summaryrefslogtreecommitdiff
path: root/source3/utils/net_ads.c
AgeCommit message (Collapse)AuthorFilesLines
2007-10-10r17603: Make net_ads_join_ok return NTSTATUS.Volker Lendecke1-7/+12
Thanks to Michael Adam <ma@sernet.de> hop, hop, hop... ;-) Volker (This used to be commit 47facab798bdc6e20b2620972f1b8f2338fac239)
2007-10-10r17602: Make check_ads_config return NTSTATUS, set some error codes in ↵Volker Lendecke1-10/+18
net_ads_join. Thanks to Michael Adam <ma@sernet.de> Volker (This used to be commit 27cca861507afa9caf694ef89e543c86de01c2cd)
2007-10-10r17591: machine_account is unused, and ctx must be freed. Thanks MichaelVolker Lendecke1-3/+2
(This used to be commit a347f8a9c480cf09abac9144e04ab2b13457e3b0)
2007-10-10r17585: Don't let ads_status throw away the error information.Volker Lendecke1-38/+45
Thanks to Michael Adam <ma@sernet.de>. Volker (This used to be commit ea3a4142a0f2140d8743a50518ae94df2d84d972)
2007-10-10r17557: Change net_join_domain to return NTSTATUS instead of int.Volker Lendecke1-15/+16
Thanks to Michael Adam <ma@sernet.de>. Volker (This used to be commit c4e10afadb39ff562287ab2294df0a1f83b28908)
2007-10-10r17551: Move some DEBUG to d_printf in interactive functions and returnVolker Lendecke1-7/+10
NO_LOGON_SERVERS if no domain controller was found. Thanks to Michael Adam <ma@sernet.de>. Volker (This used to be commit d44599de3a61707a32851f37ddfb2425949622f8)
2007-10-10r17383: Patch from Michael Adams <ma@sernet.de> to catchGerald Carter1-17/+17
some memory leaks on error paths in net_ads_join() (This used to be commit 24de2d83ff1d27400a89985126edee588bc415f3)
2007-10-10r17258: Cleanup the 'net ads help join' output and document createupnGerald Carter1-35/+46
and createcomputer options (This used to be commit 87be77bf35635fc925e1be36073571f8c6ec3e81)
2007-10-10r17158: Add two new options to 'net ads join'Gerald Carter1-12/+114
* createupn=[host_upn@realm] * createcomputer=<ou path top to bottom> (this was previously the only arg) (This used to be commit 75054e984e5ca7249b1327630db9d09da974a54e)
2007-10-10r17149: Fail the join if we cannot set any SPNs for the machine account.Gerald Carter1-24/+18
Disable the one we created and whine. (This used to be commit 1a7e81a4a8955e643d1c8a54365221a9e2ed8a12)
2007-10-10r17086: Re-add ability to contact remote domain controllers with the "net ads"Günther Deschner1-37/+62
toolset. In 3.0.23 all those commands have been limited to the DC of our primary domain. Also distinguish calls that may go to remote DCs (search, info, lookup, etc.) from those that should only go to our primary domain (join, leave, etc.). Guenther (This used to be commit d573e64781667993478a289580fa65c34e847f64)
2007-10-10r16952: New derive DES salt code and Krb5 keytab generationGerald Carter1-15/+56
Major points of interest: * Figure the DES salt based on the domain functional level and UPN (if present and applicable) * Only deal with the DES-CBC-MD5, DES-CBC-CRC, and RC4-HMAC keys * Remove all the case permutations in the keytab entry generation (to be partially re-added only if necessary). * Generate keytab entries based on the existing SPN values in AD The resulting keytab looks like: ktutil: list -e slot KVNO Principal ---- ---- --------------------------------------------------------------------- 1 6 host/suse10.plainjoe.org@COLOR.PLAINJOE.ORG (DES cbc mode with CRC-32) 2 6 host/suse10.plainjoe.org@COLOR.PLAINJOE.ORG (DES cbc mode with RSA-MD5) 3 6 host/suse10.plainjoe.org@COLOR.PLAINJOE.ORG (ArcFour with HMAC/md5) 4 6 host/suse10@COLOR.PLAINJOE.ORG (DES cbc mode with