summaryrefslogtreecommitdiff
path: root/source3/utils/net_rpc_join.c
AgeCommit message (Collapse)AuthorFilesLines
2007-10-10r18747: replace rpccli_lsa_close() with rpccli_lsa_Close()Gerald Carter1-1/+1
(This used to be commit 50d74ce0488a9bd0980cdc6d523a210f6238ef74)
2007-10-10r16360: Fix Klocwork ID 136 520 521 522 523 542 574 575 576 607Volker Lendecke1-1/+4
in net_rpc.c: 715 716 732 734 735 736 737 738 739 749 in net_rpc_audit.c: 754 755 756 in net_rpc_join.c: 757 in net_rpc_registry: 766 767 in net_rpc_samsync.c: 771 773 in net_sam.c: 797 798 Volker (This used to be commit 3df0bf7d6050fd7c9ace72487d4f74d92e30a584)
2007-10-10r15543: New implementation of 'net ads join' to be more like Windows XP.Gerald Carter1-4/+4
The motivating factor is to not require more privileges for the user account than Windows does when joining a domain. The points of interest are * net_ads_join() uses same rpc mechanisms as net_rpc_join() * Enable CLDAP queries for filling in the majority of the ADS_STRUCT->config information * Remove ldap_initialized() from sam/idmap_ad.c and libads/ldap.c * Remove some unnecessary fields from ADS_STRUCT * Manually set the dNSHostName and servicePrincipalName attribute using the machine account after the join Thanks to Guenther and Simo for the review. Still to do: * Fix the userAccountControl for DES only systems * Set the userPrincipalName in order to support things like 'kinit -k' (although we might be able to just use the sAMAccountName instead) * Re-add support for pre-creating the machine account in a specific OU (This used to be commit 4c4ea7b20f44cd200cef8c7b389d51b72eccc39b)
2007-10-10r14087: Protect against domain being NULL. Finish Coverity #152.Jeremy Allison1-4/+12
Jeremy. (This used to be commit 88dd4ab48127bb08fdeb0b5c236020e0b910f0d8)
2007-10-10r14085: Fix coverity bg #152, uninit'ed var.Jim McDonough1-1/+1
(This used to be commit d8e69c18e0d34c99525080b3afaf2778be3a5ec2)
2007-10-10r13641: Finish fix for #3510. Don't use client schannel when toldJeremy Allison1-13/+39
not to, cope with a server that doesn't offer schannel also. Jeremy (This used to be commit 68005f6bdb70883eace0d9067c76c3360a803023)
2007-10-10r13614: First part of the bugfix for #3510 - net join failsJeremy Allison1-14/+21
against server with schannel disabled. Second part will come tomorrow (fixing net_rpc_join_ok()). Jeremy. (This used to be commit 7de1ee18619bf99c5db45692e085d0646e52378f)
2007-10-10r12986: Use d_fprintf(stderr, ...) for any error message in net.Lars Müller1-4/+4
All 'usage' messages are still printed to stdout. Fix some compiler warnings for system() calls where we didn't used the return code. Add appropriate error messages and return with the error code we got from system() or NT_STATUS_UNSUCCESSFUL. (This used to be commit f650e3bdafc4c6bcd7eb4bcf8b6b885b979919eb)
2007-10-10r11492: Fix bug #3224 (I hope). Correctly use machine_account_nameJeremy Allison1-3/+4
and client_name when doing netlogon credential setup. Jeremy. (This used to be commit 37e6ef9389041f58eada167239fd022f01c5fecb)
2007-10-10r10656: BIG merge from trunk. Features not copied overGerald Carter1-57/+73
* \PIPE\unixinfo * winbindd's {group,alias}membership new functions * winbindd's lookupsids() functionality * swat (trunk changes to be reverted as per discussion with Deryck) (This used to be commit 939c3cb5d78e3a2236209b296aa8aba8bdce32d3)
2007-10-10r8564: Sometimes we're too dumb to live... Fix samr calls where we wereJeremy Allison1-5/+5
using USER_INFO_XX structs and functions where XX was sometimes in hex and sometimes in decimal. Now it's all in decimal (should be no functionality change). Jeremy. (This used to be commit 84651aca04cbcbf50ab2e78333cc9d9e49dd92f5)
