Age | Commit message (Collapse) | Author | Files | Lines |
|
The code was nice, but put in the wrong place (group mapping) and not
supported by most of the code, thus useless.
We will put back most of the code when our infrastructure will be changed
so that privileges actually really make sense to be set.
This is a first patch of a set to enhance all our mapping code cleaness and
stability towards a sane next beta for 3.0 code base
Simo.
(This used to be commit e341e7c49f8c17a9ee30ca3fab3aa0397c1f0c7e)
|
|
from the output of 'net idmap dump'.
'net idmap dump' now also prints the USER/GROUP HWM.
Volker
(This used to be commit c0575be936572bb091a77c58361bd3a4fe9549ff)
|
|
the idmap and the SAM.
The basic idea is this: Lookup the user with GetPwnam(), and if they
exist then use that uid. This is what people expect. If the user does
not exist, try and run the right script.
This is also what people expect from previous Samba 3.0 behaviour, where
the Get_Pwnam() was at runtime.
If the idmap entry for this SID isn't valid, or isn't the right value,
modify the idmap to account for this mapping.
Also, the same logic is applied to the primary gid - if it has changed,
update the user's primary unix group.
This patch allows users to be added without a mapping - this is fine for
machine accounts, for example. I've given it a quick test against my
Win2k DC, and I *think* it's sane.
Andrew Bartlett
(This used to be commit d2a70bfff182352da50cd6c23ddfa80fe1b353c7)
|
|
(This used to be commit 18f3a5efea7c60d764d5ed82f3a83e1608f8c34e)
|
|
(This used to be commit d817eaf0ecca2d878ab1ffcf7a747a02d71c811e)
|
|
that is now possible to, for example, load a module which contains
an auth method into a binary without the auth/ subsystem built in.
(This used to be commit 74d9ecfe2dd7364643d32acb62ade957bd71cd0d)
|
|
(This used to be commit 4c7efe25c3f2336938050086ffe5f4cfe462e6f6)
|
|
This allows us to join as a BDC, without appearing on the network as one
until we have the database replicated, and the admin changes the configuration.
This also change the SID retreval order from secrets.tdb, so we no longer
require a 'net rpc getsid' - the sid fetch during the domain join is sufficient.
Also minor fixes to 'net'.
Andrew Bartlett
(This used to be commit 876e00fd112e4aaf7519eec27f382eb99ec7562a)
|
|
Need to check on where the privilege code is sitting
and update the docs.
Examples:
root# bin/net help groupmap
net groupmap add
Create a new group mapping
net groupmap modify
Update a group mapping
net groupmap delete
Remove a group mapping
net groupmap list
List current group map
# bin/net groupmap add
Usage: net groupmap add rid=<int> name=<string> type=<domain|local|builtin> [comment=<string>]
# bin/net groupmap delete
Usage: net groupmap delete name=<string|SID>
# bin/net groupmap modify
Usage: net groupmap modify name=<string|SID> [comment=<string>] [type=<domain|local>
(This used to be commit f2fd0ab41ffbc0355db95529b6bda1b21aa4860a)
|
|
- Add general CHANGETRUSTPW function that calls ADS CHANGETRUSTPW or RPC CHANGETRUSTPW
(Merged from HEAD)
(This used to be commit f0982e1102276453d79e438ffb90c9fa305ff98b)
|
|
- Jelmer's latest popt changes
(This used to be commit 6a54d9a0a77c71664dc6cdbed1adf492c28c0cce)
|
|
This patch catches up on the rest of the work - as much string checking
as is possible is done at compile time, and the rest at runtime.
Lots of code converted to pstrcpy() etc, and other code reworked to correctly
call sizeof().
Andrew Bartlett
(This used to be commit c5b604e2ee67d74241ae2fa07ae904647d35a2be)
|
|
(This used to be commit 8de62f7896a53084e87b95c013d8693214c8ab85)
|
|
other progs.