CRC-32) 5 6 host/suse10@COLOR.PLAINJOE.ORG (DES cbc mode with RSA-MD5) 6 6 host/suse10@COLOR.PLAINJOE.ORG (ArcFour with HMAC/md5) 7 6 suse10$@COLOR.PLAINJOE.ORG (DES cbc mode with CRC-32) 8 6 suse10$@COLOR.PLAINJOE.ORG (DES cbc mode with RSA-MD5) 9 6 suse10$@COLOR.PLAINJOE.ORG (ArcFour with HMAC/md5) The list entries are the two basic SPN values (host/NetBIOSName & host/dNSHostName) and the sAMAccountName value. The UPN will be added as well if the machine has one. This fixes 'kinit -k'. Tested keytab using mod_auth_krb and MIT's telnet. ads_verify_ticket() continues to work with RC4-HMAC and DES keys. (This used to be commit 6261dd3c67d10db6cfa2e77a8d304d3dce4050a4)
2007-10-10r16945: Sync trunk -> 3.0 for 3.0.24 code. Still needJeremy Allison1-5/+6
to do the upper layer directories but this is what everyone is waiting for.... Jeremy. (This used to be commit 9dafb7f48ca3e7af956b0a7d1720c2546fc4cfb8)
2007-10-10r16453: Fix another memleak.Günther Deschner1-0/+1
Guenther (This used to be commit 49fb1a3ebc44602302c347195752891bf28c7037)
2007-10-10r16284: Start fixing up gcc4 -O6 warnings on an x86_64 box. size_t != unsignedJeremy Allison1-2/+2
int in a format string. Jeremy. (This used to be commit face01ef01e1a3c96eae17c56cadf01020d4cb46)
2007-10-10r16261: Smaller fixes for net ads password.Günther Deschner1-2/+2
Guenther (This used to be commit 689ae22c80a890278610d9ada1eb4fa5e37bd5ce)
2007-10-10r16115: Make "net ads changetrustpw" work again.Günther Deschner1-4/+4
(adapt to the new UPN/SPN scheme). Guenther (This used to be commit 8fc70d0df0c93c29b49f924bac9ff5d9857cfd9d)
2007-10-10r15703: Fix d_printf call.Günther Deschner1-1/+1
Guenther (This used to be commit 741602e03ad2404d4e38e55b9e5fd20b85fd205d)
2007-10-10r15701: change 'net ads leave' to disable the machine account in the domain ↵Gerald Carter1-212/+55
(since removal implies greater permissions that Windows clients require) (This used to be commit ad1f947625612ef16adb69fc2cfeffc68a9a2e02)
2007-10-10r15680: use the user creds when calling net_set_machine_spn() rather than ↵Gerald Carter1-64/+15
the machine creds (just like WinXP) (This used to be commit ae2bf464c47eb52ff24400d1cc362e74e77fbac5)
2007-10-10r15597: more ads join fixes -- we can only set the PWDNOEXP and DES_ONLY acb ↵Gerald Carter1-7/+9
flags on the setuserinfo(), not the createuser info call (This used to be commit d933ac273db5977fb41954175bdc228b688bfd6e)
2007-10-10r15561: Should re-fix older systems without RC4-HMAC supportGerald Carter1-15/+6
(This used to be commit 00c795e3660a65419e707706abf48916dcd7f850)
2007-10-10r15560: Since the hotel doesn't have Sci-Fi and no "Doctor Who"....Gerald Carter1-5/+71
Re-add the capability to specify an OU in which to create the machine account. Done via LDAP prior to the RPC join. (This used to be commit b69ac0e30441faea7a7d677b6bb551aa8ffbf55d)
2007-10-10r15559: Smaller fixes for the new cldap code:Günther Deschner1-2/+1
* replace printf to stderr with DEBUG statements as they get printed in daemons * "net ads lookup" return code Guenther (This used to be commit 8dd925c5fbfcbe711c596d08e8eadc19607d5492)
2007-10-10r15543: New implementation of 'net ads join' to be more like Windows XP.Gerald Carter1-119/+550
