summaryrefslogtreecommitdiff
path: root/source3/libnet/libnet_join.c
AgeCommit message (Collapse)AuthorFilesLines
2009-09-11s3-rpc_client: add dcerpc_transport_t to cli_rpc_pipe_open_schannel().Günther Deschner1-1/+2
Guenther
2009-06-26Don't use ads realm name for non-ads case. #6481Jim McDonough1-7/+9
Also check that the connection to ads worked.
2009-06-22s3-libnet: fix libnet_unjoin_remove_machine_acct() when called without ads ↵Günther Deschner1-1/+7
struct. Guenther
2009-06-19Don't require "Modify property" perms to unjoin bug #6481)Jim McDonough1-14/+35
"net ads leave" stopped working when "modify properties" permissions were not granted (meaning you had to be allowed to disable the account that you were about to delete). Libnetapi should not delete machine accounts, as this does not happen on win32. The WKSSVC_JOIN_FLAGS_ACCOUNT_DELETE flag really means "disable" (both in practice and docs). However, to keep the functionality in "net ads leave", we will still try to do the delete. If this fails, we try to do the disable. Additionally, it is possible in windows to not disable or delete the account, but just tell the local machine that it is no longer in the account. libnet can now do this as well.
2009-04-24s3-libnetjoin: make acct_flags dependent on secure channel type.Günther Deschner1-3/+12
Guenther
2009-04-24s3-libnetjoin: add support for WKSSVC_JOIN_FLAGS_JOIN_UNSECURE.Günther Deschner1-3/+59
Guenther
2009-04-21s3-secdesc: use SEC_FLAG_MAXIMUM_ALLOWED instead of SEC_RIGHTS_MAXIMUM_ALLOWED.Günther Deschner1-5/+5
Guenther
2009-04-20Merge commit 'origin/master' into libcli-auth-merge-without-netlogondAndrew Bartlett1-1/+1
2009-04-20Remove use of talloc_reference in cli_rpc_pipe_open_schannel_with_key()Andrew Bartlett1-1/+1
2009-04-15Fix bug #6089 - Winbind samr_OpenDomain not possible with Samba 3.2.6+Jeremy Allison1-1/+1
What a difference a name makes... :-). Just because something is missnamed SAMR_ACCESS_OPEN_DOMAIN, when it should actually be SAMR_ACCESS_LOOKUP_DOMAIN, don't automatically use it for a security check in _samr_OpenDomain(). Jeremy.
2009-04-14Adapt to common crypto functions: sam_pwd_hash() -> sam_rid_crypt()Andrew Bartlett1-0/+1
2009-04-06s3:libads Make ads_get_dn() take a talloc contextAndrew Bartlett1-2/+2
Also remove ads_memfree(), which was only ever a wrapper around SAFE_FREE, used only to free the DN from ads_get_ds(). This actually makes libgpo more consistant, as it mixed a talloc and a malloc based string on the same element. Andrew Bartlett Signed-off-by: Günther Deschner <gd@samba.org>
2009-03-18s3: remove POLICY_HND.Günther Deschner1-3/+3
Guenther
2009-02-26s3: move definition of W_ERROR_NOT_OK_GOTO_DONE down to libcli/util/werror.hMichael Adam1-6/+0
Michael
2009-02-03s3: Fix 'net rpc join' for users with the SeMachineAccountPrivilege.Volker Lendecke1-2/+5
2009-02-01Add two new parameters to control how we verify kerberos tickets. Removes ↵Dan Sledz1-1/+1
lp_use_kerberos_keytab parameter. The first is "kerberos method" and replaces the "use kerberos keytab" with an enum. Valid options are: secrets only - use only the secrets for ticket verification (default) system keytab - use only the system keytab for ticket verification dedicated keytab - use a dedicated keytab for ticket verification. secrets and keytab - use the secrets.tdb first, then the system keytab For existing installs: "use kerberos keytab = yes" corresponds to secrets and keytab "use kerberos keytab = no" corresponds to secrets only The major difference between "system keytab" and "dedicated keytab" is that the latter method relies on kerberos to find the correct keytab entry instead of filtering based on expected principals. The second parameter is "dedicated keytab file", which is the keytab to use when in "dedicated keytab" mode. This keytab is only used in ads_verify_ticket.