(This used to be commit c58c84e8066d5d17e1cde99b83d259030f15458b)
|
|
(This used to be commit 7a4c87484237308cb3ad0d671687da7e0f6e733b)
|
|
* removed unused variable from rpcclient code
* added container option to net command (patch from SuSE)
* Makefile patch for examples/VFS from SuSE
(This used to be commit 25a9681ddda47a41fac8fdc97ca50b7f4c579eaf)
|
|
warnings. (Adds a lot of const).
Andrew Bartlett
(This used to be commit 3a7458f9472432ef12c43008414925fd1ce8ea0c)
|
|
dashes of const. This is a rather large check-in, some things may break.
It does compile though :-).
Jeremy.
(This used to be commit f755711df8f74f9b8e8c1a2b0d07d02a931eeb89)
|
|
(This used to be commit e3310ac832f78f08d6ec6421222a651efe8767a6)
|
|
(This used to be commit 6ba7847ce2756fde94e530fd0bf2a055f3e27373)
|
|
that app-head does.
Jeremy.
(This used to be commit ec7953f20145799f6286a295472df4826bfdfb8f)
|
|
- Fix segfaults in the 'net ads' commands when no password is provided
- Readd --with-ldapsam for 2.2 compatability. This conditionally compiles the
old options, but the actual code is available on all ldap systems.
- Fix shadow passwords (as per work with vl)
- Fix sending plaintext passwords to unicode servers (again vl)
- Add a bit of const to secrets.c functions
- Fix some spelling and grammer by vance.
- Document the -r option in smbgroupedit.
There are more changes in HEAD, I'm only merging the changes I've been involved
with.
Andrew Bartlett
(This used to be commit 83973c389355a5cc9ca74af467dfd8b5dabd2c8f)
|
|
(This used to be commit 65e7b5273bb58802bf0c389b77f7fcae0a1f6139)
|
|
(This used to be commit 1b83b78e332b9d28914eff155530e81cf2073a58)
|
|
(This used to be commit 03ac082dcb375b6f3ca3d810a6a6367542bc23ce)
|
|
- Added net_help.c for unified help when possible
- Added net rpc user listing, delete, info commands
- Unified net user command to autodetect ads/rpc/rap (try in that order)
- Added generic routine for detecting rpc (protocol > PROTOCOL_NT1)
- I'm sure I forgot something.
(This used to be commit 9daa5788c822cf1ad20dc703e7f03b9ee82987bf)
|
|
- Get rid of improper "Invalid option: d (100)" message when setting
debug from commandline.
- Eliminate got_pass global and only use opt_password. This enables
re-use of password that may have been enetered in failed ads connect.
- Auto-detect method for net user command
- use new net_ads_check rather than lp_security==ADS test on net join
- Get rid of annoying debug level 0's
(This used to be commit 1280968000595c28ed62d9e74acecfdc84e33710)
|
|
implemented yet...
(This used to be commit 24c6bf4e8b6d519340d5f9f3353ffc6b5f7520b3)
|
|
need to when we are a BDC or a PDC doing a self-join.
Andrew Bartlett
(This used to be commit 996cd3a0979a92b087003982bc61796a8090a787)
|
|
(This used to be commit 1f007d3ed41c1b71a89fa6be7d173e67e927c302)
|
|
(This used to be commit 951006374e48d80a5128d870bdc255bf8c22cb6a)
|
|
nicely, and make 'net help rap user' the same as 'net rap user help'...stuff like that
(This used to be commit 17775dae28c724b11cc73f2aeac5f07f9656046c)
|
|
Rafal Szczesniak <mimir@diament.ists.pwr.wroc.pl>
This adds the 'net' tools to manipulate the trusted domains.
Andrew Bartlett
(This used to be commit 770c8a31d9804d3339ffa0de8b5072a5c7eb02df)
|
|
Changed "SMB/Netbios" to "SMB/CIFS" in file header.