The motivating factor is to not require more privileges for the user account than Windows does when joining a domain. The points of interest are * net_ads_join() uses same rpc mechanisms as net_rpc_join() * Enable CLDAP queries for filling in the majority of the ADS_STRUCT->config information * Remove ldap_initialized() from sam/idmap_ad.c and libads/ldap.c * Remove some unnecessary fields from ADS_STRUCT * Manually set the dNSHostName and servicePrincipalName attribute using the machine account after the join Thanks to Guenther and Simo for the review. Still to do: * Fix the userAccountControl for DES only systems * Set the userPrincipalName in order to support things like 'kinit -k' (although we might be able to just use the sAMAccountName instead) * Re-add support for pre-creating the machine account in a specific OU (This used to be commit 4c4ea7b20f44cd200cef8c7b389d51b72eccc39b)
2007-10-10r15471: Clarify error messageVolker Lendecke1-2/+2
(This used to be commit f21adc04f745a966dbe6ef0b4ffd9729afa3fa78)
2007-10-10r15462: replace the use of OpenLDAP's ldap_domain2hostlist() forGerald Carter1-1/+5
locating AD DC's with out own DNS SRV queries. Testing on Linux and Solaris. (This used to be commit cf71f88a3cdcabf99c0798ef4cf8c978397a57eb)
2007-10-10r15460: Prefer to use the indexed objectCategory attribute (instead ofGünther Deschner1-2/+2
objectClass which is not indexed on AD) in LDAP queries. Guenther (This used to be commit 847882a98328b91a2157959c5dad0a2023223846)
2007-10-10r15336: Unknown escape sequence: '\305' - should have been '\n'.Jeremy Allison1-1/+1
(How did that get in there ?). Jeremy (This used to be commit 780b71d300da71acc8b4f0fe10c1ae78c71e23c4)
2007-10-10r15305: Let winbind search by sid directly (or in windows terms: "bind to aGünther Deschner1-0/+68
sid"); works in all AD versions I tested. Also add "net ads sid" search tool. Guenther (This used to be commit 5557ada6943b817d28a5471c613c7291febe2ad5)
2007-10-10r15194: We need to be able to join as PDC as well. Thanks to Andrew Bartlett.Günther Deschner1-3/+2
Guenther (This used to be commit ba81b508caa4ab21a04d142f3621e43a55e859cf)
2007-10-10r15137: Refuse to join if our netbios name is longer than 15 chars. I think ↵Volker Lendecke1-0/+6
this is sufficient to fix bug #3659. Volker (This used to be commit 0ef5e4372c45a60d66a902a6dbca58ae98529358)
2007-10-10r15136: Fix join consistency checkVolker Lendecke1-1/+1
(This used to be commit a6e88785e7116c1a88e1bfdfa2afadecd501bfb0)
2007-10-10r15123: Don't even try to join with an inproper configuration.Günther Deschner1-0/+7
Guenther (This used to be commit 22b687589785051eca16a868e3475f066b647ea7)
2007-10-10r14831: Fix possible null deref. Coverity #279.Jeremy Allison1-0/+7
Jeremy. (This used to be commit 75be5c17bc74c86219c7cac749b52b7d43abb780)
2007-10-10r14757: Make sure we only send out a CLDAP request to an connected AD server.Günther Deschner1-4/+6
Guenther (This used to be commit d17712f9761589115e976e2240498396f36838ee)
2007-10-10r14099: Fix Coverity # 113Volker Lendecke1-6/+8
(This used to be commit db00570535c03360bb2833f070878a33e94306b0)
2007-10-10r12986: Use d_fprintf(stderr, ...) for any error message in net.Lars Müller1-44/+44
All 'usage' messages are still printed to stdout. Fix some compiler warnings for system() calls where we didn't used the return code. Add appropriate error messages and return with the error code we got from system() or NT_STATUS_UNSUCCESSFUL. (This used to be commit f650e3bdafc4c6bcd7eb4bcf8b6b885b979919eb)
2007-10-10r10656: BIG merge from trunk. Features not copied overGerald Carter1-3/+6
* \PIPE\unixinfo * winbindd's {group,alias}membership new functions * winbindd's lookupsids() functionality * swat (trunk changes to be reverted as per discussion with Deryck) (This used to be commit 939c3cb5d78e3a2236209b296aa8aba8bdce32d3)
2007-10-10r8675: fix some compile warnings.Günther Deschner1-1/+1
