summaryrefslogtreecommitdiff
path: root/source3/utils/net_ads.c
AgeCommit message (Collapse)AuthorFilesLines
2007-10-24This is a large patch (sorry). Migrate from struct in_addrJeremy Allison1-15/+21
to struct sockaddr_storage in most places that matter (ie. not the nmbd and NetBIOS lookups). This passes make test on an IPv4 box, but I'll have to do more work/testing on IPv6 enabled boxes. This should now give us a framework for testing and finishing the IPv6 migration. It's at the state where someone with a working IPv6 setup should (theorecically) be able to type : smbclient //ipv6-address/share and have it work. Jeremy. (This used to be commit 98e154c3125d5732c37a72d74b0eb5cd7b6155fd)
2007-10-18RIP BOOL. Convert BOOL -> bool. I found a few interestingJeremy Allison1-10/+10
bugs in various places whilst doing this (places that assumed BOOL == int). I also need to fix the Samba4 pidl generation (next checkin). Jeremy. (This used to be commit f35a266b3cbb3e5fa6a86be60f34fe340a3ca71f)
2007-10-10r25201: Fight those red bars...Michael Adam1-182/+183
(This used to be commit cc4599fdc1fb9aa51f6a4487cb1aa78a5556757a)
2007-10-10r25200: Fix a debug message.Michael Adam1-1/+1
(This used to be commit f1f4758e2c40a470c19b4b738f79ec5807522909)
2007-10-10r25198: Change net_rpc_join_ok() to return NTSTATUS for betterMichael Adam1-2/+6
error propagation. Michael (This used to be commit 5a16da2185f07d1f48fabd93a7a6b8f2d6b91089)
2007-10-10r24853: Rename function as Jerry asked.Rafal Szczesniak1-2/+2
s/net_use_upn_machine_account/net_use_krb_machine_account/ rafal (This used to be commit 86af9fedad71697f22cc739518340f7753b8f9da)
2007-10-10r24789: Add implementation of machine-authenticated connection to netlogonRafal Szczesniak1-2/+2
pipe used when connecting to win2k and newer domain controllers. The server may be configured to deny anonymous netlogon connections which would stop domain join verification step. Still, winnt domains require such smb sessions not to be authenticated using machine credentials. Creds employed in smb session cannot have a username in upn form, so provide the separate function to use machine account. rafal (This used to be commit 30d99d8ac3379caadc5bdb353977149d1ee16403)
2007-10-10r24432: Expand kerberos_return_pac() so that it can be used in winbindd.Günther Deschner1-1/+8
Guenther (This used to be commit e70bf0ecc3ec6d3ba8ba384024bbdf9a783072ea)
2007-10-10r24107: Fix bug 4849. Thanks to Matthijs Kooijman <matthijs@stdin.nl>Volker Lendecke1-1/+1
(This used to be commit 6e6eea64a5f770a585487734b1d0c28746bf5550)
2007-10-10r23973: For debugging, add (undocumented) net ads kerberos commands (kinit, ↵Günther Deschner1-0/+111
renew, pac). Guenther (This used to be commit 4cada7c1485c9957e553d6e75cb6f30f4338489f)
2007-10-10r23968: Harmonize net's password prompts.Günther Deschner1-5/+2
Guenther (This used to be commit 7e2fb14d6e4f58fe6645b7e7468f925c21cb4c9d)
2007-10-10r23888: move elements belonging to the current ldap connection to aStefan Metzmacher1-13/+13
substructure. metze (This used to be commit 00909194a6c1ed193dfdb296f50f58a53450583c)
2007-10-10r23834: Allow to pass an ADS_STRUCT pointer down to the dump function ↵Günther Deschner1-1/+1
callback in libads. Guenther (This used to be commit 311bbbafa6d860b7b632beac6d9249b0a2fafb86)
2007-10-10r23784: use the GPLv3 boilerplate as recommended by the FSF and the license textAndrew Tridgell1-2/+1
(This used to be commit b0132e94fc5fef936aa766fb99a306b3628e9f07)
2007-10-10r23779: Change from v2 or later to v3 or later.Jeremy Allison1-1/+1
Jeremy. (This used to be commit 407e6e695b8366369b7c76af1ff76869b45347b3)
2007-10-10r23648: Allow to list a custom krb5 keytab file with:Günther Deschner1-3/+10
