summaryrefslogtreecommitdiff
path: root/source3/utils/net.c
AgeCommit message (Collapse)AuthorFilesLines
2007-10-10r22135: Check in most of Michael Adam's net conf utility. A good share of ↵Volker Lendecke1-0/+3
this patch is moving functions around to fix some linker dependencies for the registry. Michael, I've renamed your auth_utils2.c to token_utils.c. Thanks! Volker (This used to be commit 9de16f25c1c3e0b203da47391772ef2e2fe291ac)
2007-10-10r21831: Back out r21823 for a while, this is going into a bzr tree first.Volker Lendecke1-3/+1
Volker (This used to be commit fd0ee6722ddfcb64b5cc9c699375524ae3d8709b)
2007-10-10r21823: Let secrets_store_machine_password() also store the account name. ↵Volker Lendecke1-1/+3
Not used yet, the next step will be a secrets_fetch_machine_account() function that also pulls the account name to be used in the appropriate places. Volker (This used to be commit f94e5af72e282f70ca5454cdf3aed510b747eb93)
2007-10-10r21784: Replace smb_register_idle_event() with event_add_timed(). This fixes ↵Volker Lendecke1-2/+2
winbind who did not run the idle events to drop ldap connections. Volker (This used to be commit af3308ce5a21220ff4c510de356dbaa6cf9ff997)
2007-10-10r20116: Start merging in the work done to create the new idmap subsystem.Simo Sorce1-1/+1
Simo. (This used to be commit 50cd8bffeeed2cac755f75fc3d76fe41c451976b)
2007-10-10r19424: Protect against username == NULLJeremy Allison1-0/+4
Jeremy. (This used to be commit 78b14de27a2220dc4a26d21d108242220b4a1598)
2007-10-10r19422: Doh ! Put the krb5 user@realm code in the right place.Jeremy Allison1-3/+37
Jeremy. (This used to be commit a31bbbaee1042143d750a29b8fcec4720bfdb374)
2007-10-10r17086: Re-add ability to contact remote domain controllers with the "net ads"Günther Deschner1-2/+2
toolset. In 3.0.23 all those commands have been limited to the DC of our primary domain. Also distinguish calls that may go to remote DCs (search, info, lookup, etc.) from those that should only go to our primary domain (join, leave, etc.). Guenther (This used to be commit d573e64781667993478a289580fa65c34e847f64)
2007-10-10r17078: Ouch....Volker Lendecke1-36/+0
(This used to be commit 1d928f783a78b3e957b675f12f1ad56e84c2fcfb)
2007-10-10r17077: Activate RPC-SAMBA3-GETUSERNAME in the build farmVolker Lendecke1-0/+36
(This used to be commit 8c6088f2bd0a5e3a854a31fe428d841d61055a30)
2007-10-10r16945: Sync trunk -> 3.0 for 3.0.24 code. Still needJeremy Allison1-1/+7
to do the upper layer directories but this is what everyone is waiting for.... Jeremy. (This used to be commit 9dafb7f48ca3e7af956b0a7d1720c2546fc4cfb8)
2007-10-10r15971: Obey the manpage description and make changesecretpw accept a ↵Simo Sorce1-1/+14
password via stdin (This used to be commit 60d4aabc3205aa80f8d49c3c2db95927c61a81a5)
2007-10-10r15646: Implement an setdomainsid command as wellSimo Sorce1-0/+21
(This used to be commit 51df47c772f8bdd5a2c3a1e9814e625406e79b5f)
2007-10-10r15543: New implementation of 'net ads join' to be more like Windows XP.Gerald Carter1-10/+43
The motivating factor is to not require more privileges for the user account than Windows does when joining a domain. The points of interest are * net_ads_join() uses same rpc mechanisms as net_rpc_join() * Enable CLDAP queries for filling in the majority of the ADS_STRUCT->config information * Remove ldap_initialized() from sam/idmap_ad.c and libads/ldap.c * Remove some unnecessary fields from ADS_STRUCT * Manually set the dNSHostName and servicePrincipalName attribute using the machine account after the join Thanks to Guenther and Simo for the review. Still to do: * Fix the userAccountControl for DES only systems * Set the userPrincipalName in order to support things like 'kinit -k' (although we might be able to just use the sAMAccountName instead) * Re-add support for pre-creating the machine account in a specific OU (This used to be commit 4c4ea7b20f44cd200cef8c7b389d51b72eccc39b)
2007-10-10r14098: Fix Coverity # 112Volker Lendecke1-2/+13
(This used to be commit 121a350b92dafec8f171a54f4b897c7f81757dd1)
2007-10-10r13861: Avoid "net rpc join" segfaulting when storing the servername in theGünther Deschner1-1/+1
affinity cache. Guenther (This used to be commit b8c07babbd22832132da8f70026aa1816983bc38)
