Age | Commit message (Collapse) | Author | Files | Lines |
|
I should have done this years ago...
This adds the very simple 'admin set password' capability to 'net rpc',
much as we have it for 'net ads'.
Andrew Bartlett
(This used to be commit 5243b89e33efd2ea8842a624d8abd6c5755afb64)
|
|
This adds client-side support for the unicode/SAMR password change scheme.
As well as avoiding DOS charset issues, this scheme returns useful error
codes, that we can map back via the pam interface.
This patch also cleans up the interfaces used for password buffers, to
avoid duplication of code.
Andrew Bartlett
(This used to be commit 8063b8b6c2eb30cb116988e265fb289109d7c348)
|
|
(This used to be commit 3ec0d3abe9c838ad78fb8fd6a390ea3d8d2b9fcf)
|
|
initialized.
Also split out the oldstyle join into a new fn, allowing us to call it
with no failure message from net rpc join, but displaying a failure message
when used with net rpc oldjoin.
(This used to be commit cab0a4c4d5c7bf9d89697bf1d351eafbd00d7fd2)
|
|
(This used to be commit c98399e3c9d74e19b7c9d806ca8028b48866931e)
|
|
JHT came up with a nasty (broken) torture case in preparing examples for
his book.
This prompted me to look at the code that reads the unix group list. This
code did a lot of name -> uid -> name -> sid translations, which caused
problems. Instead, we now do just name -> sid
I also cleaned up some interfaces, and client tools.
Andrew Bartlett
(This used to be commit cc535a6c70d8dcf677322e31b24dec58b23d80f0)
|
|
Volker
(This used to be commit d623f695c48736f21a79f02cf669d5bcf39cd920)
|
|
the respective user databases.
Volker
(This used to be commit 53b592f4a64742767f37f9c7f8ee0fdf42e686c6)
|
|
Volker
(This used to be commit 73cdf724e90d76e97895ae5b1326825bb59bf90e)
|
|
human-readable format.
Volker
(This used to be commit e5770a9433099f86a1f828a35bbecbe5691c000c)
|
|
Add support for variable-length session keys in our client code.
This means that we now support 'net rpc join' with KRB5 (des based)
logins. Now, you need to hack 'net' to do that, but the principal is
important...
When we add kerberos to 'net rpc', it should be possible to still do
user management and the like over RPC.
-
Add server-side support for variable-length session keys (as used by
DES based krb5 logins).
Andrew Bartlett
(This used to be commit 1287cf5f921327c9ea758de46220c4e2dedc485c)
|
|
winreg pipe if it doesn't work. Fixes bug #534.
I will go back and add the same logic for the shutdown itself, even though
that works so far against win2k (haven't tested all win clients).
(This used to be commit e6d02117755d92d1b5ce029bf659d0fbe1a55585)
|
|
(This used to be commit 585764305aa84a7732f71f2e01227e1a6a08664f)
|
|
(This used to be commit c17a7dc9a190156a069da3e861c18fd3f81224ad)
|
|
prior to this merge, checkout HEAD_PRE_3_0_0_BETA_3_MERGE
(This used to be commit adb98e7b7cd0f025b52c570e4034eebf4047b1ad)
|
|
Rafal
(This used to be commit d03124fbf182f194e48c4ef9ae6aedc4db4f13b0)
|
|
(This used to be commit 8ff52aec87a2770c5d7de50786307d246b4be6af)
|
|
terminating condition should be result != STATUS_MORE_ENTRIES, not
result == NT_STATUS_OK otherwise we get stuck in an infinite loop
when there's any sign of trouble.
(This used to be commit 2266d281a4bb0a034461ba3e72513609f86e9a38)
|
|
workstation, we have to use the workstation type, if we have a BDC account,
we must use the BDC type - even if we are pretending to be a workstation
at the moment.
Also actually store and retreive the last change time, so we can do
periodic password changes again (for RPC at least).
And finally, a couple of minor fixes to 'net'.