2009-01-15s3: make better use of ccache by not including version.h in every C-file.Michael Adam1-1/+1
version.h changes rather frequently. Since it is included via includes.h, this means each C file will be a cache miss. This applies to the following situations: * When building a new package with a new Samba version * building in a git branch after calling mkversion.sh after a new commit (i.e. virtually always) This patch improves the situation in the following way: * remove inlude "version.h" from includes.h * Use samba_version_string() instead of SAMBA_VERSION_STRING in files that use no other macro from version.h instead of SAMBA_VERSION_STRING. * explicitly include "version.h" in those files that use more macros from "version.h" than just SAMBA_VERSION_STRING. Michael
2009-01-06s3-samr: avoid all init_samr_user* functions.Günther Deschner1-4/+4
Guenther
2008-12-22In gcc version 4.3.2 we get warnings for functions declared withJeremy Allison1-2/+1
attribute warn_unused_result. Start to fix these. Jeremy.
2008-12-13s3:libnet_join: use DS_FORCE_REDISCOVERYStefan Metzmacher1-0/+1
metze
2008-12-13s3:libnet_join: call saf_join_store() after a the join.Stefan Metzmacher1-1/+4
metze Signed-off-by: Stefan Metzmacher <metze@samba.org> Signed-off-by: Günther Deschner <gd@samba.org> (similar to commit feef594d275881466e2c3f59c0ff54609a9cc53b)
2008-11-29s3-libnetjoin: Fix bug #5749. Re-set acctflags while joining. fix from metze.Günther Deschner1-16/+29
Guenther
2008-11-29s3-libnetjoin: remove unused md4_trust_password, found by metze.Günther Deschner1-5/+0
Guenther
2008-11-28s3-samr: fix init_samr_user_info{23,24} callers.Günther Deschner1-1/+2
Guenther
2008-11-21s3-libnetjoin: fix build warning.Günther Deschner1-1/+1
Guenther
2008-11-21s3-libnetjoin: try to show a better error message upon invalid configuration.Günther Deschner1-11/+50
Guenther
2008-10-19Add TALLOC_CTX pointer to generate_random_str(), for consistency withJelmer Vernooij1-1/+1
Samba 4.
2008-10-06If name_to_fqdn fails, retry with the dns domain the DC gave usVolker Lendecke1-3/+8
This is a workaround for the cases where you want to join under a netbios name that is different from your hostname, i.e. a name that can not be found in /etc/hosts or dns. In these cases, name_to_fqdn fails or gives invalid results.
2008-08-29libnet_join: streamline logic of libnet_join_post_processing()Michael Adam1-9/+11
Michael (This used to be commit 81cc1af1e699e454fbb1d12636d002f845231006)
2008-08-29libnet: fix join by creating keytab after changing the config.Michael Adam1-10/+11
Michael (This used to be commit 96d1c780bf9524b929e6026776602a5288aea73d)
2008-08-11libnetjoin: support kerberized joining/unjoing (fix #5416).Günther Deschner1-19/+41
Guenther (This used to be commit da6e0f4f375aa533c4c765891c960070478972eb)
2008-07-31rpc_client: use init_samr_CryptPassword(Ex) in client tools.Günther Deschner1-24/+13
Guenther (This used to be commit 97f7f9f21f17e8414de15953cf4eaa9959dc6f75)
2008-07-30Enabled domain groups to be added to builtin groups at domain join timeTim Prouty1-0/+33
Previously this was done at token creation time if the Administrators and Users builtins hadn't been created yet. A major drawback to this approach is that if a customer is joined to a domain and decides they want to join a different domain, the domain groups from this new domain will not be added to the builtins. It would be ideal if these groups could be added exclusively at domain join time, but we can't rely solely on that because there are cases where winbindd must be running to allocate new gids for the builtins. In the future if there is a way to allocate gids for builtins without running winbindd, this code can be removed from create_local_nt_token. - Made create_builtin_users