(This used to be commit 6a58c9bd06d0d7502a24bf5ce5a2faf0a146edfa)
|
|
a username on the commandline. Also don't continue past the kinit if a password is entered and fails because existing tickets would be used, which may not be desired if the username was specified.
(This used to be commit 7e5d7dfa834c0161460bde8a2f0d4824c0a0d1fe)
|
|
These two little features are very useful, but the passing of options about
needs some serious work. The popt stuff in the shutdown code is #ifdef'ed out
until the main popt loop can be convinced not to chew on the options :-(
Andrew Bartlett
(This used to be commit 51c985be7fbfe5627c5b2590e7610653e7be98e3)
|
|
(This used to be commit 51268c512dbae94aba308668df9facaf15a2ce9e)
|
|
scripts
(This used to be commit 6d2f7ed708e75687d23f432ba9a186e88fa14118)
|
|
(This used to be commit 60eb4dc7b1114275f035d27a890e0301a65e0e42)
|
|
(This used to be commit 3c927e39e7354d2f65b3ff7148fc325b41552310)
|
|
(This used to be commit 4405a87fb754cece3a5428246ea6ecb9abba1996)
|
|
a SMB server
particularly useful for ADS is:
net time set -S DOMAIN#1B
this makes kerberos clock skew problems go away :)
(This used to be commit b3ba2293d0e4eac3b6408c3abc3dcacfa3f67fe4)
|
|
(This used to be commit c87d1ad32114200d3e678f8de88874c737f8e571)
|
|
protocol switch mechanism in place
(This used to be commit d20c3717dd58745da082d1b4df7698c6d6c38e6c)
|
|
This moves the rest of the functionality into the 'net rpc join' code.
Futhermore, this moves that entire area over to the libsmb codebase, rather
than the crufty old rpc_client stuff.
I have also fixed up the smbpasswd -a -m bug in the process.
We also have a new 'net rpc changetrustpw' that can be called from a
cron-job to regularly change the trust account password, for sites
that run winbind but not smbd.
With a little more work, we can kill rpc_client from smbd entirly!
(It is mostly the domain auth stuff - which I can rework - and the
spoolss stuff that sombody else will need to look over).
Andrew Bartlett
(This used to be commit 575897e879fc175ba702adf245384033342c903d)
|
|
function.
(This used to be commit 61b0f5f4f9788784b0806a9a15cbc6bf1005aa68)
|
|
(This used to be commit b2443f6fca5840584926b7481acf1975507c445e)
|
|
PDC, as well as changes for correctness as per tridge.
Andrew Bartlett
(This used to be commit 16d302c5cc0da93a58e0ce10843f9c8d8062c689)
|
|
'net' untility.
This should make it easier to port rpcclient code across to net.
It also allows SPNEGO (the NTLMSSP subsystem in particular) to work, becouse
it kills off the early destruction of the clear-text password.
Andrew Bartlett
(This used to be commit eee925861a3af3aa16efa3b1700a980c9510c14e)
|
|
This time, all the existing functionality has been moved into
'net rap', ready for new commands in the 'net ads' and 'net rpc' categories.
In particular, we hope to have the abilty to autoselect the appropriate
backend to use based on smb.conf or other paramaters.
This will allow 'net user' to work no matter what the remote server.
The new 'net rpc' command will soon gain a 'net rpc join' and a
'net rpc user' based on the existing samba code.
Also in this commit, the connection establishment code has been almost entirly
reworked, and now has some minor sense of sainity to it.
In particular, we can now connect to hosts *other* than localhost!
We also have the ability to state on a per-command basis whether the 'localhost'
is a sane default value. (A net join, for example, would not be sane against
localhost).
Unfortunetly we have had to make the basic paramaters global variables, but
the 'cli' is not opened and closed on a per-command basis.
Andrew Bartlett
(This used to be commit 8739d426caabe3794a018dd28ab139b08f88b603)
|