| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
* added container option to net command (patch from SuSE)
* Makefile patch for examples/VFS from SuSE
(This used to be commit 4a6d8280ea27ca7a6998219aacc4b15b1227a659)
|
|
principal similar to the existing cli_lsa_enum_privsaccount() call,
except that cli_lsa_enum_account_rights() doesn't require a call to
open_account first. There is also the minor matter that
cli_lsa_enum_account_rights() works whereas
cli_lsa_enum_privsaccount() doesn't!
this call can be used to find what privileges an account or group
has. This is a first step towards proper privileges support in Samba.
(This used to be commit 65bac11d716f873dcdbda528313c33634c26a072)
|
|
(This used to be commit f70caa25e4ee198151b915cf2bc0a26b2d0e243d)
|
|
from APP_HEAD
(This used to be commit 38c9e4299845fd77cc8629945ce2d259489f7437)
|
|
(This used to be commit f2c48cadb22256564f2ddaa5169812c7c4383ec5)
|
|
which lsaqueryinfo to do based in infoclass. Currently 12 is the only one
that causes a queryinfo2.
(This used to be commit f4ec2d52a7b093da701d68906cce6de197f182be)
|
|
setups.
- split up the ads structure into logical pieces. This makes it much
easier to keep things like the authentication realm and the server
realm separate (they can be different).
- allow ads callers to specify that no sasl bind should be performed
(used by "net ads info" for example)
- fix an error with handing ADS_ERROR_SYSTEM() when errno is 0
- completely rewrote the code for finding the LDAP server. Now try DNS
methods first, and try all DNS servers returned from the SRV DNS
query, sorted by closeness to our interfaces (using the same sort code
as we use in replies from WINS servers). This allows us to cope with
ADS DCs that are down, and ensures we don't pick one that is on the
other side of the country unless absolutely necessary.
- recognise dnsRecords as binary when displaying them
- cope with the realm not being configured in smb.conf (work it out
from the LDAP server)
- look at the trustDirection when looking up trusted domains and don't
include trusts that trust our domains but we don't trust
theirs.
- use LDAP to query the alternate (netbios) name for a realm, and make
sure that both and long and short forms of the name are accepted by
winbindd. Use the short form by default for listing users/groups.
- rescan the list of trusted domains every 5 minutes in case new trust
relationships are added while winbindd is running
- include transient trust relationships (ie. C trusts B, B trusts A,
so C trusts A) in winbindd.
- don't do a gratuituous node status lookup when finding an ADS DC (we
don't need it and it could fail)
- remove unused sid_to_distinguished_name function
- make sure we find the allternate name of our primary domain when
operating with a netbiosless ADS DC (using LDAP to do the lookup)
- fixed the rpc trusted domain enumeration to support up to approx
2000 trusted domains (the old limit was 3)
- use the IP for the remote_machine (%m) macro when the client doesn't
supply us with a name via a netbios session request (eg. port 445)
- if the client uses SPNEGO then use the machine name from the SPNEGO
auth packet for remote_machine (%m) macro
- add new 'net ads workgroup' command to find the netbios workgroup
name for a realm
(This used to be commit e358d7b24c86a46d8c361b9e32a25d4f71a6dc00)
|
|
Correct the 'none mapped' behaviour, (so that it matches Win2k) and add a
function to make the SID types appear as text strings in logs/rpcclient.
Also, remove a silly case that would cause 'failure' to be 'success'. (Might
look at this a bit more in future).
Andrew Bartlett
(This used to be commit c20d057f8821d13d3de61b319de44db23773516b)
|
|
I think we may still need to look at our server enumeration code, but
other than that, its much better in the tree than out.
Andrew Bartlett
(This used to be commit d57a1b4629d12a0374cc6d74dfc6f5d4793fcef8)
|
|
information when one or more of the names/sids being queried were not
resolvable. We now return a list the same length as the parameters passed
instead of an array of just the resolvable names/sids.
(This used to be commit 245468dbabb7c849ce423cc3cb586fa913d0adfe)
|
|
Changed "SMB/Netbios" to "SMB/CIFS" in file header.
