summaryrefslogtreecommitdiff
path: root/source3/utils/net_rpc_samsync.c
AgeCommit message (Collapse)AuthorFilesLines
2003-09-10Fix error return path memory leaks in vampire code for creating users.Tim Potter1-3/+8
Display an error if we can't create a posix account for the user (e.g no add user/machine script was specified; bug #323). (This used to be commit 0c35ba2cd65ff64c5db2b20d5528a0d486cba51e)
2003-09-10Use opt_target_workgroup instead of lp_workgroup() in vampire code soTim Potter1-2/+2
we can override the value in smb.conf with the -w option. Migrating accounts from another domain can now be done like: # bin/net join bdc -w nt4dom -Uadministrator%password # bin/net rpc vampire -w nt4dom -U administrator%password (This used to be commit d7bd3c1efbd02a7ca01ad9a4b242ea4cc4a63c1f)
2003-08-07Turns out I had my packet sequences wrong for oplock break code.Jeremy Allison1-2/+6
I was storing the mid of the oplock break - I should have been storing the mid from the open. There are thus 2 types of deferred packet sequence returns - ones that increment the sequence number (returns from oplock causing opens) and ones that don't (change notify returns etc). Running with signing forced on does lead to some interesting tests :-). Jeremy. (This used to be commit 85907f02cec566502d9e4adabbd414020a26064d)
2003-08-07Cosmetic fix from waider@waider.ie.Jeremy Allison1-0/+31
Jeremy. (This used to be commit cb326c2dbff1fad87d5c72df4a004d5a42d17472)
2003-07-27Ensure all code paths set add_script.Jeremy Allison1-4/+3
Jeremy. (This used to be commit 0021c83ff645a1923b5a3d3c484d44b20d7813f0)
2003-07-22Fixup a bunch of printf-style functions and debugs to use unsigned long whenTim Potter1-3/+3
displaying pid_t, uid_t and gid_t values. This removes a whole lot of warnings on some of the 64-bit build farm machines as well as help us out when 64-bit uid/gid/pid values come along. (This used to be commit f93528ba007c8800a850678f35f499fb7360fb9a)
2003-07-16fixes for 'net rpc vampire'. I can now take a blank Samba hostGerald Carter1-25/+12
and migrate an NT4 domain and still logon from domain members (tested logon scripts, system policies, profiles, & home directories) (passdb backend = tdbsam) removed call to idmap_init_wellknown_sids() from winbindd.c since the local domain should be handled by the guest passdb backend (and you don't really always want the Administrator account to be root) ...and we didn't pay attention to this anyways now. (This used to be commit 837d7c54d3ca780160aa0d6a2f0a109bb691948e)
2003-07-11moving more code around.Gerald Carter1-1/+3
* move rid allocation into IDMAP. See comments in _api_samr_create_user() * add winbind delete user/group functions I'm checking this in to sync up with everyone. But I'm going to split the add a separate winbindd_allocate_rid() function for systems that have an 'add user script' but need idmap to give them a RID. Life would be so much simplier without 'enable rid algorithm'. The current RID allocation is horrible due to this one fact. Tested idmap_tdb but not idmap_ldap yet. Will do that tomorrow. Nothing has changed in the way a samba domain is represented, stored, or search in the directory so things should be ok with previous installations. going to bed now. (This used to be commit 0463045cc7ff177fab44b25faffad5bf7140244d)
2003-07-09Large set of changes to add UNIX account/group managementGerald Carter1-4/+11
to winbindd. See README.idmap-and-winbind-changes for details. (This used to be commit 1111bc7b0c7165e1cdf8d90eb49f4c368d2eded6)
2003-07-05Add some debug statments to our vampire code - try to make it easier to trackAndrew Bartlett1-0/+6
down failures. Add a 'auto-add on modify' feature to guestsam Fix some segfault bugs on no-op idmap modifications, and on new idmappings that do not have a DN to tack onto. Make the 'private data' a bit more robust. Andrew Bartlett (This used to be commit 6c48309cda9538da5a32f3d88a7bb9c413ae9e8e)
2003-07-05Fixes to our LDAP/vampire codepaths:Andrew Bartlett1-37/+44
- Try better to add the appropriate mapping between UID and SIDs, based on Get_Pwnam() - Look for previous users (lookup by SID) and correctly modify the existing entry in that case - Map the root user to the Admin SID as a 'well known user' - Save the LDAPMessage result on the SAM_ACCOUNT for use in the next 'update' call on that user. This means that VL's very nice work on atomic LDAP updates now really gets used properly! - This also means that we know the right DN to update, without the extra round-trips to the server. Andrew Bartlett (This used to be commit c7118cb31dac24db3b762fe68ce655b17ea102e0)
