summaryrefslogtreecommitdiff
path: root/source3/utils/net_rpc.c
AgeCommit message (Collapse)AuthorFilesLines
2007-10-10r1966: further work on and cleanup of the net-migration-tool.Günther Deschner1-13/+64
It's now possible to migrate files preserving dos-attributes and correct timestamps. Also added some small docu- and syntax-fixes. Guenther (This used to be commit 0e990582a0416933a8671ca660d22e980f828402)
2007-10-10r1692: first commit :)Günther Deschner1-1/+679
* add IA64 to the architecture table of printer-drivers * add new "net"-subcommands: net rpc printer migrate {drivers|printers|forms|security|settings|all} [printer] net rpc share migrate {shares|files|all} [share] this is the first part of the migration suite. this will will (once feature-complete) allow to do 1:1 server-cloning in the best possible way by making heavy use of samba's rpc_client-functions. all migration-steps are implemented as rpc/smb-client-calls; net communicates via rpc/smb with two servers at the same time (a remote, source server and a destination server that currently defaults to the local smbd). this allows e. g. printer-driver migration including driverfiles, recursive mirroring of file-shares including file-acls, etc. almost any migration step can be called with a migrate-subcommand to provide more flexibility during a migration process (at the cost of quite some redundancy :) ). "net rpc printer migrate settings" is still in a bad condition (many open questions that hopefully can be adressed soon). "net rpc share migrate security" as an isolated call to just migrate share-ACLs will be added later. Before playing with it, make sure to use a test-server. Migration is a serious business and this tool-set can perfectly overwrite your existing file/print-shares. * along with the migration functions had to make I the following changes: - implement setprinter level 3 client-side - implement net_add_share level 502 client-side - allow security descriptor to be set in setprinterdata level 2 serverside guenther (This used to be commit 8f1716a29b7e85baf738bc14df7dabf03762f723)
2007-10-10r977: Implement 'net rpc group rename' -- rename domain groups.Volker Lendecke1-0/+78
Volker (This used to be commit 9ceff803278bdbc09cb5ab678a108cea24ab49a9)
2007-10-10r964: The max_size field in cli_samr_enum_als_groups is more like an ↵Volker Lendecke1-1/+7
account_control field with indiviual bits what to retrieve. Set this to 0xffff as NT4 usrmgr.exe does to get everything. I'm too lazy (sorry) to get this through to rpc_parse/ etc. Volker (This used to be commit d7239c2611a62873cc9eff296c84e91198a5c552)
2007-10-10r269: Patch from Krischan Jodies <kj@sernet.de>: Implement 'net rpc group ↵Volker Lendecke1-3/+196
delete'. Volker (This used to be commit ec321674961cc62c048b149ee19b6e36325c8eb3)
2004-03-18Two little annoyances:Volker Lendecke1-1/+1
net rpc did not inform you if no smbd is running. I never liked the error message (!) Success! when we established a trust. Volker (This used to be commit 4191a434d48065a75f38752c4aa27219f36d602b)
2004-03-04Another typo, sorry for samba-cvs spam :-)Volker Lendecke1-1/+1
(This used to be commit 3e39d157cb94928a036f0497a9e255f6dbad1771)
2004-03-04Fix typo.Volker Lendecke1-1/+1
Volker (This used to be commit 8ba5bdc330114efbc86c851b71c58ac91ada7f31)
2004-02-29net_rpc.c: Don't complain if [add|del]mem was successful.Volker Lendecke1-4/+4
srv_samr_nt.c: Correctly report that a user is not member of an alias. Volker (This used to be commit 540f625036871e7facd094fce49d7317f65f4ffd)
2004-02-29Print an informative error message if trying to add/remove members fromVolker Lendecke1-0/+6
something not a group. Volker (This used to be commit 73f26de5c0b6a6b9b78c22016986f3106bce7bfa)