2007-10-10r13382: added server affinity cache stores for 'net rpc join' and trusted ↵Gerald Carter1-0/+5
domain code (This used to be commit 9eb743584d32cdb67e0512ac915c34565bce1c01)
2007-10-10r13316: Let the carnage begin....Gerald Carter1-0/+27
Sync with trunk as off r13315 (This used to be commit 17e63ac4ed8325c0d44fe62b2442449f3298559f)
2007-10-10r13212: r12414@cabra: derrell | 2006-01-28 17:52:17 -0500Derrell Lipman1-1/+1
lp_load() could not be called multiple times to modify parameter settings based on reading from multiple configuration settings. Each time, it initialized all of the settings back to their defaults before reading the specified configuration file. This patch adds a parameter to lp_load() specifying whether the settings should be initialized. It does, however, still force the settings to be initialized the first time, even if the request was to not initialize them. (Not doing so could wreak havoc due to uninitialized values.) (This used to be commit f2a24de769d1b2266e576597c57a8e3b1e2a2b51)
2007-10-10r12986: Use d_fprintf(stderr, ...) for any error message in net.Lars Müller1-19/+19
All 'usage' messages are still printed to stdout. Fix some compiler warnings for system() calls where we didn't used the return code. Add appropriate error messages and return with the error code we got from system() or NT_STATUS_UNSUCCESSFUL. (This used to be commit f650e3bdafc4c6bcd7eb4bcf8b6b885b979919eb)
2007-10-10r12544: Fix segfaults in winbind, smbpasswd and netVolker Lendecke1-0/+2
(This used to be commit 9ca8edc26e66887d6333943bc6a9776352c657fc)
2007-10-10r10656: BIG merge from trunk. Features not copied overGerald Carter1-7/+10
* \PIPE\unixinfo * winbindd's {group,alias}membership new functions * winbindd's lookupsids() functionality * swat (trunk changes to be reverted as per discussion with Deryck) (This used to be commit 939c3cb5d78e3a2236209b296aa8aba8bdce32d3)
2007-10-10r8911: cosmetic fixes.Günther Deschner1-1/+1
Guenther (This used to be commit bf67a8611491ed748c6975787ce2f0572586a3c6)
2007-10-10r7998: Fix usage messageVolker Lendecke1-1/+1
(This used to be commit 1e9a8854b1f3bd640096923dc79991654da7e845)
2007-10-10r6277: This implements a new caching API for enumerating the pdb elements. It isVolker Lendecke1-48/+24
modeled after query_displayinfo and should hide the differences between users, groups and aliases while allowing a cache analog load_sampw_entries: struct pdb_search *pdb_search_users(uint16 acct_flags); struct pdb_search *pdb_search_groups(void); struct pdb_search *pdb_search_aliases(const DOM_SID *sid); uint32 pdb_search_entries(struct pdb_search *search, uint32 start_idx, uint32 max_entries, struct samr_displayentry **result); void pdb_search_destroy(struct pdb_search *search); Why this API? Eventually we will need to apply the work gd has started on enumerating users with paged ldap searches to groups and aliases. Before doing that I want to clean up the search routines we have. The sample application (more to follow) is 'net maxrid'. Volker (This used to be commit 8b4f67a1e9d459145cde10b1064781d58d62b805)
2007-10-10r6225: get rid of warnings from my compiler about nested externsHerb Lewis1-1/+1
(This used to be commit efea76ac71412f8622cd233912309e91b9ea52da)
2007-10-10r5316: Get 'net afskey' into a subcommand of its own, 'net afs key'.Volker Lendecke1-4/+42
Implement 'net afs impersonate', generate a token for a specified user. You obviously need to be root for this operation. Volker (This used to be commit 5818b092e6e50d38238b0520329eb8912125c90a)
2007-10-10r4850: Fix remaining pdb_setsampwent-calls.Günther Deschner1-3/+2
To get all entries use a 0 acb_mask. Guenther (This used to be commit bc729f8fd877236a503cc9df64138b2be2e1a91d)
2007-10-10r4848: fix build; gd please check and make sure this is okGerald Carter1-1/+2
(This used to be commit f1d59c3a2693fe36b9abe9c1da4b703c5543f938)
2007-10-10r4088: Get medieval on our ass about malloc.... :-). Take control of all our ↵Jeremy Allison1-10/+10
allocation functions so we can funnel through some well known functions. Should help greatly with malloc checking. HEAD patch to follow. Jeremy. (This used to be commit 620f2e608f70ba92f032720c031283d295c5c06a)