and create_builtin_administrators non-static so they can be called from libnet - Added a new function to libnet_join that will make a best effort to add domain administrators and domain users to BUILTIN\Administrators and BUILTIN\Users, respectively. If the builtins don't exist yet, winbindd must be running to allocate new gids, but if the builtins already exist, the domain groups will be added even if winbindd is not running. In the case of a failure the error will be logged, but the join will not be failed. - Plumbed libnet_join_add_dom_rids_to_builtins into the join post processing. (This used to be commit e92faf5996cadac480deb60a4f6232eea90b00f6)
2008-07-20Refactoring: Change calling conventions for cli_rpc_pipe_open_schannel_with_keyVolker Lendecke1-6/+4
Pass in ndr_syntax_id instead of pipe_idx, return NTSTATUS (This used to be commit 78e9c937ff2d2e1b70cfed4121e17feb6efafda1)
2008-07-20Refactoring: Make get_schannel_session_key return NTSTATUSVolker Lendecke1-4/+3
(This used to be commit a0793cc853d3bd43df2fc49df193a5fead6b01ab)
2008-07-20Refactoring: Change calling conventions for cli_rpc_pipe_open_noauthVolker Lendecke1-6/+9
Pass in ndr_syntax_id instead of pipe_idx, return NTSTATUS (This used to be commit 9abc9dc4dc13bd3e42f98eff64eacf24b51f5779)
2008-07-18libnetjoin: make libnet_join_rollback() static.Günther Deschner1-2/+2
Guenther (This used to be commit f1cc39e3759357344cb7abcb6bfa9d3e3f4969e6)
2008-07-03libnetjoin: fix Bug #5570.Günther Deschner1-1/+1
Thanks to Atte Peltomäki. Guenther (This used to be commit 144d374ad9dd981430a82369ceaa2783e6dae90a)
2008-06-24libads: use ads_connect_user_creds in some places.Günther Deschner1-1/+1
Guenther (This used to be commit ebf31203e7cf22e32b986c536279688b17a65d22)
2008-06-05libnetjoin: add libnet_join_rollback().Günther Deschner1-1/+30
This is required now if the join verify failed and we already modified the local configuration. Guenther (This used to be commit 2870fe50af5163e30330f5a3ef21d0b7eea85ee5)
2008-06-05libnetjoin: First store configuration and then verify the join.Günther Deschner1-4/+11
Jerry, this fixes the issues while joining with "config backend = registry". Guenther (This used to be commit b3d47f099286778252c6df6bf2c1fee0c4e26560)
2008-06-04libnetjoin: correctly copy returned lsa policy sid.Günther Deschner1-2/+4
Guenther (This used to be commit f9e5450c9492b0f35bd90040739007963e765ab1)
2008-06-04libnetjoin: only close existing policy handles while unjoining.Günther Deschner1-2/+10
Guenther (This used to be commit 6dbed6e7b7300962e11fdce1a713e6f3ea2cb619)
2008-06-04libnetjoin: delete possible "realm" leftover parameter.Günther Deschner1-0/+2
Guenther (This used to be commit d7ba98cc3f2d037ec01e079220a66da508b104b0)
2008-05-16libnetjoin: for informational reasons, report forest_name.Günther Deschner1-0/+1
Guenther (This used to be commit 452a9ea4af19d3aebc35929edaf4e5adf8c1fd11)
2008-05-14Fix Bug #5465 (joining with createcomputer=ou1/ou2/ou3).Günther Deschner1-2/+1
Guenther (This used to be commit f3251ba03a69c2fd0335861177159a32b2bc9477)
2008-05-09dsgetdcname: use existing messaging_context if possible.Günther Deschner1-0/+2
Guenther (This used to be commit 7889516a384c155a9045aad4409c041fddd0d98d)
2008-05-09Use strip_hostname after dsgetdcname/getdcname calls.Günther Deschner1-4/+6
Guenther (This used to be commit 82cbb3269b2e764c9c2a2fbcbe9c29feae07fb62)
2008-04-22libnetjoin: identify type of domain early.Günther Deschner1-16/+16
This finally enables joining AD using workgroup or realm name. Guenther (This used to be commit 0cf16e6b47f5978bdcb84ac8a29ef13ff2b5cca8)
2008-04-20Replace cli_rpc_pipe_close by a talloc destructor on rpc_pipe_structVolker Lendecke1-3/+3
(This used to be commit 99fc3283c4ecc791f5a242bd1983b4352ce3e6cf)