2007-10-10r7415: * big change -- volker's new async winbindd from trunkGerald Carter1-2/+2
(This used to be commit a0ac9a8ffd4af31a0ebc423b4acbb2f043d865b8)
2007-10-10r6769: Fix bugzilla #2538 and #2527. Unused variables found by Jason Mader.Tim Potter1-2/+1
(This used to be commit 68b1c1f533e5c91634f5da21659c8e5793cb77f7)
2007-10-10r5203: additional changes for BUG 2291 to restrict who can join a BDC and ↵Gerald Carter1-1/+1
add domain trusts (This used to be commit 5ec1faa2ad33772fb48c3863e67d2ce4be726bb2)
2007-10-10r4570: Replace cli->nt_pipe_fnum with an array of NT file numbers, one for eachVolker Lendecke1-2/+2
supported pipe. Netlogon is still special, as we open that twice, one to do the auth2, the other one with schannel. The client interface is completely unchanged for those who only use a single pie. cli->pipe_idx is used as the index for everything except the "real" client rpc calls, which have been explicitly converted in my last commit. Next step is to get winbind to just use a single smb connection for multiple pipes. Volker (This used to be commit dc294c52e0216424236057ca6cd35e1ebf51d0da)
2007-10-10r4088: Get medieval on our ass about malloc.... :-). Take control of all our ↵Jeremy Allison1-1/+1
allocation functions so we can funnel through some well known functions. Should help greatly with malloc checking. HEAD patch to follow. Jeremy. (This used to be commit 620f2e608f70ba92f032720c031283d295c5c06a)
2007-10-10r2835: Since we always have -I. and -I$(srcdir) in CFLAGS, we can get rid ofTim Potter1-1/+1
'..' from all #include preprocessor commands. This fixes bugzilla #1880 where OpenVMS gets confused about the '.' characters. (This used to be commit 7f161702fa4916979602cc0295919b541912acd6)
2004-02-08Make more functions static, and remove duplication in the use of functionsAndrew Bartlett1-1/+1
in lib/smbpasswd.c that were exact duplicates of functions in passdb/passdb.c (These should perhaps be pulled back out to smbpasswd.c, but that can occour later). Andrew Bartlett (This used to be commit fcdc5efb1e245c8fa95cd031f67ec56093b9056e)
2004-01-26This adds client-side support for the unicode/SAMR password change scheme.Andrew Bartlett1-8/+1
As well as avoiding DOS charset issues, this scheme returns useful error codes, that we can map back via the pam interface. This patch also cleans up the interfaces used for password buffers, to avoid duplication of code. Andrew Bartlett (This used to be commit 2a2b1f0c872d154fbcce71a250e23dfad085ba1e)
2004-01-15Fix net rpc join (at least newstyle) after it was broken by changingJim McDonough1-5/+5
the parms to cli_lsa_query_info_policy without changing them here... (This used to be commit a885df7635a9230bc6cca88e7e8fb1420c74c7fb)
2003-11-22Add support for variable-length session keys in our client code.Andrew Bartlett1-4/+4
This means that we now support 'net rpc join' with KRB5 (des based) logins. Now, you need to hack 'net' to do that, but the principal is important... When we add kerberos to 'net rpc', it should be possible to still do user management and the like over RPC. (server-side support to follow shortly) Andrew Bartlett (This used to be commit 9ecf9408d98639186b283f1acf0fac46417547d0)
2003-07-03Removed strupper/strlower macros that automatically map to ↵Jeremy Allison1-2/+2
strupper_m/strlower_m. I really want people to think about when they're using multibyte strings. Jeremy. (This used to be commit ff222716a08af65d26ad842ce4c2841cc6540959)
2003-06-16This glosses over John's problem at SambaXP 2003. When we want to joinVolker Lendecke1-3/+17
