Age | Commit message (Collapse) | Author | Files | Lines |
|
setups.
- split up the ads structure into logical pieces. This makes it much
easier to keep things like the authentication realm and the server
realm separate (they can be different).
- allow ads callers to specify that no sasl bind should be performed
(used by "net ads info" for example)
- fix an error with handing ADS_ERROR_SYSTEM() when errno is 0
- completely rewrote the code for finding the LDAP server. Now try DNS
methods first, and try all DNS servers returned from the SRV DNS
query, sorted by closeness to our interfaces (using the same sort code
as we use in replies from WINS servers). This allows us to cope with
ADS DCs that are down, and ensures we don't pick one that is on the
other side of the country unless absolutely necessary.
- recognise dnsRecords as binary when displaying them
- cope with the realm not being configured in smb.conf (work it out
from the LDAP server)
- look at the trustDirection when looking up trusted domains and don't
include trusts that trust our domains but we don't trust
theirs.
- use LDAP to query the alternate (netbios) name for a realm, and make
sure that both and long and short forms of the name are accepted by
winbindd. Use the short form by default for listing users/groups.
- rescan the list of trusted domains every 5 minutes in case new trust
relationships are added while winbindd is running
- include transient trust relationships (ie. C trusts B, B trusts A,
so C trusts A) in winbindd.
- don't do a gratuituous node status lookup when finding an ADS DC (we
don't need it and it could fail)
- remove unused sid_to_distinguished_name function
- make sure we find the allternate name of our primary domain when
operating with a netbiosless ADS DC (using LDAP to do the lookup)
- fixed the rpc trusted domain enumeration to support up to approx
2000 trusted domains (the old limit was 3)
- use the IP for the remote_machine (%m) macro when the client doesn't
supply us with a name via a netbios session request (eg. port 445)
- if the client uses SPNEGO then use the machine name from the SPNEGO
auth packet for remote_machine (%m) macro
- add new 'net ads workgroup' command to find the netbios workgroup
name for a realm
(This used to be commit e358d7b24c86a46d8c361b9e32a25d4f71a6dc00)
|
|
(This used to be commit a5a0ff8bd7ee4a3586647d14fd750ec6df73efa8)
|
|
problems here.
Also fixed some non-constant initialisers in samsync.
(This used to be commit 33bd7214736dafd5927d63af5f8510646b81e7df)
|
|
and must == unix username for sane implementation in passdb.
Andrew Bartlett
(This used to be commit 412c791980de7f88a926b2f9ed361f0f882594c8)
|
|
pretty half-arsed at the moment and doesn't work very well but Mr Bartlett
was interested in it.
Also started playing around with the more interesting bits of popt. The
auto-generated usage information is pretty neat.
(This used to be commit b3e51bfe6c13f1d20e599f675332f0489d8462e7)
|
|
(This used to be commit 8c17904848a6206ab35652625ff5f3afcf6bcb0d)
|
|
(This used to be commit 28373e5bc2acc09a9e4c9dab3f76c21d04850dde)
|
|
as they're no longer new!
(This used to be commit 277f6bbb9a63541a473a80a7994e9bde5c6f22dc)
|
|
(This used to be commit 6129718bea458ceb7669ecabc8cf0c8f908c7074)
|
|
determine what access masks should be applied to various SAMR calls.
Andrew Bartlett
(This used to be commit dbf28f992bcd4859a9b7d78ac1d33e4063617f94)
|
|
(This used to be commit 2674adf1b5c54da03e8a445ec1e12d382294d1c1)
|
|
Correct the 'none mapped' behaviour, (so that it matches Win2k) and add a
function to make the SID types appear as text strings in logs/rpcclient.
Also, remove a silly case that would cause 'failure' to be 'success'. (Might
look at this a bit more in future).
Andrew Bartlett
(This used to be commit c20d057f8821d13d3de61b319de44db23773516b)
|
|
code
(This used to be commit 91ad9041e9507d36eb3f40c23c5d4df61f139ef0)
|
|
Now let's keep this in sync !
Jeremy.
(This used to be commit 3603cd4947df2c10df604447dc542932cb9e5d5a)
|
|
(This used to be commit e77e21cdbe2cb2d594494dd6e5cac37b5b1bcab8)
|
|
Andrew Bartlett
(This used to be commit ebc8452a30b2a9bdd6698af8dad489f3f92ae7a6)
|
|
few more places to use it.
Andrew Bartlett
(This used to be commit 23689b0746d5ab030d8693abf71dd2e80ec1d7c7)
|
|
(This used to be commit 361afd241beeda033068c7f3a976f3f69fa2ac33)
|
|
(This used to be commit b3b3e45583718e5b034f6c67609523f35753c1a8)
|
|
(This used to be commit c3921e36071a70ab9534fe92286b361aae2336b6)
|
|
(This used to be commit 70f8adf297a3979230e425126cd5868972b1d17e)
|
|
Some reformatting.
(This used to be commit 612eae45ef7b0289e0c67b331d96a351fc567e5c)
|
|
(This used to be commit 099b750b4ed8f04a1fd8a018508d412691e37df6)
|
|
when using restrictanonymous.