Andrew Bartlett
(This used to be commit 6e6b7b79edae3efd0197651e9a8ce6775c001cf2)
|
|
general CHANGETRUSTPW that calls ADS CHANGETRUSTPW or RPC CHANGETRUSTPW
depending on what we have.
(This used to be commit 17d27db5c9d3511444fc2770d4452647284e8014)
|
|
and removing -j because it was not used at all.
(This used to be commit e3e2c1b27128f7b5a1f4bbc8093c75b0c12549b4)
|
|
domain name. We were passing in an already initialised string which was
causing the warning.
(This used to be commit 18685d137e2db6e4e93c655f1c4a97116a36c02c)
|
|
(This used to be commit d3962da61a5717dda7e99996bbeb4735d4373041)
|
|
This patch makes Samba compile cleanly with -Wwrite-strings.
- That is, all string literals are marked as 'const'. These strings are
always read only, this just marks them as such for passing to other functions.
What is most supprising is that I didn't need to change more than a few lines of code (all
in 'net', which got a small cleanup of net.h and extern variables). The rest
is just adding a lot of 'const'.
As far as I can tell, I have not added any new warnings - apart from making all
of tdbutil.c's function const (so they warn for adding that const string to
struct).
Andrew Bartlett
(This used to be commit 92a777d0eaa4fb3a1c7835816f93c6bdd456816d)
|
|
sorry
(This used to be commit 1eff36ff2fd20ff1844800acefb31972ad865527)
|
|
named. Ensure we can query them.
Jeremy.
(This used to be commit 842e08e52a665ae678eea239759bb2de1a0d7b33)
|
|
cache code.
This uses gencache, mimir's new caching code that stores at text-based cache
of various data.
Mimir has done a *lot* of work on this patch, and it is finally time to
get it in CVS.
Andrew Bartlett
(This used to be commit 47f3bfe9564e7f3aff60cefaefd599e0abb30a31)
|
|
Andrew Bartlett
(This used to be commit cc7566ca508f8705a95cdd546553a018731d5f5f)
|
|
dashes of const. This is a rather large check-in, some things may break.
It does compile though :-).
Jeremy.
(This used to be commit 82b8f749a36b42e22186297482aad2abb04fab8a)
|
|
also try to uniform names to a clean scheme.
first part.
(This used to be commit a123e05877caf90c28980be2d84b1d0b46e4fd21)
|
|
from APP_HEAD
(This used to be commit 38c9e4299845fd77cc8629945ce2d259489f7437)
|
|
Add const to some more functions, and reintroduce 'net rpc join oldstyle' as
*only* trying an old-style join.
This means that we can rely on it not prompting for a password on the build
farm.
Andrew Bartlett
(This used to be commit 31bdbeef0ea6f30247cd3b30cfea57b34102abe6)
|
|
(This used to be commit 42774a7753eb8be1ec04bcb5dda089910a1b6d0b)
|
|
positive name for this. It creates users and global groups. More to come.
Volker
(This used to be commit 0c1fadd9e024ef886542d362a7f119968552852d)
|
|
(This used to be commit a8dc1464ea2d05eb2a26afdd433cdb6b69002259)
|
|
Rafal Szczesniak <mimir@diament.ists.pwr.wroc.pl>
It includes a conversion of make_user_info*() to NTSTATUS and some minor
changes to other files.
It also picks up on a nasty segfault that can occour in some security=domain
cases.
Andrew Bartlett
(This used to be commit d1e1fc3e4bf72717b3593685f0ea5750d676952a)
|
|
(This used to be commit 26bee60a419593a5afe4e48614f7f3fc414596a5)
|
|
Volker
(This used to be commit f76a5431f0448efbc879aee965c643e2e362632a)
|
|
samsync operations (as a BDC)
(This used to be commit e4cb106d2e3e6a41529369545a7a6ce5fe6d8986)
|
|
Print domain SID on 'net rpc info'
Volker
(This used to be commit 12fd889a3f0e3eeeb27a51cdd7f648a59083f2ba)
|
|
(This used to be commit 169e784f4829ef356ed6232ace950d43cac1d467)
|
|
unfortuately we don't seem to be able to auto-test the ADS join due to
a rather nasty property of the GSSAPI library.