a NT4 domain as a BDC with an existing workstation account (existing bdc is fine), we fail. Print a friendly error message in this case. The correct solution would probably be to delete the account and try again. But even this makes us better than NT: NT4 fails in this situation with an empty warning message box and an unusable BDC. It has unsuccessfully tried to suck down the domain database, and thus has no administrator account to log in after reboot.... Volker (This used to be commit 1ddeea2179b11cedccf205c7ffea523ee6750b24)
2003-06-16Fix misleading debug message.Volker Lendecke1-1/+1
Volker (This used to be commit a4f76f2520515d820eb4a320036b998c88c596a8)
2003-06-16another improved debug statementAndrew Tridgell1-1/+1
(This used to be commit ac69b9c83cde306f89143fe43038adff876dd0b0)
2003-06-08Make sure that we use schannel (if configured) when checking for a validAndrew Bartlett1-12/+13
join to the DC. Andrew Bartlett (This used to be commit af526fa9b39ab1f8483d5cee66321bc12f78ac05)
2003-04-22Fix up bugs in the new 'store sec_channel type' code - we were always joiningAndrew Bartlett1-0/+3
as a BDC. Andrew Bartlett (This used to be commit f35674e7552dcfece342e7bece10bbfb0e81cbf8)
2003-04-21Merge from HEAD - save the type of channel used to contact the DC.Andrew Bartlett1-19/+43
This allows us to join as a BDC, without appearing on the network as one until we have the database replicated, and the admin changes the configuration. This also change the SID retreval order from secrets.tdb, so we no longer require a 'net rpc getsid' - the sid fetch during the domain join is sufficient. Also minor fixes to 'net'. Andrew Bartlett (This used to be commit 876e00fd112e4aaf7519eec27f382eb99ec7562a)
2003-04-14Merge of Jelmer's usage updates for net.Tim Potter1-1/+1
(This used to be commit 6a5b88c95b3fd17431cda79e9aa2a593fef85100)
2003-02-24Merge from HEAD client-side authentication changes:Andrew Bartlett1-7/+1
- new kerberos code, allowing the account to change it's own password without special SD settings required - NTLMSSP client code, now seperated from cliconnect.c - NTLMv2 client code - SMB signing fixes Andrew Bartlett (This used to be commit 837680ca517982f2e5944730581a83012d4181ae)
2002-12-20Forward port the change to talloc_init() to make all talloc contextsJeremy Allison1-1/+1
named. Ensure we can query them. Jeremy. (This used to be commit 09a218a9f6fb0bd922940467bf8500eb4f1bcf84)
2002-11-12Removed global_myworkgroup, global_myname, global_myscope. Added liberalJeremy Allison1-6/+2
dashes of const. This is a rather large check-in, some things may break. It does compile though :-). Jeremy. (This used to be commit f755711df8f74f9b8e8c1a2b0d07d02a931eeb89)
2002-10-04merge of new client side support the Win2k LSARPC UUID in rpcbindGerald Carter1-3/+3
from APP_HEAD (This used to be commit 1cfd2ee433305e91e87804dd55d10e025d30a69e)
2002-09-25sync'ing up for 3.0alpha20 releaseGerald Carter1-1/+2
(This used to be commit 65e7b5273bb58802bf0c389b77f7fcae0a1f6139)
2002-08-17sync 3.0 branch with HEADJelmer Vernooij1-23/+87
(This used to be commit 1b83b78e332b9d28914eff155530e81cf2073a58)
2002-07-15updated the 3.0 branch from the head branch - ready for alpha18Andrew Tridgell1-7/+3
(This used to be commit 03ac082dcb375b6f3ca3d810a6a6367542bc23ce)
2002-03-23Join as a server trust account if the server role is either PDC or BDC.Andrew Bartlett1-1/+1
(This used to be commit 0784ab67addb3422a2d17363b4c3328d2e4b1008)
2002-03-17Renamed get_nt_error_msg() to nt_errstr().Tim Potter1-3/+3
(This used to be commit 1f007d3ed41c1b71a89fa6be7d173e67e927c302)
2002-03-15Change new style join function name for clarity in net_rpc.cJim McDonough1-1/+1
(This used to be commit 539d0cc03035c126e2de82523a07ed91997100b8)
