summaryrefslogtreecommitdiff
path: root/source3/utils/net_rpc_samsync.c
AgeCommit message (Collapse)AuthorFilesLines
2007-10-10r8786: Fix amazing and long-standing bug where user-accounts are just crippledGünther Deschner1-2/+1
accounts (accounts without AcctCtrl set) after a vampire-process. New Accounts tend to hace no acb_info at all which means "0" (ACB_NORMAL). Unless 0 becomes not 0 we don't do anything and set *no* acctrl for normal users at all (!). Those crippled users now don't show up in usrmgr since 3.0.20somethings ldap-routines now finally test if the attribute is there. Guenther (This used to be commit c270ae79b5ef6d27a2a9e5a2d4f6bb20f7107b16)
2007-10-10r8396: fix some compile warnings.Günther Deschner1-8/+11
Guenther (This used to be commit af1aa09cde91078496a29f3a73c69a65ca2c3f6a)
2007-10-10r8189: commit vampire ldif patch, mostly from Don Watson ↵Jim McDonough1-3/+1002
(dwatson@us.ibm.com). Yes, that's my copyright...that's just how we have to do things at big blue. Adds subcommand to vampire to allow data to be put into an ldif file instead of actually writing to the passdb. See "net rpc help vampire" for usage info. This should be added to docs as well. (This used to be commit cb5634a305256a70daa2fcbd85d9a5459b4aeaa3)
2007-10-10r7882: Looks like a large patch - but what it actually does is make SambaJeremy Allison1-4/+4
safe for using our headers and linking with C++ modules. Stops us from using C++ reserved keywords in our code. Jeremy (This used to be commit 9506b8e145982b1160a2f0aee5c9b7a54980940a)
2007-10-10r7130: remove 'winbind enable local accounts' code from the 3.0 treeGerald Carter1-7/+1
(This used to be commit 318c3db4cb1c85be40b2f812f781bcf5f1da5c19)
2007-10-10r6263: Get rid of generate_wellknown_sids, they are const static and ↵Volker Lendecke1-2/+0
initializable statically. Volker (This used to be commit 3493d9f383567d286e69c0e60c0708ed400a04d9)
2007-10-10r5909: Remove some unecessary casts. Patch from Jason Mader for bugzill #2468.Tim Potter1-1/+1
(This used to be commit ede9fd08cf0ce04528f73c74e2345ba46d26f1e2)
2007-10-10r5349: After talking with Jerry, reverted the addition of account policies toGünther Deschner1-9/+9
passdb in 3_0 (they are still in trunk). Guenther (This used to be commit fdf9bdbbac1d8d4f3b3e1fc7e49c1e659b9301b1)
2007-10-10r5264: Log with loglevel 0 when account-administration scripts fail.Günther Deschner1-1/+1
Guenther (This used to be commit 3d391ef149639750db376b05528a27422f8a3321)
2007-10-10r4925: Migrate Account Policies to passdb (esp. replicating ldapsam).Günther Deschner1-9/+9
Does automated migration from account_policy.tdb v1 and v2 and offers a pdbedit-Migration interface. Jerry, please feel free to revert that if you have other plans. Guenther (This used to be commit 75af83dfcd8ef365b4b1180453060ae5176389f5)
2007-10-10r4877: When vampiring account policy AP_LOCK_ACCOUNT_DURATION honour "LockoutGünther Deschner1-1/+4
Duration: Forever". Guenther (This used to be commit aecacf4d9cc5e2aa69b358292b9d591ade696500)
2007-10-10r4538: Fix bugzilla 2198, accounts which have password last set to 0 are gettingJim McDonough1-0/+3
no passwords after vampire. Set password last set field to now. (This used to be commit 60c3a638e4e63d009728c2ce7a6264c3c120a9e5)
2007-10-10r4353: Finally get length of munged_dial correct.Günther Deschner1-1/+1
Guenther (This used to be commit b209f97f246cd65719f1000c7de368babec26d47)
2007-10-10r4352: Base64-encode munged-dial with correct length in 'net rpc vampire'.Günther Deschner1-1/+4
Guenther (This used to be commit 98f3e3353df988e819bc41d145b13c76e1b86b55)
2007-10-10r4351: Vampire Logon-Hours. Update Logon-Hours only when they have changed.Günther Deschner1-1/+20
Guenther (This used to be commit 0930ad662770278cbe9fd4e3deaa523957b96697)
2007-10-10r4291: More *alloc fixes inspired by Albert Chin (china@thewrittenword.com).Jeremy Allison1-1/+1
