summaryrefslogtreecommitdiff
path: root/source3/utils
AgeCommit message (Collapse)AuthorFilesLines
2007-10-10r15560: Since the hotel doesn't have Sci-Fi and no "Doctor Who"....Gerald Carter1-5/+71
Re-add the capability to specify an OU in which to create the machine account. Done via LDAP prior to the RPC join. (This used to be commit b69ac0e30441faea7a7d677b6bb551aa8ffbf55d)
2007-10-10r15559: Smaller fixes for the new cldap code:Günther Deschner1-2/+1
* replace printf to stderr with DEBUG statements as they get printed in daemons * "net ads lookup" return code Guenther (This used to be commit 8dd925c5fbfcbe711c596d08e8eadc19607d5492)
2007-10-10r15549: removing rhosts and 'hosts equiv' authentication featuresGerald Carter1-9/+0
(This used to be commit d19dad88155f985f113c667b6bdad5a1b25eca18)
2007-10-10r15543: New implementation of 'net ads join' to be more like Windows XP.Gerald Carter6-517/+607
The motivating factor is to not require more privileges for the user account than Windows does when joining a domain. The points of interest are * net_ads_join() uses same rpc mechanisms as net_rpc_join() * Enable CLDAP queries for filling in the majority of the ADS_STRUCT->config information * Remove ldap_initialized() from sam/idmap_ad.c and libads/ldap.c * Remove some unnecessary fields from ADS_STRUCT * Manually set the dNSHostName and servicePrincipalName attribute using the machine account after the join Thanks to Guenther and Simo for the review. Still to do: * Fix the userAccountControl for DES only systems * Set the userPrincipalName in order to support things like 'kinit -k' (although we might be able to just use the sAMAccountName instead) * Re-add support for pre-creating the machine account in a specific OU (This used to be commit 4c4ea7b20f44cd200cef8c7b389d51b72eccc39b)
2007-10-10r15529: Initialise our saved uid and gid so that we can tell whenJames Peach1-0/+1
we created the profiling shmem segment and don't bogusly refuse to look at it. (This used to be commit eb31ef3a0e5e7c3b4029a3c2e124d2df646f10a2)
2007-10-10r15523: Honour the time_offset also when verifying kerberos tickets. ThisGünther Deschner1-1/+1
prevents a nasty failure condition in winbindd's pam_auth where a tgt and a service ticket could have been succefully retrieved, but just not validated. Guenther (This used to be commit a75dd80c6210d01aff104a86b0a9d39d65f2c348)
2007-10-10r15471: Clarify error messageVolker Lendecke2-4/+4
(This used to be commit f21adc04f745a966dbe6ef0b4ffd9729afa3fa78)
2007-10-10r15462: replace the use of OpenLDAP's ldap_domain2hostlist() forGerald Carter2-30/+48
locating AD DC's with out own DNS SRV queries. Testing on Linux and Solaris. (This used to be commit cf71f88a3cdcabf99c0798ef4cf8c978397a57eb)
2007-10-10r15460: Prefer to use the indexed objectCategory attribute (instead ofGünther Deschner1-2/+2
objectClass which is not indexed on AD) in LDAP queries. Guenther (This used to be commit 847882a98328b91a2157959c5dad0a2023223846)
2007-10-10r15428: Add "smbcontrol winbind onlinestatus" for debugging purpose.Günther Deschner1-0/+31
Guenther (This used to be commit 9e15b1659c105b0be846e8f71c27b20eab961bd2)
2007-10-10r15424: Implement a "stacktrace" smbcontrol option using libunwind's remoteJames Peach1-1/+186
stack tracing support. This provides an easy way for users to provide stack traces (hopefully it will be implemented on something other than ia64). (This used to be commit 0b5e07e12daa98095dae27e0a6d53fe8ec3f3700)
2007-10-10r15341: Ok I give up, I've been beaten by bug reports. PeopleJeremy Allison1-7/+43
just don't get why "guest ok" is not allowed in usershares. Added "usershare allow guests" bool parameter that allows this, reved usershare file version to VERSION#2 which allows this. Updated user tools. This should now be (finally) finished and I'll add the new parameter docs and a HOWTO. Jeremy. (This used to be commit cdc3aa9d07d568570f2117bea9f1a4d227b3a35d)
2007-10-10r15336: Unknown escape sequence: '\305' - should have been '\n'.Jeremy Allison1-1/+1
(How did that get in there ?). Jeremy (This used to be commit 780b71d300da71acc8b4f0fe10c1ae78c71e23c4)
2007-10-10r15311: look at the NT password (not lanman one) when determining if ↵Gerald Carter1-1/+1
smbpasswd -e should probably for a password (This used to be commit 3522b53aecb5293747b66250279417f9edf876f1)
2007-10-10r15305: Let winbind search by sid directly (or in windows terms: "bind to aGünther Deschner1-0/+68