2002-03-02Allow Samba to trust NT4 Domains.Andrew Bartlett1-1/+3
This commit builds on the auth subsystem to give Samba support for trusting NT4 domains. It is off by default, but is enabled by adding 'trustdomain' to the 'auth methods' smb.conf paramater. Tested against NT4 only - there are still some issues with the join code for Win2k servers (spnego stuff). The main work TODO involves enumerating the trusted domains (including the RPC calls to match), and getting winbind to run on the PDC correctly. Similarly, work remains on getting NT4 to trust Samba domains. Andrew Bartlett (This used to be commit ac8c24a9a888a3f916e8b40238b936e6ad743ef7)
2002-01-30Removed version number from file header.Tim Potter1-1/+0
Changed "SMB/Netbios" to "SMB/CIFS" in file header. (This used to be commit 6a58c9bd06d0d7502a24bf5ce5a2faf0a146edfa)
2001-12-30Add a pile of doxygen style comments to various parts of Samba. Many of theseAndrew Bartlett1-3/+9
probably will never actually be genearted, but I like the style in any case. Also fix a segfault in 'net rpc' when the login failed and a small memory leak on failure in the auth_info.c code. Andrew Bartlett (This used to be commit 2efae7cc522651c22fb120835bc800645559b63e)
2001-12-14Display a nice error message if the user%password specified for net rpcTim Potter1-2/+8
join does not have administrator privileges. (This used to be commit af24b1036c8ceaa37e6b68ac988401846c5c7fe4)
2001-12-14Merge from 2.2 to allow net rpc join -U to complete even if the workstationTim Potter1-2/+5
account already exists. # net rpc join --user=Administrator%password It's kind of weird seeing the mix of NET.EXE style of options (net command subcommand /arg:value) with the GNU-style long options. I think it works. (This used to be commit 3789c8c707acd9a4078d656c8de9ce1f4be9e388)
2001-12-11allow join of already joined domainAndrew Tridgell1-60/+35
(This used to be commit 784a3f295176dc87c8befd76d5f2dc9ef1e9e383)
2001-12-05OK. Smbpasswd -j is DEAD.Andrew Bartlett1-4/+2
This moves the rest of the functionality into the 'net rpc join' code. Futhermore, this moves that entire area over to the libsmb codebase, rather than the crufty old rpc_client stuff. I have also fixed up the smbpasswd -a -m bug in the process. We also have a new 'net rpc changetrustpw' that can be called from a cron-job to regularly change the trust account password, for sites that run winbind but not smbd. With a little more work, we can kill rpc_client from smbd entirly! (It is mostly the domain auth stuff - which I can rework - and the spoolss stuff that sombody else will need to look over). Andrew Bartlett (This used to be commit 575897e879fc175ba702adf245384033342c903d)
2001-12-05Follow herb's suggestion and don't strdup a string to itselfAndrew Bartlett1-3/+6
(This used to be commit d00f461f43558c8ef942df305bcc2c89060b4800)
2001-12-04allow for passwords other than "samba2"Andrew Tridgell1-1/+1
:) (This used to be commit cee58f10974b55ead68362166d12285568feeb23)
2001-12-04Add 'net rpc join' to match the ADS equiv.Andrew Bartlett1-0/+311
This kills off the offending code in smbpasswd -j -Uab%c In the process we have changed from unsing compelatly random passwords to random, 15 char ascii strings. While this does produce a decrese in entropy, it is still vastly greater than we need, considering the application. In the meantime this allows us to actually *type* the machine account password duruign debugging. This code also adds a 'check' step to the join, confirming that the stored password does indeed do somthing of value :-) Andrew Bartlett (This used to be commit c0b7ee6ee547dc7ff798eaf8cb63fbe344073029)