2003-06-18Ok, this patch removes the privilege stuff we had in, unused, for some time.Simo Sorce1-10/+4
The code was nice, but put in the wrong place (group mapping) and not supported by most of the code, thus useless. We will put back most of the code when our infrastructure will be changed so that privileges actually really make sense to be set. This is a first patch of a set to enhance all our mapping code cleaness and stability towards a sane next beta for 3.0 code base Simo. (This used to be commit e341e7c49f8c17a9ee30ca3fab3aa0397c1f0c7e)
2003-06-16Make net rpc vampire return an error if the sam sync RPC returns an error.Tim Potter1-9/+29
E.g if we are pointing at a win2k native mode domain we are returned an NT_STATUS_NOT_SUPPORTED error. (This used to be commit 6053c30f26cdf60f2bbfa6fb58ced6f7bcbd2e83)
2003-06-14This patch modifies 'net rpc vampire' to add new and existing users to bothAndrew Bartlett1-20/+39
the idmap and the SAM. The basic idea is this: Lookup the user with GetPwnam(), and if they exist then use that uid. This is what people expect. If the user does not exist, try and run the right script. This is also what people expect from previous Samba 3.0 behaviour, where the Get_Pwnam() was at runtime. If the idmap entry for this SID isn't valid, or isn't the right value, modify the idmap to account for this mapping. Also, the same logic is applied to the primary gid - if it has changed, update the user's primary unix group. This patch allows users to be added without a mapping - this is fine for machine accounts, for example. I've given it a quick test against my Win2k DC, and I *think* it's sane. Andrew Bartlett (This used to be commit d2a70bfff182352da50cd6c23ddfa80fe1b353c7)
2003-05-12Re-enable secure channel for net rpc vampire.Tim Potter1-8/+13
Jump out of sam entry processing loop if the return value from cli_netlogon_sam_sync() isn't OK or STATUS_MORE_ENTRIES. (This used to be commit 47d8ee3679292ece5d86df11bc56c9b4d71f3d11)
2003-05-08This puts real netlogon connection caching to winbind. This becomesVolker Lendecke1-1/+7
important once we start doing schannel, as there would be a lot more roundtrips for the second PIPE open and bind. With this patch logging in to a member server is a matter of two (three if you count the ack...) packets between us and the DC. Volker (This used to be commit 5b3cb7725a974629d0bd8b707bc2940c36b8745e)
2003-04-29adding ifdef'd code to add alias membership for vampireGerald Carter1-0/+138
(This used to be commit 2557b94519fbb3110948a3c6a3f412622757d2b0)
2003-04-21Merge from HEAD - save the type of channel used to contact the DC.Andrew Bartlett1-4/+7
This allows us to join as a BDC, without appearing on the network as one until we have the database replicated, and the admin changes the configuration. This also change the SID retreval order from secrets.tdb, so we no longer require a 'net rpc getsid' - the sid fetch during the domain join is sufficient. Also minor fixes to 'net'. Andrew Bartlett (This used to be commit 876e00fd112e4aaf7519eec27f382eb99ec7562a)
2003-04-14Merge: remove unused variables.Tim Potter1-3/+0
(This used to be commit dfa9412da567d2477ee5b1e6ecdc96b8dea3c21d)
2003-04-14Merge of Jelmer's usage updates for net.Tim Potter1-1/+1
(This used to be commit 6a5b88c95b3fd17431cda79e9aa2a593fef85100)
2003-04-09This is the netlogon schannel client code. Try aVolker Lendecke1-10/+8
rpcclient -S pdc -U% -c "samlogon user password" and it should work with the schannel. Needs testing against platforms different from NT4SP6. Volker (This used to be commit eaef0d8aeff1aa5a067679be3f17e08d7434e1e8)
2003-03-31Waider's cosmetic change to print out the database type whenVolker Lendecke1-1/+17
downloading stuff. Volker (This used to be commit 702d368a9af98d59775ebc3ed89774507397b7e3)
2003-03-30This sets the domain for the user in vampire. OtherwiseVolker Lendecke1-0/+2
we end up with an empty domain field, which a workstation does not really like in sam_logon.. Volker (This used to be commit 5a3f89d3c12c5e4ab89fbe220ca34387c1660511)
2003-03-23Merge of patch by waider to our samsync code.Andrew Bartlett1-35/+155
