summaryrefslogtreecommitdiff
path: root/source3/utils/net_ads.c
AgeCommit message (Collapse)AuthorFilesLines
2010-12-17s3:net ads dns register: add support for specifying addresse on the ↵Michael Adam1-3/+40
commandline (bug #7871) In the clustering case, this is also made the only possiblity to do dns updates, since the list addresses on the local interfaces is not suitable in that case. This fixes the "net ads dns register" part of bug #7871. It might be extended by a parsing of the "cluster addresses" setting. Signed-off-by: Stefan Metzmacher <metze@samba.org>
2010-12-17s3:net: add net_update_dns_ext() that accepts a list of addresses as ↵Michael Adam1-12/+27
parameter (bug# 7871) This generalized form of net_update_dns() will be used to add support for specifying a list of addresses on the commandline of "net ads dns register". This prepares the "net ads dns register" part of the fix for bug #7871. Signed-off-by: Stefan Metzmacher <metze@samba.org>
2010-12-17s3:net: disable dynamic dns updates at the end of "net ads join" in a ↵Michael Adam1-0/+19
cluster (bug #7871) In a clustered environment, registering the set of ip addresses that are assigned to the interfaces of the node that performs the join does usually not have the desired effect, since the local interfaces do not carry complete set of the cluster's public IP addresses. And it can also contain internal addresses that should not be visible to the outside at all. In order to do dns updates in a clustererd setup, use net ads dns register. This fixes the net ads join part of bug #7871. Signed-off-by: Stefan Metzmacher <metze@samba.org>
2010-12-15Fix bug 7866 - "net" in v3-6-test broken.Jeremy Allison1-0/+13
Someone wasn't careful about testing when not running as root :-). Autobuild-User: Jeremy Allison <jra@samba.org> Autobuild-Date: Wed Dec 15 20:45:25 CET 2010 on sn-devel-104
2010-12-10s3-net Allow 'net ads dns register' to take an optional hostname argumentAndrew Bartlett1-6/+10
This allows the administrator to more carefully chose what name to register. Andrew Bartlett
2010-11-22s3-net: use dns_errstr() when dns commands fail.Günther Deschner1-1/+4
Guenther Autobuild-User: Günther Deschner <gd@samba.org> Autobuild-Date: Mon Nov 22 12:31:33 CET 2010 on sn-devel-104
2010-10-12libcli/security Provide a common, top level libcli/security/security.hAndrew Bartlett1-0/+1
This will reduce the noise from merges of the rest of the libcli/security code, without this commit changing what code is actually used. This includes (along with other security headers) dom_sid.h and security_token.h Andrew Bartlett Autobuild-User: Andrew Bartlett <abartlet@samba.org> Autobuild-Date: Tue Oct 12 05:54:10 UTC 2010 on sn-devel-104
2010-09-23s3-dsgetdcname: always pass in messaging context.Günther Deschner1-0/+2
Volker, please check. Guenther
2010-08-26s3-build: only include krb5 environment variables where required.Günther Deschner1-0/+1
Guenther
2010-08-05s3-secrets: only include secrets.h when needed.Günther Deschner1-0/+1
Guenther
2010-08-05s3: avoid global include of ads.h.Günther Deschner1-1/+1
Guenther
2010-07-13s3-libnet: better separate headers.Günther Deschner1-0/+4
Guenther
2010-07-01s3-libads: only include libds flags where needed.Günther Deschner1-0/+1
Guenther
2010-07-01s3-libads: move ads_dns out of main includes.Günther Deschner1-0/+1
Guenther
2010-07-01s3-libads: use shared well known guids.Günther Deschner1-2/+2
Guenther
2010-05-31s3: only use netlogon/nbt header when needed.Günther Deschner1-0/+1
Guenther