Jeremy (This used to be commit efc1b688cf9b1a17f1a6bf46d481280ed8bd0c46)
2007-10-10r4287: Vampire SAM_DELTA_DOMAIN_INFO.Günther Deschner1-2/+112
Based on samba4-idl. The decoding of account-lockout-string is somewhat experimental though. Guenther (This used to be commit 721bf50d7446b8ce18bc1d45e17d4214d5a43d26)
2007-10-10r4130: add bad_password_count and logon_count to vampire (inspired by a patchGünther Deschner1-2/+5
from Lars Mueller <lmuelle@suse.de>), just for completeness. Note that though we have logon_count implemented in all pdb-backends but never (for good reason!) update the counter. Guenther (This used to be commit a03aa0956813998dbbc3c68f6bc5214fd720cdb2)
2007-10-10r4127: vampire munged_dial.Günther Deschner1-0/+8
Guenther (This used to be commit eb64eb9d572e12b28a67779746b8ddc191497c09)
2007-10-10r4088: Get medieval on our ass about malloc.... :-). Take control of all our ↵Jeremy Allison1-1/+1
allocation functions so we can funnel through some well known functions. Should help greatly with malloc checking. HEAD patch to follow. Jeremy. (This used to be commit 620f2e608f70ba92f032720c031283d295c5c06a)
2007-10-10r2835: Since we always have -I. and -I$(srcdir) in CFLAGS, we can get rid ofTim Potter1-1/+1
'..' from all #include preprocessor commands. This fixes bugzilla #1880 where OpenVMS gets confused about the '.' characters. (This used to be commit 7f161702fa4916979602cc0295919b541912acd6)
2004-02-08Make it possible to 'net rpc samdump' of any domain you are currently joinedAndrew Bartlett1-52/+38
to, despite any smb.conf settings. Work to allow the same for 'net rpc vampire', but instead give a clear error message on what is incorrect. Andrew Bartlett (This used to be commit 6b629344c5a4061d6052fa91f8429b337bab95fb)
2004-02-08Make more functions static, and remove duplication in the use of functionsAndrew Bartlett1-6/+6
in lib/smbpasswd.c that were exact duplicates of functions in passdb/passdb.c (These should perhaps be pulled back out to smbpasswd.c, but that can occour later). Andrew Bartlett (This used to be commit fcdc5efb1e245c8fa95cd031f67ec56093b9056e)
2004-01-02JHT came up with a nasty (broken) torture case in preparing examples forAndrew Bartlett1-2/+2
his book. This prompted me to look at the code that reads the unix group list. This code did a lot of name -> uid -> name -> sid translations, which caused problems. Instead, we now do just name->sid I also cleaned up some interfaces, and client tools. Andrew Bartlett (This used to be commit f9e59f8bc06fae7e5c8cb0980947f78942dc25c0)
2003-10-14Break out of samsync loop on error.Tim Potter1-0/+3
(This used to be commit f8994483484cab47f0d6a6934979f69402dba894)
2003-09-10Fix error return path memory leaks in vampire code for creating users.Tim Potter1-3/+8
Display an error if we can't create a posix account for the user (e.g no add user/machine script was specified; bug #323). (This used to be commit 0c35ba2cd65ff64c5db2b20d5528a0d486cba51e)
2003-09-10Use opt_target_workgroup instead of lp_workgroup() in vampire code soTim Potter1-2/+2
we can override the value in smb.conf with the -w option. Migrating accounts from another domain can now be done like: # bin/net join bdc -w nt4dom -Uadministrator%password # bin/net rpc vampire -w nt4dom -U administrator%password (This used to be commit d7bd3c1efbd02a7ca01ad9a4b242ea4cc4a63c1f)
2003-08-07Turns out I had my packet sequences wrong for oplock break code.Jeremy Allison1-2/+6
I was storing the mid of the oplock break - I should have been storing the mid from the open. There are thus 2 types of deferred packet sequence returns - ones that increment the sequence number (returns from oplock causing opens) and ones that don't (change notify returns etc). Running with signing forced on does lead to some interesting tests :-). Jeremy. (This used to be commit 85907f02cec566502d9e4adabbd414020a26064d)
2003-08-07Cosmetic fix from waider@waider.ie.Jeremy Allison1-0/+31