net ads keytab list /path/to/krb5.keytab Guenther (This used to be commit a2befee3f240543ea02ea99cebad886b54ae64eb)
2007-10-10r22954: More messaging_registerVolker Lendecke1-6/+0
(This used to be commit 9b8df24107ffe3016031e5257c5680689f061886)
2007-10-10r22736: Start to merge the low-hanging fruit from the now 7000-line cluster ↵Volker Lendecke1-1/+1
patch. This changes "struct process_id" to "struct server_id", keeping both is just too much hassle. No functional change (I hope ;-)) Volker (This used to be commit 0ad4b1226c9d91b72136310d3bbb640d2c5d67b8)
2007-10-10r22729: add help text for osver and osname options to 'net ads join' (patch ↵Gerald Carter1-1/+6
from Dnailo A.) (This used to be commit 3f588e0b65433176f8f80312c1456836717cf6de)
2007-10-10r22728: Patch from Danilo Almeida <dalmeida@centeris.com>:Gerald Carter1-9/+31
When asked to create a machine account in an OU as part of "net ads join" and the account already exists in another OU, simply move the machine object to the requested OU. (This used to be commit 3004cc6e593e6659a618de66f659f579e71c07f7)
2007-10-10r22479: Add "net ads keytab list".Günther Deschner1-1/+9
Guenther (This used to be commit 9ec76c542775ae58ff03f42ebfa1acc1a63a1bb1)
2007-10-10r21888: Add the osname and osver options to 'net ads join' as discussedGerald Carter1-1/+94
on the samba-technical ml. I'll add a 'net ads set attribute=value' utility later rather than the original 'net ads setmachineupn' patch that was also posted to the tech ml. (This used to be commit 5035778ae4b3a5e445faa535c5caf00bc8d220d8)
2007-10-10r21609: Fix memory leaks in error code paths (and one in winbindd_group.c).Jeremy Allison1-0/+9
Patch from Zack Kirsch <zack.kirsch@isilon.com>. Jeremy. (This used to be commit df07a662e32367a52c1e8473475423db2ff5bc51)
2007-10-10r21608: Fix a couple of memleaks in error code paths beforeJeremy Allison1-1/+10
Coverity finds them :-) Jeremy. (This used to be commit cbe725f1b09f3d0edbdf823e0862edf21e16d336)
2007-10-10r21606: Implement escaping function for ldap RDN valuesSimo Sorce1-1/+11
Fix escaping of DN components and filters around the code Add some notes to commandline help messages about how to pass DNs revert jra's "concistency" commit to nsswitch/winbindd_ads.c, as it was incorrect. The 2 functions use DNs in different ways. - lookup_usergroups_member() uses the DN in a search filter, and must use the filter escaping function to escape it Escaping filters that include escaped DNs ("\," becomes "\5c,") is the correct way to do it (tested against W2k3). - lookup_usergroups_memberof() instead uses the DN ultimately as a base dn. Both functions do NOT need any DN escaping function as DNs can't be reliably escaped when in a string form, intead each single RDN value must be escaped separately. DNs coming from other ldap calls (like ads_get_dn()), do not need escaping as they come already escaped on the wire and passed as is by the ldap libraries DN filtering has been tested. For example now it is possible to do something like: 'net ads add user joe#5' as now the '#' character is correctly escaped when building the DN, previously such a call failed with Invalid DN Syntax. Simo. (This used to be commit 5b4838f62ab1a92bfe02626ef40d7f94c2598322)
2007-10-10r21064: The core of this patch isVolker Lendecke1-1/+1
void message_register(int msg_type, void (*fn)(int msg_type, struct process_id pid, - void *buf, size_t len)) + void *buf, size_t len, + void *private_data), + void *private_data) { struct dispatch_fns *dfn; So this adds a (so far unused) private pointer that is passed from message_register to the message handler. A prerequisite to implement a tiny samba4-API compatible wrapper around our messaging system. That itself is necessary for the Samba4 notify system. Yes, I know, I could import the whole Samba4 messaging system, but I want to do it step by step and I think getting notify in is more important in this step. Volker (This used to be commit c8ae60ed65dcce9660ee39c75488f2838cf9a28b)