2004-02-28Add 'net rpc group [add|del]mem' for domain groups and aliases.Volker Lendecke1-0/+452
Volker (This used to be commit e597420421e085b17dcdc062c5900518d0d4e685)
2004-02-28Fix my fix to net rpc group list. We can certainly have more than a singleVolker Lendecke1-3/+6
set of groups. Volker (This used to be commit e77fe4a77a6b0b8d92014edb073b36d01a1a5169)
2004-02-24Add 'net rpc group add'. For this parse_samr.c had to be changed: TheVolker Lendecke1-1/+62
group_info4 in set_dom_group_info also has the level in the record itself. This seems not to be an align. Tested with NT4 usrmgr.exe. It can still create a domain group on a samba machine. Volker (This used to be commit 76c75bb8a7ad2a2e719dbbe997abf8aefe2fbbb4)
2004-02-17Don't try to show groups that could not be listed.Volker Lendecke1-0/+9
Volker (This used to be commit d713e76a24583acaffa0be67838e7629b980ff29)
2004-02-17If there are no alias members, don't ask for their sids :-)Volker Lendecke1-0/+4
Volker (This used to be commit 99f03a641e4fd75c3bafb8bd153687743317a3dc)
2004-02-11BUG 1055; patch from SATOH Fumiyasu <fumiya@miraclelinux.com>; formatting ↵Gerald Carter1-2/+2
fixes for 'net share' (This used to be commit 44db163b3001d8dc50b64bac7fd12be1147e14b7)
2004-02-09Expand 'net rpc group members' to local groups.Volker Lendecke1-49/+175
Volker (This used to be commit 90fabe6ec004ab95739100b6cd5b7cbd87e67e24)
2004-02-08Make it possible to 'net rpc samdump' of any domain you are currently joinedAndrew Bartlett1-37/+76
to, despite any smb.conf settings. Work to allow the same for 'net rpc vampire', but instead give a clear error message on what is incorrect. Andrew Bartlett (This used to be commit 6b629344c5a4061d6052fa91f8429b337bab95fb)
2004-02-08Add some help for 'net rpc password'.Andrew Bartlett1-0/+1
Andrew Bartlett (This used to be commit 4c7d6b9be393f1f5697afe0671f15651ac6282f3)
2004-02-07I should have done this years ago...Andrew Bartlett1-0/+131
This adds the very simple 'admin set password' capability to 'net rpc', much as we have it for 'net ads'. Andrew Bartlett (This used to be commit ced7fb55276f3d21d69b85b40d3f64c5e790bcc9)
2004-01-26This adds client-side support for the unicode/SAMR password change scheme.Andrew Bartlett1-7/+1
As well as avoiding DOS charset issues, this scheme returns useful error codes, that we can map back via the pam interface. This patch also cleans up the interfaces used for password buffers, to avoid duplication of code. Andrew Bartlett (This used to be commit 2a2b1f0c872d154fbcce71a250e23dfad085ba1e)
2004-01-21Fix compiler warningVolker Lendecke1-0/+2
(This used to be commit 413ed77142377351a0ed1c6cf800a14809e56e9c)
2004-01-16Fix another join problem. Don't use a TALLOC_CTX before it has beenJim McDonough1-4/+25
initialized. Also split out the oldstyle join into a new fn, allowing us to call it with no failure message from net rpc join, but displaying a failure message when used with net rpc oldjoin. (This used to be commit 07d6ed4343d7a2575dc974bfbc498b14784b2dc1)
2004-01-08This merges in my 'always use ADS' patch. Tested on a mix of NT and ADSAndrew Bartlett1-26/+14
domains, this patch ensures that we always use the ADS backend when security=ADS, and the remote server is capable. The routines used for this behaviour have been upgraded to modern Samba codeing standards. This is a change in behaviour for mixed mode domains, and if the trusted domain cannot be reached with our current krb5.conf file, we will show that domain as disconnected. This is in line with existing behaviour for native mode domains, and for our primary domain. As a consequence of testing this patch, I found that our kerberos error handling was well below par - we would often throw away useful error values. These changes move more routines to ADS_STATUS to return kerberos errors. Also found when valgrinding the setup, fix a few memory leaks. While sniffing the resultant connections, I noticed we would query our list of trusted domains twice - so I have reworked some of the code to avoid that. Andrew Bartlett (This used to be commit 7c34de8096b86d2869e7177420fe129bd0c7541d)