Guenther (This used to be commit afa8ae831a8d9cde8c6474c5fc807a9ca8155273)
2007-10-10r7139: trying to reduce the number of diffs between trunk and 3.0; changing ↵Gerald Carter1-5/+5
version to 3.0.20pre1 (This used to be commit 9727d05241574042dd3aa8844ae5c701d22e2da1)
2007-10-10r6940: fixing debug messagesGerald Carter1-3/+3
(This used to be commit 81c1ac255ebf0adf3bdb96b077a34dcfab1812cf)
2007-10-10r6900: Fix bug 2725. Thanks, John, for finding it.Volker Lendecke1-1/+3
Volker (This used to be commit 913c06ad3e752f2b185faa411d90a2f7aaf42291)
2007-10-10r6834: Fix bug #2703, found by John Antonishek <ant@nist.gov>. Add NULLJeremy Allison1-6/+8
guard for disp_fields[0]. Jeremy. (This used to be commit ee45f4b17e4131a9e0779046c49b24d1e35256d8)
2007-10-10r6149: Fixes bugs #2498 and 2484.Derrell Lipman1-2/+2
1. using smbc_getxattr() et al, one may now request all access control entities in the ACL without getting all other NT attributes. 2. added the ability to exclude specified attributes from the result set provided by smbc_getxattr() et al, when requesting all attributes, all NT attributes, or all DOS attributes. 3. eliminated all compiler warnings, including when --enable-developer compiler flags are in use. removed -Wcast-qual flag from list, as that is specifically to force warnings in the case of casting away qualifiers. Note: In the process of eliminating compiler warnings, a few nasties were discovered. In the file libads/sasl.c, PRIVATE kerberos interfaces are being used; and in libsmb/clikrb5.c, both PRIAVE and DEPRECATED kerberos interfaces are being used. Someone who knows kerberos should look at these and determine if there is an alternate method of accomplishing the task. (This used to be commit 994694f7f26da5099f071e1381271a70407f33bb)
2007-10-10r6127: Eliminated all compiler warnings pertaining to mismatched ↵Derrell Lipman1-1/+1
"qualifiers". The whole of samba comiles warning-free with the default compiler flags. Temporarily defined -Wall to locate other potential problems. Found an unused static function (#ifdefed out rather than deleted, in case it's needed for something in progress). There are also a number of uses of undeclared functions, mostly krb5_*. Files with these problems need to have appropriate header files included, but they are not fixed in this update. oplock_linux.c.c has undefined functions capget() and capset(), which need to have "#undef _POSIX_SOURCE" specified before including <sys/capability.h>, but that could potentially have other side effects, so that remains uncorrected as well. The flag -Wall should be added permanently to CFLAGS, and all warnings then generated should be eliminated. (This used to be commit 5b19ede88ed80318e392f8017f4573fbb2ecbe0f)
2007-10-10r5955: BUG 2517: use the realm from smb.conf for 'net ads info' when ↵Gerald Carter1-1/+6
'disable netbios = yes' (This used to be commit 77734120d30c64941e2046574c81653c5bca4220)
2007-10-10r4088: Get medieval on our ass about malloc.... :-). Take control of all our ↵Jeremy Allison1-3/+3
allocation functions so we can funnel through some well known functions. Should help greatly with malloc checking. HEAD patch to follow. Jeremy. (This used to be commit 620f2e608f70ba92f032720c031283d295c5c06a)
2007-10-10r3492: Fixes from testing kerberos salted principal fix.Jeremy Allison1-0/+14
Jeremy. (This used to be commit b356a8fdc5a1ac45f2f7f56a0836e794bdecddc6)
2007-10-10r3273: Ensure we're consistent in the use of strchr_m for '@'.Jeremy Allison1-2/+2
Jeremy. (This used to be commit 0f3f7b035b37bfc51d3a59d0472003c3d4ac1511)