Age | Commit message (Collapse) | Author | Files | Lines |
|
workstation, we have to use the workstation type, if we have a BDC account,
we must use the BDC type - even if we are pretending to be a workstation
at the moment.
Also actually store and retreive the last change time, so we can do
periodic password changes again (for RPC at least).
And finally, a couple of minor fixes to 'net'.
Andrew Bartlett
(This used to be commit 6e6b7b79edae3efd0197651e9a8ce6775c001cf2)
|
|
general CHANGETRUSTPW that calls ADS CHANGETRUSTPW or RPC CHANGETRUSTPW
depending on what we have.
(This used to be commit 17d27db5c9d3511444fc2770d4452647284e8014)
|
|
and removing -j because it was not used at all.
(This used to be commit e3e2c1b27128f7b5a1f4bbc8093c75b0c12549b4)
|
|
domain name. We were passing in an already initialised string which was
causing the warning.
(This used to be commit 18685d137e2db6e4e93c655f1c4a97116a36c02c)
|
|
(This used to be commit d3962da61a5717dda7e99996bbeb4735d4373041)
|
|
This patch makes Samba compile cleanly with -Wwrite-strings.
- That is, all string literals are marked as 'const'. These strings are
always read only, this just marks them as such for passing to other functions.
What is most supprising is that I didn't need to change more than a few lines of code (all
in 'net', which got a small cleanup of net.h and extern variables). The rest
is just adding a lot of 'const'.
As far as I can tell, I have not added any new warnings - apart from making all
of tdbutil.c's function const (so they warn for adding that const string to
struct).
Andrew Bartlett
(This used to be commit 92a777d0eaa4fb3a1c7835816f93c6bdd456816d)
|
|
sorry
(This used to be commit 1eff36ff2fd20ff1844800acefb31972ad865527)
|
|
named. Ensure we can query them.
Jeremy.
(This used to be commit 842e08e52a665ae678eea239759bb2de1a0d7b33)
|
|
cache code.
This uses gencache, mimir's new caching code that stores at text-based cache
of various data.
Mimir has done a *lot* of work on this patch, and it is finally time to
get it in CVS.
Andrew Bartlett
(This used to be commit 47f3bfe9564e7f3aff60cefaefd599e0abb30a31)
|
|
Andrew Bartlett
(This used to be commit cc7566ca508f8705a95cdd546553a018731d5f5f)
|
|
dashes of const. This is a rather large check-in, some things may break.
It does compile though :-).
Jeremy.
(This used to be commit 82b8f749a36b42e22186297482aad2abb04fab8a)
|
|
also try to uniform names to a clean scheme.
first part.
(This used to be commit a123e05877caf90c28980be2d84b1d0b46e4fd21)
|
|
from APP_HEAD
(This used to be commit 38c9e4299845fd77cc8629945ce2d259489f7437)
|
|
Add const to some more functions, and reintroduce 'net rpc join oldstyle' as
*only* trying an old-style join.
This means that we can rely on it not prompting for a password on the build
farm.
Andrew Bartlett
(This used to be commit 31bdbeef0ea6f30247cd3b30cfea57b34102abe6)
|
|
(This used to be commit 42774a7753eb8be1ec04bcb5dda089910a1b6d0b)
|
|
positive name for this. It creates users and global groups. More to come.
Volker
(This used to be commit 0c1fadd9e024ef886542d362a7f119968552852d)
|
|
(This used to be commit a8dc1464ea2d05eb2a26afdd433cdb6b69002259)
|
|
Rafal Szczesniak <mimir@diament.ists.pwr.wroc.pl>
It includes a conversion of make_user_info*() to NTSTATUS and some minor
changes to other files.
It also picks up on a nasty segfault that can occour in some security=domain
cases.
Andrew Bartlett
(This used to be commit d1e1fc3e4bf72717b3593685f0ea5750d676952a)
|
|
(This used to be commit 26bee60a419593a5afe4e48614f7f3fc414596a5)
|
|
Volker
(This used to be commit f76a5431f0448efbc879aee965c643e2e362632a)
|
|
samsync operations (as a BDC)
(This used to be commit e4cb106d2e3e6a41529369545a7a6ce5fe6d8986)
|
|
Print domain SID on 'net rpc info'
Volker
(This used to be commit 12fd889a3f0e3eeeb27a51cdd7f648a59083f2ba)
|
|
(This used to be commit 169e784f4829ef356ed6232ace950d43cac1d467)
|
|
unfortuately we don't seem to be able to auto-test the ADS join due to
a rather nasty property of the GSSAPI library.