sid"); works in all AD versions I tested. Also add "net ads sid" search tool. Guenther (This used to be commit 5557ada6943b817d28a5471c613c7291febe2ad5)
2007-10-10r15198: Mention the auditing tool in "net rpc help".Günther Deschner1-0/+1
Guenther (This used to be commit e55e1e1e96e1a1e6d2bcc5897a44828ddc2c9f3b)
2007-10-10r15194: We need to be able to join as PDC as well. Thanks to Andrew Bartlett.Günther Deschner2-6/+4
Guenther (This used to be commit ba81b508caa4ab21a04d142f3621e43a55e859cf)
2007-10-10r15173: Fix a non-critical memleakVolker Lendecke1-7/+2
(This used to be commit bb8c69162f9228343e0b05812e0e5a9ca4eb56bf)
2007-10-10r15152: Fix a case when target is offline. Jerry, this needs to be in 3.0.23pre1Alexander Bokovoy1-1/+1
(This used to be commit f068862e56861d74021d72726248cb738a2ff0fe)
2007-10-10r15137: Refuse to join if our netbios name is longer than 15 chars. I think ↵Volker Lendecke2-0/+13
this is sufficient to fix bug #3659. Volker (This used to be commit 0ef5e4372c45a60d66a902a6dbca58ae98529358)
2007-10-10r15136: Fix join consistency checkVolker Lendecke2-2/+2
(This used to be commit a6e88785e7116c1a88e1bfdfa2afadecd501bfb0)
2007-10-10r15123: Don't even try to join with an inproper configuration.Günther Deschner2-0/+13
Guenther (This used to be commit 22b687589785051eca16a868e3475f066b647ea7)
2007-10-10r15053: fix portabilities issues between 32-bit winbind clients and a 64-bit ↵Gerald Carter2-7/+7
winbindd server (This used to be commit a95d11345e76948b147bbc1f29a05c978d99a47a)
2007-10-10r15041: Adding rpc client calls to manipulate auditing policies on remote CIFSGünther Deschner2-0/+415
servers. Also add a new "net rpc audit" tool. The lsa query infolevels were taken from samb4 IDL, the lsa policy flags and categories are partly documented on msdn. I need to cleanup the double lsa_query_info_policy{2}{_new} calls next. Guenther (This used to be commit 0fed66926f4b72444abfc8ffb8c46cca8d0600aa)
2007-10-10r15018: Merge Volker's ipc/trans2/nttrans changes overJeremy Allison2-3/+8
into 3.0. Also merge the new POSIX lock code - this is not enabled unless -DDEVELOPER is defined. This doesn't yet map onto underlying system POSIX locks. Updates vfs to allow lock queries. Jeremy. (This used to be commit 08e52ead03304ff04229e1bfe544ff40e2564fc7)
2007-10-10r15011: Fix bug # 2413. net rpc info can't reliably work anonymously anymore.Volker Lendecke1-1/+3
Volker (This used to be commit ba41c62b8b4d0c791035d63fb59496c0f655887f)
2007-10-10r14900: Separate words in error message.James Peach1-1/+1
(This used to be commit ffe1a2e23ffb2edf2274c20ece0a66a9c649d50f)
2007-10-10r14899: Add missing semi-colon.James Peach1-1/+1
(This used to be commit 5f4f4cbe6fe069570a921468034005d364f63206)
2007-10-10r14898: This change is an attempt to improve the quality of the information thatJames Peach1-0/+43
is produced when a process exits abnormally. First, we coalesce the core dumping code so that we greatly improve our odds of being able to produce a core file, even in the case of a memory fault. I've removed duplicates of dump_core() and split it in two to reduce the amount of work needed to actually do the dump. Second, we refactor the exit_server code path to always log an explanation and a stack trace. My goal is to always produce enough log information for us to be able to explain any server exit, though there is a risk that this could produce too much log information on a flaky network. Finally, smbcontrol has gained a smbd fault injection operation to test the changes above. This is only enabled for developer builds. (This used to be commit 56bc02d64498eb3faf89f0c5452b9299daea8e95)
2007-10-10r14831: Fix possible null deref. Coverity #279.Jeremy Allison1-0/+7
Jeremy. (This used to be commit 75be5c17bc74c86219c7cac749b52b7d43abb780)
2007-10-10r14757: Make sure we only send out a CLDAP request to an connected AD server.Günther Deschner1-4/+6
Guenther (This used to be commit d17712f9761589115e976e2240498396f36838ee)
2007-10-10r14743: Fix coverity bug #227. Possible deref of null pointerJeremy Allison1-5/+10
in error code path. Jeremy. (This used to be commit 9117713c5ee220331106d291425703aec4d7dd2c)
2007-10-10r14699: allow 'net sam addmem' to accept a SID for the memberGerald Carter1-5/+19
(This used to be commit 08d201806f53f51fbed4a02a54cb0656f8287b12)
2007-10-10r14683: Get rid of hardcoded output file. With no arg, print to stdout,Jim McDonough1-75/+59