2007-10-10r3761: Fix bug #1932: crash when non-root invokes net getlocalsidJim McDonough1-1/+9
First check to see if we can open secrets.tdb. (This used to be commit 81e3c78d056c0a7499b8f27dcd37a13e725053ee)
2007-10-10r2935: This is a long-standing one in my patch-queue: A pair of net commandsVolker Lendecke1-0/+1
(usersidlist/allowedusers) to scan a file server's share and list all users who have permission to connect there. Volker (This used to be commit f7f84aa1ded70af3882e4122f34d5c7eed746993)
2007-10-10r2835: Since we always have -I. and -I$(srcdir) in CFLAGS, we can get rid ofTim Potter1-1/+1
'..' from all #include preprocessor commands. This fixes bugzilla #1880 where OpenVMS gets confused about the '.' characters. (This used to be commit 7f161702fa4916979602cc0295919b541912acd6)
2007-10-10r2832: Readd WKGUID-binding to match the correct default-locations of newGünther Deschner1-1/+1
User-, Group- and Machine-Accounts in Active Directory (this got lost during the last trunk-merge). This way we match e.g. default containers moved by redircmp.exe and redirusr.exe in Windows 2003 and don't blindly default to cn=Users or cn=Computers. Further wkguids can be examied via "net ads search wellknownobjects=*". This should still keep a samba3-client joining a samba4 dc. Fixes Bugzilla #1343. Guenther (This used to be commit 8836621694c95779475fa9a1acf158e5e0577288)
2007-10-10r2080: Remove last traces of static migration to localhost. Needed to allow aGünther Deschner1-10/+14
local netbios-alias bound to non-loopback interface as a migration target. It's now possible to migrate printers|shares|files from Server A to Server B while running the net-command on client C. Guenther (This used to be commit 0cfd2866dfe5e959ede169a77c39480790300de3)
2007-10-10r1966: further work on and cleanup of the net-migration-tool.Günther Deschner1-5/+9
It's now possible to migrate files preserving dos-attributes and correct timestamps. Also added some small docu- and syntax-fixes. Guenther (This used to be commit 0e990582a0416933a8671ca660d22e980f828402)
2007-10-10r1716: Get rid of a compiler warning. "pipe" is a symbol that is defined as ↵Volker Lendecke1-2/+2
a system call, and gcc -Wall complains about a shadowed definition. Volker (This used to be commit 9a2fd67037769b5cbb10edd024f6d98c610bf875)
2007-10-10r1692: first commit :)Günther Deschner1-5/+55
* add IA64 to the architecture table of printer-drivers * add new "net"-subcommands: net rpc printer migrate {drivers|printers|forms|security|settings|all} [printer] net rpc share migrate {shares|files|all} [share] this is the first part of the migration suite. this will will (once feature-complete) allow to do 1:1 server-cloning in the best possible way by making heavy use of samba's rpc_client-functions. all migration-steps are implemented as rpc/smb-client-calls; net communicates via rpc/smb with two servers at the same time (a remote, source server and a destination server that currently defaults to the local smbd). this allows e. g. printer-driver migration including driverfiles, recursive mirroring of file-shares including file-acls, etc. almost any migration step can be called with a migrate-subcommand to provide more flexibility during a migration process (at the cost of quite some redundancy :) ). "net rpc printer migrate settings" is still in a bad condition (many open questions that hopefully can be adressed soon). "net rpc share migrate security" as an isolated call to just migrate share-ACLs will be added later. Before playing with it, make sure to use a test-server. Migration is a serious business and this tool-set can perfectly overwrite your existing file/print-shares. * along with the migration functions had to make I the following changes: - implement setprinter level 3 client-side - implement net_add_share level 502 client-side - allow security descriptor to be set in setprinterdata level 2 serverside guenther (This used to be commit 8f1716a29b7e85baf738bc14df7dabf03762f723)
2007-10-10r269: Patch from Krischan Jodies <kj@sernet.de>: Implement 'net rpc group ↵Volker Lendecke1-1/+2
delete'. Volker (This used to be commit ec321674961cc62c048b149ee19b6e36325c8eb3)
2007-10-10r21: Ensure 'net' follows the behaviour of all other samba client tools,Andrew Bartlett1-5/+3