(This used to be commit 6a58c9bd06d0d7502a24bf5ce5a2faf0a146edfa)
|
|
winbind default domains, particulary now I understand whats going on a lot
better. This ensures that the RPC client code does as little 'magic' as
possible - this is up to the application/user. (Where - for to name->sid code
- it was all along). This leaves the change that allows the sid->name code to
return domains and usernames in seperate paramaters.
Andrew Bartlett
(This used to be commit 5dfba2cf536f761b0aee314ed9e30dc53900b691)
|
|
to the function. This fixes a nice little segfault the brute-force-casting
created. :-)
Andrew Bartlett
(This used to be commit c84fa7f5fd62940e397d3353fb688f283349393e)
|
|
smbd, and also makes it much cleaner inside winbindd.
It is mostly my code, with a few changes and testing performed by Alexander
Bokovoy <a.bokovoy@sam-solutions.net>. ab has tested it in security=domain and
security=ads, but more testing is always appricatiated.
The idea is that we no longer cart around a 'domain\user' string, we keep them
seperate until the last moment - when we push that string into a pwent on onto
the socket.
This removes the need to be constantly parsing that string - the domain prefix
is almost always already provided, (only a couple of functions actually changed
arguments in all this).
Some consequential changes to the RPC client code, to stop it concatonating the
two strings (it now passes them both back as params).
I havn't changed the cache code, however the usernames will no longer have a
double domain prefix in the key string. The actual structures are unchanged
- but the meaning of 'username' in the 'rid' will have changed. (The cache is
invalidated at startup, so on-disk formats are not an issue here).
Andrew Bartlett
(This used to be commit e870f0e727952aeb8599cf93ad2650ae56eca033)
|
|
generate.
(This used to be commit d1ebd259c8c06d467eb5ee305b21e9046f16e05b)
|
|
- added lsaquerysecobj to rpcclient
- renamed querysecobj to samquerysecobj
- removed duplicated display_sec_acl() code from cmd_spoolss.c and
cmd_samr.c and moved it into display_sec.c
(This used to be commit 59b2e3f408a5ff22f2d81a927d010a7df5f19f7f)
|
|
this completes the first stage of the smbd ADS support
(This used to be commit 058a5aee901e6609969ef7e1d482a720a84a4a12)
|
|
and more to come ...
J.F.
(This used to be commit 1748d5a2af1f2dcf718d6f162ed483b001542494)
|
|
fixed lsa_enum_rpivs server code. This time it works as W2K.
fixed smbgroupedit to compile and work.
J.F.
(This used to be commit 646651018a2736833e49e76f6ca735a4647d9746)
|
|
of a privilege.
J.F.
(This used to be commit 84035ae72f422edadd9fa7e493c3d8176bb6a53d)
|
|
J.F.
(This used to be commit fa63cb78e326040f68d858d593ba98e06c26c92e)
|
|
rpcclient code. Refactored cmd_* functions to move common mem_ctx and pipe
opening stuff up one level. Moved rpcclient.h into rpcclient directory and
out of includes/smb.h
(This used to be commit a40facba9651f9fb1dcc9e143f92ca298a324312)
|
|
(This used to be commit 2d0922b0eabfdc0aaf1d0797482fef47ed7fde8e)
|
|
(This used to be commit 5ceecc7bef71b455ba7c4efd9928e2433dccc961)
|
|
the client code still needs some work
(This used to be commit dcd6e735f709a9231860ceb9682db40ff26c9a66)
|
|
(This used to be commit 1d36250e338ae0ff9fbbf86019809205dd97d05e)
|
|
- ported two rpc back from TNG (WINREG: shutdown and abort shutdown)
- some optimizations and changed some DEBUG statement in loadparm.c
- changed rpcclient a bit moved from non reentrant next_token_nr to next_token
- in cmd_reg.c not sure if getopt will work ok on all platforms only setting optind=0
(This used to be commit fd54412ce9c3504a547e232602d6129e08dd9d4d)
|
|
(This used to be commit 37052a1bcc5cd049918c3d5ac4c41c3a669290af)
|
|
(This used to be commit 48688c4592d03d6404631a7d57701f0af38cfb2d)
|
|
(This used to be commit 0a6ceed279cc8111008b21f75c6791efbd993f4b)
|
|
Jeremy.