(This used to be commit 87c34a974a91e940bd26078a68dd84f4341d6913)
|
|
setups.
- split up the ads structure into logical pieces. This makes it much
easier to keep things like the authentication realm and the server
realm separate (they can be different).
- allow ads callers to specify that no sasl bind should be performed
(used by "net ads info" for example)
- fix an error with handing ADS_ERROR_SYSTEM() when errno is 0
- completely rewrote the code for finding the LDAP server. Now try DNS
methods first, and try all DNS servers returned from the SRV DNS
query, sorted by closeness to our interfaces (using the same sort code
as we use in replies from WINS servers). This allows us to cope with
ADS DCs that are down, and ensures we don't pick one that is on the
other side of the country unless absolutely necessary.
- recognise dnsRecords as binary when displaying them
- cope with the realm not being configured in smb.conf (work it out
from the LDAP server)
- look at the trustDirection when looking up trusted domains and don't
include trusts that trust our domains but we don't trust
theirs.
- use LDAP to query the alternate (netbios) name for a realm, and make
sure that both and long and short forms of the name are accepted by
winbindd. Use the short form by default for listing users/groups.
- rescan the list of trusted domains every 5 minutes in case new trust
relationships are added while winbindd is running
- include transient trust relationships (ie. C trusts B, B trusts A,
so C trusts A) in winbindd.
- don't do a gratuituous node status lookup when finding an ADS DC (we
don't need it and it could fail)
- remove unused sid_to_distinguished_name function
- make sure we find the allternate name of our primary domain when
operating with a netbiosless ADS DC (using LDAP to do the lookup)
- fixed the rpc trusted domain enumeration to support up to approx
2000 trusted domains (the old limit was 3)
- use the IP for the remote_machine (%m) macro when the client doesn't
supply us with a name via a netbios session request (eg. port 445)
- if the client uses SPNEGO then use the machine name from the SPNEGO
auth packet for remote_machine (%m) macro
- add new 'net ads workgroup' command to find the netbios workgroup
name for a realm
(This used to be commit e358d7b24c86a46d8c361b9e32a25d4f71a6dc00)
|
|
(This used to be commit ced5dc4e05badfb07cbae7a2880825b9bad4e68d)
|
|
need for a manual strdup() too...
(This used to be commit 71452365c8d9aa3d06b64716636a32bfebd3d4f8)
|
|
again, and has added 'net rpc trustdom list' support.
This lists the trusted and trusting domains of a remote PDC.
I've applied these almost directly, just fixing some special
case code for when there are *no* trusting domains. We still
have some parse errors in this case however.
Andrew Bartlett.
From mimir's e-mail:
Here are another patches adding trust relationship features.
More details:
Better error reporting in cli_lsa_enum_trust_dom().
Implementation of cli_samr_enum_dom_users() which cli_samr.c
lacked.
More "consts" -- one of arguments in net_find_dc().
Modified implementation of run_rpc_command() -- now it
allows to reuse already opened connection (if it is passed)
to remote server's IPC$ (e.g. as part of longer exchange
of rpc calls). I'm sure Andrew will argue ;-)
More neat version of rpc_trustdom_list() function.
(This used to be commit f0890026820ee3e432147130b46de4610e583381)
|
|
distinction between uchar and char).
Lots of const etc.
Andrew Bartlett
(This used to be commit 8196ee908e10db2119e480fe1b0a71b31a16febc)
|
|
this also gives a way to distinguish a 'native mode' server from a
non-native server. This call will fail for a native mode server.
(This used to be commit a7663428e05bdd41a1975d0db9be6537b7238b95)
|
|
these errors happen all the time, so they shouldn't be level 0
(This used to be commit abc2aed26c6cb12a86987a3846ca5c9f7df9a5ae)
|
|
net file
(This used to be commit fd938eca210602790c4d0e442f3aa9aa22b5fdf2)
|
|
(This used to be commit ebd07c3a295e3f8cd46441caac4dc8e8b178c2cc)
|
|
autoselect for this subcommand when appropriate.