2004-01-02JHT came up with a nasty (broken) torture case in preparing examples forAndrew Bartlett1-3/+2
his book. This prompted me to look at the code that reads the unix group list. This code did a lot of name -> uid -> name -> sid translations, which caused problems. Instead, we now do just name->sid I also cleaned up some interfaces, and client tools. Andrew Bartlett (This used to be commit f9e59f8bc06fae7e5c8cb0980947f78942dc25c0)
2003-12-01In the brief 'net rpc group' listing, don't cut off group names at 21 chars.Volker Lendecke1-3/+3
Volker (This used to be commit 5d0b8280f6c4990ee3a26c310efebfa859ee21be)
2003-11-28Implement 'net rpc group list [global|local|builtin]*' for a select listing ofVolker Lendecke1-0/+34
the respective user databases. Volker (This used to be commit 39e4ee0c5be9f8d5a26b03ae17865b8e576b0b62)
2003-11-27Only ask for 512 names at a time.Volker Lendecke1-8/+19
Volker (This used to be commit d5775b7106dc5d6326db89f7369d2ffd61646426)
2003-11-26Implement "net rpc group members": Get members of a domain group inVolker Lendecke1-0/+88
human-readable format. Volker (This used to be commit 4e3a2eb8e04c3a669d94e38d81e994606fa6ef9d)
2003-11-22Add support for variable-length session keys in our client code.Andrew Bartlett1-1/+1
This means that we now support 'net rpc join' with KRB5 (des based) logins. Now, you need to hack 'net' to do that, but the principal is important... When we add kerberos to 'net rpc', it should be possible to still do user management and the like over RPC. (server-side support to follow shortly) Andrew Bartlett (This used to be commit 9ecf9408d98639186b283f1acf0fac46417547d0)
2003-10-24Add shutdown abort try over initshutdown pipe first, then fall back toJim McDonough1-4/+49
winreg pipe if it doesn't work. Fixes bug #534. I will go back and add the same logic for the shutdown itself, even though that works so far against win2k (haven't tested all win clients). (This used to be commit e660b04e8f2446bb8a6590e9afcb5ab49f90a701)
2003-09-22fix some warnings found by the Sun C compilerGerald Carter1-1/+1
(This used to be commit e1fac713e25692a5790c3261ba323732930f5249)
2003-08-15In case of 'net rpc trustdom add' without domain name we were silentlyRafal Szczesniak1-2/+7
asking for password without a piece of error message or explanation. rafal (This used to be commit d46793b33577f7e77b7632b016918e3ce175c238)
2003-08-15Give a temporary hint on how to delete trust account.Rafal Szczesniak1-0/+1
rafal (This used to be commit 836746beabda583f7d86bb7e6faa855f172a888d)
2003-08-15get rid of more compiler warningsHerb Lewis1-2/+2
(This used to be commit 398bd14fc6e2f8ab2f34211270e179b8928a6669)
2003-08-15get rid of warning on IRIXHerb Lewis1-10/+8
(This used to be commit 6ec683e24e220a40b02b203b918a0008d90264f0)
2003-08-13Small typo fix found while testing domain trusts.Rafal Szczesniak1-1/+1
rafal (This used to be commit 033ee6e68708f687ccd053eab4a7dac16937354b)
2003-07-03Removed strupper/strlower macros that automatically map to ↵Jeremy Allison1-6/+6
strupper_m/strlower_m. I really want people to think about when they're using multibyte strings. Jeremy. (This used to be commit ff222716a08af65d26ad842ce4c2841cc6540959)
2003-06-25large change:Gerald Carter1-1/+1