(Decode all database names, and set only changes, not all info from the samsync record). Andrew Bartlett (This used to be commit c7b8405bdebb9241ec335ccbbef630d90e61a419)
2003-03-22Thanks to volker, merge passdb changes from HEAD:Andrew Bartlett1-4/+1
- pdb_guest (including change defaults) - 'default' passdb actions (instead of 'not implemented' stubs in each module) - net_rpc_samsync no longer assumes pdb_unix Andrew Bartlett (This used to be commit 4bec53c8c81019f0f06a93c4df0800bbf7281dd6)
2003-01-29playing janitor for abartlet. :-(Gerald Carter1-22/+15
" Make the vampire code use just pdb calls - allowing better operation on systems that are not configured with an add user script, and have an _nua backend for storage. We really need to get the PDB backends out of the IDMAP game... Andrew Bartlett " (This used to be commit e959a8eb67e78bb90ae017687dca8f8b3b147b09)
2002-12-20Forward port the change to talloc_init() to make all talloc contextsJeremy Allison1-3/+3
named. Ensure we can query them. Jeremy. (This used to be commit 09a218a9f6fb0bd922940467bf8500eb4f1bcf84)
2002-11-10After the lord mayors parade......Jeremy Allison1-11/+30
Janitor for tridge :-). Jeremy. (This used to be commit 76cdfbd5107fff0c38f5fc339f1c27b33fec3a91)
2002-11-07Keeping 3.0 in sync....Jeremy Allison1-7/+11
Jeremy. (This used to be commit 6d98ac2634d17f7f8fb17c43923ddd2b1e723d86)
2002-11-02Merge passdb from HEAD -> 3.0Andrew Bartlett1-39/+43
The work here includes: - metze' set/changed patch, which avoids making changes to ldap on unmodified attributes. - volker's group mapping in passdb patch - volker's samsync stuff - volkers SAMR changes. - mezte's connection caching patch - my recent changes (fix magic root check, ldap ssl) Andrew Bartlett (This used to be commit 2044d60bbe0043cdbb9aba931115672bde975d2f)
2002-10-04merge of new client side support the Win2k LSARPC UUID in rpcbindGerald Carter1-2/+2
from APP_HEAD (This used to be commit 1cfd2ee433305e91e87804dd55d10e025d30a69e)
2002-10-01syncing up with HEAD. Seems to be a lot of differences creeping inGerald Carter1-26/+18
(i ignored the new SAMBA stuff, but the rest of this looks like it should have been merged already). (This used to be commit 3de09e5cf1f667e410ee8b9516a956860ce7290f)
2002-09-24This is a first working version of net rpc vampire. First do a net rpcVolker Lendecke1-12/+264
getsid, then join as a BDC, and then watch net rpc vampire suck out the good stuff out of a PDC :-). It's not perfect, but it does quite a bit for me. Watch out for more. Volker (This used to be commit f0d7ac9feb5844c93789344285b1d66f480209ba)
2002-09-23Ok, getting a bit more ambitious. Stop me, if this is wrong. ;-)Volker Lendecke1-2/+3
When creating a group you have to take care of the fact that the underlying unix might not like the group name. This change gets around that problem by giving the add group script the chance to invent a group name. It then must only return the newly created numerical gid. Volker (This used to be commit b959419ed38e66a12b63cad3e5fbfa849f952acc)
2002-09-22Change parsing of policy and privs delta to what Ethereal says.Volker Lendecke1-3/+1
Volker (This used to be commit 8c41b5cd1b8b0c2639def9552bd20b8aca39785c)
2002-09-18First code for 'net rpc vampire'. We should probably find a moreVolker Lendecke1-0/+278
positive name for this. It creates users and global groups. More to come. Volker (This used to be commit 0c1fadd9e024ef886542d362a7f119968552852d)
2002-08-30added cli_net_auth_3 client code.Jean-François Micouleau1-1/+3
changed cli_nt_setup_creds() to call cli_net_auth_2 or cli_net_auth_3 based on a switch. pass also the negociation flags all the way. all the places calling cli_nt_setup_creds() are still using cli_net_aut2(), it's just for future use and for rpcclient. in the future we will be able to call auth_2 or auth_3 as we want. J.F. (This used to be commit 4d38caca40f98d0584fefb9d66424a3db5b5789e)
2002-08-29There's more work to be done on samsync. Intermediate commit, nowVolker Lendecke1-5/+21
I get all the groups at least. Volker (This used to be commit 23a4f6991e93797afad0043689737a1b20c67f60)
2002-08-29show builtin groups in samdumpAndrew Tridgell1-33/+40
(This used to be commit c1e00f5f160985323f5a9ade42f2ebb2a798b17c)
2002-08-22added a 'net rpc samdump' command for dumping the whole sam viaAndrew Tridgell1-0/+162
samsync operations (as a BDC) (This used to be commit e4cb106d2e3e6a41529369545a7a6ce5fe6d8986)