(This used to be commit 77418256d3162b41a672a25f7e512999f1193926)
|
|
(This used to be commit b41cefb4c0670b06564ac79fa10aff8d60069f10)
|
|
not been implemented...is it worth the effort?
(This used to be commit 45ac4f4c29d0d8d1b0b1535b2ab500e38ac5b978)
|
|
<mimir@diament.ists.pwr.wroc.pl>) this patch allows samba to correctly
enumerate its trusted domains - by exaimining the keys in the secrets.tdb file.
This patch has been tested with both NT4 and rpcclient/wbinfo, and adds
some extra functionality to talloc and rpc_parse to allow it to deal with
already unicode strings.
Finally, this cleans up some const warnings that were in net_rpc.c by pushing
another dash of const into the rpc client code.
Andrew Bartlett
(This used to be commit 0bdd94cb992b40942aaf2e5e0efd2868b4686296)
|
|
(This used to be commit 6d9336f3b9b205e5916424ee844658b445439fdb)
|
|
- Added net_help.c for unified help when possible
- Added net rpc user listing, delete, info commands
- Unified net user command to autodetect ads/rpc/rap (try in that order)
- Added generic routine for detecting rpc (protocol > PROTOCOL_NT1)
- I'm sure I forgot something.
(This used to be commit 9daa5788c822cf1ad20dc703e7f03b9ee82987bf)
|
|
(This used to be commit 1f007d3ed41c1b71a89fa6be7d173e67e927c302)
|
|
(This used to be commit 936df31df5bad9d457d3775d11b4e96a58093282)
|
|
subcommand \n\t3) try oldstyle first, then more secure method\n to allow for autodetect between ads and rpc on net join
(This used to be commit c8a4a09b5648af2f1669a5a30acdf0a088077af9)
|
|
nicely, and make 'net help rap user' the same as 'net rap user help'...stuff like that
(This used to be commit 17775dae28c724b11cc73f2aeac5f07f9656046c)
|
|
(This used to be commit a21ba95897531e7964c9e80a81cd5faa7394db77)
|
|
Rafal Szczesniak <mimir@diament.ists.pwr.wroc.pl>
This adds the 'net' tools to manipulate the trusted domains.
Andrew Bartlett
(This used to be commit 770c8a31d9804d3339ffa0de8b5072a5c7eb02df)
|
|
Changed "SMB/Netbios" to "SMB/CIFS" in file header.
(This used to be commit 6a58c9bd06d0d7502a24bf5ce5a2faf0a146edfa)
|
|
These two little features are very useful, but the passing of options about
needs some serious work. The popt stuff in the shutdown code is #ifdef'ed out
until the main popt loop can be convinced not to chew on the options :-(
Andrew Bartlett
(This used to be commit 51c985be7fbfe5627c5b2590e7610653e7be98e3)
|
|
probably will never actually be genearted, but I like the style in any case.
Also fix a segfault in 'net rpc' when the login failed and a small memory leak
on failure in the auth_info.c code.
Andrew Bartlett
(This used to be commit 2efae7cc522651c22fb120835bc800645559b63e)
|
|
This moves the rest of the functionality into the 'net rpc join' code.
Futhermore, this moves that entire area over to the libsmb codebase, rather
than the crufty old rpc_client stuff.
I have also fixed up the smbpasswd -a -m bug in the process.
We also have a new 'net rpc changetrustpw' that can be called from a
cron-job to regularly change the trust account password, for sites
that run winbind but not smbd.
With a little more work, we can kill rpc_client from smbd entirly!
(It is mostly the domain auth stuff - which I can rework - and the
spoolss stuff that sombody else will need to look over).
Andrew Bartlett
(This used to be commit 575897e879fc175ba702adf245384033342c903d)
|
|
'net' command.
This also gets us 'net rpc user add'.
Andrew Bartlett
(This used to be commit 1197689bc56f4b2ca6ffea3b2601b8f6f9f52207)
|