otherwise append to output file specified. (This used to be commit b4ec93f5a26442d30ba2b8c91d03f3190975efd0)
2007-10-10r14681: Get rid of hardcoded /tmp/add.ldif and /tmp/mod.ldif files. Is there aJim McDonough1-14/+19
different directory the temp files should be in, or is /tmp ok? Still have to get rid of the output file hardcoding, but that is to come, because I need to cleanup stdout. (This used to be commit 0d4bd93a5ca4025bbdeb507f4a2d6217cfb39c79)
2007-10-10r14585: Tighten argument list of kerberos_kinit_password again,Günther Deschner1-2/+1
kerberos_kinit_password_ext provides access to more options. Guenther (This used to be commit afc519530f94b420b305fc28f83c16db671d0d7f)
2007-10-10r14580: add 'net sam createbuiltingroup' to map BUILTIN local groups to a gidGerald Carter1-0/+59
(This used to be commit 3137fe5068e4b0c1724b92f49ca8e1d254324801)
2007-10-10r14577: BUG Fixes:Gerald Carter1-13/+199
* Add back in the import/export support to pdbedit * Fix segv in pam_smbpass * Cleanup some error paths in pdb_tdb and pdb_interface (This used to be commit df53d64910fbb96eb810102e986b3c337d54c463)
2007-10-10r14416: Remove deadcode. Coverity #198.Jeremy Allison1-11/+1
Jeremy. (This used to be commit 7fc61f5a63c982cfd0fbe1838979ba7be8f69fca)
2007-10-10r14403: * modifies create_local_nt_token() to create a BUILTIN\AdministratorsGerald Carter1-5/+2
group IFF sid_to_gid(S-1-5-32-544) fails and 'winbind nested groups = yes' * Add a SID domain to the group mapping enumeration passdb call to fix the checks for local and builtin groups. The SID can be NULL if you want the old semantics for internal maintenance. I only updated the tdb group mapping code. * remove any group mapping from the tdb that have a gid of -1 for better consistency with pdb_ldap.c. The fixes the problem with calling add_group_map() in the tdb code for unmapped groups which might have had a record present. * Ensure that we distinguish between groups in the BUILTIN and local machine domains via getgrnam() Other wise BUILTIN\Administrators & SERVER\Administrators would resolve to the same gid. * Doesn't strip the global_sam_name() from groups in the local machine's domain (this is required to work with 'winbind default domain' code) Still todo. * Fix fallback Administrators membership for root and domain Admins if nested groups = no or winbindd is not running * issues with "su - user -c 'groups'" command * There are a few outstanding issues with BUILTIN\Users that Windows apparently tends to assume. I worked around this presently with a manual group mapping but I do not think this is a good solution. So I'll probably add some similar as I did for Administrators. (This used to be commit 612979476aef62e8e8eef632fa6be7d30282bb83)
2007-10-10r14278: Remainder of fix for Coverity #79,80,81: only allow GROUP or OWNER to beJim McDonough1-0/+8
specified once in an ACL, so it can be allocated a second time, overwriting the first (This used to be commit 1804a8a01ebf3353574a2c5b26a1746b34715737)
2007-10-10r14272: Fix Coverity # 81: free alloc'ed storage before returningJim McDonough1-6/+7
(This used to be commit 1899d8ea283845141b24d91d230248009744fe1a)
2007-10-10r14214: Fix Coverity Bug # 57Volker Lendecke1-0/+4
(This used to be commit 32364d8f01c75bd00ee1bef49c687d6dd3299d1f)
2007-10-10r14156: Fix coverity #114: free storage alloc'ed by sstring_sub()Jim McDonough1-5/+6
(This used to be commit 655fb66b289bdd19c4432eea00fac935184f25c9)
2007-10-10r14155: Fix coverity #115: free storage alloc'ed by sstring_sub()Jim McDonough1-0/+2
(This used to be commit a197b8c5cb02c8a5fac3882e7b76bcd7abb0279c)
2007-10-10r14153: Fix coverity #116: free storage alloc'ed by sstring_sub()Jim McDonough1-0/+2
(This used to be commit dbc0ff5544f2d15b1d1bc41319c76274b79d92b4)
2007-10-10r14152: Fix coverity #117: free storage alloc'ed by sstring_subJim McDonough1-0/+1
(This used to be commit cf36f5949f8ac5ea020fcaa796ad92852df25ae7)
2007-10-10r14150: Fix coverity #118: not freeing alloc'ed storage returned fromJim McDonough1-1/+3
sstring_sub(). (This used to be commit 6ff849f35ae3394d6557f79c73b0fe54fbb86d0f)
2007-10-10r14147: Fix coverity #119. alloc'ed memory returned not saved, so not freed.Jim McDonough1-4/+8
Need to go back and correct the assumption that an "ldap xxx suffix" parm must have an OU. (This used to be commit 2d7ba11ffbe17af12257a91638be95d09c0c34c5)
2007-10-10r14146: Just some typos.Günther Deschner1-1/+1
Guenther (This used to be commit ade86cc787e266850fee982b008a9caf2c8ed7e7)