Jeremy. (This used to be commit cb326c2dbff1fad87d5c72df4a004d5a42d17472)
2003-07-27Ensure all code paths set add_script.Jeremy Allison1-4/+3
Jeremy. (This used to be commit 0021c83ff645a1923b5a3d3c484d44b20d7813f0)
2003-07-22Fixup a bunch of printf-style functions and debugs to use unsigned long whenTim Potter1-3/+3
displaying pid_t, uid_t and gid_t values. This removes a whole lot of warnings on some of the 64-bit build farm machines as well as help us out when 64-bit uid/gid/pid values come along. (This used to be commit f93528ba007c8800a850678f35f499fb7360fb9a)
2003-07-16fixes for 'net rpc vampire'. I can now take a blank Samba hostGerald Carter1-25/+12
and migrate an NT4 domain and still logon from domain members (tested logon scripts, system policies, profiles, & home directories) (passdb backend = tdbsam) removed call to idmap_init_wellknown_sids() from winbindd.c since the local domain should be handled by the guest passdb backend (and you don't really always want the Administrator account to be root) ...and we didn't pay attention to this anyways now. (This used to be commit 837d7c54d3ca780160aa0d6a2f0a109bb691948e)
2003-07-11moving more code around.Gerald Carter1-1/+3
* move rid allocation into IDMAP. See comments in _api_samr_create_user() * add winbind delete user/group functions I'm checking this in to sync up with everyone. But I'm going to split the add a separate winbindd_allocate_rid() function for systems that have an 'add user script' but need idmap to give them a RID. Life would be so much simplier without 'enable rid algorithm'. The current RID allocation is horrible due to this one fact. Tested idmap_tdb but not idmap_ldap yet. Will do that tomorrow. Nothing has changed in the way a samba domain is represented, stored, or search in the directory so things should be ok with previous installations. going to bed now. (This used to be commit 0463045cc7ff177fab44b25faffad5bf7140244d)
2003-07-09Large set of changes to add UNIX account/group managementGerald Carter1-4/+11
to winbindd. See README.idmap-and-winbind-changes for details. (This used to be commit 1111bc7b0c7165e1cdf8d90eb49f4c368d2eded6)
2003-07-05Add some debug statments to our vampire code - try to make it easier to trackAndrew Bartlett1-0/+6
down failures. Add a 'auto-add on modify' feature to guestsam Fix some segfault bugs on no-op idmap modifications, and on new idmappings that do not have a DN to tack onto. Make the 'private data' a bit more robust. Andrew Bartlett (This used to be commit 6c48309cda9538da5a32f3d88a7bb9c413ae9e8e)
2003-07-05Fixes to our LDAP/vampire codepaths:Andrew Bartlett1-37/+44
- Try better to add the appropriate mapping between UID and SIDs, based on Get_Pwnam() - Look for previous users (lookup by SID) and correctly modify the existing entry in that case - Map the root user to the Admin SID as a 'well known user' - Save the LDAPMessage result on the SAM_ACCOUNT for use in the next 'update' call on that user. This means that VL's very nice work on atomic LDAP updates now really gets used properly! - This also means that we know the right DN to update, without the extra round-trips to the server. Andrew Bartlett (This used to be commit c7118cb31dac24db3b762fe68ce655b17ea102e0)
2003-06-18Ok, this patch removes the privilege stuff we had in, unused, for some time.Simo Sorce1-10/+4
The code was nice, but put in the wrong place (group mapping) and not supported by most of the code, thus useless. We will put back most of the code when our infrastructure will be changed so that privileges actually really make sense to be set. This is a first patch of a set to enhance all our mapping code cleaness and stability towards a sane next beta for 3.0 code base Simo. (This used to be commit e341e7c49f8c17a9ee30ca3fab3aa0397c1f0c7e)
2003-06-16Make net rpc vampire return an error if the sam sync RPC returns an error.Tim Potter1-9/+29