2010-05-25s3-net: fix a "dereferencing type-punned pointer will break strict-aliasing ↵Günther Deschner1-2/+2
rules" warning. Guenther
2010-05-21s3-net: fix net_ads_gpo() for non-ads case.Günther Deschner1-1/+1
Guenther
2010-05-21s3:dom_sid Global replace of DOM_SID with struct dom_sidAndrew Bartlett1-2/+2
This matches the structure that new code is being written to, and removes one more of the old-style named structures, and the need to know that is is just an alias for struct dom_sid. Andrew Bartlett Signed-off-by: Günther Deschner <gd@samba.org>
2010-05-20s3-net: let net_ads_gpo() call no_ads when built w/o ads support.Günther Deschner1-0/+5
Guenther
2010-05-11s3:kerberos Return PAC_LOGON_INFO rather than the full PAC_DATAAndrew Bartlett1-4/+2
All the callers just want the PAC_LOGON_INFO, so search for that in ads_verify_ticket(), and don't bother the callers with the rest of the PAC. This change makes sense on it's own (removing boilerplate wrappers that just confuse the code), but it also makes it much easier to implement a matching ads_verify_ticket() function in Samba4 for the s3compat proposal. Andrew Bartlett Signed-off-by: Günther Deschner <gd@samba.org>
2010-04-27Fix more S3 build breakage. Matthias, please ensure S3 builds whenJeremy Allison1-2/+2
changing common code. Jeremy.
2010-02-08s3-net: fix net ads dns usage calls.Günther Deschner1-3/+8
Bjoern, please check. Guenther
2010-01-19s3 net: Fix compile warningsKai Blin1-45/+80
2010-01-19s3 net: Fix compile error with WITH_DNS_UPDATESKai Blin1-2/+2
bd3c922e2bc1a163efc1d8c9cb59578bebb79616 introduced a compile-time error when building with WITH_DNS_UPDATES.
2010-01-18s3/net: split up some printable stings to ease i18nBjörn Jacke1-47/+48
If we put strings like "Usage:" into separate _() macros and not the whole "Usage:..." string we can cover much more messages by only one single translation. The drawback is that the message in the sources looks less pretty.
2009-12-23s3-net: use generated krb5.conf in 'net ads testjoin'Günther Deschner1-0/+4
Guenther
2009-11-26s3-rpc: Avoid including every pipe's client and server stubs everywhere in ↵Günther Deschner1-0/+1
samba. Guenther
2009-11-12Ensure all callers to the rpc_client/cli_pipe functions correctlyJeremy Allison1-2/+2
initialize return variables. Jeremy.
2009-11-06s3-net: better use memory credential cache in net_ads_kerberos_pac().Günther Deschner1-1/+1
Guenther
2009-11-06s3-net: allow to call "net ads kerberos pac <impersonation principal> -P".Günther Deschner1-1/+7
Guenther
2009-07-29s3 net: i18n support for net adsKai Blin1-378/+389
2009-07-28Added prefer_ipv4 bool parameter to resolve_name().Jeremy Allison1-1/+1
W2K3 DC's can have IPv6 addresses but won't serve krb5/ldap or cldap on those addresses. Make sure when we're asking for DC's we prefer IPv4. If you have an IPv6-only network this prioritizing code will be a no-op. And if you have a mixed network then you need to prioritize IPv4 due to W2K3 DC's. Jeremy.
2009-07-27s3: net ads user info should print primary group as well (bug #2658)Kai Blin1-15/+57
Thanks to Pavel V. Rochnyack <rpv@muma.tusur.ru> for reporting this and offering an initial patch.
2009-07-22Revert "net: Use samba default command line arguments."Kai Blin1-42/+41
This reverts commit fb262f79fab00374023e59476e8d05a1015a7041 and related commits c36031778e1983ddb11d3e1fcab35e738dbf94bc 72fd5fa6bb78a054fad5e5ebe19a0c0387a7d45b and 38cd0e086f50ce54d88a19aa5a6803469af90489 This change caused more trouble than it solved. We need to do this differently. Reverting so we don't accidently release this.