2007-10-10r20903: Replace the hardcoded "smb.conf" string with the dyn_CONFIGFILEGerald Carter1-6/+7
(This used to be commit ff8f27108d247aa9e46176f2b29fc8d2da103906)
2007-10-10r20857: Silence gives assent :-). Checking in the fix forJeremy Allison1-10/+2
site support in a network where many DC's are down. I heard via Volker there is still a bug w.r.t the wrong site being chosen with trusted domains but we'll have to layer that fix on top of this. Gd - complain if this doesn't work for you. Jeremy. (This used to be commit 97e248f89ac6548274f03f2ae7583a255da5ddb3)
2007-10-10r20173: DNS update fixes:Gerald Carter1-44/+62
* Fix DNS updates for multi-homed hosts * Child domains often don't have an NS record in DNS so we have to fall back to looking up the the NS records for the forest root. * Fix compile warning caused by mismatched 'struct in_addr' and 'in_addr_t' parameters called to DoDNSUpdate() (This used to be commit 3486acd3c3ebefae8f98dcc72d1c3d6b06fffcc7)
2007-10-10r20119: Update help info indicating how to use separators (forward slash only)Jim McDonough1-0/+2
and properly use backslashes in "net ads join computername=" (This used to be commit cc26e2f9a155529b8ac2122bd2bec401bb516264)
2007-10-10r19766: Fix a const-warning. Jerry, what did you want to fix with this line?Volker Lendecke1-1/+0
Volker (This used to be commit 55dc4741cfead0f21deb7ea2d28afb240505686b)
2007-10-10r19762: libaddns/*[ch] code fixes donated by Centeris CorporationGerald Carter1-62/+144
(http://www.centeris.com/) under my copyright. * Rework error reporting to use DNS_ERROR instead of int32 * Convert memory allocation to use talloc() * Generalize the DNS request/response packet marshalling * Fix the secure update requests (This used to be commit c78798333616c3f823514df0f58da2eb3a30a988)
2007-10-10r19754: * When using a krb5 session setup, we don't fill in the server_nameGerald Carter1-27/+22
string the clis_state struct. So call saf_store() after we have the short domain name in the lsa_query_inof_policy code. * Remove unused server string in saf_delete() (This used to be commit 3eddae2f2080f8dafec883cb9ffa2e578c242607)
2007-10-10r19651: Fix interesting bug with the automatic site coverage in Active ↵Günther Deschner1-1/+1
Directory: When having DC-less sites, AD assigns DCs from other sites to that site that does not have it's own DC. The most reliable way for us to identify the nearest DC - in that and all other cases - is the closest_dc flag in the CLDAP reply. Guenther (This used to be commit ff004f7284cb047e738ba3d3ad6602e8aa84e883)
2007-10-10r19528: Fix container handling for "net ads user" and "net ads group" functionsGünther Deschner1-8/+19
along with some memleaks. Guenther (This used to be commit 4bad52c5b3a983418d4216a2c3f5e04926e37e94)
2007-10-10r19527: Fix double free in "net ads group add".Günther Deschner1-1/+0
Guenther (This used to be commit 08db3d3b04d91238b739e88e817bd3f800b768ee)
2007-10-10r19525: Fix the same error in "net ads group delete".Günther Deschner1-3/+4
Guenther (This used to be commit 94ed3e9de8671d677451d2a16977caeeb7e744d1)
2007-10-10r19524: Stop "net ads user delete" from doing funny things.Günther Deschner1-3/+4
Guenther (This used to be commit a20e7c0315f9a06ce2139f99d035b409b066d722)
2007-10-10r19493: There is no point in prompting for a user's password in "net ads" whenGünther Deschner1-0/+8
we can't find a domain controller at all. Guenther (This used to be commit e691ae7da3620a7d4c0e0b1217aaae44db0b8db3)