and honours the 'netbios name' in the smb.conf. (This used to be commit 591047c20a06cd94540b3781459c0f1b6f5baa9f)
2004-03-18Two little annoyances:Volker Lendecke1-2/+1
net rpc did not inform you if no smbd is running. I never liked the error message (!) Success! when we established a trust. Volker (This used to be commit 4191a434d48065a75f38752c4aa27219f36d602b)
2004-02-26Implement 'net groupmap set' and 'net groupmap cleanup'.Volker Lendecke1-0/+11
I was rather annoyed by the net groupmap syntax, I could never get it right. net groupmap set "domain admins" domadm creates a mapping, net groupmap set "domain admins" -C "Comment" -N "newntname" should also do what you expect. I'd like to have some feedback on the usability of this. net groupmap cleanup solves a problem I've had two times now: Our SID changed, and a user's primary group was mapped to a SID that is not ours. net groupmap cleanup removes all mappings that are not from our domain sid. Volker (This used to be commit eb4d4faff8c14e999f414ca5b6e8c25a558859c8)
2004-02-25Fix bug in previous global_sam_sid() commit. I broke the 'read fromAndrew Bartlett1-0/+6
MACHINE.SID' file functionality. Also, before we print out the results of 'net getlocalsid' and 'net getdomainsid', ensure we have tried to read that file, or have generated one. Andrew Bartlett (This used to be commit 191b43159e7358541be9a3deac8c447885145442)
2004-02-25I *hate* global variables...Andrew Bartlett1-0/+10
OK, what was happening here was that we would invalidate global_sam_sid when we set the sid into secrets.tdb, to force a re-read. The problem was, we would do *two* writes into the TDB, and the second one (in the PDC/BDC case) would be of a NULL pointer. This caused smbd startups to fail, on a blank TDB. By using a local variable in the pdb_generate_sam_sid() code, we avoid this particular trap. I've also added better debugging for the case where this all matters, which is particularly for LDAP, where it finds out a domain SID from the sambaDomain object. Andrew Bartlett (This used to be commit 86ad04d26d3065a99b08afaaf2914968a9e701c5)
2004-01-21Display some nicer error messages for login via 'net'. I don'tVolker Lendecke1-0/+8
see a reason why we have so many special cases and not simply use nt_errstr(nt_status). Comments? Volker (This used to be commit ea1a5fb30357f4fe70139ff5583d09cef9fdaa62)
2003-12-01I needed a decently parseable format of smbstatus. Looking at smbstatus codeVolker Lendecke1-0/+1
tells me that this should not be expanded, so I implemented net status [sessions|shares] [parseable] Volker (This used to be commit 63d877c6b4786dcddf5f389842f798857be282c0)
2003-10-23Fix bug 451. Stop net -P from prompting for machine account password.Jim McDonough1-2/+2
Based on work by Ken Cross (kcross@nssolutions.com). (This used to be commit 8ef7ac22ef1a60dca0a2d01dc6ff4ba14bc1549a)
2003-10-22Put strcasecmp/strncasecmp on the banned list (except for needed callsJeremy Allison1-4/+4
in iconv.c and nsswitch/). Using them means you're not thinking about multibyte at all and I really want to discourage that. Jeremy. (This used to be commit d7e35dfb9283d560d0ed2ab231f36ed92767dace)
2003-09-23This only touches the fake kaserver support. It adds two parameters:Volker Lendecke1-3/+3
afs share -- this is an AFS share, do AFS magic things afs username map -- We need a way to specify the cell and possibly weird username codings for several windows domains in the afs cell Volker (This used to be commit 4a3f7a9356cd5068d9ed4fd6e2336d9bf7923fbd)
2003-09-07Nobody complained on the team-list, so commit it ...Volker Lendecke1-0/+47
This implements some kind of improved AFS support for Samba on Linux with OpenAFS 1.2.10. ./configure --with-fake-kaserver assumes that you have OpenAFS on your machine. To use this, you have to put the AFS server's KeyFile into secrets.tdb with 'net afskey'. If this is done, on each tree connect smbd creates a Kerberos V4 ticket suitable for use by the AFS client and gives it to the kernel via the AFS syscall. This is meant to be very light-weight, so I did not link in a whole lot of libraries to be more platform-independent using the ka_SetToken function call. Volker (This used to be commit 5775690ee8e17d3e98355b5147e4aed47e8dc213)