2009-07-09Make escape_ldap_string take a talloc contextVolker Lendecke1-5/+5
2009-06-19Don't require "Modify property" perms to unjoin bug #6481)Jim McDonough1-2/+9
"net ads leave" stopped working when "modify properties" permissions were not granted (meaning you had to be allowed to disable the account that you were about to delete). Libnetapi should not delete machine accounts, as this does not happen on win32. The WKSSVC_JOIN_FLAGS_ACCOUNT_DELETE flag really means "disable" (both in practice and docs). However, to keep the functionality in "net ads leave", we will still try to do the delete. If this fails, we try to do the disable. Additionally, it is possible in windows to not disable or delete the account, but just tell the local machine that it is no longer in the account. libnet can now do this as well.
2009-06-09net: Only use the in memory ccache when not already using a kerberos ticket ↵Kai Blin1-1/+2
in net ads
2009-06-09s3-net: fix "net ads testjoin".Günther Deschner1-0/+1
This always needs to use machine account credentials. Kai, please check. Guenther
2009-05-25net: Use samba default command line arguments.Kai Blin1-41/+40
Attention: The meaning of the -N flag changed. To get the old meaning for net groupmap set, use the long option --ntname The long option for using kerberos changed from --kerberos to --use-kerberos net rpc commands will now prompt for a password if none is given. As a benefit, net will now accept an authentication file like other samba command line tools. So no need to specify the password on the command line in scripts anymore. This should fix bug #6357 Signed-off-by: Kai Blin <kai@samba.org>
2009-04-07s3-libads: avoid NULL talloc context with ads_get_dn().Günther Deschner1-4/+4
Guenther
2009-04-06s3:libads Make ads_get_dn() take a talloc contextAndrew Bartlett1-8/+8
Also remove ads_memfree(), which was only ever a wrapper around SAFE_FREE, used only to free the DN from ads_get_ds(). This actually makes libgpo more consistant, as it mixed a talloc and a malloc based string on the same element. Andrew Bartlett Signed-off-by: Günther Deschner <gd@samba.org>
2009-03-18s3-spoolss: remove custom syntax_spoolss and use the syntax defined in IDL.Günther Deschner1-1/+1
Guenther
2009-02-10S3: Fixes for coverity issues.todd stecher1-1/+9
2009-02-03s3-net: fix warning message for keytab usage.Günther Deschner1-2/+2
Guenther
2009-02-01Add two new parameters to control how we verify kerberos tickets. Removes ↵Dan Sledz1-4/+4
lp_use_kerberos_keytab parameter. The first is "kerberos method" and replaces the "use kerberos keytab" with an enum. Valid options are: secrets only - use only the secrets for ticket verification (default) system keytab - use only the system keytab for ticket verification dedicated keytab - use a dedicated keytab for ticket verification. secrets and keytab - use the secrets.tdb first, then the system keytab For existing installs: "use kerberos keytab = yes" corresponds to secrets and keytab "use kerberos keytab = no" corresponds to secrets only The major difference between "system keytab" and "dedicated keytab" is that the latter method relies on kerberos to find the correct keytab entry instead of filtering based on expected principals. The second parameter is "dedicated keytab file", which is the keytab to use when in "dedicated keytab" mode. This keytab is only used in ads_verify_ticket.
2008-12-31Fix all warnings in source3 with gcc4.3.Jeremy Allison1-7/+28
Jeremy.
2008-12-13s3: correctly detect if the current dc is the closest oneStefan Metzmacher1-1/+1
ads->config.tried_closest_dc was never set. metze Signed-off-by: Stefan Metzmacher <metze@samba.org> Signed-off-by: Günther Deschner <gd@samba.org> (cherry picked from commit dfe5b00db35e1e7c7bb3ba36729fc3f97eb48db3)
2008-10-23Use common error definitions.Jelmer Vernooij1-1/+1
2008-10-20s3-build: no need to duplicate generated ndr_ prototypes.Günther Deschner1-0/+1
Guenther