2007-10-10r19257: Janitor for Guenther - as well as a little massaging to makeJeremy Allison1-37/+74
his patch fit SAMBA_3_0. (This is guenthers code). Make site support work correctly in net ads join. Jeremy. (This used to be commit 47352b5398e67eb8f4f383dafce31c922626ae99)
2007-10-10r19039: Do not segfault in "net ads printer info" when a requested printserverGünther Deschner1-1/+2
does not exist. Guenther (This used to be commit 359315021df3a4dbfe5142e529e3efdbc49e405c)
2007-10-10r19003: Finally activate "net ads gpo".Günther Deschner1-1/+1
For those who are interested, try net ads gpo refresh mybox$ to get your machine related GPOs downloaded to /var/lib/samba/gpo_cache. Detailed information about GPOs is currently only printed when setting a higher debuglevel then 0. Guenther (This used to be commit d086babf9d2592f041cc35db3d60b4452ea953f5)
2007-10-10r18817: Enable the build of the gpo tool but do not make it available yet.Günther Deschner1-1/+2
Guenther (This used to be commit 927cda5d31e9cb02105df3cfc06f5cb273233747)
2007-10-10r18467: Some sites allow an account to be deleted, but notJeremy Allison1-12/+15
disabled. Cope with both - print appropriate messages. Jeremy. (This used to be commit 2c003a4463ff59c477fa2558f869444cfa75e3a8)
2007-10-10r18446: Add the ldap 'leave domain' code - call this asJeremy Allison1-3/+14
a non-fatal error path if the 'disable machine account' code succeeded. Jeremy. (This used to be commit f47bffa21ec1caf5ec3a6ec77af801df0b63d83a)
2007-10-10r18170: Make sure to actually get the printing data before trying to publish itGünther Deschner1-2/+5
in AD. Guenther (This used to be commit 1bb29acb3bf40afdb5bc196ab7dbc642e2fdd680)
2007-10-10r18019: Fix a C++ warnings: Don't use void * in libads/ for LDAPMessage anymore.Volker Lendecke1-16/+16
Compiled it on systems with and without LDAP, I hope it does not break the build farm too badly. If it does, I'll fix it tomorrow. Volker (This used to be commit b2ff9680ebe0979fbeef7f2dabc2e3f27c959d11)
2007-10-10r17941: Fix print out of client site name.Jeremy Allison1-1/+1
Jeremy. (This used to be commit b8cedcac933fef9370bd42d1ff7c35c5c27103d1)
2007-10-10r17928: Implement the basic store for CLDAP sitenameJeremy Allison1-2/+2
support when looking up DC's. On every CLDAP call store the returned client sitename (if present, delete store if not) in gencache with infinate timeout. On AD DNS DC lookup, try looking for sitename DC's first, only try generic if sitename DNS lookup failed. I still haven't figured out yet how to ensure we fetch the sitename with a CLDAP query before doing the generic DC list lookup. This code is difficult to understand. I'll do some experiments and backtraces tomorrow to try and work out where to force a CLDAP site query first. Jeremy. (This used to be commit ab3f0c5b1e9c5fd192c5514cbe9451b938f9cd5d)
2007-10-10r17798: Beginnings of a standalone libaddns library released underGerald Carter1-3/+176
the LGPL. Original code by Krishna Ganugapati <krishnag@centeris.com>. Additional work by me. It's still got some warts, but non-secure updates do currently work. There are at least four things left to really clean up. 1. Change the memory management to use talloc() rather than malloc() and cleanup the leaks. 2. Fix the error code reporting (see initial changes to dnserr.h) 3. Fix the secure updates 4. Define a public interface in addns.h 5. Move the code in libads/dns.c into the libaddns/ directory (and under the LGPL). A few notes: * Enable the new code by compiling with --with-dnsupdate * Also adds the command 'net ads dns register' * Requires -luuid (included in the e2fsprogs-devel package). * Has only been tested on Linux platforms so there may be portability issues. (This used to be commit 36f04674aeefd93c5a0408b8967dcd48b86fdbc1)