(This used to be commit 87c34a974a91e940bd26078a68dd84f4341d6913)
|
|
setups.
- split up the ads structure into logical pieces. This makes it much
easier to keep things like the authentication realm and the server
realm separate (they can be different).
- allow ads callers to specify that no sasl bind should be performed
(used by "net ads info" for example)
- fix an error with handing ADS_ERROR_SYSTEM() when errno is 0
- completely rewrote the code for finding the LDAP server. Now try DNS
methods first, and try all DNS servers returned from the SRV DNS
query, sorted by closeness to our interfaces (using the same sort code
as we use in replies from WINS servers). This allows us to cope with
ADS DCs that are down, and ensures we don't pick one that is on the
other side of the country unless absolutely necessary.
- recognise dnsRecords as binary when displaying them
- cope with the realm not being configured in smb.conf (work it out
from the LDAP server)
- look at the trustDirection when looking up trusted domains and don't
include trusts that trust our domains but we don't trust
theirs.
- use LDAP to query the alternate (netbios) name for a realm, and make
sure that both and long and short forms of the name are accepted by
winbindd. Use the short form by default for listing users/groups.
- rescan the list of trusted domains every 5 minutes in case new trust
relationships are added while winbindd is running
- include transient trust relationships (ie. C trusts B, B trusts A,
so C trusts A) in winbindd.
- don't do a gratuituous node status lookup when finding an ADS DC (we
don't need it and it could fail)
- remove unused sid_to_distinguished_name function
- make sure we find the allternate name of our primary domain when
operating with a netbiosless ADS DC (using LDAP to do the lookup)
- fixed the rpc trusted domain enumeration to support up to approx
2000 trusted domains (the old limit was 3)
- use the IP for the remote_machine (%m) macro when the client doesn't
supply us with a name via a netbios session request (eg. port 445)
- if the client uses SPNEGO then use the machine name from the SPNEGO
auth packet for remote_machine (%m) macro
- add new 'net ads workgroup' command to find the netbios workgroup
name for a realm
(This used to be commit e358d7b24c86a46d8c361b9e32a25d4f71a6dc00)
|
|
(This used to be commit ced5dc4e05badfb07cbae7a2880825b9bad4e68d)
|
|
need for a manual strdup() too...
(This used to be commit 71452365c8d9aa3d06b64716636a32bfebd3d4f8)
|
|
again, and has added 'net rpc trustdom list' support.
This lists the trusted and trusting domains of a remote PDC.
I've applied these almost directly, just fixing some special
case code for when there are *no* trusting domains. We still
have some parse errors in this case however.
Andrew Bartlett.
From mimir's e-mail:
Here are another patches adding trust relationship features.
More details:
Better error reporting in cli_lsa_enum_trust_dom().
Implementation of cli_samr_enum_dom_users() which cli_samr.c
lacked.
More "consts" -- one of arguments in net_find_dc().
Modified implementation of run_rpc_command() -- now it
allows to reuse already opened connection (if it is passed)
to remote server's IPC$ (e.g. as part of longer exchange
of rpc calls). I'm sure Andrew will argue ;-)
More neat version of rpc_trustdom_list() function.
(This used to be commit f0890026820ee3e432147130b46de4610e583381)
|
|
distinction between uchar and char).
Lots of const etc.
Andrew Bartlett
(This used to be commit 8196ee908e10db2119e480fe1b0a71b31a16febc)
|
|
this also gives a way to distinguish a 'native mode' server from a
non-native server. This call will fail for a native mode server.
(This used to be commit a7663428e05bdd41a1975d0db9be6537b7238b95)
|
|
these errors happen all the time, so they shouldn't be level 0
(This used to be commit abc2aed26c6cb12a86987a3846ca5c9f7df9a5ae)
|
|
net file
(This used to be commit fd938eca210602790c4d0e442f3aa9aa22b5fdf2)
|