E.g if we are pointing at a win2k native mode domain we are returned an NT_STATUS_NOT_SUPPORTED error. (This used to be commit 6053c30f26cdf60f2bbfa6fb58ced6f7bcbd2e83)
2003-06-14This patch modifies 'net rpc vampire' to add new and existing users to bothAndrew Bartlett1-20/+39
the idmap and the SAM. The basic idea is this: Lookup the user with GetPwnam(), and if they exist then use that uid. This is what people expect. If the user does not exist, try and run the right script. This is also what people expect from previous Samba 3.0 behaviour, where the Get_Pwnam() was at runtime. If the idmap entry for this SID isn't valid, or isn't the right value, modify the idmap to account for this mapping. Also, the same logic is applied to the primary gid - if it has changed, update the user's primary unix group. This patch allows users to be added without a mapping - this is fine for machine accounts, for example. I've given it a quick test against my Win2k DC, and I *think* it's sane. Andrew Bartlett (This used to be commit d2a70bfff182352da50cd6c23ddfa80fe1b353c7)
2003-05-12Re-enable secure channel for net rpc vampire.Tim Potter1-8/+13
Jump out of sam entry processing loop if the return value from cli_netlogon_sam_sync() isn't OK or STATUS_MORE_ENTRIES. (This used to be commit 47d8ee3679292ece5d86df11bc56c9b4d71f3d11)
2003-05-08This puts real netlogon connection caching to winbind. This becomesVolker Lendecke1-1/+7
important once we start doing schannel, as there would be a lot more roundtrips for the second PIPE open and bind. With this patch logging in to a member server is a matter of two (three if you count the ack...) packets between us and the DC. Volker (This used to be commit 5b3cb7725a974629d0bd8b707bc2940c36b8745e)
2003-04-29adding ifdef'd code to add alias membership for vampireGerald Carter1-0/+138
(This used to be commit 2557b94519fbb3110948a3c6a3f412622757d2b0)
2003-04-21Merge from HEAD - save the type of channel used to contact the DC.Andrew Bartlett1-4/+7
This allows us to join as a BDC, without appearing on the network as one until we have the database replicated, and the admin changes the configuration. This also change the SID retreval order from secrets.tdb, so we no longer require a 'net rpc getsid' - the sid fetch during the domain join is sufficient. Also minor fixes to 'net'. Andrew Bartlett (This used to be commit 876e00fd112e4aaf7519eec27f382eb99ec7562a)
2003-04-14Merge: remove unused variables.Tim Potter1-3/+0
(This used to be commit dfa9412da567d2477ee5b1e6ecdc96b8dea3c21d)
2003-04-14Merge of Jelmer's usage updates for net.Tim Potter1-1/+1
(This used to be commit 6a5b88c95b3fd17431cda79e9aa2a593fef85100)
2003-04-09This is the netlogon schannel client code. Try aVolker Lendecke1-10/+8
rpcclient -S pdc -U% -c "samlogon user password" and it should work with the schannel. Needs testing against platforms different from NT4SP6. Volker (This used to be commit eaef0d8aeff1aa5a067679be3f17e08d7434e1e8)
2003-03-31Waider's cosmetic change to print out the database type whenVolker Lendecke1-1/+17
downloading stuff. Volker (This used to be commit 702d368a9af98d59775ebc3ed89774507397b7e3)
2003-03-30This sets the domain for the user in vampire. OtherwiseVolker Lendecke1-0/+2
we end up with an empty domain field, which a workstation does not really like in sam_logon.. Volker (This used to be commit 5a3f89d3c12c5e4ab89fbe220ca34387c1660511)
2003-03-23Merge of patch by waider to our samsync code.Andrew Bartlett1-35/+155
(Decode all database names, and set only changes, not all info from the samsync record). Andrew Bartlett (This used to be commit c7b8405bdebb9241ec335ccbbef630d90e61a419)
2003-03-22Thanks to volker, merge passdb changes from HEAD:Andrew Bartlett1-4/+1
- pdb_guest (including change defaults) - 'default' passdb actions (instead of 'not implemented' stubs in each module) - net_rpc_samsync no longer assumes pdb_unix Andrew Bartlett (This used to be commit 4bec53c8c81019f0f06a93c4df0800bbf7281dd6)