(This used to be commit 0c65978ed07903af808da5f32cc29531aef23225)
|
|
(This used to be commit 99ac1b339c2b4ec5b85ecc3a87efa2ef508ecab1)
|
|
- close down connect and domain policy handles when exiting
- allow enumeration of > 65535 groups or aliases
- error handling for non-zero return value from enumeration functions
(This used to be commit a48f362ca7ff6477d3064bc2c5c888eeb095d2ce)
|
|
didn't make any sense, and its was always just strlen(password) anyway.
This fixes it to be strlen(password)+1
Andrew Bartlett
(This used to be commit c205b18bd6b9b69200ff3db55f2c641631d4ab40)
|
|
this:
More code cleanup - this lot a bit more dodgy than the last:
The aim is to trim pwd_cache down to size. Its overly complex, and a
pain to deal with. With a header comment like this:
'obfusticaion is planned'
I think it deserved to die (at least partly).
This was being done to allow 'cli_establish_connection' to die - its
functionality has been replaced by cli_full_connection(), which does
not duplicate code everywhere for creating names etc.
This also removes the little 'init' fucntions for the various pipes,
becouse they were only used in one place, and even then it was dodgy.
(I've reworked smbcacls not to use anonymous connections any more, as
this will (should) fail with a 'restrict anonymous' PDC).
This allowed me to remove cli_pipe_util.c, which was calling
cli_establish_connection.
tpot: I'm not sure what direction you were going with the client stuff,
and you may well have been wanting the init functions. If thats the case,
give me a yell and I'll reimplement them against cli_full_connection.
Andrew Bartlett
(This used to be commit fa67e4626bed623333c571e76e06ccd52cba5cc5)
|
|
The size of samba going down for once :-)
Andrew Bartlett
(This used to be commit 00ef4aad88f4ba9f2e242578c37933eac001c351)
|
|
I think we may still need to look at our server enumeration code, but
other than that, its much better in the tree than out.
Andrew Bartlett
(This used to be commit d57a1b4629d12a0374cc6d74dfc6f5d4793fcef8)
|
|
(This used to be commit 79d7bcf42e568b8fe75818c1d2344bff738afd70)
|
|
The semantics of the src_len argument to rpcstr_pull() seem to have changed
breaking most of the spoolss commands in rpcclient. Changed a bunch of
0's to -1's to fix it.
(This used to be commit f32e3f2087c44f27bcfc8a8b1c76ee2b29f01dea)
|
|
(This used to be commit fa5c1ba12b4cae0c03f1adbc38e7ad5eeca0e895)
|
|
(This used to be commit 671607a3eefc58673bdd4cb8fc8d3a3f65542f03)
|
|
(This used to be commit 28c1fae4d89399ec4d15bfb3ccd17d8b5b0495fc)
|
|
(This used to be commit 91929afbb0cad422cc6d05f9a10ba5c3d797d779)
|
|
information when one or more of the names/sids being queried were not
resolvable. We now return a list the same length as the parameters passed
instead of an array of just the resolvable names/sids.
(This used to be commit 245468dbabb7c849ce423cc3cb586fa913d0adfe)
|
|
(This used to be commit 06df6c79ae91cb4b1427a2a230fee288cff50e10)
|
|
(This used to be commit f287f62962feca6dac8747d16676dc64723eb5b1)
|
|
(This used to be commit 3d542abdb1805bf746eb9a7ef41fc904534f4edb)
|
|
one a single pipe
(This used to be commit b73a8416d31c0ec7975ba022f5c425a581497b72)
|
|
This is an intermediate check-in. More to come....
(This used to be commit 5b9b152971aa635d484cde45413a7880424ee22d)
|
|
(This used to be commit 1f007d3ed41c1b71a89fa6be7d173e67e927c302)
|
|
shouldn't matter for logic...if anyone disagrees whack me over the head and explain why...
(This used to be commit 4081ce40dda886aeb01f590f00bfe50e0e4e8ae4)
|
|
to popt. Every option has to be in fixed storage.
(This used to be commit e5e7132e80bfe599d56809bf47a13d2028ee9c86)
|
|
got_pass from BOOL to int. Also includes long option names...anyone want those different before I update the doc? Please try this out. I've tried to test all the flags, but the more times we kick the tires...
(This used to be commit cd34897749dc5819dd7239269fbd5dcef5bea5c0)
|
|
(This used to be commit bb0ef8bc305da7490a19a6f4efd2aa60bf14aef1)
|
|
(This used to be commit d9df00e2b1764619491900b7dbd7d5af34feed1b)
|
|
(This used to be commit 5b195f8bf14b11edca74db5fd9658916447b363d)
|
|
This commit builds on the auth subsystem to give Samba support for trusting NT4
domains. It is off by default, but is enabled by adding 'trustdomain' to the
'auth methods' smb.conf paramater.
Tested against NT4 only - there are still some issues with the join code for
Win2k servers (spnego stuff).
The main work TODO involves enumerating the trusted domains (including the RPC
calls to match), and getting winbind to run on the PDC correctly.
Similarly, work remains on getting NT4 to trust Samba domains.
Andrew Bartlett
(This used to be commit ac8c24a9a888a3f916e8b40238b936e6ad743ef7)
|