ad9d14aad41fad4c71)
2002-08-06fixed a memory corruption bug in ads_try_dns()Andrew Tridgell1-3/+3
(This used to be commit 2ee0abb50f25e5a4529d8c9409c979a7a00e5984)
2002-08-05This fixes a number of ADS problems, particularly with netbioslessAndrew Tridgell7-170/+335
setups. - split up the ads structure into logical pieces. This makes it much easier to keep things like the authentication realm and the server realm separate (they can be different). - allow ads callers to specify that no sasl bind should be performed (used by "net ads info" for example) - fix an error with handing ADS_ERROR_SYSTEM() when errno is 0 - completely rewrote the code for finding the LDAP server. Now try DNS methods first, and try all DNS servers returned from the SRV DNS query, sorted by closeness to our interfaces (using the same sort code as we use in replies from WINS servers). This allows us to cope with ADS DCs that are down, and ensures we don't pick one that is on the other side of the country unless absolutely necessary. - recognise dnsRecords as binary when displaying them - cope with the realm not being configured in smb.conf (work it out from the LDAP server) - look at the trustDirection when looking up trusted domains and don't include trusts that trust our domains but we don't trust theirs. - use LDAP to query the alternate (netbios) name for a realm, and make sure that both and long and short forms of the name are accepted by winbindd. Use the short form by default for listing users/groups. - rescan the list of trusted domains every 5 minutes in case new trust relationships are added while winbindd is running - include transient trust relationships (ie. C trusts B, B trusts A, so C trusts A) in winbindd. - don't do a gratuituous node status lookup when finding an ADS DC (we don't need it and it could fail) - remove unused sid_to_distinguished_name function - make sure we find the allternate name of our primary domain when operating with a netbiosless ADS DC (using LDAP to do the lookup) - fixed the rpc trusted domain enumeration to support up to approx 2000 trusted domains (the old limit was 3) - use the IP for the remote_machine (%m) macro when the client doesn't supply us with a name via a netbios session request (eg. port 445) - if the client uses SPNEGO then use the machine name from the SPNEGO auth packet for remote_machine (%m) macro - add new 'net ads workgroup' command to find the netbios workgroup name for a realm (This used to be commit e358d7b24c86a46d8c361b9e32a25d4f71a6dc00)
2002-08-04Now that I got the function arguments sane, remove the silly (void **) castsAndrew Bartlett1-9/+9
from some of the callers. Andrew Bartlett (This used to be commit eb3354aa6c7293df9a728565a6774049b2e6d57f)
2002-07-30net ads info now reports the IP of the LDAP server as well as its name - ↵Andrew Tridgell1-0/+6
very useful in scripts (This used to be commit fc0d5479b575c1f495b9251413eed18ec1e37e02)
2002-07-30a couple more minor tweaks. This now allows us to operate in ADS modeAndrew Tridgell1-0/+6
without any 'realm =' or 'ads server =' options at all, as long as DNS is working right. (This used to be commit d3fecdd04241ed7b9248e52415693cd54a1faecf)
2002-07-20More fixes towards warnings on the IRIX compilerAndrew Bartlett1-2/+2
(and yes, some of these are real bugs) In particular, the samr code was doing an &foo of various types, to a function that assumed uint32. If time_t isn't 32 bits long, that broke. They are assignment compatible however, so use that and an intermediate variable. Andrew Bartlett (This used to be commit 30d0998c8c1a1d4de38ef0fbc83c2b763e05a3e6)
2002-07-12fix setting machine passwords in the case where a user account of theAndrew Tridgell1-1/+5
same name as the machine name exists. (we ended up setting the users password, not the machines password!) (This used to be commit fe1e6233c6f0a5654bcc3ab34f65bb570efc69b1)