*) consolidates the dc location routines again (dns and netbios) get_dc_list() or get_sorted_dc_list() is the authoritative means of locating DC's again. (also inludes a flag to get_dc_list() to define if this should be a DNS only lookup or not) (however, if you set "name resolve order = hosts wins" you could still get DNS queries for domain name IFF ldap_domain2hostlist() fails. The answer? Fix your DNS setup) *) enabled DOMAIN<0x1c> lookups to be funneled through resolve_hosts resulting in a call to ldap_domain2hostlist() if lp_security() == SEC_ADS *) enables name cache for winbind ADS backend *) enable the negative connection cache for winbind ADS backend *) removes some old dead code *) consolidates some duplicate code *) moves the internal_name_resolve() to use an IP/port pair to deal with SRV RR dns replies. The namecache code also supports the IP:port syntax now as well. *) removes 'ads server' and moves the functionality back into 'password server' (which can support "hostname:port" syntax now but works fine with defaults depending on the value of lp_security()) (This used to be commit d7f7fcda425bef380441509734eca33da943c091)
2003-06-12Fix for bug#3. Show comments when doing 'net group -l'.Volker Lendecke1-16/+80
Volker (This used to be commit e5664adc07307a066c5312d9224cef2c69a40f77)
2003-06-12Working on bug#3. We want all of the aliases, so start with 0.Volker Lendecke1-0/+2
Volker (This used to be commit ec1a58d09e08583288b18747a0c82e5cf8139b63)
2003-05-11Fix compile.Andrew Bartlett1-1/+1
(This used to be commit ca2e453c7838b6d0ed2d0a45124d162073bbbf99)
2003-05-11Set the password for a newly created trustdom account. Tested againstVolker Lendecke1-3/+34
PDCs running NT4SP1, NT4SP6 and Samba 3.0. Volker (This used to be commit 2143446043b2c29027cf69554caddf41274df709)
2003-05-07Fix the spinning bug for 'net rpc user' as well - there are more errors inAndrew Bartlett1-4/+4
this world than 'status more entires'... Also move all the cases to 'NT_STATUS_EQUAL()' to test it. Andrew Bartlett (This used to be commit b4645bf0661dadcd077b21bb6f6452ed8b2eb726)
2003-05-05Turn off using lsa_qos in OpenPolicy call. This way we avoid annoyingRafal Szczesniak1-2/+2
debug msg while establishing trust and listing relations of Samba PDC. Rafal (This used to be commit 8681cbae0d142a1f9ac537cb22e611a6f5262b54)
2003-05-01Turn down some DEBUG()s and remove some duplicate code spotted by dfenwick.Andrew Bartlett1-39/+17
Andrew Bartlett (This used to be commit 542a8b1817d3930e03e08e16e9711cacceb6df61)
2003-04-29Allow net rpc user -l to list longer than 50 characters in a user comment.Jim McDonough1-1/+1
Net.exe on windows won't allow more than 50 characters to be entered, but through AD you can have much more than this. (This used to be commit ca2886c9385361ea401e3e0b47c26cb39adcadbc)
2003-04-25Merge of missed another while condition when enumerating aliases.Tim Potter1-1/+1
(This used to be commit ee78196bcfe52dfdda0b7fd44a6701e2cf5f7d5a)
2003-04-25Merge:Tim Potter1-2/+2
>When calling cli_samr_enum_{dom,als}_groups in a while loop, the >terminating condition should be result != STATUS_MORE_ENTRIES, not >result == NT_STATUS_OK otherwise we get stuck in an infinite loop >when there's any sign of trouble. (This used to be commit 4998a72cf8e3a2b254dc409a36b9bbd118bdc4fd)
2003-04-21Merge from HEAD - save the type of channel used to contact the DC.Andrew Bartlett1-24/+61
This allows us to join as a BDC, without appearing on the network as one until we have the database replicated, and the admin changes the configuration. This also change the SID retreval order from secrets.tdb, so we no longer require a 'net rpc getsid' - the sid fetch during the domain join is sufficient. Also minor fixes to 'net'. Andrew Bartlett (This used to be commit 876e00fd112e4aaf7519eec27f382eb99ec7562a)