(This used to be commit 38b19fad2851a65268b31c7e0240ed36a8407be4)
|
|
to be filled in one at a time.
(This used to be commit 6aaac3766324302b995b5a55876bf2ab74af1ff8)
|
|
back to working order. The main change is that the cli_*() RPC
functions from libsmb/*.c now should accept a struct cli_state*.
The reason for this is that rpcclient should establish the
connection to the server at startup so that it is not necessary
to keep the clear test or password hash in memory for each command.
enumports and enumprinters now works as well. lsa* functions
have been tested. SAMR calls may or may not work (one of the core
dumps I know), but it compiles :-)
jerry
(This used to be commit d98ac8852ae6b39b6fcff92c346ba56d9e63c518)
|
|
now pass through insure except for some of the dodgy spoolss prs
weirdness.
(This used to be commit 76f08426a08881793b0ef32ccc4e13c54f26417f)
|
|
(This used to be commit 8072ee62b082df5d06459667615bb3b78461ec0a)
|
|
Currently there are a small selection of lsa, samr and spoolss functions
implemented. More to follow...
(This used to be commit 9a953514f2a2cfd3c43105dd6203bc3e36aff1b1)
|
|
TNG branch.
Re-instated lsa_lookup_sids and lsa_lookup_names functions in rpcclient.
This requires most samba binaries to link in another handful of object
files due to uncessary coupling between modules. )-:
(This used to be commit 817819d0cc3ecf642be5a1656be3b71bed260ee4)
|
|
(This used to be commit d7cd7c88fdabb01d9e40ae8a657737907a21ac37)
|
|
(This used to be commit 453a822a76780063dff23526c35408866d0c0154)
|
|
(This used to be commit 2dad9d912dbc6c4a14af63715821a51c279584c6)
|
|
verified that lsaquery, lsalookupsids work, and found some bugs in the
parameters of these commands :-)
soo... we now have an lsa_* api that has the same arguments as the nt
Lsa* api! cool!
the only significant coding difference is the introduction of a
user_credentials structure, containing user, domain, pass and ntlmssp
flags.
(This used to be commit 57bff6fe82d777e599d535f076efb2328ba1188b)
|
|
msrpc client code. the intent is to hide / abstract / associate
connection info behind policy handles.
this makes the msrpc functions look more and more like their nt equivalents.
who-hou!
(This used to be commit c01b18e632aede6fce7264ef6971d7ddba945cfb)
|
|
(This used to be commit e88e7d529b5bdf32ac3bc71fa8e18f6f2a98c695)
|
|
(This used to be commit b0f8ef6168d04d55d53fc2d02df5f54176e4f893)
|
|
means that some commands need more work, as they still use next_token(),
the use of which i wish to avoid.
plus, i was getting fed up of the poor command-line processing in some
of these commands. i'm starting to need getopt() in them, especially
in samsetuser.
WARNING: only cmd_samr has been modded to use getopt() so far! reg
commands won't work, esp.
(This used to be commit 9a1efa03c8bb86c9b7e73f102a9d48fb6a57a523)
|
|
error wrong password against nt. ????
(This used to be commit b3f16e6b5aa5ba1b6afa38ad698646c8e765ec90)
|
|
(This used to be commit fbeceec5016c634136cdbb14423e25992d9521e9)
|
|
attempting to get blood out of a stone^H^H^H^H^H^H^H^H^H^H^H^H^H^H^H^H^H
querysecret to work, it keeps returning access denied.
(This used to be commit 953fe6ba9454fa4b8e69426527eca37b011f76ac)
|
|
(This used to be commit 37f4aac06fec3fbb34ed40d1010829b2e1f28558)
|
|
- signed / unsigned issues.
(This used to be commit c8fd555179314baf1672a23db34dc8ad9f2d02bf)
|
